流沙网缘

The advances we’ve seen in the past few years—cars that drive themselves, useful humanoid robots, speech recognition and synthesis systems, 3D printers, Jeopardy!-champion computers—are not the crowning achievements of the computer era. They’re the warm-up acts. As we move deeper into the second machine age we’ll see more and more such wonders, and they’ll become more and more impressive.

How can we be so sure? Because the exponential, digital, and recombinant powers of the second machine age have made it possible for humanity to create two of the most important one-time events in our history: the emergence of real, useful artificial intelligence (AI) and the connection of most of the people on the planet via a common digital network.

Either of these advances alone would fundamentally change our growth prospects. When combined, they’re more important than anything since the Industrial Revolution, which forever transformed how physical work was done.

Thinking Machines, Available now

Digital machines have escaped their narrow confines and started to demonstrate broad abilities in pattern recognition, complex communication, and other domains that used to be exclusively human. We’ve recently seen great progress in natural language processing, machine learning (the ability of a computer to automatically refine its methods and improve its results as it gets more data), computer vision, simultaneous localization and mapping, and many other areas.

We’re going to see artificial intelligence do more and more, and as this happens costs will go down, outcomes will improve, and our lives will get better. Soon countless pieces of AI will be working on our behalf, often in the background. They’ll help us in areas ranging from trivial to substantive to life changing. Trivial uses of AI include recognizing our friends’ faces in photos and recommending products. More substantive ones include automatically driving cars on the road, guiding robots in warehouses, and better matching jobs and job seekers. But these remarkable advances pale against the life-changing potential of artificial intelligence.

We’re going to see artificial intelligence do more and more, and as this happens costs will go down, outcomes will improve, and our lives will get better.

To take just one recent example, innovators at the Israeli company OrCam have combined a small but powerful computer, digital sensors, and excellent algorithms to give key aspects of sight to the visually impaired (a population numbering more than twenty million in the United States alone). A user of the OrCam system, which was introduced in 2013, clips onto her glasses a combination of a tiny digital camera and speaker that works by conducting sound waves through the bones of the head. If she points her finger at a source of text such as a billboard, package of food, or newspaper article, the computer immediately analyzes the images the camera sends to it, then reads the text to her via the speaker.

Reading text ‘in the wild’—in a variety of fonts, sizes, surfaces, and lighting conditions—has historically been yet another area where humans outpaced even the most advanced hardware and software. OrCam and similar innovations show that this is no longer the case, and that here again technology is racing ahead. As it does, it will help millions of people lead fuller lives. The OrCam costs about $2,500—the price of a good hearing aid—and is certain to become cheaper over time.

Digital technologies are also restoring hearing to the deaf via cochlear implants and will probably bring sight back to the fully blind; the FDA recently approved a first-generation retinal implant. AI’s benefits extend even to quadriplegics, since wheelchairs can now be controlled by thoughts. Considered objectively, these advances are something close to miracles—and they’re still in their infancy.

Billions of Innovators, Coming Soon

In addition to powerful and useful AI, the other recent development that promises to further accelerate the second machine age is the digital interconnection of the planet’s people. There is no better resource for improving the world and bettering the state of humanity than the world’s humans—all 7.1 billion of us. Our good ideas and innovations will address the challenges that arise, improve the quality of our lives, allow us to live more lightly on the planet, and help us take better care of one another. It is a remarkable and unmistakable fact that, with the exception of climate change, virtually all environmental, social, and individual indicators of health have improved over time, even as human population has increased.

This improvement is not a lucky coincidence; it is cause and effect. Things have gotten better because there are more people, who in total have more good ideas that improve our overall lot. The economist Julian Simon was one of the first to make this optimistic argument, and he advanced it repeatedly and forcefully throughout his career. He wrote, “It is your mind that matters economically, as much or more than your mouth or hands. In the long run, the most important economic effect of population size and growth is the contribution of additional people to our stock of useful knowledge. And this contribution is large enough in the long run to overcome all the costs of population growth.”

We do have one quibble with Simon, however. He wrote that, “The main fuel to speed the world’s progress is our stock of knowledge, and the brake is our lack of imagination.” We agree about the fuel but disagree about the brake. The main impediment to progress has been that, until quite recently, a sizable portion of the world’s people had no effective way to access the world’s stock of knowledge or to add to it.

In the industrialized West we have long been accustomed to having libraries, telephones, and computers at our disposal, but these have been unimaginable luxuries to the people of the developing world. That situation is rapidly changing. In 2000, for example, there were approximately seven hundred million mobile phone subscriptions in the world, fewer than 30 percent of which were in developing countries.

By 2012 there were more than six billion subscriptions, over 75 percent of which were in the developing world. The World Bank estimates that three-quarters of the people on the planet now have access to a mobile phone, and that in some countries mobile telephony is more widespread than electricity or clean water.

