Hack The World

hacktheworld-logo

As some of you will know, recently I have been consulting with HackerOne.

I just wanted to share a new competition we launched yesterday called Hack The World. I think it could be interesting to those of you already hacking, but also those of you interested in learning to hack.

The idea is simple. HackerOne provides a platform where you can go and hack on popular products/services (e.g. Uber, Adobe, GitHub, Square, Slack, Dropbox, GM, Twitter, Yahoo!, and many more) and submit vulnerability reports. This is awesome for hackers as they can safely hack on products/services, try out new hacking approaches/tools, build relationships with security teams, build a resume of experience, and earn some cold hard cash.

Currently HackerOne has 550+ customers, has paid over $8.9 million in bounties, and fixed over 25,000 vulnerabilities, which makes for a safer Internet.

Hack The World

Hack The World is a competition that runs from 20th July 2016 – 19th September 2016. In that time period we are encouraging people to hack programs on HackerOne and submit vulnerability reports.

When you a submit a vulnerability report that is valid, the program may award you a bounty payment (many people all over the world earn significant buckets of money from bounties). In addition, you will be rewarded reputation and signal. Reputation is an indicator of active activity and participation, and signal is the average reputation in your reports.

Put simply, whoever earns the most reputation in the competition can win some awesome prizes including $1337 in cash, a hackable FPV drone kit, awesome limited edition swag, and bragging rights as being one of the most talented hackers in the world.

To ensure the competition is fair for everyone, we have two brackets – one for experienced hackers and one for new hackers. There will be 1st, 2nd, and runner up prizes in each bracket. This means you folks new at hacking have a fighting chance to win!

Joining in the fun

Getting started is simple. Just go and register an account or sign in if you already have an account.

To get you started, we are providing a free copy of Peter Yaworski’s awesome Web Hacking 101 book. Ensure you are logged in and then go here to grab the book. It will then be emailed to you.

Now go and and find a program, start hacking, learn how to write a great report, and submit reports.

When your reports are reviewed by the security teams in the programs you are hacking on the reputation will be awarded. You will then start appearing on the Hack The World Leaderboard which at the time of writing looks a little like this:

Screen Shot 2016-07-20 at 9.48.03 PM

This data is almost certainly out of date as you read this, so go and see the leaderboard here!

So that’s the basic idea. You can read all the details about Hack The World by clicking here.

Hack The World is a great opportunity to hack safely, explore new hacking methods/tools, make the Internet safer, earn some money, and potentially be crowned as a truly l33t hacker. Go hack and prosper, people!

Reducing Texting and Driving: An Idea

This weekend I dropped Erica off at the airport. Driving through San Francisco we saw an inventive billboard designed to reduce texting and driving. Driver distraction is a big problem, with a 2012 study suggesting over 3,000 deaths and 421,000 injuries were a result of distraction. I am pretty confident those shiny, always connected cellphones are indeed a common distraction during a boring drive or in times when you are anxious for information.

So anyway, we were driving past this billboard designed to reduce texting and driving and it included an Apple messages icon with a message awaiting. It was similar to, but not the same as this:

DSCF5170_t670

While these billboards are good to have, I suspect they are only effective when they go beyond advocating a behavior and are actually able to trigger a real behavioral change. Rory Sutherland’s example of Scotland changing speeding signs from the number to an unhappy face, being a prime example – instead of telling drivers to drive more slowly, they tapped into the psychology of initiating that behavioral change.

When I saw this sign, it actually had the opposite effect on me. Seeing the notification icon with a message waiting caused a cognitive discomfort that something needed checking, tending to, and completing. You guessed it: it made me actually want to check my phone.

The Psychology of Notifications

This got me thinking about the impact of notifications on our lives and whether part of the reason people text and drive is not because they voluntarily pick up the phone and screw around with it, but instead because they are either (a) notified by audio, or (b) feel the notification itch to regularly check their phone to see if there are new notifications and then action them. Given how both Android and Apple phones both display notifications on the unlocked screen, this makes it particularly easy to see a notification and then action it by clicking on it and loading the app, and then potentially smash your car into a Taco Bell sign.

