Re: GSoC: Hosted Scanner

[Brandon Enright <bmenrigh () ucsd edu>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mon, 5 Apr 2010 17:54:44 -0400
Mike Smith <scgtrp () gmail com> wrote:

> Hello,
>
> So far I've only gotten one comment on my proposal, saying that I type
> way too fast and managed to submit it before all the questions were
> up. I've answered the additional question and haven't heard from
> anyone since then. It's a bit frustrating, because I'm not sure
> whether I need to change anything else. So, does anyone have any
> further comments on my proposal?
>
> http://socghop.appspot.com/gsoc/student_proposal/show/google/gsoc2010/scgtrp/t126990612841


Mike,

First off, I have NO SAY in who gets selected so take these comments as
constructive criticism and not bad news.  You won't get official any
comments until applications are finished and the deadline is past.

I just read through your proposal and I feel that it roughly describes
the minimum I'd expect from a hosted scanner proposal.

Unfortunately, GSoC gets a lot of great applicants so you MUST sell
your skill set and why you are the right choice.  Imagine the most
bad-ass technical genius, a real Mozart/Torvalds/Dostoevsky of OSS
development as your GSoC competition -- if your proposal doesn't make
THEM nervous your chances are poor.  Also, you also need to sell your
*idea* and not just yourself for a hosted scanner. Here are my
recommendations:

* What projects have you worked on that showcase your skills?  As long
  as the code is available they don't have to be "big name" projects.

* What attracts you to working on a hosted scanner?

* Why is your hosted scanner proposal a killer app and why is your
  proposal for a hosted scanner better thought out and better planned
  than all the others?

* You should provide a few links to bug fixes and other contributions
  you've made to other OSS projects that showcase your skill and
  troubleshooting/programming ability.

* Your hosted scanner should be generic enough that it can at least
  work with both PostgreSQL and MySQL.  DBs arguments get religious
  fast so don't choose sides just yet.

* Phrases like "depending on how difficult it turns out to be" as
  disconcerting.  It is easy to do a diff -- it is hard to diff in a
  way that produces meaningful data.  I can tell you from years of
  experience scanning the network here that scan deltas are HUGE.  You
  need to have ideas here for how this algorithm will work.  The
  heuristics you'll build into it, etc.  If you diffing can't produce
  useful results when 100,000 machines are scanned your code won't be
  used.

* Why is a daemonized scanner better than say, on-demand scanning?  I
  agree with the daemon but you need to explain in more detail your
  overall design as well as some finer details.

Finally, I suspect you intended this ("Slacker. I'll gladly accept
payment for sleeping. ;)") as a joke and perhaps Fyodor/David/others
will see it that way but I don't read it as a joke.  I strongly believe
that being a good developer (or being good at anything, really)
requires hard work and personal sacrifice.  The best always became the
best through hard work and spending their free time improving and
sharpening their skill sets.  I wouldn't want a GSoC applicant who would
take being paid for sleeping over being paid to learn and contribute.

David Fifield's GSoC application from 2007 did a very good job of
selling his skill set: http://www.bamsoftware.com/wiki/Nmap/Proposal  I
would recommend reading over some other successful applications for
ideas.

Again, please take the above as constructive criticism.

Good luck,

Brandon

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)

iEYEARECAAYFAku6dS8ACgkQqaGPzAsl94LvHQCdFnIxYeUVzLgEQX6CPZPdSsuM
zfIAoINd/r9kfgMDE06nf09KMtERGmJT
=j2Gw
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/