I read through the stat counter article, and I was generally displeased with the heavy handed tone, and the general "this is the ONLY way to do it" attitude by the stats counter author. It's kind of odd defending Microsoft, but I think they have some decent points.
I'm a web developer, and frankly both metrics are useful to me. Why? Page views you already made a good case for, but when I develop a site, I need to know how many people are going to be pissed off when their browser doesn't work on my site. If a browser doesn't work on my site, and the user just leaves because of it, that isn't really offset by the fact that some other user on a different browser goes through the site more. So I heavily disagree with the idea presented by stats counter that the ONLY thing that matters is page views.
Both the summary and article are being stupid about the reason for salting in hashed passwords. It's main benefit isn't hiding two same password. It's main purpose is to make brute force much more work,
Yes, but you should also mention that salts with a large amount of entropy also protect against Rainbow tables and other forms of pre-computed hashed passwords. Make sure you have enough entropy in your salt(128 bits is very high) to prevent these kinds of attacks.
I'd recommend a randomly generated salt for each password, and not based on some user details. This guarantees a large amount of entropy in the salt. Some people also recommend an added site wide salt as well that's not stored in the same place as the password (embedded in the code for instance). This might increase your security a bit, but it's going to cost you quite a bit in added complexity.
I wonder how many of these "positive bias" results come from the fact that if you publish results that disagree with the bias of those who are paying for the study, they'll probably ensure it's never published and you'll find yourself no longer running studies on their dollars.
What? Where are you getting this idea? Scientists publish research that disagrees with the people who fund it all the time. No academic researcher would agree to be funded with stipulations on publishing.
Perhaps you're talking about internal studies done by such agents? Shell obviously isn't required to publish research on global warming.
What I am saying is that - by definition - those people are not true Wiccans or Buddhists.
Ah... the old "They're not REAL practitioners of religion X, because religion X forbids activity Y" trick. Given this rule, we can say all religions are true and great because there's always a way to conveniently define away all the people you don't really like in your religion as not "true adherents".
The thing about any religion of any age where it's diverged from the original people who followed it is that it becomes amorphous. Every group seeks to carve out their own section of the religion, and define away the others as "not true adherents". That's OK, but you really have to abandon the idea that there's a "true religion".
The FBI spent 6 years trying to crack it, you'd think if the NSA could do it so easily they'd call them in.
You don't know much about the government, or specifically the NSA I take it. NSA is extraordinarily secretive, and doesn't just step in and help other agencies unless they're directed to. The NSA is built on secrecy and intelligence gathering, not law enforcement. They sure as hell aren't going to risk revealing they can crack truecrypt to even anyone in the FBI.
I would love to hear why you believe the NSA could crack it - and so would almost everyone else that uses TrueCrypt.
The NSA employees teams of mathematicians to just study cryptography. They have ungodly amounts of computing power at their disposal. They're constructing essentially a computing bunker in Utah. If anyone can crack truecrypt, it's the NSA.
Does that mean they can? Who knows. I have my doubts that they go after the algorithm itself, but rather go after the password. Most people pick terrible passwords, and have little idea that it's trivial to guess hundreds of millions of passwords a second on everyday hardware. Software implementations of algorithms can often leak information, or have really poorly implemented random number generators.
I wonder how far this goes! Is the notion of the counting numbers innate? Counting exact numbers is not innate. There are some cultures that don't have words for an exact number beyond 3. That doesn't mean they don't understand quantities, just that they can't name a specific amount. It'd be like if somone showed you a thousand of something, and 1100 of something. You'd know the 1100 was more, but you wouldn't be certain by exactly how much more.
We domesticated chickens about 5000 years ago. They haven't been eating bugs and grass for a long time. (Actually I'm pretty certain birds don't eat grass at all, so you might want to brush up on your livestock knowledge). Chickens are entirely dependent on humans, and wouldn't survive a week without humans.
If you really want to stop eating anything humans have created and changed, you should stop eating almost everything in the food supply. About the only food in your average supermarket that hasn't been completely created by human beings through selective breeding is fish and seafood.
Worth mentioning that humans evolved to eat animals with standard fat percentages,
Except we didn't evolve to eat animals every day in large amounts. There ARE significant studies that have correlated high LDL cholesterol with heart disease, and there are studies linking high saturated fats with an increase in LDL cholesterol.
Does this mean my client can be overrun if a server throws me a bad packet or two?
Yes.
