Podcasts about cql

Continuing the last Quality Matters episode, host Andy Reynolds and NCQA Chief Technology Officer, Ed Yurcisin, break down the complexities of the digital transformation in health care quality and explore the importance of high-quality data exchange, particularly in the context of HEDIS reporting and the FHIR interoperability standard. Ed explains how NCQA's work in digital HEDIS measurement not only improves health care quality reporting, but also lays the groundwork for broader industry advancements. By ensuring consistent, standardized data for digital HEDIS, NCQA is setting the stage for better measurement of public health, smoother prior authorization and general data accessibility.The conversation also explores the technical side of digital quality measurement, focusing on Clinical Quality Language (CQL) and the role of HEDIS “engines” in the health care data ecosystem. Ed clarifies the difference between SQL and CQL, and underscores that NCQA's focus is on measures' content, not on building the end-to-end software systems that run measures.Through collaborations like the Digital Quality Implementers Community, NCQA is working to ensure alignment across CQL platforms so everyone is “doing the same math.” Amol Vyas, NCQA Vice President for Interoperability, joins the conversation to explain how a public-private partnership is bringing choice and confidence to the market for CQL engines.Ed reflects on how his international perspective and personal experiences shape his passion for health care data interoperability. He shares how challenges accessing medical records for his family members underscore the need for a seamless, patient-centered health care system. His real-world perspective highlights why creating standardized, high-quality data isn't just a technical challenge, but a crucial factor in helping to ensure better, safer care for all.As the episode wraps, listeners are encouraged to explore NCQA's resources and upcoming events to stay informed on the future of digital quality. Key Quote:“ HEDIS measures are incorporated into government payment programs—for example, Medicare Star Ratings. There's incentive to enable digital HEDIS because it is tied to your CMS Star Ratings and the money a Medicare advantage plan might receive from the government. That's not the case for other important use cases, whether it be public health or prior authorization. So our infrastructure is tied to financial returns incenting organizations to make higher quality data accessible for digital HEDIS. And that means if it's good enough for digital HEDIS, it's been cleansed and analyzed in a way that could be used for public health, could be used for prior authorization—all of these different use cases.”Ed Yurcisin Time Stamps:(02:10) Clearing a Path for Data Quality(05:30) HEDIS “Engines” vs. HEDIS “Calculators”(07:17) Measures' Content vs. Software that Runs Measures(11:18) Digital Quality Implementers Community(19:35) The Need for Data Quality Cuts Close to Home Links:Bulk FHIR Quality Coalition Digital Quality Implementers CommunityNCQA Digital Hub Connect with Ed YurcisinConnect with Amol Vyas 

An airhacks.fm conversation with Jake Luciani (@tjake) about: from Commodore 64 to cloud databases, early programming experiences with Basic and Excel macros, studying cognitive science and its influence on his career, transition to computer science, working at Bell Labs on R language, developing open-source projects like Night Rider MP3 player, creating a NoSQL database that led to involvement with Cassandra, building search API on top of Cassandra, joining datastax as an early employee, working on various aspects of Cassandra including compaction and streaming, challenges of byte buffer implementation, development of CQL (Cassandra Query Language), transition from NoSQL to SQL-like interfaces, separation of compute and storage in cloud databases, using S3 as the source of truth for Astra DB, implementing a Java file system abstraction for S3 integration, using etcd as a transactional cache for metadata, offering multiple APIs including REST and CQL drivers for astra DB, implementing JSON document storage and querying capabilities, cross-AZ cost considerations in cloud deployments, Java as a language for database development, future plans for jlama (Java-based LLM inference engine), the importance of open-source in cloud technologies, cost-driven architectures in cloud deployments, serverless vs. traditional deployments trade-offs, integration of AstraDB with cloud marketplaces and security considerations Jake Luciani on twitter: @tjake

Joeita speaks to Carli Friedman of the University of Washington about disability and intimacy. Highlights:The Value of Intimate Relationships - Opening Remarks (00:00)Introducing Carli Friedman, Director of research for the Council on Quality and Leadership (01:09)Studying Disability & Intimacy (02:17)Defining Intimacy (03:26)Benefits of Having Intimate Relationships (04:01)Barriers to Close Relationships (05:30)Impact of Housing Situation (06:11)Access to Privacy (07:39)Stigma Around Inter-Abled Relationships (08:40)Understanding Access-Needs (10:29)Common Experiences Versus Shared Interests (11:35)Social Media and Intimate Relationships (13:10)Attitudinal & Other Barriers (15:06)Facilitators & Gatekeepers (16:03)How to Form Intimate Relationships (18:56)Kinship, Belonging & Well-Being (20:15)Independence Versus Interdependence (21:06)Show Close (23:11)Guest Bio:Carli Friedman is the Director of Research for CQL | The Council on Quality and Leadership. CQL is an international not-for-profit organization that is dedicated to the definition, measurement, and improvement of personal quality of life, through a world of dignity, opportunity, and community for all people with disabilities. Carli's research at CQL works to promote meaningful community participation and empowerment of people with disabilities by exploring the impact policy, service systems, and providers can have on quality enhancement and quality of life. Carli, who has a Doctorate in Disability Studies, is the author of over 230 journal articles, book chapters, research briefs, and reports, focusing on ableism, community integration of people with intellectual and developmental disabilities, Medicaid, and social determinants of health.Article: AAIDD Honors CQL's Carli Friedman, PhD, With The 2022 Research Award  About The PulseOn The Pulse, host Joeita Gupta brings us closer to issues impacting the disability community across Canada.Joeita Gupta has nurtured a life-long dream to work in radio! She's blind, moved to Toronto in 2004 and got her start in radio at CKLN, 88.1 FM in Toronto. A former co-host of AMI-audio's Live from Studio 5, Joeita also works full-time at a nonprofit in Toronto, specializing in housing/tenant rights. Find Joeita on X / Twitter: https://twitter.com/JoeitaGupta The Pulse airs weekly on AMI-audio. For more information, visit https://www.ami.ca/ThePulse/ About AMIAMI is a not-for-profit media company that entertains, informs and empowers Canadians who are blind or partially sighted. Operating three broadcast services, AMI-tv and AMI-audio in English and AMI-télé in French, AMI's vision is to establish and support a voice for Canadians with disabilities, representing their interests, concerns and values through inclusion, representation, accessible media, reflection, representation and portrayal. Learn more at AMI.caConnect on Twitter @AccessibleMediaOn Instagram @accessiblemediaincOn Facebook at @AccessibleMediaIncOn TikTok @accessiblemediaincEmail feedback@ami.ca

In this episode Brad Redding and Jon Cairo have John Tucker, a Senior Data Analyst at CQL, to share segmentation tips for your Q4 purchasers that should be considered in email and SMS flows, how to leverage these segments in your 2024 larger marketing campaigns, gotchas of Q4 year over year data analysis, and how to think about maximizing audiences across your marketing stack. -----We release new episodes every week that go deep into the world of tracking, analytics, and conversion optimization.-----Links Referenced:CQL WebsiteConnect with John on LinkedIn-----And if you're new to Elevar, Elevar automates server-side conversion tracking for Shopify. Check us out!-----Previous episodes you might like:100K/spend day myths with Nigel ThomasSignal Loss -- what it is and how it impacts marketersDeep dive with Simo Ahava on intersection of technical marketersClient vs server-side cookies and server-side tracking 101How to double conversion rate in 100 days with Ben ZettlerHow to blend attribution + conversion tracking + data warehousing for insights with Austin Harrison from Northbeam

Summary David Bitner discusses TiPG, an OGC API features service that serves OGC features and tiles directly from Postgres and PostGIS databases. TiPG leverages the power of PostGIS, FastAPI, and other standard libraries, making it easy to display spatial data without extensive configuration. The project supports various OGC features, enables full filtering using CQL, and utilizes the FastAPI framework for efficient service development. Additionally, Bitner introduces EAPI, an opinionated bundle of tools, including TiPG, for seamless integration. The ease of use, templating capabilities, and support for set-returning functions make TiPG a versatile solution for spatial data services. Highlights

In a thought-provoking episode, I sit down with Dr. Eric Daimler, an eminent authority on artificial intelligence and robotics with over two decades of multifaceted experience. As a Presidential Innovation Fellow for AI and Robotics under the Obama Administration and the CEO of Conexus, Dr. Daimler offers a unique vantage point on the intersection of policy, innovation, and entrepreneurship in the ever-evolving AI landscape. The conversation kicks off with an exploration into Eric's role as the first AI authority in the Obama White House. They delve into the strategic importance of having technology expertise within the governmental structure, examining how such expertise can shape public policy and drive national initiatives. From the macro to the micro, the conversation shifts towards the mounting challenges of data management in AI implementations. With his current venture, Conexus, Dr. Daimler aims to revolutionize data integration and migration through a category-theory-based platform, CQL. The discussion takes a deep dive into the complexities of managing data deluge and the role of category theory in simplifying this monumental task. The discourse then moves into the social and ethical dimensions of AI and robotics. Eric and Neil ponder on the responsibility of communities and citizens in shaping the future of these technologies. They stress the necessity for a collective approach towards understanding the ethical, societal, and economic impacts of AI. As the conversation advances, we discuss the prospects and challenges for AI in automating vocational IT work and synthesizing various tools' actions. They underscore the transformative potential of AI in diverse sectors, including supply chain management, organ donation, and drug discovery. Dr. Daimler brings an unparalleled blend of academic rigor, policy insight, and entrepreneurial spirit to the episode. This is a must-listen for anyone interested in the multifaceted aspects of AI, from data management to ethical considerations and policy implications.

Michelle Goodall is CMO at Guild, a mobile-first platform for communities, groups, and networks.A recognised speaker and specialist in digital marketing, community strategy, social media, comms, and content. She has 25 years of marketing & comms experience in a mix of agency and client-side roles, including at Econsultancy, Lexis PR, and Access Intelligence.She has worked with LOCOG (London2012), V&A Museum, General Mills, BBC, Coca-Cola, Econsultancy, Penguin Random House, Viacom, Unilever, Diageo + many others.Co-author of Community-Based Marketing (CBM) Best Practice Guide, she has also lectured in Community Strategy at Manchester Metropolitan University.This episode covers:   Community marketing Community platforms The benefits of professional communities How to build trust and a supportive community space Making the world a better placeCreating your own community channel Community qualified leads (CQL's) How focusing on community marketing will help you grow your audience and business The periodic table of community strategy Links & references:Katie Street: https://www.linkedin.com/in/katiestreet/ Michelle Goodall: https://www.linkedin.com/in/michellegoodall/  Guild: https://guild.co/profiles/189/michelle-goodall Twitter: https://twitter.com/greenwellysHappiness Community https://thehappinessindex.com/Marketing meetup: https://themarketingmeetup.com/about/Marketing society: https://www.marketingsociety.com/ The periodic table of community strategy: https://guild.co/blog/periodic-table-community-strategy/ Community based marketing best practice guide: https://guild.co/blog/what-is-community-based-marketing/The Art of Gathering: How We Meet and Why It Matters: https://bit.ly/3yMsCUt The Art of Community 2e: Building the New Age of Participation: https://bit.ly/3JxiWU0 Get in touch: hello@street.agencyKatie Street https://www.linkedin.com/in/katiestreet/ https://www.instagram.com/streetmate/ Street Agency https://street.agency/ https://www.instagram.com/street.agency/ https://www.linkedin.com/company/streetagency/

Eric Daimler is the founder and CEO of Conexus, a groundbreaking solution for what is perhaps today's biggest information technology problem: data deluge. Eric is leading the development of CQL, a patent-pending platform founded upon category theory — a revolution in mathematics — to help companies manage the overwhelming and rapidly growing challenge of data integration and migration. In addition, Eric has over 20 years of experience as an entrepreneur, investor, technologist, and policymaker. He served under the Obama Administration as a Presidential Innovation Fellow for AI and Robotics in the Executive Office of the President. He was the sole authority driving the agenda for U.S. leadership in research, commercialization, and public adoption of AI & Robotics.   Advertiser:  https://timezest.com/mspradio/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/ Support the show on Patreon:  https://patreon.com/mspradio/ Want our stuff?  Cool Merch?  Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on: Facebook: https://www.facebook.com/mspradionews/ Twitter: https://twitter.com/mspradionews/ Instagram: https://www.instagram.com/mspradio/ LinkedIn: https://www.linkedin.com/company/28908079/

On this episode of Inside Health Care, we talk about acupuncture, yoga and a host of other “alternative” therapies with a health leader in the U.S. government. After that, we explore a newly announced breakthrough in digitalization exploration with NCQA's Chief Technology Officer.Our first guest is one the foremost experts in the U.S. on integrative medicine. He answers some difficult questions. How have some alternative therapies become legitimized? And what are the risks of unregulated therapies?Benjamin Kligler, MD, MPH, is Executive Director of the Office of Patient Centered Care and Cultural Transformation (OPCC&CT) at the Veterans Health Administration. He is a board-certified family physician, working as a clinician, educator, researcher and administrative leader in the field of complementary and integrative medicine.At NCQA's 2023 Quality Talks, Dr. Kligler talked about “whole health” and how it relates to his work.In our next interview, NCQA Chief Technology Officer Ed Yurcisin breaks down our newest development in digital health, our newly-announced requirements and open source software for interpreting and executing clinical quality language (CQL) so any organization or software developer can use HEDIS Digital Content Services.Later in Fast Facts, we observe Osteoporosis Awareness and Prevention Month. We also discuss the NCQA has HEDIS measure, Osteoporosis Screening in Older Women, that assesses the percentage of women 65–75 years of age who receive osteoporosis screening.

