Post B3COVBvl8oo4F3k3fc by aimee@mastodon.nz
(DIR) More posts by aimee@mastodon.nz
(DIR) Post #B3AkBFkT2vXIxzRE0m by strypey@mastodon.nzoss.nz
2026-02-10T08:13:49Z
0 likes, 1 repeats
NZ needs to set a NetZero-style goal for when all software the NZ government depends on to fulfill its statutory functions is published as Free Code.If the rationale for this isn't self-evident, see the Public Money Public Code campaign by @fsfe;https://fsfe.org/activities/publiccode/publiccode.en.htmlIn the rest of this thread, I'll go through some specific steps to move us towards that goal;(1/?)#PolicyNZ
(DIR) Post #B3Akk6Aidxy9OuKgoS by strypey@mastodon.nzoss.nz
2026-02-10T08:20:07Z
0 likes, 0 repeats
Official NZ government code repository1) set up an onshore code repository, and require that a copy of all Free Code is lodged in it, and kept up-to-date date with what's in production.This would use a Free Code package like Forgejo or GitLab CE. The admin team would employed as permanent public servants. Think of them as software ombudsman.
(DIR) Post #B3AlGAmj1nbayTP73Y by strypey@mastodon.nzoss.nz
2026-02-10T08:25:55Z
0 likes, 0 repeats
Official NZ govt public code depository (cont'd)2) After a transition period (eg 2-5 years), require vendors to put full source code in private repos in the code repository, for all software govt depends on. Any existing vendor who doesn't commit to this when the public code depository is announced needs to be replaced over the transition period.3) After a further transition period (eg 5-10 years), all repos on the public code depository would be made public, under free licenses.(3/?)
(DIR) Post #B3AlYXaMzhUotzNpQm by strypey@mastodon.nzoss.nz
2026-02-10T08:29:14Z
0 likes, 0 repeats
Official NZ govt public code depository (cont'd)3) After a further transition period (eg 5-10 years), all repos on the public code depository would be made public, under free licenses. Again, any existing vendor who doesn't commit to this when the public code depository is announced needs to be replaced over the transition period.(4/?)
(DIR) Post #B3Am2MzovjUukMVlJ2 by strypey@mastodon.nzoss.nz
2026-02-10T08:34:38Z
0 likes, 1 repeats
Other steps that could help us move towards 100% digital sovereignty in government IT systems;Open StandardsMandate support for vendor-neutral data exchange standards for all government software;https://openstandards.nz/Again, a deadline needs to be set for this transition to be completed. With a series of steps from the easiest to the hardiest.Require ExportMandate that any software used in govt must be able to export all data, in vendor-neutral formats.(5/?)
(DIR) Post #B3AmVW6M9hPhNuSzrs by strypey@mastodon.nzoss.nz
2026-02-10T08:39:53Z
0 likes, 0 repeats
Software CommissioningMandate all software commissioned by public bodies, or paid for with public money or charitable grants, to be published under a free license. For software that's partially funded by public money, a threshold could be set above which publication of source code is mandatory. Eg more than 50%, or more than 80%.This policy ought to be retroactive. So it apples to any software that can be shown to have been developed by public employees, or funded by public money.(6/6)
(DIR) Post #B3AmzepeGBZl9K1Xo8 by badrihippo@fosstodon.org
2026-02-10T08:45:18Z
0 likes, 0 repeats
@strypey that sounds like a great idea
(DIR) Post #B3AnPlfLTUJdsCeg1Q by aimee@mastodon.nz
2026-02-10T08:50:00Z
0 likes, 0 repeats
@strypey We also need to think about true data sovereignty :)
(DIR) Post #B3Ap1mufO064hQVyJk by strypey@mastodon.nzoss.nz
2026-02-10T09:08:08Z
0 likes, 0 repeats
@aimee> We also need to think about true data sovereigntyYou mean having all government data hosted onshore in Aotearoa, under only NZ law (onshore datacentres covered by CLOUD Act need not apply)? Totally agree.I would add to that service sovereignty. Any online service govt depends on hosted onshore in Aotearoa, under only NZ law.
(DIR) Post #B3ArKWTiuh3n8fyQ0e by artnacrea@mastodon.ie
2026-02-10T09:33:51Z
0 likes, 1 repeats
@strypey @aimee Here's a site the gives you info about what's hosted where. I've used IRD as an example. You could try it for other organisationshttps://hosting-checker.net/websites/ird.govt.nz
(DIR) Post #B3Arbi3L8JM1xXpOsq by aimee@mastodon.nz
2026-02-10T09:37:00Z
0 likes, 0 repeats
@strypey Hosted onshore by companies under NZ ownership :) (Many don't realise that things like CLOUD still applies to US-owned data centres house off US shores. See last year's admission by Microsoft to the EU.)
