The premise of the rule is that the second one is the end state.
The essential problem is that if one person spends their time e.g. fixing bugs in the code and another person spends their time weaseling their way onto the budget committee because they want to divert resources to their cronies, it's the second person who ends up on the budget committee. Then the first person gets laid off so their salary can be redirected to the cronies.
There are various ways to try to inhibit this with varying levels of effectiveness, essentially checks and balances. But the kleptocrats will be constantly trying to circumvent, weaken and vilify the things designed to constrain them. It's the sort of thing in the same nature as "the price of freedom is eternal vigilance".
That is rarely true. If an organization ceases to exist but people still have the same goal then they create a new organization or act individually without an incorporated bureaucracy.
On the contrary, the existence of a mismanaged organization nominally dedicated to a given purpose often prevents its nominal goal from being achieved, because people assume giving time or money to that organization will be the best way to further the goal. Then the organization squanders them when those resources would otherwise have gone to some other organization or people with greater effectiveness towards the goal.
> On the contrary, the existence of a mismanaged organization nominally dedicated to a given purpose often prevents its nominal goal from being achieved
This gives rise to another type of person within an organisation. Someone opposed to the goals of the organisation, and who understands this all too well.
In the UK we have a variety of arrangements for schools. Some are local authority managed, some are 'academy status' which means that they are self managed but often with a cluster of schools sharing a management layer to save money. There are also 'free schools' which are community run with often an 'alternative' ethos. And there are religious schools, run by churches (and other religious organisations). All of those are state funded using a funding formula, and they have to teach the national curriculum, and are subject to inspections. Academy status schools used to get a bit extra but not any more, they can however employ staff who are not qualified teachers (Qualified Teacher Status is a defined set of training and experience requirements).
There are also private schools (some famously called public schools like Eaton or Harrow, but most actually just private companies often with charitable status).
Schools are usually fairly small organisations and generally the management have risen through the ranks as teachers, year heads, and so on. It isn't a sector in which fortunes are made.
So, yes, I think a range of funding and organisational models are possible. But note the role of regulation (direct inspection of what happens in classrooms on a regular basis without much in the way of warning).
You seem to be questioning the possibility of private schools existing when they obviously do. Moreover, you could have publicly funded education without having a state-operated school bureaucracy, or without that bureaucracy having a monopoly on the funding.
It used to be that when the US did something bad, people would point to the constitution and the American ideals and say "this isn't living up to our promise".
Now instead when people point to the constitution and American ideals people say "those were written by dead white men" as if to justify cynically discarding them in favor of something heinous.
Slavery has been abolished in the US for over 150 years, which is more time than it was between the founding of the US and when it was abolished. There hasn't been a slave owner or slave in generations.
Meanwhile abandoning freedom of speech or due process because of the skin color of the persons who penned the original documents can only be described as some kind of wackadoodle nonsense and evokes suspicions of arguing in bad faith.
The thing that results in enshittification is market consolidation. Notice that Comcast sucks whereas there aren't a lot of complaints about Big Shampoo because that's a fairly competitive market.
If the government needs trucks then they should just buy trucks, not build a factory to make trucks and then another factory to make lead acid batteries for the trucks and then start mining lead to make the batteries etc.
At some point they have to interface with the market and you still have to solve the problem of keeping the market competitive and keeping the bidding process from being captured. If you're not doing those things then you're screwed either way; if you are doing them then it's better to just buy finished goods than to have civil servants manufacturing doorknobs and operating rubber tree plantations to make weather stripping.
I think that's true for widgets but it becomes much more opaque when it comes to digital services, particularly those that handle sensitive information. Sure there's govcloud and fedramp these days but if the US federal government had chosen to build that hardware out in house I think that would have been a reasonable decision. It's similar to private versus in house security personnel where there are arguments in favor of both.
There's a big difference between physical products, which, once the government has them, it can just use them, and digital infrastructure, which has a number of issues.
The two big ones I see off the top of my head are:
1) Once the government has paid for digital services from some private company, they are then providing those digital services to their country's public.
2) Because of that, they are then also storing their people's data in those systems.
If (say) Ford decides they don't like the government of (say) Belgium, and don't want to sell them any more transit vans (or whatever), that's not really a huge deal. Belgium has the vans already, and they can just get another supplier for the next set.
If Microsoft decides they don't like the government of Belgium, even if they don't decide to do anything nefarious with the data (which is absolutely a real concern, both from malice and incompetence), they can shut off their services overnight and then the people of Belgium have no governmental websites or digital services. (And if they have a contract that says they can't...well, what's Belgium going to do about it? Ask Trump real real nice to make Microsoft keep the lights on?) Or, even if they're perfectly polite and commit to an orderly transition, Belgium still has to put in absolutely massive amounts of time, effort, and money to select a new vendor and migrate all their data and retrain all their people on the completely different interfaces and such.
Whereas when they start buying new vans from Mercedes...the drivers might have to remember that the radio's volume knob is 5cm away from where it was in the Fords...?