Our stories this month are frosty and icy! Our picture book is The Glowing Snowman by Helen Goodbarton and Sophie Johnson-Hill. A snowman feels lonely and not special, until he accidentally swallows a firefly and becomes rather bright and interesting. But should he keep the firefly captive in his tummy? Or let it go? It's a great collaboration featuring drawings by lots of different children.   For our chapter book, we've got rather a short, bite-sized time travel story: A Night at the Frost Fair, by Emma Carroll and illustrated by Sam Usher. Sitting in the back of a taxi, feeling grumpy and kind of sad, Maya slips back in time to 1788: the Thames has frozen over and the Frost Fair is being held. A small boy named Eddie grabs her arm and they're off for a day of adventure on the ice.   In this episode we mention a few other books we've covered:   Howl's Moving Castle by Diana Wynne Jones, in our episode about Shooting Stars The Year I Didn't Go to School by Giselle Potter, in We Don't Need No Education A Christmas Carol by Charles Dickens, in our episode all about retellings of it   Sojo and Mouse, the publishers of The Glowing Snowman, are selling a special 3 book bundle for £15 at the moment!   Nina also mentions The Snowmama by Jeanette Winterson, which you can read here.   Matt mentions the Whitley Bay shuggy boats, pictured here in the 1920s!   Doctor Who also had an episode set at the frost fair, see a clip here   And here's a video from the CQL about the concept of dignity of risk.   What A Wonderful Day is licensed under a Creative Commons Attribution 4.0 International License by Shane Ivers of silvermansound.com    

