Justin Rocket's page

Justin Rocket wrote:

meatrace wrote:

Justin Rocket wrote:

Krensky wrote:

Which both say the same thing.

This is just embarrassing now.

They very clearly don't. the article you posted is about someone who guessed what the total was.

Oh so you didn't read it. Gotcha.

Devine methodically searched through all of the task orders for the CGI Federal contract, highlighted in blue what she guessed was related to the health-care Web site — and came up with a figure of just $70 million.

Keep reading, then apologize.

Are you refering to the place they cherry pick numbers out of the GAO report (essentially ignoring the report's big numbers while cherry picking the report's low numbers?

Justin Rocket wrote:

Krensky wrote:

Which both say the same thing.

This is just embarrassing now.

They very clearly don't. the article you posted is about someone who guessed what the total was.

Oh so you didn't read it. Gotcha.

Devine methodically searched through all of the task orders for the CGI Federal contract, highlighted in blue what she guessed was related to the health-care Web site — and came up with a figure of just $70 million.

Which both say the same thing.

This is just embarrassing now.

They very clearly don't. the article you posted is about someone who guessed what the total was.

Justin Rocket wrote:

thejeff wrote:

Justin Rocket wrote:

thejeff wrote:

Even so, "putting everyone's life at risk" is such a wild exaggeration it's worth nothing more than laughter. Emergency, life threatening care gets done and they worry about the insurance or other forms of payment later. If people are being denied care that should be covered because someone hacked the insurance companies system, then it will be questioned and discovered.

If you have a company of the ACA architecture, I'd love to review it. Until then, you don't know what is connected to what.

You do realize that reply has nothing to do with the quoted part. That was what could happen if your fears were correct and someone was able to hack through the ACA into an insurance company's system and deny payment for care. Assuming the kind of malicious intent that actual wants to hurt people instead of stealing data/money btw.

If that happened, the non-computer parts of the system get involved and deal with it.
With greater ease than they do now, when the insurance company is actually trying to deny care.

You're fixated on that one type of attack I mentioned and you are ignoring my more important statement that we do not know what risks are involved in this application until a thorough risk assessment is done.

That's because it's the only thing you've suggested that would be "putting everyone's life at risk". I'll freely admit there are privacy and identity theft concerns.

I deal with software test too, though on a very different level. I know the difference between life or safety critical code and lower risk code. This is very definitely not life critical code. Pretending it is because of theoretical hacks is just fearmongering.

pretending that serious vulnerabilities can't exist on a complex piece of software which has been rushed into production is sticking one's head in the sand.

I'm glad you all have Google. You can decide for yourself whether to believe the GAO or the Washington Post. I side with the GAO.

Krensky wrote:

Justin Rocket wrote:

Krensky wrote:

Justin Rocket wrote:

By the latest figures I could find, healthcare.gov is costing over $600,000,000 to develop. (Snip)

Total contract value is just shy of $300 million, which is the most the contact is worth. Only about $170 million was spent though.

But thank you for playing.

Your data is wrong. The GAO report states that $394 million was spent up through March '13 on contracts alone.

Strike two.

That was the total spent on all aspects of the federal exchanges. Most of which has nothing to do with the website.

Ummm- did you notice that you are contradicting yourself now?

">$600M" != "$394M"

Did you see the part where I wrote, "through March '13"? Where I live, it is November.

Most of which has nothing to do with the website.

the figure I provided is for HealthCare.gov. Consequently, it includes the cost of the data hub, etc.

The highest volume of obligations

related to the development of information technology systems for the
FFEs.

it does not, however, include salaries nor admin costs

Justin Rocket wrote:

thejeff wrote:

Even so, "putting everyone's life at risk" is such a wild exaggeration it's worth nothing more than laughter. Emergency, life threatening care gets done and they worry about the insurance or other forms of payment later. If people are being denied care that should be covered because someone hacked the insurance companies system, then it will be questioned and discovered.

If you have a company of the ACA architecture, I'd love to review it. Until then, you don't know what is connected to what.

You do realize that reply has nothing to do with the quoted part. That was what could happen if your fears were correct and someone was able to hack through the ACA into an insurance company's system and deny payment for care. Assuming the kind of malicious intent that actual wants to hurt people instead of stealing data/money btw.

If that happened, the non-computer parts of the system get involved and deal with it.
With greater ease than they do now, when the insurance company is actually trying to deny care.

You're fixated on that one type of attack I mentioned and you are ignoring my more important statement that we do not know what risks are involved in this application until a thorough risk assessment is done.

Justin Rocket wrote:

By the latest figures I could find, healthcare.gov is costing over $600,000,000 to develop. That's more than half what it cost to develop MS Vista. Either that indicates the degree of complexity (and likilihood of serious security issues) in the code or it represents fraud, waste, and abuse.

Wrong!

Total contract value is just shy of $300 million, which is the most the contact is worth. Only about $170 million was spent though.

But thank you for playing.

Your data is wrong. The GAO report states that $394 million was spent up through March '13 on contracts alone.

No, what you're suggesting is that the ACA server is as vulnerable as any server is. Which is true.

No, its not true. All else being equal, a server which has only popular COTS software at least three years old, but not discontinued is going to be less vulnerable than a server running custom code which hasn't been through a good code review.

The system architecture is pretty irrelevant. It's the connection to the other systems that would be the concern under your scenario.

How parts are organized and connected is architecture. That's pretty much the definition of architecture.

Even so, "putting everyone's life at risk" is such a wild exaggeration it's worth nothing more than laughter. Emergency, life threatening care gets done and they worry about the insurance or other forms of payment later. If people are being denied care that should be covered because someone hacked the insurance companies system, then it will be questioned and discovered.

If you have a copy of the ACA architecture, I'd love to review it. Until then, you don't know what is connected to what.

Meanwhile, if you delayed for these theoretical concerns, actual people continue to not get care because they can't get insurance. Compare the death toll, even making wildly bad assumptions for your scenario.

This is an attempt at a risk assessment, but the right people need to make it.

By the latest figures I could find, healthcare.gov is costing over $600,000,000 to develop. That's more than half what it cost to develop MS Vista. Either that indicates the degree of complexity (and likilihood of serious security issues) in the code or it represents fraud, waste, and abuse.

Justin Rocket wrote:

Usagi Yojimbo wrote:

There are so many problems with ACA that are real, do we really need to invent ones that don't exist?

Show me your proof that security vulnerabilities don't exist in the ACA system.

Certainly!

Once you:

A) Read all the other comments about how silly this idea is, and
B) Show us your proof that pink elephants do not exist.

We'll all be waiting.

You're comparing software vulnerabilities to pink elephants, but we know that software vulnerabilities have existed in nearly every program ever written.

What you're suggesting is like saying someone could hack into Orbitz and cause a plane crash.

What I'm suggesting is that a hacker could potentially use an exploit on the ACA server and use the ACA server as a launching point to connect to servers the ACA server is connected to. That may include insurance provider servers.

Is the system architecture for the ACA online? You couldn't make your assertion unless you've seen it and I'd love to review it.

Justin Rocket wrote:

bugleyman wrote:

Justin Rocket wrote:

Not necessarily.

First, if there is a vulnerability in the ACA application, then a hacker can use it as a starting place from which to elevate privileges...

Maybe someone who gets medical care because of the ACA -- and subsequently survives -- will go on to assassinate the president. In which case, I guess you'd say the ACA killed the president? :P

...We see it less often now because of the legal concept of due care.

There are so many problems with ACA that are real, do we really need to invent ones that don't exist?

Show me your proof that security vulnerabilities don't exist in the ACA system.

Justin Rocket wrote:

Not necessarily.

First, if there is a vulnerability in the ACA application, then a hacker can use it as a starting place from which to elevate privileges.
Second, if the ACA server is connected to insurance provider servers, the hacker can move from the ACA server to the insurance provider servers. One common way to do that is with XSRF.

If that is the case, then the insurance provider's application has a problem, not healthcare.gov. Unless you're arguing that the information wouldn't have been available online in any form without the ACA? I think that would be a pretty tough argument to make -- and even if you could, it still isn't a problem with healthcare.gov.

Maybe someone who gets medical care because of the ACA -- and subsequently survives -- will go on to assassinate the president. In which case, I guess you'd say the ACA killed the president? :P

There is a principle of due care involved. If an insurance company has a data leak due to this connection, the insurance company can claim that due care was not followed by healthcare.gov. We used to see this kind of thing happen all the time with Smurf and Fraggle attacks (where one system comes under attack because it is open to another system which is vulnerable and the two systems are owned by different parties). We see it less often now because of the legal concept of due care.

Justin Rocket wrote:

Without a security review, it is impossible to say what vulnerabilities exist or might exist in the system.

However, if the vulnerability you are worried about requires features not present in the system I think you can rule it out.

Not necessarily.

The specific exploits which could be used, what exactly is at risk, and the specific threats cannot be answered without a risk analysis.

fyi until I became disabled, I worked as part of a team doing C&A for the AFSCN. Before that, I designed and developed a patented solution to manage vulnerability data for TRICARE and the DoN.

Justin Rocket wrote:

What do you think would happen if, due to a vulnerability in the system, the ACA database reports that a person is not qualified to receive a medical treatment they need?

That sounds like an issue with the insurance providers database rather than the exchange. Or is Health.gov going to be consulted by the patients insurer to determine covered care?

Without a security review, it is impossible to say what vulnerabilities exist or might exist in the system.

Justin Rocket wrote:

thejeff wrote:

Justin Rocket wrote:

I think if it shouldn't be released until after it has gone through a thorough security C&A (including pen test) by a neutral third party and has been signed off on by the president.

The thing is that that C&A could take months to do.

And then when it's 90% through that audit, some red state will opt in to Medicaid with it's own set of rules and there will need to be more changes and the audit will have to be redone.

Sorry, it's not a bad idea, but it's not going to happen. Not on that level.

Part of the problem is political. There's a large and powerful constituency dedicated to killing it. Even well intentioned delays are just more fodder.

Doesn't really matter how many people are dedicated to killing it. Releasing a nationwide health system which is full of vulnerabilities is putting everyone's life at risk and should be a non-starter.

Let's not go overboard. "Putting everyone's life at risk"?

It's signing up for insurance, not controlling their treatment.

There are privacy issues. There are identity theft issues. There are not "Someone is going to hack into it and kill people" issues.

What do you think would happen if, due to a vulnerability in the system, the ACA database reports that a person is not qualified to receive a medical treatment they need?

Justin Rocket wrote:

I think if it shouldn't be released until after it has gone through a thorough security C&A (including pen test) by a neutral third party and has been signed off on by the president.

The thing is that that C&A could take months to do.

And then when it's 90% through that audit, some red state will opt in to Medicaid with it's own set of rules and there will need to be more changes and the audit will have to be redone.

Sorry, it's not a bad idea, but it's not going to happen. Not on that level.

Part of the problem is political. There's a large and powerful constituency dedicated to killing it. Even well intentioned delays are just more fodder.

Doesn't really matter how many people are dedicated to killing it. Releasing a nationwide health system which is full of vulnerabilities is putting everyone's life at risk and should be a non-starter.

I think if it shouldn't be released until after it has gone through a thorough security C&A (including pen test) by a neutral third party and has been signed off on by the president.

The thing is that that C&A could take months to do.

Have you thought about how vulnerable to attack (hacking) the ACA website is likely to be once it is rolled out?

They are being pressured to release a complex piece of software ASAP.

it may seem that, if a person can avoid work, they will.

my personal experience disagrees with that. I'm not able to work due to disability. Today is the first anniversary of when I lost my job due to disability. It really sucks, not because of lack of funds, but because work is a part of what makes us human. We need to work, it gives us a sense of self-worth.

I'm not worried about people failing to work because their needs are met from some other source. They might stop working for awhile, but end up bored with it and start seeking work for self-esteem reasons. The difference is that when they start working not because they need the money but because they need the self-esteem it brings, they'll seek out jobs they enjoy doing regardless of how much money that job brings.

Of course that causees other problems. If we have a million people who become artists because that's what brings them self-esteem, who will be making car tires?

Many women who laid the foundation of radical feminist theory were there before we got women's suffrage in my country, and remembered that many women...

That's what the plot in my earlier post is exploring. It looks at women's role in continuing cultural practices like FGM, young men taking risks to win the hands of women, etc.

There were some good questions awhile back about what I meant when I said that we need fewer nurses now than in the past. I was thinking of "nurses per unit of work". I've included some lnks to papers which support what I'm talking about.

http://www.sparling.com/SparAdmin/arts/DAR%20Nursing%202012%20New%20Tech%20 05-12.pdf

http://www.chcf.org/publications/2008/12/equipped-for-efficiency-improving- nursing-care-through-technology

There was also some resistance to my reference to an entrepreneur-government factor in production. I assert that society is damaged when the entrepreneur and government combine. I gave an example of "banks too big to fail" and pointed out that entrepreneur-government can use forcce against labor-capital. The entrepreneur changes because it can pass the cost of risk onto labor-capital (as it did with "banks too big to fail"). Government changes because it becomes an oligarchy (or becomes more of an oligarchy) representing the interests of the entrepreneur instead of the interests of everyone.

Justin Rocket wrote:

meatrace wrote:

Certainly you realize that your model cannot apply to everyone.

today?

No. We still need nurses, counselors, etc.

But, that doesn't mean that our economy hasn't gone through substantial changes. The number of nurses, counselors, etc. that we need is decreasing.

Based on what data?

Certainly not the aging population, which would require more nurses. Nor on returning veterans from a decade of war in Afghanistan and Iraq, which would indicate more need for counselors.

Today, every doctor's office I go to (and its a lot) is computerized and linked to every other doctor's office I go to. This information is kept up to date and checked against AI to catch errors.

Justin Rocket wrote:

meatrace wrote:

If your model isn't applicable to the vast, vast, vast, vast majority of the US, it is hardly worth stating that it applies.

It is a very powerful metanarrative and it applies to a rapidly increasing percentage of the economy.

So, yeah, its worth stating.

You might as well tell people to win the lottery. That's how "worth stating" it is.

You're free to think so. I think failing to appreciate the metanarratives a society lives in is a mistake.

Certainly you realize that your model cannot apply to everyone.

today?

No. We still need nurses, counselors, etc.

But, that doesn't mean that our economy hasn't gone through substantial changes. The number of nurses, counselors, etc. that we need is decreasing.

If your model isn't applicable to the vast, vast, vast, vast majority of the US, it is hardly worth stating that it applies.

It is a very powerful metanarrative and it applies to a rapidly increasing percentage of the economy.

So, yeah, its worth stating.

Justin Rocket wrote:

meatrace wrote:

how is your entire theoretical economy sustaining itself on app purchases alone

I challenge you to point out where I said that the entire economy sustains itself on app purchases.

I'm only extrapolating from your assertion that the US is now working under your labor-capital model. It isn't, and it can't.

It is rapidly increasing the percentage that can. As for whether it can't, I don't know what future technology might make possible.

When you say "in some parts of the world" you really mean "for some people"

That's rather obvious, I think, given that people live all over.

how is your entire theoretical economy sustaining itself on app purchases alone

I challenge you to point out where I said that the entire economy sustains itself on app purchases.

your assertion was that the economic paradigm has changed and that labor now owns capital.

In some parts of the world, it has changed.

Which is patently false for the vast majority of us.

I never said that it is true for the global majority. For many (perhaps most) of the people in this forum, it can be true.

Justin Rocket wrote:

meatrace wrote:

But what percentage of the population do you imagine are self-employed app programmer/entrepreneurs? A vanishingly slim portion I imagine. How that purports to topple the entire neo-classical economic paradigm is beyond me.

I agree that it is a vanishingly small part of the world who are doing it. Many more can do it, but choose not to. Still, that's why I wrote

meatrace wrote:

In some parts of the world

How many is many more? Enough to alter economic paradigms?

Oh, it'd still be a small percentage globally. We are, after all, only in the very beginning of the Information age. But, if we were limited to "first world" countries, it'd be a larger percentage.

Justin Rocket wrote:

meatrace wrote:

But what percentage of the population do you imagine are self-employed app programmer/entrepreneurs? A vanishingly slim portion I imagine. How that purports to topple the entire neo-classical economic paradigm is beyond me.

I agree that it is a vanishingly small part of the world who are doing it. Many more can do it, but choose not to. Still, that's why I wrote

meatrace wrote:

In some parts of the world

Which doesn't change the fact that, until replicator technology is available, we still live in a world with scarcity and physical goods are in demand. It is infeasible for an entire economy to exist on self-employed entrepreneur/programmers and app purchases. (Though I'll admit that is an enticing utopia)

Regardless of that, even your theoretical post-scarcity economic paradigm is under threat right now because of threats to net neutrality.

I didn't ignore scarcity.

Justin Rocket wrote:

meatrace wrote:

I just...it sounds again like you went to the first day of class for Econ 101 then just continue to use the terms you heard however you see fit. It's astonishing.

I went to the first day of Economics 101 all the way through five years to the last day of Economic Anthropology 5something.

And what you just typed is Economics 101. It gets much more involved after that and you come to learn that some things are over-simplified in Economics 101 and the truth is a lot more complicated.

As for your gripe that I presumably confused capital with the capital providers, that is very, very petty on your part. My point was clear.

I know. I'm an econ major. It gets more complex, but black doesn't become white, up doesn't become down, and dogs and cat's don't live together.

Your point was (and is) clear as mud. I genuinely have no clue what you're trying to say or get at.

Your point APPEARS to be that the current economic paradigm is labor-capital (which isn't a thing, because your assertions about labor owning capital are groundless) vs. entrepreneur-government, and encouraging entrepreneurship I would think is a worthwhile role of government.

Certainly you realize this isn't the paradigm under which the vast majority of us operate, right?

I know about the "land, labor, and capital" view of production. But, there isn't just one possible view of production and, by definition of a complex system, no view is complete.

But what percentage of the population do you imagine are self-employed app programmer/entrepreneurs? A vanishingly slim portion I imagine. How that purports to topple the entire neo-classical economic paradigm is beyond me.

I agree that it is a vanishingly small part of the world who are doing it. Many more can do it, but choose not to. Still, that's why I wrote

In some parts of the world

The solo software developer isn't the modern equivalent of an industrialist, but of a craftsman. You can make a living at it, but you're not going to get rich.

I get that craftsmen always existed. But, I was focusing on the difference between the Industrial Age and the Information Age. The role of craftsmen and their visibility in the larger economy is becoming more pronounced.

The software guy could get rich if his thing takes off, but if it does he's going to have to scale up fast and that's going to require capital investment: a labor force, a place to put them, computer infrastructure, etc. That's where the Venture Capital comes in. And claims an ownership share.

That's true, but I don't care whether he gets rich. I care whether he can provide for his family's subsistence.

I just...it sounds again like you went to the first day of class for Econ 101 then just continue to use the terms you heard however you see fit. It's astonishing.

I went to the first day of Economics 101 all the way through five years to the last day of Economic Anthropology 5something.

And what you just typed is Economics 101. It gets much more involved after that and you come to learn that some things are over-simplified in Economics 101 and the truth is a lot more complicated.

