NCCR – Ventilation

This is the first of a series of posts on the National Continued Competency Requirements (NCCR), each covering a core competency for prehospital providers.

Minute Ventilation

Ventilation with a BVM is arguably one of the most important skills of any prehospital provider. In cases where the patient is not apneic, it is critical that the provider is able to identify when ventilation is appropriate. In EMT class, students are often given the guideline that a respiratory rate less than 8 or greater than 24 requires assisted ventilations with a BVM. While this is perhaps a reasonable guideline, it is only a half-truth. Patients in even mild respiratory distress can have respiratory rates exceeding 24 breaths/min, but obviously do not require assisted ventilations, while a patient with a respiratory rate of 10 breaths/min may require assistance with a BVM. The decision to ventilate a patient should be based on the adequacy of breathing, not the respiratory rate alone.

The key to determining if breathing is adequate or not is the patient’s minute ventilation (MV), or minute volume of respiration, which is their tidal volume (Vt) multiplied by their respiratory rate (or frequency), f.

MV = Vt * f

The average tidal volume, or volume per breath, in a healthy adult is around 500mL, which is the size of a 16.9 oz bottle of water[i]. (This may also be estimated as 4-8 mL per kilogram of body mass). Using the formula above, we can determine the average minute volume to be somewhere between 6,000mL (12 breaths/min) and 9,000mL (18 breaths/min). In other words, a healthy, average-sized adult breathes at a rate of 6-9 liters per minute.

If you’ve ever wondered what constitutes “high flow” vs. “low flow” oxygen, this is it. High flow oxygen refers to administering oxygen at a flow rate greater than the patient’s own rate, while low flow is the opposite. For a 70 kg adult with a respiratory rate of 12 breaths/min, 8 liters per minute might just count as “high flow” oxygen. So why do EMT instructors make their students repeat “high flow oxygen at 15 L/min via NRB” ad nauseam?

Consider the average 70 kg adult with a textbook tidal volume of 500mL and a respiratory rate of 18 breaths/min. Their minute volume is (500 * 18 = 9,000 mL/min = 9 L/min). If their respiratory rate increases to 24 breaths/min, their minute volume is now 12,000 mL/min, or 12 L/min. At 30 breaths/min, which is not uncommon, this becomes 15,000 mL/min, or 15 L/min. Administering oxygen at a rate of 15 L/min ensures that they are getting 100% oxygen with each breath. On the other hand, if her breathing becomes shallower as the rate increases, this can cause a plateauing of minute volume (250 mL/breath x 30 breaths/min = 7.5 L/min).

Therefore, a determination of whether or not a patient’s breathing is adequate must be made based on an assessment of both tidal volume and respiratory rate. Assisting ventilations is required any time the patient’s own ventilations are insufficient, which can be due to an inadequate tidal volume, an inadequate rate, or both. If the patient is determined to be breathing adequately, positive pressure ventilation is not required, but you should continue to determine if other interventions are appropriate.

Alveolar Ventilation

A naive interpretation of the relationship between tidal volume and respiratory rate might suggest that there are an infinite number of combinations that result in the same minute volume. While mathematically correct, this interpretation ignores the presence of anatomic dead space that is present in the airways. Anatomic dead space refers to the parts of the airway that cannot exchange gasses.  Since gas exchange occurs in the alveoli, the anatomic dead space is the volume of the conducting airways (nose and mouth down to the terminal bronchioles). This dead space is around 150 mL on average (West, 1962) but can be larger due to devices like advanced airway adjuncts and SCUBA gear, which physically extend the airway.

Everything except the alveoli is considered dead space.

When dead space is accounted for in the minute ventilation, we can determine the amount of air that moves through the alveoli each minute. This is called the alveolar ventilation (Va) and is calculated by subtracting the dead space from the tidal volume, then multiplying by respiratory rate (Levitzky, 2013).

Va = (Vt – Vd) * f

This metric is more relevant to our assessment than minute volume, as it reflects the actual amount of air available for gas exchange. As tidal volume decreases, an increase in rate alone will not be sufficient; these patients require supplemental volume. Consider our prototype adult (70 kg, Vt = 500mL, f=16) whose tidal volume starts to fall. Initially, her alveolar ventilation is 5.6 L/min. When the tidal volume is cut in half (250mL), the alveolar ventilation falls to below a third of what it was originally.

