I’m running for OpenSSF TAC, as an independent, in an election that any OpenSSF participants are eligible to vote in. If you’ve been active in OpenSSF, I’d appreciate your vote. The election is open until 30 December. If you’d like to know more background, read on. In Summer 2022, I joined Snyk and became involved with the Open Source Security Foundation – the OpenSSF. The OpenSSF is a Linux Foundation off-shoot which focuses on … well … Open Source Security – and specifically on “software supply chain” security. My philosophy when it comes to open source foundations and governance bodies like this is that if you want to be involved then it’s best to do so proactively – to jump in with both feet. That is one reason why, in late 2022, I put myself forward as a candidate for OpenSSF’s Technical Advisory Council.  Given the fact that I’ve been impacted in a recent round of lay-offs at Snyk, you might wonder why am I still involved in this organization and why have I once again put myself forward for OpenSSF TAC election this year? Since becoming involved with this community, with this part of the open source ecosystem, I’ve become convinced of the importance of this way of thinking about open source software. I still believe what I wrote in 2022: “This web of software that we all rely on so much is under constant attack.” The more developers are empowered and supported to mitigate against software security issues during the development process, the stronger the defence against this …

Why Am I Running for OpenSSF TAC? Read more »

In navigating the landscape of technology and digital innovation, we often find ourselves having to deal with complex concepts that cross between the technical, policy and legal domains. We hear words like “open source”, “open data”, and “open standards” thrown around, each with its attached notions of transparency, accessibility, and collaboration. However, these concepts aren’t as interchangeable as they might seem, and it’s crucial to understand the different rules that govern each. Bear in mind too that the term “IP” or “intellectual property” is really a catch-all term for a bag full of different types of rights, including copyright (which can apply to software, as a so-called literary work), database rights, patents, trade marks, and more. As someone who has served as an Open Source & Open Standards Strategy Director, worked for the Open Data Institute, and sat on the Open Standards Board for the UK Government, I’ve seen first-hand the nuances that define and differentiate these domains. This understanding is crucial as we cannot simply transfer licenses or IP guidelines from one sphere to another, owing to their unique features and scopes. This post was prompted by a few examples I’ve seen this year where people are either misunderstanding the differences between these domains, or conflating them. Having said all that: I am not a lawyer. This is not legal advice. I did not say this. I am not here. Open Source licenses: Code Reuse The term “open source” generally refers to a type of software whose source code is accessible to the public, allowing …

What’s the deal with Open Source, Open Data, and Open Standards licenses? Read more »

What’s an influencer, anyway? This is the question that rings out in my mind as I attempt to internalize the fact that I have been named one of the Top 100 UK Open Source Influencers for 2022 as part of their 2023 honours list #OpenUKHonours23. It’s definitely an “honour” to be recognized by OpenUK for my work in this way. But when we think of internet “influencers,” open source usually doesn’t come to mind. What I think and hope it means to be an open source influencer is that people are listening to what I have to say, be it on social media, in blog posts, videos, or whatever channel. But with great power comes great responsibility, right? So what can I use this currency, this influential authority, for?  I hope that I’ve influenced people to pay attention to ethical technology development, to the importance of privacy and personal dignity, and to the importance of building diverse and inclusive communities as we build tools, services, and applications for people. I also hope I’ve influenced people to understand the importance of community efforts, open source, and open standards in helping to build a technology ecosystem on the internet that is sustainable and exists to build people up and support society, starting from supporting marginalized groups. Halfway through 2022, I changed jobs, joining Snyk as Open Source & Open Standards Strategy Director. One thing that attracted me to Snyk was its stance on workplace flexibility. I hope to influence in 2023 by banging the drum a little about the importance of flexibility in the …

Influence Read more »

If you’re like me and you hate everything Facebook has become and everything they do as a company but you keep using it because nice people you really want to stay in touch with are on it, then here are a few simple tips to minimise your Facebook exposure: 1. Disable Facebook Platform. Instructions are helpfully provided here: https://www.facebook.com/help/211829542181913/ After doing this, you will no longer be able to use Facebook to log in to other sites. That helps to remove Facebook’s power. If you already use Facebook to log in to other sites then this can be bit of a pain but it’s worth it to extricate yourself from Facebook’s platform. 2. Isolate Facebook. Using the Brave browser that blocks ads and tracking is one way. (Brave is my primary browser these days.) If you use Firefox, install Mozilla’s Facebook container extension: https://addons.mozilla.org/…/fire…/addon/facebook-container/ that will automatically isolate your Facebook usage from your usage of other websites. In Chrome or Opera, use a good third party tracking blocker such as Privacy Badger: https://www.eff.org/privacybadger. (On my Firefox installations, I have Facebook container, Privacy Badger and HTTPS Everywhere installed). This limits what Facebook can know about your comings and goings on the rest of the web. 3. Delete any Facebook apps from all of your mobile devices. Sorry – this is an important one. Installing any Facebook app (including Facebook Messenger) gives Facebook unlimited access to information about you all the time. Delete the apps. Instead, use Facebook via the web browse and ensure you also have a tracking blocker installed on your …

How To Put Facebook in a Box Read more »

I posted the following on Medium earlier today. Basically I have just had it with Lanyrd’s downtime and the seeming unwillingness of parent EventBrite to make any investment in this important service. Let me know what you think and more importantly suggest some alternatives. Dear EventBrite and Lanyrd: WTF?

So one question I get asked a lot about my Apple Watch is “how do you use it?” (Or sometimes ”how often do you use it?”) From my experience with the Apple Watch thus far, this isn’t the right formulation. In one sense you’re always “using” it because it’s always on you. It isn’t usually something you affirmatively use though. It’s more about the notifications and the ways in which it can replace (mostly with better / easier overall user experience) some functions of the iPhone. At right is my boarding pass for a recent flight I took to Vienna to speak at the Uberall App Congress. I presented this image at the end of my talk (which was about how app developers should better make use of the web) to illustrate a point. I was able to get my Austrian Air boarding pass on my wrist without the need for a special Austrian Air app either on my phone or on my watch. The check-in took place on the web site (used from my phone’s browser in this case) and the passbook boarding pass was delivered by email. Once the boarding pass was in passbook, it magically loads into the watch. When the time for the flight drew near, a notification appeared on the watch bringing me directly to the boarding pass. The only slightly cumbersome bit was scrolling down to the 2d barcode with luggage and passport in hand – certainly no less cumbersome (and accident-prone) than fishing out your phone to do the same. The …

How do I “Use” Apple Watch? Read more »

So the UK government seems to have launched a new public awareness campaign dubbed #cyberstreetwise  (evidenced by posters in the Tube I spotted this weekend). The campaign’s web site is : https://www.cyberstreetwise.com. Bonus points for a https URL. Negative points for choosing a “.com” domain instead of a more appropriate “.co.uk” or even “.uk” domain. So first of all, I was confused initially about who was supporting it. The logos at the bottom left panel include HM Government but also the more recognizable Facebook and Twitter logos (without explanation) which seems (to me) to mean “this is being sponsored by the government, Twitter and Facebook” or possibly “this is a government initiative with sponsorship provided by Twitter and Facebook.” In fact, reading the web site, it appears that neither Twitter nor Facebook have any formal role, so the presence of their logos is somewhat mystifying. I Suppose they just mean “we are on Twitter and Facebook” but honestly, these days who isn’t? [Side note: what is up with random Facebook and Twitter logos on things?  See my Twitter update on this topic that seemed to “go viral” earlier today.] But putting this to the side for a second, I really don’t know what to make of this campaign. On the one hand, it’s exactly the kind of public awareness campaign thatI feel is needed. People need to start getting more aware of the the web basics, especially around privacy, e-safety, scams. use of strong passwords, installation of updates and use of security software. So yes. Great. But the …

Mixed Feelings About the UK Government #Cyberstreetwise Campaign Read more »

According to The Verge, the “Anonabox” Kickstarter is Trying to be a One-Stop-Shop for Internet Privacy. So the hacker in me loves the idea of this, but actually I think it’s probably over-kill (and an over-promise) for most people’s web privacy needs. First of all, if you want to surf the Web through the Tor network you just have to download an install the Tor browser bundle (https://www.torproject.org/download/download – also see this Guardian article from last year: http://gu.com/p/3k569) . This application download actually pairs a heavily customized (with additional anonymity-enhancing features) Firefox browser with the Tor networking software. But even that is overkill for most casual “private browsing.” If you are just trying to search privately (for example, for medical-related topics that you don’t want showing up in your ads the next time you search the web) then the private browsing modes that now come as standard with modern browsers (Chrome calls it “incognito”) are perfectly fine. What these modes don’t protect you from is your network provider (ISP) snooping browsing. Tor does encrypt your network traffic (to the Tor service) but it comes with major downsides such as slowness. Because of the way Tor works, routing your traffic around the Internet until it finally pops out onto the public Net at an “exit node”, your traffic will also appear as if it’s coming from another country than the one you live in. So for example if you live in the UK you will find BBC iPlayer will not work through Tor. Also if you run …

“Anonabox”: One-Stop-Shop for Internet Privacy? Read more »

Just playing around with the new “hand off” (I guess this falls under) feature in IOS8 / Yosemite. If you have a phone number in a web page suitably marked up as <a href=”tel:…”>link</a> and visit that page with Safari, clicking on the link will automatically send you to the FaceTime calling application which will start calling the number from your (i)phone with the audio piped through your Mac. Very neat trick!

So I get a notification on my phone today that my (relatively newly installed) Nest Protect smoke alarm is going off and there is “smoke in the hallway.” This happens to be the day we have a cleaner in in the morning and nobody else is in the house. Going into the app, I saw that the alarm had been “hushed” (presumably by the cleaner) so I immediately suspected that house was not, in fact, burning down. Got in touch with the cleaner and she reported that there was no smoke but that the alarm kept going off. Luckily I was able to come home and check out the situation. Indeed, when I came home the alarm was freaking out and the air was completely clear. I took the unit outside just to be sure and it still kept going off. I turned the unit off and then on again (channeling the IT Crowd) and still the alarm was going off. So I called customer service. I found the customer service number buried on their web site (and also a US number with no dialing prefix so I had to know how to dial it – not ideal for a UK customer). Once I got through to an agent, they were super-helpful (even though it was the middle of the night for them), took me through a check-list and swiftly arranged for a replacement unit to be sent out to me. I’m still not sure whether the unit was faulty or if it was something the …

Fun with the Nest Smoke Alarm Read more »