We've all heard about the problems with the Healthcare.gov website, but the problems are so fundamental, and the website is so deeply flawed, that the administration's rhetoric that "they're on it" is meaningless. The website violates the most basic and fundamental principles of web site development. The fix is simple: Insist that the Obama administration open up the code into a public repository, specifically, GitHub, and encourage developers to offer fixes. More on the specifics of what is wrong with Obamacare after the fold.
Although the website is very fundamentally broken in many, many ways, some of the things that are wrong with it should not have taken a week+ to fix. They are easy fixes, and would substantially change server performance. And yet, it's been 12 days since the site opened for business, and these basic issues remain.
I'll take a layman's approach to this. If you look into the source code of Daily Kos, you will see the dude with the orange flag at the mast head. This image is stored on the Daily Kos servers: src="/i/header/masthead/flagman.png" .
This is actually also a flawed approach. The images should be served by something called a caching server, known in the industry as a CDN. Every time a web request is made for that image, it forces the server to use its own resources. All of a site's "static" resources, meaning their images and other supporting files that don't go through routine change, should be stored on a CDN for two reasons.
One, the CDN is designed from a technical standpoint to handle massive amounts of traffic, and serve the images in a robust and, importantly, FAST manner.
Two, it reduces the load on the web server. If the server host charges for bandwidth then you are paying too much if you aren't also using a CDN. CDNs also charge for their services of course, but typically not nearly as much. Amazon Web Services, for example, ding you with traffic charges when you host your web site on their servers, which means you get hit with a small fee for every image served. Their CDNs charge, too, but it's not based on traffic. Instead, they charge about 12 cents per gigabyte of storage. Either way, the less you make your web server work, the better.
Now, the fact that Daily Kos does it the "wrong" way is really not a huge deal. I don't know the traffic numbers, but they aren't enough to really mess with my user experience. I would argue they should still move to a CDN, but I'm not here to evangelize CDNs. I'm also not here to trash the way the Daily Kos website is done. It's a nicely designed site that engages me, the user, and I'm pretty sure it was built with a little less than the $88 million or so that the government spent on the healthcare.gov disaster. In fact, when Daily Kos was redesigned, I liked it enough to buy the lifetime membership. So, it works.
As a side note, you will see that Daily Kos DOES store user-generated images onto a CDN. The screenshot graphic I included is stored at http://s3.amazonaws.com/... which is an Amazon S3 server. This is a good first step, but the image should also be fronted by Amazon's Cloudfront CDN service, which links the S3 image to their more robust CDN, but I digress.
Anyway, in the case of a website with millions of users like the government, especially one that is serving up dynamic data, meaning, form submissions, and lots of them in this case, there is no excuse not to use CDNs.
The government servers are getting hammered every day by these kinds of requests: "images/myaccount-registration-login.png", which probably brings the things to a screeching halt during times of high traffic.
The screen shot at the top of this page is taken from my computer when running YSlow, a tool created by Yahoo to help developers see what is making their web site slow. As you can see, the healthcare.gov site gets a grade of D. A lot of that is because of all the web requests made, but healthcare.gov doesn't even do such simple things as minify their supporting JavaScript or CSS files. JavaScript is the web language that helps the web page act more like software, and CSS is the language developers use to help give the site style, like cool fonts. Minimizing these files is trivial work. In fact, if you use an origin server services company like Cloudflare, they do it for you automatically. For free.
This is really appalling stuff for a site this large, where the contractor received anywhere between $88 and $93 million. Honestly, I could have done better with about 3 or 4 of my most talented colleagues, and it wouldn't have taken me 3 1/2 years. And for a lot less than $88 million.
Please note that I am barely scratching the surface of what is wrong with the site. Others have found a series of fundamental miscues. And these are just front end problems. One can only imagine what the back end code looks like. You know, the stuff that talks to their Oracle database.
For example, I am still trying to gain access to the site's health care package options, or, in other words, the marketplace. After verifying my account, I can't log in. And it took two days to "verify" the account. It basically now takes me in an infinite loop when I try to log in. I may be verified. I may not be. Who knows? Certainly not their apparently misconfigured Oracle clusters.
Without seeing the back end code, I can't begin to guess what is wrong, but I suspect what we call in the industry a lot of improperly handled multithreading issues. Multithreading is a process for handling different sets of users all trying to use a website application at the same time. If the code isn't written correctly, then when all those relatives of tea party nuts try to use the system at the same time, the system will break and not push data in and out of the Oracle database servers correctly and people like me will end up in a land of permanent Account-not-quite-established purgatory. Or, ANQE.
I can't even begin to imagine what the security issues are with this site if the misses are this obvious on the front end. Do they properly salt their passwords? Are there cross site forgery exploits hackers can take advantage of? You can bet that plenty of hackers are out there right now, working on this.
Obama was elected on the notion (to use one of his favorite words) of transparency. If Obama wants to be truly transparent, he should order Sebelius to push the code out to a public repository. Developers will flock to the site to help fix the problems with the site, because it's just what developers do. In fact, some folks have already begun to work on the front end issues I've described:
https://github.com/...
Of course, they don't have access to the actual code created by CGI Federal, the company that developed the original code, but they were able to grab the stuff that is exposed to the public and start the process of encouraging developers to fix the front end part of the code that we have access to.
As a point of action, there needs to be a way to push Obama into getting the code out in front of the public somehow. The Obama administration has been very fortunate indeed that most of the public's attention has been focused on the Republican shut down.
Now is the time to take some action. Please, help promote this idea however you can. Use the hashtags #crowdsource and #obamacare together, pass a link to this diary, start a petition. Whatever you can think of. This website is so bad it has a real chance of wrecking Obamacare. Maybe that's one reason Republicans aren't making a big fuss about it.
So, the ultimate goal is for the government to put the code on GitHub so that developers can fork the code and work on it. This just means that they grab the code and mess with it - they don't actually have access or the ability to change the real code - that happens through a process that CGI Federal (or better yet, a replacement) would manage.
If you're wondering about who I am and what the hell do I know, I was a software engineer at eBay and PayPal for eight years before starting my own website https://createamixer.com/ which gets a grade of B from Yslow with one developer and zero budget. That B grade will ultimately be fixed, but I'm only one person. I know how to improve it, but I just haven't had time yet. Given CGI Federal's budget, it would sure as hell not be a B. Much less a D.