Tuesday, October 14, 2014

GHC14 - Technical Talks

A few notes (as much for myself) on a couple of the technical talks that I attended.

There were three technical tracks (beside the Open Source Day) that I had some interest in: Security/Privacy, Data Science, and IoT/Wearables. Between conflicts in scheduling, making the most of "hallway sessions", seeking [allergy free] food, and pure exhaustion leading to afternoon naps, I only made it to a few of these sessions. Here are reviews of two:

Bio-metrics - Cool or Creepy?

This panel was all industry professionals. There appeared to be a higher priority on customer experience than security. They did acknowledge that there is a difference between personalization identity and authentication identity. It bugged me that they referred to these as "identity" and "authentication" instead of two types of identity. They also made a distinction between local implementation (on a phone or tablet) and cloud or remote identity and pointed out (though maybe not forcefully enough to be heard) that authentication needs multiple factors and a higher level of confidence match.

Fingers, eyes, ear shape, etc were mentioned briefly but without as much technical information on where the industry is for my tastes. There was some discussion of active vs passive enrollments for bio-metric devices. Most of that discussion focused around voice and how it does take into account twins or having a cold or other day to day changes. Basically (and not new to me),any bio-metric technology has a level of confidence match. A low confidence match is sufficient for an recognizing identity for a device used by multi persons such as then providing a custom screen on the family Ipad. One way they want to extend this is with customer service call centers. Instead of having to go through a proof of identity each time to you call in - especially with followup calls - have the computer system recognize the voice. This then extends into the Matrix versions of in store identity and personalized experience. I still vote creepy. I prefer being an anonymous shopper.

Designing secure and privacy-aware IoT and wearable technologies for healthcare.

I was disappointed with this talk based on the title and description. The content was interesting but not what I expected. There were four panelists - two from industry and two from academic research. 

The first two presenters - from FitBit and UC Berkeley - talked mostly about the research they are doing to enhance the user experience. All the ideas are about collecting more data and automating the sharing of the data. Nothing was mentioned about securing the data. I have a fitbit and I already knew that the data is transferred clear text and stored in the cloud. Also that even with my privacy settings set to "me only" for a particular field, that data is still transferred to other organizations who are allowed to sync my data. I think the "allow this company to sync" should be seen at a "friend" level of privacy not a "me" level of see everything. Nothing was mentioned about privacy settings, authentication to get data, or securing the transport of the data. The UC Berkeley professor discussed the challenges of developing wearable technologies for the elderly. Again, interesting research but nothing about privacy or security was mentioned.

The third and fourth presentations got a bit more on topic.
The professor from the University of Illinois at Urbana-Champaign commented on a review of Android apps: 63.6% of mHealth apps are sending data over the internet in plaintext and 81.8% are using 3rd party storage and hosting such as AWS. I almost tuned the whole thing out when she started with "BOYD is coming". News flash: its been an issue for years now! As solutions, she did offer some examples:
"consider auditing" - mAuditor
"consider secure storage" - datalocker
"consider authentication" - lighttouch
"consider secure data collection and transmission" - selinda

The representative from Epic discussed a few issues using EHRs to store and access data:
Problem: Transfer of data: each EHR is separate database. There is a need for more standards concerning sharing the data. Some are: HL7, HealthIT.gov, and FHIR. FHIR is new, uses REST API.
Problem: Proving identity. Some possible starting points are perapp, OpenID, oauth, healthkit
Problem: The firehose of data. How do we make it pretty with quick access for the 7 minutes Dr visit.
Problem: Who cares? A Dr needs data from the less healthy not the healthy tech runner with a fitbit. How do we get information from the right person(s)?
Problem: Legal issues. Current laws require holding all data that is collected. This can be expensive on the storage side unless there is enough value from the data and/or a change in rules that allow for disposing of certain data sets - such as historic fitbit raw data on a healthy individual.


GHC14 - Day 3 keynotes and wrapup

Day three opened with references to handling mistakes, some direct, some more subtle. Making sure we are all listening, learning, improving, and moving forward.Its been a while since I heard the term "active listening".
The conference was marked by controversy over men at a women's conference telling women the same old things that really have not worked. From how the Wed evening panel was handled (by both the organizers and the participants) to the comments made by the CEO of Microsoft. Both situations resulted in the men LISTENing to the criticism, apologizing for not do better, and publicly trying to lead the change toward doing better. It is still to be seen how the words and efforts will play out in the long run.

