Book Review: Platformland by Richard Pope


Book cover for Platformland featuring lots of interconnected shapes.

This is an exquisitely detailed and righteously determined look about the how and why of Digital Government. Richard Pope was there at the beginning of GOV.UK and helped steer it to the magnificent beast it is today. He reflects, clear eyed, on the various successes and failures of the geeky attempt to turn the state into something approaching modernity. He's forthright on his views about the lack of vision in most projects: The aim of most digitization programmes is the status quo,…

Continue reading →

What the UK Government gets wrong about QR codes


A leaflet for Childcare with a prominent QR code.

One of my most memorable experiences in the Civil Service was discussing link shortening services with a very friendly person from the Foreign and Commonwealth Office. I was trying to explain why link shortners like bit.ly and ow.ly weren't sensible for Government use. They didn't seem to particularly care about the privacy implications or the risk of phishing. I needed to take a different tack. "So, you know how .uk is the UK and .de is Germany, right?" "Yes." "What country do you think .ly …

Continue reading →

Are we 'appy about change?


Advert which says "Fancy working with us on the first GOV.UK mobile app? These Android developer roles are exciting..."

Shortly before I left the Civil Service in 2023, I made a complete fool of myself. Someone on Slack was discussing their department's app and I (rather snidely) asked why it was an app rather than a website. After all, one of the seminal blog posts of GDS was about not building apps. In response, I was given an eye-roll and told "because that's how most people get their information, grandpa!" Last week, I saw this job advert and I got an involuntary shudder. But I am wrong. Time moves on.…

Continue reading →

Weeknotes: fin. (So what did I accomplish?)


Photo of Terence presenting. The background has the NCSC logo.

I hate being introspective. But I'm told it's good for me. A few months ago, I handed in my notice to Cabinet Office. And now I'm no longer a Civil Servant. It's hard to sum up those 2,462 days. Every day brought new challenges. I saw my work presented to the highest offices in the land, discussed on the nightly news, cancelled due to General Elections, and implemented across the nation. I represented my country across the world, helped protect it from attacks both digital and biological,…

Continue reading →

When GOVUK is NSFW


I don't particularly like picking on the security of Government websites. I do it a lot - but I always feel guilty about besmirching the good name of the many talented people who work in the Civil Service. Today's flaw, however, is a particularly basic mistake which simply shouldn't be allowed to happen by any competent site owner. What Is An Open Redirect? A redirector is a small web service which takes the user to a new web page. It's a simple enough concept - if you visit:…

Continue reading →

A Complete List of Every UK Government Domain Name


The GOV.UK logo.

Eight years after I published this blog post, I helped officially release all these domain names as open data! Funny how life works out, eh? Would you like to know every domain name the UK Government had registered? Of course you would! There could be all sorts of interesting tit-bits hidden in there (ProtectAndSurvive.gov.uk? EbolaOutbreak2017.nhs.uk? MinistryOfTruth.police.uk?) Rather than relying on Freedom of Information requests, or Open Data, we can go straight to the source of domain …

Continue reading →

How I Got The UK Government To Adopt ODF


Screenshot of a Gov.UK page which says Using Open Document Formats (ODF) in your organisation.

Well, it's not often I get to completely influence the UK Government's approach to open standard. GOV.UK is adopting .ODF as their official document standard! All documentation will be also made available in HTML & PDF. Sweet! Yeah, yeah, so I only played a small part in the (no doubt) hideously complicated process - but I'm happy to take full credit :-) Last year, the UK Government opened up a Standards Hub. They were actively soliciting for challenges that the UK Government could take…

Continue reading →

The Unsecured State Part 5 - Abandoned Inquiries


This is part 5 of a series of blog posts looking at the security of the UK Government's web infrastructure. The primary cause of the vulnerabilities I've exposed over this series is abandonment. In a flurry of excitement a website is commissioned and created. Then, as time wears on, people begin to drift away from the project. Job titles change, people are reshuffled, and senior management's gaze focuses elsewhere. Who is now responsible for updating and maintaining the software? No…

Continue reading →

The Unsecured State Part 4 - UK Government Websites Spewing Spam


This is part 4 of a series of blog posts looking at the security of the UK Government's web infrastructure. Over the last few days, I've shown that hundreds of websites run by branches of the UK state are in a perilous state of disrepair. There are multiple sites with hugely embarrassing XSS flaws, running ancient and unsecured software, languishing unmaintained and long since abandoned. What are the consequences of failing to invest in security and maintenance? The websites become a haven …

Continue reading →

Should GOV.UK Run A Bug Bounty?


Cyber Security is of vital national importance. As the United Kingdom places more of its infrastructure onto the Internet, bugs and glitches go from minor inconveniences to full scale national emergencies. Suppose, for a moment, that a hacker were to interrupt payment processing for banks, or tamper with the UK's water supply, or cut off the phone lines. The economic damage alone could run into the billions. Anyone discovering such a flaw could illegally exploit it for their own gain, or…

Continue reading →

Browser Statistics for UK Government Websites


Royal coat of arms of the UK. A lion and a unicorn.

One of the great things about publicly blogging for the last 5 years, is that I can remind myself of what I was doing this time last year. Or several years ago. The Terence Eden of October 2009 was a busy chap! 22 blog posts! What a guy :-) One post which caught my eye recently, was asking "What are the browser statistics for 10 Downing Street?" Here was their answer UK Prime Minister@10DowningStreetReplying to @edent@edent Top are: IE7 22%, IE8 20%, IE6 12%, Firefox3.5.3 9%, FF3.5.2 7%,…

Continue reading →