The first mobile phones bought and sold in the developing world were capable of little more than voice calls and text messages, yet even these simple devices could make a significant difference. Between 1997 and 2001 the economist Robert Jensen studied a set of coastal villages in Kerala, India, where fishing was the main industry.10 Jensen gathered data both before and after mobile phone service was introduced, and the changes he documented are remarkable. Fish prices stabilized immediately after phones were introduced, and even though these prices dropped on average, fishermen’s profits actually increased because they were able to eliminate the waste that occurred when they took their fish to markets that already had enough supply for the day. The overall economic well-being of both buyers and sellers improved, and Jensen was able to tie these gains directly to the phones themselves.

Now, of course, even the most basic phones sold in the developing world are more powerful than the ones used by Kerala’s fisherman over a decade ago. And cheap mobile devices keep improving. Technology analysis firm IDC forecasts that smartphones will outsell feature phones in the near future, and will make up about two-thirds of all sales by 2017.

This shift is due to continued simultaneous performance improvements and cost declines in both mobile phone devices and networks, and it has an important consequence: it will bring billions of people into the community of potential knowledge creators, problem solvers, and innovators.

'Infinite Computing' and Beyond

Today, people with connected smartphones or tablets anywhere in the world have access to many (if not most) of the same communication resources and information that we do while sitting in our offices at MIT. They can search the Web and browse Wikipedia. They can follow online courses, some of them taught by the best in the academic world. They can share their insights on blogs, Facebook, Twitter, and many other services, most of which are free. They can even conduct sophisticated data analyses using cloud resources such as Amazon Web Services and R, an open source application for statistics.13 In short, they can be full contributors in the work of innovation and knowledge creation, taking advantage of what Autodesk CEO Carl Bass calls “infinite computing.”

Until quite recently rapid communication, information acquisition, and knowledge sharing, especially over long distances, were essentially limited to the planet’s elite. Now they’re much more democratic and egalitarian, and getting more so all the time. The journalist A. J. Liebling famously remarked that, “Freedom of the press is limited to those who own one.” It is no exaggeration to say that billions of people will soon have a printing press, reference library, school, and computer all at their fingertips.

We believe that this development will boost human progress. We can’t predict exactly what new insights, products, and solutions will arrive in the coming years, but we are fully confident that they’ll be impressive. The second machine age will be characterized by countless instances of machine intelligence and billions of interconnected brains working together to better understand and improve our world. It will make mockery out of all that came before. 

This post is adapted from Erik Brynjolfsson and Andrew McAfee's The Second Machine Age: Work, Progress, and Prosperity in a Time of Brilliant Technologies.

 

Over the past four years, KrebsOnSecurity has been targeted by countless denial-of-service attacks intended to knock it offline. Earlier this week, KrebsOnSecurity was hit by easily the most massive and intense such attack yet — a nearly 200 Gpbs assault leveraging a simple attack method that industry experts say is becoming alarmingly common.

At issue is a seemingly harmless feature built into many Internet servers known as the Network Time Protocol (NTP), which is used to sync the date and time between machines on a network. The problem isn’t with NTP itself, per se, but with certain outdated or hard-coded implementations of it that attackers can use to turn a relatively negligible attack into something much, much bigger. Symantec‘s writeup on this threat from December 2013 explains the problem succinctly:

Similar to DNS amplification attacks, the attacker sends a small forged packet that requests a large amount of data be sent to the target IP Address. In this case, the attackers are taking advantage of the monlist command.  Monlist is a remote command in older version of NTP that sends the requester a list of the last 600 hosts who have connected to that server.  For attackers the monlist query is a great reconnaissance tool.  For a localized NTP server it can help to build a network profile.  However, as a DDoS tool, it is even better because a small query can redirect megabytes worth of traffic.

Matthew Prince, the CEO of Cloudflare — a company that helps Web sites stay online in the face of huge DDoS attacks — blogged Thursday about a nearly 400 Gbps attack that recently hit one of the company’s customers and leveraged NTP amplification. Prince said that while Cloudflare “generally [was] able to mitigate the attack, it was large enough that it caused network congestion in parts of Europe.”

“Monday’s DDoS proved these attacks aren’t just theoretical. To generate approximately 400Gbps of traffic, the attacker used 4,529 NTP servers running on 1,298 different networks,” Prince wrote. “On average, each of these servers sent 87Mbps of traffic to the intended victim on CloudFlare’s network. Remarkably, it is possible that the attacker used only a single server running on a network that allowed source IP address spoofing to initiate the requests. An attacker with a 1 Gbps connection can theoretically generate more than 200Gbps of DDoS traffic.”

NO TIME LIKE THE PRESENT

Prince suggests a number of solutions for cleaning up the problem that permits attackers to seize control over so many ill-configured NTP servers, and this is sound advice. But what that post does not mention is the reality that a great many of today’s DDoS attacks are being launched or coordinated by the same individuals who are running DDoS-for-hire services (a.k.a “booters”) which are hiding behind Cloudflare’s own free cloud protection services.

