I see this article was contributed by "anonymous reader." I suppose he doesn't want to take responsibility for bitcoin transactions! "Anonymous" sure has gotten a lot of attention lately!
If you lock your car, a skilled car thief can be inside in 15 seconds. Should you stop locking your car? No. Should everyone buy a high-security locking system? No. If somebody wants your car badly enough, they will get it. The lock just prevents casual theft.
Same with passwords. If somebody wants into your Citibank account badly enough, they'll find a way to get it, like just logging in as themselves and then changing the URL! Does that mean you shouldn't have a password? No. Should you use an ultra-complex combination of letters, numbers, and symbols? No.
I think password strength rules should be eliminated. It's not really about how strong the password is. If the system is built in a secure way (like locking you out after three bad attempts, etc.), any password will be good enough for most people.
You are correct, that is what HIPAA was supposed to be about. You are fortunate.
The problem is, it all depends on how the specific doctor or hospital interprets their obligations under HIPAA. Some of them are reasonable, but others grossly exaggerate the level of privacy required by the law.
In our business, we often have to read document after document just to try to understand the requirements. If WE have to do that, how in the world can a small doctor's office apply the law correctly? The truth is, they often make their best guess and hope the lawyers don't come after them.
I work in the electronic medical records industry, and I can tell you that HIPAA protects your privacy about as well as those multi-page "privacy policy" letters you get from your bank and other businesses...you know, the ones that tell you, in lots of fine print, that they will do whatever they want with your information.
Sure, HIPAA requires doctors and hospitals to get your consent before sharing your information with others. That's why, when you see a doctor these days, you have to first sign that consent form! If you don't sign, you get sub-standard care, or have insurance hassles...basically, you have to sign. So tell me how THAT helps anything!
What HIPAA DOES do well, is make it difficult for spouses (and other caring family members or friends) to find out what's going on with their loved ones when disaster strikes. It also costs hospitals and doctors tons of money to comply (I know, my company is the recipient of some of that money)...and that in turn drives up the cost of health care.
HIPAA may have been created with good intentions in mind, but it is a travesty and can't be repealed fast enough!
No, I'm not saying programmers are lazy. It's just that there is always tension between getting a job done, and getting EVERY detail right.
They ALSO are not always as knowledgeable as they should be. How many programmers know that in 1752, when the Julian calendar was replaced by the Gregorian calendar, September 2 was followed by September 14? How many programmers care? Why should they? Yet this arcane bit of knowledge could make a difference in some software that deals with antiquities.
Just as there are arcane bits of knowledge needed to make perfectly precise date calculations, the same is true of security considerations. Programmers should HAVE TO KNOW every possible arcane exploit in order to write good code. They framework/language should take care of this.
Is this because programmers learned from Y2K and changed their ways? Well, not exactly. Before 2000, most programming languages did not have a built-in date type, so programmers had to make their own, using either numeric or text fields. They didn't want to write ALL the code necessary to do ALL kinds of date calculations, so they just wrote the ones they needed, and these often ignored the first two digits of the year.
NOW programmers in nearly every language have handy date variables they can use, that perform date arithmetic easily and reliably. Programmers naturally use these date variables, because it makes their lives easier.
Today, it is difficult to incorporate good security practices into software. This is because we largely have to roll our own. We therefore write just enough code to do what we think we need, and we don't consider all the possible ways security can be breached. ONLY when the tools improve to the point that security comes automatically, will software, as a rule, be secure.
Sure, lots of software still has them. But Microsoft/Google/Mozilla are trying really hard to make us forget that menu bars ever existed, by replacing them with those stupid "ribbons" or with minimalist interfaces. Sure, with menus you have to sometimes hunt to find the thing you want. But with the ribbons, you still have to hunt...AND you have to try to figure out what all those little icons mean!
Parents! Teenagers are really bad at distinguishing between real and fake. They just click on anything that pops up to make it go away, and they click e-mail links because they look interesting.
