iFixit wants you to be legally able to break software locks to repair gizmos. Unsurprisingly, manufacturers are less keen Repairs specialist iFixit has urged the US Copyright Office to add exemptions to the Digital Millennium Copyright Act that would allow individuals to legally circumvent digital restrictions in the process of repairing hardware. Exemptions to Section 1201 – the relevant bit – are renewed every three years, and are carved out by …
Same here great service and good tools. It is best to listen to their advice when it says go shallow with the opener when cracking the case open though. I found that out the hard way on the first iPhone 8. Cost me a new screen as I put a small nick in a cable :-(
I'm about 9 devices in now. A back glass / chassis replacement on an iPhone X and an iPad 2 near full teardown just to do its battery are the hardest ones so far. Just take your time, watch the cables and get an extra replacement screen seal kit.
ReplaceBase are also worth a look if you are in the UK, sometimes quicker and a good alternative if iFixit are out of stock.
"The entertainment industry similarly expressed its unhappiness with the proposal, claiming allowing the legal circumvention of TPMs would facilitate piracy"
Piracy will still happen even with this digital locks in place, the current gen of consoles might be secure as of today, but history has shown that eventually they all have vulnerability which can be used to run unsigned code. And I have no doubt before they reach EOL this will happen to the XBOX and PS5.
When something is not working and, in fact, has never worked, the logical thing to do is to stop doing that.
"The entertainment industry similarly expressed its unhappiness with the proposal, claiming allowing the legal circumvention of TPMs would facilitate piracy."
So, has anything you've done actually prevented copyright infringement? I will answer for you, no. Everything you do will not stop copyright infringement. The better course of action is to make easier and cheaper for people to get your content. And, make it is easier for people to do what they want for their own personal use with their own legally obtained content. This would require them to stop fragmenting the streaming market. You cannot stop copyright infringement. But you can eliminate the incentive a large number people have for doing it.
Even DNA is open source: with the right tools, anyone can read your personal source code from a suitable sample. Copy (duplicate) it -- just the code -- too. Works for other organisms, although the language may differ.
(Duplicating the entire wetware created FROM a complete copy of source code is another matter entirely.)
This is a significant point. If I can't boot the operating system I want on a general purpose computer, it's broken by design and goes back.
While there is certainly a valid argument for a secure boot, it should *always* be possible to replace that with something else.
IMHO It is more than possible that if it finally becomes legal to allow full access of purchaser's of hardware and software for repair purposes that it will reveal copywrite infringement by the very manufacturers of the kit protected under DMCA.
Since Autodesk and their patent upon using using the standard logical operation XOR to make a onscreen cursor blink, the legal protections have IMHO always been against rather than for consumers and IMHO were often protecting technology that was already in the public domain and not novel.
IMHO hardware and software companies have managed to claim ownership of technology and methods they did not develop and I would not be surprised if they have been using DMCA to hide their own unpunished abuses.
DRM and DMCA were always against the consumer's reasonable use of what they had paid for, the piracy = theft argument was always a lie and the privacy invasions associated with DRM were always going to happen because the laws said that perfectly legal and paying consumers own nothing, not even their own right to privacy.
I very much like the fair phone and I love the concept. But it’s not water proof and it runs Android. Now I don’t mind Android to much, but I do not trust play services from google.
To get a phone working, without any hassle without p,any services is just not possible. I would need to jump through to many hoops to get an experience on a daily base that is without frustration.
Assuming that they do pay tax in the first place, if making irreperable products makes them more profitable then they will be paying extra tax!
The EU brought in the concept of some sort of disposal tax on car manufacturers, but it wasn't done particularly well. They gave no allowances for historical performance. For example, Aston Martin had the amazing record of 80% of the cars it had ever made were still on the road, but still got swept up in the disposal tax regime despite not ever really having contributed to the size of the scrap heap.
They also screwed up how manufacturers tackled emissions limits; one of the reason why diesel is so much of a problem is because they let the manufacturers put in cheap emission control systems that were guaranteed to degrade within 100,000 miles (gummed up EGRs, clogged inlets, etc). Of course, this wasn't helped by some manufacturers also cheated emissions tests. Anyway, the technology chosen resulted in the eventual renovation costs being passed on to the motorist, which of course very rarely gets spent. When it gets too bad, the car is often scrapped even though the rest of it is basically totally sound.
The EU should have mandated that the manufacturer had to guarantee emissions performance for, say, 15 years. Yes that might have resulted in the purchase price being ramped to reflect the cost of that, but then that would have put diesel into its proper context.
There are some conflicts here. A manufacturer isn't allowed to ship a device that varies from the as-approved build spec. So it passed medical approvals with this RAM, such and such a software configuration, a specific patch level on the OS, etc.
This is what causes a lot of trouble with software vulnerabilities. Whilst there may well be a load of security patches available for the OS on a device, they cannot be installed unless a whole lot of very expensive testing is performed to revalidate the device to maintain its approval for use.
So if a third party gains the right to repair a device, and they're allowed to choose whatever RAM or other componentry they want to effect a repair without compromising the device's approval for use, the FDA and similar bodies will have to relax the rules that apply to the manufacturers too. The problem is that FDA rules are there for a very good reason, even if some of the end result is stupid (eg networked devices getting malware).
Medical devices are very expensive so much so that the argument that it would cost too much doesn't really ring true.
As to validated standards, being compliant is within their remit they should have maintained them but they chose not to because is would cost money out of their own pocket doesn't really say the right thing about priorities.
If I was the FDA I would address this by either requiring yearly updates and validations with the bill going to all to the walk away manufacturers rather than the hospitals, or to move away from a purchasing model so medical equipment is rented instead and the monthly cost includes updates and associated compliance testing.
Standards Set Price
A large part of the cost is related to the manpower needed to demonstrate compliance. There's plenty of competition which, ordinarily, would cause price drops, but all the competitors are bound to comply with the same standards. That's what mandatory standards do - they effectively set a minimum price.
The price of re-compliance testing for software updates could be built in up-front, but if we're talking about keeping up with MS's update rate that'd be 12 times per year. That would make the instrument price unaffordable. And I doubt there's enough engineers on the planet to keep up with that.
The Customer Always Pays
It doesn't matter how you structure the ownership model, the end consumer always has to pay otherwise the instrument will never come into existence in the first place.
Removing the Need for Updates
There are things that could be done. Using Windows (especially), Linux (less so) is really cheaping out. They're mainstream OSes, and so malware targeted at mainstream applications also hits medical instruments. Using a non-mainstream OS instead - e.g. QNX, or INTEGRITY - would be a way of delivering an instrument from the factory that probably won't become the victim of malware. Of course, I'm not saying that QNX or INTEGRITY are truly bullet proof against flaws (even though those and others are actually pretty good), but they're less likely to become the victim of a drive-by malware download that's looking for Windows (or, maybe less likely, Linux) on x86's.
The cost of that would be a one-time up front cost for the manufacturer - more expensive, harder to find developers - but the end result would be better all round.
Can the Standards be Changed to Reduce Cost?
You're right in pointing out that the answer lies in the FDA. There have to be standards for this kind of market, because otherwise patients will end up getting hurt. This is why the standards set such a high bar, and why the standards are there in the first place. And the standards have to cover the whole thing - design, test, build, shipping, repair, operation, maintenance, etc. Anyone in that whole chain of enterprise taking non-standard short cuts is effectively taking on personal and / or corporate liability. Sure, the risk is perhaps low, but the consequence is very high (potential death of a patient and extensive jail time for negligence).
I think that it would be sensible for the FDA to mandate a OS stack - perhaps INTEGRITY, maybe QNX, or several. They would be somewhat reluctant to do so I think, because that would then be significant inteference in the market; perhaps there could be measures put in place to ensure that the officially fixed market wasn't exploited. I can't see the FDA permitting repair and maintenence by anyone other than a fully qualified, fully approved outfit who has the cooperation of the manufacturer. I can see the FDA mandating that manufacturers do collaborate with independents. I can also see them mandating use of open standards by manufacturers, and also requiring manufacturers to freely issue specifications for components complying to those standards (e.g. for RAM, or storage, etc).
It would be something of a gamble for the FDA; the costs to the manufacturer would go up, and so would the purchase price. The gamble then is that revised standards do actually lead to a reduced cost of ownership for the end customer (patients) without impacting on safety.
Medical CPU?
Another option that the FDA could pursue to reduce the impact of malware would be to sponsor a "Medical CPU". It would be possible for an ISA to be developed specifically for medical instrumentation. It could even be based on some existing ISA - e.g. x86 but byte swapped.
The goal would be to have a CPU family for medical instruments that are found only in medical instruments. A lot of existing OSes and software could be recompiled for that CPU family. The point is that by being binary incompatible with any software compiled for any mainstream general use CPU, malware is unlikely to come visiting. Ok, so things like Javascript and other non-binary executables would have to be considered or banned. Assuming that the CPU's don't have to be the last word in computational performance (they generally don't), the cost could actually be quite low.
We already see something a little like this: some SSD manufacturers have gone to the expense of having their own Risc-V devices fabbed. It's rapidly becoming more and more affordable for a company to have its own tailored CPU for its products; I think the medical industry as a whole could bear that cost too.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