As for your gripe that I presumably confused capital with the capital providers, that is very, very petty on your part. My point was clear.

Most are work for hire: labor.

But, for many, it is a -choice- to be work for hire. In the past, there were hard lines between capital and labor. You could either afford to own a factory or you couldn't.

grow beyond a guy selling a cool app.

Being the guy selling a cool app is sufficient if it puts food on your table, a roof over your head, etc.

left-libertarians vs our modern right-libertarians

What is this? I mean, I'm a libertarian and view libertarian as easily absorbing what has traditionally been both left and right politically (for example, I support gay marriage, legalization of pot, etc. as an extension of the limited government ideal).

WAR IS A MERE CONTINUATION OF POLICY BY OTHER MEANS.

We see, therefore, that War is not merely a political act, but also a real political instrument, a continuation of political commerce, a carrying out of the same by other means. All beyond this which is strictly peculiar to War relates merely to the peculiar nature of the means which it uses. That the tendencies and views of policy shall not be incompatible with these means, the Art of War in general and the Commander in each particular case may demand, and this claim is truly not a trifling one. But however powerfully this may react on political views in particular cases, still it must always be regarded as only a modification of them; for the political view is the object, War is the means, and the means must always include the object in our conception.

I think one important difference between the world today and the world pre-1980s hasn't been mentioned yet.

In the hoary past, there were four factors in production; the entrepreneur, labor, capital, and government (the entrepreneur absorbed the risk and the capital provided the means of production (factories, financial investment, etc.).

In some parts of the world (such as the US) today, labor and capital are inseperable (since instead of hands vs. factories, we have fingers working keyboards vs. the brains designing/developing software). The same person owns labor and capital. Also, the connection between entrepreneur and government is much more obvious than it ever has been (eg. "banks too big to fail"). Which is to say that government is merely another way to do business.

So, today, unlike in the hoary past, we have labor-capital vs. entrepreneur-government. The significant difference between the two is that entrepreneur-government is empowered to apply force to labor-capital.

However it should be noted that this is more a intra species phenomena, not a interspecific. Large animals can actually do quite well in tropical climates as well. See extant elephants, rhinos, giraffes, etc.

Yes, of course. When one talks of life, one is talking of probabilities and tendencies.

As for whether it passes the smell test, it is possible in real life to control a person by pressing the philtrum or grabbing the pinky finger (or other similar points). It stands to reason that a dragon might be controllable by grabbing a small percentage of their body, even if that small percentage is the size of a man's arm.

Justin Rocket wrote:

And why would you think my making that statement must mean that I went to school in the south (which I didn't, incidentally)?

Two words: Acceptable Targets.

No doubt.

Its just the same old bigotry we've seen before, only with new targets.

Justin Rocket wrote:

why science class teaches the memorization of science facts rather than the mastery of the scientific method

I can only imagine you went to school in the south, because that was absolutely not my experience. In a public school. In rural Wisconsin.

I've met many people for whom it was their experience. I've also had teachers complain about the experience being all too common. Whether or not it was your experience is immaterial to how common it is.

And why would you think my making that statement must mean that I went to school in the south (which I didn't, incidentally)?

Bruunwald has the right of it.

I don't know what led DrDeth to his opinion.

Another point is that bigger animals are favored in colder climates because bigger animals lose body heat slower whereas smaller animals are favored in hotter climates for the opposite reason.

I had a monk in a party who started an encounter with a bunch of abominations three rounds from attack distance. The abominations had line of sight attacks. That meant my party would get hammered by the enemy for three rounds before my party could attack back.

My monk sbundant stepped to melee ranged then harassed the enemy and drew their attacks until my party could get close enough to attacck back. This stopped a TPK.

She has no agenda aside from being a good person

"being a good person" means different things to different people. Her agenda illustrates what it means to her.

why must a woman need another person to make her successful.

why can't she have a relationship because she wants it, not because she needs it?