[HN Gopher] Software that supports your body should always respe...
___________________________________________________________________
Software that supports your body should always respect your freedom
Author : jlpcsl
Score : 218 points
Date : 2023-11-04 17:26 UTC (5 hours ago)
(HTM) web link (www.fsf.org)
(TXT) w3m dump (www.fsf.org)
| vGPU wrote:
| > users of the proprietary software app LibreLink
|
| Bit of a misnomer.
| throwaway128128 wrote:
| It keeps happening. From the very beginning "free" software has
| been plagued with overloaded language.
| Hackbraten wrote:
| Why? The vendor is free to do whatever it wants with it, right?
| /s
| layer8 wrote:
| OpenAI
| FireBeyond wrote:
| I think the FSF's argument over medical software is quite
| sound, but this point was a little pouty for my liking.
|
| The whole world doesn't revolve around the FSF's definitions of
| free/open/libre, and LibreLink is related to the FreeStyle
| Libre devices, that aim (marketing) at being something "so you
| can get back to the things that matter most".
| mbakke wrote:
| Great article. Real life horror stories of life-critical software
| gore, with some good news at the end.
|
| It should be illegal to sell software that someones life depends
| upon without giving the user the right to inspect and modify the
| code.
| 7e wrote:
| Quality of life critical software should be ensured by FDA
| certification. Homebrew modifications of that software, even in
| the name of "freedom", risks the patient's life and health and
| should be illegal if uncertified.
| hobs wrote:
| To distribute? Sure. To make changes to your out of support
| cyber-eyeball? Nah.
| Kim_Bruning wrote:
| I think this might be a cultural thing.
|
| In some (western) countries, your body is your personal
| private property, and you have the freedom and ultimate
| authority over how to use and abuse it, or anything on or in
| it. (you are still advised to treat your most precious
| property wisely, obviously)
|
| In other (western) countries/subcommunities people feel that
| obligations to your community are stronger.
|
| People from these different cultures can get into some pretty
| hefty discussions when it comes to things like abortion,
| drugs, euthansia, or -here- implants.
| eikenberry wrote:
| So like suicide, drugs and other and other cases where we are
| denied dominion over ourselves for our own good? IE. Your
| life and body are not yours, they belong to society and you
| only get limited access.
| chpatrick wrote:
| Society doesn't have to give you the rope to hang yourself.
| eikenberry wrote:
| I disagree or rather yes, it does have the responsibility
| to provide you a rope. It is up to you whether you hang
| yourself or not.
| worik wrote:
| You are taking the position that an individual "owns"
| themselves
|
| That is not obviously true.
|
| I feel I belong to my family and my community.
| Xymist wrote:
| Your position is not universal, and in fact strongly
| opposed by many. I believe that I have the absolute right
| to edit or terminate my own existence, either on purpose
| or accidentally. To the extent that anyone can own a
| person, people own themselves exclusively.
| zarzavat wrote:
| Serious question, what does the FDA know about software
| quality?
| alistairSH wrote:
| Surely not less than the average consumer.
|
| And surely they could hire experts to do the job.
| hn_acker wrote:
| 1. Compared to the average person in the FDA's population
| of people who are in charge of evaluating the medical
| devices, the average person in the population of people
| who would make fixes and helpful modifications might have
| more expertise in determining the quality of the device's
| normal software.
|
| 2. It's not as if the people who depend on the medical
| devices have to take the word of the community of people
| who will mod the devices over the word of the FDA.
| schiffern wrote:
| > Homebrew modifications of that software, even in the name
| of "freedom", risks the patient's life and health and should
| be illegal if uncertified.
|
| The official modifications of that software -- in the name of
| "profit" -- are _currently_ risking the patient's life and
| health, and therefore should also be illegal by your logic.
|
| Surely you must also support effective (ie harsh/deterrent)
| prosecution and punishment for these crimes as well, correct?
| patmcc wrote:
| >>>should be illegal if uncertified.
|
| I think this is the key part of the comment - yes,
| uncertified changes by _anyone_ could feasibly be illegal.
| The FDA or similar should probably do code reviews.
| Kim_Bruning wrote:
| Looking at corner cases for this:
|
| What if you fix a bug in your own pacemaker? Would it be
| ok to:
|
| a) Fine you?
|
| b) Jail you?
