The existing EHR system had a hardware failure and the vendor was [...]]]> Last year I was recruited to find an Electronic Healthcare Records System (EHR) for a doctor who had just gone through a foiled implementation. I am always intrigued by being exposed to new sectors of technology and learning systems inside out.

The existing EHR system had a hardware failure and the vendor was asking for over $10,000 to recover the patient data. This combined with high maintenance and licensing fees proved to be too much for the doctor.

A consultant came in and sold the doctor on a hosted EHR system he had developed, unfortunately expectations were not set and the doctor was expecting his patient data to be available on this new system. Once it became apparent that there would be an additional cost in the thousands to recover and import this data into the new system the relationship went south.

This particular project was not only a technical but also a customer service challenge. Right from the start I made sure that the expectations were set and began looking at the possible solutions.

Amongst the many options available including traditional vendors, open source, home-grown systems, etc. (Tolven Healthcare, PatientOS, OpenEMR, Clearhealth, Abraxas, Medworks & Pulse)

I was looking to implement something that not only met the requirements (demographics, Medical history, Medications & allergies, Immunization status, Laboratory test results, Radiology images and Billing) of the client but was also scalable as a potential business. I ruled out the traditional EHR systems because of their high capital expenditure, ongoing costs, and approved VAR requirements. The open source solutions seemed very attractive but I was looking for something that did not require an on-site server thus it had to be hosted and using the cloud made it scalable.

So it came down to hosting an open-source package or using someone who had already done the legwork and I didn’t want to support this long term so the search turned 2 or 3 new cloud service providers of which only one I found to be mature enough to recommend; Practice Fusion.

Practice Fusion provides a free, web-based Electronic Medical Record (EMR) system to physicians. With charting, scheduling, e-prescribing, billing, lab integrations, referral letters, unlimited support and a Personal Health Record for patients, Practice Fusion’s EMR addresses the complex needs of today’s healthcare providers and disrupts the health IT status quo.

Although this did not turn out to be a passive income generator which I always have as a goal, it turned out to be a very educational and the platform for other ideas and projects.

In this economical downturn, the use of open source will be more attractive than ever as a strategy [...]]]> For a while I’ve been wanting to write several articles on the power of open source and its potential covering multiple software applications that I have run into and this is definitely on of those cases.

In this economical downturn, the use of open source will be more attractive than ever as a strategy to keep costs under control when being asked to do more with less.

This industry was defined and dominated by a company called Webex in the mid nineties which was later acquired by Cisco Systems. Although a very powerful application, it remained accessible to only those who could afford its high price tag.

Over the years several companies tried unsuccessfully to dethrone Webex, which remained intact most probably due to its reliability and stability.

In 2004, Citrix Systems brought the capability of performing web conferencing to the desktop cornering an untapped consumer/smb market and reigning king.

At the time GoToMeeting emerged, WebEx, LiveNote and others catered mostly to large corporations and sales divisions, entering in six-figure contracts. Citrix Online released GoToMeeting on an “all you can meet” basis, with one monthly (or annual charge) based on the number of authorized hosts. This pricing model was unique at the time, but has since been copied by competitors.

Late 2006 I started looking at open source alternatives to the Webex’s of the world and stumbled upon Dimdim while browsing through the goldmines of Freshmeat and Sourceforge.

The software at that point was still in alpha version 1.6. Installation was pretty straight forward once tomcat was installed and a plus was the possibility of integration with Moodle, an open source Course Management System (CMS).

Unfortunately the stability of the package was not there. Another package I looked at was Yugma which is a web based web conferencing service. Again it just wasn’t there.

Two years later and Dimdim has gone from Alpha to Beta and now Dimdim has exited Beta with version 4.5.

Dimdim‘s installation is far more complicated than earlier versions requiring several Python packages, and building and compiling other applications that support Dimdim. My first attempt at performing the installation was unsuccessful but a VM Appliance which is also provided under GPL3 license came up without a hitch.

The web service Dimdim works right out of the box and appears to be reliable and stable. Scalability will be my next test on this VMware appliance with 1Gb of RAM, to determine if it can handle 2-3 conferences and upward of 50 users.

Promising features include integration with other open source industry leaders.

Dimdim’s commitment to open source software development is supported by integrations with industry-leaders:

• Zimbra: Dimdim now offers a free zimlet for Zimbra’s open source email system;
• Moodle: Dimdim is integrated with version 1.9 of Moodle’s Course Management System;
• SugarCRM: Dimdim is integrated with the leading open source customer relationship management system,
• Claroline: Dimdim is embedded within with the collaborative learning environment.

Illuminating the Black Art of Security. SecTor brings the world’s brightest (and darkest) minds together to identify, discuss, dissect and debate the latest digital threats facing corporations today. Unique to [...]]]> This year at the SecTor security conference in Toronto, Canada, Security Compass introduced a series of open source firefox extensions aiding in penetration testing exercises.

Illuminating the Black Art of Security. SecTor brings the world’s brightest (and darkest) minds together to identify, discuss, dissect and debate the latest digital threats facing corporations today. Unique to central Canada, SecTor provides an unmatched opportunity for IT Professionals to collaborate with their peers and learn from their mentors. Held at the Metro Toronto Convention Centre in downtown Toronto, SecTor runs two full days, October 7th and 8th. The event features Keynotes from North America’s most respected and trusted experts. Speakers are true security professionals with depth of understanding on topics that matter. SecTor is a must attend event for every IT Professional.

This suite of web application security testing tools is named Exploit-Me and its designed to be lightweight and easy to use.

The suite is compromised of XSS-Me allowing Cross-Site Scripting, which is a common flaw found in web applications, SQL Inject-Me used to check for SQL Injection vulnerabilities which would allow malicious users to view, delete and modify records and finally Access-Me which test for access vulnerabilities by trying to access resources without being authenticated.

XSS-Me

Cross-Site Scripting (XSS) is a common flaw found in today’s web applications. XSS flaws can cause serious damage to a web application. Detecting XSS vulnerabilities early in the development process will help protect a web application from unnecessary flaws. XSS-Me is the Exploit-Me tool used to test for reflected XSS vulnerabilities.

• Download XSS-Me Now!
• XSS-Me 0.4 release notes
• Get the source
• Read the FAQ to find out more
• Extended XSS string set
• Known issues

SQL Inject-Me

SQL Injection vulnerabilities can cause a lot of damage to a web application. A malicious user can possibly view records, delete records, drop tables or gain access to your server. SQL Inject-Me is the Exploit-Me tool used to test for SQL Injection vulnerabilities.

• Download SQL Inject-Me Now!
• SQL Inject-Me 0.4 release notes
• Get the source
• Read the FAQ to find out more
• Known issues

Access-Me

Access vulnerabilities in an application can allow an attacker to access resources without being authenticated. Access-Me is the Exploit-Me tool used to test for Access vulnerabilities.

• Download Access-Me Now!
• Access-Me 0.2 release notes
• Get the source
• Learn to Hack Access Me to add evaluation code
• Read the FAQ to find out more
• Known issues

Educause is a nonprofit association whose mission is to advance higher education by promoting the intelligent use of information technology. Membership is open to institutions of higher education, corporations serving the higher education information technology market, and [...]]]> This years Educause conference took place in Orlando, Florida.

Educause is a nonprofit association whose mission is to advance higher education by promoting the intelligent use of information technology. Membership is open to institutions of higher education, corporations serving the higher education information technology market, and other related associations and organizations.

The association provides a social networking Connect site that supports blogs, wikis, podcasts and other platforms for IT professionals to generate and find content and to engage their peers; professional development opportunities; print and electronic publications, including e-books, monographs, and the magazines Educause Quarterly (EQ) and Educause Review[1]; strategic policy advocacy; teaching and learning initiatives; applied research; special interest discussion groups; awards for leadership and transformative uses of information technology; and a Resource Center for IT professionals in higher education.

Major initiatives of Educause include the Core Data Service, the Educause Center for Applied Research (ECAR), the Educause Learning Initiative (ELI), Net@EDU (advanced networking), the Educause Policy Program, and the Educause/Internet2 Computer and Network Security Task Force. In addition, Educause manages the .edu Internet domain under a contract with the U.S. Department of Commerce.^[1]

The current membership of Educause comprises more than 2,000 colleges, universities, and educational organizations, including 200 corporations, with 16,500 active members.

Below are pictures from the conference:

My schedule at the conference:

Tuesday, October 28, 2008

• Full Day Seminar – Cloud Computing Made Simple and Affordable: Using the Virtual Computing Lab (VCL) to Provide an Effective, Powerful, and Economical Rich Services Environment

Wednesday, October 29, 2008

• Discussion Session : Cloud Computing
• Emerging Technologies : Crafting a Campus Identity: First-Year Students, Residential Life, and Social Networking
• Discussion Session : Business Continuity Management
• Leadership and Management : Top-Ten “Gotchas” for the New CIO
• Networking and Infrastructure : High Availability and Server Consolidation with Virtualization
• Discussion Session : Policy and Law

Thursday, October 30, 2008

• Leadership and Management : IT Matters, but Information Resources Matter More
• Emerging Technologies : Developing Low-Cost Applications Using Offshore Companies
• Discussion Session : Network Management
• Enterprise Systems : CRM Adventures: Three Perspectives
• Networking and Infrastructure : Structuring Authentication Across the Campus Community
• Lightning Round Session : Security and Privacy Lightning Round
• Teaching and Learning : Are You Ready? A Systematic Approach to Training New Help Desk Staff
• Enterprise Systems : SOA Built on Open Source Web Service Technologies
• Networking and Infrastructure : Deployment of a Virtualized Server Grid
• Security and Privacy : Network Admission Control: A Survey of Approaches

Friday, October 31, 2008

• Enterprise Systems : IT Disaster Recovery Within the Framework of Business Continuity Planning
• Leadership and Management : Deploying an Open Source, Online Evaluation System: Multiple Experiences

Overall I thought it was an excellent conference, there weren’t as many people this year as previous ones.

The exhibit hall was fun as always. Some exhibits were great and others sucked which brings up another subject. Marketing.

There were two exhibits that stood out amongst the crowd. The first one from Bradford Networks and the other from Trapeze Networks. These guys not only gathered leads, but engaged their prospective customers allowing them to deliver their sales pitch. Two companies that I will definitely be following up with.

Other companies that did well on their marketing pitch were Turning Technologies, Novell, CDW, Zimbra, Elluminate, and Microsoft. Although the only thing Microsoft had going for itself was as great demo on a smart-board of Image Composite Editor.

Microsoft Image Composite Editor is an advanced panoramic image stitcher. The application takes a set of overlapping photographs of a scene shot from a single camera location and creates a high-resolution panorama incorporating all the source images at full resolution. The stitched panorama can be saved in a wide variety of formats, from common formats like JPEG and TIFF to multi-resolution tiled formats like HD View and Silverlight Deep Zoom.

The things that characterized the good exhibits can be summarized in a few words. They were accessible, had an inviting environment, gave away free stuff (like free iTouch and laptops every hour) and had either professionals or very seasoned sales people giving the presentations.

On the other side of the coin, were the very big and expensive exhibits which just didn’t deliver.

Some that deserve mention are AT&T which has a very expensive three environment exhibit representing campus life and U-Verse all over the place. Alcatel-Lucent had a not very inviting exhibit and their staff sat down most of the time. Citrix was just offering a $5 Starbucks card for filling out a survey. Cognos had a closed exhibit that wasn’t inviting to anyone.

Its not that these companies were cheap, which they were; but they are spending a lot of money for lead generation when they could also be qualifying the leads and delivering their product demos to a captive audience.

Cloud Computing builds on decades of research in a number of computer science fields including grid computing, distributed computing, utility computing and more recently networking, [...]]]> Depending on how many people you ask to define the meaning of “Cloud Computing“, you are very likely to get the same numbers of answers.

Cloud Computing builds on decades of research in a number of computer science fields including grid computing, distributed computing, utility computing and more recently networking, web and application services.

It implies a seamless Service Oriented Architecture (SOA); basically the delivery of an integrated and orchestrated suite of on-demand services to an end-user through the grouping of functionality around business processes, making them accessible over a network and allowing these services to communicate with each other by passing data from one service to another in a loosely coupled manner.

This concept built upon and evolving from older concepts of distributed computing and modular programing, promises to reduce information technology overhead, virtualization of resources, greater flexibility, and lower total cost of ownership. (TCO)

A group from North Carolina State University and George Mason University, presented this year at Educause 2008 in Orlando, Florida, a full-day seminar on “Cloud Computing Made Simple and Affordable”.

Since the year 2004 they have been hard at work building the Virtual Computing Lab (VCL), a new, scalable and accessible computing system architecture.

High costs, support and security issues, software licensing, space requirements, and demands for enhanced local and remote 24 x 7 user access constantly challenge computing in education. The Virtual Computing Lab (VCL), a new, adaptable, and open source approach to computing, provides a cloud-like rich services computing environment to serve advanced research and student computing simultaneously and affordably, within a scalable and accessible system architecture. The VCL maintains the diversity and flexibility essential to an academic environment while providing computational resources with an unprecedented lack of restrictions and significant reduction in costs. The VCL is an Internet-based service that allows users to augment their own computers of varying types and capabilities—without their having to acquire new or uniform computers, install and run advanced software, provide their own software support, and so forth.

The speakers at the session included Samuel F. Averitt (NCSU), Aaron Peeler (NCSU), Sharon P. Pitt (GMU), John Savage (GMU), Henry E. Schaffer (NCSU), Sarah R. Stein (NCSU) and Mladen A. Vouk (NCSU).

The open-source project has been submitted and recently accepted here by the Apache Foundation as one of its Incubator Projects.

VCL relies on the LAMP architecture, which includes Linux, Apache, MySQL and PHP and it was originally developed in a blade environment using IBM blades and xCAT, which is a scalable distributed computing management and provisioning tool that provides a unified interface for hardware control, discovery, and OS diskful/diskfree deployment.

VCL provides a web 2.0 reservation system, making accessible a multitude of hardware and virtualized systems running a variety of operating systems and applications to the end-users via Remote Desktop Protocol (RDP), for a pre-determined period of time. Images for these systems are maintained online or offline dependant on a last-used/commonly used algorithm, so an image offline could take up to 15 minutes to load.

Not only does this approach address the issue of providing users access to applications without the need for an installation, but also by making use of virtualization technologies such as VMware ESXi Hypervisor, provides the capability of multiplying by a substantial factor computing power while reducing the total cost of ownership.

Going even further, computers not being used could be aggregated to the cloud, making them all that valuable.