Stories with Tag Civic Tech

• Lessons from open source in the Mexican government

  permalink

  Posted: 2025-04-04 06:55:11

  Verbose tl;dr

  Mexico's government has been actively promoting and adopting open source software for over two decades, driven by cost savings, technological independence, and community engagement. This journey has included developing a national open source distribution ("Guadalinex"), promoting open standards, and fostering a collaborative ecosystem. Despite facing challenges such as bureaucratic inertia, vendor lock-in, and a shortage of skilled personnel, the commitment to open source persists, demonstrating its potential benefits for public administration and citizen services. Key lessons learned include the importance of clear policies, community building, and focusing on practical solutions that address specific needs.

  This article, "Lessons from open source in the Mexican government," recounts the experiences of Enrique Anzures Becerril, who spearheaded the adoption of open-source software within various Mexican government agencies over several years. Becerril's narrative details a multifaceted journey, highlighting both the triumphs and tribulations encountered while transitioning away from proprietary software. The piece meticulously outlines the motivations behind this shift, primarily focusing on cost reduction and the fostering of technological sovereignty. Becerril elaborates on the substantial financial savings achieved by migrating to open source, emphasizing that these savings were not merely limited to licensing fees but extended to areas like maintenance and support. He also champions the idea of reducing dependence on foreign vendors, thereby strengthening national technological capabilities and control.

  The article further delves into the practical aspects of this transition, discussing the strategic approach employed. This involved a phased implementation, prioritizing specific agencies and departments based on their readiness and suitability for open-source adoption. Becerril underscores the importance of training and capacity building within government teams, acknowledging the need to equip personnel with the necessary skills to effectively utilize and maintain open-source solutions. He details the challenges encountered in overcoming resistance to change, addressing the inertia that often accompanies entrenched practices and the apprehension surrounding new technologies. This involved navigating bureaucratic hurdles, managing stakeholder expectations, and fostering a culture of open collaboration.

  Furthermore, the article explores the specific open-source technologies implemented, ranging from operating systems like Linux to office productivity suites and specialized software tailored to government functions. Becerril discusses the criteria used in selecting these technologies, emphasizing the importance of factors such as community support, security, and compatibility with existing systems. He also highlights the role of community engagement and collaboration, illustrating how contributions to and participation within the open-source community further enhanced the benefits of adopting these technologies.

  Finally, Becerril reflects on the broader implications of this initiative, positioning it as a catalyst for digital transformation within the Mexican government. He argues that the adoption of open source not only resulted in immediate cost savings but also laid the foundation for a more agile, innovative, and technologically independent public sector. The article concludes by presenting lessons learned and best practices gleaned from this experience, offering valuable insights for other governments considering a similar transition to open-source software. These lessons touch upon the importance of strategic planning, stakeholder engagement, capacity building, and a long-term commitment to fostering a sustainable open-source ecosystem within the government.

  • Open Source
  • Government
  • Mexico
  • public sector
  • Software
  • Technology
  • Policy
  • Adoption
  • Digital Transformation
  • Community
  • collaboration
  • Innovation
  • Open Government
  • Civic Tech

  Summary of Comments ( 42 )
  https://news.ycombinator.com/item?id=43579104

  Verbose tl;dr

  HN commenters generally praised the Mexican government's efforts toward open source adoption, viewing it as a positive step towards transparency, cost savings, and citizen engagement. Some pointed out the importance of clear governance and community building for sustained open-source project success, while others expressed concerns about potential challenges like attracting and retaining skilled developers, ensuring long-term maintenance, and navigating bureaucratic hurdles. Several commenters shared examples of successful and unsuccessful open-source initiatives in other governments, emphasizing the need to learn from past experiences. A few also questioned the focus on creating new open source software rather than leveraging existing solutions. The overall sentiment, however, remained optimistic about the potential benefits of open source in government, particularly in fostering innovation and collaboration.

  The Hacker News post "Lessons from open source in the Mexican government" (linking to an LWN.net article about the same) generated several comments discussing the challenges and successes of open-source adoption in government.

  One commenter highlighted the inherent difficulty in changing entrenched bureaucratic processes, even with the benefits of open source. They argued that open source itself isn't a magic bullet and that successful implementation requires addressing underlying organizational issues and fostering a culture of collaboration and knowledge sharing. This commenter also pointed out that governments often rely on proprietary software due to perceived convenience or existing contracts, making a shift to open source a significant undertaking.

  Another comment focused on the importance of community involvement in open-source projects. They emphasized that government-led open-source initiatives should prioritize building a strong community of contributors and users to ensure long-term sustainability and avoid vendor lock-in. This commenter suggested that simply releasing code isn't enough; active engagement with the community is crucial for success.

  Several commenters discussed the potential cost savings associated with open source, but acknowledged that these savings are not always guaranteed. They pointed out that while licensing costs might be lower, there are other costs associated with implementation, maintenance, and training that need to be considered. One commenter specifically mentioned that the "cost savings" argument is often less convincing to governments than the "avoid vendor lock-in" argument, as budgetary cycles and departmental silos can make long-term cost savings difficult to demonstrate.

  Another thread of discussion revolved around the issue of security and trust in open-source software. One commenter raised concerns about the potential for vulnerabilities in open-source code and the importance of rigorous security audits. Others argued that the open nature of the code actually enhances security by allowing for greater scrutiny and community-driven vulnerability detection.

  Finally, some commenters shared their own experiences with open-source adoption in government and other large organizations. These anecdotes provided real-world examples of both the challenges and successes of such initiatives, highlighting the importance of careful planning, stakeholder engagement, and ongoing community support. One commenter suggested that successful open-source adoption often depends on finding "champions" within the organization who are passionate about the technology and willing to advocate for its use.

• Mark Cuban offers to fund former 18f employees

  permalink

  Posted: 2025-03-02 14:58:28

  Verbose tl;dr

  Billionaire Mark Cuban has offered to fund former employees of 18F, a federal technology and design consultancy that saw its budget drastically cut and staff laid off. Cuban's offer aims to enable these individuals to continue working on their existing civic tech projects, though the specifics of the funding mechanism and project selection remain unclear. He expressed interest in projects focused on improving government efficiency and transparency, ultimately seeking to bridge the gap left by 18F's downsizing and ensure valuable public service work continues.

  In a recent and noteworthy development within the sphere of civic technology and governmental digital services, prominent entrepreneur and investor Mark Cuban has extended a magnanimous offer of financial support to former employees of 18F, a celebrated and now-defunct digital services agency within the United States federal government. 18F, renowned for its agile and innovative approach to modernizing government technology, was abruptly shuttered under contentious circumstances, leaving its skilled workforce displaced and the future of its numerous projects uncertain. Mr. Cuban’s proposition, communicated publicly via the social media platform X (formerly known as Twitter), expresses a deep concern for the preservation of the valuable work initiated by 18F and a desire to prevent the dissipation of the team's specialized expertise. He has pledged to provide funding to allow these individuals to continue their endeavors, albeit outside the direct auspices of the government, effectively creating a private sector continuation of the agency's core mission. While the precise details of this financial arrangement, including the amount of funding allocated, the organizational structure of the prospective entity, and the specific projects to be pursued, remain to be elucidated, Mr. Cuban’s gesture has been met with significant interest and represents a potential avenue for the continued development and deployment of crucial governmental digital services. This intervention underscores the ongoing debate surrounding the role of technology in public service and the importance of sustained investment in modernizing government infrastructure. Furthermore, it highlights the potential for private sector engagement in bridging the gap when governmental support for such initiatives falters, raising complex questions about the interplay between public and private interests in the realm of civic technology. The long-term ramifications of Mr. Cuban’s offer, and the ultimate fate of the former 18F employees and their projects, remain to be seen, but the development marks a potentially significant turning point in the narrative of digital governance in the United States.

