Open Source / Software Development / Technology

We’ve Come a Long Way Since

22 Jan 2022 6:00am, by
programming diagram

This week, the Biden administration made at-home COVID tests available to the public through a couple of websites that allow each address to order four tests, to be delivered by the United States Postal Service (USPS). For the most part, the entire affair appears to have been a success.

A success, that is, at least when you compare it to the launch of eight years ago and when you define success as “not crashing under the wave of traffic.” Of course, if you define success as “being able to order a COVID test from the same address as someone else in a multitenant complex,” then, well….

Now, perhaps that is something you, as a developer, might consider to be a technical failure. But putting that aside for just a moment, we can marvel at how the government — that behemoth of inefficiency and technological ineptitude, as some might say — managed to put together a little website, over the span of a few weeks, that actually held up to the surge of usage (which one Reddit user clocked in at nearly 700,000 concurrent users, at one point, and possibly far exceeded that number).

The tale comes to us from software engineer Paul Smith, in a blog post that examines the architecture, which finds that the site was built using various Amazon Web Services (AWS) products, both an Akamai and AWS CloudFront content delivery network (CDN), AWS S3 object storage, and what he suspects to be an API gateway that is in front of a Lambda function.

While Smith has gleaned all of this information using some basic technological sleuthing, he also has a particular insight that he discloses in a separate article, where he looks at why works where stumbled. That is, he “was a member of the team that helped turn around” and is now a contractor working on with the Centers for Medicare & Medicaid Services. According to Smith, part of the reason everything worked out so well is because they kept it simple.

“What this means is that the site is designed entirely with well-known components that are proven to handle heavy loads,” writes Smith. “Clearly, the team managing this launch planned for outsized demand, well above what a typical government site experiences, and made technology choices accordingly.”

He compares the methods used here versus with, writing “Contrast this approach with 2013 and the era of the launch when the state of the art in government was to administer servers in private data centers with numerous moving parts and failure modes without the resources and experience to handle intense public demand and traffic.”

Of course, the user interface — and everything done on the website — is far less complex and demanding than the process required for signing up for health insurance. Nonetheless, it would appear that the government has learned some lessons about building websites since 2013. What’s more, it would seem that the site even managed to work no matter the device or browser, with it showing up and functioning on devices new and old, according to many. And if you can’t order using the website, for one reason or another (such as the aforementioned multitenant issue), the government turned to another form of technology instead: the telephone.

And if all of that doesn’t leave you impressed, there’s one final thing, as pointed out by an astute Redditor who found a little Easter egg. As a visitor from overseas, they received an error:

When decoded from base64, the error message translates to “Access main program. Access main security. Access main program grid.”

This Week in Programming

  • Getting Started with Generics & Fuzzing in Go 1.18: Go 1.18 is on the way soon, with a beta having been released last month, and with it arrives two new features: generics and fuzzing. While you can go out and install the beta and get playing with both features now, it might help to have a bit of guidance, so the Go team has released two new tutorials for Go 1.18 focusing on these new features. First, the tutorial on generics will guide you through creating a generic function that can handle multiple types, calling it from your code, and then discuss type constraints and how to write them for your function. For a bit more information, you can also check out the GopherCon talk about generics. Next up, the tutorial on fuzzing walks you through the process of diagnosing and fixing issues using fuzzing, having you write some buggy code and using fuzzing to find, fix, and verify the bugs using the go command.
  • Faker,js Gets Life Anew: Last week, we brought you the tale of the developer who decided to break his much relied upon JavaScript packages, faker.js and colors.js, in the name of taking on the man and spreading conspiracy theories. This week, it looks like a group of developers have forked Faker and rebooted it as a community-controlled project. For all the details, you can check out an update from the new team itself, which covers the various steps it has taken since forking the project, including putting together a new GitHub repo, releasing documentation, and doing “a TON of issue triage and many, many PR reviews.” As for colors.js, it doesn’t look like a similar effort has been organized, but it would appear that npm has continued to offer a reverted version of the library, with the original developer still locked out from accessing it.

  • Vue 3 Becoming Default Soon: The popular Vue JavaScript framework is making the switchover to Vue 3 in just a couple weeks time, and there are some changes to be aware of for all of you Vue developers out there. The changeover, which is scheduled for Monday, February 7, 2022, could include some potential required actions to avoid breakage, so make sure to give that a read. In the blog post, Vue creator Evan You discusses how Vue evolved from “just a runtime library” to “a framework that encompasses many sub-projects” that is “only possible because Vue is a community-driven project.” While the soft launch of Vue 3 took a little longer than hoped, You writes that “Outside of Vue core, we have improved almost every aspect of the framework.” The new Vue 3, outside of the new features detailed in the post, comes with new documentation and a new that “will provide updated framework overview and recommendations, flexible learning paths for users from different backgrounds, the ability to toggle between Options API and Composition API throughout the guide and examples, and many new deep dive sections.” For those of you using Vue, the blog post is definitely a must-read for all of the juicy and pertinent details.
  • GitHub Automates Scorecards for Open Source: GitHub announced this week that it would be helping to reduce security risk in open source software with GitHub Actions and OpenSSF Scorecards V4. This latest release of the V4 release of the Open Source Security Foundation’s (OpenSSF) Scorecard offers open source projects an automated security tool that flags risky supply chain practices. Now, GitHub has added a GitHub Action and starter workflow into the GitHub user interface and Marketplace, and projects using these tools will have the Scorecards Action automatically run whenever the repository changes, alerting developers about risky supply chain practices using the built-in code scanning. The results will automatically appear under the security tab for the project, showing whether or not the project is implementing the Scorecards project’s best practices. Public repositories get free access to CodeQL, the code scanning API, and 1,000 Actions minutes.
  • Playing Wordle as a Developer: Last up this week, a fun little blog post about enumerating Wordle combinations with an applicative functor. The blog post by Mark Seemann is, he writes, an “example of ad hoc programming” and “an example of how the applicative nature of lists can be useful when you need to enumerate combinations.” In essence, how do you codify the process of solving Wordle using, in this case, Haskell? Read on to find out one such attempt.