Hacker Newsnew | past | comments | ask | show | jobs | submit | AndrewJajack's commentslogin

During the height of COVID, I was exploring the API design of the top-selling COVID tests on Amazon. Several had wildly unsecured APIs—sequential patient IDs but the results endpoint assumed knowing the “secret” patient ID counted as auth. Or just completely open GraphQL implementations, no different than a password-less db…

For anyone considering DIYing a diagnostics program, don’t. But I’m biased (I’m the founder of a YC-backed diagnostics as a service co: https://spotdx.com)


I was working for the NL government on COVID stuff and the only thing I can say is that it's a shame I'm under NDA. It changed my view of the tech industry and I feel silly for calling colleagues in the past out for what I consider inadequate practices. As all were far above the mean.


I am surprised there isn’t some law in NL that would allow you to expose it either to the public or maybe at least to MPs and not be bound by NDA.


Oh our apps were fantastic - an awesome example of what happens when you have top tier technical management combined with skilled technical people.

Only during the process you get exposure to a lot of other things (and a lot of that is not government).


Isn’t it almost, like, fiduciary duty to the public to disclose what is broken?


Pretty sure whistleblower protections would trump NDAs, but not in a public forum.


Weren’t CoronaCheck and CoronaMelder open source? I would have assumed plenty of people would audit them, but I don’t recall seeing any negative news (jokes on their availability aside)


Yeah they're open source and they're great (I worked on both). We put a lot of effort into making them into excellent examples.

My original post is referring to other things outside of the Ministry.. My role was deep and broad so I got to see a lot.


The fact that at-home tests had an API of any sort was already a major screwup IMO.


It's not necessarily a problem, you just have to be sensible about security practices. To be clear, at-home tests mean you collect the sample at home and then mail them in, not the test is run at home. (disclaimer, I work at Spot)


Spot (At-home lab tests via API) | YC W22 | https://spotdx.com

Spot provides everything needed to offer lab-analyzed diagnostic tests using at-home collection kits. Companies simply order tests via our API, and we handle the rest--the collection kits, the logistics, and the lab integrations. We shipped tens of thousands of tests last year and are on track to ship 2M+ this year.

Founding Engineer (Remote)

- We are looking for a full-stack engineer with a founder-like spirit to help us scale our tech and shape our engineering culture.

- Stack: React, Django, Postgres, AWS

- https://www.ycombinator.com/companies/spot-2/jobs/882lfvI-fo...

Operations Manager (Cincinnati, OH)

- We are looking for a jack-of-all-trades to own the physical side of things.

- “Stack”: people (kitting and fulfillment team), suppliers, labs, internal tools

- https://www.ycombinator.com/companies/spot-2/jobs/vGS4oEH-op...

Come join us in making at-home diagnostics affordable and accessible.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: