Hacker News new | past | comments | ask | show | jobs | submit login
Mygov is a ‘huge disappointment,’ key architect despairs (innovationaus.com)
136 points by ahonhn on May 5, 2022 | hide | past | favorite | 187 comments



This way more serious than a 'huge disappointment'.

The platform seemed to be based on some weird 'forms' based application builder when it was released ten years ago. It is flakey as hell. Ugly I can deal with, we have ebay and it still works fine, but even the most basic things you would expect, for example when you press tab the cursor to follow the order of forms on the page, does not work. Often when you submit a form the focus ends up on some text field.

The integration with other services, such as Medicare, barely work. I have spent endless calls on the phone to near useless support staff trying to get emails reset for old mother. The support staff are friendly but don't seem to have any ability to do anything but reset things that take several hours to complete.

The tax and business functionality is completely senseless. They got the paper forms designed in the 50s for batch mainframes and coded them into web forms. You have to do things like copy the same value into multiple fields marker T8 and T2. The instructions say just that: "Copy the value from T8 to T2". If you don't it fails.

The article mentions the huge problem with them having no in-house expertise so they bring in consultants. I work here in Sydney and I know, from first hand experience working with them, these large consulting companies have the same or less technical expertise. What they do have is huge sales teams and even larger teams of project managers. The odd technical person they have is spread across so many projects they are pretty much useless. They employ hordes of off-shore developers that are managed people with little or no clue about anything.


I currently work in NSW Health. The quality of what we deliver is to the bottom. Millions of dollars spent on project that have 0 unit test, 0 integration test where we as developers don't have any ability to talk to users. Every piece of code I see has inconsistent style with nobody bothering to write clean code. I am trying hard to bring more best practices and less cow boy programming but this might be a lost cause if you're not a professional politician. Everytime I hear my wife talking me about budget cut in her hospital as a nurse, I cringe of the absurd waste that happen on the application development side I'm involve with.

Your mileage may vary, some team in the gov are doing some wonderful things like service nsw which has been creating component libraries available for most popular framework and mock tools: https://www.digital.nsw.gov.au/delivery/digital-service-tool... Unfortunatly the internal politics make it we can't use any of the stuff they do in the part I'm involved with


Well when you work for the government you never see a dime for improving things, and as a leader you get more prestige and promotions by having bigger budgets and head count, so all of the incentives are misaligned.


You're in eHealth NSW or Ministry? reach out for a chat. We could have an interesting conversation (platform deployed in 10 of the LHDs)


Wild this connection is happening on HN and not some internal water-cooler system where teams could work together.


Many years ago I did some consulting at Telstra and I needed a billing module for their upcoming online gaming platform. Another division had almost the exact thing I needed. I asked my stakeholder if we could reach out and talk to those folks, get a copy of what they'd done and implement with few changes. He almost laughed out loud at the suggestion and told me it would just be far easier to a new one from scratch.

Internal barriers are sometimes far greater than external ones.


I also work in government and my process is this: find the number of the lowest ranked person on the team I need to talk to, and call them directly. Follow the official channels after you have gotten verbal approval.


Internal barriers are sometimes far greater than external ones.

Yeah it's like a law of reverse propinquity in government. Working with a team next to you in the org-chart is completely impossible. Working with people far removed from you in the department is easier. Working with other departments easier still. Working with private firms and other governments easiest of all.


This is probably why remote work will fail in the long run, and why return to office is a good idea.


You've never worked at a large enterprise, have you? You'll at most interact with people in your direct product group, which are likely well below 100 people. IME often even below 50.

You're delusional if you think that the people being in the same building changed that whatsoever. And especially if you think that connections across buildings randomly happened without a specific goal.

Sure, you see them in the hallway or in the street, might even nod into their direction if you're feeling particularly social that day... But that's it. And people working in different cities might as well be separate companies.


Could be worse. I’m the whole team in my provincial government for the dev work for most of the forms for our government. Be careful what you wish for.



Way back in 2016, I worked on a project for QLD Health, and it was no better than what you just described. Took years off my life, I swear.


>these large consulting companies have the same or less technical expertise. What they do have is huge sales teams and even larger teams of project managers.

This is correct. Consulting is 100% marketing. It appears the problem is, how does a team of actually skilled engineers who wants to get a start in this business compete with these sales companies? The people hiring them have no clue, hence why the marketing is the most important thing, and many of these companies have inertia from a bunch of previous projects they can use in their marketing.

I feel like actually good engineers have the least social contacts, and it is these social contacts that provide all of the opportunities to start building a client-base. This seems to be the case with society in general. Everything is decided by social relationships, and the best engineers are the worst at creating these relationships, or are actively excluded from them as some sort of defence mechanism for social people to maintain power. Hence why we end up with a bunch of terrible products and software. It is all bundled up in a cocoon of social contracts.


> how does a team of actually skilled engineers who wants to get a start in this business compete with these sales companies?

You don't. There's an inverse effect where you don't really want the clients that go for these big consulting companies because there's just as much crap on their end and they'll drown your skilled team in bureaucratic nonsense. You want the smaller clients where your technical skills complement their domain knowledge. There's still a lot of marketing and management, but the people that actually do things can talk to each other.


> The people hiring them have no clue, hence why the marketing is the most important thing

This observation is absolutely spot on. An ignored element of meritocracy is visibility -- and, perhaps, as you suggest, inertia. And then we end up back at the black hole of designing the 'right' incentive schemes...

sigh


>The article mentions the huge problem with them having no in-house expertise so they bring in consultants.

Just so we're all clear here, this is by design.


Why do you think this is?

The UK central gov is a notable exception, (if you exclude the corruption with track and trace) why might that be?


The stated reason: Outsourcing improves efficiency and decreases costs.

The real reason: It provides a mechanism for political kickbacks, vendor lock-in, and shifting blame.


> Why do you think this is?

Successive Australian governments since the early 90s have expanded public service outsourcing dramatically.

Here's a comprehensive discussion from the early 00s: https://www.aph.gov.au/About_Parliament/Parliamentary_Depart...

The basic argument is that competition reduces costs and improves quality, therefore we should introduce competition into the provision of services to government.


There was also a pretty basic SSO security issue a few years back, and I tried and tried and could not find anyone to report it to beyond regular customer service. Maybe they've fixed it but basically you click to look at tax stuff, it takes you to ATO online services, you click back to mygov then sign out. Sign into another account and click and now you're looking at the original person's tax stuff since it's still signed in. Not a problem for myself and my wife, but potentially an issue for abusive relationships or shared resources like a library computer.


The experience of many reporting security issues to the Australian government is to be harassed, so I'm sure many such issues have been picked up by people and not reported out of fear or just not being willing to deal with the drama. One wonders how much this applies even to the developers.


Yeah having worked in a big company or two, "you find it you own it" is a real issue. Easier to keep your head down when you know it'll be an 8-month back-and-forth meeting-fest to fix a basic issue.


Another similar issue is, if you see a huge problem that will take lots of time to fix, and, if you take it on, your timesheets don't have enough time on the other approved new work codes. For this you will eventually be punished in the corporate way, sidelined, no promotion, no pay rise (.5%) and assignment to failed projects where anyone else who worked on them has long gone.

The net result of this is a wasteland of rubbish as far as the eye can see.


> They employ hordes of off-shore developers that are managed people with little or no clue about anything.

Not for government contracts. This fuck-up is true blue 100% Made in Australia.


Not true. I worked for large multi-national contractor on a current Australian government project. 90% offshore "talent". Most of the time these employees actually had no previous work experience; just some training offshore and then projects on their CV were a complete fabrication. I'm assuming the contracting company does this on purpose so they can charge at a much higher rate.


The contractor employs the off shore workers, not the Government, but the problem bis that the people who sign off on the plan of work have little to no experience.

And why would you continue working for the Government when you could make 50% more even working for a dogshit company like Accenture?


Most of it. Some of the Australian contracting companies some government projects are handed to use external contractors themselves to varying extents. Though I do believe it isn't that common as IIRC most contracts explicitly disallow it.


I think this is all a bit harsh. Compared to having to front up to the tax office or Centrelink or (in NSW) the RTA to do things, MyGov and the Service NSW system are a modern miracle.

You can quibble over what needs cutting/pasting or whatever on the ATO forms but the system it replaced (the execrable desktop app), the ATO MyGov interface is so far ahead it isn't even funny.

However, I've never had to deal with their helpdesk.


Think my phone died or something. No problem, should be able to log in to MyGov and set up authentication again.

Nope. Had to nuke the whole account and start again. Had to relink all services. Lost all communications in the "inbox".

I had to laugh. The alternative was too frightening.


Same thing happened to me just the other day. Including the forced clenched teeth laughing to avoid the alternative.


Sounds like a classic government IT project failure. They basically codified their internal Kafka-esk bureaucracy in UI form and projected their collective incompetence by insisting the project must be built exactly according to their (wrong & incoherent) requirements. I can imagine the long documents. This is classic waterfall. They would have insisted on that even. The project was doomed as soon as they started writing those documents.

So, they got exactly the thing they insisted on. And now they are blaming the consultants. Bureaucracies work like this: they are full of useless people defending their existence by participating in endless meetings that will find creative ways to deflect any form of responsibility and accountability. So, bonus points for meetings with consultants. The more expensive the better.

Pass it up the chain to the politicians who will be long gone by the time the whole thing blows up. They absolutely love that; do what the expensive consultant says. Which is of course echoing what they were told by the incompetent bureaucrats. The bigger the egos in the room, the dumber the plans get. Usually these projects start off fine and then some moron pulls rank and derails the whole thing by insisting on adding their own requirements to the pile. Big expensive projects attract that kind of behavior; it's almost inevitable. And then some politician signs off on it. Job well done.

The consultants bill by the hour so they don't mind the endless bullshit and they take notes. And then they do as they are told to take the money regardless of whether that makes any sense. There's almost no way for a happy end in such a situation. Don't blame the consultants; blame the career bureaucrats and the politicians for being absolute idiots, again. This outcome was 100% predictable 20 years ago.


Completely disagree. You've absorbed the right wing mantra that Government workers are bad and incompetent. Actually the politicians have stripped the public service bare, capping staff levels at absurdly low levels, because they get big donations from consultants (and cushy post-politics jobs), and they somehow avoid blame for failed projects but outsourcing.

The politicians promote the staff who tell them what they want to hear, and independent advice has been lost.


I actually consider myself a bit left of center; definitely very moderate. Certainly by any US standards (hint, I don't live anywhere close to there). So, I kind of resent the gratuitous labeling a bit.

This is a simple case of objectively government projects around the world failing over and over again for more or less the same reasons. There are quite many studies on that topic. Lots of nice articles that get written whenever another one fails. So, that's not a right wing mantra against big government but a nice argument that maybe they should try doing things differently. Especially considering that there are some well run countries with more success on this front. Quite a few of those countries are what you might label classic big government states. I lived in a few of them (Sweden, Finland, Netherlands). These three have had some duds but also some successes when it comes to government IT projects. Overall well run places.


Even left leaning people have absorbed right wing economic thinking! Every economic think tank repeating the mantra that Government employees are fat overpaid bureaucrats that can't deliver projects.

All software projects are fraught with risk, but when no one takes responsibility for the outcome, and particularly when the people who generate requirements have no stake in its success, the probability of failure increases rapidly. The de-skilling of the public service in favour of advice from highly paid consultants, often the same ones who provide the services, means no impartial advice or trustable expertise, so governments can't be smart buyers.


Exactly this…

They are not willing to invest in quality dev/product/project managers instead they pay below market rates (see jobs on seek) yet there are endless budgets for consultants and outsourcing.


Government has frozen APS salaries for a decade, and refused to have pay rates based on specialist roles (except lawyers). They are capped in headcount so they can't tackle really big projects like myGov. In contrast, the Government has no cap on consultant spending.


That last part appears to be changing if there's a new government at the next election.


“The argument has been that you employ consultants and commercial providers to do this sort of work based on the fact they have skills you don’t, but had it not been for the fact we’ve lost so many skills we wouldn’t have needed to do that.”

This. How can companies/governments still think that you can "outsource" IT, when technology is not only tightly integrated into the fabric of what a modern company is, but nowadays a solid technology capability sets the high performers apart from the laggards. It's just as ludicrous as outsourcing the HR, sales team or the executive office.

Unfortunately unlike in the real world where these companies will become uncompetitive and dissolve, we are stuck with our government and their outdated operating models...


> you employ consultants and commercial providers to do this sort of work based on the fact they have skills you don’t

The irony is, it's nearly exactly backwards.

I have literally never seen effective use of consultants and outsourced work like this except in one situation: where you DO have the internal skills. Pretty much the only way to get any value is when you have highly knowledgeable and skilled people with strong engineering background managing the process.

Of course, convincing highly skilled engineers that it's a valuable use of their skills and time to simply manage a bunch of outsourced consultants when they could be directly managing a team somewhere else is a challenge in itself.


You are obviously right with needing local knowledge first. But I've seen two types of well-used consulting:

1. A small team needs to integrate with an external data source. They figure out it's better to keep own engineers focused on the business logic and bring external folk for the (hopefully) one-off task of figuring out the idiosyncrasies of the thing.

2. A large company needs to push the edges. They hire someone with a PhD in the general area, who then points at the exact professors needed on board to get the edges pushed.


Regarding number 1, then expertise to support the thing is lost when the project is handed over.


I suspect that's why the department of works, well, works. If they order a bridge, they almost invariably end up with a nice looking bridge that carries cars, doesn't fall down, and generally meets expectations. Ditto for a building, a road, an airport ... Its not just the department of works either, when their private counterparts order a rail line spanning 1000km to carry millions of tons of coal, they generally end up with a working rail system that does the job.

But order when IT naive organisation orders new IT system from a third party and you usually get a cluster fuck. And the tribal claims here it's because "gobermant bad" notwithstanding, it's universally true, meaning it happens just as often to private organisations as it does government ones.