As I noted in a talk I gave last summer with Lance James at the Black Hat security conference in Las Vegas, a funny thing happens when you decide to operate a DDoS-for-hire Web service: Your service becomes the target of attacks from competing DDoS-for-hire services. Hence, a majority of these services have chosen to avail themselves of Cloudflare’s free content distribution service, which generally does a pretty good job of negating this occupational hazard for the proprietors of DDoS services.

Mr. Prince took strong exception to my remarks at Black Hat, which observed that this industry probably would destroy itself without Cloudflare’s protection, and furthermore that some might perceive a credibility issue with a company that sells DDoS protection services providing safe haven to an entire cottage industry of DDoS-for-hire services.

Prince has noted that while Cloudflare will respond to legal process and subpoenas from law enforcement to take sites offline, “sometimes we have court orders that order us to not take sites down.” Indeed, one such example was CarderProfit, a Cloudflare-protected carding forum that turned out to be an elaborate sting operation set up by the FBI.

He said the company has a stated policy of not singling out one type of content over another, citing a fear of sliding down a slippery slope of censorship.

In a phone interview today, Prince emphasized that he has seen no indication that actual malicious packets are being sent out of Cloudflare’s network from the dozens of booter service Web sites that are using the service. Rather, he said, those booter services are simply the marketing end of these operations.

“The very nature of what we are trying to build is a system by which any content can be online and we can make denial-of-service attacks a thing of the past. But that means that some controversial content will end up on our network. We have an attack of over 100 Gbps almost every hour of every day. If I really thought it would solve the problem, and if our network was actually being used in these attacks, that’s a no-brainer. But I can’t get behind the idea that we should deny service to a marketing site just so that it can be attacked by these other sites, and that this will will somehow make the problem go away. I don’t think that’s right, and it starts us down a slippery slope.”

As a journalist, I’m obviously extremely supportive of free speech rights. But it seems to me that most of these DDoS-for-hire services are — by definition — all about stifling speech. Worse yet, over the past few months the individuals behind these offerings have begun to latch onto NTP attacks, said Allison Nixon, a researcher for NTT Com Security who spoke about DDoS protection bypass techniques at last year’s Black Hat.

“There is a growing awareness of NTP based attacks in the criminal underground in the past several months,” Nixon said. “I believe it’s because nobody realized just how many vulnerable servers are out there until recently. “The technical problem of NTP amplification has been known for a long time. Now that more and more attack lists are being traded around, the availability of DDoS services with NTP attack functionality is on the rise.”

(S)KIDS JUST WANNA HAVE FUN

The shocking thing about these DDoS-for-hire services is that — as I’ve reported in several previous stories — a majority of them are run by young kids who apparently can think of no better way to prove how cool and “leet” they are than by wantonly knocking Web sites offline and by launching hugely disruptive assaults. Case in point: My site appears to have been attacked this week by a 15-year-old boy from Illinois who calls himself “Mr. Booter Master” online.

Prolexic Technologies, the company that has been protecting KrebsOnSecurity from DDoS attacks for the past 18 months, said the attack that hit my site this week clocked in just shy of 200 Gbps. A year or two ago, a 200 Gbps attack would have been close to the largest attack on record, but the general upswing in attack volume over the past year makes the biggest attacks timeline look a bit like a hockey stick, according to a blog post on NTP attacks posted today by Arbor Networks. Arbor’s writeup speaks volumes about the motivations and maturity of the individuals behind a majority of these NTP attacks.

The NTP attack on my site was short-lived — only about 10 minutes in duration, according to Prolexic. That suggested the attack was little more than a proof-of-concept, a demonstration.

Indeed, shortly after the attack subsided, I heard from a trusted source who closely monitors hacker activity in the cybercrime underground. The source wanted to know if my site had recently been the subject of a denial-of-service attack. I said yes and asked what he knew about it. The source shared some information showing that someone using the nickname “Rasbora” had very recently posted several indicators in a private forum in a bid to prove that he had just launched a large attack against my site.

Apparently, Rasbora did this so that he could prove his greatness to the administrators of Darkode, a closely guarded cybercrime forum that has been profiled at length in this blog. Rasbora was anxious to show what he could contribute to the Darkode community, and his application for membership there hinged in part on whether he could be successful in taking down my site (incidentally, this is not the first time Darkode administrators have used my site as a test target for vetting prospective members who apply based on the strength of some professed DDoS prowess).

Rasbora, like other young American kids involved in DDoS-for-hire services, hasn’t done a great job of separating his online self from his real life persona, and it wasn’t long before I was speaking to Rasbora’s dad. His father seemed genuinely alarmed — albeit otherwise clueless — to learn about his son’s alleged activities. Rasbora himself agreed to speak to me, but denied that he was responsible for any attack on my site. He did, however, admit to using the nickname Rasbora — and eventually — to being consumed with various projects related to DDoS activities.

Rasbora maintains a healthy presence on Hackforums[dot]net, a relatively open forum that is full of young kids engaged in selling hacking services and malicious code of one kind or another. Throughout 2013, he ran a DDoS-for-hire service hidden behind Cloudflare called “Flashstresser.net,” but that service is currently unreachable. These days, Rasbora seems to be taking projects mostly by private contract.

Rasbora’s most recent project just happens to be gathering, maintaining huge “top quality” lists of servers that can be used to launch amplification attacks online. Despite his insistence that he’s never launched DDoS attacks, Rasbora did eventually allow that someone reading his posts on Hackforums might conclude that he was actively involved in DDoS attacks for hire.

“I don’t see what a wall of text can really tell you about what someone does in real life though,” said Rasbora, whose real-life identity is being withheld because he’s a minor. This reply came in response to my reading him several posts that he’d made on Hackforums not 24 hours earlier that strongly suggested he was still in the business of knocking Web sites offline: In a Feb. 12 post on a thread called “Hiring a hit on a Web site” that Rasbora has since deleted, he tells a fellow Hackforums user, “If all else fails and you just want it offline, PM me.”

Rasbora has tried to clean up some of his more self-incriminating posts on Hackforums, but he remains defiantly steadfast in his claim that he doesn’t DDoS people. Who knows, maybe his dad will ground him and take away his Internet privileges.

Tags: Allison Nixon, Arbor Networks, CloudFlare, Darkode, Hackforums, Lance James, Matthew Prince, network time protocol, NTP, NTT Com Security, Prolexic Technologies, Rasbora, Symantec

This entry was posted on Friday, February 14th, 2014 at 7:13 pm and is filed under A Little Sunshine, The Coming Storm. You can follow any comments to this entry through the RSS 2.0 feed. You can skip to the end and leave a comment. Pinging is currently not allowed.

I’m seeing a lot of wrangling over the recent (15+ year) pause in global average warming…when did it start, is it a full pause, shouldn’t we be taking the longer view, etc.

These are all interesting exercises, but they miss the most important point: the climate models that governments base policy decisions on have failed miserably.

I’ve updated our comparison of 90 climate models versus observations for global average surface temperatures through 2013, and we still see that >95% of the models have over-forecast the warming trend since 1979, whether we use their own surface temperature dataset (HadCRUT4), or our satellite dataset of lower tropospheric temperatures (UAH):

Whether humans are the cause of 100% of the observed warming or not, the conclusion is that global warming isn’t as bad as was predicted. That should have major policy implications…assuming policy is still informed by facts more than emotions and political aspirations.

And if humans are the cause of only, say, 50% of the warming (e.g. our published paper), then there is even less reason to force expensive and prosperity-destroying energy policies down our throats.

I am growing weary of the variety of emotional, misleading, and policy-useless statements like “most warming since the 1950s is human caused” or “97% of climate scientists agree humans are contributing to warming”, neither of which leads to the conclusion we need to substantially increase energy prices and freeze and starve more poor people to death for the greater good.

Yet, that is the direction we are heading.

And even if the extra energy is being stored in the deep ocean (if you have faith in long-term measured warming trends of thousandths or hundredths of a degree), I say “great!”. Because that extra heat is in the form of a tiny temperature change spread throughout an unimaginably large heat sink, which can never have an appreciable effect on future surface climate.

If the deep ocean ends up averaging 4.1 deg. C, rather than 4.0 deg. C, it won’t really matter.

Twitter Inc. (TWTR:US) said the Venezuelan government blocked users’ online images as opposition groups marched through Caracas for a third day, demonstrating against record shortages and the world’s fastest inflation.

Nu Wexler, a Twitter spokesman, confirmed in an e-mail that the government was behind the disruption. President Nicolas Maduro banned protests Feb. 12 and has asked his supporters to counter with a “march against fascism” tomorrow, in a week of social unrest that has left at least three Venezuelans dead.

Related:

• Boy’s Life Hanging on 8-Hour Trip Shows Why Venezuelans Protest
• Opinion: Let's Watch Venezuela Destroy Itself

In the absence of information from the government or local television outlets, Venezuelans have turned to foreign reporters and social media for news. Twitter users had been posting their photos of demonstrations that started in provincial towns earlier this month, providing an alternative to state-controlled media. It’s unclear if photos are blocked for users of all Internet providers in Venezuela, Wexler said.

“We won’t cease protests until all our comrades are free,” Gaby Arellano, a leader of the Andes University student union and member of the opposition party Voluntad Popular, said by telephone today. “We will continue fighting for our democratic rights.”

