
Petition to release the source code to healthcare.gov - klarski
http://1.usa.gov/1a1y7Lf
======
fractallyte
So far (3 hours) there seem to be too many posts basically saying, "What good
will it do to see the source?" But all I see is _fudging_ of a very black-and-
white issue:

\- The code is (probably) garbage

\- The code doesn't just need to be 'released' \- it needs to be _exposed_

\- Then there will be some hard questions: " _Why_ is it garbage?"

\- Embarrassment...

\- ...leading to a change in the system that allowed this to happen

------
wavesounds
Bunch of negative nancys in this thread so far. We need to open source this
code so that next time theres an RFP for a government website like this we can
be prepared with an open source solution. Let's not forget its our government
and our tax dollars, if we want it to run efficiently its up to us.

~~~
yeukhon
Open sourcing does not solve problems. The ultimate issues are (1) government
paid an incompetent contractor the job and (2) people who were to suppose to
oversee the contract probably has no effing idea how to do software
engineering.

This means we need to hire better contractors and hire managers who have
technical background and require an audit periodically.

Open sourcing does not solve these two issues. healthcare.gov is not Django
project. You can't install that system and the code is going to be big few
people will be able to do anything about it. Plus, even if you could read the
entire source code, accepting pull request, going through 3rd party security
validation is going to take a while and people are probably not going to take
your pull request.

What we need is to put the incompetent people out of job and hire good one.

~~~
wavesounds
Linux solved a problem, VLC solves a problem, MySQL solves a problem. Its
ridiculous to say "open source doesn't solve problems".

We need to do those things you mentioned in addition to open sourcing the
code. Its our code let's see what we paid for.

~~~
andsosayallofus
He didn't say "open source doesn't solve problems", he said "open sourcing
doesn't solve problems". The verb is very different to the noun.

Yes there are open source softwares that once completed are efficacious in
solving the problems they were designed to solve. The point yeukhon was making
was the act of open sourcing a project alone doesn't somehow inherently solve
problems in its development. At least in this case not the two enumerated
problems he sees with the healthcare.gov project.

~~~
growupkids
So wikileaks didn't solve any problems open sourcing secrets?

~~~
ordinary
Open source is a development model that encourages sharing and redistribution
of source code. It is not a term that can be applied to the making public of
government secrets, which has nothing to do with the encouragement of
information sharing.

When Wikileaks gets their hands on government secrets and puts it on a
website, they haven't made those secrets 'open source'. That word doesn't even
make sense in that context.

Even if I get my hands on the source code of Windows and put it in a GitHub
repository, I still haven't made Windows open source.

------
jamesk_au
It may be right that open sourcing the code behind healthcare.gov and crowd
sourcing improvements to it could potentially result in desirable outcomes,
but it is very unclear whether that is an available option in legal and
practical terms. Legally, because support is likely to be governed by the
terms of the relevant contracts, and practically, because every pull request
will need to be reviewed by a person with expertise who has been engaged for
that purpose (which suggests, contrary to the petition, that the problem
should be solved by a better and cheaper contractor).

Without that foundation, the petition does not seem to have much utility,
notwithstanding its 1000 signatures.

------
jerrya
If the source code is so terrible, and if we still need to rely on it, is it
really such a good idea to release it as open source? How will that help? Will
it make healthcare.gov more reliable? More secure? Less vulnerable? Faster?

Perhaps the source code should be audited, if only to figure out what happened
to the $600,000,000, but it's not clear that that requires open sourcing the
code.

Now, the taxpayers purchased the codebase and the codebase could help states
that did not offer a state marketplace create one. So I am very supportive of
the idea of making it available to various states. But until the thing is
running relatively smoothly, I don't see open sourcing it as doing anything
but delaying the rollout and making it less reliable and less secure.

Update: it turns out John Oliver has taken a look at the code:
[http://www.youtube.com/watch?feature=player_detailpage&v=2Qt...](http://www.youtube.com/watch?feature=player_detailpage&v=2Qtx_ZcHOjw#t=473)

~~~
yeukhon
We don't have to open source everyone source code. Sure it's nice to have
everyone to audit. But how many of us here have the time and even the energy
to read others' source code. Plus, the system is not even installable. It's
like telling Google open source their entire search engine.

We should however demand an audit to be done and the result to be published.

~~~
waterlesscloud
Government source code should be open source by default.

They should have to make the case to keep it closed, not the other way around.

~~~
yeukhon
See my other comments down there. In any case, not every thing everyone does
should be open sourced. There are things you just have to hire smart people to
do the jobs right and open source does not solve issues immediately.

~~~
waterlesscloud
It's not a matter of it solving issues. It's a matter of it belonging to the
public.

~~~
yeukhon
Then surely we can open source F16 source code and publish it on Github.

~~~
MichaelApproved
That has miltitary secrets that you wouldn't want other govt to know and be
able to utilize in their own development of fighter jets.

In the case of web code, there's nothing's new and innovative about the
software that is unknown by existing developers. There is the potential for
exploits but open source can help plug up those holes by allowing the
community to assist in the process.

Sure, dumping the supposed "500 million" lines of code all at once would make
it hard to review but they could release one compinent at a time over several
months/years and vow to release all future code.

On a side note, wouldn't reviewing and repairing govt software be an excellent
teaching tool for schools? How proud would a child be to have their code fix
be accepted into production?

~~~
tutysara
Great point, if something like this is done and students gets into learning
and contributing to open source it is going to have a tremendous improvement
on the quality of software.

------
knappador
Perhaps short-sighted. Audit, yes. Github, no. Totally interested if there's
really a poster-child failure of contractors hawking closed-source tools here,
but we have be be very objective and professional if we ever expect to benefit
implementation of public projects. FOSS is still in a state of having
intellectually won to anyone paying attention without having won in ways that
outsiders can understand, much less support in a context of public policy.

I'm sure the SV approach to MVP's and demanding survival in short iterations
has something to offer, but really it's going to take SV and FOSS together to
figure out how to solve these problems in the first place before we waste two
elections cycles talking about Obamacare and finally getting a $680m fail
whale. We failed long before the exchanges showed up way overpriced and under-
performing.

However, let's say that Obama's 2nd election platform was about a pledge to
lower credit-card micro-transaction costs for all consumers and lubricate
online payments to lower the price of business creation. Stripe, Dwolla,
Square, Venmo, and numerous others are born with a presidential veto to kill
protective, industry-spawned legislation for four years, long enough to
contend to become the Google of payments and totally disrupt banking,
payments, and retail POS. All along the way, as the companies are competitors,
they typically do not exchange value or software really, seemingly over-
competing when all of them will end up writing bank integration software to
get their network into the money system. SV and FOSS seems good at eliminating
dead-weight coders and management practices, but can SV companies effectively
use resources without meaningless competition and duplication of effort? Not
as long as I'm going to be the founder and try to get super rich all by myself
we won't...

This is the problem with SV and FOSS that prevents us from coming up with the
model that solves problems at the society level and involves government
without creating the iron rice-pots that are the seed capital of government
contractors.

------
btgeekboy
I'll play devil's advocate here and assume for a moment that all of the code
was, in fact, uploaded to GitHub/BitBucket/etc today. How would open source
improve it?

Remember that successful open source projects do not operate by simply
throwing code over the metaphorical wall. Meaning, you're not just asking for
the code, you're asking to be a part of a community that needs management. Bug
reports, pull requests, contributor agreements - these cost time and
manpower/money to curate, which neither CGI nor the Federal government are
going to supply overnight. Ultimately, given the rapid deadlines they're
supposedly facing, I'd argue that, at this point, they're distractions to the
actual development team.

------
chmod775
The source was already released once, then pulled again later.

This is where it WAS available on GitHub:
[https://github.com/CMSgov/healthcare.gov](https://github.com/CMSgov/healthcare.gov)

One of the many forks can be found here:
[https://github.com/binlain/healthcare.gov](https://github.com/binlain/healthcare.gov)

And here's also a public 'announcement':
[https://www.healthcare.gov/developers/](https://www.healthcare.gov/developers/)

It really looks like they intended to OpenSource healthcare.gov anyways (or
they already did and reverted their decision later).

------
joeblau
I feel like if the source code is released, things will get much worse before
they get better. I would rather give the contractors time to fix their code
and then release it later. Plus as a developer, an open source maintainer, and
open source contributor the last thing I want to see is a half billion line
program that doesn't work properly. They should probably just start over clean
on GitHub and build it from the ground up correctly.

~~~
growupkids
Which costs us all money. If they really did build the system, as requested by
HHS then open source it. There's nothing to hide. If they defrauded the
government, then it's all the more reason to see the code. It's very simple:
taxpayers paid for this, what did our elected officials agree to, did the
contractor build that or not? If they did, the it's not on them and everyone
needs to stop beating them up, if they didn't and it's way off from what they
agreed to do them they need to be help reponsible.

And before anyone thinks I have no sympathy or am some political hack, I
worked in the Clinton White House and wrote a lot of code for them (24 hours
in cyberspace anyone?) and a few years later I helped build the GSA schedule
system. I know how hard it is tackle politics and design. And that's why I
have little tolerance for waste.

~~~
joeblau
I agree that they should open source it, but I don't think it's finished.
There is a mantra with some companies that say "The product will be ready when
it's done" and this site is not done, but it is launched. With the amount of
code, there are probably hundreds of security issues that could be fixed, but
also may inevitably break the live site once people see ways to hack around
certain components.

I feel like open source is a decision you need to make at the beginning of the
project or spend a lot of work at the end ripping out bad decisions. If you're
saying you would hack on this and help fix it, I commend you.

------
agentgt
I have some internal knowledge of what happened to HealthCare.gov as I was
employed as a major developer of the original proprietary content management
system they we were using circa 2009-2010.

The original Content Management System was Percussion CM System also known as
Rhythmyx. You can confirm this by googling: "percussion cm system
healthcare.gov" (the links will be broken obviously because they don't want to
be associated). One of the things that made Percussion good at scaling was
that it was "decoupled". It was sort of like a massively complex GitHub Jekyll
in which the web pages were statically published thus Percussion would not be
as liable for performance.

Now here comes the OSS irony. I remember distinctly that there was a huge
political push to replace Percussion with Drupal. That's right. Instead of
static pages they wanted a dynamic OSS CMS (not to be confused with the
healthcare CMS entity).

Now I don't know what happened after 2010 because I went off to go start my
own company but I do remember we warned them of using a dynamic frontend for
such a high profile site.

Anyway I have no real opinion on whether or not healthcare.gov should be OSS
but thought that information might be useful for some.

------
ck2
Maybe there is manipulative reason why they used a Canadian company, which can
claim copyright instead of it being owned by a federal entity which would have
to make it open source (ie. like all NASA photos are public domain)

Even a FOIA request wouldn't work against a Canadian company.

That said, it's not a single program. I think it is dozens if not 100+ APIs

I mean just look at this chart:

[http://i.imgur.com/fIbcj3K.jpg](http://i.imgur.com/fIbcj3K.jpg)

~~~
stefan_kendall
The contract for the software would certainly include transfer of copyright.
This is standard. Otherwise the canadian company could immediately sue and
remove the work the federal government had purchased.

------
matponta
Is there a way to predict WH.gov success based on the first few days of
campaign, like there is for Kickstarter?
[http://arstechnica.com/business/2013/10/statistical-
models-c...](http://arstechnica.com/business/2013/10/statistical-models-can-
predict-a-kickstarters-success-within-4-hours/) If not, it would be
interesting...

------
adamb_
I love open source, but I don't think Americans need this.

1\. I'm sure there's little that's technically interesting in their
implementation.

2\. I'm sure much of the code is focused on accruing information from various
external resources (which puts us back in the blackbox.)

3\. I don't need to see the code to believe the site's architecture was poorly
implemented.

~~~
growupkids
I just want to see the contracts and the code. If we are going to be fair, we
need the facts. If the contractor was told to paint the wall blue, and they
painted it blue but everyone thought red was better color then it's
inexcusable to blame the contractor.

With politics the way it is right now in DC, I don't trust anything but the
facts, I'm sure you do too. Show me the code and contracts, I'm tired of
pundits telling me what I should think. Who knows, maybe it's built to spec or
maybe the contractors are at fault. Without facts, who knows?

------
bobbygoodlatte
One of the more ridiculous considerations to open-sourcing the code is patent
liability.

It's nearly impossible to develop complex software that doesn't infringe upon
dozens of nonsense software patents. The gov't and its contractors would be a
huge target.

One dysfunctional bureaucracy scared of the policies of another dysfunctional
bureaucracy.

~~~
flipchart
Maybe it would be a good thing though: might speed up patent reform