It does make you scratch your head and wonder why IT is different.

Regardless of whether it's a bridge or a IT system, there will be a consultant's marketing team spinning a very attractive vision of smoothly delivered sunshine and unicorns to someone who needs sunshine and unicorns to get a lift up the org chart. The only hope an organisation has against that is someone the leadership trusts, someone who can say "That beautiful and convincing power point presentation is like someone promising to delivery nuclear powered cars - they either have no idea what it would take, or are outright lying. If you fall for it you won't get a promotion, they will get you fired". And the people who count believe them. (We had a high profile politician in Australia who was sold a vision of nuclear powered cars - https://www.facebook.com/watch/?v=216653896514005.)

My favoured theory at the moment is IT is too new for software engineers to earned that level of trust. An engineer's career lasts 40 or 50 years. 40 or 50 years ago, Uni's were churning out civil engineers, mining engineers, every conceivable sort of engineer except - software engineers. And worse, right now, we need a _lot_ of them. Not every org wants to build a road, or a bridge, but it really is true software is eating the world, so every org's beyond a certain size wins really does need a custom IT system to support their magic operational sauce. As a consequence, we are seeing IT salaries going through the roof.

It's a great time to be a software engineer, not a great time to be needing one.


When I consulted for Fortune 500s, I was regularly proposing in-house solutions that would be carefully tailored to and integrated with corporate KPIs.

They'd nod their heads in agreement, pat me on the back for the sage advice and themselves on the back for bringing in that sage advice, excited about things that would clearly bring in billions in revenue.

Which then never actually happened.

But you could have the crappiest most conartisty 3rd party offering at a ridiculous price tag that they'd gleefully throw money down the drain with, and then the next year I'd get brought in I'd be met with reluctance to work on whatever I was proposing because "oh, we tried that."

No, no you didn't.

Eventually I got tired of being a professional Cassandra and left the industry.


Some of the biggest tech companies in the US outsource much of their “innovative” work to consulting & IT service firms… what’s your basis exactly?


Can you provide any notable examples?


> How can companies/governments still think that you can "outsource" IT

becuase they have the budget and others do not. It really is that simple.


Really, this article is just a whinge. I'm an Australian. MyGov is fine, I interact with it as a citizen regularly. Government needs to outsource implementation of this kind of stuff because it's extremely hard to build software teams and manage their performance in permanent government roles. And those costs are reasonable - particularly for anyone that builds teams of software engineers and knows what aggregate team costs are like in Australia.

The hard part of the MyGov platform is the inter-department stuff, and I don't think that's a software issue, that's bureaucracy.

MyGov isn't perfect, but it's fine.


> it's extremely hard to build software teams and manage their performance in permanent government roles

this problem should be solved by making it not-hard to build the teams etc, not by throwing 10s of millions of dollars at vampiric consultants

it seems it is far less risky to bleed money than it is to make any kind of meaningful change to the way gov depts are run


It’s difficult because civil service is designed for stable professions, clerks, attorneys, finance people. IT is too variable, and it’s usually impossible to attract mid career talent. So you hire early career talent, especially second career people, and “grow them”.

Usually gov IT is not a sexy place for smart political people to land. That is the key talent you need. You can always get smart technical people. Big 5 consultancies will deliver, but you need to always keep them afraid, and that’s a political problem.


Smart IT professionals specifically EXCLUDE working directly for Australian government organisations because of the dysfunctions and politics. Even being one of the consultants working 'for' them is bad but not as bad as being directly employed if you prefer doing IT to politics and bs.


I mostly second this. I use MyGov mainly for taxes, and it is fine in that regard.

To be honest, my interactions with the Australian government websites + apps has mostly been positive. There are some truly horrendous websites from other nations' governments out there.


I third this. Honestly have been pleasantly surprised by the fact that an IT product produced by the Government is fit for purpose.

Minimal bullshit filling out parental leave, getting our daughter a Medicare card and filing our taxes.

Worlds better than the old e-tax system, and significantly better than the UK's online portal too.


That's what I was thinking too. For tax, MyGov is so much better than the e-tax system was. It saves a lot of time.


You mean it's extremely hard to hire a full team of competent people when you're tethered to the APS pay scale and the federal government won't let you increase public servant headcount.


And those competent people would have to put up with career position squatters who can't be fired but are just obstructive, or political career squabblers as bad or worse than private sector.


> MyGov isn't perfect, but it's fine.

Sure. But then why have they spent tens of millions of dollars trying to build a new version - https://beta.my.gov.au - that works the same or worse?


I switched to beta a month or so and I can't even tell what the difference is, other than it being slightly shinier.

MyGov just seems like a portal containing bookmarks to various other services anyway, right? It consolidates your records for Medicare, ATO, and if applicable, NDIS, Centrelink etc. Seems kind of basic. Although I understand there's a lot of hidden complexity underneath these things, especially surrounding ID verification. But even so, I couldn't tell you the difference between the old mygov and the beta version.


That's part of the problem noted in the article: they haven't even implemented style changes that they could have - why are simple changes taking so long?


"it's extremely hard to build software teams and manage their performance in permanent"

Nk it's not - if we are talking about ordinary 1x develooers making ordinary web services, this is a normal job. Uk government has them.


Agreed. If people think MyGov is bad, they should try using ASIC. Absolute god damn nightmare


Ah, yes, the ASIC portal is hot garbage. I don't think it's really changed from when it was slapped together in the early 2000s...

No reason they couldn't put some money into fixing it - they're absolutely flush with cash from charging every company in the country an annual review/audit fee every year and then doing very little actual auditing... It's basically a $280 (and increasing) fee every year for them to just send you a letter with your company's name, registered address and list of directors. It's a massive scam.


Agreed, I’ve linked several services over the years and it all works when I need it. I can’t imagine the struggle it would’ve been to get all the various ancient systems and bureaucracies working together


I think you're missing the point. For the amounts paid given the relatively small tasks involved this whole thing is outrageous from a tax-payer's point of view: how much of even your personal tax dollars went burned on this? What else could that money have been spent on?


>how much of even your personal tax dollars went burned on this?

Australia has a population of 26 million, so that's like $1.50 per capita, once, to create a new system that will reduce the amount of bureaucracy and bullshit in our lives.

I'd gladly pay 50x that amount if they could get VicRoads on board.


Australian here, I think the comments here overstate how bad MyGov is. I'm in my mid 20's, and I have literally never had to call any federal government organisation, visit any service centre or post any forms. For my entire adult life, all of my interactions with federal services have been through MyGov. This includes taxes, welfare, healthcare and education...

I can only imagine how colossal the undertaking must have been. MyGov ties together our largest, most bureaucratic organisations. Imagine being tasked with such an project, building the web application is the easy part, you also need to convince a country's largest organisations to change how they operate.

Considering this, I'm actually surprised how good MyGov is.


