[nycbug-talk] interesting read (old pacemaker thread)

George Rosamond george at ceetonetechnology.com
Wed Aug 31 15:04:05 EDT 2011

On 08/31/11 14:25, Edward Capriolo wrote:
> On Wed, Aug 31, 2011 at 1:49 PM, Mark Saad<mark.saad at ymail.com>  wrote:
>> On Mon, Aug 29, 2011 at 9:46 AM, Isaac Levy<ike at blackskyresearch.net>
>> wrote:
>>> On Aug 29, 2011, at 9:31 AM, Chris Snyder wrote:
>>>> On Mon, Aug 29, 2011 at 9:08 AM, Isaac Levy<ike at blackskyresearch.net>
>> wrote:
>>>>> "Earlier this month, Jay Radcliffe, a computer security professional
>> who is also diabetic, showed how an attacker could remotely control insulin
>> pumps to deliver too much or too little insulin to the individual wearing
>> the device."
>>>>> http://www.wired.com/threatlevel/2011/08/medical-device-security/
>>>>> Rocket-
>>>>> .ike
>>>> Wow. That really pisses me off.
>>> Indeed.
>>>> As in, everyone responsible for that product should be publicly
>>>> humiliated and prevented from ever working on medical devices again.
>>>> And how did it get licensed for use?
>>> Not sure if this is a pleasing response, but:
>>> "I wasn't scared, but I was up there looking around, I realised that I
>> was sitting on a rocket with six thousand components, every one built by the
>> low bidder."
>>> - Alan Shepard, First American to go to Space
>>> Rocket-
>>> .ike
>>> _______________________________________________
>>> talk mailing list
>>> talk at lists.nycbug.org
>>> http://lists.nycbug.org/mailman/listinfo/talk
>> My wife who is a diabetic heard about this and first said "why would
>> he do that , now nothing will get approved by the FDA" . However she
>> was looking into how she could listen to her wireless glucose monitor
>> to have a desktop application that would show here count on the
>> computer she was working at.  My take on this is that the FDA should
>> publish a RFC for wireless device communications and design a nice
>> strict protocol for communications . The big issue I see here is each
>> dumb pharma company wants to copyright their product to make the most
>> money on their work. If they do a crap job no one will know they keep
>> all of their work closed and private. With the network they use open
>> and well designed and freely licensable  , big pharma can concentrate
>> on the nuts and bolts , the the over all quality of the mechanical
>> parts in the devices, and the software.
>> --
>> Mark Saad | mark.saad at ymail.com
>> _______________________________________________
>> talk mailing list
>> talk at lists.nycbug.org
>> http://lists.nycbug.org/mailman/listinfo/talk
> When I get older I will probably be on wiki's and php BB for tips on
> over-clocking my pacemaker :)
> I feel that the consumer should not be able to demand a product to open
> source. This topic boggles my mind. I do believe open source make the best
> code, but I saw an apache/BSD licence on a pacemaker with that no warranty
> clause. I might opt for closed source. Also the domain specific knowledge of
> such a product is so large getting critical mass for an open source project
> seems difficult.

I disagree Ed.

If you're talking about a bunch of crappy developers that populate a lot 
of open source projects today, then who wouldn't opt for closed source, 
so at least your family has someone to sue after you die.

I don't think many of us could grasp the world of open source applied to 
things other than our realm of software.

I think of the old reality in electronics when people got comprehensive 
schematics and parts were accessible.  It trained an enormous layer of 
people to tinker and troubleshoot, and put them in control.  And you 
could still due the manufacturers :)

That died out hard and fast for a variety of reasons.

Now imagine that pacemaker was available on some easy wiki, and a close 
family member was on it. . .

The eyeballs argument about open source security gets a bit distorted 
today.  It's meant for a narrow layer of people and only few of actually 
look at the code.

But in other realms I think the context could change drastically. 
Broadening out the layer of 'tinkerers' on the product would be of huge 

Not that I would trust most of you with my pacemaker. . .

I posted this a long while back, but think it has some relevance.  It's 
an article from the BLS about open source development of the airplane 



> I do like your point about designing parts of the wireless protocol around
> RFC.
> http://www.wired.com/threatlevel/2011/08/medical-device-security/<- This
> makes me think of sandra bullock and the net. My general perception is that
> the world is lax on computer security, then again this is just as true
> outside of computers. We all say things like "a real care thief can defeat
> this alarm" and most door locks can be foiled with a credit card. Can we
> hold medical devices to some higher standard when most of our non-technical
> friends will turn off their writeless-routers wap and security features just
> to make life that much easier?

More information about the talk mailing list