Hang on.

With advances in computing, programming languages, and shared assumptions, "trivial program" is a huge domain now.

Authenticated requests to a server for specific data extracted from text files on disk, in a structured format, pretty-printed, in <100ms? 30 years ago that was a *chore*. Now? 22 lines on my end.

Coding gets more powerful and approachable every day.

Yet someone wants me to rent a fleet of bots to write 5,000 LoC that needs an audit and still doesn't do what I need.

Here is an email I've just sent to the CTO of Washington State Patrol, who are responsible for Amber/Silver Alerts, on this topic:

Good afternoon Mr. Wallace,

Apologies if you are not the correct point of contact for this message, but as the CTO I assume you own the tech stack/software approvals process at WSP. If there is someone better suited to handle, please forward on.

I just wanted to flag that every recent Amber or Silver Alert that has been triggered by WSP, has included both a link via the commercial link shortening service bit.ly, and those links, when accessed go to the social media site X.com, formerly Twitter.

I've worked in information security for about 20 years, and I think that presence of these commercial tools in official alerts represents a significant risk. They are essentially turning the commercial services into critical infrastructure. X.com, which famously fired the majority of its workforce, including its information security and privacy team over the past few years, is probably not able to cut it in regards to meeting any security or privacy standards, and therefore shouldn't be relied upon as the primary source of information attached to these alerts.

Bit.ly links can go anywhere, and can be managed by just a username and password, which makes them a prime target for malicious actors seeking to phish people. A safer option would be a .wa.gov in house shortening service that everyone knows is managed by folks who have authenticated to the service using strong authentication.

Ultimately, the aim of these alerts, be they amber/silver, or whatever else - is to get information to as many people quickly and effectively. By all means relay the alerts via multiple social media channels, but the 'default' landing point should not be X.com, which to be frank, is often broken anyway. We absolutely should be able to do this using government hosted tools and services, rather than relying on some of the worst corners of the private sector.

Anyway, I hope you can take this feedback on board. I know it's something that a lot of us in the information security sector in Washington have discussed. Happy to talk about it further.

Cheers, and thanks for your attention on this issue,

Mike Sheward