Based on the advisory, I can't fully agree with either of these statements. The advisory states:
Any application which uses BIO or FILE based functions to read untrusted DER format data is vulnerable.
DER is a format for the certificate key. For the most part it's relatively rare to handle untrusted certificate keys. I suppose it's possible if you're doing some form of authenticating the client end as well as the server end via SSL.
Please correct me if I'm wrong, but I don't see much evidence this vulnerability is anything worth worrying about for the vast majority of people.
It does take a leap of faith to state "There is no God" (atheism). The sentence isn't testable or falsable.
Is there really that much of a practical difference between stating something doesn't exist, and simply ignoring it? If you ignore it, it might as well not exist. The point being, you're right in a real sense, but in what sense in everyday life does the difference matter?
I agree that it can be "just language", but the use of language reveals how people think. It's not just arbitrary, and it doesn't come from a vacuum. It may be only a passing thought, but it certainly reveals an underlying thought process going on. Attaching emotions to inanimate objects gives a hint that that's really how someone thinks of it. Later on if you question them, I'm sure they'll say "Oh I don't REALLY think of it that way". But that's just a rationalisation. In a real sense people are getting angry at inanimate objects.
I should point out, though, that the Dentist told every patient (and told us to tell them, as well) that they only get 1/100th of the radiation. It's just a party lie.
Is there ANY truth to this? Where does the 1/100 come from? It's hard for me to believe it's just a complete lie, especially considering you're talking about being off by a factor of 50.
If the app was billed as "Find out who's around you!" instead of "Find the girls around you!", it'd do exactly the same thing, and continue to be sold.
Of course, anyone could still write this app very easily because people are publicly publishing their location information. (Duh). The story should have been "Look what people can do when you tell literally everyone in the world where you are" instead of "person makes creepy app".
It isn't bigotry to be sensitive to the sensibilities of people who already work for you, and reject a newcomer who'd destroy the existing balance. It is bigotry to yell "BIGOT" when an employer can see that someone won't fit in.
I think you're just trying to defend bigotry by institutionalizing it. If someone can't get along with someone for the sole reason of skin color, then the problem is that person and they need to go. You can call not hiring black people "not upsetting the existing balance" if you like, but nobody is really fooled by that. That's just simple racism. If you're really saying "Gee... I think he wouldn't really fit in" when someone in the company doesn't like someone because of a protected class (sex, national origin, race, religion, and sometimes sexual orientation) you're actually breaking the law. The law doesn't really give a shit about your balance, nor should it.
If you REALLY want to avoid this situation, I'd suggest not hiring Archie Bunker in the first place. It's perfectly legal to discriminate on the basis of douche-baggery. Douche bags can be fired at will. In fact, your company is actually liable for workplace harassment suits if 'old Arch starts harassing people based on a protected class. Don't believe me? Ask Herman Caine about workplace harassment.
The project is obviously about historic preservation, not science. Think it might be interesting to have the Nina, Pinta, and Santa Maria on display in a museum somewhere? How about the tools used to create the pyramids?
Contrary to what many individuals think, not everybody on Slashdot went to college for a computer-related degree.
I don't know where you got this idea, but in my experience with IT there's actually more people without computer related degrees than with.
Whether you get a computer science degree is really entirely up to your own interests, and economic circumstances. It'll certainly help you, but it's not required. The people I see without degrees are (very generally) less knowledgeable about the field than those with degrees. There's many exceptions, and there's no reason you can't learn everything on your own without formal schooling. Not everyone is a good candidate for self learning, so that's why I suspect the degree holders have an edge (as a group) over the non-degree holders. You sound like you're relatively good at self learning, so this likely doesn't apply to you.
So should you get the degree? Nobody can answer that but you. I will tell you that you don't really need it to get a job. It'll help you a little in starting out at a better job, but after that it doesn't matter terribly much after a few years. If you like school, or have the money (rich parents?), or don't mind more debt, then more school might be a good idea. If you're tired of accumulating more debt, can't afford it, or are tired of college, then I'd encourage you to find a job in IT.
Yup. I've done exactly the same thing, and also switched to Mint. As of the latest release, Unity became the only UI supported without having to hack the shit out of the thing. I gave up, and I'm not going back. I tried unity for a while, but decided it was a terrible UI for a desktop. Linux Mint seems a good alternative, so why not?
So goodbye Ubuntu, it's been a good 6 years or so, but this is where I get off the bus. I really great improvement over Redhat many years ago, but if it's Unity or the Highway, then the highway is an easy choice.
just about all of them believed in evolution AND creationism (that's correct, they're not mutually exclusive, bible says why and evolution says how).
Umm.. No. That's not creationism. Creationism states that the earth is 6000 years old, and Yahweh created man out of clay. What your friends believe is simply some sugar piled on top of evolution to make it go down a little easer. Perhaps what you're getting at is that religion and evolution aren't mutually exclusive? Because creationism (the real creationism that creationists want people to believe) is most certainly mutually exclusive with evolution. That's by design by the creationists. In addition, most I know believe the world is warming. So let's please stop stereotyping people by political party.
Except that when you do actual surveys, Republicans come out far and above against believing that global warming is caused by humans. You're correct that NOT EVERYONE falls into these definitions. But the reality is that there's one party that's really taken very hard line stances as a group against global warming, and is very very skitish about evolution. That party if the Republican party. Several months ago all the Republican candidates for president (with the possible exception of one, I don't perfectly recall) came out in one of the debates against global warming as human caused. So tell me again why I shouldn't look at the Republican party as anti-science?
Some of us are insane enough to think there's a big difference between someone leaving a 200K house to his kids. and someone leaving 2 billion dollars in stock to his kids. The situation doesn't simply scale up.
What you have assumed is that the value of this software is worth more than the lives of the people who depend on it.
Where do people get such weird, binary ideas? Why do you believe the only way to protect the public is releasing source code, and furthermore that NOT releasing source code is a direct valuation of code vs lives? Isn't possible there's much better ways to ensure these devices are safe? I just don't agree that safety and source release are a zero sum game.
It may be difficult for you, but reading software is actually quite easy for many people.
You're thinking on too granular of a level. I can read source code. I've done software development for over a decade now. The ability to read source code, and understanding the use case and what constitutes a bug are two entirely different things. I'm sure anyone could find some trivial buffer overflows in source code, but how many are going to be able to understand the critical pieces of code that determine if you need to send the patient a shock or not? Very, very few.
It may never be know how many pacemaker faults could have been avoided with full software reviews.
There's an infinity of things that will never be known. There's an infinity of things that if we knew the answers, we could save lives. The resources we have are always finite. So the question is always "which thing do we devote resources to to do the most good?". It's not "we should find out everything we can about everything". Your statement is merely trying to dredge up fear of the unknown, which is already infinite.
No, I'm saying they should use a mode of communication that requires you to be within a few inches of the patients chest, like say the magnetic communication that's been used in pacemaker/defibs for many, many years. If someone puts a weird device up to your chest to hack into your pacemaker/defib, you're going to notice it.
Doing this via wi-fi from tens of feet away is idiotic and negligent. (I have no idea if this is possible, but I hope to god not).
Why the heck would someone put a real time clock into a pacemaker?
Obviously so you can correlate a patients symptoms and or activity with the monitoring built into the pacemaker/defibrillator. These devices aren't just simple, dumb pacemakers anymore, and havent been for many years. My father has had one of these devices for nearly a decade now, and several times has been worried about what he thought were jolts from the defib. (They turned ot to be not a jolt from the defib thankfully). These devices have had the capability of storing event data from any arrythmias they detect, and any debrillations it administers.
It's an obvious use case that you'd want to know WHEN the arrythmia or defib occoured to be able to diagnose what caused it.
Someone made a white paper saying "OMG the pump uses RF Signals! Someone could do something with that!"
It's a little bit more than that. The lawyer was wrong about the wi-fi, it's a proprietary protocol. But from the abstract the hack was quite a bit more than writing a white paper and mentioning the device uses RF. I found the abstract from Defcon, which reveals some more details:
Hacking Medical Devices for Fun and Insulin: Breaking the Human SCADA System
As a diabetic, I have two devices attached to me at all times; an insulin pump and a continuous glucose monitor. This combination of devices turns me into a Human SCADA system; in fact, much of the hardware used in these devices are also used in Industrial SCADA equipment. I was inspired to attempt to hack these medical devices after a presentation on hardware hacking at DEF CON in 2009. Both of the systems have proprietary wireless communication methods.
Could their communication methods be reverse engineered? Could a device be created to perform injection attacks? Manipulation of a diabetic's insulin, directly or indirectly, could result in significant health risks and even death. My weapons in the battle: Arduino, Ham Radios, Bus Pirate, Oscilloscope, Soldering Iron, and a hacker's intuition.
