Issues weekly: remote working, buttons, locks and canaries

Kia ora koutou,

This week us in the issues team have been thinking and talking about remote working (we are in two cities after all), open data, warrant canaries dying in the Internet mines and snappy logos for vulnerabilities.

Remote working vs being remote-first? 

I’ve written and published this blog while working from home today and it reminded me to re-read a blog about being a remote-friendly vs remote-first organisation.  The piece, mentioned by Lillian Grace from FigureNZ (one of our strategic partners), sets out some of the tensions that comes with having a workforce that is partly remote and the tools and cultural practices that you use. Lillian and FigureNZ’s experiences, recently put on IITPs TechBlog, also tells a great story about how she sought the best people across NZ, for their new organisation and how their workflow and communications needed to be structured.

They’re both worth a read in this day of fibre roll-outs and especially if you are thinking about expanding your team into different cities or timezones. Fun fact: this blog was written and published from home with people in the Auckland and Wellington office reviewing copy through google docs!

There’s an app for Open Data now?

The Open Data Button is a new tool (still in beta) to help draw more academic research datasets out of hiding and into the light. The Open Data button is a browser plug-in that lets you search open data sources for the data behind research you’re looking at, if it can’t find the data, it will start a request to the author for the data, and then when authors agree to share the data you get it (and so does the rest of the world).

A Warrant Canary dies

A warrant canary is a US-centric term to describe when business says “We have not been served with a national security letter demanding access to a customer’s data”, or something to that effect. The idea is that, in the US, national security letters are warrants that are also gag-orders, so you can’t tell your customers when you are served with one. BUT, the theory is that you can’t be forced to make false claims, so instead you take down your warrant canary when a warrant/national security letter comes in.

Its pretty niche, but it appears that Reddit, rather than having a warrant canary on its site had one in its annual transparency report, but it’s not there this year, they simply didn't put a section in the latest report. It’s caused quite a hubbub. Bruce Schnier’s short piece on it covers a fair few of the main questions that get raised about warrant canaries, and the comments section has some quite good points of view in it too (as heretical as it may sound to suggest reading the comments).

Badlock; at least it has a nice logo?

It seems that these days, the best way to drive awareness for a security vulnerability is to get the help of some PR or comms folk, devise a logo and catchy name to help drive awareness. We had Heartbleed, Poodle, Shellshock, the many Stagefrights and now Badlock. What is… “interesting” here is that badlock’s logo and site has gone up before they’ve published details and the patches have been released. It appears to be a vulnerability in Samba and Windows servers. But seeing as there are only 1200ish Internet-facing Samba instances in NZ (I got someone to do a scan for me), I must be missing the bit as to why this vulnerability is serious enough to have a logo? I guess if you have one of those 1200 samba instances you'll appreciate the added publicity.

Maybe I’m just getting old and logos is the style of the time (in my day it was wearing onions on our belts).


What are we focussing on this week?

  • On Tuesday our Council will be considering our proposed activity plan, with some really exciting projects in store for the Issues team. Expect us to talk about those next week. 
  • Jordan and James will be making an in-person submission on the TPP on Friday.