by ahonhn on 5/5/22, 11:29 PM with 187 comments
by mianos on 5/6/22, 12:31 AM
The platform seemed to be based on some weird 'forms' based application builder when it was released ten years ago. It is flakey as hell. Ugly I can deal with, we have ebay and it still works fine, but even the most basic things you would expect, for example when you press tab the cursor to follow the order of forms on the page, does not work. Often when you submit a form the focus ends up on some text field.
The integration with other services, such as Medicare, barely work. I have spent endless calls on the phone to near useless support staff trying to get emails reset for old mother. The support staff are friendly but don't seem to have any ability to do anything but reset things that take several hours to complete.
The tax and business functionality is completely senseless. They got the paper forms designed in the 50s for batch mainframes and coded them into web forms. You have to do things like copy the same value into multiple fields marker T8 and T2. The instructions say just that: "Copy the value from T8 to T2". If you don't it fails.
The article mentions the huge problem with them having no in-house expertise so they bring in consultants. I work here in Sydney and I know, from first hand experience working with them, these large consulting companies have the same or less technical expertise. What they do have is huge sales teams and even larger teams of project managers. The odd technical person they have is spread across so many projects they are pretty much useless. They employ hordes of off-shore developers that are managed people with little or no clue about anything.
by TempestSA on 5/6/22, 12:30 AM
This. How can companies/governments still think that you can "outsource" IT, when technology is not only tightly integrated into the fabric of what a modern company is, but nowadays a solid technology capability sets the high performers apart from the laggards. It's just as ludicrous as outsourcing the HR, sales team or the executive office.
Unfortunately unlike in the real world where these companies will become uncompetitive and dissolve, we are stuck with our government and their outdated operating models...
by jkahn on 5/6/22, 12:34 AM
The hard part of the MyGov platform is the inter-department stuff, and I don't think that's a software issue, that's bureaucracy.
MyGov isn't perfect, but it's fine.
by sebast_bake on 5/6/22, 2:23 AM
I can only imagine how colossal the undertaking must have been. MyGov ties together our largest, most bureaucratic organisations. Imagine being tasked with such an project, building the web application is the easy part, you also need to convince a country's largest organisations to change how they operate.
Considering this, I'm actually surprised how good MyGov is.
by jiggawatts on 5/6/22, 12:32 AM
These places have some of the worst-run IT departments on the planet. I can say this with more than a little evidence. As a consultant, I've worked on over a hundred customer sites, all the way from tiny private companies up to federal government, including all three of those agencies. I've seen how IT is done at just about every state government office in my state, and two dozen in other states.
There just is no comparison. Centrelink especially is so fucked up that people think that I made up my stories about my experience there. It's crazy beyond belief.
The sheer scale of it is amazing. They have over 1K IT staff in one building, and spent $2B on a single software upgrade project! They have huge teams for obscure tasks that other large enterprises might have just one or two people doing. There are Big Name consultants everywhere. Direct vendor support, often flown in from the US, which is otherwise rare around here.
Despite all these people, money, and support, nothing works. Nothing. It's all broken. Everything. Every part. It's a sight to behold.
I wrote a report for them about a key security system where I pointed out that out of something like 50 settings, 47 were incorrectly configured. The only reason it "worked" is because the errors cancelled out. That is, it was incorrectly rejecting valid access, but another error meant that the rejection was being ignored. And so on.
Similarly, their core authentication system was supposed to be distributed and highly available, but the main architect put all of the servers into one rack, one on top of another. He said with a straight face that a product that is well known in the industry for its efficient wide-scale replication is "bad at replication" and only works if the "network cables are really short". He meant 30cm, not 3000km. A power outage took out all three "redundant" controllers, and so something like 80K staff spent several days staring at login prompts on their monitors for a few days.
I could go on, and on, and on. I have a whole collection of stories like that.
The most amazing part is that I was only there for a couple of months, yet this short time period yielded 8 of my top 10 horror stories from the field.
It's also the only workplace setting where I had ever seen a man cry. For work related reasons. Several men, on several occasions.
by somada141 on 5/6/22, 4:23 AM
Maybe having to queue up for 3h in the cold to be greeted by a grouchy underpaid public servant that would have you queue up again next week (the Greek experience) until you have to call some person you know to do basic things like renewing your passport has lowered the bar too much for me.
Let’s not forget software is hard in the best of environments and archaic governmental offices and processes aren’t exactly conducive to development velocity and quality
by tpmx on 5/6/22, 12:14 AM
by thrixton on 5/6/22, 4:51 AM
Bear in mind that it's mainly (only?) a portal to other departments (ATO, Centrelink, Medicare?).
I don't actually see why we're bothering to "upgrade" it at all, the mention of not being able to deploy a styling change, who gives a toss honestly, styling is way down my list for something like this.
When I had to get a MyGov ID for my son, it did the facial recognition off his passport (no idea if it would have allowed someone else...) fine, set it all up just fine in Covid lockdown so that's a +.
My main gripe is that unless you want their crappy app installed, the only MFA option is SMS, which as this audience knows is just not secure.
by shakna on 5/6/22, 12:18 AM
Especially when there's breaking changes [1] every two months or so.
[0] https://consumerdatastandardsaustralia.github.io/standards
[1] https://consumerdatastandardsaustralia.github.io/standards/#...
by tonfreed on 5/6/22, 2:01 AM
There's no real leadership or technical ownership of the product, and I've found that the PMs will often just quickly blame the user for not using the software correctly rather than actually reflecting on why they may be getting that feedback.
The consultants may have fucked up, but they were only able to because the people in charge fucked up first.
by aetherspawn on 5/6/22, 12:26 AM
However, my birth certificate is from a small country hospital and in a non-standard format that it doesn't recognize, and now that myGov is the standard channel, it's so difficult to apply for anything. And I can't just .. be re-born at a different hospital .. so that the system will accept my application to become a chartered engineer.
by simonw on 5/6/22, 4:25 AM
by macropin on 5/5/22, 11:56 PM
by n8ta on 5/6/22, 7:04 AM
"We’re supposed to be adopting an agile development methodology"
Ah yes the classic agile setup 2 week sprints where at the end of each sprint you rotate companies.
by fphhotchips on 5/6/22, 1:53 AM
If you've never worked in or with government in Australia, I highly recommend checking it out. Then remember that the real thing is worse.
by WatchDog on 5/6/22, 1:39 AM
by mhitza on 5/6/22, 12:09 AM
by Trouble_007 on 5/6/22, 3:53 AM
Thinking Cybersecurity – A/Prof. Vanessa Teague (ANU) : https://www.thinkingcybersecurity.com
blogs and code on github : https://github.com/vteague
Twitter @VTeagueAus
by throwaway-aogS8 on 5/6/22, 1:17 AM
While I didn't work directly on myGov, I knew quite a few people on the team that did (at all levels) and had a fair number of depressing pub sessions with them lamenting the entire project. This article doesn't say much that the people working on it weren't saying throughout the entire delivery.
I'm not going to defend the ludicrous cost of the project; we all know that outsourcing to private consultants to save money is a neoliberal pipe-dream up there with "trickle-down" economics. Many of the contractors for government agencies are former public sector workers who have been driven out by the laughably uncompetitive wages and the government's hostile attitude towards the APS.
And can you blame someone for leaving a job where they aren't supported and are mocked by the governing party in the media, when they can do essentially the same job with less bureaucratic oversight and twice the pay as a consultant or contractor? Why would they stay? A sense of civic duty? That's called "being a gullible c*nt" here in Australia.
The article even points this out:
> "Agencies are somewhat compromised by no longer having lots of these skills in-house."
No shit. Who knew systematically de-funding your own public service meant it would lose efficacy? Starve the beast[1] is a toxic political strategy that never should have made it across the pacific.
So that's why myGov is expensive; we're paying to support an entire ecosystem of middlemen. But if you want to know why it's a shit-show these quotes from the article point to (imo) the biggest cause:
> Responsibility for the "enhancement" of myGov was transferred from the DTA (Digital Transformation Agency) to Services Australia (formerly Department of Human Services/Department of Social Security) in late 2020
> "Individual agencies continue to do their own thing [...]"
MyGov was meant to integrate government services, but none of the agencies would actually expose a single endpoint for the myGov team to integrate. Months and months were spent just trying to get agencies to accept that for an integrated platform to work they would need to support a common authentication system. Doesn't leave much to do except polish the UI, does it?
This quote from the article literally made me laugh out loud:
> "What's so hard about making these improvements? I don't understand why it has taken that long and cost so much money to do that."
> The main goal of myGov was to integrate a range of government services from different departments seamlessly on the one platform. But the new beta version of the platform still doesn't do that effectively
The problem wasn't technical, it was institutional. The Australian tax payer just spent millions of dollars hiring consultants to try and herd cats. They weren't outsourcing for developers as much as they were outsourcing for mediators.
The DTA was meant to be the solution to digital integration of government agencies in Australia by setting up an internal government digital agency. But the large entrenched agencies (such as Services Australia) had no real incentive to listen to a word it said and every incentive to resist relinquishing control to it.
The agency is for all intents-and-purposes now dead. It's only remaining responsibilities are "advisory". Even the official design system inspired by the highly praised GOV.UK one was decommissioned practically before it got off the ground [2]
The myGov and DTA story isn't some simplistic private vs public sector issue. This is a fundamental culture issue within Australia (and it seems the whole anglosphere at the moment). No one is happy except the ministers and executives rorting record amounts of cash out of the system.
[1] https://en.wikipedia.org/wiki/Starve_the_beast [2] https://designsystem.gov.au/
by aemreunal on 5/6/22, 7:11 AM
[1]: www.turkiye.gov.tr
by jay_kyburz on 5/6/22, 12:04 AM
by n-e-w on 5/6/22, 12:50 AM
by 3np on 5/6/22, 1:29 AM
by joeman1000 on 5/6/22, 4:24 AM
by SulphurCrested on 5/6/22, 8:04 AM
Except they apparently decided that the standard TOTP apps like Google Authenticator weren't good enough for them. Moah bits better, or some such. Anyway, although it is a time-based token it isn't that time-based token and you have to install their app.
OK, we'll do that then. Carefully navigating past the almost identically named app with a similar icon that is for proving your identity to them, and trying not to think about all the user reviews saying myGov Code Generator doesn't work, we get it on our iPhone. Now, it doesn't work like any other TOTP app and read a QR code or have you enter a number. Instead, you have to enter your username and password into the app. [1] At this point, for me it just hung with a white screen. Exactly the same behaviour is described in the top listed review, from 2020, in the App Store, with no response from the developer [2].
This was a little scary: am I now locked out of my account? They won't help you get back in; you have to create a new one.
They also have you create a backup 2FA method (SMS) after you've logged in with the time-based token. This would be a little late if you got locked out after something went wrong on your first outing with the Code Generator app.
The linked video seems to have been improved since I tangled with the app. I don't remember at the time knowing it was possible to have both the SMS and app enabled for 2FA. It seems it's still not possible to have two apps enabled, on two different phones, for example to replace your phone. Bear in mind that there are residences in Australia with no mobile reception at all.
No doubt they had meetings in which they congratulated each other in devising a time-based one-time password scheme which is theoretically more secure than the usual TOTP. Never mind that both are adequate for the job, and the alternative is SMS. I wouldn't be surprised if someone got a conference paper out of it. I guess if the system is actually built by someone else, you can only get promotion and a pay rise by adding knobs to the specification. If the incentives valued robustness, they would have simply used the standard TOTP.
I think the biggest failing is that this problem has been all over social media, and is mentioned in the App Store reviews, but nothing has been addressed. According to the revision history at the App Store, it last got bug fixes in December 2017, with only edits to help text since then. The developers were nowhere to be seen in the Whirlpool thread or at the App Store.
In my opinion this crosses the line from incompetence to misconduct.
[1] https://www.youtube.com/watch?v=m-gf448FDFA [2] https://apps.apple.com/au/app/mygov-code-generator/id1305497...
by teh_klev on 5/6/22, 12:13 AM
I think I see the problem.