Also, computer illiterates, especially older people. My brother-in-law bought something called "Win Anti-Virus" because he got spam telling him that his anti-virus software was out of date. He didn't realize that it wasn't "Norton" Anti-Virus, and that "Win Anti-Virus" is actually a scam.
If you look at spam victims as idiots who deserve to be taken, then I see your point. But if they are people you care about, things look a little different.
I miss those days too, in a way. But "simple" is a matter of perspective.
Today, if I want to write a simple data entry form, I can throw it together in a few minutes, and in a few more minutes, it will even look nice. I for one don't want to go back to slaving for days over a single screen, not to mention figuring out how to store and retrieve the data, or worry about how multiple users can access it at the same time! Back then, you had to make your own nuts, bolts, and screws. Now we have some real power tools!
Very nice reproduction, it's scary that I could actually get around on it. I just had to see if I could still write an old-fashioned BASIC program. Worked like a charm.
In those days, it was just us nerds who used computers. We just HAD to show everybody our little secret, didn't we! Now EVERYBODY's on the Internet!
Netflix to Cable: "We're not quite ready to take you out...yet. So we'll leave you alone for now. When we DO decide to take you on, it will be too late for you."
Way to go Netflix, you are playing the game very well. I'm betting on Netflix in this battle.
True, but Netflix is going to eventually force Comcast to lower their prices significantly.
As Netflix offers more TV programming, there may come a tipping point where you don't need Cable TV at all, you could just get all your programming from Netflix. THEN all you need is the broadband service + Netflix. Even though the broadband service might come from Comcast, you don't have to pay the exorbitant rates for the TV channels!
Scientists / engineers who love what they do are the ones who are the best at what they do. There are always jobs for those who are the best at what they do. You might have to move where the work is, but the jobs are there.
Too many college students choose science because they have been told that that is where the good jobs are. Those students often fail to stand out in the real world, and find themselves outsourced.
Another way to stand out is to work for smaller companies. The bigger the company, the less likely your skills will be noticed, and the more likely your job will be outsourced.
I too have had nothing but good customer service from Amazon. Twice I have had to return items that broke during shipment. Both were handled quickly and courteously. Yes, they do have actual people who will TALK to you about your problem. In one case, the replacement item got to my house just two days after I notified them of the problem, the same day I sent the broken one back!
Low prices, (usually) no shipping costs, no sales tax, great customer service...Amazon has earned MY business!
When hiring programmers, I have long believed that the best programmers completed their college degree because they need that to be considered for employment by most corporations. These excellent programmers come to college already knowing nearly everything they need to know about programming, what they get in school is mostly theory. They are just going to school to check off a box on their resume.
In fact, in considering a candidate for a programming job, I consider a master's degree in CS a strike against the candidate, and a PhD TWO strikes against the candidate. CS students who are good at real world programming usually can't wait to finish their degree so they can get out there and get a real job; students who are good at theory are the ones who get the advanced degrees.
If wonder if this has anything to do with Microsoft's recent inclusion of MSE in Windows Update. It's been a little while now since this happened, maybe it's starting to make a difference.
Of course government employees can type in "google.com" into the address bar and use Google (or whoever else) if they wish, but I would imagine most just enter things into the search bar.
You are giving government employees a lot of credit for intelligence, don't you think?
Somebody "texted" the Jeopardy "answers" to Watson. Watson's voice synthesis was very high quality, but it did NOT use speech recognition to understand the "answers." That requirement would have resulted in an entirely different outcome.
So, while Watson's ability to play the game at all was a great feat of software engineering, it wasn't quite a level playing field. It will probably be a while before we can really converse with computers.
Does Java software crash all the time because of this bug? No, of course not, that's one reason Java software is useful at all.
Like with any software, it is essential to prioritize bug fixes. You deal with the bugs that bite you, and save the rest for later.
This is a valid principle for anything made by people, not just software. Somebody might find out, for example, that if you subject a window to a specific frequency of sound, the window will shatter. So what! Don't do that! But...if burglars start going around with a device that emits this frequency, then it's time to come up with an antidote.
Java (like Mac OS) has enjoyed a relatively free ride, when it comes to malicious hackers. It's not that Java is somehow superior, it's just not been an attractive enough target. The fact that it is now being attacked is, in a way, a sign of its success.
Thin clients are great for situations where lots of users need identical environments. These days, people who do data entry need little more than a Web browser to do their work. It makes sense to use thin clients for that kind of work.
Developers, on the other hand, have to have a set of power tools for their work. These power tools don't perform well on thin clients, and can sometimes destabilize the entire server. Rebooting the machine, an task that can be frequent for developers, would disrupt work for everyone else working on that server.
We developers aren't pigs, it's just the nature of our work.
Agile is not just a methodology, it is an entirely different way of thinking about product development. Many classically-trained programmers simply can't make the mental shift.
I too lived through an unsuccessful switch to Scrum. In its wisdom, management instituted a "design sprint," followed by a "implementation sprint," followed by a "testing sprint," followed by a "debugging sprint," and so on. Sorry, that's just waterfall in agile clothing.
My current company successfully delivers software using true agile philosophy, in the form of iterative development. We have real customers with constantly changing requirements, and we generally satisfy those changing requirements (with a team of 4) in a matter of hours or days.
It can be done, but there is more to it than just "utilizing" an "agile process."
Slashdot Mirror
I see this article was contributed by "anonymous reader." I suppose he doesn't want to take responsibility for bitcoin transactions! "Anonymous" sure has gotten a lot of attention lately!
If you lock your car, a skilled car thief can be inside in 15 seconds. Should you stop locking your car? No. Should everyone buy a high-security locking system? No. If somebody wants your car badly enough, they will get it. The lock just prevents casual theft.
Same with passwords. If somebody wants into your Citibank account badly enough, they'll find a way to get it, like just logging in as themselves and then changing the URL! Does that mean you shouldn't have a password? No. Should you use an ultra-complex combination of letters, numbers, and symbols? No.
I think password strength rules should be eliminated. It's not really about how strong the password is. If the system is built in a secure way (like locking you out after three bad attempts, etc.), any password will be good enough for most people.
Blocking sites from Google search results is about the same thing as shutting them down completely.
Judging by how well they block spam in GMail, Google should be able to do a pretty good job of blocking bad Web sites.
I wish they had started blocking malware sites long ago!
You are correct, that is what HIPAA was supposed to be about. You are fortunate.
The problem is, it all depends on how the specific doctor or hospital interprets their obligations under HIPAA. Some of them are reasonable, but others grossly exaggerate the level of privacy required by the law.
In our business, we often have to read document after document just to try to understand the requirements. If WE have to do that, how in the world can a small doctor's office apply the law correctly? The truth is, they often make their best guess and hope the lawyers don't come after them.
I work in the electronic medical records industry, and I can tell you that HIPAA protects your privacy about as well as those multi-page "privacy policy" letters you get from your bank and other businesses...you know, the ones that tell you, in lots of fine print, that they will do whatever they want with your information.
Sure, HIPAA requires doctors and hospitals to get your consent before sharing your information with others. That's why, when you see a doctor these days, you have to first sign that consent form! If you don't sign, you get sub-standard care, or have insurance hassles...basically, you have to sign. So tell me how THAT helps anything!
What HIPAA DOES do well, is make it difficult for spouses (and other caring family members or friends) to find out what's going on with their loved ones when disaster strikes. It also costs hospitals and doctors tons of money to comply (I know, my company is the recipient of some of that money)...and that in turn drives up the cost of health care.
HIPAA may have been created with good intentions in mind, but it is a travesty and can't be repealed fast enough!
No, I'm not saying programmers are lazy. It's just that there is always tension between getting a job done, and getting EVERY detail right.
They ALSO are not always as knowledgeable as they should be. How many programmers know that in 1752, when the Julian calendar was replaced by the Gregorian calendar, September 2 was followed by September 14? How many programmers care? Why should they? Yet this arcane bit of knowledge could make a difference in some software that deals with antiquities.
Just as there are arcane bits of knowledge needed to make perfectly precise date calculations, the same is true of security considerations. Programmers should HAVE TO KNOW every possible arcane exploit in order to write good code. They framework/language should take care of this.
Y3K will never happen.
Is this because programmers learned from Y2K and changed their ways? Well, not exactly. Before 2000, most programming languages did not have a built-in date type, so programmers had to make their own, using either numeric or text fields. They didn't want to write ALL the code necessary to do ALL kinds of date calculations, so they just wrote the ones they needed, and these often ignored the first two digits of the year.
NOW programmers in nearly every language have handy date variables they can use, that perform date arithmetic easily and reliably. Programmers naturally use these date variables, because it makes their lives easier.
Today, it is difficult to incorporate good security practices into software. This is because we largely have to roll our own. We therefore write just enough code to do what we think we need, and we don't consider all the possible ways security can be breached. ONLY when the tools improve to the point that security comes automatically, will software, as a rule, be secure.
Actually, the final rule was published January 16, 2009. http://journal.ahima.org/2009/02/05/analyzing-the-icd-10-final-rule/
Many major EMR software systems, such as Centricity, are still not ready for ICD10, so there is nothing for providers to upgrade to yet.
It's not just about procrastination, it's also about government ineptitude and impossible mandates.
Sure, lots of software still has them. But Microsoft/Google/Mozilla are trying really hard to make us forget that menu bars ever existed, by replacing them with those stupid "ribbons" or with minimalist interfaces. Sure, with menus you have to sometimes hunt to find the thing you want. But with the ribbons, you still have to hunt...AND you have to try to figure out what all those little icons mean!
Who cares?
Parents! Teenagers are really bad at distinguishing between real and fake. They just click on anything that pops up to make it go away, and they click e-mail links because they look interesting.
Also, computer illiterates, especially older people. My brother-in-law bought something called "Win Anti-Virus" because he got spam telling him that his anti-virus software was out of date. He didn't realize that it wasn't "Norton" Anti-Virus, and that "Win Anti-Virus" is actually a scam.
If you look at spam victims as idiots who deserve to be taken, then I see your point. But if they are people you care about, things look a little different.
That analogy, and the explanation, were free (as in beer).
I miss those days too, in a way. But "simple" is a matter of perspective.
Today, if I want to write a simple data entry form, I can throw it together in a few minutes, and in a few more minutes, it will even look nice. I for one don't want to go back to slaving for days over a single screen, not to mention figuring out how to store and retrieve the data, or worry about how multiple users can access it at the same time! Back then, you had to make your own nuts, bolts, and screws. Now we have some real power tools!
Very nice reproduction, it's scary that I could actually get around on it. I just had to see if I could still write an old-fashioned BASIC program. Worked like a charm.
In those days, it was just us nerds who used computers. We just HAD to show everybody our little secret, didn't we! Now EVERYBODY's on the Internet!
Netflix to Cable: "We're not quite ready to take you out...yet. So we'll leave you alone for now. When we DO decide to take you on, it will be too late for you."
Way to go Netflix, you are playing the game very well. I'm betting on Netflix in this battle.
Next, a real-life Cow Clicker game, anyone?
http://www.bogost.com/games/cow_clicker.shtml
True, but Netflix is going to eventually force Comcast to lower their prices significantly.
As Netflix offers more TV programming, there may come a tipping point where you don't need Cable TV at all, you could just get all your programming from Netflix. THEN all you need is the broadband service + Netflix. Even though the broadband service might come from Comcast, you don't have to pay the exorbitant rates for the TV channels!
Scientists / engineers who love what they do are the ones who are the best at what they do. There are always jobs for those who are the best at what they do. You might have to move where the work is, but the jobs are there.
Too many college students choose science because they have been told that that is where the good jobs are. Those students often fail to stand out in the real world, and find themselves outsourced.
Another way to stand out is to work for smaller companies. The bigger the company, the less likely your skills will be noticed, and the more likely your job will be outsourced.
I too have had nothing but good customer service from Amazon. Twice I have had to return items that broke during shipment. Both were handled quickly and courteously. Yes, they do have actual people who will TALK to you about your problem. In one case, the replacement item got to my house just two days after I notified them of the problem, the same day I sent the broken one back!
Low prices, (usually) no shipping costs, no sales tax, great customer service...Amazon has earned MY business!
When hiring programmers, I have long believed that the best programmers completed their college degree because they need that to be considered for employment by most corporations. These excellent programmers come to college already knowing nearly everything they need to know about programming, what they get in school is mostly theory. They are just going to school to check off a box on their resume.
In fact, in considering a candidate for a programming job, I consider a master's degree in CS a strike against the candidate, and a PhD TWO strikes against the candidate. CS students who are good at real world programming usually can't wait to finish their degree so they can get out there and get a real job; students who are good at theory are the ones who get the advanced degrees.
If wonder if this has anything to do with Microsoft's recent inclusion of MSE in Windows Update. It's been a little while now since this happened, maybe it's starting to make a difference.
http://it.slashdot.org/story/10/11/05/205256/MS-Adds-Security-Suite-To-Update-Service-Antivirus-Rival-Objects
Of course government employees can type in "google.com" into the address bar and use Google (or whoever else) if they wish, but I would imagine most just enter things into the search bar.
You are giving government employees a lot of credit for intelligence, don't you think?
Somebody "texted" the Jeopardy "answers" to Watson. Watson's voice synthesis was very high quality, but it did NOT use speech recognition to understand the "answers." That requirement would have resulted in an entirely different outcome.
So, while Watson's ability to play the game at all was a great feat of software engineering, it wasn't quite a level playing field. It will probably be a while before we can really converse with computers.
Does Java software crash all the time because of this bug? No, of course not, that's one reason Java software is useful at all.
Like with any software, it is essential to prioritize bug fixes. You deal with the bugs that bite you, and save the rest for later.
This is a valid principle for anything made by people, not just software. Somebody might find out, for example, that if you subject a window to a specific frequency of sound, the window will shatter. So what! Don't do that! But...if burglars start going around with a device that emits this frequency, then it's time to come up with an antidote.
Java (like Mac OS) has enjoyed a relatively free ride, when it comes to malicious hackers. It's not that Java is somehow superior, it's just not been an attractive enough target. The fact that it is now being attacked is, in a way, a sign of its success.
Thin clients are great for situations where lots of users need identical environments. These days, people who do data entry need little more than a Web browser to do their work. It makes sense to use thin clients for that kind of work.
Developers, on the other hand, have to have a set of power tools for their work. These power tools don't perform well on thin clients, and can sometimes destabilize the entire server. Rebooting the machine, an task that can be frequent for developers, would disrupt work for everyone else working on that server.
We developers aren't pigs, it's just the nature of our work.
Yes, they did it wrong.
Agile is not just a methodology, it is an entirely different way of thinking about product development. Many classically-trained programmers simply can't make the mental shift.
I too lived through an unsuccessful switch to Scrum. In its wisdom, management instituted a "design sprint," followed by a "implementation sprint," followed by a "testing sprint," followed by a "debugging sprint," and so on. Sorry, that's just waterfall in agile clothing.
My current company successfully delivers software using true agile philosophy, in the form of iterative development. We have real customers with constantly changing requirements, and we generally satisfy those changing requirements (with a team of 4) in a matter of hours or days.
It can be done, but there is more to it than just "utilizing" an "agile process."