If the premise is that you want to host data for people in Europe who don't want it to be under the control of the US then Frankfurt is a lower latency place to be than Virginia anyway.
The more astonishing thing is that people regularly talk about this in the context of hosting providers when by far the more significant threat is mobile platforms.
There are a zillion hosting companies, many of them outside the US. Now which mobile platform are you going to use that doesn't give one of two US companies root on your population's phones?
I have a sliding scale of devices I trust more or less (I trust nothing completely).
At the top of the trust scale is a self built desktop running fedora then way further down is my apple devices (iPads) and then even further down is my android phone.
Open source on hardware you control is the least worst option but since the hardware comes from abroad/countries I don’t trust much (including the US) not perfect.
This is in no way a solution to the population-scale problem of a belligerant nation having root on the citizenry's mobile phones/cameras/GPS units/network scanners
Something with ~0% market share outside of China and which trades the US having root for China having root is not a viable alternative.
In theory you could have something produced by a country other countries might be willing to trust, but the number of countries that are both trustworthy and large enough to sustain a globally-viable platform is practically the empty set at this point.
Which means the thing it calls for is something open source, since that both allows contributions from multiple countries and solves the trust issue by leaving no single entity in control of it.
One of the ironies of the TikTok-China discussion was that as an individual in the US, I would much prefer the Chinese govt have access to all my data over the U.S. government, just like I suspect individuals in China would be much better off if the U.S. government had all their data over the Chinese government.
So giving your data to the Chinese government, while not a great solution, may still be preferable over giving it to the U.S. for someone in the EU given the closer relationship between EU governments and the U.S. than EU governments and the Chinese government.
Of course, this may be the opposite of what you want from a national perspective.
Viability is debatable. There are tens of millions of smartphone users in the US who are vastly more exposed to US law-enforcement abuses and intrusiveness than anything China would care to try. Chinese emigres excepted.
In other words China doesn't have to be trustworthy as long as the mountains are high and the emperor is far away.
If the USA were to ever weaken into irrelevance then yes messing with foreign HarmonyOS users might have some possibility that can’t be easily dismissed.
As long as the USA doesn’t become completely toothless then the incentives would point in the opposite… as long as Huawei behave scrupulously they are nearly guaranteed to win and dethrone the incumbents for most of the world.
The US has already banned Huawei from doing business in the US.
Moreover, everybody knows how the enshittification cycle works at this point. They don't openly betray you when they have 0.3% market share, they just fit you for a noose that gets tighter as their market power increases. But because everybody now expects that to happen, who is going to use it to begin with if it's not open source and correspondingly resistant to rug pulls?
The entire premise of "other countries can trust your companies to protect their privacy" is that you can't. "US reads Dutch emails" is the thing you have to not do.
You can be strict about who you do business with while still respecting their privacy once they are set up.
The respectable, politically popular country setting this up would simply say yes to the International Criminal Court, but no to Putin.
This doesn't work well as a blacklist of "everyone's allowed unless they turn out to be sanctioned", because some shell company or reseller could register and actually be a front for Russia or whatever other bogeyman. But just serving enormous respectable organisations is a big niche in itself.
But now you're proposing something that doesn't solve the problem for the vast majority of people, since nearly everyone is neither the International Criminal Court nor Vladimir Putin.
It might solve it for the majority of people by compute use, though. Charge $100,000 one time auditing fee to get approved for it. For a Fortune 500 company or EU government agency or a big NGO that's nothing.
One-time anything doesn't work for security, not least because if they're trying to betray you they can change whatever they want as soon as your auditors leave the premises.
Notice also that you're only handling the entities large enough to do things in-house to begin with. Meanwhile one of the biggest problems here is industrial espionage, which is to say startups with interesting new technology.
> I can't prove it with math or logic yet, but I have a feeling that it’ll never happen.
It's not really that hard to actually prove it with math.
It's a computer, so to produce the boolean result (safe or unsafe) there has to be a mathematical formula. This formula will inherently be extremely complex, but even a very simple formula has a huge problem. Suppose "unsafe" is true if X - Y > 0. Make X and Y themselves as simple or complicated as you like but even in the simplest version it's already impossible to calculate unless the model has perfect information.
You can't calculate "X - Y" if you don't know the value of X. And it's indisputable that there is information it doesn't have. Case in point, telling you about a vulnerability in some piece of code is safe (and indeed not telling you is unsafe) if you're the developer and you want to patch it or an administrator and want to mitigate it, but the opposite if you're the attacker and want to exploit it. The model does not know which one you are, therefore it cannot make the correct determination any more than it can solve one equation with two unknowns.
The essential problem is that if one person spends their time e.g. fixing bugs in the code and another person spends their time weaseling their way onto the budget committee because they want to divert resources to their cronies, it's the second person who ends up on the budget committee. Then the first person gets laid off so their salary can be redirected to the cronies.
There are various ways to try to inhibit this with varying levels of effectiveness, essentially checks and balances. But the kleptocrats will be constantly trying to circumvent, weaken and vilify the things designed to constrain them. It's the sort of thing in the same nature as "the price of freedom is eternal vigilance".
reply