Curtis Report 2014-10-10

The great majority of my week was spent trying to get a VirtualBox instance of Ubuntu running with Mozillians and KitHerder so I can write so user docs and what not for using KitHerder in a new Mentorship Process. It turned out to not be so simple and in fact I did not get it really working until 2014-10-13, I am considering writing a more detailed blog post so others can have an easier time as the current docs seem to be missing a few steps and tricks.

To that end much thanks to the very patient folks on #commtools for helping me out with all the errors and troubleshooting.

What I did this week

  • bugzilla sec release activities
  • Kitherder: prep work (install Mozillians)

Meetings Attended


  • 1:1
  • Mozilla Monday meeting
  • Web Bounty Triage


  • SecAutomation
  • Cloud Services Security Team
  • MoCo Meeting (recording)


  • MWoS team meeting


  • MWoS Monthly Update


  • PTO
Posted in Uncategorized

Curtis Report 2014-10-03

I spent a good deal of this week doing RTB activities that are mostly non-noteable other than they have to get done. I likely should have taken a PTO day to recover from DerbyCon (lesson for next time) I jumped right back into things.

On Thu I attended the Louisville Metro InfoSec conference put on by the Kentuckiana chapter of the Information Systems Security Association (ISSA). This is a  yearly gathering of InfoSec professionals from Louisville, Southern Indiana, Lexington and Cincinatti, and a few from furhter out. This event also allows infosec students from local schools to attend for free and a large number of them did attend.

I spent most of the day promoting OWASP and Mozilla via a booth the organizers were kind enough to give for free. I was supposed to have help so I could attend some talks but my 2 other co-leaders had to leave town suddenly (will have to watch IronGeek recordings).

While I did not have any items to give away we did get lots of traffic at the booth, mostly due to my FirefoxOS device. While it is an older geeks phone I did have the latest nighly installed on it. The student attendees were most excited about it, some even taking pictures of different screens. They seemed quite interested in the developer tools in Firefox (WebIDE) along with the FirefoxOS simulator. this lead to natural conversations about getting involved, mentored bugs and mentorship projects at Mozilla.

The large topic of discussion with the more coporate types centered around our Cloud Services efforts. I fielded lots of questions about Sync (how they could do their own), Firefox Accounts, Location services and Marketplace. There is good deal of angst with the corporate types over the tension to use cloud for cost but concerns over data ownership, privacy and security of such services. They were quite pleased with our efforts and also liked that they could do hybrid cloud (public-private) mixes with Mozilla offerings.

What I did this week

  • [vendor redacted] ground work for internal pen testing
  • DerbyCon trip report
  • TRIBE Prep
  • Safari books for MWoS team

Meetings Attended


  • Mozilla Project Meeting


  • secautomation
  • Update on Firefox OS Release Cadence
  • Cloud Services Security Team Meeting


  • MWoS team meeting
  • Cloud Services All Hands


  • Security/Privay/Vendor Reviews Discussion w/ Marshall
  • last day virtual beer for coworker
Posted in Mozilla, Random

The Curtis Report 2014-09-26

So my last report failed to mention something important. There is a lot I do that is not on this report. This only covers note worthy items outside of run the business (RTB) activities. I do a good deal of bug handing, input, triage and routing to get things to the right people, remove bad/invalid or mis tagged items. Answer emails on projects and other items etc. Just general workstuff. Last week had lots of vendor stuff (as noted below) and while kind of RTB it’s usually not this heavy and we had 2 rush ones so I felt they worthy of note.

What I did this week

  • kit herder community stuff
  • [vendor redacted] communications
  • [vendor redacted] review followup
  • [vendor 2 redacted] rush review started
  • Tribe pre-planning for next month
  • [vender redacted] follow ups
  • triage security bugs
  • DerbyCon prep / registration
  • bitcoin vendor prep work
  • SeaSponge mentoring

Meetings Attended


  • impromptu [vendor redacted] review discussion
  • status meeting for [vendor redacted] security testing
  • Monday meeting


  • cloud services team (sort of)


  • impromptu [vendor redacted] standup
  • MWoS SeaSponge Weekly team meeting
  • Cloud Services Show & Tell
  • Mozillians Town Hall – Brand Initiatives (Mozilla + Firefox)
  • Web Bug Triage


  • security open mic


Non Work

  • deal with deer damage to car
Posted in Mozilla, Uncategorized

The Curtisk report: 2014-09-21

People wanna know what I do, so I am going to give this a shot, so each Monday I will make a post about the stuff I did in the previous week.

Idea shamlessly stolen from Eric Shepherd

What I did this week

  • MWoS: SeaSponge Project Proposal (Review)
  • Crusty Bugs data digging
  • security review (move along)
  • Firefox OS Sec discussion
  • sec triage process massaging
  • Firefox OS Security coordination
  • Vendor site review
    • testing plan for vendor site testing
    • testing coordination with team and vendor
  • CBT Training survey
  • security scan of [redacted]

Meetings attended this week


  • Weekly Project Meeting
  • Web Bounty Triage


  • SecAutomation
  • Cloud Services Security Team


  • MWoS team Project meeting
  • Vendor testing call
  • Web Bug Triage


  • Security Open Mic
  • Grow Mozilla / Community Building
  • Computer Science Teachers Association (guest speaker)
Posted in Misc, Mozilla, Uncategorized

No Free Lunch

Over the last week or so there has been considerable discussion of the proposed plan to include some advertising in the first-run experience of Firefox for new users (Directory Tiles).  There is still considerable work and ideas to complete by others and in myself as a Program Manager for Security and Privacy.

We’ve accepted advertising in communication media for some time now. Both traditional radio and television are supported by advertising which we readily accept in exchange for content. This of course has been a passive model as without work said advertiser cannot gauge the audience.  This advertising for content model has largely extended to the web with some obvious modifications. The use of various technologies on the web has allowed advertisers to gain far more knowledge and to target advertising to a deemed a willing or desired audience. This tracking and data aggregation is also what gives most users concern over Internet advertising. We don’t really want advertisers knowing things about us that does not have an obvious benefit to us. I believe it’s safe to say that we accept advertising for content within certain confines. I also can’t imagine how much worse the Internet would be if everything  were behind a pay wall. The open, shared, connected, and hackable Internet would be far worse and much less usable. So, the fact is advertising pays for the Internet, or at the least a large part of it. Yes we can use add-ons and scripts to hide ads, and as users that is our choice. If everyone did that all the time I think we could agree the Internet that would result would be far worse for all. As an example see the message that shows up to visitors of Reddit when add blocking extensions are used (or at least used to). There is a trade-off here t0 be made and this is where I think Mozilla has a lot to offer.

Mozilla has what I would call an excellent track record of introducing disruptive technologies for the betterment of humanity. We started with the browser in a time when there was only one browser, a lot of people have forgotten that time. We’ve successfully proven that an open source, community driven project can change the web. We’ve  shown that the web authentication model can be done in a privacy protecting way, hence Persona. I’m quite surprised that people don’t think that we can improve Internet advertising in a way that benefits both parties, both parties being advertisers and users. We’re opening our eyes with add-ons like Lightbeam so users can make informed choices about what they want to share and with whom. There should be a motivation for both myself and the advertiser that is open and available for the sharing of information that leads to mutual benefit.  This is part of building the Internet that the world needs. One where privacy is at the forefront in all things.

Posted in Mozilla

25 Years an Eagle

Reflective Moment:

I was invited to attend the Eagle Scout Court of Honor for a fine young man I’ve had the please of service with on NYLT for 2 years a few weeks past. As part of the ceremony he had his Grandfather, also and Eagle Scout, read the Eagle Scout Charge. What struck me at this particular time where not the words, though they normally do and help to remind me of the expectations when others learn I am an Eagle, but the announcement that the man reading them had been an Eagle Scout for 80 years.

After listening to the charge and reflecting on it’s meaning for me I did some quick math in my head. I achieved the rank of  Eagle Scout in 1989, and thus in 2014 I will have been an Eagle for 25 years.  It’s hard to fathom what my 16 year old mind thought of what the path had ahead for me. At the time I thought I had a career as a military officer, but that path was obviously abandoned.  The skills I gained, however, have remained and been of great benefit as I’ve grown.

The ideas of service and leadership  have carried me forward and  I continue to work on and try to improve. I find that I am most happy when I am helping others, whether that be with my talents or my time. The joy I find in seeing others benefit from those gifts means very much to me and I think it’s what drives me more than anything. Leadership has been the harder item, I’ve often struggled with what makes a good leader and with the skills to make myself an effective one. I find I have to remind myself that leadership and being a leader is not so much a title but action. It’s not an end point but a journey of learning that means stumbling from time to time.

I am grateful for every lesson, every person who’s encouraged me, for every piece of feedback; especially those that were hard to hear. I shall endeavor to continue to improve and make the next 25 years of service and leadership both a lesson for myself and an example for others. To all of you on the path with me, be it a short walk or for the long haul, a hearty thank you.

“We each leave a legacy, purposefully or not, from all that we do.” – me

Posted in Uncategorized

Your Career is a Bonsai

The only person that will manage and grow your career is you. Maintaining and regularly cultivating the documents (resumes, cover letters, etc) is like a  bonsai tree. Spending a bunch of time working on these when you suddenly need them is a great way to lose valuable time and it may cost you an opportunity that you really want. Doing regular small items (trimming) keeps the tree growing and looking good. It’s also a good way to reflect on where you’ve been, what has been achieved and the destination of your hard work.

I have taken on the habit of regularly updating my LinkedIn profile / resume at least 1 time per year. It is much easier to maintain this stuff when it’s fresh in my mind and take it as a small task when information is easy to gather. I’ve found that having to go back more than a year to remember accomplishments as well as changes in role or responsibility, when my title may not change, are much harder to get correct. I can also ask people to give comments and recommendations while things are fresh for them as well.

This year was a bit of a unique experience as it apparently freaked a few people out when I asked for recommendations of my work. I had put in my request that I was not actively looking for new work and this was part of my regular process, as I had several people, including my current manager, ask what was going on. I guess some did not read that part after the form letter bits from LinkedIn. So a possible modification to the process is to give people are more personalize heads up.

Tagged with: , , ,
Posted in General, Mozilla
LinkedIn Profile

Get every new post delivered to your Inbox.