If I got Hopelessly Sick / Died Suddenly ...

pitpat's picture

As the password database (both in my head & in an encrypted file) grows, I increasingly worry about the responsibility which is behind. Not only that someone else could get access to these passwords, maybe suddenly the Internet stops working (at least at home), my computer stops working, the hard drive refuses to read the database file; maybe I'm in holidays, sick or otherwise occupied, and in this very month a significant security update should have been made for [replace this with concerning server or website]; or worst, my heart stops beating and someone else is trying to take over my heritage because he desperately needs access to [server/website].

Let's take worst case: I suddenly die. He will have really tough times. Set aside that from the amout of data I have on my disk he will be interested in maximum 10 % of the files, he probably just doesn't have the IT knowledge that I ... had. If he doesn't know Linux, he will have no chance of doing whatsoever on my computer. So we could seperate his task into 3 different aspects:

  1. Find out which technology I used
  2. Learn this technology
  3. Find out the password.

Repeat this process for each specific problem you ask, such as: "how to read the files?", "how to crack the user account?", and finally (!), "where to find the password of my website?". So even though I appreciate tofirius' thoughts about Digital Legacy, this only covers part 3) of the process. He's talking about sending relevant passwords to his leaders, 1) do they know, were to enter these passwords?, and 2) Are they familiar with this, at least to the point where they can teach themselves the rest? If not, they will desperately take the next computer crack that arrives - maybe a DTS student - and delegate this work to them. [ This cannot be our goal, even if it works (too often I was in this situation at the beginning of my YWAM "career"). Firstly, because we cannot assume that the leader or the student can realistically assure that technically savvy enough for the specific task, and secondly, we are giving the student almost total control over the concerned system - do we know we can entrust him with this responsibility? ]

So what can we do about it? Essentially, more cooperation between IT staff in YWAM. (That's why I'm so excited about this communication platform!) To show an example: I am part of the Joomla!-Community, and seeing that many other YWAM sites are made with Joomla! also, I could imagine forming a Joomla! working group. This could imply

  1. maintaining documentation about how the corresponding website is working
  2. forum for learning from each other
  3. peer exchange of relevant passwords, e.g. in a way that some peers have to work together in order to get access to the website.

So when a security release appears (a really bad one like 1.5.6), all admins of 1.5.x-Sites will be notified by email; they then will post back that their website is updated. After a reasonable time-frame, let's say a month, the remaining sites will be upgraded by the community and the admin will be notified. This ensures that critical bugs will be patched ... at the moment, there is not even a notification process, so I'm sure there are sites out there who hasn't be updated since Aug 08 - because the non-technical guy is saying: what's the matter, it's working, isn't it? Until the day that the site is completely defaced [ which, by the way, is not the worst case ... it would be worse that the hacker silently installs some additional things remaining undetected - and some day start sending spam or similar. ], they won't even recognize.

I admit that this is more of a dream ... dream with me. What would you do differently? Do you see the need of some of the 1-2-3-Points I mention?

tofirius's picture

Good thoughts

Submitted by tofirius on Wed, 06/10/2009 - 18:41.

I appreciate your comment on my previous post. These are good thoughts. And thankfully, you did exactly what I had hoped would happen: you continued a conversation.

You also have great points in your article here about how people would access the websites, etc. What you're referring to, though, is exactly the issue that CRIT & the various YWAM communication teams around the world are trying to address: to build a communication infrastructure.

Also, there needs to be more value put on this matter by leaders, so that staff will understand the importance of it. They should be sending people to CRIT & encouraging them to connect into a communication team. If they have communication schools, they should be encouraging those students to volunteer in these areas.

Good thoughts. Let's keep them coming!

***
Chris Bischoff, National Communication Coordinator
YWAM Latvia
www.ywamlatvia.com

pitpat's picture

Re: Good thoughts

Submitted by pitpat on Sat, 06/13/2009 - 08:10.

What you're referring to, though, is exactly the issue that CRIT & the various YWAM communication teams around the world are trying to address: to build a communication infrastructure.

You're right, I didn't knew these initiatives before. But even after having read the above links, I don't really get why this is the key to my questions. Can you please elaborate?

tofirius's picture

No Worries

Submitted by tofirius on Sat, 06/13/2009 - 08:47.

I think what I was trying to get at is that there needs to be a shift in thinking among staff about the value placed on communication & logically following that, the importance of protecting & insuring information assets. This is one of the main goals of CRIT & the Comm teams. They're trying to show people how important communication is. So, one of the aspects of this message would be to protect your "digital legacy". It hasn't been a topic of discussion at CRIT just yet, since they're focused on simply trying to get people to communicate. But I'm sure it will have to come up soon.

Does that make a little more sense?

***
Chris Bischoff, National Communication Coordinator
YWAM Latvia
www.ywamlatvia.com

pitpat's picture

CRIT

Submitted by pitpat on Wed, 06/17/2009 - 18:40.

importance of communication ... yeah, this does make sense.

The approach mentioned in the CRIT slideshow is rather top-down, creating new roles / responsibilities and connecting YWAM by these key persons. Is this the main strategy at the moment?

re: CRIT

Submitted by Guest on Wed, 06/17/2009 - 19:17.

Yes, that is correct.

Bus factors...

Submitted by Guest on Wed, 08/05/2009 - 12:00.

Dear pitpat,

I understand what you mean. I have been thinking about what happens when the key person disappears. There are lots of key details in my head that could make a number of projects fail if I got knocked down by a bus for example!

There is a phrase "bus-factor" that I have been hearing in the IT world. Roughly it is the number of people that would have to be knocked down by a bus to destroy a project. The higher the number the less the risk to the project. It is a quick way to calculate whether or not you need to share some of the core details of a project.

How do do it is more troublesome. I have been looking into some ideas for peer sharing of data so that if I dispappear then the relevant details are kept by the "clique" (yes, that is the word used, and not entirely unhelpful in this context). Now the clique need to trust each other, that means face to face contact as well as digitally trust too, as encryption is needed. But there are some peer-to-peer models not just top down models that the IT world mostly uses as its model.

Anyway some thoughts. I have been developing them here: http://ywamkb.net/kb/index.php/YWAMKnowledgeBase:Circle_of_Trust although from reading it you might not think so!

Kevin

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

More information about formatting options