Gonçalo Valério

Tag: Europe

  • Interesting and worrisome views of the European public digital infrastructure

    Digital sovereignty is currently the order of the day. It seems European leaders suddenly opened their eyes and realized they were living in a fairy tale.

    Many practitioners and organizations have been alerting to this need for years (decades?). They were ignored.

    Nevertheless, this is not the topic of this post, even though it could help us visualize the extent of our dependency.

    Recently I became aware of a few very interesting projects that map the providers and security settings of the digital infrastructure of many public institutions.

    We have the maps of the email providers:

    And many others can be found in the original project readme file.

    The overall picture is not good (pretty bleak, actually) for something that should already be a “commodity.” From the countries I was able to take a look at, Portugal is not one of the worst, still far from the one in better shape (France) but not the worst. However, in this land, some people just don’t learn.

    Another project, announced here, focuses on a different area. Not on the providers, but on the configurations and security good practices of the said infrastructure. Essentially, it aims to monitor and evaluate the security settings of many websites and platforms from European governments. The results can be found on:

    https://securitybaseline.eu

    Even though I disagree with some criteria for evaluating the risk of a few settings, looking at Madeira and Portugal, the picture isn’t also pretty. Insecure ciphers on HTTPS, lack of encryption in FTP servers, lack of DKIM signatures for email, etc.

    There is lots of room for improvement on basic and essential things. It reinforces the idea that security is not a first-class citizen, and I’m always skeptical when I hear/read that some institution was a target of a “sophisticated” cyber attack.

    Nevertheless, visualizing things helps us know where to focus and track progress. That’s why I found these projects interesting and worth sharing. So with this in mind, I will leave here a few other things I would like to also see tracked:

    • The technologies and providers of those platforms
    • Where and how the code managed
    • Where and how the data are hosted
    • The official file and data formats used by these public institutions
    Fediverse Reactions

  • European Copyright Madness

    After seeing many countries applying taxes to storage devices (as it will happen in Portugal from the 1st of July on) to compensate copyright holders (I’m still trying to understand how they will know which one, and not fill the pockets of some opportunist) the news today gave me one more prof that we are heading in the wrong direction. Here is the EFF news article:

    European Copyright Madness: Court Strikes Down Law Allowing Users to Rip Their Own CDs

  • Raw Open Data

    Raw Open Data

    Last month I attended an interesting event here in Coimbra, about the concept of Open Data, which is described in Wikipedia like this:

    Open data is the idea that certain data should be freely available to everyone to use and republish as they wish, without restrictions from copyright, patents or other mechanisms of control.

    During the event several topics were discussed around this issue, but the ones that caught my attention were focused on the European directives about this subject, the Portuguese case (our government approach on this issue), licenses that should be used on this kind of content and data visualizations.

    The major arguments used to incite companies, public entities and essentially governments to release their data in an open format, so it can be used by the general public and other entities were:

    • it fosters innovation
    • gives the ability to improve existing products and services
    • increases the transparency of the organization
    • raises the quality of the citizen’s participation in a democracy

    In the morning Cristiana Sappa, argued that all this data should have a license that gives permission to the users to reuse it for both commercial and non-commercial purposes, allows the creation of derivative works and doesn’t have any “Share alike” condition. One good example is Creative Commons Zero (CC0).

    In the afternoon, the Portuguese case was presented, where several initiatives were explained like Dados.gov, Portal de Transparência Municipal and Portal do Software Público. Despite all the effort, at the end of this talk i was left with the impression that there is still much to be done and that the quantity and quality of the released data is not there yet.

    The day ended with a talk given by Paolo Ciuccarelli about data visualizations. In this talk he defended the need to turn the raw data into something that people could perceive what was being shown to them and reason about it. He then gave many excellent examples of amazing work that he and his team had done in the past. I would like to leave one reference to a tool, called RAW, that was presented which, helps the common user in the creation of nice visualizations for his data. You should check it out.

    Concluding this post, i would like to leave here some useful links that were shared during the event and where interesting public data is published. Here they are: