Skip to content

Latest commit

 

History

History
95 lines (66 loc) · 2.59 KB

preso.md

File metadata and controls

95 lines (66 loc) · 2.59 KB
theme _class paginate backgroundColor
gaia
lead
true

Open source And Open APIs

  • Definitions
  • Why
  • Security
  • Challenges

Open Source

adjective

denoting software for which the original source code is made freely available and may be redistributed and modified.

Open Source

Software that is developed collaboratively in a distributed fashion

Open API

An open API (often referred to as a public API) is a publicly available application programming interface that provides developers with programmatic access to a proprietary software application or web service.

Essentially OPEN == PUBLIC in this case.

Why? (BCC internal view)

  • We are not a Software Development company
    • Software is not a goal, it's a tool
  • Forces good practices on us
    • No more security by obscurity if we cant obscure anything
  • Easier to introduce new collaborators
    • There is no need for any additional effort from dev side
  • Only sane way to encourage volunteer contributors
    • No one has a day to spend chasing leads who to talk to for access A and credential B

Why? (Outside view)

  • Transparency
  • "I want to do something for BCC but I don't know how to start?"
  • BCC has that cool system for doing X. I wonder if we could do the same?
  • Sharing of ideas
  • I want build scoreboard for my local church, can I get XYZ?
  • I want to build a bot that automatically turns on my TV, and dims the lights when BTV meeting starts. Do you have an API I can use?

Security

  • Because she can't read the code it's harder to exploit

    • Rogues are very keen in their profession, and know already much more than we can teach them. -Alfred Charles Hobbs, 1851

    • Anyone determined enough to read code is determined enough to do other things (decompile for ex)

Security

  • Exploiting software is "far down" on the list
    • Weak passwords and Human error account for well over 70% of information leaks
    • haveibeenpwned.com has a public list of 613M passwords that are leaked
  • There are many positive people out there
    • Security issues have been actively reported

Challenges

  • Initial release of existing things
  • Access (BCC Login)
  • Initial setup / Readme
  • Separate media and graphical profile from code
    • Nope, the BCC logo is not for anyone to use
  • Communication

In the spirit of Open Source, the presentation source will be made available at https://github.com/orgs/BCC-Media