Since recently, I am involved in selecting technologies (not vendors, mind you!) for distributed systems. While highly interesting, I am now faced with the age-old issue of interoperability and claimed adherence to standards. We all know the games companies and standards organizations have been playing: loosely specified standards with too many degrees of freedom, proprietary "extensions", etc. What happens often enough is that the implementations of relatively new standards (say less than 10 years of commercially or freely available products) have significant interoperability issues. Over time, these issues disappear, but not necessarily at the speed that customers or even the industry would like. This can have significant detrimental effects, including delay in necessary technology upgrades (e.g. IPv6), market distortion  (PAC data in authZ data fields in  W2Kx), or even non-adoption.

The SAML commercial community has developed a process that is very useful to technology consumers: through Liberty, Drummond Group International operates a testing program that verifies standards compliance of SAML products against the SAML 2.0 static conformance requirements.With a rigorous testing process, the results of this process are quite helpful for source selection - if only to get a quick overview of the capabilities of the different products without having to wade through piles of marketing collateral and technical documentation. As a customer, I am particularly pleased about this process, since the vendors are paying for this process themselves. While this does not eliminate interoperability problems completely, it puts the burden of proofing interoperability on the vendor and not on the customer.

On the other hand, Microsoft and a number of other vendors have in the past performed informal cross-matrix interoperability testing in the form of the ws-builder plugfests or the OSIS InfoCard test rounds. The lack of formalism is countered here with the very low barrier to entry, so that open source projects or small companies have the opportunity to participate as well. 

Combining these two approaches would yield an useful process:having a commercial vendors and--at least some-- open source projects participate in a formalized vendor-initiated cross-matrix interoperability certification (VICMIC - this is for all the acronym lovers out there) would give enterprise architects and developers a powerful tool for source selection. The particpation of the open source projects could be sponsored through stipends that are awared by the testing organiztion based on criteria such as feature completeness, overall quality, etc.

If I had my way (yeah, I know, I will not ... still you can DREAM), all technologies wanting to be considered for public projects would have to implement such a process - that's a MUST in RFC 2119 speak. If they do not, the aquisition process should really require this.

tags: interoperability government

Ok, the under 35s may be digital natives ... but if that is so, I am not a digital immigrant, but a "digital colonist". 

tags: digital immigrant digital native digital colonist

For this year's Balisage in Montreal, we (R. Dingwell, A. Gregorowicz, H. Sleeper, and myself) have been accepted as a late-breaking proposal for our work on hData, which addresses some problems that are currently plaguing electronic health records. Our session is scheduled on Thursday at 11:00am. This is the abstract:

Title: hData - A Simplified Approach to Health Data Exchange

Interoperability issues have limited the expected benefits of Electronic Health Record (EHR) systems. Ideally, the medical history of a patient is recorded in a set of digital continuity of care documents which are securely available to the patient and their care providers on demand. The history of continuity of care standards includes multiple standards organizations, differing goals, and ongoing efforts to reconcile the various specifications. Existing standards define a format that is too complex for exchanging continuity of care information effectively. We propose hData, a simplified XML framework to describe health information. hData addresses the challenges of the current HL7 Continuity of Care Document format and is explicitly designed for extensibility to address health information exchange needs, in general. hData applies established best practices for XML document architectures to the vertical health domain, which has experienced significant XML-based interoperability issues.

As you might imagine, we will have to say a few things about identity, access, and privacy management for electronic health records, as well. Looking forward to seeing you there.

tags: balisageConference09 EHR HIT health care health records hData

tinyarro.ws: http://➡.ws/榾 (wood chip)

The time has come to start working on comprehensive identity convergence ... with Venngeance:

What happens when a bureaucracy goes wild? Well, you can end up in a situation where private companies are facing the most restrictive privacy regime in the world, while government agencies are at liberty to spy on their people at will. Germany - my country of origin, and the country that claims to have "Informationelle Selbstbestimmung" (roughly: information self-determination) - has now completed a fairly comprehensive system of laws limiting fundamental human rights viz-a-viz the government:

• Just yesterday, the so called "BSI Gesetz" was passed, which allows the BSI (roughly comparable to the NSA) to store and analyze any communication of government agencies, in particular exchanges between the people and government employees. So anytime you send an email to any German agency or visit their websites, the BSI will store all communication parameters and use them as they see fit. They claim pseudonymization, but they reserve the right to make the data identifiable again at any time. Inadvertently collected information may be used in any legal proceeding against you. So beware, if you send them mail, call them, or even just visit their web sites. The most chilling aspect is that this total oversight – with an equivalent lack of transparency and accountability - has echoes of two periods in German history which the country does not recall with pride: the periods which are closely associated with the Gestapo and the Stasi.

• Just a week earlier, a censorship law was passed that is officially aimed at blocking access to websites containing pornographic material depicting minors. While I wholeheartedly agree with the goal to persecute the criminals that produce, distribute, and consume such media, the law is implemented in worst possible way: a secret set of lists will be created by the BKA (comparable to the FBI) that determines which web sites are to be blocked. This activity is supposedly to be monitored by the Datenschutzbeauftrager (roughly: federal privacy commissioner), who has already indicated that his agency is neither capable nor willing to perform this function.
  Strong promises were made prior to passing the law that this new "federal firewall" infrastructure will only be used in the context of access prevention to objectionable pornographic material; there have now already been demands to also use it to block access to "Killerspiele" (i.e. first person shooters), Nazi propaganda material, and also pull this entire approach to the E.U. level to guard all Europeans from bad influence. Thought police, anyone?

This new legislation is on top of a slew of other nonsense, like the ability of almost any government agency to investigate your financial situation without a warrant, a lifelong globally unique tax ID, a national ID card that will soon contain biometrics, the requirement to inform the agencies of any change of address, and a federal broadcast tax that is collected by the GEZ, which has received the second ever "Big Brother Lifetime Award".

But - satisfying all prejudices about being thorough - there is more to come: my big favorite is the current health record proposal - which centers around the “Gesundheitskarte” (literally: health card, their health insurance card), but in reality will create the biggest database of medical records ever: Gematik will store all electronic health records of all patients in the entire health care system, including the - nominally - independent private insurers. If interested, take a look at their “Security Whitepaper” (German only, sorry): other than explaining the benefits of using a symmetric key for bulk encryption and public/private keys for key negotiation they have little to offer. If this is Gematik's level of competence in security and privacy, then I predict happy times for identity thieves specializing on the German patient.

What amazes me most is the ease with which all these regulations are introduced and accepted: yes, there has been some protest against the federal firewall law, but in the end it still passed and - quite frankly - I cannot imagine that any future administration will even attempt to remove it. It seems to me perverse that a government is misusing the compassion for victims of the most horrific crime to introduce a comprehensive cyber censorship infrastructure. This can only serve as a sobering reminder that even 20 years after the fall of the last dictators in Europe, there are countries in the continent which still have not fully embraced what her most gifted thinkers had set out to achieve more than 350 years ago. As most of you know, I now live and work in the United States - and fervently hope that this may never happen here.

[Many thanks to Robin for correcting some of my many mistakes].

tags; privacy censorship orwell nanny state healthcare

For a number of reasons, I got myself an HP mini 1010nr with the 8GB SSD drive. It's a nice little machine (and cheap: US$ 220), especially if you configure it with 2GB RAM and use the little "hidden" USB port to add some more SSD memory (another 2GB for home directories in my case). While the machine shipped with Windows XP SP3, a brief re-visit of that platform reaffirmed my desire to try the Ubuntu Netbook Remix, a special edition of (currently) Jaunty. Amazingly enough, the base image work almost perfectly off the USB stick (with one  quite notable exception - see below), so I gave it a try. Nixed Windows, put ext4fs on both the internal SSD and the 2GB /home stick, and installed.