|
| c) Force you to revert the change? (plausibly leading to
| death in an extreme case)
|
| [edit: I do agree that there's a chance that making a
| 'fix' to your own pacemaker might also make it worse. In
| which case, who do we trust more? The person on the
| ground with a stake in the matter (however misinformed),
| or $government_official with no stake in the matter
| (however well informed).
|
| I think it's tricky! ]
| Xymist wrote:
| I don't think that scenario is particularly tricky. If
| you modify someone else's pacemaker, it's a tricky
| question, even with their consent. If you modify your
| own, absolutely nothing should stand in your way beyond a
| nice big notice saying "danger of death,on your head be
| it". That is, you should have the same freedom to screw
| with your own personal medical devices that you have to
| climb out of your own fourth floor window.
|
| People have a right, albeit not enshrined in law, to do
| stupid things that might kill them - at least as long as
| they don't then ask someone else to save them.
| ketzo wrote:
| This is a huge straw man/whataboutism that contributes
| nothing to the discussion.
|
| Yes, bad software modifications are bad and should be
| punished wherever they arise.
|
| Homebrew modifications make it _way_ easier for bad stuff
| to happen, _and_ make it harder to punish.
| worik wrote:
| > bad software modifications are bad and should be
| punished wherever they arise.
|
| That almost never happens. Software sux.
| leghifla wrote:
| In EU (and probably elsewhere), there are strict rules for
| the stability of power wheelchair. One such rule is "On a
| incline of x% (x chosen by the manufacturer), pushing for max
| speed from stop should not lift the front wheels"
|
| To achieve that, the max acceleration must be quite low
| (software controlled), and the whole experience is sluggish,
| like trying to steer a car by pulling on rubber bands
| attached to the wheel.
|
| From the moment I found a way to overcome this, I never went
| back. I know that I can hurt myself if I do something stupid,
| but I prefer this hypothetical risk instead of cursing 100
| times a day because I cannot move how I want. It has been 10
| years and I never got hurt.
|
| I understand that such "high" risk device cannot be sold, but
| forbidding someone to change this is like inflicting a second
| handicap on him.
| Buttons840 wrote:
| I suppose we all have, or should have, the right to try
| stupid things. Sometimes experience and competence are more
| important than 100% safety. Your comment made me realize
| how limiting it would be to be physically incapable of
| taking even the smallest risk.
| hyeonwho22 wrote:
| That is a very poor regulation. Why enforce wheel lift?
| What matters is that the chair doesn't tip over - that the
| center of gravity remains in the center of the four wheels.
| mtlmtlmtlmtl wrote:
| Surely the patient should have the right to risk their own
| life?
| KevinGlass wrote:
| Safetism is a great curse on the world. I cannot disagree
| with you more.
| throwawaysleep wrote:
| So you would prefer it not be developed?
| BobaFloutist wrote:
| The software is clearly not the primary product. While there
| might need to be a carve out or a specific licensing scheme
| developed to protect them from liability in the case of
| modified software, I doubt these companies would experience
| serious financial setbacks if they made their software free
| and open.
|
| And don't tell me that SaaS is an integral part of the
| business model for medical device companies. There's no world
| in which they can't figure out how to turn a profit without
| charging a monthly fee to use your tens of thousands of
| dollars eyeball.
| oconnor663 wrote:
| > The software is clearly not the primary product.
|
| Sure, in this case. But that means that the rule we're
| considering actually needs a big asterisk next to it,
| something like "when the software in question isn't the
| primary product." That sounds like a thorny regulatory
| question, and any answer to that question other than "I
| know it when I see it" probably has big loopholes. This
| might be unnecessary nitpicking on my part if we're just
| shooting the breeze about companies we don't like, but if
| we're actually interested in writing laws, this is a common
| failure mode. Maybe _the_ common failure mode.
|
| On the other hand, "so you would prefer it not be
| developed" is a less-than-entirely-charitable way of making
| this point. Of course @mbakke would _not_ prefer that, and
| it might avoid an unnecessary round of back-and-forth to
| make a reasonable guess about what they would prefer and
| work from there :)
| hcks wrote:
| This is being downvoted yet there's a reason why this types
| of treatments always starts being developed to serve the US
| market initially
| dheera wrote:
| I have an ICD (implanted cardioverter-defibrillator) to save my
| life if my heart stops.
