15 posts • joined Thursday 21st July 2011 06:53 GMT
Lots of American and even a Russian company, but not any British software developers mentioned ( I'm not counting implementation consultancies).
Furthermore, non of what is mentioned has anything to do with Health.
Coming up with fairly arbitrary database and infrastructure products excludes the use of many of the available products, that are known to be effective, without huge rewriting and adapting.
The NHS claims unique requirements based largely upon scale, well having looked into some of their requirements, most of their problems actually appear to have arisen from having specifications drawn up by completely clueless individuals i.e. the ones who could be spared from their main job to spent an eternity agonising over prescription systems, for example, that don't even take into account the patient's existing medication, but do try to make the prescription process comply to some overarching medical order best practice knowledge base..........
Have a look at the Riak website, and I quote
"The National Health Service is the publicly funded healthcare system for the United Kingdom. Riak is being used as the IT backbone for this system, to help drive efficiency quality of care improvements. Riak is replacing a legacy system, which allows them to drastically cut costs while improving the performance and reliability of the system."
That was quick! You might even think optimistic.
Whistle-blowing security vulnerabilities has to be handled carefully.
Some years ago,I discovered a nasty vulnerability that is present in almost all bank systems. I was developing a new system for my bank client.
Not being suicidal, I made an appointment with the bank's chairman, then I spoke to my lawyer, who arranged an appointment with the bank's principal (only) shareholder, so ended up spending half an hour with a head of state.
I notorised a statement about the weakness and then advised the head of security that there was a flaw in the systems and to drive the point home i would carry out a transaction on a certain date that would be reversed 24 hours later.
Because I had advised my client, my lawyer, my client's shareholder and security head and set out in a notorised statement what the weakness is and how I would demonstrate it, I did not get into trouble, quite the opposite, it kept me in work for many years.
You know, nobody was aware of this vulnerability until i demonstrated the problem,, and many years later it still exists, its simply too convenient. If anybody ever exploits it, its just a cost of doing business.
The lesson is - cover your arse
Recently a well known IT infrastructure supplier got involved with Lotus - there were 40 pallets of kit.
Unless a team has a full size wind tunnel, they are wasting their money, these boogers don't scale.
As far as telemetry is concerned, even a sail boat had 400 measurements per second 20 years ago and it may only be going 10 miles per hour,
To use your analogy, if the fox is in the hen-house, he still has to acquire a 'personality' that has rights to execute the appropriate procedure.
It is standard practice to obfuscate personal information when returning the result of wide ranging queries, such as would be required to download bulk information.
Your knowledge of grown up databases is slight - having what you call 'root' on the database server does NOT give decryption rights, nor should it.
And as far as knowing about FIPS140-2 is - why wouldn't I know? Personally I would implement non-US encryption, that is open-sourced.
Frankly, Mr Ireland, you are shooting from the hip. With a grown up DMBS, you can give a copy of the database to an unauthorised user and they still wouldn't be able to access the encrypted information. And as far as Audit goes, its like CCTV, it discovers that something has happened but it doesn't deter the offender in the first place, any assumption otherwise is fallacious.
Store the data in a database where all personal data is encrypted using FIPS140-2 equivalent standards as a minimum. Then configure the database so that only stored procedures have read (and the others) rights. To read the un-encrypted information, a hacker would have to run an application that called a stored procedure and ensure that the user/application had execution rights for that stored procedure.
This isn't easy to do. As a result, the loss of physical data is not significant and access to the information is complicated by the need to emulate a user with stored procedure execution rights and then know which stored procedure to execute.
There is a further level of Hierarchical Rights Management that is able to measure the appropriateness of the access request and the relative relationship of the user making the request and the subject of the information requested. Whilst this sounds complicated its easier to set up than might be imagined. Where entropic systems are concerned, pseudo hierarchies are just as effective.
I am not the least bit surprised that few women are drawn to security training.
Several times in my career i have had to support strong competent women who have been viciously and pointlessly attacked by security specialists. In all these instances, the source of the trouble has been a male security specialist who has worn a uniform in a former career.
Whilst the security sector continue to provide a cultural home for superannuated, under educated sociopaths, I can't see this situation changing. And in case you are wondering, I don't have a problem with people in uniform, I just want them to but it behind them when the quit.
I have spoken to sales engineers from the companies that supply the major German car manufacturers (ie the only one's that matter from an engineering viewpoint) about why their displays are so limited.
It turns out that the manufacturers are obliged to specify equipment that has a design life in excess of 15 years, which few displays achieve. In my German car I can cycle through all sorts of information, it just isn't displayed as innovatively as it could be because most display equipment will at least partially fail before 15 years. Higher quality displays will require better quality wiring looms, which are expensive.
When working with real time telemetry, you can do what you want with the display of data and create unusual virtual instruments, as most of us ditch our laptops on an annual basis, display failure is not a problem.
Re: Learning To Walk Before You Run
Using a system that relies on a landline ties the wearer to the proximity of their house - so no gentle dog walking or visiting a neighbour in a car. Some years ago my mother was offered one of these devices, dependent on the landline, much of the garden was out of range.
Old folk are not always tied to their house, but they do need some way of being retrieved when they go astray or have a fall.
Giving old people a pendant that is tied to a landline is little different from tagging them
Learning To Walk Before You Run
This is a great idea - BUT - first you must have network coverage.
Despite living within sound of one of Britain's most important transportation conduits (M20/HST1/Channel Tunnel), there is barely any GSM coverage let alone GPRS or even anything remotely useful. DVB is similarly deficient hereabouts.
When decision makers head outside the M25 and Thames corridor, I wish they would take time to notice how primitive mobile phone coverage actually is, how poor broadband is, how the local roads are so bad that you replace tyres on a weekly basis. Well, there are a lot of old people living in these sorts of places and they function OK, but could certainly use and benefit from a decent pendant alarm. There are 90 year old ladies who walk their dogs and drive to the shops and really need some kind of functional alarm system without having to move to Croydon (no disrespect to that sterling borough).
So, please, sort out the coverage before touting yet another unusable service, please!
Yet Another Metrosexual View Of Life In Rural Britain
Yet again the view of the chattering classes is shown to be firmly centred within the M25.
This urban-centric view of Britain today is bunkum.
So many jobs in rural Britain are tied to the minimum wage, many of the families live in what can technically described as deprived conditions, farmers average ages are over 50 and even in areas well served by HST1, rural development is constrained by the paucity of adequate Internet access speeds. Much as many people might like to move their businesses to rural areas, this is only possible if there are adequate Broadband speeds, download speeds of less than a quarter of a megabit a second can't support many users, the transfer of moderate image files, VoIP telephone systems or mobile phone network extension equipment.
Providing rural Britain with better broadband access speeds will provide one of the most important planks upon which to rebuild the rural economy. In turn this will lead to greater social dynamism, higher wages and less dependence on income and housing support. From this viewpoint the economics of better rural broadband look quite rosy.
We don't even need to deliver these services over copper/fibre; deep in rural Kent I am accessing the Internet using WiMax, that is wireless delivery at anywhere between 15 and 20 Mb/sec, with higher speeds available in the future. Pity about the deplorable mobile phone service.
If the metropolitan elite wishes to turn rural Britain into a theme park then I suppose it doesn't matter, but those of us who do live in the country better broadband speeds are vital, the isn't much else around to drive economic development.
Customers feel ripped off & walk
Given the company's approach to European customers (rip off pricing), It doesn't take a rocket scientist to work out why Creative Cloud sales are disappointing in Europe. Arrogant companies fail, Adobe has the chance to redeem itself, let's hope they take it - REAL SOON NOW.
This isn't a climate issue, its a morality issue.
Once upon a time, the better universities used to teach a course for those intending to make a career out of academia that covered such issues as ethical use of data, is this now optional?
The vice chancellor's famous and often misquoted ancestor, Lord Acton finished his observation on the influence of power with "........There is no worse heresy than that the office sanctifies the holder of it."
Are we to assume that the vice chancellor was misinformed as to the existence, or otherwise, of the "missing" emails or that he was not sufficiently aware of the technology involved?
This Is A Non Story
The idea that somebody is publishing a report in 2011 on cracking GSM/GPRS/UMTS security in cetral Europe is a joke, and everybody who takes it at face value is being duped.
I'm not giving away any secrets when I say that back in the 90s, there was an agreement between the Federal authorities and the MNOs that encryption over the network would be 'crippled', so that 'government agencies' could decrypt in real time, without access to the network infrastructure.
The real story is one of collusion between Governments and Operators, this 'scientist' should be nominated for an ignoble.
My experience of upgrading a new iMac to an allegedly 'free' upgrade, involved endless repitition, repeated logging in, providing credit card details for a £0.00 amount, changing passwords, being led up blind alleys that didn't go anywhere.
After much frustation, I obtained a code which I could 'redeem' through what appeared to be the iTunes store. Then it wanted further credit card information and finally the download never kicked off, and all attempts to restart were frustated as the system had marked the computer as having already used its free upgrade entitlement.
I have been an IS professional for a very long time, I cannot recall anything quite as disfunctional as this experience. Following on a week of dealing with the lack of ortogonality in Photoshop and AI,, all I can look forward to is chatting to Apples lovely ladies in Cork as we sort this mess out.
I'd say they really shot themselves in the foot on this one