After investing months of spare time and an immense amount of caffeine, I have not accomplished my mission. The journey, however, has been an immeasurable learning experience - from propriety protocols to hardware interfacing-and I will focus on the ups and downs of this project, including the technical issues, the lessons learned, and information discovered, in this presentation "Breaking the Human SCADA System."
Slashdot Mirror
I read through the stat counter article, and I was generally displeased with the heavy handed tone, and the general "this is the ONLY way to do it" attitude by the stats counter author. It's kind of odd defending Microsoft, but I think they have some decent points.
I'm a web developer, and frankly both metrics are useful to me. Why? Page views you already made a good case for, but when I develop a site, I need to know how many people are going to be pissed off when their browser doesn't work on my site. If a browser doesn't work on my site, and the user just leaves because of it, that isn't really offset by the fact that some other user on a different browser goes through the site more. So I heavily disagree with the idea presented by stats counter that the ONLY thing that matters is page views.
Both the summary and article are being stupid about the reason for salting in hashed passwords. It's main benefit isn't hiding two same password. It's main purpose is to make brute force much more work,
Yes, but you should also mention that salts with a large amount of entropy also protect against Rainbow tables and other forms of pre-computed hashed passwords. Make sure you have enough entropy in your salt(128 bits is very high) to prevent these kinds of attacks.
I'd recommend a randomly generated salt for each password, and not based on some user details. This guarantees a large amount of entropy in the salt. Some people also recommend an added site wide salt as well that's not stored in the same place as the password (embedded in the code for instance). This might increase your security a bit, but it's going to cost you quite a bit in added complexity.
I wonder how many of these "positive bias" results come from the fact that if you publish results that disagree with the bias of those who are paying for the study, they'll probably ensure it's never published and you'll find yourself no longer running studies on their dollars.
What? Where are you getting this idea? Scientists publish research that disagrees with the people who fund it all the time. No academic researcher would agree to be funded with stipulations on publishing.
Perhaps you're talking about internal studies done by such agents? Shell obviously isn't required to publish research on global warming.
But there is a definition of Buddhism that follows unambiguously from contemporary usage of the suffix "ism".
I don't recall agreeing on a definition of Buddhism. Did I miss a vote or something?
What I am saying is that - by definition - those people are not true Wiccans or Buddhists.
Ah... the old "They're not REAL practitioners of religion X, because religion X forbids activity Y" trick. Given this rule, we can say all religions are true and great because there's always a way to conveniently define away all the people you don't really like in your religion as not "true adherents".
The thing about any religion of any age where it's diverged from the original people who followed it is that it becomes amorphous. Every group seeks to carve out their own section of the religion, and define away the others as "not true adherents". That's OK, but you really have to abandon the idea that there's a "true religion".
The FBI spent 6 years trying to crack it, you'd think if the NSA could do it so easily they'd call them in.
You don't know much about the government, or specifically the NSA I take it. NSA is extraordinarily secretive, and doesn't just step in and help other agencies unless they're directed to. The NSA is built on secrecy and intelligence gathering, not law enforcement. They sure as hell aren't going to risk revealing they can crack truecrypt to even anyone in the FBI.
I would love to hear why you believe the NSA could crack it - and so would almost everyone else that uses TrueCrypt.
The NSA employees teams of mathematicians to just study cryptography. They have ungodly amounts of computing power at their disposal. They're constructing essentially a computing bunker in Utah. If anyone can crack truecrypt, it's the NSA.
Does that mean they can? Who knows. I have my doubts that they go after the algorithm itself, but rather go after the password. Most people pick terrible passwords, and have little idea that it's trivial to guess hundreds of millions of passwords a second on everyday hardware. Software implementations of algorithms can often leak information, or have really poorly implemented random number generators.
I wonder how far this goes! Is the notion of the counting numbers innate?
Counting exact numbers is not innate. There are some cultures that don't have words for an exact number beyond 3. That doesn't mean they don't understand quantities, just that they can't name a specific amount. It'd be like if somone showed you a thousand of something, and 1100 of something. You'd know the 1100 was more, but you wouldn't be certain by exactly how much more.
Chickens eat bugs and grass, not feed.
We domesticated chickens about 5000 years ago. They haven't been eating bugs and grass for a long time. (Actually I'm pretty certain birds don't eat grass at all, so you might want to brush up on your livestock knowledge). Chickens are entirely dependent on humans, and wouldn't survive a week without humans.
