And from Microsoft's perspective... why come up with a good mobile platform when you can sell the same bloated OS you use on the desktop and just ship it for devices using the same hardware you've used for 20 years?
See, it works both ways.
Except Apple built something new, and Microsoft just keeps doing the same thing over and over and trying to tell us that is innovation.
It's like Microsoft just want to keep reinforcing the same stereotypes from the "I"m a PC/I'm a Mac" commercials -- that they're the lumbering beast who only sees the world in their outdated way.
Microsoft is being the opposite of innovative here.
How many good durable mechanical switch keyboards work with a tablet? Programming on OS/X is frustrating enough for me, never mind being relegated to a touch screen.
Honestly, they make Bluetooth keyboards, and have for years. Many companies make them, they should all work with pretty much anything.
Hell, I bet it you so chose you could buy a Microsoft Bluetooth keyboard and use it with an iPad.
That Apple doesn't ship it with a keyboard doesn't mean you're being denied the ability to use one.
Or, because he believes there will always be separate markets for Macs and portable devices, that they're not the same thing, and creating one combined device would probably result in a device which sucked as a PC and as a mobile device. I'm inclined to agree.
I don't want my tablet or my phone to be running the same OS I'd run on my desktop or my laptop. They're different things, used differently, and don't even run the same programs.
I keep looking at Microsoft trying to make all of the devices converge as full-spec x86 devices as lazy and self-serving because they don't have the ability to come up with a mobile OS which isn't just the same under the covers. It screams "we have no idea how to make a new mobile operating system, so instead we'll stick with the same architecture we've had for 20 years and do nothing".
You don't need to think laptops and desktops are a dying technology. You just don't have to think that converging them to a single device actually results in a good product.
Microsoft just wants to put out the exact same thing they already have and call it mobile. Not everyone agrees. In fact, we think it's just lazy, and pushing out a product and calling it "innovating", and will result in a product which sucks at both tasks. Increasingly, Microsoft looks like the old tech company who can't see past the world being about Office and Outlook -- which means they seem to be missing the point about what people actually want.
I agree with Tim Cook, that's just a product which will suck as a desktop/laptop, and also suck as a mobile device.
For the things most people are using their tablets for, there is no benefit in having it be an x86 platform. And from what I've seen of the new Microsoft interface, it's so horribly skewed towards being a bad interface for tablets... it's an utterly useless interface for desktops.
They should be separate operating systems because they're different devices, and used differently.
Once again, those "I'm a PC/I'm a Mac" ads showing Microsoft stuck in the past and missing the point seem like sheer brilliance. Because slavishly trying to keep to x86 on the thinking it's better than solving the actual problem is just inertia and not wanting things to change.
But when the protocol is 99% pirated material, I think it's a different story.
Do you have evidence to support this? Or are you just pulling a number out of your ass?
It is a protocol. It has "significant non-infringing" uses.
What the copyright cartel wants to do is equate using a protocol with piracy, without evidence. And then once they've done that, they want to say that individuals using that protocol must have engaged in piracy. I'm sorry, this is the legal equivalent of "if she weighs less than a duck, then she is therefore a witch".
So, no more than you can make the argument that owning a car allows you to speed, therefore if you own a car you speed... the copyright lawyers don't just get to make shit up and call it facts.
If the courts allow this, they've completely lost the plot, and the copyright cartel will be able to deem innuendo and supposition is legally admissible. And that would be a terrible idea.
Sorry, but no. The copyright cartel bought some bad laws in the form of the DMCA and other things. And one of the many things they wanted was to give themselves almost zero standard for evidence or penalty for misusing the system -- which means they want a law which allows them to do anything they want without consequence or oversight.
It really is time to rein them in with a much shorter leash and remind them they don't get to make up "facts" to suit themselves. Because somewhere along the line they've bought themselves laws which gives them all the power, and no responsibility.
You know, as soon as it became necessary for someone to invent the phrase twitter shitter, social media had pretty much reached the point of being mostly about narcissism and pointless drivel.
It's time these guys got held to some damned level of standards instead of just making sweeping, bullshit claims like "if they used this protocol they were doing teh piracy".
If they have specific evidence of specific infringement, use it. But simply accusing based on using the protocol is completely wrong. The problem is the copyright cartels essentially want a veto on any technology on the grounds it might be used to infringe. It doesn't work that way, but they keep pushing for it. And some idiot lawmakers are inclined to give it to them.
The courts need to start slapping them down and saying "innuendo and snide suggestion is not evidence, and things which aren't infringing aren't illegal.
"Once they have argued that BitTorrent use is automatically infringing, Plaintiffs seek to introduce other testimony and documents showing that some proportion of data traffic on Cox's network is associated with BitTorrent in order to mislead the jury into thinking that Cox knew or should have known about the infringement that Plaintiffs allege."
Can we introduce into court that all statements made by representatives of the copyright cartel are self serving statements by lying assholes who routinely mislead courts and make claims with no evidence, and routinely resort to obfuscation and perjury to bypass meeting any legal threshold for evidence?
Which is pretty much what the summary says... a trifling thing gets a wide audience, and the fact that is gets a wide audience gives it a bigger audience.
Basically social media is vacuous and self-referential, and the most trivial crap can get widespread attention for no good reason.
I'm sure a tweet about some kid getting grounded can go viral and cause the entire world to start fretting over some kid who got grounded.
Hell, it seems tailor-made to feed the careers of useless people like the Kardashians who are famous for... well, nothing actually other than being famous and fucking famous people.
The first amendment means government can't pass a law prohibiting free speech. They didn't in this case.
That does not imply that if you say stupid things which cause outrage that you have no consequences from that.
So, you are free to say any stupid shit you want to. You are not free from the public telling you that what you said was stupid.
Free speech is not freedom from consequences and the reaction of other people, and never has been. You are legally free to say any stupid crap which you choose. And others are free to decide you're a fucking idiot.
People might even defend your right to say it, but the results of you saying it are all your own.
citing a 50% shortfall between demand and capacity over the next five years as an indicator that consumers may have to be shepherded out of the congested times and areas in order for normal service to continue to be maintained
No, it means the greedy bastards who run the telcos need to invest in their damned infrastructure.
Consumers do NOT need to be fucking shepherded into making calls at 10pm, the people who keep gouging us for telecommunications need to actually spend some of the massive amounts they charge on maintaining their infrastructure instead of pretending they can keep doing nothing and collect the same money.
This is not a consumer scheduling problem, this is a failure to spend the money to maintain their infrastructure.
The problem is for years they've say back, collected the money, and pretended like continuing to do nothing wouldn't have long term implications.
Lazy, cheap and stupid is not a consumer scheduling problem. It's corporations failing to invest in their own business so they can artificially bump up profits.
But cmd.exe is NOT a terminal emulator, not by a long shot.
A terminal emulator, oddly enough, emulates terminals... VT52, VT102, IBM 3270, and a bunch of other things. You know, like the old school real physical terminals.
So, sorry, but no. cmd.exe is NOT a suitable answer to "what terminal emulator do you use". It's simply not even in the same family as a terminal emulator.
Somewhere in the last 10 years we flipped from all this crap being dorky fiction and bad movies to realizing there is no such thing as too damned paranoid. In the case of medical devices... well, they're stuck in the stone age of computer security.
Now the most far fetched scenario (which I will freely admit mine is) has to be weighed against what we know can actually happen.
What used to be fully tin-foil-hat paranoid 10 years ago is, unfortunately, quite real today. Especially when companies are that inept at/indifferent to security.
Do you think people would be writing articles about how the Mayo Clinic was doing security audits if there weren't real scenarios here?
Rios connected his pump to a computer network, just as a hospital would, and discovered it was possible to remotely take over the machine and âoepressâ the buttons on the deviceâ(TM)s touchscreen, as if someone were standing right in front of it. He found that he could set the machine to dump an entire vial of medication into a patient. A doctor or nurse standing in front of the machine might be able to spot such a manipulation and stop the infusion before the entire vial empties, but a hospital staff member keeping an eye on the pump from a centralized monitoring station wouldn't notice a thing, he says.
So, don't simply accuse me of spinning fantasy, and read the damned article.
Because from one random device he bought on eBay, he created a real scenario which would mirror real world conditions.
Which means a bored 13-year old script kiddie might also be able to do it.
Yes, I know it was experimental. Yes, I know it wasn't widespread. Yes, I know that all UNIX systems did not have this.
By the same token, a lot of people have probably never used HP-UX, Solaris, SunOS, AIX, DEC's Open UNIX (or whatever it was), or even a VAX. That doesn't mean they didn't exist.
But if it was on the SGI IRIX workstation we had to port our software to, and if it was installed, it was real software. We sure as heck didn't go and install it.
Now, in fairness, we had a pretty low end IRIX workstation, and the interface was dog slow. We fiddled with it for a little while and then put it away... I'm sure on a really beefy machine it was awesome.
That does not change my fundamental point that people who mock it because they don't know it existed are, in fact, wrong. It isn't a special effect, it isn't something some guy in Hollywood made up. It was a real thing.
The interface existed. Period.
I'm not saying it was common or widespread, or even ready for production. But since it was a company who made graphic workstations, it was the kind of demo they would do.
Hell, the monitor might have even had the SGI logo on it in the screen frame of Jurassic Park.
Yeah, no kidding... I'm pretty sure I've seen a friend's 5-year old daughter wearing her princess dress, playing with her light saber and Batman figurine, and beating up the boys she was playing with.
Because that's how she rolls.;-)
She could also use a BlackBerry Playbook when she was 2.
If she wants to code she'll bloody well do it. If she doesn't, I pity the person who tries to force her to do it.
But her Yoda t-shirt tells me Star Wars posters won't be a barrier to anything she does.
You jest, but you do know that 3D interface was a real thing, that SGI built, right?
If you happened to have an SGI UNIX machine which had this interface, it was real. At one point someone had gotten us an SGI box to port our software to.. so in 1996 I suddenly found myself staring at the interface going "wait, this is real?". Real, shipping software.
So, if you had a sensible filesystem layout, and a single script to restart the system, it's shockingly not nearly as far fetched as you think.
It really isn't a case of Hollywood making shit up. I've personally used that interface.
A dual floppy IBM XT could be as old as 1983, ran an 8088, and ran at 4.77MHz.
So, yes, by a lot of standards, an IBM XT was ancient in the early 90s. At the very least it was around 4-5 generations of CPU behind contemporary Intel offerings.
So back to the physical access problem. Will these medical devices have to be locked in secure server cages next to each patient's bed regardless of their programming, or not?
Well, which is the bigger problem... solving the terrible computer security, or solving the physical access problem?
Either way, you start off with a problem so huge in scale, and so utterly lacking in proper security, that there simply is no quick fix.
Which means before anybody can make even a dent in it, there is a very real possibility of these things being hacked for literally years.
It's like an entire industry has been stuck in a time warp back when Windows 3.1 was considered cutting edge, and utterly failed to ever consider how much the world of technology around them has changed. The manufacturers just didn't bother, the hospitals didn't have the skills or the resources.
And now, no matter what you do, it's probably hundreds of millions if not billions to solve this problem.
The problem is that is was allowed to get here, despite that people have actually been warning about this for at least a decade, and nothing has happened.
And, more importantly, it's also why you can't always replace those mainframe systems: because it works, and has worked for decades.
I've been on projects to replace aging mainframe stuff, some of which went back to the mid 60s or so.
You could start off trying to design a replacement, gather requirements, and design something which works on your assumptions and in the limited use cases you've seen.
And the more you delve into it, and discover all of the exceptions, corner cases, "didn't we tell you that?", sheer size of the data, all of the hairy bits, the 50 other systems which tie into that system and would also need to be replaced or updated... you can quickly reach the point where you really can't design a system which does the same things, you can't replace all of the integration points, you can't even really map out all the logic and business rules embedded in that system.
At the end of the day I've seen at least two such projects utterly fail.
Say what you will about legacy mainframe stuff. But they work, are so closely tied into the entire business and other systems that you can't simply swap them out as easily as people think you can, and as often as not are vastly more complex than you can possibly know until it's too late.
They're old, clunky, convoluted, and utterly mission critical. And when every other computer system in the company ties into them to extract data, you quickly realize you can't possibly update all of them.
That, and you might also find that you simply can't match the performance and throughput of those damned things.
A mainframe is a big lumbering beast. But it's a big lumbering beast which has kept the company moving for decades, hasn't had much in the way of downtime, has been expanded and added onto over the years, and in many cases will cost so much damned money to replace that nobody can afford to do it.
The guys coming in thinking they can whip up something in.NET, running SQL server, and on one machine? They often have no idea of just how big of a task they're trying to take on.
Personally, I would run screaming in the opposite direction from any project trying to replace a mainframe that's been in service for a long period. Because the scope of those things, and extent to which they interact with everything else in the company can be mind-boggling.
Yeah, no kidding. On my 23" monitor I already bump the fonts a little bigger so I don't have to try to make out tiny little text.
I've got pretty normal vision without glasses, but cramming 4x as much stuff into the screen isn't going to make it more usable for me. In fact, making the font smaller on the screen just gives me eye strain.
I know a guy who has a large monitor at home. It's not super high resolution (I assume it's just 1080p), but I think it's a 36" monitor or something like that, set back from his desk a little.
Going to ultra high resolution means I'd need a screen 4x the size as well.
Me, I'll stick with dual 23" monitors instead of going to higher resolution that I can't see. Cramming more text at a fraction of the size on the same sized screen offers me no benefit at all.
And just how many systems are running today which are still compatible with the IBM System/360?
I can't count how many retail stores I've been in who still bring up an IBM terminal emulator to do the real work, and I've known several places which have had mainframes running since the 60s. Every now and then you swap out a part while it's running.
If you are sufficiently afraid of malicious behavior from within the physical grounds of the hospital, there are many options available for that.
If I put on scrubs and a headcover, I'm willing to bet there's an awful lot of places I can go in a hospital completely unchallenged.
All of what you say is nice, but at present not a single bit of it is employed in the average hospital, which basically means almost every hospital would need to start from the ground up.
If the security of everything is already non-existent, it's not simply a matter of adding a piece here and there. It's already one big festering pile of insecure stuff. They don't have firewalls, they don't have segregated networks, they pretty much don't have anything, apparently.
So it's great to sit there arm-chair quarterbacking this, but it completely misses the damned point. The security is so abysmal already there's nothing to build on.
Well, think about it... if you want to bypass that, you unplug the device from its magic little firewall.
As has been pointed out elsewhere, these things aren't in secure rooms with physical security. They're in patient rooms.
I don't see that really working at all. That's a band-aid solution, but definitely not a solution... especially since it is likely quite easy to defeat. Anybody with physical access simply unplugs it, and then you're right back to having zero security.
You can't just slap on a piece and decide you now have some form of security. That's just pretending you've solved the problem.
Slashdot Mirror
And from Microsoft's perspective ... why come up with a good mobile platform when you can sell the same bloated OS you use on the desktop and just ship it for devices using the same hardware you've used for 20 years?
See, it works both ways.
Except Apple built something new, and Microsoft just keeps doing the same thing over and over and trying to tell us that is innovation.
It's like Microsoft just want to keep reinforcing the same stereotypes from the "I"m a PC/I'm a Mac" commercials -- that they're the lumbering beast who only sees the world in their outdated way.
Microsoft is being the opposite of innovative here.
Honestly, they make Bluetooth keyboards, and have for years. Many companies make them, they should all work with pretty much anything.
Hell, I bet it you so chose you could buy a Microsoft Bluetooth keyboard and use it with an iPad.
That Apple doesn't ship it with a keyboard doesn't mean you're being denied the ability to use one.
Or, because he believes there will always be separate markets for Macs and portable devices, that they're not the same thing, and creating one combined device would probably result in a device which sucked as a PC and as a mobile device. I'm inclined to agree.
I don't want my tablet or my phone to be running the same OS I'd run on my desktop or my laptop. They're different things, used differently, and don't even run the same programs.
I keep looking at Microsoft trying to make all of the devices converge as full-spec x86 devices as lazy and self-serving because they don't have the ability to come up with a mobile OS which isn't just the same under the covers. It screams "we have no idea how to make a new mobile operating system, so instead we'll stick with the same architecture we've had for 20 years and do nothing".
You don't need to think laptops and desktops are a dying technology. You just don't have to think that converging them to a single device actually results in a good product.
Microsoft just wants to put out the exact same thing they already have and call it mobile. Not everyone agrees. In fact, we think it's just lazy, and pushing out a product and calling it "innovating", and will result in a product which sucks at both tasks. Increasingly, Microsoft looks like the old tech company who can't see past the world being about Office and Outlook -- which means they seem to be missing the point about what people actually want.
I agree with Tim Cook, that's just a product which will suck as a desktop/laptop, and also suck as a mobile device.
For the things most people are using their tablets for, there is no benefit in having it be an x86 platform. And from what I've seen of the new Microsoft interface, it's so horribly skewed towards being a bad interface for tablets ... it's an utterly useless interface for desktops.
They should be separate operating systems because they're different devices, and used differently.
Once again, those "I'm a PC/I'm a Mac" ads showing Microsoft stuck in the past and missing the point seem like sheer brilliance. Because slavishly trying to keep to x86 on the thinking it's better than solving the actual problem is just inertia and not wanting things to change.
Do you have evidence to support this? Or are you just pulling a number out of your ass?
It is a protocol. It has "significant non-infringing" uses.
What the copyright cartel wants to do is equate using a protocol with piracy, without evidence. And then once they've done that, they want to say that individuals using that protocol must have engaged in piracy. I'm sorry, this is the legal equivalent of "if she weighs less than a duck, then she is therefore a witch".
So, no more than you can make the argument that owning a car allows you to speed, therefore if you own a car you speed ... the copyright lawyers don't just get to make shit up and call it facts.
If the courts allow this, they've completely lost the plot, and the copyright cartel will be able to deem innuendo and supposition is legally admissible. And that would be a terrible idea.
Sorry, but no. The copyright cartel bought some bad laws in the form of the DMCA and other things. And one of the many things they wanted was to give themselves almost zero standard for evidence or penalty for misusing the system -- which means they want a law which allows them to do anything they want without consequence or oversight.
It really is time to rein them in with a much shorter leash and remind them they don't get to make up "facts" to suit themselves. Because somewhere along the line they've bought themselves laws which gives them all the power, and no responsibility.
You know, as soon as it became necessary for someone to invent the phrase twitter shitter, social media had pretty much reached the point of being mostly about narcissism and pointless drivel.
It's time these guys got held to some damned level of standards instead of just making sweeping, bullshit claims like "if they used this protocol they were doing teh piracy".
If they have specific evidence of specific infringement, use it. But simply accusing based on using the protocol is completely wrong. The problem is the copyright cartels essentially want a veto on any technology on the grounds it might be used to infringe. It doesn't work that way, but they keep pushing for it. And some idiot lawmakers are inclined to give it to them.
The courts need to start slapping them down and saying "innuendo and snide suggestion is not evidence, and things which aren't infringing aren't illegal.
Can we introduce into court that all statements made by representatives of the copyright cartel are self serving statements by lying assholes who routinely mislead courts and make claims with no evidence, and routinely resort to obfuscation and perjury to bypass meeting any legal threshold for evidence?
Because that would be awesome.
Which is pretty much what the summary says ... a trifling thing gets a wide audience, and the fact that is gets a wide audience gives it a bigger audience.
Basically social media is vacuous and self-referential, and the most trivial crap can get widespread attention for no good reason.
I'm sure a tweet about some kid getting grounded can go viral and cause the entire world to start fretting over some kid who got grounded.
Hell, it seems tailor-made to feed the careers of useless people like the Kardashians who are famous for ... well, nothing actually other than being famous and fucking famous people.
Well, isn't that kind the entire point of social media? Taking every aspect of your life and broadcasting as if it was some earth-shattering news?
It's all about narcissism and thinking everything revolves around you. I thought that was the business model.
The first amendment means government can't pass a law prohibiting free speech. They didn't in this case.
That does not imply that if you say stupid things which cause outrage that you have no consequences from that.
So, you are free to say any stupid shit you want to. You are not free from the public telling you that what you said was stupid.
Free speech is not freedom from consequences and the reaction of other people, and never has been. You are legally free to say any stupid crap which you choose. And others are free to decide you're a fucking idiot.
People might even defend your right to say it, but the results of you saying it are all your own.
No, it means the greedy bastards who run the telcos need to invest in their damned infrastructure.
Consumers do NOT need to be fucking shepherded into making calls at 10pm, the people who keep gouging us for telecommunications need to actually spend some of the massive amounts they charge on maintaining their infrastructure instead of pretending they can keep doing nothing and collect the same money.
This is not a consumer scheduling problem, this is a failure to spend the money to maintain their infrastructure.
The problem is for years they've say back, collected the money, and pretended like continuing to do nothing wouldn't have long term implications.
Lazy, cheap and stupid is not a consumer scheduling problem. It's corporations failing to invest in their own business so they can artificially bump up profits.
Bah, you already have that button .. reply to your friend with "Fuck Off".
Or, do you just want some sort of passive aggressive thing where you can quietly throw a tantrum and block sites?
You don't need a damned button to be antisocial.
Hmmm ... cmd.exe is a command line shell.
But cmd.exe is NOT a terminal emulator, not by a long shot.
A terminal emulator, oddly enough, emulates terminals ... VT52, VT102, IBM 3270, and a bunch of other things. You know, like the old school real physical terminals.
So, sorry, but no. cmd.exe is NOT a suitable answer to "what terminal emulator do you use". It's simply not even in the same family as a terminal emulator.
Do you live under a rock?
Somewhere in the last 10 years we flipped from all this crap being dorky fiction and bad movies to realizing there is no such thing as too damned paranoid. In the case of medical devices ... well, they're stuck in the stone age of computer security.
Now the most far fetched scenario (which I will freely admit mine is) has to be weighed against what we know can actually happen.
What used to be fully tin-foil-hat paranoid 10 years ago is, unfortunately, quite real today. Especially when companies are that inept at/indifferent to security.
Do you think people would be writing articles about how the Mayo Clinic was doing security audits if there weren't real scenarios here?
So, don't simply accuse me of spinning fantasy, and read the damned article.
Because from one random device he bought on eBay, he created a real scenario which would mirror real world conditions.
Which means a bored 13-year old script kiddie might also be able to do it.
Yes, I know it was experimental. Yes, I know it wasn't widespread. Yes, I know that all UNIX systems did not have this.
By the same token, a lot of people have probably never used HP-UX, Solaris, SunOS, AIX, DEC's Open UNIX (or whatever it was), or even a VAX. That doesn't mean they didn't exist.
But if it was on the SGI IRIX workstation we had to port our software to, and if it was installed, it was real software. We sure as heck didn't go and install it.
Now, in fairness, we had a pretty low end IRIX workstation, and the interface was dog slow. We fiddled with it for a little while and then put it away ... I'm sure on a really beefy machine it was awesome.
That does not change my fundamental point that people who mock it because they don't know it existed are, in fact, wrong. It isn't a special effect, it isn't something some guy in Hollywood made up. It was a real thing.
The interface existed. Period.
I'm not saying it was common or widespread, or even ready for production. But since it was a company who made graphic workstations, it was the kind of demo they would do.
Hell, the monitor might have even had the SGI logo on it in the screen frame of Jurassic Park.
Yeah, no kidding ... I'm pretty sure I've seen a friend's 5-year old daughter wearing her princess dress, playing with her light saber and Batman figurine, and beating up the boys she was playing with.
Because that's how she rolls. ;-)
She could also use a BlackBerry Playbook when she was 2.
If she wants to code she'll bloody well do it. If she doesn't, I pity the person who tries to force her to do it.
But her Yoda t-shirt tells me Star Wars posters won't be a barrier to anything she does.
Wow, 13 freakin' links ... like anybody reads the articles now.
Is there an actual article in there somewhere?
Honestly, that sounds like poking yourself in the eye with a pencil because you don't like wearing glasses.
But, hey, if you feel like doing that, go right ahead.
You jest, but you do know that 3D interface was a real thing, that SGI built, right?
If you happened to have an SGI UNIX machine which had this interface, it was real. At one point someone had gotten us an SGI box to port our software to .. so in 1996 I suddenly found myself staring at the interface going "wait, this is real?". Real, shipping software.
So, if you had a sensible filesystem layout, and a single script to restart the system, it's shockingly not nearly as far fetched as you think.
It really isn't a case of Hollywood making shit up. I've personally used that interface.
Well, in 1993 I bought a 486 machine.
A dual floppy IBM XT could be as old as 1983, ran an 8088, and ran at 4.77MHz.
So, yes, by a lot of standards, an IBM XT was ancient in the early 90s. At the very least it was around 4-5 generations of CPU behind contemporary Intel offerings.
Well, which is the bigger problem ... solving the terrible computer security, or solving the physical access problem?
Either way, you start off with a problem so huge in scale, and so utterly lacking in proper security, that there simply is no quick fix.
Which means before anybody can make even a dent in it, there is a very real possibility of these things being hacked for literally years.
It's like an entire industry has been stuck in a time warp back when Windows 3.1 was considered cutting edge, and utterly failed to ever consider how much the world of technology around them has changed. The manufacturers just didn't bother, the hospitals didn't have the skills or the resources.
And now, no matter what you do, it's probably hundreds of millions if not billions to solve this problem.
The problem is that is was allowed to get here, despite that people have actually been warning about this for at least a decade, and nothing has happened.
And, more importantly, it's also why you can't always replace those mainframe systems: because it works, and has worked for decades.
I've been on projects to replace aging mainframe stuff, some of which went back to the mid 60s or so.
You could start off trying to design a replacement, gather requirements, and design something which works on your assumptions and in the limited use cases you've seen.
And the more you delve into it, and discover all of the exceptions, corner cases, "didn't we tell you that?", sheer size of the data, all of the hairy bits, the 50 other systems which tie into that system and would also need to be replaced or updated ... you can quickly reach the point where you really can't design a system which does the same things, you can't replace all of the integration points, you can't even really map out all the logic and business rules embedded in that system.
At the end of the day I've seen at least two such projects utterly fail.
Say what you will about legacy mainframe stuff. But they work, are so closely tied into the entire business and other systems that you can't simply swap them out as easily as people think you can, and as often as not are vastly more complex than you can possibly know until it's too late.
They're old, clunky, convoluted, and utterly mission critical. And when every other computer system in the company ties into them to extract data, you quickly realize you can't possibly update all of them.
That, and you might also find that you simply can't match the performance and throughput of those damned things.
A mainframe is a big lumbering beast. But it's a big lumbering beast which has kept the company moving for decades, hasn't had much in the way of downtime, has been expanded and added onto over the years, and in many cases will cost so much damned money to replace that nobody can afford to do it.
The guys coming in thinking they can whip up something in .NET, running SQL server, and on one machine? They often have no idea of just how big of a task they're trying to take on.
Personally, I would run screaming in the opposite direction from any project trying to replace a mainframe that's been in service for a long period. Because the scope of those things, and extent to which they interact with everything else in the company can be mind-boggling.
Yeah, no kidding. On my 23" monitor I already bump the fonts a little bigger so I don't have to try to make out tiny little text.
I've got pretty normal vision without glasses, but cramming 4x as much stuff into the screen isn't going to make it more usable for me. In fact, making the font smaller on the screen just gives me eye strain.
I know a guy who has a large monitor at home. It's not super high resolution (I assume it's just 1080p), but I think it's a 36" monitor or something like that, set back from his desk a little.
Going to ultra high resolution means I'd need a screen 4x the size as well.
Me, I'll stick with dual 23" monitors instead of going to higher resolution that I can't see. Cramming more text at a fraction of the size on the same sized screen offers me no benefit at all.
And just how many systems are running today which are still compatible with the IBM System/360?
I can't count how many retail stores I've been in who still bring up an IBM terminal emulator to do the real work, and I've known several places which have had mainframes running since the 60s. Every now and then you swap out a part while it's running.
That's a body of work ... safe travels Dr. Amdahl.
If I put on scrubs and a headcover, I'm willing to bet there's an awful lot of places I can go in a hospital completely unchallenged.
All of what you say is nice, but at present not a single bit of it is employed in the average hospital, which basically means almost every hospital would need to start from the ground up.
If the security of everything is already non-existent, it's not simply a matter of adding a piece here and there. It's already one big festering pile of insecure stuff. They don't have firewalls, they don't have segregated networks, they pretty much don't have anything, apparently.
So it's great to sit there arm-chair quarterbacking this, but it completely misses the damned point. The security is so abysmal already there's nothing to build on.
Well, think about it ... if you want to bypass that, you unplug the device from its magic little firewall.
As has been pointed out elsewhere, these things aren't in secure rooms with physical security. They're in patient rooms.
I don't see that really working at all. That's a band-aid solution, but definitely not a solution ... especially since it is likely quite easy to defeat. Anybody with physical access simply unplugs it, and then you're right back to having zero security.
You can't just slap on a piece and decide you now have some form of security. That's just pretending you've solved the problem.