The article appears to describe two different products, a "light tube" similar to a Solatube and also a prism-glass window. I believe it's the prism window pictured.
It's a good idea, and a pity that it's so expensive. Hopefully the cost will come down again in time.
Even to this valley native it's clear that there is good cause to have different rules for the different geographic areas of the state.
Studded tires are a great example. In my opinion, they should be made permit-only for any vehicle registered at an address at less than 1000' elevation, with a gratis automatic permit for any address at or over 1000'. But I guess that's too easy for the legislature.
"That's actually pretty reasonable to guard against, and given that the laptop would presumably be locked, someone would need to be alone with it for an extended period of time."
Oh, I dunno. Unless you're using an encrypting drive, worst case - for the attacker - is long enough alone with it to physically pull the hard drive, clone it, and button the case back up. A couple hours tops, for a well-rehearsed operation. (How good is the laptop's security while you're asleep?) A better case is to boot it in firewire target mode, snarf up the relevant files for analysis and/or execute a scripted keylogger install. Or if you're really paranoid, maybe you'd wonder if they can just pop in bootable media and install a custom keylogging bios (crafted just for your machine) in five minutes flat. Hard to say.
Of course all these attacks have countermeasures - bios passwords, drive passwords, no firewire, truecrypt, keeping the laptop under your pillow at night - but to be really thorough would be pretty inconvenient, and still wouldn't protect against simple theft of the whole laptop for leisurely analysis of past secrets.
"A laptop can be had for less than that plane ticket, so you don't have to take that particular one overseas."
So you're leaving the one with the actual secrets on it back in the office, then? See above.:-)
"If so, you have to assume that the other end of the connection is probably much more thoroughly bugged physically than either of their computers are electronically."
True. But if you assume that level of surveillance on the other end, it wouldn't be safe for your client to use a computer there either, would it?
As has been said often by people much smarter than I, "security is hard".
I love S/MIME, and it's great for practical commercial security. It's good enough for the exchange of HIPAA-protected data, IMHO, and I'm kinda paranoid about that.
But if I were up against an intelligence agency, I would not trust S/MIME. (Nor PGP, for that matter.)
"But instead of talking about the technological solutions, the lawyers fly half way across the world to meet with their clients. In fact, nowhere in the article is encryption even mentioned. Is it possible that lawyers don't even know about PGP?"
When you're up against the FBI, CIA, and NSA - which he presumably is - even PGP is not good enough. S/MIME? Forget it*.
PGP is a great way to protect messages in transit. But the problem here is not the security of the message in transit, it's the security of the message at every stage from composition to delivery, in both directions.
For example: Is the lawyer confident that his own laptop is private? He shouldn't be. Barring the laptop remaining in his sight at every moment from the time he took the case until this moment, there's the possibility that a sneak-n-peek has compromised his private keys, or that someone has even installed a keylogger. And did you notice that even the Ninth Circuit has now allowed laptops to be searched by border guards without evidence of a crime?**
Now consider that the lawyer's own laptop is probably the more secure end of the connection.
No. PGP is not good enough. In a case like this, he's right to do everything live and in person.
[*: The NSA is in a position to monitor S/MIME certificate exchanges with your key authority. Willing to bet your client's life or freedom that they can't they break the key delivery session?] [**: '"We are satisfied that reasonable suspicion is not needed for customs officials to search a laptop or other personal electronic storage devices at the border," Judge Diarmuid O'Scannlain wrote (PDF) for the unanimous panel.' And this from the most liberal federal circuit.]
"It's been a lot of trial and error. As it is now I've probably got $2,000 worth of parts on it, but about $10,000 total has gone into it because I'd buy a $200 part that didn't work, then go to a $300 part that didn't work before finding a $50 part that did," he said.
An early version based off the drive system of a lawn mower failed quickly, sending Foster and his cohorts to studying the hydraulic systems of Bobcat-style construction equipment.
It was a step in the right direction, but still there were problems. Two more drive systems failed, and it took four major alterations to the tread to keep the tracks from slipping off the drive wheel."
Damn. You know, I thought that article said he was an engineering student. Remind me not to use any of his bridges.:-)
Turns out that not only was it a hoax, it was a hoax with a purpose. Police just arrested a couple for stealing some saddles from the man's garage a few days before the hoax, reselling them, and perpetrating the hoax to cover the theft.
I caught a speech he did on the Quicksilver promo tour. To summarize and oversimplify what he said, apparently his hands can type faster than his brain can generate good prose. By switching to handwriting, he slowed his output rate to more closely match his composition rate. IIRC he said that the result was a much more polished first draft.
Work is sending me to a class there, so in that case I'd be in trouble for not going to Vegas. If it happened while I was there, I would of course be in trouble with my wife for not getting back on schedule. So please, no strikes!
"IBM's Rob Weir has done a study on how many flaws were addressed by the OOXML Ballot Resolution Meeting. So far, using a random sampling technique, he has yet to find a flaw [...] there were no mistakes on [...] the [...] pages he reviewed."
Why Hybrid? Regenerative braking. Since it's a tad difficult to convert recovered braking energy into diesel fuel, some other energy storage device is needed.
The Air seems to be a prestige product, like a V12 BMW. Almost no one really needs it, but quite a few people will pay a premium price because they think they do.:-) It's a pretty little thing, though.
It so happens that I unpacked and set up a few Fujitsu Lifebook T2010 convertible tablets yesterday. Handling those makes the tradeoffs Apple made with the Air really obvious. The little Fujitsu is slower, cheaper, larger, and heavier... but not much slower, larger or heavier, and not all that much cheaper. They obviously didn't minimize on ports, as it has 2xUSB2, Gig-E, Firewire, headphone, mic, and VGA ports; slots for PCCard, Smartcard, and SDCard; a fingerprint reader, a Wacom touchscreen, and almost twice the battery life. On the other hand, it only has a/b/g wireless and it doesn't come with OS X or integrated multitouch, and it is not much of a looker.
Apple clearly optimized for different requirements than Fujitsu did. I'm sure the Air will fly off the shelves, but it's not for me.
"But projects for actual patient records keep failing."
As a statement of simple fact, this is true. As an emotionally-loaded blanket condemnation of EMR systems, this is bullshit: it fails to mention that projects for actual patient records also keep succeeding.
I'm a technical guy working in a midsize primary care clinic.
We've been on EMR since late 2000. Yes, there was resistance to EMR, but not because of the nefarious motivations you postulate. It was more that the older providers had been practicing with paper charts for twenty years, and there was a lot of inertia to overcome. The computer-friendly providers were enthusiastic, the computer-averse ones were resistant. (Add to that the fact that we tried to go wireless from the start, and the state of 802.11b in 2000-2001 was pretty hideous.) But by the end of 2002, even our most reticent provider actually shuddered when I suggested he go back to paper charting.:-)
I concur with 8KidsCronie above: In order for an EMR to succeed, it has to be customizable by the end users to closely match the way their clinic works. This is not optional. EMR rollouts are hard even if things go well and most docs are on board. Our clinic was wise in its EMR choice and my predecessor did a wonderful job of managing the clinical customization process, so our rollout was relatively painless. That said, it was still a painful transition for at least six months, and the transition of all processes was not substantially complete and painless for a year. It's important to manage expectations so no one will be tempted to write off the project prematurely.
" Doctors prefer paper records that cannot be efficiently mined for malpractice lawsuits."
This is also bullshit. Patient privacy laws make such postulated data mining projects basically impossible for anyone who does not have legitimate access to the data. In practice, the only people who could manage it - without an existant, specific malpractice complaint in play in the courts - are internal clinical QC people for pretty large provider groups or hospitals tasked with policing their own providers. (And I think most everyone would regard that as a good thing, especially most physicians.)
Your friend seems to have a lot of dire fantasies, and does not strike me as a reliable source.
At least in the US, HIPAA says the contents of your medical record are yours, and the healthcare provider is a custodian of that data. That said, there are some caveats.
* Not all data in an EHR system relating to you is actually part of your medical record. There may be - probably is - some internal clinical communication attached to your chart in the course of clinical operations. Basically an EHR system usually tracks both your record and the providers' own record about you. These different classes of data are pretty straightforward to distinguish most of the time; you own the former and you don't own the latter.
* Providing you with a copy of your record has some cost, and custodians of records are allowed to recover reasonable costs from you to cover those expenses.
* Some data about your records may be disclosed as necessary for Treatment, Payment, or healthcare Operations; these disclosures are limited to the minimum necessary and (generally speaking) are also limited to other entities coveredby HIPAA.
* The government can get what it wants, when it wants, and you and your records custodians have f--k all to say about it.
Within those broad costraints, though... it's yours and your provider should treat it as such.
How mainstream are SAE bolts? How mainstream is 18 gage 304 stainless sheetmetal? How mainstream is a CR2016 battery?
Standardized and well-understood components save a vast amount of effort in other engineering fields and help produce results that are more easily verified to be good.
Why not apply the same approach to software engineering? Isn't that the greatest promise of open source?
Is it really a good idea to make a hard drive the size of mycobacterium tuberculosis? I'm just sure I'd lose it before I figured out how to plug it in.
Slashdot Mirror
Catwoman.
Given the [spoiler] of Bruce Wayne's romantic interest there's a nice big story opportunity for a more available female interest/nemesis.
The article appears to describe two different products, a "light tube" similar to a Solatube and also a prism-glass window. I believe it's the prism window pictured.
It's a good idea, and a pity that it's so expensive. Hopefully the cost will come down again in time.
Even to this valley native it's clear that there is good cause to have different rules for the different geographic areas of the state.
Studded tires are a great example. In my opinion, they should be made permit-only for any vehicle registered at an address at less than 1000' elevation, with a gratis automatic permit for any address at or over 1000'. But I guess that's too easy for the legislature.
"That's actually pretty reasonable to guard against, and given that the laptop would presumably be locked, someone would need to be alone with it for an extended period of time."
:-)
Oh, I dunno. Unless you're using an encrypting drive, worst case - for the attacker - is long enough alone with it to physically pull the hard drive, clone it, and button the case back up. A couple hours tops, for a well-rehearsed operation. (How good is the laptop's security while you're asleep?) A better case is to boot it in firewire target mode, snarf up the relevant files for analysis and/or execute a scripted keylogger install. Or if you're really paranoid, maybe you'd wonder if they can just pop in bootable media and install a custom keylogging bios (crafted just for your machine) in five minutes flat. Hard to say.
Of course all these attacks have countermeasures - bios passwords, drive passwords, no firewire, truecrypt, keeping the laptop under your pillow at night - but to be really thorough would be pretty inconvenient, and still wouldn't protect against simple theft of the whole laptop for leisurely analysis of past secrets.
"A laptop can be had for less than that plane ticket, so you don't have to take that particular one overseas."
So you're leaving the one with the actual secrets on it back in the office, then? See above.
"If so, you have to assume that the other end of the connection is probably much more thoroughly bugged physically than either of their computers are electronically."
True. But if you assume that level of surveillance on the other end, it wouldn't be safe for your client to use a computer there either, would it?
As has been said often by people much smarter than I, "security is hard".
I love S/MIME, and it's great for practical commercial security. It's good enough for the exchange of HIPAA-protected data, IMHO, and I'm kinda paranoid about that.
But if I were up against an intelligence agency, I would not trust S/MIME. (Nor PGP, for that matter.)
"But instead of talking about the technological solutions, the lawyers fly half way across the world to meet with their clients. In fact, nowhere in the article is encryption even mentioned. Is it possible that lawyers don't even know about PGP?"
When you're up against the FBI, CIA, and NSA - which he presumably is - even PGP is not good enough. S/MIME? Forget it*.
PGP is a great way to protect messages in transit. But the problem here is not the security of the message in transit, it's the security of the message at every stage from composition to delivery, in both directions.
For example: Is the lawyer confident that his own laptop is private? He shouldn't be. Barring the laptop remaining in his sight at every moment from the time he took the case until this moment, there's the possibility that a sneak-n-peek has compromised his private keys, or that someone has even installed a keylogger. And did you notice that even the Ninth Circuit has now allowed laptops to be searched by border guards without evidence of a crime?**
Now consider that the lawyer's own laptop is probably the more secure end of the connection.
No. PGP is not good enough. In a case like this, he's right to do everything live and in person.
[*: The NSA is in a position to monitor S/MIME certificate exchanges with your key authority. Willing to bet your client's life or freedom that they can't they break the key delivery session?]
[**: '"We are satisfied that reasonable suspicion is not needed for customs officials to search a laptop or other personal electronic storage devices at the border," Judge Diarmuid O'Scannlain wrote (PDF) for the unanimous panel.' And this from the most liberal federal circuit.]
Damn. You know, I thought that article said he was an engineering student. Remind me not to use any of his bridges.
Turns out that not only was it a hoax, it was a hoax with a purpose. Police just arrested a couple for stealing some saddles from the man's garage a few days before the hoax, reselling them, and perpetrating the hoax to cover the theft.
"How can you be sure that you're not actually in need of a better algorithm?"
I was optimizing for humor.
"What do you think? Will more data usually perform better than a better algorithm?"
I need more data.
I caught a speech he did on the Quicksilver promo tour. To summarize and oversimplify what he said, apparently his hands can type faster than his brain can generate good prose. By switching to handwriting, he slowed his output rate to more closely match his composition rate. IIRC he said that the result was a much more polished first draft.
And don't forget to read his highly entertaining Slashdot interview answers, especially number four.
Work is sending me to a class there, so in that case I'd be in trouble for not going to Vegas. If it happened while I was there, I would of course be in trouble with my wife for not getting back on schedule. So please, no strikes!
Hey, for that I'd carry Orson Scott Card or something. Maybe even Tolkien.
I needed something to read to keep me out of trouble in Vegas next week.
OOXML's Flaws Have Been Addressed
:-)
"IBM's Rob Weir has done a study on how many flaws were addressed by the OOXML Ballot Resolution Meeting. So far, using a random sampling technique, he has yet to find a flaw [...] there were no mistakes on [...] the [...] pages he reviewed."
