SpiderBytes: the SpiderOak Podcast

In this episode we talk with Alex Flaxman, a medical doctor with software development experience. He has unique insights around privacy and security to share.

Show Notes

In this episode we talk with Alex Flaxman, a medical doctor with software development experience. He has unique insights around privacy and security to share.

What is SpiderBytes: the SpiderOak Podcast?

Online security and privacy aren't very sexy, but they are important. SpiderBytes is a podcast where normal people from many different fields discuss the tools and techniques they use to be more secure and maintain their privacy. Hosted by Adam Tervort. Guests from across the SpiderOak community.

Adam Tervort (00:01):
Hello world and welcome back to SpiderBytes, the SpiderOak podcast. I'm your host, Adam Tervort.

Adam Tervort (00:07):
Today on our episode I'm excited to introduce you to a medical doctor who is also a developer. He's got some really unique insights, both on software development, the way that interacts with the healthcare system and the importance of security and privacy in a healthcare practice. I know you're really going to enjoy this one. We'll get right to the interview after these messages.

Adam Tervort (00:35):
This podcast is sponsored by SpiderOak. At SpiderOak, we believe security is important and it's our mission to secure the world's data. From secure data compartments for collaboration and data storage, to protecting your backups with end-to-end encryption or even protecting communications in space. We want to be part of your plan to protect your most important data. Learn more at spideroak.com.

Adam Tervort (01:01):
Welcome to another episode of the SpiderBytes podcast from SpiderOak. Today, I'm really excited to be joined by Alex Flaxman.

Alex Flaxman (01:10):
Hello.

Adam Tervort (01:12):
Alex, can you introduce yourself? Tell us a little bit about you.

Alex Flaxman (01:15):
Sure. My name is Alex Flaxman and I have a tech and engineering background. Then after graduate school in account engineering with a concentration in robotics, I changed gears to my other interests and went to medical school and I now work as an intensivist. My residency was emergency medicine. My fellowship was critical care. Obviously the last year and a half has really seen the world change a little bit and a lot of those patients end up in the intensive care unit and I have steered my career more towards the medical informatics side of things. I've always been a good consumer of technology and computers at home and I used to be a consultant and program, et cetera and now I try and gear my work towards the medical informatics, which is really computers for the, I want to say the business of medicine, it's not like processing claims or anything like that, but looking at the information of medicine and the systems in place and improving all of that.

Adam Tervort (02:30):
Yeah, that's really interesting. There aren't very many people who have a background both in technology and robotics and in medicine.

Alex Flaxman (02:39):
It's interesting. Ages ago when I was still a resident, there was an attending who was working clinically as an attending and he was actually in fellowship in one of their earlier mathematics fellowships. He was so proud that they were teaching him, in short, Java. It was his first programming class ever. The language they were using was Java and while I only dabbled in Java per se, certainly I learned Pascal and C and C and actually Smalltalk and Visual Basic and it was just amazing that here's a physician in a fellowship doing what I was doing as a sophomore in college or freshman in college. Even before that on my Apple II Plus programming in Apple basic.

Adam Tervort (03:25):
Yeah. Do you have any code that's still out live in the wild?

Alex Flaxman (03:31):
Yes. When I was a resident I wrote a program. It actually is still being used at a hospital in New York City. Actually would work at a couple others because of the networks that the hospitals have, but it's interesting. It started off as really, I just wrote it for me. I hard coded all the items for me and it sped up this one really annoying thing we had to do a lot of. One day somebody saw me go and print out this these six forms that somebody needed in about a second. He said, how'd you do that? I told him and he said, oh, can you do that for me? Okay. I copied everything, hard coded his name, made a different directory on my web server. His name was John. Then somebody else saw it, so another 20 minutes and I had one for Steve and then Bob and then I realized every time I'm doing this, it's another 20 minutes and there's a lot of people. I finally said, all right, I give up. I backed out. I wrote an application using some of the earlier technology that I worked with the Adobe intern when I was an intern at [inaudible 00:04:38] in Foster City, California. I wrote an application and then when someone said, can you just do that for me, I could, it was a second to add their name and then it worked.

Alex Flaxman (04:51):
When I was done residency and leaving the people who were staying, a couple were staying as attendings there, a couple people were younger than me, so they were earlier in the career than me and a couple of the physician assistants who worked there as their permanent job. One of them came up and said, you're not going to shut that off, are you? I said, well, I was planning on it and they're like, no, you can't. Can you keep it running? Kind of by an unwritten handshake, they just didn't tell anybody else about it because although it was starting to cost me money, not a lot, but it was starting to get usage, that was an issue. They just didn't tell anybody else in other departments and so I think just the emergency department was using it and then those people, when they would go to other departments, would use the application. It's still running. It's written in Visual Basic script and Active Server Pages.

