[nycbug-talk] interesting read

Marc Spitzer mspitzer
Sun May 22 13:14:14 EDT 2005 

On 5/22/05, Bob Ippolito <bob at redivi.com> wrote:
> 
> On May 22, 2005, at 8:16 AM, Marc Spitzer wrote:
> 
> > On 5/21/05, Bob Ippolito <bob at redivi.com> wrote:
> >
> >>
> >> On May 21, 2005, at 11:28 AM, alex at pilosoft.com wrote:
> >>
> >>
> >>> On Sat, 21 May 2005, Bob Ippolito wrote:
> >>>
> >>>>>> Let's keep in mind that the trustworthiness of a life-critical
> >>>>>> application has everything to do with how that program was
> >>>>>> written
> >>>>>> and absolutely nothing to do with the license under which it was
> >>>>>> released.
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>> Okay. Back to original question. What is the benefit for you to be
> >>>>> able to recompile source code for your pacemaker?
> >>>>>
> >>>>>
> >>>>
> >>>> Independent audits.
> >>>>
> >>>>
> >>> Orthogonal to open source.
> >>>
> >>
> >> I don't know where you learned the word orthogonal, but that's
> >> certainly not what it meant in my math classes.  Open source implies
> >> that audits are possible, so they're not statistically independent.
> >>
> >
> > I have to go with Alex on this one, to audit the code you would
> > need to know:
> 
> So, because audits are difficult, you agree with an incorrect usage
> of a word?

He did not use audit incorrectly, audit has nothing to do with the
right to have unrestricted rights to distribute code.  And that
redistribution right, in some cases compulsion,  is what is the core
defining characteristic of open source.  audit is just a secondary
effect nothing more of open source.

And as far as I know the use of orthogonal in regular speech means
unrelated to.  Orthogonal in math can and does depend on the type of
math you are studding.  But I do not think that Alex meant to say
"normal to the tangent plane of the surface" where the surface in
question is of N dimensions and the tangent "plane" is of N-1
dimensions and the normal is N-2 dimensions, think sphere-> plane->
ray as that would make absolutely no seance out of a few specific
areas of math, sold euclidean geometry and calc come to mind.


> 
> > 1: enough about how the heart works to comment on design decisions,
> > optimizing for speed where needed and space everywhere else.
> >
> > 2: know the hardware and software *very* well and these are, I would
> > think, all fairly to very custom embedded systems, for example X is
> > stupid in C but great in forth.
> 
> I said *possible*, not easy, cheap, or generally accessible.  Nowhere
> in this thread did I ever say that open source is inherently a better
> solution, but it does inherently have a way to measure its worth
> because the source is available.  Finding a person qualified to
> perform that measurement is another story.

No it is not, with out *that person* the rest is a complete wash.  

> 
> Again, I never said that a closed source solution can't have this
> either, only that open source implies that this is available.
> 
> > And you would need to accept the fact you might just get sued out of
> > existence for your opinion.  Think about it someone dies and a lawyer
> > smells money so he decided to sue all involved because it costs him
> > nothing to add you to the suit.  Now you need a good lawyer for a long
> > time and they want cash generally.
> 
> Open source solutions probably fare better here (for the auditor),
> because the license implies redistribution rights for the code.

go talk to a lawyer about this, here is the scenario

1: you make a comment on how to improve bubas open source pacemaker
development kit, or even provide a patch

2: after that some people die with bubas kit in there chest

3: lawyer sues for damages, claims bubas kit was defective

4: add you to the list because he can for free.  You were involved after all.

Now you need a lawyer, good ones are $400+/hr and bad ones cost more. 
And they like cash up front, retainer.

> 
> > ike,
> >
> > even if it is in python you are not qualified to have an opinion about
> > the code that runs your granddads heart.
> 
> Well there is a species of "obvious" bugs that you can find without
> knowing the hardware and software very well.  If you perform a naive
> audit of the code and find one or more examples of these, I'd get
> that solution the hell away from anyone I care about.

This is a remarkably ignorant thing to say.  Do you have any idea how
much testing the FDA *REQUIRES* for battery operated devices implanted
to run the heart???  Also think about what the companies that develop
these devices are required to do by there lawyers and insurance
companies as far as testing goes to minimize liability.  They *KNOW*
they will be sued and act accordingly, that is a big part of why
medicine is so expensive.


marc

> 
> -bob
> 
>

More information about the talk mailing list