YouTube

Vous avez un compte YouTube ?

Nouveauté : activer les traductions et les sous-titres créés par les internautes sur votre chaîne YouTube !

English sous-titres

← "Freedom In My Heart And Everywhere" Keynote by Karen Sandler

Obtenir le code d’intégration
3 langues

Afficher la révision 39 créée 11/26/2012 par pandark.

  1. How is that, can you hear me?
  2. Can I ask for everybody on the end
  3. who has a seat next to them to move a little bit in
  4. so that latecomers have a place to sit?
  5. Just move in one seat.
  6. As a latecomer often myself, it's a huge gift
  7. if you walk in and there's a place to sit.
  8. But not too much,
  9. because I think they've shut the side doors too, so…
  10. You're good, you're good.
  11. OK.
  12. I am really, really happy to be here.
  13. My talk is entitled Freedom in my heart and everywhere.
  14. As just said, I've been involved
  15. in the Free and Open Source community for a while
  16. I am the executive director of the GNOME Foundation
  17. and we'll get to some of that a little bit later
  18. which is really cool.
  19. And I, for a long time, was a lawyer at the Software Freedom Law Center.
  20. Resulting in eventually becoming general council.
  21. So I had this really lucky opportunity
  22. to get to know a lot of folks
  23. in the Free and Open Source software community
  24. by helping them with all of the crap
  25. that they didn't want to deal with.
  26. Really really fun!
  27. I've been a Free and Open Source enthusiast,
  28. I'd say, since the nineties
  29. And I am also a patient
  30. I have a really, really big heart
  31. I actually have a huge heart.
  32. So you think I work for non-profit
  33. but I actually an enlarged heart
  34. I have a condition called hypertrophic cardiomyopathy.
  35. I always get a little bit nervous when I talk about that
  36. because that sort of say
  37. my heart is a little broken.
  38. But it means that I have…
  39. it's not actual. My heart is very thick
  40. and that means that it has a hard time beating.
  41. It's a little bit stiff.
  42. And it's actually pretty fine.
  43. I don't have any symptoms yet.
  44. I just have a very high risk of suddenly dying.
  45. The term is actually sudden death.
  46. That's what the doctors tell you when you have HCM
  47. and you need to enter in this life-long treatment.
  48. They say you have a high risk of sudden death.
  49. Which is really terrifying as a patient.
  50. I have about a two to three chances per year of suddenly dying
  51. and that compounds, so I've found out about this at age 31
  52. and over the next decade it was sort of 20 to 30% risk of sudden death.
  53. Really, really, just a scary thing to hear…
  54. but there is a solution right now!
  55. which is to get a defibrillator.
  56. And what a defibrillator does is it's in your body
  57. I actually did get one, it's right here.
  58. It looks really huge there,
  59. but it's about like this big
  60. and it's right here.
  61. It has wires that
  62. sneak through my blood vessels
  63. and scour into my heart
  64. and it basically constantly monitors me
  65. and it's like having people
  66. following you around with paddles
  67. and if I go into a sudden death,
  68. it will shock me, and I'll be great!
  69. And I won't die! it's very exciting!
  70. So, all that is pretty well and good.
  71. The electro-physiologist that I saw when I told this
  72. has a bunch of these in his desk drawer,
  73. just so he can pass it to every patient
  74. because I think when you see how little this device is,
  75. it doesn't feel so scary.
  76. He pushed it over the desk at me,
  77. I was sitting here with my mother. I pick it up…
  78. He's like: "Pick it up, see how light it is!"
  79. So I pick it up and I say "Cool, what does it run?"
  80. Laughs
  81. applause
  82. To which I got a blank look.
  83. My mother gave my a blank look.
  84. Surgeon said "What are you talking about?"
  85. and I said "Well obviously, "
  86. "this piece of equipment is only as good as its software"
  87. I mean, it relies on its software to know
  88. when it is that I'm going to have a sudden death
  89. whether it is that I run across the street
  90. when I shouldn't have
  91. or I decided to run a marathon
  92. or for no reason at all.
