I think I'd rather kick a baby or something. Who... I don't..
That's almost as bad as finding out health information exchanges want to use HTTP to transfer patient data with get/post.
This will be good.
Theoretically I don't see what would be so wrong with a RESTful approach to such a problem domain.
Practically, of course, I could see a million billion ways they could fuck it up.
They specifically told me they didn't want to use HTTPS. Now, correct me if I'm wrong, it doesn't take much to interpret HTTP data that's not encrypted.
bowen on
not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
I think I'd rather kick a baby or something. Who... I don't..
That's almost as bad as finding out health information exchanges want to use HTTP to transfer patient data with get/post.
This will be good.
Theoretically I don't see what would be so wrong with a RESTful approach to such a problem domain.
Practically, of course, I could see a million billion ways they could fuck it up.
They specifically told me they didn't want to use HTTPS. Now, correct me if I'm wrong, it doesn't take much to interpret HTTP data that's not encrypted.
It is easy as reading, since it will be plain text.
Woo! My android XMPP client just got way easier to deal with. I've got a service that runs separate from the UI and that is what keeps the connection to the XMPP server and the UI just makes API calls to the service to send messages, status updates, get messages, etc. When I initially wrote it, the way I understood the docs I was reading, I had to use AIDL to make the calls. AIDL is kind of a pain because everything being passed in and out needs to either be a primitive data type or parcellable (basically the object gets serialized down to primitive types and then rebuilt).
That was a pain with the asmack library because it has a bunch of classes you need to use all the time in the UI portions that aren't parcellable and never could be due to holding references to the tcp connection object, etc. So I had to write a bunch of stupid little classes to hold basic data which were basically watered down versions of the real class provided by asmack.
I discovered last night while doing some reading that I don't need to use aidl, though. I can get a reference to my service via some android voodoo and then make calls to the object just like any other object and it's all passed around using shared memory so that I shouldn't need to worry about parcellables.
I think I'd rather kick a baby or something. Who... I don't..
That's almost as bad as finding out health information exchanges want to use HTTP to transfer patient data with get/post.
This will be good.
Theoretically I don't see what would be so wrong with a RESTful approach to such a problem domain.
Practically, of course, I could see a million billion ways they could fuck it up.
They specifically told me they didn't want to use HTTPS. Now, correct me if I'm wrong, it doesn't take much to interpret HTTP data that's not encrypted.
It is easy as reading, since it will be plain text.
Yeah, this is fucking stupid. Did you ask why they don't want to use HTTPS? Is it possibly going over a VPN and so the part going over the internet is encrypted anyway?
I think I'd rather kick a baby or something. Who... I don't..
That's almost as bad as finding out health information exchanges want to use HTTP to transfer patient data with get/post.
This will be good.
Theoretically I don't see what would be so wrong with a RESTful approach to such a problem domain.
Practically, of course, I could see a million billion ways they could fuck it up.
They specifically told me they didn't want to use HTTPS. Now, correct me if I'm wrong, it doesn't take much to interpret HTTP data that's not encrypted.
It is easy as reading, since it will be plain text.
Yeah, this is fucking stupid. Did you ask why they don't want to use HTTPS? Is it possibly going over a VPN and so the part going over the internet is encrypted anyway?
Yeah they flat out told me that they didn't need HTTPS because it was directly to their web server. And no, no VPN.
I'm thinking they don't understand things, also pretty sure they didn't consult anyone on this design. I told them, "You know that's plain text, right?" But the guy I talked to was pretty unimpressed with my basic rundown of "TCP on port 80 Streaming ASCII data for dummies."
Of course I could've also been talking with just their low level tech guys or something, but still, if that's true I am not really sure what to make of this.
bowen on
not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
HIPAA Security Act clearly states that communication that includes client / patient information must be encrypted and protected when being transmitted.
I hope among hope that they change this. Granted this was almost a year ago, but still, they seemed pretty dead set on it. Unless they were going to make me encrypt it before sending it, or something.
bowen on
not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
Yeah they flat out told me that they didn't need HTTPS because it was directly to their web server. And no, no VPN.
I'm thinking they don't understand things, also pretty sure they didn't consult anyone on this design. I told them, "You know that's plain text, right?" But the guy I talked to was pretty unimpressed with my basic rundown of "TCP on port 80 Streaming ASCII data for dummies."
Of course I could've also been talking with just their low level tech guys or something, but still, if that's true I am not really sure what to make of this.
What to make of it is probably the same conclusion I come to with probably 80% of the "web developers" I talk to and help integrate with my platform at work. They just know how to use the libraries they've memorized and don't actually understand what those libraries do or anything about networks or even just HTTP even though they write apps that use them every day.
That was basically my conclusion Jimmy. Probably someone there wanting to do a web 2.0! interface because the guy in charge has a son who's doing some facebook plugin or something.
I'm surprised they didn't make it a manual process using flash and http. That would've just been the icing to the obviously disgusting cake.
bowen on
not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
I think I'd rather kick a baby or something. Who... I don't..
That's almost as bad as finding out health information exchanges want to use HTTP to transfer patient data with get/post.
This will be good.
Theoretically I don't see what would be so wrong with a RESTful approach to such a problem domain.
Practically, of course, I could see a million billion ways they could fuck it up.
They specifically told me they didn't want to use HTTPS. Now, correct me if I'm wrong, it doesn't take much to interpret HTTP data that's not encrypted.
It is easy as reading, since it will be plain text.
Yeah, this is fucking stupid. Did you ask why they don't want to use HTTPS? Is it possibly going over a VPN and so the part going over the internet is encrypted anyway?
Yeah they flat out told me that they didn't need HTTPS because it was directly to their web server. And no, no VPN.
I'm thinking they don't understand things, also pretty sure they didn't consult anyone on this design. I told them, "You know that's plain text, right?" But the guy I talked to was pretty unimpressed with my basic rundown of "TCP on port 80 Streaming ASCII data for dummies."
Of course I could've also been talking with just their low level tech guys or something, but still, if that's true I am not really sure what to make of this.
Honestly having worked in that field for a number of years, the majority of the developers are so entrenched with legacy network connections and ridiculously out dated protocols, that to be getting something as modern as HTTP would have been a boon when I was in it.
I mean still using SNA, DSA and X.25 in this day and age should be outlawed.
I think I'd rather kick a baby or something. Who... I don't..
That's almost as bad as finding out health information exchanges want to use HTTP to transfer patient data with get/post.
This will be good.
Theoretically I don't see what would be so wrong with a RESTful approach to such a problem domain.
Practically, of course, I could see a million billion ways they could fuck it up.
They specifically told me they didn't want to use HTTPS. Now, correct me if I'm wrong, it doesn't take much to interpret HTTP data that's not encrypted.
I...
I...
I was originally going to start my post with, "Obviously given that they would be using HTTPS then theoretically"
So they decide to fuck it up from the get go. Fuck up prime as it were.
It takes fuck all to interpret HTTP data that is not encrypted, every frikin server it runs through on the way can read (and cache) that data.
I bet you all the money I have in my pocket against all the money in your pocket that they'll Base64 encode it and call it a day.
I was originally going to start my post with, "Obviously given that they would be using HTTPS then theoretically"
So they decide to fuck it up from the get go. Fuck up prime as it were.
It takes fuck all to interpret HTTP data that is not encrypted, every frikin server it runs through on the way can read (and cache) that data.
I bet you all the money I have in my pocket against all the money in your pocket that they'll Base64 encode it and call it a day.
That was my ultimate concern. From what I can tell they've switched personnel a few times (2 before I talked to them and another 2 since... according to the hospital nearby). I mean no one has come up with a standard yet but when you start talking about TCP and UDP, encryption, hashing, at their RHIO summits and garbage their eyes gloss over because up until this point it's all just been government officials discussing "how nice it would be if we could do this."
At this point it's all bureaucratic and it was pretty obvious to me in the past 3 of them I've attended the hardest part is getting doctors on board. Especially capturing data that's not free text. But the largest thing to me is not having a standards committee for the entire US, and not really having a technical consultation involved.
Their solution so far has been "we'll let a company get grant money locally and they can set up how they do it in their own specific area." So CNY does it differently than capital region, which does it differently than Boston, which does it differently than Florida. Ugh.
bowen on
not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
Their eyes may glaze over when you start talking technicalities, but I bet someone would perk up if you mentioned "HIPAA noncompliance" and reminded them that they'd be liable for a fine on every instance of any patient record being transmitted that way.
Well once they deliver the finer details to me I'll probably report them for noncompliance. Hopefully before they transfer records. But yeah so far it's "This is how we want to do it..." and with no real understanding of it.
I mean at least some sort of simple encryption, come on. ROT13 even jesus!
bowen on
not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
Hell, I can't even get a password reminder for a medical site sent via email here, security and privacy laws/regulations require them to be sent via snailmail.
Hell, I can't even get a password reminder for a medical site sent via email here, security and privacy laws/regulations require them to be sent via snailmail.
Better half went through the same problem recently. Wanted to make a change to her health plan. First had to wait for the ~2 week period of the year that changes were allowed to be made. Then tried to log on and couldn't (first time using the site, must have lost the paperwork with her default password). She calls in and is told the change has to be done on the website and they snail mail the new password. Change period is over by the time the password arrives. Good times had by all.
Yeah I'm not even really sure what to make of it right now, the CCD looks pretty solid... for an XML file. They went to such huge extremes with it though.
Seriously they should've consulted with someone technical at some point, god.
bowen on
not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
I like widescreen displays, especially for dev work. It makes life so much easier when people insist on long lines of code and with libraries that just have long ass package or method names, long variable names, etc. When working with an IDE, they all seem to assume you've got a widescreen these days, too, with all the shit they try to jam in there.
I turn everything off but the main code screen, the project view on the right hand side, and the class explorer/package explorer right underneath it.
The build/debug/warning box only pops up on a compile and disappears.
Visual studio is a really pretty IDE.
Also, Programming in Objective-C 2.0 (Kochan) is a really good book for people who don't know obj-c but know other languages. Pretty much all the other OSX books I've picked up have assumed I know obj-c and how to do to OOP in it.
bowen on
not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
Having file-related errors throw an IOError exception was apparently too simple for Ruby. No, let's have that namespace called Errno instead. Makes perfect sense.
RESTful Web Services Cookbook should be a Five star book - a must have. It should be.
The thing that torpedoes it is the last word of the title. It is in no way shape or form a cookbook but the shoe horning of all its delicious brilliant information into the Recipe format is negligent at best, a criminal offence at worse.
Dear O'Rilley "You want to know what visibility means and what you can do to keep HTTP requests and responses visible" is not a Problem and "Add appropriate HTTP headers to describe requests and responses" is not a goosing Solution. All the good stuff comes in the Discussion.
The information in this book is really a HOWTO connected to an excellent summary of the theory behind RESTful architecture. The forcing of it into a cookbook format (for whatever crack addled reason they came up with) makes the otherwise excellent information about twice as hard to read and digest. Every single (Sarcasm Quotes)Problem(Sarcasm Quotes) starts with "You want to know. . . (about this feature of REST)".
So in summary - if you want a really good book on the theory and practical concerns of designing a REST based application then this is it. Just be prepared to scream at the formatting. The only thing it is lacking is a complete worked example to go in an appendix so we can see how to design a REST service from the ground up.
I love nonsensical exceptions. And it is why I just catch the base exception, fuck it.
Upon further reading, it makes some sense. IOError is for stuff like no write permission. A file not existing however is a SystemCallError, because different operating systems return different integers as an error code, so you have Errno matching that to ruby classes.
So a file that's unreadable due to a scratched disc returns an Errno::EIO instead.
Hey guys I got my first programming job, and I start on Monday. I was wondering if there are any online tutorials or something that I can use to refresh my memory on Java. I've used it before many times, but I haven't used it for about a year and a half and I don't want to go into my job a complete noob.
Yeah, why isn't the OS implementation hidden with IOError exceptions?
I don't understand the excuse "OS dependent" we don't do that in anything else that comes to mind. That's kinda the point of exceptions, they're way better handling of errors than the old-school errno OS style.
Hey guys I got my first programming job, and I start on Monday. I was wondering if there are any online tutorials or something that I can use to refresh my memory on Java. I've used it before many times, but I haven't used it for about a year and a half and I don't want to go into my job a complete noob.
Yeah, why isn't the OS implementation hidden with IOError exceptions?
I don't understand the excuse "OS dependent" we don't do that in anything else that comes to mind. That's kinda the point of exceptions, they're way better handling of errors than the old-school errno OS style.
Yeah that's my problem. If your framework is getting away from the bare metal and you're giving the programmer lots of OS independent tools, methods, classes, like a way to stream data from files, then using OS dependent design, even for just errors is kind of silly.
bowen on
not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
Hey guys I got my first programming job, and I start on Monday. I was wondering if there are any online tutorials or something that I can use to refresh my memory on Java. I've used it before many times, but I haven't used it for about a year and a half and I don't want to go into my job a complete noob.
What have you been working with?
This quarter it was SQL, the quarter before that I had MATLAB, the quarter before that it was Python, before that was OpenGL and Ruby and Scheme.
Yeah, why isn't the OS implementation hidden with IOError exceptions?
I don't understand the excuse "OS dependent" we don't do that in anything else that comes to mind. That's kinda the point of exceptions, they're way better handling of errors than the old-school errno OS style.
Yeah that's my problem. If your framework is getting away from the bare metal and you're giving the programmer lots of OS independent tools, methods, classes, like a way to stream data from files, then using OS dependent design, even for just errors is kind of silly.
Yeah, extremely annoying. I wasted an hour on this, because the IOError documentation is very helpful:
Raised when an IO operation fails.
"Oh, that must be triggered when I hit an unreadable file then."
Hey guys I got my first programming job, and I start on Monday. I was wondering if there are any online tutorials or something that I can use to refresh my memory on Java. I've used it before many times, but I haven't used it for about a year and a half and I don't want to go into my job a complete noob.
What have you been working with?
This quarter it was SQL, the quarter before that I had MATLAB, the quarter before that it was Python, before that was OpenGL and Ruby and Scheme.
And what is the job? j2ee? Some sort of swing gui stuff? Back end libs? Android? What technology will you be working with. The good and bad thing about Java is that it's huge and has a ton of different stuff, so it's hard to recommend what to look up, beyond basic "intro to java" type stuff which probably won't be all that useful to you without knowing what it is you'll be working with.
Posts
Thanks! Haha I'll need it...
Whats so odd about a CS minor?
They specifically told me they didn't want to use HTTPS. Now, correct me if I'm wrong, it doesn't take much to interpret HTTP data that's not encrypted.
It is easy as reading, since it will be plain text.
That was a pain with the asmack library because it has a bunch of classes you need to use all the time in the UI portions that aren't parcellable and never could be due to holding references to the tcp connection object, etc. So I had to write a bunch of stupid little classes to hold basic data which were basically watered down versions of the real class provided by asmack.
I discovered last night while doing some reading that I don't need to use aidl, though. I can get a reference to my service via some android voodoo and then make calls to the object just like any other object and it's all passed around using shared memory so that I shouldn't need to worry about parcellables.
Yeah they flat out told me that they didn't need HTTPS because it was directly to their web server. And no, no VPN.
I'm thinking they don't understand things, also pretty sure they didn't consult anyone on this design. I told them, "You know that's plain text, right?" But the guy I talked to was pretty unimpressed with my basic rundown of "TCP on port 80 Streaming ASCII data for dummies."
Of course I could've also been talking with just their low level tech guys or something, but still, if that's true I am not really sure what to make of this.
http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/index.html
I'm surprised they didn't make it a manual process using flash and http. That would've just been the icing to the obviously disgusting cake.
Honestly having worked in that field for a number of years, the majority of the developers are so entrenched with legacy network connections and ridiculously out dated protocols, that to be getting something as modern as HTTP would have been a boon when I was in it.
I mean still using SNA, DSA and X.25 in this day and age should be outlawed.
I...
I...
I was originally going to start my post with, "Obviously given that they would be using HTTPS then theoretically"
So they decide to fuck it up from the get go. Fuck up prime as it were.
It takes fuck all to interpret HTTP data that is not encrypted, every frikin server it runs through on the way can read (and cache) that data.
I bet you all the money I have in my pocket against all the money in your pocket that they'll Base64 encode it and call it a day.
I made a game, it has penguins in it. It's pay what you like on Gumroad.
Currently Ebaying Nothing at all but I might do in the future.
That was my ultimate concern. From what I can tell they've switched personnel a few times (2 before I talked to them and another 2 since... according to the hospital nearby). I mean no one has come up with a standard yet but when you start talking about TCP and UDP, encryption, hashing, at their RHIO summits and garbage their eyes gloss over because up until this point it's all just been government officials discussing "how nice it would be if we could do this."
At this point it's all bureaucratic and it was pretty obvious to me in the past 3 of them I've attended the hardest part is getting doctors on board. Especially capturing data that's not free text. But the largest thing to me is not having a standards committee for the entire US, and not really having a technical consultation involved.
Their solution so far has been "we'll let a company get grant money locally and they can set up how they do it in their own specific area." So CNY does it differently than capital region, which does it differently than Boston, which does it differently than Florida. Ugh.
I mean at least some sort of simple encryption, come on. ROT13 even jesus!
Edit: Apologies for off topic rant.
The defense? Because what if they're vacationing somewhere? Well hopefully they were part of the IHO system the government is setting up.
What if it's in a third world country? Why would those third world countries have health care clinics that have EHR software?
Arguing with the government is dumb. It really takes a braindead person to do it.
My favorite part was how they changed the CCD specs in the middle of the testing period. Hooray for recoding things!
Seriously they should've consulted with someone technical at some point, god.
So 3.5 years ago I got a laptop from my company that had a nice big 1600x1200 display.
Now our highest resolution laptop is 1600x900.
Good lord I hate widescreen displays.
But you can write like you have two terminals side by side!
The build/debug/warning box only pops up on a compile and disappears.
Visual studio is a really pretty IDE.
Also, Programming in Objective-C 2.0 (Kochan) is a really good book for people who don't know obj-c but know other languages. Pretty much all the other OSX books I've picked up have assumed I know obj-c and how to do to OOP in it.
The thing that torpedoes it is the last word of the title. It is in no way shape or form a cookbook but the shoe horning of all its delicious brilliant information into the Recipe format is negligent at best, a criminal offence at worse.
Dear O'Rilley "You want to know what visibility means and what you can do to keep HTTP requests and responses visible" is not a Problem and "Add appropriate HTTP headers to describe requests and responses" is not a goosing Solution. All the good stuff comes in the Discussion.
The information in this book is really a HOWTO connected to an excellent summary of the theory behind RESTful architecture. The forcing of it into a cookbook format (for whatever crack addled reason they came up with) makes the otherwise excellent information about twice as hard to read and digest. Every single (Sarcasm Quotes)Problem(Sarcasm Quotes) starts with "You want to know. . . (about this feature of REST)".
So in summary - if you want a really good book on the theory and practical concerns of designing a REST based application then this is it. Just be prepared to scream at the formatting. The only thing it is lacking is a complete worked example to go in an appendix so we can see how to design a REST service from the ground up.
I made a game, it has penguins in it. It's pay what you like on Gumroad.
Currently Ebaying Nothing at all but I might do in the future.
Upon further reading, it makes some sense. IOError is for stuff like no write permission. A file not existing however is a SystemCallError, because different operating systems return different integers as an error code, so you have Errno matching that to ruby classes.
So a file that's unreadable due to a scratched disc returns an Errno::EIO instead.
I don't much care how the operating system handles it under the covers, if I did I probably wouldn't be using Ruby. Ugh that would make me pissed.
I don't understand the excuse "OS dependent" we don't do that in anything else that comes to mind. That's kinda the point of exceptions, they're way better handling of errors than the old-school errno OS style.
What have you been working with?
Yeah that's my problem. If your framework is getting away from the bare metal and you're giving the programmer lots of OS independent tools, methods, classes, like a way to stream data from files, then using OS dependent design, even for just errors is kind of silly.
This quarter it was SQL, the quarter before that I had MATLAB, the quarter before that it was Python, before that was OpenGL and Ruby and Scheme.
Yeah, extremely annoying. I wasted an hour on this, because the IOError documentation is very helpful:
"Oh, that must be triggered when I hit an unreadable file then."
nope.avi
And what is the job? j2ee? Some sort of swing gui stuff? Back end libs? Android? What technology will you be working with. The good and bad thing about Java is that it's huge and has a ton of different stuff, so it's hard to recommend what to look up, beyond basic "intro to java" type stuff which probably won't be all that useful to you without knowing what it is you'll be working with.