It's called undercover police work, and undercover police work is perfectly legal, including the commission of various non-violent crimes required to maintain their cover.
The cops weren't out there having TVs shipped to their houses and not documenting them so the victims wouldn't be reimbursed. They were hosting a forum, and made it look like other similar on-line criminal hangouts. When real criminals arrived, they maintained the forum long enough to accumulate enough evidence (IDs of suspects, records of criminal activity), then rolled them up.
Wrong, wrong, wrong. The parachute was first tested by its inventor because he wanted to use it. Montgolfier flew his own balloon. Did the Wright brothers hire a test pilot? And of the engineers at NASA who built the manned rockets, do you believe there wasn't a man or woman among them who wouldn't have jumped at the chance to fly in them?
(from memory) 1. A robot may not, through action or inaction, allow a human to come to harm. My phone lets me dial 911 even if the bill is unpaid. 2. A robot must do what a human commands, within the bounds of the first law. If I pay the bills, it makes calls, gives me data, etc. 3. A robot must preserve itself, within the bounds of the first two laws. Well, it shuts off apps as the low battery approaches, preserving the remaining power for potential emergency calls, or my explicit use.
What am I missing? Is there a right to free data plans? Unwalled gardens? Calling plans that don't defy rational explanation? They're not "laws".
Is this really a good move for Mozilla strategically?
Yes because the general public do value privacy, and being on the side of public opinion is priceless.
Actually, the general public puts a very low value on privacy. If you ask do you value your privacy?", they'll say "yes, of course." But if you ask them "do you want to save 5% by signing up for our club card?", they'll practically push each other out of the way to save $0.50.
Marketers today put the benefit on the billboard, but put the terms of consent to tracking in the fine print. It would be interesting to see what would happen if the marketing came with the same kinds of warnings and side effects we see on drug ads. My guess is it would have almost no impact on the number of people who sign up to save a dollar.
The way he was talking, he made it sound like the difference was that they'd all come in the same container, so they wouldn't have to ship a 7.1 version to a 7.1 theater and a 5.1 version to a 5.1 screen.
I wasn't quite sure why he kept thinking the container format was such a neat idea, when virtually every digital media format is a container that is capable of the same thing. Maybe this is a new concept for digital feeds to projection houses, though. Or maybe he thought his audience isn't aware that it's been a part of the MPEG streaming standard format for the last two decades?
No, they do have pretty good movies, but they fill the theaters with worse neighbors. In a theater, I have to sit next to people I would change seats on a bus to get away from. Seriously, you don't need a squalling 3-year-old in a stroller at an R movie, or to post the plot on Facebook as it unfolds, or to repeat the dialog to your buddy in the seat next to you.
Im sure that 62.2 is not saying there are 64 different channels but that they 64 different "driver cabinets" to ensure that a decent sound image is available to everybody in the room.
Then go watch the video in TFA. There are indeed 64 different channels. But the guy was talking about two different concepts. The first was they're treating sounds as objects, which makes me think the individual theater's system will be responsible for the custom mapping of object locations to that theater's particular speaker array. The other was that the movie would ship with a sound "container", which would contain not only the sound objects, but professional downmixes to 22.1, 11.1, 7.1, 5.1, 4.0 and 2.0 tracks for full backward compatibility with the less capable systems.
Anyway, I can't wait to hear the new version of the Dolby introduction. I just hope they'll be able to replace my shattered eyeglasses before the feature film starts.
And developing that something without harmful symptoms is so easy? I doubt it, otherwise I'd have heard of vaccines for AIDS and Ebola for quite a long ago.
Of course it's not easy, which is why they need this research to help understand the mutated forms of H5N1. And as you are no doubt aware, influenza is a lot simpler disease to deal with than HIV with its constant rounds of mutation, and Ebola which kills so quickly.
I'll stay with my opinion: better share all the info about the virus for increased chances somebody develop the vaccine quicker if/when needed and/or to know where to look if detecting a possible strain that mutated in the wild.
No argument from me there. We need this research to lessen the impact of the next round of pandemic flu.
And the capability to create has nothing to do with the capability to mass-produce. If that were true, you'd still be waiting for George Lucas to make you your very own VHS copy of Star Wars in his VCR. (Spoiler: by the time he gets around to recording yours, Chewbacca will have shot first!)
Haha... funny! Only serious: it's stupid for the context of mass producing vaccines! Until someone fully developed a vaccine, do you have any warranty that a good vaccine can be copied "VCR/CD/DVD/BlueRay like"? You sure that the mutated virus/protein/antibody for the vaccine can be grown as usual (egg-embryos or whatever) and still be effective? What if not and the mass-production doesn't scale that cheaply?
Yeah, it was a cheap joke. But it still is a valid point: the researcher who develops the vaccine doesn't necessarily have to be the same guy who figures out how to culture and incubate it for a mass production process. Different skill sets there.
In my opinion, anyone purposely working on a more dangerous version of a deadly flu for very close to no reason, they should be shut down immediately.
Well, it's a good thing they have a really good reason then. They want to prevent a pandemic flu.
A pandemic is caused by a novel influenza virus that we are not immune to, and can spread itself quickly from infected host to uninfected human via airborne droplets.
As you pointed out, viruses do not die. The host's autoimmune system either learns how to control the more lethal strains, or the host dies. And we've learned the host's autoimmune system can be trained by inoculating it with a strain of the virus that looks very similar to the lethal strain, yet does not contain the machinery that typically causes sickness or death. We call this process vaccination.
We know the influenza virus lives for a long while in a non-human animal population (pigs, birds, horses), slowly mutating away from something our human autoimmune systems used to be able to recognize into a new form of the disease. This is called drift. (Reassortment is another mutational path that leads to new forms of the virus.) Judging by the regularity with which we are afflicted by pandemic flu viruses, this seems to happen about every 20 years. As we approach that 20 year mark, the occasional cross-species infection will occur, as the virus hops into some unlucky human who was in direct contact with the infected host. At that time, it's evident that there's a new form of the disease to which we're no longer immune.
We also know that every so often natural mutations will confer the ability to become transmissible to humans via airborne droplets that are exhaled by a carrier. Once that happens, the virus is able to spread among humans very rapidly.
So there are two things nature needs to create a new strain of pandemic flu: novelty and transmissibility. Once we see the novel form, it's time to create a vaccine that hopefully will lessen its impact before the time it naturally becomes transmissible on its own.
But mutations are mutations. We don't know for certain that the mutant form that's transmissible is still similar enough to the novel form for our autoimmune systems to recognize them both (keep in mind that the non-lethal form cultured for the vaccine is already somewhat different from the lethal form.) So the researchers are trying to study the possible mutations so they can test and develop the vaccines before they're actually needed in the wild.
tl;dr - they need to do this research, or a lot of people will die.
The people doing this research are also capable of creating vaccines, etc.
[citation needed]. Would appreciate if you can find citations showing their capability to produce quantities large enough if needed in a pandemic.
Wonder-Twin powers - deactivate logic! Form of: internet argument!
As far as actual capabilities of the researchers go, the creation of a vaccine is accomplished by creating a mutated form of the virus that triggers an autoimmune response without causing the harmful symptoms. The science is exactly the same as creating any other mutated form, such as one that can be spread via mammalian respiration, a.k.a. the paper they authored.
And the capability to create has nothing to do with the capability to mass-produce. If that were true, you'd still be waiting for George Lucas to make you your very own VHS copy of Star Wars in his VCR. (Spoiler: by the time he gets around to recording yours, Chewbacca will have shot first!)
I didn't say this was an incentive for the manufacturers to open their source. (f they're basing it on an open source platform that's covered by GPL and not LGPL, they're bound to, but I don't think any medical device maker wants to take responsibility for all of Linux in their devices.) If open source were mandated, however, you still raise valid issues.
Regarding your points, #1 is true regardless of the source. In the case of open source, they would have more sources of input from external people who review their code, which means an initial run of bugs to fix, but after that there should be more stability. If this helps them make a safer device, the incentive comes in the form of fewer lawsuits due to these defects being found statically, rather than in a patient.
#2 is certainly a concern. I hate to suggest software patents ever, for anything, but this might be a case where you'd use one. If opening the source were mandated, both manufacturers' code would be exposed, so proof would be easier.
#3 This plays out both ways: "Go ahead, examine our software, take it to your cousin who knows computers, he can see that we have nothing to hide. The FDA, the FBI, and crack teams of penetration testing hackers have also been unable to find any flaws. But the guys over at Joe's Discount Insulin Pumps, well, they keep their source closed, and maybe for a reason. Do you really think they found all their bugs? ALL of them? What are they really hiding in there?"