  93. I'm totally relying on this software to know
  94. when is the appropriate time to give me a shock
  95. and when it's not.
  96. When I need pacing, maybe, or when I don't.
  97. And the electro-physiologist, of course had no answer at all.
  98. He said "nobody ever asked me this."
  99. "I never thought about the software on this device."
  100. "Hang on, there is a representative from Medtronic"
  101. "here in our office today."
  102. "I will get to him, because he is the manufacturer"
  103. "and surely they have thought about this."
  104. So, in walks this representative
  105. and I sort of explain
  106. "I'm a lawyer at the Software Freedom Law Center"
  107. "I care about the software on my device"
  108. "I just want to know: "
  109. "how does it works? what does it run?"
  110. "Can you tell me?"
  111. And he said "Nobody's ever asked me that before".
  112. So, we had this really interesting conversation and he said:
  113. "I see that this is a very serious issue"
  114. "Here is my number."
  115. "Call me and I'll put you through"
  116. "to people to talk about this."
  117. Bolded by this, I called him at Medtronic
  118. and he gave me the tech line
  119. and so I kept leaving messages…
  120. eventually, I kept being bounced around.
  121. Nobody would talk to me about this.
  122. I called the other two major medical device manufacturers:
  123. Boston Scientific and St. Jude
  124. and neither of them could give me a real answer either.
  125. Eventually, I started calling and saying
  126. "Look if someone would let me look at the software,"
  127. "I'll sign an NDA", You know, really against my principles
  128. Because, I'm a non-profit activist in the technology world
  129. I don't want to sign any NDA which would prevent me
  130. from sharing what I find with somebody else.
  131. But I though:
  132. "At least, I'll be able to see the source code"
  133. "and I'll feel comfortable about what's put in my body"
  134. But, unfortunately, I was brushed off. I was told no.
  135. I talked with some people at Medtronic that were sympathetic
  136. I had access to good doctors
  137. People said: "Oh, you know, we're Medtronic"
  138. We care deeply about making sure
  139. that there are no bugs in the software that we put on these devices.
  140. Obviously, we wouldn't release it if we didn't think it was safe.
  141. All these things
  142. You must trust us.
  143. Doctor say, the Food and Drugs Administration,
  144. the FDA in the United States,
  145. approves these devices
  146. So clearly, you're over reacting.
  147. And when I was talking to that same electro-physiologist on the phone
  148. and said I'm really troubled by this, because
  149. I think about all the people that have these devices.
  150. Some of them are quite powerful
  151. Dick Cheney had one at the time.
  152. He has a more impressive device now,
  153. that continually circulate his blood
  154. so he has no pulse.
  155. It's a fascinating, fascinating device, yeah!
  156. There are a lot of prominent people that…
  157. the demographic that get this devices
  158. are often in some powerful positions
  159. So you can easily imagine a situation where
  160. someone would be wanting to shut down these devices.
  161. And the electro-physiologist that I spoked to on the phone
    someone would be wanting to shut down these devices.
  162. And the electro-physiologist that I spoked to on the phone
  163. got so upset, he got so upset…
  164. that he hang up on me.
  165. He said "I think you're up to something"
  166. "I don't understand"
  167. "I don't know why you're so upset about this."
  168. "If you want to get a device, I'll help you"
  169. "But I think, I just don't, I think you're… you're…"
  170. Hang up.
  171. and I think it was really scary
  172. because he told me at the beginning of talking to him
  173. that he installed these devices all the time
  174. He installs sometime several devices a day.
  175. So the idea that he could be
  176. not even asking questions
  177. about the software that runs on these devices
  178. was pretty terrifying to him.
  179. So I put the whole thing off.
  180. And I just said, you know,
  181. I can't think about this.
  182. It's so terrifying.
  183. Am I really going to get
  184. proprietary software in my body?
  185. I don't know
  186. Plus the whole "mortality thing"
  187. and getting a piece of equipment
  188. sewn into your body.
