[nycbug-talk] interesting read (old pacemaker thread)

Edward Capriolo edlinuxguru at gmail.com
Wed Aug 31 14:25:55 EDT 2011 

On Wed, Aug 31, 2011 at 1:49 PM, Mark Saad <mark.saad at ymail.com> wrote:

> On Mon, Aug 29, 2011 at 9:46 AM, Isaac Levy <ike at blackskyresearch.net>
> wrote:
> > On Aug 29, 2011, at 9:31 AM, Chris Snyder wrote:
> >
> >> On Mon, Aug 29, 2011 at 9:08 AM, Isaac Levy <ike at blackskyresearch.net>
> wrote:
> >>>
> >>> "Earlier this month, Jay Radcliffe, a computer security professional
> who is also diabetic, showed how an attacker could remotely control insulin
> pumps to deliver too much or too little insulin to the individual wearing
> the device."
> >>>
> >>> http://www.wired.com/threatlevel/2011/08/medical-device-security/
> >>>
> >>>
> >>> Rocket-
> >>> .ike
> >>>
> >>
> >> Wow. That really pisses me off.
> >
> > Indeed.
> >
> >>
> >> As in, everyone responsible for that product should be publicly
> >> humiliated and prevented from ever working on medical devices again.
> >> And how did it get licensed for use?
> >
> > Not sure if this is a pleasing response, but:
> > "I wasn't scared, but I was up there looking around, I realised that I
> was sitting on a rocket with six thousand components, every one built by the
> low bidder."
> > - Alan Shepard, First American to go to Space
> >
> > Rocket-
> > .ike
> >
> >
> > _______________________________________________
> > talk mailing list
> > talk at lists.nycbug.org
> > http://lists.nycbug.org/mailman/listinfo/talk
> >
> My wife who is a diabetic heard about this and first said "why would
> he do that , now nothing will get approved by the FDA" . However she
> was looking into how she could listen to her wireless glucose monitor
> to have a desktop application that would show here count on the
> computer she was working at.  My take on this is that the FDA should
> publish a RFC for wireless device communications and design a nice
> strict protocol for communications . The big issue I see here is each
> dumb pharma company wants to copyright their product to make the most
> money on their work. If they do a crap job no one will know they keep
> all of their work closed and private. With the network they use open
> and well designed and freely licensable  , big pharma can concentrate
> on the nuts and bolts , the the over all quality of the mechanical
> parts in the devices, and the software.
>
> --
> Mark Saad | mark.saad at ymail.com
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk
>

When I get older I will probably be on wiki's and php BB for tips on
over-clocking my pacemaker :)

I feel that the consumer should not be able to demand a product to open
source. This topic boggles my mind. I do believe open source make the best
code, but I saw an apache/BSD licence on a pacemaker with that no warranty
clause. I might opt for closed source. Also the domain specific knowledge of
such a product is so large getting critical mass for an open source project
seems difficult.

I do like your point about designing parts of the wireless protocol around
RFC.

http://www.wired.com/threatlevel/2011/08/medical-device-security/ <- This
makes me think of sandra bullock and the net. My general perception is that
the world is lax on computer security, then again this is just as true
outside of computers. We all say things like "a real care thief can defeat
this alarm" and most door locks can be foiled with a credit card. Can we
hold medical devices to some higher standard when most of our non-technical
friends will turn off their writeless-routers wap and security features just
to make life that much easier?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nycbug.org/pipermail/talk/attachments/20110831/ea275c44/attachment.html>

More information about the talk mailing list