The changes are pretty ridiculous [1], apparently the gobernment's devs kept deliberately renaming a specific header by adding and increasing a number at the end, from `xsrf-token` up to `xsrf-token11` [0], clearly only with the intend to break their rival free market app.
The devs don't work for the Stockholm region nor the government. They are contractors. Stockholm is notorious for terrible fragmented outsourcing programs
We did. We have a regex to catch all variants of spellings. But since our code is open they can easily select another variant. We could load our script dynamically but have chosen not to of security reasons. (And transparency).
While there is a technical issue here, there is also a legal issue and a PR issue.
Government institutions have a duty of care and a duty to help to private individuals. Since they are apparently working _against_ people in this case, they are probably in breach of the law.
I strongly suggest that you file a formal complaint against the government agency. This is easy to do and you can do it here.
https://www.jo.se/sv/JO-anmalan/
When you have filed the complaint: MAKE IT PUBLIC (hacker news follow up story, twitter, linkedin, etc). This is because there is a political dimension to this issue and if there is anything politicians care about, it's jobs (their own).
Good luck and keep us updated! I'm sure lots of people will be happy to spread a copy of the complaint around.
Thanks! Yes, we are investigating our legal options.
We just recently filed an appeal regarding getting access to the API documentation.
We have gotten a lot of PR in Sweden from the major news papers and tech press. So I think the pressure is building but if it is one thing Swedes are worried about is the appearance internationally. So help us getting this story to Wired, TechCrunch etc - that will make them crazy. We still live on the front page of Newsweek from 2000 - the capital of Internet. That might be true for the tech scene but definitely not the public sector.
We would rather concentrate our limited time and resources on making the product better instead of this crap but we have an amazing community that are helping us with both legal advice, artwork, communication, UX etc so we will continue the fight and will keep you updated here in Hacker News.
Also keep in mind that the legal options and PR options are tightly coupled. Regardless of the outcome of any legal option (e.g. "JO anmälan"), the PR generated around it may itself lead to a change if it gets enough attention (e.g., Anna König Jerlmyr seems to be in charge of Stockholm municipality at the moment). Make it easy for them to get good PR and make it clear the other option is to get bad PR.
These questions are larger than this project. This is about how the government itself builds API:s. That's big.
It's my (uneducated) understanding that legally, this makes you cross a boundary. You're no longer ~"circumventing security measures" on your own, you're inciting and enabling an end user to.
One could easily argue it's on the darker side of the grey area.
Not OP but from what I understand, the problem is that their code has to interoperate with the “private” service run by the “bad guys”; it’s basically a more usable front-end. So the bad guys keep messing with the backend just to break the open client.
The government devs are deliberately modifying server code after seeing what the open source code is using to identify their header. Guthub doesn't require an account to view code, so how could they ban government coders from seeing their code?
I assume they read the code that tries to parse the data, and come up with formats that don't fit. If the code is open, they don't need accounts to see it
The system that implements breaking changes is not the open source system. The open source system attempts to be compatible with the proprietary system. That is what it sounds like.
They don't contribute changes. Server and official client is maintained by Stockholmsstad contractors. Open source project is alternative client, not full solution.
It's amazing how often giant IT projects like these go off the rails. Exploding costs and garbage implementations. If you start the sentence with: "A 5+ year government IT project that cost over 100 million-" I already know how the story ends.
How do we improve this common scenario? What are the root causes?
The common themes are:
1. Lack of technical project competence at the decision maker level.
2. Scope creep. Where the one true system has to do everything.
3. A 'one-pass' approach where everything is expected to be delivered as a working system at the end of the project.
Even fixing two of these gives us a solid shot at a successful project.
The Phoenix payroll system comes to mind, the Canadian government tried to shift the blame to IBM, but have their hands tied since IBM delivered exactly what was in the contract. It's just that what the government decided to put in the contract has little to do with how they really do payroll.
I was hired as a coder on a fun project like that.
It wasn't a big project, I was the sole coder. What had been sold in was basically a Drupal install with some customization. I made sure they wrote a decent specification before I accepted the job.
I delivered on time and we had the first test with the client. Everything went very well, and the client seemed happy.
On the client side, the project was then moved from the project group to those who'd actually be using it. And then came the question from the new manager:
Mgr: "This looks nice, but what about all the other sites?"
Us: "Other sites? The contract was only for one site."
Mgr: "Well, the whole point here was to have 17 sites with site-specific content written by site-specific users, managed centrally with a unified look as if it was one single site."
Us: "Err... that's not what the specification we agreed on says."
Mgr: "Well, as it stands this is useless to us."
And so the simple three day job turned into many weeks.
Since the specifications were sufficiently clear, the client could indeed see rather easily that the solution they wanted was not what was agreed upon.
Had I not insisted on such detailed specs though, it would likely have been a lot harder to get them to pay up.
So yeah, worked out fine for me, but taught me a valuable lesson.
The Danish government tried to getting a new tax collection system built. The specificatio was 6000 page, not including the tax law that needed to be implemented.
It facinates me that no one ever stopped to wonder if was actually possible to implement all that.
It failed horribly, costing billion of DKK in implementation cost and even more in taxes that couldn’t be collected.
The other problem here is that politicians are either oblivious or simple don't care about the cost associated with complexity in the laws. On top of that, the other unfortunate dynamic that exists is that politicians all work to get their little special case into new bills so they can point to that when their constituents ask how they influenced the new law.
Taken together, the complexity of the law just accumulates. Tax law in Denmark being a particularly gross example.
I don't doubt that writing a new laws is complicated, but if I write code, and realise that I constantly need to tack on more code to handle special cases, then I will normally revisits my design. It is not my impression that politicians do the same with laws.
One major issue, at least with Danish law makers, is that they want to target special groups, but that would be discriminating, so instead they attempt to target the behaviour of those group. This of cause will affect a number of people who where not in the original target group, so they add on exceptions and and details to narrow down the law. Also there never seems to be any clean up in the laws.
If your laws/rule exploded from a few hundred pages to 30.000 pages, you should really revisit that thoughts behind that law.
It's crazy out here in DK. The most embarrassing example of such crazy targeted laws is the "hand shake with the mayor" requirement for new Danish citizens, clearly target at a certain ethnicity that would hesitate to do just that. The intent is to make it difficult to that ethnicity, the result is just a veiled law that makes them "appear" just enough secular and non-discriminatory.
There's a lot I love about life in Denmark. This is just to say that no place is perfect and DK also has stuff that all Danes should be rightly embarrassed about.
This was exactly my question while discussing with a few Danish friends who brushed it off saying, “yeah it’s wrong, but it’s not that bad.... while in Denmark they should be willing to live like a Dane”. My argument was whether they would be willing to wear a burka or give up driving as a woman without complaining in Saudi Arabia a not that they are good anywhere. The point is what is wrong should just be called out as wrong and not politically sugarcoated.
Isn't this basically a given? I find it hard to imagine that any organization could come up with good, complete requirements before they've had any software written.
Which is why most governments struggle with big IT projects.
Governments by their nature tend to approach everything from a legal perspective.
This then means the requirements of these big IT project end up being a mass of legal documents which try to describe what is being delivered by whom.
Then when the whole thing falls apart it ends up in the courts and the court then decides who promised what based on those original contract documents.
I was in a pub with a relative, and we got chatting to another random patron.
The relative was asked about his CS job, and at some point details were being discussed. The relative said something like “we have made what was asked for but because we have run out of time, that’s what the customer is getting. We know what they actually want and need, but that’s not in the contract”.
> Then when the whole thing falls apart it ends up in the courts and the court then decides who promised what based on those original contract documents.
Something government contractors learn to be good at is following a spec. These lawsuits often end-up costing the taxpayer a fortune for the government to be told that everything was delivered according to their spec.
The consulting company will then recoup it's losses from the lawsuit using their hourly billing clause where it stipulates that they can modify the software for X$/hour.
Take a triple bottom line solution to the problem.
Take a look at how kmalloc_obj is going in DragonFly BSD.
Government IT challenges three technical team leads to get to solution like kmalloc_obj. Performance pays for 1st prize and the rest get less money. Cut the time horizon from start to finish for the piece work to 18-months. Spread the risk of total failure to zero.
Right. But the client should never come up with the detailed spec. If they know what needs to be done it'd literally be faster for them to code it themselves.
They should never produce more than a page or two of specs, outside of the central task itself, because most everything will change when under production anyways. A project like this is big enough that apps became a thing, and fundamentally changed twice, in the lead-up to the actual work.
And all the little things they could control are just bikeshedding, best done by an impartial designer or by A/B tests.
Yes, but your way would likely strip a friendly consultancy off a contract for a couple million of your favorite currency to produce said specifications.
> They would need to hire software engineers and, quite frankly, most municipal governments aren't capable of adequately compensating these positions.
Of course they are, because they already are compensating them plus contract management overhead on both sides of the contracting arrangements (which are usually made even greater because they have different contractors for different phases of an effort), plus contractor profits.
Aside from simple corrupt motives (both by responsible managers involved in deals directly and higher-level politicians who favor inefficiency of kicking things off to industry because it buys support from the beneficiaries), this is done because it spreads the blame in the event of failure, which is seen by many involved as more important than maximizing likelihood of success or cost efficiency.
But citizens (well, at least those not corruptly benefitting) shouldn't tolerate that.
> Of course they are, because they already are compensating them plus contract management overhead on both sides of the contracting arrangements (which are usually made even greater because they have different contractors for different phases of an effort), plus contractor profits.
They have the budget for it, that's sure. But more often than not the municipal workforce is heavily unionized and has paygrades that are below market rates.
> They have the budget for it, that's sure. But more often than not the municipal workforce is heavily unionized and has paygrades that are below market rates.
That (the below market rates) is part of the setup to promote outsourcing. A heavily unionized workforce doesn't make it harder to for an organization to increase tech role pay to market rates if it wants to, it makes it fight harder to avoid to doing so.
That would be even worse! Can you imagine the headlines where it's a private company that tells the government what they need to buy AND sells it? Horrible conflict of interest.
The best solution would be for government IT to simply be competitive with the private sector for talent acquisition. That would probably mean that most senior software engineers will end-up being above the mayor's paygrade however.
Can you imagine the scandal if you fully specified a product and they built it and it wasn't even fit for task. Your contractor says "They never said it had to fly, they just sent us 5999 pages of specs about the logo, the color of the seat, the tray-table latch mechanism, etc." You'd look even dumber because you proved you don't understand your own business.
No organization should expand outside its desired core competency. Specialization is for organizations. If you want competency you hire it as a consultant. If you need to check that consultant, hire another.
Hire one company to write the spec and the product. Hire two others, small firms, one in the problem space (tax, airlines, etc) to check the business requirements and one in the software space to make sure spec/dev/test processes are adequate.
> Can you imagine the headlines
Yes, 100% lies written by a bitter communist. Modern corporate media in a nutshell. But the government already took the brunt of that for screwing up earlier. The screwup you mention would be no worse. Partly because the news is hyperbolic and nobody believes it these days - every problem reported is the worst ever.
> Hire one company to write the spec and the product. Hire two others, small firms, one in the problem space (tax, airlines, etc) to check the business requirements and one in the software space to make sure spec/dev/test processes are adequate.
Your projects will never succeed this way, but you’ll have plenty of people to blame for the failures.
Which is why it's already common for government IT projects to use a close variant of this approach, but usually separating out requirement writing to a firm notionally expert at doing that in the problem space instead of having it checked by sich a firm.
> Your projects will never succeed this way, but you’ll have plenty of people to blame for the failures.
We're discussing how it failed your way, so I'm not so sure you're presenting a better alternative.
The problem with your method is that two separate companies have deliverables that must be correct, whereas with mine only one does. And my way removes the back-and-forth which is a huge source of errors.
It's fundamentally impossible (absolutely, 100%) to write specs for a complex product before the product work begins.
So you can make it work your way, with a separate firm writing the specs, but you need to couple them with the dev firm and give up on the fantasy of up-front specs.
But that comes with its own problems and increased cost so imho you're better-off just letting one firm do it.
You mean the guaranteed-to-fail-but-spreads-blame method that I mentioned is common and closely related to your proposed method which shares those traits? Because that's neither “my way” nor something I recommend as an alternative.
> The problem with your method is that two separate companies have deliverables that must be correct,
No, only the final delivery company’s one must be correct. The preceding one influences the likelihood of that, of course, just like the extra domain-expert contractor brought in to validate the requirements in your proposal. (Who, if the agency for which work is being done is bringing them is as a requirement “validation” expert because it assessed that it can't do that, is effectively defining the actual requirements, even if nominally they are just validating the other firms work on behalf of the customer.
> It's fundamentally impossible (absolutely, 100%) to write specs for a complex product before the product work begins.
Yes, you seem to understand a key part of the basic problem, but then describe a rearranging-deck-chairs-on-the-Titanic solution that does nothing to address it.
> And my way removes the back-and-forth which is a huge source of errors.
No, it just changed to nominal role (but not really the functional role) of one of the three (customer, requirements crafter/validator, developer) parties to the back and forth.
My way is to recognize that if you are going to build and operate a complex IT-dependent business function, a prerequisite step to success is to own the IT capacity to govern the necessary system components, including their incremental development and adaptation to evolving business needs. And closely related to that is arrange the work into increments that (among other criteria) can be plausibly specced in advance but also where the setback isn't intolerable when an increment’s main output is information about where your understanding going into it was wrong.
> My way is to recognize that if you are going to build and operate a complex IT-dependent business function, a prerequisite step to success is to own the IT capacity
Right, just become an IT organization. That's the simple answer nobody talks about.
This is a non-answer because even most companies that want to can't do this, and as a taxpayer I don't want my government developing IT excellency, I want bureaucrats doing their core task not writing specs. (When they leave the agency they could go to the business process consultancy I mention, where they monitor and advise the developers in tax questions and departmental process issues.)
Their IT budgets are often ginormous with very little to show for it. Consulting havens. Slow, if at all, moving project organizations.
It’s about size, budget models and competences.
Time for another rant:
Note that Sweden have implemented “new public management” NPM which basically pushes government agencies to govern like the ever oh so successful free market companies.
This has had many really bad side effects since the 90s and it’s right up the neoliberal alley.
In my book it’s just silly and something only professional politicians together with consultants can cook. But it’s a different story, really.
Projects are necessary for things that are built to last and not change much during their lifetime:
- a bridge
- airplanes
- most houses
- etc
Hardware comes to mind - it’s all hardware on the list, basically.
Software (outside certain realms ofc) like this? I’ve been, like many others here, doing this software thing for 20+ years now.
Big and small, I’ve basically never seen anything spawned from a project-driven organization actually deliver great results.
Most software is supposed to change, indefinitely - that’s the point!
Everyone in this day and age should know that requirements change over even short periods of time, so why even bother trying to pin them down in detail up front - you’re going to do everyone involved a disservice.
There is something to this agile thing and a “project” is it’s anti-pattern.
Not mention how much a quick feedback loop will learn you about the operation side of things.
Operations and change, it’s all you can build for and that is best done one step at a time.
(This joke of a platform is spread across multiple (5?) vendors/partners no less. A couple of them probably started just for this, backed with vc funding. It’s most likely a glorious mess!)
I suspect that one cause of this is the fact that these contracts need to be rendered for, which means stipulating the requirements at the beginning so bids can be produced. So a change of approach would necessitate a change in how how contracts are awarded.
The trick is to make your projects tiny, not big. Instead of "build an all-encompassing system that does everything" you do "solve this very specific business problem". You could call these little projects sprints or something.
> The trick is to make your projects tiny, not big.
Gall's law:
> A complex system that works is invariably found to have evolved from a simple system that worked. A complex system designed from scratch never works and cannot be patched up to make it work. You have to start over with a working simple system.[9]
At my previous employer there was the concept of the "90 day sprint". Top management use the term without irony. All they have done is substitute "sprint" anywhere you would say "quarter". So now they are agile. I wish I was making this up.
There should be laws the require the use of open distributed extensible protocols.
That means the government comes up with a way for the parties to collaborate and just enforces that. So the actual implementation is open to competition.
Things like communication protocols or extensible APIs or schemas for exchanging APIs.
Also internal company politics. What would fix much of this, for many projects, is a very experienced product person with final say over every feature, reporting directly to the CEO / board, and outranking everyone else in terms of decision making.
Someone skilled is less important than someone who’s empowered. These projects fail because of SVPs and CXOs who get to bully their favourite features and requirements as priorities rather than having someone taking a holistic view of the roadmap.
I just read the twitter post. And from there it sounded like the app is mandatory, because everyone in school had to use them and it was the only solution - and a bad one. So parents made a better on on their own - client - but they still need the sever - so the government contractors change the server-client communication to block the competition.
So it is in effect government mandatory at the moment. And pretty stupid and yes - hopefully illegal.
I once interviewed with a company that had been hired by the UK government to create a system for one of their agencies. They told me that the system had 1000 requirements (literally) had already been implemented once and failed but they wanted to have another go. Boggles the mind (and I refused their offer).
> It's amazing how often giant IT projects like these go off the rails. Exploding costs and garbage implementations. If you start the sentence with: "A 5+ year government IT project that cost over 100 million-" I already know how the story ends.
People don't notice when things go right.
What about all the 5+ year, $100M projects you didn't hear about, because they never made the news, because the project went smoothly?
Even in general conversation we tend to vent about how bad our day/week was, and not how awesome something went:
Cities are ran by politicians that in most cases are too incompetent to do anything better with their lives. When incompetent leaders make decisions, the incompetence is flowing to most, if not everything they do, including this kind of projects. There is no immediate fix for this situation, unless the decision would be made by some kind of city manager or board of experts that are recruited based on competence and held accountable for the results (up to prison, if needed). The old story with "politicians pay with their mandate, they will not be reelected if they fail" is a story for toddlers, that is not a punishment on par with the damages they make, will the Stockholm mayor pay back 100 million dollars?
Or why not execute them instead?
Worked very well for ages ...
More seriously, there usually are no simple solutions to complex problems. And government is a very complex problem. So many people with so many opinions - and everyone involved afraid to say one wrong word or make one wrong decision. I don't think more fear helps there.
I mean - prison for corruption - yes!
But prison for incompetence, no. Then you also have to jail the people who put the incompetent person there in the first place and those people and so on.
Just make them responsible for the damages and it is no longer econimically viable to give projects to the bidder with the highest kickbacks but rather the ones that can acutally do the job.
Worse, I have seen not enough people run for open council positions, so anybody willing to fill out the paperwork can ‘win’ without anyone in town voting.
"The city's local government, @Stockholmsstad, spent 1 billion Swedish crowns (100 million dollars)"
"@Stockholmsstad are now acting like angry toddlers."
I'd read between the lines. I don't think it's a hurt ego, not with these numbers. Someone is (continued) to be paid for this to be happening. This reeks corruption.
Well, angry toddlers are also often angry when someone takes something they believe to be theirs. And toddlers often think the whole world is theirs and theirs alone and everyone is here for their amusement .. and if reality tells them different, they can get very mean, too. So - I think the analogue holds somewhat.
It's not so much angry toddlers, who at least can be placated with ice cream and a Pixar movie.
It's more government officials and contractors with their reputation and money on the line. In the case of government officials, it's not necessarily unmarked-bills-in-a-paper-bag-under-the-table kind of corruption, but the more pernicious "revolving door" of government/private industry kind.
Most of the people responsible for starting the journey have left the local government. I think the big problems are
- the fact that they have been fined for not handling personal information in a correct way combined with
- not enough technical knowledge to know what their current solution enables
- the scope of the problems with the system are so big that they do not know what to do and they feel like they get attacked from everywhere and do not have the professionalism to see the bigger picture
- they can't afford to scrap the project and start from the beginning
It's one thing to feel attacked, but they apparently actively try to undermine and derail the competing open source project. That's not mere defending, that's open hostility. So the obvious inclination, IMHO, is that the company behind the original code wants to continue to gain from the ongoing (and, ideally, perpetual) cost of maintenance. Naturally said software company itself cannot openly be the source of those obstructing software changes, so they have the officials to act on their behalf and request them. I hardly can think of any other scenario in this case.
If open source advocates banded together and "sold" this story to local governments, there would never be these kinds of boondoggles. I'm reminded of the same thing that happened in Oregon. Oracle came in with a low ball price, then extracted hundreds of millions of dollars out of the state for a POS health care system.
That's how BDUF software consulting works. Design something unusable but make it cost as many billable hours as possible. That way, it has to be thrown away and it's job security for the consulting industry to keep a desperate customer throwing money at non-solutions.
A better approach is agile with customer's actual employees guiding small changes all along from the beginning, and customer's project managers/budgeting managers tracking progress, requirements, and costs.
There are many "do everything" mega solutions like SAP. They're usually terrible because they try to do too much, require changing processes to fit the software, aren't specialized enough in each area for real-world use, or aren't customizable enough. They're often terrible pieces thrown together too quickly under a utopian belief that one app will rule them all and users will just adapt to unusable garbage.
There's nothing preventing a group from making a FOSS replacement of a government project made commercially, even if its goals aren't ideal.
I don't really like to defend SAP, as I had to use it once just for putting in working hours and was horrified by the necessary steps to do so - but afaik SAP is not "terrible pieces quickly thrown together ".
It is rather way overengineered. In such a way, that freshmen to SAP(out of university), get assigned to a project - but for one whole year are basically just have to walk along with the team, without contribution actual code, because they have to understand how it all works together first.
(at least thats what I've been told by some people going there)
Sounds glorious and horrifying. I rather did things where I saw actual progress and impact of my work.
Though to be fair it got there because it was one of the first to kinda solve the problem in a more flexible way than having a system built from nothing
>The city's local government, spent 1 billion Swedish crowns (100 million dollars) over 7 years to build a massive do-everything school IT platform, which students, teachers and parents are forced to use.
And their app is awful. Slow, buggy, almost unusable. One parent managed to access other people's private data, leading to @Stockholmsstad being fined for bad security.
where is juicy details like who did it? Oracle? IBM? ..?
> So a few parents decided, since the data is basically their data, to build their own better version. A couple of months later, @oppnaskolplatt was ready.
Bad precedent that must be squished ruthlessly. Otherwise next time they would decide to have their own better roads, police, government... that slippery slop of "we the people".
Tieto, Nova Software and Unikum are well known players in the edu-it space with Tieto beeing the big one (they are in a lot of other industries as well). Normally they are in direct competition with each other.
The best quote pertaining to Tieto that I'll never forget is when they one the contract to build a new system dealing with something around people with cancer in Luleå. One person on IRC simply stated: "Well now I'm really glad that I don't have cancer _and_ lives in Luleå".
I've worked quite a bit doing migrations and integrations against one of their products. The database schema is... interesting. This thing obviously started as a Sweden-only product, so the database schema for the Swedish version has Swedish column names (first mistake here). When they wanted to build a version for the larger Nordic market they decided to translate the column names to English (well, ok...). But since they already had a lot of customer installations using the Swedish version they have maintained 2 parallell database versions, essentially identical - except for all column names - for something like 20 years now. For this product they have also maintained a home grown version of Visual Basic for automation tasks within the system. Essentially VB6 except lots of bugs and quirks that are so old that if they fix them now, literally millions of man-hours will be required to migrate the existing automations that rely on those quirks.
In Scandinavia, contracting agencies are king. We've brewed up many local varieties of these, that are much smaller, probably a bit more skilled and generally don't deliberately take money from customers that clearly don't know what they're doing.
Directly employing most of one's required software engineers is largely a very new phenomenon, and not yet widespread.
In Norway, you'd have e.g. Evry, Itera, Bouvet, Miles, Computas as well as international companies like Steria, Accenture and CapGemini. They contract out developers at ~$125 an hour and pay a regular middle-class salary. A large portion of software engineers are employed at a company like this.
Government organizations are terrified about open source initiatives. There's something strange about it.
You could volunteer to do all the work and they'll still oppose you at every turn.
My hope is that we'll reach a stage where citizen participatory programming is normal for all. Where my dad could offer a PR to fix a typo on a government page casually as he browses it.
I have a feeling we're not far off but you need it to happen in a place with low entrenched interests but with sufficient enlightenment.
I think big US cities have the latter but not the former, and authoritarian developing nations lack both the former and the latter. So maybe smaller Western nations like Estonia.
Or, my biggest hope, sufficiently advanced townships in America.
It is hard to blame other people when you are the only one to blame.
When you decide to use a open source project it is your fault if it fails not the open source project, it often says so in the licensing.
While that is always true in reality(you are always responsible for your actions), it is not legally obvious when you buy commercial products(you can blame the manufacturer).
While people are often reluctant to accept that. I find that it is often what people’s arguments in this regards can be boiled down to.
I don't understand this argument at all. Unless you interpret the disclaimer as "you are not allowed to contract support from a third party", in which case you need to fire your legal department.
I suspect the argument usually comes in the form of FUD from consultants like the ones in charge of this project. But I wonder what makes it takes hold. Incompetent lawyers? Bureaucrats who like to play armchair lawyers? Or just outright corruption?
I don't know, when our libraries procured new state wide library software (each city had it's own before) they went with Koha (open source). This means that they are not really paying for development, only installation integrations and support. This opened up the bidding to much smaller players and was much cheaper over all.
This was for the libraries in the "between the lakes" region in Sweden (it was not for the "state"-level, I missremebered). Here is a link (swedish) https://kohasverige.se/nyheter
It’s still “no one got fired for buying IBM” at play.
I can see why you’d be defensive and make a project together with the firm that is the biggest player in software for the public sector (although their reputation is poor).
What I don’t understand is why the project is a Big Bang release type thing. Or why the contract can’t have clauses about openness or interoperability? If the supplier is scared by that or charges more for it - switch. Having source visible or exposed APIs doesn’t mean they have to accept PRs (although that would be great PR)
It shouldn't be. The US has the right idea with public domain, but that concept doesn't really exist anywhere else in the world and, for some reason, doesn't really exist for software at all.
I dont think the programmers are the problem. The problem are companies getting government contracts are good at exactly that getting government contracts. That mostly involves doing bribes without them beeing official corruption.
Typically the way this works is that the A-listers are trotted out for the initial dog-and-pony show and prototype, then they move on to the next boondoggle and are backfilled by a rotating cast of Elbonians billing the same rate to flesh out the details.
The government's system sounds just like the "Ultranet" (as it was comically named) in Victoria, Australia a few years back which similarly aimed to be the one system to rule them all in government schools. Eventually went to the scrapheap (along with a few bureaucrats who were charged for corruption). During the tender process a few of us were toying with putting in a tender using Moodle, but glad we didn't waste our time as it was stitched up from the start.
Ctrl-F'd for that exact phrase. I remember that system being introduced - I was in high school at the time and my mum was a teacher. It was down for the entirety of the single government-mandated training day, and when it finally came up everyone could tell from a mile off that it was a steaming pile of shit. I don't think we ever used it after the initial session, ever.
Corruption and inefficiency of this kind is a relatively new phenomenon, stemming from a regime of letting private contractors run the whole show. A fun fact is that Stockholm has one of the most expensive buildings in the world: Nya Karolinska, which has cost (converted from Swedish currency) around 2 billion dollars. The reason behind this is that construction was run as a public-private partnership. Meaning you shove loads of cash into private hands while you get none of the benefit.
The whole thing just reeked. Boston Consulting Group had junior consultants billing 200 hours a month but couldn’t produce documentation of what the actually did
Among other things, that we get angry in public when this happens. Hopefully that someone will see at least some consequence. That we are even surprised and upset about this I think is a good sign.
I’m sure there are places where people would shrug even if the brother of the politician in question was running the firm that got the contract. Thankfully we have very little of that.
Do we though? There's a couple of government watchdogs that specifically track waste of taxpayer money, and sometimes underlying corruption. Those names (Slöso) are considered by both politicians and certain political leaning citizens as "right wing capitalist propaganda machines/special interest outlets".
I vividly remember how everyone shrugged of some small, local politician spending 50 Million SEK(5 Mil USD) on some project to "Cheer up the town square" ended up with 5 contractors, all friend of the local politician, that produced one 50 page report on how "dancing and talkin street lamps will cheer up the town square" was the final result. The politician denied to answer further question to reporters, insisting the project gave good insights, and no one gave a single crap
Slöseriombudsmannen is employed by the private lobbyist group Skattebetalarna. The love to rage about stuff like the thing you mentioned but have “a curious disposition” with stuff like Nya Karolinska:
And your point is? Never claimed they were perfect and some of their more nitty picky hit pieces have been criticized by their followers too.
My point is rather that the issue of "wasting tax payer money" should in principle not have any political side; its about efficiency and both left and right should engage in the question. If anything the side that is vouching for more government should be the one leading the discussion of the efficiency of tax payer money utilization.
Yet most just jump to simple adhomiem attack on the critisizers. "right wing propaganda"; That was my point. That we pretend to care but we don't, and rather switch the discussion to petty tribalist name-calling.
And I'm well aware the sponsors of the organization and that they probably have some rotten eggs in the basket too.
My point is I don't like them :) Seriously though, I feel they do a lot of astroturfing and smokescreening to make a lot of noise about inconsequential stuff while saying nothing or very tame things about the real leaks in privatized education and healthcare.
Actually Swedish govt has really good IT. I use the actual app a lot with 3 kids in the school system here in Stockholm. It's not that bad, functional UI, but non-IT folks could easily have problems. Some stupid decisions - like a whole new app for reporting absences - where you get redirected there, but with SSO.
I suspect the contractors here are the bad boys, but there should be somebody in Stockholmsstad who stops these ridiculous changes. Probably the project mgr in Stockholmsstad is not technically literate enough and is getting hoodwinked about this app being a security threat.
This definitely sounds like corruption, and every gov contract globally is handled similarly. The sooner people realize that their gov is not special, the better.
Hanlon's razor. The problem with Swedish public financed IT, is a) the requirement by anti corruption legislation to choose the cheapest solution b) the lack of competence by the people in charge of writing public tendors
This happens in every city in EU. Yesterday I was checking out the mandatory drone tracking solution of my city provided by a local supplier. Don't think it a network of radars connected to a surface-to-air-missile installation, no, a lame skin on google maps where you upload a flight plan based on a pdf you need to find for yourself on another website.
> You can understand why they arent keen to allow it to continue as its using BankID to authenticate. Would you install a 3rd party app to access your bank account?
BankID is both an authentication and user information service system. Swedish customers can sign up with BankID, and the beauty of the setup is that we are exposed to less private information than we otherwise would.
On login, these same customers go through BankID flow, and we get an assertation from the service that essentially tells us "login is valid for this previously assigned unique customer identifier".
Also: as a Swede, I must say, it works very well. It is also a closed source thing, but unlike this Stockholm Stad system, it’s basically a success story from the end user perspective. It’s great to have a unified, secure and easy to use way to access your bank and government services.
As a fellow Swede, I must say that BankID is one of the most blantant corruption schemes that have happened in this country.
It's a proprietary product that's not publicly available, and yet it's required for many governmental services. Obviously, it's a recipe for disaster.
For example, when Swedbank found out that I use some service at another company, they closed my access to BankID and told me that I either move that engagement to them or ask the other company (which isn't part of the BankID oligopoly) to somehow get BankID.
Even worse, there are some stories about people losing access to BankID for political opinions. That's China level of repression.
Perhaps the thing to do is to offer up the government project to an open source initiative.
"We need a school comms platform. It needs to have messaging and scheduling. People need to be authenticated (duh)."
Now ordinarily I'd say "WTF who would build that for free?" but by the looks of it someone has done substantial work for free already.
Heck, you could probably get free work from the kids themselves. There's plenty of people in education who would want to do odd jobs on it.
Now maybe pay up for a few senior devs and a PM, so that someone is at least responsible for it, with their income tied to it. But make it a small group, for the same reason.
If there's suggestions, or something breaks, there's a place to report that. End of the day, it's a platform for the people by the people.
Sounds like a great way to get a community to build its own infrastructure?
> Now ordinarily I'd say "WTF who would build that for free?" but by the looks of it someone has done substantial work for free already.
There's a Cunningham's Law parallel here: the best way to get a good free open source system is to first build a terrible expensive proprietary one with shady business practices, and let the frustrated users do the rest.
I think you missed the part where large numbers of people are forced to use the bad system wasting time but only paid salaried time they're not too concerned about so that they'll spend even more of it complaining about the need for a replacement and extolling the virtues of any other system they'll never actually use, and the bit where you pay for lots of highly skilled experts to get the bad system running and doing the least of things for big organisations who think there's no alternative to spending huge budgets for employing the programmers who ultimately take all of this experience to exhort the open source developers what is really required for a successful and excellent replacement and become independent consultants paid by different big organisations to give advice on how the new open source software is going to solve all their problems and set up the teams and management required for adopting the new open software, whilst the open source developers listen to these voices and target unrealistically difficult features and architecture and never get around to noticing that the only thing that anyone actually wanted done was the few really basic tasks that just happened to be too difficult to implement in the original badly conceived product.
I love this idea, but it seems that in general bureaucracies are not agile or freethinking enough to be willing to risk doing something like this, even though in the long run it might be amazing. Imagine if an easy-to-administer system of this ilk was freely available and was picked up by school districts around the world; that would be an incredible pool of talent to work with. Especially if the product can be a little bit fun and whimsical, being not-for-profit, compared to working on something dry and corporate.
I had the incredible luck to meet on the day of his involuntary retirement from running the largest global financial aide fund until the Melinda and Bill Gates Foundation exceeded the figures involved, forced into very early retirement because the New Labour government dictated by fiat the abrogation of every civil servant who was recruited internally and not from university. My advisor and great friend could manage with a team of a few percent in headcount of the present incumbent cohort, a multi billion pounds development organisation and had proven himself in the most fraught of contentions between government and industry (Mike was the hatchet man tasked with getting the dirt and lowdown on the infamous Westland affair that nearly toppled the Thatcher government, for only one example of his capabilities) and consequently I'm not persuaded of the whole prejudice against bureaucracy which I know personally in the UK has been a consequence of this most disastrous and indiscriminate violence against the national interest in all of my understanding of administrative modern history.
Yeah, it's not gonna happen at ant scale soon. Quite simply the bureaucracy is trained to buy things from big businesses. They're the last people to know anything about how technology works, and can't be convinced by anything other than the authority of brand names.
I'd love it if we lived in a society where everyone could contribute to everything. You see a bug, you report it on the board, someone says "hey I don't have time but you can look at it, it's gonna be in myscript.py". You fix it, they check your fix, and we're all better off.
Having an army of kids doing it would help everyone. I think working on a real thing instead of a contrived project is huge in the development of coders.
And as you say, they can add their owm imprint. Society has got to renew itself somehow, and it's not by being corporate.
Yeah, 100%. People underestimate what "kids" can do - especially when we're talking about 14+ year olds who have been using technology their whole lives. Giving them the opportunity to work on Something Real might be more appealing than a bullshit project that goes nowhere.
> I'd love it if we lived in a society where everyone could contribute to everything.
That's still the dream, but SaaS kills open source in many ways - by monetizing what has already been done for people other than the authors, and by locking all applications behind paywalls. A return to running our own decentralized software, a return to protocols instead of platforms, is what we need to get over this.
bureaucracies are beautifully animated things to watch if you look for the incredible ways they'll self heal and react to negate any kind of threat to their preferred definition of their own integrity.
> Heck, you could probably get free work from the kids themselves. There's plenty of people in education who would want to do odd jobs on it.
> Now maybe pay up for a few senior devs and a PM.
> platform for the people by the people
I think you're overestimating the abilities of "kids" and non-professional devs and underestimating the complexity of running that kind of show (thus underestimating the ratio of professionals/community necessary to pull that off). Notice how most successful open-source projects are in fact supported by tech companies and worked on by professional devs on those companies' payrolls, and how, despite that, most open-source projects still end up kind of chaotic.
What? You guys build airports withouth 14 years of delay and 500% of the planned cost?
German government is the european leader in corruption , even covid was used by many of them to get kickbacks for masks for elders and wasted 2 Billion € there.
And like the corrupt "Flintenuschi" Ursula von der Leyen they get promoted to President of the European Commission for that if they manage to delete all evidence from their phone after beeing caught.
Reminds me the old "war" between AOL Instant Messenger and MSN Messenger. I think I recall that one the same day there was around 50 updates to those programs. Each update breaking something from the other and then one blinked and the stream of updates stopped and the 2 apps no longer spoke to each other.
Exactly the same is happening in Hungary. There was a huge educational system developed for schools from extremely huge budget but both the backend and front-end is crap. There was an alternative front-end built similar to the Swedish way but they were forced to shut it down.
Government procurement is fundamentally broken, in the software world. The incentives of procurement seems to ensure that the worst software is produced, at a significantly greater cost than free alternatives. I blame this on the rise of administrative costs in the universities (which trickle into enterprise) and the inherent disagreeableness (with outsiders) amongst the price's law coalition.
Funny thing about that quote- it's taken from a longer speech that Reagan gave, in which he talked about how his government had "committed record amounts" of agricultural assistance:
> I think you all know that I've always felt the nine most terrifying words in the English language are: I'm from the Government, and I'm here to help. A great many of the current problems on the farm were caused by government-imposed embargoes and inflation, not to mention government's long history of conflicting and haphazard policies. Our ultimate goal, of course, is economic independence for agriculture, and through steps like the tax reform bill, we seek to return farming to real farmers. But until we make that transition, the Government must act compassionately and responsibly. In order to see farmers through these tough times, our administration has committed record amounts of assistance, spending more in this year alone than any previous administration spent during its entire tenure. No area of the budget, including defense, has grown as fast as our support for agriculture.
This is unrelated, but how in the world can he be held in such high regard in the US? Over here (Europe) he was widely regarded as a clown during his presidency, and the whole Iran/contra deal, together with the pardons by Bush senior, didn't really do his legacy any favours.
Just a week ago a friend of mine (who does not share my views, and is generally positive of Reaganomics) said something along the lines of: "not only was Reagan a clown, he surrounded himself with crooks"(regarding Bush and Meese).
It's been a while so nobody actually remembers him or what he did, except for the Republican personality cult. Also, the economy did pretty well while he was president, although it was a coincidence because it was so bad under Carter.
What Reagan and Nixon mainly ran on, which is still the current Republican strategy, is making white people feel good about being white by telling them that all black people were criminals, and proving it by taking away their welfare and putting them all in prisons.
Charisma and those who benefited. I've heard Regan was a popular actor at that time, and you need only look to the massive defense projects and 'support for farmers' to see how popular that would make such a president among the more rural base that tend to vote Republican in the US.
It's really simple - Americans approach politics as if it's a football game. If a guy is from their "team" then he gets support since being on the "correct" side is more important than the actual merits. So there's a LOT of people in US who have respect for someone like Reagan or Bush purely because they were on the "correct" team.
Funny comparison. When I watch sports (mostly e-sports but) I'm always asked "which team are you rooting for?" and I always answer "I'm rooting for a good game.". Wonder if there's a parallel between that attitude and "moderate/centrist" learning in politics.
Apart from supporting Solidarity (and then help the economic bullying to make sure they didn't get any chance what so ever to have their own economic policies), I don't think much was achieved that the Soviet Union wouldn't have managed without US "support".
> When talking about Ronald Reagan, I have to be personal. We in Poland took him so personally. Why? Because we owe him our liberty. This can’t be said often enough by people who lived under oppression for half a century, until communism fell in 1989. ~ Lech Walesa (https://en.wikiquote.org/wiki/Ronald_Reagan#/media/File:Lech...)
Like Trump, he was an actor that told a story about America that helped people feel good about themselves, and talked up the fight against the designated enemies: Iran, communism, and unions.
Loyalty politics beats actual accountability. That's why the man who illegally sold arms to an enemy of America ended up as head of the NRA selling arms to America.
I'm from [name of big corporation] and I'm here to help.”
really sound any better?
I guess any big entity with lots of power has the same mechanism. Arrogance, intransparency and ignoring or misunderstanding (or knowing better) of the real needs on the people on the base.
IMO the problem here is exactly that the project was outsourced. Outsourcing is likely to lead to crap products and with clueless public funding the costs end up astronomical relative to the quality of the result. In-house software expertise could result in better quality (this budget could definitely afford a lot of great engineers) and more controllable costs.
* That team is still necessary for future changes and maintenance, including security and transitions.
* The public sector has many institutions* where such a team should have tenure (and other work to fill the non-public works projects time).
Offhand, These institutions include the temples of information worship (libraries), information provisioning (higher education of all sorts; elementary and lower are for converting feral humans to educated people), and any civil engineers (civilian or military at any level).
This wouldn’t as much rub me the wrong way had this been an effort of actual employees and staff at some govt agency where this were a longer term (indefinite?) initiative.
At least then it turns in to:
- mostly a zero sum game with my tax money
- opens up for other, future, opportunities and lessons learned
Hiring services from consultancies and third parties that after project end will “hand-off” to maintenance and operations to... another third party. I mean. Come on!
That doesn't negate the truth conveyed by the quote... government is often horribly inefficient and many people don't want the so-called "help" the government forces upon those people.
I certainly know I could manage my retirement funds more efficiently than the government. I dislike all the "help" I see government doing when it often produces worse results than anarchy.
A decent democratic government at least over here in Scandinavia, try to make life on average as good as possible for the majority.
Funny you should mention pensions... Govt probably knows many or even most regular people are completely uninterested in pensions and/or “the market”.
Many could need help or even be forced to set away money they otherwise wouldn’t.
This is where the Swedish govt put you money if you didn’t chose yourself:
Nearly all nations have laws against misuse of taxpayer money. I believe a case can clearly be made for embezzlement and breach of public trust under Chapters 9 and 10 of the Swedish Penal Code.
IIUC, the open source app uses an unofficial/private api to communicate with the city’s application backend? Regardless of anything leading to the open source app being built, I struggle to take their side here.
Looking at the code, it appears that they authenticate against the api? So it’s a third-party app using an api, against the first-party’s expressed wishes, to read and/or manipulate student data?[1]
I understand the same, but remember that this is a city government that built this app, not a private company. The app belongs, by rights, to the taxpayers who funded it, and for the city (or their contractors) to be actively working to prevent them from building a better version of it is clearly wrong. Publicly-funded applications should be required to be open source (barring national security concerns), but at the very least they shouldn't actively prevent open alternatives.
It looks like users use a different frontend than the one provided by the government. So it's users changing their own data.
So that leaves a defense against... their own users? Makes no sense.
Plus the tax payers funded the platform so it's not like the government has any legitimate interest in protecting the product itself like a private business might.
While I love the David vs Goliath here, I'm going to point out the thing that open source folks just love to fluff over:
Who is going to maintain that app over time?
Maintenance sucks and is expensive.
I'm going through this right now with a security system for a non-profit. The old system is open source and works--but it's 10 years dead.
So, they'd like to add these couple features. Who is going to develop that? Who is going to pay for that? What happens 10 years from now?
So, they can pay money for a commercial solution which is "Somebody Else's Problem(tm)" or they can go with a bespoke system that becomes their problem.
Maintenance is a cost that open source never accounts for.
maintenance: still necessary, hire anyone but probably the expensive guys from before
The route that these parents demonstrated:
input: a few months and presumably a whole lot less money
output: something that seems to be well-liked
maintenance: still necessary, hire anyone
Regardless of "but who's going to maintain it", the benefits should be clear here. People don't work on open source code because they get paid to and shrug when they do something useless or even detrimental just because the boss says so. They work on it for a passion. Now if you hire a company to write the open source code, you kind of lose that benefit, but if the development is out in the open, the public can at least keep track of it and say "but this doesn't make sense" or "let's get a working system before we spend another 4 years over-engineering and bloating this". This open model is how the corona tracker was developed in the Netherlands and it worked super well. The question is now whether the government will dare to do it again with the next IT project.
> maintenance: still necessary, hire anyone but probably the expensive guys from before
Don't forget: sometimes the copyright is still owned by the contractor that developed it, at which point the options are only "hire the expensive guys from before." Want to make a change and the vendor can't/won't? Oops, guess you're starting over from scratch! Or you don't make the change you wanted to and live with it as-is.
> Regardless of "but who's going to maintain it", the benefits should be clear here.
Are they clear?
Or is this the "Chrysler Comprehensive Compensation System" all over again? aka the gigantic disaster that somehow spawned the Extreme Programming "experts" and implemented the easy 80% while missing the really hard 80% (yes, that totals to 160% intentionally).
It's really easy to produce something that majority like but doesn't get even basic use cases. For example, let's start with some simple stuff:
- Does it meet GDPR guidelines?
- Does it meet accessibility guidelines?
- Does it meet security guidelines for protection of personal information of minors? (Apparently the original government software completely blew this off. As always.)
As I have pointed out previously on HN, that adds a bunch of cost to government software that MUST be paid if the software is part of government functionality.
I can whip out a single page app in a hurry. Ask me to comply with those issues and I'm going to have to spend a lot more time on things.
Don't get me wrong. Big IT projects like these always become boondoggles. However, everybody always simply gives the open source project the benefit of the doubt at being "better" when it probably just blows off a lot of functionality.
Government CRUD applications have to be able to handle the majority while still allowing the 0.1% to be handled.
Yes they are. The benefits are clear, because apparently a whole bunch of users got together a spent a bunch of effort building something that solve real problems that they themselves were having.
> everybody always simply gives the open source project the benefit of the doubt at being "better" when it probably just blows off a lot of functionality.
If people are using it, and spent a bunch of time and effort to solve their problems, then almost by definition, it is solving a problem that they were having.
So yes, we can just assume that it is better in some ways. If a bunch of people are using it, then almost by definition, it is providing value to some people.
Of course open source also needs maintenance, but maintenance isn't suddenly cheaper because you bought a big commercial solution. The difference is that for open-source, you are not reliant on the original provider to maintain it, but can pick from a large range of open-source dev shops and consultancies to help as long as the size of the system is tractable. (or if it's a big thing, hire your own people and bring in external support as needed)
For someone without expertise, there is no difference between paying money to a proprietary company and paying money to an open source developer.
In fact, open source is almost always worse--the proprietary company can at least generally demonstrate that they can do what they say.
And, for contracts like these, the end customer generally gets the source anyway. So, to the end customer, there really is no difference.
And this is before we get into the whole "Whose budget holds the money for that maintenance over time?" political football. A lot of government contracting is about transferring uncertain future payments into certain present payments. And someone will try to kill that budget at some point.
I love open source. But open source software almost always fails hard when the subject isn't relevant to software programming.
VLC is mostly based on ffmpeg which didn't have much public commercial sponsorship for years, until the post-YouTube era, where there was some sponsorship from Google but mostly just a lot more small and large closed-source developers releasing crappy "video converter programs" and not crediting it.
It instead was mostly developed by a schizophrenic Austrian math genius in his free time from not being regularly employed, plus some other grad student types.
This is not a "current proprietary system" vs "open system maintained by volunteers". They can basically adopt the open system which is better and pay whoever they want the same account of money to maintain it. They just need to shift which system is being maintained. (And may even save money that way)
Yes, free software projects can stop being maintained. But proprietary products can go out of business. Or they might shut the service down (witness the Google Graveyard). At least with free software you can hire someone else to maintain it if it stops being maintained.
[0] https://twitter.com/oppnaskolplatt/status/137505230118290637...
[1] https://github.com/kolplattformen/embedded-api/commit/b61122...