I don’t want to make assumptions about how you use the services in MyGov, but the experience of my family and friends has been that, if you require any service which is at all out-of-the-ordinary or needs a pair of human eyes looking at it (whether or not it should - there are plenty of broken processes at Centrelink, some might say that’s by design) then you need to make a phone call, because the function to perform self-service is simply not there. I have also had fairly good experiences with MyGov - but my interactions with social services are fairly boring compared to the needs of many people.

Edit: the problem here of course is that if you make a phone call you can expect to wait in a queue for many hours.


I've had to call up to get healthcare stuff connected, but I'm actually surprised that the system isn't as bad as I'd expect.


Im in the same boat, except Im older, but i agree with everything youve said.


This seems to be mostly talking about the 'new' mygov.

The new goal was to provide a unified front – users would navigate through MyGov based on their needs and goals and be sent directly to the relevant forms and info from all departments.

EG – instead of going to Centrelink and seeing only JobSeeker, or going to the ATO and seeing only JobKeeper; you’d go to 'COVID relief payments' and see a clear explanation of both, and you’d be able to apply for either one directly.

But in the beta… it’s basically just Centrelink. In the entire 'Health' section, the only medicare service mentioned is the proof of COVID-19 vaccination.

The end result is that https://beta.my.gov.au/en/myaccount/dashboard/ is basically the old mygov, and the rest of the site is a mirror of https://servicesaustralia.gov.au .


Let me provide some background information for people who aren't familiar with the agencies involved in this (Centrelink, Medicare, and the Australian Taxation Office).

These places have some of the worst-run IT departments on the planet. I can say this with more than a little evidence. As a consultant, I've worked on over a hundred customer sites, all the way from tiny private companies up to federal government, including all three of those agencies. I've seen how IT is done at just about every state government office in my state, and two dozen in other states.

There just is no comparison. Centrelink especially is so fucked up that people think that I made up my stories about my experience there. It's crazy beyond belief.

The sheer scale of it is amazing. They have over 1K IT staff in one building, and spent $2B on a single software upgrade project! They have huge teams for obscure tasks that other large enterprises might have just one or two people doing. There are Big Name consultants everywhere. Direct vendor support, often flown in from the US, which is otherwise rare around here.

Despite all these people, money, and support, nothing works. Nothing. It's all broken. Everything. Every part. It's a sight to behold.

I wrote a report for them about a key security system where I pointed out that out of something like 50 settings, 47 were incorrectly configured. The only reason it "worked" is because the errors cancelled out. That is, it was incorrectly rejecting valid access, but another error meant that the rejection was being ignored. And so on.

Similarly, their core authentication system was supposed to be distributed and highly available, but the main architect put all of the servers into one rack, one on top of another. He said with a straight face that a product that is well known in the industry for its efficient wide-scale replication is "bad at replication" and only works if the "network cables are really short". He meant 30cm, not 3000km. A power outage took out all three "redundant" controllers, and so something like 80K staff spent several days staring at login prompts on their monitors for a few days.

I could go on, and on, and on. I have a whole collection of stories like that.

The most amazing part is that I was only there for a couple of months, yet this short time period yielded 8 of my top 10 horror stories from the field.

It's also the only workplace setting where I had ever seen a man cry. For work related reasons. Several men, on several occasions.


Imagine trying to turn around an organization like that. Must be an interesting challenge.

The sheer amount of technical debt, legacy systems, dysfunctional team processes and culture. Not to mention the sheer motive inertia needed to change anything in that environment. Moving in any direction will have 1000 other things breaking/popping up to steal momentum. A Gordian knot impossible to untangle.


I was a hero briefly when I programmed the MFC copier at a govt agency to allow staff to scan to their desktop directly. This was one of those SUPER fancy ones (think 5 year overpriced contract with total cost of $120K) - it had every doc mgmt feature under the sun, but could ONLY be used for copying (no print, no scan no anything).

Some update reverted system, and IT was unhappy when staff asked for the feature back. Team asked me to help, I said if IT has said no I dare not.

So back they went to their old solution, which was to send someone 2x per day to a local copy shop and FAX at $3/page stuff they needed electronically in the computer, because they had a digital fax service they set up.

I kid you not, this is the only in govt type thing. They ban scan to USB / scan to network etc, but then demand stuff be uploaded electronically to some new system - what are folks supposed to do. 90% its left hand right hand stuff. IT security folks don't talk to anyone and lock systems to nth degree (no scanning, no USB). Then someone else NEEDS paper available electronically for some reason (upload to a new system).

The more money spent the worse it is because you can't actually talk to anyone. Once its $100M+ staff are just not in room there are so many layers.


> Imagine trying to turn around an organization like that. Must be an interesting challenge.

Most good devops book tells you how to do that. You scan for people who have the right skills and who actually care, as opposed to people who are at the other end of the spectrum who think that if it ain't broken don't fix it and "why change it we will have to support this stuff later".

Then you go commando and secretly pick projects with low cost and high return that would not normally get the go ahead. People copying Excel sheets full time? Automatate their job away. Full time sysadmin setting up one server a day? Would be a real shame that you have a docker container ready to use when he has an emergency and doesn't have time. Bonus success points if you do things that also help your fellow devs.

In a government settings, and in any large organizations, you will need to have upper leadership support otherwise this will always fail and all of your efforts will be undermined and suppressed. Be sure to leave an employee review on your way out and name names to HR.


The thing about those gov departments is 'many' people are there for secure jobs with low effort and actual work. They actively work against change.

So yes upper leadership support is required, but you also sometimes need to pull things out root and branch, at least enough to scare those people into changing their life when they have a psychology of never needing to change again once they built their public service fiefdom.


>Centrelink especially is so fucked up that people think that I made up my stories about my experience there. It's crazy beyond belief.

I know this is just an anecdote, but a guy I met who works at the DHS told me that, the online forms that people fill in are "printed" to PDF then manually entered into a database system from the 1980s.

The reason they don't update to a newer database with a proper API is because that would require taking the system offline for maintenance.


I worked for the APS as a very junior programmer 10 years ago.

To interact with our database we had a custom JDBC driver which used a VT100 terminal emulator to connect to what had at one point been a user-facing mainframe application. When a query was executed, the driver would:

- Emulate a user entering a series of key-presses in the terminal to navigate to the correct screen in the application.

- Tab to the query input field, enter the query, then send a return key-press to run the query.

- Read 20 rows of output, then send a key-press to show the next page of results, rinse and repeat.

- Parse the array of rows-represented-as-strings into properly types objects.

- Repeatedly "press" escape to get back to the main screen so that the application state would be ready for the next query.

One of my first tasks was to make this driver work with a column type that stored binary data.

I kind of admired the ingenuity.


> Let me provide some background information for people who aren't familiar with the agencies involved in this (Centrelink, Medicare, and the Australian Taxation Office). These places have some of the worst-run IT departments on the planet.

You can add Australia Post to that list as well. Even though it is now technically a corporation, it still carries the stench of its public service roots.


To add extra spice to their already broken organisation, Australia Post acquired StarTrack for parcel delivery.

