Facebook and Mark Zuckerberg are getting blamed for a large number of issues from promoting fake news, election fraud, mishandling user data, and profiting from selling user data.
While some of that may be true, the Facebook security breach is actually a violation of Facebook API licensing rules by the people who used it. Facebook provided the data and encouraged developers like us to create innovative solutions for the Facebook ecosystem. They weren’t selling the data.They weren’t even charging us to use it.
Our Facebook App with Social Network Analysis and Maps
In 2010, we created a Facebook application using our Sentinel Visualizer technology to perform Social Network Analysis (SNA) based on a user’s friends’ friends. It would automatically cluster friends so you could quickly see their groups (high school, college, work, family, in-laws, clubs, etc.).
Each box (picture) was one of your friends, and you could move them around the network, hover over them to get their info, or click on them to go to their page.
We also plotted friends on a Microsoft Bing Map making it easy to see who were near you or where you were visiting.
We launched our free Sentinel Visualizer Facebook App to a limited number of users and it started to gain followers. People were amazed to see which of their friends knew each other. The application started to go viral. We were having trouble supporting the traffic.
Not Allowed to Save Facebook Data
One of the things developers couldn’t do was to save Facebook’s data. All we collected were the user names and email addresses people provided when they registered our program. Unfortunately, other developers didn’t abide by Facebook’s terms and the data improperly got to Cambridge Analytica and others.
Facebook Stopped Making the Data Available
Our app ceased to work when Facebook limited their APIs and prevented our ability to get to the list of your friends’ friends among your network.
It’s not entirely Facebook’s fault for trying to spur innovation by sharing their data for free. Some developers violated the trust Facebook gave them.
The Full Story
Here’s our new web page describing our experience in detail:
Hannity traveled to London to interview Julian Assange at the Ecuadorian Embassy where he’s seeking asylum. They discussed an overview of Assange’s role as founder of WikiLeaks, and their obtaining and publishing the emails from the Democratic National Committee the weeks before the US Presidential election. Some people attribute Hillary Clinton’s loss to the revelations in those emails especially from John Podesta, the former White House Chief of Staff and Chairman of the Clinton campaign. They are also accusing the Russians for hacking (stealing) and providing the data to Assange so Donald Trump could win the election.
On January 4, 2017, I was on the radio show with Sean Hannity and Brigadier General Eli Ben Meir, former Israeli Military Intelligence chief. The three of us discussed the WikiLeaks disclosures. I commented specifically on:
Cyber attacks and the security breach at OPM disclosed non-classified government employees and by omission who were covert at American Embassies globally.
Noting Julian Assange’s careful word choices to exclude Russia as source without excluding them as the ultimate source of his sources.
The need for WikiLeaks’ to keep their sources confidential and how they amplified the data from Bradley Manning and Edward Snowden.
Different approaches to preventing cyber attacks depending on the cause. “It’s one thing when someone steals your car because they broke into it. It’s another thing when someone steals your car because you left your keys in the ignition.”
Here’s the audio of the show:
My segment starts at the 6:50 mark. Sean and General Meir speak first, then I start around 9:25. Final comments at 14:15 and it wraps up by 14:50.
Only a limited amount of information can be discussed in such a short interview. Some additional issues to consider are:
Securing data over the internet and inside organizations is very challenging. Threats may come from:
External hacks that need to be monitored and defeated
Internal people who unintentionally leave the front door unlocked
Internal people who intentionally leak information
Different solutions are required for each type of threat. Some are at the software vendor, design, and developer level, while others involve end-user training, background checks, and monitoring.
Applications can be built so that simply disclosing a user name and password doesn’t compromise the whole system by require two-factor authentication and registering devices that can use those credentials.
Unfortunately, many systems were built well before today’s cyber threats existed. The cost of making those systems more secure without breaking their existing functionality will be daunting and expensive. In many cases, the original source code, development environment and/or vendor are long gone, so the only option is to replace them which is also very expensive and time consuming.
Julian Assange and WikiLeaks are Not Heroes
We need to keep in mind that the WikiLeaks exposed top secret US information by publishing the disclosures from Manning and Snowden. Lives were put at risk and lives may have been lost because of those publications. The Arab Spring was inflamed in part by the disclosure of diplomatic communications and one could argue the human tragedy in Syria is tied to this as well. While Republicans are celebrating and defending Assange and WikiLeaks now for the DNC emails, the tables may turn very quickly.
Data That’s Not Exposed May be More Dangerous
While many are focused on the DNC emails, it’s not unreasonable to assume the people who hacked that also got the RNC emails. Data can be power, and in the wrong hands, data can be used for nefarious purposes such as blackmail.
If the RNC data were compromised, we should be extremely worried if the hackers discovered it was more valuable to keep private than public. Whether they use it directly or sell it to another party or country, the information can make victims puppets by threatening the exposure of their personal data. It’s not uncommon during E-discovery of an email server to discover all sorts of inappropriate language, behavior and activity conducted by individuals in an organization. Disclosures of affairs, homosexual activity, underage sex, bribery, unethical business dealings, breeches of confidentiality, collusion, and actual crimes are often found in email threads and can be used for blackmail.
I’ve unexpectedly become a national technical “expert” on the problems plaguing the Healthcare.gov web site for the Affordable Care Act (Obamacare). By documenting the problems from my experience trying to use the site on the first day, I was among the first to warn that the problems were VERY serious. Much more serious than the initial suggestions that crashes were due to too many users. Based on my software development experience and how awful Healthcare.gov is, I sensed the site was created by people who may have never created a scalable, database web site before. My blog posts went viral:
“It’s poorly designed,” said Luke Chung, the president of a database company in Virginia who has publicly criticized the site in recent days. “People higher up are given the excuse that there are too many users. That’s a convenient excuse for the managers to pass up the chain.”
IT developer Luke Chung, who supports the health law, blogged scathingly about his experience logging into healthcare.gov. “To deliver such low quality results requires multiple process breakdowns. It just proves you can create bad solutions independent of the choice of technology…it wouldn’t pass a basic code review. It appears the people who built the site don’t know what they’re doing, never used it, and didn’t test it.”
“It wasn’t designed well, it wasn’t implemented well, and it looks like nobody tested it,” said Luke Chung, an online database programmer.
Chung supports the new health care law but said it was not the demand that is crashing the site. He thinks the entire website needs a complete overhaul.
“It’s not even close. It’s not even ready for beta testing for my book. I would be ashamed and embarrassed if my organization delivered something like that,” he said.
October 9: CNN Situation Room with Wolf Blitzer
I was featured in an article on CNN entitled Obamacare glitches known ahead of time? Brian Todd came by the office to learn more about the challenges I encountered and the web site actually crashed while I was showing it.
Database expert Luke Chung has suddenly become an expert on the failings of the Obamacare computer system, all because it kept crashing as he tried to get a quote. Dave Ross and Luke go in depth on what Luke found after he dug into it (stunning ineptitude) and how he could fix it easily for a fraction of the cost. Whether you’re a geek or not, you’ll enjoy this fascinating conversation.
It’s my most in depth interview on the HealthCare.gov website. It includes my experience meeting with the House Energy and Commerce Committee staffers on Thursday, ways to improve the system, and how the Affordable Care Act can help FMS and other small businesses. I also suggested at the end of the show that our consulting team could rebuild the site for $1 million, and that I’d be embarrassed to accept so much. I think I can stand by that, but I probably should have checked with my managers first. 🙂
Two weeks after the government’s healthcare exchange website was launched , it is receiving intense criticism from Americans trying to sign up, former White House staffers, and even a software programmer, who says the site looks like “amateur hour.”
At 1:36: Tom Costello asks, “When you see this as a software programmer, what does it say to you. Luke replied: “Amateur Hour. It looks like it was created by someone who has never delivered commercial software before….A user should never see this. This would barely make beta testing.”
2:07: Experts say a lot of work needs to be done: “If they don’t change management, this project is doomed. Because we’ve already seen what the existing management considers ready for shipping, and it’s not.”
October 17: NBC Nightly News with Tom Costello
I also appeared on the evening news with a different clip from the same interview:
The company that built the botched website where people are supposed to sign up for the Obama’s health care exchanges has spent millions of dollars developing Healthcare.gov, but people are still having trouble signing up. NBC’s Tom Costello reports.
At 1:54: Tech experts say the problems with the US web site are serious. Luke says: “It doesn’t work. It’s supposed to get you a quote. It doesn’t do that.”
Luke Chung owns a software database company. If this was your product, what would you say? “I’d be embarrassed, and I’d use language with my development team that couldn’t be on the air. This is ridiculous.”
“It’s just an awful website…As I was using it, the system kept crashing on me. And as soon as it started crashing, I was like ‘Oh, my God, this system is not ready for prime time.’ The types of crashes I was experiencing had nothing to do with too many users. It was just bad…They had developers who I sensed had never been paid to create software before. It was really amateurish. It looks like it was their first job…The programming was really bad; it looks like it wasn’t tested, and even if they had programmed it properly and tested it, the design was wrong. So it really didn’t matter whether they did it right…They haven’t thought through the buying process…$200 million at $200 an hour is a million man hours, 500 man years. How did they have time to use 500 man-years? Or triple that, 1500 man years..This is just filling out a paper form and getting a subsidy…It shouldn’t be that complicated.”
October 24: MSNBC Chris Jansing Show
A relatively lengthy eight minute interview where I evaluate the existing system and point out the problems with federal contractors. Chris Jansing does a nice job challenging some of my conclusions: “It’s just an awful web site”
Healthcare.gov to ‘work smoothly’ by end of November
White House economic advisor Jeff Zeints has said that by the end of November — just five weeks away — the federal healthcare website will be working smoothly for the vast majority of users. NBC’s Tom Costello reports.
Starting at 1:50, I make a few comments:
“Every time I come to my application, it says it’s incomplete…It’s extremely difficult to take over someone else’s code, figure out what’s wrong with it, and fix it. Sometimes you have to throw it away and start from scratch.”
Tom Costello concluded from my comments that I didn’t believe the new team would be able to fix the site by the end of November. While I believe that will be a challenging deadline, my contention all along is that this website is not that difficult to implement. With the proper design and development team, they could create a functional version of Healthcare.gov in five weeks. Their families, however, shouldn’t expect to see them much over Thanksgiving weekend.
October 26: Fox & Friends interview by Clayton Morris
Unfortunately, I haven’t received a clip of the episode. Will post it if/when we receive it.
November 5: Sean Hannity Radio Show
Discussing the Healthcare.gov mess, what to do about it, and how the government contractors charged so much and delivered so little. Begins with Congressional inquiries of the CGI Federal contractors before my interview starts. I start a bit after the 2 minute mark (total 10 minutes)
Luke Chung, president and founder of FMS, a software development firm based in Virginia, suggested the contractors should not try “to fix something that’s bad.”
“It’s like polishing a turd. Either way, you still have a turd,” Chung said bluntly.
He criticized the design of the site, and said it didn’t need to be so complex.He said a much simpler site would serve its purpose better, make it easier for the public to use and would likely only take a month to build.
Not my classiest quote, but you never know what a reporter will use after an extended interview. Here are the recommendations I’ve made for a better design and simpler implementation of the web site: Creating a Healthcare.gov Web Site that Works
“When I visited HealthCare.gov on October 1, that was the worst piece of software I’ve ever experienced in my life,” said Luke Chung, founder and CEO of the software company FMS. “It had nothing to do with too many users. It couldn’t serve one user.”
Chung, who is testifying in front of the House Oversight committee today, said these technical issues are the most frustrating.
“I have contended all along that this is not that difficult of a project,” he said. “It doesn’t provide health care, it doesn’t even provide insurance. It’s just a form to apply for a subsidy to get health insurance. It’s automating a paper form. It shouldn’t be that hard.”
“Technically, this is not that difficult,” Chung added. “It shouldn’t cost more than $10 million. And it should be something that can be done in a couple of months.”
“The idea that it would be perfect is never. All systems are never perfect. It’s never perfectly secure or functioning,” Chung said. “If you discovered hundreds of bugs on the initial launch, there are hundreds more or multiples of that that haven’t been discovered yet.”
November 13: House Homeland Security Committee
I was invited to testify before the House Homeland Security Committee. I provided a written testimony and gave a five minute opening statement before answering questions from Chairman McCaul.
Quoted in this article based on my testimony yesterday before the House Homeland Security Committee.
“You would assume that for hundreds of millions of dollars it would be a secure site”
Was interviewed by the article’s authors on November 18th for additional research into how the contractors took advantage of taxpayers.
November 14: Sean Hannity Radio Show
My third appearance on Sean Hannity’s radio show. I’ve become his “technical expert” and we discussed how the Healthcare.gov government contractors abused taxpayers in addition to being inept. Also discussed how the website could be designed properly and how we created the Logistics Support System for the United Nations, deployed in 80 countries, for under $500K. And that platform can be localized in any language while Healthcare.gov was supposed to also be in Spanish and they don’t even have that.
In the month and a half since Healthcare.gov debuted, I think everyone has finally accepted how technically awful the website is. Maybe this will be the end of my media attention.
