I'm writing a response to an RFP today, so I'll have to read these when I get a chance:
There were two more stories in my inbox this morning, but they deserve their own post after lunch.
Designer Josh Gee spent two years trying to put Boston city government forms online:
Getting city workers to accept online submissions rather than traditional paper ones is the bulk of this work. On average, it took me about 30 minutes to make a digital form and five weeks to meet with, earn the trust of, and get buy-in from the employees who would use it. Even if they were excited, the nitty gritty details took a lot of back and forth.
While I avoided a bunch of process change, there were some takeaways that I think are useful for anyone working to move government forms online:
- There is huge demand to move forms online — I had expected to drag departments online kicking and screaming. Instead, the majority of departments were eager to move things online and thrilled to have a partner with the technical knowledge, mandate, and tools to do that.
- Flexibility about form structure and questions — I initially thought there would be a strong demand for submissions that look exactly like current paper forms. That hasn’t been the case. In all but one or two cases, I was not only able to move forms online, but also suggest changes that made forms shorter, more clear, and more accessible.
- Excited about future change — Early on I began to notice a pattern. A few weeks after I moved a form online, some departments would to reach back out and ask for tools to help them manage digital submission, “This has been absolutely amazing. It would be great if I could approve it and then send it to Steve for his signature”. I thought a lot about the phrase salami slicing. If I tried to change everything about the way these departments worked right off the bat, they would have resisted every step of the way. Moving just a part of their workflow online made them eager to go completely digital.
This is close to home as my company is right now engaged in an effort to do this sort of thing for the U.S. Military Enrollment Processing Command. It's not easy.
Lots of things popped up in my browser today:
And now, back to work.
The Federal court in the Northern District of California ruled today that GrubHub delivery drivers are contractors, not employees:
The ruling may have far-reaching implications for other sharing economy companies, including Uber Technologies Inc., whose business models are built on pairing customers with products and services through apps and typically avoid the costs of traditional employment.
U.S. Magistrate Judge Jacqueline Scott Corley in San Francisco concluded Thursday, in a first-of-its-kind ruling, that a gig-economy driver doesn't qualify for the protections of employees under California law.
Charlotte Garden, an associate law professor at Seattle University, said Corley's decision is a “doubly big” win for GrubHub due to California's relatively high standard for establishing workers as independent contractors.
“If they can make it here, they can more likely make it anywhere,” Garden said. “It is also the first federal court to reach a verdict on whether workers in the gig economy are employees or not, so companies like Uber and Lyft will also be celebrating this win.”
(Of course, Uber may not survive its ongoing struggle with the Justice Department for other reasons, but that's not the point.)
Judge Corley admonished the state legislature to fix the problem this case exposed: “Under California law whether an individual performing services for another is an employee or an independent contractor is an all-or-nothing proposition,” she wrote. “With the advent of the gig economy, and the creation of a low wage workforce performing low skill but highly flexible episodic jobs, the legislature may want to address this stark dichotomy.”
We can expect multiple lawsuits in other Federal circuits any day now.
Via Bruce Schneier (and other sources), the Australian government suffered one of its worst-ever disclosures of secrets caused by not looking through used furniture:
It begins at a second-hand shop in Canberra, where ex-government furniture is sold off cheaply.
The deals can be even cheaper when the items in question are two heavy filing cabinets to which no-one can find the keys.
They were purchased for small change and sat unopened for some months until the locks were attacked with a drill.
Inside was the trove of documents now known as The Cabinet Files.
The thousands of pages reveal the inner workings of five separate governments and span nearly a decade.
Nearly all the files are classified, some as "top secret" or "AUSTEO", which means they are to be seen by Australian eyes only.
But the ex-government furniture sale was not limited to Australians — anyone could make a purchase.
And had they been inclined, there was nothing stopping them handing the contents to a foreign agent or government.
The found documents ranged from embarrassing (to both major Australian parties) to seriously top secret (troop deployments, police investigations). In response, the Australian government is calling for increased penalties for publishing or even possessing secret documents—but as Schneier points out, in this case that would have made the breech immeasurably worse for Australia:
This illustrates a fundamental misunderstanding of the threat. The Australian Broadcasting Corp gets their funding from the government, and was very restrained in what they published. They waited months before publishing as they coordinated with the Australian government. They allowed the government to secure the files, and then returned them. From the government's perspective, they were the best possible media outlet to receive this information. If the government makes it illegal for the Australian press to publish this sort of material, the next time it will be sent to the BBC, the Guardian, the New York Times, or Wikileaks. And since people no longer read their news from newspapers sold in stores but on the Internet, the result will be just as many people reading the stories with far fewer redactions.
In all, it's a reminder of the security adage that no security system can completely protect against human stupidity.
I got a weird text from T-Mobile a few minutes ago:
T-Mobile Alert: We have identified an industry-wide phone number port out scam and encourage you to add account security. Learn more: t-mo.co/secure
Well, that does not sound good.
And it's not. Apparently thieves have found that American mobile phone providers are unusually helpful when it comes time to steal mobile phone numbers (called "SIM hijacking") or to port those numbers to third-party mobile providers. In both cases, the thieves now have a way to bypass any three-factor authentication (TFA) you may have set up with, for example, your bank.
T-Mobile at least offers a service called "Port Authentication" which lets you set up a 6- to 16-digit PIN that you must have to make any changes to your account—like, for example, getting a new SIM. After getting the text alert, and validating it with trusted online sources, I immediately called 611 and set up port authentication.
There are a couple of other things you should do:
- Lock your phone all the time, with something very hard to subvert, like a strong password. If you must use a convenience feature like iris or fingerprint authentication, make sure the phone still requires a password on reboot.
- Set your phone up so that it doesn't display the contents of texts or IMs when your phone is locked.
- Encrypt your phone, so that even if all your other security is bypassed, you won't be stuck.
Seriously, this all costs you nothing and can save you a fortune.
Over the weekend I made a couple of minor updates to Weather Now, and today I'm going to spend some time taking it off its Azure Web Role and moving it to an Azure Website. That will (a) save me money and (b) make deployments a lot easier.
Meanwhile, a number of articles bubbled up overnight that I'll try to read at lunchtime:
Back to Azure deployment strategies.
Today I plan to take Parker on a decent walk before it gets cold and starts snowing. I'm also working on a couple of minor updates to Weather Now, including looking into creating an API against which I can write a React/Relay front-end.
Also I have a lot of reading to catch up on, some of which I may write about.
In other words: a quiet Saturday at home.
Amazon's bidding process for its second headquarters (HQ2) has given the company a bonanza of information about what 238 cities are willing to give up in order to get a piece of the action, and thus what levers Amazon can pull to get public money for its private gain. Not to mention, the applications gave the company millions of dollars worth of marketing data:
Amazon asked every city and state applying for its second headquarters for details about local resources, like available talent and transit options. Local officials were also prodded for tips on local education programs and tax incentives.
The answers — most of which have not been released publicly — essentially do Amazon’s homework for it, providing valuable information that the company otherwise would have needed to dig up on its own or obtain through one-on-one negotiations.
“This is not just about HQ2,” said Richard Florida, an authority on urban development and a professor at the University of Toronto. “It’s about a broader locational strategy. HQ2 is the carrot. That’s the only thing that makes sense.”
Meanwhile, CityLab has put together a guide to the "HQ2 Hunger Games" with detailed breakdowns of the 20 finalists. And they second the Times' assessment on Amazon's ulterior motives: "As CityLab has previously reported, the economic incentives being offered to lure Amazon’s 50,000 jobs and $5 billion in investment were historic in proportion even before the company announced the finalists."
I'm temporarily on a new project to backstop a lonely developer. Getting ramped up on that today took all my time. Regular posting should resume tomorrow.