back to article From unmovable boot screens to dead certs, neither are what you want to see in a hospital

Bashful booting or sneaky certificates – our hospitals are not immune from the perils posed by bork. We have a pair of medical fails today, one from a surgical recovery room in the US and the other lurking within the UK's beloved NHS. The first bit of bedside borkage comes from a Register reader in North America and shows a …

  1. karlkarl Silver badge

    Those bloody signed certificates are a menace.

    This is precisely why OpenSSH decided against certificate authorities (by default).

    1. Pascal Monett Silver badge

      They might well be, but what other way do we have to demonstrate trustworthiness on a stateless platform ?

    2. Steve Davies 3 Silver badge

      Signed Certificates are only as good as...

      the process put in place to renew them BEFORE they frigging well expire. If that fails then it could even take a business down.

      Otherwise... they are naff all use to man nor machine. In many cases, thay just get in the way.

      1. Cynic_999 Silver badge

        Re: Signed Certificates are only as good as...

        What would be wrong with a system where the certificate never automatically expires, but can be revoked if & when necessary?

        1. Chris Evans

          Re: Signed Certificates are only as good as...

          The problem is money! Someone has to pay for the servers etc. that confirms the certificate.

          Companies offering perpetual services for a one off fee have a limited life expectancy.

        2. JulieM Silver badge

          Re: Signed Certificates are only as good as...

          What is wrong with a system where the certificate never automatically expires, but can be revoked if & when necessary, is that you end up with certificates that are valid in perpetuity by default unless revoked. And it is a lot easier to block a "do not use this certificate anymore" message, than it is to create a plausible fake certificate.

          What you are proposing is equivalent to a lock that can be opened using any tool, unless it has been specifically told that that tool is not the key that opens it.

  2. ZenaB

    "some form of intranet"

    Looks like a Citrix StoreFront page to me. If the cert isn't trusted then the Citrix client won't connect, so there's bigger issues going on :)

  3. Evil Auditor Silver badge
    Devil

    I'd definitely go for the SATAn device.

    1. Captain Scarlet Silver badge

      Considering those Symbol handheld scanners default to hitting enter after a barcode (Unless instructed to emulate something else), I would recommend scan the barcode of the nearest item.

      1. logicalextreme Bronze badge

        If that nearest item's a Holy Book, I'd like to think that they've gone the extra mile tinkering with the BIOS and it'll reject the ISBNs of any books not deemed to be the correct brand of Holy.

  4. John 110

    i don't know why...

    ...anybody's surprised at "dear old Internet Explorer" in the NHS. A large number of expensive browser-based applications only ran on IE of a certain vintage until recently. I believe manufacturers had to be threatened with losing the business before they would upgrade their software to run on more recent (read more secure) versions. Some still required IE (not Chrome or any other pretender) when I retired at the end of 2019.

    1. Anonymous Coward
      Anonymous Coward

      Re: i don't know why...

      Not all of them have been persuaded yet. We are not still running several XP systems because we like the Fisher Price desktop theme!

    2. JulieM Silver badge

      Re: i don't know why...

      What were the procurement people smoking, buying software without demanding Source Code (and the relevant Modification Rights to go with it)? Those are your guarantee, and you never let go of them!

      Now, you personally might not know what to do with Source Code, and you might even take a perverse pride in that ignorance (which, as the sort of person who knows exactly what to do with it, actually suits me fine); but if the worst ever happens and the original supplier goes out of business, access to the Source Code at least ensures any competent programmer will be able to maintain it for you. (In fact, the original vendor needn't even go out of business; if they get a bit too big for their boots with ongoing costs, a customer with the Source Code can up sticks and go their own way, like a motorist going to an independent garage instead of a brand-tied dealership.)

      If I was ever to break the habit of a lifetime and pay money for a piece of software, you can bet I would be insisting for at least the same Source Code and Modification Rights I would have got if I had downloaded a different piece of software instead that I would not have to pay for. "Pay more, get less" doesn't sit with my brand.

      1. John 110

        Re: i don't know why...

        This is healthcare software. When only two manufacturers make the stuff you want and neither of them wants to play ball, you take what you can get. I've been involved in specialized software deployment at a coalface level, and honestly the bottom line is that you take what's available and shoe-horn your processes to fit that. And that goes from patient admin software to the tools required to mine data from the lab system. I could expand but I don't want to go further off-topic than I have already.

  5. imanidiot Silver badge
    Mushroom

    "Ignore it. It always does that"

    The words "Normalisation of deviation" come to mind. -> Sadly, more than once ->

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020