Re: Aw, Man!
David Davies was fine apart from the Brexit aberration.
22305 posts • joined 16 Jun 2014
"rarely had anyone on the staff who could read it"
OTOH it could be quite handy for the vendor if the customer had someone available to debug the code. After having had two Friday lunchtimes interrupted when the weekly billing run exploded I spent an afternoon drilling down and found, buried several loops deep, a statement asking the server to allocate an object which wasn't released so the server process grew until it reached its maximum memory allocation. Followed by a phone call - not the last - to the vendor to tell them how to write software for that particular RDBMS.
Had a similar experience at a client where two directors had one of their stand-up rows in the main office in front of their staff and several of us freelancers* about which way the application should make up production batches. This wasn't resolved.
A colleague wrote a work of art solution where every possible parameter affecting batching was held in the database with a big data-entry form so the operators could set it up in whatever way they were told. We set up some reasonable looking values before it went live and as far as I know they were never changed.
* Obviously their frequent toys out of the pram events were one of the facets of face-to-face communication, team integration & what-not that you miss when everyone's working from home.
Nildram, swallowed by Pipex (who decided to roll out Nildram support to their existing customer base because it was better than their own), swallowed by someone I can't remember (who rolled out their own appalling support because that's the sort of thing they did) swallowed by TalkTalk (who were TalkTalk)
"updates are released to a schedule and can be easily installed"
My experience with Windows is that updates are a complete and utter pain to install. They're slow to download hang up the entire machine for as long as they want, they fail, they reboot the machine. Linux upgrades download and install quickly unless you're doing a complete OS version upgrade. They only need a reboot - at your convenience - if they're kernel upgrades (and there are ways of patching running kernels) although if a service is upgraded it will need a restart. In my experience upgrades of services ask before restarting.
It's worth remembering that most people who run other OSes have also suffered Windows and are in a position to make comparisons. If you only run Windows you don't know any better.
"How do you get electronic images out of a borked system?"
You start by looking at how to avoid getting the system from which the images come from being borked. Start off by considering the system to be standalone. If it isn't terribly useful what is the minimum set of remote access facilities needed to make it useful? You want somebody to view the images remotely? Just sticking it on the hospital LAN is not minimal. Minimal might be a connection running through a firewall that only allows X-11 protocol. Even if you run the X server* on a Windows PC that gets borked X-11 is not going to be the sort of protocol to tell the CT system to go bork itself.
It's like the old saying puts it - if you don't design a system to be secure it's hard to add on security afterwards.
* The server is the bit that supplies display services, the one with a screen attached, not the one that provides the images.
Hospitals in Germany mostly belong to large chains that are profit driven. If they can shave a Euro from the budget by buying cheaper mice, they will.
But if a security-measure costs money to implement and isn't obviously required by law, they'll just skip it "because we've been good so far, right?".
I assume they have insurance. The insurers should look at what they're on the hook for with badly protected systems and make sure protecting the systems is cheaper than paying the premium. If people will only do things right if it costs them less up-front then make it more expensive up-front to not do things right.
"Medical equipment is also certified, which means it can't get OS patches until they have been certified by the equipment manufacturer, which can take an age."
Let's deal with that one straight away. No commitment to prompt certification of OS patches, no certification for your potentially lucrative piece of medical kit. And all source code must be documented and escrowed - perhaps along with a dowry to enable someone to take it over if you decide to duck out.
"if the diversion is an hour away emergency patients should be seen and paperwork can be sorted out down the line."
Wouldn't it be great if there was a technology that would let you scan in paper-work, transmit it over an ordinary telephone line and print it out at the other end. Might not have helped in this case but as a fall-back it would be worth having.
Unix windowing goes back at least to 1984 with X. The X protocol reached the current version, 11, in 1987. I'm not sure W95 was eve a gleam in Bill Gates eye in 1987. It was also possible view X with a dedicated X-terminal although I'm not sure if anyone still makes those. I'd hazard a guess that all early development of CT systems was done on Unix graphics.
If you really think Linux and other Unix and Unix-like systems are restricted to characters you really need to get out more.
I've done work for a company where production, handling lots of PII was kept well separate from the office system and its vulnerabilities. It was, in fact, a condition of some of their contracts. It might be inconvenient in some ways but it would have been a lot more inconvenient to admit to their clients that they'd been breached or to have production stopped for days because some toe-rag had encrypted their systems.
The germ of the solution is in your cutting machine story. The owners were able to force an admittedly not very satisfactory solution. For medical equipment there , in principle, an easier way to do this and do it better. A couple of decades or more back it wasn't unusual for servers to have remote support via dial in lines which could be unplugged when not required. Medical equipment has to be certified. A certification requirement of remote support via a disconnectable channel would cut out one weakness. The politics of getting such a requirement in place, however ....
"Possibly one reason that email signing and encryption never really took off, despite being more or less standard product since the '90s."
Two reasons, I think.
One was because it wasn't part of the email protocol so it had to be a lot of added on bits, not just to the clients but a whole
added on separate key distribution system.
The second was that because of one very few people used it. If you didn't know anybody who used it you didn't need to go to all that trouble to add it yourself and you not using it meant that people emailing you didn't need to use it and because they didn't you didn't either. Critical mass hasn't been achieved.
"Ultimately to prove identity is to meet each other face to face and exchange public keys, then sign them. At a key signing party. Unfortunately that is a barrier but that is the ONLY way to confirm beyond a doubt that it is YOU behind that address and if you do key signing correctly, behind ANY address and ANY key you sign."
Who's YOU? Even face to face you have to take somebody's word for who they say they are. If somebody tells you they're firstname.lastname@example.org how are you to know that that's who they really are? A better way would be to have example.com's mail server tell you that email@example.com's public key is. You still don't know whether firstname.lastname@example.org is Fred Bloggs, Fred Flinstone, Frederick the Great or my late uncle Fred of course.
An occasional client had offices on Banbury and Swindon both running SCO on tower servers.
On-site work was on Saturday mornings when the business wasn't running. I drove down to Banbury and he picked up the Swindon server and brought it to Banbury. No faffing about with tapes.
In relation to another of today's stories, he used fax to take orders. Online support was by means of him disconnection the fax and plugging a modem into his fax line and me dialling that on a Nokia Communicator.
You think not?
The SCCs have been sunk as a means of stopping the Privacy Figleaf from shrivelling completely. With that and the playbook already written it's the next obvious step for the EU. Apart from that, India seems keen on having its own offerings. And, of course, China.
I suppose for the UK trying to pull such a deal would get in they way of the much sought after trade deal although touting the UK as the best place in the world to run such a service might appeal to BoJo.
"This trove of information puts a target on the back of every good-sized school, college, or university."
Just an idea but how about putting that trove on its own isolated network? Yes, inconvenient when somebody has to answer a query that came in by email. But look on it as a choice of that inconvenience vs the inconvenience of an attack on that trove and at best having to rebuild it from backups and at worst seeing it copied off and sold to the highest bidder - or all bidders.
Biting the hand that feeds IT © 1998–2020