How the City of Stockholm wasted $100 million creating an insecure IT school system

Hi, guys, welcome to another episode of Daniliants ventures podcast today I have a really awesome story I have with me, Krishna Landgren, and he will be talking about open school platform. I heard about it on Hacker News. And I thought, Hey, I got to have Christian come to the podcast and tell himself about the story. I think it's really fascinating. And yeah, I'm sure you will enjoy. So, Christian, welcome to the podcast.

Thank you so much.

Yeah. So could you maybe tell a little bit about yourself? And then obviously, about this amazing, interesting project?

Yeah, absolutely. So I'm, I'm Christian, and I've, I'm a, I'm a programmer, like a school, very typical nerd from from sitting in my home. from eight, I think it was when I first got hold of my first computer, and just trying to understand it and, and also thinking a lot about how this will affect the society and my life. And so I've been working with that for my whole life. And I started my first company when I was 17. And I've been entrepreneurs ever since, and are helping kind of both companies and organizations and also governments and politicians to think about and talk about how tech can can improve our lives. Actually, that's, that's my main focus. There's a lot of a lot of ideas about the future that are really terrible. And I think that we do have control over over over the tech so we can choose what, what future we want. So I want to be part of kind of creating a future that is sustainable and good for us. As human beings.

Yeah. Uh, you're located in Stockholm. Right? Sweet. Yes, exactly. Yeah, yeah. And you work in an IT company, right? Like, by day, you work with projects, clients, and so forth. Right. And this, if I pronounce it correctly, correctly, open a skull platform and or Yeah. Yeah, I did study Swedish for a few years. So yeah, I know, maybe some words here and there. So obviously, this project is not part of your, you know, your regular day to day work, right? Yeah, it's your kind of like hobby that has transformed into something a lot more important for you. So maybe you could, yeah, tell us about the project, you have this awesome cap. And you told me before we got started that it all started with this cap. So

yeah, exactly. This, this is this I started, I maybe maybe should should give a little bit of background about the school project, the school platform, provided by the city in the first place. So that was a project, I think it was started 2012. And they did a two year I think it was two years of pre study about what the schools want, and what the parents want. And the children wanted a teacher want in kind of tech and digitalization. And then after two years, they did the big mistake of you know, starting this huge project, where which way they tried to solve all of those things that they understood what was problems and, and opportunities for the school. And this project, then was procured, and I think it was $60 million, or something like that, or 60 million euros. And they thought that was a reasonable price. I don't know why, but they started. And then eight years after that, they, you know, they released it, and obviously it was crap. So nothing worked. And the parents hated it. The teachers hated it, the kids hated it, hated it. And you know, and it still had costed a lot of a lot of not have that at that time, because a lot more than the budget was from from beginning. And now I think it's up to 125 million euros, and still counting. There's a lot of licenses, a lot of support and a lot of like, a lot of security issues. So you could you could say that this is a typical government failure, like no one wants to touch it and you know, but they still have it then someone needs to kind of maintain it. So and I realized that this is this is affecting my life in significant ways. Because my you know, I have three kids and I'm separated from their mother. So we have a lot of a lot of communication that we need to make sure that we understand what's going on in school. So and the principal in my kids, school, they are him he is you know, he he think that this this, this is something that needs to be used in order for it to kind of be valuable in the first place. So he is forcing my kids teachers to only communicate through this platform. So it is it's a little bit of hustle. So after a lot of frustration, two years of frustration for me, I, you know, I decided to be more vocal about my opinion about this. Because obviously, a lot of people are granting about this in private sessions and things like that, then on dinners and stuff, and is the typical joke, like in the in my, in my field, like, we don't want to be like the school platform. So But anyway, so because I, but I didn't think that this was use a good use of both our money, of course, but also of our time, we shouldn't we shouldn't use a platform that was built, just because it was expensive, because it's not working, it's just, you know, taking a lot of time from everyone. So I decided that it's probably better to not use this, even if we have spent all this money on it, especially for the for the use that I was using for like communicating what's going on with the classes, it's better to use email for that. So then I bought this cap, it says, screw Tesco dot format, which means like, put it in the, in the trash. Yeah. So that was the start of it. And I put this picture up on Twitter, and I used it when I was getting my kids from school and, and then I realized that the teachers, of course, they hated this as much as I was doing. So they just sit silently, because they couldn't for from the principal, but say that it was you know, but they was like sciency, I like your cat.

And so this is actually much bigger than just me. And of course, like and this, this is this conversation that needs to be brought up into kind of a lot of perspective. And then I, since I'm a Program program myself, I decided to just look at the color of the background to see how hard could it be to kind of do something that is better just on top of what is what it's actually are presenting. And then I realized a lot of the a lot of the problems that school platform has are in the front end, so and then there are obvious problems also in the backend, but those can be manageable. So what I first started doing was kind of just for myself, trying to create an app that showed this information from the back end, but in a different front end. And just running it on my my own hardware and my my phone and and then I realized this is actually going to be quite good, this is actually going to be an app that I want to use. So I put it up like a screenshot of the app, how it looked for me. And, and also I decided to publish the code on open source on GitHub. So anyone else that wanted to join could do. And pretty soon there were there were a lot of lot of people joining so and former colleagues of mine, and also parents and other interested people that were not, you know, interested in this to see what was possible. So I think it was five, five weeks after that we declared the app as being finished, like now Now we actually have something we can use for ourselves and, and if anyone else wanted to download that they could download the code and run it for themselves. And then we started to kind of look at the the options of actually releasing this as a as an app. And then we made a lot of a lot of really, really cautious decisions while doing that. So we realized that this, obviously you're going to be, you know, something that that both media and also, of course, the city will not look at with with Happy, Happy highs. This, obviously, obviously should, because if they have the interest of the people, and we answered and we can come up with a better solution to this, then of course, they you know, should look at this and be happy with that they get an alternative. But since they have spent so much money, it's embarrassing to kind of get some something that some teachers and some parents have, you know, created in five weeks. So we realized that it's, of course going to be something that people are going to look at and and we had some we've made a lot of a lot of constant conscious decisions. And one of them was to only store data in the device itself, like we were restricting the app from, from sending information to any anywhere else rather than just the back end of the school platform. So and So bit and but when we had done that, and we had a lot of a lot of discussions with security experts of this and also legal experts to start thinking about, like the implications of this. And then we release that and also talk to the media. And before even the app was released. The city was you know, really angry. And they've, you know, in the in the TV, news news, the local news here they were, they were you know, they weren't happy at all and they started saying like this This is probably illegal. And we should look into this. And we should, we should probably stop it and things like that. So and they did so. So one directly after we have launched it. They also launched their own investigations internally for looking at this. And once we got details about that, in this investigation, we realized that they hadn't like looked at the ways of opportunities in the legal framework tool to actually allowing this, they were definitely looking at, like, how can we stop this what what are the legal tools, we have to stop this, so they were looking at, like copyright infringement, like they were looking at, like security, and no doubt and wrong, things like that, like, so. So they were they were, they were actively seeking legal tools to stop this. And, and we met with them, and they were, you know, in the meetings, they were, they were fine. And we had good conversations. And then the first meeting, we suggested them, like, the problems you have from from a legal standpoint, those are mainly on your side, you do have kind of a you have, you have something here that you have to somehow

consider, like you have a deck and that is sending information to a third party, like an app in this case. But from our point of view, or from the from the user's point of view, it's not a difference between this from a legal standpoint than from using Chrome or Safari or something else. So they are in Canvas in a little bit of weird situation where they have they have their their responsibilities for for the, for the actual data and the privacy of the of the users. And, and still, they kind of, since we're not storing any data, they can't really, you know, blaming us for doing something because we are just providing a tool. So so that put them into situations that where they they will also let them off the hook with a very easy suggestion, which was that you can you can we could sign an agreement where they could they could tell us what to do, like we you are only allowed to do this and that with this data, and you can't really store it anywhere else and things like that. And but they didn't they didn't want to collaborate on that at all. They just wanted to, you know, finish their their investigation. And then after, you know, two months, I think it was last last Wednesday, I think it was the he concluded their investigations. And they also file a police report. And about ourselves. So that was that was a little bit disappointing, if you could say that. And obviously also at the same time if we had been in the meantime, during their investigations, they also, and this was this was the things that were also published on Hacker News, a lot of discussions in the international community, that during the time when they did this, this investigations, they also tried to stop us by changing parameters in the in API, like really ridiculous ones, like they were changing headers and things. And just to make sure that our app was was not working properly. So they were sabotaging the app. And you know, they had, they had the technical option to do that. And since we had promised ourselves not to do any dynamic code at all in the in the app, that was one of the conscious decisions that forced us to do a new release, every time they change something. And before, before this, they I think they had done like one or two releases a year. But during those time, I think there was seven releases for during two weeks. And for each release, they did we just changed our code and released a new one. So just a few hours after they have done all this this hacks that they were doing. We just released a new one. So now I think they have stopped doing that. And they are now trying to do the this really ridiculous claim that we are that we should we do something illegal by by using the data that we already have access to as parents and showing them in an app that aren't sending or sending or storing and in a data and well so yeah, that's that's that's pretty much where we are right now.

Wow, that's that's that's a lot of info. I made some notes. But basically, basically, a few may be a specific question. So when they started to build this huge system, right, that basically just pure shade, right? I mean, it's it's, yeah, went over budget, you know, deadlines were passed and nothing really worked and it barely barely works. And now they are forcing it down the throat of the teachers and parents and so forth. But it wasn't open source right from the start. So it's a closed system. Yeah, that basically means that they will now only be able to work with that one company that was in charge of creating it. So that's why it went way over budget, right? Because if it was open source, they could stop and say, Hey, you know, piece of, we're gonna get some better guys to continue doing this. So maybe they could have come to your right and say like, Hey, could you do this? But, yeah, but it was an open source. So that right there were tied to this horrible system. And you mentioned, from the technical perspective, basically, you reverse engineer that by just looking at the API and understanding that, hey, there is a back end API, and that you basically, are using the same API that their official application is using, right?

Yeah, exactly. Yeah,

yeah, yeah. But obviously, they didn't provide any documentation. They didn't provide anything, nor there is any, any way for you to know what actually happens, you just have to, you know, push and, and try kind of trial and error method, actually,

we have also been been very cautious about that, too. Like when we want, we know that they're going to be like looking at this, like, try to pin us with like, we have done something that we can't do, we have only, we are only showing data that we can get access to ourselves only with the kind of the URL stuff we actually see in the in the Chrome Developer Tools. And, and that's, you know, something that everyone can can just press one button and enter in a web browser and see exactly those those. Those things. Yeah. So actually, we Before starting, I asked them a very polite question like, Can we get access to the documentation since this open procurement, you know, and that was one of the demands in the requirement that the vendors should develop their an API, and then also an SDK. And an SDK means software development kit. So that means that there are, you know, somehow preparing for other developers to also start using the software, the back end that they're they have purchased. And we got the response back that this? No, you can't look at that. Because that's the secret. Yeah. That that would reveal a lot of a lot of security implications, which itself is, you know, very, that pretty much means that they are they're relying on security by obscurity in Oh, yeah, that doesn't work. No, it doesn't work. So and, and also the, you know, that's, that's been obvious for, for everyone that this, this is not a secure system. And the only, you know, the only the only thing that this actually provides, in comparison to email is that it should be secure communication. That's that kind of the best thing about this platform that is a secure way for you to communicate. But one yeah, a lot of like, I think it's five or six major security breaches in in this security in this platform from the store from the start, and it's probably a lot, a lot more than than that we haven't found it.

Yeah, and if I remember correctly, I did a little bit of translating of your website and obviously, read Hacker News and so forth. But you did actually report some security issues, right. So yeah, yeah. Am I correct? Right. You were nice about it. You didn't exploit it, obviously, in any way. You noticed it. And you quietly reported it now.

Yeah, exactly. And, and that's. So I think it was the first or second day when I started looking at the their API calls, I realized that they have very significant security, weakness in the way that they have done this. And so I reported this, and I talked to kind of security experts about how to how you know how severe this this problem was, and then we get got the reply back like, this is something we know about. But we it would be too expensive to fix it. We're just we're just relying on the fact that we, we know that no one is using such a weird thing to do. Like you have paid all this money to get the secure system for communication, but it's not secure enough. And it's too expensive to fix the actual security problems. So and this was in December, and still they haven't read, they haven't fixed that problem. So this is still a security weakness in this in this platform, which is weird. It's so it's so bizarre. The whole thing is so bizarre. Like I don't understand how anyone can can can keep their jobs by Well, it's still, you know, maintaining and also trying to force people that wants to help out of the conversation.

Yeah, I don't understand that. I mean, because there is obviously information about children, right. So basically, any security breach could potentially mean, there could be some, you know, maybe personal information could be leaked, right? Maybe information about children and so forth, it's very severe sort of say, yeah.

And their internal documents also say that this is a permanent problem. And it's a really, really serious problem. So and so they have they have discussed this internally, they know about the problem. But it's, they can't really do something about it. So they are in a tight spot. And I'm, you know, I don't envy them for having that. But you know, they can't really, you know, he can't really blame the ones finding it. Of course.

Yeah. And obviously, were they happy about this disclosure? Did they say like, yeah, thank you very much for reporting. We were Wait, were looking into it? Or, you know, did they call police on you? Again,

they didn't call the police. But I still haven't received any communication back from them about this like, and, yeah, I don't know, I wouldn't expect that expect them to do that either. But they are, they don't have any, which is also astonishing, since they have already gotten a lot of reports they should have at this time, they should understand that it's important to have kind of disclosure procedure. And so it's so safe for someone to disclose disclose problems with their platform, and also have ways of communicating and also kind of understanding and reporting back when they have fixed problems. And this is this is just one of three security, big security problems I've found, during the time when I have stopped, I've looked at where we have looked at this. And all of those three major problems we have tried to disclose or not disclose, but to let them know in in in a professional way as possible. So that's also astonishing to me, like how can government agencies, but that management of money and not have proper ways of handling security reports. I'm just racist. This is also you could say this is this is not only related to a school platform, because this is this the government, the city of Stockholm, the kind of the all the digital services they have are vulnerable to this so that when you have a lot of a lot of sensitive, not only kids and but you have social when you go to kind of have a council where the social, I don't know, what's it called a therapist,

or maybe all

those things, but also you could as this is not only for to read things, it's also the right thing, so you can actually end up with the hackers and trying to, you know, forcing people to get married because they have filed for marriage in the in the in the digital service that the city provides, or change your grades and things like that. So So yeah, it's, it's it's not something that you should just wait and see. And, yeah,

so that I get your correctly that. Basically, it's some of the vulnerabilities are not in the school platform itself, but in underlying platform that is utilized across many different services. Yeah, so Okay, well, that that shit is scary. I mean, I mean, and you know, them using excuse, like, we don't have money to fix it. Why didn't they grab the vendor by the balls and force, you know, the vendor to fix it? I mean, there is somebody who is responsible for it now,

but they have made these decisions. And, you know, probably like five or six years back, or no, I don't maybe later, earlier on that as well, I don't know. And knowing about these problems, and try it out, I have no idea why they chose this type of security principle, but but the biggest elected if you just describe it a little bit, it's like they have selected Single Sign On solutions. And and while doing that they have exposed kind of everything to same security risk. So if even if you just want to go in and look at your, your your kids

grades, or maybe some

Yeah, you're also exposing the whole the rest of the whole system in a way that that probably aren't something they didn't have fantasy enough, I think or knowledge about what what could be done. And that's that's a little bit of a problem.

Okay, that, yeah, that sounds scary. But let's move on. So basically, you push your code to GitHub. Some people join helped you. I've seen you have over 700 commits on GitHub. So you've been pretty active. Obviously, when they change something in API, that's another commit for you right to change the code a bit and release a new version. So other people joined that.

Yeah. It's probably more than 700 700 commits. I think we have 3000 people that have download the clone the repository, and I think it was 70 forks or something.

Okay, well, I just checked the main repository. So maybe it's just maybe in the master branch, you know, the 700 commits, maybe? Yeah, but I just noticed that it was really active. That's what I wanted to say. And so you created iPhone and Android application, right? Yeah. And that's basically just the front end, it does nothing else. But just make simple calls to the API displays information in a way that doesn't hurt your eyes and doesn't want you to, you know, smash your phone. And, and obviously, the question is, obviously, in the beginning, it's hobby, you're just passionate, you want to do something like many hackers, good hackers. You just want to fix the problem. You don't want to just complain and be like, hey, this doesn't work. I don't like it. I have the tools and means to fix it. But what about, you know, the future? I mean, you're not going to develop it. You know, long term, if you don't have some sort of support. I mean, you can run on passion, until certain point, but what after that?

Yeah, that's a good, good, good point, I and that's something we also decided early on that we should we can release the code open source, but we decided to make it not free as a downloadable app on App Store. So right now, it costs 12 kronor, which is basically one euro. And the reason for that is that we want to make be able to provide support, and also develop this further on, and continue working on it as, as kind of a collaborative effort for forever anyone that wants to join, we have seen so many people that with different skills and expertise, joining the project. So now we have just released new language support and from just having three or four languages that we could provide ourselves, like someone in a development team, they were never speaking French. So this translated that. But now we have a Robic sumali, we have actually Latin, someone on Twitter, translated the whole thing to Latin. So that's interesting. So during one day, we actually got from four to 10. languages. Directing. So and this is and so in many ways, I would say this is also an experiment on how you could also collaborate on these type of digital digital tools that that we as users want. And, and see the power of open source to be to be applied on on camera, government tech. projects. So, you know, we don't know exactly how this is going to turn out. And but we are open to all different different ways of exploring this, but what we are what we have decided is that we shouldn't we will not let this project die. So somehow, you know, this is going to this is going to continue living on. And, and when you think about it, which which is something we have done quite quite a lot the recent recent weeks during, especially during because of all the media attention, yeah. We realize that there are certain things that the government will not be able to do. Like if you want to, if you want to ask Siri, what what the kids you know, are having for lunch, when you're when you're making dinner, or you're making plans, or like if your heart in a hurry and want to know if they if they have sports during some of the some of the day. That's something you want to you know, ask your your personal assistant, if it's Google Home, or Siri and things like that. And if you imagine the city or the government to procure that type of innovation, maybe that's not what what the procurement process is done, you know, is suitable for. So at some point, I think it's actually a good idea to kind of have some sort of make some sort of decision what's what's the kind of the end of the government, digital digital tools and infrastructure? And where can the market fit in? And where can you like open source also fit into the story?

So I think what we're what we're also seeing here, and a lot of the discussions regarding this project is also about that, like how, how can we make sure to kind of harvest this power that we can now show this is out there, and make that kind of into something that can actually solve some of the problems that we previously had with government procurement processes, and also if it less lack of efficiency, but also like who decides to be CIO of the type of projects, maybe we don't want to kind of put all the new innovation expectations on those people. So if we can see open source as one of the tools that can, that can utilize a new way of collaborating on digital infrastructure in the city, and it's in the country, maybe we can find quite new ways of collaborating that way. But also, if you look at this, from an international perspective, you can see like a lot of a lot of this, a lot of these projects everywhere in the world, like we, we as parents have pretty basic needs in order for us to understand what's going on at school. So if anyone else wants to join this and try our code on a diff to complete a different city and different schools and things like that, we have actually provided kind of the separation between the app and the data. So we have something called embedded API. So instead of having a proxy or an API, on top of their API, we have, we are pretty much made that into a separate component in our app, which means that you can just provide in different components that that sends data to the app in the same format, which means that you can, you can basically use this app and adapt it to a completely different, different city. So you know, if you want to in Helsinki, you provide for the different app, and then you can use, we can collect your color, collaboratively, create the app and make you the front end interface better as a global society. And then maintaining just the kind of the embedded API, the local kind of adaptions to the local environment, which is, you know, that's exactly how internet was was built, right? So you started with small components, and they put them together and then evolving those separately and iterating on them. So, you know, who knows what's going to happen with this project later on? But I definitely I'm excited about the future.

Yeah, for sure, I noticed that you have an MP NPM package for the embedded API. So basically, that it works like an adapter. And as long as you provide, you can adopt the data from another API, you could use the app without changing the app itself. So that you know, you've made it so that it's easily adaptable to different API's, and so forth. So I think that is really cool, that you actually put so much thought into it, even though the idea was just to scratch your own itch right, just just to make something better for yourself.

Yeah. And one, one really important point to make here is, of course that I have not made this myself. This is this is a collaborative effort. And a lot of these questions that I'm talking about right now, it's the the brilliant mind behind it says you want to drink and also Eric Hellman. And so a lot of a lot of other really brilliant programmers as well, that have thought about this, these types of problems for a long time. And now we had a chance to kind of show how how things could be done when you when you get the chance to do it without having anyone to screw it up.

Yeah, for sure. I looked at the finish statistics. And I think Finnish Parliament actually put forth a recommendation on using open source, right. The idea behind it was that if, for example, a rich city like Helsinki, creates a platform, if that platform was open source, then a much poorer city somewhere you know, in Lapland that doesn't have an IT budget of you know, 100 million euros can utilize that system and enjoy all the benefits of that big procurement project. And we spend in Finland about I think, 32 million euros in licenses. You know, we spend about 5 million in updates. So when we update software, we have to purchase something additional. And then direct procurement, that is the cancer of public procurement is about 18 million euros. So basically, direct procurement means that, you know, somebody created a piece of shit, but it's called source. And now if you want to do anything with it, you have to work with that company directly. You have to procure services directly from that company, because there is no other alternative. Yeah. And, and it's, it's, it's, it's cancer, if you think about it, because But still, I think in 2009, a parliament, you know, put forward this recommendation. And yeah, it's still, you know, it's not used widely, and we actually have a citizen citizen initiative in Finland, anybody can create a citizen initiative, and if it gets enough votes, you know, it will be considered a topic to be discussed. In the parliament, so, and we have initiative in order to make open source, a mandatory requirement for all procurement projects, IT projects that are not considered, you know, like, you know, army secrets or whatever. I mean, as long as it's just something like a school platform, you know, you have to open source it, you have to develop it on GitHub, and others have to be able to make use of it, they have the license should be permissive. So that it allows others to just copy it and use it for whatever they want. So that it breeds more innovation, so that it helps other cities and kind of contributes to the ecosystem, because it's our money needs my, you know, tax money, and I want that to better my country to better the ecosystem and so forth. But again, the initiative received maybe, like 1180 volts. So the problem that I see is that normal people that are not in it field, they don't really care that much, right? They don't understand the underlying issue. But I think in order to drive the point home, if we remove all these licenses and direct procurement costs, we could have built a lot more schools, we could have maybe improved the living standard in Finland.

Yeah. I mean, you make a really, really good point here. And that's it. It's about education, like how can we make sure that everyone understands that there are really good alternatives that are much better and cheaper? Like that seems a little bit too good to be true. But that's exactly what this is about. And we have similar situations here, here in Sweden, we have I just recently, last week, I checked how many how many procurement notes or documents that were mentioning, open source? Can you guess how many it was last year?

Three, my guess is three?

No, it's one. Okay.

Okay, I was too optimistic.

It's only one. And I have 20,000. So we have 20,000. And, of course, you know, that those 20,000 is also about building schools and roads and things like that. But, you know, we're spending, I think it was 2.6 billion euros in, in government, it really, and all of those, only one is using this, and my company, actually one that that's the only one. So so my company wants to help, we want to do we want to be part of this. And we want to help government to kind of create this open source both not only the software, but also kind of a community around it, because just publishing core, so source code, is not going to change anything. But but this is this is still really early on. And but I hope that our project can actually be part of also educating the masses about the opportunities and the problem, and how how this works. And that it's actually not that scary, you can actually doing this, but you have to, you have to, you know, put pressure on the politicians, you have to understand these things, we can't really expect the people that are sitting there right now to understand these things. Because we haven't, we haven't voted, the politicians and the people in the Parliament and the government that understands these things. And that's why we're not seeing any change in this. So we have to, as a society, be much more active and also forcing kind of this discussion to be to be an active discussion. And so that's why, you know, I think it's really good for you also into it for us to have this conversation. Because I think we can all help each other, if we collaborate also, internationally. And there are a lot of lot of good initiatives in the EU, they have a lot of the rational argument is already there, you know, you don't have to kind of, you know, have to spend more money on people understanding and researching if this is a good idea, it is already a good idea. And it is published so many papers on this topic. So so it is but only about starting. It's only about like, daring to kind of question this really huge project that you are in the process of putting out as a big procurement and stopping stop doing that and see, how can we divide this and start with a really, really small project instead, and then letting that for a small project be iterative, and then, you know, see how it goes. And I have actually actually one. One other thing to say about this, this, this example that you do if you have a really rich municipality that takes kind of the lead in this in this case, there's there's a big risk in that of doing that. Because when you adapt the thing to the biggest and most complex city, you're you're probably building it too complicated. So it's a little bit of crap. 22 here, it's, it's actually much better to use the least complex city in the country, the, probably the smallest country, and probably they don't have enough money to do this properly, either. But if you could do kind of some sort of collaboration, and you know, you can see, because it's much more, it's much more probable that we can take the school system that was developed for a very small city, you know, in the rural area, and then adapt that into an urban area, when you know, that, you know, everything is secure. In You know, every user is happy, the one teacher in the school, you know, gets what the, what he or he wants, and the parents in that school gets what they want, like, if you start there, and then you build and iterate on that, and then add complexity Once, when you move on, then you actually get a much more efficient way of developing this thing. So that's also kind of a policy perspective. And you should probably start doing much more of that, like look at the rural cities and help them with budgets and also competence from from this from the big cities and make sure that they get what they want. And then we can use that as an experiment to then lower and lower the risk and then we can move into the citizens that that's that's one of the one of the ways that we are working in my company, we are doing a lot of those experiments in the rural areas like drone deliveries, we are testing now and in the north, and we have one project where we use AI to optimize like how transport is all the transports in the in the area is being utilized and and collaborate between different vendors of transport, things like that are really really those things can't be done in the in the big cities, because it's then it's too complex. And the vendors aren't interested in collaborating at all, but in rural areas you can so that's, that's an that's an idea that we can also use a lot. A lot more. I

think you've been talking about this.

Yeah, I think, basically, constraints also breeds innovation, right? I mean, yeah, if you look at Estonia, right? Estonia is a very small country. And they don't have huge budgets for IT systems. And when compared, I think, I think when they, when they developed their patient information system, I think it was maybe like 100 times, or even maybe 1000 times cheaper than the one that we were developing in Finland. Yeah. And the finished version was just over the budget, you know, missed all the deadlines. And in the end, it was peaceful performance. From the usability perspective, from the performance perspective, amateur about security, I haven't heard anything negative about security yet. But dystonias, were able to develop something much quicker, because I think a lot of people just set them, you know, at the table, and they were like, Hey, guys, we don't have a lot of money. So what we're going to do, how we're going to solve this problem in a smart way, obviously. So I do agree, I haven't thought about it. And you make a really good point that if you create certain constraints, then you have to be innovative, you have to start using open source, because there's many in many cases, you might not have the budget to start from scratch, and reinvent the wheel. But a lot of companies that win those procurement projects, it's not in their interest to make it short and sweet. The idea is, because you win procurement in many cases by having a great portfolio and then setting a very low price, right, because in procurement, you know, it's, it's about the cost in most cases. So maybe 60 points come from the cost and then like 20 from the portfolio and blah, blah, blah. And then the idea is they sell it very cheap, but they know the real money comes because the government doesn't know how to create good specifications. So they don't know how to create good specifications and then every single thing that during the process they will see that they need but they haven't mentioned in specification will be made, you know separately and billed separately. Yeah. And I think this is the biggest problem because it's it's not in their in their interest to actually do a good job because you don't make money that way

now but i think it's it's important to not point to any specific party in this and say that those are the bad guys because I don't think that's true. I don't think that the you know, the big vendors or you want to do a bad job and they they probably have you know a lot of a lot of stories by themselves to talk about in all those projects as well. And I don't think that you can point everything on this on on kind of the ones making the specifications or requirements. And I think in the end I think this is you know, a mindset problem. I think it's about like the we have made already the shift in from the industrial age over to kind of the this One, whatever we want to call it now, yeah, and especially during the last year when we have, you know, forced everyone to work from home and you know, find new ways of communicating and use utilizing digitalization in a much better way, we have kind of, we have moved ourselves into this world that we are right in right now. And in this world, we those all those ideas that comes from the industrial age where you can have, you can, you can just take it when we can, if you can do something bigger than it's often better, because you get scaling, you get, you know, you can get to mecanim. Yeah, those those rules don't apply anymore, those so because we are we are much more complex world right now. And the expectations from the user is change, the technology changes. And so you have, we have to kind of bridge over to from a centralized idea where you centralize all the decisions to centralize all the money, you centralize the power, we're in the industrial age, we are now seeing a shift over to something that is much more decentralized. And you can see this in finance with Bitcoin that, you know, thrives in this environment that we are in right now. Because you can you can, you can really, really do innovations in finance based on that idea. And the same thing goes for all of this government tech, and open source is the perfect tool for doing that. Like you can then decentralize all these decisions. And, and when you do that, the most important part of of that process is that you're involving much more brainpower. Like when you try to from one person make one decision when the final isn't, you know, sign was done for this 12 years ago, this is a school project, they had no idea that we would get like the, you know, the, the all of these things should happen like Uber, we should have soom calls, we will have iPhones that are cheap as heck, yeah, we should have, you know, watches on our phones, we will have, you know, Siri and all the AI tools that we have, and bandwidth and everything like that. They didn't know that. And, and the and the same thing goes now like we don't know how, how the society will shift when we get self driving cars, or electrical planes and all this stuff, that innovation that comes out from from the sustainability and innovation, whether we have so much new things that's gonna happen. So you can't really, you can't really apply those tools or those ideas that it's better the bigger it is, the better it is. Because you have to utilize all the brainpower that you that you have in the society in order for you to change the society why while we're going, and that's you know, that's that's reality now, and you have to pretty much adapt to that. That's going to be that's going to be a huge shift for for government processes and, and policymakers and lawmakers to keep up with the pace that the rest of society is actually moving in.

Yeah, I think one of the problems is that when they create specifications for procurement, that are actually get input from a lot of people. I mean, there is maybe a steering group, you know, or maybe there is a technical officer or somebody who is in charge of making sure that the technical requirements are there. But they could actually at some point, maybe they could even outsource that, in a sense that maybe it could be a wiki where everybody could comment, you know, in technical people will be just browsing new procurement specifications. And we'll be providing their two cents. You know, have you thought about this? And how about security, and so forth. And maybe there could be like a mandatory period where it should be visible, and everybody could comment on it. And then after that, it only proceeds to the procurement process. But I think it lacks a lot of visibility things kind of, even though I mean, EU is pushing for open procurements, right. I mean, if you have large procurements, then all the EU states should be able to participate. I mean, companies from all the countries, but still, it's still kind of like in Finland, things are done under the table a bit. You know, many times they already know from whom they will be purchasing the service. And they're just like, Oh, yeah, this shitty EU, they're forcing us to put it on some portal. Okay, we're gonna put a few specifications there that nobody else can match. And we have our vendor. So a lot of things to be honest, are happening. I'm not pointing fingers at anybody. But I mean, some of the officials consider procurement as a hassle. You know, the procurement process, even though I think it had good intentions, right? Down in the open, you know, open beads, people can compete, companies can compete and so forth. But I think it just doesn't work. So my question to you, I guess is how do we go about what do you think how would you go about fixing the procurement process because it's needed process. governments need to purchase it services they need to purchase software, obviously It's not the government is not the right, I think is not is not built to innovate, right? I mean, it's very conservative and so forth. So you did mention that the innovation maybe could happen elsewhere. And the government could just create the solid foundation, on top of which, like you guys did, you could then innovate. But I don't know how the procurement process works in Sweden, I would assume it's as shitty as ours. So same EU law use the EU standard. But yeah, of course, but how do you go about changing this enormous process?

Yeah, I don't know. That's going to be interesting to see, I think that we need to start somewhere. And we need to start like where we are right now. And instead of trying to fix kind of design, the perfect system that will fix this, we have to start realizing that this, this is a problem in the first place. So we are recognizing this as a problem. But also understanding that that, you know, developing software is not about you know, it's not, we're not using the same processes anymore. That that, you know, waterfall and those things, we are using much more agile processes. And, and the idea that we can just, you know, if we just ask more people, before we start, we're going to get what we need. That's, that's not how it works. It's much more creative process than that. So if you see it more as if you as a city wants to, to trick your an artist that's going to paint the wall. How do you do that? Would you procure that based on only on price? Or would you look at something else that they that artists have done before? How can you can maybe make a create some sort of relationship between different artists and getting them to collaborate? And then, you know, some something can happen, we're here and something else can happen here. Like you have to you have to be much more flexible when looking at these things. And just looking at it from a contract perspective. And obviously, you should, you should really make sure that we get a good foundation on the on the legal framework for doing that. And justice Tuesday, we had a really good, interesting discussion about, like, how you could do how can how can you make sure that we can have legal equity equivalence of the stuff that is going on in the open source world? Like what is a pull request? For example, if you look at it from a legal standpoint, maybe that could be seen as a, as a vendor suggestion, or I don't know the English terms for these things. But like, how can how can how can we look at this from a creative perspective, also, and not trying to change the process? How you work with software development, but rather than us change the frame, the legal adaptation, adaptation of that, so I don't have to have the answer to this. But first of all, we need to understand the problem. And then we need to kind of start somewhere and experiment somewhere. And that's probably going to happen, I think I'm positive. With that, I think that we will see start, start seeing new open source three keyword software that is done much more in the open and where people can give their own suggestions, and then get paid, of course for for their suggestions.

Yeah, so basically, what we're saying is that we should adopt our existing legal framework in order to allow this innovation to happen, because at this point, it's not very permissive.

Now, but I think the practice is the policy that we have developed on top of the framework or the or the EU law that we have, those things might want. You want, we might we might want to look at those practices and policy and and see how can we how can we look at the legal framework and see, what can we do without changing too much of the process, the development process that actually works? So yeah, but I'm not, I'm not a legal expert. So I understand those things. But I think that they need to be we need to be looking at these things quite quite. extensively now, I think.

So if we go back to your project, so how long has it been out in the wild? How long have people been using it? And, you know, what, what's been the reaction when it comes to parents, you know, do they like it? And what are your plans for the future? You know, what will happen next? And how can people help?

Yeah, yeah, good. Good question. So so when we released that the director you came out to be on first place on App Store so that wow, yeah. Wow. Yeah. So that was that was super fantastic. And we got fantastic reviews. And also, you know, we had worked on this for two months or a little bit less than that. And we were really nervous because in some ways, he was just, he was just an app showing kind of very basic stuff. It was really, really basic. It was something you would Yeah, you know, we have done done AI things that are super interesting. Those things that we can really be proud of. This was just an app showing have newsletters from the digits and the schedule. Like that's, that's so basic. And we were so afraid that people just gonna say, what is what is this crap, this is just this just basic stuff. But people loved it. So they got got us 4.6, I think it was 4.7, in in average review on both App Store and Google Play Store. And obviously, once the city started to sabotaging us that that average grade was getting a little bit less, but I think now it's about 4.1 or 4.2, something like that. And, but the plans are to kind of just continue working like this, and adding more features securely and consciously and helping First of all, helping teach arrows to helping parents with their communication. But we also hope that we can start talking with them with teachers, there are a lot of lot of programming teachers out there that want might want to add features that would benefit them. Like when they do and they take notes about if the students have a right to the classroom, those kind of things that they do all the time, maybe those some of those things are interesting to start developing. And maybe another thing that we are also looking into is to develop this for more cities, we have already started talking to I think it's three or four new cities in in Sweden that are interested, that have similar problems with their, with their platforms. Okay. And yeah, iteratively just continue working. And then and that's also important for me to say that I'm not, you know, leading this in any way, I'm, you know, this, this is this is a really interesting project to watch. Because every, every day, there is someone that has a new idea that they have to develop something new, and we just go with that. So anyone wants to wants to join us just, you know, look at our, our GitHub page, see the issues there. And, and if you are interested to involve yourself, just try to download the code and see if it works. And you know, if you're interested in engaging more you we also have a discord where you can join. And if you are, you know, if you're interested in in also kind of helping out the UX and communication and PR stuff and things like that we have, you know, we are open to all all contributions here.

And money contributions. Yeah, money.

Money calm. Yeah, exactly, we have a Patreon. So we're really happy that last week, we actually changed business model, if you can say that. But so instead of charging money for the app itself, we are now open for, for donations on Patreon instead. So now the app is, is free for everyone to download. So I encourage everyone to do that. So that's going to help us a lot. Especially Of course, if you have children in Stockholm, of course, but but everywhere else as well. And and if you're in a city and listen to this, and wants to do the same thing in your city, I encourage you to do it, it's really fun. It's a you know, it's something that really, really gets you to understand how the society works and how it's not working. And it's a good way of illustrating open source as a way of procurement process, like you challenge the status quo with something that you can actually take care of yourself. And it's it's not rocket science, you know, if if, you know, in the in the end if if we would get, you know, sued or get police or put in jail, just because we have we have showed information that we already have access to about, you know, when the kids start school, you know, I think then then we have a major issue in our society if that that's, you know, something that is illegal to do.

Yeah, I hope it doesn't end up in that situation. But you mentioned that it's really fun. And then I thought in my head I'm like, yeah, getting police involved is really fun and fighting with the with the officials. But yeah, of course, it's fun from the learning perspective, right? You learn a lot during the process. I also noticed on your Patreon, you have an opportunity, like there are different tiers, right, like starting from like one year or something like that. But then it goes to like, I think like 10 million or something now. Yeah, so what's up with that? One?

Yeah, it's it's fun. statement, like we said, like we say in that if you're if you're that, if you have that much money, we want to support us with 1 million a month is Yeah, I think you will, then we will have paid as much as, as the city of Stockholm has paid for their for their original platform in 10 years. Wow. So I think I think we had we've done that both for because it's a little, we always want to use humor in our in our communication. But also, we want to kind of also point out the absurdity in in the money involved here. Like, if you would think that is ridiculous to pay for someone, you know, 1 million a month to develop the things. You also have to put in your head that that's exactly the amount of money that that we have already paid, you know, different development team to start building this 10 years ago.

Wow, that's that's huge, hard to even fathom how big of a number it is? If you think how, you know, I mean, I'm sure there is other things that Stockholm could be spending that money on, right? I mean, vacation and living standards, schools, improving roles, communication, and so forth, for sure. Good, good, good. And could you talk a little bit about the technology stack that you're using, because maybe some of the listeners are more maybe technically inclined? So you mentioned that you're obviously welcome, welcoming new patches, you know, pull requests, and so forth. So what are you working with?

So the stack is basically a JavaScript stack, or TypeScript Scout's document. We are using React Native, as as the platform for developing the apps. And previously, we're also having ideas on developing our own API's to do that. And while doing that, we were using Kubernetes. And, and express and node. Right now, we aren't using that at all. But if you are interested in doing that, if you are, if you're listening to this and are kind of on the inside of a city and you want to provide an API to your internals, then you would definitely look at kind of those those parts of the of the story as well as the stack that because we have a lot of we have already developed a lot of things that you need to do if you're in the city to be kind of open to to this type of, of tools or apps as well. And then we are using next JS for the site. With versal. There, those guys are great. Yeah. And then yeah, so in when you're working in open source and these type of projects and want to develop something you want to be having a preview of a pull request, for example, then you can be very Sal is providing for each. For each pull request. They're providing a preview link. So you can start seeing when you before you approving the request, you can actually see exactly in your web browser, how that code will will look like in the in before you merge it. So that's really great. What else do we have? Well, I would encourage everyone to also look at this code for collaboration. That has been a huge success for us as communication tool for for all texts, and also voice and the sharing screen, something like that. Instead of using Slack, which we most of us use at work. Yeah, this one was perfect. My kids use discord all the time. So I thought my why why don't we use that? in this in this case as well. I don't know what else we are using. We have just recently started using a really cool translation tool for for collaborating between translators, because it's, it's not only of your problem when you start translating your app. But then the biggest problem occurs when you have new needs. You want to add a new button somewhere, you don't have

strings and stuff. Yeah.

I don't remember the name of it right now. But if you're interested in that, those guys were also super cool. They let us use their tools for free, which is super awesome. So we should link that that company in the description here. For sure, for sure. They help us a lot with all of that things like keeping track on the different languages. And also if showing a show and handling the cattle, all the submissions, and they also have tools for kind of those things. Yeah, that's about it. And you know, it's it's a simple app, it's just an app React Native it's using. We have developed the need the embedded API that you want being created that that's provided us hook functions, which means that the rest of the of the app only can you know whenever you want to show a schedule just to you use schedule, and then you get the data. If it's cached, then you just fetch it directly.

So you do you do cache it right, so that the performance is better, right?

Yeah, exactly. So we cache everything, the idea that you could that you have new children every time you log in. That's weird. Yeah, so so we cache your children. And obviously, if you have a new new kid that day, then then we will that that data will in the background be fetched again. So yeah, the

only cache hit on the device itself. So if yours and only on your device, yeah,

yeah, yeah. Yeah. Good luck. And that's, that's exactly how we would you know, if you'd read, if you read the GDPR, they say, you know, if you don't need to store data elsewhere, then you shouldn't like that's privacy by default. And security by default. And that's exactly the principles that we have been utilizing.

Yeah, for sure, for sure. I'm going to have all the links in the description, GitHub, link to the Patreon link to the website, link to the original story on Hacker News, just so that, you know, people who are more inclined to see the technical details on how you're doing reg x when trying to catch changes in the API, they can see all that. But this was really, really fun. Christian, I, I wish you all the best, I think it's an amazing, amazing project. It's, you've done a really good job in very short time. And even though you say that it's very simple. And you know, there is no, you know, Ai, there is nothing fancy there. But you know, there is there is a need for it, there is a real need for it. And people appreciate the work that you've done. So hopefully, this podcast in some way will help spread this message and maybe get you more contributors, maybe more PR so that you can do more of this. And maybe you can go to other cities, as you mentioned, or at some point.

It's one really important issue that I want to just clarify, of course, that this is an this is not our project that the like, this is not me project. This is our project. So if if someone in Helsinki has listened to this and want to be looking at this from their perspective, and they are super, we would be super happy to help them to to release their own app in Helsinki. That's not you know, we have released everything we have done in the very open license Apache two. Yeah. So if you want to release this, wherever you are, as your own app in your own market and get money for that, then then that's super fine. We will help you as much as we can. So please do that. And not only helping us, but we can help you. So I really hope this can be you know, much larger than than what it already is.

Yeah, for sure. And also, I

forgot to mention one thing, one tool, more tool that we are using React Native react kit and UI kit. And

yeah, I saw that I saw that first time. First time I saw it. And I was like what and it looked pretty cool.

Yeah, it's super cool. That's so much fun. If you want to just, you know, start learning how to create an app start with UI kit, and they have so many new things that you can just list and navigation and buttons, everything and it looks good directly.

Yeah, I saw that. Like the Moto is like from MVP to production or something like that is that they make it easy. But it's also production ready in the sense that it looks good and functions, your function as well. Yeah, yeah, I first time I heard about the framework or the library is from you guys. Check that out. Yeah, I went and checked it out. Obviously, I looked at your GitHub source and just wanted to familiarize myself with the project. And I noticed that and I was really impressed. really impressed with them with the library. Okay, good. So I'll have everything in the description down below. Christian. It's been a pleasure. Thank you very much. It's been really fun. And I wish you all the best. I will have a Christian's LinkedIn profile as well. So if somebody wants to get involved and ask maybe few additional questions in private, they'll be able to reach you maybe on LinkedIn,

or LinkedIn or Twitter or GitHub or on email or anything. Yeah,

yeah. There are many ways of reaching out nowadays for sure. Thank you very much, Christian. It's been a pleasure. Take care. Thank you. Bye bye.

‍