this post was submitted on 04 Nov 2023
147 points (97.4% liked)

Technology

34423 readers
182 users here now

This is the official technology community of Lemmy.ml for all news related to creation and use of technology, and to facilitate civil, meaningful discussion around it.

Ask in DM before posting product reviews or ads. All such posts otherwise are subject to removal.

Rules:

1: All Lemmy rules apply

2: Do not post low effort posts

3: NEVER post naziped*gore stuff

4: Always post article URLs or their archived version URLs as sources, NOT screenshots. Help the blind users.

5: personal rants of Big Tech CEOs like Elon Musk are unwelcome (does not include posts about their companies affecting wide range of people)

6: no advertisement posts unless verified as legitimate and non-exploitative/non-consumerist

7: crypto related posts, unless essential, are disallowed

founded 5 years ago
MODERATORS
[email protected]
147
Software that supports your body should always respect your freedom (www.fsf.org)
submitted 10 months ago by [email protected] to c/[email protected]
22 comments fedilink hide all child comments
 

Software that controls your body should always respect your freedom. This article is a recap of scandals of medical devices, like hearing aids, insulin pumps, bionic eyes, and pacemakers, and what we can learn from them. It's astonishing: you wouldn't expect these devices to be run by software in such a way that they can leave you completely helpless.

top 22 comments
sorted by: hot top controversial new old
[–] [email protected] 37 points 10 months ago (2 children)

It should also respect your PRIVACY! There are numerous articles about CPAP machines transmitting your data to not only your doctor but also your insurance company, WITHOUT your consent. Possibly your employer as well. If your insurance company decides you're "not complying" and using your CPAP machine enough, they'll take it away from you. Your employer could fire you.

Having a sleep apnea diagnosis can also limit you from certain jobs, and can make it harder to get life insurance. In some ways it feels like you're not a free man anymore.

[–] [email protected] 13 points 10 months ago (2 children)

Why are they even connected to the internet?

[–] [email protected] 1 points 10 months ago

The same question applies to cars, refrigerators, AC, thermostats, TV (aside from multimedia streams), washing machines, sex toys, regular toys, house locks, fan controllers, tooth brushes, toasters, microwaves, water heaters, stoves, ovens, trimmers, shavers, watches, ...

[–] [email protected] 1 points 10 months ago

Providing information for your care providers to act on it. At least that's why I would WANT to have it. Is it being effectivly used like that though? I have no idea.

[–] [email protected] 3 points 10 months ago

Privacy is a natural consequence of freedom that FSF is talking about. Their stance is that any computing device under your ownership should do everything you want it to, and only what you want it to.

[–] [email protected] 5 points 10 months ago (4 children)

I can't with this article... there's a very legitimate argument to be made here, but instead they are whining that stuff stopped working after an iOS update. If you're running something life-critical you do not install every single update the moment it comes out.

[–] [email protected] 18 points 10 months ago (2 children)

I couldn't disagree more with you. If you are running something REAL life critical the moment there is a patch you install it and deploy as fast as possible. And if it contains any severe patch it is even the vendor who recalls all the equipment with service bulletin and advisory letters.

With life critical you don't wait the bug to appear because It maybe too late to avoid deadly consequences.

[–] [email protected] 10 points 10 months ago (2 children)

No. If you're working with life-critical systems, you only apply patches that are relevant to you. For example, an implantable insulin pump with Bluetooth capability. If there's a patch that changes the Bluetooth functionality, but you don't use that functionality, there's no point in applying the patch.

[–] [email protected] 0 points 10 months ago (1 children)

Oh yes, why would I apply a security patch for Bluetooth which I don't even use, on my life-supporting device which someone else could connect to via Bluetooth without me knowing or noticing?

What you are saying is far from reality. Most patches only state vague stuff like "security" or "Bluetooth".
How would you know, what those mean? Bluetooth could be "Hey, you can now monitor even more with your app" or "fixed some big holes in the chips security which made it hack able via Bluetooth".

[–] [email protected] 3 points 10 months ago (1 children)

You say it's far from reality, but I'm speaking from experience. I was responsible for maritime life safety systems. When those systems were implemented, they were tested and qualified for use. It didn't matter how many updates came out, if they weren't qualified, they didn't get deployed. If I had deployed an update that hadn't been qualified, it would have put lives at risk, such as by causing issues with ship detection or man overboard alerts not going off.

If you want to get really into it, like the systems that run aircraft and nuclear reactors, look up formal verification.

[–] [email protected] 2 points 10 months ago

Okay,so you are talking professional equipment with software patches to be applied by professionals.

The article (and also the comments as I understood them) was about end users updating software themselves. Those are two very different things.

Yes, we also only update needed patches on systems we handle, but as an end user I do not check all updates that I apply on my private PC.
Why would I?

[–] [email protected] -1 points 10 months ago

Yes you do,

Configuration control is a max in this world and you don't have the control/ability/power to decide which patches go in or stay out. The vendor, the person who has all the power and knowledge, is the one who decides.

You can loose all your certifications or being held liable for any problem due to that policy.

Not even red hat (certainly not a life critical system) allows a different level of patches/state out of their approved ones

[–] [email protected] 3 points 10 months ago

Then we disagree. Think about it, you're patching the OS so what you now have is an untested configuration, and you've replaced a working system to get there, on the theory that you might be preventing an unknown bug in the future.

In one instance the vendor even explicitly recommends disabling OS updates until they have tested them.

[–] [email protected] 6 points 10 months ago (1 children)

Keeping a life critical device up to date sounds necessary, to the contrary.

[–] [email protected] 3 points 10 months ago (1 children)

Not if the existing software functions properly. If there's a fix in it you need then sure, once the vendor has tested and approved it you should migrate.

[–] [email protected] 5 points 10 months ago (1 children)

Depends if it is internet enabled (which most are now a days). If that patch is for a 0fay exploit I don't want ransomeware for pacemakers.

[–] [email protected] 1 points 10 months ago

I think you're making a good case against an Internet enabled pacemaker ;-)

[–] [email protected] 6 points 10 months ago (1 children)

There's a reason why Google and Apple let developers test out pre-release versions of their OSes months before the release. Companies which don't test their apps out to prepare for new versions are at fault, nothing else.

[–] [email protected] 1 points 10 months ago

I agree wholeheartedly, alas we live in an imperfect world. It sounds like you've waited for an update or two that took longer than expected.

I'm not arguing that the source code shouldn't be made public. If someone posses the right skills they should definitely be able to take full control over the devices they depend on to keep them alive. It's a invasive feeling knowing you depend on a gizmo to not die.

The author of this article is glossing over a lot of steps by implying that open sourcing the apps and firmware is a fix for delays in app store approval or other common problems that are inherent in the software/hardware ecosystem. It not really a flawed argument, it's just not what I would've lead with.

[–] [email protected] 0 points 10 months ago* (last edited 10 months ago) (1 children)

I ran an iPhone for many years and never updated anything at all. The apps were updated automatically.

Edit: Ah, you're talking about an iOS update. Forgive my lack of reading comprehension. Apps that have been automatically updated have been known to stop working, however.

[–] [email protected] 0 points 10 months ago (1 children)

No worries. I clearly should have articulated my point better. I'm always worried about over explaining or sounding pendantic.

[–] [email protected] 1 points 10 months ago

I’m always worried about over explaining or sounding pendantic.

That makes two of us :)