Alex Flaxman (05:44):
My new side gig is going to be to rework it. Now I'm actually an attending physician, so I can do a little more of the medical research behind some of the forms and then I will have to up my programming skills and little companies like Amazon now exist. Whether I end up looking at Amazon Web Services or Microsoft's version, Oracle or somebody else, pick one of those and my plan is JavaScript now on client and server and then if it needs any extensions, binaries, then I'll probably suffer through C++ because if I do those things, I think that's the most extendable. I'm not going back to Perl. I've done it. It's been a long time. I think I can take one more level of abstraction to JavaScript and C, C++ if I really have to or maybe I'll get to the point where I can hire somebody for the C++ part.

Adam Tervort (06:46):
Yeah, there you go. Well, that's pretty exciting, both that your hobby is still out there and live and also that it's been beneficial to your professional work in medicine. Talk to us a little bit about the security problems that you think about and any tools or strategies you use to combat those, either in your professional work or in your personal life.

Alex Flaxman (07:19):
The most obvious and actually how we ended up speaking is, I rely on one Spider of product because I couldn't find anybody else that did what I wanted. I have a desktop at home. I like desktops. I like ethernet plugs. I like my multiple monitors. I like the responsiveness of the desktop. When I use my laptop and I have a fancy laptop. I have Lenovo. Admittedly, my desktop at home is an i7 extreme and my laptop's an i5. I didn't take the i7 just for battery life, so I did the i5, but I can still tell that there is a noticeable pause, even with SSD drives, laptops are always a little bit slower than the PC. I understand that 99% of the computer time is waiting for human input, but when I sit down, my time is valued and I want the computer to respond. Also, it's been a long time, but I have done things like animations and engineering animations and if you do have to leave the computer running to render, then obviously the best computer's better.

Alex Flaxman (08:30):
I like local files when I work. I guess the good part is, obviously my personal life, I'm a one person shop and professionally right now, I don't have to worry about checking the files out and editing them, checking back in or synchronization. I want to be able to use my desktop with local files when I'm at home and especially now with my new job, when I work, especially night shifts, I have downtime, so I bring my laptop along with me. Every hospital has a guest network, which of course is wireless, so it's slower and I want to be able to continue working on the exact same files without having to manually update or synchronize. I don't want to have to check out a file or a VPN somewhere and wait for it to download.

Alex Flaxman (09:16):
For me, the SpiderOak One Backup with the synchronization was really what started why I started using SpiderOak. The versions forever online, SpiderOak, I haven't used that. Certainly I made some mistakes and I've called up an old version of a file, but I usually know it within a day at the most. Usually it has to do with my laptop wasn't online [inaudible 00:09:45] I access it. It's only happened with two or three files and so I use the version in control just in that respect, but since it's the same price, having versions back to the day I signed up to SpiderOak is fine and of course it handles the synchronization. I actually stopped using the synchronization because I finally hit the file limit of 10 gigabytes and now that I have kids and I have pictures, you hit those limits much faster than when you're just writing code, which is essentially just text files. That's, just personally, it's zero knowledge.

Alex Flaxman (10:25):
Everything I work on my desktop is on my laptop. It's backed up to the cloud and actually, if you think about it, I have a desktop and a laptop, so I have two computers. Now, literally God forbid, there's a fire at my house, I'd lose both of them and I'd rely on the online backup, but if a hard drive failed, I could pick up the other computer and continue working probably while I ordered another computer or another part and got the other one back up and running. I even considered, at a friend's house or at relative's house, getting another desktop and just putting it there with the same SpiderOak running, just so I'd have another PC, another location, but that seemed like one more step that I wanted to do. That's the personal security. I know the files are encrypted and there's zero knowledge. The key that I have to say forever is secured in a couple locations. Again, God forbid there's a fire, I'd still be able to retrieve all the files.

Alex Flaxman (11:22):
Then in terms of other aspects, which not even necessarily related to my computer, at home we have nothing inside the house that can be controlled from outside the house. No light bulbs that somebody else can dim, no doors that anyone else can unlock or open. In fact, I have this habit of leaving my garage door open. I've been very industrious and I have not done it in a very, very long time and every single time I extra double check, but there are devices that you can open and close your garage door and if you leave it open, it'll text you and I actually looked into one of them and I thought about, well, I might get it and I might still get it and just not set up the control mechanism. I would still get the sensor without having to worry about anything else, anybody else being able to open the garage door. We have an alarm. We did not pay for outside control, so you can't disable the alarm from an iPhone or from a website, but I did have an outpatient office for a while and I did have that ability for other reasons, but again, I did not have little kids sleeping at the office that I had to worry about.

Alex Flaxman (12:37):
Our HVAC system can't be controlled from outside the house. About the worst somebody could do if they hacked our Fire TV or my smart TV, maybe they could change the channel, but you can also go and unplug the TV. If a foreign adversary hits their button and decides to wage electronic wars as a prelude to launching missiles at us, I won't be distracted because I can just go pull the power cord of the TV out of the wall. I really want an a plug-in electric car, but between the battery fires and the ability for someone else to hack them and the ethical hackers have just proven that they can hit someone's brakes or cut the engine, but there's nothing that says a foreign adversary can't press a button and say, okay, every current car driving, point it at a person and every car sitting at home know overheat and start a fire. Again, would not shut the country down, but it might distract enough people that it could be a real problem.

Alex Flaxman (13:42):
I have my own opinion as to what should happen. I think rules and regulations Congress could pass is pretty easy, but Congress is also 535 people that can't agree that spam phone calls are a problem. I'm not holding out much hope for someone else to fix these problems.

Adam Tervort (14:01):
Yeah. I think that's a really good point. In a lot of countries, some of these problems are addressed through regulation. It's unfortunate that regulation is such a hard thing to agree on in the United States.

Alex Flaxman (14:14):
Yeah. In medicine, in critical care, there are some advantages the US has, but as a system Europe and by adopting their system, Australia and New Zealand, are actually ahead of us in many, many ways. I'm actually, in fact, a member of the European Society of Intensive Care Medicine. I think in their privacy protections, the same when I access the European websites or when I had the travel Europe for exams and review courses, you get the, what is it, the GPDR? You get that warning on almost every site and it's restricted. California has rules that approach what Europe does, but California's the only state.

Adam Tervort (14:57):
Well, thank you for your time today. I really appreciate your insights and your experiences and the things that you do and the thoughtful way that you approach security and privacy. Thank for sharing that with us. As a way to wrap this up, I love hearing favorite quotes. Do you have a favorite quote that you'd like to share with everybody?

Alex Flaxman (15:23):
Sure. My favorite is probably more an emotional one. I certainly have plenty that are more practical, both within medicine or in general about engineering or life, but since I did pick medicine as my field and my primary endeavor, no matter what I do with technology, the best quote was in the movie Field of Dreams. It was not even in the book. There's a doctor who had played baseball. He only got into the majors and he got to play a field. He didn't get into bat. Then has to even go back to being a family doctor, which isn't quite what I do. It's almost even more intimate. He is the town doctor, little black bag, he carries it and Kevin Costner says to him, it's a tragedy that you only got to play major league baseball for five minutes. This older doctor at that point looks at him and goes, son, I only got to be a doctor for five minutes, now that would've been a tragedy.

Alex Flaxman (16:28):
I love my engineering background. The first code I got paid to write was programming prototype pipe bending machines. I wrote it originally in AutoLISP and then when they contacted me again to update it, they would call me every couple years. It was eventually done in VB Script or Visual Basic. If somebody said, oh, that's a shame you didn't pursue that. I'd say, no. The shame would've been if I had looked at medicine and passed it by. That's my favorite emotional quote.

Adam Tervort (17:04):
Oh, thank you. Thanks for all the hard work of you and your colleagues in the last year and a half.

Alex Flaxman (17:11):
You're welcome. It is just part of the job, whatever anybody else says, but I've been fortunate to work in places, PPE was never an issue, we were always safe and other than just having the patients there with disease, but I appreciate it. Thank you.

Adam Tervort (17:28):
Well, thanks so much. That will be it for this episode. Join us again for our next episode.

Adam Tervort (17:35):
Some things are best kept secret. You wouldn't send your company's financial data through snail mail on a postcard, so why would you use insecure digital collaboration tools? Introducing CrossClave, a file sharing and collaboration solution built with security in mind from the first bite. It's like Signal for business. CrossClave uses distributed ledger technology in end to end encryption to deliver a true zero trust system, designed to protect you and your business's most valuable data. When you need to share a collaborate on your most sensitive inform, SpiderOak's CrossClave is your only choice. Go to spideroak.com/podcast to get started with a free account, no credit card required.

Adam Tervort (18:19):
Thanks again for listening. For all of us at SpiderOak, I'm Adam Tervort. We hope you enjoyed this episode. If you did, please consider subscribing. If you're interested in joining us as a guest on SpiderBytes, send me an email at podcast@spideroak-inc.com. We'd like to thank Mel Graves for our theme music Earshot. We'd also like to extend a special thanks to our law firm. Dewey, Cheetham & Howe, SpiderOak's Cliche Monitor, Saul Wellingood, our Ornithologist in Training, Luke A. Boyd and our staffing agency, Click and Clack. Thanks everyone.