Maduro ordered police on Feb. 12 to detain opposition leaders for inciting violence after clashes between opposition-affiliated students and armed pro-government socialist collectives left 66 people injured and 118 under detention, according to the Interior Ministry.

Cantv Denial

State-run phone company Cia. Anonima Nacional Telefonos de Venezuela SA, or Cantv, denied blocking the images of San Francisco-based Twitter. Twitter’s servers are outside of Venezuela, and other countries experienced the same issue, the company said in an e-mailed statement today.

A spokesman for the Information Ministry, who can’t be named because of internal policy, said he had no problem seeing pictures on his Twitter account, which he uses to follow friends and family.

Students have defied Maduro’s ban on protests, blocking Caracas’ major avenues today on the way to the Eastern Cemetery to bury student Roberto Redman, one of the three killed in Feb. 12 clashes.

Only 10 of the 118 people detained have been charged to-date, mostly for instigating violence, according to the prosecutor general’s office. Human rights group Venezuelan Penal Forum put the number of detained at 148.

‘No Idea’

Alex Matute, a Caracas-based web developer, said his brother Angel, a 24-year-old student, was among the 30 protesters who were held by the National Guard without being charged and without access to lawyers or family for two days, before being driven to courts.

“We have no idea what they plan to do with him,” Alex Matute said by telephone today. “The police won’t tell us anything.”

A National Guard spokesman, who can’t be named because of internal policy, and Interior Ministry spokesman Marco Hernandez declined to comment, citing national-security risks.

Maduro has accused international outlets of bias. He took Colombian station NTN24 off the air after the protests and in a national address yesterday criticized Agence France Presse for “manipulating information.”

‘Massive Attack’

In November, Maduro asked authorities to investigate a disappearance of 6,000 of his 1.4 million Twitter followers, calling it a “massive attack” by the “international right wing.”

Billy Vaisberg, who runs an online directory of Venezuelan Twitter users called TwVen.com, said he had received several reports today from people who couldn’t see images on their feeds. In a post on its Spanish-language account, @twitter_es, Twitter advised Venezuelan users to subscribe to its text-message service to get updates.

“We are having a media blackout,” Josefina Blanco, a freelance science journalist and social media user, said in an e-mail from Caracas. Only because of Twitter, NTN24 and radio station RCR 750, “we can know what is really going on in our streets,” she said.

Inflation more than doubled in Venezuela in the past year to 56.3 percent in January, according to the central bank. At the same time, the central bank’s scarcity index rose to a record 28 percent, meaning that more than one in four basic goods was out of stock at any given time.

Bonds Fall

Amid the threat of new social unrest, the South American country’s benchmark dollar bond due in 2027 fell 0.67 cent to 64.85 cents on the dollar, near a 30-month low. The yield on the bond rose 16 basis points to 15.53 percent, at 3:40 p.m. in New York.

“The opposition has made a huge progress in the past week, as a couple of student protests have reignited the movement,” David Smilde, a senior fellow at the Washington Office on Latin America, said by telephone from Caracas yesterday. “If in the coming months the economy gets substantially worse and the protests continue, Maduro will be in tough position.”

To contact the reporters on this story: Patricia Laya in Mexico City at playa2@bloomberg.net; Sarah Frier in San Francisco at sfrier1@bloomberg.net; Anatoly Kurmanaev in Caracas at akurmanaev1@bloomberg.net

To contact the editors responsible for this story: Andre Soliani at asoliani@bloomberg.net; Nick Turner at nturner7@bloomberg.net

It was the best of times, it was the worst of times: In an effort to jumpstart the U.S. economy amidst the runaway blight of the “Great Recession” and financial crisis beginning in 2008, Congress scrambled to enact and then distribute its unprecedented and controversial $787 billion economic stimulus package. Among other things, the Stimulus Bill acted as a vehicle for another landmark piece of legislation, the HITECH Act, which sought to lay the foundations for sweeping healthcare reform.

Not only did the HITECH Act aim to encourage the bloated healthcare industry to lower costs and adopt healthcare information technology and electronic health records, it brought key changes to HIPAA privacy and security provisions as well. In January, these changes were finalized, and they important implications for all digital health companies, technology providers and app developers.

The rule changes (and the rules themselves) are complex, and they require startups and engineers to put in a lot of work to maintain compliance. In healthcare, where the need for efficiency-increasing, cost-reducing technology (and more engineers) is paramount, this is a problem. In a lot of cases, rather than take the time to become HIPAA-compliant, startups and developers are pairing back the features and functionality of their applications. This reduces the overall value proposition of the product and strips it of an important part of the feedback loop.

Luckily, TrueVault has your back. Launching out of Y Combinator’s most recent batch of startups, TrueVault is on a mission to unburden startups of the time-consuming, progress-stalling process of HIPAA compliance so that they can get back to focusing on what’s really important: Fixing the healthcare experience.

Over the last two years, there’s been an explosion in mobile health apps. The problem, however, is that many of them are crap. Some of them are just clones, but many of them lack the kind of functionality that people want out of a mobile health app. The average consumer wants to access health information, not uncontextualized data, but the new changes to HIPAA require compliance from apps and technology that delivering health information.

TrueVault wants to solve this problem by offering a secure API to store health data and simplify the complexity of HIPAA compliance. The idea is to save startups hundreds of development hours by ensuring that they can avoid worrying about setting up and maintaining a HIPAA-compliant application stack. Instead, TrueVault handles all physical and technical safeguards required by HIPAA, while working like the majority of API services, says co-founder Trey Swann.

TrueVault targets startups, web and mobile apps and wearables, enabling them to store and search protected health information (PHI) in any file format through RESTful APIs. It will sign a “Business Associate Agreement, and protects customers under a comprehensive Privacy and Data breach insurance policy,” as HIPAA is wont to make everyone do.

Now of course, you may say: “But, Rip, there are plenty of HIPAA-compliant hosting providers. What about those?” Touche, my friend. Touche. Familiar names like AWS, FireHost and RackSpace all offer HIPAA-compliant posting and will sign a BAA. So, you could move your applications and health data over to one of the big players.

Many startups are facing this “build vs. buy” decision right now. That’s why co-founder Trey Swann sees big opportunity for TrueVault. The value proposition that TrueVault claims over HIPAA-compliant hosting providers, he says, is that they still require companies to spend months building a HIPAA-compliant app stack in that environment, which require a laundry list of technical specifications.

The other benefit is cost. If a company wants to sign a BAA with AWS, it needs to use dedicated instances and each instance hour is 10 percent more than the standard fee. Plus, their meter starts at $1,500/month if they want to become HIPAA-compliant with AWS (meter starts at $2/instance hr, over a month it is approx. $1,500). FireHost, on the other hand, starts at $1,115/month and you are charged a $250 premium for each HIPAA-ready instance that’s added.

Instead, TrueVault is offering its service at a fairly competitive price point: $0.001/API call. Yes, that’s 100K calls for $100. Swann says that unlimited file and JSON storage are included in that price. Not bad for a service that offers automatic encryption of all data stored, APIs for searching that encrypted data, audit tracking, proactive monitoring, hashes, uptime and SLA.

The key, though, is search. In order to be compliant with HIPAA, apps have to encrypt their databases, which means your app can’t search their data, and the functionality suffers as a result. TrueVault’s service protects your data and also allows you to query that protected data. Companies can get unlimited file and JSON storage, and search any JSON document and binary field, or have their apps call TrueVault’s Search API directly to quickly add a search interface to their apps.

Today, TrueVault has about 5 million documents stored on its platform and millions of API calls are being made to its APIs every week. The startup has already signed on nearly 200 companies, including image32, LifeVest Health, Weave and Rocky Mountain Health Plans and is growing fast.

For more, check out TrueVault at home here.

I think ready to hang up my programmer skates. In fact, it seems more likely that I never had skates to begin with. In the past 5-10 years, I’ve attempted to learn to code in virtually all of the major web languages and environments, using all of the latest tools and and classes and tutorials—and I’ve failed miserably every single time.

I just stumbled across Dawn Casey’s omg! I’m a n00b and too afraid to start. It is unbelievably good. Go read it, I’ll wait. Some parts are sad, some parts are laugh-out-loud funny, and I’m sure there are some parts in the middle there that are encouraging to beginners, but I can see right through the whole thing.  The whole ebb and flow from “holy man, I’m completely lost” to “humm…I think I’m starting to finally get this!” is something I know very, very well. I’ve felt this addictive, though ultimately disappointing feeling many times.

We’ll have some fun reliving the agony in a moment, but first a word of background for the folks at home: although I can’t program I can definitely code. The distinction needs to be made there. I’ve been coding for years and have actually gotten pretty good at it. WordPress is my main tool of choice and I’ve gotten quite handy with it — I maintain my own starter theme (a fork / amalgamation of several projects),  I write all of my projects from scratch, I write (modify) all kinds of custom functions to make different parts work, and I generally know the ins and outs of building reasonably complex sites with WordPress. On top of that, I’m extremely comfortable in the command line and I use Git for almost everything I work on. All that is to say that  A) I’m not a beginner, and B) I’m not non-technical. But, as we’ll now learn, I’m absolutely not a programmer.

A Sense of an Endpoint or, The Trouble with Programming

Over the years I have tried to learn all the big players: PHP, Javascript, Ruby, Python, Perl, Java and Objective C. I have failed to learn all of these. It’s almost staggering to even write/realize this. Seven languages. Seven! And I completely and utterly failed at learning all of them. What’s the issue then? After all these years, I think I’ve finally come up with the answer: although the road to starting to learn all of these languages is manageable, they all have a brick wall at the end. Let’s look at the four I spent the most time with:

PHP

PHP is my “best” language, though that’s a dubious honour. It’s the one I’ve been playing with the longest, and the one I’m most comfortable in, given all my time spent with WordPress. PHP is (should be?) a great language to learn with because all of the environment stuff is taken care of for you—just download MAMP, stick some PHP tags into a document and off you go. This is the language I’ve definitely spent the most time with — I’ve done several courses, read several thick books, read literally zillions of tutorials. I’ve gone through lengthy tutorials where I create an object that has a PDO or something to access my fake eCommerce store in my fake database. Things have actually gone fairly well a few times with PHP, in that I’ve gotten fairly far along with the material, but it never lasts long. Pretty soon it’s midnight on a Tuesday and I’m trying to access a query string that was sent via $_POST and I get thinking, “You know? Life is waaaaaay too short for this”.

So, while starting with PHP is great, going beyond the basics has felt like solving a Rubik’s Cube with my toes. In the end, every single time, I’ve decided that there’s no way I’d ever want to build anything with PHP that I couldn’t already do much faster/easier/better with WordPress. And hence, I’ve given up.

Javascript

This is the real fun one! I’ve spent almost as much time with Javascript as I have with PHP. I started with jQuery (which I can use reasonably capably) and eventually worked backwards into plain Javascript. It’s actually a lot of fun, at first. The thing with Javascript is you have control over when things happen. This control is given to you by funny things called “callbacks”. Essentially, you use a function to call (or “callback”) another function. Let’s say for some reason you wanted to hide every image in on page for 10 seconds on page load. All you need to do is create a timer function that counts for 10 seconds and then call the image loading function as a callback to that. See? Fun!

The not fun part about Javascript is that brick wall I was talking about earlier. After spending a lot of time going through tutorials and courses and reading books and building little projects, I really felt like I was ready to take on the Javascript world. After you’ve got the basics down pat, the logical next step is browsing through the 500 TodoJS apps and spending a month trying to decide which MVC framework will suit you best. After you decide, it will take you another month to try and figure out what an MVC framework even does. I still don’t really know.

So, when people tell you that Javascript is the wave of the future, this is what they’re talking about. If you’re feeling pretty good about all the JS you know, just have a look at this:

At first I thought, “Hummm, I’m really catching onto this Javascript stuff!” Everything’s an object, callbacks, hell, I even understood what the module pattern was and why it made sense to use it (to avoid this “spaghetti” business people talk about)! But turning all that knowledge into a working Backbone app? That felt like swimming in cement. The funny thing about Javascript is that I still can’t see a way for me bridge those two worlds. I simply can’t see how I can take all these fundamentals that I know about Javascript now, and scaffold it up enough so that something like Backbone even makes sense to me. Despite hours and hours and hours of work, getting to that “next level” with Javascript feels literally impossible.

Python

I don’t have a lot to say about Python, except that I know the promise from xkcd is an empty one. I tried it a few times, and worked through the course at Codecademy, but it never felt very natural. I didn’t spend too long with it, but it never really clicked. On top of that, there’s a constant din of “Python’s not for you, it’s for them ({scientists, academics, hackers, statisticians, someone else})” out there if you look up stuff about Python. The language has always been really appealing for me, but for better or worse it’s never felt like something I should invest my time in. That, combined with the fact that I discovered Ruby meant the end for Python.

Ruby

If you’ve never touched a single language, this is the one for you. It really is beautiful, like so many say. It’s short, concise, fun, productive, and a lot of it really, truly reads like English. Of all the languages, Ruby was by far the most natural and fun. In the months I spent learning Ruby the hard way, I’d run home from work to get back to it. I really loved working on new things in Ruby — they all just made sense so quickly. By the end, I was feeling so happy and comfortable with Ruby that I even tackled some problems in Project Euler with it.

But as I look back at it now, I could have easily used PHP or Javascript for those same problems. I still like the syntax of Ruby better than all the others, but I wasn’t doing anything with Ruby that I couldn’t do with PHP or JS. I’d write a clunky function that did something with x and y and returned some value at the end. Doing it with Ruby was fun, but I wasn’t doing anything beyond playing with the primitives. Well, what’s beyond the privatives you ask? In short: Rails. Just like all the others, Ruby has a brick wall as well. It’s called Rails. The only thing is, Rails isn’t just a brick wall, it’s a brick mountain.

A few years back, I spent about a month getting comfortable with Ruby. It was actually really nice, and as I’ve said, fun. Actual, legitimate fun. After I was happy with where I was with Ruby the language, I started in ernest with Michael Hartl’s famous Rails Tutorial. I probably lasted another 6 weeks after that, but I knew pretty early on that it really wasn’t going to happen for me. In the tutorial, Hartl introduces Ruby, Rails, Git, Heroku, Test Driven Development and just about everything else you can think of, right from the start. By the end of the first month, I had literally no idea what was going on. I’d rake something and then route something else, and then I’d try and migrate up to (or down from) somewhere and absolutely none of it made any sense. By quittin’ time (around week 6) I was 100% convinced that anything I’d end up building with Rails could be build in a fraction of the time in WordPress.

Sure, but what about Sinatra? I actually did a few projects with Sinatra as well, and really liked using it. It felt pretty fun too. Way less behind the scenes magic, and you could actually see what was going on. But what was the point? Rails is still the big endpoint, and playing around with Sinatra really doesn’t get you too far down the road to learning Rails.

A light at the beginning of the tunnel

The whole business of programming is extremely complex. There are so many moving parts to anything these days, and one could easily spend a year just learning the tools available for a given language/environment. Javascript is a perfect example of this—it’s completely and utterly obsessed with tools. Not that these tools aren’t useful, there’s just a million of them.

I’ll end with two excerpts. First, a quote from the omg I’m a noob piece that I mentioned at the top, that sums all of this up nicely for me:

Second, probably the true impetus for writing this post, is a few lines from David DeSandro‘s ImagesLoaded Javascript plugin. While en route down a winding rabbit hole the other day, I stumbled across this plugin and took a second to look through the code to see if any of it made sense to me. By about line 20, I was actually laughing out loud. I have no clue whatsoever what the code is doing, despite all of my courses and books and hours spent at the screen. Here’s the selection that made me spit coffee onto my keyboard:

It’s not that I’m done trying to learn any of this, or certainly not that I don’t find any of it enjoyable. I suspect that in years to come, I’ll go pick up a fresh copy of Ruby again and spend a month or two using it to figure out some Project Euler problems, but I think that my ambitions to become a programmer have finally extinguished. And I think I’m actually relieved by this.

Here’s to spending more time outside!

Surprise! It’s Valentine’s Day, the stealthiest of all the holidays. Sneaks up on you, doesn’t it?

If you’re trying to get a gift today, you… might be a bit short on options. Will you go with the gas station teddy bear? The twice-crushed box of chocolates? A bouquet of acceptable-looking roses for $200?

If your nearly-forgotten flame would be content with the promise of a pretty cool gift in a few weeks, though, you might be set. Instapainting, a YC-backed company launching this morning, turns any photo into a hand-painted piece on canvas for under $100 bucks.

If you’ve ever tried to have something like this done before, you probably know: this exists. A few companies have been doing the whole photo-into-art thing for years. Where Instapainting thinks they have them beat, however, is in pricing and speed.

Instapainting’s smallest option (a 12″x12″ canvas) starts the pricing at $53 (including shipping), with the largest option (29.33″x22″) going for $130 . A quick search turns up a number of others in this space — OilPaintingExpress, OilPaintings.com, and myDavinci to name a few. The next wallet-friendliest option I could find was OilPaintingExpress, where a 12″x12″ work starts at $119. Most of them start the pricing at $200-$300 dollars.

Instapainting’s website is also a bit more… modern, for lack of a better word. Setting up your order takes all of a few seconds; upload your photo, crop it to the region you like, pick a canvas size, and you’re set. Built on top of tools like FilePicker and Stripe, the whole ordering flow is slick and simple.

So how do they keep the prices down? A few ways:

• Your original photo is printed onto canvas first, and this printed piece is used as the base/foundation of the hand painted piece. In other words: they’re painting on top of the photo. The artist still has to know how to properly mix colors and how to recreate lights/shadows/etc. in oil, but it’s a whole lot quicker than starting on blank canvas. Many a professional artist might balk at the idea — but unless your friends start scratching at the paint to see what’s underneath, they probably won’t be able to tell.
• As you might’ve guessed, much of the work is done overseas. Instapainting’s founders source their painters (primarily in China) one-by-one, mostly through their myriad online profiles. After quietly starting to roll the service out around a month ago, Instapainting says they have just shy of 100 painters producing pieces.
• They ship your art rolled in a tube, leaving it to the customer to frame it or stretch it onto canvas. The company tells me they’re working on a quick-assembling canvas frame that they can pack into the shipping tubes, but that’s still a few months out.

But what about shoddy work? Cheaper rarely means better, after all. To keep quality up, Instapainting puts two layers of protection into the mix: first, each painting is checked by a second set of eyes before it heads out to the customer. Second, they guarantee their work; if you don’t dig the oil-painted version they send you, they’ll remake it or give you a full refund.

Meanwhile, the company is also dabbling with the idea of being a marketplace for artists looking to have their work recreated by hand. Artists upload the digital version of their painting or photograph, and Instapainting recreates their work and shares the revenue. It’s not quite the same as buying an original piece by the original artist, of course — but when your main concern is how it looks hanging above your couch, it’s a nice alternative to buying a standard print.

We’re planning on putting the just-launched service through the proper paces, so be on the lookout for a full review in the coming weeks.