If you really want to stop eating anything humans have created and changed, you should stop eating almost everything in the food supply. About the only food in your average supermarket that hasn't been completely created by human beings through selective breeding is fish and seafood.
Worth mentioning that humans evolved to eat animals with standard fat percentages,
Except we didn't evolve to eat animals every day in large amounts. There ARE significant studies that have correlated high LDL cholesterol with heart disease, and there are studies linking high saturated fats with an increase in LDL cholesterol.
Why should you bother to patch the vulnerability if like 99.9% of people you don't deal with client certs, run an OCSP server, or a CA?
Based on the advisory, I can't fully agree with either of these statements.
The advisory states:
Any application which uses BIO or FILE based functions to read untrusted DER
format data is vulnerable.
DER is a format for the certificate key. For the most part it's relatively rare to handle untrusted certificate keys. I suppose it's possible if you're doing some form of authenticating the client end as well as the server end via SSL.
Please correct me if I'm wrong, but I don't see much evidence this vulnerability is anything worth worrying about for the vast majority of people.
Advistory at: http://www.openssl.org/news/secadv_20120419.txt
It does take a leap of faith to state "There is no God" (atheism). The sentence isn't testable or falsable.
Is there really that much of a practical difference between stating something doesn't exist, and simply ignoring it? If you ignore it, it might as well not exist. The point being, you're right in a real sense, but in what sense in everyday life does the difference matter?
I agree that it can be "just language", but the use of language reveals how people think. It's not just arbitrary, and it doesn't come from a vacuum. It may be only a passing thought, but it certainly reveals an underlying thought process going on. Attaching emotions to inanimate objects gives a hint that that's really how someone thinks of it. Later on if you question them, I'm sure they'll say "Oh I don't REALLY think of it that way". But that's just a rationalisation. In a real sense people are getting angry at inanimate objects.
I should point out, though, that the Dentist told every patient (and told us to tell them, as well) that they only get 1/100th of the radiation. It's just a party lie.
Is there ANY truth to this? Where does the 1/100 come from? It's hard for me to believe it's just a complete lie, especially considering you're talking about being off by a factor of 50.
If the app was billed as "Find out who's around you!" instead of "Find the girls around you!", it'd do exactly the same thing, and continue to be sold.
Of course, anyone could still write this app very easily because people are publicly publishing their location information. (Duh). The story should have been "Look what people can do when you tell literally everyone in the world where you are" instead of "person makes creepy app".
It isn't bigotry to be sensitive to the sensibilities of people who already work for you, and reject a newcomer who'd destroy the existing balance. It is bigotry to yell "BIGOT" when an employer can see that someone won't fit in.
I think you're just trying to defend bigotry by institutionalizing it. If someone can't get along with someone for the sole reason of skin color, then the problem is that person and they need to go. You can call not hiring black people "not upsetting the existing balance" if you like, but nobody is really fooled by that. That's just simple racism. If you're really saying "Gee... I think he wouldn't really fit in" when someone in the company doesn't like someone because of a protected class (sex, national origin, race, religion, and sometimes sexual orientation) you're actually breaking the law. The law doesn't really give a shit about your balance, nor should it.
If you REALLY want to avoid this situation, I'd suggest not hiring Archie Bunker in the first place. It's perfectly legal to discriminate on the basis of douche-baggery. Douche bags can be fired at will. In fact, your company is actually liable for workplace harassment suits if 'old Arch starts harassing people based on a protected class. Don't believe me? Ask Herman Caine about workplace harassment.
The project is obviously about historic preservation, not science. Think it might be interesting to have the Nina, Pinta, and Santa Maria on display in a museum somewhere? How about the tools used to create the pyramids?
Contrary to what many individuals think, not everybody on Slashdot went to college for a computer-related degree.
I don't know where you got this idea, but in my experience with IT there's actually more people without computer related degrees than with.
Whether you get a computer science degree is really entirely up to your own interests, and economic circumstances. It'll certainly help you, but it's not required. The people I see without degrees are (very generally) less knowledgeable about the field than those with degrees. There's many exceptions, and there's no reason you can't learn everything on your own without formal schooling. Not everyone is a good candidate for self learning, so that's why I suspect the degree holders have an edge (as a group) over the non-degree holders. You sound like you're relatively good at self learning, so this likely doesn't apply to you.
So should you get the degree? Nobody can answer that but you. I will tell you that you don't really need it to get a job. It'll help you a little in starting out at a better job, but after that it doesn't matter terribly much after a few years. If you like school, or have the money (rich parents?), or don't mind more debt, then more school might be a good idea. If you're tired of accumulating more debt, can't afford it, or are tired of college, then I'd encourage you to find a job in IT.
Yup. I've done exactly the same thing, and also switched to Mint. As of the latest release, Unity became the only UI supported without having to hack the shit out of the thing. I gave up, and I'm not going back. I tried unity for a while, but decided it was a terrible UI for a desktop. Linux Mint seems a good alternative, so why not?
So goodbye Ubuntu, it's been a good 6 years or so, but this is where I get off the bus. I really great improvement over Redhat many years ago, but if it's Unity or the Highway, then the highway is an easy choice.
just about all of them believed in evolution AND creationism (that's correct, they're not mutually exclusive, bible says why and evolution says how).
Umm.. No. That's not creationism. Creationism states that the earth is 6000 years old, and Yahweh created man out of clay. What your friends believe is simply some sugar piled on top of evolution to make it go down a little easer. Perhaps what you're getting at is that religion and evolution aren't mutually exclusive? Because creationism (the real creationism that creationists want people to believe) is most certainly mutually exclusive with evolution. That's by design by the creationists.
In addition, most I know believe the world is warming. So let's please stop stereotyping people by political party.
Except that when you do actual surveys, Republicans come out far and above against believing that global warming is caused by humans. You're correct that NOT EVERYONE falls into these definitions. But the reality is that there's one party that's really taken very hard line stances as a group against global warming, and is very very skitish about evolution. That party if the Republican party. Several months ago all the Republican candidates for president (with the possible exception of one, I don't perfectly recall) came out in one of the debates against global warming as human caused. So tell me again why I shouldn't look at the Republican party as anti-science?
Some of us are insane enough to think there's a big difference between someone leaving a 200K house to his kids. and someone leaving 2 billion dollars in stock to his kids. The situation doesn't simply scale up.
What you have assumed is that the value of this software is worth more than the lives of the people
who depend on it.
Where do people get such weird, binary ideas? Why do you believe the only way to protect the public is releasing source code, and furthermore that NOT releasing source code is a direct valuation of code vs lives? Isn't possible there's much better ways to ensure these devices are safe? I just don't agree that safety and source release are a zero sum game.
It may be difficult for you, but reading software is actually quite easy for many
people.
You're thinking on too granular of a level. I can read source code. I've done software development for over a decade now. The ability to read source code, and understanding the use case and what constitutes a bug are two entirely different things. I'm sure anyone could find some trivial buffer overflows in source code, but how many are going to be able to understand the critical pieces of code that determine if you need to send the patient a shock or not? Very, very few.
It may never be know how many pacemaker faults could have been avoided with full software reviews.
There's an infinity of things that will never be known. There's an infinity of things that if we knew the answers, we could save lives. The resources we have are always finite. So the question is always "which thing do we devote resources to to do the most good?". It's not "we should find out everything we can about everything". Your statement is merely trying to dredge up fear of the unknown, which is already infinite.
No, I'm saying they should use a mode of communication that requires you to be within a few inches of the patients chest, like say the magnetic communication that's been used in pacemaker/defibs for many, many years. If someone puts a weird device up to your chest to hack into your pacemaker/defib, you're going to notice it.
Doing this via wi-fi from tens of feet away is idiotic and negligent. (I have no idea if this is possible, but I hope to god not).
Why the heck would someone put a real time clock into a pacemaker?
Obviously so you can correlate a patients symptoms and or activity with the monitoring built into the pacemaker/defibrillator. These devices aren't just simple, dumb pacemakers anymore, and havent been for many years. My father has had one of these devices for nearly a decade now, and several times has been worried about what he thought were jolts from the defib. (They turned ot to be not a jolt from the defib thankfully). These devices have had the capability of storing event data from any arrythmias they detect, and any debrillations it administers.
It's an obvious use case that you'd want to know WHEN the arrythmia or defib occoured to be able to diagnose what caused it.
Someone made a white paper saying "OMG the pump uses RF Signals! Someone could do something with that!"
It's a little bit more than that. The lawyer was wrong about the wi-fi, it's a proprietary protocol. But from the abstract the hack was quite a bit more than writing a white paper and mentioning the device uses RF. I found the abstract from Defcon, which reveals some more details: