So far (3 hours) there seem to be too many posts basically saying, "What good will it do to see the source?" But all I see is fudging of a very black-and-white issue:
- The code is (probably) garbage
- The code doesn't just need to be 'released' - it needs to be exposed
- Then there will be some hard questions: "Why is it garbage?"
- Embarrassment...
- ...leading to a change in the system that allowed this to happen
Bunch of negative nancys in this thread so far. We need to open source this code so that next time theres an RFP for a government website like this we can be prepared with an open source solution. Let's not forget its our government and our tax dollars, if we want it to run efficiently its up to us.
Open sourcing does not solve problems. The ultimate issues are (1) government paid an incompetent contractor the job and (2) people who were to suppose to oversee the contract probably has no effing idea how to do software engineering.
This means we need to hire better contractors and hire managers who have technical background and require an audit periodically.
Open sourcing does not solve these two issues. healthcare.gov is not Django project. You can't install that system and the code is going to be big few people will be able to do anything about it. Plus, even if you could read the entire source code, accepting pull request, going through 3rd party security validation is going to take a while and people are probably not going to take your pull request.
What we need is to put the incompetent people out of job and hire good one.
See that just it, we don't actually know if it was the contractors. Maybe the contract was subpar, maybe the government signed off on a bad design, or maybe the contractor did screw up. Open source the code and all of the mystery will be gone, well know exactly what the root cause was. Open source the contract, the code, and the emails and notes involved in picking the winner for this proposal.
Without the facts, everyone's just guessing or making things up. Open source everything on this. It's our money, what was it spent on?
He didn't say "open source doesn't solve problems", he said "open sourcing doesn't solve problems". The verb is very different to the noun.
Yes there are open source softwares that once completed are efficacious in solving the problems they were designed to solve. The point yeukhon was making was the act of open sourcing a project alone doesn't somehow inherently solve problems in its development. At least in this case not the two enumerated problems he sees with the healthcare.gov project.
Open source is a development model that encourages sharing and redistribution of source code. It is not a term that can be applied to the making public of government secrets, which has nothing to do with the encouragement of information sharing.
When Wikileaks gets their hands on government secrets and puts it on a website, they haven't made those secrets 'open source'. That word doesn't even make sense in that context.
Even if I get my hands on the source code of Windows and put it in a GitHub repository, I still haven't made Windows open source.
That is a different petition to the one that has been posted, which states that the reason for open sourcing the code is "so we may help fix any found issues".
The "let's see what we paid for" argument is an appeal to the more general proposition that there should be public scrutiny of public money. There already exist mechanisms for accessing taxpayer-funded content held by government (including source code) under FOI and other legislation. Unless there is some inadequacy in the operation of those laws, I think they answer the point.
Nonsense. Open information on public expenditures is a painful process and you know it. So by that token the petition should simply be responded to by the whitehouse with a "file a FoIA". Balderdash and red herrings all around. It's public money, it's public code: period. Your point is a distraction, and you know it.
Linux is a software,not a service. Linux is an operating system and is supposed to work for everyone's commodity hardware. healthcare.gov is a service, not a software you can reuse.
It may be right that open sourcing the code behind healthcare.gov and crowd sourcing improvements to it could potentially result in desirable outcomes, but it is very unclear whether that is an available option in legal and practical terms. Legally, because support is likely to be governed by the terms of the relevant contracts, and practically, because every pull request will need to be reviewed by a person with expertise who has been engaged for that purpose (which suggests, contrary to the petition, that the problem should be solved by a better and cheaper contractor).
Without that foundation, the petition does not seem to have much utility, notwithstanding its 1000 signatures.
If the source code is so terrible, and if we still need to rely on it, is it really such a good idea to release it as open source? How will that help? Will it make healthcare.gov more reliable? More secure? Less vulnerable? Faster?
Perhaps the source code should be audited, if only to figure out what happened to the $600,000,000, but it's not clear that that requires open sourcing the code.
Now, the taxpayers purchased the codebase and the codebase could help states that did not offer a state marketplace create one. So I am very supportive of the idea of making it available to various states. But until the thing is running relatively smoothly, I don't see open sourcing it as doing anything but delaying the rollout and making it less reliable and less secure.
Healthcare.gov is far more complex than a repo, which is why I care more about the process. The data integration process is/was staggering, with 55 contractors/agencies involved (according to the NYT). That screams trouble all over it, especially with government contractor reflexes.
Was this achievable in the given time? If so, what was the plan to get there? If not, how should it have been managed?
We don't have to open source everyone source code. Sure it's nice to have everyone to audit. But how many of us here have the time and even the energy to read others' source code. Plus, the system is not even installable. It's like telling Google open source their entire search engine.
We should however demand an audit to be done and the result to be published.
See my other comments down there. In any case, not every thing everyone does should be open sourced. There are things you just have to hire smart people to do the jobs right and open source does not solve issues immediately.
That has miltitary secrets that you wouldn't want other govt to know and be able to utilize in their own development of fighter jets.
In the case of web code, there's nothing's new and innovative about the software that is unknown by existing developers. There is the potential for exploits but open source can help plug up those holes by allowing the community to assist in the process.
Sure, dumping the supposed "500 million" lines of code all at once would make it hard to review but they could release one compinent at a time over several months/years and vow to release all future code.
On a side note, wouldn't reviewing and repairing govt software be an excellent teaching tool for schools? How proud would a child be to have their code fix be accepted into production?
Great point, if something like this is done and students gets into learning and contributing to open source it is going to have a tremendous improvement on the quality of software.
It needs to be made public period. It's our money, it's our code, it's our data being handled by this code. Does anyone seriously trust the government with their data enough to not want this code public?
So we know what our tax dollars were spent on, and how our private information is being handled and potentially not well protected. This code needs a public audit.
Perhaps short-sighted. Audit, yes. Github, no. Totally interested if there's really a poster-child failure of contractors hawking closed-source tools here, but we have be be very objective and professional if we ever expect to benefit implementation of public projects. FOSS is still in a state of having intellectually won to anyone paying attention without having won in ways that outsiders can understand, much less support in a context of public policy.
I'm sure the SV approach to MVP's and demanding survival in short iterations has something to offer, but really it's going to take SV and FOSS together to figure out how to solve these problems in the first place before we waste two elections cycles talking about Obamacare and finally getting a $680m fail whale. We failed long before the exchanges showed up way overpriced and under-performing.
However, let's say that Obama's 2nd election platform was about a pledge to lower credit-card micro-transaction costs for all consumers and lubricate online payments to lower the price of business creation. Stripe, Dwolla, Square, Venmo, and numerous others are born with a presidential veto to kill protective, industry-spawned legislation for four years, long enough to contend to become the Google of payments and totally disrupt banking, payments, and retail POS. All along the way, as the companies are competitors, they typically do not exchange value or software really, seemingly over-competing when all of them will end up writing bank integration software to get their network into the money system. SV and FOSS seems good at eliminating dead-weight coders and management practices, but can SV companies effectively use resources without meaningless competition and duplication of effort? Not as long as I'm going to be the founder and try to get super rich all by myself we won't...
This is the problem with SV and FOSS that prevents us from coming up with the model that solves problems at the society level and involves government without creating the iron rice-pots that are the seed capital of government contractors.
I'll play devil's advocate here and assume for a moment that all of the code was, in fact, uploaded to GitHub/BitBucket/etc today. How would open source improve it?
Remember that successful open source projects do not operate by simply throwing code over the metaphorical wall. Meaning, you're not just asking for the code, you're asking to be a part of a community that needs management. Bug reports, pull requests, contributor agreements - these cost time and manpower/money to curate, which neither CGI nor the Federal government are going to supply overnight. Ultimately, given the rapid deadlines they're supposedly facing, I'd argue that, at this point, they're distractions to the actual development team.
I feel like if the source code is released, things will get much worse before they get better. I would rather give the contractors time to fix their code and then release it later. Plus as a developer, an open source maintainer, and open source contributor the last thing I want to see is a half billion line program that doesn't work properly. They should probably just start over clean on GitHub and build it from the ground up correctly.
Which costs us all money. If they really did build the system, as requested by HHS then open source it. There's nothing to hide. If they defrauded the government, then it's all the more reason to see the code. It's very simple: taxpayers paid for this, what did our elected officials agree to, did the contractor build that or not? If they did, the it's not on them and everyone needs to stop beating them up, if they didn't and it's way off from what they agreed to do them they need to be help reponsible.
And before anyone thinks I have no sympathy or am some political hack, I worked in the Clinton White House and wrote a lot of code for them (24 hours in cyberspace anyone?) and a few years later I helped build the GSA schedule system. I know how hard it is tackle politics and design. And that's why I have little tolerance for waste.
I agree that they should open source it, but I don't think it's finished. There is a mantra with some companies that say "The product will be ready when it's done" and this site is not done, but it is launched. With the amount of code, there are probably hundreds of security issues that could be fixed, but also may inevitably break the live site once people see ways to hack around certain components.
I feel like open source is a decision you need to make at the beginning of the project or spend a lot of work at the end ripping out bad decisions. If you're saying you would hack on this and help fix it, I commend you.
I have some internal knowledge of what happened to HealthCare.gov as I was employed as a major developer of the original proprietary content management system they we were using circa 2009-2010.
The original Content Management System was Percussion CM System also known as Rhythmyx. You can confirm this by googling: "percussion cm system healthcare.gov" (the links will be broken obviously because they don't want to be associated). One of the things that made Percussion good at scaling was that it was "decoupled". It was sort of like a massively complex GitHub Jekyll in which the web pages were statically published thus Percussion would not be as liable for performance.
Now here comes the OSS irony. I remember distinctly that there was a huge political push to replace Percussion with Drupal. That's right. Instead of static pages they wanted a dynamic OSS CMS (not to be confused with the healthcare CMS entity).
Now I don't know what happened after 2010 because I went off to go start my own company but I do remember we warned them of using a dynamic frontend for such a high profile site.
Anyway I have no real opinion on whether or not healthcare.gov should be OSS but thought that information might be useful for some.
Maybe there is manipulative reason why they used a Canadian company, which can claim copyright instead of it being owned by a federal entity which would have to make it open source (ie. like all NASA photos are public domain)
Even a FOIA request wouldn't work against a Canadian company.
That said, it's not a single program. I think it is dozens if not 100+ APIs
The contract for the software would certainly include transfer of copyright. This is standard. Otherwise the canadian company could immediately sue and remove the work the federal government had purchased.
I just want to see the contracts and the code. If we are going to be fair, we need the facts. If the contractor was told to paint the wall blue, and they painted it blue but everyone thought red was better color then it's inexcusable to blame the contractor.
With politics the way it is right now in DC, I don't trust anything but the facts, I'm sure you do too. Show me the code and contracts, I'm tired of pundits telling me what I should think. Who knows, maybe it's built to spec or maybe the contractors are at fault. Without facts, who knows?
One of the more ridiculous considerations to open-sourcing the code is patent liability.
It's nearly impossible to develop complex software that doesn't infringe upon dozens of nonsense software patents. The gov't and its contractors would be a huge target.
One dysfunctional bureaucracy scared of the policies of another dysfunctional bureaucracy.
- The code is (probably) garbage
- The code doesn't just need to be 'released' - it needs to be exposed
- Then there will be some hard questions: "Why is it garbage?"
- Embarrassment...
- ...leading to a change in the system that allowed this to happen