[nycbug-talk] interesting read

[Bob Ippolito]

On May 22, 2005, at 10:14 AM, Marc Spitzer wrote:

> On 5/22/05, Bob Ippolito <bob at redivi.com> wrote:
>
>>
>> On May 22, 2005, at 8:16 AM, Marc Spitzer wrote:
>>
>>
>>> On 5/21/05, Bob Ippolito <bob at redivi.com> wrote:
>>>
>>>
>>>>
>>>> On May 21, 2005, at 11:28 AM, alex at pilosoft.com wrote:
>>>>
>>>>
>>>>
>>>>> On Sat, 21 May 2005, Bob Ippolito wrote:
>>>>>
>>>>>
>>>>>>>> Let's keep in mind that the trustworthiness of a life-critical
>>>>>>>> application has everything to do with how that program was
>>>>>>>> written
>>>>>>>> and absolutely nothing to do with the license under which it  
>>>>>>>> was
>>>>>>>> released.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>> Okay. Back to original question. What is the benefit for you  
>>>>>>> to be
>>>>>>> able to recompile source code for your pacemaker?
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>> Independent audits.
>>>>>>
>>>>>>
>>>>>>
>>>>> Orthogonal to open source.
>>>>>
>>>>>
>>>>
>>>> I don't know where you learned the word orthogonal, but that's
>>>> certainly not what it meant in my math classes.  Open source  
>>>> implies
>>>> that audits are possible, so they're not statistically independent.
>>>>
>>>>
>>>
>>> I have to go with Alex on this one, to audit the code you would
>>> need to know:
>>>
>>
>> So, because audits are difficult, you agree with an incorrect usage
>> of a word?
>
> He did not use audit incorrectly, audit has nothing to do with the
> right to have unrestricted rights to distribute code.  And that
> redistribution right, in some cases compulsion,  is what is the core
> defining characteristic of open source.  audit is just a secondary
> effect nothing more of open source.
>
> And as far as I know the use of orthogonal in regular speech means
> unrelated to.  Orthogonal in math can and does depend on the type of
> math you are studding.  But I do not think that Alex meant to say
> "normal to the tangent plane of the surface" where the surface in
> question is of N dimensions and the tangent "plane" is of N-1
> dimensions and the normal is N-2 dimensions, think sphere-> plane->
> ray as that would make absolutely no seance out of a few specific
> areas of math, sold euclidean geometry and calc come to mind.

If A implies the possibility of B, in what universe are they unrelated?

>>> 1: enough about how the heart works to comment on design decisions,
>>> optimizing for speed where needed and space everywhere else.
>>>
>>> 2: know the hardware and software *very* well and these are, I would
>>> think, all fairly to very custom embedded systems, for example X is
>>> stupid in C but great in forth.
>>>
>>
>> I said *possible*, not easy, cheap, or generally accessible.  Nowhere
>> in this thread did I ever say that open source is inherently a better
>> solution, but it does inherently have a way to measure its worth
>> because the source is available.  Finding a person qualified to
>> perform that measurement is another story.
>>
>
> No it is not, with out *that person* the rest is a complete wash.

And unless air is breathable, we'll all die!  OH NO!

>> Again, I never said that a closed source solution can't have this
>> either, only that open source implies that this is available.
>>
>>
>>> And you would need to accept the fact you might just get sued out of
>>> existence for your opinion.  Think about it someone dies and a  
>>> lawyer
>>> smells money so he decided to sue all involved because it costs him
>>> nothing to add you to the suit.  Now you need a good lawyer for a  
>>> long
>>> time and they want cash generally.
>>>
>>
>> Open source solutions probably fare better here (for the auditor),
>> because the license implies redistribution rights for the code.
>>
>
> go talk to a lawyer about this, here is the scenario
>
> 1: you make a comment on how to improve bubas open source pacemaker
> development kit, or even provide a patch
>
> 2: after that some people die with bubas kit in there chest
>
> 3: lawyer sues for damages, claims bubas kit was defective
>
> 4: add you to the list because he can for free.  You were involved  
> after all.
>
> Now you need a lawyer, good ones are $400+/hr and bad ones cost more.
> And they like cash up front, retainer.

You can sue or be sued at any time for any reason.  So what?

>>> ike,
>>>
>>> even if it is in python you are not qualified to have an opinion  
>>> about
>>> the code that runs your granddads heart.
>>>
>>
>> Well there is a species of "obvious" bugs that you can find without
>> knowing the hardware and software very well.  If you perform a naive
>> audit of the code and find one or more examples of these, I'd get
>> that solution the hell away from anyone I care about.
>>
>
> This is a remarkably ignorant thing to say.  Do you have any idea how
> much testing the FDA *REQUIRES* for battery operated devices implanted
> to run the heart???  Also think about what the companies that develop
> these devices are required to do by there lawyers and insurance
> companies as far as testing goes to minimize liability.  They *KNOW*
> they will be sued and act accordingly, that is a big part of why
> medicine is so expensive.

Yes, of course!  Expensive software MUST be bug free.  Space shuttles  
don't crash, nuclear reactors don't fail, ...

I didn't say it was a likely scenario, I said it exists, and if you  
did your research you'd find that such things have happened in the past.

-bob