Mathghamhain Ua Ruadháin's Totally Unofficial Musings on the Business Side of the SCA
The SCA does not have an established procedure for reporting or addressing technology security vulnerabilities.
In correspondence with the Society IT Manager, they suggested sending vulnerability notifications by email, either to them, or to the relevant kingdom officers, or both.
Continue reading “Procedures for Reporting IT Vulnerabilities”For reasons discussed here previously, I was curious as to how complex it might be to programmatically access member data from the SCA’s new member portal.
It turns out the switch from MembersOnly to NeonOne has made this dramatically easier, and we can access member data in just a few lines of Python without scripting Chrome or hand-crafting any RPC calls.
Continue reading “Accessing SCA Member Information”I have sent the following letter regarding the sanction of Brian De Moray to the Society Seneschal, the Board Comments address, and the Ombudsman for IT, with copies to the Society IT Manager, Society Webminister, East Kingdom Webminister, and Brian De Moray himself. As always, I included my modern name and member number. Receipt was acknowledged less than two minutes later; I suspect they’re having a busy weekend over there. I will update if further action is taken.
To the Society’s Seneschal and Board of Directors, greetings from the East.
I write to you today to ask you to reconsider the January 2020 sanction of Brian De Moray, as the information available in the public record suggests that this decision may have been made in error.
Continue reading “Letter: Reconsideration of Sanction of Brian De Moray”TL;DR: Brian De Moray is a Master of Defense and of the Pelican in Atlantia, who was sanctioned by the Society in January 2020 for an innocuous 113-word Facebook post commenting on software development work he was doing as a volunteer for the kingdom.
As far as I can tell from the information available to me, this sanction appears to have been an error, made in haste by a Board that misinterpreted some technical jargon they didn’t understand, and should be reversed.
I first became aware of this case when it was mentioned in the context of the Wistric Saga, being discussed by Aeron Harper in the second part of his “Tale of Six Sanctions” essay. Aeron’s article was focused on the procedures and policies of the sanctions process, and understandably glossed over some of the technical details, but as a software developer, my curiosity was piqued.
At the time, I was disappointed to learn that Brian was reluctant to discuss the details for fear of additional sanction, but ten days later he published additional information, including technical details of his work, after the Chairman of the Board of Directors assured him that he would not be sanctioned a second time for the same offense.
Continue reading “The Sanction of Brian De Moray”I’ve submitted this question to the “Topical Town Hall Request” form, but it’s obscure enough that I’m not terribly optimistic about seeing it addressed in upcoming meetings:
Continue reading “Why Does IT Report Directly to the Board?”According to the October 19, 2019 organization chart available from sca.org, the Society Webminister is the only officer with kingdom/local counterparts who does not report through the Society President — instead they report to the Manager of Information Technology, who reports directly to the Board.
Why is this reporting structure different than every other role in the organization?
In a recent discussion of with webministers from around the Known World, someone asked a question, my answer to which I am re-posting here:
If an [officer] creates a google form […] is that form considered “an official website […]” and is the webministry accountable for making sure it adheres to the elements of a[n official] website required in the handbook?
This is a great question.
My take: No.
Continue reading “[Most] Web Apps are not “Official Websites””As part of last year’s group effort to rewrite the Webminister Handbook, I spent a bunch of time closely reading the privacy policy on the SCA.org website, as it applies to all SCA-controlled websites and online services.
One line in the policy caught my eye and prompted me to write Society leadership for more information; frustratingly, it required three emails over the course of six months to elicit a reply.
Continue reading “Tracking Privacy Policy Changes”An open letter to the corporate leadership of the SCA, lightly edited for clarity from the version I submitted in September 2022. — Mathghamhain
There is a long-standing issue within the Society around licensing for software developed by volunteers as well as related IT-related creations.
My direct experience with this is mostly in the context of the East Kingdom webministry, but in talking with folks from other kingdoms I’ve gotten the impression that this issue is widespread and dates back more than twenty years.
If you look at all the software written for various branches of the SCA — event calendars, order-of-precedence repositories, custom website themes, martial-authorization databases — I believe you will find that only a minority of it has clear copyright attributions or explicit licenses. Continue reading “Licensing of Software Developed for the SCA”
In talking with various officers from other kingdoms and within the Society’s leadership, it turns out that an undocumented provision allows for officers to gather release forms by email.
I’ve summarized what I’ve learned to date in the writeup below, which I will circulate for feedback — hopefully we can get any lingering issues ironed out, and then have this published somewhere official so that local officers can use this technique to streamline their work.
Continue reading “Processing Release Forms by Email”