What’s the best technology base for an activism Q&A website?

two question marksAn activism group I know is thinking about setting up a Q&A (question-and-answer) site.  What technology base should they use?

Here’s the functionality wishlist:

  1. users can ask and answer questions, vote on others’ answers, and leave comments
  2. multilingual and accessible
  3. a pleasant and attractive user experience
  4. good moderation tools
  5. easy to attach tags (or categories) to questions and to browse all the questions in a category
  6. people can sign in with their existing Twitter, Google, Microsoft, Yahoo, Facebook, etc. IDs
  7. questions, answers, and comments are easy to tweet and look good when posted on Facebook etc.
  8. there’s a way to include Twitter, Facebook, etc. responses as answers or comments
  9. users can have profiles if they want but don’t have to spend any time setting them up
  10. the overall look-and-feel can be customized (to match the activism campaign’s overall branding)
  11. there are a few options for themes for questions, answers, profiles, and categories
  12. it’s possible to integrate discussion forum and chat software [to help people as they’re learning to use the system, and to talk about ‘lessons learned’ as we’re using it]
  13. secure
  14. privacy-friendly (meaning a robust privacy policy if it’s hosted elsewhere)

In general, open-source software with a fairly  unrestrictive license (BSD-style) is preferable; if the GPL’ed or commercial tools for the job are better, that’s fine too.

Continue Reading »

political
social computing

Comments (3)

Permalink

Q: What should I read to find more about the Q&A space? A: Here’s some links.

two question marksThe Q&A (question and answer site) market segment is red hot right now.  Here’s some links to complement my own posts Life imitates art imitates life, Prisms, Kool-aid, and Opportunity, and What do you think of this one-line pitch for qweries?

The overall landscape

Quora

Stack Overflow

Ask.com

And …

Uncategorized

Comments (1)

Permalink

How’d that one get by QA: Z2K

Ya can’t make stuff like this up.  From Ginny Mies at PC World:

Picture this: You’re gearing up to create a killer playlist on your 30GB Zune for your annual New Year’s bash. All of a sudden, your Zune locks up, reboots itself, and freezes. What the heck is going on?

Fox News picks up the story:

Later in the day, Microsoft finally figured it out. While writing some of the driver software, the world’s biggest software company had forgotten to compensate for leap years.

The solution? Wait 24 hours until Jan. 1.

As Joseph Flatley says on Engadget, let’s hope they get it right by 2012.

But wait, there’s more:

Even then, there may be a pesky digital-rights-management issue.

“If you’re a Zune Pass subscriber,” the posting continues, “you may need to sync your device with your PC to refresh the rights to the subscription content you have downloaded to your device.”

The Microsoft posting promised a fix by the end of the next leap year in December 2012.

Looks like they’re on top of it.

Happy software quality/DRM new year!

entertainment
Professional

Comments (1)

Permalink

Rant: I hate software

also posted on Pam’s House Blend.
for a good time, compare and contrast
how Soapblox (there) and WordPress (here)
display the URLs in the quotes 🙂

As a “grand old man” of the software engineering field of defect detection, I sometimes take it personally when I run into bugs or usability problems.  My IM friends are never surprised when I switch from a conversation on another topic to a rant about how it doesn’t need to be that way and running commentary about my search for a workaround while lamenting that so few companies — or open-source projects — bother to go for the rather-obvious competitive advantage of making software that works reliably and well.  It usually ends in comments in something like

jon: doesn’t look like there’s any way to get around it.  i hate software

friend: lol.  looks like you picked the wrong profession then

Ha ha.

Continue Reading »

Personal
Professional

Comments (11)

Permalink

A bumper crop o’ Slashdot security threads

In RSA: “It feels like something’s missing” earlier this week, I mentioned that I found myself wondering whether what I was seeing at the show responded to security problems as experienced by users. Coincidentally enough, when I checked Slashdot today there were several of interesting security-related threads. So while it’s far from a statistically-valid sample, it’s still agreat chance to ask: is the industry successfully addressing these kinds of problems?

Let’s start with Oklahoma Leaks 10,000 Social Security Numbers, which is by far the most serious single issue:

“By putting SQL queries in the URLs, they not only leaked the personal data of tens of thousands of people, but enabled literally anyone with basic SQL knowledge to put his neighbor/boss/enemies on the sexual offender list.”

Continue Reading »

Professional

Comments Off on A bumper crop o’ Slashdot security threads

Permalink

RSA, part 2: static analysis

A continuation of RSA: “It feels like something’s missing”

RSA’s a tough show for static analysis companies, but several were there. Ounce had the largest booth and an excellent message (“listen to your code”); Veracode, Armorize, and Fortify had smaller presence. However, I didn’t actually spend much time at the booths or looking at the details of any specific technology, instead talking with various folks I ran into about the strategic possibilities.

Continue Reading »

Professional

Comments (2)

Permalink

Strategy, security, and static analysis: what’s next for me

Fourteen years ago today was my last day at Digital Equipment Corporation before leaving to work on the technology today became PREfix and the company I started with a few friends that became Intrinsa, so it seems especially appropriate to post about this today …

coverity logoI’m delighted to announce that I’m starting a part-time strategy consulting gig working with San Francisco-based software engineering startup Coverity. My initial focus will be exploring possibilities in the security space, and I’ll be using techniques like community-driven strategy and design, asset-based thinking, and social network analysis. So it’s a very natural followup to each of my last three professional incarnations: static analysis architect, computer security researcher, and grassroots strategist.

Continue Reading »

Personal
Professional

Comments (2)

Permalink

Indeed! The Economist on “computer science as a social science”

bugs quaking in fear -- from the Economist's articleThe Economist’s Technology Quarterly has an excellent article on Software bugtraps: software that makes software better. This is something of a followup to an article they did a few years ago; most people quoted think that the situation is improving, although of course as Capers Jones points out it depends on your metrics. And why the improvement?

According to … the chairman of the Standish Group, most of this improvement is the result of better project management, including the use of new tools and techniques that help programmers work together. Indeed, there are those who argue that computer science is really a social science. Jonathan Pincus, an expert on software reliability who recently left Microsoft Research* to become an independent consultant, has observed that “the key issues [in programming] relate to people and the way they communicate and organise themselves.”

Indeed, I have argued that — in keynote talks Analysis is necessary but not sufficient at ISSTA 2000 and Steering the pyramids at ICSM 2002, and then more explicitly in the “BillG thinkweek paper” Computer science is really a social science (draft) from early 2005 and my 2006 Data Devolution keynote with Sarah Blankinship applying this lens to computer security.

Continue Reading »

Professional
social computing
social sciences

Comments (17)

Permalink

How’d it get through QA — and why didn’t they fix it?

Over on Tales from the Net, I’ve been discussing Kevin Poulsen’s articles about a MySpace security bug that allowed access to photos in profiles that had been marked as “private”. It had been well known for months, but MySpace didn’t fix it until the day after Kevin’s first article. In the interim, somebody wrote an automated script to download photos, and released 500,000 of them on the BitTorrent p2p network.

Since it’s social network-related, I posted about over there, but it’s on topic here as well, so I figured I’d mention it …

Professional
social sciences

Comments Off on How’d it get through QA — and why didn’t they fix it?

Permalink

Is *that* why they make you wait till you’re at 10,000 feet to turn computers on?

Boeing just announced another delay for the 787, its second or third so far depending on who you believe, so I wanted to go back to a story Kim Zetter reported a few weeks ago on the Wired Threat Level blog:

Boeing’s new 787 Dreamliner passenger jet may have a serious security vulnerability in its onboard computer networks that could allow passengers to access the plane’s control systems, according to the U.S. Federal Aviation Administration.

The computer network in the Dreamliner’s passenger compartment, designed to give passengers in-flight internet access, is connected to the plane’s control, navigation and communication systems, an FAA report reveals.

Wow. This is a really basic mistake — and a great example of the kinds of risks we discuss in the National Academies/CSTB report Software for Dependable Systems: Sufficient Evidence? Of course one of the excellent things about the avionics certification process is that the FAA does an analysis of the “special conditions” for new designs and publishes its findings (in the Federal Register, no less; a good example of the transparency we call for). According to Kim’s article, they’ll deny certification to the 787 until this is fixed – and well they should.

Continue Reading »

Professional

Comments (7)

Permalink