WEBVTT
00:00:09.000 --> 00:00:11.045
How is that, can you hear me?
00:00:11.045 --> 00:00:13.953
Can I ask for everybody on the end
00:00:13.953 --> 00:00:17.014
who has a seat next to them to move a little bit in
00:00:17.014 --> 00:00:19.988
so that latecomers have a place to sit?
00:00:19.988 --> 00:00:21.979
Just move in one seat.
00:00:21.979 --> 00:00:25.373
As a latecomer often myself, it's a huge gift
00:00:25.373 --> 00:00:28.208
if you walk in and there's a place to sit.
00:00:34.030 --> 00:00:35.158
But not too much,
00:00:35.158 --> 00:00:38.040
because I think they've shut the side doors too, so…
00:00:38.040 --> 00:00:40.000
You're good, you're good.
00:00:41.040 --> 00:00:42.070
OK.
00:00:43.020 --> 00:00:45.481
I am really, really happy to be here.
00:00:47.010 --> 00:00:51.000
My talk is entitled Freedom in my heart and everywhere.
00:00:52.020 --> 00:00:54.879
As just said, I've been involved
00:00:54.879 --> 00:00:57.000
in the Free and Open Source community for a while
00:00:57.000 --> 00:01:00.000
I am the executive director of the GNOME Foundation
00:01:00.000 --> 00:01:02.020
and we'll get to some of that a little bit later
00:01:02.020 --> 00:01:03.692
which is really cool.
00:01:03.692 --> 00:01:08.205
And I, for a long time, was a lawyer at the Software Freedom Law Center.
00:01:09.000 --> 00:01:11.020
Resulting in eventually becoming general council.
00:01:11.020 --> 00:01:13.631
So I had this really lucky opportunity
00:01:13.631 --> 00:01:15.577
to get to know a lot of folks
00:01:15.577 --> 00:01:16.969
in the Free and Open Source software community
00:01:16.969 --> 00:01:18.508
by helping them with all of the crap
00:01:18.508 --> 00:01:20.046
that they didn't want to deal with.
00:01:20.046 --> 00:01:21.403
Really really fun!
00:01:21.403 --> 00:01:24.527
I've been a Free and Open Source enthusiast,
00:01:24.527 --> 00:01:26.388
I'd say, since the nineties
00:01:26.758 --> 00:01:30.169
And I am also a patient
00:01:31.050 --> 00:01:34.000
I have a really, really big heart
00:01:34.785 --> 00:01:36.710
I actually have a huge heart.
00:01:36.710 --> 00:01:38.388
So you think I work for non-profit
00:01:38.388 --> 00:01:41.049
but I actually an enlarged heart
00:01:41.049 --> 00:01:45.000
I have a condition called hypertrophic cardiomyopathy.
00:01:45.000 --> 00:01:46.931
I always get a little bit nervous when I talk about that
00:01:46.931 --> 00:01:48.000
because that sort of say
00:01:48.000 --> 00:01:50.100
my heart is a little broken.
00:01:50.100 --> 00:01:53.000
But it means that I have…
00:01:53.000 --> 00:01:57.000
it's not actual. My heart is very thick
00:01:57.000 --> 00:02:00.154
and that means that it has a hard time beating.
00:02:00.154 --> 00:02:01.169
It's a little bit stiff.
00:02:01.169 --> 00:02:03.115
And it's actually pretty fine.
00:02:03.115 --> 00:02:05.062
I don't have any symptoms yet.
00:02:05.062 --> 00:02:10.000
I just have a very high risk of suddenly dying.
00:02:11.000 --> 00:02:13.462
The term is actually sudden death.
00:02:13.462 --> 00:02:17.123
That's what the doctors tell you when you have HCM
00:02:17.123 --> 00:02:21.000
and you need to enter in this life-long treatment.
00:02:21.000 --> 00:02:24.000
They say you have a high risk of sudden death.
00:02:24.000 --> 00:02:26.023
Which is really terrifying as a patient.
00:02:26.023 --> 00:02:31.000
I have about a two to three chances per year of suddenly dying
00:02:31.000 --> 00:02:36.000
and that compounds, so I've found out about this at age 31
00:02:36.000 --> 00:02:42.000
and over the next decade it was sort of 20 to 30% risk of sudden death.
00:02:43.246 --> 00:02:48.146
Really, really, just a scary thing to hear…
00:02:48.146 --> 00:02:50.769
but there is a solution right now!
00:02:50.769 --> 00:02:53.041
which is to get a defibrillator.
00:02:53.041 --> 00:02:58.020
And what a defibrillator does is it's in your body
00:02:58.030 --> 00:03:01.000
I actually did get one, it's right here.
00:03:01.000 --> 00:03:02.223
It looks really huge there,
00:03:02.223 --> 00:03:04.000
but it's about like this big
00:03:04.000 --> 00:03:06.038
and it's right here.
00:03:06.592 --> 00:03:07.817
It has wires that
00:03:07.817 --> 00:03:09.765
sneak through my blood vessels
00:03:09.765 --> 00:03:11.000
and scour into my heart
00:03:11.000 --> 00:03:14.077
and it basically constantly monitors me
00:03:14.077 --> 00:03:15.469
and it's like having people
00:03:15.469 --> 00:03:16.862
following you around with paddles
00:03:16.862 --> 00:03:20.000
and if I go into a sudden death,
00:03:20.000 --> 00:03:23.000
it will shock me, and I'll be great!
00:03:23.000 --> 00:03:27.231
And I won't die! it's very exciting!
00:03:28.030 --> 00:03:32.000
So, all that is pretty well and good.
00:03:32.000 --> 00:03:37.010
The electro-physiologist that I saw when I told this
00:03:37.010 --> 00:03:39.245
has a bunch of these in his desk drawer,
00:03:39.245 --> 00:03:42.250
just so he can pass it to every patient
00:03:42.250 --> 00:03:45.363
because I think when you see how little this device is,
00:03:45.363 --> 00:03:47.508
it doesn't feel so scary.
00:03:47.508 --> 00:03:49.085
He pushed it over the desk at me,
00:03:49.085 --> 00:03:50.938
I was sitting here with my mother. I pick it up…
00:03:50.938 --> 00:03:52.506
He's like: "Pick it up, see how light it is!"
00:03:52.506 --> 00:03:55.588
So I pick it up and I say "Cool, what does it run?"
00:03:55.588 --> 00:03:58.000
Laughs
00:03:58.000 --> 00:04:05.831
applause
00:04:05.831 --> 00:04:08.077
To which I got a blank look.
00:04:08.825 --> 00:04:11.000
My mother gave my a blank look.
00:04:11.738 --> 00:04:14.200
Surgeon said "What are you talking about?"
00:04:14.200 --> 00:04:16.692
and I said "Well obviously, "
00:04:16.692 --> 00:04:20.000
"this piece of equipment is only as good as its software"
00:04:20.000 --> 00:04:22.050
I mean, it relies on its software to know
00:04:22.050 --> 00:04:24.040
when it is that I'm going to have a sudden death
00:04:24.040 --> 00:04:26.381
whether it is that I run across the street
00:04:26.381 --> 00:04:27.307
when I shouldn't have
00:04:27.307 --> 00:04:29.000
or I decided to run a marathon
00:04:29.040 --> 00:04:31.020
or for no reason at all.
00:04:31.952 --> 00:04:34.295
I'm totally relying on this software to know
00:04:34.295 --> 00:04:36.555
when is the appropriate time to give me a shock
00:04:36.555 --> 00:04:37.393
and when it's not.
00:04:37.393 --> 00:04:41.010
When I need pacing, maybe, or when I don't.
00:04:41.010 --> 00:04:45.080
And the electro-physiologist, of course had no answer at all.
00:04:45.080 --> 00:04:48.000
He said "nobody ever asked me this."
00:04:48.000 --> 00:04:50.020
"I never thought about the software on this device."
00:04:50.020 --> 00:04:53.718
"Hang on, there is a representative from Medtronic"
00:04:53.718 --> 00:04:55.938
"here in our office today."
00:04:55.938 --> 00:04:59.050
"I will get to him, because he is the manufacturer"
00:04:59.050 --> 00:05:02.000
"and surely they have thought about this."
00:05:02.000 --> 00:05:05.050
So, in walks this representative
00:05:05.050 --> 00:05:07.000
and I sort of explain
00:05:07.000 --> 00:05:09.070
"I'm a lawyer at the Software Freedom Law Center"
00:05:09.070 --> 00:05:12.000
"I care about the software on my device"
00:05:12.000 --> 00:05:13.000
"I just want to know: "
00:05:13.000 --> 00:05:14.080
"how does it works? what does it run?"
00:05:14.080 --> 00:05:16.000
"Can you tell me?"
00:05:16.000 --> 00:05:19.000
And he said "Nobody's ever asked me that before".
00:05:19.677 --> 00:05:22.995
So, we had this really interesting conversation and he said:
00:05:23.000 --> 00:05:25.040
"I see that this is a very serious issue"
00:05:25.040 --> 00:05:27.000
"Here is my number."
00:05:27.275 --> 00:05:29.196
"Call me and I'll put you through"
00:05:29.196 --> 00:05:30.947
"to people to talk about this."
00:05:33.030 --> 00:05:38.050
Bolded by this, I called him at Medtronic
00:05:38.050 --> 00:05:40.050
and he gave me the tech line
00:05:40.050 --> 00:05:42.040
and so I kept leaving messages…
00:05:42.040 --> 00:05:45.030
eventually, I kept being bounced around.
00:05:45.030 --> 00:05:48.010
Nobody would talk to me about this.
00:05:48.010 --> 00:05:53.027
I called the other two major medical device manufacturers:
00:05:53.030 --> 00:05:55.000
Boston Scientific and St. Jude
00:05:55.000 --> 00:05:57.992
and neither of them could give me a real answer either.
00:05:58.000 --> 00:06:00.010
Eventually, I started calling and saying
00:06:00.010 --> 00:06:02.000
"Look if someone would let me look at the software,"
00:06:02.000 --> 00:06:06.000
"I'll sign an NDA", You know, really against my principles
00:06:06.000 --> 00:06:10.040
Because, I'm a non-profit activist in the technology world
00:06:10.040 --> 00:06:13.040
I don't want to sign any NDA which would prevent me
00:06:13.040 --> 00:06:15.013
from sharing what I find with somebody else.
00:06:15.013 --> 00:06:15.742
But I though:
00:06:15.742 --> 00:06:18.455
"At least, I'll be able to see the source code"
00:06:18.455 --> 00:06:21.060
"and I'll feel comfortable about what's put in my body"
00:06:21.783 --> 00:06:27.000
But, unfortunately, I was brushed off. I was told no.
00:06:27.000 --> 00:06:31.040
I talked with some people at Medtronic that were sympathetic
00:06:31.040 --> 00:06:33.972
I had access to good doctors
00:06:33.972 --> 00:06:37.010
People said: "Oh, you know, we're Medtronic"
00:06:37.010 --> 00:06:39.030
We care deeply about making sure
00:06:39.030 --> 00:06:41.992
that there are no bugs in the software that we put on these devices.
00:06:42.000 --> 00:06:46.000
Obviously, we wouldn't release it if we didn't think it was safe.
00:06:46.000 --> 00:06:47.000
All these things
00:06:47.000 --> 00:06:49.000
You must trust us.
00:06:49.000 --> 00:06:52.708
Doctor say, the Food and Drugs Administration,
00:06:52.708 --> 00:06:54.035
the FDA in the United States,
00:06:54.035 --> 00:06:55.285
approves these devices
00:06:55.285 --> 00:06:58.846
So clearly, you're over reacting.
00:06:58.846 --> 00:07:03.070
And when I was talking to that same electro-physiologist on the phone
00:07:03.070 --> 00:07:05.871
and said I'm really troubled by this, because
00:07:05.871 --> 00:07:09.030
I think about all the people that have these devices.
00:07:09.030 --> 00:07:11.000
Some of them are quite powerful
00:07:11.000 --> 00:07:13.000
Dick Cheney had one at the time.
00:07:13.000 --> 00:07:15.874
He has a more impressive device now,
00:07:15.874 --> 00:07:18.354
that continually circulate his blood
00:07:18.354 --> 00:07:20.646
so he has no pulse.
00:07:20.646 --> 00:07:25.169
It's a fascinating, fascinating device, yeah!
00:07:28.000 --> 00:07:30.000
There are a lot of prominent people that…
00:07:30.000 --> 00:07:32.525
the demographic that get this devices
00:07:32.525 --> 00:07:35.373
are often in some powerful positions
00:07:35.373 --> 00:07:38.010
So you can easily imagine a situation where
00:07:38.010 --> 00:07:40.080
someone would be wanting to shut down these devices.
00:07:40.080 --> 00:07:40.080
And the electro-physiologist that I spoked to on the phone
someone would be wanting to shut down these devices.
00:07:40.080 --> 00:07:43.629
And the electro-physiologist that I spoked to on the phone
00:07:43.629 --> 00:07:46.010
got so upset, he got so upset…
00:07:46.010 --> 00:07:48.000
that he hang up on me.
00:07:48.030 --> 00:07:52.000
He said "I think you're up to something"
00:07:52.000 --> 00:07:53.192
"I don't understand"
00:07:53.192 --> 00:07:55.000
"I don't know why you're so upset about this."
00:07:55.000 --> 00:07:57.000
"If you want to get a device, I'll help you"
00:07:57.000 --> 00:08:02.020
"But I think, I just don't, I think you're… you're…"
00:08:02.020 --> 00:08:03.000
Hang up.
00:08:03.000 --> 00:08:05.010
and I think it was really scary
00:08:05.010 --> 00:08:07.070
because he told me at the beginning of talking to him
00:08:07.070 --> 00:08:10.000
that he installed these devices all the time
00:08:10.000 --> 00:08:13.020
He installs sometime several devices a day.
00:08:13.020 --> 00:08:16.491
So the idea that he could be
00:08:16.491 --> 00:08:17.732
not even asking questions
00:08:17.732 --> 00:08:19.542
about the software that runs on these devices
00:08:19.542 --> 00:08:21.000
was pretty terrifying to him.
00:08:21.000 --> 00:08:23.000
So I put the whole thing off.
00:08:23.000 --> 00:08:24.297
And I just said, you know,
00:08:24.297 --> 00:08:25.465
I can't think about this.
00:08:25.465 --> 00:08:26.846
It's so terrifying.
00:08:26.846 --> 00:08:27.841
Am I really going to get
00:08:27.841 --> 00:08:29.158
proprietary software in my body?
00:08:29.158 --> 00:08:30.020
I don't know
00:08:30.020 --> 00:08:34.000
Plus the whole "mortality thing"
00:08:34.000 --> 00:08:36.000
and getting a piece of equipment
00:08:36.000 --> 00:08:38.000
sewn into your body.
00:08:38.000 --> 00:08:40.000
It's really a lot to deal with
00:08:40.000 --> 00:08:41.050
So I kept putting it off
00:08:41.050 --> 00:08:43.030
and eventually I couldn't anymore
00:08:43.030 --> 00:08:48.000
because friends and family kept asking me about it
00:08:48.000 --> 00:08:52.000
and saying "We're so worried about you"
00:08:52.000 --> 00:08:53.649
"We know that you can die at anytime"
00:08:53.649 --> 00:08:56.647
My mother, you know, off course don't have a land line
00:08:56.647 --> 00:08:59.055
and I don't have a great mobile reception in my apartment
00:08:59.055 --> 00:09:01.070
and my mother, if I didn't called her back within a hour
00:09:01.070 --> 00:09:02.998
would start calling all my friends
00:09:02.998 --> 00:09:04.853
saying "Have you speak to Karen today?"
00:09:04.853 --> 00:09:06.046
"Do you know if she's OK?"
00:09:06.046 --> 00:09:08.908
I went to brunch with a friend, and she asked me
00:09:08.908 --> 00:09:10.716
how this process was going.
00:09:10.716 --> 00:09:14.000
And I said "Well nobody from medical companies are calling me back,"
00:09:14.000 --> 00:09:16.060
"and you know, I'm sure I'll work it out."
00:09:16.060 --> 00:09:18.070
And she just burst into tears and she said
00:09:18.070 --> 00:09:22.020
"You know, you could die. Today."
00:09:22.020 --> 00:09:25.020
"and I just can't deal with that"
00:09:25.020 --> 00:09:26.040
"If you don't take care of this,"
00:09:26.040 --> 00:09:27.850
"I don't know if I can be friend with you"
00:09:27.850 --> 00:09:30.165
"because this is a serious thing"
00:09:30.165 --> 00:09:31.404
"and you're ignoring it for…"
00:09:31.404 --> 00:09:34.000
what she considered to be an esoteric issue.
00:09:34.000 --> 00:09:38.000
I really understood that and I really didn't have a choice
00:09:38.000 --> 00:09:40.000
So I got a device
00:09:40.000 --> 00:09:41.666
I got it implanted
00:09:41.666 --> 00:09:44.218
and it took sometime to…
00:09:51.080 --> 00:09:54.398
It took some time to recover from the surgery
00:09:54.398 --> 00:09:59.409
and also to really think about
00:09:59.409 --> 00:10:01.189
my own situation in a more abstract way
00:10:01.189 --> 00:10:02.154
to do some research.
00:10:02.154 --> 00:10:03.542
But I swore that if I got the device
00:10:03.542 --> 00:10:06.362
I would do some research and I would write a paper
00:10:06.362 --> 00:10:10.230
and I would talk about the issues that came up
00:10:10.230 --> 00:10:12.030
that the medical profession
00:10:12.030 --> 00:10:15.020
or at least the medical professionals that I dealt with
00:10:15.020 --> 00:10:17.020
had no answer for.
00:10:17.020 --> 00:10:22.000
So, the things that I found out when I wrote my paper were
00:10:22.000 --> 00:10:25.389
things that would surprise you and things that would not surprise you.
00:10:26.020 --> 00:10:27.404
Software has bugs.
00:10:27.404 --> 00:10:29.588
I really wanted a picture of the crickets
00:10:29.588 --> 00:10:31.738
that were in my room last night
00:10:31.738 --> 00:10:33.030
that fellow keynoters…
00:10:33.030 --> 00:10:34.060
*they are cockroaches*
00:10:34.070 --> 00:10:36.000
They are cockroaches?
00:10:36.000 --> 00:10:38.000
These are cockroaches.
00:10:38.000 --> 00:10:40.000
*So where are they?*
00:10:40.000 --> 00:10:43.000
But Paul and Jake got them out of my room.
00:10:43.000 --> 00:10:45.000
So that was really exciting.
00:10:45.000 --> 00:10:47.010
We were joking that I was going to talk about real bugs
00:10:47.010 --> 00:10:48.040
instead of software bugs.
00:10:48.040 --> 00:10:51.010
But, so, software has bugs.
00:10:51.010 --> 00:10:57.000
And medical devices as like as Matthew Garrett said
00:10:57.010 --> 00:10:58.030
will have bugs
00:10:58.030 --> 00:11:01.010
because the software engineering institute estimates that
00:11:01.010 --> 00:11:04.010
there is about one defect for every one hundred lines of code.
00:11:04.010 --> 00:11:08.330
So even if a majority of the bugs are caught in testing,
00:11:08.440 --> 00:11:11.018
even if three quarters of the bugs are caught in testing,
00:11:11.018 --> 00:11:13.000
that's still a lot of bugs.
00:11:13.000 --> 00:11:19.000
There's a study that I read that looked at
00:11:19.583 --> 00:11:24.000
recalls of devices that were published by the FDA.
00:11:25.455 --> 00:11:30.430
Basically, the study looked at all of the recalls
00:11:30.440 --> 00:11:34.200
and determined which ones they can tell were from software failures
00:11:34.200 --> 00:11:35.750
and then they evaluated those
00:11:35.760 --> 00:11:39.160
and the ones that they could tell enough
00:11:39.170 --> 00:11:41.610
about what the problem was from the software
00:11:41.610 --> 00:11:44.710
ninety-eight percent of them would have been detected
00:11:44.710 --> 00:11:47.000
with simple all-pairs testing.
00:11:47.650 --> 00:11:51.490
So, basic testing that you would expect
00:11:51.490 --> 00:11:54.920
for any kind of technical piece of equipment.
00:11:54.920 --> 00:11:59.280
So yes, the FDA has some review over these devices
00:11:59.290 --> 00:12:03.620
but if the companies aren't doing basic testing
00:12:03.630 --> 00:12:05.370
what are we doing?
00:12:05.380 --> 00:12:08.000
So, software has bugs.
00:12:08.000 --> 00:12:10.000
We know this, here in this room.
00:12:10.000 --> 00:12:13.000
Another thing that most of us here know is
00:12:13.000 --> 00:12:15.500
that security through obscurity doesn't work.
00:12:15.705 --> 00:12:19.170
And this is something that seems very counter intuitive
00:12:19.170 --> 00:12:21.640
for the folks that are not in this room.
00:12:21.650 --> 00:12:26.770
Every person who I started to about this in the medical profession said:
00:12:26.770 --> 00:12:28.160
"But I don't understand:"
00:12:28.160 --> 00:12:31.040
"Why would you want people to be able to see the software?"
00:12:31.050 --> 00:12:33.450
"If people can see the source code,"
00:12:33.450 --> 00:12:36.450
"it will be that much easier to break into it."
00:12:36.450 --> 00:12:39.440
But as we all know, that's not quite true.
00:12:39.460 --> 00:12:41.960
And in fact, by publishing the source code,
00:12:41.970 --> 00:12:44.000
everybody can see it, it will be a lot safer.
00:12:44.000 --> 00:12:46.380
But this is a major point that actually
00:12:46.400 --> 00:12:49.000
I address in my paper Killed By Code
00:12:49.000 --> 00:12:53.120
which go systematically through a lot of the research
00:12:53.130 --> 00:12:57.000
that shows how security professionals agree with that assertion.
00:12:57.200 --> 00:13:02.680
So, what we have is actually the worst of both worlds.
00:13:02.680 --> 00:13:07.110
We have closed code, so it doesn't have the safety
00:13:07.110 --> 00:13:09.010
of having a lot of people reviewing it.
00:13:09.102 --> 00:13:12.480
But we also have no security on these devices.
00:13:12.490 --> 00:13:15.000
A lot of these devices are broadcasting wirelessly.
00:13:15.000 --> 00:13:16.590
That's the standard right now.
00:13:16.620 --> 00:13:20.740
When I found out about that, I was totally freaked out.
00:13:20.760 --> 00:13:23.235
What do you mean,
00:13:23.235 --> 00:13:26.084
my heart device is going to be continuously broadcasting?
00:13:28.040 --> 00:13:30.240
Thinking the conferences that I go to,
00:13:30.250 --> 00:13:31.260
the people I hang out with,
00:13:31.260 --> 00:13:31.280
I don't want my information being broadcasted.
the people I hang out with,
00:13:31.280 --> 00:13:35.000
I don't want my information being broadcasted.
00:13:35.000 --> 00:13:37.829
So this is one of the things I brought up with
00:13:37.829 --> 00:13:39.230
the different doctors that I spoke to.
00:13:39.250 --> 00:13:41.530
I actually, as you might imagine,
00:13:41.550 --> 00:13:44.610
I got rid of that electro-physiologist that hang up on me.
00:13:44.630 --> 00:13:47.070
And I went from cardiologist to cardiologist
00:13:47.070 --> 00:13:50.170
to find someone who really understood these problems
00:13:50.170 --> 00:13:52.730
or at least why I was so worried about them.
00:13:52.740 --> 00:13:56.000
And I finally found a great cardiologist
00:13:56.000 --> 00:13:57.860
and a great electro-physiologist.
00:13:57.880 --> 00:14:02.940
Who said "I have never thought about this issue"
00:14:02.950 --> 00:14:05.560
"but I understand why it could be a problem."
00:14:05.570 --> 00:14:08.820
"You need this device. You can't wait another day."
00:14:08.820 --> 00:14:11.410
"But I'm going to work with you and see ways"
00:14:11.410 --> 00:14:14.470
"that we can at least address some of the things that you're worried about."
00:14:14.480 --> 00:14:19.000
So, one of the things that my electro-physiologist did
00:14:19.000 --> 00:14:22.000
was that he called around from hospital to hospital
00:14:22.000 --> 00:14:24.510
until he found an old device.
00:14:24.510 --> 00:14:28.900
So he said that I've got a simple heart condition.
00:14:28.930 --> 00:14:31.220
All that I need to do is to have a device that's going to
00:14:31.220 --> 00:14:33.900
be monitoring for a dangerous rhythm
00:14:33.900 --> 00:14:36.400
and if I get a dangerous rhythm, it will shock me.
00:14:36.410 --> 00:14:40.190
It's a much more simple algorithm than what the newer devices do.
00:14:40.190 --> 00:14:42.000
So a lot of the newer devices have this
00:14:42.000 --> 00:14:45.010
complex pacing algorithm for people who have a wide variety of problems.
00:14:45.010 --> 00:14:47.710
You'd understand why the medical companies do this.
00:14:47.750 --> 00:14:52.220
They do it because these devices are very difficult to make.
00:14:52.220 --> 00:14:53.790
They're precision manufacturers.
00:14:53.820 --> 00:14:57.300
And if they can get these devices that work for a broader range of cases
00:14:57.300 --> 00:14:59.000
then that's all the better.
00:14:59.000 --> 00:15:01.590
And then you never know what kind of additional complications
00:15:01.600 --> 00:15:03.465
that people are going to be developing.
00:15:03.465 --> 00:15:05.620
So, I don't have any symptoms now
00:15:05.620 --> 00:15:07.000
but I might develop them
00:15:07.000 --> 00:15:08.770
and it's great to have the pacing technology.
00:15:08.790 --> 00:15:11.170
But my electro-physiologist, my cardiologist said
00:15:11.318 --> 00:15:15.838
"Great, I now that you have a simple need here"
00:15:15.838 --> 00:15:17.610
"so why don't I find you an old device?"
00:15:17.620 --> 00:15:19.360
So I actually have an older device
00:15:19.360 --> 00:15:21.750
that communicate using magnetic coupling
00:15:21.750 --> 00:15:24.259
and not through wireless technology
00:15:24.259 --> 00:15:28.970
but my father has a wireless enabled pacemaker
00:15:28.980 --> 00:15:31.600
and when he walks into a room in the technician's office
00:15:31.630 --> 00:15:32.910
they just change his pulse.
00:15:33.128 --> 00:15:36.480
So, before he even sits down
00:15:36.490 --> 00:15:38.350
they know so much about him
00:15:38.350 --> 00:15:40.770
and they have the ability to really affect him.
00:15:40.858 --> 00:15:42.330
It's incredible.
00:15:43.590 --> 00:15:47.220
But as you can see at the last point on this slide
00:15:47.220 --> 00:15:48.720
these devices have been hacked.
00:15:48.740 --> 00:15:51.800
A university think-tank…
00:15:51.820 --> 00:15:55.460
actually a think-tank of a couple of universities worked together
00:15:55.460 --> 00:15:59.540
and showed that using just commercially available equipment
00:15:59.550 --> 00:16:02.010
you can hack into these devices and take control of them.
00:16:02.351 --> 00:16:05.920
They were able to not only deliver shocks,
00:16:06.010 --> 00:16:07.150
which is terrifying.
00:16:07.150 --> 00:16:07.170
I once had my device shock me in error
which is terrifying.
00:16:07.170 --> 00:16:09.200
I once had my device shock me in error
00:16:09.200 --> 00:16:12.600
and I can tell you it's like being kicked in the chest.
00:16:12.950 --> 00:16:16.820
You are basically out of commission
00:16:16.830 --> 00:16:17.830
at least for a few minutes
00:16:17.840 --> 00:16:20.180
I had to sit down and it was so exhausting
00:16:20.190 --> 00:16:23.000
just the surprise of it and the worry
00:16:23.000 --> 00:16:25.310
that I went to sleep for a few hours afterwards.
00:16:25.310 --> 00:16:29.190
It's pretty enduring.
00:16:29.190 --> 00:16:32.200
So not only that.
00:16:32.290 --> 00:16:33.650
They were able to deliver the shock,
00:16:33.670 --> 00:16:38.000
but they were also able to stop the delivering treatment.
00:16:38.000 --> 00:16:40.840
If the device was pacing, they could stop the pacing
00:16:40.840 --> 00:16:42.980
and a lot of people require their pacing
00:16:42.980 --> 00:16:42.990
in order to just live.
and a lot of people require their pacing
00:16:42.990 --> 00:16:44.290
in order to just live.
00:16:44.760 --> 00:16:46.460
A lot of people can't walk up a flight of stairs.
00:16:46.470 --> 00:16:49.227
My father is of these, if his pacing is disrupted.
00:16:49.520 --> 00:16:53.910
They were also able to get key information off
00:16:53.910 --> 00:16:54.780
of these devices.
00:16:54.780 --> 00:16:59.538
Like medical ID numbers, doctor's names,
00:17:00.412 --> 00:17:04.630
serial numbers… a lot of personal information that's broadcasting
00:17:04.640 --> 00:17:07.950
and there's no encryption of any kind on these devices.
00:17:07.960 --> 00:17:10.060
It's pretty scary.
00:17:10.070 --> 00:17:12.540
They were also able to put these devices into test mode.
00:17:12.720 --> 00:17:14.600
And what that does is it slowly runs on the battery
00:17:14.600 --> 00:17:16.980
Err… runs down the battery at a much faster rate
00:17:17.000 --> 00:17:20.000
than in normal circumstances
00:17:20.000 --> 00:17:22.410
and these devices are only as good as their batteries.
00:17:22.770 --> 00:17:25.378
So if my battery runs out on my device
00:17:25.805 --> 00:17:28.000
I need a new device, which means surgery.
00:17:28.000 --> 00:17:30.158
So, these devices have be hacked.
00:17:30.158 --> 00:17:33.077
It was after I was diagnosed that that happened
00:17:33.077 --> 00:17:36.138
but then I called up the doctor and said: "See?!"
00:17:36.138 --> 00:17:43.000
Clapping
00:17:43.000 --> 00:17:45.860
So the doctor really relies on the fact that
00:17:45.870 --> 00:17:47.850
these devices are approved by the FDA
00:17:47.850 --> 00:17:50.946
in the United States, and similar regulatory bodies elsewhere.
00:17:51.808 --> 00:17:55.966
So, as a good lawyer, I went and researched the FDA
00:17:55.966 --> 00:17:57.790
mechanism for approval of software
00:17:57.810 --> 00:18:00.082
And what I found, is that the FDA
00:18:00.082 --> 00:18:02.860
doesn't even typically review the source code on these devices
00:18:02.860 --> 00:18:06.280
Unless there is something obviously wrong with the software
00:18:06.280 --> 00:18:08.995
they generally don't even ask to see it
00:18:11.645 --> 00:18:14.860
There isn't actually a clear set of requirements for the software even
00:18:14.950 --> 00:18:19.350
and there are reasons for all these decisions of the FDA
00:18:19.360 --> 00:18:23.700
but we think the FDA is doing a lot more than it turns out that they are.
00:18:23.710 --> 00:18:26.175
The fact that they don't have a clear set of requirements
00:18:26.175 --> 00:18:28.171
is connected to the fact that
00:18:28.171 --> 00:18:31.790
they say that the companies that design these devices
00:18:31.930 --> 00:18:33.640
because they are so specialty
00:18:33.640 --> 00:18:36.460
and because they are so particular to each manufacturer
00:18:36.470 --> 00:18:40.000
There are probably tests that are specific to those devices
00:18:40.010 --> 00:18:43.460
and the people who know these devices best are the manufacturer
00:18:43.583 --> 00:18:46.769
and therefore they are the ones that need to design what the tests are.
00:18:46.769 --> 00:18:47.983
And there is some back and forth
00:18:47.983 --> 00:18:49.610
about whether they've done the right tests or not,
00:18:49.610 --> 00:18:51.607
but the truth of matter is that at the end of the day,
00:18:51.607 --> 00:18:54.400
there's nobody at the FDA that even sees the source code.
00:18:54.615 --> 00:18:56.850
Because they are not requesting the source code
00:18:56.950 --> 00:18:59.400
they don't even have a repository of it.
00:18:59.648 --> 00:19:03.850
So if there is catastrophic failure at Medtronic for example
00:19:04.010 --> 00:19:07.320
I don't know that there is a canonical repository
00:19:07.330 --> 00:19:09.220
for the software that I would have access to
00:19:09.250 --> 00:19:13.310
and without being able to update the software on my device
00:19:13.320 --> 00:19:15.340
I may get surgery to get a new one.
