Eliminate Print Servers: go LANless?

stacksofplates

@scottalanmiller said:

@johnhooks said:

@scottalanmiller said:

@johnhooks said:

At least the data has to have some kind of structure.

Here is the rub. This is not only not necessarily true, it's not even likely to be true.

If it's a relational database it has to. Like I said, you can't break the first normal form with a relational database.

Sure can, and some relational databases don't even support enforcing it. And there is no reason to even think it is likely to be relational. That's rather unlikely for such a modern app doing what it does. Why is relational even being brought up outside of a "well, I suppose it might be relational."

Explain how it's possible? How can you have a tuple that doesn't have all of the attributes? That's impossible.

scottalanmiller

And again, using Spotify as an anecdote is meaningless. Completely meaningless. You assume everything about their database and then use a complex API to suggest that APIs are difficult. Sure, anyone can make a bad or hard or huge API. But people can also make easy ones. I've used many that are so dead simple that it is just crazy. That doesn't mean that all are.

My point is based on "things come in a wide variety and we can't make assumptions." Your point, I feel, is based on the assumptions that:

• All databases are relational. (Known false.)
• All ODBC is easy and self describing (Known false.)
• All APIs are complex and difficult (Known false.)
• All databases put relationships in the DB not in code (known false.)

Your point depends on all four of those things reliably true, but all are provably unreliable. They might be common (although that too, is questionable) but all are provably not always true. If they are not reliably true, it undermines your point.

My point is simply that we can't know enough to depend on those things.

stacksofplates

@scottalanmiller said:

And again, using Spotify as an anecdote is meaningless. Completely meaningless. You assume everything about their database and then use a complex API to suggest that APIs are difficult. Sure, anyone can make a bad or hard or huge API. But people can also make easy ones. I've used many that are so dead simple that it is just crazy. That doesn't mean that all are.

My point is based on "things come in a wide variety and we can't make assumptions." Your point, I feel, is based on the assumptions that:

• All databases are relational. (Known false.)
• All ODBC is easy and self describing (Known false.)
• All APIs are complex and difficult (Known false.)
• All databases put relationships in the DB not in code (known false.)

Your point depends on all four of those things reliably true, but all are provably unreliable. They might be common (although that too, is questionable) but all are provably not always true. If they are not reliably true, it undermines your point.

My point is simply that we can't know enough to depend on those things.

Provide a simple API?

stacksofplates

@scottalanmiller said:

All ODBC is easy and self describing (Known false.)

First off how is this a known false? Username, password, done. That's easy. If you're referring to the data behind the ODBC, then that's different.

scottalanmiller

@johnhooks said:

@scottalanmiller said:

@johnhooks said:

@scottalanmiller said:

@johnhooks said:

At least the data has to have some kind of structure.

Here is the rub. This is not only not necessarily true, it's not even likely to be true.

If it's a relational database it has to. Like I said, you can't break the first normal form with a relational database.

Sure can, and some relational databases don't even support enforcing it. And there is no reason to even think it is likely to be relational. That's rather unlikely for such a modern app doing what it does. Why is relational even being brought up outside of a "well, I suppose it might be relational."

Explain how it's possible? How can you have a tuple that doesn't have all of the attributes? That's impossible.

Lots of databases and applications happily do not enforce no-null. So many that it is normally assumed. Nulls are very common. No matter how bad of a form it is, it is the most common way to set up a tuple.

scottalanmiller

@johnhooks said:

@scottalanmiller said:

All ODBC is easy and self describing (Known false.)

First off how is this a known false? Username, password, done. That's easy. If you're referring to the data behind the ODBC, then that's different.

I'm referring to the data behind it.

scottalanmiller

@johnhooks said:

Provide a simple API?

Look at the MangoLassi URL. That's a very common HTTP-based, XML returning, RESTful API.

scottalanmiller

Spiceworks uses a similar API. So easy that you can just look at it.

Have you ever worked with Ruby on Rails? It makes the API for you as you go and drives home how it is used. By default, many modern frameworks create super simple APIs as part of their framework itself.

MattSpeller

stacksofplates

@scottalanmiller said:

@johnhooks said:

Provide a simple API?

Look at the MangoLassi URL. That's a very common HTTP-based, XML returning, RESTful API.

an EMR and a forum site are not comparable at all.

stacksofplates

Second you are assuming that the APIs are going to present the information in a readable way which is a known false.

scottalanmiller

@johnhooks said:

an EMR and a forum site are not comparable at all.

But Spotify is what you are basing things on?

But an API is an API. If you use Ruby on Rails (purely an example) to build an EMR, you'd get, by default, the same API standard.

There is a reason why APIs have standardization, to make them as easy as possible to consume. EMR has no reason not to leverage the same API standard.

scottalanmiller

@johnhooks said:

Second you are assuming that the APIs are going to present the information in a readable way which is a known false.

Not really, the API presents it in the "presented form." Whatever that is. No response is guaranteed to provide a good output, but the API responds with a response that is the vendor's representation of the data. If it is not readable, too bad, you don't have data. But it is what the EMR is giving you. If you use ODBC, you are not using the EMR but bypassing it. Totally different thing.

scottalanmiller

Your argument about bad API output is the assumption that the application might not work. Okay, but if the EMR isn't working, isn't all of this moot?

scottalanmiller

All of this is moot anyway, no EMR vendor is going to consider providing access directly to their raw data. Never going to happen. Ever. So completely out of the question there really isn't a point in discussing it outside of a theoretical "wouldn't it be nice?" Getting API access might be unlikely, but it is a distinct possibility and a feature that better vendors would want to provide as a feature.

scottalanmiller

Even simple database information, like record number, are not artefacts that any vendor wants to expose to clients. You don't want a doctor knowing that he has just entered "record #150." Or at least you don't want him thinking that.

Jason

@scottalanmiller said:

All of this is moot anyway, no EMR vendor is going to consider providing access directly to their raw data. Never going to happen. Ever. So completely out of the question there really isn't a point in discussing it outside of a theoretical "wouldn't it be nice?" Getting API access might be unlikely, but it is a distinct possibility and a feature that better vendors would want to provide as a feature.

Even on site a lot of programs shouldn't give direct access. Wouldn't that be a violation access controls and audit. We have many programs which install the DB and we never get the encrypted SQL passwords for them.

scottalanmiller

As an example, as someone who has led development teams and worked with clients, I've seen clients attempt to do things exactly like you are doing, trying to use raw database data without going through the proper API and getting lots of bad data because they misunderstood the data representation in the database. They weren't even given raw access, but seeing one ID field was enough to confuse them and have them think that they were able to produce data that they were not and they ended up with a lot of data integrity problems because of it.

And if you had been a developer on our side, the database was super obvious and simple (still is.) But as an end user not understanding the design or design considerations or other users of the system and so forth, the data looked like it might say things that it did not. The application did not try to interpret those artefacts, but end users without database documentation were quick to attempt to do so.

stacksofplates

@scottalanmiller said:

@johnhooks said:

@scottalanmiller said:

@johnhooks said:

@scottalanmiller said:

@johnhooks said:

At least the data has to have some kind of structure.

Here is the rub. This is not only not necessarily true, it's not even likely to be true.

If it's a relational database it has to. Like I said, you can't break the first normal form with a relational database.

Sure can, and some relational databases don't even support enforcing it. And there is no reason to even think it is likely to be relational. That's rather unlikely for such a modern app doing what it does. Why is relational even being brought up outside of a "well, I suppose it might be relational."

Explain how it's possible? How can you have a tuple that doesn't have all of the attributes? That's impossible.

Lots of databases and applications happily do not enforce no-null. So many that it is normally assumed. Nulls are very common. No matter how bad of a form it is, it is the most common way to set up a tuple.

I don't know what you're saying here. It's either null or it's not. Null has no data, not null is data.

scottalanmiller

@Jason said:

@scottalanmiller said:

All of this is moot anyway, no EMR vendor is going to consider providing access directly to their raw data. Never going to happen. Ever. So completely out of the question there really isn't a point in discussing it outside of a theoretical "wouldn't it be nice?" Getting API access might be unlikely, but it is a distinct possibility and a feature that better vendors would want to provide as a feature.

Even on site a lot of programs shouldn't give direct access. Wouldn't that be a violation access controls and audit. We have many programs which install the DB and we never get the encrypted SQL passwords for them.

You could make those things secure from an access perspective, but it would be a pain. It would mean maintaining two sets of access controls and needing to protect the data in ways that may not have been planned for or foreseen or, at least, having to go through extra work to secure them properly and think through more scenarios. It's a large attack surface and more complexity to deal with.

The bigger concerns are typically around performance. Letting people write their own queries means you cannot enforce optimization - the tools that you use to make your main application fast and efficient and the full time database people or ORM tools are not in use and there is a possibility of tons of complex, expensive queries hitting the database. Sure you could limit access times but.. more complexity and people management to deal with.

There are really special cases where things like data analysts have full access and a reason to do things so complex that they need the ability to query directly - but typically they are also given their own databases as well and not part of the normal data pool because of it.