An Open Letter To Missouri Governor Mike Parson & Staff
Dear Governor:
This post is in response to a Post-Dispatch story pointing out an error in a department website.
Missouri Gov. Mike Parson is vowing to prosecute the staff of the St. Louis Post-Dispatch after the newspaper says it uncovered security vulnerabilities on a state agency website.
The governor is characterizing the paper’s actions as a hacking that the state will investigate. He said it could cost taxpayers $50 million.
“Not only are we going to hold this individual accountable, but we will also be holding accountable all those who aided this individual and the media corporation that employs them,” Parson said at a news conference on Thursday. (NPR)
The paper ran the story only after the department corrected their mistake, but you’ve repeatedly described it as “hacking.” I hope this letter will help educate you and your staff.
I’m not a cybersecurity expert, but I’ve been blogging for two weeks shy of 17 years. I’ve never had a class in HTML, nor have I bought a book on the subject. I’m self taught. I’m also 54, so this didn’t come naturally as it seemingly does for younger folks. Speaking of age, yours isn’t an excuse — my oldest brother is 5 years older than you and he gets this stuff without having been a web designer.
Since I just used an acronym above that’s likely foreign to you this may help:
The HyperText Markup Language, or HTML is the standard markup language for documents designed to be displayed in a web browser. It can be assisted by technologies such as Cascading Style Sheets (CSS) and scripting languages such as JavaScript.
Web browsers receive HTML documents from a web server or from local storage and render the documents into multimedia web pages. HTML describes the structure of a web page semantically and originally included cues for the appearance of the document.
HTML elements are the building blocks of HTML pages. With HTML constructs, images and other objects such as interactive forms may be embedded into the rendered page. HTML provides a means to create structured documents by denoting structural semantics for text such as headings, paragraphs, lists, links, quotes and other items. HTML elements are delineated by tags, written using angle brackets. Tags such as <img /> and <input /> directly introduce content into the page. Other tags such as <p> surround and provide information about document text and may include other tags as sub-elements. Browsers do not display the HTML tags, but use them to interpret the content of the page. (Wikipedia)
All the <blah blah blah> stuff reminded me of high school & college in the 1980s. The college professor that ran our architecture computer lab liked the word processing application WordStar. It was the DOS days so we had to type things like <B> before and after a word or phrase we wanted to appear as bold on the printed page — it never appeared bold on the screen. Apple’s Mackintosh eliminated this simple coding by doing that in the background. Microsoft’s Windows operating system adopted this as well. The younger members of your staff may not remember DOS or WordStar.
Owning a Mac and using a Mac/Windows at various jobs I thought I’d left coding behind. I had until I began blogging on October 31, 2004. Early on I used 2 different HTML platforms to create my blog & posts before settling on WordPress. These all do the heavy lifting behind the scenes, but I’ve had to go into the source code over the years to fix problems with how something appears. I’ve also liked how others displayed information on webpages so I’ve looked at their source code to learn. Emails and digital photos also have code. Again, it’s not visible unless someone taps a few buttons or clicks to see it.
Source code is easily viewed by anyone. Hacking is entirely different. This is where someone attempts to gain entry into a computer network or application. There’s always someone attempting to hack into my blog ever week.
I’d like to think at least one person on your staff understands the Post-Dispatch pointed out the mistake made by the state agency so it could be fixed. Someone around you knows the Post-Dispatch helped the state by preventing social security numbers of teachers — numbers that shouldn’t have been in publically accessible source code. The other possibility is your entire office is clueless how websites work.
To simplify this I’ll use your own state website as an example:
I didn’t hack the website. I selected a menu item from a regular web browser — this code is necessary so browsers will display the website as desired. In more complicated databases sometimes it is set up incorrectly so that information that shouldn’t be shown is displayed here.
Someone is attempting to cover their own ass, or protect someone else. Leaders admit when mistakes are make, not try to shift the blame onto those privately bring mistakes to the state’s attention. Yes, an investigation is necessary to get to the bottom of this — an investigation of how social security numbers were displayed in easily accessible source code and why so much hot air to deflect the blame.
Where there’s smoke, there’ fire.
Stop wasting our time and money simply because you’re to shallow to admit you were wrong! The world already knows it, we just want to hear you say it. Additionally the Post-Dispatch deserves an apology from you. They did exactly what they should have, but you managed to turn a yawn of a subject into national news. Congrats on briefly jumping ahead of DeSantis & Abbott.
— Steve Patterson (a regular Missouri voter for 30+ years)