SFLC Wants To Avoid Death by Code 247
foregather writes "The Software Freedom Law Center has released some independent research on the safety of software close to our hearts: that inside of implantable medical devices like pacemakers and insulin pumps. It turns out that nobody is minding the store at the regulatory level and patients and doctors are blocked from examining the source code keeping them alive. From the article: 'The Food and Drug Administration (FDA) is responsible for evaluating the risks of new devices and monitoring the safety and efficacy of those currently on market. However, the agency is unlikely to scrutinize the software operating on devices during any phase of the regulatory process unless a model that has already been surgically implanted repeatedly malfunctions or is recalled. ... Despite the crucial importance of these devices and the absence of comprehensive federal oversight, medical device software is considered the exclusive property of its manufacturers, meaning neither patients nor their doctors are permitted to access their IMD's source code or test its security.'"
Stay away from Windows CE (Score:4, Funny)
One of the July 2010 updates bluescreened my 81-year-old dad.
The hospital backed out the update but they had to reboot him in safe mode and go up the back door.
Someone needs to write a country music song.... (Score:2, Funny)
Re:So what (Score:1, Funny)
The source code in most medical devices like pacemakers is almost meaningless without a complete description of the custom hardware that runs it. Although this whole discussion is pointless since no company that bothers to go through the process of making an implantable (and FDA approved) medical device is going to give you any detailed information about the hardware or software (at least not until it's been obsolete for a few decades).
As for ownership, the device belongs to you once it's implanted, but it's the warranty that matters. Most devices interface external equipment and strict operating procedures that your Doctor or a Field Engineer is trained to use. Access or manipulate the device in a way outside of the approved method may disable therapy (usually the response to most error) or at worst brick your device. Do you really want to try hacking something that you need to live as it's keeping you alive?
Disclaimer
IDHFIMD = I design hardware for implantable medical devices
Proprietary pacemaker code excerpt (Score:5, Funny)
for(i = 0; i < max_int;i++){
sleep(1);
beat_heart();
}
// printf("hi!!!!!\n")
Open Source pacemakers (Score:1, Funny)
Sure, go ahead, implant one in your chest.
They'd be an awesome life. Knowing the device in your chest is buggy and will have 'updates' released every time the developer makes a commit to the revision control system. Knowing that your entire life depends on a guy who is doing it because he can shout 'OMG FOSS FOR LIFE FUCK THE MAN I'M SAVING THE WORLD'.
Knowing your life depends on developers who only care about the code they write and how it fits their needs.
You'll have 45 buttons on your pacemaker that let you control all the different ways you can stimulate and control your heart. Most of them will return 'not yet implemented', 3 of them will result in a core dump of pacemakerd, 10 of them a PANIC reboot, another 2 cause it to just go silent and halt, and the developer threw in an Easter egg that makes you piss your pants if you hear a penguin.
If you're lucky, you'll get a group of devs that doesn't have 2 or 3 in it that throw temper tantrums on semi-regular basis and threaten to fork it while not putting any effort into the project.
And to top it ALL off, If you complain to anyone about it, the response you'll get is:
You have the source, fix it yourself.
Let me tell you how quick I would be to jump on that train. To tie my life to someone who really doesn't get affected in anyway when his/her software kills me and has no real reason to put any effort into ensuring it doesn't.
The OSS world still doesn't get why companies avoid OSS software, what the fuck makes you think anyone with a 3rd of a brain wants their life to depend on OSS.
I use OSS constantly, there are some great accomplishments. Large portions of my life depend on OSS, but you will probably never find OSS in controlling any thing that my actual life depends on.
I prefer to live, not prove how awesome OSS isn't for every situation.
OPEN SOURCE IS NOT INHERENTLY BETTER, STOP PRETENDING IT IS. You guys REALLY need some perspective. Or just stop letting timothy have access to post to the front page.
Re:Same as in the pilot seat (Score:3, Funny)
Oh, so because a few employees within a company (and maybe a closely related partner) have looked over the source, it's "peer reviewed"? Peer review means that EVERYONE can examine the source, including people you have never met nor have even heard their names. It means that people you absolutely hate can review your source, not just a few of your employees that have no qualms about lying and saying it's all good just to keep their jobs.
In other words, your source code has had as much legitimate peer review as my dick has, and since I'm a Slashdotter, any claims of sexual activity on my part are instantly dubious by that simple fact alone.
Re:Same as in the pilot seat (Score:3, Funny)
That puts the testing quality roughly somewhere between most video games and Windows.