Now  I noticed that sound was not working, but there were plenty of folks on the net claiming vicory, so I was not too worried. At the endo of the day, I did get it to work, using the simplified instructions here and fixing the reboot/mute problem this way. Note that you might want to add the following line to the bottom of your /etc/modprobe.d/alsa-base.conf file:

#correct model for HP mini 1010nr

options snd-hda-intel model=hp-m4 

Now, the only thing that turned out NOT to be working was the internal microphone which I need for Skype. The problem is that if you set the default recording devices to unmute, the mute again right after, and the microphone does not work.

After many hours of fairly fruitless searching, I stumbled across this post. It turned out to be close, but not the correct solution for the HP 1010NR: you leave the options as indicated above (reboot if necessary), and then set make sure "Digital" is unmuted, and set the Line Selectors to "line" and not "mic" or "front mic". That's all - microphone works now. 

tags ubuntu jaunty 9.04 netbook HP mini 1010nr 1010nr sound problem

This is a little off-topic: I just got an invite to cast my proxy vote for my Fidelity mutual funds. In addition to the usual crud like blessing the board, there was an initiative to instruct the board not to invest into companies that support genocide in e.g. Darfur. While this should be a no-brainer, I was extremely surprised to see that the current board (which is seeking re-election just two lines up) is strongly suggesting to vote AGAINST such guidance (see also here). Their line of thought is that they are already barred from any direct investment into companies related to Darfur and Sudan, and that every thing else (such as investments into PetroChina Co.) is just sound investment.

I strongly object to this: the activities of the Sudanese government and their henchmen in Darfur have been determined to be genocide and crimes against humanity.I do not want to see any of my money being used for fostering these criminals or any other group that perpetrate the most heinous crimes. At this time, I am very much leaning towards moving my entire portfolio away from Fidelity to TIAA-CREF if there is no satisfactory resolution on July 15.

tags: fidelity investment genocide darfur

Right now, I am taking a class on Air Traffic Management (ATM), which is already yielding some very concrete useful knowledge: unbeknown to me, the FAA and NOAA have a lot of very interesting tools on the web. These web sites may help you to get a better picture of your expected delay; much better than what gets announced at the airport or within the cabin, anyways.

ATCSCC

The Air Trafic Control System Command Center (ATCSCC) is responsible for mananging the entire National Airspace System (NAS). As such, they are in charge of all re-rerouting and have tons of interesting data for travelers. From their web page I can recommend:

• The overview map (by region or airport) on their home page gives you an interactive and easy to interpret view of the current air traffic situation. Clicking on the airport yields a summary of expected delays and their real reason (no more airline babble about that strange gasket that was out of order).
  
• The Operational Information System has a nice overview about what is going on in the NAS in more detail.
  
• The airport arrival demand chart tells you what the line for arrivals at the destination looks like. If there is a backup, you will fly happy holding patterns.
  
• The advisories database has all current ATCSCC advisories, including ground stop (i.e. the reasons for sitting on the tarmac for 3 hours before getting cleared for departure). Note that these advisories are not in clear text, but you need to understand the shorthand.
  

Finally, you can sign up for an airport delay email notification for the 40 busiest US airports at: http://www.fly.faa.gov/ais/jsp/register.jsp

NOAA

The National Weather Service has an aviation weather site at http://aviationweather.gov/. There are a lot of interesting services there for the avid hobby pilot or flightsimulator nerd, but the CCFP is most interesting from a airline-delay-perspective: it provides a 2h, 4h, and 6h convective pattern forcast (read: bad flying weather). This, and the turbulence charts can tell you at what segment of your trip to expect flying coffee cups (in the best case). Putting everything together, you can install the Flight Path Tool for a rich client GUI.

tags: faa aviation tools weather