00:19:15.500 --> 00:19:18.440
So, if there is a problem
00:19:18.550 --> 00:19:26.129
my doctor, or truthfully some programming-savvy doctor
00:19:26.129 --> 00:19:29.470
I can find or would be able to work with
00:19:29.510 --> 00:19:33.230
to write a patch for my device, should there be a bug
00:19:33.260 --> 00:19:34.320
or should we find it out
00:19:35.920 --> 00:19:38.950
I actually spoke on a panel, with a guy
00:19:38.960 --> 00:19:40.650
in cyber-security at the FDA
00:19:40.650 --> 00:19:42.260
and I was really, really nervous
00:19:42.270 --> 00:19:44.670
because I did as much as I could as a lawyer
00:19:44.670 --> 00:19:46.370
I did all the research I could about the FDA
00:19:46.370 --> 00:19:49.920
but I was not sure if this was actually
00:19:49.920 --> 00:19:52.260
the case in practice so I put up the slide and I said
00:19:52.270 --> 00:19:55.937
John, tell me if I am wrong, but this is what I think it is.
00:19:55.937 --> 00:19:57.788
This is the way I think it is!
00:19:57.788 --> 00:20:00.490
And I followed with a slide about Free and Open Source Software
00:20:00.490 --> 00:20:02.930
and why is it so much better, and so much safer
00:20:02.950 --> 00:20:06.160
and as soon as he came up to speak he said:
00:20:06.233 --> 00:20:10.610
"Everybody thinks that the FDA should do this, the FDA should do that"
00:20:10.620 --> 00:20:12.840
"but we just don't have the resources"
00:20:13.013 --> 00:20:16.470
"and that is not what the FDA is set up to do"
00:20:16.470 --> 00:20:18.230
and he paused, and looked at me
00:20:18.230 --> 00:20:19.954
and just as I was about to… you know.
00:20:19.954 --> 00:20:22.953
And he said: "But you are saying something different"
00:20:22.953 --> 00:20:27.000
"You are saying, we let everybody else review the source code"
00:20:27.005 --> 00:20:29.141
"That is something very interesting!"
00:20:36.246 --> 00:20:42.220
So, making sure that our devices have software published
00:20:42.220 --> 00:20:43.320
means that anyone can review it
00:20:43.340 --> 00:20:47.000
My dad, who has that pacemaker is also an engineer
00:20:47.000 --> 00:20:48.800
and a fortunate programmer.
00:20:48.800 --> 00:20:50.260
He probably would have looked over it.
00:20:50.290 --> 00:20:52.451
Many of us know people with pacemaker.
00:20:52.451 --> 00:20:54.610
we would scour that code, for sure!
00:20:57.680 --> 00:20:59.330
One other thing that I found out
00:20:59.330 --> 00:21:00.680
which is a little bit weird
00:21:00.920 --> 00:21:04.020
is that because these devices in the United States
00:21:04.020 --> 00:21:07.050
are approved by a federal agency
00:21:07.560 --> 00:21:11.009
patients are preempted from suing under State True Law.
00:21:11.009 --> 00:21:13.790
So there is a whole avenue of remedy that patients
00:21:13.800 --> 00:21:16.808
normally get, which the medical manufacturers
00:21:16.808 --> 00:21:17.936
don't even have to worry about.
00:21:17.936 --> 00:21:20.810
So now, I mean, I am not saying that the medical device companies
00:21:20.810 --> 00:21:23.170
don't care if their patients die, obviously they do.
00:21:23.190 --> 00:21:27.940
But there is a whole part of legal remedies that aren't even available
00:21:30.460 --> 00:21:33.140
Really amazing, this research, and I have all of this set out
00:21:33.140 --> 00:21:35.128
in this paper I wrote that is available on
00:21:35.128 --> 00:21:37.548
the Software Freedom Law Center's website.
00:21:38.030 --> 00:21:43.123
All this results in the fact that I don't have freedom in my own body.
00:21:43.427 --> 00:21:47.440
I am not allowed to review the software that is implanted in it.
00:21:47.572 --> 00:21:50.500
It's literally connected in and screwed into my heart
00:21:50.500 --> 00:21:51.740
and I can't take a look at it.
00:21:51.928 --> 00:21:53.992
it's unbelievable to me.
00:21:55.392 --> 00:21:58.760
My mind is blown at the fact that the situation happened to me
00:21:58.770 --> 00:22:00.810
It is a little bit freakish that I was a lawyer
00:22:00.810 --> 00:22:01.950
at the Software Freedom Law Center
00:22:01.960 --> 00:22:04.640
and I happened to have this weird heart condition, I admit.
00:22:04.660 --> 00:22:08.030
but still just mind-blowing.
00:22:08.163 --> 00:22:09.940
I didn't even had a choice.
00:22:10.113 --> 00:22:13.636
The choice was either, you're extremely likely to die,
00:22:13.636 --> 00:22:15.670
or you can get this device in your body
00:22:15.880 --> 00:22:20.030
I hope that nobody in this room has to face that choice, but it was
00:22:20.040 --> 00:22:22.110
really, really scary.
00:22:23.522 --> 00:22:25.627
And then I started thinking about it,
00:22:25.872 --> 00:22:29.330
and you know, it's not just the heart devices.
00:22:29.656 --> 00:22:33.185
It's anything that our lives in our society rely on.
00:22:33.835 --> 00:22:38.750
And as I thought about it, I realized that this actually touches on
00:22:38.770 --> 00:22:43.428
a lot more areas of our lives than I thought it was.
00:22:46.750 --> 00:22:48.770
For example, cars.
00:22:51.476 --> 00:22:57.870
Like the university think tank that worked on those medical devices
00:22:57.870 --> 00:23:02.070
and I would say, if you have time in our board, you should totally read that study.
00:23:02.080 --> 00:23:08.000
It's fascinating, they implanted that device into a bag of bacon or meat of some kind
00:23:08.000 --> 00:23:12.000
to stimulate it and they show all the equipment that you can find anywhere
00:23:12.745 --> 00:23:15.350
that they used to hack into it.
00:23:15.821 --> 00:23:18.870
But the same process as done with cars.
00:23:19.090 --> 00:23:23.040
And a different think tank showed that they were able
00:23:23.060 --> 00:23:25.880
to hack into two different brands,
00:23:25.910 --> 00:23:28.000
two different manufacturer cars.
00:23:29.940 --> 00:23:33.650
So the IEEE says that a premium class car
00:23:33.680 --> 00:23:35.510
has close to 100 million lines of code.
00:23:35.580 --> 00:23:39.610
So if we think back to what the Software Engineering Institute said
00:23:39.630 --> 00:23:42.390
about one bug for every 100 lines of code
00:23:42.390 --> 00:23:46.250
that's a lot of bugs, just in your car.
00:23:49.570 --> 00:23:51.640
And what this think tank was able to do,
00:23:51.640 --> 00:23:53.950
was all the things you might expect.
00:23:53.960 --> 00:23:57.610
They are able to cause the car to accelerate, to brake.
00:23:57.880 --> 00:24:02.645
They were able to control each wheel of a car individually.
00:24:02.852 --> 00:24:05.662
And my favorite part, just for kicks,
00:24:05.662 --> 00:24:08.455
I don't know if you can see, but
00:24:08.455 --> 00:24:11.249
they're able to put a message on the dash
00:24:11.490 --> 00:24:15.000
and so, they said pwnd and there is a little
00:24:15.000 --> 00:24:19.020
x-eyed emoticon there.
00:24:19.692 --> 00:24:23.093
The idea that they are able to take control over
00:24:23.093 --> 00:24:25.255
two different brands of premium class cars
00:24:25.255 --> 00:24:28.508
is really amazing to me.
00:24:30.510 --> 00:24:34.700
Voting machines is another area that is super critical
00:24:34.700 --> 00:24:36.180
and we've actually been talking about.
00:24:36.200 --> 00:24:38.389
A lot of security experts have been talking about.
00:24:38.389 --> 00:24:40.520
the problems with their voting machines.
00:24:40.520 --> 00:24:45.070
In the United States, we rely on Diebold
00:24:45.070 --> 00:24:49.000
and a lot of private manufacturers.
00:24:51.600 --> 00:24:54.190
We have had problems with calibration.
00:24:54.200 --> 00:24:58.040
I don't know if you've seen, but there is this hilarious cartoons
00:24:58.060 --> 00:25:00.628
of people trying to vote for the right candidate
00:25:00.628 --> 00:25:03.240
and the name of the candidate they want to vote for
00:25:03.270 --> 00:25:06.560
moving around the screen, you sort of trying to poke after it
00:25:06.570 --> 00:25:08.470
and eventually, whatever you wanted to do it says:
00:25:08.480 --> 00:25:12.920
"You wanted to vote for the opposite candidate, right? right?"
00:25:13.020 --> 00:25:16.260
And it's very difficult to know because we sometimes
00:25:16.290 --> 00:25:18.390
don't have a verification of paper receipt
00:25:18.420 --> 00:25:21.790
we don't even know that our vote was counted properly
00:25:21.800 --> 00:25:25.020
and we were able to vote candidate in the end.
00:25:26.238 --> 00:25:29.800
Really weird, as this is the basis of our society
00:25:29.820 --> 00:25:32.094
and the backbone of our democracy.
00:25:33.308 --> 00:25:35.020
I love what they did in Brazil.
00:25:35.210 --> 00:25:38.408
I don't know if you guys heard about this, but Brazil said:
00:25:38.408 --> 00:25:42.846
"We know that software has vulnerabilities and software has bugs."
00:25:42.846 --> 00:25:46.027
"So we're gonna invite teams of hackers to come in,"
00:25:46.027 --> 00:25:47.948
"we're gonna give you the source code"
00:25:47.948 --> 00:25:49.985
"and we're gonna give a prize"
00:25:49.990 --> 00:25:52.414
"to anybody who find a way to…"
00:25:52.414 --> 00:25:55.000
"who finds a vulnerability to get into the system"
00:25:55.000 --> 00:25:59.959
All those teams, two of them were able to find bugs.
00:25:59.959 --> 00:26:03.550
They say that neither of them would have affected
00:26:03.570 --> 00:26:08.600
an election, but they were able to fix those bugs.
00:26:08.792 --> 00:26:10.930
And those hackers got a prize.
00:26:10.930 --> 00:26:12.960
Democracy is safer.
00:26:12.970 --> 00:26:14.970
Security through obscurity doesn't work.
00:26:14.970 --> 00:26:17.330
I don't know when we're going to figure this out,
00:26:17.340 --> 00:26:20.790
but Brazil has got it done. So it's possible.
00:26:21.700 --> 00:26:24.250
Our financial institutions, yeah, it's exciting!
00:26:24.270 --> 00:26:27.430
Financial institutions are an other area we've seen recently
00:26:27.430 --> 00:26:31.910
how bad it can be when our trusted institutions fail.
00:26:32.330 --> 00:26:35.555
A lot of these institutions are running software
00:26:35.555 --> 00:26:37.464
and our stock markets
00:26:37.464 --> 00:26:39.250
and the operations of our banks.
00:26:39.250 --> 00:26:43.010
These are all things that are critical
00:26:43.010 --> 00:26:45.944
to just the way we live our lives.
00:26:45.944 --> 00:26:50.078
It's more of a societal thing but we've already seen
00:26:50.078 --> 00:26:51.966
that there are vulnerabilities there.
00:26:52.440 --> 00:26:57.240
So, all this to say, it sounds heavy-handed
00:26:57.250 --> 00:27:01.040
but my medical device can be controlled!
00:27:01.488 --> 00:27:04.010
Our cars can be controlled and interfered with
00:27:04.014 --> 00:27:06.420
and our financial institutions can be compromised.
00:27:07.850 --> 00:27:13.260
I think we can all agree that our society and life-critical software must be safe.
00:27:13.810 --> 00:27:16.250
But we're in a really interesting time right now.
00:27:16.498 --> 00:27:22.150
Because how do we know what software that we use is life and society-critical?
00:27:22.720 --> 00:27:25.224
The way that we use computers has totally changed
00:27:25.224 --> 00:27:27.520
very very rapidly and very recently.
00:27:29.160 --> 00:27:33.330
I've been astounded how people of all ages have started using computers
00:27:33.350 --> 00:27:35.510
in a way that they never have before.
00:27:36.400 --> 00:27:40.530
It's no longer specific tech-savvy people that are computing.
00:27:40.530 --> 00:27:44.620
It's everybody, it's our grandparents, it's everyone.
00:27:44.621 --> 00:27:47.290
And we're using our software for everything,
00:27:48.160 --> 00:27:52.000
it's become how we do everything
00:27:52.159 --> 00:27:54.017
How we communicate with each other.
00:27:54.345 --> 00:27:56.620
How we talk on the phone
00:27:56.798 --> 00:28:00.170
How we write, how we create art
00:28:00.310 --> 00:28:04.000
How we handle our educational institutions
00:28:04.010 --> 00:28:05.620
and how we manage our lives
00:28:06.300 --> 00:28:08.080
We're building this infrastructure
00:28:08.110 --> 00:28:10.823
and we're not really even thinking about it
00:28:11.862 --> 00:28:15.876
A lot of people are using their phones to monitor things like their
00:28:16.715 --> 00:28:19.290
exercise schedules and their diet
00:28:20.042 --> 00:28:24.280
it's very convenient because you're keeping track of what you've eaten
00:28:24.300 --> 00:28:27.380
as you go, or what you do
00:28:27.420 --> 00:28:32.920
Some phone have pedometers, functionality built-in
00:28:33.140 --> 00:28:35.506
and that's kind of basic and fundamental
00:28:35.506 --> 00:28:38.710
but there is already software for the iPhone
00:28:39.160 --> 00:28:42.050
that can talk to an implanted insulin pump
00:28:42.670 --> 00:28:48.300
and compare your exercise and your diet information
00:28:48.300 --> 00:28:51.792
with your blood sugar levels on your insulin pump
00:28:52.105 --> 00:28:56.065
So now, suddenly, we're back to were I was with my medical device.
00:28:56.065 --> 00:28:59.191
You got an iPhone that you're relying on for your life.
00:28:59.450 --> 00:29:03.997
So, we're building all this infrastructure,
00:29:03.997 --> 00:29:05.795
and we're willing to think about it
00:29:06.720 --> 00:29:08.850
which is why the desktop is so important
00:29:09.030 --> 00:29:11.700
This is where sort of all this all fits in to
00:29:11.820 --> 00:29:15.570
my personal story and why I left the Freedom Software Law Center
00:29:15.580 --> 00:29:18.000
which I loved and felt like the luckiest lawyer in the world
00:29:18.030 --> 00:29:21.200
for being able to work there and been to the Gnome Foundation
00:29:21.220 --> 00:29:22.795
which I also left.
00:29:24.390 --> 00:29:27.570
And I say the desktop in quotes because I am talking about
00:29:27.570 --> 00:29:29.580
these ways that we interact with our computing
00:29:29.590 --> 00:29:32.030
in the ways that we manage our lives through software
00:29:33.145 --> 00:29:36.235
We've reached the point where software must be usable by everyone.
00:29:36.235 --> 00:29:38.620
I think everybody here
00:29:38.630 --> 00:29:42.520
probably knows an older person, who as of a few years ago
00:29:42.520 --> 00:29:44.728
probably never did anything with their computer.
00:29:44.728 --> 00:29:46.901
My mother was one of these people.
00:29:47.512 --> 00:29:51.150
I remember when I was a kid I kept saying
00:29:51.160 --> 00:29:53.200
"but mom look at these cool games!"
00:29:53.242 --> 00:29:54.310
"Not interested"
00:29:54.340 --> 00:29:57.010
And I remember when I was in college and I said:
00:29:57.030 --> 00:30:00.170
"Mom if we could talk by email, it could be so much better!"
00:30:00.340 --> 00:30:01.190
Nothing…
00:30:01.370 --> 00:30:04.060
I remember in Law School, I was saying
00:30:04.080 --> 00:30:07.100
"Mom I can do all this great research using my computer,"
00:30:07.110 --> 00:30:09.300
"I don't have to sit all day in a library, it's awesome"
00:30:09.300 --> 00:30:10.000
Nothing…
00:30:10.990 --> 00:30:15.450
Later I tried to say "mom I'm going to organize my travel using the computer!"
00:30:15.610 --> 00:30:18.100
Suddenly, she was slightly interested
00:30:18.350 --> 00:30:22.680
and now, with everything that has come to pass
00:30:22.690 --> 00:30:24.624
she can't do anything without her computer now
00:30:24.624 --> 00:30:26.386
Now, her computer has become…
00:30:26.540 --> 00:30:30.349
The first thing that she does, she emails and text to her friends
00:30:30.349 --> 00:30:33.910
she does her travels, she manages her finances
00:30:33.920 --> 00:30:36.120
it's spectacular to me because
00:30:36.150 --> 00:30:38.735
I didn't use my father because he was an engineer
00:30:39.090 --> 00:30:41.900
but my mother was really a bit of a technophobe
00:30:41.930 --> 00:30:44.250
And now she loves Apple
00:30:44.470 --> 00:30:45.540
LOVES APPLE
00:30:45.560 --> 00:30:48.310
She can use her computer to do… She doesn't have to think about it
00:30:48.320 --> 00:30:52.457
It's great, and it's very frustrating to me
00:30:54.250 --> 00:30:57.660
But I'm excited for her because she now can use a computer
00:30:57.660 --> 00:31:00.150
and it's something she owns now
00:31:00.160 --> 00:31:03.950
She doesn't ask me a question, well she does…
00:31:03.980 --> 00:31:08.000
But she doesn't think that there is any reason why
00:31:08.000 --> 00:31:11.761
these devices are not targeted at her
00:31:11.761 --> 00:31:17.578
and she is very much a representative of the majority of our society.
00:31:17.578 --> 00:31:20.810
And these are people, only a few years ago, would not have been
00:31:20.810 --> 00:31:23.900
that able to do very much with their computer.
00:31:24.945 --> 00:31:28.848
We need to appeal to these people because they are the ones
00:31:28.848 --> 00:31:31.292
that are making choices like supporting iPhone
00:31:31.292 --> 00:31:33.990
to put in their exercise and diet regimes to talk
00:31:34.000 --> 00:31:34.820
to their insulin pumps.
00:31:34.830 --> 00:31:39.039
These are the kind of things that we need to really worry about.
00:31:39.039 --> 00:31:45.030
because if we can't make our software easy to use by everybody,
00:31:45.350 --> 00:31:47.063
no one is gonna want to use it.
00:31:47.292 --> 00:31:50.565
And we have an opportunity now
00:31:50.565 --> 00:31:52.442
a window that is slowly closing
00:31:52.619 --> 00:31:54.870
because we're making choices now
00:31:54.870 --> 00:31:56.691
that we're gonna have to live with for a long time.
00:31:56.691 --> 00:31:58.500
We're building habits, we're building expectations
00:31:58.689 --> 00:32:02.797
and we're establishing the metrics in our society for what is
00:32:02.797 --> 00:32:04.771
acceptable software and what isn't.
00:32:07.931 --> 00:32:10.580
I'm not gonna read these to you, you guys are here,
00:32:10.590 --> 00:32:14.570
at LinuxConfAU, you know all the awesome reasons
00:32:14.590 --> 00:32:16.710
why you should use Free and Open Source software
00:32:16.730 --> 00:32:18.630
You're here for all those reasons
00:32:18.660 --> 00:32:20.450
including that it's just really fun.
00:32:20.570 --> 00:32:22.450
We've been having a great time here,
00:32:22.460 --> 00:32:24.240
and learning about all sorts of really cool things
00:32:24.600 --> 00:32:26.130
but the underscore of all that
00:32:26.310 --> 00:32:29.575
and where all these reasons can come from is from Freedom
00:32:31.930 --> 00:32:34.570
Free and Open Source software is not just good business
00:32:34.600 --> 00:32:36.340
it's also the right thing to do
00:32:36.581 --> 00:32:40.770
So when we talk about our heart devices, we talk about our voting machines
00:32:40.790 --> 00:32:42.820
and then we talk about the way we live our lives
00:32:42.850 --> 00:32:45.000
and the infrastructure of how we talk to one another.
00:32:45.112 --> 00:32:49.083
We see that Free and Open Source software is just
00:32:49.083 --> 00:32:50.830
the right thing to do for our society
00:32:50.903 --> 00:32:52.778
and in order to bring that to other people
00:32:52.860 --> 00:32:56.772
we need to make sure, it's easy and clear for them to use
00:32:56.920 --> 00:33:00.800
These are some screenshots from the Gnome 3 release which
00:33:01.130 --> 00:33:02.920
Most of who I would say are probably familiar
00:33:02.920 --> 00:33:05.150
with already and are forming your own opinions about whether
00:33:05.160 --> 00:33:07.010
you… laughs
00:33:07.010 --> 00:33:09.780
Gnome 3 is something that you want to use or not
00:33:09.780 --> 00:33:13.000
and I think that no mater what perspective you come from
00:33:13.010 --> 00:33:15.520
I think that you can see that the Gnome 3 rewrite is done
00:33:15.540 --> 00:33:18.970
to address these issues, it's to make our software
00:33:18.990 --> 00:33:20.620
sleek and usable by everybody.
00:33:21.420 --> 00:33:23.415
I joined Gnome after the Gnome 3 release
00:33:23.415 --> 00:33:25.410
and it was the Gnome 3 release
00:33:25.410 --> 00:33:28.065
that made me realize that I had to go work for Gnome
00:33:28.095 --> 00:33:30.090
because this is our future.
00:33:30.100 --> 00:33:34.000
We need to cross the bridge, we need to be able to provide software
00:33:34.000 --> 00:33:38.000
to people who otherwise wouldn't be able to use it.
00:33:38.000 --> 00:33:41.000
We need to make sure our desktop are accessible by everyone
00:33:41.000 --> 00:33:44.060
because we are not going to be able to build
00:33:44.110 --> 00:33:46.370
the right infrastructure for a whole society
00:33:46.390 --> 00:33:48.665
if we don't bring these people on board too.
00:33:50.370 --> 00:33:52.280
This is a second screenshot.
00:33:52.310 --> 00:33:55.210
It happens to be Marina from the Gnome community
00:33:55.230 --> 00:34:00.890
and she's the head of the Gnome outreach program for women
00:34:01.000 --> 00:34:04.738
which is an awesome program and is a kind
00:34:04.738 --> 00:34:06.260
of thing that you can do in a non-profit.
00:34:06.260 --> 00:34:06.280
But what you may not have seen is that
00:34:06.280 --> 00:34:08.180
But what you may not have seen is that
00:34:08.200 --> 00:34:11.670
we launched, very recently, an extension website.
00:34:11.670 --> 00:34:13.510
extensions.gnome.org
00:34:13.540 --> 00:34:16.262
where third-parties can upload
00:34:16.966 --> 00:34:21.230
extensions for the Gnome Shell and it's a simple point-and-click
00:34:21.240 --> 00:34:22.940
for Gnome 3.2
00:34:23.330 --> 00:34:25.840
So you can install all those customizations
00:34:25.980 --> 00:34:29.070
and we're trying to build the ways
00:34:29.070 --> 00:34:32.130
that Gnome 3 is going to develop over time
00:34:32.140 --> 00:34:37.780
So, even though we have a single Gnome Shell vision,
00:34:37.780 --> 00:34:40.450
with what I think are great choices,
00:34:40.450 --> 00:34:44.966
if you disagree with them, there is a way to implement changes.
00:34:47.712 --> 00:34:51.000
Gnome, I think, and I think many agree.
00:34:51.000 --> 00:34:51.010
I've actually had a lot of people looking at my computer
00:34:51.010 --> 00:34:54.250
I've actually had a lot of people looking at my computer
00:34:54.280 --> 00:34:55.100
over my shoulder and say
00:34:55.110 --> 00:34:57.800
"Oh my God what is that, that's so great!"
00:34:57.810 --> 00:35:00.840
"It's not a Mac, but it looks so good"
00:35:01.190 --> 00:35:02.780
"What's the story with that?"
00:35:02.790 --> 00:35:06.730
So it's beautiful, but it's a lot more than beautiful
00:35:06.760 --> 00:35:08.220
It's non-profit driven
00:35:08.527 --> 00:35:11.040
And in the Free and Open Source software space
00:35:11.050 --> 00:35:15.113
we have a lot of different ways that we develop our software together.
00:35:15.113 --> 00:35:20.797
Some of our projects are more on the Android
00:35:20.797 --> 00:35:24.833
or Unity side of things
00:35:24.833 --> 00:35:27.878
where they're mostly controlled by a single company
00:35:27.878 --> 00:35:32.049
and there are communities that build up around that
00:35:32.049 --> 00:35:34.834
but at the end of the day, the ultimate control
00:35:34.834 --> 00:35:36.540
of the project is by a single company.
00:35:36.804 --> 00:35:40.610
And then we have projects like Gnome that are non-profit focused
00:35:40.862 --> 00:35:43.440
and this actually touches on some other stuff that Bruce
00:35:43.440 --> 00:35:44.930
was mentioning in his keynote.
00:35:46.150 --> 00:35:49.550
What you get for non-profit development, or having a non-profit
00:35:49.560 --> 00:35:54.025
that unifies the development in the community is a lot.
00:35:54.025 --> 00:35:56.982
And one of the main things that you get is to keep other trust
00:35:57.110 --> 00:36:00.030
So the Gnome community for example,
00:36:01.130 --> 00:36:03.540
the Foundation is composed of members
00:36:03.570 --> 00:36:06.190
there is over 300 members and it varies depending
00:36:06.190 --> 00:36:08.680
on where people are and renewing their membership.
00:36:08.690 --> 00:36:11.770
But in order to become a member, you have to be a contributor
00:36:11.790 --> 00:36:14.050
to Gnome and it's only available to individuals
00:36:14.300 --> 00:36:16.760
and if you're a contributor to Gnome
00:36:17.140 --> 00:36:19.760
you can become a member, which allows you to vote for
00:36:19.780 --> 00:36:23.610
the Board of Directors which influences the direction of the project
00:36:23.620 --> 00:36:26.421
help spread infrastructure to support development
00:36:26.421 --> 00:36:28.240
and decides to hire people like me.
00:36:28.500 --> 00:36:33.180
So who are out there advocating for the ideology of Free and Open Source software
00:36:33.280 --> 00:36:36.830
and helping to organize this kind of effort
00:36:37.080 --> 00:36:39.612
So if you imagine the situation now,
00:36:39.612 --> 00:36:44.630
the Gnome community does not require copyright assignment
00:36:44.850 --> 00:36:51.000
but if a non-profit community like the Gnome community were to require,
00:36:51.000 --> 00:36:53.130
or were to accept copyright assignment,
00:36:53.170 --> 00:36:55.315
those copyrights were to be held by a Foundation
00:36:55.315 --> 00:36:59.850
that had an oversight by the contributors
00:36:59.870 --> 00:37:01.640
by everyone who has a stake in the community,
00:37:01.640 --> 00:37:02.840
by everybody who invest in it.
00:37:02.920 --> 00:37:07.070
There is a certain assurance to knowing that the control
00:37:07.100 --> 00:37:09.720
of a community is in a non-profit that is
00:37:09.730 --> 00:37:15.000
focused on what the contributors want, diversely,
00:37:15.000 --> 00:37:16.268
over companies.
00:37:18.840 --> 00:37:20.870
I want to stress that I'm not saying
00:37:20.870 --> 00:37:24.860
that companies don't have a very important place
00:37:24.860 --> 00:37:26.370
in Free and Open Source Software of course.
00:37:26.500 --> 00:37:31.070
Companies must be able to develop products
00:37:31.080 --> 00:37:34.450
in the Free and Open Source community but we need to
00:37:34.450 --> 00:37:37.990
encourage these non-profit structures which are focused on the ideology
00:37:38.020 --> 00:37:40.740
and work with companies to help them accomplish their goals.
00:37:40.760 --> 00:37:45.650
But under the rubric of non-profits the way that we have in the Gnome community
00:37:45.670 --> 00:37:47.620
We have a lot of companies that are involved in Gnome,
00:37:47.760 --> 00:37:49.160
on any Advisory Boards,
00:37:49.170 --> 00:37:50.630
and are just good participants
00:37:52.040 --> 00:37:56.100
but the overall mission of the Gnome Foundation and the community
00:37:56.560 --> 00:37:59.410
is the public good.
00:37:59.420 --> 00:38:02.790
We are a public charity, so we are focused on the public good
00:38:02.810 --> 00:38:04.520
not on our profit.
00:38:05.790 --> 00:38:08.800
We care about our profit but for participants in our community
00:38:08.940 --> 00:38:10.670
but what it means at the end of the day
00:38:10.670 --> 00:38:13.990
is that we want to make the World a better place.
00:38:14.210 --> 00:38:16.980
Sounds a little bit hokey
00:38:17.110 --> 00:38:19.280
but let's be honest, that where a lot of this
00:38:19.310 --> 00:38:21.000
Free and Open Source software came from originally
00:38:21.000 --> 00:38:24.000
ideologically that's why we have such great and cool software
00:38:24.000 --> 00:38:26.668
We have to start thinking about making the World a better place.
00:38:27.650 --> 00:38:30.900
So we, at Gnome, recently launched an accessibility campaign
00:38:30.980 --> 00:38:33.300
We want to make 2012 the year of accessibility
00:38:33.330 --> 00:38:34.852
This is a perfect example
00:38:34.852 --> 00:38:37.840
Yeah, it's really cool work, it's super important.
00:38:37.840 --> 00:38:40.998
*crowd clapping*
00:38:40.998 --> 00:38:43.410
So this is exactly the kind of thing that a company
00:38:43.410 --> 00:38:45.333
might not be able to afford to do
00:38:45.640 --> 00:38:50.000
because it's not necessarily in the interest
00:38:50.000 --> 00:38:55.000
in increasing the bottom line to work on specific accessibility initiatives
00:38:55.000 --> 00:38:56.530
for smaller populations of people.
00:38:56.598 --> 00:38:58.669
But we at Gnome understand that this is
00:38:58.669 --> 00:39:02.280
incredibly important because a desktop that's not usable by everybody
00:39:02.300 --> 00:39:05.031
is one that fails our mission.
00:39:05.193 --> 00:39:09.460
So this guy is Robert Cole, he is super awesome
00:39:09.480 --> 00:39:11.000
That's a picture of him in his family,
00:39:11.150 --> 00:39:14.000
he was kind enough to come forward and let us use
00:39:14.000 --> 00:39:17.720
his testimony for accessibility campaign
00:39:17.920 --> 00:39:20.230
He was born with a vision defect
00:39:20.250 --> 00:39:22.220
So he has no vision in one eye,
00:39:22.220 --> 00:39:24.632
and very limited vision in the other eye
00:39:25.080 --> 00:39:31.540
He was relying on some proprietary assistive technologies
00:39:31.540 --> 00:39:34.240
at one point that were really working for him
00:39:34.250 --> 00:39:37.650
he got a grant from his local government in order to
00:39:37.650 --> 00:39:41.560
get those technologies and they were assisting him to work.
00:39:41.750 --> 00:39:45.290
But then when his system upgraded, he applied for more funding
00:39:45.290 --> 00:39:47.980
to get the upgrade of his assistive technologies and he was denied
00:39:48.000 --> 00:39:48.960
additional funding.
00:39:49.517 --> 00:39:51.185
And he was just out of luck.
00:39:52.166 --> 00:39:55.340
Fortunately, Gnome has been a very accessible desktop
00:39:55.340 --> 00:39:57.170
and he was able to use Gnome technologies,
00:39:57.180 --> 00:40:01.370
and through that he became a very active member of the Gnome community
00:40:01.400 --> 00:40:03.420
but with Free and Open Source software technology
00:40:03.420 --> 00:40:05.660
whatever we develop is going to be out there,
00:40:05.680 --> 00:40:08.350
it's going to be available, you don't have to rely on
00:40:08.350 --> 00:40:10.677
expensive proprietary upgrades to know that
00:40:10.677 --> 00:40:12.720
you're going to continue to be able to use your software,
00:40:12.730 --> 00:40:14.476
should your overall system upgrade.
00:40:14.476 --> 00:40:21.223
So making sure that this kind of work is done in a Free and Open Source software environment
00:40:21.223 --> 00:40:23.160
is extremely important so we just launched
00:40:23.190 --> 00:40:25.910
this accessibility campaign if you donate to Gnome
00:40:25.980 --> 00:40:28.670
while this campaign is going on we pledged to use the money
00:40:28.690 --> 00:40:30.892
to help develop assistive technologies.
00:40:33.450 --> 00:40:36.740
So all this to say: let's choose freedom!
00:40:36.750 --> 00:40:42.232
We can choose freedom, we in this room are a very special group of people.
00:40:42.232 --> 00:40:47.910
While I'm focusing on what our users are doing and how we must bring our users all…
00:40:47.920 --> 00:40:49.736
and I say the broad of users,
00:40:49.736 --> 00:40:51.552
we have to think big, we have to think giant!
00:40:51.570 --> 00:40:57.010
While we need to do things that bring our user base in,
00:40:57.010 --> 00:41:00.280
people in this room are making choices everyday
00:41:00.300 --> 00:41:03.720
I can't tell how many iPhones I have seen at this conference
00:41:03.720 --> 00:41:05.700
how many Macs I have seen in this conference.
00:41:05.730 --> 00:41:07.900
You know we have the technology, it's good.
00:41:07.940 --> 00:41:13.000
I don't really tweak my desktop very much anymore at all
00:41:13.280 --> 00:41:16.790
I've switched over to Gnome-shell and it's so sleek
00:41:16.790 --> 00:41:19.960
and great and I barely use the command line
00:41:19.960 --> 00:41:23.990
for things that are connected to my computing environment
00:41:24.000 --> 00:41:27.160
and only then when I really feel I can't
00:41:27.170 --> 00:41:29.890
It's not for everybody, but we need to choose
00:41:29.890 --> 00:41:32.530
free an open platform, we need to develop on them
00:41:32.710 --> 00:41:34.460
because it's the only way we're gonna create
00:41:34.470 --> 00:41:37.870
these safer and better societies
00:41:37.900 --> 00:41:40.090
It's the only way we're going to create a World
00:41:40.110 --> 00:41:44.030
where we know that our software can be reviewed
00:41:44.060 --> 00:41:45.480
and that it will have integrity
00:41:46.790 --> 00:41:52.840
We need to build our communities in the non-profit space
00:41:53.110 --> 00:41:56.000
Because we need to create those really good degrees of trust
00:41:56.410 --> 00:41:59.438
We need to bring our ideology back into Free software.
00:42:00.184 --> 00:42:03.132
Going a little bit out there, I'd say:
00:42:03.132 --> 00:42:05.264
It's not about terminology, it's about ideology.
00:42:05.464 --> 00:42:06.545
We really need to think about
00:42:06.545 --> 00:42:08.809
making the World a better place because we can,
00:42:08.809 --> 00:42:09.920
and we should.
00:42:10.520 --> 00:42:15.520
I have this picture from the original Apple campaign.
00:42:15.622 --> 00:42:21.340
Because it really strikes me that this woman
00:42:21.360 --> 00:42:24.680
coming and taking her hammer and,
00:42:24.710 --> 00:42:29.330
flinging it against the establishment and the machine
00:42:29.400 --> 00:42:31.610
for individuality and our freedom,
00:42:31.800 --> 00:42:33.380
and it really speaks to me now.
00:42:34.710 --> 00:42:36.860
Let's choose Free and Open Source software
00:42:36.860 --> 00:42:39.470
for ourselves, and for our society.
00:42:42.090 --> 00:42:45.500
So the Gnome Foundation is a charitable organization.
00:42:45.540 --> 00:42:47.150
We accept donations.
00:42:47.150 --> 00:42:53.260
And my talk is freely licensed so feel free to quote it
00:42:53.460 --> 00:42:55.620
and republish it.
00:42:56.860 --> 00:42:58.400
Does anybody have any questions?
00:42:59.910 --> 00:43:15.160
*crowd clapping*
00:43:16.008 --> 00:43:17.215
Good day.
00:43:18.554 --> 00:43:23.660
I guess I personally see it as a really positive future
00:43:23.660 --> 00:43:28.070
because I think there is never going to be a year of
00:43:28.080 --> 00:43:30.550
the leading desktop where everyone suddenly converts
00:43:30.560 --> 00:43:32.480
but it would just be this gradual process.
00:43:32.480 --> 00:43:35.495
in the same way that most of us have come to Linux
00:43:35.495 --> 00:43:39.098
after some other proprietary process
00:43:40.310 --> 00:43:45.282
I'm wondering how you see us engaging with not
00:43:45.282 --> 00:43:48.461
the entirety of society, cause that's way to difficult
00:43:48.461 --> 00:43:51.763
but what's the next age of the people
00:43:51.763 --> 00:43:54.653
that we can engage with and that can then convert
00:43:54.653 --> 00:43:57.040
their friends and their parents and so forth?
00:43:57.353 --> 00:44:00.050
I also think that the next wave is that we need to get
00:44:00.070 --> 00:44:01.450
into schools as much as possible
00:44:01.710 --> 00:44:04.500
I think there are a lot of great initiatives to bring
00:44:04.500 --> 00:44:07.352
our various free distros into schools
00:44:07.352 --> 00:44:10.415
what really strikes me is that, in the United States in particular,
00:44:10.415 --> 00:44:15.027
there are a number of non-profits that are set up as technology charities
00:44:15.027 --> 00:44:20.172
and what they do is they bring Microsoft licenses and other proprietary licenses
00:44:20.172 --> 00:44:23.405
to underprivileged communities and to schools.
00:44:23.405 --> 00:44:25.263
They get tax breaks for doing that
00:44:25.263 --> 00:44:28.569
What they're actually doing is creating a dependency
00:44:28.569 --> 00:44:32.299
on proprietary software and it's a very clever,
00:44:32.299 --> 00:44:34.183
very very clever technique
00:44:34.183 --> 00:44:38.619
because we're training people to use certain kind of software.
00:44:38.619 --> 00:44:39.936
We need to do the same thing.
00:44:40.192 --> 00:44:41.863
I know there are a lot of great initiatives already.
00:44:41.863 --> 00:44:43.990
Gnome has a number of initiatives that would do this.
00:44:44.140 --> 00:44:47.565
And I'd say everybody get involved in your community
00:44:47.565 --> 00:44:50.170
and start bringing our software into schools.
00:44:50.170 --> 00:44:51.381
I think that a first step.
00:44:51.381 --> 00:44:54.520
I think the next step is writing really cool
00:44:54.580 --> 00:44:57.850
applications for our Free and Open platforms
00:44:57.990 --> 00:45:00.383
If we've got the next cool thing,
00:45:00.383 --> 00:45:02.000
then people would want to use it.
00:45:02.000 --> 00:45:04.215
There are lots of different steps. I think you're right.
00:45:04.215 --> 00:45:07.594
There is no easy answer to make
00:45:07.594 --> 00:45:10.289
this the year of the GNU/Linux desktop
00:45:10.289 --> 00:45:12.894
it just doesn't happen as easily as that
00:45:12.894 --> 00:45:14.572
but there are things that we can do in the schools,
00:45:14.572 --> 00:45:16.659
It's, I think, the first place we should start.
00:45:18.640 --> 00:45:19.580
Thanks you.
00:45:19.800 --> 00:45:21.660
Two things if I could. One is,
00:45:22.750 --> 00:45:24.950
for us in Australia and other countries,
00:45:24.950 --> 00:45:28.135
if the FDA has approved it, is that it?
00:45:28.135 --> 00:45:32.633
Is that accepted here without us having our own standards and rules
00:45:32.633 --> 00:45:34.449
setting the software, any of that?
00:45:34.465 --> 00:45:36.958
So I haven't actually looked into Australia.
00:45:36.958 --> 00:45:37.566
I should have.
00:45:37.566 --> 00:45:39.502
I actually thought this morning that I really needed
00:45:39.502 --> 00:45:41.163
to check the situation in Australia.
00:45:41.163 --> 00:45:46.260
But I know that in any UK and other countries there are comparable bodies
00:45:46.310 --> 00:45:47.510
the ones that I've looked in so far
00:45:47.530 --> 00:45:49.250
also don't review the source code.
00:45:49.270 --> 00:45:50.930
So they have similar review processes.
00:45:50.950 --> 00:45:54.660
The FDA only applies in the United States
00:45:54.670 --> 00:45:57.390
So each region has its own approval process.
00:45:57.400 --> 00:45:59.840
But from what I've discovered, so far in the regions
00:45:59.840 --> 00:46:01.560
that I have looked at, they are similar.
00:46:02.550 --> 00:46:05.246
The other thing is that there are other areas
00:46:05.246 --> 00:46:07.383
where software is extremely important
00:46:07.383 --> 00:46:09.278
that you've mentioned during your talk
00:46:09.278 --> 00:46:11.616
like avionics and gambling machines, and so on.
00:46:11.616 --> 00:46:14.650
And in some places in the World there are
00:46:14.740 --> 00:46:17.570
different rules, there is review of code and that
00:46:17.570 --> 00:46:18.440
sort of things.
00:46:19.140 --> 00:46:22.990
Two things out of that. One is it seems a shame
00:46:23.040 --> 00:46:27.180
that there aren't general government standards for
00:46:27.200 --> 00:46:31.000
software where it matters. Have you got any thoughts
00:46:31.000 --> 00:46:32.630
on how we could make that happen?
00:46:32.990 --> 00:46:34.625
We have to become real advocates
00:46:34.625 --> 00:46:38.450
and what does really strike me is that
00:46:38.460 --> 00:46:41.364
proprietary software companies have such an amazing lobby.
00:46:41.364 --> 00:46:43.090
They have so much money that they can pour in
00:46:43.090 --> 00:46:45.890
to making sure that the government is deeply
00:46:45.890 --> 00:46:47.840
concerned about their innovative edge.
00:46:48.000 --> 00:46:52.260
For their products that
00:46:52.260 --> 00:46:52.280
they keep they proprietary incentives
For their products that
00:46:52.280 --> 00:46:54.430
they keep they proprietary incentives
00:46:54.440 --> 00:46:56.380
Medical devices is a really good example
00:46:56.400 --> 00:46:57.830
of how that breaks down.
00:46:58.000 --> 00:47:01.231
When you think about the business case
00:47:01.231 --> 00:47:04.010
of medical devices, you sort of search and see:
00:47:04.030 --> 00:47:06.046
OK, well I'm not buying my heart…
00:47:06.046 --> 00:47:07.907
I'm not choosing the brand of my heart device
00:47:07.907 --> 00:47:10.290
because it has the best software on it.
00:47:10.330 --> 00:47:14.385
I'm choosing Medtronic because they have a good track record.
00:47:14.385 --> 00:47:18.224
Because they are a precision manufacturer of really detailed equipment
00:47:18.224 --> 00:47:19.850
and they have been for a long time.
00:47:19.960 --> 00:47:21.870
If they published their software,
00:47:21.870 --> 00:47:24.432
even if they've published their hardware specs,
00:47:24.432 --> 00:47:31.302
it's not like Nokia is going to go and start producing medical devices.
00:47:31.302 --> 00:47:33.650
And if they did, it would take some time
00:47:33.670 --> 00:47:35.439
to get doctors comfortable that the fact
00:47:35.439 --> 00:47:36.408
that they will be relying on them.
00:47:36.408 --> 00:47:37.504
They're going to get support.
00:47:37.504 --> 00:47:42.586
There's this whole issue of the fact that
00:47:42.586 --> 00:47:44.641
these proprietary software companies have
00:47:44.641 --> 00:47:46.489
a really strong lobbying force.
00:47:46.489 --> 00:47:49.374
The only response I got from Medtronic so far
00:47:49.374 --> 00:47:52.168
is saying: "Our business case relies on"
00:47:52.168 --> 00:47:53.950
"keeping ourselves for proprietary"
00:47:54.960 --> 00:47:57.192
In the United States there were a bunch of
00:47:57.192 --> 00:47:59.955
Breathalyzer cases, with drunk drivers.
00:48:03.540 --> 00:48:05.240
There is a driver who said:
00:48:05.240 --> 00:48:09.700
"If you're gonna convict me on the fact that"
00:48:09.700 --> 00:48:11.877
"this Breathalyzer said my blood alcohol level was very high,"
00:48:11.877 --> 00:48:13.537
"I want to be able to see the source code"
00:48:13.537 --> 00:48:16.000
"in order to determine whether or not"
00:48:16.000 --> 00:48:18.570
"that was accurately drived"
00:48:20.190 --> 00:48:21.954
The company fought it and said
00:48:21.954 --> 00:48:23.719
"this is our proprietary technology"
00:48:23.719 --> 00:48:24.265
"blablabla".
00:48:24.265 --> 00:48:25.950
Eventually the Court said you must produce
00:48:25.950 --> 00:48:28.450
the software, the source code and
00:48:28.470 --> 00:48:30.790
what the Court found through their experts was
00:48:30.810 --> 00:48:32.659
that the results couldn't be relied on.
00:48:34.800 --> 00:48:37.029
Amazing stuff, and this happens in a lot of different jurisdictions.
00:48:37.029 --> 00:48:38.657
In the United States, some jurisdictions say
00:48:38.657 --> 00:48:41.393
you must produce the code, others say no.
00:48:41.393 --> 00:48:43.280
But I think at the end of the day
00:48:43.300 --> 00:48:46.257
we need to keep it in our dialog, keep asking these questions
00:48:46.257 --> 00:48:50.476
throughout our different areas from
00:48:50.476 --> 00:48:53.140
breathalysers to medical devices.
00:48:53.360 --> 00:48:57.990
And being a really vocal community
00:48:58.000 --> 00:48:59.790
about these issues is going to help.
00:49:00.020 --> 00:49:02.863
We also need to organize from a lobbying perspective as well,
00:49:02.863 --> 00:49:05.194
because there is just so much funding on the other side.
00:49:06.820 --> 00:49:08.270
There was a question back there.
00:49:09.090 --> 00:49:10.360
Oh, you've got the mic, OK
00:49:10.660 --> 00:49:13.332
So first of all, I think that your talk was totally awesome
00:49:13.332 --> 00:49:16.697
and thanks for expressing basically the core
00:49:16.697 --> 00:49:18.875
of the Free software ideology which is that
00:49:18.875 --> 00:49:20.419
Free software is about freedom including
00:49:20.419 --> 00:49:22.280
the freedom to know how you're kept alive.
00:49:22.450 --> 00:49:25.950
Which I think is really important, so thanks for doing that!
00:49:26.220 --> 00:49:32.000
clapping
00:49:33.690 --> 00:49:36.000
As far as the remote car exploit stuff, that's
00:49:36.000 --> 00:49:38.510
actually from Alexei, Karl and Franzi in the lab
00:49:38.520 --> 00:49:39.930
at UW where I work.
00:49:39.960 --> 00:49:42.695
And those exploits were done remotely
00:49:43.092 --> 00:49:46.410
through the telematics units in the cars so just
00:49:46.420 --> 00:49:49.400
like cardiac-implants people can crash you car remotely.
00:49:50.241 --> 00:49:52.413
It's like through a telephone.
00:49:52.639 --> 00:49:57.330
Actually, I meant to get that into a little bit more detail,
00:49:57.330 --> 00:50:00.580
but yes the control of the cars were remote but
00:50:00.580 --> 00:50:03.981
I also want to mention that the HP printer exploit
00:50:03.987 --> 00:50:07.399
that happened recently, where
00:50:09.735 --> 00:50:13.200
over the Internet, folks were able to take control of
00:50:13.220 --> 00:50:16.220
HP printers which not only were able to do all
00:50:16.220 --> 00:50:18.440
kind of terrible things like being able to know what
00:50:18.440 --> 00:50:20.910
you are printing including monitoring to see if you
00:50:20.930 --> 00:50:23.160
are printing text documents and so determining
00:50:23.190 --> 00:50:25.710
what information was included in particular boxes
00:50:25.730 --> 00:50:29.230
but they were also able to set printers on fire.
00:50:29.990 --> 00:50:33.000
laughs
00:50:34.108 --> 00:50:35.890
They weren't? They were!
00:50:35.900 --> 00:50:38.818
"There was a guy at the CCC that had a printer set on fire this year"
00:50:38.818 --> 00:50:39.795
"Yeah!"
00:50:39.795 --> 00:50:51.000
mumbling
00:50:51.000 --> 00:50:54.000
"You should either talk into the microphone or ask a question"
00:50:54.000 --> 00:50:55.270
The question I was gonna ask you is
00:50:55.410 --> 00:50:57.170
You're talking about accessibility
00:50:57.370 --> 00:50:59.400
and one of the things I've noticed is that
00:50:59.400 --> 00:51:01.108
people that are blind are totally fucked
00:51:01.108 --> 00:51:02.631
when it comes to using computers
00:51:02.631 --> 00:51:04.183
and if you want to get a Braille terminal
00:51:04.183 --> 00:51:07.089
it can cost somewhere like 6 or 8 thousand Euros to get them.
00:51:07.089 --> 00:51:10.250
And there is one group in the UK that are looking at
00:51:10.250 --> 00:51:12.370
building affordable ones, I think coming in
00:51:12.400 --> 00:51:13.840
somewhere at a thousand dollars.
00:51:14.230 --> 00:51:16.317
But I wonder what Gnome can do to make it
00:51:16.317 --> 00:51:18.640
so that computers are really accessible in terms of
00:51:18.720 --> 00:51:21.400
alternate methods of interfacing with computers
00:51:21.410 --> 00:51:24.240
especially for people who are blind or unable to see
00:51:24.550 --> 00:51:26.330
and I wonder if you can talk a bit about
00:51:26.330 --> 00:51:29.000
Braille terminals and maybe making them accessible and so on.
00:51:30.820 --> 00:51:33.000
I was gonna say this actually as a separate talk.
00:51:33.000 --> 00:51:36.060
There was a talk on accessibility at this conference,
00:51:36.160 --> 00:51:38.920
but I don't want to get into too much detail
00:51:38.920 --> 00:51:44.810
about the particular initiatives, but with Gnome 2
00:51:44.810 --> 00:51:47.650
there are a lot of assistive technologies for
00:51:47.650 --> 00:51:49.630
vision or magnification.
00:51:49.640 --> 00:51:55.000
Other types of software that are very helpful but…
00:51:55.700 --> 00:51:58.850
and actually Gnome won several awards for
00:51:58.860 --> 00:52:01.098
the accessibility of their desktop.
00:52:01.098 --> 00:52:04.618
But while we rewrote Gnome 3,
00:52:04.618 --> 00:52:08.159
we actually broke a lot of our assistive technologies,
00:52:08.159 --> 00:52:11.468
as part of the necessity of starting all over again
00:52:11.468 --> 00:52:12.310
and starting new.
00:52:12.650 --> 00:52:15.974
So actually our campaign is much more basic than that.
00:52:15.974 --> 00:52:18.169
I'd like for us to get there over time.
00:52:18.169 --> 00:52:20.486
But we have some great software
00:52:20.486 --> 00:52:22.547
but it needs help just to get working.
00:52:22.547 --> 00:52:24.670
So the accessibility campaign
00:52:24.680 --> 00:52:26.738
that we're running now is really fundamental
00:52:26.738 --> 00:52:30.940
If we get a huge level of support from it,
00:52:30.940 --> 00:52:33.180
we can hire developers to work on the stuff and
00:52:33.180 --> 00:52:35.755
start exploring some of those particular initiatives.
00:52:35.755 --> 00:52:39.975
But it's sort of like, now the accessibility
00:52:39.975 --> 00:52:43.172
team at Gnome, at our annual general meeting
00:52:43.172 --> 00:52:45.063
I asked them to give a little presentation
00:52:45.063 --> 00:52:47.961
of where we stand, and the first slide was
00:52:47.961 --> 00:52:49.676
a set of stairs.
00:52:50.740 --> 00:52:53.255
So right now, we have a lot of work to do.
00:52:53.255 --> 00:52:56.474
We need to bring our new system back to
00:52:56.474 --> 00:52:58.182
where we were with Gnome 2,
00:52:58.182 --> 00:52:59.777
and then we need to go beyond.
00:52:59.777 --> 00:53:01.916
We're much further now, with Gnome 3
00:53:01.916 --> 00:53:03.642
than where we were when we launched Gnome 2
00:53:03.642 --> 00:53:05.572
and Gnome 2 went really far
00:53:05.572 --> 00:53:07.750
but we really have along way to go.
00:53:08.520 --> 00:53:11.000
So there was a question for someone right over there
00:53:11.000 --> 00:53:14.588
who had put his hand up, and I'll be really fast.
00:53:14.588 --> 00:53:16.345
If we can have one more question,
00:53:16.345 --> 00:53:18.117
we'll have to wrap it up after that.
00:53:22.000 --> 00:53:23.000
Thank you.
00:53:23.649 --> 00:53:30.020
I am concerned that should your implant fail,
00:53:30.760 --> 00:53:34.160
and you collapsed to the floor, I don't know what to do.
00:53:34.180 --> 00:53:37.110
Is it just CPR or is this something else I should do?
00:53:37.140 --> 00:53:38.890
That's a great question.
00:53:38.890 --> 00:53:41.550
Everybody should be trained in CPR,
00:53:41.600 --> 00:53:44.910
and I've became aware of this and hassle
00:53:44.930 --> 00:53:47.500
the people close to me to get trained in CPR
00:53:47.510 --> 00:53:49.400
when I found I had this heart condition.
00:53:49.410 --> 00:53:50.762
So if somebody collapse in the front of you,
00:53:50.762 --> 00:53:53.205
you should commence CPR,
00:53:53.205 --> 00:53:57.630
you should check their life signs and follow that procedure.
00:53:57.640 --> 00:54:00.392
For me, if I've collapsed now my device
00:54:00.392 --> 00:54:03.796
will most likely shock me and if it doesn't,
00:54:03.796 --> 00:54:05.146
if somebody performs CPR,
00:54:05.146 --> 00:54:08.785
hopefully we can keep my blood circulating until help comes
00:54:08.785 --> 00:54:12.523
and I can be shocked with an external defibrillator.
00:54:12.523 --> 00:54:15.642
The truth is, it often takes so long
00:54:15.642 --> 00:54:17.269
to get an external defibrillator
00:54:17.269 --> 00:54:18.610
and to get people's heart starting again
00:54:18.610 --> 00:54:21.263
that there is often some brain damage by the time that happens.
00:54:21.263 --> 00:54:22.895
So that's part of the reasons.
00:54:24.000 --> 00:54:25.000
There is one in the lobby.
00:54:26.050 --> 00:54:28.090
And it's funny because when I walk by those
00:54:28.100 --> 00:54:29.570
now I think: "Those are for suckers!"
00:54:29.570 --> 00:54:30.850
I've got my own!
00:54:30.860 --> 00:54:35.000
clapping
00:54:35.000 --> 00:54:38.957
So, all this to say I am really glad
00:54:38.957 --> 00:54:41.033
that I have this piece of technology,
00:54:41.033 --> 00:54:42.726
and I'm glad that I can rely on it.
00:54:42.726 --> 00:54:44.595
I just think it can be better and safer.
00:54:44.820 --> 00:54:45.710
Thanks you.
00:54:45.730 --> 00:54:47.110
Unfortunately, we're running out of time,
00:54:47.130 --> 00:54:49.000
but a huge round of applause for Karen.