You may have heard that a widespread security problem – ‘Heartbleed’ – has been found that affects a large proportion of all websites on the Internet.
Here is one of the many explanations about the nature of the problem.
Members of the mySociety team have reviewed our potential exposure to the vulnerability.
We have no indication that our sites have been attacked, or that any information has been stolen, but the nature of the vulnerability would make an attack difficult to detect, and we prefer to be reasonably cautious.
What does this mean for you? The advice from around the web has been for people to change passwords, especially on sites they use that contain a lot of very important information (e.g. your email account).
We think the risk that passwords have been compromised is low, but as changing passwords occasionally is always a good idea anyway, now might be a good time.
For those of you interested in the technical detail of our response, we have:
- Installed new SSL certificates based on a new private key
- Revoked the old SSL certificates
- Replaced the secrets used for security purposes in the affected sites
- Removed active sessions on affected sites, so that users will need to log in again
- Required that users with administrative access to affected sites reset their passwords
- Required that staff users reset their passwords
- Notified affected commercial clients so that they can take appropriate action
A few months ago we won a contract from Parliament to review its digital service provision (brief advertorial – we can do this kind of work for your organisation too).
Today Parliament has published that review. Here are a few comments:
- It’s great news that the Management Boards in Parliament have agreed to implement the two recommendations contained in the report. Reviews are one thing, actions another.
- It’s great that Parliament chose to publish the review at all. They didn’t have to, but they chose to without any prodding. Big thumbs up.
- We interviewed a lot of parliamentary staff (dozens and dozens of people). They’re a fantastically dedicated, interesting bunch working under often absurd pressures, and we think Parliament overall would probably have a better reputation if they had as much visibility as the elected members. Time for a docusoap, maybe?
- The review contains only two recommendations, even though there were hundreds of good ideas floating around. The reason for such extreme minimalism was to ensure that there was no ambiguity whatsoever about what we believe to be the essential reforms*. Once those reforms are enacted, the ground will be much more fertile for specific digital projects.
- My colleagues Ben Nickolls, Dave Whiteland and Mike Thompson did the majority of the real work on this review, conducting interviews and analysing data. My thanks to them for a job well done.
Parliament is encouraging public feedback on the review. Let them know what you think via NewDigitalService@parliament.uk
* If you want a digital review filled to the brim with lots of recommendations, try this 25 point action plan from the US federal government instead. Just remember that it was published roughly three years before this.
Photo by Greg Dunlap (CC)
What are your plans for late April? If you’re a civic coder, a campaigner or activist from anywhere in the world, hold everything: we want to see you in Santiago, Chile, for the first international PoplusCon.
Poplus is a project which aims to bring together those working in the digital democracy arena – groups or individuals – so that we can share our code and thus operate more efficiently.
We’re right at the beginning of what we hope will grow into a worldwide initiative. If you’d like to get involved, now is the time.
Together with Poplus’ co-founders, Ciudadano Inteligente, we will be running a two-day conference in Santiago on the 29th and 30th of April. It is free to attend, and we can even provide travel grants for those who qualify.
At some point in the final quarter of this year – and the exact moment differs, depending on who you believe – mySociety turned ten.
Our Director Tom, mySociety’s founder, describes this as “a frankly improbable milestone”. He has seen mySociety grow from an idea on the back of an envelope, to an international social enterprise with friends, partners, volunteers and clients around the world.
Last week, at a small birthday party, Tom pulled out five key elements of mySociety’s first decade – elements that symbolise different facets of the organisation’s growth and impact.
Not all of our many friends, associates and partners could join us at that party, so I’m going to share those elements here.
1. mySociety’s first project
This screenshot shows the brand new design for WriteToThem.com, which we have just recently put live.
WriteToThem, our site for sending messages to politicians, was the first mySociety launch. That was way back in 2004. This launch, says Tom, was a key moment because it showed that mySociety wasn’t just ideas and bluster – it could build useful things that people actually wanted.
WriteToThem was of course followed by sites like FixMyStreet, FixMyTransport and TheyWorkForYou, all built by marvellous developers to whom the organisation owes great thanks (see the foot of this post for a large quantity of thanks).
2. Our volunteers
Another of our UK websites is WhatDoTheyKnow, which lets you make or browse Freedom of Information requests, as simply as possible. It’s visited about half a million times a month, and has become a bit of a UK internet institution – a place you go for a certain kind of information.
Above is a screenshot from FOI blog Confirm or Deny: a list of 366 interesting things we know because of FOI requests made on the site. It was lovingly compiled by Helen, one of our volunteers; she’s a member of the truly heroic team who help keep that site running, and it represents the dedication that all our volunteers bring to their work.
See the thanks section for lots more gratitude to our volunteers – and read more about volunteering for mySociety here.
3. Our international partners
Above you can see a screenshot of Ki Mi Tut, a Hungarian Freedom of Information site, run by a local NGO. It already contains nearly 2,000 FOI requests. This site is a deployment of Alaveteli – the technology we spun out of WhatDoTheyKnow so that people around the world could run sites that would help citizens to chisel information out of their governments.
Ki Mi Tut symbolises the growing success of our international team, and mySociety’s international focus more generally. If you know mySociety as the builder of UK sites, you might not know that the great majority of our development efforts today goes towards helping groups like this to run services around the world: helping people to keep an eye on their politicians, obtain information from governments, get streets fixed and so on.
4. Our commercial work
mySociety isn’t just a charity any more – mySociety ltd is our trading subsidiary, and is growing fast. It’s twice the size the whole of mySociety used to be, and it’s still growing.
5. mySociety’s future
Tom finished by giving a glimpse at a new tool we have in development – SayIt – focused on helping people around the world find out more about what decision makers have been saying about things that matter to their lives, their homes, their jobs their kids or their communities. SayIt will go into a public alpha early in the New Year, and we’ll talk more about it then.
Unlike our earlier projects, SayIt isn’t being built for Britain first – it’s being built to work anywhere. We’re not building it alone: it’s just one of the components that form the Poplus partnership, a federation of collaborative empowerment tech builders that we have kicked off in conjunction with FCI Chile. And we promise we’ll let you all have a play very soon.
So, that’s it – a whistlestop tour of our first decade, and a glimpse at what’s to come.
We’d like to thank you for reading this far – and talking of thanks…
mySociety ltd, our trading arm, has been commissioned by Parliament to conduct a strategic review of their digital service provision. We’ve spoken face to face to all kinds of people, and now we are moving on to the online component of our survey. This gives everyone a chance to take part – including you.
We would like suggestions about where the strengths lie, and where you think there are gaps in Parliament’s online provision. Whether you’re a member of the general public who occasionally uses Parliamentary digital services, or you have a professional connection, your views are welcome.
With this commission, we have an opportunity to help Parliament gain a deeper insight into its users, their needs and offer advice on the best way to serve them – so we jumped in with both feet.
To kick things off, we’ve been interviewing all kinds of users, internal and external. It’s been absolutely fascinating to speak directly to the people who use the many sectors of Parliament’s large online estate.
Now we need your views. If you can spare a minute, please visit our short survey here. It will remain open until Friday the 22nd of November.
Photo by Garry Knight (CC)
In a break from tradition, I’m going to start this blog with an appeal.
We on the international team at mySociety are trying to improve the install process and documentation for all of our internationalised websites. Since we built the original sites, we’re not the best people to ask on what needs to be improved, as I’m sure you understand. If you’re interested in helping us out doing this I’ve created two surveys, you’ll find them at the end of this post! Or email me at firstname.lastname@example.org so I can ask you a few questions. On to other exciting things…
In site news we are working on Alaveteli sites for Uganda and Italy. Both of these should be finished and ready for launch soon, thanks to our developers and of course our partners for showing interest.
We’ve also been helping set up a FixMyStreet site in Cape Verde and a demo FixMyStreet site for Whypoll in India. While these two sites are being installed on mySociety’s servers, three people from Singapore and two people from South Africa are also working on FixMyStreet for their countries, as self installs.
And in Pombola news we are helping with websites in South Africa, Zimbabwe and are hoping to work with a team in Malawi.
But these are just the most recent sites! People are working on sites in Uruguay, Bosnia, Croatia, Italy and a number of other countries. Follow our twitter @mysocietyintl to find out more.
We’d love to help you set up your own site, or just give you advice on why sites like these can be useful. Send me an email at email@example.com to find out how!
15th to 19th September – OKCon, Geneva (Jen and Dave)
27th to 28th September – OverTheAir, Bletchley Park (Dave)
30th Sept to 3rd October – African Entrepreneurship Summit, Mauritius (Paul)
25th to 27th October – Mozfest, London (Dave)
30th October to 1st November – OGP London (Paul and Jen)
27th to 29th November – World Forum for Democracy, Strasbourg (Jen)
Please do drop by and say hello!
By the way, if you are hosting a conference and want us to come along and speak (for free! We don’t charge, and a lot of the time we try to pay our own way!) please drop a note to firstname.lastname@example.org . We love to connect with new people and would be delighted to be involved!
One more thing, as a p.s. Hopefully these “What we’ve been up to” updates will soon come to you in video format! Be kind to me if the first one is awkward!
We’ve got some exciting news at mySociety.
As you know we’ve been helping with the Kenyan Mzalendo website for a while now. And, we’ve been lucky enough to gather interest in Mzalendo‘s codebase from a number of other countries. These range from Ghana to South Africa, and even as far afield as Paraguay. It’s amazing and humbling for us, but we’ve recently realised one thing: Mzalendo has a wealth of history in Kenya, and an amazingly complex political association. It’s also the name of the website there. So we needed a new name that would allow the code to be changed without the change being associated with the original Kenyan Mzalendo.
Enter Pombola. This is the new name for the codebase which powers TheyWorkForYou, Mzalendo, Odekro, ShineYourEye, work-in-progress Kuvakazim and other parliamentary monitoring websites across Africa and the world.
You may ask, “Why Pombola? What does it mean?”
Well, it is a pretty easy word to remember. And no one else is using it (possibly because we created it!). The word is a mix of the initials PMO (Parliamentary Monitoring Organisation) and Tombola.
“A Tombola?” I hear you cry in surprise. Well, in a Tombola, you are making a choice with no information at all – just selecting a ticket and hoping that you get lucky. A Pombola site aims to be the opposite – you’ll get as much information as possible about your elected representatives, so that when you make a choice in future, you’ll have all the facts.
If you’re interested in using the code you’ll find the repository here on github, along with some documentation.
If you’re not technical but still want to use this then please contact me and we can discuss what we can do!
And remember, this may monitor parliaments now, but you could use it for anything (*)
(*) Disclaimer: please only use for good. Girl with Balloons from Courtney Air map from OpenFlights.org
You may remember our recent post announcing that we’d been nominated for an Emmy and a BAFTA award. Always the bridesmaid and never the bride, you might have thought.
As you’ll recall, we created the app and the website tools for the Channel 4 programme alongside production companies Tiger Aspect and the Project Factory, who share the accolade.
So: yays all round – and don’t forget, our award-winning skills are for hire.
We won’t insist on being addressed this way, but you can now append ‘BAFTA and Emmy nominated’ to our name. We were very chuffed to be nominated for two television awards in the last month: the BAFTA for Digital Creativity in Television Craft, and the Emmy for best Digital Non-fiction Programme.
‘TV?’, you might be thinking, ‘I thought mySociety were all about digital stuff.’ Well, increasingly, of course, the lines are blurred. Television programmes come bundled with their own website, Twitter hashtag, or app. These days, TV is less about being a passive viewer, more about becoming part of an active, engaged conversation online.
Last year, we worked with Channel 4 and TV production company Tiger Aspect to create the app and the website tools that accompanied their programme about empty houses – The Great British Property Scandal. A repurposing of the software that underlies FixMyStreet, the app enabled viewers to report empty homes; the site petition amassed 119k signatures – so the audience certainly got involved.
