Notices by Waldo Jaquith (waldoj@mastodon.social)

Yesterday somebody set up a fake profile in my name, following people who follow me here / who I follow. No good will come of that. Oddly, Mastodon.social has no apparent mechanism of reporting this, specifically, so I've reported it as a general offense. Anyway, let it be known, I'm the only me.

Has anybody put together a list of best practices for openness in government software beyond open licensing? Like public uptime tracking, a public backlog, a public release history, and public security contact information? I have a loose collection of these things in my head, but I bet somebody's done better work on this.

Bold claim from this local restaurant.

@anildash I'm delighted to see that Karien and Esra’a will be taking on stronger governance role!

Sycamore leaf.

My chickens have discovered they can follow around the lawnmower and eat the fleeing, exposed insects.

@futurebird This Mastodon scam was particularly ham-fisted, but the phone call you got is a good reminder that absolutely none of us are un-scammable. The U.S. is a scam culture—we are subjected to constant scams. We can't dodge them all. Eventually I'm gonna get got, and I hope I'll have the nerve to call it up publicly.

Well here’s an interesting new scam.

I'm looking for security consultant recommendations! I support a non-profit that’s building PII-storing open source software that integrates with government data storage systems, and they would like a third-party security assessment. This is *not* about compliance, this is straight-up wanting somebody to review their code and practices, try to break in, etc. If you've worked a small or single-person (read as: not really expensive) consultant you'd recommend for this, I'd love to hear about them.

Somebody posted the source code to the IRS’s Direct File to GitHub. https://github.com/IRS-Public/direct-file

Ah, the world’s major cultures.

trumpcard.gov
https://mastodon.social/@botgov/114223739229794922

The last non-evil printer company has turned evil. Brother has rolled out firmware update that prevent third-party toner cartridges from working. https://www.tomshardware.com/peripherals/printers/brother-accused-of-locking-down-third-party-printer-ink-cartridges-via-firmware-updates-removing-older-firmware-versions-from-support-portals

Blog entry: Once upon a time, government had an exception for onerous procurement rules for software you could walk into a store and buy. If you wanted copies of Windows, fine, just buy copies of windows. They called it “COTS”: Commercial Off-The-Shelf software. And that became a big loophole.

It’s only COTS if you can use it the next day and configure it yourself, otherwise it’s just sparkling custom software. https://waldo.jaquith.org/blog/2025/01/customized-cots-when-government-demands-to-be-lied-to/

I’m muting this thread because it has achieved escape velocity, resulting in a bunch of replies like “here in Kerblekistan we have achieved a 16% PET recycling rate through exploiting the Malaysian immigrant underclass so therefore plastic recycling works great.” 🙄

I leave you with this video on the topic. https://www.youtube.com/watch?v=Fiu9GSOmt8E

Before anybody gets all up in my mentions: yes, it is hypothetically possible to recycle some types of plastic and yes, there is a small-scale PET recycling industry, but recycling plastics at scale is infeasible and has no path to feasibility.

Plastic recycling is a myth created and propped up by the petroleum industry. https://www.tomshardware.com/tech-industry/texas-resident-used-apple-airtags-to-discover-plastics-taken-to-houston-recycling-centers-arent-being-recycled

@jamiemccarthy @inthehands @violetblue Yeah, I'm reading through this and just don't see anything like what's claimed in the original post. This description is pretty clear, and it is definitely not “last year's average is this year's zero.”

Yesterday was my final day at U.S. Treasury OCIO. I’m proud of what our team accomplished there. We did a lot of long-term transformational work, cleared the way for the Direct File team, normalized centering end users, and built a new procurement path for custom software.

We did a lot of good. Some can be undone, but the culture change will last a long time. Once you show people what good software looks like, they won’t soon lower their expectations.

Automattic: WP Engine is bad because they don't contribute to WordPress!

Also Automattic: We will stop contributing to WordPress. https://automattic.com/2025/01/09/aligning-automattics-sponsored-contributions-to-wordpress/