“I’m sorry, Dave, I’m afraid I can’t do that.”

- HAL the computer from 2001: A Space Odyssey (1968)

Every day, essential business and physical functions are executed by software, without human oversight.  Many of these functions—automobile braking systems, automatic systems on commercial aircraft and commuter trains, medical equipment—function at speeds and levels of precision that cannot be matched by human beings.  Thankfully, the persistent fear that someone may eventually create software that is intelligent enough to defy us has not come to pass.  If anything, the opposite remains the more immediate concern:  as fallible humans, we continue to generate software riddled with problems, setting the stage for accidents waiting to happen.  

Read More »

Many popular software products have frameworks that allow users to extend and customize the application using plugins or add-ons. Examples include Firefox, WordPress and Google Chrome. In fact, even nerd software like irssi allows users to use plugins. Plugins help with productivity and make the software fun to use. However, plugins can also introduce risk to users. Sometimes, these issues are very overt. For example, malware was recently discovered in a Firefox add-on (I was impressed with how this was addressed though). Other times, the issues may be more subtle: perhaps the plugin could introduce a new vulnerability that, with a little research, could be exploited.

Read More »

Web 2.0 and social media are driven by user-generated content. In return for producing content, users want to receive information or experiences that encourage them to revisit a given site. In this cycle, sites can monetize the user experience by utilizing advertising to generate profits from users’ visits and eventual patronage from advertisers. By and large, users resist paying for contexts such as social networks where they post their own content, like pictures, status updates, or videos.

For this model to perpetuate, each participant must uphold their contribution: sites must generate an attractive experience, advertisers must present relevant content to user interests, and users must provide content or consume advertisements. If advertising is overrun by malicious code, users may be driven to abandon a site that is deemed dangerous, or take steps to block advertising. Many users adopting the same approach could hurt the existing business model, resulting in a financial risk to sites that are based on advertising revenue.

Read More »

Another RSA Conference has come and gone.  I had the privilege of getting a full “delegate” pass this year, which meant that I had access to attend the sessions, so I’ll try to describe the sessions I attended below.  Due to several conflicting meetings and other commitments, I didn’t make it to quite as many sessions as I anticipated, and barely made it to the exhibit floor.

My overall observation is that the RSA conference, as a whole, continues to be very healthy.  There was a wide range of technical sessions, and the exhibit floor (what I saw of it) was sizable and very active.  One thing that I noticed is that more of the sessions seemed to be panel discussions this year than in the past.  I tend to get more out of the individual or 2-person team talks because I find them to be more focused, in comparison with the panels that are often unscripted and more driven by the questions of whoever is in the audience.

Read More »

There are innumerable benefits to digitized record-keeping. I can’t say enough about the benefits of correlation and collation of information that could be gained from taking information off of paper and moving it into computers. For health information, the potential benefits are incredible and could markedly advance individual well-being. The portability and accessibility of electronic records alone, not to mention the visualization and mining of trends, association between care and outcomes, and the effectiveness of diagnosis, treatment, and costs, all stand to benefit patients and their health.

But as health records move to digitization, some individuals are taking an opportunity to commit fraud, due to weaknesses in the system. There are risks that exist with paper records that could be mitigated by digitized records, but once healthcare organizations digitize, new risks can arise.

Read More »