Here are a few (paraphrased) sentences I heard:
  • We need to have the tough conversation.
  • We all make mistakes.
  • We cannot push an ally away with persecution for a single mistake.
  • We all need to listen to the criticism and learn from the mistakes.
  • We need to thank those that enter the minefield and show up to have the hard conversations.
Outside of the conference, I loved the quote by Diane Sawyer after talking about The Nobel Peace Prize given to Malala and straight out of Malala's goals: "It is amazing what can happen when we educate girls".

The keynote speaker for the final day was Dr. Arati Prabhaker from DARPA. She was scheduled for last year but the government shutdown forced a last minute substitution. A few of the technical research efforts that her team is working on are:
  • Space - launching small satellites from military planes from any runway. These are 100 pound satellites placed into low orbit with the costs down to 1 million dollars and 24 hours notice instead of 10's of million and in 24 months of planning.
  • Biology - Research into moving injured military from rehab to recovery with better prothetics and direct brain control. Human trials are already started and a 60 minutes video shows a women (in attendance at the conference) using thought to manipulate a robot arm.
  • Biology - Infectious diseases are in the news. Right now a flu shot needs weeks to get the body to create antibodies. DARPA research is looking for quicker diagnosis to reduce the spread as well as create targeted cures and prevention. They are looking for a flu shot that triggers antibodies within hours instead of weeks.
  • Information Technology - Today we really do have only the option of "patch and pray".  What can we do in the future to reset this? DARPA research is working on a Capture the Flag for AI machines only. They plan to place it next to the Capture the Flag at the next DefCon.  They are also working on accuracy and speed in pattern matching and other data analysis technologies.  Recently a pattern matching exercise resulted in a list of phone numbers which were matched to a local law enforcement database which narrowed the list to known criminals and eventually  to about 30 numbers from (or near) North Korea that eventually led to reducing human trafficking. 
The last day is also a day to get the final set of swag from the career fair and attend the final party. Do not forget a bag for the swag at the party and be early to get in on the raffle from the sponsors. 

On the swag: I love the puzzles. I can use the portable chargers and cables (though I now have many more cables than I need). I have once again replenished my office supply of pens (a few more PostIt notes would have been helpful) and my work from home wardrobe of T-shirts (more colors than at most tech conferences but still a lot of my least favorite black and grey). Some of the tote bags are useful, specifically the ones that can handle groceries (flat bottoms with strong handles).


GHC14 Day 2 - keynotes

The day 2 morning session started out with a special surprise guest of Megan Smith, the CTO of the USA. I have to admit I do not follow a lot of politics (I have a low BS threshold) and I had failed to make the connection. I saw Megan Smith talk last year at GHC and was impressed even though she worked with projects outside my direct interests. I did know that the new CTO was a women. I just failed to connect the name and face and experience. It was exciting to hear her talk again but I avoided the long lines at the meet & greet so no photo op for me.

The morning session also included the numbers for the conference: 8000 people in attendance (about 540 men) from 67 countries. That is double last year and like last year, it was sold out weeks before the event. Sponsors were thanked and the top universities and companies sending people to the conference were listed. It was no surprise to see the local schools and large sponsors topping those lists. Companies participating in the Top Company for Women in Computing ABIE Award were recognized with a banner at their booth in the career fair. Unfortunately neither of my largest clients were recognized. Red Hat was present at the conference but Cloudera was not. Companies related to my field where I know employees, such as TerraData and Rackspace were present and also participants in the initiative.

The keynote itself was a discussion between the President of Harvey Mudd College, Maria Klawe and the new CEO of Miscrosoft, Satya Nadella. I was actually impressed with much of what he had to say as it reminded me of things that have worked for me.

  • He believes that everyone has a "superpower". Use your superpowers. Frequently for women the superpower is a sense of empathy. Often it is job related talent. Be passionate about your work, find something worth doing, do it well, drive the technology (and the company) forward. 
  • Women have a low threshold for BS.
  • He is proud of the work done by the women in his company - at all levels - and would not be surprised to see a women follow him as CEO. Several statements relate to a belief that it is about skill, not gender or anything else. All teams need a diverse background, passionate workers, and the right talent. Hiring and promotions are about the right *person* for the job - including his. 
  • He believes the industry can benefit from a re-entry program for returning workers. The term bootcamp was used and attacked as a threatening term but the idea was welcomed. Create a re-entry program that trains returning workers then helps place them in the right job.  It reminds me of many new grad entry programs I have seen. Obviously this is currently aimed aimed at women who choose to take a few years off for family, but if done correctly, could even encourage more men to be the ones to take a few years off for family. Right now it is easier to enter the workforce as a "trainable new grad" with no skills than to find the right job for outdated experience. It is up to the individual to find the training to update their skills BEFORE applying for a job.

