Stories with Tag Civic Tech

• Mark Cuban offers to fund former 18f employees

  permalink

  Posted: 2025-03-02 14:58:28

  Verbose tl;dr

  Billionaire Mark Cuban has offered to fund former employees of 18F, a federal technology and design consultancy that saw its budget drastically cut and staff laid off. Cuban's offer aims to enable these individuals to continue working on their existing civic tech projects, though the specifics of the funding mechanism and project selection remain unclear. He expressed interest in projects focused on improving government efficiency and transparency, ultimately seeking to bridge the gap left by 18F's downsizing and ensure valuable public service work continues.

  In a recent and noteworthy development within the sphere of civic technology and governmental digital services, prominent entrepreneur and investor Mark Cuban has extended a magnanimous offer of financial support to former employees of 18F, a celebrated and now-defunct digital services agency within the United States federal government. 18F, renowned for its agile and innovative approach to modernizing government technology, was abruptly shuttered under contentious circumstances, leaving its skilled workforce displaced and the future of its numerous projects uncertain. Mr. Cuban’s proposition, communicated publicly via the social media platform X (formerly known as Twitter), expresses a deep concern for the preservation of the valuable work initiated by 18F and a desire to prevent the dissipation of the team's specialized expertise. He has pledged to provide funding to allow these individuals to continue their endeavors, albeit outside the direct auspices of the government, effectively creating a private sector continuation of the agency's core mission. While the precise details of this financial arrangement, including the amount of funding allocated, the organizational structure of the prospective entity, and the specific projects to be pursued, remain to be elucidated, Mr. Cuban’s gesture has been met with significant interest and represents a potential avenue for the continued development and deployment of crucial governmental digital services. This intervention underscores the ongoing debate surrounding the role of technology in public service and the importance of sustained investment in modernizing government infrastructure. Furthermore, it highlights the potential for private sector engagement in bridging the gap when governmental support for such initiatives falters, raising complex questions about the interplay between public and private interests in the realm of civic technology. The long-term ramifications of Mr. Cuban’s offer, and the ultimate fate of the former 18F employees and their projects, remain to be seen, but the development marks a potentially significant turning point in the narrative of digital governance in the United States.

  • Mark Cuban
  • 18F
  • government technology
  • funding
  • tech startups
  • Venture Capital
  • government shutdown
  • public service
  • technology policy
  • Federal Government
  • Layoffs
  • job security
  • Civic Tech

  Summary of Comments ( 295 )
  https://news.ycombinator.com/item?id=43231062

  Verbose tl;dr

  Hacker News commenters were generally skeptical of Cuban's offer to fund former 18F employees. Some questioned his motives, suggesting it was a publicity stunt or a way to gain access to government talent. Others debated the effectiveness of 18F and government-led tech initiatives in general. Several commenters expressed concern about the implications of private funding for public services, raising issues of potential conflicts of interest and the precedent it could set. A few commenters were more positive, viewing Cuban's offer as a potential solution to a funding gap and a way to retain valuable talent. Some also discussed the challenges of government bureaucracy and the potential benefits of a more agile, privately-funded approach.

  The Hacker News post titled "Mark Cuban offers to fund former 18f employees" generated a number of comments discussing Mark Cuban's offer and the broader implications of the situation surrounding 18F, a digital services agency within the General Services Administration of the US government.

  Several commenters expressed skepticism about Cuban's motives, questioning whether this was a genuine offer or a publicity stunt. Some suggested that his offer might be conditional and tied to certain outcomes, or that he might have ulterior motives related to acquiring talent or influencing government policy. Others pointed out that Cuban's offer, while generous, might not be enough to sustain 18F's operations long-term, given the complexities and costs associated with government work.

  There was discussion about the potential challenges of accepting private funding for a government agency, including concerns about conflicts of interest, accountability, and transparency. Some commenters argued that accepting private funding could undermine the independence and integrity of 18F and create a precedent for other agencies to seek private funding, potentially leading to undue influence by wealthy individuals or corporations.

  A few commenters highlighted the importance of 18F's work and the negative consequences of its potential shutdown, emphasizing the agency's role in modernizing government technology and improving citizen services. They expressed concern about the loss of experienced and skilled employees and the potential disruption to ongoing projects.

  Some comments focused on the political aspects of the situation, with some criticizing the decision to cut funding to 18F and others suggesting that this was a deliberate attempt to dismantle government agencies and privatize their functions.

  Several commenters debated the merits of government-led versus private sector-led technology initiatives, with some arguing that the government is better equipped to handle certain types of projects, particularly those related to public services and infrastructure, while others maintained that the private sector is more efficient and innovative.

  Finally, some comments touched upon the broader issue of government funding and the challenges of balancing budgets while maintaining essential services. Some commenters advocated for increased funding for government technology initiatives, arguing that these investments are essential for improving efficiency and effectiveness.

• I Went to SQL Injection Court

  permalink

  Posted: 2025-02-25 18:39:10

  Verbose tl;dr

  The author recounts their experience in an Illinois court fighting for access to public records pertaining to the state's Freedom of Information Act (FOIA) request portal. They discovered and reported a SQL injection vulnerability in the portal, which the state acknowledged but failed to fix promptly. After repeated denials of their FOIA requests related to the vulnerability's remediation, they sued. The judge ultimately ruled in their favor, compelling the state to fulfill the request and highlighting the absurdity of the situation: having to sue to get information about how the government plans to fix a security flaw in a system designed for accessing information. The author concludes by advocating for stronger Illinois FOIA laws to prevent similar situations in the future.

  This blog post, titled "I Went to SQL Injection Court," details the author's experience assisting a journalist, named David, in pursuing legal action against the Illinois State Police (ISP) for improperly denying a Freedom of Information Act (FOIA) request. David's request, which sought statistical information about arrests related to traffic stops, was rejected by the ISP due to security concerns, citing the potential for SQL injection vulnerabilities. The author, possessing expertise in database security, analyzed the ISP's web form and determined that it was indeed vulnerable to such attacks. This vulnerability could allow malicious actors to manipulate the form's input fields to execute arbitrary SQL commands, potentially exposing sensitive data from the underlying database.

  The author then meticulously documented this vulnerability, providing a comprehensive explanation of how it could be exploited. This documentation included specific examples of malicious queries that could be entered into the form, demonstrating the real-world risk associated with the flaw. Armed with this evidence, the author and David proceeded to file a lawsuit against the ISP, arguing that their rejection of the FOIA request based on security concerns was invalid because the ISP's own system was insecure. The crux of their argument was that the ISP could not legitimately cite security concerns as a reason for denying the FOIA request while simultaneously neglecting to address a significant vulnerability in their own system.

  The blog post narrates the court proceedings, highlighting the author's testimony as an expert witness. The author explained the nature of SQL injection and the specific vulnerability in the ISP's web form to the judge. The judge, after considering the evidence and testimony, ultimately ruled in favor of David and the author. The judge ordered the ISP to fulfill the FOIA request, implicitly acknowledging the validity of the author's security assessment and the spurious nature of the ISP's initial rejection. The post concludes by expressing the author’s satisfaction with the outcome, viewing it as a victory for transparency and accountability in government agencies. The author further underlines the importance of robust security practices and emphasizes that genuine security concerns should be addressed proactively rather than being used as a pretext for withholding public information. The case underscores the importance of technical expertise in legal battles surrounding technology and access to information.

  • SQL Injection
  • FOIA
  • Illinois
  • Open Records
  • Government Transparency
  • Data Access
  • Legal Case
  • Court Case
  • Public Records
  • Freedom of Information
  • information access
  • transparency
  • Civic Tech
  • government data

  Summary of Comments ( 370 )
  https://news.ycombinator.com/item?id=43175628

  Verbose tl;dr

  HN commenters generally praise the author's persistence and ingenuity in using SQL injection to expose flaws in the Illinois FOIA request system. Some express concern about the legality and ethics of his actions, even if unintentional. Several commenters with legal backgrounds offer perspectives on the potential ramifications, pointing out the complexities of the Computer Fraud and Abuse Act (CFAA) and the potential for prosecution despite claimed good intentions. A few question the author's technical competence, suggesting alternative methods he could have used to achieve the same results without resorting to SQL injection. Others discuss the larger implications for government transparency and the need for robust security practices in public-facing systems. The most compelling comments revolve around the balance between responsible disclosure and the legal risks associated with security research, highlighting the gray area the author occupies.

  The Hacker News post "I Went to SQL Injection Court" (regarding the blog post about FOIA issues in Illinois) has several comments discussing various aspects of the situation.

  Many commenters focus on the absurdity of the legal arguments and the judge's apparent lack of technical understanding. One commenter highlights the judge's confusion between SQL injection and simply using SQL, pointing out that using SQL isn't inherently malicious. This commenter expresses frustration with the legal system's inability to grasp basic technical concepts, leading to flawed judgments. Another commenter sarcastically suggests that using a web browser constitutes "browser injection" because it involves sending commands to a server, mirroring the faulty logic applied to SQL injection.

  Several comments discuss the implications of this case for security research and vulnerability disclosure. Commenters express concern that this ruling could discourage security researchers from reporting vulnerabilities, fearing legal repercussions for simply demonstrating how an exploit works. They argue that this chilling effect could have detrimental consequences for online security. One commenter draws a parallel to medical research, arguing that prosecuting someone for demonstrating a vulnerability is akin to prosecuting a medical researcher for demonstrating how a virus spreads.

  Another commenter expresses concern over the reliance on "intent" in determining the legality of security testing. They argue that focusing on intent is subjective and difficult to prove, making it a poor basis for legal decisions in technical matters. This commenter suggests that a more objective standard based on the actual actions taken would be preferable.

  Some comments delve into the specifics of Illinois law and the legal arguments presented. One commenter notes the apparent contradiction between the court's ruling and the Illinois Compiled Statutes, suggesting a misinterpretation of the law. Another points out the apparent lack of evidence presented by the prosecution, focusing solely on the method used rather than any demonstrable harm caused.

  A few commenters offer practical advice and alternative perspectives. One commenter suggests that using a proxy server could potentially circumvent the legal issues raised in the case. Another commenter offers a more cynical view, suggesting that the prosecution may be motivated more by politics and personal vendettas than a genuine concern for cybersecurity.

  Finally, some commenters express broader concerns about the increasing criminalization of security research and the potential for chilling effects on legitimate activities. They advocate for clearer legal frameworks and better education within the legal system about technical matters to prevent similar situations in the future.