Facebook Has No Idea Where Your Data Is and What They Do With It?! Facebook's about 18 years old coming on 20 Facebook has a lot of data. How much stuff have you given Facebook? Did you fall victim for that? Hey, upload your contacts. We'll find your friends. They don't know where your data is. [Following is an automated transcript] [00:00:15] This whole thing with Facebook has exploded here lately. [00:00:20] There is an article that had appeared on a line from our friends over at, I think it was, yeah. Let me see here. Yeah. Yeah. Motherboard. I was right. And motherboards reporting that Facebook doesn't know what it does with your data or. It goes, no, there's always a lot of rumors about different companies and particularly when they're big company and the news headlines are grabbing your attention and certainly Facebook can be one of those companies. [00:00:57] So where did motherboard get this opinion about Facebook? Just being completely clueless about your personal. It tamed from a leaked document. Yeah, exactly. So we find out a lot of stuff like that. I used to follow a website about companies that were going to go under and they posted internal memos. [00:01:23] It basically got sued out of existence, but there's no way that Facebook is going to be able to Sue this one out of existence because they are describing this as. Internally as a tsunami of privacy regulations all over the world. So Gores, if you're older, we used to call those tidal waves, but think of what the implication there is of a tsunami coming in and just overwhelming everything. [00:01:53] So Facebook, internally, their engineers are trying to figure out, okay. So how do we deal with. People's personal data. It's not categorized in ways that regulators want to control it. Now there's a huge problem right there. You've got third party data. You've got first party data. You've got sensitive categories, data. [00:02:16] They might know what religion you are, what your persuasions are in various different ways. There's a lot of things they might know about you. How were they all cat categorize now we've got the European union. With their general data protection regulation. The GDPR we talked about when it came into effect back in 2018, and I've helped a few companies to comply with that. [00:02:41] That's not my specialty. My specialty is the cybersecurity. But in article five this year, peon law mandates that personal data must be collected for specified explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes. So what that means is that every piece of data, like where you are using Facebook or your religious orientation, Can only be collected in use for a specific purpose and not reused for another purpose. [00:03:19] As an example here, that vice has given in past Facebook, took the phone number that users provided to protect their accounts with two factor authentication and fed it to its people, feature as well as. Advertisers. Yeah. Interesting. Hey, so Gizmodo with the help of academic researchers caught Facebook doing this, and eventually the company had to stop the practice because, and this goes back to the earlier days where Facebook would say, Hey, find out if your friends are on Facebook, upload your contacts right now. [00:03:54] And most people. What did you know back then about trying to keep your data private, to try and stop the proliferation of information about you online then nothing. I think I probably even uploaded it back then thinking it'd be nice to see if I got friends here. We can start chatting, et cetera. [00:04:12] According to legal experts that were interviewed by motherboard who wrote this article and has a copy of the internal memo this year, PN regulation specifically prohibits that kind of repurposing of your phone number of trying to put together the social graph and the leaked document shows that Facebook may not even have the ability to live. [00:04:37] How it handles user's data. Now I was on a number of radio stations this week, talking about this. And the example I gave is just look at an average business from the time it start, Facebook started how right? Wildly scraping pictures of young women off of Harvard university. Main catalog, contact page, and then asking people what do you think of this? This person, that person. And off they go, trying to rate them. Yeah. Yeah. All that matters to a woman, at least to Courtney, to mark Zuckerberg girl, all the matters about a woman is how she looks. Do I think she's pretty or not? [00:05:15] It's ridiculous. What he was doing. It just, oh, that's zackerburg who he is not a great guy anyways. So you go from stealing pictures of young ladies asking people to rate them, putting together some class information and stuff there at Harvard, and then moving on to other universities and then open it up even wider and wider. [00:05:42] And of course, that also created demand because you can't get on. If you're not at one of the universities that we have set it up for. And then you continue to grow. You're adding these universities, certainly starting to collect data and you are making more money than God. So what do you do? You don't have to worry about any efficiencies. [00:06:02] I'll tell you that. Right? One thing you don't have to do is worry about gee. We've got a lot of redundant work going on here. We've got a lot of teams working on basically the same thing. No, you've got more money than you can possibly shake a stick at. So now you go ahead and send that money to this group or that group. [00:06:24] And they put together all of the basic information, that they want. Pulling it out of this database and that database in there doing some correlation, writing some really cool CQL queries with mem credible joins and everything else. And now that becomes part of the main code for Facebook. [00:06:45] And then Facebook goes on to the next little project and they do the same thing. Then the next project, then the next project. And then someone comes along and says, Hey, we. This feature, that feature for advertisers and then in that goes, and then along comes candidate Obama. And they, one of the groups inside Facebook says, yeah here we go. [00:07:09] Here's all of the information we have about everybody and it's free. Don't worry about it. And then when Trump actually bought it and hired a company to try and process some of that information he got in trouble. No but the. The whole campaign could get access to anything they wanted to, again, because the data wasn't controlled, they had no idea who was doing what with the data. [00:07:34] And according to this internal memo, they still don't know. They don't even know if they can possibly comply with these regulations, not just in Europe, but we have regulations in pretty much all of the 50 states in the U S Canada of course, has their own Australia and New Zealand think about all the places. [00:07:57] Facebook makes a lot of. So here's a quote from that we build systems with open borders. The result of these open systems and open culture is well-described with an analogy. Imagine you hold a bottle of ink in your hand, the bottle of ink is a mixture of all kinds of user data. You pour that ink into a lake of water and K and it flows every year. [00:08:22] The document read. So how do you put that ink back in the bottle? I, in the right bottle, how do you organize it again? So that it only flows to the allowed places in the lake? They're totally right about that. Where did they collect it from? Apparently they don't even know where they got some of this information. [00:08:43] This data from reminds me of the no fly list. You don't know you're on it and you can't get yourself off of it. It's crazy. So this document that we're talking about, it was written last year by. Privacy engineers on the ad and business product team, whose mission is to make meaningful connections between people and businesses and which quote sits at the center of our monetization strategy. [00:09:06] And is the engine that powers Facebook's growth. Interesting. Interesting problems. And I see this being a problem well into the future for more and more of these companies, look at Twitter as an example that we've all heard about a lot lately. And then I've talked about as well along comes Elon Musk and he says wait a minute. [00:09:29] I can make Twitter way more profitable. We're going to get rid of however many people over a thousand, and then we are going to hire more people. We're going to start charging. We're going to be more efficient. You can bet all of these redundancies that are in Facebook are also there. And Twitter also has to comply with all of these regulations that Facebook is freaking out about it for a really a very good reason. [00:10:00] So this document is available to anybody who wants to look at it. I'm looking at it right now, talking about regulatory landscape and the fundamental problems Facebook's data lake. And this is a problem that most companies have not. As bad as Facebook does the button. Most companies you write, you grow. I have yet to walk into a business that needs help with cybersecurity and find everything in place as it should be because it grew organically. [00:10:32] Do you started out with a little consumer firewall router, wifi, and then you added to it and you put a switch here and you added another switch behind that and move things around. This is normal. This is not total incompetence on the part of the management, but my gosh, I don't know. Maybe they need an Elon Musk. [00:10:52] Just straighten them out as well. Hey, stick around. I'll be right back and sign up online@craigpeterson.com. [00:11:02] Apparently looting is one of the benefits of being a Russian soldier. And according to the reports coming out of Ukraine, they've been doing it a lot, but there's a tech angle on here that is really turning the tables on these Russian Looters. [00:11:19] We know in wars, there are people that loot and typically the various militaries try and make sure, at least recently that looting is kept to an absolute minimum. [00:11:32] Certainly the Americans, the British, even the Nazis during world war II the the socialists they're in. Germany they tried to stop some of the looting that was going on. I think that's probably a very good thing, because what you end up with is just all of these locals that are just totally upset with you. [00:11:57] I found a great article on the guardian and there's a village. I hadn't been occupied for about a month by Russian troops and the people came back. They are just shocked to see what happened in there. Giving a few examples of different towns. They found that the alcohol was stolen and they left empty bottles behind food wrappers, cigarette butts, thrown all over the place in apartments in the home. [00:12:26] Piles of feces blocking the toilets, family photographs torn, thrown around the house. They took away all of the closes as a code from one of the people, literally everything, male and female coats, boots, shirts, jackets, even my dresses and laundry. This is really something. The Sylvia's didn't do this, but now Russia. [00:12:49] The military apparently does. So over the past couple of weeks, there have been reporting from numerous places where Russian troops had occupied Ukrainian territory and the guardian, which is this UK newspaper collected evidence to suggest looting by Russian forces was not merely a case of a few way, word soldiers, but a systematic part of Russian military behavior across multiple towns. [00:13:17] And villages. That's absolutely amazing. Another quote here, people saw the Russian soldiers loading everything onto your old trucks. Everything they could get their hands on a dozen houses on the villages. Main street had been looted as well as the shops. Other villagers reported losing washing machines, food laptops, even as sofa, air conditioner. [00:13:41] Being shipped back, just you might use ups here or they have their equivalent over there. A lady here who was the head teacher in the school, she came back in, of course, found her home looted and in the head teacher's office. She found an open pair of scissors that had been jammed into a plasma screen that was left behind because if they can't steal it, they're going to destroy it. [00:14:07] They don't wanna leave anything behind. They found the Russian to take in most of the computers, the projectors and other electronic equipment. It's incredible. So let's talk about the turnaround here. You might've heard stories about some of these bad guys that have smashed and grabbed their way into apple stores. [00:14:27] So they get into the apple store. They grab laptops on iPads, no longer iPods, because they don't make those anymore. And I phone. And they take them and they run with them. Nowadays there's not a whole lot of use for those. Now what they have been doing, some of these bad guys is they'd take some parts and use them in stolen equipment. [00:14:52] They sell them on the used market, et cetera. But when you're talking about something specific, like an iPhone that needs specific activation. Completely different problem arises for these guys because that iPhone needs to have a SIM card in order to get onto the cell network. And it also has built in serial numbers. [00:15:15] So what happens in those cases while apple goes ahead and disables them. So as soon as they connect to the internet, they didn't say they put them on wifi. They don't get a SIM card. They don't. Service from T-Mobile or Verizon or whoever it might be. So now they just connect to the wifi and it calls home. [00:15:33] Cause it's going to get updates and download stuff from the app store and they find that it's been bricked. Now you can do that with a lot of mobile device managers that are available for. All kinds of equipment nowadays, but certainly apple equipment where if a phone is lost or stolen or a laptop or other pieces of equipment, you can get on the MDM and disable it, have it remotely erase, et cetera. [00:16:00] Now, please have had some interesting problems with that. Because a bad guy might go ahead and erase a smartphone. That's in the evidence locker at the police station. So they're doing things like putting them into Faraday cages or static bags or other things to try and stop that. So I think we've established here that the higher tech equipment is pretty well protected. [00:16:25] You steal it. It's not going to do you much. Good. So one of the things the Russian stole when they were in a it's called a, I think you pronounced. Melad Mellott DePaul which is again, a Ukrainian city is they stole all of the equipment from a farm equipment dealership and shipped it to check. Now that's according to a source in a businessman in the area that CNN is reporting on. [00:16:56] So they shipped this equipment. We're talking about combine harvesters were 300 grand a piece. They shipped it 700 miles. And the thieves were ultimately unable to use the equipment because it had been locked remotely. So think about agriculture equipment that John Deere, in this case, these pieces of equipment, they, they drive themselves. [00:17:23] It's atonomous it goes up and down the field. Goes to any pattern that you want to it'll bring itself within a foot or an inch of your boundaries, of your property being very efficient the whole time, whether it's planting or harvesting, et cetera. And that's just a phenomenal thing because it saves so much time for the farmer makes it easier to do the companies like John Deere. [00:17:49] Want to sell as many pieces of this equipment as they possibly can. And farming is known to be a what not terribly profitable business. And certainly isn't like Facebook. So how can they get this expensive equipment into the hands of a lot of farmers? What they do is they use. So you can lease the equipment through leasing company or maybe directly from the manufacturer and now you're off and running. [00:18:16] But what happens if the lease isn't paid now? It's one thing. If you don't pay your lease on a $2,000 laptop, right? They're probably not going to come hunting for you, but when you're talking about a $300,000 harvester, they're more interested. So the leasing company. Has titled to the equipment and the leasing company can shut it off remotely. [00:18:41] You see where I'm going with this so that they can get their equipment in the hands of more farmers because the farmers can lease it. It costs them less. They don't have to have a big cash payment. You see how this all works. So when the Russian forces stole this equipment, that's valued, total value here is about $5 million. [00:19:02] They were able to shut it all off. And th the, obviously if you can't start the engine, because it's all shut off and it's all run by computers nowadays, and there's pros and cons to that. I think there's a lot of cons, but what are you going to do? How's that going to work for? Isn't going to work for you. [00:19:22] And they were able to track it and had GPS trackers find out exactly where it was. That's how they know it was Tara taken to Chechnya and could be controlled remotely. And in this case, how did they control it? They completely. Shut it off, even if they sell the harvesters for spare parts to learn some money, but they sure aren't gonna be able to sell them for the 300 grand that they were actually worth. [00:19:48] Hey, stick around. We'll be right back and visit me online@craigpeterson.com. If you sign up there, you'll be able to get my insider show notes. And every week I have a quick. Training right there. New emails, Craig Peterson.com. [00:20:05] If you've been worried about ransomware, you are right to worry. It's up. It's costly. And we're going to talk about that right now. What are the stats? What can you do? What happens if you do get hacked? Interesting world! [00:20:20] Ransomware has been a very long running problem. I remember a client of ours, a car dealership who we had gone in. [00:20:31] We had improved all of their systems and their security, and one of them. People who was actually a senior manager, ended up downloading a piece of ransomware, one of these encrypted ones and opened it up and his machine all of a sudden, guess what it had ransomware on it. One of those big. Green's that say, pay up and send us this much Bitcoin, and here's our address. [00:21:00] All of that sort of stuff. And he called us up and said, what's going on here? What happened? First of all, don't bring your own machine into the office. Secondly, don't open up as particularly encrypted files using a password that they gave. And thirdly, we stopped it automatically. It did not spread. [00:21:20] We were able to completely restore his computer. Now let's consider here the consequences of what happened. So he obviously was scared. And within a matter of a couple of hours, we actually had him back to where he was and it didn't spread. So the consequences there, they weren't that bad. But how about if it had gotten worse? [00:21:47] How about if the ransomware. Also before it started holding his computer ransom, went out and found all of the data about their customers. What do you think an auto dealership would love to hear that all of their customer data was stolen and released all of the personal data of all of their customers? [00:22:08] Obviously not. So there's a potential cost there. And then how long do you think it would take a normal company? That thinks they have backups to get back online. All I can tell you it'll take quite a while because the biggest problem is most backups don't work. We have yet to go into a business that was actually doing backups that would work to help restore them. [00:22:35] And if you're interested, I can send you, I've got something I wrote up. Be glad to email it back to you. Obviously as usual, no charge. And you'll be able to go into that and figure out what you should do. Cause I, I break it down into the different types of backups and why you might want to use them or why you might not want to use them, but ransomware. [00:22:58] Is a kind of a pernicious nasty little thing, particularly nowadays, because it's to two factor, first is they've encrypted your data. You can't get to it. And then the second side of that is okay I can't get to my data and now they're threatening to hold my data ransom or they'll release. So they'll put it out there. [00:23:22] And of course, if you're in a regulated industry, which actually car dealers are because they deal with financial transactions, leases, loans, that sort of thing you can lose your license for your business. You can, you lose your ability to go ahead and frankly make loans and work with financial companies and financial instruments. [00:23:45] It could be a very big. So there are a lot of potential things that can happen all the way from losing your reputation as a business or an individual losing all of the money in your operating account. And again, we've got a client that we picked up afterwards. That yes, indeed. That lost all of the money in their operating account. [00:24:09] And then how do you make payroll? How do you do things? There's a new study that came out from checkpoint. Checkpoint is one of the original firewall companies and they had a look at ransomware. What are the costs of ransomware? Now bottom line, I'm looking at some stats here on a couple of different sites. [00:24:29] One is by the way, Conti, which is a big ransomware gang that also got hacked after they said we are going to attack anyone. That doesn't defend Plaid's invasion of Ukraine, and then they got hacked and their information was released, but here's ransomware statistics. This is from cloud words. First of all, the largest ransom demand is $50 million. [00:24:55] And that was in 2021 to Acer big computer company. 37% of businesses were hit by ransomware. In 2021. This is amazing. They're expecting by 2031. So in about a decade, ransomware is going to be costing about $265 billion a year. Now on average. Ransomware costs businesses. 1.8, $5 million to recover from an attack. [00:25:25] Now that's obviously not a one or two person place, but think of the car dealer again, how much money are they going to make over the year or over the life of the business? If you're a car dealer, you have a license to print money, right? You're selling car model or cars from manufacturers. And now you have the right to do that and they can remove that. [00:25:48] How many tens, hundreds of millions of dollars might that end up costing you? Yeah. Big deal. Total cost of ransomware last year, $20 billion. Now these are the interesting statistics here right now. So pay closer attention to this 32% of ransomware victims paid a ransom. So about a third Peter ransom demand. [00:26:12] Lastly. It's actually down because my recollection is it used to be about 50% would pay a ransom. Now on average that one third of victims that paid a ransom only recovered 65% of their data. Now that differs from a number I've been using from the FBI. That's a little bit older that was saying it ends it a little better than 50%, but 65% of pain victims recovered their. [00:26:41] Now isn't that absolutely amazing. Now 57% of companies were able to recover their data, using a cloud backup. Now think about the different types of backup cloud backup is something that can work pretty well if you're a home user, but how long did it take for your system to get back? Probably took weeks, right? [00:27:05] For a regular computer over a regular internet line. Now restoring from backups is going to be faster because your downlink is usually faster than your uplink. That's not true for businesses that have real internet service like ours. It's the same bandwidth up as it is down. But it can take again, days or weeks to try and recover your machine. [00:27:28] So it's very expensive. And I wish I had more time to go into this, but looking at the costs here and the fact that insurance companies are no longer paying out for a lot of these ransomware attacks, it could be credibly expensive for you incredibly. The number one business types by industry for ransomware attacks, retail. [00:27:59] That makes sense. Doesn't it. Real estate. Electrical contractors, law firms and wholesale building materials. Isn't that interesting? And that's probably because none of these people are really aware or conscious of doing what a, of keeping their data secure of having a good it team, a good it department. [00:28:24] So there's your bottom line. Those are the guys that are getting hit. The most, the numbers are increasing dramatically and your costs are not just in the money. You might pay as a ransom. And as it turns out in pretty much every case prevention. Is less expensive and much better than the cure of trying to pay ransom or trying to restore from backups. [00:28:52] Hey, you're listening to Craig Peterson. You can get my weekly show notes by just going to craig peterson.com. [00:29:00] You and I have talked about passwords before the way to generate them and how important they are. We'll go over that again a little bit in just a second, but there's a new standard out there that will eliminate the need for passwords. [00:29:16] Passwords are a necessary evil, at least they have been forever. I remember, I think the only system I've ever really used that did not require passwords was the IBM 360. [00:29:31] Yeah, 360, you punch up the cards, all of the JCL you feed the card deck in and off it goes. And does this little thing that was a different day, a different era. When I started in college in university, we. We had a remote systems, timeshare systems that we could log into. And there weren't much in the line of password requirements. [00:29:58] And, but you had a username, you had a simple password. And I remember one of our instructors, his name was Robert, Andrew Lang, and his password was always some sort of a combination of RA Lang. So it was always easy to guess what his password was. Today. It has gotten a lot worse today. We have devices with us all the time. [00:30:22] You might be wearing a smart watch. That requires a password. You course probably have a smartphone that also maybe requiring a password. Certainly after it boots nowadays they use fingerprints or facial recognition, which is handy, but it has its own drawbacks. But how about the websites? You're going to the systems you're using in you're at work and logging in. [00:30:49] They all require password. And usernames of some sort or another well, apple, Google, and Microsoft have all committed to expanding their support for a standard. That's actually been out there for a few years. It's called the Fido standard. And the idea behind this is that you don't have to have a password in order to. [00:31:15] Now that's really an interesting thing, right? Just looking at it because we're so used to have in this password only authenticate. And of course the thing to do there is to make sure you have for your password, multiple words in the password, it should really be a pass phrase. And between the words put in special characters or numbers, maybe. [00:31:41] Upper lower case a little bit. In those words, those are the best passwords, 20 characters, 30 characters long. And then if you have to have a pin, I typically use a 12 digit pin. And how do I remember all of these? Cause I use a completely different password for every website and right now, Let me pull it up. [00:32:03] I'm using one password dot coms, password manager. And my main password for that is about 25 characters long. And I have thirty one hundred and thirty five. And trees here in my password manager, 3,100, that is a whole lot of passwords, right? As well as software licenses and a few other things in there. [00:32:30] That's how we remember them is using a password manager. One password.com is my favorite. Now, obviously I don't make any money by referring you there. I really do like that. Some others that I've liked in the past include last pass, but they really meant. With some of their cybersecurity last year and I lost my faith in it. [00:32:51] So now what they're trying to do is make these websites that we go to as well as some apps to have a consistent, secure, and passwordless. And they're going to make it available to consumers across all kinds of devices and platforms. That's why you've got apple, Google, and Microsoft all committing to it. [00:33:15] And you can bet everybody else is going to follow along because there's hundreds of other companies that have decided they're going to work with the Fido Alliance and they're going to create this passwordless future. Which I like this idea. So how does this work? Basically you need to have a smartphone. [00:33:33] This is, I'm just going to go with the most standard way that this is going to work here in the future, and you can then have. Passkey, this is like a multi-factor authentication or two factor authentication. So for instance, right now, when I sign into a website online, I'm giving a username, given a password, and then it comes up and it asks me for a code. [00:33:57] So I enter in a six digit code and that code changes every 30 seconds. And again, I use my password manager from one password. In order to generate that code. So that's how I log into Microsoft site and Google sites and all kinds of sites out there. So it's a similar thing here now for the sites for my company, because we do cyber security for businesses, including regulated businesses. [00:34:24] We have biometrics tied in as. So to log into our systems, I have to have a username. I have to have a password. I then am sent to a single sign-on page where I have to have a message sent to my smart device. That then has a special app that uses biometrics either a face ID or a fingerprint to verify who I am. [00:34:49] Yeah, there's a lot there, but I have to protect my customers. Something that very few it's crazy. Actual managed security services providers do, but it's important, right? By the way, if you want my password. Special report, just go to Craig peterson.com. Sign up for my email list. I'll send that to you. [00:35:13] That's what we're sending out right now for anyone who signs up new@craigpeterson.com. And if you'd like a copy of it in you're already on the list, just go ahead and email me. At Craig peterson.com and ask for the password special report where I go through a lot of this sort of thing. So what will happen with this is you go to a website and I might come up with a QR code. [00:35:37] So you then scan that QR code with your phone and verify it, authorize it on your phone. You might again to have it set up so that your phone requires a facial recognition or perhaps it'll require a fingerprint. And now you are. Which is very cool. They fix some security problems in Fido over the last few years, which is great over the coming year. [00:36:02] You're going to see this available on apple devices, Google Microsoft platforms, and it really is simple, stronger authentication. That's sort of Fido calls it. But it is going to make your life a lot easy, easier. It is a standard and the passwordless future makes a whole lot of sense for all of us. Now, I want to talk about another thing here that just bothered me for a long time. [00:36:30] I have a sister. Who is in the medical field and gives prescriptions, doctor thing. And I think she's not quite a doctor. I can't remember what she has. She's an LPN or something. And anyhow, so she. We'll get on a zoom call with someone and they'll go through medical history and what's happening right now and she'll make prescriptions. [00:36:57] And so I warned her about that saying, it is very bad to be using zoom because zoom is not secure. Never has been, probably never will be right. If you want secure. To go and pay for it from one of these providers like WebEx, that's what we use. We have a version of WebEx that is set up to be secure. [00:37:20] So I talked to her about that and said, Hey, listen, you can't do this. You've really got to go another way here. And so she started using one of these mental or. Medical health apps. What I want to talk about right now specifically are some checks that were just performed some audits on mental health apps. [00:37:45] That's why I messed up a second ago, but what they looked at is that things are a serious problem there. And then fact, the threat post, just calling it a. Frankly, just plain old creepy. So they've got some good intentions. They want to help with mental health. You've probably seen these or at least heard them advertise. [00:38:06] So you can get on the horn with a mental health professional, a doctor or otherwise in order to help you here with your psychological or spiritual wellness. And people are sharing their personal and sensitive data with third parties and have 32 mental health and prayer mobile apps that were investigated by the open source organization. [00:38:32] 28, 28 of the 32 were found to be inherently insecure and were given a privacy not included label, including others here. So this is a report. That was released here by the open source organization, tied into Mozilla. Those are the Firefox people. They have what they call their minimum security standards. [00:38:56] So things like requiring strong passwords, managing security, updates, and vulnerabilities, et cetera. 25 of the 32 failed to meet. Even those minimum security standards. So these apps are dealing with some of the most sensitive mental health and wellness issues people can possibly have, right? Depression, anxieties, suicidal fonts, domestic violence, eating disorders. [00:39:23] And they are being just terrible with your security Mozilla researchers spent 255 hours or about eight hours per product pairing under the hood of the security, watching the data that was going back and forth, right between all of these mental health and prayer apps. It was just crazy. So for example, eight of the apps reviewed, allowed weak passwords, that range. [00:39:52] One digit one as the password to 1, 1, 1, 1, while a mental health app called a mood fit only required one letter or digit as a password. Now that is very concerning for an app that collects mood and symptom data. So be very careful. Two of the apps better help a popular app that connects users with therapists and better stop suicide, which is a course of suicide prevention app have vague and messy, according to Mozilla privacy policies that have little or no effect on actual. [00:40:30] User data protection. So be very careful. And if you're a mental health, professional or medical professional, don't just go and use these open video calls, et cetera, et cetera, find something good. And there are some standards out there. Again. Visit me online, get my insider show notes every week. Get my little mini trends. [00:40:56] And they come up most weeks. Just go to Craig peterson.com. And I'll send you my special report on passwords and more. [00:41:06] We know the Russians have been attacking us. I've talked a lot about it on the radio station, all kinds of stations. In fact, here over the last couple of weeks, and I am doing something special, we are going through the things you can do to keep safe. [00:41:23] Last week we started doing something I promise we would continue. [00:41:27] And that is how can you protect yourself when it comes to the Russians, right? When it comes to the bad guys, because the Russians are definitely the bad guys. There's a few things you can do. And there's a few things, frankly, you shouldn't be doing. And that's exactly what we're going to talk about right now. [00:41:45] So last week he went over some steps, some things that you can look at that you should look at that are going to help protect you. And we are going to go into this a whole lot more today. And so I want you to stick around and if you miss anything, you can go online. You can go to Craig peterson.com, make sure you sign up there for my email. [00:42:08] And what I'm going to do for you is. Send you a few different documents now where we can chat back and forth about it, but I can send you this. Now I'm recording this on video as well as on audio. So you can follow along if you're watching either on YouTube or. Over on rumble and you can find it also on my website. [00:42:32] I've been trying to post it up there too, but right now let's talk about what we call passive backend protections. So you've got the front end and the front end of course, is. Stuff coming at you, maybe to the firewall I've mentioned last week about customers of mine. I was just looking at a few customers this week, just so I could have an idea of their firewalls. [00:42:59] And they were getting about 10 attacks per minute. Yeah. And these were customers who have requirements from the department of defense because they are defense sub subcontractors. So again, Potential bad guys. So I looked up their IP addresses and where the attacks were coming from. Now, remember that doesn't mean where they originated because the bad guys can hop through multiple machines and then get onto your machine. [00:43:28] What it means is that all, ultimately they ended up. Coming from one machine, right? So there's an IP address of that machine. That's attacking my clients or are attacking my machines. That just happens all the time. A lot of scans, but some definite attacks where they're trying to log in using SSH. [00:43:48] And what I found is these were coming from Slovakia, Russia, and Iran. Kind of what you were expecting, right? The Iranians, they just haven't given up yet. They keep trying to attack, particularly our military in our industry. One of the things we found out this week from, again, this was an FBI notice is that the Russians have been going after our industrial base. [00:44:15] And that includes, in fact, it's more specifically our automobile manufacturers we've already got problems, right? Try buying a new car, try buying parts. I was with my friend, just this. I helped them because he had his car right. Need to get picked up. So I took him over to pick up his car and we chatted a little bit with this small independent automotive repair shop. [00:44:40] And they were telling us that they're getting sometimes six, eight week delays on getting parts and some parts. They just can't. So they're going to everything from junkyards on out, and the worst parts are the parts, the official parts from the car manufacturers. So what's been happening is Russia apparently has been hacking into these various automobile manufacturers and automobile parts manufacturers. [00:45:10] And once they're inside, they've been putting in. A remote control button net. And those botnets now have the ability to wake up when they want them to wake up. And then once they've woken up, what do they do? Who knows? They've been busy erasing machines causing nothing, but having they've been doing all kinds of stuff in the past today, they're sitting there. [00:45:31] Which makes you think they're waiting, it's accumulate as much as you possibly can. And then once you've got it all accumulated go ahead and attack. So they could control thousands of machines, but they're not just in the U S it's automobile manufacturers in Japan. That we found out about. [00:45:50] So that's what they're doing right now. So you've got the kind of that front end and back end protections. So we're going to talk a little bit about the back end. What does that mean? When a cybersecurity guy talks about the backend and the protections. I got it up on my green right now, but here's the things you can do. [00:46:10] Okay. Remember, small businesses are just getting nailed from these guys, because again, they're fairly easy targets. One change your passwords, right? How many times do we have to say that? And yet about 70% of businesses out there are not using a good password methodology. If you want more information on passwords, two factor authentication, you name it. [00:46:37] Just email me M e@craigpeterson.com. I want to get the information out now. You got to make sure that all of the passwords on your systems are encrypted are stored in some sort of a good password vault as you really should be looking at 256 bit encryption or better. I have a vendor of. That I use. So if you get my emails every week, when them, there's the little training. [00:47:06] And so I'll give you a five minute training. It's written usually it's in bullet point for, I'm just trying to help you understand things. That provider of mine has a big database and there's another provider that I use that is for. So the training guys use the database of my provider. [00:47:27] In using that database, they're storing the passwords and the training providers putting passwords in the clinics. Into the database, which is absolutely crazy. So again, if you're a business, if you're storing any sort of personal information, particularly passwords, make sure that you're using good encryption and your S what's called salting the hash, which means. [00:47:53] You're not really storing the password, just joining assaulted hash. I can send you more on this. If you are a business and you're developing software that's, this is long tail stuff here. Configure all of the security password settings so that if someone's trying to log in and is failing that, and you block it, many of us that let's say you're a small business. [00:48:15] I see this all of the time. Okay. You're not to blame. You, but you have a firewall that came from the cable company. Maybe you bought it at a big box retailer. Maybe you bought it online over at Amazon, as hurricane really great for you. Has it got settings on there that lets you say. There's 20 attempts to log in. [00:48:38] Maybe we should stop them. Now, what we do personally for our customers is typically we'll block them at somewhere around three or four failed attempts and then their passwords block. Now you can configure that sort of thing. If you're using. Email. And that's an important thing to do. Let me tell you, because we've had some huge breaches due to email, like Microsoft email and passwords and people logging in and stealing stuff. [00:49:06] It was just a total nightmare for the entire industry last year, but limit the number of login retries as well as you're in there. These excessive login attempts or whatever you want to define it as needs to lock the account. And what that means is even if they have the right password, they can't get in and you have to use an administrative password in order to get in. [00:49:31] You also want to, what's called throttle, the rate of repeated logins. Now you might've gotten caught on this, right? You went to your bank, you went to E-bay, you went to any of these places and all of a sudden. And denied you write it blocked you. That can happen when your account is on these hackers lists. [00:49:51] You remember last week we talked about password spraying while that's a very big deal and hackers are doing the sprain trick all of the time, and that is causing you to get locked out of your own account. So if you do get locked out, remember it might be because someone's trying to break. Obviously you have to enforce the policies. [00:50:16] The capture is a very good thing. Again, this is more for software developer. We always recommend that you use multifactor or two factor authentication. Okay. Do not use your SMS, your text messages for that, where they'll send you a text message to verify who you are. If you can avoid that, you're much better off. [00:50:36] Cause there's some easy ways to get around that for hackers that are determined. Okay. A multi-factor again, installed an intrusion. system. We put right at the network edge and between workstations and servers, even inside the network, we put detection systems that look for intrusion attempts and block intrusion attempts. [00:51:02] A very important use denied lists to block known attackers. We build them automatically. We use some of the higher end Cisco gates. Cisco is a big network provider. They have some of the best hardware and software out there, and you have to subscribe to a lot of people complain. I ain't going to just go buy a firewall for 200 bucks on Amazon. [00:51:24] Why would I pay that much a month just to to have a Cisco firewall? And it's like praying pain for the brand. I've got by logo chert on here. Oh, I wouldn't pay for that. No, it's because they are automatically providing block lists that are updated by the minute sometimes. And then make sure you've got an incident response plan in place. [00:51:50] What are you going to do when they come for you? What are you going to do?  [00:51:55] Now we're going to talk about prevention. What can you do an order to stop some of these attacks that are coming from Russia and from other countries, it is huge. People. Believe me, this is a very big problem. And I'm here to help. [00:52:12] We've reviewed a number of things that are important when it comes to your cyber security and your protection. [00:52:20] We talked about the front end. We talked about the backend. Now we're going to talk about pure prevention and if you're watching. Online. You'll be able to see my slides as they come up, as we talk about some of this stuff and you'll find me on YouTube and you'll also find me on rumble, a fairly new platform out there platform that doesn't censor you for the things you say. [00:52:44] Okay. So here we go. First of all, enabling your active directory password protection is going to. Four's password protection all the way through your business. Now I've had some discussions with people over the months, over the years about this whole thing and what should be done, what can be done, what cannot be done. [00:53:09] Hey, it's a very big deal when it comes to password protection and actor directory, believe it or not, even though it's a Microsoft product is pretty darn good at a few things. One of them is. Controlling all the machines and the devices. One of the things we do is we use an MDM or what used to be a mobile device manager called mass 360. [00:53:34] It's available from IBM. We have a special version of that allows us as a managed security services provider to be able to control everything on people's machines. Active directory is something you should seriously consider. If you are a Mac based shop. Like I am. In fact, I'm sitting right now in front of two max that I'm using right now, you'll find that active directory is a little bit iffy. [00:54:04] Sometimes for max, there are some work around and it's gotten better mastery. 60 is absolutely the way to go, but make sure you've got really good. Passwords and the types of passwords that are most prone to sprain the attacks are the ones you should be banning specifically. Remember the website? Have I been poned? [00:54:28] Yeah. It's something that you should go to pretty frequently. And again, if you miss anything today, just email me M e@craigpeterson.com. Believe me, I am not going to harass you at all. Okay. Now, the next thing that you should be doing is what's called red team blue team. Now the red team is a group of people, usually outside of your organization. [00:54:54] If you're a big company they're probably inside, but the red team is the team that attacks you. They're white hat hackers, who are attacking you, looking for vulnerabilities, looking for things that you should or shouldn't be doing. And then the blue team is the side that's trying to defend. So think of, like war games. [00:55:12] Remember that movie with Matthew Broderick all of those decades ago and how the, he was trying to defend that computer was trying to defend that it moved into an attack mode, right? Red team's attack, blue team is defend. So you want. To conduct simulated attacks. Now w conducting these attacks include saying, oh my let's now put in place and execute our plan here for what are we going to do once we have a. [00:55:44] And you darn well better have a breach plan in place. So that's one of the things that we help as a fractional chief information security officer for companies, right? You've got to get that in place and you have to conduct these simulated attacks and you have to do penetration testing, including password spraying attacks. [00:56:04] There's so many things you can do. The one of the things that we like to do and that you might want to do, whether you're a home user, retiree or a business is go and look online, you can just use Google. I use far more advanced tools, but you can use Google and look for your email address right there. [00:56:23] Look for the names of people inside your organization. And then say wait a minute, does that data actually need to be there? Or am I really exposing the company exposing people's information that shouldn't be out there because you remember the hackers. One of the things they do is they fish you fish as in pH. [00:56:47] So they'll send you an email that looks like. Hey let me see. I know that Mary is the CFO, and I know that Joe's going to be out of town for two weeks in The Bahamas, not a touch. So while he's got. I'm going to send an email to Mary, to get her to do something, to transfer the company's funds to me. [00:57:06] Okay. So that's what that's all about. You've got to make sure, where is our information? And if you go to my company's page, mainstream.net, you'll see on there that I don't list any of the officers or any of the people that are in the company, because that again is a security problem. [00:57:24] We're letting them know. I go to some of these sites, like professional sites lawyers, doctors, countenance, and I find right there all, are there people right there top people or sometimes all of them. And then we'll say, yeah, I went to McGill university, went to Harvard, whatever my B. It's all there. So now they've got great information to fish you, to fish that company, because all they have to do is send an email to say, Hey, you remember me? [00:57:56] We're in Harvard when this class together. And did you have as a professor to see how that works? Okay. You also want to make. That you implement, what's called a passwordless user agent, and this is just so solely effective. If they cannot get into your count, what's going to, what could possibly go wrong, but one of the ways to not allow them into the count is to use. [00:58:24] Biometrics. We use something called duo and we have that tied into the single sign-on and the duo single sign-on works great because what it does now is I put in, I go to a site, I put it into my username and. Pulls up a special splash page that is running on one of our servers. That again asks me for my duo username. [00:58:48] So I've got my username for the site then to my dual username and my duo password single sign on. And then it sends me. To an app on my smart device, a request saying, Hey, are you trying to log into Microsoft? And w whatever it might be at Microsoft, and you can say yes or no, and it uses biometric. [00:59:11] So those biometrics now are great because it says, oh, okay, I need a face ID or I need a thumb print, whatever it might be that allows a generalized, a password, less access. Okay. Password less. Meaning no pass. So those are some of the top things you can do when it comes to prevention. And if you use those, they're never going to be able to get at your data because it's something you have along with something, it works great. [00:59:45] And we like to do this. Some customers. I don't like to go through those hoops of the single sign-on and using duo and making that all work right where we're fine with it. We've got to keep ourselves, at least as secure as the DOD regulations require unlike almost anybody else in industry, I'm not going to brag about it. [01:00:09] But some of our clients don't like to meet the tightest of controls. And so sometimes they don't. I hate to say that, but they just don't and it's a fine line between. Getting your work done and being secure, but I think there's some compromises it can be readily made. We're going to talk next about saving your data from ransomware and the newest ransomware. [01:00:36] We're going to talk about the third generation. That's out there right now. Ransomware, it's getting crazy. Let me tell ya and what it's doing to us and what you can do. What is a good backup that has changed over the last 12 months? It's changed a lot. I used to preach 3, 2, 1. There's a new sheriff in town. [01:00:58] Stick around Craig peterson.com. [01:01:02] 3, 2, 1 that used to be the standard, the gold standard for backing up. It is no longer the case with now the third generation of ransomware. You should be doing something even better. And we'll talk about it now. [01:01:19] We're doing this as a simulcast here. It's on YouTube. It is also on rumble. [01:01:27] It's on my website@craigpeterson.com because we're going through the things that you can do, particularly if you're a business. To stop the Russian invasion because as we've been warned again and again, the Russians are after us and our data. So if you missed part of what we're talking about today, or. [01:01:50] Last week show, make sure you send me an email. me@craigpeterson.com. This is the information you need. If you are responsible in any way for computers, that means in your home, right? Certainly in businesses, because what I'm trying to do is help and save those small businesses that just can't afford to have full-time. [01:02:15] True cyber security personnel on site. So that's what the whole fractional chief information security officer thing is about. Because you just, you can't possibly afford it. And believe me, that guy that comes in to fix your computers is no cyber security expert. These people that are attacking our full time cybersecurity experts in the coming from every country in the world, including the coming from the us. [01:02:44] We just had more arrests last week. So let's talk about ransomware correctly. Ransomware, very big problem. Been around a long time. The first version of ransomware was software got onto your computer through some mechanism, and then you had that red screen. We've all seen that red screen and it says, Hey, pay up buddy. [01:03:07] It says here you need to send so many Bitcoin or a fraction of a Bitcoin or so many dollars worth of Bitcoin. To this Bitcoin wallet. And if you need any help, you can send email here or do a live chat. They're very sophisticated. We should talk about it some more. At some point that was one generation. [01:03:29] One generation two was not everybody was paying the ransoms. So what did they do at that point? They said let me see if they, we can ransom the data by encrypting it and having them pay us to get it back. 50% of the time issue got all your data back. Okay. Not very often. Not often enough that's for sure. [01:03:49] Or what we could do is let's steal some of their intellectual property. Let's steal some of their data, their social security number, their bank, account numbers, et cetera. They're in a, in an Excel spreadsheet on their company. And then we'll, if they don't pay that first ransom, we'll tell them if they don't pay up, we'll release their information. [01:04:10] Sometimes you'll pay that first ransom and then they will hold you ransom a second time, pretending to be a different group of cyber terrorists. Okay. Number three, round three is what we're seeing right now. And this is what's coming from Russia, nears, everything we can tell. And that is. They are erasing our machines. [01:04:31] Totally erasing them are pretty sophisticated ways of erasing it as well, so that it sinks in really, it's impossible to recover. It's sophisticated in that it, it doesn't delete some key registry entries until right at the very end and then reboots and computer. And of course, there's. Computer left to reboot, right? [01:04:55] It's lost everything off of that hard drive or SSD, whatever your boot devices. So let's talk about the best ways here to do some of this backup and saving your data from ransomware. Now you need to use offsite disconnected. Backups, no question about it. So let's talk about what's been happening. [01:05:17] Hospitals, businesses, police departments, schools, they've all been hit, right? And these ransomware attacks are usually started by a person. I'll link in an email. Now this is a poison link. Most of the time, it used to be a little bit more where it was a word document, an Excel document that had something nasty inside Microsoft, as I've said, many times has truly pulled up their socks. [01:05:45] Okay. So it doesn't happen as much as it used to. Plus with malware defender turned on in your windows operating system. You're going to be a little bit safer next step. A program tries to run. Okay. And it effectively denies access to all of that data. Because it's encrypted it. And then usually what it does so that your computer still works. [01:06:09] Is it encrypts all of you, like your word docs, your Excel docs, your databases, right? Oh, the stuff that matters. And once they've got all of that encrypted, you can't really access it. Yeah. The files there, but it looks like trash now. There's new disturbing trends. It has really developed over the last few months. [01:06:31] So in addition to encrypting your PC, it can now encrypt an entire network and all mounted drives, even drives that are marrying cloud services. Remember this, everybody, this is really a big deal because what will happen here is if you have let's say you've got an old driver G drive or some drive mounted off of your network. [01:06:57] You have access to it from your computer, right? Yeah. You click on that drive. And now you're in there and in the windows side Unix and max are a little different, but the same general idea you have access to you have right. Access to it. So what they'll do is any mounted drive, like those network drives is going to get encrypted, but the same thing is true. [01:07:20] If you are attaching a U S B drive to your company, So that USB drive, now that has your backup on it gets encrypted. So if your network is being used to back up, and if you have a thumb drive a USB drive, it's not really a thumb drive, right? There's external drive, but countered by USP hooked up. [01:07:45] And that's where your backup lives. Your. Because you have lost it. And there have been some pieces of software that have done that for awhile. Yeah. When they can encrypt your network drive, it is really going after all whole bunch of people, because everyone that's using that network drive is now effective, and it is absolutely. [01:08:10] Devastating. So the best way to do this is you. Obviously you do a bit of a local backup. We will usually put a server at the client's site that is used as a backup destiny. Okay. So that servers, the destination, all of the stuff gets backed up there. It's encrypted. It's not on the network per se. It's using a special encrypted protocol between each machine and the backup server. And then that backup servers data gets pushed off site. Some of our clients, we even go so far as to push it. To a tape drive, which is really important too, because now you have something physical that is by the way, encrypted that cannot be accessed by the attacker. [01:09:03] It's offsite. So we have our own data center. The, we run the, we manage the no one else has access to it is ours. And we push all of those backups offsite to our data center, which gives us another advantage. If a machine crashes badly, right? The hard disk fails heaven forbid they get ransomware. We've never had that happen to one of our clients. [01:09:29] Just we've had it happen prior to them becoming clients, is that we can now restore. That machine either virtually in the cloud, or we can restore it right onto a piece of hardware and have them up and running in four hours. It can really be that fast, but it's obviously more expensive than in some. [01:09:51] Are looking to pay. All right, stick around. We've got more to talk about when we come back and what are the Russians doing? How can you protect your small business? If you're a one, man, one woman operation, believe it. You've got to do this as well. Or you could lose everything. In fact, I think our small guys have even more to lose Craig peterson.com. [01:10:16] Backups are important. And we're going to talk about the different types of backups right now, what you should be doing, whether you're a one person, little business, or you are a, multi-national obviously a scale matters. [01:10:32] Protecting your data is one of the most important things you can possibly do. [01:10:36] I have clients who had their entire operating account emptied out, completely emptied. It's just amazing. I've had people pay. A lot of money to hackers to try and get data back. And I go back to this one lady over in Eastern Europe who built a company out of $45 million. By herself. And of course you probably heard about the shark tank people, right? [01:11:07] Barbara Cochran, how she almost lost $400,000 to a hacker. In fact, the money was on its way when she noticed what was going on and was able to stop it. So thank goodness she was able to stop it. But she was aware of these problems was looking for the potential and was able to catch it. How many of us are paying that much attention? [01:11:34] And now one of the things you can do that will usually kind of protect you from some of the worst outcomes. And when it comes to ransomware is to backup. And I know everybody says, yeah, I'm backing up. It's really rare. When we go in and we find a company has been backing up properly, it even happens to us sometimes. [01:11:59] We put them back up regimen in place and things seem to be going well, but then when you need the backup, oh my gosh, we just had this happen a couple of weeks ago. Actually this last week, this is what happened. We have. Something called an FMC, which is a controller from Cisco that actually controls firewalls in our customer's locations. [01:12:26] This is a big machine. It monitors stuff. It's tied into this ice server, which is. Looking for nastiness and we're bad guys trying to break in, right? It's intrusion detection and prevention and tying it into this massive network of a billion data points a day that Cisco manages. Okay. It's absolutely huge. [01:12:48] And we're running it in a virtual machine network. So we. Two big blade. Chassies full of blades and blades are each blade is a computer. So it has multiple CPU's and has a whole bunch of memory. It also has in there storage and we're using something that VMware calls visa. So it's a little virtual storage area network. [01:13:15] That's located inside this chassis and there are multiple copies of everything. So if a storage unit fails, you're still, okay. Everything stays up, it keeps running. And we have it set up so that there's redundancy on pond redundancy. One of the redundancies was to back it up to a file server that we have that's running ZFS, which is phenomenal. [01:13:40] Let me tell you, it is the best file system out there I've never ever had a problem with it. It's just crazy. I can send you more information. If you ever interested, just email me@craigpeterson.com. Anytime. Be glad to send you the open source information, whatever you need. But what had happened is. [01:13:57] Somehow the boot disk of that FMC, that, that firewall controller had been corrupted. So we thought, oh, okay, no problem. Let's look at our backups. Yeah, hadn't backed up since October, 2019. Yeah, and we didn't know it had been silently failing. Obviously we're putting stuff in place to stop that from ever happening again. [01:14:27] So we are monitoring the backups, the, that network. Of desks that was making up that storage area network that had the redundancy failed because the machine itself, somehow corrupted its file system, ext four file system right then are supposed to be corruptible, but the journal was messed up and it was man, what a headache. [01:14:51] And so they thought, okay, you're going to have to re-install. And we were sitting there saying, oh, you're kidding me. Reinstalling this FMC controller means we've got to configure our clients, firewalls that are being controlled from this FMC, all of their networks, all of their devices. We had to put it out. [01:15:07] This is going to take a couple of weeks. So because I've been doing this for so long. I was able to boot up an optics desk and Mount the file system and go in manually underneath the whole FMC, this whole firewall controller and make repairs to it. Got it repaired, and then got it back online. So thank goodness for that. [01:15:33] It happens to the best of us, but I have to say I have never had a new client where they had good backups. Ever. Okay. That, and now that should tell you something. So if you are a business, a small business, whatever it might be, check your backups, double check them. Now, when we're running backups, we do a couple of things. [01:15:57] We go ahead and make sure the backup is good. So remember I mentioned that we h

In this episode of “Technically Human,” I sit down with Dr. Eric Daimler. We talk about one of the biggest technology problems facing us today—data deluge—and how new computational models and theories can help solve it and, Dr. Daimler weighs in on the gaps, differences, and possibilities for collaboration between policy, industry, and academia. And we talk about what a vision of “AI for Good” might look like in a world of increasingly infinite data. Dr. Eric Daimler is a leading authority in robotics and artificial intelligence with over 20 years of experience as an entrepreneur, investor, technologist, and policymaker. He served under the Obama Administration as a Presidential Innovation Fellow for AI and Robotics in the Executive Office of President, as the sole authority driving the agenda for U.S. leadership in research, commercialization, and public adoption of AI & Robotics. Dr. Daimler has incubated, built and led several technology companies recognized as pioneers in their fields ranging from software systems to statistical arbitrage. His newest venture, Conexus, is a groundbreaking solution for what is perhaps today's biggest information technology problem — data deluge. As founder and CEO of Conexus, Dr. Daimler  is leading the development of CQL, a patent-pending platform founded upon category theory — a revolution in mathematics — to help companies manage the overwhelming and rapidly growing challenge of data integration and migration. His academic research has been at the intersection of AI, Computational Linguistics, and Network Science (Graph Theory). His work has expanding to include economics and public policy. He served as Assistant Professor and Assistant Dean at Carnegie Mellon's School of Computer Science where he founded the university's Entrepreneurial Management program and helped to launch Carnegie Mellon's Silicon Valley Campus. He has studied at the University of Washington-Seattle, Stanford University, and Carnegie Mellon University, where he earned his Ph.D. in Computer Science. Dr. Daimler's extensive career spanning business, academics and policy give him a rare perspective on the next generation of AI. Dr. Daimler sees clearly how information technology can dramatically improve our world. However, it demands our engagement. Neither a utopia nor dystopia is inevitable. What matters is how we shape and react to, its development. This episode was produced by Matt Perry. Our head of reseaarch is Sakina Nuruddin. Art by Desi Aleman.

Cassandra Database reaches 4.0. Nearly six years on from the release of Apache Cassandra 3.0, the community behind the popular open-source distributed database has announced the release of v4.0 of Apache Cassandra. Patrick McFadin, VP of Developer Relations at DataStax, and Ben Bromhead, CTO of Instaclustr, are with Swapnil Bhartiya to talk about it. The first issue to be addressed is the importance Cassandra holds in the modern world. McFadin starts off by talking about what workloads Cassandra is focused on, which are websites and mobile applications. McFadin says, "When you use a mobile app on your phone, you're probably using Cassandra." Since its inception, Cassandra has developed into a "really awesome, general-purpose database," adds Bromhead. More importantly, he makes mention of scalability when he says, "As people reach the limits of scalability or availability when it comes to some of the other databases out there (such as MySQL and PostgreSQL), we see developers reaching for Apache Cassandra." The discussion then shifts to the new features available in Cassandra v4.0. Bromhead talks about structural changes based around the Netty networking framework, which has enabled several really cool features, such as zero-copy streaming which allows an Apache Cassandra node to stream the data it's responsible for and leads to wire-level streaming speeds between nodes. Practically speaking, that means users can now run denser nodes. The 4.0 release also saw the deprecation of the Thrift protocol, in favor of the CQL protocol, which was a major change. As far as the upgrade process is concerned, version 4.0 should be considerably easier than previous releases. "If you had been upgrading Cassandra, before, like in the three and twos, there was always a long list of intermediate patches that you had to put into place, or you had to do some extra work mid-upgrade. Because of that, the developers decided it was of utmost importance to make it simple," explains McFadin. Bromhead calls out to developers and admins to "not stress too much about this one. Still run through all the track checks and the standard processes you do. But again, this has been pretty well battle-tested." To further highlight the upgrade process, McFadin mentions that the maintainers had a lot of discussion about the project and how improvements to the upgrade start at the developer level. McFadin says, "Instead of just having someone drop code in and ask everyone what they think, we have a proposal process. So you outline the change that you want to make, we have good discussions about it, and make some changes before there's actual code." Processes like this certainly go a long way in making a project more stable over time.

In this episode of the IoT For All Podcast, Conexus CEO and Co-Founder Eric Daimler joins us to talk AI systems. Eric shares some of the most important components of AI systems, what new use cases they enable, and what the market looks like for AI technology and applications. Eric also shares the story of Conexus including how it came to be and some of the challenges of bringing an AI-powered data integration solution to market.Dr. Eric Daimler is a leading authority in robotics and artificial intelligence with over 20 years of experience as an entrepreneur, investor, technologist, and policymaker. Eric served under the Obama Administration as a Presidential Innovation Fellow for AI and Robotics in the Executive Office of the President, as the sole authority driving the agenda for U.S. leadership in research, commercialization, and public adoption of AI & Robotics.As a successful entrepreneur, Eric is looking towards the next generation of AI as a system that creates a multi-tiered platform for fueling the development and adoption of emerging technology for industries that have traditionally been slow to adapt. As founder and CEO of Conexus, Eric is leading CQL, a patent-pending platform founded upon category theory — a revolution in mathematics — to help companies manage the overwhelming challenge of data integration and migration.Interested in connecting with Eric Daimler? Reach out to him on Linkedin!About Conexus: Conexus was founded to deal with one of the biggest problems plaguing the majority of businesses today — data deluge. Every business is now a data-driven business but they are few means to manage data efficiently with minimal time and cost.The Conexus solution uses new math developed at MIT to create new algorithms that establish relationships among large, disparate sets of data resulting in seamless data integration and interoperability which is accomplished in a short time period at a mere fraction of the cost of today's cumbersome, manual integration projects that can take years and waste billions of dollars.Key Questions and Topics from this Episode:(00:54) Intro to Eric Daimler(04:47) Intro to Conexus(06:16) What types of use cases have Conexus been involved in?(10:14) What is an AI system?(14:13) What are the components of an AI system(18:57) What is the industry and customer focus at Conexus(21:11) What challenges did you experience going to market?(23:30) What market trends have you seen in AI?(27:09) What are data lakes?(30:12) What's the best first step for companies to utilize their existing data?(33:42) How will AI affect the workforce?

About Patrick McFadinPatrick McFadin is the VP of Developer Relations at DataStax, where he leads a team devoted to making users of Apache Cassandra successful. He has also worked as Chief Evangelist for Apache Cassandra and consultant for DataStax, where he helped build some of the largest and exciting deployments in production. Previous to DataStax, he was Chief Architect at Hobsons and an Oracle DBA/Developer for over 15 years.Twitter: @PatrickMcFadinLinkedIn: Patrick McFadin DataStax website: datastax.comK8ssandra: k8ssandra.ioStargate: stargate.ioDataStax Astra: Cassandra-as-a-ServiceWatch this episode on YouTube: https://youtu.be/-BcIL3VlrjEThis episode sponsored by CBT Nuggets and Fauna.TranscriptJeremy: Hi everyone, I'm Jeremy Daly and this is Serverless Chats. Today I'm chatting with Patrick McFadin. Hey Patrick, thanks for joining me.Patrick: Hi Jeremy. How are you doing today?Jeremy: I am doing really well. So you are the VP of Developer Relations at DataStax, so I'd love it if you could tell the listeners a little bit about yourself and what DataStax is all about.Patrick: Sure. Well, I mean mostly I'm just a nerd with a cool job. I get to talk about technology a lot and work with technology. So DataStax, we're a company that was founded around Apache Cassandra, just supporting and making it awesome. And that's really where I came to the company. I've been working with Apache Cassandra for about 10 years now. I've been a part of the project as a contributor.But yeah, I mean mostly data infrastructure has been my life for most of my career. I did this in the dotcom era, back when it was really crazy when we had dozens of users. And when that washed out, I'm like, oh, then real scale started and during that period of time I worked a lot in just trying to scale infrastructure. It seems like that's been what I've been doing for like 30 years it seems like, 20 years, 20 years, I'm not that old. Yeah. But yeah, right now, I spend a lot of my time just working with developers on what's next in Kubernetes and I'm part of CNCF now, so yeah. I just can't to seem to stay in one place.Jeremy: Well, so I'm super interested in the work that DataStax is doing because I have had the pleasure/misfortune of managing a Cassandra ring for a start-up that I was at. And it was a very painful process, but once it was set up and it was running, it wasn't too, too bad. I mean, we always had some issues here and there, but this idea of taking a really good database, because Cassandra's great, it's an excellent data store, but managing it is a nightmare and finding people who can manage it is sort of a nightmare, and all that kind of stuff. And so this idea of taking these services and DataStax isn't the only one to do this, but to take these open-source services and turn them into these hosted solutions is pretty fantastic. So can you tell me a little bit more, though? What this shift is about? This moving away from hosting your own databases to using databases as a service?Patrick: Yeah. Well, you touched on something important. You want to take that power, I mean Cassandra was a database that was built in the scale world. It was built to solve a problem, but it was also built by engineers who really loved distributed computing, like myself, and it's funny you say like, "Oh, once I got it running, it was great," well, that's kind of the experience with most distributed databases, is it's hard to reason around having, "Oh, I have 100 mouths to feed now. And if one of them goes nuts, then I have to figure it out."But it's the power, that power, it's like stealing fire from the gods, right? It's like, "Oh, we could take the technology that Netflix and Apple and Facebook use and use it in our own stuff." But you got to pay the price, the gods demand their payment. And that's something that we've been really trying to tackle at DataStax for a couple of years now, actually three, which is how ... Because the era of running your own database is coming to an end. You should not run your own database. And my philosophy as a technologist is that proper, really important technology like your data layer should just fade into the background and it's just something you use, it's not something you have to reason through very much.There's lots of technology that's like that today. How many times have you ... When was the last time you managed your own memory in your code?Jeremy: Right. Right. Good point. I know.Patrick: Thank god, huh?Jeremy: Exactly.Patrick: Whew.Jeremy: But I think that you make a really good point, because you do have these larger companies like Facebook or whatever that are using these technologies and you mentioned data layers, which I don't think I've worked for a single company, I don't think I actually ... I founded a start-up one time and we built a data layer as well, because it's like, the complexity of understanding the transaction models and the routing, especially if you're doing things like sharding and all kinds of crazy stuff like that, hiding that complexity from your developers so that they can just say, "I need to get this piece of information," or, "I need to set this piece of information," is really powerful.But then you get stuck with these data layers that are bespoke and they're generally fragile and things like that, so how is that you can take data as a service and maybe get rid of some of that, I don't know, some of that liability I guess?Patrick: Yeah. It's funny because you were talking about sharding and things like that. These are things that we force on developers to reason through, and it's just cognitive load. I have an app to get out, and I have some business desire to get this application online, the last thing I need to worry about is my sharding algorithm. Jeremy, friends don't let friends shard.Jeremy: Right. That's right. That's a good point.Patrick: But yeah, I mean I think we actually have all the parts that we need and it's just about, this is closer than you think. Look at where we've already started going, and that is with APIs, using REST. Now GraphQL, which I think is deserving its hotness, is starting to bring together some things that are really important for this kind of world we want to live in. GraphQL is uni-fettering data and collecting and actual queries, it's a QL, and why they call it Graph, I have no idea. But it gives you this ability to have this more abstract layer.I think GraphQL will, here's a prediction is that it's going to be like the SQL of working with data services on the internet and for cloud-native applications. And so what does that mean? Well, that means I just have to know, well, I need some data and I don't really care what's underneath it. I don't care if I have this field indexed or anything like that. And that's pretty exciting to me because then we're writing apps at that point.Jeremy: Right. Yeah. And actually, that's one of the things I really like about GraphQL too is just this idea that it's almost like a universal data access layer in a sense because it does, you still have to know it, you have to know what you're requesting if you're an end developer, but it makes it easier to request the things that you need and have those mutations set and have some of those other things standardized across the company, but in a common format because isn't that another problem? Where it's like, I'm working with company A and I move to company B maybe and now company B is using a different technology and a different bespoke data layer and some of these other things.So, I think data as a service for one, maybe with GraphQL in front of it is a great way to have this alignment across companies, or I guess, just makes it easier for developers to switch and start developing right away when they move into a new company.Patrick: Yeah, and this is a concept I've been trying to push pretty hard and it's driven by some conversations I've had with some friends that they're engineering leaders and they have this common desire. We want to have a zero day dev, which is the first day that someone starts, they should be producing production code. And I don't think that's crazy talk, we can do this, but there's a lot of things that are in front of it. And the database is one of them. I think that's one of the first things you do when you show up at company X is like, "Okay, what database are you using? What flavor of SQL or GRPC or CQL, Cassandra query language? What's the data model? Quick, where's that big diagram on the wall with my ERD? I got to go look at that for a while."Jeremy: How poorly did you structure your Git repositories? Yeah.Patrick: Yeah, exactly. It's like all these things. And no, I would love to see a world where the most troublesome part of your first day is figuring out where the coffee and the bathroom are, and then the rest of it is just total, "Hey, I can do this. This is what I get paid to do."Jeremy: Right. Yeah. So that idea of zero day developer, I love that idea and I know other companies are trying to do that, but what enables that? Is it getting the idea of having to understand something bespoke? Is it getting that off of the table? Or not having to deal with the low-level database aspect of things? I mean because APIs, I had this conversation with Rob Sutter, actually, a couple weeks ago. And we were talking about the API economy and how everything is moving towards APIs. And even data, it was around data as well.So, is that the interface, you think, of the future that just says, "Look, trying to interface directly with a database or trying to work with some other layer of abstraction just doesn't make sense, let's just go straight from code right to the data, with a very simple API interface?"Patrick: Yeah, I think so. And it's this idea of data services because if you think of if you're doing React, or something like a front-end code, I don't want to have a driver. Drivers are a total impediment. It's like, driver hell can be difficult at large organizations, getting the matching right. Oh, we're using this database so you have to use this driver. And if you don't, you are now rejected at the gate. So it's using HTTP protocols, but it's also things like when you're using React or Angular, View, whatever you're using on the front-end, you have direct access.But most times what you're needing is just a collection or an object. And so just do a get, "I need this thing right now. I'm doing a pick list. I need your collection." I don't need a complicated setup and spend the first three days figuring out which driver I'm using and make sure my Gradle file is just perfect. Yeah. So, I think that's it.Jeremy: Yeah. No, I'd be curious how you feel about ORMs, or O-R-Ms, certainly for relational databases, I know a lot of people love them. I can't stand them. I think it adds a layer of abstraction and just more complexity where I just want access to the database. I want to write the query myself, and as soon as you start adding in all this extra stuff on top of it to try to make it easier, I don't know, it just seems to mess it up for me.Patrick: All right. So yeah, I think we have an accord. I am really not a fan of ORMs at all. And I mean this goes back to Hibernate. Everyone's like, "Oh, Hibernate's going to be the end of databases." No, it's not. Oh yeah, it was the end of the database at the other side because it would create these ridiculous queries. It's like, why is every query a full table scan?Jeremy: Exactly.Patrick: Because that's the way Hibernate wanted it. Yeah. I actually banned Hibernate at one company I was working at. I was Chief Architect there and I just said, "Don't ever put Hibernate in our production." Because I had more meetings about what it was doing wrong than what it was doing right.Jeremy: Right. Right. Yeah. No, that's sounds, yeah.Patrick: Is that a long answer? Like, no.Jeremy: No, I've had the same experience where certain ORMs you're just like, no. Certain things, you can't do this because it's going to one, I think it locks you in in a sense, I mean there's all kind of lock-in in the cloud, and if you're using a data service or an API or you're using something native in AWS, or IBM Cloud, you're still going to be locked in in some way, but I do feel like whenever you start going down that path of building custom things, or forcing developers to get really low level, that just builds up all kinds of tech debt, right? That you eventually are going to have to work down.Patrick: Well, it's organizational inertia. When you start getting into this, when you start using annotations in Hibernate where you're just cutting through all the layers and now you're way down in the weeds, try to move that. There's a couple of companies that I've worked with now that are looking at the true reality of portability in their data stores. Like, "Oh, we want to move from one to a different, from a key value to a document without developers knowing." Well, how do you get to that point?Jeremy: Right. Yeah.Patrick: And it's just, that's not giving access to those things, first of all, but this is that tech debt that's going to get in your way. We're really good, technologists, we're really good at just wracking up the charges on our tech debt credit card, especially whenever we're trying to get things out the door quickly. And I think that's actually one of the problems that we all face. I mean, I don't think I've ever talked to a developer who was ahead of schedule and didn't have somebody breathing down their neck.Jeremy: Very true.Patrick: You take shortcuts. You're like, "We've got to shift this code this week. Skip the annotations and go straight into the database and get the data you need." Or something. You start making trade-offs real fast.Jeremy: What can we hard code that will just get us past.Patrick: Yeah. Is it green? Shift it. Yeah.Jeremy: Yeah, no, I totally, totally agree. All right. So let's talk a little bit more about, I guess, skillsets and things like that. Because there are so many different databases out there. Cassandra is just one and if you're a developer working just at the driver level, I guess, with something like Cassandra, it's not horrible to work with. It's relatively easy once a lot of these things are set up for you.Same is true of MongoBD, or I mean, DynamoDB, or any of these other ones where the interface to it isn't overly difficult, but there's always some sort of something you want to build on top of it to make it a little bit easier. But I'm just curious, in terms of learning these different things and switching between organizations and so forth, there is a cognitive load going from saying, "I'm working on Cassandra," to going to saying, "I'm working on DynamoDB," or something like that. There's going to be a shift in understanding of how the data can be brought back, what the limitations are, just a whole bunch of things that you kind of have to think about. And that's not even including managing the actual thing. That's a whole other thing.So, hiring people, I guess, or hiring developers, how much do we want developers to know? Are you on board with me where it's like, I mean I like understanding how Cassandra works and I like understanding how DynamoDB works, and I like knowing the limits, but I also don't want to think about them when I'm writing code.Patrick: Yeah. Well, it's interesting because Cassandra, one of the things I really loved about Cassandra initially was just how it works. As a computer scientist, I was like, "This is really neat." I mean, my degree field is in distributed computing, so of course, I'm going to nerd out.Jeremy: There you go.Patrick: But that doesn't mean that it doesn't have mass appeal because it's doing the thing that people want. And I think that's going to be the challenge of any properly built service layer. I think I've mentioned to you before we started this, I work on a project called Stargate. And Stargate is a project that is meant to build a data layer on top of databases. And right now it's with Cassandra. And it's abstracting away some of the harder to understand or reason things.For instance, with distributed computing, we're trying to reduce the reliance on coordination. There is a great article about this by Pat Helland about how coordination is the last really expensive thing that we have in development. Memory, CPU, super cheap. I can rent that all day long. Coordination is really, really hard, and I don't expect a new programmer to understand, to reason through coordination problems. "Oh, yeah, the just in time race conditions," and things like that.And I think that's where distributed computing, it's super powerful, but then whenever people see what eventual consistency are, they freak out and they're like, "I just want my SQL Lite on my laptop. It's very safe." But that's not going to get you there. That's not a global database, it's not going to be able to take you to a billion users. Come on, don't cut ...Jeremy: Maybe you don't need to be.Patrick: ... your apps short Jeremy. You're going to have a billion users.Jeremy: You should strive for it, at least, is how I feel about it. So that's, I guess, the point I was trying to get to is that if the developers are the ones that you don't want learning some of this stuff, and there's ways to abstract it away again, going like we talked about data as a service and APIs and so forth. And I think that's where I would love to see things shifting. And as you said earlier, that's probably where things are going.But if you did want to run your own database cluster, and you wanted to do this on your own, I mean you have to hire people that know how to do this stuff. And the more I see the market heating up for this type of person, there is very, very few specialists out there that are probably available. So how would you even hire somebody to run your Cassandra ring? They probably all work at DataStax.Patrick: No, not all of them. There's a few that work at Target and FedEx, Apple, the biggest Cassandra users in the world. Huawei. We just found out lately that Huawei now has the biggest cluster on the planet. Yeah. They just showed up at ApacheCon and said, "Oh yeah, hold my beer." But I mean, you're right, it's a specialized skillset and one of the things we're doing at DataStax, we feel, yeah, you should just rent that. And so we have Astra, which is our database as a service.It's fully compatible with open-source Cassandra. If you don't like it, you can just take it over and use open-source. But we agree and we actually can run Cassandra cheaper than you can, and it's just because we can do it at scale. And right now Astra, the way we run it is truly serverless, you only pay for what you need, and that's something that we're bringing to the open-source side of Cassandra as well, but we're getting Cassandra closer to Kubernetes internally.So if you don't want to think about Kubernetes, if you don't want to think about all that stuff, you can just rent it from us, or you could just go use it in open-source, either way. But you're right. I mean, it should not be a 2020s skillset is, "Get better at running Cassandra." I think those days should be, leave it to, if you want to go work at DataStax and run Cassandra, great, we're hiring right now, you will love it. You don't have to. Yeah.Jeremy: So the idea of it being open-source, so again, I'm not a huge fan of this idea of vendor lock-in. I think if you want to run on AWS Lambda, yeah, most of what you can do can only run on AWS Lambda, but changing the compute, switching that over to Azure or switching that over to GCP or something like that, the compute itself is probably not that hard to move, right? I think especially depending on what you're doing, setting up an entire Kubernetes cluster just to run a few functions is probably not worth it. I mean, obviously, if you've got a much bigger implementation, that's a little different.But with data, data is just locked in. No matter where you go, it is very hard to move a lot of data. So even with the open-source flair that you have there, do you still see a worry about lock in from a data side?Patrick: Yeah. And it's becoming more of a concern with larger companies too, because options, #options. There was a pretty famous story a few years ago where the CEO of Target said, "I am not paying Amazon any more money," and they just picked up shop and moved from AWS to Google Cloud. And the CEO made a technical decision. It was like everybody downstream had to deal with that. And I think that luckily Target's a huge Cassandra shop and they were just like, "Okay, we'll just move it over there."But the thing is that you're right, I mean, and I love talking about this because back when cloud was first starting and I was talking about it and thinking about it, just what do the clouds promise you? Oh, you get commodity scale of CPU and network and storage. And that's what they want to sell you because that what they're building. Those big buildings in north Virginia, they are full of compute network and storage, but the thing they know they need to hook you in and the way that they're hooking you in, there's some services that are really handy, they're great, but really the hook is the data.Once you get into the database, the bespoke database for the cloud, one of the features of that database is it will not connect to any other database outside of that cloud, and they know that. I mean, and this is why I really strongly am starting to advocate this idea of this move towards data on Kubernetes is a way where open-source gets to take back the cloud. Because now we're deploying these virtual data centers and using open-source technology to create this portability. So we can use the compute network and storage, a Google, Amazon, Azure, OnPrem wherever, doesn't matter.But you need to think of like, "All right. How is that going to work?" And that's why we're like, "If you rent your Cassandra from DataStax with Astra, you can also use the open-source Cassandra as well." And if we aren't keeping you happy, you should feel totally fine with moving it to an open-source workload. And we're good with that. One way or the other, we would love for you to use a database that works for you.Jeremy: Right. And so this Stargate project that you're working on, is that the one that allows you to basically route to multiple databases?Patrick: That's the dream. Right now it just does Cassandra, but there's been some really interesting ... There's some folks coming out of the woodwork that really want to bring their database technology to Stargate. And that's what I'm encouraged by. It's an open-source project, Stargate.io, and you can contribute any of the connectors for underlying data store, but if we're using GraphQL, if you're using GRPC, if you're using REST, the underlying data store is really somewhat irrelevant in that case. You're just doing gets and puts, or gets and sets. Gets and puts, yeah, that's right. Gets, sets, puts, it's a lot of words.Jeremy: Whatever words. Yeah. Exactly.Patrick: That's what I love about standard, Jeremy, there's so many to pick from.Jeremy: Right, because there are ... Exactly, which standard do you choose? Yeah. So, because that's an interesting thing for me too, is just this idea of, I mean, it would be great to live in a perfect little cloud where you could say like, "Oh, well AWS has all the services I need. And I can just keep all my stuff there, whatever." But best of breed services, or again, the cost of hosting something in AWS maybe if you're hosting a Cassandra cluster there, versus maybe hosting it in GCP or maybe hosting it with you, you said you could host it cheaper than those could, or that we could host it ourselves.And so I do think that there is ... and again, we've had this conversation about multi-cloud and things like that where it's not about agnostic, it's not about being cloud agnostic, it's about using the best of breed for any service that you want to use. And APIs seem to be the way to get you there. So I love this idea of the Stargate project because it just seems like that's the way where it could be that standard across all these different clouds and onto all these different databases, well I mean, right now Cassandra, but eventually these other ones. I don't know, that seems like a pretty powerful project to me.Patrick: Well, the time has come. It's cloud native ... I work a lot with CNCF and cloud-native data is a kind of emerging topic. It's so emerging that I'm actually in the middle of writing a book, an O'Reilly book on it. So, yeah. Surprise. I just dropped it. This just in.Yeah, because I can see that this is going to be the future, but when we build cloud-native, cloud applications, cloud-native applications, we want scale, we want elasticity, and we want self-healing. Those are the three cloud-native things that we want. And that doesn't give us a whole lot ... So if I want to crank out a quick REACT app, that's what I'm going to use. And Netlify's a great example, or Vercel, they're creating this abstraction layer. But Netlify and Vercel are both working, they've been partnering with us on the Stargate project, because they're seeing like, "Okay, we want to have that very light touch, developers just come in and use it," in building cloud-native applications.And whenever you're building your application, you're just paying for what you use. And I think that's really key, not spinning up a bunch of infrastructure that you get a monthly bill for. And that bill can be expensive.Jeremy: It seems crazy. Doesn't it seem crazy nowadays? Actually provisioning an EC2 instance and paying for it to run even if it does nothing. That seems crazy to me.Patrick: There are start-ups around the idea of finding the instance that's running that's causing you money that you're not using.Jeremy: Which is crazy, isn't it? It's crazy. All right. So let's go a little bit more into standards, because you mentioned standards. So there are standards now for a lot of things, and again, GraphQL being a great example, I think. But also from a database perspective, looking at things like TSQL and developers come into an organization and they're familiar with MySQL, or they're familiar with PostgreSQL, whatever it is. Or maybe they're familiar with Cassandra or something like that, but I think most people, at least from what I've seen, have been very, very comfortable with the TSQL approach to getting data. So, how do you bring developers in and start teaching them or getting them to understand more of that NoSQL feel?Patrick: I think it's already happened, it's just the translation hasn't happened in a lot of minds. When you go to build an application, you're designing your application around the workflows your application's going to have. You're always thinking about like, "I click on this. I go there." I mean, this is where we wireframe out the application. At that point, your database is now involved and I don't think a lot of folks know that.It's like, at every point you need to put data or get data. And I think this is where we've taught could be anybody building applications, which makes it really difficult to be like, "No, no, no, start with your data domain first and build out all those models. And then you write your application to go against those models." And I'll tell you, I've been involved in a few of these application boot camps, like JavaScript boot camps and things, they don't go into data modeling. It's just not a part of it.Jeremy: Really?Patrick: And I think this is that thing where we have to acknowledge like, "Yeah, we don't really need that anymore as much, because we're just building applications." If I build a React app, and I have a form and I'm managing the authentication and I click a button and then I get a profile information, I just described every database interaction that I need and the objects that I need. And I'm going to put my user profile at some point, I'm going to click my ID and get that profile back as an object. Those are the interactions that I need. At no point did I say, "And then I'm going to write select from where." No, I just need to get that data.Jeremy: And I love thinking about data as objects anyways. It makes more sense, rather than rows of spreadsheets essentially that you join together, describing an object even if it's got nested data, like a document form or things like that, I think makes a ton of sense. But is SQL, is it still relevant do you think? I mean, in the world we're moving into? Should I be teaching my daughters how to write TSQL? Or would I be wasting my time?Patrick: Yeah. Well, yes and no. Depends on what your kid's doing. I think that SQL will go to where it originally started and where it will eventually end, which is in data engineering and data science. And I mean, I still use SQL every once in a while, Bigtable, that sort of thing, for exploring my data. I mean for an analytics career or reporting data and things like that, SQL is very expressive. I don't see any reason to change that. But this is a guy who's been writing SQL for a million years.But I mean, that world is still really moving. I mean, like a Presto and Snowflake and all these, Redshift, they all use Bigtable, they all use SQL to express the reporting capabilities. But ... And I think this is how you and I got sucked into this is like, well that was the database that we had, so we started using reporting languages to build applications. And how'd that work out?Jeremy: Yeah. Well, it certainly didn't scale very well, I can tell you that, going back to sharding, because that is always something that was very hard to do. So I guess, I get the point that essentially if you're going to be in the data sciences and you actually need to analyze that data and maybe you do need to do joins, or maybe you need to work with big data in a way, that's a specialized aspect of it and I think people could dabble in that if they were just regular developers and they didn't want to go too deep.But it sounds like the bigger, or the end goal here, maybe altruistic, is to just give people access to data. So even if they don't know SQL or they don't know something complex, just make it so that whatever data is there that anybody, with whatever level is, they can consume it.Patrick: Yeah. And move fast with the thing that you're building. Actually, I use a Facebook term, but Facebook does do this. Internally there's a system called Occhio that provides gets and puts for your data, but it abstracts things like geographics and things like that. But the companies that are trying to move quickly, they understood this a long time ago. If you have to reason through, "Am I doing a full table scan? Is that an efficient interjoin?" If you have to reason through that, you're not moving fast anymore.Jeremy: Right. Right. All right. Cool. All right, so let's talk about Astra a little bit more and this whole idea of, because Astra is the serverless version, the hosted version, the serverless version of Cassandra, right? Through DataStax?Patrick: Right. And ...Jeremy: Did I get that right?Patrick: You got it right. And so it gives you full access. You could do Port 9042 if you still want to use a driver, but it gives you access via GraphQL, REST, and there's also a document API. So if you just want to persist your JavaScript API or JavaScript and then pull it back out your JSON, it does full documents. So it emulates what a MongoDB or DocumenDB does. But the important thing, and this is the somewhat revolutionary side of this, and again, this is something that we're looking to put into open-source, is the serverless nature of it.You only pay for what you use. And when you want to create a Cassandra database, we don't even call it a Cassandra database on the Astra panel anymore. We just create a database. You give it a name. You click. And it's ready. And it will scale infinitely. As long as we can find some compute and network for you to use somewhere, it'll just keep scaling and that's kind of that true portion of serverless that we're really trying to make happen. And for me, that's exciting because finally, all that power that I feel like I've been hoarding for a long time is now available for so many more people.And then if you do a million writes per second for 10 minutes and then you turn it off, you only pay for that little short amount of time. And it scales back. You're not paying a persistent charge forever.Jeremy: I'm just curious from a technical implementation, because I'm thinking about PTSD or nightmares back of my days running Cassandra, and so I'm just trying to think how this works. Is it a shared tenancy model? Or is there a way to do single tenancy if you wanted that as a service?Patrick: Under the covers, yes, it is multi-tenant, but the way that we are created ... so we had to do some really interesting engineering inside. So my RCO's going to kill me if I talk about this, but hey, you know what, Jeremy? We're friends, we can do this. He's like, "Don't talk about the underlying architecture." I'm talking about the underlying architecture. The thing that we did was we took Cassandra and we decomposed it into microservices mostly. That's probably, it's still Cassandra, it's just how we run it makes it way more amenable to doing multi-tenant and scale in that fashion where the queries are separated from the storage and things that are running in the background, like if you're familiar with Cassandra because it's a log structure storage, you ask to do compactions and things like that, all that's just kind of on the side. It doesn't impact your query.But it gives us the ability to, if you create a database and all of a sudden you just hammer it with a million writes per second, there's enough infrastructure in total to cover it. And then we'll spin up more in the back to cover everything else. And then whenever you're done, we retract it back. That's how we keep our costs down. But then the storage side is separated and away from the compute side, and the storage side can scale its own way as well.And so whenever you need to store a petabyte of Cassandra data, you're just storing, you're just charged for the petabyte of storage on disk, not the thousandth of a cluster that you just created. Yeah.Jeremy: No. I love that. Thank you for explaining that though, because that is, every time I talk to somebody who's building a database or running some complex thing for a database, there's always magic. Somebody has to build some magic to make it actually work the way everyone hopes it would work. And so if anybody is listening to this and is like, "Ah, I'm just getting ready to spin up our own Cassandra ring," just think about these things because these are the really hard problems that are great to have a team of people working on that can solve this specific problem for you and abstract all of that crap away.Patrick: Yeah. Well, I mean it goes back to the Dynamo paper, and how distributed databases work, but it requires that they have a certain baseline. And they're all working together in some way. And Cassandra is a share-nothing architecture. I mean you don't have a leader note or anything like that. But like I said, because that data is spread out, you could have these little intermittent problems that you don't want to have to think about. Just leave that to somebody else. Somebody else has got a Grafana dashboard that's freaking out. Let them deal with it. But you can route around those problems really easily.Jeremy: Yeah. No, that's amazing. All right. So a couple more technical questions, because I'm always curious how some of these things work. So if somebody signs up and they set up this database and they want to connect to it, you mentioned you could use the driver, you mentioned you can use GraphQL or the REST API, or the Document API. What's the authentication method look like for that?Patrick: Yeah. So, it's a pretty standard thing with tokens. You create your access tokens, so when you create the database, you define the way that you access it with the token, and then whenever you connect to it, if you're using JavaScript, there's a couple of collection libraries that just have that as one of the environment variables.And so it's pretty standard for connecting the cloud databases now where you have your authentication token. And you can revoke that token at any time. So for instance, if you mistakenly commit that into your Git ...Jeremy: Say GitHub. We've never done that before.Patrick: No judging. You can revoke it immediately. But it also gives you our back, the controls over it's a read or write or admin, if you need to create new tables and that sort of thing. You can give that level of access to whatever that token is. So, very simple model, but then at that point, you're just interacting through a REST call or using any of the HTTP protocols or SQL protocol.Jeremy: And now, can you create multiple tokens with different levels of permission or is it all just token gives you full access?Patrick: No, it's multiple levels of protection and actually that's probably the best way to do it, for instance, if your CI/CD system, has the ability to, it should be able to create databases and tear them down, right? That would be a good use for that, but if you have, for instance, a very basic application, you just want it to be able to read and write. You don't want to change any of the underlying data structures.Jeremy: Right. Right.Patrick: That's a good layer of control, and so you can have all these layers going on one single database. But you can even have read-only access too, for ... I think that's something that's becoming more and more common now that there's reporting systems that are on the side.Jeremy: Right. Right. Good.Patrick: No, you can only read from the database.Jeremy: And what about data backups or exporting data or anything like that?Patrick: Yeah, we have a pretty rudimentary backup now, and we will probably, we're working on some more sophisticated versions of it. Data backup in Cassandra is pretty simple because it's all based on snapshots because if you know Cassandra the database, the data you write is immutable and that's a great way to start when you come to backup data. But yeah, we have a rudimentary backup system now where you have to, if you need to restore your data, you need to put in a ticket to have it restored at a certain point.I don't personally like that as much. I like the self-service model, and that's what we're working towards. And with more granularity, because with snapshots you can do things like snapshot, this is one of the things that we're working on, is doing like a snapshot of your production database and restoring it into a QA cluster. So, works for my house, oh, try it again. Yeah.Jeremy: That's awesome. No, so this is amazing. And I love this idea of just taking that pain of managing a database away from you. I love the idea of just make it simple to access the data. Don't create these complex things where people have to build more, and if people want to build a data access layer, the data access layer should maybe just be enforcing a model or something like that, and not having to figure out if you're on this shard, we route you to this particular port, or whatever. All that stuff is just insane, so yeah, I mean maybe go back to kind of the idea of this whole episode here, which is just, stop using databases. Start using these data services because they're so much easier to use. I mean, I'm sure there's concerns for some people, especially when you get to larger companies and you have all the compliance and things like that. I'm sure Astra and DataStax has all the compliance things and things like that. But yeah, just any final words, advice to people who might still be thinking databases are a good idea?Patrick: Well, I have an old 6502 on a breadboard, which I love to play with. It doesn't make it relevant. I'm sorry. That was a little catty, wasn't it?Jeremy: A little bit, but point well taken. I totally get what you're saying.Patrick: I mean, I think that it's, what do we do with the next generation? And this is one of the things, this will be the thought that I leave us with is, it's incumbent on a generation of engineers and programmers to make the next generation's job easier, right? We should always make it easier. So this is our chance. If you're currently working with database technology, this is your chance to not put that pain on the next generation, the people that will go past where you are. And so, this is how we move forward as a group.Jeremy: Yeah. Love it. Okay. Well Patrick, thank you so much for sharing all this and telling us about DataStax and Astra. So if people want to find out more about you or they want to find out more about Astra and DataStax, how do they do that?Patrick: All right. Well, plenty of ways at www.datastax.com and astra.datastax.com if you just want the good stuff. Cut the marketing, go to the good stuff, astra.datastax.com. You can find me on LinkedIn, Patrick McFadin. And I'm everywhere. If you want to connect with me on LinkedIn or on Twitter, I love connecting with folks and finding out what you're working on, so please feel free. I get more messages now on LinkedIn than anything, and it's great.Jeremy: Yeah. It's been picking up a lot. I know. It's kind of crazy. Linked in has really picked up. It's ...Patrick: I'm good with it. Yeah.Jeremy: Yeah. It's ...Patrick: I'm really good with it.Jeremy: It's a little bit better format maybe. So you also have, we mentioned the Stargate project, so that's just Stargate.io. We didn't talk about the K8ssandra project. Is that how you say that?Patrick: Yeah, the K8ssandra project.Jeremy: K8ssandra? Is that how you say it?Patrick: K8ssandra. Isn't that a cute name?Jeremy: It's K-8-S-S-A-N-D-R-A.io.Patrick: Right.Jeremy: What's that again? That's the idea of moving Cassandra onto Kubernetes, right?Patrick: Yeah. It's not Cassandra on Kubernetes, it's Cassandra in Kubernetes.Jeremy: In Kubernetes. Oh.Patrick: So it's like in concert and working with how Kubernetes works. Yes. So it's using Cassandra as your default data store for Kubernetes. It's a very, actually it's another one of the projects that's just taking off. KubeCon was last week from where we're recording now, or two weeks ago, and it was just a huge hit because again, it's like, "Kubernetes makes my infrastructure to run easier, and Cassandra is hard, put those together. Hey, I like this idea."Jeremy: Awesome.Patrick: So, yeah.Jeremy: Cool. All right. Well, if anybody wants to find out about that stuff, I will put all of these links in the show notes. Thanks again, Patrick. Really appreciate it.Patrick: Great. Thanks, Jeremy.

Carli Friedman, CQL Director of Research will join us and discuss behaviour support and all things CQL. Carli oversees all CQL data analyses and research projects research, while focusing on quality of life, community integration and social determinants of integration and ableism.

SPOILERS!! This is an uncensored and non-linear discussion. If you haven't watched The Untamed yet, please save this episode for when you do. Fan culture reporter Aja Romano only meant to sample a few episodes of The Untamed for a work assignment, but they fell down the rabbit hole like the rest of us. Their subsequent twitter thread became the stuff of legends, and it seemed only fitting that we reunite to talk about our one true love: Wangxian. In part two of this double-feature, Aja makes me tear up over the depths of Lan Wangji's love for Wei Wuxian, and we fixate on the magical, butt-healing properties of the Gusu cold spring. show twitter: https://twitter.com/itsallfinepod my twitter: @allyspock

In this episode Jeff and Adron have a quick topical discussion of some tools they're using to get work done with CQL and databases in general. Adron discusses using JetBrains DataGrip and what it's been enabling him to do, then Jeff interjects with some additional thoughts and asks the question, is Cassandra not your only database? Where Adron elaborates on how DataGrip works with many other databases, so when one is approached with work across a wide spectrum of sources they can tackle that work with DataG See omnystudio.com/listener for privacy information.

Call an Uber, order from Amazon, book a hotel… You can do all of these things instantly—even at 4 AM. People today want commodities quickly and with round the clock access. Believe it or not, your B2B buyers are also people, and they probably want the same. Now, most businesses can’t man their websites 24/7 (unless you’re shelling out for night shift employees or lots of coffee)—this is where the chatbot comes in. But there’s an art to the bot—they shouldn’t replace humans, but should help facilitate conversations with customers. Proper use can result in tremendous boost to lead generation, and can radically speed up a company’s growth. Dave Gerhardt, co-author of Conversational Marketing and VP of Marketing at Drift, joined RTU for a chatbot chat, and really digs into the value, and ideal usage, of these automated critters. Beyond that, Dave touches on a few broader subjects, including how marketing efforts need to be rooted in empathy and humanity. After all, you’ll always be marketing to people. Listen in! You’ll want to hear about why businesses big and small can benefit from chatbots! Subscribe on Apple Podcasts - Stitcher - or Podsearch What You’ll Learn Conversational marketing: why you should nix your lead form When Drift nixed its own lead form, they did so to teach the market about conversational marketing! Drift needed to practice what it preached. Drift utilizes bots to capture leads. Instead of a form submission, there is a conversation with a potential customer. Dave shares that a form is binary while a chatbot allows a conversation to occur. Today’s technology is so good that from a single email address, your company can get ample information. Because of this, companies should feel free to focus on the conversation. Why chatbots? Chatbots work 24/7. You can get leads while you are sleeping, and no matter when a customer is on your website, they can get help. Consumers do not want to wait for information, and bots allow access to it at any time. Humans are used to instant gratification, and it has been proven that if you can respond to a new lead in 5 minutes, the chances of getting into contact with them goes up 10x. Astonishingly, over 90% of B2B companies are not replying within 5 minutes. But, a bot service can help them do just that! Your company can look to chatbots to facilitate conversations as a helper of humans. The need for empathy in sales conversations Dave defines marketing as helping people to buy, and empathy as the ability to put yourself in others’ shoes. He explains that it is necessary to have empathy in good sales conversations. It changes how you approach sales by trying to understand how to best help the customer by understanding their point of view. It is a give-to-get economy, so if you want to build trust, you must give! Bots can answer questions and get information to buyers. Chatbots are a great way to give customers back their time, and time is one of the most valuable commodities. Timeline [2:40] Get to know Dave, and why he was first attracted to Drift [6:15] Information from his book, ConversationalMarketing [11:11] Is there every information on a website worth gating? [14:03] Why chatbots [20:20] Embedding a calendar-like function to a chatbot [25:20] The point of moving from a chatbot to livechat [28:16] Why speed matters! [31:37] The importance of empathy in sales conversations [35:40] Using chatbots for customer service and post sales [39:35] CQL’s and why they will save the world Connect With Dave Gerhardt: Connect with Dave Gerhardt on LinkedIn Follow Dave Gerhardt on Twitter Resources & People Mentioned Book: Dave Gerhardt’s Conversational Marketing Connect with Drew http://renegade.com/ On LinkedIn On Twitter On Facebook On Instagram

In this weeks episode we catch-up with Joe Watkins. We start off discussion with a recent blog post he wrote about the unhelpful ‘just because you can, doesn’t mean you should’ response he sees surrounding some of his PHP extensions. From here we move on to highlight a debugger you can ‘composer require’, reasons behind creating such a tool and how it works. This leads us on to mention some updates to uopz for PHP 7 support, a weak references RFC he has recently published and future plans for PHP. Finally, we wrap up by talking about a CommonMark extension he has published, and how CQL provides the ability to efficiently traverse a document.

On this episode, Rick Moore, CIO at NCQA, joins us for a discussion about what's next for digital quality measurement. Rick likes to call this Digital Quality Measures 2.0 and you can see it coming to life in NCQA's eMeasure Certification (eMC) program.  The program aims to take burden away from health plans and auditors by establishing a process for generating standard supplemental data for HEDIS measures. This will enable software vendors, providers, HIEs and others to more effectively and efficiently provide needed clinical data without all the manual chart pulls (you can see the certified vendors here). Additionally, the eMeasure test process is now approved as the only alternative to the Project Cypress toolset in the ONC Health IT Certification Program. Rick sees great opportunity ahead for a few reasons: The community is more engaged (vendors, providers, payers) The government has backed off (a bit) on mandating specifically how things will be done There are more options available to providers These factors, coupled with the rise of promising new specifications like Clinical Quality Language (CQL) and FHIR, might put us in a position to move away from performance-based measures of providers and towards holistic, patient-centered measures; away from manual data entry and toward clinical data that is automatically collected as a by-product of the physician workflow. At the same time, he is realistic and offers several cautions: We can't wait for CQL and FHIR. Let's move forward with what we've got now and upgrade along the way. We can't just toss out process measures and go strictly outcomes measures. We need both. We can't mandate interoperabillity as the basis for all measures right away We address these issues and so much more, including: What is the National Committee for Quality Assurance or NCQA? (0:55) What's NCQA's role in monitoring quality in healthcare? (2:08) What's the difference between process measures and outcomes measures? What about Patient Reported Outcomes Measures (PROMs) vs. institutionally focused outcomes measures? (4:35) How does NCQA decide what's worth measuring especially when you consider the high levels of administrative burden and burnout on the physicians? (10:00) The unintended consequences of value-based payment (13:00) What if we decided that from this point forward we would only have measures that could be collected digitally? (15:30) Structured vs. unstructured data (20:00) Manually entered and properly coded vs. automatically captured data points (23:45) What if we decided that from this point forward we won't collect measures unless we have interoperabillity? Would we get interoperabillity more quickly? (25:30) Why aren't we using all the digital info that is already available? Think manual chart pulls instead of data extracts or queries against Health Information Exchanges (HIE)? 27:30 Do you agree with the following statement? Some health systems will make the investment needed to satisfy quality measure requirements without a major burden on providers and that will give them a competitive advantage because doctors will choose to work there (33:00) What is the Electronic Measure Certification (eMC) program? (39:00) Does the eMC program serve as a vehicle for HIEs and other community aggregators to get in the HEDIS measurement flow by providing standard supplemental data to the health plans? (49:00) What advice would you give doctors who want to have more of a say in the quality measure specifications going forward? (51:25) Where can listeners learn more about you, NCQA and the eMC program? (51:25) There's a lot here. I hope you enjoy it! ~ Don Lee Mentioned on the podcast Re-imagining Quality Measurement by Shahid Shah (presented at The Digital Quality Summit) The Digital Quality Summit | Held November 1-2, 2017, Washington, DC HL7 and NCQA partnered to host the Digital Quality Summit - gathering the best and brightest in health care and technology to demonstrate methods for eliminating measurement burdens and bridging the digital gap. Health Impact Mid West | Held November 16, 2017, Chicago, IL The 5th Annual HealthIMPACT Mdiwest, developed in partnership with NODE Health where the brightest minds in clinical health technology move beyond the digital medicine hype and forge a path from innovation to implementation to digital transformation using evidence as our guide. About Rick Moore, PhD As NCQA's Chief Information Officer, Rick Moore is responsible for the vision and strategic direction of the Information Services, Information Technology and Information Products. He also works closely with NCQA's stakeholder partners and represents NCQA on leading several national health information technology initiatives and panels including the Office of National Coordinator Standards and Interoperability Workgroup, and the Health Information Management and Systems Society (HIMSS) Quality and Patient Safety Committee. Prior to joining NCQA in 2008, he was the Director of Health Informatics at the National Association of Children's Hospitals where he led the development of information services and products for over 200 member hospitals. He has also served the Office of the Secretary of Health Affairs at the Department of Defense where he led the development of Electronic Health Record (EHR) systems and was awarded the Information Technology Officer of the Year of the Joint Medical Information Systems Office in 2004. From 2001 to 2003, he was competitively selected by the U.S. Air Force Medical Service to attend the University of Alabama at Birmingham where he studied Health Informatics. In 2002, he was selected as a recipient of the HIMSS Foundation Richard P. Covert National Scholarship Award. Previously, he has served as the Director of Medical Readiness at Langley Hospital and was recognized as the Medical Readiness Officer of the Year for the command. He has also served as the Director of Managed Care for Moody Community Hospital and was selected in 1996 as the Air Force Medical Service's Managed Care/Patient Administrator of the Year.He holds a Doctorate degree in Health Related Sciences from Virginia Commonwealth University, a graduate degree in Health Informatics from the University of Alabama at Birmingham, as well as a graduate degree in Management from Troy State University, and a Bachelor Degree in Industrial Technology from Southern Illinois University. He is a certified health care executive and Fellow in the American College of Healthcare Executives (FACHE), a Fellow of the Health Information Management and Systems Society (FHIMSS), a certified Professional in Health Information and Management Systems (CPHIMS), a Certified Information Security Manager (CISM), and a certified Project Management Professional (PMP)   Email: moore@ncqa.org   Blog: http://blog.ncqa.org/author/rick-moore/    About NCQA NCQA is a private, nonprofit organization dedicated to improving health care quality. NCQA accredits and certifies a wide range of health care organizations. It also recognizes clinicians and practices in key areas of performance. NCQA's Healthcare Effectiveness Data and Information Set (HEDIS®) is the most widely used performance measurement tool in health care. NCQA's Web site (ncqa.org) contains information to help consumers, employers and others make more informed health care choices. Twitter: @NCQA Weekly Updates If you like what we're doing here, then please consider signing up for our weekly newsletter. You'll get one email from me each week detailing: New podcast episodes and blog posts. Content or ideas that I've found valuable in the past week. Insider info about the show like stats, upcoming episodes and future plans that I won't put anywhere else. Plain text and straight from the heart :) No SPAM or fancy graphics and you can unsubscribe with a single click anytime. The #HCBiz Show! is produced by Glide Health IT, LLC in partnership with Netspective Media. Music by StudioEtar

Patrick Smacchia is building NDepend to make refactoring and technical debt decisions easier. Show Notes: The code base I used to try out NDepend is the Couchbase .NET SDK NDepend Zone of Pain, Zone of Uselessness CQLinq LINQpad TFS, TeamCity, Jenkins Pluralsight: Practical NDepend by Erik Dietrich Scott Hanselman: Exiting the Zone of Pain NDepend is on Twitter. Want to be on the next episode? You can! All you need is the willingness to talk about something technical. Theme music is "Crosscutting Concerns" by The Dirty Truckers, check out their music on Amazon or iTunes.

Enregistré le 28 septembre 2012 Téléchargement de l’épisode LesCastCodeurs-Episode–66.mp3 Interview Introduction Sylvain Lebresne http://twitter.com/pcmanus Michael Figuiere http://twitter.com/mfiguiere Blog Datastax http://www.datastax.com/blog Apache Cassandra http://cassandra.apache.org Documentation Cassandra http://www.datastax.com/docs/1.1/index Les cas d’utilisation Click stream http://en.wikipedia.org/wiki/Clickstream Time series http://en.wikipedia.org/wiki/Time_series Le modèle column family Column family http://en.wikipedia.org/wiki/Column_family Papier Big Table http://research.google.com/archive/bigtable.html Base de donnée orientée colonne http://en.wikipedia.org/wiki/Column-oriented_DBMS Vertica http://www.vertica.com Réplication et tolérance aux pannes Papier Dynamo http://www.allthingsdistributed.com/2007/10/amazons_dynamo.html Performances et autre ZooKeeper http://zookeeper.apache.org Cassandra et Java RPC http://en.wikipedia.org/wiki/Remote_procedure_call Apache Thrift http://thrift.apache.org Hector http://hector-client.github.com/hector/build/html/index.html Astyanax https://github.com/Netflix/astyanax CQL http://cassandra.apache.org/doc/cql/CQL.html Cassandra JDBC http://code.google.com/a/apache-extras.org/p/cassandra-jdbc/ Le futur Hadoop http://hadoop.apache.org Map Reduce http://en.wikipedia.org/wiki/MapReduce Meetup Cassandra meetup 11 octobre http://cassandra-paris.eventbrite.com/ Cassandra summit http://www.datastax.com/events/cassandrasummit2012 Nous contacter Contactez-nous via twitter http://twitter.com/lescastcodeurs sur le groupe Google http://groups.google.com/group/lescastcodeurs ou sur le site web http://lescastcodeurs.com/ Flattr-ez nous (dons) sur http://lescastcodeurs.com/

Enregistré le 28 septembre 2012 Téléchargement de l’épisode LesCastCodeurs-Episode–65.mp3 Interview Introduction Sylvain Lebresne http://twitter.com/pcmanus Michael Figuiere http://twitter.com/mfiguiere Blog Datastax http://www.datastax.com/blog Apache Cassandra http://cassandra.apache.org Documentation Cassandra http://www.datastax.com/docs/1.1/index Les cas d’utilisation Click stream http://en.wikipedia.org/wiki/Clickstream Time series http://en.wikipedia.org/wiki/Time_series Le modèle column family Column family http://en.wikipedia.org/wiki/Column_family Papier Big Table http://research.google.com/archive/bigtable.html Base de donnée orientée colonne http://en.wikipedia.org/wiki/Column-oriented_DBMS Vertica http://www.vertica.com Réplication et tolérance aux pannes Papier Dynamo http://www.allthingsdistributed.com/2007/10/amazons_dynamo.html Performances et autre ZooKeeper http://zookeeper.apache.org Cassandra et Java RPC http://en.wikipedia.org/wiki/Remote_procedure_call Apache Thrift http://thrift.apache.org Hector http://hector-client.github.com/hector/build/html/index.html Astyanax https://github.com/Netflix/astyanax CQL http://cassandra.apache.org/doc/cql/CQL.html Cassandra JDBC http://code.google.com/a/apache-extras.org/p/cassandra-jdbc/ Le futur Hadoop http://hadoop.apache.org Map Reduce http://en.wikipedia.org/wiki/MapReduce Meetup Cassandra meetup 11 octobre http://cassandra-paris.eventbrite.com/ Cassandra summit http://www.datastax.com/events/cassandrasummit2012 Nous contacter Contactez-nous via twitter http://twitter.com/lescastcodeurs sur le groupe Google http://groups.google.com/group/lescastcodeurs ou sur le site web http://lescastcodeurs.com/ Flattr-ez nous (dons) sur http://lescastcodeurs.com/