Of course there is the now international controversy of asking for pay raises, but he showed up.  He showed up a day early to listen and to see and experience the conference - not just for the hour on stage. After the keynote, he LISTENed to the criticism, he appears to have LEARNed from the mistake, and he is LEADing by example with his apology and moving forward to make change happen. We all have to be willing to have the hard conversations, and with an honest two way dialog and not just a defensive anger. Also, as a side effect, it has brought the pay equity issue back to front page, however briefly.


Friday, October 10, 2014

GHC14 Day 1 - Open Source Day

I have had mixed thoughts on this years Opensource Day from the initial announcements.

The last 2 years that I attended, it was a separate activity on Saturday after the conference.  This year it was a part of the conference on the first afternoon. My first instinct was the competition with the other tracks and activities might detract from the participation but in the end I thinks it worked out well.  A large part of the great participation was the parallel general conference tracks that were located in the same area.  Like previous years there was a separate advanced sign up for the limited space of the code-a-thon.  The rest of the sessions, labeled as a "101" series were all about how to get involved in Opensource communities and were first come first serve general conference sessions. These sessions were very well attended despite being in the South building away from the other tracks.

GHC Opensource Day has always had a service theme.  Most of the projects represented have an humanitarian impact on the world ranging from working on software to help located love ones after a natural disaster to bringing technology to women off the communication grid to helping teachers better serve struggling students. I have no issues with this theme and I hope it does continue. 

My biggest complaint with opensource day over the three years centers around the following all to frequent conversation:
Me: Are you coming to open source day?
A: no, I don't code.
Me: [thinking AAAAAAAAAAAAARRRRRGGGGG]. You dont have to write code to be an opensource contributer.  Think design in artwork and usability or testing. How about marketing, documentation, and project management?

Each year that I have been involved has appeared to have a smaller number of projects participating and has become more code-centric.  The first year I was working on a project with my documentation and tagging skills.  Last year I made more use of my teaching skills with what became a getting started with OpenStack session.  This year, other than the return of the OpenStack project, everything appeared very code based. Begin-er programmers were welcome but it was not inviting to someone who prefers to contribute in other ways.

I would like to see the return of projects that are inviting to even the non-coders.  [I suppose I should make the time to join the committee rather than just complaining about it in a blog post...]

I did attended three of the 101 sessions:
  • The OpenHatch How to contribute to Open Source was well covered in the following Red Hat Community blog post: http://community.redhat.com/blog/2014/10/ghc14-day1/
  • The Intro to FreeBSD caught my interest just see how that project is different from the Fedora and Apache projects that I follow. It was nice to see another documentation focused person sharing how to get involved.
  • The Using github presentation provided a great git cheat sheet on quality card stock.  It also did a good job of making merging less scary.

All showed along the way that contributors do not have to be programmers.  Thank you for that.

I also stepped out of the Linux Kernel Hacking 101 session to make room for others that were being turned away due to room capacity.

Overall, despite my disappointment with the projects living up to the code-a-thon name, I think it was a successful opensource day. It was definitely great to see so many people interested in learning how to get involved.  Now it is up to the communities to take the time to welcome a flood of new energy and talent to their projects.


GHC14 Day 1 - keynotes

I enjoyed the first keynote of the GHC this year.  Shafi Goldwasser is a leader in encryption research at MIT.  Many attendees found the presentation too technical to the point where "over my head" was a common social media post.  As a InfoSec professional (in the administration side, not the theoretical or mathematical side), I enjoyed the talk.  She used cartoonish pictures instead of bullets (thank you!) and described the ideas with general analogies.  The slides also included with the pictures, some equations and references to research for those that want to dig in further.

The work centers around how to work with private data without exposing all the data. For example, how do we get data for medical research - such as the number of cases where both X and Y are found - from a number of hospitals without getting all the patient records?  How can we store data in the cloud encrypted, and query it without giving away the keys to the whole data set?  How can we prove a theory without showing the proof?

The work includes HElib to do computation on encrypted data and Functional Encryption for fuzzy identity based encryption (Sakai,Waters - 2005).

Fun stuff.


Wednesday, October 8, 2014

GHC14 Day 0 - Travel

For the second year in a row, I am attending the Grace Hopper Celebration.  This year in Phoenix, AZ.

It never fails to amaze me how people feel that flight crew instructions do not apply to them.

In this trip the amazement began with the guy talking on the phone past when the plane started moving and all the way to when the flight attendant specifically told him to move the device to airplane mode - while she should have been demonstrating how to fasten a seat-belt. This after I heard him telling the phone that he was going to keep talking as long as possible, after hearing the announcement that the door was closed and phones should have the cellular function turned off.  Sigh.  At least he was not actively showing a kid how to commit a felony by ignoring crew member instructions (or maybe he was, I dont know who was on the other end of the phone).  And yes, I have been there, seen that. You do not have to agree with the rules, but have enough respect for the staff if not the ethics to follow the rules.

