We got a couple of Codebugs just before Christmas and have been having quite a good time playing with them so far. You write code for them using an online IDE based on Google Blockly and the device itself has two buttons, a 5×5 grid of LEDs and 4 GPIO ports with nice croc-clip friendly contacts on it so you can straight away start playing with linking code to the physical world. It also has an expansion connector (the ‘Tail’) and when you connect it to a PC via USB it comes up as a mass storage device and you drag code across to it to run it.
We’ve done the obligatory “scroll your name” across the LEDs, hooked up fruit to create a fruit ‘touch’ keyboard and have started exploring some of the projects available via the online community.
My only slight gripe is that the mechanism for getting code on it isn’t quite as intuitive as it might be. We’ve largely got the hang of holding buttons down whilst powering it up. although, when trying out code, it tends to stay plugged in, so we use the ‘reset’ then ‘hold’ technique designed for when it is powered by battery most of the time. However sometimes the buttons aren’t held quite long enough for it to register. Also, every time it comes up in mass storage mode, the previous programme is erased. If you are not careful you end up with lots of “compiled” Codebug programmes lying around your browser’s download directory. Seeing as all projects are managed by the online IDE it would be nice if there was a neater way to send the code straight to the Codebug without copying between directories.
That aside, its a great device and has generated lots of interest with the kids and I’ve recently purchased a set of Glowbugs. These are WS2812 based RGB LEDs with simple croc-friendly (of course) contacts that you connect to the Codebug using the GPIO, configure and off you go.
For our next project however, we quite wanted to use all 4 GPIO as inputs and I know that the Glowbugs can be driven directly via the expansion header, so I set about seeing if I could create a DIY ‘tail’ connector to breakout the CS, +5v and GND connectors, as used by the Colourtail, to something that would accept croc clips.
I also have a cheap, purchased from China, 24-LED WS2812 pixel ring with the same +5, GND, DIN, DOUT interface as Neopixels and the Glowbugs that I wanted to use. I’ve already connected this up via the Codebug Tail, but again wanted something croc-clip friendly that the kids could use.
So armed with a 20x80cm prototyping board and some right-angled headers, I set about making a simple DIY tail adaptor and connector for the LED ring. Warning – massively dodgy soldering coming up.
As a major goal was to make this easy for the kids to use, I wanted the connectors to break out in the same order as the Glowbugs – so (with all boards face down) this means from left to right, GND, DIN, +5v. However the tail connectors are CS, GND, three not required for this application, and VCC, so I needed a wire link to get CS (for the data) from the left-most pin to a central spot.
With a small portion of board cut and smoothed ready for headers, I decided to use crude solder blobs as a simple way to create croc-friendly pads and connections, as can be seen via the very dodgy soldering going on in the following! In case you can’t quite make it out, the ‘circuit’ is highlighted in the last pic.
So after adding another three ‘pads’ on the other side, the final thing looks like this.
In order to be able to easily use the LED pixel ring, I decided on a similar approach to add some ‘pads’ to the ring. Once again I wanted the pads in the same order as a Glowbug. I could have added both an ‘in’ and ‘out’ connector, but decided for simplicity only to create an ‘in’ – so the ring will always be the last thing in the chain. In the following, the wires are coloured as follows: green is GND, blue is DIN and red is VCC.
The biggest problem with just connecting the pixel ring directly to the Tail connector was the poor physical connection of the wires to the ring itself, so this time to give it a degree of kid-robustness, I used a hot-glue gun to stick the pads to the ring and protect the solder links.
With a final blob of glue over the top of the solder connections to the ring, everything is ready to go.
So to use the Glowbugs connected via the DIY tail, you have to use the configuration blog to enable the ‘Colourtail’ rather than ‘Glowbug’, but otherwise, everything else is just the same. And of course, the ring is just treated as a set of additional 24 Glowbugs added on the end of the chain.
So crude, and soldering that will definitely not be winning any prizes, but it works, and passes first contact with the kids.
I read this article from TheRegister with mild interest:
“Medical Data Experiment goes horribly wrong: 950,000 records lost” – http://www.theregister.co.uk/2016/01/27/centene_loses_95000_medical_records_on_six_hard_disks/
Ok, so yet another ‘company loses personal data, warns as a precaution’ story. In this case, six hard disks apparently containing personal health information of around 950,000 people.
So my initial thought was something along the lines of “are people really misplacing whole hard disks still in 2016”?
Personally, I suspect it is more likely an accounting problem rather than a physical loss – they are probably labelled up wrong, or left in a drawer somewhere, or have been re-used and nobody noticed, that kind of thing. But it is interesting to look at the phraseology of two consecutive press releases from the company involved (no, I’m not quite why I looked them up either – but I did!).
On the data loss:
“Centene has determined the hard drives contained the personal health information of certain individuals who received laboratory services from 2009-2015 including name, address, date of birth, social security number, member ID number and health information. The hard drives do not include any financial or payment information. The total number of affected individuals is approximately 950,000.”
Fair play – they are admitting their mistake and attempting to do the right thing:
“Notification to affected individuals will include an offer of free credit and healthcare monitoring. Centene is in the process of reinforcing and reviewing its procedures related to managing its IT assets.”
Otherwise, without openness and honesty around such issues, how can lessons be learned?
But the following day, the next press release announces their financial results for the year:
“On January 25, 2016, the Company announced an ongoing comprehensive internal search for six hard drives that are unaccounted for in its inventory of approximately 26,000 information technology (IT) devices. This incident resulted from an employee not following established procedures on storing IT hardware. While we cannot estimate the impact with certainty at this time, the Company does not expect the impact of the incident to have a material effect on its future growth opportunities, financial position, cash flow or results of operations.”
Yes – they don’t expect the fact that 950,000 people’s personal health details going missing will affect their financial position now or in the future.
I guess that answers the question of why it is 2016 and companies still lose whole hard disks of personal information. If there is minimal financial impact, it is good business sense for them to keep their procedures at the minimum deemed necessary – that is just sensible business risk-management. In fact the whole ‘free credit and healthcare’ monitoring could be seen as a cost effective insurance policy against possible loss should it occur, compared to the costs of labour intensive, fault-free asset management to prevent any chance of loss up front.
These things will only change when the impact of the issue impacts the companies involved much more significantly, rather than just ending up a problem for the people whose data is lost.
In the UK, I guess we have the Information Commissioner’s Office guidelines for handling data and ability to set fines, but even this misses the point for me. A fine is after the fact and with so many charities and volunteer organisations (cough, Scout National database) storing personal details, a significant fine would end up burying an organisation and an insignificant fine is largely pointless. But either way the data will still be lost. So the answer to this one is really education – so to that end, the ICO Guide to Data Protection is great – but unless someone is actually auditing and proactively educating organisations, or perhaps more appropriately companies now selling online services to organisations, on these principles, I suspect we’ll keep seeing problems occurring.
As we see massive growth in companies providing online payment services (ParentPay, SchoolMoney, PaySchool and so on) information and content management (dbPrimary, Google for Education, etc), communications and mailing services (ParentMail, etc), biometric authentication (40% of secondary schools apparently), online learning, and so on to education and charities, more of our data ends up online regardless of the fact it might not be us putting it there! For a cash-strapped organisation, managing an offline and online database isn’t going to happen. You might not use their online system, but your data will be there as they’ll be using it themselves.
The school use of biometrics is particularly worrisome – many kids may have their biometrics compromised before they are even old enough to decide for themselves if they want to hand over their biometric signatures to any company.
Fundamentally, at present, all the risk from a company storing your data is on you, not them. Until that risk balance is addressed, I guess we will stay at the mercy of “bottom line (non-)impact” reporting. And whilst it is convenient and cost-saving for organisations to use more of these online services, our data will keep being stored who knows where and there is very little we can do to stop the tide of information uploading.