There's a different outcome possible, too. What if the FDA mandated the software be separate from the hardware? "Use PloverCo's software, it's tested and FDA certified for use on any implantable pump conforming to the ABC-123 standard." Now every pump can be built to a standard interface and run a standard package, eliminating user and doctor confusion. ABC-123 would define the firmware that would load software, and both the manufacturers and FDA would have to sign the code before it would load it.
OK, so there's a third solution: Instead of just open or closed source, give the code signing key to an independent Medical Device Code Quality Board. They'd have to be licensed software engineers (meaning a licensing requirement would have to be defined.) Have them be bonded, so they risk losing their bond if they're caught leaking a copy of the software. They'd take on insurance in case they get sued if the software fails anyway. And they get paid well, of course. Then nobody, not even the device manufacturer, can install unsigned code without the board's signature on it.
Just think: it would be expensive, slow, bureaucratic, litigious, and probably completely ineffective at detecting problems. It sounds a perfect government solution!
I took a summer job in a metal shop, and learned a ton of suff I was never going to get from a formal education.
The real world is filled with messy, hard, interesting, demeaning, uncomfortable, fun, maddening jobs. You could learn how a mean boss makes you do shoddy work just to get out of his face; something that may be important to remember in the future. You will meet interesting and boring people. You will probably meet racists and homophobes and criminals. You may not appreciate or like them, but you might understand the world a little better.
You could learn the properties of A5 tool steel. You could learn how to mop a floor. You could learn how to use a micrometer, and statistical process control. You could learn how to drive a forklift. You could learn about hazardous chemical handling. You could learn the value of safety equipment.
And you'll get very little of that from behind a keyboard.
Allowing anyone to view the code means anyone can then modify it.
As the Mythbusters like to say, "Well, there's your problem!" Your entire argument is based on the extension of this premise to imply that you can then install this modified software on the medical device. But that's not a given at all. You can modify the downloaded copy of the code that you have squirreled away somewhere in/users/autocannon/src, but it doesn't mean you can modify the exact copy of the code that's running on the CPU in your insulin pump.
It may not even be physically possible. Consider that I can burn GPL (v2) code to an FPGA, then burn the fuse to prevent further modifications to the chip. As long as I distribute the source code with the device, I am free to sell the device, even though I've given you no end-user-accessible way of modifying it. Tivo used a variant of this idea, where they burned a digital signature verification process on their devices which then refused to permit unsigned updates to their code. Called "Tivoization", this practice led directly to the creation of the GPL V3.
Can you take a medical device apart and replace the ROM with your own modified code? Obviously it's technically possible, but if it's a medical device it will no longer be certified for medical use. No legitimate doctor would prescribe that modified device to a patient (outside of the device maker's controlled studies, of course.)
Good info, thanks. It raises a thousand more questions in my mind, though, about your quality processes. I would really like to know if your industry has specific mandated or regulated software quality standards you follow, like an ANSI or ISO standards? Or did your firm develop your quality processes entirely in house? Do you use Test Driven Development? Iterative methodologies, such as Agile? Or do you do big designs up front, and hold formal walkthroughs and reviews of those designs?
Do you have standard metrics for complexity? Do you have mandated automated unit test coverage of 100% of your code? Do you track defect rates over time? Do you maintain requirements traceability documentation? Do you have mandated code reviews, and if so, by whom? Do you use static code analysis tools, such as pmd, Klocwork, Coverity, lint, or the like? Do you have specific standards regarding exception handling? Dynamic memory allocation? Multi-threading?
I would love to know what measures you take when something as sensitive as a human life is at stake. The quality of my industry's software pales in comparison, as most of it just handles other people's money. It gets people all nervous, of course, and we take it seriously, but it won't actually kill someone if it crashes.
That's just what we need - medical devices and implants with NSA backdoors in them.
It's a matter of trust. I'd trust the NSA not to mess with my medical device far more than I'd trust a random device manufacturer to properly update a medical device over the internet. Only one of these organizations has a well deserved reputation for maintaining secrecy and security. Can the NSA sniff your internet traffic? Undoubtedly. But is someone at the NSA's Panopticon Central actually looking at your data? That's the key: you don't know for sure, and you will never know for sure. That speaks volumes for their security, and is a better reputation than these device manufacturers have.
Besides, the NSA has much less incentive to mess with your devices than other organizations, such as the FBI, FDA, police, TSA, etc. Just because one organization can doesn't mean the others get to.
He said "review" the software, not "replace" it. That confusion seems to lie at the heart (no pun intended) of all these discussions. There seems to be fear, whether intentionally spread by the manufacturers or not, that if the software was publicly viewable that it would immediately lead to people hacking the medical devices.
