But because different systems have evolved differently over time, the schemas are different, and so transfers remain painful.
It's not even that. One thing I learned while working on a project that wanted to pull EMR data was that different hospitals could have their own schemas. One division in the hospital found that the standardized codes for what they were doing weren't robust enough and invented their very own coding system which was used in that single division of that single hospital and nowhere else.
Good luck translating that to any other coding system anywhere else.
I'm not sure I can even blame them for creating their own coding system. They're doctors who found that the tools available didn't meet their needs and found a solution. Down the line it makes data transfer more difficult, but is that something doctors should really be concerned about when they're trying to accurately record medical information about their patients?
The primary purpose of HL7 seemed to be enabling massive consulting hours clarifying the poorly-defined HL7 standard.
Which HL7 standard do you mean? V2 or V3? (So HIPAA can't be HL7 2.0, since HL7 is already up to 3.0.)
Or FHIR, the amazing new standard from the people who brought you HL7 that brings the amazing bewildering complexity of HL7 to you in a nice new XML-based format?
I worked on a project that wanted to take in a bunch of data from a hospital's EMR and essentially do some analysis on it. The project was canceled before we ever managed to get data out of an EMR because it turns out to be nearly impossible.
"But aren't there EMR data export standards?"
Why, yes, yes they are! Multiple ones, in fact!
Unfortunately, the formats are complex enough that basically every single EMR has the ability to format a perfectly standards-compliant document representing the exact same data in an entirely different way.
And that's ignoring that, as I recall, we discovered that ultimately the data we were looking for were entered into the hospital's EMR as PDFs. The EMR could locate the PDFs, but it didn't "know" the data they contained.
So I'm not at all surprised to learn that doctors are resorting to faxing records. It's almost certainly easier than trying to exchange them digitally.
They have a video. That's exactly what they do: they place the phone on two blocks of wood, and then have a machine apply a set amount of pounds of force to a bar placed across the middle of the phone.
About all their test tells you is that you shouldn't take Consumer Reports tests seriously if this is the kind of testing they're going to do. Especially because the people bending the phones weren't bending them straight in the middle, they were bending them right below the volume buttons. Which is also where their test phone's case actually breaks, even though the bend is down where they placed the bar.
Also make sure to remove/bin/sh, because (at least on my Mac, and I'm fairly certain I haven't screwed around with/bin) rather than have/bin/sh be a symlink or a hard link,/bin/sh is a copy of/bin/bash. Not sure why.
Right now, I think they're just blindly hitting web servers with headers set to exploit the vulnerability and hoping they get lucky. So less of a "scan" and more of a "spray and pray" type deal.
I think some versions of Apache shipped with a cgi-bin that contained a shell script as an example, so that would be another thing to try hitting first.
Well, Apache and literally every other CGI container since that's how CGI works: the HTTP environment (headers and various other stuff) is passed to the script being executed via specifically named environment variables.
I'm confused about how you can scan for vulnerable systems.
You and everyone else.
The attack surface is "anywhere you can influence the values of environment variables prior to bash being run." Where exactly is that? Well...
The easiest example of that are CGI scripts, where the web server will set environment variables to values that are taken directly from HTTP headers. If the CGI script is a bash script (why would you do that?) or ever happens to fork out to a bash script in any way (that's more understandable), it's vulnerable.
But that's just one example. Any place a remote value gets stuck straight into an environment variable and a bash script gets run is vulnerable. And people are almost certainly going to slowly find more and more places where that's the case.
If you just want to know if you're vulnerable, there are one-liners that will determine if you're still vulnerable, but since the first fix didn't, chances are, you very well could be.
No, they have two million players, not two million subscribers. There's a very important difference there.
Remember that the game has a free trial now. Inflating that player count is very easy.
Weren't they suppose to be announcing active player numbers recently? Notice how that never happened? Gee, wonder why.
The idea that a failed MMO from 2010 could someone be a competitor in 2014 while requiring a subscription is just so laughable I don't even no where to start. And, yes, I've played 2.0. They removed everything interesting from their horrible launch and ripped off as much of World of Warcraft as they possibly could. It's still not worth playing and the lack of active subscriber numbers bears that out.
Wildstar is still in flux because they managed to scare a ton of their original player base away but they're now working hard on earning them back. Destiny has already entered that wonderful "wait until the next patch" period where it's flat-out not worth playing until updated. (And how I wish Destiny players would stop whining about that, but that's a different issue.)
I notice you didn't bother mentioning ArcheAge, which is the current "big MMO" that's drawing a ton of players away from other MMOs. It sounds like it's the MMO that people wanted TESO to be. Could be interesting or could flame out in a couple of months. We'll just have to wait and see.
I'm not standing up for Apple... this was a stupid mistake. Didn't any of their beta-testers wear skinny jeans and keep it in the pocket? They should have realized the potential issue.
You know what, based on previous Apple stories, probably not.
Apparently Apple is so stupidly secretive about their new phones that when they beta test the new hardware, they require them to be in special "camouflage cases" to prevent outsiders from getting a sneak peak at the new phone.
So it's entirely possible that they literally never tested having the phone in a pants pocket the entire day without it also being in a rigid case that prevented the problem from happening.
Apparently this only affects iPhone 6/6 Plus phones.
I wonder what the chances are that they just accidentally forgot to include the drivers for the new TouchID sensor and the new cellular radios in those phones? Because that would be a truly hilarious QA mistake.
"What, we were supposed to try this on our flagship phone? Oops."
Wait, so iOS 8.0.1 prevents hipsters from unlocking their phones and from making calls?
And Apple is calling that a bug and pulling the update over that?
This sounds like the best version of iOS Apple has ever created! Why would they want to stop people from upgrading? Get iOS 8.0.1 out to everyone as fast as possible!
I just updated Cygwin to the latest, and yes, it's still vulnerable. (At least its bash-4.1.10-4 is, I suppose it's possible that the mirror I'm using is out of date.)
It would be nice if the article mentioned what browsers/plugins were vulnerable, wouldn't it? (And does this cover api.jquery.com or just the home page?) Although it wouldn't surprise me that they just don't know yet since jQuery is still investigating.
I'm pretty sure I'm up to date with everything, but...
According to the article, the library itself wasn't affected.
Plus most people don't use jQuery.com as a CDN. Instead jQuery recommends you use Google's CDN if you want to use a CDN for jQuery.
Of course, this is still bad - I visit jQuery.com fairly frequently to check the documentation. The article doesn't say what was required for the malware to run so I have no idea if I was vulnerable to it or not, but if it was dropped on all pages and not just the home page, I definitely could have been hit by it.
Options. Not everybody wants the same thing. Some people want a small phone that fits in their pocket. Others want a larger phone with a bigger screen.
Which is why Apple are giving people the choice between a larger phone, or an even larger phone. Because choices are important.
If you liked the original iPhone size, Apple has nothing for you. Because your choice isn't important. Whatever Apple says you want, that's what you get.
I can't help but feel like there are three very important words you've ignored: "under international law."
You can argue which is more justified from a humanitarian point of view, but under international law, we're invading Syria in exactly the same way Russia invaded Ukraine.
If I'm reading what the BBC is reporting correctly, we're exactly as justified under international law in attacking ISIL on Syrian soil as Russia was in helping Ukrainian separatists in Ukraine.
So either the US has to drop sanctions against Russia, or we're just giant hypocrites.
I know anything mentioning Obama makes people like you foam at the mouth, but since this guy was the Chief-of-Staff of a SUPER PAC and therefore not one of President Obama's aides
And if you honestly believe that, you may just be on Obamacare!
The X.0.0 upgrades are pretty well known for including slower/unoptimized drivers and code paths. Apple is usually in a hurry to get the release out the door and they don't do all the optimizations they should.
I remember ArsTechnica's review of iOS 8 confirmed that it's slower and has worse battery life than iOS 7 on every device that runs both except for some version of the iPod, weirdly enough. In some cases it was very slight, but iOS 8 was always worse.
They also warned people not to install iOS 8 on the iPhone 4S not only due to performance concerns but because the UI doesn't really fit on the screen. (Or something along those lines.)
So, sure, iOS 8 is a "pig," for certain definitions of "pig," and anyone who reads Slashdot (which posted the ArsTechnica article) should have been aware of that before upgrading.
Apple does realize that NFC isn't only used for payment systems, right? My camera can transfer pictures to a smart phone using NFC. It allows you to take high quality pictures of something and then post them straight to whatever social media you're using without going through a computer. It's a really nice feature when you're wandering around someplace photogenic and don't want to be limited to a cellphone camera.
Oh, right, Apple declared proper digital cameras "dead" in their iPhone 6 keynote. I guess that feature will never make it to iOS then.
Not to mention other types of data transfer that's possible with NFC like easily sharing contact information or things like that.
Slashdot Mirror
But because different systems have evolved differently over time, the schemas are different, and so transfers remain painful.
It's not even that. One thing I learned while working on a project that wanted to pull EMR data was that different hospitals could have their own schemas. One division in the hospital found that the standardized codes for what they were doing weren't robust enough and invented their very own coding system which was used in that single division of that single hospital and nowhere else.
Good luck translating that to any other coding system anywhere else.
I'm not sure I can even blame them for creating their own coding system. They're doctors who found that the tools available didn't meet their needs and found a solution. Down the line it makes data transfer more difficult, but is that something doctors should really be concerned about when they're trying to accurately record medical information about their patients?
The primary purpose of HL7 seemed to be enabling massive consulting hours clarifying the poorly-defined HL7 standard.
Which HL7 standard do you mean? V2 or V3? (So HIPAA can't be HL7 2.0, since HL7 is already up to 3.0.)
Or FHIR, the amazing new standard from the people who brought you HL7 that brings the amazing bewildering complexity of HL7 to you in a nice new XML-based format?
I worked on a project that wanted to take in a bunch of data from a hospital's EMR and essentially do some analysis on it. The project was canceled before we ever managed to get data out of an EMR because it turns out to be nearly impossible.
"But aren't there EMR data export standards?"
Why, yes, yes they are! Multiple ones, in fact!
Unfortunately, the formats are complex enough that basically every single EMR has the ability to format a perfectly standards-compliant document representing the exact same data in an entirely different way.
And that's ignoring that, as I recall, we discovered that ultimately the data we were looking for were entered into the hospital's EMR as PDFs. The EMR could locate the PDFs, but it didn't "know" the data they contained.
So I'm not at all surprised to learn that doctors are resorting to faxing records. It's almost certainly easier than trying to exchange them digitally.
You make a phone that can't be bent by being left in someone's pocket, so that if it is bent, it clearly was damage beyond the scope of the warranty?
They have a video. That's exactly what they do: they place the phone on two blocks of wood, and then have a machine apply a set amount of pounds of force to a bar placed across the middle of the phone.
About all their test tells you is that you shouldn't take Consumer Reports tests seriously if this is the kind of testing they're going to do. Especially because the people bending the phones weren't bending them straight in the middle, they were bending them right below the volume buttons. Which is also where their test phone's case actually breaks, even though the bend is down where they placed the bar.
Also make sure to remove /bin/sh, because (at least on my Mac, and I'm fairly certain I haven't screwed around with /bin) rather than have /bin/sh be a symlink or a hard link, /bin/sh is a copy of /bin/bash. Not sure why.
How does one automate such a scan?
Right now, I think they're just blindly hitting web servers with headers set to exploit the vulnerability and hoping they get lucky. So less of a "scan" and more of a "spray and pray" type deal.
I think some versions of Apache shipped with a cgi-bin that contained a shell script as an example, so that would be another thing to try hitting first.
Well, Apache and literally every other CGI container since that's how CGI works: the HTTP environment (headers and various other stuff) is passed to the script being executed via specifically named environment variables.
I'm confused about how you can scan for vulnerable systems.
You and everyone else.
The attack surface is "anywhere you can influence the values of environment variables prior to bash being run." Where exactly is that? Well...
The easiest example of that are CGI scripts, where the web server will set environment variables to values that are taken directly from HTTP headers. If the CGI script is a bash script (why would you do that?) or ever happens to fork out to a bash script in any way (that's more understandable), it's vulnerable.
But that's just one example. Any place a remote value gets stuck straight into an environment variable and a bash script gets run is vulnerable. And people are almost certainly going to slowly find more and more places where that's the case.
If you just want to know if you're vulnerable, there are one-liners that will determine if you're still vulnerable, but since the first fix didn't, chances are, you very well could be.
True, but generally security patches get backported to whatever the current Cygwin version is.
So the vulnerability is as of now fixed with today's 4.1.12-5, which isn't the latest version of Bash.
No, they have two million players, not two million subscribers. There's a very important difference there.
Remember that the game has a free trial now. Inflating that player count is very easy.
Weren't they suppose to be announcing active player numbers recently? Notice how that never happened? Gee, wonder why.
The idea that a failed MMO from 2010 could someone be a competitor in 2014 while requiring a subscription is just so laughable I don't even no where to start. And, yes, I've played 2.0. They removed everything interesting from their horrible launch and ripped off as much of World of Warcraft as they possibly could. It's still not worth playing and the lack of active subscriber numbers bears that out.
Wildstar is still in flux because they managed to scare a ton of their original player base away but they're now working hard on earning them back. Destiny has already entered that wonderful "wait until the next patch" period where it's flat-out not worth playing until updated. (And how I wish Destiny players would stop whining about that, but that's a different issue.)
I notice you didn't bother mentioning ArcheAge, which is the current "big MMO" that's drawing a ton of players away from other MMOs. It sounds like it's the MMO that people wanted TESO to be. Could be interesting or could flame out in a couple of months. We'll just have to wait and see.
I'm not standing up for Apple... this was a stupid mistake. Didn't any of their beta-testers wear skinny jeans and keep it in the pocket? They should have realized the potential issue.
You know what, based on previous Apple stories, probably not.
Apparently Apple is so stupidly secretive about their new phones that when they beta test the new hardware, they require them to be in special "camouflage cases" to prevent outsiders from getting a sneak peak at the new phone.
So it's entirely possible that they literally never tested having the phone in a pants pocket the entire day without it also being in a rigid case that prevented the problem from happening.
Apparently this only affects iPhone 6/6 Plus phones.
I wonder what the chances are that they just accidentally forgot to include the drivers for the new TouchID sensor and the new cellular radios in those phones? Because that would be a truly hilarious QA mistake.
"What, we were supposed to try this on our flagship phone? Oops."
Wait, so iOS 8.0.1 prevents hipsters from unlocking their phones and from making calls?
And Apple is calling that a bug and pulling the update over that?
This sounds like the best version of iOS Apple has ever created! Why would they want to stop people from upgrading? Get iOS 8.0.1 out to everyone as fast as possible!
I just updated Cygwin to the latest, and yes, it's still vulnerable. (At least its bash-4.1.10-4 is, I suppose it's possible that the mirror I'm using is out of date.)
It would be nice if the article mentioned what browsers/plugins were vulnerable, wouldn't it? (And does this cover api.jquery.com or just the home page?) Although it wouldn't surprise me that they just don't know yet since jQuery is still investigating.
I'm pretty sure I'm up to date with everything, but...
Wow you're dense.
I'm saying that what the US is doing in Syria is exactly equivalent to what Russia is doing in Ukraine.
Because, according to international law, it is.
The sanctions being imposed against Russia are for Russia taking literally the exact same actions the US is currently taking in Syria.
You can argue the relative morality all you want, but we're still, ultimately, invading a sovereign nation.
According to the article, the library itself wasn't affected.
Plus most people don't use jQuery.com as a CDN. Instead jQuery recommends you use Google's CDN if you want to use a CDN for jQuery.
Of course, this is still bad - I visit jQuery.com fairly frequently to check the documentation. The article doesn't say what was required for the malware to run so I have no idea if I was vulnerable to it or not, but if it was dropped on all pages and not just the home page, I definitely could have been hit by it.
Options. Not everybody wants the same thing. Some people want a small phone that fits in their pocket. Others want a larger phone with a bigger screen.
Which is why Apple are giving people the choice between a larger phone, or an even larger phone. Because choices are important.
If you liked the original iPhone size, Apple has nothing for you. Because your choice isn't important. Whatever Apple says you want, that's what you get.
I can't help but feel like there are three very important words you've ignored: "under international law."
You can argue which is more justified from a humanitarian point of view, but under international law, we're invading Syria in exactly the same way Russia invaded Ukraine.
If I'm reading what the BBC is reporting correctly, we're exactly as justified under international law in attacking ISIL on Syrian soil as Russia was in helping Ukrainian separatists in Ukraine.
So either the US has to drop sanctions against Russia, or we're just giant hypocrites.
I wonder which one Obama will pick? Hmmm...
I know anything mentioning Obama makes people like you foam at the mouth, but since this guy was the Chief-of-Staff of a SUPER PAC and therefore not one of President Obama's aides
And if you honestly believe that, you may just be on Obamacare!
The X.0.0 upgrades are pretty well known for including slower/unoptimized drivers and code paths. Apple is usually in a hurry to get the release out the door and they don't do all the optimizations they should.
I remember ArsTechnica's review of iOS 8 confirmed that it's slower and has worse battery life than iOS 7 on every device that runs both except for some version of the iPod, weirdly enough. In some cases it was very slight, but iOS 8 was always worse.
They also warned people not to install iOS 8 on the iPhone 4S not only due to performance concerns but because the UI doesn't really fit on the screen. (Or something along those lines.)
So, sure, iOS 8 is a "pig," for certain definitions of "pig," and anyone who reads Slashdot (which posted the ArsTechnica article) should have been aware of that before upgrading.
Which is why my new album consists of nothing but sounds in the 96kHz+ range. Go ahead and pirate that.
(And in the course of making that joke, I discover that the actual HD music format uses 192kHz as its ceiling. You win, audiophiles, you win.)
Apple does realize that NFC isn't only used for payment systems, right? My camera can transfer pictures to a smart phone using NFC. It allows you to take high quality pictures of something and then post them straight to whatever social media you're using without going through a computer. It's a really nice feature when you're wandering around someplace photogenic and don't want to be limited to a cellphone camera.
Oh, right, Apple declared proper digital cameras "dead" in their iPhone 6 keynote. I guess that feature will never make it to iOS then.
Not to mention other types of data transfer that's possible with NFC like easily sharing contact information or things like that.