I witnessed an operator in the distribution centre wait a solid thirty minutes for a key lookup in their database. I timed it with my phone. I had time to get get lunch and come back.

A key lookup. Literally the consignment number.

I grilled him a bit on the details, and it turns out that all single-row lookups take that much time. Name, phone number, or any other details all take about half an hour to produce a result.

There are parcel delivery services that can deliver door-to-door faster than their IT systems can look up a record.

It's a flabbergasting level of incompetence, but I'm told it's been like that for years, and that they were told not to fix it because during the merger they were to "put tools down" and not spend time and money on anything that Australia Post will fix anyway.

I suspect it's still just as broken.


StarTrek ran on top of Teradata I believe, although I don't recall it being quite that bad.


It's clearly just a missing index (or indexes) somewhere.

The guy explained that it has been "slowly getting worse" over many years, which is what you'd expect if there's table scans going on over a steadily growing volume of data.

IMHO, this is such as prevalent problem that it's the pandemic disease of SQL databases. They really should have indexing on by default for most columns, with the option of disabling unused indexes (perhaps even automatically).

Instead what happens is that 90-95% of all databases are 2-5 orders of magnitude slower than they ought to be, because developers are just unable to grasp these fundamental concepts. Developers haven't gotten any better at this over the last three decades. The tools have to get better to compensate instead.

PS: Almost all "no-SQL" databases are automatically or implicitly indexed. When people say that they're "much faster than SQL", I just assume that this is one of the biggest reasons. They're not inherently faster. Instead they're faster by default.


> They really should have indexing on by default for most columns, with the option of disabling unused indexes (perhaps even automatically).

Oracle does that. I think it is not enabled by default, but once you turn it on it's pretty much automated. It creates, rebuilds, and drops indexes based on the application workload.

There are third party tools for other databases (such as Dexter for PostgreSQL).


As a customer and tax payer, Aust Post gets top marks for actually contacting me after I submitted a message about not being able to login, then passing it on to an IT person who rang me a couple of days later to say it was fixed.

The vast majority of companies who promise to get back to me never do, yet Aust Post called me twice to investigate and resolve.


Australia Post IT has it's problems, but I don't think it's really much worse then similar sized private sector IT, the banks are a nightmare.


Having worked in both Aus Post and banking environments I can assure you that Aus Post is worse. If you had seen inside in the debacle that was their "digital mailbox" project you would know what I'm talking about.


Haha, I worked for a wholly owned Auspost subsidiary during the inception of the digital mailbox project, we did some work for it in the periphery. The execs would talk in breathless terms about how innovative it was, and how agile the delivery is, and how we should try to emulate their success.

AP is a big place, and so are the banks, I guess my views are informed by my personal experience, but at least personally, I've found the banks to be more dysfunctional internally.

I guess everyone's experience will be different though.


I have a small business account registered to my home address (as a MyPost Business sender), so whenever I buy a parcel from anyone it emails the business that it's coming. They just do an address match on their side and email the business even if I gave the store my own email. Totally annoying and a privacy issue, they don't care and couldn't tell me how to fix it.


If I understand the issue correctly, you buy something online, giving your personal email address and home address. But because the home address is the same as your business address, AP 'intelligently' sends the notifications to your business email address?

What happens if you set up an AP MyPost account with your personal email address and home address?


They also associate by mobile phone number and name matching based on one reply I got to my ticket.

They suggested changing the name on the business account but that would just shift the issue to someone else unless we use a fake name. And I think it did not let me do it when I tried, it's been a year or two so I forget some details.

> What happens if you set up an AP MyPost account with your personal email address and home address?

I did, I can't remember the details but it didn't work. I think it prevented me from adding one type of data because that was already in the other account as a unique identifier (possibly phone number). I just tried today though and it let me add my number, so maybe that fixed it finally.


I'd rather deal with Australia Post 100 times in a row than ever have to talk to DHL ever again. Those guys really suck.


Worked at Services Australia up until the end of last year. Horrible place to work things moved at a snail pace. Constantly fighting fires and dealing with other organisations being merged into us. Much happier now that I've moved :)


> 50 settings, 47 were incorrectly configured. The only reason it "worked" is because the errors cancelled out.

I think you just don't understand security through obscurity bro.


> These places have some of the worst-run IT departments on the planet.

Reminds me of when the ATO didn't configure their SAN properly and lost... 1PB of data.


That's at least two catastrophic errors: Incorrect SAN configuration and missing backups.

PS: I worked at another department where they similarly misconfigured a SAN and made it highly vulnerable to multi-week outages due to even a single failed drive. I insisted they fix it, and my reward for this was seething hatred.

"You're just making us do extra work!"

"It's not a problem right now!"

"We have other priorities!"

Etc...

They literally refused to touch anything that's not on fire. Merely smouldering is "fine".


In my opinion this is the real root cause of the gov org dysfunctions - so many workers go there who actively resist change and improvements. They want to be mediocre/lazy at work and don't want anyone showing them up, and they don't want any change because they just want minimum effort for stable income and a pension.

Not everyone maybe it's only 10-20% or whatever, but a higher percentage than in private sector, and the percentage is that high that it ruins the workplace and actively drives good workers away.


How does corruption like this go unpunished?


None of what I witnessed going on there was technically illegal. It's not actual graft, it's just incompetence combined with a highly diluted sense of responsibility.

There's also a sort of "rocket equation" to bureaucracy where additional staff begets more staff. Or overheads beget more overheads to deal with the overheads. And just like how with rockets the key thing is to have a fuel with good specific power, scaling an org depends very heavily (nonlinearly!) on the efficiency of each person. Conversely, if you have inefficient, incompetent, and unmotivated staff but try to scale up, the inevitable consequence is that you end up in an exponential cycle of compounding inefficiency without limit.

At this place I could not get a single VM deployed to PRD despite three months of focused effort. It just could not be done!

Hence the comments about the hilarious 90 day sprints. Well... yes. That's the fastest pace at which they could possibly move! Some manager probably patted himself on the back for a job well done! That's an "agile" project relative to the multi-year monstrosities they normally give birth to in that place...


I don't think it's corruption so much as the public sector getting harvested for parts via privatisation and outsourcing to contractors.

The usual cycle goes like this:

- "We need to decrease costs in public organisation A because $reason"

- "Hey look, public org has growing wait times and growing infrastructure issues. We should reduce their budget because they're not doing their job!"

Rinse & repeat until you're left with Centrelink's current state. They don't have enough money to make the changes needed to clean up legacy systems AND process the work loads they have now AND maintain the current systems, so a choice is made by people in a sinking ship. Around 2014 the amount spent on "admin" was gutted by half with the election of the Liberal party (small govt party in AU), with funding only recovering to the previous levels during 2017.

edit: formatting (bullet point lists and newlines are hard)


I don't believe this was the problem in this case. As mentioned, they were blowing $billions on individual IT projects, and hiring vendor specialist consultants at $4-$5K per day in many cases. Similarly, their kit was over-specced to a ludicrous degree.

I asked their DBA team to deploy a ~100 MB "system configuration" database and they gave me four dedicated(!) physical quad-socket servers in a 2+2 HA configuration. The active server showed 1% load, the three replica servers rounded the load down to 0% in Task Manager.

All that for that one tiny database!

Their excuse was that this was their "standard pattern", and that everyone gets the same spec, irrespective of need.

In any private org, you would be walked out the door if you spent nearly half a million dollars on kit+licensing for something like that because you were too lazy to have more than one option for database hosting.

PS: There was a huge database team. You can't tell me it was a staff capacity issue either. This particular product had it's own sub-team dedicated to it.


I'm wondering if the consulting company I used to work for is behind this. Hardware sales were behind many decisions, because that's where the sales team made commissions.


> Around 2014 the amount spent on "admin" was gutted by half with the election of the Liberal party (small govt party in AU)

Inaccurate if not misleading. The Liberal party are firm believers that private companies do everything better than Government. Pretty much the UK conservative party in function and form


Yeah, the pattern has been a massive increase in spend in consultancies (especially the big 4) for things that the public service used to do itself. I believe it's over a billion dollars per year to the big 4 now, from tens of millions p/a back then.


Hardly surprising when you consider the liberals renegged on their campaign promise to establish a federal ICAC...


Market discipline does not exist on state actors.


I honestly feel that whoever complains about MyGov never had to perform these bureaucratic operations in a country like Greece. The fact that one can interact with some of the biggest and slowest-moving agencies in the Australian government from the comfort of their home was mind-blowing to me when living in Aus.

Maybe having to queue up for 3h in the cold to be greeted by a grouchy underpaid public servant that would have you queue up again next week (the Greek experience) until you have to call some person you know to do basic things like renewing your passport has lowered the bar too much for me.

Let’s not forget software is hard in the best of environments and archaic governmental offices and processes aren’t exactly conducive to development velocity and quality


At the same time, it's easy to think Australia's doing a good job if you've never experienced well-run government services (like Singapore). What's more, Australia's online services have somehow managed to get worse every year since around 2010.

Last I checked, there's still no way for me to lodge a corporate tax return electronically, it needs to be via paper or an agent. SASIC failed to notify me - by either physical mail or e-mail - that an annual fee was due, slugged me with a late penalty, then refused to reverse it when I complained and showed that their own online system had no trace of an invoice. MyGovID (or whatever its latest incarnation is) literally took an hour to validate a passport scan. My mother just returned from overseas and was required to download an (Android/iOS only) app, create an account and fill out a whole range of personal details simply for a health declaration.

It truly feels like public service management keep handing blank cheques to (probably Big 4) 'digital transformation consultants' to charge millions for project after shitty half-baked project, with no regard for whether actual improvements are being made.


I spent a year working in Melbourne, Australia a decade ago. I loved pretty much everything about the experience, except one thing: the "she'll be right, mate" attitude. I saw a fair bit of complacency. Strange experience.


Could you expand on situations you experienced it where it felt like a strange approach?

Being an Australian who worked in America for a bit, I felt like there was a facade of exceptionalism that was in fact just the same "she'll be right" attitude in different words. Everything was always "the best thing ever" or an "awesome job" even when it really wasn't. Different term but same outcome.


Melbournian that has worked in the US a little bit, and had similar experiences.

Mundane releases and improvements were presented with huge enthusiasm and fanfare.


I'm Scandinavian. I do share your feeling about american superlatives.

It's hard for me to mention concrete examples now (it's been a while), but I felt a general lack of wanting things to be better which felt really weird.


As an Australian I can relate to the "general lack of wanting things to be better".

I feel like 80% of what I've done in my work life (still living and working in Australia) has been trying to convince people to care about doing things better!

I feel like may be a bit of a generational thing around here? Seemed to be a lot of older managers and engineers who were very set in their ways, but it does seem a bit less so for younger people. Of course there are exceptions, happily I now finally work with more people who want to improve things and do things really well than I have for years and a couple of them are in that older generation.


The thing that non-Australians don't understand about this is that we spend our energy worrying about things that actually matter. What you may perceive as complacency, is ofttimes actually the observer being uptight when they don't need to be.

As an Australian, I struggle at times with Europeans et al who attach so much importance and stress to such insignificant things. Hence, she'll be right mate.


This is a good point.

I don't think "she'll be right" is hemmed in in complacency, it's just an acknowledgement that there are more important things to worry about.

Uptight foreigners (usually American or European) are incensed by the attitude.

And to be honest, there are far worse corporate behaviours and attitudes in Australia than "she'll be right"


True much of the time, but we can take it too far. For example, we should be very worried about the state of the Great Barrier Reef, but too many of us act like nothing is happening.


We "she'll be righted" the reef for so long that it's now "ah she's cactus. Ah well. No worries."


It's demonstrably worse imho out here on the west coast, the "she'll be right mate" mentality is rife here. Used to drive me crazy when I as a sysadmin. Get something barely running? Welp, great work, pats on the back, time to go home! I'd always want to test and tune things to ensure things could perform under load only to be told that "she'll be right". And she was, until things saw load and predictably crashed and people would run around like headless chooks blaming the network. Very pleased to no longer be doing that work.


What kind of company were you working for? I've lived and worked in Melbourne my whole life and complacency is not a cultural attitude of the location, but of specific companies.


Agreed - I work in Australia and I've worked with a lot of complacent people but a lot of very good people too. I thought the complacent people was just Sturgeon's Law applied to people who work in technology.


I saw the complacency in daily life, not at work (which was mostly remote to another part of the world anyway.)


That was my experience as well working in the US (Washington D.C.) I think it is a problem you will find anywhere.


Wait this kind of mediocrity isn’t common across IT elsewhere? What country are you from? I’d love to move there!


Would you please provide a translation for us Americans? Thanks.


If your house has a gas leak but it’s not too strong, she’ll be right.

If your bathroom faucet is leaking but it’s a drop an hour, she’ll be right.

If it’s bushfire season and you haven’t prepared for your house getting burned down, but it hasn’t happened in the last five years, she’ll be right.

Cynically, it’s shirking responsibility. Optimistically, it’s playing the odds.


I've never known anyone to leave a gas leak, and everyone I know would also get a leaking tap fixed (or do it themselves). I think you're exaggerating this aspect of Australian culture quite a bit.


I think the exaggeration was for humorous effect


Fair enough, it's more for an international audience who might take it as a totally serious assessment of Australian culture (if they care!). Can't keep the reputation of being too relaxed forever.


“She’ll be right”, meaning “it’ll be OK” describes one of the ways in which life in Australia and New Zealand differs from, say, the UK. It manifests in two ways:

- “It’ll be OK, don’t worry about it”, which leads to a more relaxed, less bureaucratic way of life.

- On the other hand, “it’ll do, don’t bother fixing/improving it”, which leads to things like New Zealand’s appalling housing quality.


Basically means, "it's good enough," or "don't worry about it."

It's also well-known as 差不多 (cha bu duo) in the Chinese-speaking world.


Here's my favourite example.

We were renovating an old 1920s house and wanted to replicate the timber/wood/plaster look on a wall that needed replacing. The timber was cut to a certain profile.

Went to the local builder supplies and asked about getting some timber cut to the profile of my sample. The guy behind the desk says:

"Whaddya wanna do that for? Just chuck a bit of gyppie up mate, she'll be right!"

Translation: Cover the wall with gyprock (sheet rock for Americans). Don't worry about making it look the same.

It's an attitude, an instruction and a lifestyle rolled into one thing. I got the timber cut somewhere else.


"She'll be right" is just "It will be alright, don't worry about it."

Often used when some issue is raised and no one thinks it's important. "This bridge has cracks in it..." "She'll be right!"

It isn't really an issue in the workplace though, depends on the company but most everywhere I have worked cared very deeply.


She’ll be alright = It will be fine, don’t stress.

Doing the bare minimum, with not a lot of TLC.

It makes for excellent work environments if you derive your joy and fulfilment from activities outside of work, but can be immensely frustrating if you want to deliver on quality (or expect quality delivered).


When somebody is fretting about something, usually unimportant, you can say, "Don't worry, it will be all right"


Forgetaboutit



Personally, as an Aussie, I don't have any massive gripes with MyGov specifically.

Bear in mind that it's mainly (only?) a portal to other departments (ATO, Centrelink, Medicare?).

I don't actually see why we're bothering to "upgrade" it at all, the mention of not being able to deploy a styling change, who gives a toss honestly, styling is way down my list for something like this.

When I had to get a MyGov ID for my son, it did the facial recognition off his passport (no idea if it would have allowed someone else...) fine, set it all up just fine in Covid lockdown so that's a +.

My main gripe is that unless you want their crappy app installed, the only MFA option is SMS, which as this audience knows is just not secure.


As an Aussie who has lived overseas for decades even the SMS option is not available to me as it requires you to have an Australian phone number.

You can't install the myGov Code Generator app without an Australian phone number either.

I haven't tried the myGovId app, which seems the best bet, as I'm scared it will fail and block what access I have to myGov now.

Also, for a long time the only way to change your myGov email was to set up a new myGov account. Ditto if you had the Code Generator app and lost your phone - though with the myGovId app you now have another avenue for recovery - provided of course that it doesn't crash, accepts your scanned documents and you actually have enough such documents to keep it happy.


Haven't tried this myself, but perhaps it might work overseas?

https://github.com/abrasive/mygov-totp-enroll


Considering the enormous and complicated design-by-committee standards [0] that the services are now all required to implement, it's a shocker when any part of myGov continues to even function. (Though it does have its fair share of unexpected outages...)

Especially when there's breaking changes [1] every two months or so.

[0] https://consumerdatastandardsaustralia.github.io/standards

[1] https://consumerdatastandardsaustralia.github.io/standards/#...


Part of the problem is that there's no real negative feedback in a government project. I've been attached to government work in the past, and the whims of the PMs change day to day because the people there were often just promoted to get them out of the way of another team.

There's no real leadership or technical ownership of the product, and I've found that the PMs will often just quickly blame the user for not using the software correctly rather than actually reflecting on why they may be getting that feedback.

The consultants may have fucked up, but they were only able to because the people in charge fucked up first.


Honestly it's not too bad. It does some clever things (like upload and scan a photo of your birth certificate for identity verification), and yes, for a lot of small tasks it saves you having to get on the phone and wait on hold for hours.

However, my birth certificate is from a small country hospital and in a non-standard format that it doesn't recognize, and now that myGov is the standard channel, it's so difficult to apply for anything. And I can't just .. be re-born at a different hospital .. so that the system will accept my application to become a chartered engineer.


You should be able to request a new birth certificate from Birth, Deaths and Marriages, which will come in the new format. That should save you a few headaches in the future, as well.


Although getting it from Birth, Deaths and Marriages may cause you a few headaches all of its own!


I had no idea, thank you.


Has paying Accenture, Deloitte and IBM tens of millions of dollars ever worked for anyone?


It's worked for Accenture, Deloitte and IBM


No, never. But we'll try again and next time surely it'll work!


To truely make it "MyGov" they need to open up the code base and start accepting PR's.



After a thorough security audit, please. I've been forced to put my personal data in there and I'd like to imagine it's not compromised yet.


"four-company panel was established to continue works on it, featuring Deloitte, Accenture, IBM and Arq Group."

"We’re supposed to be adopting an agile development methodology"

Ah yes the classic agile setup 2 week sprints where at the end of each sprint you rotate companies.


Season 3, Episode 3 of Utopia dealt with myGov perfectly. It's like the writers were actually in implementation meetings.

If you've never worked in or with government in Australia, I highly recommend checking it out. Then remember that the real thing is worse.


Internationally it's on Netflix but named "Dreamland" [1]

[1] https://en.wikipedia.org/wiki/Utopia_(Australian_TV_series)


Was working at DTA at the time on the digital identity work and the episode was painfully close to the bone.


The main thing I use mygov for is doing my tax, and it works fine. Given all the complaints I see here about the lack of a US government online tax app, we seem to be doing better in that regard, although I imagine the US tax landscape is much more complex.


90-day sprints, lol, who signed off on that?!


That’s just waterfall with extra steps…


Rice terrace development, maybe?


You misread the article. Deloitte was given a 90 day period to build a proof of concept which won them the follow-up contract.

I believe the project actually ran on pretty standard 2 or 3 week sprints.


Thats Agile, for Gov.


>Analysis of the Australian Tax Office's myGovID system<

Thinking Cybersecurity – A/Prof. Vanessa Teague (ANU) : https://www.thinkingcybersecurity.com

blogs and code on github : https://github.com/vteague

Twitter @VTeagueAus


Throwaway for obvious reasons.

While I didn't work directly on myGov, I knew quite a few people on the team that did (at all levels) and had a fair number of depressing pub sessions with them lamenting the entire project. This article doesn't say much that the people working on it weren't saying throughout the entire delivery.

I'm not going to defend the ludicrous cost of the project; we all know that outsourcing to private consultants to save money is a neoliberal pipe-dream up there with "trickle-down" economics. Many of the contractors for government agencies are former public sector workers who have been driven out by the laughably uncompetitive wages and the government's hostile attitude towards the APS.

And can you blame someone for leaving a job where they aren't supported and are mocked by the governing party in the media, when they can do essentially the same job with less bureaucratic oversight and twice the pay as a consultant or contractor? Why would they stay? A sense of civic duty? That's called "being a gullible c*nt" here in Australia.

The article even points this out:

> "Agencies are somewhat compromised by no longer having lots of these skills in-house."

No shit. Who knew systematically de-funding your own public service meant it would lose efficacy? Starve the beast[1] is a toxic political strategy that never should have made it across the pacific.

So that's why myGov is expensive; we're paying to support an entire ecosystem of middlemen. But if you want to know why it's a shit-show these quotes from the article point to (imo) the biggest cause:

> Responsibility for the "enhancement" of myGov was transferred from the DTA (Digital Transformation Agency) to Services Australia (formerly Department of Human Services/Department of Social Security) in late 2020

> "Individual agencies continue to do their own thing [...]"