And in the short term that's likely to be a valid concern, because the software is so badly written* that an ordinary hacker armed with the source COULD physically attack a victim. That situation won't change until device makers start adopting best practices. (* This claim is backed by the existence of TFA: if the software was of better quality, it wouldn't be getting recalled so often.)
I have an idea. Long ago I heard that the NSA created chips for NASA specifically to protect communications to satellites, keeping mission critical aspects such as attitude control safely protected. Why doesn't the FDA ask the NSA to provide a similar set of chips for medical device makers? Not that the folks at the device labs are idiots, but they're certainly not security specialists. Even something as simple as providing a standard security mask for an FPGA would enable device makers to implement NSA-quality security, hardening their systems to the point where it would take an army of Ross Andersons led by a Bruce Schneier to break even one of them. If the hackers can't access the device because a protocol chip stops them, that problem would be solved.
By itself it won't fix the quality issues, but it would let us get to the point where hackers would be less of an impediment to reviewing and improving the devices.
I read the Hobbit to my son around first grade, and we read Lord of the Rings when he was about 7. This was ten years before the movies came out, and he was able to use his own imagination instead of seeing Peter Jackson's imagination at work. Highly recommended - he still has fond memories of our reading those books, and even said so this weekend.
If you read them over the course of a few weeks or so they are like any serial, where you learn to keep track of who is where and doing what, and enjoy the anticipation of finding out what comes next. I wouldn't assume they have to be short stories, they just have to hold his interest.
Since your grandfather's dexterity is compromised, how about an X-10 or Insteon home automation project so that he might control his home using an Android tablet or iPad?
Brilliant! There are many levels of home automation you could get into. Replacing switches and light fixtures with Insteon or Z-Wave devices would certainly be something he's qualified to do, or to help teach you to do properly. Designing various automation scenes is also something you could work on together: turn the lights on at 6:00 AM if it's still dark out, turn them off at sunrise or at 7:00 AM when it's time to leave, doorbell cameras and monitors, home security, heating control, basement water monitoring, TV remote controls, there are a thousand things to add on to such a system. And you can start fairly small, adding on only as needed or desired.
There's a fairly cheap home automation controller called Vera3 produced by Mi Casa Verde. It runs on an OpenWRT platform, and they welcome hobbyist contributions of new device controllers and other innovations. There is support for Android, iPhone, iPad, WAP, other portable clients, as well as a web interface that's well suited to set it all up. Custom device control can be written in Lua, enabling you to add just about any kind of functionality you can imagine.
Best of all is what you build together would benefit him immediately, and help even more in the future if his mobility is compromised by the progression of his disease.
Yes, data center cooling has been studied extensively. Consider a typical data center with 5,000 square feet of server space, and wired for 145 watt-hours/sq ft. That center is drawing about 3/4 megawatts per hour. You don't just "guess" when you already know you have to get rid of 2.5 million BTUs of waste heat. You have to carefully plan the thermal flow through the data center to ensure the whole building doesn't simply cook itself in its own waste. That means using a combination of ambient air, water chillers, swamp coolers, or whatever else it's going to take to pump away the heat.
One solution is to build your data centers in Canada, Greenland, Iceland, or Norway; somewhere north of 60 degrees. Seriously, there are very few months out of the year where the environment doesn't already cool them for free. It's not like the users have to be located in the data centers, just some operators, guards, and the occasional electrician. Some of that waste heat can be used to heat the living spaces of the nearby residents. By the same logic, building them in Florida, Arizona, or New Mexico is pretty much stupid, because you're going to double your expense getting rid of the heat.
iTunes Genius is exactly that service. It suggests music you may like based on profiling your listening habits. It gathers data about what you listen to, and uses your habits to suggest songs to other service users. And it's built in to every iPhone, iPod, and iPad they ship.
The most recent theory is the Natanz system was most likely infected on the non-Internet side of the facility by software planted an agent. The Internet cable was not plugged in until long after the damage was done.
There was no simple defense, no easy prevention when the attackers are the IDF and you've both announced "death to Israel" and are enriching uranium.
Slashdot Mirror
Then it is not illegal.
It's called undercover police work, and undercover police work is perfectly legal, including the commission of various non-violent crimes required to maintain their cover.
The cops weren't out there having TVs shipped to their houses and not documenting them so the victims wouldn't be reimbursed. They were hosting a forum, and made it look like other similar on-line criminal hangouts. When real criminals arrived, they maintained the forum long enough to accumulate enough evidence (IDs of suspects, records of criminal activity), then rolled them up.
They did their jobs, successfully.
... think about it. That alone would kill me.
No more first posts! That DQ's just about everyone on /.
Wrong, wrong, wrong. The parachute was first tested by its inventor because he wanted to use it. Montgolfier flew his own balloon. Did the Wright brothers hire a test pilot? And of the engineers at NASA who built the manned rockets, do you believe there wasn't a man or woman among them who wouldn't have jumped at the chance to fly in them?
Don't paste your cowardice badge on other people.
if i move to mars for the rest of my life what are the entertainment options? what am i supposed to do in my off time?
Watch reruns of Capricorn One, of course.
(from memory) 1. A robot may not, through action or inaction, allow a human to come to harm. My phone lets me dial 911 even if the bill is unpaid.
2. A robot must do what a human commands, within the bounds of the first law. If I pay the bills, it makes calls, gives me data, etc.
3. A robot must preserve itself, within the bounds of the first two laws. Well, it shuts off apps as the low battery approaches, preserving the remaining power for potential emergency calls, or my explicit use.
What am I missing? Is there a right to free data plans? Unwalled gardens? Calling plans that don't defy rational explanation? They're not "laws".
Is this really a good move for Mozilla strategically?
Yes because the general public do value privacy, and being on the side of public opinion is priceless.
Actually, the general public puts a very low value on privacy. If you ask do you value your privacy?", they'll say "yes, of course." But if you ask them "do you want to save 5% by signing up for our club card?", they'll practically push each other out of the way to save $0.50.
Marketers today put the benefit on the billboard, but put the terms of consent to tracking in the fine print. It would be interesting to see what would happen if the marketing came with the same kinds of warnings and side effects we see on drug ads. My guess is it would have almost no impact on the number of people who sign up to save a dollar.
The way he was talking, he made it sound like the difference was that they'd all come in the same container, so they wouldn't have to ship a 7.1 version to a 7.1 theater and a 5.1 version to a 5.1 screen.
I wasn't quite sure why he kept thinking the container format was such a neat idea, when virtually every digital media format is a container that is capable of the same thing. Maybe this is a new concept for digital feeds to projection houses, though. Or maybe he thought his audience isn't aware that it's been a part of the MPEG streaming standard format for the last two decades?
No, they do have pretty good movies, but they fill the theaters with worse neighbors. In a theater, I have to sit next to people I would change seats on a bus to get away from. Seriously, you don't need a squalling 3-year-old in a stroller at an R movie, or to post the plot on Facebook as it unfolds, or to repeat the dialog to your buddy in the seat next to you.
Im sure that 62.2 is not saying there are 64 different channels but that they 64 different "driver cabinets" to ensure that a decent sound image is available to everybody in the room.
Then go watch the video in TFA. There are indeed 64 different channels. But the guy was talking about two different concepts. The first was they're treating sounds as objects, which makes me think the individual theater's system will be responsible for the custom mapping of object locations to that theater's particular speaker array. The other was that the movie would ship with a sound "container", which would contain not only the sound objects, but professional downmixes to 22.1, 11.1, 7.1, 5.1, 4.0 and 2.0 tracks for full backward compatibility with the less capable systems.
But does the volume go to eleven ?
I'm sure it goes to 11.1
Anyway, I can't wait to hear the new version of the Dolby introduction. I just hope they'll be able to replace my shattered eyeglasses before the feature film starts.
And developing that something without harmful symptoms is so easy? I doubt it, otherwise I'd have heard of vaccines for AIDS and Ebola for quite a long ago.
Of course it's not easy, which is why they need this research to help understand the mutated forms of H5N1. And as you are no doubt aware, influenza is a lot simpler disease to deal with than HIV with its constant rounds of mutation, and Ebola which kills so quickly.
I'll stay with my opinion: better share all the info about the virus for increased chances somebody develop the vaccine quicker if/when needed and/or to know where to look if detecting a possible strain that mutated in the wild.
No argument from me there. We need this research to lessen the impact of the next round of pandemic flu.
And the capability to create has nothing to do with the capability to mass-produce. If that were true, you'd still be waiting for George Lucas to make you your very own VHS copy of Star Wars in his VCR. (Spoiler: by the time he gets around to recording yours, Chewbacca will have shot first!)
