Another study has been released that says US healthcare needs reform. The researchers call out weak regulation as a primary factor since other countries with stronger regulation have not seen the same deterioration.

In this paper we explore changes in fifteen-year survival at middle and older ages, alongside per capita health care spending, in the United States and twelve other wealthy nations. We then examine the extent to which the survival and cost variations over time among these nations can be explained by demographics, obesity, smoking, or mortality events that are not closely related to health care, such as traffic accidents and homicide. By comparing health system costs and mortality rates over time, it is possible to assess whether trends in risk factors for health or causes of death can explain the observed relative decline in broad health outcomes among American men and women over the past thirty years.

The BBC calls it US healthcare ‘to blame’ for poor life expectancy rates.

The US spends far more on healthcare than any other country as a percentage of gross domestic product, the study finds.

“We speculate that the nature of our health care system – specifically, its reliance on unregulated fee-for-service and specialty care – may explain both the increased spending and the relative deterioration in survival that we observed,” the authors wrote.

“If so, meaningful reform may not only save money over the long term, it may also save lives.”

The authors said those aspects of the US health system contributed to unnecessary medical procedures, poor communication between doctors and higher rates of medical errors.

BI Incorporated runs a Microsoft-based database of registered sex offenders in the US. They suffered a major outage when they hit more than 2.1 billion records. Apparently no one saw it coming.

An explanation is posted on their website:

“At 7:29 a.m. Mountain Time on Oct. 5, BI Incorporated experienced a problem with one of its offender monitoring servers that caused this server’s automatic notification system to be temporarily disabled, resulting in delayed notifications to customers. The issue was resolved approximately 12 hours later at 7:25 p.m. MT. The issue was confined to the BI TotalAccess Server when its database exceeded its 2.1 billion record threshold. The BI system notified administrators and technical staff of the issue immediately and a team was immediately assembled to diagnose and plan for recovery.

“Importantly, the monitoring system continued to operate and gather information, but transmissions were delayed until the system was restored. Offender activity logged while the server was being worked on was effectively processed at 7:25 p.m. MT when the system was restored. Alerts that may have occurred during this period were transmitted to our customers at that time.

The database ran “out of values in a column in a table”. It now has been expanded, they say, to 1 trillion records. They did not explain the rate of change to records over time. Was it getting exponentially larger lately or has it been slowly creeping? An expert is cited in their press release saying no one could have predicted running out of space.

The irony of the story, and that expert testimony, is that an alerting system for this alerting system is said to now be a priority for BI.

…we are working with Microsoft to develop a warning system on database thresholds so we can anticipate these issues in the future

The State of California has added a list of security features (some public, some secret) to its drivers license. The LA Times says it was designed to thwart counterfeiters.

Among the new features, licenses for drivers under age 21 will be printed vertically, making them easier to identify for police and shopkeepers. The cardholder’s signature and birthday will be raised, allowing them to be felt by touch.

Hidden images can be seen only with the use of ultraviolet light, and a laser perforation outline of the California brown bear will be visible when a flashlight is pressed against the back of the card.

The back of the card will still have a magnetic stripe but will also have a 2D barcode; both store information from the front of the card.

The new license was only just released but already I hear licenses from Nevada and Oregon are more common. California says they issue about 8 million licenses and ID cards a year. Will a change in that rate number be linked to these security measures?

On the flip side inside jobs are usually the most dangerous; the new CA license will definitely carry more weight but will it have the appropriate protection of the source? A certificate authority’s certificates are only as good as…

I am excited to know my signature will soon be easily copied with a piece of paper, some charcoal and a little pressure.

Updated 2019: So many people are coming to this post I wrote in 2010 to find out about the “Real ID” cards that have been available since January 22, 2018, due to a deadline of October 2010 for federal security. Valid U.S. passport will be required after October 2020, if you don’t have a Real ID card. California DMV has a Real ID portal site.

I often get asked about PCI compliance and multi-mode or mixed-mode or multi-tennant systems. I generally find it easy to explain how the measure of controls in the virtual environment is really not far from traditional IT.

When you have a firewall, which can host virtual firewalls, what is the highest security level possible for that firewall? Is it the least common denominator — the most secure virtual instance only can be given a trust level of the least secure virtual instance on the same base system or hypervisor? The answer is that you can have different levels of trust on the same hypervisor, provided that you apply appropriate controls.

Yes, I am giving the diaper answer — it depends — but that is better than just saying no way, no virtualization.

Although you could take my word for it, an excellent example comes from the NSA who worked with VMware to create a Trusted Virtual Environment (TVE) to address this issue. It allows two mixed modes: unclassified through secret and secret through top secret/SCI.