6am Saturday the 24th I headed down to London for UK GovCamp 2015 – an unconference centered on the public sector.
As usual the was a huge variety of topics pitched, and personally I really appreciated the lack of an “introductions” session – it got things moving much faster.
My day went sonething like this:
- The other half of open source: wordpress, local GDS, github, APIs selfishness. Hosted by @simond and @danmaby
- Content strategy at scale. Hosted by @tomhewitson
- Stop me before I hack your website! and “How to do wordpress securely”. Hosted by @edent and @harrym
- Security screw-ups. Hosted by @glynwintle
- Corridor session catching up and drinking tea
Now this isn’t a full write up of the event, or even my day, but there’s a few things to highlight:
- GDS hasn’t filtered down to Local level. One was to tackle this, since Local Gov. is focussed around transactions, is to build a new middleware framework to integrate font- and back-end systems. Another tack would be a build an extensible platform, along the lines of WordPress, that could deal with creating and managing the front-end and integrate with any necesary back-end system.
- You must pentration test your site – reapeat 10 times. Particularly authoritative domains, which are high value for spammers in particular – watch for comment and hidden link spam. Think of it like an annual gas check – not a one off.
- A domain is for life, not just for… Orphaned domains can be re-registered by people with nefarious intents. This is especially dangerous if your domain is widely linked to, made even worse if they are authoratative themselves – there were some really nasty examples like the re-purposing of the Bloody Sunday and Hutton Inquirey sites.
- People are always a security weak spot – but that doesn’t mean you shouldn’t batten down the technical side. Don’t let the “script-kiddies” in.
- Password complexity requirements tend to weaken security – most people put a capital as the first letter, and punctuation (!) / number (0 or 1) as the last.
- Please(!) leave the water out all day. It’s not only at lunch time that people are thirsty – this is a speaking orientated event after all…
There’s a very interesting blogpost by @jonathanflowers that puts some thought’s I’ve had much more eloquently. I recommend you read the original but in essence – the session pitching format could do with some work. This would really increase the value of the conference to me, being able to ensure I’m in sessions that I really care about, or not – an informed decision at least.