Tuesday, October 29, 2013

Unsecured Data Communication at the Health Care Exchange? Shouldda gone with My TRA


In May of 2011, I presented a back-end web services architecture for U.D. Dept of Health and Human Services Center for Medicaid & Medicare to the CTO (Mark Hogle). If the contractors for the public portal had gone with the technical reference architecture (TRA) as it was written and approved by the CTO, the concerns regarding back-end data in-transit, unsecured, would not be warranted.

Specifically, the reference architecture I developed called for,

Where the highest level of practical protection is called for, encrypting all message fields should be included in the architecture. XML Encryption (and decryption) requires fully parsing the XML transaction and then, for select message section(s), performing a set of processing-intensive XML and cryptographic encryption (decryption) operations. Deploying both XML Encryption and XML digital signatures can significantly affect the performance of high-transaction applications due to their resource-intensive nature. This can be mitigated by using hardware (an appliance, for example) rather than a software-based solution.



What are the implications of ignoring this (common-sense?) policy? Typically, a man-in-the-middle attack could be orchestrated. This breach is a form of active eavesdropping by which the attacker makes independent connections with the targets and relays messages between them, making them believe that they are talking directly to each other over a private connection. Data could be modified or absconded with.

Another problem is the repudiation -- where did this message originate from? Without this assurance, a provider is unable to ensure that a party to a SLA cannot deny the authenticity of their signature on a document or the sending of a message that they originated. Repudiations ensure electronically signatures are trustworthy, to ensure that a person cannot later deny that they furnished the signature. Any financial transaction needs this.

Plus, there's a bonus! The TRA specified performance testing! The issues around poor performance (that, of course, are not client-specific such as poor HTML coding) would never have made it from the test lab to deployment. In the TRA, CMS mandates Web Services testing and performance engineering. Specifically, these processes should use a systematic, quantitative approach to building Web Services that meets both business and performance objectives. While crafting software to meet business objectives is the developer’s primary focus, performance engineering should also map to critical use cases that take into account performance objectives, including response time, throughput, resource utilization, and workload.
Web Services testing should focus on regression testing and benchmarking against stated performance goals for individual services. The UDDI directory should be employed to document those goals. The purpose of such testing is to demonstrate that a service meets performance criteria, thus testing should assess load and stress.

The rationale for measuring Web service performance is multifold:
• Consumers need to know response times and anticipated throughput via APIs.
• Service resource demands are needed for different workloads.
• SLAs or other contractual obligations will rely on performance as a key concept.


Nobody wants problems with the President's attempt at reforming the health care insurance marketplace in this country. But just by applying the existing design constraints at the outset, HHS/CMS would have plugged another hole in the leaky dike that the Health Care Exchange has become, before any drips started.



Monday, October 21, 2013

Apple's Steve Jobs was too quick to tie the knot with Microsoft, and Google

Around the 2nd anniversary of his death, and looking back at Steve Jobs’ tenure at Apple, it iss impossible to separate the role Microsoft and Bill Gates played in SJ's complex career. Microsoft and Apple helped pioneer the personal computing industry and defined not one, but two eras (PCs, and the post-PC mobile world). The two CEOs partnered at various times, competed all the time, and challenged one another in ways that helped shape the landscape of technology.

Early on, the strength of their relationship could be witnessed at an Internal Apple Event in Hawai where Steve Jobs introduced the Macintosh to a few Apple VIPs. Bill Gates sugarcoated the Mac and Steve Jobs loved every moment of it.

But with Bill Gates famously ripping off the Mac interface, a rift was formed.

This was somewhat healed, over time, when Steve returned to save Apple, and even, to the dismay of Apple loyalists, called on MS to help. In the new era of cooperation caused by intense competition from all corners of the Internet, Steve brought Google into the fold early. And this was a mistake as big as handing the Mac prototype to Bill Gates.