There. Doesn't that sound better?
I'm so glad someone else made that joke so I don't have to.
RIP.
Why Hybrid? Regenerative braking. Since it's a tad difficult to convert recovered braking energy into diesel fuel, some other energy storage device is needed.
Hey, I was just answering the question. I never said it was a good idea! :-p
Google bidding in the FCC bandwidth auction in progress + balloon-based cell transceivers + dark fiber = cheap new national cell network for Android.
Of course, there remain one or two technical obstacles...
The Air seems to be a prestige product, like a V12 BMW. Almost no one really needs it, but quite a few people will pay a premium price because they think they do. :-) It's a pretty little thing, though.
It so happens that I unpacked and set up a few Fujitsu Lifebook T2010 convertible tablets yesterday. Handling those makes the tradeoffs Apple made with the Air really obvious. The little Fujitsu is slower, cheaper, larger, and heavier... but not much slower, larger or heavier, and not all that much cheaper. They obviously didn't minimize on ports, as it has 2xUSB2, Gig-E, Firewire, headphone, mic, and VGA ports; slots for PCCard, Smartcard, and SDCard; a fingerprint reader, a Wacom touchscreen, and almost twice the battery life. On the other hand, it only has a/b/g wireless and it doesn't come with OS X or integrated multitouch, and it is not much of a looker.
Apple clearly optimized for different requirements than Fujitsu did. I'm sure the Air will fly off the shelves, but it's not for me.
Darn it.
"But projects for actual patient records keep failing."
:-)
As a statement of simple fact, this is true. As an emotionally-loaded blanket condemnation of EMR systems, this is bullshit: it fails to mention that projects for actual patient records also keep succeeding.
I'm a technical guy working in a midsize primary care clinic.
We've been on EMR since late 2000. Yes, there was resistance to EMR, but not because of the nefarious motivations you postulate. It was more that the older providers had been practicing with paper charts for twenty years, and there was a lot of inertia to overcome. The computer-friendly providers were enthusiastic, the computer-averse ones were resistant. (Add to that the fact that we tried to go wireless from the start, and the state of 802.11b in 2000-2001 was pretty hideous.) But by the end of 2002, even our most reticent provider actually shuddered when I suggested he go back to paper charting.
I concur with 8KidsCronie above: In order for an EMR to succeed, it has to be customizable by the end users to closely match the way their clinic works. This is not optional. EMR rollouts are hard even if things go well and most docs are on board. Our clinic was wise in its EMR choice and my predecessor did a wonderful job of managing the clinical customization process, so our rollout was relatively painless. That said, it was still a painful transition for at least six months, and the transition of all processes was not substantially complete and painless for a year. It's important to manage expectations so no one will be tempted to write off the project prematurely.
" Doctors prefer paper records that cannot be efficiently mined for malpractice lawsuits."
This is also bullshit. Patient privacy laws make such postulated data mining projects basically impossible for anyone who does not have legitimate access to the data. In practice, the only people who could manage it - without an existant, specific malpractice complaint in play in the courts - are internal clinical QC people for pretty large provider groups or hospitals tasked with policing their own providers. (And I think most everyone would regard that as a good thing, especially most physicians.)
Your friend seems to have a lot of dire fantasies, and does not strike me as a reliable source.
At least in the US, HIPAA says the contents of your medical record are yours, and the healthcare provider is a custodian of that data. That said, there are some caveats.
* Not all data in an EHR system relating to you is actually part of your medical record. There may be - probably is - some internal clinical communication attached to your chart in the course of clinical operations. Basically an EHR system usually tracks both your record and the providers' own record about you. These different classes of data are pretty straightforward to distinguish most of the time; you own the former and you don't own the latter.
* Providing you with a copy of your record has some cost, and custodians of records are allowed to recover reasonable costs from you to cover those expenses.
* Some data about your records may be disclosed as necessary for Treatment, Payment, or healthcare Operations; these disclosures are limited to the minimum necessary and (generally speaking) are also limited to other entities coveredby HIPAA.
* The government can get what it wants, when it wants, and you and your records custodians have f--k all to say about it.
Within those broad costraints, though... it's yours and your provider should treat it as such.
How mainstream are SAE bolts? How mainstream is 18 gage 304 stainless sheetmetal? How mainstream is a CR2016 battery?
Standardized and well-understood components save a vast amount of effort in other engineering fields and help produce results that are more easily verified to be good.
Why not apply the same approach to software engineering? Isn't that the greatest promise of open source?
Is it really a good idea to make a hard drive the size of mycobacterium tuberculosis? I'm just sure I'd lose it before I figured out how to plug it in.