November 22: CNN Situation Room by Brianna Keilar and Wolf Blitzer
While attending a week-long conference at Microsoft, I was asked to comment on the need for anonymous shopping on the Healthcare.gov website. I was taped from their Seattle studio, hence the Space Needle backdrop:
I appear at 1:50 for a short quote in this 4:30 story:
“This is something people expect when they visit any web site to not disclose any personal information until they’re at a point where they want to make a commitment to buy.”
November 26: On the Record with Kimberly Guilfoyle
Greta van Susteren is on vacation, so I chatted with Kimberly who was in New York City while I was on Greta’s studio in Washington, DC. We discussed how these contractors are “Too Big to Fire”
“Over time, I’m beginning to see that these government contractors who took over this project have essentially made every decision that favors them as much as possible – to maximize the cost to taxpayers, to maximize their profits.”
I’ve been a technical resource for Robert Pear of the New York Times since he quoted me in an article that kicked off all this media attention on October 8th.
Yesterday we chatted about how a web site needs to be built to support maximum volume which will come on the deadline date. Quite a challenge since they can’t even support the early volume. His article appears on the front page:
Luke Chung, the president of FMS, a database company in Virginia, said building the website to handle 50,000 simultaneous users was “not unreasonable.” But he said the government must be prepared to handle much larger numbers at peak times like Dec. 23, just as the Internal Revenue Services does at the tax filing deadline in April.
After confirming I wasn’t involved with the Healthcare.gov project, I was interviewed by Leigh Ann Caldwell about the new rollout while trying to board to flight at BWI:
Luke Chung, president and founder of Virginia-based software development company FMS Inc., said success for the website would be determined by both the number of users as well as how long they are in the system. He compared it to a highway, noting that 50,000 people traveling 60 miles per hour is smooth traffic while the same number going 10 miles per hour is a jam…Chung cited December 23 as the most significant deadline, noting that demand would be “huge” because people by nature wait until the last minute to act.
The Obama administration has just one day to get its Healthcare.gov website running more efficiently, but officials are already trying to limit expectations once again.
Taped from sunny Sarasota, FL over Thanksgiving weekend, this was the lead story of the evening news. Thought a beach shoot would be better but they said they’d have to explain that. Starting at 0:45, I make a few comments in response to Secretary Sebelius’ comments that people should use the new Healthcare.gov web site during off-peak hours:
“It tells me the system isn’t full baked. This system should be able to accommodate as many people who want to get on as possible.”..cut to President Obama…”50,000 is not a number that’s unheard of for websites to be able to support at one time. So I think the challenge is not just the number of users, but whether there are still bugs in the system that will prevent the process from running smoothly.”
A portion of my taped interview yesterday was also included in the following morning’s Today Show at 1:06:
“The system either works or it doesn’t work….the 50,000 number that they’ve put out is a little ambiguous because what one wants to know is how many people per hour can get through the system.”
November 30: CNN with Tory Dunnan
Tory Dunnan had a Skype call with me to better understand the capacity of the relaunched Healthcare.gov site. I now know that I need better lighting for a Skype call. This interview was cut into multiple stories that aired all day long. Here’s one of them appearing at 1:30:
“So the challenge isn’t how many lanes do you have on the highway, but it’s how fast the cars can go down the highway. Because if there’s any breakdown, you can have a big traffic jam and pile up behind you.”
A one-on-one interview with Clayton Morris for four minutes discussing how large government contractors profit from delivering systems that don’t work: “If we follow the money, we’ll see the stink in the system…Too Big to Fire”
Featuring Sarasota Bay behind me.
December 2: MSNBC News Nation with Tamron Hall
I appeared on a panel with three others for a live interview discussing the relaunched Healthcare.gov web site. Tried to explain how software works to better understand the expected 1% error rate since software either works or doesn’t.
Do they expect 1% of the people to crash for unknown reasons or do they know certain situations will always crash and only expect 1% of the people to do that. Frankly, I don’t understand how anyone develops software with expected failure rates like this.
The contract for the Healthcare.gov site has moved from CGI Federal to Accenture, but Accenture doesn’t really have a better team to put in place. In the typical large government contractor world, the winner of a contract simply hires the existing team and moves them to their payroll. The people who do the work remain and change their business cards. Do we really expect significant improvements from a team that created the original site and thought it was ready for the public?
“This appears to be a typical government contract shuffle,” Luke Chung, the president of FMS, a software development company in Vienna, Va., said of the handoff. “A new company wins the contract and hires many of the old people. It happens all the time in government.”
We could have started our new blog from scratch but since our existing blog existed for many years, we wanted to migrate it with all the comments from our BlogEngine.NET host to WordPress. That turned out to be a tricky process but we managed to do so. To help others who might be facing the same situation, here are the steps we followed so you don’t have to make the same mistakes we did:
Prepare the Existing Blogs for the Migration
The first step is to make sure your existing BlogEngine.NET blog is working properly and ready for export. One of the tricky and time-consuming parts of this is the reference to graphic files. BlogEngine stores its embedded graphics in its own structure using syntax similar to this (our blog was in the BLOG folder):
Note that this only impacts graphics that were uploaded into BlogEngine. If you referenced images that already existing on your website, those references are fine and do not need to be modified.
To fix the image.axd? references and eliminate future dependencies, it’s best to store these graphics in your website explicitly. Once you save the graphic files, you can update your blogs to reference them. Saving the individual pictures is a manual process and you’ll need to decide where to store them on your website. You can then manually update the affected blog topics. Alternatively, you can do a search and replace later after exporting the blog’s XML file. We did a combination of both.
Export the existing BlogEngine.NET data to an XML file
Export the existing BlogEngine.NET data to an XML file. This is available as the last option under Settings from BlogEngine. The default name is BlogML.xml
Unfortunately, even if you fixed the picture image references, you’ll still need to translate the file to a format that WordPress can import. That requires making many changes. We actually exported the XML file, then parsed it to find the references to
to identify any image references that were still in BlogEngine. That gave us the choice to either fix the original blog and re-export, or to fix it directly in the XML file.
The WordPress import tools are under Tools, Import. To import the BlogML file, you need to install the appropriate WordPress PlugIn. The BlogML plugin that worked for us was BlogML-WordPress-Import.zip which can be found here. You’ll need administrator write rights to your WordPress folders to install this.
Before you modify the BlogML file, you may want to import it to see the problems that need to be addressed in WordPress. You can do so and trash them in WordPress without any harm.
Using Permalinks with Post Names
By default, WordPress saves and displays its posts by ID number in the URL. If you want posts to have more meaningful names which also helps with SEO, you should set the preference under Settings, Permalinks, and choose Post. We set this but the pages triggered a 404, Missing File problem.
We discovered that this translation didn’t work on our WordPress host (Windows using IIS) unless we added a web.config file in the root of the blog with this information:
Translating the BlogXML file with Microsoft Access
Now that we established the foundation to import the XML file and display the posts with the proper Permalinks, we could see several things still need to be fixed. It was relative easy to do with multiple search and replace terms. We did this in Microsoft Access:
Create a table with two text fields. One for the Original value and one for the New value to replace it. We then populated the table with the terms to translate:
Hyperlink references. Since we migrated our blog from a subfolder (www.fmsinc.com/blog) to its own subdomain (blog.fmsinc.com), we needed to modify all the hyperlink references that were pointing to our web pages to explicitly point to our www.fmsinc.com web site. That meant, we needed to adjust our href=”/ syntax to “href=”http://www.fmsinc.com/”, so we added these two values to our table.
Existing Image references. Similarly, we needed to adjust our image src=”/ references for graphic files to “src=”http://www.fmsinc.com/”, so they were added. Note, we didn’t search for “img src” because many references included style settings between the “img” and “src”.
New Image references. This is also the time to add any explicit image.axd? references to the new location of the graphics if you didn’t want to manually edit the original posts.
BlogEngine saves category names as GUIDs and references the GUIDs in each post. If you don’t translate these, they’ll be imported into WordPress with the GUID rather than readable category name. We used the CXMLSettings class from Total Visual SourceBook to read the categories section of the XML file so we could pair the GUID and category names.
Perform the Search and Replace
Once the table contains all the terms to translate, we wrote a simple routine to read the XML file into a variable, then go through the table and use the VBA REPLACE function for each record. When we were finished, we wrote the text to a new XML file for WordPress to import.
From WordPress, import the new file using the BlogML import plugin.
Because we programmatically perform the translation process, it was easy to test, run, and refined the entire process when things didn’t work correctly. It took us a few iterations but we were pleasantly surprised how well the posts came across.
We found that we needed to manually touch up some of our posts. The HTML in WordPress doesn’t require the use of paragraph styles (<p> </p>) to define each paragraph and automatically strips them out. Unfortunately, it displays the line breaks in paragraphs which is normally ignored in HTML syntax. We had to manually edit and delete those so the posts properly word-wrapped.