I have good news: p3 is sliced into postits. And not so good news. The software is no good.
We need to look for an alternative and since the format of the file is not too difficult to parse and manipulate, moving to something else should not be too much of a problem.
Unless you have a better idea, I propose we re-schedule todays KJ session.
d = json.load(open(sys.argv))
lines = open(sys.argv).read().split('\n')
i = 8000
base_y = 0
base_x = int(sys.argv)
shift = 0
for line in lines:
if not line:
"id": "card%05d" % i,
"x": base_x + shift,
"y": base_y + shift,
i += 1
shift += 1
called with the json export of the previous board, the following text file and 200 to place the new postits
p3: We investigate topics to expose corruption and wrongdoing.
p3: The org. staff is in four countries.
p3: The network of journalists are spread around the world.
p3: The best investigative journalists in each country.
p3: We tap into a network of journalists for collaborative investigations.
p3: We collaborate with media org. around the world.
p3: A leak over 1TB and millions of documents.
p3: All journalists in the org. have access to all documents.
p3: A leak implicating more than one hundred countries.
p3: Hand made tools based on Free Software
p3: Journalists work remotely, in the cloud, on non classified docs.
p3: Intranet social network
p3: Intranet search engine
p3: Intranet data visualization
p3: SecureDrop is a mailbox that you have open for people to send you leaks
p3: SecureDrop is used in media organizations.
p3: SecureDrop is used by network of journalists.
p3: SecureDrop is about sending documents.
p3: The SecureDrop chat is not used.
p3: Signal and whatsapp are used to chat.
p3: The main use of SecureDrop is files.
p3: We are not getting much from SecureDrop
p3: We get stuff by other means than SecureDrop
p3: One SVS and a single person checking it
p3: Checking SecureDrop is very technical
p3: Only people who know Tor submit to SecureDrop
p3: SecureDrop is too technical for a civil servant
p3: The problem is not SecureDrop, it is Tor
p3: One international leak in 18 months via SD
p3: A number of nation wide leaks in 18 months via SD
p3: A SD was about national police wrongdoing
p3: A SD was about national corruption
p3: People may not realize the risks when sending documents over email
p3: An org. publishing leaks may not have an online system
p3: An org. publishing leaks should have an online system
p3: SecureDrop was setup withough help from FPF
p3: SecureDrop launch was blocked by technical requirements
p3: The technical provider was unable to meet the technical requirements
p3: A whistleblower asked repeatedly for an online submission system
p3: A whistleblower with a lot of data asked for an online submission system
p3: Postal mail must be complemented with something more technologically advanced
p3: SD was installed by backend developer
p3: SD was installed by an expert on databases
p3: SD installed by FPF was expensive for us, as a non profit
p3: SD installed by the same person for two org.
p3: Gave up establishing a rotation to check SecureDrop
p3: Complains about tails updates
p3: We check SecureDrop less frequently nowadays
p3: A single person checking SD, very tired of it
p3: Plans to have multiple SVS
p3: We hoped to get a super big lead via SD but did not
p3: A person uses SD for a short while after the launch
p3: Sometime documents received via SD are not that sensitive.
p3: Non sensitive SD documents are forwarded via encrypted email
p3: SD never received documents that would require this level of security
p3: Communication with journalist are via encrypted email
p3: Training journalists to use PGP took a long time
p3: Using PGP and 2FA is a requirement for journalists
p3: Journalists say their infosec skills improved working with our org.
p3: The IT guys of the org. was too busy to deal with SD
p3: The person who installed SD became the expert
p3: The person installing tails USB keys is our expert
p3: We should re-structure the SD support internally
p3: The SD servers are close to a staff member who can maintain them
p3: Sometime the SD servers crash and need to be repaired
p3: Whistleblowers are the lifeline of investigative journalists
p3: The SD did not receive leaks
p3: Leaks comes from people who approach us
p3: Leaks comes from partners
p3: SD does not provide what we expected
p3: Encrypted email does not provide what we expected
p3: The leak box must be more accessible
p3: Most of the leaks are not NSA type
p3: The SD process is painful when the result is non sensitive documents
p3: Whistleblowers do not think in terms of documents
p3: The problem with Signal is that it can only be used by a single device
p3: Whistleblowers want to tell something to the journalists, a conversation
p3: Whistleblowers need to be caught, hot in the moment
p3: SD does not all for quick response time with Whistleblowers
p3: Nobody knows what Tor is
p3: I wish we had good security with Chrome and not Tor
p3: HTTPS is not fully anonymous but somewhat
p3: Being focused on documents is wrong, chatting comes first
p3: For sensitive documents that are not classified the cloud is ok
p3: If we assume all documents are classified, the platform is not usable
p3: 2FA is required to access the Intranet
p3: Journalists are not aware of the traces they leave on the net
p3: Whistleblowers are not aware of the traces they leave on the net
p3: Whistleblowers cannot decide the level of protection they need
p3: Whistleblowers could be asked questions to determine their security needs
p3: Whistleblowers know how to send you documents without SD
p3: Whistleblowers with classified documents know it is explosive
p3: Whistleblowers may not realize they put other people at risk
p3: Sources & journalists should be trained to understand the risk they take