Releasing under open licences and getting some feedback.

This still amazes me. I released some slides under Creative Commons licence time ago and I got some emails with a improuved version of the slides and some comments about typos, errors. I released IdentityBurro under Creative Commons (I would have preferred GPL but the original code of BookBurro was under CC as well because the a snippet of code Jesse used was under CC, I guess this is what virality of licences really means) and I received 2 emails of people using the code in different ways.
Jeremy wrote me “Because I learn by tinkering, I was able to pick through your script and adapt it to provide this functionality.”. His greasemonkey script, The Flickr Tag Convergence Script, allows you to search for any tag on a Flickr photo page on either del.icio.us or Technorati with one mouse click. The script places small icons (one for del.icio.us and one for Technorati) in front of each photo tag (see the screenshot). The script is also available on UserScripts.org, another shiny creation of Jesse, BookBurro’s creator.
On the other hand, Daniel was so kind to improuve the Identity Burro code by looking over the Todo list. He added some of the other sites I listed as wanting to include (Cite-u-Like, Last.fm (+audioscrobbler now that it’s completely incorporated into last.fm), 43things, 43ideas@43things, 43places, 43ideas@43places, 43.allconsuming.net, Rojo and LJ). He also added the shrink/collapse button I mentioned. So I played with it again, added some more funcionalities and there will be a 0.3 version of IdentityBurro in minutes.
I just want to mention that I created Identity Burro tinkering with the code of Book Burro. I met Jesse, Book Burro’s creator at AAAI, and I was amazed to meet him and I thought I had a lot to learn by looking at his code, I was right. [During his AAAI invited talk, Jay Tenenbaum showed one slide about Book Burro, and at the end of the presentation, Jesse showed up saying “you showed a slide about Book Burro, well, I created Book Burro”]. That’s amazing, I want something like that happening to me as well in future! By the way, Jesse is now visiting Commerce.net and he ponders about Trust – Since userscripts operate outside of the security model, a malicious userscript could send every keystroke to the bad guys. A combination of peer review, and automated testing will be used to help secure end users.. UserScripts.org aggregates scripts but the actual code stays on the creator’s site, so I think the idea is that, say, Mark Pilgrim trust/approuves a certain Greasemonkey script and I trust Mark Pilgrim, I can install the script without examining the code line by line. What if the bad guy’s web server, mine for example, serves 90% of the time a “good” script and 10% of the time (or only to people using Windows that are probably not going to look at the code) serves a “malicious” script? Should Mark Pilgrim just trusts a generic URL or it is better to tie his trust action to a specific file content, for example associating an MD5SUM to the trusted file? More clearly, the trust action should be “I trust the script served at http://example.com/script.user.js” or “I trust the script served at http://example.com/script.user.js whose MD5SUM is 34GFGF94RU…”? The second provide more security but every time you release a new version, people have to restate their trust in your script by re-reading the code. So Jesse, what do you think?

Leave a Reply

Your email address will not be published. Required fields are marked *