We've all heard about the problems with the Healthcare.gov website, but the problems are so fundamental, and the website is so deeply flawed, that the administration's rhetoric that "they're on it" is meaningless. The website violates the most basic and fundamental principles of web site development. The fix is simple: Insist that the Obama administration open up the code into a public repository, specifically, GitHub, and encourage developers to offer fixes.
Although the website is very fundamentally broken in many, many ways, some of the things that are wrong with it should not have taken a couple weeks to fix. They are easy fixes, and would substantially change server performance. And yet, it's been almost two weeks since the site opened for business, and these basic issues remain.
The most obvious issue is that all of the healthcare.gov's images are stored on healthcare.gov servers. This slows down the site immensely and gives the impression that there are "too many people using it", which isn't accurate. Bear with me as I try to take a layman's approach to this. If you look into the source code of a typical Newsvine article, you will see that the image at the top of the page that renders into "NEWSVINE" points to a larger image that you can actually see in your browser if you go here:
This image is served by something called a caching server, known in the industry as a CDN. Every time a web request is made for that image, it forces the server to use its own resources. All of a site's "static" resources, meaning their images and other supporting files that don't go through routine change, should be stored on a CDN the way Newsvine does it for two reasons.
One, the CDN is designed from a technical standpoint to handle massive amounts of traffic, and serve the images in a robust and, importantly, FAST manner.
Two, it reduces the load on the web server. If the server host charges for bandwidth then you are paying too much if you aren't also using a CDN. CDNs also charge for their services of course, but typically not nearly as much. Amazon Web Services, for example, ding you with traffic charges when you host your web site on their servers, which means you get hit with a small fee for every image served. Their CDNs charge, too, but it's not based on traffic. Instead, they charge about 12 cents per gigabyte of storage. Either way, the less you make your web server work, the better.
Unfortunately, the healthcare.gov web site stores its images on the healthcare.gov. This results in a massive hit on the servers. Simply storing all their images on a CDN would significantly improve the healthcare.gov server performance.
The government servers are getting hammered every day by these kinds of requests: "images/myaccount-registration-login.png", which probably brings the things to a screeching halt during times of high traffic.
This is really appalling stuff for a site this large, where the contractor received anywhere between $88 and $93 million. I've read estimates putting the costs at much more.
Please note that I am barely scratching the surface of what is wrong with the site. And these are just front end problems. Others have found a series of fundamental miscues involving everything from session management to security concerns. One can only imagine what the back end code looks like. You know, the stuff that talks to their Oracle database. The stuff with our social security numbers.
For example, I am still trying to gain access to the site's health care package options, or, in other words, the marketplace. After verifying my account, I can't log in. And it took two days to "verify" the account. It basically now takes me in an infinite loop when I try to log in. I may be verified. I may not be. Who knows? Certainly not their apparently misconfigured Oracle clusters.
Without seeing the back end code, I can't begin to guess what is wrong, but I suspect what we call in the industry a lot of improperly handled multithreading issues. Multithreading is a process for handling different sets of users all trying to use a website application at the same time. If the code isn't written correctly, then when a bunch of users try to navigate or join the website at the same time, the system will break and not push data in and out of the Oracle database servers correctly and people like me will end up in a land of permanent Account-not-quite-established purgatory. Or, ANQE.
I can't even begin to imagine what the security issues are with this site if the misses are this obvious on the front end. Do they properly salt their passwords? Are there cross site forgery exploits hackers can take advantage of? You can bet that plenty of hackers are out there right now, working on this.
Obama was elected on the notion (to use one of his favorite words) of transparency. If Obama wants to be truly transparent, he should order HHS Secretary Kathleen Sebelius to push the code out to a public repository. Developers will flock to the site to help fix the problems with the site, because it's just what developers do. In fact, some folks have already begun to work on the front end issues I've described:
As a point of action, there needs to be a way to push the Obama administration into getting the code out in front of the public somehow. Unfortunately, so far, their reaction to the publicity developers are generating so far has been the opposite. They took down the code that was on GitHub that allowed developers to fork their code into the repository I am linking to and work on proposed fixes. Instead of transparency, we have opaqueness.
So, the ultimate goal should be to pressure the government to put the code on GitHub so that developers can fork the code and work on it. This just means that they grab the code and mess with it - they don't actually have access or the ability to change the real code - that happens through a process that CGI Federal (or better yet, a replacement) would manage.
In other words, we need to #crowdsource #obamacare.
Note that this is not a political attack on Obamacare. I want to use the thing. Right now, I can't. Not without getting on the phone and spending hours talking with bureaucrats.
If you're wondering about who I am and what the hell do I know, I was a software engineer at eBay and PayPal for eight years before starting my own website https://createamixer.com/ which gets a grade of B from Yslow with one developer and zero budget. That B grade will ultimately be fixed, but I'm only one person. I know how to improve it, but I just haven't had time yet. Given CGI Federal's budget, it would sure as hell not be a B. Much less a D.