There is of course some psychology that supports this. Classical Conditioning demonstrates that we can associate regularly exposed stimuli with key responses. As such, we could potentially associate time away from our computers, travel, or other cognitive functions such as driving, as a time when we think about our relationships, our work, and therefore feel the urge to use our phones. In addition to this, research in Florida demonstrated that any kind of audio notifications fundamentally disrupt productivity and thus are distracting.

A Software Solution?

As such, it strikes me that a simple solution for reducing texting and driving could be to simply reduce notifications while driving.

For this work, I think a solution would need to be:

  • Automatic – it detects when you are traveling and suitably disengages notifications.
  • Contextual – sometimes we are speeding along but not driving (such as taking a subway, or as a passenger in a car).
  • Incentivized – it is unlikely we can expect all phone makers to switch this on by default and not make it able to be disabled (nor should we). As such, we need to incentivize people to use a feature like this.

For the automatic piece some kind of manual installation would likely be needed but then the app could actively block notifications when it automatically detects the phone is above a given speed threshold. This could be done via transitional points between GPS waypoints and/or wifi hotspots (if in a database). If the app detects someone going faster than a given speed, it kicks in.

For the contextual piece I am running thin on ideas for how to do this. One option could be to use the accelerometer to determine if the phone is stationary or not (most people seem to put their phones in a cup holder or phone holder when they drive). If the accelerometer is wiggling around it might suggest the person is a passenger and has the phone on their lap, pocket, or in their hand. Another option could be an additional device that connects to the phone over bluetooth that determines proximity of the person in the car (e.g. a wrist-band, camera, sensor on the seat, or something else), but this would get away from the goals of it being automatic.

For the incentive piece, this is a critical component. With teenagers a common demographic, and thus first-time drivers, money could be an incentive. Lower insurance fees (particularly given how expensive teenagers are to insure), discounts/offers at stores teenagers care about (e.g. hot topic for the greebos out there, free food and other ideas could be an incentive. For older drivers the same benefits could apply, just in a different context.

Conclusion

While putting up billboards to tell people to be responsible human beings is one tool in reducing accidents, we are better positioned than ever to use a mixture of technology and psychology to creatively influence behavior more effectively. If I had the time, I would love to work on something like this, but I don’t have the time, so I figured I would share the idea here as a means to inspire some discussion and ideas.

So, comments, feedback, and ideas welcome!

Scratch Community Manager Position Available

A while back Mako introduced me to Mitchel Resnick, LEGO Papert Professor of Learning Research and head of the Lifelong Kindergarten group at the MIT Media Lab. Mitchel is a tremendous human being; warm, passionate, and terribly creative in solving interesting problems.

Mitchel introduced me to some members of his team and the conversation was focused on how they can find a good community manager for the Scratch learning environment. For the cave-dwellers among you, Scratch is a wonderful platform for teaching kids programming and the core principles involved.

So, we discussed the role and I helped to shape the role description somewhat.

It is a really awesome and important opportunity, particularly if you are passionate about kids and technology. It is a role that is calling for a creative thinker to take Scratch to the next level and impact a whole new generation of kids and how they can build interesting things with computers. While some community managers focus a lot on the outreach pieces (blogging, social media, and events), I encourage those of you interested in this role to also think of it from a deeper perspective of workflow, building different types of community, active collaboration, and more.

Check out the role description here and apply. If you and I know each other, feel free to let them know this and I am happy to share with them more about you. Good luck!

Building a Safer Internet with HackerOne

Recently I started doing some work with HackerOne and I thought many of you would find it interesting enough for me to share.

A while back my friend Mårten Mickos joined HackerOne as CEO. Around that time we had lunch and he shared with me more about the company. Mårten has an impressive track record, and I could see why he was so passionate about his new gig.

The idea is pretty neat: HackerOne provides a service where companies (e.g. Uber, Slack, General Motors etc, and even The Pentagon) can provide a bug bounty program that invites hackers to find security flaws in their products and services. The company specifies the scope of the program (e.g. which properties/apps), and hackers are encouraged to find and submit vulnerability reports. When a report is approved, the hacker is often issued a payment.

HackerOne is interesting for a few reasons. Firstly, it is helping to build a safer and more secure world. As we have seen in open source, crowdfunding, and crowdsourcing, a productive and enabled community can deliver great results and expand the scope of operations far beyond that of a single organization. This is such a logical fit when it comes to security as the potential attack surface is growing larger and larger every day as more of our lives move into a digital realm.

What I also love about HackerOne is the opportunity it opens up for those passionate about security. It provides a playground where hackers can safely explore vulnerabilities, report them responsibly, build experience and relationships with security teams at popular companies, and earn some money. Some hackers on HackerOne are earning significant amounts of money (some even doing this full-time), and some are just having a blast on evenings and weekends earning some extra cash while having fun hacking.

I am working with HackerOne on the community strategy and execution side and it has been interesting exploring the different elements of building an engaged community of hackers. One of the things I have learned over the years building communities is that every one is different, and that is very much the case for HackerOne.

Familiar Ground

More broadly, it is also interesting to see echoes of similar challenges that faced open source in the early days, but now applied to hacking. Back then the world was presented with the open source model in which anyone, anywhere, could contribute their skills and talents to improve software. Many organizations back then were pretty weirded out by this. They worried about their intellectual property, the impact on their customers, losing control, and how they would manage the PR.

wargames_still8

Believe it or not, WarGames is not a documentary.

In a similar way, HackerOne is presenting a model in which organizations can tap the talents of a distributed community of hackers. While some organizations will have similar concerns to the ones back in the early days of open source, I am confident we will traverse those. This will be great for the Internet, great for organizations, and great for hackers.

Get Involved

If you are a hacker, or a programmer who would like to learn about security and try your hand, go and sign up, then find a program, and submit a report.

If you are an existing HackerOne user, I would also love to hear your feedback, thoughts, and ideas about how we can build the very best community. Feel free to send me an email to jono@hackerone.com – let’s build a powerful, engaged, global community that is making the world more secure and making hackers more successful.

Announcing Jono Bacon Consulting

A little while back I shared that I decided to leave GitHub. Firstly, thanks to all of you for your incredible support. I am blessed to have such wonderful people in my life.

Since that post I have been rather quiet about what my next adventure is going to be, and some of the speculation has been rather amusing. Now I am finally ready to share more details.

In a nutshell, I have started a new consultancy practice to provide community management, innersourcing, developer workflow/relations, and other related services. To keep things simple right now, this new practice is called Jono Bacon Consulting (original, eh?)

As some of you know, I have actually been providing community strategy and management consultancy for quite some time. Previously I have worked with organizations such as Deutsche Bank, Sony Mobile, ON.LAB, Open Networking Foundation, Intel and others. I am also an active advisor for organizations such as AlienVault, Open Networking Foundation, Open Cloud Consortium, Mycroft AI and I also advise some startup accelerators.

I have always loved this kind of work. My wider career ambitions have always been to help organizations build great communities and to further the wider art and science of collaboration and community development. I love the experience and insight I gain with each new client.

When I made the decision to move on from GitHub I was fortunate to have some compelling options on the table for new roles. After spending some time thinking about what I love doing and these wider ambitions, it became clear that consulting was the right step forward. I would have shared this news earlier but I have already been busy traveling and working with clients. 😉

I am really excited about this new chapter. While I feel I have a lot I can offer my clients today, I am looking forward to continuing to broaden my knowledge, expertise, and diversity of community strategy and leadership. I am also excited to share these learnings with you all in my writing, presentations, and elsewhere. This has always been a journey, and each new road opens up interesting new questions and potential, and I am thirsty to discover and explore more.

So, if you are interested in building a community, either inside or outside (or both) your organization, feel free to discover more and get in touch and we can talk more.

Moving on From GitHub

Last year I joined GitHub as Director Of Community. My role has been to champion and manage GitHub’s global, scalable community development initiatives. Friday was my last day as a hubber and I wanted to share a few words about why I have decided to move on.

My passion has always been about building productive, engaging communities, particularly focused on open source and technology. I have devoted my career to understanding the nuances of this work and which workflow, technical, psychological, and leadership ingredients can deliver the most effective and rewarding results.

