[HN Gopher] How I helped fix Canada's Covid Alert app
___________________________________________________________________
How I helped fix Canada's Covid Alert app
Author : todsacerdoti
Score : 136 points
Date : 2020-08-24 16:29 UTC (6 hours ago)
(HTM) web link (seancoates.com)
(TXT) w3m dump (seancoates.com)
| thefounder wrote:
| Nice to see it uses Go on the back-end
| burke wrote:
| > I'll be honest: I barely knew anything about the CDS and I
| expected some runaround from a government agency like this, and I
| was pleasantly surprised
|
| I'm one of the team that did the initial implementation of the
| server and iOS app before handing it off to the CDS for the
| latter part of implementation, and I've been really, really
| impressed with the CDS. They're a great model for what tech in
| government should look like.
| lwansbrough wrote:
| Actually the CDS was based on the Obama era model created in
| the US Digital Service. It's a great idea and I was pleasantly
| surprised to learn that the Canada COVID app (which is very
| well designed!) was created by them (well, and Shopify :) )
| ghostpepper wrote:
| I had no idea there was a Canadian Digital Service - I'm glad
| to hear that it not only exists but that it's a relatively
| efficient government organization.
|
| On a somewhat-related note: you wouldn't happen to be / know
| who is responsible for the BC CDC Covid results service, would
| you?
|
| I was disappointed to see this page, which asks for personal
| information including your PHN, served over HTTP.
|
| Not only that but there is actually a disclaimer saying it's
| fine to ignore the big red padlock because the iframe uses
| HTTPS (which is also technically not true as far as I can tell
| - the iframe _redirects_ to HTTPS though).
| tempestn wrote:
| I also noticed the BC CDC use of http and reported that to
| them a couple months ago. Nice to see I'm not the only one.
| burke wrote:
| Nope, sorry, no insight or connections there.
| danudey wrote:
| > I had no idea there was a Canadian Digital Service - I'm
| glad to hear that it not only exists but that it's a
| relatively efficient government organization.
|
| Canada is kind of... weird, in this regard. I knew about the
| CDS, and was on their mailing list (they talk about pretty
| neat stuff and it sounds like a neat place to work), so this
| didn't surprise me, but...
|
| So a while ago, we (the company I worked for at the time) had
| some servers hosted at a hosting company based here in
| Vancouver, though the servers were in Seattle.
|
| Well, we got an e-mail from our host, forwarding some
| automated e-mails that _they_ had received from the Canadian
| government (possibly the CDS, but I don 't think so)
| notifying us that we had open memcached ports (11211) on some
| of our servers.
|
| I went and checked the configuration, and sure enough we'd
| had a configuration error, where memcached would only accept
| one IP address to bind to, but our script had provided two
| (because the servers had an internal and external), creating
| an invalid config which was never deployed, so memcached was
| just listening on [::]:11211, and since it wasn't supposed to
| be open we didn't have any ACLs on the access routers. We
| fixed the configuration issue and switched to a default-deny
| policy and all was fixed, but it was surreal that an e-mail
| from the government was what tipped us off.
| bonestamp2 wrote:
| That's funny, and it reminds me of something we discovered
| too.
|
| We use bugsnag on many of our client web apps to catch
| javascript runtime errors and with one of our apps we
| frequently come across problems that reference javascript
| functions and variables that aren't ours.
|
| Sometimes it turns out to be a benign plugin, but in many
| of these cases it is a known virus or dangerous browser
| plugin that is trying to log keystrokes, mine crypto,
| extract banking info, etc.
|
| We have gotten to the point where we can often tell them
| which virus they have, how we know, and include removal
| instructions. Our app is very expensive so most customers
| are people who need our tools and use the app everyday,
| which means we can often tell them when they got the virus
| too. It's way out of scope for our role in their life, so
| it's a little bizarre for everyone involved, but the
| customers seem to appreciate it at least.
| Kluny wrote:
| I don't know a ton about the CDS, but at least one of their
| employees is a former coworker of mine from the VIP team at
| Automattic. He was team leader for a group that had EXTREMELY
| high customer satisfaction goals as its mandate. I see his
| influence here - or maybe they just hire people like him.
| scoates wrote:
| Yeah, my interactions with them were all great. Really
| refreshing.
