[nycbug-talk] interesting read

Jay Savage daggerquill
Sun May 22 17:43:53 EDT 2005


On 5/22/05, Marc Spitzer <mspitzer at gmail.com> wrote:
> On 5/22/05, pete wright <nomadlogic at gmail.com> wrote:
> > On 5/21/05, George R. <george at sddi.net> wrote:
> > > alex at pilosoft.com wrote:
> >
> > > >
> > > > Finally someone who doesn't have knee-jerk reaction "open source good,
> > > > proprietary bad". I'm somewhat surprised to response from this list
> > > > regarding my comment about open-source/healthcare - I'd expect that much
> > > > flame if it was nylxs, not nycbug ;)
> > >
> > > I'm not Mr. S., and none of us are knee-jerk RMS- (the other 'S' guy)
> > > types.  I think you're well aware of that. . .
> > >
> > > But I think in most of our minds, what we'd assume about medical
> > > software is what we'd also take from our buddy Mr. S (chneier) on the
> > > topic for cryptographic algorithms.  Peer review is better for critical
> > > applications.  Lots of authorities reviwing the code would be good.
> > >
> >
> > Is this the article you are referring to:
> >
> > http://www.schneier.com/crypto-gram-9909.html
> >
> > seems to make sense to me, in cryptography or any field really.  IMO
> > the open source methodology is akin to the scientific method.  Peer
> > review of open, reproducable methodology.  Dunno, it just seems like a
> > logical way of going about things in any field.  Although I'm probably
> > one of those zealots eh ;p
> >
> 
> I will grant you it makes sence in certen problem domains.  The real
> question is does it make sence in this one, pacemakers or what ever.
> I do not think it makes sence in this case because we are *not*
> talking about a public standard but a small embeded system designed to
> keep people alive by a for profit company.  And as I have said before
> there is the whole liability thing to be aware of, you may not want to
> get involved to risk your house and retirment/kids college fund.
> 
> marc

This is a pretty silly argument.  Do FreeBSD developers worry about
getting sued if an a big Web hosting company (e.g. pair comes to mind)
gets sued by a customer for not meeting availablity guarantees?  No. 
because one thing any decent license says, among other things, is "by
using this software, you agree not to sue us if it doesn't work; no
gurantees, etc."  You don't think the risk is acceptable for you. 
Fine.  But that doesn't speak against the value of opensoure projects
and methodologies.  Let's rephrase the question this way: if you had
to trust your life to software designed by a team led by Henning
Brauer and audited by a wide community of programmers before being
subjected to an FDA review that included some great clinical trial,
but no real investigation of the technology, or software developed
under the direction of a project manager under pressure to meet
deadlines, before being subjected to the same FDA review, which would
you choose?  Fortunately, the clinical review process will find any
major bugs, but I'd still rather know that the software was designed
with sound principles in the first place, before the FDA even saw it.

I think that the use of opensource here may be misleading, and where
the discussion has derailed.  What's at stake isn't liscencing per se,
but the relative merits of the "cathedral vs. the bazaar" as
philosophies/methodologies for creating software.  No, simply
releasing something under the BSd liscence or the GPL doesn't make it
better.  But where there is sustained community interest,
community-based programming tends to produce better results.

The pacemaker argument is a bit disingenuous, though.  The post was
about healthcare IT, and since the author is involved with
jsyncmanager, etc., I read that as infrastructure.  So the real
question is: when you walk into an emergency room and the workstations
at the nurses station are running Windows 95, does that give you a
great feeling of confidence?  When the screens above the station
showing the EKG output from various beds are XP desktops with
consipcuous blank spots and windows that say "this program has
committed a sharing violation", is that a good thing?  I've had both
happen in the past six months, and the answer in both cases is "no". 
I don't want the workstation where the doctor is looking at my medical
records to suddenly display BSOD.  I don't want it to have a kernel
panic, either, but which is more likely?

This might be an interesting discussion to continue after the June
meeting, but I think there's a lot of room for opensource software in
healthcare, as everywhere else.

--jay

-----
daggerquill [at] gmial [dot] com
http://www.engatiki.org




More information about the talk mailing list