https://devsummit.aspirationtech.org/api.php?action=feedcontributions&user=Jucsanch&feedformat=atomDevSummit - User contributions [en]2024-03-29T01:31:21ZUser contributionsMediaWiki 1.35.1https://devsummit.aspirationtech.org/index.php?title=Lifecycles_of_websites&diff=2299Lifecycles of websites2016-11-28T20:44:50Z<p>Jucsanch: Created page with "==Discussed:== Lack of experience with site lifecyle * Spec maintenance - encouraging owners to pay attention and /or take over themselves ** Ongoing contact model ** Documen..."</p>
<hr />
<div>==Discussed:==<br />
<br />
Lack of experience with site lifecyle<br />
* Spec maintenance - encouraging owners to pay attention and /or take over themselves<br />
** Ongoing contact model<br />
** Documentation is problematic<br />
*** Create documentation as part of ramp up<br />
<br />
Content - keeping current:<br />
* Who provides it?<br />
* Who does it?<br />
<br />
Keeping site security updated <br />
* difference between Drupal and WordPress<br />
** Drupal: Security updates only <br />
** WordPress: Choosing plugins with eye to longevity - indicators are install base, last updated, # of issues resolved<br />
<br />
What defines end of website lifecycle?<br />
* clients "drop off the map" but site is still live<br />
** not applicable in cases where developer is hosting site/owns hosting<br />
*Client rarely initiates request to delete site when they're in charge of hosting/domain<br />
* hosting company pulls site after neglect or deletes plugins that affect site functionality<br />
* client requests complete revamp of site<br />
* "zombie" website - keep up because easier solution than taking it down<br />
<br />
==Tracking suppent requests==<br />
Tools:<br />
* email (small scale)<br />
* Zendesk (expensive)<br />
* Trello (private tracker <br />
<br />
Transparency to use is important!<br />
<br />
==Updates==<br />
Content updates are part of a life cycle<br />
Challenges:<br />
* Creating new content<br />
* messaging existing content before transfer to new version of site<br />
Content will not create itself and will not update itself; make planning for content updates as part of life cycle</div>Jucsanchhttps://devsummit.aspirationtech.org/index.php?title=The_role_of_art&diff=2293The role of art2016-11-23T01:32:14Z<p>Jucsanch: Created page with "'''Questions:''' * How do we do art and engage with art for self and community nourishment? * How can and does support our activism and our communities? '''Discussion''' * De..."</p>
<hr />
<div>'''Questions:'''<br />
* How do we do art and engage with art for self and community nourishment?<br />
* How can and does support our activism and our communities?<br />
<br />
'''Discussion'''<br />
* Desire for art as a tool for engagement and solidarity;<br />
* Vehicles for art engagement: open spaces (post it notes on wall), stencils,<br />
* poetry infusion –unamplified, public open mics – utilizing public space for actions<br />
* Very important forus to bake-in art time into our day, not just do it when our to do list is done<br />
* Art is inspiration and needed; inspire people to be more brave and speak out more<br />
* Exercise options:Free association of words- – one person says a word, the other person says another word and it could continue. This could be in a pair or more people.<br />
* Bay Area FlashMob: Gust – flash mob. Get up street theater. Art as both propaganda and organizing.<br />
** This is an example of art by community, not art by action.<br />
* Participatory theater – Theater of the oppressed. Form of the theater that community folks create the pieces and engagement.<br />
* Documentary improv theater. Documenting reality and using art to amplify those realities.<br />
* Artists are always the visionaries and organizations could do better at focusing on engaging those who are aligned.<br />
* What about going back to analog – using flyers and offline vehicles.<br />
* Things can be political without being intentionally political; telling a story is political.<br />
* “I feel like we're getting a lot of messages that technology is more important than humans”<br />
* We have to embrace the fact there is a tomorrow and there is light now and will be.<br />
* We need to do more together and create more together, especially when there is hopelessness.<br />
* In Costa Rica we did many stencils and murals with youth and had images to challenge stereotypes – like girls as scientists.</div>Jucsanchhttps://devsummit.aspirationtech.org/index.php?title=Bridging_episodic_social_movements&diff=2271Bridging episodic social movements2016-11-23T01:06:42Z<p>Jucsanch: </p>
<hr />
<div>'''Problem statement: how do we go from one-off protests and actions to sustained momentum'''<br />
<br />
==Ideas==<br />
[https://www.flickr.com/photos/aspirationtech/31071140651/in/album-72157675324473822/ Visual notes provided by Willow]<br />
* Provide mutual aid — cab fare etc<br />
* We should pay attention to groups who have been active for a long time; example: Ferguson activism was going on for a lot of time before Mike Brown’s death. <br />
* Listen first, assess, then act<br />
* Whenever you start something, we need to assess what has been done and tried. Integrate lessons into future actions<br />
* Nature of movements is that no one is accountable to them, so actions move on different timing<br />
* Establish leadership and spokespeople; assigning responsibility; if it is a mob, hard to have a message <br />
* Structure can be very useful to help <br />
* After a good mobilization, even without leadership, the crowd was policed into control and dispersed — we don’t want to see that. We want to be in control of our actions and the continuity of actions — for subsequent actions.<br />
* The distinction between activism vs. organizing; can be helpful to know roles that are helpful to have an engaged, effective series of actions <br />
* Cycles: public engagement and education phase; research phase to learn what has been done, what is effective, what would collaboration look like, targeted communication. Mobilization is the flash point.<br />
* Outreach phase ideas: poster up for outreach; reach out to folks who may not be online or connected via social networks online; branding is super important — by establishing a brand, people immediately see and can connect with the invitation or action. <br />
* Culture jamming — deployment of ubiquitous imagery to queue dissent. Street art can be incredibly influential. <br />
* Prioritizing listening, don’t give unsolicited advice <br />
* Be interested and willing to take action to redeploy privilege. What training or networks might you have or resources. <br />
* A helpful question: “is there a way that I might be of assistance?” rather than assume you are of assistance or helpful. <br />
* I just experienced this at Standing Rock — there were so many people that it was a burden for the organizers to manage the people who showed up. How do we feed, house, etc. these folks. There are initiatives of folks that may not just be unwelcomed, but could increase risk for folks who are already at risk. Additional emotional, physical labor. <br />
* Sometimes just showing up and being willing to be present and available is a great way to engage. <br />
* So important for one to educate oneself before engaging. <br />
* When the community you are working with calls you an ally is when you can call yourself an ally. Allyship is given, not claimed. <br />
* 90% of success is showing up. — Woody Allen<br />
* Doing the work in your own community with people who identify in the same way you do is critical. That outreach phase is incredibly important. <br />
* It can be very helpful for those of us on the outside to be invited in. Listening to the ask for help is a good indication of when to move forward or engage with communities. It is great to look and find those groups who have asked. <br />
* A good way to engage is to share info and links of groups with your own community and followings. <br />
* At Occupy Sandy, some of the orientation was focused on delineating those who were there to help other people vs those who were there to help themselves. When Oklahoma happened, Occupy Sandy folks contacted them and offered their lessons and template without strings attached. <br />
* Occupy Sandy had a lot of small group clusters and work. Affinity group structure. There were multiple locations with different activities and ways for folks to both get services and support those services (work in the kitchen, etc). <br />
** You were expected to take one day off each week for self care;<br />
** You were expected to go to other locations or work centers; <br />
** Once a week there was a phone call with all involved to check in and address any — Maestro conference can handle 100s of people and expensive. <br />
** There were teams who had their own management and orientation.<br />
* Occupy Sandy was able to do more and quicker than big institutions — like Red Cross, etc.<br />
* Occupy Sandy built on Occupy Wall Street and mutual aid analysis — service-focused work. <br />
* We want leader-FULL vs leader-LESS movements <br />
* Toronto had Trent City Black Lives Matter movement in front of the Toronto Police Headquarters. It was during the fall and going into winter. There was a medical section, food, and community dinner every single day. There was an action folks could do every single day. Every evening there were activities and a lot of art, shows, movies, etc. By making actions available in the evening folks were able to plug-in and feel connected to the actions. Things were really helpful: foot and hand warmers, gift cards to support folks. More people came because there was such a range of welcoming activities. <br />
* Pyramid of engagement: 1% or less: create content; 9% that comment; 90% who learn. We want to onboard those who are learning and interested and movie them up the chain of engagement. <br />
* Flash mobs have been really fun and engaging. We are often a plug-in to a protest so we can play a variety of roles — fun role, serious. The challenge is to ensure we are bringing the right energy at the right time. Sometimes we are fun and sometimes we get between the cops and protestors to diffuse tension or to be a distraction. <br />
* We need to create trusted community in small groups.<br />
* There is a wave theory — something will happen that will motivate action to ride the wave, we are stronger if we are on the board already(meaning engaged)<br />
* Finding our pockets of places to engage with folks, add energy, and to be ready. <br />
* Being prepared for what will be — when we know things may happen, we can do more to prepare and be ready to act. <br />
* In the months ahead, we may want to take offensive action but will often need to do reactive activism and support. It is good for us to know in our areas who is or may want a support plan.<br />
* By systematizing what we do, we can (or are) make ourselves or people we work more vulnerable. This is something we are grappling with. How open are we and inclusive with on boarding and engaging folks. Data management policies are super important. What you print, what and where you store etc.<br />
* One major lesson is to get people to work and make sure there are multiple points for failure — ensure that one person will not endanger an entire operation / initiative / organization<br />
* Ruckus is a great resource for tactical communication information.</div>Jucsanchhttps://devsummit.aspirationtech.org/index.php?title=Propaganda_posters_for_good&diff=2270Propaganda posters for good2016-11-23T00:42:04Z<p>Jucsanch: </p>
<hr />
<div>[https://www.flickr.com/photos/aspirationtech/30373997003/ When you Drive (instead of cycling or walking) You're Driving with the Military Industrial Complex!]<br />
<br />
[https://www.flickr.com/photos/aspirationtech/31042003562/in/datetaken-public/ Practice Safe Software]<br />
<br />
[https://www.flickr.com/photos/aspirationtech/31071141971/in/datetaken-public/ Don't Normalize Nazis! Come On!]<br />
<br />
[https://www.flickr.com/photos/aspirationtech/31042005242/in/datetaken-public/ Sideline The Pipeline]<br />
<br />
[https://www.flickr.com/photos/aspirationtech/31071143911/in/datetaken-public/ Stall All Walls]<br />
<br />
[https://www.flickr.com/photos/aspirationtech/31071144641/in/datetaken-public/ I WANT YOU, to vote next time, seriously WTF]<br />
<br />
[https://www.flickr.com/photos/aspirationtech/30364286394/in/datetaken-public/ Loose Lips May Sink Ships]<br />
<br />
[https://www.flickr.com/photos/aspirationtech/31042008242/in/datetaken-public/ Let Your Voice Be Heard]<br />
<br />
[https://www.flickr.com/photos/aspirationtech/31071146441/in/datetaken-public/ Install Signal]<br />
<br />
[https://www.flickr.com/photos/aspirationtech/31185195215/in/datetaken-public/ Security As Solidarity Install Signal]<br />
<br />
<br />
[[Category: 2016]][[Category: Images]]</div>Jucsanchhttps://devsummit.aspirationtech.org/index.php?title=Freelancers21016&diff=2269Freelancers210162016-11-23T00:36:29Z<p>Jucsanch: Created page with "[https://www.flickr.com/photos/aspirationtech/30364285664/in/datetaken-public/ Visual Notes 1] [https://www.flickr.com/photos/aspirationtech/31185196765/in/datetaken-public/..."</p>
<hr />
<div>[https://www.flickr.com/photos/aspirationtech/30364285664/in/datetaken-public/ Visual Notes 1]<br />
<br />
[https://www.flickr.com/photos/aspirationtech/31185196765/in/datetaken-public/ Visual Notes 2]<br />
<br />
[https://www.flickr.com/photos/aspirationtech/31185197775/in/datetaken-public/ Visual Notes 3]<br />
<br />
[https://www.flickr.com/photos/aspirationtech/30378321103/in/datetaken-public/ Visual Notes 4]</div>Jucsanchhttps://devsummit.aspirationtech.org/index.php?title=Facilitation_techniques&diff=2268Facilitation techniques2016-11-22T23:53:09Z<p>Jucsanch: </p>
<hr />
<div>[https://www.flickr.com/photos/aspirationtech/31070587081/in/datetaken-public/ Visual Notes 1]<br />
<br />
[https://www.flickr.com/photos/aspirationtech/31070585111/in/datetaken-public/ Visual Notes 2]<br />
<br />
[https://www.flickr.com/photos/aspirationtech/31070582691/in/datetaken-public/ Visual Notes 3]<br />
<br />
[https://www.flickr.com/photos/aspirationtech/31070580611/in/datetaken-public/ Visual Notes 4]<br />
<br />
[https://www.flickr.com/photos/aspirationtech/31070578031/in/datetaken-public/ Visual Notes 5]</div>Jucsanchhttps://devsummit.aspirationtech.org/index.php?title=Facilitation_techniques&diff=2267Facilitation techniques2016-11-22T23:52:52Z<p>Jucsanch: Created page with "[https://www.flickr.com/photos/aspirationtech/31070587081/in/datetaken-public/ Visual Notes 1] [https://www.flickr.com/photos/aspirationtech/31070585111/in/datetaken-public/ V..."</p>
<hr />
<div>[https://www.flickr.com/photos/aspirationtech/31070587081/in/datetaken-public/ Visual Notes 1]<br />
[https://www.flickr.com/photos/aspirationtech/31070585111/in/datetaken-public/ Visual Notes 2]<br />
[https://www.flickr.com/photos/aspirationtech/31070582691/in/datetaken-public/ Visual Notes 3]<br />
[https://www.flickr.com/photos/aspirationtech/31070580611/in/datetaken-public/ Visual Notes 4]<br />
[https://www.flickr.com/photos/aspirationtech/31070578031/in/datetaken-public/ Visual Notes 5]</div>Jucsanchhttps://devsummit.aspirationtech.org/index.php?title=2016_Skillshare_Topics&diff=22662016 Skillshare Topics2016-11-22T23:10:20Z<p>Jucsanch: Created page with "* How to interview/hire developers * How to start a cohousing community * How to use CertBot (The EFF Let's Encrypt client) * How to work with Non-allies (people you think you..."</p>
<hr />
<div>* How to interview/hire developers<br />
* How to start a cohousing community<br />
* How to use CertBot (The EFF Let's Encrypt client)<br />
* How to work with Non-allies (people you think you hate!)<br />
* How to make a map with open source software?<br />
* How to choose a license<br />
* How to make less terrible slide-shows<br />
* How to publish static websites quicly and host cheaply<br />
* How to use evernote when you don't know how to use it<br />
* How to launch a website using GitHub<br />
* How to find out if your computer or company network has been hacked<br />
* How to use Signal<br />
* How to program in python<br />
* How to get out of your brain and into your body (dance? yoga? whatevs)<br />
* How to backpack in California<br />
* How to coordinate a team remotely across timezones<br />
* How to troubleshoot a problem on a website (Drupal/Backdrop/Civi/other!)<br />
* How to create a custom WordPress Beaver Builder<br />
* How to securely share a file with one of more people<br />
* How to search text with regular expression<br />
* How to Salesforce<br />
* How to get started with Salesforce<br />
* How to teach numeracy and or basic data analysis and visualization to writers<br />
* How to build a compost toilet<br />
* How to get your co-workers to adopt a new tool or practice<br />
* How to write P2P data apps<br />
* How to coordinate large global online communities<br />
* How to be a great independent consultant to nonprofits<br />
* How to better encourage student leadership<br />
* How to start with self-defense/martial arts<br />
* How to interview for research, testing or evaluation<br />
* How to organize and run hackathons (both unconference and pre-planned)<br />
* How to claim space, use a mic, connect with an audience, leave an impression, maximize retention and recall</div>Jucsanchhttps://devsummit.aspirationtech.org/index.php?title=Threat_Models&diff=2265Threat Models2016-11-22T22:48:43Z<p>Jucsanch: Created page with "This process emerged from security practices training / support for clients We want to focus on internal capacity building — this is often lacking when hard core security p..."</p>
<hr />
<div>This process emerged from security practices training / support for clients<br />
<br />
We want to focus on internal capacity building — this is often lacking when hard core security people get together and create a threat model — they may come up with a good model that doesn’t boost organizational capacity. We want to empower people to think about their own security.<br />
<br />
We want to also build clarity for people. Example: “We’re scared of NSA” This may not be legitimate fear — provides an opportunity to re-focus on threats that they should be concerned about<br />
and do things in a way that feel safe. This piloting has happened in the reproductive justice movement — focused on the safety of women’s bodies in its work. So for them safety of bodies was understood — so how do we generalize this where body safety not part of current practice<br />
<br />
usually takes a half day to dive deep and have people think through. So this is a demo version We are not going to generate a useful threat model. Don’t focus on content — refine the process<br />
<br />
'''Idea: we might be able to use the threat models already identified by a prior session'''<br />
<br />
Our demonstration is lightweight and a flexible approach. Our goal is not conventional full threat model — more about advancing understanding<br />
<br />
Tactical tech holistic security guide — image of perception window (things we don’t see that are real, things that we see that are not real — goal to open the window) Process… not an end point Human-centred = no logical or perfect workflows. It is not a hard process. Not a great process to secure your infrastructure — more formal would be good there, but different groups or families might appreciate this. Coupled this first with workshop to introduce to military-industrial language and terms. Likely we need to think about how to better language and voice these things — challenge re inheriting the mindset (information, assets, adversaries, threats, etc.)<br />
<br />
<i> Assets:</i> anything you are trying to protect from bad outcomes (information assets, comms channels where data is moved from one place to another, people’s bodies, mental health, positioning/comfort/reputation in society, [social capital])<br />
<br />
'''Imaginary threat model today is NPDev :)'''<br />
<br />
=Harvesting= <br />
Open brainstorm seeding the conversation = post its and pens. Three rounds on the info systems or repositories or channels that you use.<br />
* Twitter feed (hashtag feed)<br />
* wiki traffic<br />
* phone contacts and call contents<br />
* login for wiki<br />
* attendance lists/details<br />
* conversation contents<br />
* participant list<br />
* bodies<br />
* wifi bandwidth, etc.<br />
<br />
No refinement in first pass<br />
<br />
'''Second pass:''' start grouping — affinity diagramming, reduce into smaller chunks<br />
* '''Alternative:''' Distribute questions beforehand and have folks come with post its so that you can focus on groupings and gaps.<br />
<br />
“What is the information or assets?”<br />
<br />
; Q - Are you also thinking about job or financial security?<br />
: A - Not sure where that fits in… they are things to more preserve than protect. We protect them by securing tangible assets, not conceptual. Those are more outcomes we want to protect or mitigate against. When you collect these from folks you’ll see the same thing twice phrased differently. Duplicates.<br />
<br />
; Q - What about the buildings?<br />
: A - We focus on things we can mitigate against. Outside our control.<br />
<br />
During brainstorming — walk around and re-direct where needed. Bring folks out of rabbit hole to concrete and meaningfully in their control. Though you may post those so that you can discuss why it would not be included.<br />
<br />
=Potential Adversaries/Threat Actor=<br />
* Who are we actually talking about?<br />
* Who might be interested in these assets?<br />
* Who do we trust with them?<br />
* Get into the actionable perception window<br />
<br />
Get them to dump everything — then the whittling down is a teachable moment<br />
<br />
Brainstorm examples: An attendee, the public (we are in public space… everyone not part of NPDev), infiltrator, Aspiration haters, curious person who records a talk and not part of our shared agreement or photographer who does not understand what red lanyards mean, targeted thief, opportunistic thief, random lost person, Preservation Park network operations and security (view themselves as a police force), Oakland Police Department, people interested in our assets, people who want to access our assets, litigators.<br />
<br />
Advanced persistent threats go into their own territory: FBI, NSA, Google — be clear that this is not a threat model we’re going to mitigate in this type of process. If we are trying to defend against these this is not the process that is going to get us there. These are known threats — may not be meaningfully defending against them. Keep them in the room with us… but this is super serious stuff. The level you need to mitigate against this is a different kind of activism and movement building. [I may have some of this wrong…]<br />
<br />
Then in next pass we organize these stickies.<br />
<br />
=Threats=<br />
* Outcomes that we want to avoid.<br />
* What is going to happen if a person does a bad thing<br />
* Social graph revealed / social network<br />
* Looks of thrust in systems<br />
* Physical harassment or attaches<br />
* Conversations used to shame or attack<br />
* Digital harassment<br />
<br />
All of this at some point needs to land in a technologist’s lap or someone who knows how to approach it.<br />
<br />
Three passes of brainstorming on 3 different topics<br />
Then do affinity diagramming — Look to refine the groups and collect likes with likes (this powerful because a lot of learning happens at this step). narrow sets down to get to something that we can get our heads around.<br />
<br />
Start by grouping within the three different categories. Get folks to grind on this in small groups. Facilitators walk around and help out. Get down to a smaller set of items that we can get our mind around [and do something about].<br />
<br />
May see that protecting against one protects against another. E.g. public + thieves + random lost person can be all solved together. Infiltrator and attendee likely look the same. Preservation part management and network operations and PP security likely go together. Volunteers look just like employees in terms of access. Who profiles the same. Here is where you mine a group’s wisdom. Litigator looks like Google because can reach into our system (be prepared for discovery — risk associated with cloud services).<br />
<br />
Take a good amount of time on this. Report back and get peer feedback.<br />
<br />
Pass 2 is affinity diagramming.<br />
<br />
Last pass, which is most important, is to come together and ask everyone to take 3 groups — one from each — and choose a threat scenario that is plausible or that they’re concerned about. Invitation to collect a triad<br />
<br />
OUTCOME you are trying to avoid<br />
* ACTOR who may be able to do that<br />
* TREAT that you want to mitigate against<br />
<br />
New board for threat scenarios.<br />
<br />
e.g., Public > conversation contents > physical harassment and attacks<br />
<br />
Mining specific scenarios from the group.<br />
<br />
Then is to dot vote on most important scenarios to surface which is most realistic and plausible.<br />
<br />
Everyone does this individually — you may need to duplicate post its. Okay to have some similar and discuss similarities and differences to tease out important nuance and talk through concerns. Conversational, discursive process intended to build the group’s knowledge about security.<br />
<br />
Ask people to explain why they have selected this threat scenario — good learning moment. Sharing lived security experience with peers.<br />
<br />
Then we discuss how to mitigate those. We [experts] take that back and reality check it. So we may tell them that their biggest concern really isn’t. Focus on laptop theft before massive opsec threats.<br />
<br />
We’ve developed best practices and go through those to map against key threats that emerged<br />
iEcology on checklists.<br />
<br />
If you use this please let us know and tell us how you went and what you learned.<br />
We are almost ready to put this in a script form.</div>Jucsanchhttps://devsummit.aspirationtech.org/index.php?title=Influence&diff=2264Influence2016-11-22T22:24:11Z<p>Jucsanch: Created page with "Hearts and minds is more propaganda, here we’re talking about “Objective Focused Influence” There are models for how to do this and there are differences between milita..."</p>
<hr />
<div>Hearts and minds is more propaganda, here we’re talking about “Objective Focused Influence”<br />
<br />
There are models for how to do this and there are differences between military and nonprofit approach. A lot of concepts the same, some terms are different but lots learning to be done form each other.<br />
<br />
<i>Session approach: Discussion between differences and pick apart an example</i><br />
<br />
1. Decide what you want to have done. About behavior. How do you start to generate the behavior that you want to see within the organization that you’re trying to influence.<br />
* e.g. Get the gov’t to use more FOSS<br />
* More specific: Protect 18F from getting un-funded because that’s where OS developers<br />
<br />
2. Which specific human can do that thing? Who makes these decisions. What does gov’t/org look like. What processes do they use. Who has what power within that organization.<br />
* e.g., OMB writes the budget, that goes to Congress — collaborative process between branches of gov’t.<br />
* Who specifically would write the 18F budget in the GSA? If we don’t know then that goes to the intelligence side. Who do I know that knows or can find that information. In this case may need to do a FOIA request.<br />
* Identify the person. Figure out what you want them to do.<br />
<br />
3. Find out what that person values — get out of your own shoes. Get as specific as you can.<br />
Personas can help here:<br />
* What do they value<br />
* Where do they get their information<br />
* How do they determine which sources of info to trust, or not<br />
* How do they make decisions // we spend a week on decision-making heuristics<br />
<br />
Moving away from hearts and minds to what decision do we want them to make<br />
<br />
4. Start plotting out your information strategy.<br />
* You have the objective, the person that has power to implement, then need to know the process by which that decision gets made. So you repeat this over and over for all of the people that you can find.<br />
* What meetings happen, who do you know in that organization? Look at information flows… map out the people.<br />
<br />
5. Craft the message.<br />
* Timely<br />
* Consistent<br />
* Reinforce whatever decision making and info they already have<br />
* True // VERY IMPORTANT<br />
* Measurable (like to have some type of feedback loop in your system — was the message received, impactful, can I use it somewhere else?)<br />
<br />
Not just the message you want to send. Focus on the person receiving it. And the action that they can take.<br />
<br />
'''When choosing an objective: Look at implementability.'''<br />
* e.g. electoral college<br />
* How many votes do I need to change?<br />
* Who are most likely? + take 10 more<br />
* How do those people decide?<br />
* Reinforce the message and the thought process — want to show other people are doing this…<br />
<br />
'''Discussion'''<br />
* Gather precendents, legality, ethics<br />
* You can do a lot of targeting just on open information (Facebook, Twitter for example who they RT, follow)<br />
* Voting records, congressional record (look at which media gets cited)<br />
* Triggers or pet issues of target or people close to them<br />
* SNA<br />
<br />
'''Messages are categorized by means of delivery'''<br />
* Human to human<br />
* Direct communication plotted out specifically step-by-step<br />
* Planted information they think they shouldn’t have (oh we didn’t lock down that system enough…, provide info to a secondary actor, leak documents to low-level outlet who is more motivated to publish than fact check)<br />
8 e.g., Normandy needed have Hitler decide that the attack was going to happen at Calais.<br />
<br />
; Potential resources<br />
: Spitfire strategies // SmartChart and Activation Point or Nesta’s DIY Toolkit.<br />
<br />
More challenging in this environment - Keeping the messages consistent in a grass roots non-hierarchical structure, especially when working with networks/partners/allies<br />
<br />
; Q - How do you think about contingency planning?<br />
: Focus on objective and what are the indicators that going well and warnings if not going well (what happening, what’s not)<br />
<br />
; Q - What is the capacity needed to do this? When worth investing?<br />
: Spending a lot of time with an organization improves your ability to influence them.<br />
<br />
Picking influence target — pick the issue that is common to a group of organizations. For example focusing on local control of services when trying to change people’s ability to manage own trash collection. [not sure got that right]<br />
<br />
Tip: When sending info to media include good photos because they need those for digital media.<br />
<br />
Agenda setting: What are influencer’s needs? Reducing their work load may help… (do the work for them). Create an unbranded image for sharing on social media live streams (e.g., Leonardo de Caprio comments during Paris talks) — got pick up because we made their job easier.<br />
<br />
There is no credit to be taken — you want the focus to be on the decisionmaker. Legwork has to be very discreet.<br />
<br />
How do we engage and manage a network around local control? How do you build that coalition? At some point it all ends up becoming personal.<br />
<br />
A way to do this might be the Constellation Model.<br />
<br />
Understanding PROCESSES and capturing and sharing that is super important.</div>Jucsanchhttps://devsummit.aspirationtech.org/index.php?title=Training_Knowledge_Share&diff=2263Training Knowledge Share2016-11-22T22:12:42Z<p>Jucsanch: Created page with "Session to synthesize providing support for digital security training efforts * Removing conversation from white male dominated space * Interested in building training capacit..."</p>
<hr />
<div>Session to synthesize providing support for digital security training efforts<br />
* Removing conversation from white male dominated space<br />
* Interested in building training capacity<br />
* Responsibility around providing security guidance<br />
* Sharing better resources in newsroom context, figuring out where solidarity fits into this conversation and around threat modeling<br />
* Roundup post of existing tool kits, tool kits that are going out of date<br />
* Digital security training and community building in a domestic context<br />
* Encountering lots of people who want to train, but do not have an audience<br />
* Education backgrounds, issues with the way that trainings are done<br />
* Not just what resources are out there, but think about ways to build training approaches that are less “colonial”<br />
<br />
=BRAIN DUMP!=<br />
<br />
# Add to wiki list of resources: [TBD]<br />
# Organizations, forums, networks to be aware of for those looking for resources for training<br />
# Events and meet ups – both local and global level, large and small<br />
<br />
<br />
=EVENTS=<br />
<br />
How folks who don’t feel like experts engage with events – how can they?<br />
<br />
* Internet Freedom Festival 2017 (Valencia)<br />
<br />
Diversity & Inclusion Fund – provides travel support for those with sessions in the final approved program<br />
<br />
* RightsCon 2017 (Brussels)<br />
<br />
Not entirely positive on travel support, but large scale gathering of useful and involved folks<br />
<br />
* Allied Media Conference (Detroit)<br />
<br />
Collaborative support for attendance, tend to be proactive in outreach to get engaged folks to come<br />
<br />
* NICAR (TBD)<br />
<br />
Journalists only, closed network, but can get in if you pitch a session that is accepted<br />
<br />
<br />
=TAKEAWAYS=<br />
<br />
What are the key takeaways from this conversation over the past few days<br />
* Realization of the shelf life of digisec tools and resources<br />
* Need to break tool based training models, parachute models<br />
* We need to make resources and materials more remixable<br />
* Have help desk resources, trainer help desk for assistance<br />
* Coming up with language that reflects and fits our movement models<br />
* Accessibility of information to non-native tech users<br />
* Language, cultural relevancy, who is actually benefitting from these trainings?<br />
* How much of a barrier is the localization question and language skills problem<br />
* New thing! Potential risk of longevity related to tools that we’re recommending? Ex. Signal<br />
* Keeping software dev projects mission centered and supported<br />
* Alternative training models?<br />
* Disentangle “accessibility” and reactionary aspect of Opening Something That Is Closed<br />
* Become a trainer from within the culture of a movement or community itself<br />
* Not about delivering a training, its about building a relationship</div>Jucsanchhttps://devsummit.aspirationtech.org/index.php?title=How_to_successfully_recover_from_large-scale_doxxing_or_trolling&diff=2260How to successfully recover from large-scale doxxing or trolling2016-11-22T22:05:43Z<p>Jucsanch: Created page with "Things to worry about: * parents * everything * text messages * phone calls * password management * home/physical safety * credit rating * people around you * isolation * empl..."</p>
<hr />
<div>Things to worry about:<br />
* parents<br />
* everything<br />
* text messages<br />
* phone calls<br />
* password management<br />
* home/physical safety<br />
* credit rating<br />
* people around you<br />
* isolation<br />
* employment<br />
* finances<br />
* connecting w/ people<br />
* resurgence of maladaptive coping mechanism (addictions, mental health etc.)<br />
<br />
=How to help=<br />
How to help people when they're being harassed:<br />
* A way people can help is figuring out how much time they have to contribute, what they have to offer, and what they can offer within that timeframe.<br />
* If you don't know the person you want to help and don't know them personally go through an intermediary.<br />
* Don't yell their name out loud in a public place!<br />
* When inviting harassed people to places don't' assume they want to talk about harassment rather than their interests and specializations.<br />
* Don't show up and ask how you can help and make the person you're helping figure out how you can help them<br />
* Being politely persistent is possibly necessary<br />
* One way to be helpful is to provide your address as a mail drop.<br />
* Offering to talk about the harassment or not depending on how the person being attacked is feeling at the moment is a nice thing to be doing<br />
* When we help people we need to keep in mind they are going through a violent and traumatic experience.<br />
* Be sure you're referring to the person you're helping in a way they want to be described<br />
<br />
=What to do if being harassed=<br />
Strategies when you're being harassed:<br />
* The online harassment taskforce email list is pretty useless.<br />
* You should raise what's happening with your employer<br />
* You should probably not trust reporters, they have their own incentives which may not align with you<br />
* Getting people with a whole bunch of privilege to write articles is maybe helpful but not terribly scalable<br />
* Be proactive with your privacy before you're targeted!<br />
* Shred your email when you toss it,<br />
* be aware about where you're connecting to the internet<br />
* When you register domain names, you can use someone else's information.<br />
* When you need something from someone (like breaking a lease w/ a landlord) make the framing about them and how you're protecting them.<br />
* Create standards for people you're willing to meet.<br />
* Find places where you can still be yourself.<br />
* When you go to conferences don't go alone<br />
* At some point you need to stop reading the places that are attacking you.<br />
* Gel mace is probably better than an aerosol in enclosed areas.<br />
<br />
'''We would like to know how to keep online spaces less friendly for harassment when we're moderating them?'''<br />
* Coral might be good for commenting communities when it is released<br />
* Research shows that showing community standards when users post reduces nasty stuff<br />
* Having community standards at all is a good thing<br />
* Prompting when people are using words that are probably not good to make sure they want to use them can help<br />
* Charge money to allow them in to post. Trolls are cheap.<br />
* Incremental punishment<br />
<br />
Maintain your own platform if you can! Platforms are untrustworthy. Sadly the best way to remove content you don't want people to have is by burying it with new content.<br />
<br />
EMDR is the process of processing traumatic experiences while using rhythmic repetitive motions while reliving the experience to help people move past point of trauma. It can be helpful!<br />
<br />
=Interaction=<br />
How do you talk to employer/family/friends: <br />
* Focus on challenging the accuracy of the stuff trolls are putting out<br />
* Trolls hate it when you tell them you're gonna pray for them.<br />
* Befriending people in a one on one environment may be a strategy</div>Jucsanchhttps://devsummit.aspirationtech.org/index.php?title=Working_with_Non_Allies&diff=2253Working with Non Allies2016-11-22T21:55:51Z<p>Jucsanch: Created page with "Talking to people we perceive as adversaries is important if we want to not live in a bubble. We talked about the way to connect. How to know when you’re able to hear vs b..."</p>
<hr />
<div>Talking to people we perceive as adversaries is important if we want to not live in a bubble. <br />
<br />
We talked about the way to connect. How to know when you’re able to hear vs being flooded. the flooded brain doesn’t know<br />
<br />
When we work in coalition, we need to expand our mission to include things that matter to the various groups. i.e. addressing racism simultaneously with fighting the injustice in the financial system at Occupy. But at some point, we can’t address all issues simultaneously, and we need to find a way to move forward on a limited number of issues<br />
<br />
We brainstormed conversation topics and sorted them from most likely to provoke an argument to best for bridging divides with people with whom we have little in common. First category includes Drumpf and sex, latter category includes dogs and food. Try the latter category when you need to collaborate with someone who you otherwise disagree with.<br />
<br />
What does acting superior get us as leftists? Even if we are right, what’s the point? A lot of the time, we criticize others to make ourselves feel better. The world is permeated with shame and guilt on a fractal level, and sometimes the easiest way to avoid it is to put someone else down.</div>Jucsanchhttps://devsummit.aspirationtech.org/index.php?title=Tor_Relay_Setup&diff=2241Tor Relay Setup2016-11-22T21:47:51Z<p>Jucsanch: Created page with "== Use case for an entry node== * why run an entry node for your friends? ** b/c the entry node is the only node that knows the origin of a request that passes through a tor..."</p>
<hr />
<div>== Use case for an entry node==<br />
<br />
* why run an entry node for your friends?<br />
** b/c the entry node is the only node that knows the origin of a request that passes through a tor circuit<br />
** if an attacker controls a lot of entry and exit nodes, they can run correlation attacks to connect entry packets to exit packets and defeat anonymity<br />
** if you control the entry node, you mitigate the possibility of attacker correlating entry and exit<br />
** (and running an exit node is hard)<br />
<br />
= Implementation Pointers=<br />
<br />
* don't do it on a VPS<br />
** security posture only as strong as its weakest link, smaller the system, the less likely a weaker link<br />
* if you control your own hardware, the attack surface is smaller (eliminates a ton of uncertainties: what's generating entropy, what's in actual packets, where is machine?)<br />
* use your favorite OS<br />
** debian dominates the space (which creates monoculture)<br />
** consider Open BSD, but work with whatever you're most comfortable with<br />
** use sshd with a password, use ed5519 (NOT RSA), change keys on regular basis<br />
** don't run *anything* else on it (not apache, note nginx, etc...)<br />
** restrict sshd access by ip address<br />
** remove config support for bluetooth, wifi, mysql, *anything* not tor<br />
** use a host-based firewall and network-based firewall<br />
** know your os enough to harden it, block all other possible uses<br />
** if running server on mac, might need to use MacPorts<br />
<br />
* which release?<br />
** alpha & stable<br />
** if you can't update a lot (eg: incorporating into a product), use stable<br />
** if you can look at it weekly and care about resiliency against emerging attacks, run alpha<br />
<br />
* config file (`.torrc`)<br />
** many are 1500-ish lines long: don't worry if you feel intimidated by it. that's natural!!! don't give up!!!!<br />
** tor has *fantastic* documentation: tor website manual, `man tor`, the config file has extensive commenting<br />
** you only need 5 lines to set up a working relay<br />
** for a sample config see `torbsd.github.io`(~ 300 lines long, configures a bunch of logging and has a bunch of comments)<br />
** minimally: need (1) socks port 0 (for talking to localhost), (2) or port 9001 (for onion routing over TCP)<br />
** can block exit traffic easily<br />
** can enable stats easily:<br />
*** 2-digit ISO country codes for who is using service and how many<br />
*** ie: for entry and bridge usage<br />
** and look at them in `var/db/tor` or `var/tor`<br />
<br />
* hardware<br />
** doesn't need to be that beefy<br />
** minimally: 2gb of ram, dual core w/ 2ghz processing power<br />
** look at pcegnines.ch (alix boards are good and $100)<br />
<br />
* host it on a physical box in a data center -> how to shop for data center?<br />
** look for dedicated colocation hosting<br />
** give you a box & a console login<br />
** rackspace: $100/month<br />
** NYII is good in NYC<br />
** if you can get cheap colo space in canada, it's maybe worth it...<br />
<br />
= Gotchas=<br />
<br />
* some risks<br />
** if you run a public node, your ip might get blocked by some sites (banks, hulu)<br />
** don't run public relay node at home, safe to run a bridge at home<br />
*** worth running a bridge from home, use extra<br />
** ideal sites: universities, big software companies w/ social mission<br />
* if you're running an entry relay for friends, make it public (diversifies traffic)<br />
* some troubleshooting<br />
** cloudflare blocks tor (or captcha filters it), you can turn this off, many sites don't<br />
<br />
* consensus weight<br />
** the higher "consensus weight", the more a node will get used<br />
** how do get consensus weight? reliablity, availability over time<br />
<br />
* failure mode to avoid<br />
** under-resourced ngo's offer to be providers, mess it up, endganger people<br />
** also: it's impersonal: relies on people trusting an organization, when they could isntead place trust in a pre-existing social trust network of friends, family, etc..<br />
<br />
= Context & Training=<br />
<br />
* if running a bridge and want to give someone access:<br />
** give someone IP, name, & fingerprint, *NOT* just the IP<br />
<br />
* if running a relay: TRAIN PEOPLE!!!<br />
** have a dedicated box that's dedicated to running tor (maybe has tails installed)<br />
<br />
* how to talk about it:<br />
** mailing lists, irc channel, tor exchange site<br />
** tor helpdesks by country<br />
** tor talk<br />
** access now<br />
<br />
<br />
= Getting Help=<br />
<br />
* is there an information commons for rules of thumb?<br />
** things like good colos, good ISPs, config files, etc...<br />
** answer: no. <br />
** this is largely handled informally ATM, email G.!<br />
<br />
* lots of sites to look at shape of network<br />
** atlas.torproject.org has good statistics<br />
** torstatus.__(?)</div>Jucsanchhttps://devsummit.aspirationtech.org/index.php?title=Using_social_media_to_connect_and_have_conversations_in_red_states&diff=2230Using social media to connect and have conversations in red states2016-11-22T21:41:35Z<p>Jucsanch: Created page with "Pratap shared a story of a conversation with military figures involved in interrogation programs that he was reporting on. Even though it was in some ways an adversarial relat..."</p>
<hr />
<div>Pratap shared a story of a conversation with military figures involved in interrogation programs that he was reporting on. Even though it was in some ways an adversarial relationship, they found common ground in the fact that they had all been on the ground in the Middle East. Their concern was mostly that the reporting was accurate.<br />
<br />
We discussed how all major social media networks are used across the country, although usage to some extent varies by network by race, socioeconomic status, age, geography, etc.<br />
<br />
Like in Pratap's story, how can we find common points of ground on which to start conversations?<br />
<br />
Could Facebook facilitate groups explicitly designed for people interested in "crossing the aisle" for discussion? Moderation would be key.<br />
<br />
[http://www.thunderclap.it Thunderclap] -- concentrate attention on specific topics / hashtags at a single moment to take advantage of "trending topics".<br />
<br />
The fake news phenomenon, and how it connects with the death of journalism. Ad support for newspapers is dead. Only thing keeping them on life support is people's desire to know the truth. Not sustainable. (Digression into the history of British newspapers.)<br />
<br />
Zak - there is an opportunity for federated social media technology to promote experimentation and innovation outside of the major networks.<br />
<br />
[http://www.snopes.com "Weaponize Snopes"]</div>Jucsanchhttps://devsummit.aspirationtech.org/index.php?title=SuperBox&diff=2220SuperBox2016-11-22T21:35:54Z<p>Jucsanch: Created page with "Groups that work together especially in global communities, where people meet once in a while and collaborate. The box should provide a local wireless Mesh network. The box ha..."</p>
<hr />
<div>Groups that work together especially in global communities, where people meet once in a while and collaborate. The box should provide a local wireless Mesh network.<br />
The box hasn't been built yet, except as a single beta implementation.<br />
<br />
The box will run sandstorm, and probably also requires tor to prevent authorities from using the ip address to track the boxs location.<br />
<br />
== Sandstorm ==<br />
<br />
Sandstorm allows simple installation of different open source apps/grains on a server. Sandstorm provides single-click installation of many different apps. Each "grain" is a separate instance of the app (eg etherpad) which runs in an isolated container, and thus is completely isolated from other grains.<br />
<br />
== Thoughts ==<br />
<br />
Issues/Challenges:<br />
* Hardware hurdle. Getting people to buy hardware can be a barrier to adoption. Possibly having a virtual machine version is worth it<br />
* Challenge of sandstorm is that it can only listen to one domain<br />
* Security challenge of encryption<br />
* Cost<br />
** Raspberry pi's/Chip/<br />
* How stable is the sandstorm ecosystem?<br />
* How do you get updates out there (securely on low bandwidth)<br />
* Privacy vs Public<br />
<br />
== Ideas/Thoughts ==<br />
* Persistence vs non-persistence.<br />
** Tails server would allow non-persistent collaboration<br />
** Perhaps there's a way to the collaboration tool be ephemeral as you run it, and then choose to persist specific version.<br />
* Health checks<br />
** Remote monitoring<br />
* built-in keypad for entering a password/pincode<br />
* Durress passwords, plausible deniability encryption<br />
* A sandstorm app would include the latest version of sandstorm and a number of scripts<br />
** perhaps having a superbox samdstorm app for mgmt would be worth doing<br />
<br />
== Questions ==<br />
<br />
* Why is this better than having a hosted system in a "safe" location.<br />
** Even in safe countries machines get impounded<br />
** Internet shutdown exists<br />
** Not going through the national firewall can be dangerous in itself<br />
<br />
<br />
== Apps ==<br />
<br />
* etherpad<br />
* mediawiki<br />
* owncloud<br />
<br />
Home: Market Segment<br />
* Who is this for<br />
** Dissidents, activists (globally), small groups who meet locally<br />
** Usable but can be run by a fairly non-technical audience<br />
<br />
== What it isn't ==<br />
<br />
* A panacea for really targeted individuals (not for edward snowden)<br />
<br />
<br />
== What needs to be done ==<br />
<br />
* Automated updates of sandstorm and OS?<br />
* Automated backup with minimal configuration<br />
* Routing all network connectivity through tor?<br />
* Reverse-proxy<br />
* Superbox app for sandstorm<br />
<br />
== Use Cases ==<br />
<br />
* Dissidents, activists (globally), small groups who meet locally<br />
* Analogy. These are activists who routinely jump off cliffs, and sometimes they sometimes get badly hurt. Superbox is a bungee cord. It's still dangerous but a lot better than the alternative.<br />
<br />
== Cost ==<br />
<br />
* This could be supercheap by using raspberry pi, but could also scale to biiger hardware such as IntelNUC<br />
<br />
== Alternatives to superbox ==<br />
<br />
* Piratebox<br />
* Librarybox<br />
* Freedombox - private cloud with calendaring and document sharing etc<br />
* ArchOS<br />
* others?<br />
** cryptpad</div>Jucsanchhttps://devsummit.aspirationtech.org/index.php?title=What_does_effective_leadership_look_like%3F&diff=2216What does effective leadership look like?2016-11-22T20:29:45Z<p>Jucsanch: Created page with "'''Constantly coming up against examples of bad leadership - both in Trump context, and larger strengthening of the Far Right. How do we analyze and embody leadership qualitie..."</p>
<hr />
<div>'''Constantly coming up against examples of bad leadership - both in Trump context, and larger strengthening of the Far Right. How do we analyze and embody leadership qualities as a way of effecting social change?'''<br />
* Seeding leadership and growing leadership<br />
* Meditating and looking at idea of reflective leadership<br />
* Leadership as a skillset in its own right<br />
* What does leadership actually look like when done "properly"<br />
* New ideas based on experience<br />
* Breaking down archetypes and power dynamics of leadership<br />
<br />
'''Good leadership, and what does it look like/examples? / Bad leadership, what does it look like/examples?'''<br />
* What were specific qualities of "leaders" that had a positive impact on you<br />
* "...." negative impact, or bad impression on you<br />
<br />
'''What are the leadership traits that we'll need on The Left in order to combat The Right?'''<br />
* Part of what it means to "Left" is a suspicion of authority; could be difficult to then accept and take leadership because we're kind of allergic to it.<br />
* Concept of *power* - is allergy to "leadership" actually an allergy to "power"? Does leadership need to be focused on one person in power?<br />
* What *type* of leader do you want to be? Leader with integrity, or leader or power or status?<br />
* "Global intersectional vision" - need more willingness to look elsewhere for other examples and be able to incorporate it.<br />
* "Objective Introspection" - knowing yourself, knowing your leadership style, knowing your strengths.<br />
<br />
'''Empower people to have a voice at the table, enabling all the voices to be heard - but leaders must also be able to listen themselves.'''<br />
* Build people into their full potential, which is *not* always leadership - particularly challenging with coalition or widely "shared" leadership.<br />
* Listening, hearing, acting - striking a balance between these 3.<br />
* Disentangling leadership from consensus - perfect consensus building doesn't need to be a hallmark of good leadership, and vice versa.<br />
<br />
'''"You're not special"- People who have had most impact have been the most selfless.'''<br />
* So many Type A personalities in the US, but all they do is damage. Not contributing to finding a way forward.<br />
* Facilitation -> Leadership role, steering a conversation, guiding constructive decision making. ENCOURAGING AND SUPPORTING *PARTICIPATION*<br />
* What are we doing now? What is the point? Where are we headed? Okay, now that we've done this, this is our decision.<br />
* Understand behavioral science and behavioral bias - reference to "growing a Democratic personality"<br />
<br />
'''Identification of *failed* leadership - what does that look like? Need to understand what is broken in order to fix something.'''<br />
* Leadership requires acceptance of risk and humility.<br />
* Talking about power, not paranoia.<br />
* If we start talking about detrimental aspects, need to structure conversations to lead to improvement and not just critique.</div>Jucsanchhttps://devsummit.aspirationtech.org/index.php?title=Hiring,_managing,_firing_engineers&diff=2215Hiring, managing, firing engineers2016-11-22T20:25:10Z<p>Jucsanch: Created page with "==Hiring== * how to hire, what are the amounts * sometimes it is hard to hire due to costs because non profit '''Competing for different pools of engineers''' * salary restri..."</p>
<hr />
<div>==Hiring==<br />
* how to hire, what are the amounts<br />
* sometimes it is hard to hire due to costs because non profit<br />
<br />
'''Competing for different pools of engineers'''<br />
* salary restrictions<br />
* local and global markets is a variable.<br />
* what motivates a developer - money might not be number one item, writing in code and tech, egos/leaders.<br />
<br />
'''Some make an effort to get more women or people of color '''<br />
* extracting women and women of color. people of color - a hard proposal<br />
* harder to hire your first women or only person of color<br />
* great people are willing to work for nonprofits, but need to widen the circle<br />
* easier if the organization is open to remote work diversity<br />
* in interviewing - you might need to ask women engineers different questions, to get them to take credit for stuff. The same questions might filter out women. <br />
<br />
'''Sometimes gets applications from men who are under qualified and women who think they are overqualified. '''<br />
* The expectations might be a different scale. <br />
* Question - does this vary by culture? cultural or different socio economic divide. <br />
<br />
'''Question - are the job postings exclusionary'''<br />
* organizations might need to have pre-interview people to convince them to hire<br />
<br />
'''Organizations might want to consider putting the nontech requirements first then the tech because fit matters. '''<br />
* Hire ability to learn and track record of successes<br />
* trying to hire curious, demonstrated tech ability. <br />
* value focused hiring is interesting <br />
* have the same people do the hiring<br />
* have a rating scale for interviewing to be able to include the skills and the secret sauce/soft skills<br />
<br />
'''Need to have a balanced team. Have a good combination of when to lead and when to do their work'''<br />
* hiring in west africa - sometimes people will ask about religion <br />
* how to navigate trust and societal norms<br />
<br />
==Managing Developers==<br />
* it is good to have the 9 - 5 churn code. helps with balance.<br />
* want people with different communications styles<br />
* this needs to especially happen in international orgs with remote work<br />
* distributed teams and how to make decisions and how to work<br />
<br />
===Diversity challenge===<br />
'''some cultures varies. “increasing the gravity of tasks” - help the tendency to increase challenges'''<br />
* how to tell people - what I want not how I want<br />
* Culture matters a lot in hiring and managing<br />
* remote teams - how to help people who fit in the hierarchy - in japan - got a local manager. <br />
* understand culture, negotiate to <br />
* what are people doing in NA<br />
**catered food, laundry, more hours a week - unexceptable<br />
* how to schedule and know holidays<br />
* have your remote people be connected and meet together, get people into the same room, shared experiences, more understanding<br />
<br />
'''Global geek culture can be exclusive and exclusionary, it really depends'''<br />
* general culture references may not be the same as work culture may not be aligned<br />
* the technical work culture - training and tech engineering culture may be different<br />
* the manager can lead to make the linkages and ask for explanations/references to help acclimatize folks <br />
<br />
<br />
<br />
===Gender and management===<br />
* what are the difference between an all male dev team and all gender teams. <br />
* something freaks me out how to be in an all male shop<br />
* what about dynamics when all the managers are men, what if it is antagonistic<br />
* what is the patronizing line<br />
* managers need to lead on this, a recognition on this<br />
* change the discussion on how to build safe and collaborative space<br />
* let culture build organicaly, how to make it explicit - a big effort, but this is benefical<br />
* how to manage the tyranny of structurelessness<br />
* recognize power structures, not enough to diversity the team<br />
* what is the culture mode<br />
* how to have the vibe discussions, <br />
<br />
'''Rules - how to share tactics with people to make it a safe and healthier space'''<br />
* how can you help a team - not just a code of conduct, <br />
* how to steer things to make it better and more inclusive<br />
* explicitly ask for people to give their input<br />
* methodologies for meetings<br />
<br />
'''Implicitly give credit, this is a power thing'''<br />
* name it, credit it, prove it - engineers need to prove their voice is valuable<br />
<br />
'''manager'''<br />
* try to talk about values, personal traits to connect and build how people come to decisions, process mentoring</div>Jucsanchhttps://devsummit.aspirationtech.org/index.php?title=Behavioral_economics&diff=2205Behavioral economics2016-11-22T20:12:54Z<p>Jucsanch: Created page with "'''Participants: mix of domain experts and interested amateurs.''' * Inspiring people to move forward * Helping people understand risks '''Organizations''' * Learn from mista..."</p>
<hr />
<div>'''Participants: mix of domain experts and interested amateurs.'''<br />
* Inspiring people to move forward<br />
* Helping people understand risks<br />
<br />
'''Organizations'''<br />
* Learn from mistakes, and observe<br />
* There is a psychology that exists, it's the default. It's here to stay. And it's used for evil (e.g. trump). Fear and shame are really easy to manipulate people on.<br />
<br />
'''Endowment Effect'''<br />
* Given a resource that is limited<br />
* If we gain something, it is OK, but losing the same thing is much much worse.<br />
<br />
<blockquote><br />
'''Is it sustainable? Does it make change? And does it amuse the fuck out of me?'''<br />
<br />
-Nola<br />
</blockquote><br />
<br />
People have desires. How much can you influence with this desire? Ethics is a key component of this. Can often be skewed by personal utility vs. collective/societal utility. People experiencing fear tend to think more of the personal.<br />
<br />
Richer people aren't necessarily happier because they are acclimated to what they have. Sometimes a rich person will be very upset over losing something trivial (e.g. $20).<br />
<br />
Something that you don't even care about (e.g. candy tray) suddenly people start caring about them once they are taken away.<br />
<br />
We have our frontal lobe/smart brain, and our "toddler brain" that is unable to understand that things that are triggering to it aren't actually happening. When the Toddler Brain is activated, you are not in your best decision-making space. Very reactive.<br />
<br />
Shared story about a hit-and-run between someone with a car in very poor condition, and the reaction is usually "did you go after him?" But it's an emotional response. The person shared that they thought about empathy and that it will be OK, but the other person has it worse. Good thing they had insurance! That is "advanced humanity" - moving thinking forward.<br />
<br />
"He" totally appealed to people sense of loss (great again) and that they should be entitled to. We need more compassion and sympathy to people on the other side. The election was shocking mostly because the polls showed a victory but it was not the case. Feels very much like a loss.<br />
<br />
Threat-based (external) worldview vs future-based worldview. It's critical to use compassion to help connect with those who have experienced loss.<br />
<br />
48 Laws of Power - Robert Green</div>Jucsanchhttps://devsummit.aspirationtech.org/index.php?title=OpenGov2016&diff=2195OpenGov20162016-11-22T19:54:53Z<p>Jucsanch: Created page with "First we brainstormed best and worst experiences with Government data: =Frustrations with Open Government= * IE4 required to use election website (2010) * Opaque development..."</p>
<hr />
<div>First we brainstormed best and worst experiences with Government data:<br />
<br />
=Frustrations with Open Government=<br />
<br />
* IE4 required to use election website (2010)<br />
* Opaque development leading to preventable problems (e.g. healthcare.gov)<br />
* Owners/stakeholders hoarding or being secretive with information<br />
* Closed source voting software (Diebolt/Eagle machines)<br />
* Provided government data being provided online but nearly impossible to extract into a useful form.<br />
* Metadata being removed from online published information that existed in original documents.<br />
<br />
<br />
= Best experiences=<br />
<br />
* Paying traffic fines (local)<br />
* GIS Website and Information<br />
* California Voter Guides<br />
* Oakland, See/Click/Fix to fix potholes<br />
* Immediate disclosure requests (24 hour response time, 10 days maximum)<br />
* Eviction mapping to show lack and losing of affordable housing<br />
* Public Transportation mapping<br />
* Information Disclosure Requests<br />
* Saflii<br />
* Larry Lessig<br />
* Sunlight Foundation<br />
<br />
= Ambivenlent experiences=<br />
<br />
* Mapped crime data in Durham (drives property values, police coverage)<br />
* Shot Spotter: Targets gunshots city-wide. Provides security, but microphone privacy concerns.<br />
<br />
Once these specific examples were defined. We abstracted them into concepts.<br />
<br />
= Abstractions of Bad experiences=<br />
<br />
* Proprietary software<br />
* Organizational problems<br />
* Lack of tech savviness<br />
* Lack of actual information or research<br />
<br />
= Abstractions of Good experiences =<br />
<br />
* Defined and well-known user stories (focus)<br />
* Simple/straightforward (don't get creative!)<br />
* Standardization<br />
* Education (Public information reduces violation)<br />
<br />
= Abstractions of Ambivalent experiences=<br />
<br />
* Reflects existing inequalities<br />
<br />
=Reading recommendations=<br />
Recommendations for Background Reading on Open Government<br />
* "The Open Organization" by Red Hat<br />
* "San Fransisco Sunshine Ordinance" Ordinance Code 67 is the gold standard in information acts<br />
* Contact or interview Megan Smith (White House CTO), Jennifer Pahlka (Code for America)<br />
* Maplight.org<br />
* OpenGovernment.org<br />
* FollowTheMoney.org<br />
* Sunlight Foundation (what is left of it, shut down but transitioning)<br />
* The Internet Archive<br />
<br />
<br />
=Miscellaneous notes=<br />
* Raw "weather data" published online by governments is great<br />
** Businesses then spring up around analyzing/delivering that information to the public<br />
* In South Africa, you can't ask for related "information" you can only ask for existing "documents".<br />
* In California, you have information requests, which includes raw data or records.</div>Jucsanchhttps://devsummit.aspirationtech.org/index.php?title=Engineering_meets_social_science&diff=2192Engineering meets social science2016-11-22T19:33:08Z<p>Jucsanch: Created page with "Primero hicimos 4 preguntas - <i>Que efecto tiene tecnología sobre formar familia, empresas, sociedad civil, y el estado? </i> * Lena - las empresas de san francisco no estan..."</p>
<hr />
<div>Primero hicimos 4 preguntas - <i>Que efecto tiene tecnología sobre formar familia, empresas, sociedad civil, y el estado? </i><br />
* Lena - las empresas de san francisco no estan buscando soluciones a problemas de otros… muchos son de la problemas de jovenes ricos de areas urbana.<br />
* En Mexico y Argnetina hay proyectos de hacer redes telfonica autonomia controlada por la comunidad.<br />
* En Panama y Uruguay y Peru tiene proyectos de llevar laptops a ninos su casa. <br />
* En lugar, hay problemas sobre ninas no que vallan a escuela por sus menstracion. Hay proyecto de dar bombachas especial para menstruacion. Simple tecnologia para abrir puertas para ninas.<br />
* Hay la misma problema entre los lugars urbana y la problemas de estadosunidenese similar a la brecha a otro paises.<br />
* Muchos muejres no va a estudiar ingeneria por que queire entrar carreras que puede ayudar la gente. No saben que no puede tener tanto impacto con una carrera de informatica. Para consutrir una technologia para la gente. <br />
* un problema en eeuu es los pay day loans, la gente de menos recuros no tiene forma de aceder la sistema bancaria. Cobran un monto para sus servicios. Hay una empresa startup para hacer una en una forma meno exploitivo. los gente de startups nunca seria tener este tipo de prestamo.<br />
* Desportistsas por ejemplo no saben la sistema de bancaria, va a cheques grande para payday loans.<br />
* En Panama hay una sistema de app para llamar taxis, mas seguro para gente que estan tomando el taxi y los taxistas. Todo transparente. No presisa una disptacher, hay la tecnologia. En SF no es tan pelegroso. <br />
* Hay efectos secondaria. Hay en california hay mucho empresas que evita problemas. Estos empresas precisa mucho trabajandores precaria. Hay enorme populacion para que dedica a responde a los demandes de apps. Para llevar la comida, la lavandaria, conducir el uber. En el corte decide que no son trabajdores normal, son independente. No solo ignoren las problemas de usuaraios y trabjadores… estan activiamente precarisan el trabajo. <br />
* Hay proyectos de organizar los trabajadores en organiciones como sidicados y formar cooperativas.<br />
* Hay muchos proyectos ahora en el boom de manifestaciones.<br />
* Hay mucho historia de reisitancia y uso de tecnologia. Siempre habia. Ahora es mas evidente.<br />
* En youstream hay mucho canals popular desde la calle. <br />
* En esto momento hay como nuevo miedo sobre protejer sus datos y privadad. Los cosas son la misma, pero mas urgente.<br />
* No es tan diferente pero los jovens estan acustombrado con el telfono y la tecnologia.<br />
<br />
'''Pregunta, es nuevo y algo distincto la grande de moviementos.'''<br />
* Capas el moviemento de drechos civiles<br />
* What problem do the creators of technology have with how it’ll be used? Are they responsible for the use. <br />
* And the tech is created to be disposable. <br />
* Apple has responded to greenpeece’s campaign to do tech recycling.<br />
* Oakland Technology Exchange does recycling of tech goods. And teach how to fix and recycle things. And offer cheap or free computers to poor people. They take broken things and take them apart so they can be recycled environmentally. <br />
* Many people dont’ know these programs exist. When Ana went to belgium there was signs about how to store batteries. Here there is laws about the throwing away of batteries, but there’s no clear way to do it. There's all responsibility para la persona final. Why isn’t it hte producers or the state which is responsible. We need to make the creator responsible. <br />
* The apps created by the US is having a individualistic, the features are embedded in the tech. WhatsApp was popular because it supported more easily collective action and culture.<br />
* In colombia and others they charge for txt messages ,but whatapp and otehrs aren’t charging more, because it fits in the dataplan.<br />
* Waze mapping software which has collective map creation, but in the US they use google maps. <br />
* In the US when you have more money the individual convenience. But in other countries you raise oppulence and not convenience.<br />
* It’s not to say one is good or bad, but in the US people use wealth to separate themselves from others. In India or other places it’s a lie that you could live solo.</div>Jucsanchhttps://devsummit.aspirationtech.org/index.php?title=How_can_we_tell_if_we%27re_making_progress%3F&diff=2186How can we tell if we're making progress?2016-11-22T19:12:12Z<p>Jucsanch: /* Go-round */</p>
<hr />
<div>Evaluation is more of a hobby with Dirk, likes clear plans, where are people heading and do they know what it means to be winning<br />
<br />
==Go-round==<br />
'''Pair-Share activity''' - What is the change you are seeing that you are trying to contribute to. What does success look like. If you're working on a specific project, look at that and see what it's trying to accomplish. If you're an IC, try to think about what is the success that you're trying to accomplish, with lots of different folks, what is your goal, what are you trying to do. what does that look like? Vision of success, what do things look like so i don't have to be doing this work anymore, so that I can comfortably work?<br />
* Bruce - thats the model of social workers, how can we put ourselves out of a job, what's going to cause us to stop<br />
* Go-around sharing the ~2+ goals we wrote down on post-it notes during pair share<br />
<br />
These are our visions of success, what we're trying to accomplish. If had a full-day and paying dirk we'd really go deep into that. so instead going into elements, putting them on the ground and we'll arrange them in the appropriate order.<br />
* Identify indicators of success.<br />
* create strategies/tactics<br />
* identify stakeholders+actors<br />
* identify needed resources<br />
* create a timeline<br />
* articulate a vision of success<br />
* identify the preconditions<br />
* evaluate progress<br />
<br />
'''Bruce''' - Midwest academy, out of Saul Allinsky's work ("doable, winnable and replicable")<br />
<br />
'''Book''' - Rules for Radicals<br />
<br />
==Process==<br />
First, articulate a vision of success, so want people to have a vision of their long-term goal first. Often most difficult thing for them to think about, so have to give them tools/frameworks to do that. Often does a epitaph exercise, the world has changed and it now functions in a way that you no longer need to exist, had a peaceful change because the change was made, what does that epitaph say.<br />
<br />
Identify the preconditions and identify stakeholders+actors. In this step Dirk has people draw out a vision of success and what they're doing differently. Preconditions - these people are doing (this) differently.<br />
<br />
Identify indicators of success. think about preconditions, how people are behaving differently, and start articulating.. we know we are winning if we see these things happening. One of the things that's quite a buzzword these days is called "Theory of Change." We want to engage people in what we're doing, the change we're trying to make. So this area, of the 4 tiles, is what comprises the theory of change. However, a theory of change is something you should be developing with your key external stakeholders, be informed by those you are impacting and involved with.<br />
<br />
So then can create Strategies+Tactics to identify it. If in an org this is where you engage staff, think about timeframe of next 3 years and think about how we're going to do...Create a timeline, how long is this going to take? This can be simultaneous in the first few steps. <br />
Once you figure out how long it's going to take, begin implementing, see if on timeline, and can Evaluate Progress, happens as we are going along, pay attention to indicators and see if we're getting smarter, not getting disempowered, disillusioned.<br />
<br />
In terms of preconditions, what needs to happen before this happens and this happens...and identifying all the other bits that the organization is already doing helps inform the timeline. Look at all the bits while evaluating.<br />
<br />
With social justice/social change work, need to have a picture of what that change looks like to us.<br />
<br />
Tactics support strategies...<br />
Within strategies and tactics creating project plans, which is where when stopping is identified. How do we learn from this, when do we shift. Always jumping back and forth between evaluating and learning, when have we gotten too far, and looking at how we're impacting our users/stakeholders/who we're working with.</div>Jucsanchhttps://devsummit.aspirationtech.org/index.php?title=How_can_we_tell_if_we%27re_making_progress%3F&diff=2184How can we tell if we're making progress?2016-11-22T19:11:53Z<p>Jucsanch: Created page with "Evaluation is more of a hobby with Dirk, likes clear plans, where are people heading and do they know what it means to be winning ==Go-round== '''Pair-Share activity''' - Wha..."</p>
<hr />
<div>Evaluation is more of a hobby with Dirk, likes clear plans, where are people heading and do they know what it means to be winning<br />
<br />
==Go-round==<br />
'''Pair-Share activity''' - What is the change you are seeing that you are trying to contribute to. What does success look like. If you're working on a specific project, look at that and see what it's trying to accomplish. If you're an IC, try to think about what is the success that you're trying to accomplish, with lots of different folks, what is your goal, what are you trying to do. what does that look like? Vision of success, what do things look like so i don't have to be doing this work anymore, so that I can comfortably work?<br />
* Bruce - thats the model of social workers, how can we put ourselves out of a job, what's going to cause us to stop<br />
* Go-around sharing the ~2+ goals we wrote down on post-it notes during pair share<br />
<br />
These are our visions of success, what we're trying to accomplish. If had a full-day and paying dirk we'd really go deep into that. so instead going into elements, putting them on the ground and we'll arrange them in the appropriate order.<br />
* Identify indicators of success.<br />
* create strategies/tactics<br />
* identify stakeholders+actors<br />
* identify needed resources<br />
* create a timeline<br />
* articulate a vision of success<br />
* identify the preconditions<br />
* evaluate progress<br />
<br />
'''Bruce''' - Midwest academy, out of Saul Allinsky's work ("doable, winnable and replicable").<br />
'''Book''' - Rules for Radicals<br />
<br />
==Process==<br />
First, articulate a vision of success, so want people to have a vision of their long-term goal first. Often most difficult thing for them to think about, so have to give them tools/frameworks to do that. Often does a epitaph exercise, the world has changed and it now functions in a way that you no longer need to exist, had a peaceful change because the change was made, what does that epitaph say.<br />
<br />
Identify the preconditions and identify stakeholders+actors. In this step Dirk has people draw out a vision of success and what they're doing differently. Preconditions - these people are doing (this) differently.<br />
<br />
Identify indicators of success. think about preconditions, how people are behaving differently, and start articulating.. we know we are winning if we see these things happening. One of the things that's quite a buzzword these days is called "Theory of Change." We want to engage people in what we're doing, the change we're trying to make. So this area, of the 4 tiles, is what comprises the theory of change. However, a theory of change is something you should be developing with your key external stakeholders, be informed by those you are impacting and involved with.<br />
<br />
So then can create Strategies+Tactics to identify it. If in an org this is where you engage staff, think about timeframe of next 3 years and think about how we're going to do...Create a timeline, how long is this going to take? This can be simultaneous in the first few steps. <br />
Once you figure out how long it's going to take, begin implementing, see if on timeline, and can Evaluate Progress, happens as we are going along, pay attention to indicators and see if we're getting smarter, not getting disempowered, disillusioned.<br />
<br />
In terms of preconditions, what needs to happen before this happens and this happens...and identifying all the other bits that the organization is already doing helps inform the timeline. Look at all the bits while evaluating.<br />
<br />
With social justice/social change work, need to have a picture of what that change looks like to us.<br />
<br />
Tactics support strategies...<br />
Within strategies and tactics creating project plans, which is where when stopping is identified. How do we learn from this, when do we shift. Always jumping back and forth between evaluating and learning, when have we gotten too far, and looking at how we're impacting our users/stakeholders/who we're working with.</div>Jucsanchhttps://devsummit.aspirationtech.org/index.php?title=How_to_prepare_for_what_you%27re_not_prepared_for&diff=2177How to prepare for what you're not prepared for2016-11-22T19:01:10Z<p>Jucsanch: Created page with "==Participants and questions== * Crisis counselor * How to convince colleagues to consider crisis management * Figure out how to step up when things happen. Find ways to do so..."</p>
<hr />
<div>==Participants and questions==<br />
* Crisis counselor<br />
* How to convince colleagues to consider crisis management<br />
* Figure out how to step up when things happen. Find ways to do so efficiently.<br />
* Time management during a crisis<br />
* Framework for response<br />
* Emergency communications - what are the channels if cellphone towers go down?<br />
* Personal/family/community preparation to reduce social unrest<br />
* Local knowledge interface with specialists<br />
* Volunteer recruitment and management<br />
<br />
==Disaster Cycle==<br />
'''Prepare -> Respond -> Recover -> Mitigation'''<br />
<br />
* Prepare (stockpile food, etc)<br />
* Response (immediately after)<br />
* Recover (rebuilding)<br />
* Mitigation (refactoring strategically to reduce harm next time)<br />
<br />
# Affected population needs to be better off after than they were before. (e.g. Rwanda channeled resources into improving the country). Sometimes big entities (e.g. google, government) quash smaller community-driven efforts.<br />
# Official response agencies need to improve. Digital response has to be in service to the real needs of the community.<br />
<br />
It's hard to convince folks to be prepared for a disaster unless they have personally been in one. Self-care and community care is the key to that resilience.<br />
<br />
'''Urgent vs. Important''' - How to communicate to large organizations "How can we help?" What will change if we do X for you? Why aren't you already doing that? How to sift through urgency patterns. Is there a formal name for triage for processes or information requests during a crisis situation?<br />
<br />
It's OK to say no! Take care of yourself, and triage to make sure that what is asked needs to be done and is important.<br />
<br />
==How do you prepare for crises?==<br />
<br />
* DDOS/hack<br />
* Electronic invasion/hacking<br />
* Personal/health crisis<br />
* Natural disaster<br />
* Social unrest<br />
* War zone<br />
* Registration/Deportation/internment<br />
* Bankruptcy<br />
* Domestic violence<br />
* Threat modeling<br />
* Conflict<br />
* Personal care<br />
* Natural disaster<br />
<br />
Matching area of influence vs area of concern<br />
*How can we realistically map areas of concern, and concentrate on what you can do<br />
<br />
==Exceeded Capacity - what happens? ==<br />
* Muddle through, have health crisis afterwards<br />
* Be in denial<br />
* Say 'No'<br />
* Delegate<br />
* Ask for help<br />
* Panic<br />
<br />
'''What are some guiding principles for smaller groups to have?'''<br />
* Identify the biggest concerns / thread modelling with political & personal included<br />
* Reaching out to other places with crisis experience, seeing what they did.<br />
* Identify and support the different individuals respond<br />
* Think about difficult things (e.g. waste, bodies) that need dealing with<br />
* Think about dependencies or systems - could you survive 3-7 days?<br />
* Consider contingency plans<br />
* Identify community resources (e.g. skill sets, food supplies)<br />
* Prepare resources (e.g. large laminated maps of the area)<br />
* Identify potential burnout roles and patterns, offer interventions<br />
* Perform ongoing personal and community care to increase resilience<br />
<br />
'''Daniel Honesy''' - Works for the SFO city government<br />
<br />
'''NERT''' - neighbourhood emergency response team - first round of support who<br />
<br />
'''CERT''' - community/city<br />
<br />
'''VOAD''' - Volunteer Organisations Active in Disaster (churches, HS groups) - groups who are active anyway but can be activated (by e.g. FEMA). Certified by the formal sector. You can register with one of them.<br />
<br />
==Digital Response List==<br />
<br />
'''Rebecca Solnit''' - A Paradise Made in Hell<br />
<br />
'''scifiaction.club'''<br />
<br />
Keep track of the response of the formal sector. Hold them responsible.</div>Jucsanchhttps://devsummit.aspirationtech.org/index.php?title=Data_literacy&diff=2170Data literacy2016-11-22T18:48:13Z<p>Jucsanch: Created page with "Critical thinking is needed to know if something is right or wrong is not in the schools/society/... pipeline * Get the data * clean the data... * socialization, many steps..."</p>
<hr />
<div>Critical thinking is needed to know if something is right or wrong is not in the schools/society/... <br />
<br />
pipeline<br />
* Get the data<br />
* clean the data...<br />
* socialization, many steps that need to happen before socialization.<br />
* in terms of reality check..<br />
<br />
propaganda in media.. factuality..<br />
<br />
==What does data mean to you?==<br />
'''Ben''' - how to know if things you see are factual.. books by Tufte<br />
<br />
'''David''' - as journalist and educator... asking what the meaning of data is. eg crime data from police dept is reflection of policy, not nec reflection of actual crime. transparency around methodology, how data collected are crucial in data literacy. great example is sports, analytical revolution, even bar bro has much more sophistication andd talking about and understanding more advanced metrics.<br />
<br />
'''?''' - people don't understand data and why its coming across a certain way. history, source, and context of data. who gave the data, what's their context and reason for giving data.. how we play into resource process. We have new ways of collecting, visualizing, etc, data.. how to find purpose in all of (noisy?) data... eg using wikipedia as primary source in early days.. How to teach people how to research. not all data primary or reputable source.<br />
<br />
'''Srishti''' - questions we want to ask/interesting stories we want to tell while communicating with others about it<br />
<br />
'''Dirk''' - advocacy bg using tech.. Using evidence to right wrongs. troubled by the term, becoming quickly irrelevant in post-truth world.<br />
<br />
'''?''' - International sus dev, data forensics.. dealing with so technical data that's not accessible/understandable.. how to translate for practictioners while preserving integrity of the data.<br />
<br />
'''Heather''' - literacy has a colonial sense, but also, there's a gap. how to address that gap, whether in the education system or..<br />
<br />
'''Dirk''' - post-fact: eg UK, if don't give money to EU, will have for NHS, but most people don't have ability to see the data on that or data showing that immigrants aren't a problem.<br />
<br />
'''Heather''' - politicians and businessman get to put out bad information and citizens are the victim in that.<br />
<br />
'''Dirk''' - the word data also has problems.<br />
<br />
'''?''' - difference between information and data<br />
<br />
'''?''' - information taxonomy. <br />
<br />
'''Heather''' - fact discussions, do you want to be right or do you want to win? can assume that everyone has the same access to logic and education, but what about layers of values and priorities, can education program address that? buckets, how to have a better structure of work.<br />
<br />
'''David''' - need to have values<br />
<br />
'''Dirk''' - values of truth and fact, and the journalist, is that what's driving them?<br />
<br />
'''David''' - incentive structures needed in data collection and reporting. eg clinics report certain stats based on what they need to show based on their funding, and other studies show that wealthy and low-income have similar STI rates.<br />
<br />
'''Heather''' - gunner wants us to discuss, how do we improve this? what are the mechanisms to improve this situation?<br />
<br />
'''Dirk''' - when communities have an active role in collecting data about themselves. got to see leadership development around collecting data, and people/orgs working in collaboration because of that.<br />
<br />
'''Ajay''' - when we're talking about accountability and transparency and the messaging people are receiving, i think about the role of the 4th estate, which hasn't been doing its job, through manipulation it gave us Hillary and Donald in the primary, and I'm looking to see our session talk more about helping our own and others develop better discernment+data literacy skills, was hoping that'd be part of our time during this session.<br />
<br />
'''Heather''' - tanzania project of flood resilience in cmty, city planners deeply involved bc its the first map that they've gotten, connecting ppl, cmty dev, gotten more young ppl involved and empowered. Holds administration more accountable.<br />
teaching and training, schooled by what data and .. are.. don't be a cowboy, spend more time listening. We need to teach people before data.. need to be able to teach ppl.<br />
<br />
==Takeaways==<br />
<br />
* Data ownership is key to engagement.. and then a bunch of depressing stuff<br />
* Accountability, incentives and ethics<br />
* Education and awareness</div>Jucsanchhttps://devsummit.aspirationtech.org/index.php?title=Tor2016&diff=2168Tor20162016-11-22T00:55:25Z<p>Jucsanch: Created page with "== What happens when you go to a website == * go to browser * put in URL * request goes to: ** internet service provider ** domain name server ** actual server == What are t..."</p>
<hr />
<div>== What happens when you go to a website ==<br />
<br />
* go to browser<br />
* put in URL<br />
* request goes to:<br />
** internet service provider<br />
** domain name server<br />
** actual server<br />
<br />
== What are threats here? ==<br />
<br />
* ISP can see traffic (your ip, what ip you're trying to visit)<br />
* DNS server can see same inormation<br />
<br />
== What happens w/ Tor ==<br />
<br />
* request to ISP is encrypted<br />
* then through a series of relays before it hits an exit node and then passes on to application server at which request is targeted<br />
* each relay knows the next destination, but nothing more (entry node knows origin but not destination, exit node knows destination but not origin, etc...)<br />
* exit node makes UDP request to DNS server for application server URL -> IP lookup<br />
* routes are randomized<br />
<br />
= What is the purpose of Tor? =<br />
<br />
* started as way to hide origin of traffic on internet<br />
* wasn't focused on topic<br />
* just focused on origin/identity<br />
<br />
* more computation is off-loaded to client now than when tor invented<br />
* as a result, running software can find out a lot more about you (info from microphone, etc...)<br />
* data mining drives development of high percentage of software we use<br />
<br />
* tor didn't originally mitigate against exposed DNS lookups<br />
* :. tor has had to evolve a lot to keep up w/ changing technology<br />
* tor used to be about anonymity<br />
* has eveolved into best tool for censorship circumvention<br />
* 2009 iran, 2011 egypt catalyzed this movement<br />
<br />
* usage heavy in bahrain, west bank -> places US doesn't want to help<br />
<br />
* security v. anonymmity<br />
** security is not about obscurity, anonymity *is*<br />
<br />
== How does the political terrain impact Tor?==<br />
<br />
* funders want to target X country, not Y country<br />
** BUT the tool can't differentiate between "good" and "bad" actors<br />
** regardless: "anonymity needs crowds", "you need pigs and perps"<br />
** by protecting *everyone*, you protect the specific people you care about<br />
** store data half in N Korea, S Korea (etc...)<br />
<br />
* obscurity network relies in its efficacy on being populated by a complicated network of conflicting antagonists<br />
<br />
= On Trust=<br />
<br />
* does everyone know what a VPN is? (Yes! "virtual private network", routes traffic through a proxy server)<br />
<br />
* a tool that's good for a lot of things is not pluggable/flexible (unix philosophy)<br />
* VPN isn't flexible<br />
<br />
* VPN is weak because it requires trust<br />
** chinese activsts ran VPN service on west coast, resold anonymized data of users<br />
** (and it's basically impossible to anonymize data)<br />
** if i'm a malicious nation-state, i want to set up VPNs all over the place (they're a great honeypot)<br />
<br />
* Tor requires no trust<br />
** don't trust any provider who requires you to trust them to be safe<br />
** trust you are safe because it's impossible to expose you<br />
** we need to insist on anonymity by design, not by promise<br />
<br />
= Network Mechanics=<br />
<br />
* protocols: TCP, UDP etc..<br />
** tor is for TCP<br />
** aims to be low-latency<br />
** not instantaneous, but quick(ish)<br />
** 7,000 relays, most run on linux<br />
** overoncentrated in w. europe & u.s.<br />
** far too few in heavily wired places like japan, s. korea, malta<br />
<br />
= What can we do?=<br />
<br />
* use tor browser<br />
* use tor-enabled chat programs (pidgin, tor chat, tor messenger)<br />
* run a relay node<br />
* run a bridge node for people in other countries, encourage friends in other countries to run a bridge node for people in US<br />
* run a hidden service<br />
<br />
= Attacks=<br />
<br />
* correlate traffic by running lots of entry nodes, looking for same IP address<br />
* timing attacks on when request enters and leaves network<br />
* tor topography fluctuates on a daily basis, b/c competing actors are make moves/counter moves to control network<br />
* most countries attacking tor ususally using US-made tech (bluecoat, cisco, juniper)<br />
* most common state-level attacks:<br />
** large-scale traffic monitoring<br />
** futz with certs<br />
** block ports<br />
** deep packet inspection<br />
<br />
* deep packet inspection<br />
** use-case: circumvention<br />
** censors can't tell what (blocked) site you're trying to visit, but can easily tell you're using tor (by (1) recognizing protocol signature in packets, (2) seeing address of relay node in request)<br />
** defense: transform traffic to make it look like a normal web traffic<br />
** "pluggable transports"<br />
** -> identify nodes and block them<br />
<br />
* detecting guard relay<br />
** middle relays get switched up a lot, but guard relay (entry) does not<br />
** so is this guard relay actually trustworthy? relies on reputation system<br />
<br />
* TLS/SSL are weak<br />
** because their guarantees rely on us trusting certificate authorities<br />
** most of which aren't very trustworhty<br />
<br />
* how does pluggable transport work? making request to entry node look like normal http traffic)<br />
** both request origin and guard relay have a shared secret<br />
** how do we exchange the shared secret? BRIDGES!<br />
** bridges are out-of-band webpages that are provided in batches when you first want to make a request, or you can write email to request URLs for bridges<br />
<br />
= Practical things we can do=<br />
<br />
* if you're part of an organization, with someone you trust to run a relay, DO IT and route traffic through it<br />
* if we know people overseas, start setting up bridges w/ IPs & fingerprints for servers so we can help with circumvention when/if heavy censorship<br />
<br />
* hidden services for the rest of us!<br />
** any service that can be run on TCP can be run as hidden service<br />
** design principle: for web ditch dynamic web 2.0 -> write static websites<br />
** for servers go simple & small:<br />
*** tiny httpd<br />
*** simpler the better<br />
*** don't go near javascript, NO CLIENT SIDE LOGIC, FRONTEND FRAMEWORK<br />
*** assume it will be broken, if server is broken, don't compromise users<br />
** these can be safe repositories for information for organizing<br />
** some friction (requires tor browser, weird URLs) but it's worth it<br />
<br />
* example use case<br />
** at-risk people wanted to run an easy-to-use blog<br />
** so... they embedded wordpress in a hidden service<br />
** admin backend can only be accessed as an onion service<br />
** then it spits out static html, which is exposed on the public internet<br />
<br />
* why should we run a tor relay?<br />
** because it makes tor stronger<br />
** if we have small group of people who trust each other (an affinity group), then we can have almost absolute trust in this entry node, even better if you publish it so e are<br />
** configure tor browser to always use this particular entry node, or pluggable transport<br />
** if you have to introduce trust, don't trust tech, trust people you actually trust<br />
<br />
* what is a safe way to run a relay?<br />
** hard server in a data center that you can access<br />
** can get hardware for $100: look at pcengines.ch - alix boards, APU boards, rasberry,<br />
<br />
* is it worth using tor on mobile<br />
** no, if you think you're getting anonymity (mobile provider tracks where and who you are -- through pings to cell towers, etc...)<br />
** yes, if it is valuable to make it impossible to correlate browsing history with record of who and where you are<br />
<br />
= Easter Egg=<br />
<br />
lookup zooko's triangle!</div>Jucsanchhttps://devsummit.aspirationtech.org/index.php?title=Bridging_episodic_social_movements&diff=2167Bridging episodic social movements2016-11-22T00:26:12Z<p>Jucsanch: </p>
<hr />
<div>'''Problem statement: how do we go from one-off protests and actions to sustained momentum'''<br />
<br />
==Ideas==<br />
<br />
* Provide mutual aid — cab fare etc<br />
* We should pay attention to groups who have been active for a long time; example: Ferguson activism was going on for a lot of time before Mike Brown’s death. <br />
* Listen first, assess, then act<br />
* Whenever you start something, we need to assess what has been done and tried. Integrate lessons into future actions<br />
* Nature of movements is that no one is accountable to them, so actions move on different timing<br />
* Establish leadership and spokespeople; assigning responsibility; if it is a mob, hard to have a message <br />
* Structure can be very useful to help <br />
* After a good mobilization, even without leadership, the crowd was policed into control and dispersed — we don’t want to see that. We want to be in control of our actions and the continuity of actions — for subsequent actions.<br />
* The distinction between activism vs. organizing; can be helpful to know roles that are helpful to have an engaged, effective series of actions <br />
* Cycles: public engagement and education phase; research phase to learn what has been done, what is effective, what would collaboration look like, targeted communication. Mobilization is the flash point.<br />
* Outreach phase ideas: poster up for outreach; reach out to folks who may not be online or connected via social networks online; branding is super important — by establishing a brand, people immediately see and can connect with the invitation or action. <br />
* Culture jamming — deployment of ubiquitous imagery to queue dissent. Street art can be incredibly influential. <br />
* Prioritizing listening, don’t give unsolicited advice <br />
* Be interested and willing to take action to redeploy privilege. What training or networks might you have or resources. <br />
* A helpful question: “is there a way that I might be of assistance?” rather than assume you are of assistance or helpful. <br />
* I just experienced this at Standing Rock — there were so many people that it was a burden for the organizers to manage the people who showed up. How do we feed, house, etc. these folks. There are initiatives of folks that may not just be unwelcomed, but could increase risk for folks who are already at risk. Additional emotional, physical labor. <br />
* Sometimes just showing up and being willing to be present and available is a great way to engage. <br />
* So important for one to educate oneself before engaging. <br />
* When the community you are working with calls you an ally is when you can call yourself an ally. Allyship is given, not claimed. <br />
* 90% of success is showing up. — Woody Allen<br />
* Doing the work in your own community with people who identify in the same way you do is critical. That outreach phase is incredibly important. <br />
* It can be very helpful for those of us on the outside to be invited in. Listening to the ask for help is a good indication of when to move forward or engage with communities. It is great to look and find those groups who have asked. <br />
* A good way to engage is to share info and links of groups with your own community and followings. <br />
* At Occupy Sandy, some of the orientation was focused on delineating those who were there to help other people vs those who were there to help themselves. When Oklahoma happened, Occupy Sandy folks contacted them and offered their lessons and template without strings attached. <br />
* Occupy Sandy had a lot of small group clusters and work. Affinity group structure. There were multiple locations with different activities and ways for folks to both get services and support those services (work in the kitchen, etc). <br />
** You were expected to take one day off each week for self care;<br />
** You were expected to go to other locations or work centers; <br />
** Once a week there was a phone call with all involved to check in and address any — Maestro conference can handle 100s of people and expensive. <br />
** There were teams who had their own management and orientation.<br />
* Occupy Sandy was able to do more and quicker than big institutions — like Red Cross, etc.<br />
* Occupy Sandy built on Occupy Wall Street and mutual aid analysis — service-focused work. <br />
* We want leader-FULL vs leader-LESS movements <br />
* Toronto had Trent City Black Lives Matter movement in front of the Toronto Police Headquarters. It was during the fall and going into winter. There was a medical section, food, and community dinner every single day. There was an action folks could do every single day. Every evening there were activities and a lot of art, shows, movies, etc. By making actions available in the evening folks were able to plug-in and feel connected to the actions. Things were really helpful: foot and hand warmers, gift cards to support folks. More people came because there was such a range of welcoming activities. <br />
* Pyramid of engagement: 1% or less: create content; 9% that comment; 90% who learn. We want to onboard those who are learning and interested and movie them up the chain of engagement. <br />
* Flash mobs have been really fun and engaging. We are often a plug-in to a protest so we can play a variety of roles — fun role, serious. The challenge is to ensure we are bringing the right energy at the right time. Sometimes we are fun and sometimes we get between the cops and protestors to diffuse tension or to be a distraction. <br />
* We need to create trusted community in small groups.<br />
* There is a wave theory — something will happen that will motivate action to ride the wave, we are stronger if we are on the board already(meaning engaged)<br />
* Finding our pockets of places to engage with folks, add energy, and to be ready. <br />
* Being prepared for what will be — when we know things may happen, we can do more to prepare and be ready to act. <br />
* In the months ahead, we may want to take offensive action but will often need to do reactive activism and support. It is good for us to know in our areas who is or may want a support plan.<br />
* By systematizing what we do, we can (or are) make ourselves or people we work more vulnerable. This is something we are grappling with. How open are we and inclusive with on boarding and engaging folks. Data management policies are super important. What you print, what and where you store etc.<br />
* One major lesson is to get people to work and make sure there are multiple points for failure — ensure that one person will not endanger an entire operation / initiative / organization<br />
* Ruckus is a great resource for tactical communication information.</div>Jucsanchhttps://devsummit.aspirationtech.org/index.php?title=Bridging_episodic_social_movements&diff=2166Bridging episodic social movements2016-11-22T00:21:45Z<p>Jucsanch: Created page with "'''Problem statement: how do we go from one-off protests and actions to sustained momentum''' ==Ideas== * Provide mutual aid — cab fare etc * We should pay attention to g..."</p>
<hr />
<div>'''Problem statement: how do we go from one-off protests and actions to sustained momentum'''<br />
<br />
<br />
==Ideas==<br />
<br />
* Provide mutual aid — cab fare etc<br />
* We should pay attention to groups who have been active for a long time; example: Ferguson activism was going on for a lot of time before Mike Brown’s death. <br />
* Listen first, assess, then act<br />
* Whenever you start something, we need to assess what has been done and tried. Integrate lessons into future actions<br />
* Nature of movements is that no one is accountable to them, so actions move on different timing<br />
* Establish leadership and spokespeople; assigning responsibility; if it is a mob, hard to have a message <br />
* Structure can be very useful to help <br />
* After a good mobilization, even without leadership, the crowd was policed into control and dispersed — we don’t want to see that. We want to be in control of our actions and the continuity of actions — for subsequent actions.<br />
* The distinction between activism vs. organizing; can be helpful to know roles that are helpful to have an engaged, effective series of actions <br />
* Cycles: public engagement and education phase; research phase to learn what has been done, what is effective, what would collaboration look like, targeted communication. Mobilization is the flash point.<br />
* Outreach phase ideas: poster up for outreach; reach out to folks who may not be online or connected via social networks online; branding is super important — by establishing a brand, people immediately see and can connect with the invitation or action. <br />
* Culture jamming — deployment of ubiquitous imagery to queue dissent. Street art can be incredibly influential. <br />
* Prioritizing listening, don’t give unsolicited advice <br />
* Be interested and willing to take action to redeploy privilege. What training or networks might you have or resources. <br />
* A helpful question: “is there a way that I might be of assistance?” rather than assume you are of assistance or helpful. <br />
* I just experienced this at Standing Rock — there were so many people that it was a burden for the organizers to manage the people who showed up. How do we feed, house, etc. these folks. There are initiatives of folks that may not just be unwelcomed, but could increase risk for folks who are already at risk. Additional emotional, physical labor. <br />
* Sometimes just showing up and being willing to be present and available is a great way to engage. <br />
* So important for one to educate oneself before engaging. <br />
* When the community you are working with calls you an ally is when you can call yourself an ally. Allyship is given, not claimed. <br />
* 90% of success is showing up. — Woody Allen<br />
* Doing the work in your own community with people who identify in the same way you do is critical. That outreach phase is incredibly important. <br />
* It can be very helpful for those of us on the outside to be invited in. Listening to the ask for help is a good indication of when to move forward or engage with communities. It is great to look and find those groups who have asked. <br />
* A good way to engage is to share info and links of groups with your own community and followings. <br />
* At Occupy Sandy, some of the orientation was focused on delineating those who were there to help other people vs those who were there to help themselves. When Oklahoma happened, Occupy Sandy folks contacted them and offered their lessons and template without strings attached. <br />
* Occupy Sandy had a lot of small group clusters and work. Affinity group structure. There were multiple locations with different activities and ways for folks to both get services and support those services (work in the kitchen, etc). <br />
** You were expected to take one day off each week for self care;<br />
** You were expected to go to other locations or work centers; <br />
** Once a week there was a phone call with all involved to check in and address any — Maestro conference can handle 100s of people and expensive. <br />
** There were teams who had their own management and orientation.<br />
* Occupy Sandy was able to do more and quicker than big institutions — like Red Cross, etc.<br />
* Occupy Sandy built on Occupy Wall Street and mutual aid analysis — service-focused work. <br />
* We want leader-FULL vs leader-LESS movements <br />
* Toronto had Trent City Black Lives Matter movement in front of the Toronto Police Headquarters. It was during the fall and going into winter. There was a medical section, food, and community dinner every single day. There was an action folks could do every single day. Every evening there were activities and a lot of art, shows, movies, etc. By making actions available in the evening folks were able to plug-in and feel connected to the actions. Things were really helpful: foot and hand warmers, gift cards to support folks. More people came because there was such a range of welcoming activities. <br />
* Pyramid of engagement: 1% or less: create content; 9% that comment; 90% who learn. We want to onboard those who are learning and interested and movie them up the chain of engagement. <br />
* Flash mobs have been really fun and engaging. We are often a plug-in to a protest so we can play a variety of roles — fun role, serious. The challenge is to ensure we are bringing the right energy at the right time. Sometimes we are fun and sometimes we get between the cops and protestors to diffuse tension or to be a distraction. <br />
* We need to create trusted community in small groups.<br />
* There is a wave theory — something will happen that will motivate action to ride the wave, we are stronger if we are on the board already(meaning engaged)<br />
* Finding our pockets of places to engage with folks, add energy, and to be ready. <br />
* Being prepared for what will be — when we know things may happen, we can do more to prepare and be ready to act. <br />
* In the months ahead, we may want to take offensive action but will often need to do reactive activism and support. It is good for us to know in our areas who is or may want a support plan.<br />
* By systematizing what we do, we can (or are) make ourselves or people we work more vulnerable. This is something we are grappling with. How open are we and inclusive with on boarding and engaging folks. Data management policies are super important. What you print, what and where you store etc.<br />
* One major lesson is to get people to work and make sure there are multiple points for failure — ensure that one person will not endanger an entire operation / initiative / organization<br />
* Ruckus is a great resource for tactical communication information.</div>Jucsanchhttps://devsummit.aspirationtech.org/index.php?title=2016_Agenda&diff=21652016 Agenda2016-11-22T00:17:38Z<p>Jucsanch: /* Thursday Breakout Session II */</p>
<hr />
<div>Aspiration events are first and foremost convened to strengthen the ties and social networks of technology practitioners in the non-profit/non-governmental sectors.<br />
<br />
The #npdev session list is co-developed with participants, facilitators, and partners in the time leading up to and during the Festival. We strongly encourage you to join in the fun at this unique and interactive gathering!<br />
<br />
The agenda is designed and facilitated using Aspiration's unique participatory model, in an environment where powerpoint slides are discouraged and dialog and collaboration drive the learning.<br />
<br />
Our philosophy centers around getting participants into small-group discussions where they can discuss topics they are passionate about and get answers to their questions and curiosities. Sessions at Aspirations have particular traits; we de-emphasize presentations and lecture, and instead focus on "break-out" sessions that are self-organized whenever possible .<br />
<br />
= Wednesday November 16 =<br />
<br />
== Opening Circle ==<br />
<br />
<br />
== Nature Walk ==<br />
<br />
<br />
== Story Telling ==<br />
<br />
<br />
== Agenda Mosh Pit ==<br />
<br />
<br />
== Wednesday Breakout Session I ==<br />
<br />
* [[Social media and filter bubbles]] - Aman (Note Taker - David)<br />
* [[How to successfully recover from large-scale doxxing or trolling]] - Adria (Note Taker - Ben)<br />
* [[Trump Watch database]] - Pratap (Note Taker - George)<br />
* [[Mapping threats over next four years]] - Rainey (Note Taker - Scott)<br />
* [[Tools for engaging with congress]] - Max (Note Taker - Matt)<br />
* [[Intersection between organizational goals and actions against Trump]] - Anya (Note Taker - Ajay)<br />
* [[What does effective leadership look like?]] - Dirk (Note Taker - Nick)<br />
* [[The revolution will not be optimized]] - Scott (Note Taker - Jay)<br />
* [[Collaborative, secure, open source tools to help run your office]] - Lisa (Note Taker - Erick)<br />
* [[Digital humanitarian response]] - Willow (Note Taker - Mike)<br />
* [[Security tools]] - Jack (Note Taker - Andrew)<br />
<br />
== Wednesday Breakout Session II ==<br />
* [[The role of art]] - Kristine (Note Taker - Chris)<br />
* [[Data literacy]] - Heather (Note Taker - Ajay)<br />
* [[How to use licenses]] - Andrew (Note Taker - Brian)<br />
* [[Mobile and Internet of Things (IOT) security]] - Norman (Note Taker - Lisa)<br />
* [[Connecting communities with services]] - Greg (Note Taker - Willow)<br />
* [[Role of youth in movements]] - Jay (Note Taker - Noah)<br />
* [[Propaganda posters for good]] - Ruth<br />
* [[Direct actions]] - Austin (Note Taker - Matt)<br />
* [[Communications architecture in political systems]] - Tomas (Note Taker - Jay)<br />
<br />
=Thursday, November 17=<br />
<br />
== Thursday Breakout Session I ==<br />
<br />
* [[Backdrop]] Jack - Talked about different content management systems, lessons learned from Drupal. Flaws in democracy philosophy, grew to ignore the small organizations. Cool to see how Backdrop is intentional about the community it serves, progressive organizations it builds for to make it ian empoewring experience. Talked about CiviCRM<br />
* [[CiviCRM Demo]] Neil - Open source philosophies, creating community around a code base. How to make it useful to everyone, distributing data instead of centralizing it.<br />
* [[To wireframe or not to wireframe]] Sarah - Use and utility as a means of communication between developers, designers, customers. Suite of tools including informational analysis, scoping, narratives. But people do some sort of prototyping. Better organized you can be about that, the better. Using graph paper is fine.<br />
* [[Whistleblowing and dissent]] Scotty (Note Taker - Pratap) - Main question being addressed was thinking about people inside the gov. How do those of us outside support them if they want to be whistleblowers? Also what networks can be set up in the inside? When people protested the Pentagon, it doesn't help with "you're scum" but it helps with "I know you're going in to do a hard thing, do the right thing." It's also difficult to take a flier, so having a sign with a URL to where to get information might make more sense. Ideas inside, how to have folk network and support one another. Important that we all figure out ways to support whistleblowers on the inside. Because there are folk inside trying to fight.<br />
* [[Certificates for your website through Let's Encrypt]] Seth (Note Taker - Thomas) - Introduction to Certificate Authority (Free as in Free Beer) to get HTTPS on your website. Conclusion: get it. Automated, easy to use.<br />
* [[Financial markets and divestment]] Brian (Note Taker - Logan) - Talked about fail of publicly traded groups. 50k worldwide, 6k in US. A smaller section of those are responsible for our economy. It's a human-scale problem. Also very complex. Difficult to untangle the connections, how to actually divest from coal. Look at a specific economy in the Midwest and it's a tractable problem to see the employers and where they are. Where to put money. Publicly owned utility cooperatives, how they're dispersed geographically - that indicates where to extend co-ops into rural America.<br />
* [[Building personas]] Kristine (Note Taker - Steve) - Creating people that don't actually exist to look at target audiences. Also look at your organization and team, how to work with them., Getting feedback from community, feedback from organization. Structure and support, having an organized mindset in working with people most affected. How to create something useful versus vaporware.<br />
* [[Mapping out NGO Workflows]] Beatrice and Jamila (Note Taker - Willow) - Challenges when we need a whole team to get a process completed. Organizational tasks like grant writing, combined data, etc. Crowd sourced information about this. Collaborative document editing, onboarding new people, social media campaigns.How to create processes. Second session will be about the tools to use in those workflows.<br />
* [[Product management]] Matt - We all agreed there are different ways to approach these problems. OS projects are all organized differently. Different positions, get a sense of what those differences are, reduce gaps. Developers have a hard time being empathetic to people they don't see. Do user testing, get videos of people using the tool. Show the overlap in problems different people had. How to get a handle of that and prioritize. Project people are moving the process along, make sure it's smooth. The client is the product owner but can't be polled all the time. How to do that when they're not around all the time. If it isn't useful for 80% of users, maybe it shouldn't be a feature.<br />
* [[Surveillance Self Defense]] Bill - split into two groups - Matt gave a training in how to give a training, metaphors to use. other group covered what could be improved about trainings in general, having a trainers help desk, recyclable material.<br />
* [[How to create passwords]] George - How people password now, when you have 70 passwords. Password managers, brain. Diversity of characters, nonsensical phrases, using a lot of characters. Came up with strategies for strong passwords. Writing things phonetically, shapes on keyboard.<br />
* [[Lifecycles of websites]] Grant - Family planning to zombies staggering around eating brains. Middle of life when we need more doctor visits, models for supporting that, providing that care. Counting on users, maintenance plan. Documentation and challenge with that. Content up-to-date-ness indicates if your site is alive or dead. End of life and taking a site down gracefully.<br />
<br />
==Thursday Skillshare ==<br />
* [[2016 Skillshare Topics]]<br />
<br />
==Farmers Market==<br />
<br />
== Thursday Breakout Session II ==<br />
* [[Working with Non Allies]] - Nola - Finding common ground with people you disagree with on something you do agree on. How do you prioritize what you'll tackle? If people say something else is more important, how do you have those? Made a map of people we disagree with. Things everyone can have a conversation about: dogs, food, weather. Bridges into people's mind. Then thing s on the right that are more contentious, like gov, sex, Trump. Then a meta conversation about if we're judgmental about other people, how can we move beyond that?<br />
* [[Will the revolution be decentralized?]] - Different approaches and use cases for use cases. Put together some user stories about what could be useful and how to build it.<br />
* [[RegEx2016]] - Refactored regex commands. Finding words like category and dogma. <br />
* [[Tor2016]] - Talked about how Tor works. It's not all that complicated. Things just bounce around a lot more. Used to be a tool for anonymity, now also used for circumvention. Important here. Useful thing to do is if you have a group of trusted friends is to run a relay node together. So trust people instead. Then provide bridges so people can't tell you're running Tor. Or a hidden service as organizing information.<br />
* [[Git2016]] - Workflows - one is more a drupal project, the other is for a wordpress project. There are drawings.<br />
* [[Bridging episodic social movements]] Shahid<br />
* [[Writing2016]] - use simple language, think about who you're writing for. Let me not weasel. Don't use "should" or "this might not be" just say "don't do it."<br />
* [[Influence]] - Military process of objective focus influence. Influence foreign leaders can be used in organizing. Who are the people making the choices, where they get their information, what they value, then sneak them a message through their network or media. Be strategic.<br />
* [[GrantWriting2016]] - Hard and expensive but you can also get money. Extensive notes on the wiki with links resources and directories.Fiscal sponsors are good. Smaller grants are ok. How to get funding, building relationships is key. General marketing and positioning. Fiscal sponsors give you admin support while you get started. Knowing your audience is key Planning long term strategies and purposes, repurpose what you've written.<br />
* [[Barriers and enablers in the health of shared resources]] - Dirk and Nick - Problems of community management and interpersonal versus facing teh actual platforms and how we invite people to contribute. List we're hoping to grow in how to mitigate those things. Have teams and tasks which are defined. Knowing decisions need to happen, what contributions look like. Clear asks, clear talking points.<br />
<br />
=Friday, November 18=<br />
<br />
== Friday Breakout Session I ==<br />
* [[NGO workflows and how to choose your tools]] - if we're coming into an organization, do we want things to be open, sustainable, etc? How do our tech match those values? If we have things like dropbox google drive etc, what questions do we need to ask to reflect the values? We set forth questions, the culture in which it's happening. <br />
* [[Freelancers21016]] - 3 areas for feeling happy in your work. Autonomy, mastery, purpose and meaning. Added security, stability, living wage, validation, etc. Took some time to think about the list of tips and tricks, advice, learning, etc from folk in the room in working towards achieving those. <br />
* [[Threat Models]] - process to do participatory threat modeling. What is the threat landscape now? The threats we often think about like Google and NSA might not be that big of a threat. Maybe it's the public. <br />
* [[Engineering meets social science]] - En Espanol! California and US create tech products to serve our needs. Needs of other places in other parts of the world are not focused on individualism. Group identity maybe more important. In a rural area, people have gotten together to put together a network. Here we ant things easy and individual. There communication is important. Suluatsu looks for direct help like nursing. They work to say computers and technology can help other people. Direct help and indirect help, both are good. Compared different products and locations.<br />
* [[Being a white ally]] - White fragility is frustrating. Focus is on how to talk to other white people about their biases and prejudice. How much is it worthwhile to the individual, or finding other ways to do the work. Lots of history which is flaring up. This nation is founded on genocide and slavery, we haven't come to account for that. Acknowledging where we're from, how you can do for indigenous places. Are we looking for what support they want? They have a land trust, buy back land as a non-federally recognized tribes. Treaties never ratified. They ask us to donate what of our taxes would go to something else. Address is in the notes. <br />
* [[How can we tell if we're making progress?]] - We have a puzzle in knowing if we're making progress. Strong vision of success. How it applies to stakeholders, the populations we're trying to affect. Instead of trying to wait for the tactic or process to be over and then evaluating, evaluate along the way and make adjustments. You might spend a lot of time and money on a tactic and not get what you want, but evaluating as you go allows you to adapt<br />
* [[How to prepare for what you're not prepared for]] - Willow - Crisis cycle: prepare, respond, recover. also mitigation changing how we do each of those. threat models should include environments and personal care, piggy back on what's already happening. don't panic, respond rather than react. Slow down, act strategically. Don't just act to act. Create separate time in meetings for contingency plans, don't make a "we need to do this now." Identify capacities and resources in your community beforehand, what might take a hit in a crisis? Flag burnout patterns - response takes longer than you expect, so pacing selves. Self care is a part of the response for reals. If you let yourself crumble you won't be able ot help.<br />
* [[Box]] - Project for a hardware box for dissident and activist groups. Web server for meetings. Take it offline or online. Take it with you or hide it. Run from local apartment. Lots of the tech is already solved, some things yet to do. Help folk do collaboration with out dealing with firewalls.<br />
<br />
== Friday Science Fair ==<br />
<br />
* [[2016 Science fair topics]]<br />
<br />
== Friday Breakout Session II ==<br />
<br />
* [[Building a taxonomy of digital civil disobedience tactics]] Beatrice - Expressing dissent online besides angry facebook status. Many of these can be used with any level of technological literacy. Boycotting investments, misinformation campaigns.<br />
* [[Behavioral economics]] - Nola has evil mind powers. Parts of our brains are there but manipulated all the time. How to tell what's happening and respond all the time. Things that are happening now are weird in time. When the reaction is happening, know it's happening, consciously put our thinking into another part of our brain to respond with empathy and love. Lots about the election. What you feel when you've got it versus when you're asked to give it up.<br />
* [[Barter]] - Really great time. Have lots to do.<br />
* [[SelfCare2016]] - What does self care look like for different people. not looking at the capitalistic care of going to Hawaii for a week. how you share love, how others share love with you. Valuing your life your experiences. Tools and skills we'll post to the wiki.<br />
* [[Using social media to connect and have conversations in red states]] - Technological and social techniques. Common ground, forming groups aimed across the isle. Moderation techniques, technology like Thunderclap which tries to gain the trending mechanisms on social media. Talked about the fake news phenomena, talked about the history of newspapers. Opportunities for federated social media for sharing. Weaponized Snopes. <br />
* [[Training Knowledge Share]] - what we've learned over the last 3 days about digital security, what we still need to learn. list of events where to learn more about these topics. It'll be on the wiki. List of organizations and networks local and otherwise who provide this sort of training. Some insights like the shelf life of digital tools. Concerns about parachuting trainers into a situation and then parachuting back out again. Trainer help desk, community point person. Finding a way to not come in as "you've got to be like me about this" but what their needs are, from the community towards realization.<br />
* [[OpenGov2016]] - Covered good, bad, ambivalent. License plate readers, shot spotter. Open microphones all the time. What has made opengov data better is to tell people not to get creative so we have familiar, predictable data across the board. As much online access and availability as possible. Then fewer violations of staff. They shouldn't get in trouble.<br />
* [[Hiring, managing, firing engineers]] - hiring has competing pools of technologists, what makes it matter to folk. Sense of how to get more women and PoC involved. You might have to change the questions you ask women so you can get answers (like getting credit). Men who are underqualified or people who are overqualified. Organizations might think about putting non tech descriptions first for priority. managing developers, diversity challenges - increasing teh gravity of tasks in order to help people improve. Geek culture can be exclusionary. Talked about gender and safe places to work. Implicitly give credit - name, credit, prove. <br />
* [[EthicalConsulting2016]] - Talked over some complex situations and talked through them. Lessons that came out of it. Concrete outcome is an Aspiration-hosted listserv which is low volume and for these sorts of questions.<br />
* [[Tor Relay Setup]] - Covered the operational elements. Relay versus a bridge, exit traffic, looked at config, hosting, what your needs will be.<br />
* [[Facilitation techniques]] - Deepdiving into technology of participation. Talked about resources, when to detail interpersonal techniques, how to get folk to engage, navigating different values, structure of events.<br />
* [[Cultivating a network of change makers within change-resistant institutions]] - generating togetherness like happy hours, camaraderie. Delivering value like delivering tools, business cases they can use internally, making reliable consultants. And a bit about hacking funding like the things you want to do together that funders don't want to fund, package together things you've already done, and if we get all this done we'll do this other thing.</div>Jucsanchhttps://devsummit.aspirationtech.org/index.php?title=GrantWriting2016&diff=2164GrantWriting20162016-11-21T23:54:53Z<p>Jucsanch: Created page with "==WORDS HEARD IN INTRO GO-ROUND== * Finding grant writer * Fiscal sponsorship * Framing / marketing * Finding a grant * Failing * Strategy * Cycle * Budget ==FIRST STEPS==..."</p>
<hr />
<div>==WORDS HEARD IN INTRO GO-ROUND==<br />
<br />
* Finding grant writer<br />
* Fiscal sponsorship<br />
* Framing / marketing<br />
* Finding a grant<br />
* Failing<br />
* Strategy<br />
* Cycle<br />
* Budget<br />
<br />
==FIRST STEPS==<br />
<br />
Write your case statement. Solid case statement is one of the most important thing<br />
<br />
* mission<br />
* vision<br />
* values<br />
* history<br />
* need - what need is the organization solving<br />
* what problem are you solving + proposed solution ("problem statement")<br />
* program specifics - what you do / who you are<br />
* budget<br />
** organization statement<br />
** project / program statement<br />
* tagline<br />
<br />
Case statement is a living document. Can tweak parts of it for a specific grant.<br />
<br />
Money will follow when all of the core concepts are defined.<br />
<br />
Sometimes you may want to scope out possible grants to target before fully-developing case statement (for example, find capacity-development grants).<br />
<br />
==FINDING A GRANT==<br />
<br />
; GMO<br />
: Grant Making Organization<br />
<br />
Look at other similar projects that are already funded, see what grants they get.<br />
<br />
'''Foundation Center''' - Database of grant makers. Accessible for free from community college libraries or from the computers at the Foundation Center in SF. Public online version isn't free.<br />
<br />
If you can't find how to apply from the GMO's website: Write a quick PDF of your proposal to someone in the GMO, asking them for more info on how to apply (to find out where is the secret door). Try to find some way in -- friend, friend of friend, someone you met at a conference, etc.<br />
<br />
Be ready -- find out when the GMO's budget cycle is, grant dealines, etc.<br />
<br />
Try to forge relationships with funders.<br />
<br />
Network. Try to talk to GMO people outside of the normal channels (i.e., _not_ via a RFP).<br />
<br />
==FRAMING / MARKETING==<br />
<br />
how to frame / market the request.<br />
<br />
Give them their words back. Listen to GMO's, pick up key words. Like from their website, when they talk, etc.<br />
<br />
Be general and abstract at the same time. Many times there are many people in the GMO's funding decision.<br />
<br />
Do market research on the GMO. Tailor the request so that it fits them.<br />
* Who are they?<br />
* Why do they exist?<br />
* Look at their patterns? What day / time are they likely to be more receptive to incoming communications?<br />
* Use analytics to see if emails are opened.<br />
<br />
If you do get a response from someone, follow up in a timely manner.<br />
<br />
Email twice (follow up).<br />
<br />
Leave a nugget to follow up with. Such as, leave some minor topic out of the first communication so that you have a "reason" to send another email and follow up. Multiple engagements help create relationship, help them remember you, and keep you present in their mind.<br />
<br />
Find proofreaders, like friends.<br />
<br />
==FINDING A GRANT WRITER==<br />
<br />
It's expensive.<br />
<br />
If you're bringing in someone cold, you're doing a lot of this ground work anyway in order to onboard them. So, may as well follow through and write the grant yourself.<br />
<br />
Grant writers understand components of grant. They know how to organize a grant.<br />
<br />
They often become more like "project managers" for the process, rather than simply writing the grant.<br />
<br />
Grant writers don't get paid from the grant itself. Unethical?<br />
<br />
They can help frame the pitch because they are an outsider with a different perspective on the project.<br />
<br />
==FISCAL SPONSORSHIP==<br />
<br />
Fiscal sponsor is an umbrella organization that takes on some of the overhead of running a 501(c)3, such as liability, payroll (in some cases), etc. Example is Tides in SF. They take a percentage of all of your funding.<br />
<br />
A sticky is that you use the fiscal sponsor's EIN, and so does any other organization under them. These other organizations may be competing or may cause a conflict of interest for the GMO.<br />
<br />
==BUDGET==<br />
<br />
Organization Budget<br />
<br />
It's group work. Make sure everyone is on same page regarding current financial status of org.<br />
<br />
Program Budget<br />
<br />
* Goals<br />
* Whom do you need to hire (suppliers)<br />
* Etc.<br />
* Google "sample program budget" for more info<br />
<br />
Breakdown by time. Note that there are 24 pay periods in a year, not 26.<br />
<br />
Surplus grant funds can usually be used for other things if it wasn't used for the specifics of the grant. They usually won't take the money back and will let you use it for other stuff. But you have to ask the grantor first!!!<br />
<br />
Be sure to build in travel budget.<br />
<br />
General operating costs may or may not be funded. Ask the GMO.<br />
<br />
==CYCLE==<br />
<br />
Put yourself on quaterly grant cycle. Allocate your resources toward that.<br />
<br />
Apply often.<br />
<br />
Reuse as much as the above-mentioned material as you can.<br />
<br />
Getting in first vs getting in last:<br />
<br />
* Get in first so you're first-seen.<br />
* Getting in last-minute may help if they still have funds that they _need_ to allocate.<br />
<br />
==TIPS==<br />
<br />
Grant makers panel of Tri-Valley Nonprofit Alliance.</div>Jucsanchhttps://devsummit.aspirationtech.org/index.php?title=Backdrop&diff=2163Backdrop2016-11-21T23:46:51Z<p>Jucsanch: Created page with "[https://backdropcms.org BackDrop] Drupal and Wordpress and Content Management Systems that are used to manage the content on a website. Anyone can add content, edit content,..."</p>
<hr />
<div>[https://backdropcms.org BackDrop]<br />
<br />
Drupal and Wordpress and Content Management Systems that are used to manage the content on a website. Anyone can add content, edit content, and more. Anything as simple as a blog, or a complex website, directories of information - a lot of things you can do with content without having to know how to code or program yourself. <br />
<br />
I started working with nonprofits builidng static HTML websites. Hypertext Markup Language (HTML) is the code to build websites, and when we started working with nonprofits I had to teach them to type their content into code areas. It's difficult and not super intuitiive. As soon as I found Content Management Systems, I realized that it woudl be much better. It's too much work for them to call me all the time to not be able to put their own content on their websites. <br />
<br />
The first one I started using was Wordpresss for my blog, but when I started doing content for nonprofits I started using Drupal. Drupal is open source meaning the software code is free to read, the license to use the software if an open and free license. When you see FOSS (Free and Open Source Software) and FLOSS (Free and Leave Open Source Software.) You can see more information at the Free Open Source Initiative. <br />
<br />
Drupal and Backgroup are specifically GPL license. Drupal has been around for about 14 years. It was started as a "community planning" platform so people could communicate with each other and share content. It's a bit more flexible and powerful than Wordpress. Drupal over the years has grown. The first DrupalCon felt small and grassroots, and each conference that I have gone to now the conference has gotten bigger and more expensive with big companies having booths and big enterprise stuff. Drupal is now being used for the Sony website and the Whitehouse.gov website - more enterprise now. As this started happening, the software itself began changing making it less easy to build community websites and more enterprise-level websites. <br />
<br />
Drupal started out as a true community where authors would write code and share it. They called it a duocracy. As it progressed, the founder started a compnay that sat alongside Drupal and now Drupal has a core team that makes decisions for more high-level clients. <br />
<br />
If you have the time to build something, you can get it into Drupal. Different people have different amounts of time and different skills so the duocracy sounded nice, but the people who had more funding and had jobs (like Sony) hat were paying them to develop modules in Drupal so the duocracy ended up benefitted the top developers and more corporate users. Community events became more expensive and bigger. Now Drupal has many of the issues that come with Big Tech including issues of sexism and less of a community space. <br />
<br />
Dries Buytaert was one of the original creators of Drupal and that endured and he is still called the "Benevelot Dictator for life". There is also the Drupal Association that manages the project. <br />
<br />
There are a lot of things that are insuffient about how open source organizations are organized. Drupal 7 was a relative recent release. In Drupal, the current version is supported and the version before it is supported, but when a new one comes out the previous one goes "end of life". When Drupal 6 went end of life, these organizations didn't know what to do - upgrades are very expensive. Wordpress is not - it is cheaper to build websites, it is more lightweight and they have backwords compatibility. Ideally, you can upgrade and you should be fine. You cannot do that with a Drupal website. It's usually $10,000+ or a total rebuild. <br />
<br />
From Drupal 7 to 8 and big shift happened. Almost the whole guts of the Drupal software was changed - nothing from Drupal 7 worked in Drupal 8. If you wrote any custom code, it was a totally new system that you switched to. The reasons for doing it may have been to benefit the enterprise model. When people saw that happening, they decided to create something different. <br />
<br />
Drupal was forked and started building differently on there. They forked Drupal to serve Small to Medium size businesses and Nonprofits. Backgroup SMS is made for these audiences. There is an underlying philosophy that highlights affordability. Backdrop values "site builders" rather than coders. We avoid writing custom code if we can avoid it because custom code is expensive and has to be maintained. The number 1 principle is that backwards compability is important. If we're going to break something in the API, we need to have a good reason. We want to write code for the majority and features for the majority. <br />
<br />
The overall direction of the Backgrop Project Management Committee is guided by the model of the Apache Foundation. Jen Lampton and Nate Haug. Two-year terms, but may request to end their membership at any time. There are conflict resolution plans for the community. They took things that didn't go so well in Drupal community and wanted to have a better setup for how to make decisions. Right now there might be 400 contributed projects. It's a small community at this time. The project management committee is seperate from the contributors group.<br />
<br />
They have meetings every Thursday at 1pm Pacific that are open to everyone. You can check more at the Twitter Account. Every other week it fluctuates between the design and evangilism communities. <br />
<br />
Quick Demo of a Backgroup CMS website being built. Backgroup CMS comes with a menu and a search box without having to install it seperately. It's easier to use the site right off the bat. The core content section is organized by different kinds of content such as "Media, Page, News". There is a WYSIWYG editor and easy ways to add images and alternative text. Accessibility is a being considered, but not sure it's W3C. Jen Lampton may know more about that. Creating different types of content and then creating different types of views for that content is a powerful part of Backdrop CMS. It lets the users of the site put a News article up once (using a module), and can show it in various parts of the website. <br />
<br />
Did Drupal have a published philoshopy in advance? Through no one's fault, it wasn't specifically stated that it was to focus on any one type of audince. Drupal does have mission and principles, but not based on moral philosophy. Has Backdrop been more intentional about that? Drupal is more developer focused, whereas Backdrop would really like to focus on the community. Civicrm.org is a constituent relationship management system (like Salesforce) and is built on Backdrop CRM.</div>Jucsanchhttps://devsummit.aspirationtech.org/index.php?title=Barriers_and_enablers_in_the_health_of_shared_resources&diff=2162Barriers and enablers in the health of shared resources2016-11-21T23:42:58Z<p>Jucsanch: Created page with "How to sustain community contributions to resources (documentation, curricula etc.) ==ENABLERS== * champions entry points at different levels of experience * examples and tut..."</p>
<hr />
<div>How to sustain community contributions to resources (documentation, curricula etc.)<br />
<br />
==ENABLERS==<br />
* champions entry points at different levels of experience<br />
* examples and tutorials<br />
* resources and stories<br />
* translations contributed via github<br />
* collective iteration / updatable<br />
* trust/power building<br />
* common standard - word<br />
* shared experience<br />
* open license<br />
* creative commons<br />
* feedback form on each page<br />
* archived materials<br />
* agreed formats<br />
* outline/resource<br />
* agreed forms (outline, resource)<br />
* co-create and develop leaders<br />
* innovative satisfaction of personal need<br />
* 1-on-1s<br />
* personal relationships<br />
* enable people to continue conversation exchange thru discussion platform<br />
* after online event<br />
* enable learners to monitor eachothers’ classwork via google slides<br />
* negotiation tactics<br />
<br />
==BARRIERS==<br />
* misaligned incentives<br />
* staff/nonstaff divide<br />
* fear uncertainty doubt<br />
* content needs legal and technical review<br />
* github and other technical public spaces<br />
* only approved editors can submit edits<br />
* vetting<br />
* versioning<br />
* convoluted technical processes<br />
* conceptual buy-in vs. practices<br />
* limited capacity to review translations<br />
* too many tools unsure where to contribute what<br />
* lack of clear narrow vision<br />
* language localization<br />
* education level<br />
* languages and communication styles<br />
* different centers of reference<br />
* editing<br />
* people unwilling to learn new tools; default to old tools<br />
* formats offline/ online<br />
<br />
Annotation tool: hypothesis<br />
Is git a barrier or enabler?<br />
<br />
==BEST PRACTICES==<br />
* Shared purpose<br />
* teams and tasks<br />
* clear roles and responsibilities<br />
* activation guides<br />
* etherpad? good notetaking to capture decisions<br />
* good leadership/mentors<br />
* community manager: be clear what you’re asking people;<br />
* directed asks<br />
* gamification?<br />
* Fabrication: task management. Award tokens to people<br />
* Metrics;</div>Jucsanchhttps://devsummit.aspirationtech.org/index.php?title=Writing2016&diff=2161Writing20162016-11-21T23:31:30Z<p>Jucsanch: Created page with "==Themes/Qs== * Want to write better * Want to translate concepts into narratives * Want to find discipline to write more * Finding your voice * Creating drama/hooking the re..."</p>
<hr />
<div>==Themes/Qs==<br />
<br />
* Want to write better<br />
* Want to translate concepts into narratives<br />
* Want to find discipline to write more<br />
* Finding your voice<br />
* Creating drama/hooking the reader<br />
* Support for writing<br />
* Defining your audience<br />
<br />
== Strategies==<br />
<br />
* Speak your ideas and record it<br />
* Write without self censoring; cut later<br />
* Embrace the quick, shitty first draft<br />
* "Let me not weasel!"<br />
* "What do I care about?"<br />
* Bubble diagrams/mind mapping<br />
<br />
<br />
== Resources==<br />
<br />
* 10-minute plays<br />
* George Orwell's essays<br />
<br />
== Rules for good writing==<br />
<br />
* Use the active voice<br />
* Delete unnecessary words<br />
* Use the simplest possible words</div>Jucsanchhttps://devsummit.aspirationtech.org/index.php?title=How_to_use_licenses&diff=2160How to use licenses2016-11-21T23:17:25Z<p>Jucsanch: Created page with "Process to choose a license tends to be same for software and content: ; Q - Who do you want to use what you are making? : Researchers and practitioners working in same space..."</p>
<hr />
<div>Process to choose a license tends to be same for software and content:<br />
<br />
; Q - Who do you want to use what you are making?<br />
: Researchers and practitioners working in same space — enough to dedicate resources to it<br />
<br />
; Q - What do you want them to be able to do with it?<br />
: Build on it and share so others can continue the cycle<br />
<br />
Example of uses: copy, combine, modify, broadcast<br />
<br />
Copyright won’t help you with data privacy. Keeping control won’t protect privacy. No legal or practical overlap. As soon as it’s readable it can be reverse engineered.<br />
<br />
For data the trend is toward CC0. In science this is a big deal because they create meta meta datasets.<br />
<br />
; Q - Is there somebody else’s stuff that I want to re-use?<br />
: e.g. P2PU people can share resources — we had to think about what to use for what people made collectively. We wanted to re-use Wikipedia content, so we needed to use their license. So if you are a downstream user that might create a different imperative.<br />
<br />
You still retain copyright if you use CC-BY-SA — you simply are co-licensing<br />
<br />
Pure data points are facts — in the USA there is no copyright on this or on databases. However, in Europe the law is different — if you make a big pile of facts then you gain get a legal right on that database.<br />
<br />
If you create software where you download all as a single blob then you need to talk to a lawyer. Whereas with with content you can actually license different chapters differently.<br />
<br />
Caveats:<br />
* Now we have software, data, content (general media)<br />
* Patents (hardware, design) get more complex // you’ve got to license the whole hardware stack<br />
<br />
My Q re changing license for Flickr images… Once something has been licensed then the version you have until the end of that license. If they re-license that’s okay, as long as you’re complying with the original license. But of course you have to have proof — even just a register is okay.<br />
<br />
Creative Commons helped to write license for WBG.<br />
<br />
Joint ownership creates challenges. If you want to dual/triple license then that can cause issues. Hard to get anything done because who decides on license changes in the future.<br />
<br />
No business models for making money off of content in the NP sector. Even Hollywood having a hard time! Really the issue is control. Typically the creator is the best person to own it. Especially looking forward in 10 years time.<br />
<br />
Debate around whether APIs are copyrightable. It’s a bit of a mess legally.<br />
<br />
Google around licensing generally straight players.<br />
<br />
Contributors who are contributing to your projects: volunteers, employees, contractors. You need to have agreements for them (contributoragreements.org — for software but you can hack and put in the CC license) that allow you to re-license. Use same agreement for everyone. You don’t need copyright by you do permission to re-license because so so much work.</div>Jucsanchhttps://devsummit.aspirationtech.org/index.php?title=Surveillance_Self_Defense&diff=2159Surveillance Self Defense2016-11-21T23:07:37Z<p>Jucsanch: Created page with "Training module for local chapters of a large NGO ;LevelUp : curriculum resource and adult learning framework ==Overview of session:== * Beginning questions * Teach people h..."</p>
<hr />
<div>Training module for local chapters of a large NGO<br />
<br />
;LevelUp<br />
: curriculum resource and adult learning framework<br />
<br />
==Overview of session:==<br />
* Beginning questions<br />
* Teach people how to use existing tools<br />
* Point them to the right guides<br />
* Teach people how to teach<br />
* Understanding why it's important to have data privacy, accessible<br />
* Good ways to work with people who have trouble with PGP<br />
* New threat model of Trump presidency<br />
<br />
-----<br />
<br />
'''Groups:'''<br><br />
Those who are doing trainings<br><br />
Those who are getting the skills but not accustomed to training<br><br />
Those who want to be trained in these tools<br><br />
<br />
<br />
'''If you are someone who wants to be trained as a trainer, what kind of<br />
things do you want to know?'''<br />
* technology and threat models change all the time; tons of tools all the time<br />
* they go out of date, and it's hard to tell if it's still current<br />
* evaluation model to make sure that you are sending people to good resources<br />
* a beginning evaluation model as a trainer<br />
* basic hygiene (not putting too many things on PGP keyservers)<br />
* maintenance slot - checkin, touchup<br />
* holding people's hands more<br />
* trying to introduce this stuff. explain the tools to different people.<br />
* training one person to be a point person for a community to mitigate some of the questions. presentation skill<br />
* a good model of a hands on training. starts with the basics and carries on into the maintenance. (video?)<br />
* so many things that a trainer might not know as a trainer.<br />
* not just surveillance self-defense. example of spear-phishing. what kind of attacks you might expect from trainers.<br />
* Threat modeling alienating for people to use those tools.<br />
* "Risk assessment" instead of saying "threat modeliing"<br />
* Threat modeling as a jargon term<br />
* Tools for people who are being surveilled for the first time.<br />
<br />
'''Navigating through that. What to do when they're scared for the first time.'''<br />
<br />
* "I have no idea what the surveillance capabilities are that I should be worried about." " I don't understand what tools I should be wanting."<br />
* In that instance, there are Individuals and organizations who have better understanding than the people themselves. e.g. Reporters Committee.<br />
* Depict the landscape of surveillance backdoors.<br />
<br />
'''Mostly unknown unknowns when they're thinking about their threats. Put them in the position to own their tools, and their information.'''<br />
* Landscape discussion to bridge those two gaps.<br />
* Potential brainstorm. What are the professionals ethical duties to their clients. Ethical duties are a way to spread encryption. (e.g. bar associations, lawyers, medical professionals).<br />
* What type of tactics trainers use.<br />
* A tech event is not actually about tech. Especially if you're working with a beginner group. Information landscape exercise. Whatever form it takes. Positioning things that already maps on to the landscape and operating structure. What happens if you lose access to ___? Positioning it in a way where you're encouraging people to think about why they're using the things that they do.<br />
* Don't say "cryptoparty" -- nobody knows what it is.<br />
* Trainers<br />
* People<br />
* What tactics we've used in different contexts - Trainers<br />
* Tips on good training practices<br />
<br />
<br />
==Train trainers==<br />
<br />
<br />
* How do you become a trainer<br />
* How will you sustain it<br />
* What if this is not your main gig<br />
* How will you sustain training people as part of whatever else you're doing<br />
* To scale, you're going to have to train other people<br />
* How is that sustainable? What needs to be in place to make it sustainable?<br />
<br />
<br />
---<br />
<br />
* Talk about when these events should be, exchange contact information.<br />
* Exchange tips. Overlap with guidelines.<br />
* Connecting with people. What's an event. They'll learn how to be a trainer.<br />
* Becoming a trainer.<br />
* Refine pedagogy of what's worked for us. <br />
<br />
<br />
-----<br />
Session split up into two sessions:<br />
# how to become a trainer<br />
# refining teaching practices<br />
<br />
<br />
==Refining teaching practices==<br />
What materials helped and what didn't.<br />
<br />
Those aren't training resources. They're informational - SSD. "You're facing shit, this is what you need." Not for trainers.<br />
<br />
Very interesting that Level Up doesn't come up more. They come up as very polished. Don't feel like we can do very much with it.<br />
<br />
How to update the guides in a way that makes sense to everyone.<br />
<br />
Modifiable materials.<br />
<br />
Lots of examples of training on encryption. On full<br />
<br />
Digital society, wouldn't exist if it wasn't for Level Up.<br />
<br />
<br />
==Web resource==<br />
<br />
Meant to be a growing resources. People pick it up and modify it. No info back. Would be huge to get that.<br />
<br />
Trainings here and there.<br />
<br />
LGBT Middle East + African trainers have said the Tactical Tech stuff is too white male. Too focused on ___.<br />
<br />
Many guides are very white male.<br />
<br />
Problem of calling "threat modeling" -- very infosec-y. Using terms in different contexts.<br />
<br />
What are use cases that will come in trainings. Offering a use case.<br />
<br />
Until you can use the application. Same thing in training context.<br />
<br />
Stories of failure. Use cases. to make it sticky. Use a storytelling approach when you teach a tool. How can they avoid messing up?<br />
<br />
Groups might be in touch with human rights defenders families,<br />
* journalists, etc. - Completely unaware that they might be doing harm by open communications. Not thinking about someone looking at what they're doing in a bad way.<br />
<br />
Simple approach, not too technical approach, not too frightening. Increasing consciousness. Being careful in their communications.<br />
<br />
Real time use cases. We as trainers can learn from. Ongoing exercise.<br />
<br />
Agencies are constantly going after new tools.<br />
<br />
Using trainings as a way to organize action work. Threat landscape as trainers. Put people in a position to feed back what they're finding on the ground. Get reports back.<br />
<br />
Need for solution.<br />
<br />
'''Rating system for a lesson? How?'''<br />
<br />
'''1) Building a network'''<br />
* Network of trainers.<br />
* Informal network of contacts, Through which we can reach out. EFA.<br />
* Dangerous to centralize?<br />
* Grouping is helpful if it's really specific.<br />
* Connecting US trainers who are concerned about new people coming in.<br />
* Lots of communities facing this in other countries. Now us too.<br />
* There isn't that much focused on the United States.<br />
* This is a moment where it needs to be much more US focused.<br />
* EFA - Electronic Frontier Alliance<br />
* A website with several specific lists?<br />
<br />
'''2) Flexible materials for uploading and remixing. Teachers.'''<br />
* SSD created after PATRIOT Act as a series of guides. Relaunched by EFF's International Team. Relaunched in 2014. Tripling of traffic to the site, solely from the US.<br />
* Getting used to the idea of threat modeling without using that phrase.<br />
* This is what I understand. This is what I need to think about.<br />
* Would love to see "if you need to understand better how to do training, here's a resource called Level Up."<br />
* Complement and look at those materials. This does work, send people here. Or take some of that material and modify it for what we see is needed for people to change.<br />
<br />
Here's some ways to modify it easily and talk about SSD and piggyback out:<br />
* A page on SSD collecting the other guides that we know of. An open door. "Yes and" Pointing something for trainers. Referral for people to use.<br />
* Are people looking for trainers? How do we have a pool of trainers that we can call upon quickly?<br />
* Most trainers are coming into this as responsive to shit that's happening in their community. "My community is fucked, I need to figure this out so that I can figure out how to help my community."<br />
* What hasn't worked "here's a pool of trainers"<br />
* Trainers that are international and called upon.<br />
<br />
----<br />
<br />
'''What could trainers be better at:'''<br />
* Constantly want to be sharing notes on what is effective training.<br />
* What works instead of trainings.<br />
<br />
<br />
'''Overwhelmed point:'''<br />
* Building in breaks is really helpful.<br />
* Don't want didactic style.<br />
* Build exercises into the trainings. Collaborative and effective. Come back to the group.<br />
* Switching of the situations.<br />
* Constant learning in hierarchical fashion.<br />
* Building in to the trainings themselves.<br />
* 4 hours max.<br />
* Trainers are trained to be a facilitator of a workshop. Write the outline of the workshop. Gather the data of the group. Brought into the goals and objectives. Bring in the subject matter expert. Facilitate the process with the subject matter expert. Trainer sets the global scope of the session. Content delivery given by the hands-on of users.<br />
* It's all in person.<br />
<br />
'''Tools.'''<br />
* Prep - being really focused on knowing participants and understanding what their needs are.<br />
* If you don't have the opportunities dtod do that. Think about the exercises you can do first off so that you know it first off. Focus on needs of participants and then go into thte tools.<br />
* Teach you about this tool, or " when do you say no to using technology"<br />
* Have to have a game plan at the beginning of the room.<br />
* Have to have print outs.<br />
* Beforehand have to predict the threat modeling ahead of hand. Get them to do the threat modeling as part of the training. What they're most at risk.<br />
<br />
You're giving them a framework for them understanding what is most at-risk. What they most need to protect.<br />
<br />
We've got this database. How do we protect it. What tools are we going to use.<br />
<br />
Sometimes when giving a training, people don't know what they can get out of it. Also explain to them what we can do. So much more to that that they can apply to their everyday lives.<br />
<br />
Now that you're thinking about threat modeling, what other questions do you have. What's a third tool you can use.<br />
<br />
We try to respond to what threats people have in mind. Have question feedback before the training actually happens.<br />
<br />
What's different for a typical security training.<br />
<br />
'''Divergent paths:'''<br />
# Threat modeling<br />
# Password management, underlies a lot of other subjects<br />
# Other branches<br />
<br />
==Infrastructure==<br />
<br />
<br />
So many paths, tends to become less solid and more unplanned.<br />
<br />
Remixable modules.<br />
* How do we get people to show their remixes.<br />
* It being too polished. Confidence in terms of information you can rely on.<br />
* Training outlines.<br />
* Curriculum outlines.<br />
* On any level.<br />
* Videos for someone to watch the video. By modules.<br />
* Many small workshops for 6 or 8 meetings. Record it. Make it available for people who couldn't attend on a particular night. A zoom meeting. Everyone can share the screen. You can ask a student to demonstrate the same thing. See what mistakes they make and demonstrate in a group.<br />
* Having a trainers help desk.<br />
* Building their confidence. Having one on ones with trainers. And being able to say to people that would work. Or that wouldn't work.</div>Jucsanchhttps://devsummit.aspirationtech.org/index.php?title=Social_media_and_filter_bubbles&diff=2158Social media and filter bubbles2016-11-21T22:08:44Z<p>Jucsanch: Created page with "'''Aman:''' Two statements from FB and Google '''Zuckerberg:''' Minimized FB's role, hesitant to change policy (should not be arbiter) '''Google:''' Changed ad serving polic..."</p>
<hr />
<div>'''Aman:''' Two statements from FB and Google<br />
<br />
'''Zuckerberg:''' Minimized FB's role, hesitant to change policy (should not be arbiter)<br />
<br />
'''Google:''' Changed ad serving policy -- block spam and porn, but now also will block ad sharing that shares misinformation -- yet remains to be seen how they will operationalize<br />
<br />
We've all experience this in some way. <br />
<br />
'''Jonah:''' On heels of zuckerberg's statement, plus leaks from FB on the proposed policy change. Broadly impacted right and died because of disparity. On FB for family but watching. Had been exposed to false narratives and accepted them blindly. Most of that's on the "left" bubble. Small yet meaningful false information in feed. Even not in the depths of that world, it's very present and real. We're all subject to it. <br />
<br />
'''Aman:''' Difference between left and right on this issue.<br />
<br />
'''Cathy:''' Fellow at Buzzfeed. project is filter bubbles. People talk about filter bubbles in political context. Those kinds of echo chambers are symptoms of deeper divides. Class. Age. race. Geography (rural vs urban). How to think beyond the political spectrum but think about how to encounter someone not from your class, etc. <br />
<br />
'''David:''' <NPR's relianace on FB; FB paying media companies to create content><br />
<br />
'''Michael:''' Relatives all over and see the effects of this. Isn't a plot from FB, every time someone unfriends there's a drive to self-select. It's a problem outside social media. The collapse of shared, respected trusted institutions. If FB and Google start vetting what's false, that becomes another arbiter people don't trust.<br />
<br />
'''Laura:''' Does NPR have to produce certain kind of content...<br />
<br />
...<br />
<br />
'''Jonah:''' Power analysis of filter bubbles. Feel powerless as individuals. How can we re-empowered?<br />
<br />
'''Laura:''' How does one do that? Do you friend people you don't agree with?<br />
<br />
'''Aman:''' UX dictates so much of content. The primary form of engagement is like button. FB's algorithm uses that. You're more likely to thumbs up stuff you with agree with. There's no down thumb. If there was you might be able to see content you don't agree with. We would like content sharing platforms to show us subjects of interest to us (e.g. intl development... or cats). What it is in fact doing is showing you opinions you agree with. What FB and we can do is diversifying types of reactions you can have. Understanding that way we interface needs to be more diverse.<br />
<br />
'''Michael:''' What do reactions added mean? Are they any different? <br />
<br />
'''Aman:''' Adoption is still very low. Takes more clicks and time to change reaction. Most of other well-used reactions are positive ones. Hearts and thumbs up.<br />
<br />
'''Sasha:''' Distance and timezone affects what you see. Hasn't been a lot of constructive discourse across political spectrum irl or on social media. You're curating content for people you know and trust. It can happen at broader level. What would happen if it was done more thoughtfully? How do we make it work like what works irl? A lot of people are not engaged at all. What effect does this have on disaffectation? Does it turn people off to being civically engaged? Either you check out totally, or you're overexposed.<br />
<br />
'''Cathy:''' How does it affect discourse in general? There's more understanding now about how feedback loops feed into how these work (things that are liked more get shown more). More subtle distortions. Posting on social media favors certain kinds of content. Certainty. Arrogance. Disadvantages ambivalence. Few people are going to post their admibvalent thoughts. there's a fdistrotion because of that. Feels like people are very certain. You don't see. <br />
<br />
'''David:''' Post ambivalence and trolls come out.<br />
<br />
'''Jonah:''' Opens up paths of resistance and ease. It's this game system. You don't win likes with ambivalence. Are there specific practices around disrupting that system? Can you get likes in a different way? Can you use the tools and not buy into that paradigm? Job as organizers is to put out content that doesn't cleave to the system. Does that content disappear or stick around? Can we make the algorithm fail. <br />
<br />
'''Cathy:''' Security researcher interviewed talking about what is realistic for people to do. Not realistic to abandon facebook or encrypt everything. Just search for random stuff. Very actionable for an individual. You can control what they're collecting about you. Add random noise.<br />
<br />
'''Sasha:''' Not even that many people are going to be that intentional about it. Most people see facebook was place to to connec tw families and friends. Tough to get people to regulate own behavior.<br />
<br />
'''Aman:''' One way to focus conversation -- what could a group like us do? Or put pressure on them to change? What can we do to affect FB that influence way FB operates. What do we expect out of FB? A certain amount of the problem is us. We are a little bit of the problem. Like bite sized opinoins. Not complexity. Not long pieces. One button was a popular thing for a reason. Whod ecides what is misinformation? If we ask google to do that, it's giving them a lot of power. If it's corwdsourcing, the crowd could come up with crazy answers too (e.g. creationism). Which parts are worth exploring further? If you were to create an organization what would it look like?<br />
<br />
'''Sasha:''' There are models. If FB is a media aggregator, there's rules there. FB has done that for hate speech. How do we regulate? WE have models to draw from.<br />
<br />
'''Jonah:''' That's where power analysis is useful. Exploitable power dyanmic. There's leverage with news oeganizations. News orgs pushing for editorial standards. They need those partnerships. This is enabling their stance as "We're not a media organization, we just aggregate". Less for individiauls.<br />
<br />
'''Sasha:''' Could be individuals... Free basics was resisted effectively in India. Won a net neutrality battle. Comedians being funny. <br />
<br />
'''D:''' What was medium for resistance?<br />
<br />
'''Sasha:''' MEdia coverage of resistancne.<br />
<br />
'''Aman:''' Whatapp <br />
<br />
'''Laura:''' The kind of roganization we need is to get celebrities and famous folks and get them to speak out because people pay attention and. Friend voted for trump, paert of reasons he cited -- trust him more as businessman, couldn't trust Hilary. the way media covers makes a big difference. <br />
<br />
'''Aman:''' Sasahs's exmplaae good Hundreds of millions of people gave up something potentially really attractive. <br />
<br />
'''Sasha:''' Snobby techie in city is naother thing.<br />
<br />
'''Aman:''' Where's analog there in terms of filter bubbles?<br />
<br />
'''Laura:''' Way things are so data driven... creating convenience; people value the convenience over privacy. <br />
<br />
'''Jonah:''' The accuracy of the content isn't part of the value propositison for FB. Pictures of cats and news... giving up cats for something nuanced might not meet motivations of why people are there.<br />
<br />
'''Laura:''' Do most people get their news from social media?<br />
<br />
'''Aman:''' Twitter, maybe not FB. No TV. It's what people are sharing. No way to map how diverse my content feed is.<br />
<br />
'''Sasha:''' Go onto FB and tons of people share that's helpful. <br />
<br />
'''David:''' Mattered a lot to friends, that's powerful.<br />
<br />
'''Jonah:''' But does it matter? Does it really mean it matters? But maybe not happening? How do we make it this is meaningful, not just a lot of people liked this or saw it?<br />
<br />
'''Aman:''' Lots of good things for content sharing. Now anyone can be a journalist. Has good and bad to it. Before how do we have lots of contributors? Now: how do we curate? How do we avoid bubbles of that content? These are new problems. Don't want FB or google to choose my content. Lots of small choices they make that can make a huge difference in the content being shared. One that we <br />
<br />
'''David:''' Dissect how the aLORIGHTM WORKS? <br />
<br />
'''Sasha:''' Would have to be big, lots of players benefit.<br />
<br />
'''Jonah:''' Solutions have to be distributed. Must compare what everyone sees. Dig into HTMl source. Is there enough ID and timestamping to do comparisons. That's how you could uncover the algorithms. Other aves: whistleblowers, getting source code, putting pressure in other ways. That's all we have -- what everyone sees. That's big infrastructure project. May be some vested interests with resources to focus on that. How do we make transparent network effects? Doesn't have to be perfect, just has to create pressure to be transparent or make changes.<br />
<br />
'''Aman:''' We could put resources like that together. Does API have information? FB could shut you down. How long before FB just says no, stop this.<br />
<br />
'''Jonah:''' Looking at HTML source critical. <br />
<br />
'''Noah:''' Chrome extension.<br />
<br />
'''Sasha:''' Get / download your data. Have people submit it. Would throw out: what does that fair alogirhm look like? What are you left with if you get rid of biases?<br />
<br />
'''Jonah:''' Like-only input is very thing. <br />
<br />
'''Aman:''' Makes a difference what you're optimizing for. Likes is different from optimizing for information about a subject. e.g. vs. agreement. But likes are low hanging fruit and it's a business decision.<br />
<br />
'''Laura:''' Have you considered and does exact opposite of what facebook does? Feed you something that's the opposite of what you believe. Yu'd need to opt in but some awareness could be useful. <br />
<br />
'''Sasha:''' ...<br />
<br />
'''Michael:''' It's also about facts. E.g. the president is from Kenya. <br />
<br />
'''Aman:''' Misinformation and filter bubbles are seprate issues. Ideally. <br />
<br />
'''Noah:''' And you need an arbiter of truth in that situation.<br />
<br />
'''Jonah:''' Is fact checking am odel that helps? Is that a model that scales up? <br />
<br />
'''Sasha:''' See a little meter. <br />
<br />
'''David:''' Google's fact check metadata<br />
<br />
'''Michael:''' Needing institutions. Flagging certain groups/people. But that goes back to not having faith in those organizations.<br />
<br />
'''Cathy:''' Fundamentally about trust. How much does fact-checking work if people don't trust fact-checking? How do you build that?<br />
<br />
'''Aman:''' Right fact checker. <br />
<br />
'''Sasha:''' Coalition/partnerships e.g. right wing and left wing media<br />
<br />
'''Jonah:''' Has 4th estate lost trust? <br />
<br />
'''Noah:''' fundamental thing we're seeing with social media and internet is leveling of trust/status between indivudals and institutions. It's a more equal playing field. <br />
<br />
'''Michael:''' Comes back to trust. There's a safe place for people to go. Feels safe to go to FB. Can post with condifence and anonymity. <br />
<br />
'''Jonah:''' Question fo algorithmic transparency. Transparency is how we build trust in institutions. <br />
<br />
'''Sasha:''' ??<br />
<br />
'''Aman:''' algos and machine learnings has made that very difficult. How can independent orgs review algos? That's not been feasible. Inputs and outputs... we can't dissect but we can see inputs and outputs. What are regulatory orgs? What expertise do they have? Esp compared to FB (the experts).<br />
<br />
The world isn't really trusting experts anymore.<br />
<br />
'''Sasha:''' There is more scholarship in this area. Who designed? How is it biased?<br />
<br />
'''Noah:''' Haven't talked about media literacy at all yet. Are efforts in that direction successful?<br />
<br />
'''Sasha:''' Next thing you know we need to be investing public education.<br />
<br />
'''Jonah:''' Hoping we'd get to is how do we build movements in an echo chamber? Clients are speaking to bubbles. Media literacy for communications professionals in movements. Produce two sets of content with different.</div>Jucsanchhttps://devsummit.aspirationtech.org/index.php?title=Collaborative,_secure,_open_source_tools_to_help_run_your_office&diff=2157Collaborative, secure, open source tools to help run your office2016-11-21T21:54:16Z<p>Jucsanch: Created page with "==Needs overview== * document sharing * collaborative editing * real time editing/collab * ease of document organization * storage * and document retrieval * share arbitrary f..."</p>
<hr />
<div>==Needs overview==<br />
* document sharing<br />
* collaborative editing<br />
* real time editing/collab<br />
* ease of document organization<br />
* storage<br />
* and document retrieval<br />
* share arbitrary files<br />
* file and link sharing ability<br />
* uploading images<br />
* tracking changes<br />
* meta discussion about the file (commenting)<br />
* good formatting of text<br />
* BACKUPS (a failing of the hackpad/etherpad/pitratepad variants)<br />
* Cross Platform!<br />
<br />
==NOTES:==<br />
'''what is secure.'''<br />
: secure against unauthorized access<br />
<br />
'''what is the importance of "trusted infrastructure" '''<br />
: trusted, meaning transparant auditable accountable<br />
<br />
* what is the difference between private, anon and secure and how does that change what is needed<br />
<br />
* there's a tension between what is needed and what we are trying to define: are we replacing google drive/docs<br />
<br />
* are we talking about anon participation within a defined group<br />
<br />
* are we attempting to get out info quick in a private way<br />
<br />
* some thoughts about platforms that are internally facing or external and what about handling the need for constant context shifting (storage system vs messaging vs realtime editing). In an ideal world there would be a need for fewer tools but was fully featured enough to meet these various needs.<br />
<br />
* also a thought about long term life of data, how to make data vanish after a time<br />
<br />
* messaging and documents, should they be integrated, if so to what extent<br />
<br />
* where does email fit into the mix? has it outlived it's time?<br />
<br />
* Jamila admitted that even though they are an expert in this that they have been emailing ideas to Lisa instead of using any collaborative editing tool<br />
<br />
'''Summary'''<br />
* attempt at summarizing what we are really talking about<br />
* word processing<br />
* messaging<br />
* project management<br />
* file storage<br />
* (calendaring)<br />
<br />
<br />
==What is out there:==<br />
<br />
'''Cryptpad, cryptpad.fr'''<br />
: like etherpad but is 0 knowledge on the server itself because all data is encrypted and keys live on local browser. must use it from the same browser<br />
<br />
'''Onlyoffice.org'''<br />
: built in latvia, recently opensourced. includes a CRM and calendar system (is this too good to be true). many different options from pay for to host yourself. Based in HTML5<br />
<br />
'''Open365.io'''<br />
: (seems like it might be dead but looks like a good idea from their documents)<br />
<br />
'''libreoffice'''<br />
: is working on various tools so that online systems (ownclowd for example) can be edited using a familiar interface [note nextcloud is a fork of owncloud]<br />
<br />
'''HACKPAD'''<br />
:has been purchased by Dropbox so its future is hazy<br />
<br />
'''Others'''<br />
* zarafa.com<br />
* stickies.io<br />
* cynapse.com<br />
* group-office.com<br />
* fengoffice.com<br />
* egroupware.org<br />
<br />
<br />
'''Simplenote (new tool)'''<br />
: document storage system owncloud or nextcloud<br />
<br />
'''NEED to research licenses or the various tools!'''<br />
<br />
* for spreadsheets<br />
** EtherSheet and EtherCalc both are usable but not great<br />
<br />
*this will be working on overtime at<br />
** ecl.gy/officetools</div>Jucsanchhttps://devsummit.aspirationtech.org/index.php?title=Certificates_for_your_website_through_Let%27s_Encrypt&diff=2133Certificates for your website through Let's Encrypt2016-11-18T19:19:08Z<p>Jucsanch: Created page with "Let's encrypt is a free certificate authority, and is run by a non-profit called Internet Security Research Group (501c3) ISRG was created by EFF, Mozilla and The Uni of Mich..."</p>
<hr />
<div>Let's encrypt is a free certificate authority, and is run by a non-profit called Internet Security Research Group (501c3)<br />
<br />
ISRG was created by EFF, Mozilla and The Uni of Michigan<br />
<br />
* Why https is important?<br />
* Why it's annoying?<br />
* What is a cert and a cert authority?<br />
* How to get one?<br />
<br />
==What is https==<br />
<br />
A certificate does not protect from hacking<br />
<br />
Analogy is that if you get a tetanus shot you can still get the flu. Whole the tetanus shot is important it isn't a panacea<br />
This is the same for internet security<br />
<br />
https is focused on preventing eavesdropping and protecting the integrity of the communication, eg when someone downloads something from your site they can be sure that what they download is what your site offers.<br />
<br />
<i>Question: How can someone actually eavesdrop? </i><br />
answer: People can attack your connections, and if the attacker is on the path between user and webserver the connection is vulnerable. So if someone hacks the wifi router, they can redirect your connections to a different site.<br />
<br />
<i> Question: There used to be verification of who a certificate is given to, this is not part of the Let's Encrypt Certificate Authority. In general there is less verification now. </i><br />
<br />
Answer: Originally the certificate authority was supposed to confirm your identity as an organization. This got eroded from originally checking government documentation, but later the norm was "domain verification", i.e. checking that you are the actual owner of the website. Some certificates still check peoples identity, which is now called EV, Extended Verification. Let's Encrypt only does Domain Verification. EV is expensive because the cert authority basically has to call the organization to confirm identity.<br />
Downsides of EV:<br />
* It can't be automated and therefore it's expensive (and possibly not effective)<br />
* If you don't have a legal organization EV doesn't really work.<br />
<br />
Let's encrypt does everything automatically, but thus only does Domain Verification (DV), which means it scales well and marginal costs are low. Also it is good for informal websites, anonymous websites etc.<br />
<br />
== What is LE ==<br />
<br />
* Automated, cheap certification<br />
* Cannot tell whether a site is a phishing site. Can only verify that the certificate owner also controls the domain.<br />
<br />
<br />
== What LE certificates do ==<br />
<br />
The certificate authoruty checks that the certificate owner also controls the domain, and that the encryptioon key is OK for communciations with the domain.<br />
An attacker executing a phishing attack would need to trick the user into using the wrong encryption key, and the certificate authority says that the encryptioon key is the correct key for the certificate owner.<br />
<br />
LE does not verify anything about what the site does or who they are.<br />
<br />
The certificate contains a public key which is used to exchange a secret session key which is then used to encrypt communications.<br />
<br />
Each browser contains a root CA list, which is a list of certificate authorities that the browser trusts to hand out certificates. Browsers try to have the same criteria for root CA lists, but technically each browser has different lists, but the hope is that the lists are the same.<br />
<br />
<i>Question: How many certificate authorities are there </i><br />
<br />
Answer: There are around 600 cert authorities, but that does not include designated authorities, but it isn't completely cler when something is a certificate authority. There are many certificate authorities meaning that any of these 600+ authorities can issue a certificate for any domain, that could then be used for an attack.<br />
<br />
<i>Question: How to protect from an ISP</i><br />
<br />
Answer: HPKP allows a site to say that they will use a specific encryption key, such that the browser remembers this encryotioon jey, biut that has negative effects, insofar as if you lose your key you cannot change to a new one.<br />
<br />
<i>Questions: What is the effect of AJAX sites (reactjs etc) where more code is in the browser</i><br />
<br />
Answer: https should protect the user regardless of whether the code is on the browser or not, since it still encrypts traffic from the browser to the server.<br />
<br />
LE is the largest cert authority in the world, but mostly has issued certs to smaller sites (compared to large sites like facebook and google etc).<br />
<br />
Alternatives to OpenSSL: Google BoringSSL. OpenSSL is a old and complicated codebase that doesn't get verified very often.<br />
<br />
LE certs only have 3 month validity and also does not offer wildcard certs, eg *.donainname.tld<br />
<br />
<br />
<br />
== The limitations of https ==<br />
<br />
* If someone can take over your domain name or servers temporarily they can get a cert for the domain that they could use later for a an attack.<br />
* It cannot protect from hacking, but it will protect you from people snooping your password via a wifi router.<br />
** Firesheep was/is a tool that is a sniffer that is very simple to use to take ver peoples social media accounts. The tool snifs the network traffic via the wifi access point and steals peoples authentication cookies for popular social network tools. Firesheep helped force the social media networks to enable https<br />
* There are still attacks that allow someone who controls the local network to redirect your browser request to a different website than the intended site. If you don't type https in front of your domain name in the browser this attack can redirect you before the intended site redirects you to the ssl version of their site.<br />
**HSTS protects from these attacks.<br />
<br />
Conclusion is that one technology can protect you from specific attacks, but new subtle attacks often show up.<br />
<br />
<br />
== How does LE work? ==<br />
Certbot is an EFF tool that takes care of a lot of this for you in automated ways. It can download and install the certificate directly into your webserver configuration<br />
To get a cert on your site you need:<br />
# If you have root access You need software that talks to the cert authority and proves you own the domain and downloads the cert and installs it.<br />
# If you have a hosting provider they could integrate lets encrypt, and from then on it is very simple.<br />
# Browser-based clients exist that are similar to the experience of traditional CA's, where you can order a cert and then install it manually.<br />
<br />
There are also many other server-side tools that provide different levels of automation. Certbot trys to edit the webserver config, which some users love, but others are annoyed by. Automatically editing a configuration can have reliability issues of the config editing breaks. Ther are less automatic tools for those users who do not want the tool to edit configs.<br />
<br />
https://certbot.eff.org/<br />
<br />
Let's encrypt certificates are only valid for 3 months, and if you use certbot then you can easily renew automatically. If you use the browser-absed client you have to perform some manual steps every 3 months.<br />
<br />
The 3 months limitation is because LE cannot easily verify that a domain has been transferred and therefore the cert should be revoked. In lieau of revocation, short validity reduces the impact of this problem. The limitation also makes it more important for users to automate renewals so that they don't "forget" to renew.<br />
<br />
<i>Question: Does LE revoke.</i><br />
<br />
Answer: LE should revoke if they know that there has been a private key compromise, or that a cert has been misissued they can revoke.<br />
<br />
== How is LE funded ==<br />
<br />
Mostly by large companies who generally want the Internet to be better.<br />
There's also a crowd funding campaign now.<br />
<br />
== Protecting from attacks for web developers ==<br />
<br />
OWASP is a website that lists vulnerabilities that could hot websites and that web developers should be aware of.<br />
<br />
Capture the Flag contests are competitions that happen around the world with the intent to hack various systems as a competition.<br />
* Winning teams are often eastern european teams<br />
* Teams of grad students from us universities are also strong</div>Jucsanchhttps://devsummit.aspirationtech.org/index.php?title=Security_tools&diff=2127Security tools2016-11-17T22:33:08Z<p>Jucsanch: </p>
<hr />
<div>==Why are you here?==<br />
* mobile security high priority because access by marginalized community<br />
* international organization<br />
* learn<br />
* check biases in thinking about <br />
* concerned about chilling effects of surveillance<br />
* sudden demand for training<br />
* how to layer awareness on top of sudden demand for tools<br />
* share insights from digital defense, make widely useful<br />
* integrate security into digital literacy<br />
* find right tools for different communities with different levels of comfort with technology<br />
* increased attacks on Middle Eastern and South Asian – track incidents and co-ordinate response<br />
* surveillance going to affect some more than other – those directly affected make the best trainers<br />
* how to co-ordinate response to sudden demand<br />
<br />
==Who are we centering?==<br />
<br />
Different communities are already affected very differently by current surveillance and lack of privacy, but post US election the impact on different communities will likely be even more differentiated.<br />
<br />
Lots of vulnerable communities that are under attack e.g. trans women of color are going to be under even greater attack. Not specific tech needs but generally extreme duress.<br />
Organizers are using Facebook but are likely to be targeted. FB is where people are.<br />
Brainwashing songs, kids and old people affected by propaganda – develop tools to block propaganda from our own lives – people who are especially vulnerable to messaging e.g. youth and elders – how can they block the messages.<br />
Reproductive justice organizations – fears of what is going on with actual current security needs. Govt can defund and make work illegal but also growing threat of alt right with tech knowledge. Balancing trade-offs between what is needed now and (responding to) changing landscape.<br />
In African American communities (Harlem) and immigrant communities, conspiracy theories by law enforcement (to justify) targeting people.<br />
Registers of people.<br />
<br />
Don’t forget that this has been a surveillance state and some people have felt for a while, Muslims Sikhs [irony] because who knows the difference? [/irony],<br />
Anyone resisting mass deportations e.g. by sheltering people.<br />
Long term banality of evil – traveling in and out of country is going to get that much harder.<br />
Undoc people who have been involved hard tactics.<br />
Early warning for mass deportations but people organizing it have to communicate.<br />
Lots of groups talking about extremely unrepresented in tech and even more so security space. Techies – lets not center ourselves.<br />
<br />
==What are our priorities?==<br />
<br />
Only the people who are affected know what is most important to them, they don’t know what the state can do and what tools can help.<br />
<br />
<i>Conversation: What are you most worried about? What is your relationship with technology?</i><br />
<br />
Threat modeling? Need to understand people you want to help. Bi-directional exchange. What threat models do people have? How can they figure out, what assets do you want to protect? Who are your adversaries? What kind of threats do they pose? What are trade-offs?<br />
<br />
Position the community as experts. Some critique of “threat modeling” as militaristic. What is framework that community is already using. Facilitate conversation in a way that is in line with what they have and want. If part of the community then can get <br />
Ela Galprin of EFF talks about this – I want to be safe, ok, what are you worried about? Does anything concern you?<br />
<br />
'''Risk assessment and harm reduction'''<br />
<br />
Question: What is the current state of curriculum and training and training for trainers? This should be a separate session.<br />
<br />
Appreciative Inquiry:<br />
what is going well, what support could you use? But this is high touch especially with non English speakers. How could this be transformed into visual flow, if this then that <br />
that can scale and be used to train people especially<br />
<br />
How to talk about non threats? Should we just be paranoid all the time?<br />
<br />
Threat of incapacitating blanket paranoia, one advantage of threat modeling is start off paranoid and end with specifics<br />
<br />
Framework for sorting to their own priorities.<br />
<br />
What can people do that is offline – non technical.<br />
<br />
How to use this moment to recruit allies and get allies to do something that will actually help for example getting people to encrypt to increase traffic.<br />
<br />
What is happening right now is not working. Lots of resources but not reaching people who need it.<br />
<br />
<br />
Center for disease control has good model for communicating information into different communities – e.g. wash your hands, wear a mask<br />
<br />
Session: simple poster with high level security principles e.g. 5 steps everyone can do to better protect themselves and friends <br />
<br />
<br />
==What is success?==<br />
<br />
Adjectives describing success:<br />
<br />
semblance of normalcy with reduced harm, seamless and integrated, habitual and normalized, personal awareness motivated, inclusive and holistic, feelings of futility amongst surveillance adversaries, normalized and distributed, commune place, connecting now dividing, sustainable and affordable, just, empowering not frightening, hella easy</div>Jucsanchhttps://devsummit.aspirationtech.org/index.php?title=2016_Agenda&diff=21262016 Agenda2016-11-17T22:21:25Z<p>Jucsanch: /* Thursday Breakout Session I */</p>
<hr />
<div>Aspiration events are first and foremost convened to strengthen the ties and social networks of technology practitioners in the non-profit/non-governmental sectors.<br />
<br />
The #npdev session list is co-developed with participants, facilitators, and partners in the time leading up to and during the Festival. We strongly encourage you to join in the fun at this unique and interactive gathering!<br />
<br />
The agenda is designed and facilitated using Aspiration's unique participatory model, in an environment where powerpoint slides are discouraged and dialog and collaboration drive the learning.<br />
<br />
Our philosophy centers around getting participants into small-group discussions where they can discuss topics they are passionate about and get answers to their questions and curiosities. Sessions at Aspirations have particular traits; we de-emphasize presentations and lecture, and instead focus on "break-out" sessions that are self-organized whenever possible .<br />
<br />
= Wednesday November 16 =<br />
<br />
== Opening Circle ==<br />
<br />
<br />
== Nature Walk ==<br />
<br />
<br />
== Story Telling ==<br />
<br />
<br />
== Agenda Mosh Pit ==<br />
<br />
<br />
== Wednesday Breakout Session I ==<br />
<br />
* [[Social media and filter bubbles]] - Aman (Note Taker - David)<br />
* [[How to successfully recover from large-scale doxxing or trolling]] - Adria (Note Taker - Ben)<br />
* [[Trump Watch database]] - Pratap (Note Taker - George)<br />
* [[Mapping threats over next four years]] - Rainey (Note Taker - Scott)<br />
* [[Tools for engaging with congress]] - Max (Note Taker - Matt)<br />
* [[Intersection between organizational goals and actions against Trump]] - Anya (Note Taker - Ajay)<br />
* [[What does effective leadership look like?]] - Dirk (Note Taker - Nick)<br />
* [[The revolution will not be optimized]] - Scott (Note Taker - Jay)<br />
* [[Collaborative, secure, open source tools to help run your office]] - Lisa (Note Taker - Erick)<br />
* [[Digital humanitarian response]] - Willow (Note Taker - Mike)<br />
* [[Security tools]] - Jack (Note Taker - Andrew)<br />
<br />
== Wednesday Breakout Session II ==<br />
* [[The role of art]] - Kristine (Note Taker - Chris)<br />
* [[Data literacy]] - Heather (Note Taker - Ajay)<br />
* [[How to use licenses]] - Andrew (Note Taker - Brian)<br />
* [[Mobile and Internet of Things (IOT) security]] - Norman (Note Taker - Lisa)<br />
* [[Connecting communities with services]] - Greg (Note Taker - Willow)<br />
* [[Role of youth in movements]] - Jay (Note Taker - Noah)<br />
* [[Propaganda posters for good]] - Ruth<br />
* [[Direct actions]] - Austin (Note Taker - Matt)<br />
* [[Communications architecture in political systems]] - Tomas (Note Taker - Jay)<br />
<br />
=Thursday, November 17=<br />
<br />
== Thursday Breakout Session I ==<br />
<br />
* [[Backdrop]] Jack<br />
* [[CiviCRM Demo]] Neil<br />
* [[To wireframe or not to wireframe]] Sarah<br />
* [[Whistleblowing and dissent]] Scott (Note Taker - Pratap)<br />
* [[Certificates for your website through Let's Encrypt]] Seth (Note Taker - Thomas)<br />
* [[Financial markets and divestment]] Brian (Note Taker - Logan)<br />
* [[Building personas]] Kristine (Note Taker - Steve)<br />
* [[Workflows at nonprofits]] Beatrice<br />
* [[Product management]] Matt<br />
* [[Surveillance Self Defense]] Bill<br />
* [[How to create passwords]] George<br />
* [[Lifecycles of websites]] Grant<br />
<br />
==Thursday Skillshare ==<br />
* [[2016 Skillshare Topics]]<br />
<br />
==Farmers Market==<br />
<br />
== Thursday Breakout Session II ==<br />
<br />
=Friday, November 18=<br />
<br />
== Friday Breakout Session I ==<br />
<br />
<br />
<br />
== Friday Science Fair ==<br />
<br />
* [[2016 Science fair topics]]<br />
<br />
== Friday Breakout Session II ==<br />
<br />
<br />
== Friday Breakout Session III ==</div>Jucsanchhttps://devsummit.aspirationtech.org/index.php?title=2016_Agenda&diff=21252016 Agenda2016-11-17T22:16:22Z<p>Jucsanch: /* Thursday, November 17 */</p>
<hr />
<div>Aspiration events are first and foremost convened to strengthen the ties and social networks of technology practitioners in the non-profit/non-governmental sectors.<br />
<br />
The #npdev session list is co-developed with participants, facilitators, and partners in the time leading up to and during the Festival. We strongly encourage you to join in the fun at this unique and interactive gathering!<br />
<br />
The agenda is designed and facilitated using Aspiration's unique participatory model, in an environment where powerpoint slides are discouraged and dialog and collaboration drive the learning.<br />
<br />
Our philosophy centers around getting participants into small-group discussions where they can discuss topics they are passionate about and get answers to their questions and curiosities. Sessions at Aspirations have particular traits; we de-emphasize presentations and lecture, and instead focus on "break-out" sessions that are self-organized whenever possible .<br />
<br />
= Wednesday November 16 =<br />
<br />
== Opening Circle ==<br />
<br />
<br />
== Nature Walk ==<br />
<br />
<br />
== Story Telling ==<br />
<br />
<br />
== Agenda Mosh Pit ==<br />
<br />
<br />
== Wednesday Breakout Session I ==<br />
<br />
* [[Social media and filter bubbles]] - Aman (Note Taker - David)<br />
* [[How to successfully recover from large-scale doxxing or trolling]] - Adria (Note Taker - Ben)<br />
* [[Trump Watch database]] - Pratap (Note Taker - George)<br />
* [[Mapping threats over next four years]] - Rainey (Note Taker - Scott)<br />
* [[Tools for engaging with congress]] - Max (Note Taker - Matt)<br />
* [[Intersection between organizational goals and actions against Trump]] - Anya (Note Taker - Ajay)<br />
* [[What does effective leadership look like?]] - Dirk (Note Taker - Nick)<br />
* [[The revolution will not be optimized]] - Scott (Note Taker - Jay)<br />
* [[Collaborative, secure, open source tools to help run your office]] - Lisa (Note Taker - Erick)<br />
* [[Digital humanitarian response]] - Willow (Note Taker - Mike)<br />
* [[Security tools]] - Jack (Note Taker - Andrew)<br />
<br />
== Wednesday Breakout Session II ==<br />
* [[The role of art]] - Kristine (Note Taker - Chris)<br />
* [[Data literacy]] - Heather (Note Taker - Ajay)<br />
* [[How to use licenses]] - Andrew (Note Taker - Brian)<br />
* [[Mobile and Internet of Things (IOT) security]] - Norman (Note Taker - Lisa)<br />
* [[Connecting communities with services]] - Greg (Note Taker - Willow)<br />
* [[Role of youth in movements]] - Jay (Note Taker - Noah)<br />
* [[Propaganda posters for good]] - Ruth<br />
* [[Direct actions]] - Austin (Note Taker - Matt)<br />
* [[Communications architecture in political systems]] - Tomas (Note Taker - Jay)<br />
<br />
=Thursday, November 17=<br />
<br />
== Thursday Breakout Session I ==<br />
<br />
* [[Backdrop]] Jack<br />
* [[CiviCRM Demo]] Neil (Note Taker -<br />
* [[To wireframe or not to wireframe]] Sarah<br />
* [[Whistleblowing and dissent]] Scott (Note Taker - <br />
* [[Certificates for your website through Let's Encrypt]] Seth<br />
* [[Financial markets and divestment]] Brian<br />
* [[Building personas]] Kristine<br />
* [[Workflows at nonprofits]] Beatrice<br />
* [[Product management]] Matt<br />
* [[Surveillance Self Defense]] Bill<br />
* [[How to create passwords]] George<br />
* [[Lifecycles of websites]] Grant<br />
<br />
==Thursday Skillshare ==<br />
* [[2016 Skillshare Topics]]<br />
<br />
==Farmers Market==<br />
<br />
== Thursday Breakout Session II ==<br />
<br />
=Friday, November 18=<br />
<br />
== Friday Breakout Session I ==<br />
<br />
<br />
<br />
== Friday Science Fair ==<br />
<br />
* [[2016 Science fair topics]]<br />
<br />
== Friday Breakout Session II ==<br />
<br />
<br />
== Friday Breakout Session III ==</div>Jucsanchhttps://devsummit.aspirationtech.org/index.php?title=Security_tools&diff=2124Security tools2016-11-17T21:15:32Z<p>Jucsanch: Created page with "=Why are you here?= * mobile security high priority because access by marginalized community * international organization * learn * check biases in thinking about * concerned..."</p>
<hr />
<div>=Why are you here?=<br />
* mobile security high priority because access by marginalized community<br />
* international organization<br />
* learn<br />
* check biases in thinking about <br />
* concerned about chilling effects of surveillance<br />
* sudden demand for training<br />
* how to layer awareness on top of sudden demand for tools<br />
* share insights from digital defense, make widely useful<br />
* integrate security into digital literacy<br />
* find right tools for different communities with different levels of comfort with technology<br />
* increased attacks on Middle Eastern and South Asian – track incidents and co-ordinate response<br />
* surveillance going to affect some more than other – those directly affected make the best trainers<br />
* how to co-ordinate response to sudden demand<br />
<br />
=Who are we centering?=<br />
<br />
Different communities are already affected very differently by current surveillance and lack of privacy, but post US election the impact on different communities will likely be even more differentiated.<br />
<br />
Lots of vulnerable communities that are under attack e.g. trans women of color are going to be under even greater attack. Not specific tech needs but generally extreme duress.<br />
Organizers are using Facebook but are likely to be targeted. FB is where people are.<br />
Brainwashing songs, kids and old people affected by propaganda – develop tools to block propaganda from our own lives – people who are especially vulnerable to messaging e.g. youth and elders – how can they block the messages.<br />
Reproductive justice organizations – fears of what is going on with actual current security needs. Govt can defund and make work illegal but also growing threat of alt right with tech knowledge. Balancing trade-offs between what is needed now and (responding to) changing landscape.<br />
In African American communities (Harlem) and immigrant communities, conspiracy theories by law enforcement (to justify) targeting people.<br />
Registers of people.<br />
<br />
Don’t forget that this has been a surveillance state and some people have felt for a while, Muslims Sikhs [irony] because who knows the difference? [/irony],<br />
Anyone resisting mass deportations e.g. by sheltering people.<br />
Long term banality of evil – traveling in and out of country is going to get that much harder.<br />
Undoc people who have been involved hard tactics.<br />
Early warning for mass deportations but people organizing it have to communicate.<br />
Lots of groups talking about extremely unrepresented in tech and even more so security space. Techies – lets not center ourselves.</div>Jucsanchhttps://devsummit.aspirationtech.org/index.php?title=Digital_humanitarian_response&diff=2123Digital humanitarian response2016-11-17T19:08:34Z<p>Jucsanch: </p>
<hr />
<div>'''How can we build back better after a crisis?'''<br />
* We want our data to map reality.<br />
* Most organizations can't handle massive influx of new volunteers.<br />
* Volunteers need to be nurtured and be told that they are appreciated.<br />
* Crisis response doesn't happen in a political vacuum.<br />
* There are ethical concerns that come up when you are tracking personal data.<br />
'''What are recipes for crisis response that people have been a part of?'''<br />
* People who live in a location are the first responders.<br />
'''Is there a data flow between first responders and people who come next?'''<br />
* There aren't good standards for different organization to coordinate their responses.<br />
* There are different phases in a crisis with different goals and organizations.<br />
* Circumstances are very different for each crisis.<br />
* Effectiveness of people's contributions very greatly, often depending on their goals.<br />
'''Is remote help really effective?'''<br />
* You need to have a structure for onboarding to capture crowds of volunteers.<br />
'''Do you have your problems broken down into microtasks for individual to tackle?'''<br />
* People often recreate the wheel and try to build new apps for each crisis.<br />
'''How does your work span across multiple crisises? Can you harness interest to build capacity?'''<br />
'''How to build local capacity that can drive response?'''<br />
* Humanitarian Exchange Language provides common column headers.<br />
* Katmandu Living Labs was a local group founded by the World Bank.<br />
* Public Labs does environmental justice data work.<br />
* Crisis Cleanup is a data clearinghouse to share knowledge between orgs.<br />
* Lots of activist practices can help with resilience.<br />
* NERT is a good local org working to get people prepared for a disaster in SF.<br />
<br />
=Possible focus areas:=<br />
* Microtasking / Bug Fixing<br />
* How do you make your tool/organization resilient (or even useful) is a crisis?<br />
* Prep work: who will benefit from your data, and how do you get it to them?<br />
* Explore and build the ecosystem map (scenario mapping)<br />
* Communications plans to public<br />
* Handbook sprint?</div>Jucsanchhttps://devsummit.aspirationtech.org/index.php?title=Digital_humanitarian_response&diff=2122Digital humanitarian response2016-11-17T19:07:46Z<p>Jucsanch: Created page with "Surge in attention around crisis '''How can we build back better after a crisis?''' * We want our data to map reality. * Most organizations can't handle massive influx of new..."</p>
<hr />
<div>Surge in attention around crisis<br />
'''How can we build back better after a crisis?'''<br />
* We want our data to map reality.<br />
* Most organizations can't handle massive influx of new volunteers.<br />
* Volunteers need to be nurtured and be told that they are appreciated.<br />
* Crisis response doesn't happen in a political vacuum.<br />
* There are ethical concerns that come up when you are tracking personal data.<br />
'''What are recipes for crisis response that people have been a part of?'''<br />
* People who live in a location are the first responders.<br />
'''Is there a data flow between first responders and people who come next?'''<br />
* There aren't good standards for different organization to coordinate their responses.<br />
* There are different phases in a crisis with different goals and organizations.<br />
* Circumstances are very different for each crisis.<br />
* Effectiveness of people's contributions very greatly, often depending on their goals.<br />
'''Is remote help really effective?'''<br />
* You need to have a structure for onboarding to capture crowds of volunteers.<br />
'''Do you have your problems broken down into microtasks for individual to tackle?'''<br />
* People often recreate the wheel and try to build new apps for each crisis.<br />
'''How does your work span across multiple crisises? Can you harness interest to build capacity?'''<br />
'''How to build local capacity that can drive response?'''<br />
* Humanitarian Exchange Language provides common column headers.<br />
* Katmandu Living Labs was a local group founded by the World Bank.<br />
* Public Labs does environmental justice data work.<br />
* Crisis Cleanup is a data clearinghouse to share knowledge between orgs.<br />
* Lots of activist practices can help with resilience.<br />
* NERT is a good local org working to get people prepared for a disaster in SF.<br />
<br />
=Possible focus areas:=<br />
* Microtasking / Bug Fixing<br />
* How do you make your tool/organization resilient (or even useful) is a crisis?<br />
* Prep work: who will benefit from your data, and how do you get it to them?<br />
* Explore and build the ecosystem map (scenario mapping)<br />
* Communications plans to public<br />
* Handbook sprint?</div>Jucsanchhttps://devsummit.aspirationtech.org/index.php?title=Mobile_and_Internet_of_Things_(IOT)_security&diff=2121Mobile and Internet of Things (IOT) security2016-11-17T18:58:22Z<p>Jucsanch: Created page with "=Questions/salient issues/things we want to know= * Use phone for two-factor authentication (Google Authenticator) * What does increased surveillance mean for our mobile devi..."</p>
<hr />
<div>=Questions/salient issues/things we want to know=<br />
<br />
* Use phone for two-factor authentication (Google Authenticator)<br />
* What does increased surveillance mean for our mobile devices?<br />
* How do we balance our use of phones as vectors of surveillance vs phone as tool for security (how do we decide when to use our phones at home?)<br />
* Can we transfer data from phones through peer to peer networks in a way that is HIPAA compliant?<br />
* How can consumers lock down IoT devices?<br />
* Strategies for minimizing threat of devices that are already compromised?<br />
* How similar are IoT devices to phones and are there standards emerging in the field? (Answer: there are similarities and differences.)<br />
<br />
=Background info=<br />
<br />
==What is a mobile device?==<br />
<br />
* 2 complete operating systems--one for calls/data (baseband processor) and one that operates the apps. The calls/data one is even less secure than the other.<br />
* Phones and IoT devices have in common: GPS, gyroscope, sensors, a new set of issues that come from data being collected all the time.<br />
* How cell networks work: Phone connects to towers, which each have own radius. Towers connect to each other. Difft infrastructures (4G, LTE, etc) Towers connect to a center. Then back out to other towers and out to the receiving device. Towers connect to each other in the same way but in and out of the centers is different from that. Signals between the phone and the tower are easy to intercept/attack. (Stingrays eg)<br />
* Baseband processor is what sends and receives this data as described above.<br />
* Phones are hard to secure because you don't own/control the hardware, firmware, software. As a user you don't see anything that the baseband processor does. It is possible to send messages from the cell tower to the baseband processor to make it do things like turn the microphone one.<br />
* Two methods to get your location info from a phone: GPS, which you can turn off via permissions; triangulating your location from what towers are receiving a signal from your phone. This is the tech that allows you to make calls/get texts/data, so there is no way to obfuscate your location if you want to use the calling or text functionality.<br />
* The phone also records what tower is communicating with it.<br />
* Who has access to this location info?<br />
** If the govt already knows what you are doing or doesn't care/it doesn't create a risk, this location info leakage may not matter to you.<br />
** Law enforcement can get access to where you are, who you are talking to, how long etc.<br />
** This info is accessed by a cellular company or law enforcement stingray usage.<br />
** Using VPN on your phone does not obfuscate location info<br />
<br />
==Mobile OS==<br />
<br />
* Disagreement in the room about how secure mobile devices can be<br />
* iOS and Android have different permissioning systems--iOS is more granular<br />
<br />
=Mobile security practices we in the room use=<br />
<br />
* Not using fingerprint sensor b/c law enforcement has fingerprints--using passcodes instead.<br />
* Regular software updates (if you can--Android you are dependent on your provider to supply the update)<br />
* Minimizing information kept on the phone<br />
* Not backing up to iCloud<br />
*<br />
<br />
=IoT=<br />
<br />
* Devices talk in insecure ways to cloud servers and the storage is often not secure.<br />
* Devices have hard coded passwords that can't be changed by users and they can be remote accessed and then used for DDoS attacks. There is a list of devices at shodan.io.<br />
* There are some compliance guidelines coming down the pike in the US for IoT devices. The ability to update is one of them.<br />
<br />
=Misc=<br />
<br />
* Newer iOS devices--it is hard to get into your phone without tremendous sophistication. BUT iCloud is vulnerable to subpoena bc the data on iCloud Apple has the encryption keys.<br />
* This went by so fast, there is so much more to cover! Maybe more sessions.</div>Jucsanchhttps://devsummit.aspirationtech.org/index.php?title=2016_Agenda&diff=21202016 Agenda2016-11-17T00:28:04Z<p>Jucsanch: /* Wednesday Breakout Session II */</p>
<hr />
<div>Aspiration events are first and foremost convened to strengthen the ties and social networks of technology practitioners in the non-profit/non-governmental sectors.<br />
<br />
The #npdev session list is co-developed with participants, facilitators, and partners in the time leading up to and during the Festival. We strongly encourage you to join in the fun at this unique and interactive gathering!<br />
<br />
The agenda is designed and facilitated using Aspiration's unique participatory model, in an environment where powerpoint slides are discouraged and dialog and collaboration drive the learning.<br />
<br />
Our philosophy centers around getting participants into small-group discussions where they can discuss topics they are passionate about and get answers to their questions and curiosities. Sessions at Aspirations have particular traits; we de-emphasize presentations and lecture, and instead focus on "break-out" sessions that are self-organized whenever possible .<br />
<br />
= Wednesday November 16 =<br />
<br />
== Opening Circle ==<br />
<br />
<br />
== Nature Walk ==<br />
<br />
<br />
== Story Telling ==<br />
<br />
<br />
== Agenda Mosh Pit ==<br />
<br />
<br />
== Wednesday Breakout Session I ==<br />
<br />
* [[Social media and filter bubbles]] - Aman (Note Taker - David)<br />
* [[How to successfully recover from large-scale doxxing or trolling]] - Adria (Note Taker - Ben)<br />
* [[Trump Watch database]] - Pratap (Note Taker - George)<br />
* [[Mapping threats over next four years]] - Rainey (Note Taker - Scott)<br />
* [[Tools for engaging with congress]] - Max (Note Taker - Matt)<br />
* [[Intersection between organizational goals and actions against Trump]] - Anya (Note Taker - Ajay)<br />
* [[What does effective leadership look like?]] - Dirk (Note Taker - Nick)<br />
* [[The revolution will not be optimized]] - Scott (Note Taker - Jay)<br />
* [[Collaborative, secure, open source tools to help run your office]] - Lisa (Note Taker - Erick)<br />
* [[Digital humanitarian response]] - Willow (Note Taker - Mike)<br />
* [[Security tools]] - Jack (Note Taker - Andrew)<br />
<br />
== Wednesday Breakout Session II ==<br />
* [[The role of art]] - Kristine (Note Taker - Chris)<br />
* [[Data literacy]] - Heather (Note Taker - Ajay)<br />
* [[How to use licenses]] - Andrew (Note Taker - Brian)<br />
* [[Mobile and Internet of Things (IOT) security]] - Norman (Note Taker - Lisa)<br />
* [[Connecting communities with services]] - Greg (Note Taker - Willow)<br />
* [[Role of youth in movements]] - Jay (Note Taker - Noah)<br />
* [[Propaganda posters for good]] - Ruth<br />
* [[Direct actions]] - Austin (Note Taker - Matt)<br />
* [[Communications architecture in political systems]] - Tomas (Note Taker - Jay)<br />
<br />
=Thursday, November 17=<br />
<br />
== Thursday Breakout Session I ==<br />
<br />
== Thursday Skillshare ==<br />
* [[2016 Skillshare Topics]]<br />
<br />
<br />
== Thursday Breakout Session II ==<br />
<br />
<br />
=Friday, November 18=<br />
<br />
== Friday Breakout Session I ==<br />
<br />
<br />
<br />
== Friday Science Fair ==<br />
<br />
* [[2016 Science fair topics]]<br />
<br />
== Friday Breakout Session II ==<br />
<br />
<br />
== Friday Breakout Session III ==</div>Jucsanchhttps://devsummit.aspirationtech.org/index.php?title=2016_Agenda&diff=21182016 Agenda2016-11-16T22:37:00Z<p>Jucsanch: /* Wednesday Breakout Session I */</p>
<hr />
<div>Aspiration events are first and foremost convened to strengthen the ties and social networks of technology practitioners in the non-profit/non-governmental sectors.<br />
<br />
The #npdev session list is co-developed with participants, facilitators, and partners in the time leading up to and during the Festival. We strongly encourage you to join in the fun at this unique and interactive gathering!<br />
<br />
The agenda is designed and facilitated using Aspiration's unique participatory model, in an environment where powerpoint slides are discouraged and dialog and collaboration drive the learning.<br />
<br />
Our philosophy centers around getting participants into small-group discussions where they can discuss topics they are passionate about and get answers to their questions and curiosities. Sessions at Aspirations have particular traits; we de-emphasize presentations and lecture, and instead focus on "break-out" sessions that are self-organized whenever possible .<br />
<br />
= Wednesday November 16 =<br />
<br />
== Opening Circle ==<br />
<br />
<br />
== Nature Walk ==<br />
<br />
<br />
== Story Telling ==<br />
<br />
<br />
== Agenda Mosh Pit ==<br />
<br />
<br />
== Wednesday Breakout Session I ==<br />
<br />
* [[Social media and filter bubbles]] - Aman (Note Taker - David)<br />
* [[How to successfully recover from large-scale doxxing or trolling]] - Adria (Note Taker - Ben)<br />
* [[Trump Watch database]] - Pratap (Note Taker - George)<br />
* [[Mapping threats over next four years]] - Rainey (Note Taker - Scott)<br />
* [[Tools for engaging with congress]] - Max (Note Taker - Matt)<br />
* [[Intersection between organizational goals and actions against Trump]] - Anya (Note Taker - Ajay)<br />
* [[What does effective leadership look like?]] - Dirk (Note Taker - Nick)<br />
* [[The revolution will not be optimized]] - Scott (Note Taker - Jay)<br />
* [[Collaborative, secure, open source tools to help run your office]] - Lisa (Note Taker - Erick)<br />
* [[Digital humanitarian response]] - Willow (Note Taker - Mike)<br />
* [[Security tools]] - Jack (Note Taker - Andrew)<br />
<br />
== Wednesday Breakout Session II ==<br />
<br />
=Thursday, November 17=<br />
<br />
== Thursday Breakout Session I ==<br />
<br />
== Thursday Skillshare ==<br />
* [[2016 Skillshare Topics]]<br />
<br />
<br />
== Thursday Breakout Session II ==<br />
<br />
<br />
=Friday, November 18=<br />
<br />
== Friday Breakout Session I ==<br />
<br />
<br />
<br />
== Friday Science Fair ==<br />
<br />
* [[2016 Science fair topics]]<br />
<br />
== Friday Breakout Session II ==<br />
<br />
<br />
== Friday Breakout Session III ==</div>Jucsanchhttps://devsummit.aspirationtech.org/index.php?title=2016_Agenda&diff=21162016 Agenda2016-11-16T20:45:26Z<p>Jucsanch: /* Wednesday November 16 */</p>
<hr />
<div>Aspiration events are first and foremost convened to strengthen the ties and social networks of technology practitioners in the non-profit/non-governmental sectors.<br />
<br />
The #npdev session list is co-developed with participants, facilitators, and partners in the time leading up to and during the Festival. We strongly encourage you to join in the fun at this unique and interactive gathering!<br />
<br />
The agenda is designed and facilitated using Aspiration's unique participatory model, in an environment where powerpoint slides are discouraged and dialog and collaboration drive the learning.<br />
<br />
Our philosophy centers around getting participants into small-group discussions where they can discuss topics they are passionate about and get answers to their questions and curiosities. Sessions at Aspirations have particular traits; we de-emphasize presentations and lecture, and instead focus on "break-out" sessions that are self-organized whenever possible .<br />
<br />
= Wednesday November 16 =<br />
<br />
== Opening Circle ==<br />
<br />
<br />
== Nature Walk ==<br />
<br />
<br />
== Story Telling ==<br />
<br />
<br />
== Agenda Mosh Pit ==<br />
<br />
<br />
== Wednesday Breakout Session I ==<br />
<br />
<br />
<br />
== Wednesday Breakout Session II ==<br />
<br />
=Thursday, November 17=<br />
<br />
== Thursday Breakout Session I ==<br />
<br />
== Thursday Skillshare ==<br />
* [[2016 Skillshare Topics]]<br />
<br />
<br />
== Thursday Breakout Session II ==<br />
<br />
<br />
=Friday, November 18=<br />
<br />
== Friday Breakout Session I ==<br />
<br />
<br />
<br />
== Friday Science Fair ==<br />
<br />
* [[2016 Science fair topics]]<br />
<br />
== Friday Breakout Session II ==<br />
<br />
<br />
== Friday Breakout Session III ==</div>Jucsanchhttps://devsummit.aspirationtech.org/index.php?title=2016_Agenda&diff=21152016 Agenda2016-11-16T20:44:32Z<p>Jucsanch: /* Wednesday November 16 */</p>
<hr />
<div>Aspiration events are first and foremost convened to strengthen the ties and social networks of technology practitioners in the non-profit/non-governmental sectors.<br />
<br />
The #npdev session list is co-developed with participants, facilitators, and partners in the time leading up to and during the Festival. We strongly encourage you to join in the fun at this unique and interactive gathering!<br />
<br />
The agenda is designed and facilitated using Aspiration's unique participatory model, in an environment where powerpoint slides are discouraged and dialog and collaboration drive the learning.<br />
<br />
Our philosophy centers around getting participants into small-group discussions where they can discuss topics they are passionate about and get answers to their questions and curiosities. Sessions at Aspirations have particular traits; we de-emphasize presentations and lecture, and instead focus on "break-out" sessions that are self-organized whenever possible .<br />
<br />
= Wednesday November 16 =<br />
<br />
== Opening Circle ==<br />
<br />
== Nature Walk ==<br />
<br />
== Story Telling ==<br />
<br />
== Agenda Mosh Pit ==<br />
<br />
== Wednesday Breakout Session I ==<br />
<br />
<br />
<br />
== Wednesday Breakout Session II ==<br />
<br />
=Thursday, November 17=<br />
<br />
== Thursday Breakout Session I ==<br />
<br />
== Thursday Skillshare ==<br />
* [[2016 Skillshare Topics]]<br />
<br />
<br />
== Thursday Breakout Session II ==<br />
<br />
<br />
=Friday, November 18=<br />
<br />
== Friday Breakout Session I ==<br />
<br />
<br />
<br />
== Friday Science Fair ==<br />
<br />
* [[2016 Science fair topics]]<br />
<br />
== Friday Breakout Session II ==<br />
<br />
<br />
== Friday Breakout Session III ==</div>Jucsanchhttps://devsummit.aspirationtech.org/index.php?title=Protecting_Your_Organizational_Identity_Online&diff=2113Protecting Your Organizational Identity Online2016-09-06T18:44:56Z<p>Jucsanch: /* Session Notes */</p>
<hr />
<div>Facilitated by Allen Gunn, Aspiration<br />
<br />
=Session Description =<br />
<br />
As nonprofits move increasingly to "the cloud", with hosted applications and online services playing a central role in their program and operations, a new category of risk exposures has emerged. From proper domain registration to ownership and management of hosted data to control of social media accounts, many organizations fail to consider the long term when they set up online presences and increase their dependency on online tools. This session will provide practical steps organizations can take to take full control of their online identity and long-term destiny.<br />
<br />
= Session Notes =<br />
<br />
protecting your org identity online<br />
<br />
processes need to be braindead simple to be <br />
<br />
adopted<br />
nonprofits don't have a list of their accounts<br />
<br />
first step: spreadsheet with acct name, url, <br />
<br />
but not password<br />
<br />
second step: good password protocol<br />
<br />
<br />
primary asset is the data. most orgs think <br />
<br />
only of software and hardware costs<br />
<br />
have inventory of where your data lives and <br />
<br />
how often it is backed up<br />
<br />
<br />
<br />
recommendations for tracking all accounts<br />
- spreadsheets<br />
- google - but hosting critical org data <br />
<br />
there has privacy tradeoffs<br />
<br />
contact info on accounts isn't systematic.<br />
- recommendation. <br />
- orgs should use cpanel hosting as easy <br />
<br />
way to manage systems easily thru graphical <br />
<br />
interface<br />
- create email alias/forwarder that is <br />
<br />
accountname@ domain. <br />
- every forwarder goes to 2 people. primary <br />
<br />
account user and ops manager.<br />
- redundancy. 1 of 2 people will be <br />
<br />
available at any time<br />
- forwarder allows rerouting of the emails <br />
<br />
when people change roles/depart the org<br />
- helps to track who is sharing your info <br />
<br />
with spammers<br />
<br />
contact info for an account can't be personal <br />
<br />
email/address. worst practice<br />
<br />
plesk<br />
- a variant of cpanel<br />
<br />
software registrations too. not just web <br />
<br />
registrations<br />
<br />
<br />
<br />
domain registration<br />
- scumbag registrars. godaddy = super <br />
<br />
rightwing + bad site design ++++ hostage taker <br />
<br />
registrar (very difficult to move to new <br />
<br />
registrar) <br />
- registrar.com - bad<br />
- domain registry of america. flaming <br />
<br />
scumbags!!!!<br />
- network solutions. hostage takers. <br />
<br />
CIA-affiliation.<br />
- joker.com. recommended by bruce. can be a <br />
<br />
reseller.<br />
- domainsite.com/name.com = <br />
<br />
gunner-recommended. excellent admin tools. <br />
<br />
only tech support on weekdays.<br />
<br />
when domains get taken<br />
- if someone registers your brand, there's a <br />
<br />
grievance process. <br />
- but if the domain gets grabbed, you're <br />
<br />
screwed.<br />
<br />
<br />
best practice<br />
- register com/net/org combo when possible. <br />
- your opponent will buy them<br />
- they'll use seo to drive people away from <br />
<br />
your org, mislead people.<br />
- don't rely on registrar to alert you about <br />
<br />
renewal<br />
- make sure contact info is updated and <br />
<br />
consistent across your domains<br />
- autorenew is good if you're comfortable <br />
<br />
having credit card info in a hackable <br />
<br />
database. paypal is an option<br />
- multiyear renewal is good.<br />
- NEVER LET AN EXTERNAL PARTY REG DOMAINS FOR <br />
<br />
YOU <br />
- written down explicit org process for <br />
<br />
domain reg<br />
- who is empowered <br />
- how. step by step.<br />
- put all domains in one registrar you trust<br />
- unless you're controversial and need to <br />
<br />
keep domain with non-US registrar (ghandi.net)<br />
- california green party does this<br />
<br />
cybersquatter solution<br />
- have whitehat squatters make domains <br />
<br />
available to causes for short-term campaigns<br />
<br />
tangent: china rerouted 15% of web traffic for <br />
<br />
20 minutes earlier in 2010 and saved all the <br />
<br />
info. proof of concept.<br />
<br />
web hosting<br />
- never ever ever do web hosting with your <br />
<br />
registrar. leads to hostage situation.<br />
- if hosting is separate from registration, <br />
<br />
you can solve the hosting hten move the <br />
<br />
domain. much harder to divorce if everything <br />
<br />
is in the same place.<br />
- archive your cpanel settings. monthly. <br />
<br />
domains, subdomains, email accounts, <br />
<br />
forwarders.<br />
- when you create a hosted account, see if <br />
<br />
access to the acct can be through a subdomain <br />
<br />
or directory of your domain name. ex. you <br />
<br />
could pay wordpress to direct <br />
<br />
aspirationtech.wordpress.com to <br />
<br />
aspirationtech.org/blog<br />
- local backup copies of databases. amazon s3 <br />
<br />
account. rochen.com hosting<br />
<br />
<br />
email<br />
- never give out anything but @yourdomain, <br />
<br />
even if you route it through another service <br />
<br />
(gmail)<br />
- good options. cpanel hosting account. don't <br />
<br />
use imap. use pop and local mail clients for <br />
<br />
orgs who want to make it more difficult for <br />
<br />
the gov't to take hte data. use an open source <br />
<br />
mail client (squirrelmail, etc.)<br />
- electric embers.org. npogroups.org. open <br />
<br />
source webmail service<br />
- FORBID YOUR STAFF FROM DOING ORG <br />
<br />
COMMUNICATION THROUGH PERSONAL EMAIL ADDRESSES<br />
- branding. you look amateurish.<br />
- staff is building address book of org <br />
<br />
contacts. staff is aggregating org knowledge <br />
<br />
into gmail folders that are outside the org's <br />
<br />
control. if there's an ideological schism, <br />
<br />
angry staff member quits and spam entire <br />
<br />
address book with grievances. <br />
- also think about volunteers/contractors <br />
<br />
who do any external communications. set up an <br />
<br />
org address for them.<br />
- NO NON-WORK COMMUNICATIONS WITH ORG EMAIL <br />
<br />
ADDRESS<br />
- hard to monitor but train employees on the <br />
<br />
policy and why we have it<br />
- policy: the aggregate email info stays on <br />
<br />
org hardware. pull data only onto org <br />
<br />
machines.<br />
<br />
<br />
one solution: install your own email client <br />
<br />
(like open source Zimbra). daily snapshots of <br />
<br />
data. can recover deleted emails. <br />
<br />
<br />
version control and open source software<br />
- your website is dependent on compatibility <br />
<br />
with the version of software (wordpress) it is <br />
<br />
running on.<br />
- code escrow. recommended contractual item <br />
<br />
with developers. code is staged out to the <br />
<br />
escrow location every X days. protects against <br />
<br />
schisms btw you and developer. run svn server <br />
<br />
on local server (most orgs don't have <br />
<br />
expertise/resources for this).<br />
<br />
<br />
control of online real estate<br />
- facebook/twitter. get on them and lock down <br />
<br />
the userid/facebook url for your org. same <br />
<br />
username on as your domain name if possible. <br />
<br />
same for any other significant online outposts<br />
- log in every 90 days to keep the acct<br />
- get a page for your org on wikipedia and <br />
<br />
make sure it says what you want it to say. get <br />
<br />
the rss feed and monitor<br />
- have an org tag and monitor it on <br />
<br />
deliciious, flickr, twitter.<br />
- SEO. know what keywords you care about even <br />
<br />
if you're not optimizing. google for them <br />
<br />
occasionally to make sure your opponents <br />
<br />
haven't optimized for them better.<br />
- social media listening. netvibes is a good <br />
<br />
service. no good open source solution yet. <br />
<br />
"for a corporation, they're not that bad."<br />
<br />
<br />
backups<br />
- do them. do them more often.<br />
- all org data on all hard drives. <br />
- back up offsite. protects against disaster <br />
<br />
or data grab.<br />
- backups behind a locked door..<br />
- partner with other org to back up each <br />
<br />
other. both behind locked door. complying with <br />
<br />
each others' privacy policy. <br />
- ED or trusted employee taking backups home <br />
<br />
isn't a bad option. Sending a physical copy of <br />
<br />
your data thru Fedex to offsite location (like <br />
<br />
board chair).<br />
- all backups need to be encrypted.<br />
- recommended encrypted services <br />
- recommend services that accept <br />
<br />
responsibility for data (s3) vs. services that <br />
<br />
disclaim liability (dropbox, etc.)<br />
<br />
<br />
SSL<br />
- for collecting donations. protecting donor <br />
<br />
info. make sure your have an SSL certificate. <br />
<br />
- encrypting entire website (https) can be a <br />
<br />
good idea, protect against sniffing/injection<br />
- there are good tutorials (EFF white paper <br />
<br />
on https and links to resources being released <br />
<br />
soon. https anywhere firefox plugin. <br />
<br />
aspiration paper: protecting your identity <br />
<br />
online.<br />
<br />
best practices: see if vendor's align with <br />
<br />
nonprofit values - different from having a <br />
<br />
nonprofit pricing plan.<br />
<br />
<br />
<br />
key takeaway: open source hosting hires child <br />
<br />
meth addicts as sysadmins<br />
<br />
<br />
1. have organizational standards for website <br />
<br />
logins and domain registrations. clear <br />
<br />
separation of personal and organizational <br />
<br />
communications<br />
<br />
2. separate hosting and registration.<br />
<br />
3. grab org usernames and urls on significant <br />
<br />
social media sites and monitor how your org <br />
<br />
name is being used.</div>Jucsanch