We were, of course, delighted to have been recognised, along with C4 and Tiger Aspect. In the end, we didn’t need the space we’d hastily cleared on the mySociety mantelpiece, but as the BAFTA went to the incomparable Paralympics, we really can’t begrudge it.
And of course, if you’re a TV company looking for help with your digital tie-ins, we’re happy to help.
The Open Democracy Advice Centre (ODAC) in South Africa will be using mySociety’s Alaveteli software in their latest project – and, with a bit of match-making from mySociety, the preparation period has been rigorous.
Alaveteli is our open source Freedom of Information platform. It underlies our own UK-based WhatDoTheyKnow, and right-to-know sites around the world. Alaveteli sites make it easy for citizens to ask questions of those bodies who operate under Freedom of Information law and, significantly, they automatically publish all responses.
Before any coding or implementation began, we got ODAC together with the “Governance Collaboratory”, an initiative from the d.school in Stanford University that seeks to apply the “design thinking” approach to projects that intend to make government more open, more effective, and more accountable. We’ve observed quite a few Alaveteli installs, but while we’re always on hand to offer support and answer development queries, we’ve never prepared the ground quite like this.
Gabriella Razzano of ODAC welcomed Jeremy Weinstein and Jenny Stefanotti, both from the d.school, to Cape Town for an intensive few days of assessing how the design thinking approach could shape the project. Two staff from mySociety also went along — Paul (our Head of International Projects) and Dave (one of our developers) — because we’re keen to understand how the d.school’s approach might improve the way we go about building our new projects.
Now, at mySociety we already know a thing or two about building civic systems that engage with the public, because we have considerable experience in the field. We are expert at combining user experience and current tech to create simple, usable interfaces (see our DIY blog for some example details). We conduct usability tests, we apply A/B testing, and we think hard about what our analytics tell us. But actually much of this is reactive, iterative design: it’s being applied after the core product has already been built.
Design thinking challenges this approach by suggesting that the user on which initial designs are often based is purely imaginary. As a result, the site inevitably includes the assumptions and prejudices of its creators. This won’t necessarily lead to a bad design — especially if the creators are benign and experienced — but it must fail, by definition, to account for the unexpected things that may motivate or concern actual users. The design thinking process attempts to change this by approaching the initial problem in a prescribed way and following a process that isolates genuine, existing requirements. This includes, in design thinking terms, processing the initial interviews into empathy maps from which requirements emerge, and which themselves become features that are rapidly prototyped in isolation from other parts of the system.
This is uncomfortable for those of us used to building loose iterations from the bottom up and refining them later. It means introducing empathy and rapid, offline prototyping much earlier in the process than we’d normally expect. Certainly in the commercial world it’s common for a company to prototype against their target consumers early on. But for civic projects such as mySociety’s, it’s often much harder to identify who the users will be, for the impressive yet overwhelming reason that often we are building our platforms for everybody. This can lead to generalisations which may miss specific issues that could make a huge difference to some users.
The d.school advocates a “learning by doing” way of teaching, so the days we spent in Cape Town were a busy mix of practice as well as theory. We interviewed people who had a variety of reasons to want to make Freedom of Information requests, including an activist who’s already used South Africa’s Freedom of Information legislation to make requests regarding housing projects, the head of a rape crisis centre, and law students who may well become a nation’s most empowered activists. From these interviews we isolated specific needs, which at this stage were nearly all unconnected to any digital or web requirement. Jeremy and Jenny then led us through the process of rapid, analogue prototyping intended to address those needs.
Inevitably we could only scratch the surface in the few days we had available, but we hope ODAC will be able to apply the process to the development of their project, just as we aim to use it to benefit the work on ours.
Image credit: Procavia capensis (Rock-dwelling Hyrax or Dassie) by Arthur Chapman, released under CC BY-NC-SA on Flickr.
They tell visitors that dassies such as these live atop Table Mountain. We went up there and saw none. Similarly, Freedom of Information requests exist in South Africa under the Promotion of Access to Information Act 2000 (PAIA), but most people have never seen one — fewer than 200 PAIA requests were made nationally in 2012. This tenuous comparison allows us to illustrate the blog post with a cute picture of fuzzy mammals.