ENTRIES TAGGED "privacy"

Health IT is a growth area for programmers

New report covers areas of innovation and their difficulties

infofixO’Reilly recently released a report I wrote called The Information Technology Fix for Health: Barriers and Pathways to the Use of Information Technology for Better Health Care. Along with our book Hacking Healthcare, I hope this report helps programmers who are curious about Health IT see what they need to learn and what they in turn can contribute to the field.

Computers in health are a potentially lucrative domain, to be sure, given a health care system through which $2.8 trillion, or $8.915 per person, passes through each year in the US alone. Interest by venture capitalists ebbs and flows, but the impetus to creative technological hacking is strong, as shown by the large number of challenges run by governments, pharmaceutical companies, insurers, and others.

Some things you should consider doing include:

Join open source projects 

Numerous projects to collect and process health data are being conducted as free software; find one that raises your heartbeat and contribute. For instance, the most respected health care system in the country, VistA from the Department of Veterans Affairs, has new leadership in OSEHRA, which is trying to create a community of vendors and volunteers. You don’t need to understand the oddities of the MUMPS language on which VistA is based to contribute, although I believe some knowledge of the underlying database would be useful. But there are plenty of other projects too, such as the OpenMRS electronic record system and the projects that cooperate under the aegis of Open Health Tools

Read more…

Comment |

The RSA/NSA controversy concerns you!

This controversy impacts everyone (and here's what we can do about it)

As a cyber security author and CEO of a security consulting company, I was personally shocked by the RSA’s attitude about the alleged secret payments it received from the NSA as well as its willingness to weaken its BSAFE product; especially after the weakness became public in 2006. I was even more shocked by the lack of outrage shown by many security bloggers, analysts, and security company executives.

The speaker-in-protest count has reached 13 speakers who have canceled talks they were scheduled to give at the RSA Conference (RSAC) next week, first and most notably, Mikko Hypponen, who published this open letter. A few outraged others have also spoken out about their decision to cancel their talks, including Dave Kearns and, via Twitter, Adam Langley and Josh Thomas.

Read more…

Comment |

How Secure Is Your Old and Inactive User Data?

The need to root out old data goes well beyond creating disk space

A couple weeks ago Brian Krebs announced that Adobe had a serious breach, of customer data as well as source code for a number of its software products. Nicole Perlroth of The New York Times updated that to say that the breach appears to be much bigger than thought and, indeed, Krebs agrees. Adobe themselves announced it first, earlier than Krebs’s first report in CSO Brad Arkin’s terse blog post, Illegal Access to Adobe Source Code.

By now, breaches are hardly news at all. All of us pros flat out say that it isn’t a matter of *if* you get hacked, but *when*. Adobe’s is of note solely because of the way that the news has dribbled out. First, the “illegal access” to source code, then the news of lost customer data to the tune of 2.9 million, then upping that to 38 million, but really actually (maybe?) 150 million. The larger number is expired accounts—or something.

Read more…

Comment |

Security After the Death of Trust

Not just paying attention, but starting over

Security has to reboot. What has passed for strong security until now is going to be considered only casual security going forward. As I put it last week, the damage that has become visible over the past few months means that “we need to start planning for a computing world with minimal trust.”

So what are our options? I’m not sure if this ordering goes precisely from worst to best, but today this order seems sensible.

Stay the Course

This situation may not be that bad, right?

Read more…

Comment |

Upward Mobility: Dig Out Your Tin-Foil Hats

Thanks NSA, you've spoiled mobile crowdsourcing for everyone else!

The continual drip-drip-drop of NSA secrets, courtesy of Monsieur Snowden, has provided many of us with a new piece of daily entertainment. But as much fun as it can be to see No Such Agency’s dirty laundry being aired in public, it has a real and lasting affect on how consumers are going to see interacting with their mobile devices. Specifically, it could provide a major setback to the new universe of applications that use crowdsourced data.

