Hey, there! Log in / Register

Twitter feed alerts you when new vaccination slots open up

Vaccinetime page

Dan Cahoon, a Cambridge software wizard, has spun up a bot that "scrapes" the state immunization site and posts alerts when new batches of Covid-19 vaccination slots open up, along with a link to the relevant shot spot's signup form.

On the one hand, it's great he did this (like the other sites people have done). On the other hand: Seriously, the state government of this alleged high-tech mecca has failed so badly at producing a decent sign-up system that the governor has to declare himself so pissed his "hair is on fire because of the latest problems?

Free tagging: 



If there was only someone at the top to take responsibility for the website failure. The governor could blame them.... Oh wait...


The state is now 6th in the nation for first shot vaccine injections. Baker has many, many faults but at the moment the state is doing a lot better than most.

The website crashing was predictable and avoidable. But as it's also something which will be back fairly soon. Demand far outstrips supply so as long as no doses are wasted, things are moving as fast as they can even if people need to wait a few more days before making a reservation.

If you want to blame Baker, you can question why the percentage of shots used is 80% and not 99%. You can also blame him for destroying the T, for vetoing the climate change bill, etc. Personally, I give him a pass on the website sucking. He's done much worse in areas he has a lot more control over.


That isn't Baker - that is second doses combined with restrictive requirements for transfer. Smaller facilites have to hang on to some for those for second doses because the minimal shippable and transferable quantities are 100 for Moderna and 975 for Pfizer.

So if a smaller facility got a box of Moderna for its staff, and they used 45 doses, they cannot ship back the rest and receive another 45 doses later for the second shot.

Pfizer boxes are 975 per, so even smaller hospitals need to keep the remaining 450 doses in the freezer for three weeks for the second round because that isn't shippable unless someone can use it all in 120 hours.

Played out over the state, this adds up to a lot of stranded vaccine - and it is yet another reason that the MA is shifting toward vaccination centers for the bulk of the vaccination, which works well for the bulk of the population.


This is why she's top three.

The website crashed because 10's of thousand of people flooded it.

Maybe he should have taken notes from Deval, and build his own piss poor website for a billion dollars.

Websites crash, including the one i'm currently on.


How was your snooze?

These days, there are ways to build Web sites that scale up in the face of unexpectedly large demand pretty much automatically. Three words: Amazon Web Services (or if you hate the Bezosphere, Microsoft and Google, and probably others, offer competing cloud services).

Yeah, this site does crash from time to time (most recently under what was basically the equivalent of a DDOS by a spammer who set a rapid-fire posting bot to try to post hundreds of posts pretty much simultaneously after I'd mistakenly approved his/her/its account).

But I'm just one non-techhead running a small-scale news site on a single leased server with no load balancing or mirrored databases, not an IT manager for one of the country's most allegedly technologically advanced states overseeing a life-saving Web site that I know tens of thousands of people will try to access at exactly 8 a.m. on a Thursday morning (because that's when my boss said at a widely publicized press conference the day before that the data would go live).


Why did the Patrick administration’s health care signup website crash? I mean, he had years to figure out which web giant to host it, no? I mean, you care to look back at what you were saying about the novel coronavirus 13 months ago? That’s less time than Baker had to get this thing up.

The first one, when we still had Romneycare, which worked fine more or less (it had some UI issues, I seem to recall, but it didn't crash). Admittedly, you still had to file some information (like tax info, I seem to recall) on paper.

But Obamacare was more complex than Romneycare (and the system was supposed to integrate with other federal databases, like the IRS's), and we hired the company building the federal Obamacare site to build the new site. And, well, we know what happened with the federal site and, perhaps not surprisingly, the state site had the same exact issues.

how modern websites work. Unless you're doing something completely insane like hosting it on your own hardware (which, as Adam points out above, was all the rage in 1999 but is not generally the way you go about doing it in the year 2021), when your traffic goes to 100K requests/second, you just push a button and spin up more instances of it to keep it from collapsing under the load. Failing to plan for load spikes (which: it's the vaccine for the deadliest outbreak we've seen in a hundred years, maybe someone could have anticipated that it would be popular?) in a brand-new web service isn't just "one of those things," it's gross negligence. It's like designing a bridge without planning for the weight of the cars that will be on it at rush hour. Whoever is responsible for this fuckup should be publicly shamed and relieved of his duties.


The state's sites have to follow many regulations regarding personally identifyable data.

I agree it could be better, but guess what special whiz kids: code like this is not secure to the standards set at state and federal levels.

It is easy to create a scraping algorithm ... now do it to these standards and suddenly it won't be so super quick.

Because we all know what people like you would say if the state built a super slick website, ignored the privacy and security laws and practices to do so, and everyone's personal information and medical issues got hacked.


I haven't looked... do the state's vaccine sites ask for Social Security no's? Ticket sites do take credit cards, name, address and phone no's, and sometimes birthdays.

Once you get far enough into the signup process, you are required to enter some personal data (phone number, address, health-insurance provider and subscriber number), but no SS number required.


...brings to mind the (not) good old days when I had to call whatever insurance company my job was using that year and ask them to issue new cards with new member numbers that were NOT the same as my social security number, thankyewverymuch...

First off, I'm at a loss to understand how exactly scraping the public websites of private companies for available appointments is supposed to violate privacy or be subject to regulation. Part of what makes this a hard problem for the state is that it's really not being run by them - the state only providers a gateway site to several of the various private entities that are providing the appointments, and that information (are appointments available? where are they located?) is neither private nor personally identifiable. You enter personal information with the clinic to make your appointment; the state never even sees it, so I fail to see what regulation this service would be subject to.

I work in tech, have for years, and what you have expressed is a common refrain about software development in the public sector, though I don't often see it expressed quite so derisively. It's also only partially accurate. Do these regulations and requirements slow down development? Of course. Do they slow it down to even remotely the degree that we see in most government and other public sector organizations? Absolutely not. A lot of this slowness and general crappiness can also be chalked up to a combination of a culture where the default position is to say "we can't do that", and a heavy reliance on vendors and refusal and/or inability to hire folks and build anything in-house. This leaves governments with a limited pool of (mostly crappy) vendors for software, for which there is virtually no competition, no incentive to improve it, and every incentive to price gouge. Many of these vendor contracts are heavily based on the technology provider being willing to say "yes, we assure you that we meet these standards". We pay for CYA. Encryption of private data both in transit and at rest, for one example, is a pretty common ask these days and there are many ways to accomplish this, but if you build it with in-house expertise using open source tools or whatever other building blocks you like, there's no one else to blame when something goes wrong. So, governments go with the crappy vendors which provide the same or lower quality of IT solution as could be built in house, but with the added bonus of being able to say "our vendor didn't deliver" when something goes wrong. Honestly, half of this stuff is built on technology so old that patching is no longer supported and it's security swiss cheese, but someone years ago said that this version of X software meet standards for government use, so here we are.

This is real shame several ways, not least of which is that we could really benefit from a "CCC for tech" - on-the-job and academic training; lots of new government technology, design and IT jobs for people; and with an end result of software that's secure to government standards, functional, and that's owned by us as a society and not by whatever vendor someone last picked. This would have trickle-down benefits for sectors like health care as well, which is subject to really similar standards in many cases.

So, you know, maybe "people like us" aren't entirely arrogant and useless?


It doesn't violate personal data regs because it is just pointing you to secure sites.

The problem is that the state cannot build such utilities or quickly build a high volume site that has to go through all the regulations on all ends - provider and user - because anything and everything is required to be far more secure.

Of course it does not help that state agencies dealing with health and human services have not received much funding for IT support or equipment in over a decade - talking serious crunch when XP boxes had to be taken out and most people having 32 bit Win 7 machines made in 2008-2010 with no mic inputs on their desks.

Why so many database commits (aka fields) before reserving a slot? Other than basic qualifications questions why are we asking for this information upfront? Reserve the time THEN ask for it. And it solves not just the Personally identifiable information (PII) issue but a performance issue.

I am WAY more concerned with having to create a separate Walgreens account for each individual that needs a vaccine. And Walgreens selling that marketing information.

But from a strict definition point of view? This is not PII. It gets into a fuzzy area that most companies restrict the combo but are not required to...

So they open eligibility up to a million people, for a website where if you successfully sign up, you won't die?

And they were surprised by demand?



Maybe he should help push the government's appointment scheduling software out of the snow with his talents.

has always sucked. This is nothing new. The fact that random individuals have to show the state how things could and should be done on a website will hopefully open the state's eyes at how bad its website is.


This bot will help technically minded, in-the-know people with smartphones scoop up all the early slots, wherever they are - exacerbating existing problems with poorer people getting shut out of their neighborhood sights.


Since I'm technically savvy and my mom is older, I'm using this to help her get an appointment. So far, no luck. The appointments are disappearing after I hit send on the text to my mom. Hunger Games people! The odds aren't in our favor.

I know this and have been actively reaching out to those who DO not know this since January. I call, I email and to date made sure the elders in my life are taken care of. These are not relatives I am helping.

I am also reaching back to my city high school classmates asking if THEIR parents are OK. Are their former neighbors OK?

Finally, I am reaching out to folks saying do you have high risk friends that need help? Have them contact me.

I encourage other people to do the same.

So can I assume there are job requisitions open in the State's IT groups or will these issues resolve themselves (and at the expense of some other projects)?

A coworker just pointed out to me "Cambridge software wizard" vs. "mom on maternity leave" and yeah.


Yes, she's also a software wizard. And she deserves full credit for that (although, in fact, I know she's a software wizard who works at Athenahealth because all the stories I read about her mentioned what she does when not on maternity leave).


the only problem i have with athena healthcare is that they send us hipaa e.d.i.-837 files in winzip format instead of in tarballs.
(i have nothing of value to add to this argument, i just wanted to sound smart.)

If only Twitter's SMS feature still worked. The whole cover up about their CEO being hacked and they still haven't restored SMS and completely ignore questions about it.

I check my phone regularly, but not twitter, and being able to get this on the SMS would be a lot more helpful.

By the time you got the text and responded to it, the appointments would be gone.

Last week's shipment has arrived in MA, days late, but it is here.

Vaccine is being distributed to sites today and tomorrow. Meaning: more available appointments should start popping up.

Watch for openings to appear during the weekend. Still may be too much of an e-scrum to book them, but progress nonetheless.

I knew it was going to be a disaster based on how poorly the Commonweath’s revenue generating DPL site is. And the Masstax connect site isn’t much better. I agree with Adam. It is embarrassing at best to have numerous tech failures for a state that bills itself as tech savvy/friendly.