As part of this body of work I wrote The Art of Community, founded the annual Community Leadership Summit, and I have led the development of community at Canonical, XPRIZE, OpenAdvantage, and for a range of organizations as a consultant and advisor.

I was attracted to GitHub because I was already a fan and was excited by the potential within such a large ecosystem. GitHub’s story has been a remarkable one and it is such a core component in modern software development. I also love the creativity and elegance at the core of GitHub and the spirit and tone in which the company operates.

Like any growing organization though, GitHub will from time to time need to make adjustments in strategy and organization. One component in some recent adjustments sadly resulted in the Director of Community role going away.

The company was enthusiastic about my contributions and encouraged me to explore some other roles that included positions in product marketing, professional services, and elsewhere. So, I met with these different teams to explore some new and existing positions and see what might be a good fit. Thanks to everyone in those conversations for your time and energy.

Unfortunately, I ultimately didn’t feel they matched my passion and skills for building powerful, productive, engaging communities, as I mentioned above. As such, I decided it was time to part ways with GitHub.

Of course, I am sad to leave. Working at GitHub was a blast. GitHub is a great company and is working on some valuable and important areas that strike right at the center of how we build great software. I worked with some wonderful people and I have many fond memories. I am looking forward to staying in touch with my former colleagues and executives and I will continue to be an ardent supporter, fan, and user of both GitHub and Atom.

So, what is next? Well, I have a few things in the pipeline that I am not quite ready to share yet, so stay tuned and I will share this soon. In the meantime, to my fellow hubbers, live long and prosper!

Kindness and Community

On Friday last week I flew out to Austin to run the Community Leadership Summit and join OSCON. When I arrived in Austin, I called home and our son, Jack, was rather upset. It was clear he wasn’t just missing daddy, he also wasn’t feeling very well.

As the week unfolded he developed strep throat. While a fairly benign issue in the scheme of things, it is clearly uncomfortable for him and pretty scary for a 3 year-old. With my wife, Erica, flying out today to also join OSCON and perform one of the keynotes, it was clear that I needed to head home to take care of him. So, I packed my bag, wrestled to keep the OSCON FOMO at bay, and headed to the airport.

Coordinating the logistics was no simple feat, and stressful. We both feel awful when Jack is sick, and we had to coordinate new flights, reschedule meetings, notify colleagues and handover work, coordinate coverage for the few hours in-between her leaving and me landing, and other things. As I write this I am on the flight heading home and at some point she will zoom past me on another flight heading to Austin.

Now, none of this is unusual. Shit happens. People face challenges every day, and many far worse than this. What struck me so notably today though was the sheer level of kindness from our friends, family, and colleagues.

People wrapped around us like a glove. Countless people offered to take care of responsibilities, help us with travel and airport runs, share tips for helping Jack feel better, provide sympathy and support, and more.

This was all after a weekend of running the Community Leadership Summit, an event that solicited similar levels of kindness. There were volunteers who got out of bed at 5am to help us set up, people who offered to prepare and deliver keynotes and sessions, coordinate evening events, equipment, sponsorship contributions, and help run the event itself. Then, to top things off, there were remarkably generous words and appreciation for the event as a whole when it drew to a close.

This is the core of what makes community so special, and so important. While at times it can seem the world has been overrun with cynicism, narcissism, negativity, and selfishness, we are instead surrounded by an abundance of kindness. What helps this kindness bubble to the surface are great relationships, trust, respect, and clear ways in which people can play a participatory role and support each other. Whether it is something small like helping Erica and I to take care of our little man or something more involved such as an open source project, it never ceases to inspire and amaze me how innately kind and collaborative we are.

This is another example of why I have devoted my life to understanding every nuance I can of how we can tap into and foster these fundamental human instincts. This is how we innovate, how we make the world a better place, and how we build opportunity for everyone, no matter what their background is.

When we harness these instincts, understand the subtleties of how we think and operate, and wrap them in effective collaborative workflows and environments, we create the ability to build and disrupt things more effectively than ever.

It is an exciting journey, and I am thankful every day to be joined on it by so many remarkable people. We are going build an exciting future together and have a rocking great time doing so.

Dan Ariely on Building More Human Technology, Data, Artificial Intelligence, and More

Behavioral economics is an exciting skeleton on which to build human systems such as technology and communities.

One of the leading minds in behavioral economics is Dan Ariely, New York Times best-selling author of Predictably Irrational, The Upside Of Irrationality, and frequent TED speaker.

I recently interviewed Dan for my Forbes column to explore how behavioral economics is playing a role in technology, data, artificial intelligence, and preventing online abuse. Predictably, his insight was irrationally interesting. OK, that was a stretch.

Read the piece here

Mycroft and Building a Future of Open Artificial Intelligence

Last year a new project hit Kickstarter called Mycroft that promises to build an artificial intelligence assistant. The campaign set out to raise $99,000 and raised just shy of $128,000.

Now, artificial intelligence assistants are nothing particularly new. There are talking phones and tablets such as Apple’s Siri and Google Now, and of course the talking trash can, the Amazon Echo. Mycroft is different though and I have been pretty supportive of the project, so much so that I serve as an advisor to the team. Let me tell you why.

Here is a recent build in action, demoed by Ryan Sipes, Mycroft CTO and all round nice chap:

Mycroft is interesting both for the product it is designed to be and the way the team are building it.

For the former, artificial intelligence assistants are going to be a prevalent part of our future. Where these devices will be judged though is in the sheer scope of the functions, information, and data they can interact with. They won’t be judged by what they can do, but instead what they can’t do.

This is where the latter piece, how Mycroft is being built, really interests me.

Firstly, Mycroft is open source in not just the software, but also the hardware and service it connects to. You can buy a Mycroft, open it up, and peek into every facet of what it is, how it works, and how information is shared and communicated. Now, for most consumers this might not be very interesting, but from a product development perspective it offers some distinctive benefits:

  • A community can be formed that can play a role in the future development and success of the product. This means that developers, data scientists, advocates, and more can play a part in Mycroft.
  • Capabilities can be crowdsourced to radically expand what Mycroft can do. In much the same way OpenStreetmap has been able to map the world, developers can scratch their own itch and create capabilities to extend Mycroft.
  • The technology can be integrated far beyond the white box sitting on your kitchen counter and into Operating Systems, devices, connected home units, and beyond.
  • The hardware can be iterated by people building support for Mycroft on additional boards. This could potentially lower costs for future units with the integration work reduced.
  • Improved security for users with a wider developer community wrapped around the project.
  • A partner ecosystem can be developed where companies can use and invest in the core Mycroft open source projects to reduce their costs and expand the technology.

There is though a far wider set of implications with Mycroft too. Much has been been written about the concerns from people such as Elon Musk and Stephen Hawking about the risks of artificial intelligence, primarily if it is owned by a single company, or a small set of companies.

While I don’t think skynet is taking over anytime soon, these concerns are valid and this raises the importance that artificial intelligence is something that is open, not proprietary. I think Mycroft can play a credible role in building a core set of services around AI that are part of an open commons that companies can invest in. Think of this as the OpenStack of AI, if you will.

Hacking on Mycroft

So, it would be remiss if I didn’t share a few details of how the curious among you can get involved. Mycroft currently has three core projects:

  • The Adapt Intent Parser converts natural language into machine readable data structures.
  • Mimic takes in text and reads it out loud to create a high quality voice.
  • OpenSTT is aimed at creating an open source speech-to-text model that can be used by individuals and company to allow for high accuracy, low-latency conversion of speech into text.

You can also find the various projects here on GitHub and find a thriving user and developer community here.

Mycroft are also participating in the IBM Watson AI XPRIZE where the goal is to create an artificial intelligence platform that interacts with people so naturally that when people speak to it they’ll be unable to tell of they’re talking to a machine or to a person. You can find out more about how Mycroft is participating here.

I know the team are very interested in attracting developers, docs writers, translators, advocates, and more to play a role across these different parts of the project. If this all sounds very exciting to you, be sure to get started by posting to the forum.

Stay Updated

Get the freshest posts direct to your email address. No spam, no nonsense.

Pin It on Pinterest