Normal: (500 mL/breath – 150 mL/breath) * 16 breaths/min = 5.6 L/min

Hypoventilation: (250 mL/breath – 150 mL/breath) * 16 breaths/min = 1.6 L/min

Increasing her respirations to around 22 breaths/min would maintain her minute volume, but her alveolar ventilation would only rise to 2.2 L/min. To return to her initial Va of 5.6 L/min, this patient would have to breathe at around 100 breaths/min. This is obviously problematic. Instead, increasing the depth of ventilation, either with a BVM or through increased work of breathing, is a better way to increase overall ventilation. If your patient has an excessively high respiratory rate (> 30), intervention is necessary to prevent deterioration in their condition.

As you can see, management of a patient’s ventilations requires careful attention to both rate and depth of ventilation. Assisting ventilations should generally be done at a rate of 10-12 breaths/min (one breath every 5-6 seconds), while delivering enough air to see the chest rise and fall (Weiss, 2008).

Ventilation-Perfusion Ratio

Effective gas exchange requires ventilation and perfusion.
Effective gas exchange requires ventilation and perfusion.

When discussing alveolar gas exchange, alveolar ventilation (Va) is only one half of the picture. The other half comes from alveolar perfusion, which provides the red blood cells that transport oxygen and carbon dioxide throughout the rest of the body. When alveoli are not perfused, perhaps due to a blockage in the pulmonary vasculature (i.e., pulmonary embolism), this creates alveolar dead space. You may also hear the term physiologic dead space, which refers to the sum of anatomic and alveolar dead spaces. Since this post focuses on ventilation, I’ll assume alveolar perfusion is within normal limits here, and cover V/Q ratios in a separate post.

Effects of Ventilation on Cardiac Output

Exceeding these parameters can result in a decreased cardiac output, which is obviously undesirable. As a refresher, cardiac output is comparable to minute ventilation, as it is a function of heart rate and stroke volume. Stroke volume, of course, is the amount of blood ejected from the left ventricle with each contraction. As you inhale, your diaphragm contracts and accessory muscles lift the chest wall up and out, causing a larger cavity. In turn, this creates negative pressure that draws air into the lungs and allows venous blood to return to the right side of the heart.

Positive pressure ventilation (PPV), as the name implies, relies on positive pressure to force air into the chest cavity. In this instance, there is little or no cooperation from the diaphragm and accessory muscles, resulting in air being forced into a fixed-size cavity. (While the chest wall certainly expands to accommodate this increased volume of air, it is doing so reluctantly.) This positive pressure also obstructs the venous return to the heart, and decreases cardiac output.

Respiratory Failure

Respiratory conditions, like many other conditions, can be described in a spectrum ranging from mild distress to respiratory failure. Likewise, episodes can be acute, chronic, or chronic with acute exacerbation. While many of our respiratory patients require only comfort care, it is important to closely monitor your patient for signs of impending respiratory failure. Respiratory failure is characterized by inadequate oxygenation or inadequate alveolar ventilation. The hallmark sign of respiratory failure is deterioration in mental status. This is often accompanied by, or preceded by, a decrease in SpO2, cyanosis, accessory muscle use, grunting, and nasal flaring. Respiratory failure can be further classified by whether or not hypercapnia (elevated levels of carbon dioxide) is present. These patients are severely ill and will likely die without intervention. Once a patient is in respiratory failure, assisting ventilations with a BVM is the best treatment option. Again, this should be done at a rate of 10-12 per minute.

Bag-Mask Ventilation

Using a BVM is simple enough in theory, but numerous studies have shown that we’re just not that good at it. In fact, the AHA recommends against using a BVM in cardiac arrest when there is only one rescuer (mouth-to-mask is better). BVM ventilation is most effective when two trained rescuers are available: one to maintain the airway and mask seal and a second provider to ventilate the patient.