Haha... funny! Only serious: it's stupid for the context of mass producing vaccines!
Until someone fully developed a vaccine, do you have any warranty that a good vaccine can be copied "VCR/CD/DVD/BlueRay like"? You sure that the mutated virus/protein/antibody for the vaccine can be grown as usual (egg-embryos or whatever) and still be effective? What if not and the mass-production doesn't scale that cheaply?
Yeah, it was a cheap joke. But it still is a valid point: the researcher who develops the vaccine doesn't necessarily have to be the same guy who figures out how to culture and incubate it for a mass production process. Different skill sets there.
In my opinion, anyone purposely working on a more dangerous version of a deadly flu for very close to no reason, they should be shut down immediately.
Well, it's a good thing they have a really good reason then. They want to prevent a pandemic flu.
A pandemic is caused by a novel influenza virus that we are not immune to, and can spread itself quickly from infected host to uninfected human via airborne droplets.
As you pointed out, viruses do not die. The host's autoimmune system either learns how to control the more lethal strains, or the host dies. And we've learned the host's autoimmune system can be trained by inoculating it with a strain of the virus that looks very similar to the lethal strain, yet does not contain the machinery that typically causes sickness or death. We call this process vaccination.
We know the influenza virus lives for a long while in a non-human animal population (pigs, birds, horses), slowly mutating away from something our human autoimmune systems used to be able to recognize into a new form of the disease. This is called drift. (Reassortment is another mutational path that leads to new forms of the virus.) Judging by the regularity with which we are afflicted by pandemic flu viruses, this seems to happen about every 20 years. As we approach that 20 year mark, the occasional cross-species infection will occur, as the virus hops into some unlucky human who was in direct contact with the infected host. At that time, it's evident that there's a new form of the disease to which we're no longer immune.
We also know that every so often natural mutations will confer the ability to become transmissible to humans via airborne droplets that are exhaled by a carrier. Once that happens, the virus is able to spread among humans very rapidly.
So there are two things nature needs to create a new strain of pandemic flu: novelty and transmissibility. Once we see the novel form, it's time to create a vaccine that hopefully will lessen its impact before the time it naturally becomes transmissible on its own.
But mutations are mutations. We don't know for certain that the mutant form that's transmissible is still similar enough to the novel form for our autoimmune systems to recognize them both (keep in mind that the non-lethal form cultured for the vaccine is already somewhat different from the lethal form.) So the researchers are trying to study the possible mutations so they can test and develop the vaccines before they're actually needed in the wild.
tl;dr - they need to do this research, or a lot of people will die.
The people doing this research are also capable of creating vaccines, etc.
[citation needed]. Would appreciate if you can find citations showing their capability to produce quantities large enough if needed in a pandemic.
Wonder-Twin powers - deactivate logic! Form of: internet argument!
As far as actual capabilities of the researchers go, the creation of a vaccine is accomplished by creating a mutated form of the virus that triggers an autoimmune response without causing the harmful symptoms. The science is exactly the same as creating any other mutated form, such as one that can be spread via mammalian respiration, a.k.a. the paper they authored.
And the capability to create has nothing to do with the capability to mass-produce. If that were true, you'd still be waiting for George Lucas to make you your very own VHS copy of Star Wars in his VCR. (Spoiler: by the time he gets around to recording yours, Chewbacca will have shot first!)
I didn't say this was an incentive for the manufacturers to open their source. (f they're basing it on an open source platform that's covered by GPL and not LGPL, they're bound to, but I don't think any medical device maker wants to take responsibility for all of Linux in their devices.) If open source were mandated, however, you still raise valid issues.
Regarding your points, #1 is true regardless of the source. In the case of open source, they would have more sources of input from external people who review their code, which means an initial run of bugs to fix, but after that there should be more stability. If this helps them make a safer device, the incentive comes in the form of fewer lawsuits due to these defects being found statically, rather than in a patient.
#2 is certainly a concern. I hate to suggest software patents ever, for anything, but this might be a case where you'd use one. If opening the source were mandated, both manufacturers' code would be exposed, so proof would be easier.
#3 This plays out both ways: "Go ahead, examine our software, take it to your cousin who knows computers, he can see that we have nothing to hide. The FDA, the FBI, and crack teams of penetration testing hackers have also been unable to find any flaws. But the guys over at Joe's Discount Insulin Pumps, well, they keep their source closed, and maybe for a reason. Do you really think they found all their bugs? ALL of them? What are they really hiding in there?"
There's a different outcome possible, too. What if the FDA mandated the software be separate from the hardware? "Use PloverCo's software, it's tested and FDA certified for use on any implantable pump conforming to the ABC-123 standard." Now every pump can be built to a standard interface and run a standard package, eliminating user and doctor confusion. ABC-123 would define the firmware that would load software, and both the manufacturers and FDA would have to sign the code before it would load it.
OK, so there's a third solution: Instead of just open or closed source, give the code signing key to an independent Medical Device Code Quality Board. They'd have to be licensed software engineers (meaning a licensing requirement would have to be defined.) Have them be bonded, so they risk losing their bond if they're caught leaking a copy of the software. They'd take on insurance in case they get sued if the software fails anyway. And they get paid well, of course. Then nobody, not even the device manufacturer, can install unsigned code without the board's signature on it.
Just think: it would be expensive, slow, bureaucratic, litigious, and probably completely ineffective at detecting problems. It sounds a perfect government solution!
I took a summer job in a metal shop, and learned a ton of suff I was never going to get from a formal education.
The real world is filled with messy, hard, interesting, demeaning, uncomfortable, fun, maddening jobs. You could learn how a mean boss makes you do shoddy work just to get out of his face; something that may be important to remember in the future. You will meet interesting and boring people. You will probably meet racists and homophobes and criminals. You may not appreciate or like them, but you might understand the world a little better.
You could learn the properties of A5 tool steel. You could learn how to mop a floor. You could learn how to use a micrometer, and statistical process control. You could learn how to drive a forklift. You could learn about hazardous chemical handling. You could learn the value of safety equipment.
And you'll get very little of that from behind a keyboard.
Now quit reading /. and go get a job.
Allowing anyone to view the code means anyone can then modify it.
As the Mythbusters like to say, "Well, there's your problem!" Your entire argument is based on the extension of this premise to imply that you can then install this modified software on the medical device. But that's not a given at all. You can modify the downloaded copy of the code that you have squirreled away somewhere in /users/autocannon/src, but it doesn't mean you can modify the exact copy of the code that's running on the CPU in your insulin pump.
It may not even be physically possible. Consider that I can burn GPL (v2) code to an FPGA, then burn the fuse to prevent further modifications to the chip. As long as I distribute the source code with the device, I am free to sell the device, even though I've given you no end-user-accessible way of modifying it. Tivo used a variant of this idea, where they burned a digital signature verification process on their devices which then refused to permit unsigned updates to their code. Called "Tivoization", this practice led directly to the creation of the GPL V3.
Can you take a medical device apart and replace the ROM with your own modified code? Obviously it's technically possible, but if it's a medical device it will no longer be certified for medical use. No legitimate doctor would prescribe that modified device to a patient (outside of the device maker's controlled studies, of course.)
Good info, thanks. It raises a thousand more questions in my mind, though, about your quality processes. I would really like to know if your industry has specific mandated or regulated software quality standards you follow, like an ANSI or ISO standards? Or did your firm develop your quality processes entirely in house? Do you use Test Driven Development? Iterative methodologies, such as Agile? Or do you do big designs up front, and hold formal walkthroughs and reviews of those designs?
Do you have standard metrics for complexity? Do you have mandated automated unit test coverage of 100% of your code? Do you track defect rates over time? Do you maintain requirements traceability documentation? Do you have mandated code reviews, and if so, by whom? Do you use static code analysis tools, such as pmd, Klocwork, Coverity, lint, or the like? Do you have specific standards regarding exception handling? Dynamic memory allocation? Multi-threading?
I would love to know what measures you take when something as sensitive as a human life is at stake. The quality of my industry's software pales in comparison, as most of it just handles other people's money. It gets people all nervous, of course, and we take it seriously, but it won't actually kill someone if it crashes.
That's just what we need - medical devices and implants with NSA backdoors in them.
It's a matter of trust. I'd trust the NSA not to mess with my medical device far more than I'd trust a random device manufacturer to properly update a medical device over the internet. Only one of these organizations has a well deserved reputation for maintaining secrecy and security. Can the NSA sniff your internet traffic? Undoubtedly. But is someone at the NSA's Panopticon Central actually looking at your data? That's the key: you don't know for sure, and you will never know for sure. That speaks volumes for their security, and is a better reputation than these device manufacturers have.
Besides, the NSA has much less incentive to mess with your devices than other organizations, such as the FBI, FDA, police, TSA, etc. Just because one organization can doesn't mean the others get to.
He said "review" the software, not "replace" it. That confusion seems to lie at the heart (no pun intended) of all these discussions. There seems to be fear, whether intentionally spread by the manufacturers or not, that if the software was publicly viewable that it would immediately lead to people hacking the medical devices.
And in the short term that's likely to be a valid concern, because the software is so badly written* that an ordinary hacker armed with the source COULD physically attack a victim. That situation won't change until device makers start adopting best practices. (* This claim is backed by the existence of TFA: if the software was of better quality, it wouldn't be getting recalled so often.)
I have an idea. Long ago I heard that the NSA created chips for NASA specifically to protect communications to satellites, keeping mission critical aspects such as attitude control safely protected. Why doesn't the FDA ask the NSA to provide a similar set of chips for medical device makers? Not that the folks at the device labs are idiots, but they're certainly not security specialists. Even something as simple as providing a standard security mask for an FPGA would enable device makers to implement NSA-quality security, hardening their systems to the point where it would take an army of Ross Andersons led by a Bruce Schneier to break even one of them. If the hackers can't access the device because a protocol chip stops them, that problem would be solved.
By itself it won't fix the quality issues, but it would let us get to the point where hackers would be less of an impediment to reviewing and improving the devices.
I read the Hobbit to my son around first grade, and we read Lord of the Rings when he was about 7. This was ten years before the movies came out, and he was able to use his own imagination instead of seeing Peter Jackson's imagination at work. Highly recommended - he still has fond memories of our reading those books, and even said so this weekend.
If you read them over the course of a few weeks or so they are like any serial, where you learn to keep track of who is where and doing what, and enjoy the anticipation of finding out what comes next. I wouldn't assume they have to be short stories, they just have to hold his interest.
Since your grandfather's dexterity is compromised, how about an X-10 or Insteon home automation project so that he might control his home using an Android tablet or iPad?
Brilliant! There are many levels of home automation you could get into. Replacing switches and light fixtures with Insteon or Z-Wave devices would certainly be something he's qualified to do, or to help teach you to do properly. Designing various automation scenes is also something you could work on together: turn the lights on at 6:00 AM if it's still dark out, turn them off at sunrise or at 7:00 AM when it's time to leave, doorbell cameras and monitors, home security, heating control, basement water monitoring, TV remote controls, there are a thousand things to add on to such a system. And you can start fairly small, adding on only as needed or desired.
There's a fairly cheap home automation controller called Vera3 produced by Mi Casa Verde. It runs on an OpenWRT platform, and they welcome hobbyist contributions of new device controllers and other innovations. There is support for Android, iPhone, iPad, WAP, other portable clients, as well as a web interface that's well suited to set it all up. Custom device control can be written in Lua, enabling you to add just about any kind of functionality you can imagine.
Best of all is what you build together would benefit him immediately, and help even more in the future if his mobility is compromised by the progression of his disease.
Great suggestion!
Oh, for mod points to grant you. Thanks for the laugh!
Yes, data center cooling has been studied extensively. Consider a typical data center with 5,000 square feet of server space, and wired for 145 watt-hours/sq ft. That center is drawing about 3/4 megawatts per hour. You don't just "guess" when you already know you have to get rid of 2.5 million BTUs of waste heat. You have to carefully plan the thermal flow through the data center to ensure the whole building doesn't simply cook itself in its own waste. That means using a combination of ambient air, water chillers, swamp coolers, or whatever else it's going to take to pump away the heat.
One solution is to build your data centers in Canada, Greenland, Iceland, or Norway; somewhere north of 60 degrees. Seriously, there are very few months out of the year where the environment doesn't already cool them for free. It's not like the users have to be located in the data centers, just some operators, guards, and the occasional electrician. Some of that waste heat can be used to heat the living spaces of the nearby residents. By the same logic, building them in Florida, Arizona, or New Mexico is pretty much stupid, because you're going to double your expense getting rid of the heat.
iTunes Genius is exactly that service. It suggests music you may like based on profiling your listening habits. It gathers data about what you listen to, and uses your habits to suggest songs to other service users. And it's built in to every iPhone, iPod, and iPad they ship.
The most recent theory is the Natanz system was most likely infected on the non-Internet side of the facility by software planted an agent. The Internet cable was not plugged in until long after the damage was done.
There was no simple defense, no easy prevention when the attackers are the IDF and you've both announced "death to Israel" and are enriching uranium.