|
| I was also given a proprietary box that sits at home, reads
| data from it and sends it to my cardiologist over a cellular
| network, on demand. As part of periodic remote checkups I'm
| supposed to sit next to it, press the button, which causes it
| to read data and send any abnormal heart rhythms it detected
| (via cellular network), whether it treated it (via a shock, in
| which case I would have known anyway) or whether the abnormal
| rhythm resolved itself with no treatment (in which case it's
| worth it that they check out what it picked up). I have to do
| this about 2-4 times a year.
|
| Every time I hit the button I'm charged $200. Even if there are
| ZERO events. 90%+ of the time there are zero events.
|
| There is NO interface provided to me where I can read the data
| directly. There is no way for me to read the device on my own,
| see zero events, and inform my cardiologist that there are no
| events and that there is nothing new to diagnose.
|
| I hate this medical system. The device is great for saving my
| life but I want access to read its data without being charged.
| subw00f wrote:
| This is nuts. Who charges you? Is it the company that makes
| these devices? What if you want a different "provider"?
| dheera wrote:
| Stanford Healthcare charges me for "general classification"
| just for a nurse to open up their computer and see that
| there are zero events.
|
| Boston Scientific, the device maker, does not have an
| interface for patients, they only send data to hospitals
| directly.
|
| I'm not currently willing to switch to a different ICD
| because Boston Scientific's ICD has successfully saved my
| life 3/3 times in out-of-hospital situations and 2/2 times
| during in-hospital testing where they induced ventricular
| vibrillation in controlled testing and I'd rather not risk
| trying something different. Insurance wouldn't pay for an
| extra surgery deemed unnecessary, anyway.
|
| I could switch healthcare providers, but I'm not sure if
| the others in my area are better at cardiology.
| tredre3 wrote:
| > Stanford Healthcare charges me for "general
| classification" just for a nurse to open up their
| computer and see that there are zero events.
|
| Okay so having access to the data wouldn't change a
| thing, surely you'd be charged even more if you wanted to
| talk directly to the cardiologist to do a report
| yourself, as you said?
|
| > inform my cardiologist that there are no events and
| that there is nothing new to diagnose
| bowsamic wrote:
| That is genuinely insane
| mtlmtlmtlmtl wrote:
| That's appalling and should be illegal.
|
| I wish more programmers would refuse to contribute to this
| kind of exploitation.
| graphe wrote:
| If it was illegal he might be dead. If he refused, he could
| be dead. Is that a better world?
| mtlmtlmtlmtl wrote:
| No, if it was illegal he'd have access to his data. I'm
| not saying medical equipment should be illegal.
|
| And to be clear, I wasn't saying he should have refused
| treatment. I was saying I wish more programmers would
| refuse to help develop exploitative software like this.
| graphe wrote:
| I don't think he had a choice.
|
| If you had a good doctor that liked da Vinci robotic
| surgery, versus another one that did raven II would that
| factor more than the reputation of the doctor?
| Programmers who make life saving software are good in my
| opinion, even if the company they work for wants to make
| money.
|
| I think we should strive for the best features, and also
| be grateful for "fascist trailblazers". Shockley was
| known to be an awful boss but our transistors started
| there and we are better off for it. Body warming methods
| were created by Nazi scientists experimenting
| unethically. These are the 2nd step, at least the
| profiteers show it's doable and the drive for profit made
| it in the first place.
| StableAlkyne wrote:
| It might not have even been the programmers of the device
| that chose to do this. It was very likely some manager
| somewhere who saw the dollar signs when they realized
| they could collect rent.
| mtlmtlmtlmtl wrote:
| Programmers implemented it though. And they knew exactly
| what they were doing, too.
| rqtwteye wrote:
| I work in medical devices and it's extremely hard as a dev
| to figure out what's because of some regulation and what's
| just for profit.
| izzydata wrote:
| This is giving me feelings similar to that movie repo men
| where you had to rent life saving organs and they could come
| repossess them at any time.
| Kim_Bruning wrote:
| Software that your life depends on should be required to respect
| the four software freedoms (run, study, copy, modify). If the
| four freedoms don't apply in the context of your own bodily
| autonomy, where else could they be more important?
|
| (Consider the inverse: Parts of your own body are not your
| property but are merely licensed to you, and the license can be
| modified or withdrawn at the pleasure of the licensor)
|
| Legislation might be required.
|
| (edit: this would not be without precedent. Copyright and Patents
| are very limited when it comes to life essentials in general,
| such as recipes for food or designs for clothing.)
| AndrewKemendo wrote:
| > If the four freedoms don't apply in the context of your own
| bodily autonomy, where else could they be more important?
|
| I've got bad news unfortunately. Bodily autonomy has never
| really been all that free in practice for the last few thousand
| years at least. We're making some progress at least.
| worik wrote:
| > Bodily autonomy has never really been all that free in
| practice for the last few thousand years at least. We're
| making some progress at least.
|
| In the context of the repeal of Roe V Wade....
| notjoemama wrote:
| Or the ruling in the first place...
| isbwkisbakadqv wrote:
| Right to someone else's blood supply via placenta?
| Kim_Bruning wrote:
| Really depends which country you're in. Even just the west is
| not homogeneous on this point.
| reaperman wrote:
| > Legislation might be required
|
| Definitely required.
| az09mugen wrote:
| 2 cents : But then there should be a contract between the user
| who gains the ability to read/modify the software, discharging
| the software company in case the user causes a bug resulting in
| a health problem or even worse. Or something like that I
| suppose.
| account-5 wrote:
| God forbid I ever need to rely on software to live. But if I do
| you can guarantee I won't have anything connected to the internet
| that I need a smartphone to use!
| Kim_Bruning wrote:
| At that point you may have no choice if you want to live.
| Hackbraten wrote:
| If I'm ever going to find myself at a point where my body
| needs software to survive, then you bet that I'm going to
| hire someone to liberate it for me.
|
| If I can't find anyone willing to take the risk, I'd take a
| shot in reverse engineering the thing myself.
| mtlmtlmtlmtl wrote:
| Then I'll let myself die as a protest.
|
| I realise that's not a normal or even reasonable response to
| the predicament, but I'll never have kids and I've never been
| very attached to my life anyway.
| wolverine876 wrote:
| I think you mean software controlling medical devices, but you
| do rely on software to live when you drive, ride a plane, cross
| the street (crosswalk lights), when the train with poisonous
| whatever rolls through town, etc.
| akokanka wrote:
| We are heading to worst possible cyberpunk future.
| alex7734 wrote:
| "Please watch this 20 minute ad to continue using your EvilCorp
| Eye Replacement"
| autoexec wrote:
| "As part of our promotion, your blood sugar will continue to
| rise until you complete a purchase of one of our sponsor's
| products."
| bowsamic wrote:
| I don't have anything else to add to this other than: how
| absolutely horrible.
| politelemon wrote:
| A lot of this does make sense, and I think there's still ought to
| be more in the messaging. The medical data as well needs to be
| analogously free, or rather, wholly private to the individual. No
| organization should be the arbiters of our medical information.
|
| But the sad news is, we carry around with us portable
| surveillance circlets which have the ability to access our
| medical conditions. We give it information voluntarily, and
| through occasional advertorials, this practice is becoming more
| normalized and accepted. I'm not convinced that the convenience
| outweighs the trouble this is going to bring.
| analogj wrote:
| I'm actually working on an open-source Personal Health Record
| (PHR) app called Fasten Health -
| https://github.com/fastenhealth/fasten-onprem
|
| It allows patients to pull their complete medical history from
| their various healthcare institutions, and store it locally
| without having to worry about some corporation monetizing and
| data-mining their health record
| dmytroi wrote:
| 100% agree for "read only" software, like scanning, diagnostics,
| etc.
|
| Control software is much more involved topic, let me illustrate
| it with a scenario: one family member is non-techy but has an
| insulin pump, another family member is techy and likes to hack
| around, they made a change to the insulin pump software to
| "improve it", but by accident the change triggered insulin
| overdose at night during sleep and family member died. We have
| rules and regulations not just to have rules and regulations, we
| have rules and regulations because they are written in blood.
|
| While advocating for ability to freely modifying any life
| dependant control software is a noble goal, in my opinion it's
| the wrong end to approach it, instead it would be more
| constructive if we as computer science industry figure out ways
| how to make software such as we don't kill people, how to
| "certify" it in self service fashion (validation passed == no-one
| will die), etc, it's no trivial and it feels this particular part
| of our industry is not as developed/main stream as compared to
| something like civil engineering. If we have easy ways to ensure
| that modifying software will not lead to death then it will be
| easier to change the legislation to enforce this freedom.
| cbrugs wrote:
| I agree with it being the wrong way to go about it- I think the
| article fails to recognize that relying on the software being
| free isn't a solid enough certification of the software being
| appropriately safe to control a person's health. There has to
| be some other safeguard put in place- I'm not sure if it's
| legislation, but allowing a software update to break an app
| used by the elderly is unacceptable.
| Kim_Bruning wrote:
| Software continues to "eat the world".
|
| Given that, having medical software be FLOSS certainly seems
| like it's a necessary step. Whether that alone is also
| sufficient is something that might warrant further debate.
|
| Eg. in the opposing quadrant: maybe the insulin pump has a bug,
| but the new fix doesn't get certified in time and now the
| family member dies while their kin stands by whilst wringing
| their hands. This bears balancing.
|
| I think -partially- this would fall under a patient's right[1]
| to choose an alternative treatment option, when presented with
| the pros and cons. A patient should be allowed to take
| considered risks.
|
| [1] https://en.wikipedia.org/wiki/Patients'_rights
| KennyBlanken wrote:
| In your scenario, there's protection at a societal level:
| manslaughter/homicide law.
|
| Obviously their intent, the jurisdiction, their
| training/knowledge, and what sort of changes they attempted
| would matter in terms of how they were charged, prosecuted,
| etc.
|
| If the device manufacturer updates software and injures or
| kills someone, they're liable on a criminal and/or civil level.
|
| Before anyone starts rambling about how "they'll just calculate
| out their liability vs cost of proper software engineering blah
| blah"...in a civil lawsuit, at least in the US, the punitive
| portion of damages is for the express purpose of penalizing the
| defendant for shitty behavior, beyond actual damages, to
| discourage them and others from doing such a thing again.
|
| McDonalds was slammed hard in the infamous coffee-scald case
| with a _huge_ punitive portion. Before suing, the victim asked
| merely for medical expenses - nothing for the (enormous) pain
| and suffering from her genital burns. McDonalds told her to
| fuck off.
|
| The jury was (to put it mildly) enraged on a number of counts:
| McD's knew their coffee was served well above industry standard
| temperatures, knew they'd injured people, and refused a
| reasonable request for damages.
| graphe wrote:
| I don't understand what freedom stands for anymore. I don't trust
| the FSF after they started grandstanding on topics that made no
| sense.
|
| Apple making an update that breaks apps isn't the fault of the
| app developers, or the app. The measures they suggested are
| completely useless if nobody wants to update or make a gpl 3 or
| even a horrible gpl 2 app. Suppose they do, they're supposed to
| pay the apple fee every year and "sell" it for free?
|
| I'm not sure what the article wants besides bad press for
| companies that went bankrupt?
| nulld3v wrote:
| You know you can still sell a piece of software even if it is
| open source? Especially on iOS, you can't get software onto
| your phone unless it is published on the app store so just like
| you said, whoever is paying that publishing fee is going to
| charge users to install the app.
|
| Or you don't even have to sell the software at all. If I had a
| piece of software that I needed to live, if it was OSS at least
| I could pay a dev to maintain it so I don't die...
| thfuran wrote:
| >Two months later, with Apple's update to iOS 17, users of the
| FreeStyle LibreLink and Libre 2 apps had reason again to fear
| that the software they rely on wouldn't work after updating their
| iPhones
|
| Apple is well known to operate with a near total disregard for
| the stability of third party software. I wouldn't go so far as
| saying that anyone who puts Apple in their tech stack for
| something safety critical and then blithely upgrades gets what
| they deserve when it breaks, but it's a damn fool thing to do,
| especially if they've already personally run into problems as a
| result before.
| petabytes wrote:
| The app needs to be reversed engineered and have a 3rd party
| reimplemention. Even if it's slightly inferior, it's always good
| to have an alternative.
| advael wrote:
| There is no way to fix this without law changes. The best would
| be killing DMCA 1201 entirely, if not the whole DMCA
___________________________________________________________________
(page generated 2023-11-04 23:00 UTC)