Since cardiac output is reduced during CPR (around 25-33% of normal), gas exchange is also reduced. Therefore, the AHA recommends tidal volumes of 500-600 mL (6-7 mL/kg), which is enough to produce visible chest rise. Be sure to avoid overzealous ventilation, as it can lead to gastric inflation as well as a reduction in cardiac output (Link MS, 2015).

Continuous Positive Airway Pressure (CPAP)

Patients in impending respiratory failure – exhibiting signs of inadequate oxygenation, but not a change in mental status – can sometimes be managed successfully with Continuous Positive Airway Pressure (CPAP). As the name implies, CPAP works to keep the airways open with positive pressure. (It also increases the A-a gradient, which I’ll cover in the post about ventilation-perfusion ratios.) This is primarily a problem during exhalation in which the small, flexible bronchioles are squeezed shut by the positive intrathoracic pressure surrounding them. By supporting these narrow airways and increasing the A-a gradient, oxygenation is improved and carbon dioxide can exit the body more easily.

The primary advantage of CPAP is mitigating respiratory failure and avoiding unnecessary intubation. Since CPAP does not ventilate the patient, the patient must be alert, able to obey commands, and have a respiratory rate greater than 8 breaths/min. As discussed above, positive airway pressure can impede cardiac function, so CPAP is contraindicated in hypotensive (SBP < 90 mmHg) patients or those with a suspected or known pneumothorax.

Summary

Recognition of respiratory failure is critical for any level of prehospital provider. As the patient begins to experience signs of inadequate oxygenation – cyanosis, decreased SpO2, and accessory muscle use, etc. – the provider should consider interventions to increase alveolar ventilation. CPAP and assisting ventilations with a BVM are basic interventions available to most prehospital providers. CPAP is indicated when the patient is inadequately oxygenated (SpO2 < 90% despite high-flow oxygen), but not yet in respiratory failure. Once the patient’s mental status or respiratory effort begins to deteriorate, immediate ventilation with a BVM is indicated. Ventilation should be performed at a rate of 10-12 breaths/min in most cases. Whenever possible, ventilation should be performed with a basic airway adjunct in place (OPA or NPA).

 

 

 

Bibliography

Levitzky, M. (2013, Jul 15). Alveolar Ventilation. Retrieved Oct 20, 2016, from LSUHSC School of Medicine – Dept. of Physiology: https://www.medschool.lsuhsc.edu/physiology/courses_respiratory_mgl2.aspx

Office of Academic Computing. (1995). Dead Space. Retrieved 10 18, 2016, from Johns Hopkins University School of Medicine: http://oac.med.jhmi.edu/res_phys/Encyclopedia/DeadSpace/DeadSpace.HTML

Weiss, A. L. (2008). Focus On – Bag-Valve Mask Ventilation. ACEP News.

West, J. (1962, Nov). Regional differences in gas exchange in the lung of erect man. Journal of Applied Physiology, 17(6), pp. 893-898.

Link MS, Berkow LC, Kudenchuk PJ, Halperin HR, Hess EP, Moitra VK, Neumar RW, O’Neil BJ, Paxton JH, Silvers SM, White RD, Yannopoulos D, Donnino MW. Part 7: adult advanced cardiovascular life support: 2015 American Heart Association guidelines update for cardiopulmonary resuscitation and emergency cardiovascular care. Circulation. 2015;132:S444–S464.

 

NCCR – Ventilation

Unblocking your IP address in the WordPress All-In-One Security plugin.

Recently, I locked myself out of a WordPress site that used the All-In-One Security plugin to prevent logins from blocked IP addresses. After running some tests, the plugin did its job and blocked the IP range, preventing me from logging in to the admin. This problem presents as being unable to login with credentials you know to be valid and no error message on the login page. This can also be due to session issues, or disabling login error messages altogether.

To verify that the security plugin is the problem, you should check out the security log. From the repository root, the file can be found at all-in-one-wp-security/logs/wp-security-log.txt. In the more likely event that you installed the plugin via WordPress, look for wp-content/plugins/all-in-one-wp-security/logs/wp-security-log.txt.

Unblocking Your IP Range

You’ll need command line access, or the ability to run SQL commands. Any of the following should work:

  • PHPMyAdmin
  • MySQL CLI
  • Ability to upload and run PHP scripts.

MySQL CLI

Log in as an admin, or with your WordPress database credentials. Select the appropriate database, and find your IP address with a site like icanhazip.com.

First, check that the table exists. If you use table prefixes, be sure to modify the table name in these examples to match your table name.

SHOW TABLES LIKE '%login_lockdown%';

If you see a table name, you’re in good shape. If not, you’re probably in the wrong database, not using the same plugin, etc. In the next step, verify that your IP address range is blocked. Use the % character to do wildcard searches, since it can block an entire range.

SELECT * FROM aiowps_login_lockdown WHERE failed_login_ip LIKE "123.45.67.%";

If results are returned, look at the rows and see which usernames/times are safe to unblock. If all the rows are safe to unblock, the following command will delete everything you just selected.

DELETE FROM aiowps_login_lockdown WHERE failed_login_ip LIKE '123.45.67.%';

To delete specific entries, use the ID column to specify which rows to delete:

DELETE FROM aiowps_login_lockdown WHERE id IN (324, 325, 326);

You should now be able to log in!

PHPMyAdmin

The PHPMyAdmin method is similar to what’s listed above:

  1. Find the appropriate database
  2. Locate the login_lockdown table
  3. Find any records that are blocking your IP range
  4. Delete them

 

Unblocking your IP address in the WordPress All-In-One Security plugin.

Find Your MySQL Username/Password in WordPress

If you need to manually manage your MySQL database associated with a WordPress installation, you’ll need to get the proper credentials first. Database connection information usually consists of:

  • Username (DB_USER)
  • Password (DB_PASSWORD)
  • Database name (DB_NAME)
  • Database host (DB_HOST)
  • Database port (WordPress assumes MySQL’s default port of 3306)

This information can be found in your wp-config.php. To show all lines of wp-config.php that have “DB_” in them, run the following command from the terminal:

grep -r 'DB_' wp-config.php
define('DB_NAME', 'wordpress');
define('DB_USER', 'username');
define('DB_PASSWORD', '********');
define('DB_HOST', 'localhost');
define('DB_CHARSET', 'utf8');
define('DB_COLLATE', '');

This information can now be used to log in to MySQL’s command-line interface:

mysql -u username -p

Leaving the “-p” parameter empty will trigger MySQL to prompt you for a password. On a *NIX server, it will look like you’re not typing anything — this is by design. While you may specify the password in the same line, this can leave your plaintext password in your command history, which is easily readable. If you want to use this format anyway (i.e., in a script), note that you cannot put a space between the “-p” flag and your password:

mysql -u username -ppassword

Once you’ve logged in, you can view available databases with the show databases; command. To use your wordpress database, take the value from DB_NAME (above) and use the use command: use wordpress;. To see available tables in the selected database, run show tables;.

Find Your MySQL Username/Password in WordPress

Enable Scrolling on Logitech TrackMan Marble Mouse (Linux Mint 17)

The TrackMan mouse has four (physical) buttons which include a large left and right button (1, 3), that serve as the primary mouse buttons, and two smaller left and right buttons (8, 9) that trigger your browser’s “back” and “forward” buttons. To replace this action with “Ctrl+Click” to scroll, insert the following lines in your ~/.bashrc (or anywhere else that can call some commands):

xinput set-button-map "Logitech USB Trackball" 1 2 3 4 5 6 7 8 9
xinput set-int-prop "Logitech USB Trackball" "Evdev Wheel Emulation Button" 8 8
xinput set-int-prop "Logitech USB Trackball" "Evdev Wheel Emulation" 8 1
xinput set-int-prop "Logitech USB Trackball" "Evdev Wheel Emulation Axes" 8 6 7 4 5
xinput set-int-prop "Logitech USB Trackball" "Evdev Wheel Emulation X Axis" 8 6
xinput set-int-prop "Logitech USB Trackball" "Evdev Drag Lock Buttons" 8 9

Then, run “source ~/.bashrc”, and you should be able to scroll by pressing the small left button and moving the trackball.