| OJFord wrote:
| I haven't worked with either of them, but I'm British and
| similarly impressed with our GDS (G for Gov.) - this is
| interesting: https://www.publicsectorblogs.org.uk/2018/07/gds-
| across-the-...
| shaggyfrog wrote:
| I'm glad that the Canada COVID-19 contact tracing app is open
| source and available on GitHub, and I'm glad people can push
| fixes to it, but this kind of bug exists because it's using React
| Native unnecessarily, and dragging in a zillion dependencies.
|
| I don't see why both the iOS and the Android versions can't be
| fully native, besides a desire to have a single codebase. The
| apps aren't doing anything fancy, UI-wise. They are basically
| just integrating with the native contract tracing system
| framework on each platform.
|
| Dragging in React Native and its giant web of dependencies makes
| the codebase harder to audit and manage from a security
| perspective. It's also a product of Facebook, which is greatly
| concerning from a privacy point of view.
|
| I still have this app installed on my iPhone and I keep it up to
| date, but I really wish it was built differently.
| radicalbyte wrote:
| This is exactly what we're doing with the Dutch Contact Tracing
| app. Native apps.
|
| The workflow in our UI is larger than most and we support more
| languages (including right-to-left language). It's just not
| complex so - IMHO - it's a no-brainer to build the two out in
| parallel.
|
| We're also building it in the open and in English - come take a
| look here: https://github.com/minvws
|
| Disclaimer: I'm working on the server.
| jeromegv wrote:
| It was initially built by Shopify engineers and it's their go-
| to technology so I guess that's how it came about.
| mikewhy wrote:
| > but this kind of bug exists because it's using React Native
|
| Considering how this issue was from a package that isn't
| included with React Native, this seems like a bit of a stretch.
| kennywinker wrote:
| the native way of doing this on iOS would be
| `SCNetworkReachability` which is part of the built-in
| SystemConfiguration framework. That call requires the
| endpoint to check as an input - thus prompting the developer
| to think about if they are contacting an unnecessary third
| party.
|
| So while this isn't really the specific fault of react
| native, it does seem to me to be the fault of a non-native
| framework that encourages developers to use higher level
| abstractions rather than system frameworks.
| mikewhy wrote:
| The library in question did use that function, but without
| something set up at the endpoint, it's not very useful:
|
| > A remote host is considered reachable when a data packet,
| sent by an application into the network stack, can leave
| the local device. Reachability does not guarantee that the
| data packet will actually be received by the host.
|
| https://developer.apple.com/documentation/systemconfigurati
| o...
|
| More details in this issue: https://github.com/react-
| native-community/react-native-netin...
| advisedwang wrote:
| The desire to have a single codebase seems pretty reasonable:
|
| * Reduces development cost
|
| * Provides more consistency for users (simpler to document and
| explain)
| yoru-sulfur wrote:
| I used to work at CDS a couple year back, worked with both Tim
| and John (The people who responded to the GitHub issue).
|
| I'm glad to hear that his interactions with them were relatively
| without friction. A big part of what they're trying to do is lead
| by example for how modern software development can take place
| somewhere like the government (Taking a lot of cues from GDS and
| 18F).
| sgarrity wrote:
| Nice fix and nice write-up of the fix. A Canadian herough.
| canada_dry wrote:
| +1 @scoates.
|
| Next up, can you please help fix the broken "Alert Ready"
| Emergency Alert System!!
| rubatuga wrote:
| As a Canadian, many thanks to OP for removing unnecessary
| requests to Google!
| jszymborski wrote:
| Came here to similarly give thanks to this outstanding Canadian
| citizen.
| scoates wrote:
| simlevesque wrote:
| hey because of your post on r/biereqc I got great beers
| from Mondial de la biere thanks for that
|
| it's funny how small the world is
| kozmonaut wrote:
| OP is a fine man, thanks for doing your duty to Canada!
| ramshorns wrote:
| It'd be nice to see COVID Alert in F-Droid, or somewhere else
| that doesn't require nonfree dependencies.
| kozmonaut wrote:
| OP is a fine man, thanks for your duty to making this app better
___________________________________________________________________
(page generated 2020-08-24 23:01 UTC)