  • Mark Cuban
  • 18F
  • government technology
  • funding
  • tech startups
  • Venture Capital
  • government shutdown
  • public service
  • technology policy
  • Federal Government
  • Layoffs
  • job security
  • Civic Tech

  Summary of Comments ( 295 )
  https://news.ycombinator.com/item?id=43231062

  Verbose tl;dr

  Hacker News commenters were generally skeptical of Cuban's offer to fund former 18F employees. Some questioned his motives, suggesting it was a publicity stunt or a way to gain access to government talent. Others debated the effectiveness of 18F and government-led tech initiatives in general. Several commenters expressed concern about the implications of private funding for public services, raising issues of potential conflicts of interest and the precedent it could set. A few commenters were more positive, viewing Cuban's offer as a potential solution to a funding gap and a way to retain valuable talent. Some also discussed the challenges of government bureaucracy and the potential benefits of a more agile, privately-funded approach.

  The Hacker News post titled "Mark Cuban offers to fund former 18f employees" generated a number of comments discussing Mark Cuban's offer and the broader implications of the situation surrounding 18F, a digital services agency within the General Services Administration of the US government.

  Several commenters expressed skepticism about Cuban's motives, questioning whether this was a genuine offer or a publicity stunt. Some suggested that his offer might be conditional and tied to certain outcomes, or that he might have ulterior motives related to acquiring talent or influencing government policy. Others pointed out that Cuban's offer, while generous, might not be enough to sustain 18F's operations long-term, given the complexities and costs associated with government work.

  There was discussion about the potential challenges of accepting private funding for a government agency, including concerns about conflicts of interest, accountability, and transparency. Some commenters argued that accepting private funding could undermine the independence and integrity of 18F and create a precedent for other agencies to seek private funding, potentially leading to undue influence by wealthy individuals or corporations.

  A few commenters highlighted the importance of 18F's work and the negative consequences of its potential shutdown, emphasizing the agency's role in modernizing government technology and improving citizen services. They expressed concern about the loss of experienced and skilled employees and the potential disruption to ongoing projects.

  Some comments focused on the political aspects of the situation, with some criticizing the decision to cut funding to 18F and others suggesting that this was a deliberate attempt to dismantle government agencies and privatize their functions.

  Several commenters debated the merits of government-led versus private sector-led technology initiatives, with some arguing that the government is better equipped to handle certain types of projects, particularly those related to public services and infrastructure, while others maintained that the private sector is more efficient and innovative.

  Finally, some comments touched upon the broader issue of government funding and the challenges of balancing budgets while maintaining essential services. Some commenters advocated for increased funding for government technology initiatives, arguing that these investments are essential for improving efficiency and effectiveness.

• I Went to SQL Injection Court

  permalink

  Posted: 2025-02-25 18:39:10

  Verbose tl;dr

  The author recounts their experience in an Illinois court fighting for access to public records pertaining to the state's Freedom of Information Act (FOIA) request portal. They discovered and reported a SQL injection vulnerability in the portal, which the state acknowledged but failed to fix promptly. After repeated denials of their FOIA requests related to the vulnerability's remediation, they sued. The judge ultimately ruled in their favor, compelling the state to fulfill the request and highlighting the absurdity of the situation: having to sue to get information about how the government plans to fix a security flaw in a system designed for accessing information. The author concludes by advocating for stronger Illinois FOIA laws to prevent similar situations in the future.

  This blog post, titled "I Went to SQL Injection Court," details the author's experience assisting a journalist, named David, in pursuing legal action against the Illinois State Police (ISP) for improperly denying a Freedom of Information Act (FOIA) request. David's request, which sought statistical information about arrests related to traffic stops, was rejected by the ISP due to security concerns, citing the potential for SQL injection vulnerabilities. The author, possessing expertise in database security, analyzed the ISP's web form and determined that it was indeed vulnerable to such attacks. This vulnerability could allow malicious actors to manipulate the form's input fields to execute arbitrary SQL commands, potentially exposing sensitive data from the underlying database.

  The author then meticulously documented this vulnerability, providing a comprehensive explanation of how it could be exploited. This documentation included specific examples of malicious queries that could be entered into the form, demonstrating the real-world risk associated with the flaw. Armed with this evidence, the author and David proceeded to file a lawsuit against the ISP, arguing that their rejection of the FOIA request based on security concerns was invalid because the ISP's own system was insecure. The crux of their argument was that the ISP could not legitimately cite security concerns as a reason for denying the FOIA request while simultaneously neglecting to address a significant vulnerability in their own system.

  The blog post narrates the court proceedings, highlighting the author's testimony as an expert witness. The author explained the nature of SQL injection and the specific vulnerability in the ISP's web form to the judge. The judge, after considering the evidence and testimony, ultimately ruled in favor of David and the author. The judge ordered the ISP to fulfill the FOIA request, implicitly acknowledging the validity of the author's security assessment and the spurious nature of the ISP's initial rejection. The post concludes by expressing the author’s satisfaction with the outcome, viewing it as a victory for transparency and accountability in government agencies. The author further underlines the importance of robust security practices and emphasizes that genuine security concerns should be addressed proactively rather than being used as a pretext for withholding public information. The case underscores the importance of technical expertise in legal battles surrounding technology and access to information.

  • SQL Injection
  • FOIA
  • Illinois
  • Open Records
  • Government Transparency
  • Data Access
  • Legal Case
  • Court Case
  • Public Records
  • Freedom of Information
  • information access
  • transparency
  • Civic Tech
  • government data

  Summary of Comments ( 370 )
  https://news.ycombinator.com/item?id=43175628

  Verbose tl;dr

  HN commenters generally praise the author's persistence and ingenuity in using SQL injection to expose flaws in the Illinois FOIA request system. Some express concern about the legality and ethics of his actions, even if unintentional. Several commenters with legal backgrounds offer perspectives on the potential ramifications, pointing out the complexities of the Computer Fraud and Abuse Act (CFAA) and the potential for prosecution despite claimed good intentions. A few question the author's technical competence, suggesting alternative methods he could have used to achieve the same results without resorting to SQL injection. Others discuss the larger implications for government transparency and the need for robust security practices in public-facing systems. The most compelling comments revolve around the balance between responsible disclosure and the legal risks associated with security research, highlighting the gray area the author occupies.

  The Hacker News post "I Went to SQL Injection Court" (regarding the blog post about FOIA issues in Illinois) has several comments discussing various aspects of the situation.

  Many commenters focus on the absurdity of the legal arguments and the judge's apparent lack of technical understanding. One commenter highlights the judge's confusion between SQL injection and simply using SQL, pointing out that using SQL isn't inherently malicious. This commenter expresses frustration with the legal system's inability to grasp basic technical concepts, leading to flawed judgments. Another commenter sarcastically suggests that using a web browser constitutes "browser injection" because it involves sending commands to a server, mirroring the faulty logic applied to SQL injection.

  Several comments discuss the implications of this case for security research and vulnerability disclosure. Commenters express concern that this ruling could discourage security researchers from reporting vulnerabilities, fearing legal repercussions for simply demonstrating how an exploit works. They argue that this chilling effect could have detrimental consequences for online security. One commenter draws a parallel to medical research, arguing that prosecuting someone for demonstrating a vulnerability is akin to prosecuting a medical researcher for demonstrating how a virus spreads.

  Another commenter expresses concern over the reliance on "intent" in determining the legality of security testing. They argue that focusing on intent is subjective and difficult to prove, making it a poor basis for legal decisions in technical matters. This commenter suggests that a more objective standard based on the actual actions taken would be preferable.

  Some comments delve into the specifics of Illinois law and the legal arguments presented. One commenter notes the apparent contradiction between the court's ruling and the Illinois Compiled Statutes, suggesting a misinterpretation of the law. Another points out the apparent lack of evidence presented by the prosecution, focusing solely on the method used rather than any demonstrable harm caused.

  A few commenters offer practical advice and alternative perspectives. One commenter suggests that using a proxy server could potentially circumvent the legal issues raised in the case. Another commenter offers a more cynical view, suggesting that the prosecution may be motivated more by politics and personal vendettas than a genuine concern for cybersecurity.

  Finally, some commenters express broader concerns about the increasing criminalization of security research and the potential for chilling effects on legitimate activities. They advocate for clearer legal frameworks and better education within the legal system about technical matters to prevent similar situations in the future.