One of my most memorable experiences in the Civil Service0 was discussing link shortening services with a very friendly1 person from the Foreign and Commonwealth Office. I was trying to explain why link shortners like bit.ly and ow.ly weren't sensible for Government use. They didn't seem to particularly care about the privacy implications or the […]
Continue reading →
Shortly before I left the Civil Service in 2023, I made a complete fool of myself. Someone on Slack was discussing their department's app and I (rather snidely) asked why it was an app rather than a website. After all, one of the seminal blog posts of GDS was about not building apps. In response, […]
Continue reading →
I hate being introspective. But I'm told it's good for me. A few months ago, I handed in my notice to Cabinet Office. And now I'm no longer a Civil Servant. It's hard to sum up those 2,462 days. Every day brought new challenges. I saw my work presented to the highest offices in the […]
Continue reading →
When the NHS was launched in 1948, this leaflet was sent out to everyone. I wanted to recreate the coat of arms that was on top to print on a t-shirt. Sadly, the scan available is too low a resolution for most modern purposes. Wikipedia has vector logos of most of the coats of arms […]
Continue reading →
I don't particularly like picking on the security of Government websites. I do it a lot - but I always feel guilty about besmirching the good name of the many talented people who work in the Civil Service. Today's flaw, however, is a particularly basic mistake which simply shouldn't be allowed to happen by any […]
Continue reading →
Eight years after I published this blog post, I helped officially release all these domain names as open data! Funny how life works out, eh? Would you like to know every domain name the UK Government had registered? Of course you would! There could be all sorts of interesting tit-bits hidden in there (ProtectAndSurvive.gov.uk? EbolaOutbreak2017.nhs.uk? […]
Continue reading →
Well, it's not often I get to completely influence the UK Government's approach to open standard. GOV.UK is adopting .ODF as their official document standard! All documentation will be also made available in HTML & PDF. Sweet! Yeah, yeah, so I only played a small part in the (no doubt) hideously complicated process - but […]
Continue reading →
This is part 5 of a series of blog posts looking at the security of the UK Government's web infrastructure. The primary cause of the vulnerabilities I've exposed over this series is abandonment. In a flurry of excitement a website is commissioned and created. Then, as time wears on, people begin to drift away from […]
Continue reading →
This is part 4 of a series of blog posts looking at the security of the UK Government's web infrastructure. Over the last few days, I've shown that hundreds of websites run by branches of the UK state are in a perilous state of disrepair. There are multiple sites with hugely embarrassing XSS flaws, running […]
Continue reading →
Cyber Security is of vital national importance. As the United Kingdom places more of its infrastructure onto the Internet, bugs and glitches go from minor inconveniences to full scale national emergencies. Suppose, for a moment, that a hacker were to interrupt payment processing for banks, or tamper with the UK's water supply, or cut off […]
Continue reading →
· domains gov.uk privacy QR Codes security · 12 comments · 700 words · read ~713 times.