MyGov was meant to integrate government services, but none of the agencies would actually expose a single endpoint for the myGov team to integrate. Months and months were spent just trying to get agencies to accept that for an integrated platform to work they would need to support a common authentication system. Doesn't leave much to do except polish the UI, does it?

This quote from the article literally made me laugh out loud:

> "What's so hard about making these improvements? I don't understand why it has taken that long and cost so much money to do that."

> The main goal of myGov was to integrate a range of government services from different departments seamlessly on the one platform. But the new beta version of the platform still doesn't do that effectively

The problem wasn't technical, it was institutional. The Australian tax payer just spent millions of dollars hiring consultants to try and herd cats. They weren't outsourcing for developers as much as they were outsourcing for mediators.

The DTA was meant to be the solution to digital integration of government agencies in Australia by setting up an internal government digital agency. But the large entrenched agencies (such as Services Australia) had no real incentive to listen to a word it said and every incentive to resist relinquishing control to it.

The agency is for all intents-and-purposes now dead. It's only remaining responsibilities are "advisory". Even the official design system inspired by the highly praised GOV.UK one was decommissioned practically before it got off the ground [2]

The myGov and DTA story isn't some simplistic private vs public sector issue. This is a fundamental culture issue within Australia (and it seems the whole anglosphere at the moment). No one is happy except the ministers and executives rorting record amounts of cash out of the system.

[1] https://en.wikipedia.org/wiki/Starve_the_beast [2] https://designsystem.gov.au/


The 2016 Census fiasco happened for the same reason - ABS didn’t have the skills to know how to commission and govern IBM’s work.


Of course, IBM's consulting record here isn't great generally. They were also behind the Queensland Health payroll system disaster too, which began as a contract for less than $10 million and ended up costing $1.25bn.


Turkey actually has a very good online portal [1] for a lot of interactions for the government. Anything from obtaining official letters to checking statuses of court causes, etc. can be done over it. Pretty decent iOS app too. Credit where credit is due. Wish the US had as decent of an online portal to all governmental things.

[1]: www.turkiye.gov.tr


I find it very annoying that to do your taxes yourself in Australia you must have an Android or iOS phone. There is no way to authenticate via the web or just sms on a dumb phone.


Are you meaning business taxes?

Personal tax is via mygov which is SMS 2FA.

Business tax (which I thankfully haven't had to do for a while) has always been "difficult", it was an awful Java applet for a while there.

Edit: I think I realise now my mistake, the new beta/govid looks to be following that path. So iOS/Android only. Old IDs still work for the moment though.


I was talking about business taxes and the business portal. I didn't realize personal tax was different.


This is really what a national ID card with smart card support was made for. PIV card readers are $10-$20.

https://playbooks.idmanagement.gov/piv/gettingstarted/

https://en.wikipedia.org/wiki/ISO/IEC_7816


Australians get really really antsy whenever the topic of National ID cards are brought up.

I don't think anyone really expects a new government from either side to spend political capital on one, especially given the focus on cost of living/inflation at the moment. (There's a federal election in just over 2 weeks time.)


My sister in law is a tax accountant so thankfully I still lodge through her by paper. I'd rather not have a MyGov account until absolutely required given my expectations of just how poorly that environment is configured and secured.


Last year it didn't need any 2FA for my taxes. Have they made it required now?


Yes, but if you linked before that then you don't have to update (for now).


It's been required for a while now for the mygov login?


They have to do somthing to prevent the epidemic of people paying taxes other than their own.


Stealing refunds is a problem in the US, because too much was withheld from many taxpayers.


Same with utilities... I swear I need to provide more PII to pay my utilities than to login to my bank account. Who's going around paying other peoples bills and how do I become friends with them?


Errr, is that new? I always use username/password/2fa via text message.


How so? I just logged in on Linux/Firefox with username+password+SMS-2FA?


Are we just going to ignore the equally ludicrous amounts being paid under these contracts??


As a complete outsider, half of the whole article reads like an Onion piece.


I set up my fathers ‘vaccination pass’ a few months ago. I had to link about 4 different services together, prove his identity twice, confirm email multiple times, navigate through the chain of services trying to talk to each other… I’m used to complexity as an engineer and it took me 20 minutes of headscratching to get it working. Insanity


The 2FA the site supports is either SMS or time-based token. According to them SMS doesn't work outside Australia, and having access to the site might be useful outside the country, so the time-based token seems the better choice.

Except they apparently decided that the standard TOTP apps like Google Authenticator weren't good enough for them. Moah bits better, or some such. Anyway, although it is a time-based token it isn't that time-based token and you have to install their app.

OK, we'll do that then. Carefully navigating past the almost identically named app with a similar icon that is for proving your identity to them, and trying not to think about all the user reviews saying myGov Code Generator doesn't work, we get it on our iPhone. Now, it doesn't work like any other TOTP app and read a QR code or have you enter a number. Instead, you have to enter your username and password into the app. [1] At this point, for me it just hung with a white screen. Exactly the same behaviour is described in the top listed review, from 2020, in the App Store, with no response from the developer [2].

This was a little scary: am I now locked out of my account? They won't help you get back in; you have to create a new one.

They also have you create a backup 2FA method (SMS) after you've logged in with the time-based token. This would be a little late if you got locked out after something went wrong on your first outing with the Code Generator app.

The linked video seems to have been improved since I tangled with the app. I don't remember at the time knowing it was possible to have both the SMS and app enabled for 2FA. It seems it's still not possible to have two apps enabled, on two different phones, for example to replace your phone. Bear in mind that there are residences in Australia with no mobile reception at all.

No doubt they had meetings in which they congratulated each other in devising a time-based one-time password scheme which is theoretically more secure than the usual TOTP. Never mind that both are adequate for the job, and the alternative is SMS. I wouldn't be surprised if someone got a conference paper out of it. I guess if the system is actually built by someone else, you can only get promotion and a pay rise by adding knobs to the specification. If the incentives valued robustness, they would have simply used the standard TOTP.

I think the biggest failing is that this problem has been all over social media, and is mentioned in the App Store reviews, but nothing has been addressed. According to the revision history at the App Store, it last got bug fixes in December 2017, with only edits to help text since then. The developers were nowhere to be seen in the Whirlpool thread or at the App Store.

In my opinion this crosses the line from incompetence to misconduct.

[1] https://www.youtube.com/watch?v=m-gf448FDFA [2] https://apps.apple.com/au/app/mygov-code-generator/id1305497...


> Deloitte, Accenture, IBM and Arq Group

I think I see the problem.


"Adobe also landed a $32 million deal to provide tech components"

They bought AEM didn't they?


Cream. Bad Company. The Power Station. Traveling Wilburys. Temple of the Dog.

I think we need a name for this supergroup as well ;)


Money Vampires Collective?


Sounds like something a McKinsey consultant would say.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: