Hello, Peter Ludlow here, CEO of InGen, the company behind the wildly successful dinosaur-themed amusement park, Jurassic Park. As you’re all aware, after an unprecedented storm hit the park, we lost power and the velociraptors escaped their enclosure and killed hundreds of park visitors, prompting a two-month shutdown of the park. Well, I’m pleased to announce that, even though the velociraptors are still on the loose, we will be opening Jurassic Park back up to the public!

Now, I understand why some people might be skeptical about reopening an amusement park when there are still blindingly fast, 180-pound predators roaming around. But the fact of the matter is, velociraptors are intelligent, shifty creatures that are not going to be contained any time soon, so we might as well just start getting used to them killing a few people every now and then. Some might argue that we should follow the example of other parks that have successfully dealt with velociraptor escapes. But here at Jurassic Park, we’ve never been ones to listen to the recommendations of scientists, or safety experts, or bioethicists, so why would we start now?

As some of you know, Dr. Ian Malcolm, our lead safety consultant, had recommended that we wait until the velociraptors have been located and contained before reopening the park, so he wasn’t thrilled when we told him the news. I believe his exact words were “you were so preoccupied with whether you could reopen the park, you didn’t stop to think whether you should.” Talk about a guy on a high horse.

That said, you’ll be pleased to know that, rather than double down on our containment efforts, we’ve decided to dissolve the velociraptor containment task force altogether, and focus instead on how we can get people back into the park as quickly as possible. So rather than concentrating on so-called life-saving measures like “staying in designated safe areas” or “masking your scent,” we’ll be focusing on the details that will get our customers really excited, like a wider selection of fun hats, a pterodactyl-shaped gondola ride to the top of the island, and a brand new Gordon Ramsay designed menu at the Cretaceous Cafe.

In addition to satisfying our customers, the decision to reopen the park is also about allowing the furloughed employees of Jurassic Park to get back to the work they love. Could we have continued to pay their salaries for several months until we got the velociraptor situation under control? Definitely. We’re the wealthiest nature preserve on the planet after all. And will some of the employees returning to work have their limbs torn off and tossed into the air like a juggler tossing bowling pins? Undoubtedly. But we’re confident that with a few safety precautions put in place, we’ll be able to keep the level of workplace injuries and deaths just below levels that would elicit widespread public outrage. And keeping things just below widespread public outrage levels is our gold standard for all of the decisions we make here at Jurassic Park.

And speaking of injuries, I want to take a moment to thank our Jurassic Park EMTs. They’re the real heroes here, am I right? In the process of responding to velociraptor attacks, many of our EMTs get mauled and dismembered by velociraptors themselves. That’s why, as a sign of appreciation, we will be repainting the Jurassic Park ambulance with the words “Hero Mobile” in big bubble letters. We think this is a far more meaningful token of gratitude than the salary increase they requested.

I know many of you out there are going to be hesitant to return to Jurassic Park knowing there are still velociraptors roaming the preserve, but rest assured things will return to normal sooner rather than later. The life expectancy of a velociraptor is only 15-20 years, so we’re confident that these attacks will eventually run their course.

In the meantime, will more visitors die? Yes. Will more Jurassic Park staff die? Yes. But know that their sacrifice will not be forgotten — we plan to erect a small plaque dedicated to all of the velociraptor attack victims in the far back corner of the gift shop next to the T-shirts that say I SURVIVED A VISIT TO JURASSIC PARK AND ALL I GOT WAS THIS LOUSY T-SHIRT. It’s the least we could do.

So pack your suitcases, and get ready to be reacquainted with the newly reopened, and only slightly more dangerous, Jurassic Park! And remember, life finds a way… unless you’re one of the unlucky ones that gets attacked by a velociraptor, then you’re probably screwed.

Struggling to be awake. I did not sleep well and woke up with a headache.

@scottalanmiller said in Reducing complexity on storage:

@Grey said in Reducing complexity on storage:

How would you create an NFS/SMB compatible storage bucket that's able to be grown (as a datastore and file system) which can go beyond 2tb limits and still be easily managed while maintaining a high throughput and (obviously) minimal outage?

Honestly at that size, I'd probably stick to simple RAID and just Ubuntu and/or Fedora and/or FreeBSD purely based on personal preference. All three will work perfectly and you don't need anything complex. Keep it simple.

Yeah, I was mostly wondering if there was a better tool for the share management and disk expansion on Linux. I've never liked the built in commands due to how prosaic they can be.

@travisdh1 I'm not getting rid of my Windows 2012 server yet.

I was reading https://mangolassi.it/topic/21706/which-nas-os/13 with some interest since I need to expand my storage capability for home servers and was hoping to see a good suggestion. Since there isn't a solid answer, let me ask a different way:

How would you create an NFS/SMB compatible storage bucket that's able to be grown (as a datastore and file system) which can go beyond 2tb limits and still be easily managed while maintaining a high throughput and (obviously) minimal outage?

I currently have a legacy 2008 server and I have had all the smb shares on there (for years) and it's time to decommission that. All the shared data has to be moved, and instead of keeping the 9 logical drives, I'd rather just have a vmware guest managing 4-6 shares/datastores. I've already got the new DC set up to replace the 2008 system.

I was thinking maybe a NethServer using the shared folders tool, but I'm unsure how that works.

WinSCP can do it.

@bnrstnr said in What Are You Doing Right Now:

Back in the office today because MI has cleared "Manufacturing" to be allowed to work again...

Missed so much stuff here over the past couple months

Wash your hands.

Got my free game. Go get it!
https://www.humblebundle.com/store/ashes-of-the-singularity-escalation-free-game

https://www.twitch.tv/seravium

@scottalanmiller said in Is texting of pictures HIPAA compliant?:

@Grey said in Is texting of pictures HIPAA compliant?:

You're so hung up on that that all I have to do is say "fax machine" to make you blow a gasket.

This is the example I use all the time. Data in transit is supposed to be protected. Using fax or texting isn't just breaking the rules, it's flaunting that HIPAA can't do anything, ever, in the most dramatic, obvious, known to everyone way. To a point where a patient knowing it was allowed could still sue even without a HIPAA breach and the only defense would be "But HIPAA is so useless, we thought it protected us."

"fax machine!!!"

@beta https://www.wrcbtv.com/story/41974356/hipaa-and-texting-is-sending-a-message-compliant

@scottalanmiller said in Is texting of pictures HIPAA compliant?:

@scottalanmiller said in Is texting of pictures HIPAA compliant?:

@Grey said in Is texting of pictures HIPAA compliant?:

Part of the rules there allow a business to make decisions which may be insecure in order to allow business to continue, but those processes must be fixed once identified.

Hence no teeth. Claim any level of incompetence or convenience and bypass any rule.

This is why HIPAA is a removal of security, not an addition of it. Without HIPAA guidelines, companies aren't allowed to prioritize business over patient data. HIPAA is meant to protect the exposure of data, not prevent it. It makes it harder to sue civily over a blatant exposure of data.

Did you just...? You replied to yourself? I mean... Self-agreement is great but don't argue with the wrong self. Or something.

@scottalanmiller said in Is texting of pictures HIPAA compliant?:

@Grey said in Is texting of pictures HIPAA compliant?:

Part of the rules there allow a business to make decisions which may be insecure in order to allow business to continue, but those processes must be fixed once identified.

Hence no teeth. Claim any level of incompetence or convenience and bypass any rule.

Yes, I'm sure every doc's office enjoys having a HIPAA audit. No doubt that the rehab facility for Scott Disick is throwing a party over their current violation.

I've gone through these audits, and assisted the government agent in gathering requested data. There are tools to scan and identify problems. The HHS has plenty of teeth.

@scottalanmiller said in Is texting of pictures HIPAA compliant?:

@Grey said in Is texting of pictures HIPAA compliant?:

Part of the rules there allow a business to make decisions which may be insecure in order to allow business to continue, but those processes must be fixed once identified.

Hence no teeth. Claim any level of incompetence or convenience and bypass any rule.

Bypassing the rules intentionally can still get you fined. Incompetence, as a defense, can only go so far. For example, systems that were implemented in 2000 would not have been secure, but by today's standards are laughable. A new system, like texting or photo submission, would violate the "data in transit" rule and this is literally your entire argument. You're so hung up on that that all I have to do is say "fax machine" to make you blow a gasket. The truth here is that businesses must accept data that's going to be insecure by nature, such as a fax, and are considered accepted practice. The only requirement from HIPAA is that the intended destination has a BA in place to accept PII.

The 'data in transit' rule here would apply within the organization. If you have an opportunity to transmit securely to a BA partner, you should use something like SFTP. HIPAA doesn't have a rule for receiving from a patient since they don't have the resources to transmit securely, though the spirit of the document would suggest that every attempt is made.

@scottalanmiller said in Is texting of pictures HIPAA compliant?:

No, no use of texting is HIPAA compliant, in any way. There is no encryption at all, no security. You'll generally get away with it because HIPAA has no teeth and the least secure options are generally given a free pass, but the use of texting or fax will always give a way for prosecution as they are blatant disregards for HIPAA and even more fundamental security.

I'm sorry, Scott. You're wrong on at least two counts.

1. HIPAA violations are $10,000 per violation. That is a cumulative number. Any file or data lost with any single file, or data that is exposed, will count for each item. A directory with 100 photos (which must include PII) would count as 100 violations, times 10,000 equaling $1,000,000.
2. Photos and texts are fine. You can do video meetings (though I would suggest a more secure technology than Zoom) and even conference calls. The caveat for business is that any data transmitted which is not intentionally ephemeral, like a video meeting, must be captured. That means that all those texts and photos have to be copied in to the patient record and since cell phones are inherently insecure, they will need some work to get secure. See section 164.316(b)(1) regarding data retention.

You've diverged a little bit on the HIPAA security rule foundation (https://www.hhs.gov/hipaa/for-professionals/security/index.html). Part of the rules there allow a business to make decisions which may be insecure in order to allow business to continue, but those processes must be fixed once identified. In the case provided by @beta, I would suggest using MaaS360 since you can install to personal cell phones and partition personal from work data, and remotely wipe, force security policies, and encrypt as a rule. Most people won't want to install it on their phone once they read the waivers and warnings, and you'll wind up issuing work devices (which is actually better). Those devices, encrypted and locked, meet the data security requirements, and can have all the communications on a forced vpn. You only have to encrypt and secure what you have.

Interestingly, if the photos don't include text, and there's no specifically identifying portion (like a face) or PII, then you can put those pics on the web. There's an entire subreddit for that: https://imgur.com/r/XRayPorn/. Without that allowance, Doctors couldn't share and learn.

Now, whether or not attending an OB/GYN via video call makes your wife a cam girl...? I'll leave that to you.

@black3dynamite said in What Are You Watching Now:

30 Japanese Giant Hornets kill 30,000 Honey Bees
Youtube Video

The hornets are jerks.

@black3dynamite said in What Are You Watching Now:

@Obsolesce said in What Are You Watching Now:

@black3dynamite said in What Are You Watching Now:

Jerry Seinfeld (2020) stand up on Netflix

I like the show, but how are his standups?

It was ok. There were some funny moments like when he talked about technology and family.

I'm more of a fan of Fluffy.

https://www.foxbusiness.com/money/wells-fargo-federal-probe-coronavirus-paycheck-protection-program

I fucking hate Wells. Literally, the worst bank.

Blake's 7.