Rob Enderle, at Forbes, convenes a moot court to try and convict Google,
The fact that Google copies isn’t in dispute. They clearly have copied Microsoft and really there is nothing wrong with that other than trying to argue the efforts (other than price) are innovative. The sequence of events suggest that someone got the idea of doing a phone before Apple locked down on the iPhone, but after the ROKR, and were unsure as to what to create. That was until the iPhone emerged at Apple and then they created a very similar, though initially inferior product. So we have historical behavior that showcases Google copies, we have motive (to build a better phone), and with Schmidt on the board we have opportunity.

Broadly, Google (and Samsung and others) clearly did “steal” Apple’s technology. A number of key concepts, such as pinch-to-zoom, were first introduced on the iPhone and later incorporated into Android. The iPhone was an innovative product, and obviously Apple’s competitors are going to want to match it feature for feature. This is a good thing, for consumers. Better products all around, and more choice.

But Steve Jobs, for all his reputation as a tough leader, also followed his heart. Of the many qualities made Steve Jobs an innovator, one key aspect was his interest in Zen Buddhism. He relentlessly filtered out what he considered distractions (focusing the mind)and his passion for taking responsibility for every element of a product reflect a Zen approach. Not controlling, but responsibility, a core concept of the experience. Read more about the influence of this way of thought on Steve Jobs. Sometimes mistakes are opportunities for growth.


Sunday, October 20, 2013

Inquiries into the Obamacare Exchange launch

Fox News is reporting:

Leaders of the chamber’s Energy and Commerce Committee are pressing for public answers after the Obama administration and companies involved in the site's development and launch said the online health care exchange was “on track” for the October 1 start.

However, the site, which provides a menu of insurance plans for Americans in the 36 states without their own site, has instead been plagued by such problems as crashing under heavy user traffic, failing to let customers register or purchase plans and reportedly logging inaccurate information.

Committee Chairman Fred Upton began focusing on Secretary Sebelius after she went to Comedy Central’s “The Daily Show with Jon Stewart” last week to talk about the website.

“Secretary Sebelius had time for Jon Stewart, and we expect her to have time for Congress,” the Michigan Republican has repeatedly said.

The committee is scheduled to hold a hearing Thursday that will focus on whether officials involved with the site “Didn't Know or Didn't Disclose” problems.


==update==

The NYT has more on the government's attempts to correct some of the problems:

One major problem slowing repairs, people close to the program say, is that the Centers for Medicare and Medicaid Services, the federal agency in charge of the exchange, is responsible for making sure that the separately designed databases and pieces of software from 55 contractors work together. It is not common for a federal agency to assume that role, and numerous people involved in the project said the agency did not have the expertise to do the job and did not fully understand what it entailed.

And of course the classic problem,

Communications between the administration and contractors improved over the weekend as the Centers for Medicare and Medicaid Services began negotiating agreements with contractors on responsibility and deadlines for repairs, people involved in the project say. They hope to have a plan before a Congressional hearing set for Thursday. “The issue right now is between C.M.S. and the White House,” a specialist said Friday before communications improved. “Everybody sits and waits and the meter runs.”

The article discusses the prime, a Canadian firm,

CGI Federal, a unit of the CGI Group, based in Montreal, has the biggest contract and is responsible for the architecture of major parts of the system, but not for its integration. Quality Software Services Inc., or Q.S.S.I., a unit of the UnitedHealth Group, developed the identity management system, another major component that allowed consumers to register and establish accounts. The identity management system from Q.S.S.I., which also taps into government databases to retrieve users’ personal information, was a particular source of trouble when the exchange opened. Change orders show that on Oct. 4 — after millions of people had been trapped in technological loops trying merely to log in — the government asked CGI to help it devise a new identity management system to replace the one provided by Q.S.S.I. But specialists said that approach was abandoned as too risky. Ultimately it was decided to fix the current identity system.

Of course, I mentioned in a previous post the architecture and prototype I developed while detailed to MITRE, but that seems to have been ignored in favor of an off-shore solution. Which seems crazy, in these uncertain economic times. Why is the federal government going outside our borders for technological expertise of this nature?




Friday, October 18, 2013

The Cloud Saves Obamacare

Whatever the side of the Congressional aisle you are on (or maybe in the middle?), one of the more interesting aspects of the Patient Protection and Affordable Care Act (Obamacare) is its emphasis on technology’s role in curbing healthcare costs.

As David Linthicum notes, “No matter where you sit on Obamacare, it’s going to change the processes in how organizations deliver healthcare.” But nowhere is cloud approached more cautiously than in the healthcare industry. Yet evidence suggests that cloud and healthcare are poised to push the industry forward into its next phase, while reducing costs. But with so much negative press recently on overall government and healthcare, might cloud be an agent of change?

There is a lot of concern among the organizations supporting this healthcare IT push around security, but especially with maintaining compliance. HIPAA compliance is still opaque, requiring a great deal of guidance for implementation. This becomes especially tricky as an organization begins creating business associate agreements among vendors.

The federal government is aware of the value of cloud computing -- the U.S. Department of Defense has identified concurrent steps that enable a phased implementation of the DoD Enterprise Cloud Environment:
• Foster adoption of cloud computing
• Optimize data center consolidation
• Establish the DoD enterprise cloud infrastructure
• Deliver cloud services
This plan describes a defined transformation strategy that takes the DoD from its current state, preps the department for cloud computing, then concludes when DoD information systems can finally take advantage of public and private cloud computing providers or technology.


Read more here.

Thursday, October 17, 2013

Could Flight be Man's Greatest Achievement?

While the Wright Brothers were first out the gate successfully, to complete man's eternal quest to achieve a powered flight, in 100 years we have come very far. The short flight in 1901 changed air travel in the twentieth century and remains one of human kind's great technical achievements. Of course, this culminated in one giant step, and a smaller one.

This is a cool article, about the language of the skies...

Aviation has a lot of special language, like sailing or gymnastics. Its brief, even curt efficiency and orderly templates keep planes on course and out of each other’s way.... But there is one special set of aviation jargon, more alien than the concocted vocabulary of Esperanto and more bizarre than patterned wordplay of Pig Latin or Id. This is the lexicon of waypoints, which are the road markers in the sky for directing planes on a course.

In the 20th century, airplanes and mass-­produced cars have changed the way we live. Cars, affordable for masses, have allowed us to move around, and planes make faraway destinations close. People still struggle towards a century-old dream -- the merging of cars and planes into flying cars. But, as readers know, self-driving cars are, in my opinion, much closer at hand, and a better option. I love flying, but I'll settle for a robot chauffeur.

Tuesday, October 15, 2013

Last week - magazine suck on tablets. This week: tablets can save the newspaper business

If you believe Google, the newspaper industry has been in decline since 1972 and that online journalism as a threat to newspapers is only a continuation of broadcast journalism’s inexorable encroachment, but that newspapers have a new opportunity to profit from old-school long-form journalism by paying special attention to tablets. So says Google Chief Economist Hal Varian in this speech.

Although printing and distribution costs are decimated by the shift to online news, competition is exponentially fiercer. To fight the advance of bloggers, citizen journalists, and other competition, newspapers have resorted to publishing shorter, shallower pieces to cater to the traditionally attention span-stunted Internet public. This has largely compromised the “analytic depth” the printed word affords. Varian suggests that it doesn’t have to be this way -- by focusing on tablets and other innovative ways to keep eyeballs glued to the news, online journalism can step up profits even while rescuing the Fourth Estate from irrelevance.

Roger Fidler was one of the original proponents of these portable "electronic tablets" when he ran the Knight Ridder Information Design Lab in the early 1990s. These devices, known as 'flat panels' or 'tablets,' will combine the readability and convenience of paper with the technological abilities of video and sound. In the same way that ink-on-paper printing has defined the present era, it now appears certain that electronic 'presses' and multimedia publishing will define the new one," Fidler wrote in an October 1992 AJR article called "What Are We So Afraid Of?" In October, the Society for News Design presented Fidler, a founding member of SND, with its Lifetime Achievement Award for his groundbreaking and innovative work.
Fidler started his journalism career in 1962 writing and illustrating a science column for Oregon's Eugene Register-Guard. The following year, he also began writing feature stories and creating maps for the paper while attending the University of Oregon. Fidler had originally planned to become an astronomer, but a chronic illness that he developed in high school forced him to switch his major to journalism. In 1990 he produced an animated video of a tablet newspaper scenario in collaboration with RayChem, a company that was developing an electronic paper display technology. A year later, Fidler became a Freedom Forum Media Studies Fellow at Columbia University. There he created an operational prototype of a digital newspaper optimized for his media tablet. He frequently demonstrated the prototype on Macintosh computers.


Read the full article here on SlashGear. And check out the forward-looking video here.

Friday, October 11, 2013

Government wants to spy on the people... so engineers back-door into popular video conf software

Anyone might suspect that the NSA has hooks INTO skype. It is highly probable that the U.S. government paid Microsoft to buy Skype, re-engineer it to allow easier access than the peer-to-peer architecture it had originally.

But don't take this paranoid IT architect's word for it -- read more here.

Autonomous cars - who do you trust more, Detroit, or Google?

Surprise, the answer is... Google. Nearly every automaker is working on some form of autonomous vehicle technology, but according to a new study, consumers are more interested in a self-driving car from Google than General Motors. The study, conducted by U.S. audit and advisory firm KPMG, polled a diverse group of drivers from both coasts and in between

Some cool stuff from the Wired article/report:

“We believe that self-driving cars will be profoundly disruptive to the traditional automotive ecosystem,” said Gary Silberg, KPMG auto expert and author of the report. The company’s polling bears that out, although KPMG is quick to add the caveat that while “focus group discussions are valuable for the qualitative, directional insights they provide; they are not statistically valid.”

California drivers were significantly more interested in autonomous vehicles from the onset of the discussions, with L.A. residents ranking their willingness to use a self-driving car at 9 out of 10. Chicago residents came in at four, and New Jersey drivers’ median was six.

Additionally, premium vehicle owners — who made up nearly a third of the focus group — were more interested in autonomous vehicles and self-driving technology.

In Silberg’s estimation, the reason is that Audi, BMW, and Mercedes-Benz drivers are “already accustomed to high-tech bells and whistles, so adding a ‘self-driving package’ is just another option.” Throw in the possibility of a special lane on highways for autonomous vehicles and the ability to turn the system on and off at will, and premium buyers were sold on the option full-stop.

But the major takeaways from the study are that consumers — while still concerned about safety and liability — are increasingly interested in autonomous cars, as long as the benefits outweigh the costs, and the company manufacturing is seen as being at the top of their game. And while 0-60 times and horsepower may be of interest to consumers now, if you’ve ceded control to the machine, style and functionality will trump performance and driver engagement.

--

Like any complex product, I can see a further diversification of offerings -- sports cars, hybrids, sport-ute/SUVs, and others demonstrate this slicing of the offerings. Why not a self-drive, too?

Government Shut-Down Got You Down? Apple Could Teach the Feds a Lesson in Branding



In today's global economy, whether a country or a company, you have to be visible and active to maintain your image and to advance -- economically and politically. Citizens are consumers—and citizen-consumers, increasingly, exercise power in today's economy.

In this NatGeo opinion piece
, there are several points on Apple's strategy to be a world-wide success that Uncle Sam could follow.

Apple has topped Coca-Cola as the world's best-known brand. Apple just ended Coca-Cola's 13-year run at the top of a highly regarded annual list put out by Interbrand that has been compiling what it calls the Best Global Brands report since 2000.

Apple ranked high this year because its products are well liked, its services are considered good, and people have come to value the company as practically a cultural icon of America—particularly with young people. Those characteristics are good for a company and good for a country.

But it is hard to deliver high-quality services and a good experience if you are not open for business—whether it is the National Zoo or the Grand Canyon. Both convey American values.

Clearly diplomacy should never be equated with corporate public relations. One is a public good; the other is a bottom-line sell. But that doesn't mean we can't learn from both about the importance of being understood in a crowded global market. Apple, as a company and a symbol, is, well, as American as apple pie. Congress should consider that our interests won't be well-served if the doors are barred here at home to our collective storefront, the federal government.

Wednesday, October 9, 2013

Poor Architecture Hampers Obamacare Exchanges

A few IT experts question the architecture of the Obamacare website. Government officials blame the persistent glitches on an overwhelming crush of users - 8.6 million unique visitors by Friday - trying to visit the HealthCare.gov website during its launch.

Disappointedly, the U.S. Dept of Health and Human Services did not implement the prototype architecture I developed for them, while on detail to MITRE. Instead, they opted for a Canadian firm's approach. (One wonders, why does the U.S. need to go "off-shore" for IT architecture when we have such talent widely available here?) CGI Group Inc, the Canadian contractor that built HealthCare.gov, is "declining to comment at this time," said spokeswoman Linda Odorisio. According to one analyst,

One possible cause of the problems is that hitting "apply" on HealthCare.gov causes 92 separate files, plug-ins and other mammoth swarms of data to stream between the user's computer and the servers powering the government website, said Matthew Hancock, an independent expert in website design. He was able to track the files being requested through a feature in the Firefox browser.

Of the 92 he found, 56 were JavaScript files, including plug-ins that make it easier for code to work on multiple browsers (such as Microsoft Corp's Internet Explorer and Google Inc's Chrome) and let users upload files to HealthCare.gov. It is not clear why the upload function was included.

Hancock's analysis suggested that the security questions were coming from a separate server and that better system architecture would have cached the questions on the main HealthCare.gov server. In the architecture I developed over a six-month engagement, the front-end web site was streamlined with minimal Javascript, and was served up via a WebObjects application handling the back-end connectivity to various data services.


I had applied my expertise in service oriented architecture — particularly how to apply SOA for cloud efforts — to come up with a prototype that could support 10's of thousands of concurrent users. I leveraged my expertise to demonstrate:
• How SOA 'automatically' improves end-to-end visibility and responsiveness.
• How to massively scale SOA in the cloud for extreme high-traffic, high-bandwidth applications.
• How current on-premises SOA can foster cloud architectures and deployments.
• How WebObjects frameworks will make web services and web-based user interface efforts more productive.
• How 'intelligent ESBs' help the cloud solution react in real-time.
• What SOA 'best practices' today offer the best ways to improve a cloud strategy, at little cost.

Tuesday, October 8, 2013

Why hasn't the Tablet made Magazines Huge?


With the multimedia capabilities, "push" data to refresh content, and a known display platform, you would think tablets such as the iPad would have made magazine apps a win.

In this article, there are several areas that impact magazine apps. One important data point:

Magazines need dedicated readers. But, Nielsen estimated the average mobile user has 41 apps on his or her smartphone. In April, a Flurry study showed the average smartphone user opens only eight apps a day, with the most popular being Facebook, YouTube and game apps. And according to a 2012 report from Localytics, 22 percent of all apps are only opened once.

To overcome this, a magazine app needs to be compelling.

Finding magazine content is not helped by the very nature of mobile apps. Unlike web-based content, magazine articles can neither be indexed or searched on the web when they are locked up in an app. Following a link from Google at best takes readers to an app store, not to the article itself — cutting the magazine out of this important referral service.

Magazine publishers should consider a consolidated content management system to mirror content in both locations -- the web and in their dedicated app.

Subscription models for magazine apps is a tough sell. People are troubled by pay-walls on newspaper web sites. They apparently dislike a similar approach to magazine apps. Think about any successful standalone iPad magazines -- the most assertive attempts, News Corp’s “The Daily” iPad app, closed after two years of operation. The Daily only cost $0.99 a week, but with just a little over 100,000 subscribers, it couldn’t break even.

Perhaps just going with the advert-driven model, with paid ad-opt-out, might solve this? While the future of producing quality content for niches is bright, such content should be presented openly (think social, such as via Facebook and Twitter). The age-old model hasn't really changed: eyeballs, after all, translate into advert revenue.

Read Jon Lun's assessment here.