That was only the first leg.  For the long haul flight, I was even more amazed by the people ignoring the fasten seats belt announcement and continuing to get up and stand in the aisle waiting for the restroom.  This despite the bumps that could knock a person out or dump them into my lap.  Really folks, just sit down. At least figure out a "line" where you stay seated while waiting.

Really not a bad flight or trip overall.  Once in Phoenix I opted for the light rail to get downtown.  Like I learned in Minneapolis, a simple light rail system which connects the airport and the convention center (among other places) is a great thing for a city.  The trains look good inside and out, the bike racks work and are used.  The ticket system is honor based but this time I got checked 2 out of 3 rides so far.  I really wish my home area would figure out how to put in the first phase of light rail connecting the airport with the convention center and the three city bus systems. They keep talking about it... and talking... and talking...

I got to the hotel easy enough and later went out again to find the Whole Foods Market.  Not the easiest place to get to from downtown during off peak hours without a car, but it worked out.  There is not much shopping downtown.  Lots of museums and a number of restaurants which may or may not know how to deal with my food allergies.

I booked this trip before discovering the dairy allergy and even then I knew it was going to be a challenging week.  There is a Chipolte and a Five Guys and a Zpizza all close by and which all have limited options. I have since also found which coffee shop has almond milk and bananas.  Hopefully I will find some additional sources of fruit to go with the bag of almonds and collection of kind bars that I picked up at Whole Foods.

As usual, there is a great energy for this conference and it was already apparent at the airport as well as the hotel and the downtown are in general.


Thursday, October 2, 2014

More food allergies

Traveling with food allergies is difficult. This is the story of discovering a new food allergy.

I have been intolerant of gluten for years now but I have mostly gotten used to that with travels.  Even fast food chains have options.  With an intolerance I can survive with a little cross contamination so Chipolte, PF Chang, Pei Wei, Five Guys, and many others become options even if they are not ideal. That said, I still usually just stick to finding a Whole Foods Market within an hour drive and a hotel with a fridge.  That has worked out OK.

But this year I have had an increase in travel along with an increase in coming home feeling not so good.  It was time to figure out the root cause and I had a few hypothesis:
1. Was I being careful enough about eating gluten free and/or am I becoming more sensitive to cross contamination?
2. Since more of my "not well" feelings are related to breathing and asthma, perhaps I am just becoming more sensitive to the chemical cleaners in hotels and planes. I also find more problems with students and fellow travelers wearing cologne or perfumes. These have always bothered me some individually and when they add up it can be very uncomfortable.
3. Was there another food allergy causing a problem?

At the beginning of July I had a few weeks in a row at home.  This was a chance for a "cleanse" and an elimination diet.  From my ND, I occasionally follow a fruit/nut/egg diet for three days as jump start back into healthier eating habits (and it works as a cleanse).  This time I expanded that so that after the three days, I gradually added other items back into my diet and no more than one category per day. I started with salads and other raw veggies. A few days later I added in plain grilled chicken and pork.

From other sources, I knew that it is common for those with gluten intolerance to also have issues with other grains (corn) or proteins (casein).  I decided to focus on dairy as being a possible problem and went an entire 2 weeks without any dairy.  But I was also avoiding grains - rice and any of the gluten free breads - for the first week then had fresh corn on the cob and no apparent issues.  Finally, after a full 2 weeks and still following my instinct of a casein intolerance, I had some very tasty cheddar cheese.  Within 2 hours I was having asthma issues which continued into the next morning. No more cheese for me.

After three months of  no dairy I find that locating safe food on the road is harder but I am not having anywhere near the asthma problems I was having earlier in the year.  I can even tolerate a fellow traveler with cologne much better - or at least recover much quicker once I can get away from the person. I have also found that I can tolerate small amounts of butter since I have accidentally eaten some veggies cooked in butter when visiting family. Finally, since I refused to miss out on the full experience of a family lobster bake, I discovered that I can also handle a quality ghee that is labeled as lactose and casein free.

Family members are slowly remembering not to offer me cheese and to cook in oil instead of butter when they know I will be around.  The Paleo craze has made it easy to find new or alternate recipes for cooking at home. My travels continue to take me to Whole Foods Market but with a lot more raw salads and a lot less hot bar goodies. Many places have gluten free but fewer have dairy free menus. In addition many gluten free options are not dairy free and many dairy free options are not gluten free.  I have found variety and success at a few places so far: