Spam spoofs .gov

I had a call today from someone in a local council – a confused someone. They’d received some email from Thinking that “” sounded important, they checked the website and found that it was ours – the ukonline main site. So the mail must be legitimate they thought. It contained a solicitation to open the attachment and complete the details in the enclosed form to avoid any problems with their “account”. Naturally, this was a pile of rubbish and in the attachment was an executable that hijacked their network and has sent out god knows how many emails to all and sundry.

I sympathise with what occurred at this council – but it proves that the education process is not sufficient yet. If we’re going to eradicate viruses then everyone needs to make the investment in good software to counter them. The idea that a council or corporation would have an open network, today, with no anti-virus defies belief.

My own mail provider religiously notifies me of all the viruses it has stopped – I’d much rather it didn’t, after all, a mail telling me that I didn’t get a virus still clogs up the mail system, counts as spam in my book and is really only ego-mail for the provider so that they can tell me that they are looking after me. But, if that’s the price of not getting viruses, I’ll pay it for now.

Digital certificates – still harder than the hardest thing you know

Nice piece from Jon Udell who thinks that he may have installed more certs on more browsers on more platforms than anyone in history (which is some confession given how generally difficult that is). Someone’s written to him pitching a product which is not unusual and they claim it works, which is also not unusual – the pitcher says

do you suppose free email certificates wouldn’t be free today if people actually wanted them? They are free because nobody will pay for them, and even at the cost of nada, few actually do. I think this points out that people as a whole just can’t work with PKI’s complexity, portability and constant renewal hassles.

And Jon’s killer punch is

PKI is only a first draft of the solution. It’s possible that we’ll need to rip it up and start over. It’s also possible, though, that we can refine and improve it. But not if current implementations don’t evolve in response to use.

30 years to get to the trough of discontent and still noone uses them … global mutual trust without pain? hmmm … rip and refine or, more likely, rip, rethink, replace and redo (from scratch)

My phone finally comes alive

Ever since I came back to the UK in 1999 I’ve had endless problems getting any phone I had to work on wap/download email/send MMS etc. I’ve changed phones every so often (some would doubtless say often) and each time occasionally got some mail through, seemingly by chance. Last month I tried a Treo 600 out but it crashed endlessly (usually on answering a call) so I gave that up and tried a P900 from Sony Ericsson (as a previous and long-term customer of the P800 this seemed a logical move). Guess what? No email again. But this time Brian, “the fix it” who I have talked about before here, took Vodafone to task and solved the problem – a screwup in their gateway (not my gateway I hasten to add). And now, after all this time, I can get email on my phone and even send it! Wow. Real progress (finally).

Says No 10

The clever people at MySociety have bought you a new service, DowningStreetSays, which is a kind of blog of the press briefings given by the mysterious PMOS every day at No.10 Downing Street. Whilst it’s not official, I imagine it uses the official service as a base, which you can find on the offical site. The main differences between the two are that with the MySociety version, you can leave comments and it’s a little easier to track back through the archives (because of the blog style format). Rumour has it that there are yet more similar projects in the works.

You go away for a week

I’m back after a week in the mountains doing some skiing. Thinking about it, I call it skiing but plenty of others might not agree with me. Anyway, whilst I was away not only did we launch the first version of the Online Government Store, known as Directgov

There look to have been quite a few stories on the site, with one or two astute observations that I’ll come to in a minute. The new site contrasts with the “old site”, ukonline, in many ways – but most obviously in look and feel. Ukonline looks like this:

Both were built using the same core engine, DotP, which “forces” a few consistent pieces – thinks like the tabbed navigation, the search engine in the top right, but then lots of others things be up to the design team. For example, the Department of Health’s website, which also runs on DotP, looks like this:

On to the comments: James Crabtree, over at VoxP, wonders why there are so many external links and ponders whether more use of XML would solve this. He’s right, in some ways at least. XML feeds from sites that we linked to would allow us to “suck in” content from that site and present it within the DirectGov world. That needs a few things but, obviously, it needs the sending sites to be set up so as to publish XML; but then it also needs guidelines for each site on whether whitelabeling is allowed, whether it has to be branded, whether text can be chopped up and so on. There would also be some issues about change control – if the text on a page changed, what would the editorial team have to do about it (all things that can be bypassed with a link, although we do check to see if text has changed significantly); there’s another set of issues about the whats and wherefores of XML feeds (or RSS), whereby they are rarely used as intelligent feeds, only as simple lists (e.g. the last 10 news stories); finally, there’s the issue that RSS today is only about headers and links (or full body copy) and tone and style could make for big differences in understanding. Still, it needs to happen – or, we could simply, have everyone write their content in the directgov house style and host it internally. – you can check in, but you can never leave.

Mike Cross wonders about end to end transactions and, particularly, the role for local government on the site. I’ll leave the latter to the experts. The former, though, is a very interesting question. The hardest thing to do, I think, would be to take a transaction that is explicitly understood to be with, say, the Inland Revenue (like Self Assessment) and rebrand/repackage/represent it in a new style – it would be confusing for everyone all round. But, if we were to look at transactions that noone really owns – say, single engines that calculate benefits/tax credits entitlement or business regulations for a given type of business/business size/business geography – then a site like directgov (or its business equivalent) would be an ideal home. Then the transaction can be built from scratch and designed in a joined up way. Folks tell me all the time that web stervices will solve the issue of how to handle transactions like Self Assessment in sites like directgov and my response is, well, let’s just say I’m waiting to see it.

There’s a funny quote that popped up a few times, in VNU, for instance

“With UKonline, a single change could cost several thousands of pounds to make; now we can make changes easily,” said the e-Envoy, Andrew Pinder.

That was true in 2000 but hasn’t been true since about January 2001, so I think there’s either a misquote in there or a misunderstanding driven from the original ukonline not being built inside a content management system

And, talking of Andrew Pinder … But also (in the list of things this week) … the e-envoy redux job, aka the head of e-government was announced … and lots of commentary on that too:

e-health insider, who ponder whether Richard Granger is up for the job

silicon, who mix up DotP and the Gateway and say that Dotp was developed by Sapient and Microsoft … but Sapient and Sun would be correct.

and contractor UK … who wonder how everything will be pulled together by the end of 2005

For those who want to apply, the job ad is on the times site.