Enable Scrolling on Logitech TrackMan Marble Mouse (Linux Mint 17)

A look at RedStar OS 3.0 – North Korea’s Operating System

I recently stumbled upon a copy of RedStar OS, which appears to be a RHEL-based server distribution developed by North Korea. Version 2.5 was initially purchased and reviewed by a Russian student studying abroad, and a user by the name of slipstream uploaded version 3.0 (server) to TPB in mid-2014.

Several reports portray it as a tool to monitor web usage by the regime, and while I don’t doubt that, it seems unnecessary to repackage an operating system to do so. It seems more likely that it’s a symbol of sovereignty and independence from Windows (made in USA). Since North Korea’s internet is a giant class A network (10.76.1.0/22), any reporting software would likely try to report to an otherwise “internal” network. For example, the browser packaged with the OS has its homepage set to 10.76.1.11. A quick Wireshark analysis didn’t reveal anything immediately suspicious, but I’ve yet to dig into that fully.

On the surface, it’s a pretty hollow clone of RHEL using KDE desktop. The directory structure is a cross between OSX and *nix, as is the overall feel of the desktop environment. Applications

It comes with a couple of standard applications – a calculator, notepad, contact book, etc., as well as QuickTime and Naenera Browser (a Firefox clone). As Naenera (“my country”) is also the name of the official web portal, and that most citizens can’t access the “international internet”, the two might as well be synonymous.

You can see the public-facing Naenera at http://www.naenara.com.kp/en/, but be aware that they’ve been known to inject malware on some of their public-facing sites.

naenera

It’s also interesting to note there’s a CHM (compiled HTML) viewer. This is typically used for software documentation, and very well may be the case here. I’d be interested to see if this is utilized for something akin to Cuba’s Paquetes, downloading parts of the Kwangmyong, or something altogether different. (There is an empty “Sites” folder in the user’s home directory)

chm-viewr

There’s an OpenOffice clone, called Sogwang Office.

Sogwang Office Screenshot

It also has this music composition program, UnBangUI:

unbangui

The mail program doesn’t have any clear way to add an email account, but does prevent you from checking mail until you’ve added one.

email

The software center only allows importing from /media. There is a repository of extra applications that’s offered on a second CD (the Russian site says the extra CD costs about twice what the original OS costs), and I haven’t started to dig through that yet.

software-manager

In the “System Update” area, the Settings dialog shows a location for a URL and proxy, but I’m not sure it’s usable.

swmanager

Getting Root

Interestingly, the user isn’t added to sudoers and the root account is disabled. Fortunately, this is trivial to bypass, since someone “overlooked” the permissions in /etc/udev/rules.d. If you’re looking for a terminal shortcut, you won’t find it – you’ll have to press Alt+F2, then run konsole to get a shell.

That's convenient!
How convenient!

Once you’ve done that, fire up vi and create /tmp/freedom, or whatever you’d like to call it.

freedom

 

Now, open up that file in /etc/udev/rules.d and call /tmp/freedom via a RUN expression:

Don't forget to "chmod +x /tmp/freedom"
Don’t forget to “chmod +x /tmp/freedom”!

Now that that’s taken care of, you’ll need to refresh the udev rules. In VirtualBox, this worked simply by taking a snapshot, but you might have to reboot.

Enabling English on RedStar OS

Once you’re back up and running, you’ll likely want to enable a language other than Korean. While some reports state that Korean is the only language on the system, this isn’t true. It’s just that Korean is selected by default. Now that you have sudo superpowers, this can be done easily with sed: (obviously,for a language other than US English, use the appropriate locale code)

sed -i 's/ko_KP/en_US/g' /etc/sysconfig/i18n

sed -i 's/ko_KP/en_US/g' /usr/share/config/kdeglobals

Log out, and you should see the login screen in English:

afterlang

That’s it! You should now be able to browse around the OS relatively easily. I’ll post some interesting findings later, once I’ve had an opportunity to dig through it more.

 

A look at RedStar OS 3.0 – North Korea’s Operating System

Puppet: Error 400 on SERVER: undefined method `empty?’ for nil:NilClass

I received this error after making some changes to a Hiera config and the referenced “dev-server” role.

Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Error from DataBinding 'hiera' while looking up 'role::dev-server::use_ssl': undefined method `empty?' for nil:NilClass on node servername.local

Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run

It turns out this is a vague syntax error. Checking the following has worked for me:

  • Ensuring the syntax of your Hiera YAML or JSON file is correct. Check for trailing commas in JSON, or misplaced colons. (“foo:bar”, “foo::bar:”, “foo:::bar”, etc.)
  • The variable name is unique. In one case, “dev-server::use_ssl” was configuring a child resource with the same “use_ssl” property/param/variable.
  • There are no empty YAML or JSON files in your hieradata directory. I think I’ve had a similar issue with temp files (*~)
  • If you’ve modified your hiera.yaml to add a new hierarchy or something, restart Puppet.
Puppet: Error 400 on SERVER: undefined method `empty?’ for nil:NilClass

CryptoPHP – A WordPress backdoor in social.png

Summary

This is a series of posts on CryptoPHP, a PHP backdoor used for spamming and blackhat SEO. It seems to come bundled with certain copies of WordPress themes from unofficial sites and resides in a file named “social.png”. It comes installed with a list of email addresses and domains to contact and communicates with a C2 server using cURL and OpenSSL for encryption. Its main purpose appears to be to facilitate the display of links and other content, sent from the C2 server. When the script determines that a web crawler (e.g., GoogleBot), and not a real user, is viewing the site, it injects links to third-party sites in hopes of being indexed.

Symptoms

CryptoPHP communicates with external servers, requiring multiple external requests. You may see the following symptoms:

  • WordPress is slow to load, especially during the first pageview
  • Error messages in your server log, possibly due to failed requests.
  • Error messages from IDS/IPS or other security software (e.g., Suhosin) indicating that someone is making calls to exec and eval.

Discovery

A few days ago, I noticed that a WordPress installation was running extremely slowly. After enabling xhprof and profiling the index page, I noticed that a single method (RoQfzgyhgTpMgdUIktgNdYvKE) was taking around 160 seconds to run. The method name (others in the stack were similarly named) and the 23 calls to curl_exec came off as immediately suspicious. I used grep to search for the file and found it under the themes folder as images/social.png.

This file was included at the bottom of a theme file, causing it to be executed on each page load.

<?php include_once(‘images/social.png’); ?>

Opening social.png in a text editor reveals obfuscated and minified code. While it looks like a mess, it’s simply renamed variables and functions with whitespace removed, and can be undone rather easily with the “Find/Replace All” feature of your favorite text editor.

Obfuscated CryptoPHP

 

How to Remove CryptoPHP or social.png

In the limited tests that I’ve done, the offending file – social.png – is the only file that is malicious. It seems to be added to the images/ directory in themes downloaded from unofficial sources. Another line in the main theme files (index.php, header.php or footer.php) includes the file.

While nothing in the file itself indicates that personal or sensitive data is being transmitted back to the server, the file allows its controllers to send commands to it. These commands are then executed by the eval and exec commands in PHP. It is theoretically possible for content, account information, etc. to be transmitted back to the controlling server.

Since the WordPress instance I was using was running on localhost, it would have been unreachable by the controlling servers. It could still phone home and download commands, but could not be controlled directly.  However, due to the possibility of sensitive data being stolen, and the evidence of storing information in the database, I’d recommend a complete re-install of WordPress and changing your admin password(s).

Coming Soon

  • Encryption methods (including a script to decrypt database contents)
  • Detailed/technical review
CryptoPHP – A WordPress backdoor in social.png

What is Google foo.bar?

A week or two ago, the following popped up on my screen during a search for a Python-related topic:

You're speaking our language. Up for a challenge?

I had seen this before after our CTO got the same mysterious message a few months ago. We initially thought it was another one of Google’s Easter eggs, but a quick search revealed that everyone from HN and Reddit to Business Insider seems to think it’s a recruiting move by the search giant. (A similar program was rumored to be a search for cryptoanalyists, but turned out to be related to The Imitation Game, so who knows?)

The first time around, we discovered that replicating the query doesn’t necessarily trigger an invite, and visiting the URL without an invite doesn’t work. It was suggested that the invites are sent to a subset of users who have enabled search history. When I got the invite a week or two ago, I registered and then hit the “Back” button. The query string was preserved, so we tried an experiment: Is the invite based on a tagged query string, or the result of some back-end processing? After sending the URL to a couple of coworkers who had not received an invite after searching the same query, they tried accessing the URL directly. We learned two things:

  1. Both of them subsequently received an invite.
  2. One of them hit “refresh” as the animation began to show the box, and no invite was shown upon refresh. Opening the link in an Incognito window gave him a second chance.

The most likely scenario is that certain queries redirect to the results page with a query string, which triggers the message. Since neither of the other developers write lots of Python, but still got an invite after visiting the link, it’s likely that Google doesn’t validate invitee status. I doubt this is a simple oversight, and more likely indicates one of two things:

  1. Invitees are not on some sort of pre-selected list; and/or
  2. Google isn’t worried about additional invitees.

The latter was proven when the program displayed a “refer a friend” link. Assuming the recruitment theory is correct, it’s likely that Google is operating under the assumption that high-quality developers will refer other high-quality developers. I don’t know for sure, but this is probably a valid assumption.

To clarify some of the speculation, I was asked if I’d like a Google recruiter to contact me after completing the first six challenges.

Well, there goes that theory.

Others have asked Google directly about the program, and received a Python snippet that prints “glhf” in response – essentially “no comment”.

A Quick Tour

The pseudo-terminal responds to *nix commands like ls, cat and less and features its own editor. Listing the directory shows a textfile

Contents of start_here.txt
Contents of start_here.txt

The help menu offers several possible commands:

help

The levels consist of at least 5! challenges, split into 5 levels where each level n has challenges. Challenges fall into one of five categories, or tags.
Google Foobar Tags

Unfortunately, there has only been one crypto challenge available so far, and I haven’t been able to score a low_level challenge.  Most of the challenges I’ve completed so far involve one-off applications of computer science problems – like whiteboard interview questions with a twist. Additionally, there are constraints on execution time and memory use, which prevent some naive implementations from passing the test cases. This speaks to the needs of a company like Google who requires, or at least desires, efficient implementations rather than generic Algorithms 101 approaches.

I’ll be posting my solutions to GitHub shortly, along with some explanations here.

What is Google foo.bar?

Pennsylvania Adopts Critical Care Transport Scope

Today, Pennsylvania announced the scope of practice and medication list for Critical Care Emergency Medical Service Providers. Unfortunately, all of the skills and medications listed apply to interfacility transports and/or must be performed in the physical presence of a PHRN/PHPE/PHP.

Critical Care Scope of Practice

Category Skill Critical Care Transport Provider (Paramedic, PHRN, PHPE or PHP)
8 Airway/ventilation/oxygenation Chest tube thoracostomy, monitoring of existing tube in a closed system (for example water seal or suction) Yes1
9 Airway/ventilation/oxygenation Chest tube thoracostomy, acute insertion Yes2
12 Airway/ventilation/oxygenation Biphasic positive airway pressure (BiPAP) for patients acutely on BiPAP for <48 hours Yes1
24 Airway/ventilation/oxygenation Endotracheal Intubation—paralytic assisted, rapid sequence induction (RSI) Yes2
25 Airway/ventilation/oxygenation Ventilation—Maintenance of previously initiated neuromuscular blockade Yes1
28 Airway/ventilation/oxygenation Laryngeal mask airway (LMA) Yes1
49 Airway/ventilation/oxygenation Ventilators, transport—single or multi-modal, with or without blender, using volume control mode only, on patients >1 year of age with no anticipated need to actively titrate ventilator settings during transport. Yes1
64 Cardiovascular/circulation Transvenous or Epicardial pacing, Management of Yes2
66 Cardiovascular/circulation Hemodynamic monitoring/assist (pulmonary artery catheter, central venous pressure) Yes2
67 Cardiovascular/circulation Intra-aortic balloon pump or invasive cardiac assist device or extracorporeal membrane oxygenation—monitoring/assist Yes2
69 Cardiovascular/circulation Thrombolytic therapy—initiation Yes2
70 Cardiovascular/circulation Thrombolytic therapy—monitoring Yes2
77 IV Initiation/maintenance/fluids Sub-cutaneous indwelling catheters—access of existing catheters Yes1
79 IV Initiation/maintenance/fluids Venous central line (blood sampling)—obtaining Yes1
81 IV Initiation/maintenance/fluids Arterial line—monitoring Yes1
82 IV Initiation/maintenance/fluids Blood products—initiation and continued administration Yes2
94 Medication administration routes Enteral Feeding Devices, Management of Yes1
103 Medications Medications for Critical Care Transport Providers as published in Pennsylvania Bulletin by the Department Yes1
105 Medications Over-the-counter (OTC) medications (Note: aspirin and glucose covered elsewhere) Yes1
112 Patient Assessment/management Portable blood analysis devices, use of (glucometer covered elsewhere) Yes1
121 Patient Assessment/management Intracranial pressure monitoring/assist Yes2
126 Patient Assessment/management Urinary catheterization Yes1

Yes—The skill is in the scope of practice for paramedics, PHRNs, PHPEs and PHPs who are authorized to function for an EMS agency that has been licensed as a CCT ambulance service. (Emphasis added)

1. Paramedics, PHRNs, PHPEs and PHPs who are authorized to function for an EMS agency that has been licensed as a CCT ambulance service may only perform or assist with these skills during interfacility transport with a CCT ambulance. (Emphasis added)

2. Paramedics who are authorized to function for an EMS agency that has been licensed as a CCT ambulance service may assist a PHRN, PHPE or PHP with this skill only during interfacility transport with a CCT ambulance and when in the direct physical presence of, and supervised by, the higher level provider. (Emphasis added)

 

Critical Care Medication List

  1. Abciximab2
  2. Albumin1,2
  3. Anti-Coagulants/Anti-Platelets: All Types (Not otherwise specified)1,2
  4. Anti-Emetics: All Types (Not otherwise specified)1.2
  5. Anti-Hypertensives: All Types (Not otherwise specified)2
  6. Antivenom1,2
  7. Atenolol1,2
  8. Barbiturates2
  9. Bivalirudin2
  10. Blood Products2
  11. Clopidogrel2
  12. Dextran1,2
  13. Digoxin2
  14. Dilaudid2
  15. Eptifibatide2
  16. Esmolol2
  17. Fibrinolytics/Thrombolytics: All Types2
  18. Glucocorticoids/Mineralcorticoids1,2
  19. Heparin2
  20. Hespan1,2
  21. Hydralazine1,2
  22. Hydroxocobalamin1,2
  23. Insulin2
  24. Ketamine1,2
  25. Ketorolac1,2
  26. Labetolol1,2
  27. Mannitol2
  28. Metaproterenol1,2
  29. Metoprolol1,2
  30. Milrinone1,2
  31. Non-Depolarizing Agents1,2
  32. Norepinephrine2
  33. Other Non-Benzodiazepine Anti-Convulsants2
  34. Phenylephrine2
  35. Phenytoin/Phosphenytoin1,2
  36. Plasmanate1,2
  37. Potassium Chloride2
  38. Propofol1,2
  39. Propranolol1,2
  40. Prostaglandins: All Types2
  41. Quinidine Sulfate/Gluconate2
  42. Romazicon2
  43. Succinylcholine2
  44. Theophylline1,2
  45. Tirofiban2
  46. Tocolytics: All Types (Not otherwise specified)2
  47. Total Parenteral Nutrition2

Footnotes:
1. Paramedics who are authorized to function for an EMS agency that has been licensed as a CCT ambulance service are restricted to the maintenance and monitoring of medication administration that is initiated at the sending medical facility. (Emphasis added)

2. Paramedics who are authorized to function for an EMS agency that has been licensed as a CCT ambulance service may only administer the medication in the direct physical presence of, and supervised by, a PHRN, PHPE or PHP. (Emphasis added)

 

Pennsylvania Adopts Critical Care Transport Scope