There are lots of examples of highly successful apps that are essentially just aggregations of user-provided data. Yelp comes to mind immediately, but another good example is Waze. In both cases, users are providing the service with some fairly private information, where and when they were at a particular location. Waze is even more sensitive, because it is also recording your speed, which might be a bit higher than the posted limits.

Read more…

Comment |

Keeping Apps in the Air With TestFlight

Long a development tool, TestFlightApp wants to move into analytics

For most iOS developers, TestFlightApp has become the go-to tool when they want to distribute a development build to testers. For those not familiar with the site, you can register applications, and then upload IPA files signed with either a development or AdHoc profile, either manually or using a desktop app that integrates directly into XCode.

Once uploaded, your testers can be automatically notified via email that there is a new version of the app available, and download it directly onto their device without having to use iTunes. It can even capture device IDs for new users (or new devices for existing users), and export them for use in the Apple developer portal.

You can also add code to have the running app check in with TestFlight. You can add “checkpoint” flags, ask survey questions (“why did you come to this page”), and have console logs and crash reports automatically uploaded to the site.

The problem is, once you’re ready to ship a production version, you have traditionally had to turn everything off and make sure that the Test Flight library was not linked in to the app. This has meant that there was no way to capture crash data from customers running the app. But now that’s changing.

Recently, TestFlightApp announced that it was now OK to leave the library in copies of your app uploaded to the App Store, and to have the app check in with TestFlight. Why the change? Probably because it is needed to support FlightPath, their new analytics tool. FlightPath seems to want to be the Google Analytics of mobile, allowing developers to see how customers use their app and offering demographic data.

FlightPath is likely to be the path that TestFlightApp takes to start monetizing their service. TestFlightApp has always been free, but there has been no pronouncement about whether FlightPath will follow that same model. It is currently in an open beta, so we may have to wait and see what the pricing model for the final product is. Of course, by then, all those beta users will have become hooked.

One major caution for people intending to keep TestFlight in their production code, watch out for leakage of private data! Many test builds spit out tons of information to the console. At times, I’ve had everything going back and forth to a server dumping itself onto the log. If you don’t disable that in the shipping code, you could be accidentally capturing all sorts of sensitive data, including credit cards, HIPPA restricted information, etc. So make sure that you have compiled out (or disabled) anything like that in the production build (which you can test with an AdHoc profile.)

Comments: 2 |
Commerce Weekly: Another mobile wallet is on the way

Commerce Weekly: Another mobile wallet is on the way

Isis Mobile Wallet is coming this summer, Canada gets its first mobile wallet, and NFC benefits may trump privacy concerns.

Isis announces Mobile Wallet partners and a rollout plan, Rogers Communication and CIBC partner to bring a mobile wallet to Canada, and a look at the theoretical benefits of NFC. (Commerce Weekly is produced as part of a partnership between O'Reilly and PayPal.)

Comment |
Developer Week in Review: Sometimes, form does need to follow function

Developer Week in Review: Sometimes, form does need to follow function

Why remotes need buttons, lawmakers need a clue, and life-critical software needs many eyes.

The latest rumors have Apple eyeing the remote control market, but does minimalistic design work for remotes? Australia wants to impose requirements on ISPs, but at what infrastructure cost? And would you let closed-source software keep you alive?

Comment |
ePayments Week: Financial Times bets on its web app

ePayments Week: Financial Times bets on its web app

Financial Times goes all-in on its web app, Flickr puts up fences, and daily deal fatigue sets in.

The Financial Times says subscriber data trumps Apple's reach, Flickr introduces geofencing to keep things private, and the cracks in the daily deal world start to show.

Comments: 2 |
Developer Week in Review: Lion drops pre-installed MySQL

Developer Week in Review: Lion drops pre-installed MySQL

MySQL is missing from Lion Server, and Apple gets a slap on the wrist from South Korea.

A pre-installed version of MySQL is noticeably absent from Lion Server, South Korea penalizes Apple for the location brouhaha, and Java 7's compiler injects a bit of randomness into software development.

Comment |