Saturday, September 8, 2012

Why Government software projects go wrong - Part 1

If you have been following the news then you might have heard about British Columbia's new Integrated Case Management System which is a complete disaster.  It turns out that the $180-million dollar system is completely unusable due to bugs and is exposing extremely sensitive data to unauthorized users.

So how did it get this way?  How did $180 million disappear down a hole with only a horribly broken system coming out the other side?  While I was not involved in this particular project I think I have a few ideas of what went wrong.

I think there are two culpable parties here, the government and the contractors.  Let's examine what the government side is doing wrong.

Poor Focus

If you've ever dealt with gathering requirements the first thing that happens is absolutely everyone is consulted on what they want the system to do.  So what happens is that a kitchen sink-full of requirements is drawn up.  Every single person from the politician selling it to his constituents, to the higher level directors, to the lady with too many cats in HR is asked to throw in their advice.  Funnily enough, end users are rarely consulted until the finished product arrives.

Now it's not bad that extensive lists of requirements are being drawn up but sadly that's where things end.  There is no prioritization or optimization.  So absolutely crucial requirements like 'must protect vulnerable data' and 'must be customizable to official ministry colour schemes' are of equal weight.  Countering this are the excessively detailed requirements like must use a 1024x768 display or must use technology 'X'.  Is it impossible to know if these requirements are truly firm or if they exist solely as a reaction to getting burned in the past.

This is the first major pitfall, by making all requirements equally important it is incredibly difficult to properly discern what truly matters and what can be skipped.  Where does the client derive value?  What are their major risk factors?  The end result is a hugely expensive, incredibly complicated system that doesn't properly address real concerns but does cover-off buzzwords in the contract spec.

Lack of planning

A big problem is the lack of planning.  Not at the department level but at a higher up level.  Often a project is stalled or delayed endlessly while waiting for a budget to appear.  So a competent provider is found and a plan of work is created and then... nothing.  The project languishes for months while waiting for a budget to appear.  This is a major problem for smaller ISVs who don't have a diversified revenue stream and can't wait around.

The US government has not passed a budget since 2009.  3 Years.  Agencies are limping along on continuing resolution and are unable to make any long term plans.  These agencies can't make long-term (ie, more than 4 months) commitments because they might be shutdown without warning

Finally, most government agencies think the clock to begin development starts when they talk to the vendor not when the contract is signed.  So ISVs are expected to bear the cost of speculative development in the hope that the agency will follow through.  Needless to say this drives up the risk to almost unbearable levels for most small ISVs and drives all the business to large ISVs.

No Oversight

Perhaps the most important thing lacking is proper oversight.  In the age of outsourcing governments are pushing larger and larger sections of work out to private business.  While this is fine, enough talent must be retained internally to be able to competently evaluate and monitor the progress of the project.  This person needs to be aware of the correct ways to keep tabs on software projects and determine actual progress of the development.

Software development is usually quite different from other development projects and very few people outside of the industry have the proper knowledge.  Common tools like Gantt charts and percentage done numbers are inappropriate measures but are expected to be used.  Without oversight it is very easy for the ISV to extract unreasonable amounts of money from the government by dragging out contracts.  Without a strong focus on the end goals projects can wander which is good for the ISV but not the client.

Even if the ISV isn't interested in milking the contract, internal forces can cause the project to wander.  Shifting political goals and management by committee prevent solid objectives from forming.  With shifting objectives it becomes incredibly easy for vast sums of money to be 'wasted' when goals are changed.  Pretty soon the project is late, over-budget, and of poor quality.


In the end, governments reap what they sow when they play games with new software development.  However, it would be wrong to lay the blame exclusively at the feet of government.  Next time I will discuss how the ISVs screw up projects on their end.

Sunday, June 10, 2012

American Netflix in Canada

American Netflix in Canada

Have you wanted to watch American Netflix elsewhere in the world but don't want to pay for a US proxy?  Turns out there is an easy way to do thanks to IPv6 and Hurricane Electric.

The process is really simple, sign up at http://www.tunnelbroker.net/ and create a regular tunnel.  Select the nearest end-point to you to get the best performance.  From there, follow HE's example configuration to get your IPv6 tunnel set up on your PC.



The downside to this is you will no longer be able to view your regional films in NetFlix until you disable the tunnel.

What's going on?

It turns out that web browsers prefer to use IPv6 over IPv4 when available.  By configuring an IPv6 tunnel you are being assigned an address from the upstream provider's pool.  If your provider is American then you will appear to be American.

 So when you connect to netflix.com you will come in over a US-provided IPv6 address.  Netflix will then attempt to geocode your address and it will determine that you are, in-fact, in the US.  This is the fundamental flaw in using IP address to determine where a person is located.  IPs do not correspond to a person's physical location.  At best, IPs can reliably tell you where the upstream provider is registered, but if they're providing service to people in Tonga and Britain you won't be able to tell them apart.

Monday, April 30, 2012

Introduction

There are many blogs on the Internet which discuss software engineering in very technical terms.  While I have found these incredibly useful professionally I don't think they really help people who are not completely steeped in the culture. 


I have found that many people seem to under-estimate the need for clear communication; at least in themselves.  What I am trying to cover is software engineering in a clear and concise manner.


Understanding is my goal.