We’ve Come a Long Way Since Healthcare.gov
This week, the Biden administration made at-home COVID tests available to the public through a couple of websites that allow each address to order four tests, to be delivered by the United States Postal Service (USPS). For the most part, the entire affair appears to have been a success.
A success, that is, at least when you compare it to the launch of Healthcare.gov eight years ago and when you define success as “not crashing under the wave of traffic.” Of course, if you define success as “being able to order a COVID test from the same address as someone else in a multitenant complex,” then, well….
The fact I can't get free COVID tests bc I live in an apartment and my upstairs neighbor put in an order is an absolutely cartoonish design flaw in this rollout pic.twitter.com/NqW1OiOLIs
— Julian Randall AKA Intersectional Papi (@JulianThePoet) January 18, 2022
Now, perhaps that is something you, as a developer, might consider to be a technical failure. But putting that aside for just a moment, we can marvel at how the government — that behemoth of inefficiency and technological ineptitude, as some might say — managed to put together a little website, over the span of a few weeks, that actually held up to the surge of usage (which one Reddit user clocked in at nearly 700,000 concurrent users, at one point, and possibly far exceeded that number).
The tale comes to us from software engineer Paul Smith, in a blog post that examines the covidtests.gov architecture, which finds that the site was built using various Amazon Web Services (AWS) products, both an Akamai and AWS CloudFront content delivery network (CDN), AWS S3 object storage, and what he suspects to be an API gateway that is in front of a Lambda function.
While Smith has gleaned all of this information using some basic technological sleuthing, he also has a particular insight that he discloses in a separate article, where he looks at why COVIDtests.gov works where Healthcare.gov stumbled. That is, he “was a member of the team that helped turn HealthCare.gov around” and is now a contractor working on HealthCare.gov with the Centers for Medicare & Medicaid Services. According to Smith, part of the reason everything worked out so well is because they kept it simple.
“What this means is that the site is designed entirely with well-known components that are proven to handle heavy loads,” writes Smith. “Clearly, the team managing this launch planned for outsized demand, well above what a typical government site experiences, and made technology choices accordingly.”
He compares the methods used here versus with Healthcare.gov, writing “Contrast this approach with 2013 and the era of the HealthCare.gov launch when the state of the art in government was to administer servers in private data centers with numerous moving parts and failure modes without the resources and experience to handle intense public demand and traffic.”
Of course, the user interface — and everything done on the website — is far less complex and demanding than the process required for signing up for health insurance. Nonetheless, it would appear that the government has learned some lessons about building websites since 2013. What’s more, it would seem that the site even managed to work no matter the device or browser, with it showing up and functioning on devices new and old, according to many. And if you can’t order using the website, for one reason or another (such as the aforementioned multitenant issue), the government turned to another form of technology instead: the telephone.
The Biden admin has launched a phone line for Americans to order four free COVID tests per household, expanding availability to Americans who may not have internet access: 1-800-232-0233.
— Kyle Griffin (@kylegriffin1) January 21, 2022
And if all of that doesn’t leave you impressed, there’s one final thing, as pointed out by an astute Redditor who found a little Easter egg. As a visitor from overseas, they received an error:
When decoded from base64, the error message translates to “Access main program. Access main security. Access main program grid.”
This Week in Programming
- Getting Started with Generics & Fuzzing in Go 1.18: Go 1.18 is on the way soon, with a beta having been released last month, and with it arrives two new features: generics and fuzzing. While you can go out and install the beta and get playing with both features now, it might help to have a bit of guidance, so the Go team has released two new tutorials for Go 1.18 focusing on these new features. First, the tutorial on generics will guide you through creating a generic function that can handle multiple types, calling it from your code, and then discuss type constraints and how to write them for your function. For a bit more information, you can also check out the GopherCon talk about generics. Next up, the tutorial on fuzzing walks you through the process of diagnosing and fixing issues using fuzzing, having you write some buggy code and using fuzzing to find, fix, and verify the bugs using the go command.
"I came, I saw, I copied"
– me, on StackOverflow for the 3857th time today
— Carla Notarobot 🤖👩🏻💻 (@CarlaNotarobot) January 20, 2022
- GitHub Automates Scorecards for Open Source: GitHub announced this week that it would be helping to reduce security risk in open source software with GitHub Actions and OpenSSF Scorecards V4. This latest release of the V4 release of the Open Source Security Foundation’s (OpenSSF) Scorecard offers open source projects an automated security tool that flags risky supply chain practices. Now, GitHub has added a GitHub Action and starter workflow into the GitHub user interface and Marketplace, and projects using these tools will have the Scorecards Action automatically run whenever the repository changes, alerting developers about risky supply chain practices using the built-in code scanning. The results will automatically appear under the security tab for the project, showing whether or not the project is implementing the Scorecards project’s best practices. Public repositories get free access to CodeQL, the code scanning API, and 1,000 Actions minutes.
- Playing Wordle as a Developer: Last up this week, a fun little blog post about enumerating Wordle combinations with an applicative functor. The blog post by Mark Seemann is, he writes, an “example of ad hoc programming” and “an example of how the applicative nature of lists can be useful when you need to enumerate combinations.” In essence, how do you codify the process of solving Wordle using, in this case, Haskell? Read on to find out one such attempt.
Dev #2: "Oh cool, how'd you get that feature in?"
PR Commit Logs: pic.twitter.com/Gb0SI31zEE
— Nick Craver (@Nick_Craver) January 21, 2022