SoylentNews is people
SoylentNews
Karen Sandler of the Software Freedom Conservancy delivered a keynote presentation last week at linux.conf.au 2018 (LCA) in Sydney, Australia. Specifically she spoke about her multi-year odyssey to try to gain access to the source code for the pacemaker attached to her heart and upon which her life currently depends. Non-free software is having an increasingly (negative) impact on society as people entrust more of their lives to it. That software is found in an increasing number of places, both high and low, as all kinds of devices start to run fully networked microcomputers.
In her first LCA keynote 6 years ago, Karen first told the people of LCA about her heart condition and the defibrillator that she needed to have implanted. This year she described her continued quest to receive the source code for the software running in her defibrillator, and how far she has been able to get in obtaining the source code that she's been requesting for over a decade now.
Source : Karen Sandler Delivered Keynote at Linux.conf.au
(Score: 2) by JoeMerchant on Sunday February 04 2018, @01:46AM (1 child)
I think you're even stretching it a bit there... I know that implantable devices are programmable by the office of the specialist who put it in and does followup, but... EMTs, ERs, even general hospital wards - I think you're smoking crack if you think any of those places would begin to try to access the programmable functions of an implant.
As for wifi or bluetooth access - there's a problem with 2.4GHz penetrating flesh, so, no... that's not likely, ever. There are some near body wireless standards that have come into practice in the last 10 years, and bedside devices can bridge from those to wifi, or internet, or whatever - so there's your nightmare scenario, but if you just switch off the bedside device when not in use, that's a big step toward security right there.
Bottom line is: millions of people have had these things for dozens of years, and nobody has been hacked dead (that we know of) yet, so the system as it is is working - even with its flaws and incongruities with accepted cybersecurity practices in other areas. Room for improvement? Absolutely - my first day at the implant company I raised a stink about their wireless comm 8 bit checksum - some professional witness type blew a line of BS at me about the billions of years it would take for an accidental programming event to happen, I blew back in his face about 30,000 devices in the field and with any kind of noisy comms you could be having multiple mis-programmings per day, we smiled - dropped it, and worked professionally side by side for about 18 months until one day we were called into a room with the programmer software team - it seems that there had been about a half dozen reports of "painful stim" during programming events, common wisdom was that for every report there were likely 10 more unreported events... so, anyway, somebody who reported one of these painful stim during programming events went missing 24 hours after their appointment, no foul play or device involvement likely, but it was enough to spook leadership into ordering an investigation and later remediation. Investigation found that the painful stim was the result of the programmer being withdrawn from the patient during programming before comms were complete - the 8 bit checksum for full power? 00000000. We found a workaround in the programmer that used a different sequence of commands which were not susceptible to the pull-away problem, and that 8 bit checksum software continued to be implanted in new patients for another ~5 years until the new model with a 16 bit checksum rolled out.
🌻🌻 [google.com]
(Score: 2) by HiThere on Sunday February 04 2018, @06:24AM
I don't know about the hospitals you've visited, but my wife was accessed in the ER more than once, and it was quite necessary that she not wait for being admitted, or worse, appointment with the cardiologist. It would have been a lot better if the EMTs could have read the device and, if nothing else, transmitted it on ahead to the ER. They really need to be able to do that.
As for wireless connection...I was accepting an earlier post that said the current devices had that kind of connection. The only kind I've seen involves placing the reader over the device, and that's the way it should be done. And passwords, etc., are a bad idea.
Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.