kravietz 🦇 @kravietz@social.privacytools.io

This exploit is beautiful in every aspect CVE-2019-7609. Upgrade your Kibana. https://www.tenable.com/blog/cve-2019-7609-exploit-script-available-for-kibana-remote-code-execution-vulnerability #kibana #security #javascript #nodejs

@yogthos That is an easy criterion here: if the service was *intended* to operate on non profit basis (like all the basic infrastructure services you mentioned) then, well, it should do just that.

That's one of the main advantages of public sector by the way: it does *not* have to generate profit. Private companies in most countries are required by law to generate profit and if they don't the directors may be accused of failing the company.

@yogthos Well, that's part of the problem: public-owned companies rarely fail.

In Poland we have 15 state-owned coal mines that haven't been profitable for decades and state essentially pays billions each year so that they can dig some more coal. Because it's poor quality, state also buys coal for power plants from Russia. Any mention of reforms results in trade unions marches and nothing changes.

@yogthos This I can only agree.

@yogthos

And here's a whole paragraph on Estonia from that article:

"As for the general architecture of the QES, Estonia is a notable exception from the negative trend. In Estonia, the government implemented a reasonably complete and consistent product (DigiDoc), which started from clearly defined objectives, an open technical specification, software packages and an internet portal"

And they indeed did that - a whole consistent and usable product.

@yogthos

> cost of technology doesn't rise linearly with the number of users

It does not *have* to if you do it correctly. Often it's not done correctly and in public sector it's done incorrectly more often than in private simply because public sector can survive more failures.

Here's a whole article I wrote about electronic signature failures in EU that highlights these issues

https://ipsec.pl/files/ipsec/when_electronic_signature_becomes_a_information_services_preventer_v5.pdf

@yogthos I've studied this a lot and yes, you certainly can run public sector enterprise efficiently. You can apply goal-oriented management, you can use process quality optimisation methodologies etc. I'm also working in public sector in the UK and it's definitely working this way.

You have however remember that there are countries like France, Italy or most of Eastern Europe where bureaucratic red tape is legendary (and I can confirm first-hand).

@yogthos

Public sector has one distinctive feature: it's much more risk averse as compared to the private sector.

This is understandable since every failed project is met with a concerted hysteria in the media because it's "public money".

@yogthos did you? ;)

@yogthos No, it's not exact the same thing as most private companies *do* deliver successful services and goods, otherwise they wouldn't make it on the market.

Public sector in each country usually has a long list of absolutely monumental and very expensive projects that never delivered anything.

@yogthos

> North America

Using USA as an example for anything related to *modern* economy is a waste of time, just as using USSR. Services in USSR were all public... and you know what :)

> private sector always ends up being more expensive

Private sector is poor at providing mass-scale services with low profit margins. Public sector is poor at providing services that require flexibility and results-driven approach.

Each of them has its place.

@yogthos A surprising fact about public sector is that the cost is indeed non-linear, but it's negatively correlated to the population size ;) Reasons explained in the other comments.

@yogthos

Trade unions - because they won't tolerate salaries based on how much the person is demanded on the market (as it works in corporations) and "too large" in comparison with other positions in the Ministry.

Media and citizens - because they won't tolerate public officers "earning too much".

As result, you have Ministry lawyers earning like $1000 negotiating with Gazprom lawyers earning like $10'000, with a predictable outcome.

@yogthos On the other hand, reason why in many countries public services are so poor is the culture of the public sector itself.

In Poland for example a senior legal advisor in a Ministry earns ⅓ of what he/she would earn in a private legal company. This is ridiculous, but if you propose raising their salaries, there will be opposition from... trade unions and from the media/citizens.

@yogthos I met a lot of officials from Estonia when I worked on implementation of electronic signature in Poland. There are many factors to their success, but the main is -- they have 1.5m citizens. Doing a project for 1.5m citizens is hundreds of times easier than doing it for 40 or 80m citizens. The latter is possible, but requires much higher skills.

@yogthos

You didn't understand - restaurants have no profit from food past expiration date. They *could* give it away for free and many want to.

They are *legally* prohibited from doing so by the law, not by capitalism.