Friday, March 29, 2013

Can Big Data Make Our Healthcare Systems Better?

"The corridor was empty, except for the two maintenance drones which tirelessly disinfected the walls, ceiling and floor 24/7. In room 109, a large Heart Emergency Unit was setting its electrodes on Mr. Doe's chest: Tammy, the automated brain behind the health monitoring systems, had detected the precursor signs of a potential cardiac arrest."
Fiction? Maybe. But two searchers have devised an approach that shows better results than treatment-as-usual performed by real doctors. The latter have to face multiple challenges: an always increasing complexity and costs, the numerous treatment options, with new ones added daily, the delay between researches and practice in the field, the multiplicity of information sources to cite but a few.

A computer can analyse hundreds of options in a short time, finding the costs and benefits of each and determining what course of action would be the best under a number of constraints. It can also take into consideration new treatments and discoveries faster than a human doctor would be able to.

As the therapeutic options expands, so do the specialization of doctors: training is a lengthy and costly process, and the limited human abilities force doctors to increasingly specialize. The result is that possible treatments out of a doctor's area of specialization might be ignored, resulting in a potential increase in cost and decrease in patient outcome.

Two searchers have used Artificial Intelligence techniques: machine learning, Markov Decision Process (MDP) and Partially Observable Markov Decision Process (POMDP) to model Dynamic Decision Networks (DDN) for therapeutic options, such as continuing a treatment or stopping it and so forth. The results are encouraging and the outcome was a modeled better patient outcome as defined by the Outcome Rating Scale (ORS) of the Client-Directed Outcome-Informed (CDOI). It also showed a number of improvement with lowered costs.

Remains the question on how these new techniques will be used: it can be for "good", i.e. to help doctors designs better treatment options, but also for "bad", for instance by insurance companies to set a maximal reimbursement based on the number calculated by the system.

The paper has been published on arXiv as arXiv:1301.2158v1 [cs.AI].

Wednesday, March 27, 2013

A nice introduction to Sage on the CUNYMath Blog

SAGE is an open-source symbolic math computation software. Unless Octave or Matlab, it can process and computes objects such as equations, rings or fields, graphs and so forth.

For example, it can symbolically compute series, such as

sage: sum((1)/(n^4),n,1,Infinity)

There is a very nice introduction on the CUNYMath Blog, that goes over a few of the basics. For a longer intro, there are tons of tutorial on the SageMath website. And for people wanting to learn calculus and/or Sage, the Smith College has a page on Calculus in Context.

Monday, March 25, 2013

PCI-Compliant Supermarket Chain Breached

An example of what I claimed in my previous article about PCI compliance:

"Compliance is not insurance"

Being PCI/HIPAA/HITECH/Whatever compliant will never guarantee you will not get hacked. It will just tell  that at one point in time, your infrastructure/process/people conformed to a checklist. Nothing more.

Back in the days, when the bad guys wanted to go after a supermarket's money, he had to get a weapon or something that looked like a weapon, go to the supermarket, rob the money and flee. Nowadays, he just have to put his hands on the credit card numbers, the CVV2. And cha-ching!

And the differences don't stop there.

In the old days, the supermarket was affected by the loss: if the robber put his hands on the money, it was the money left by customers in payment of the goods. Not an access to the customers' bank accounts as it is the case nowadays, so this shifted the "hit" from the supermarket to the clients.

The amount was limited by how many customers were there, how often the money was collected and/or transferred to a safe and so forth. With the current system, if the bad guy steals a thousand credit cards, he could have the ability to get more than half a million US dollars, provided he withdraws $500 per account. He withdraws ONLY $500 per account.

Way easier and more convenient than risking being shot or maimed by an angry salesperson. Or being caught by the police.

Friday, March 22, 2013

Researcher ropes poorly protected devices into botnet to map the Internet

Okay, don't try this at home: the researcher(s) did this illegally, and if someone files a complaint, she, he or they can be in very serious trouble, facing fines and possible jail time.

An unnamed researcher or a group of researchers did a scan of the Internet and, when they found any, leveraged unprotected devices. The access was granted with "admin:admin", "root:root", "admin:" or "root:". It seems that, even though we are in 2013, several thousands of devices are not protected by a serious password. From the look of it, I would say these are the defaults.

During their scan and when accessing these devices, they found a number of them compromised by a really-malware botnet, Aidra.

The main finding is that out of the nearly 3.6 billion IPs scanned, only 1.3 billion (roughly 36%) are in use, the rest being reported as not used. This however raises the question on whether an non-responsive IP is due to a host with very strong filtering abilities. I suspect that the number of active IPs is higher than what they reported.

The article is to be found here.If you want, the scan dataset is available on the download page.

Wednesday, March 20, 2013

Boeing puts 787 battery through tough tests it once avoided

Okay, so nothing security related here. Except that in many an occasion, I have seen companies and people producing security documents and not respecting them.

In the Boeing case, the firm wrote a series of tests to match recommendations made by the RTCA, but it seems that for a number of reasons they decided against running the Boeing 787 batteries against these, ending in the situation we know: two batteries overheated in a plane and most of the 787 aircraft were stranded until the problem has been sorted, costing millions of US dollars around the world.

Back to security: several regulations require policies to exist and be enforced. However, it is common to see a company with security policies and find dozens of violations after a day of investigation. It results a false sentiment of security, with people claiming that they are secure due to the policies, but not realizing that systemic violations of said policies are actually equivalent to not having any policy at all. That lack of respect and enforcement has, more than a few times, led to serious data breaches.

Monday, March 18, 2013

Krebs has been SWATted

SWATting is the act of passing a call to 911 (in the US) spoofing someone and usually making claims such as a murder is in progress, or heavily armed people were seen entering the house. This prompts a response from the authorities, that send officers to verify, and from time to time, SWAT teams.

Brian Krebs, the well-known security specialist, was the target of one, from what he says, probably in response to his work in investigating some russian gangs. His web site was also the target of a DoS.

The full article on his blog here.

Friday, March 15, 2013

R.A. Salvatore's "The Thousand Orcs" (The Hunter's Blades Trilogy)

 Drizzt Do'Urden, Bruenor, Catti-Brie, Wulgar and their friends are back. It all starts with when a Dwarven caravan is attacked by orcs, and when Bruenor, the new King of the freshly liberated Mithral Hall, is almost ousted out of Mirabar. On his way back, he will start a hunt that will end in an epic battle.

R.A. Salvatore writes in a really fluid style, and the story will appeal to all the AD&D fans of the Forgotten Realms.

Thursday, March 14, 2013

Happy pi day everyone!

Happy π day! May your calculations never be wrong!

Wednesday, March 6, 2013

Back to basics: Urms (part II)

So, let's revisit our half rectified sine wave example.

DC component of the half rectified sine wave

This is given by

URMS of the half rectified sine wave

As seen in part I, this is

RMS value of the alternating component

Now, the next question is: how "strong" is the total alternating component in the half rectified sine wave? 

In part I we established that URMS is splitted into two parts: a continuous component and the sum of sines. The latter, the sum, is the total alternating component of the signal. The formula is

where C=UDC. Substituting, we arrive at the RMS value for the alternating part

Tying this with Fourier

This gives the RMS value for the total alternating component, but what if we are interested in the RMS value of a specific harmonic? 

The Fourier Transform will be our tool: it transforms a time-domain signal to a frequency-domain one, and the Fourier Series gives us the amplitude of each harmonic.

For a half rectified sine wave of period T, the amplitudes are given by:

Here is a table of the first 5 harmonics amplitudes relative to the peak amplitude of the original signal.

Half rectified sine wave - first 5 harmonics Blogger Table caption
Harmonic Amplitude

1 0.5
2 0.21221
4 0.042441
6 0.018189
8 0.010105

The following graph shows the harmonic amplitudes.

Remembering that the RMS value for a sine signal is the peak intensity divided by the square root of two, we have
Half rectified sine wave - first 5 harmonics, RMS and cumulative RMS Blogger Table caption
Harmonic RMS Amplitude Cumulative RMS
1 0.35355 0.35355
2 0.15005 0.38408
4 0.030011 0.38525
6 0.012862 0.38546
8 0.0071454 0.38553

After just a few harmonics, we are almost at the calculated total value already.

Monday, March 4, 2013

Beefing up Public Key Encryption

Two MIT CSAIL PostDocs, Lin and Tessaro, have taken on to beef up the security of public key encryption, used for example to secure HTTPS communications, as reported in this article or by MIT's press office.