(DIR) Post #B3CDMX5Q142nklvdBI by strypey@mastodon.nzoss.nz
2026-02-11T01:15:04Z
0 likes, 0 repeats
@aimee> CLOUD still applies to US-owned data centres house off US shoresAe, that's what I meant by specifying ...> under only NZ law... having obliquely made the point about CLOUD enforcing US sovereignty anywhere in the world (WTF?) in the preceding paragraph. But thanks for spelling it out for anyone who missed that inference (damn this 500 character limit)
(DIR) Post #B3CHOfNiXtGPsNlDkm by aimee@mastodon.nz
2026-02-10T09:38:27Z
0 likes, 0 repeats
@strypey also then local AI (including, shudder but some still want it) GenAI / agentic stuff.
(DIR) Post #B3CHOgAzaggALCoZYe by strypey@mastodon.nzoss.nz
2026-02-11T02:00:43Z
0 likes, 0 repeats
I'm not sure how practical local AI is, see my comments here;https://disintermedia.net.nz/invasion-of-the-mole-trainers/But a great way to find out would be to mandate it, with a deadline when all use of offshore or proprietary generative models in govt must end. As a bonus, even creating a public groundwell in support of the idea might have a chilling effect on govt IT managers signing public agencies up to contracts with #MOLE Trainers.@aimee
(DIR) Post #B3CNyobUKp4Eczp1vs by dsc@mastodon.scot
2026-02-11T01:51:36Z
0 likes, 0 repeats
@artnacrea @strypey @aimee does a cloudflare result mean IRD is hosted by CF or that it uses CF as a front end?(Note: I understand CF as a FE is not 'sovereign', but it is distinct from hosting + stack)
(DIR) Post #B3CNypaoeo7jhCW0WW by artnacrea@mastodon.ie
2026-02-11T03:07:36Z
0 likes, 0 repeats
@dsc @strypey @aimee In the context of the discussion, if cloudflare got a USA instruction to copy an NZ IRD data "elsewhere" would they comply?
(DIR) Post #B3CNyqVBHFD6W0t1NY by lightweight@mastodon.nzoss.nz
2026-02-11T03:14:27Z
0 likes, 0 repeats
@artnacrea reasonable question. @dsc @strypey @aimee
(DIR) Post #B3CO6yab5n0julISnI by strypey@mastodon.nzoss.nz
2026-02-11T03:15:50Z
0 likes, 0 repeats
@dsc > does a cloudflare result mean IRD is hosted by CF or that it uses CF as a front end?I wondered this too, I presume the latter (do ClownFlare even do full stack hosting). But that's still a dependency on a US corporation that compromises our digital sovereignty. We need a domestic anti-DDoS vendor(s), or the government needs to set up its own.@artnacrea @aimee
(DIR) Post #B3COVBvl8oo4F3k3fc by aimee@mastodon.nz
2026-02-11T03:20:19Z
0 likes, 0 repeats
@strypey depending on what you mean by AI, it's PLENTY locally practical :) And if it's not, well, that begs some questions about whether it's appropriate.
(DIR) Post #B3COfTzMr8mV90Kws4 by aimee@mastodon.nz
2026-02-11T03:22:12Z
0 likes, 0 repeats
@strypey i'm all for clarity :)
(DIR) Post #B3CgTAVbFtHgQZguIa by strypey@mastodon.nzoss.nz
2026-02-11T06:41:40Z
0 likes, 0 repeats
@aimee> depending on what you mean by AII mean generative models, in particular. Heaps of automation that comes under the more general heading of AI can be 100% free code and run on-device or onshore.> if it's not, well, that begs some questions about whether it's appropriate.Exactly!
(DIR) Post #B3CzPxBqDQwxNfd6JM by puck@mastodon.nz
2026-02-11T10:13:56Z
0 likes, 0 repeats
@aimee @strypey Also, remember that the CLOUD Act and Patriot Act are merely examples from the USA. See the crypto backdoor legislation in Australia as well. So if you store data in Australia with a USA company, it is accessible by 3 governments. NZ, A and USA.Also, nothing stopping other governments from exacting other legislation that makes it even easier for them to access data.Hopefully not NZ, and at least if NZ *does* we'd have a much greater ability to fight/reverse it.