  189. It's really a lot to deal with
  190. So I kept putting it off
  191. and eventually I couldn't anymore
  192. because friends and family kept asking me about it
  193. and saying "We're so worried about you"
  194. "We know that you can die at anytime"
  195. My mother, you know, off course don't have a land line
  196. and I don't have a great mobile reception in my apartment
  197. and my mother, if I didn't called her back within a hour
  198. would start calling all my friends
  199. saying "Have you speak to Karen today?"
  200. "Do you know if she's OK?"
  201. I went to brunch with a friend, and she asked me
  202. how this process was going.
  203. And I said "Well nobody from medical companies are calling me back,"
  204. "and you know, I'm sure I'll work it out."
  205. And she just burst into tears and she said
  206. "You know, you could die. Today."
  207. "and I just can't deal with that"
  208. "If you don't take care of this,"
  209. "I don't know if I can be friend with you"
  210. "because this is a serious thing"
  211. "and you're ignoring it for…"
  212. what she considered to be an esoteric issue.
  213. I really understood that and I really didn't have a choice
  214. So I got a device
  215. I got it implanted
  216. and it took sometime to…
  217. It took some time to recover from the surgery
  218. and also to really think about
  219. my own situation in a more abstract way
  220. to do some research.
  221. But I swore that if I got the device
  222. I would do some research and I would write a paper
  223. and I would talk about the issues that came up
  224. that the medical profession
  225. or at least the medical professionals that I dealt with
  226. had no answer for.
  227. So, the things that I found out when I wrote my paper were
  228. things that would surprise you and things that would not surprise you.
  229. Software has bugs.
  230. I really wanted a picture of the crickets
  231. that were in my room last night
  232. that fellow keynoters…
  233. *they are cockroaches*
  234. They are cockroaches?
  235. These are cockroaches.
  236. *So where are they?*
  237. But Paul and Jake got them out of my room.
  238. So that was really exciting.
  239. We were joking that I was going to talk about real bugs
  240. instead of software bugs.
  241. But, so, software has bugs.
  242. And medical devices as like as Matthew Garrett said
  243. will have bugs
  244. because the software engineering institute estimates that
  245. there is about one defect for every one hundred lines of code.
  246. So even if a majority of the bugs are caught in testing,
  247. even if three quarters of the bugs are caught in testing,
  248. that's still a lot of bugs.
  249. There's a study that I read that looked at
  250. recalls of devices that were published by the FDA.
  251. Basically, the study looked at all of the recalls
  252. and determined which ones they can tell were from software failures
  253. and then they evaluated those
  254. and the ones that they could tell enough
  255. about what the problem was from the software
  256. ninety-eight percent of them would have been detected
  257. with simple all-pairs testing.
  258. So, basic testing that you would expect
  259. for any kind of technical piece of equipment.
  260. So yes, the FDA has some review over these devices
  261. but if the companies aren't doing basic testing
  262. what are we doing?
  263. So, software has bugs.
  264. We know this, here in this room.
  265. Another thing that most of us here know is
  266. that security through obscurity doesn't work.
  267. And this is something that seems very counter intuitive
  268. for the folks that are not in this room.
  269. Every person who I started to about this in the medical profession said:
  270. "But I don't understand:"
  271. "Why would you want people to be able to see the software?"
  272. "If people can see the source code,"
  273. "it will be that much easier to break into it."
  274. But as we all know, that's not quite true.
  275. And in fact, by publishing the source code,
  276. everybody can see it, it will be a lot safer.
  277. But this is a major point that actually
  278. I address in my paper Killed By Code
  279. which go systematically through a lot of the research
  280. that shows how security professionals agree with that assertion.
  281. So, what we have is actually the worst of both worlds.
  282. We have closed code, so it doesn't have the safety
  283. of having a lot of people reviewing it.
  284. But we also have no security on these devices.
  285. A lot of these devices are broadcasting wirelessly.
  286. That's the standard right now.
  287. When I found out about that, I was totally freaked out.
  288. What do you mean,
  289. my heart device is going to be continuously broadcasting?
  290. Thinking the conferences that I go to,
  291. the people I hang out with,
  292. I don't want my information being broadcasted.
    the people I hang out with,
  293. I don't want my information being broadcasted.
  294. So this is one of the things I brought up with
  295. the different doctors that I spoke to.
  296. I actually, as you might imagine,
  297. I got rid of that electro-physiologist that hang up on me.
  298. And I went from cardiologist to cardiologist
  299. to find someone who really understood these problems
  300. or at least why I was so worried about them.
  301. And I finally found a great cardiologist
  302. and a great electro-physiologist.
  303. Who said "I have never thought about this issue"
  304. "but I understand why it could be a problem."
  305. "You need this device. You can't wait another day."
  306. "But I'm going to work with you and see ways"
  307. "that we can at least address some of the things that you're worried about."
  308. So, one of the things that my electro-physiologist did
  309. was that he called around from hospital to hospital
  310. until he found an old device.
  311. So he said that I've got a simple heart condition.
  312. All that I need to do is to have a device that's going to
  313. be monitoring for a dangerous rhythm
  314. and if I get a dangerous rhythm, it will shock me.
  315. It's a much more simple algorithm than what the newer devices do.
  316. So a lot of the newer devices have this
  317. complex pacing algorithm for people who have a wide variety of problems.
  318. You'd understand why the medical companies do this.
  319. They do it because these devices are very difficult to make.
  320. They're precision manufacturers.
  321. And if they can get these devices that work for a broader range of cases
  322. then that's all the better.
  323. And then you never know what kind of additional complications
  324. that people are going to be developing.
  325. So, I don't have any symptoms now
  326. but I might develop them
  327. and it's great to have the pacing technology.
  328. But my electro-physiologist, my cardiologist said
  329. "Great, I now that you have a simple need here"
  330. "so why don't I find you an old device?"
  331. So I actually have an older device
  332. that communicate using magnetic coupling
  333. and not through wireless technology
  334. but my father has a wireless enabled pacemaker
  335. and when he walks into a room in the technician's office
  336. they just change his pulse.
  337. So, before he even sits down
  338. they know so much about him
  339. and they have the ability to really affect him.
  340. It's incredible.
  341. But as you can see at the last point on this slide
  342. these devices have been hacked.
  343. A university think-tank…
  344. actually a think-tank of a couple of universities worked together
  345. and showed that using just commercially available equipment
  346. you can hack into these devices and take control of them.
  347. They were able to not only deliver shocks,
  348. which is terrifying.
  349. I once had my device shock me in error
    which is terrifying.
  350. I once had my device shock me in error
  351. and I can tell you it's like being kicked in the chest.
  352. You are basically out of commission
  353. at least for a few minutes
  354. I had to sit down and it was so exhausting
  355. just the surprise of it and the worry
  356. that I went to sleep for a few hours afterwards.
  357. It's pretty enduring.
  358. So not only that.
  359. They were able to deliver the shock,
  360. but they were also able to stop the delivering treatment.
  361. If the device was pacing, they could stop the pacing
  362. and a lot of people require their pacing
  363. in order to just live.
    and a lot of people require their pacing
  364. in order to just live.
  365. A lot of people can't walk up a flight of stairs.
  366. My father is of these, if his pacing is disrupted.
  367. They were also able to get key information off
  368. of these devices.
  369. Like medical ID numbers, doctor's names,
  370. serial numbers… a lot of personal information that's broadcasting
  371. and there's no encryption of any kind on these devices.
  372. It's pretty scary.
  373. They were also able to put these devices into test mode.
  374. And what that does is it slowly runs on the battery
  375. Err… runs down the battery at a much faster rate
  376. than in normal circumstances
  377. and these devices are only as good as their batteries.
  378. So if my battery runs out on my device
  379. I need a new device, which means surgery.
  380. So, these devices have be hacked.
  381. It was after I was diagnosed that that happened
  382. but then I called up the doctor and said: "See?!"
  383. Clapping
  384. So the doctor really relies on the fact that
  385. these devices are approved by the FDA
  386. in the United States, and similar regulatory bodies elsewhere.
  387. So, as a good lawyer, I went and researched the FDA
  388. mechanism for approval of software
  389. And what I found, is that the FDA
  390. doesn't even typically review the source code on these devices
  391. Unless there is something obviously wrong with the software
  392. they generally don't even ask to see it
  393. There isn't actually a clear set of requirements for the software even
  394. and there are reasons for all these decisions of the FDA
  395. but we think the FDA is doing a lot more than it turns out that they are.
  396. The fact that they don't have a clear set of requirements
  397. is connected to the fact that
  398. they say that the companies that design these devices
  399. because they are so specialty
  400. and because they are so particular to each manufacturer
  401. There are probably tests that are specific to those devices
  402. and the people who know these devices best are the manufacturer
  403. and therefore they are the ones that need to design what the tests are.
  404. And there is some back and forth
  405. about whether they've done the right tests or not,
  406. but the truth of matter is that at the end of the day,
  407. there's nobody at the FDA that even sees the source code.
  408. Because they are not requesting the source code
  409. they don't even have a repository of it.
  410. So if there is catastrophic failure at Medtronic for example
  411. I don't know that there is a canonical repository
  412. for the software that I would have access to
  413. and without being able to update the software on my device
  414. I may get surgery to get a new one.
  415. So, if there is a problem
  416. my doctor, or truthfully some programming-savvy doctor
  417. I can find or would be able to work with
  418. to write a patch for my device, should there be a bug
  419. or should we find it out
  420. I actually spoke on a panel, with a guy
  421. in cyber-security at the FDA
  422. and I was really, really nervous
  423. because I did as much as I could as a lawyer
  424. I did all the research I could about the FDA
  425. but I was not sure if this was actually
  426. the case in practice so I put up the slide and I said
  427. John, tell me if I am wrong, but this is what I think it is.
  428. This is the way I think it is!
  429. And I followed with a slide about Free and Open Source Software
  430. and why is it so much better, and so much safer
  431. and as soon as he came up to speak he said:
  432. "Everybody thinks that the FDA should do this, the FDA should do that"
  433. "but we just don't have the resources"
  434. "and that is not what the FDA is set up to do"
  435. and he paused, and looked at me
  436. and just as I was about to… you know.
  437. And he said: "But you are saying something different"
  438. "You are saying, we let everybody else review the source code"
  439. "That is something very interesting!"
  440. So, making sure that our devices have software published
  441. means that anyone can review it
  442. My dad, who has that pacemaker is also an engineer
  443. and a fortunate programmer.
  444. He probably would have looked over it.
  445. Many of us know people with pacemaker.
  446. we would scour that code, for sure!
  447. One other thing that I found out
  448. which is a little bit weird
  449. is that because these devices in the United States
  450. are approved by a federal agency
  451. patients are preempted from suing under State True Law.
  452. So there is a whole avenue of remedy that patients
  453. normally get, which the medical manufacturers
  454. don't even have to worry about.
  455. So now, I mean, I am not saying that the medical device companies
  456. don't care if their patients die, obviously they do.
  457. But there is a whole part of legal remedies that aren't even available
  458. Really amazing, this research, and I have all of this set out
  459. in this paper I wrote that is available on
  460. the Software Freedom Law Center's website.
  461. All this results in the fact that I don't have freedom in my own body.
  462. I am not allowed to review the software that is implanted in it.
  463. It's literally connected in and screwed into my heart
  464. and I can't take a look at it.
  465. it's unbelievable to me.
  466. My mind is blown at the fact that the situation happened to me
  467. It is a little bit freakish that I was a lawyer
  468. at the Software Freedom Law Center
  469. and I happened to have this weird heart condition, I admit.
  470. but still just mind-blowing.
  471. I didn't even had a choice.
  472. The choice was either, you're extremely likely to die,
  473. or you can get this device in your body
  474. I hope that nobody in this room has to face that choice, but it was
  475. really, really scary.
  476. And then I started thinking about it,
  477. and you know, it's not just the heart devices.
  478. It's anything that our lives in our society rely on.
  479. And as I thought about it, I realized that this actually touches on
  480. a lot more areas of our lives than I thought it was.
  481. For example, cars.
  482. Like the university think tank that worked on those medical devices
  483. and I would say, if you have time in our board, you should totally read that study.
  484. It's fascinating, they implanted that device into a bag of bacon or meat of some kind
  485. to stimulate it and they show all the equipment that you can find anywhere
  486. that they used to hack into it.
  487. But the same process as done with cars.
  488. And a different think tank showed that they were able
  489. to hack into two different brands,
  490. two different manufacturer cars.
  491. So the IEEE says that a premium class car
  492. has close to 100 million lines of code.
  493. So if we think back to what the Software Engineering Institute said
  494. about one bug for every 100 lines of code
  495. that's a lot of bugs, just in your car.
  496. And what this think tank was able to do,
  497. was all the things you might expect.
  498. They are able to cause the car to accelerate, to brake.
  499. They were able to control each wheel of a car individually.
  500. And my favorite part, just for kicks,
  501. I don't know if you can see, but
  502. they're able to put a message on the dash
  503. and so, they said pwnd and there is a little
  504. x-eyed emoticon there.
  505. The idea that they are able to take control over
  506. two different brands of premium class cars
  507. is really amazing to me.
  508. Voting machines is another area that is super critical
  509. and we've actually been talking about.
  510. A lot of security experts have been talking about.
  511. the problems with their voting machines.
  512. In the United States, we rely on Diebold
  513. and a lot of private manufacturers.
  514. We have had problems with calibration.
  515. I don't know if you've seen, but there is this hilarious cartoons
  516. of people trying to vote for the right candidate
  517. and the name of the candidate they want to vote for
  518. moving around the screen, you sort of trying to poke after it
  519. and eventually, whatever you wanted to do it says:
  520. "You wanted to vote for the opposite candidate, right? right?"
  521. And it's very difficult to know because we sometimes
  522. don't have a verification of paper receipt
  523. we don't even know that our vote was counted properly
  524. and we were able to vote candidate in the end.
  525. Really weird, as this is the basis of our society
  526. and the backbone of our democracy.
  527. I love what they did in Brazil.
  528. I don't know if you guys heard about this, but Brazil said:
  529. "We know that software has vulnerabilities and software has bugs."
  530. "So we're gonna invite teams of hackers to come in,"
  531. "we're gonna give you the source code"
  532. "and we're gonna give a prize"
  533. "to anybody who find a way to…"
  534. "who finds a vulnerability to get into the system"
  535. All those teams, two of them were able to find bugs.
  536. They say that neither of them would have affected
  537. an election, but they were able to fix those bugs.
  538. And those hackers got a prize.
  539. Democracy is safer.
  540. Security through obscurity doesn't work.
  541. I don't know when we're going to figure this out,
  542. but Brazil has got it done. So it's possible.
  543. Our financial institutions, yeah, it's exciting!
  544. Financial institutions are an other area we've seen recently
  545. how bad it can be when our trusted institutions fail.
  546. A lot of these institutions are running software
  547. and our stock markets
  548. and the operations of our banks.
  549. These are all things that are critical
  550. to just the way we live our lives.
  551. It's more of a societal thing but we've already seen
  552. that there are vulnerabilities there.
  553. So, all this to say, it sounds heavy-handed
  554. but my medical device can be controlled!
  555. Our cars can be controlled and interfered with
  556. and our financial institutions can be compromised.
  557. I think we can all agree that our society and life-critical software must be safe.
  558. But we're in a really interesting time right now.
  559. Because how do we know what software that we use is life and society-critical?
  560. The way that we use computers has totally changed
  561. very very rapidly and very recently.
  562. I've been astounded how people of all ages have started using computers
  563. in a way that they never have before.
  564. It's no longer specific tech-savvy people that are computing.
  565. It's everybody, it's our grandparents, it's everyone.
  566. And we're using our software for everything,
  567. it's become how we do everything
  568. How we communicate with each other.
  569. How we talk on the phone
  570. How we write, how we create art
  571. How we handle our educational institutions
  572. and how we manage our lives
  573. We're building this infrastructure
  574. and we're not really even thinking about it
  575. A lot of people are using their phones to monitor things like their
  576. exercise schedules and their diet
  577. it's very convenient because you're keeping track of what you've eaten
  578. as you go, or what you do
  579. Some phone have pedometers, functionality built-in
  580. and that's kind of basic and fundamental
  581. but there is already software for the iPhone
  582. that can talk to an implanted insulin pump
  583. and compare your exercise and your diet information
  584. with your blood sugar levels on your insulin pump
  585. So now, suddenly, we're back to were I was with my medical device.
  586. You got an iPhone that you're relying on for your life.
  587. So, we're building all this infrastructure,
  588. and we're willing to think about it
  589. which is why the desktop is so important
  590. This is where sort of all this all fits in to
  591. my personal story and why I left the Freedom Software Law Center
  592. which I loved and felt like the luckiest lawyer in the world
  593. for being able to work there and been to the Gnome Foundation
  594. which I also left.
  595. And I say the desktop in quotes because I am talking about
  596. these ways that we interact with our computing
  597. in the ways that we manage our lives through software
  598. We've reached the point where software must be usable by everyone.
  599. I think everybody here
  600. probably knows an older person, who as of a few years ago
  601. probably never did anything with their computer.
  602. My mother was one of these people.
  603. I remember when I was a kid I kept saying
  604. "but mom look at these cool games!"
  605. "Not interested"
  606. And I remember when I was in college and I said:
  607. "Mom if we could talk by email, it could be so much better!"
  608. Nothing…
  609. I remember in Law School, I was saying
  610. "Mom I can do all this great research using my computer,"
  611. "I don't have to sit all day in a library, it's awesome"
  612. Nothing…
  613. Later I tried to say "mom I'm going to organize my travel using the computer!"
  614. Suddenly, she was slightly interested
  615. and now, with everything that has come to pass
  616. she can't do anything without her computer now
  617. Now, her computer has become…
  618. The first thing that she does, she emails and text to her friends
  619. she does her travels, she manages her finances
  620. it's spectacular to me because
  621. I didn't use my father because he was an engineer
  622. but my mother was really a bit of a technophobe
  623. And now she loves Apple
  624. LOVES APPLE
  625. She can use her computer to do… She doesn't have to think about it
  626. It's great, and it's very frustrating to me
  627. But I'm excited for her because she now can use a computer
  628. and it's something she owns now
  629. She doesn't ask me a question, well she does…
  630. But she doesn't think that there is any reason why
  631. these devices are not targeted at her
  632. and she is very much a representative of the majority of our society.
  633. And these are people, only a few years ago, would not have been
  634. that able to do very much with their computer.
  635. We need to appeal to these people because they are the ones
  636. that are making choices like supporting iPhone
  637. to put in their exercise and diet regimes to talk
  638. to their insulin pumps.
  639. These are the kind of things that we need to really worry about.
  640. because if we can't make our software easy to use by everybody,
  641. no one is gonna want to use it.
  642. And we have an opportunity now
  643. a window that is slowly closing
  644. because we're making choices now
  645. that we're gonna have to live with for a long time.
  646. We're building habits, we're building expectations
  647. and we're establishing the metrics in our society for what is
  648. acceptable software and what isn't.
  649. I'm not gonna read these to you, you guys are here,
  650. at LinuxConfAU, you know all the awesome reasons
  651. why you should use Free and Open Source software
  652. You're here for all those reasons
  653. including that it's just really fun.
  654. We've been having a great time here,
  655. and learning about all sorts of really cool things
  656. but the underscore of all that
  657. and where all these reasons can come from is from Freedom
  658. Free and Open Source software is not just good business
  659. it's also the right thing to do
  660. So when we talk about our heart devices, we talk about our voting machines
  661. and then we talk about the way we live our lives
  662. and the infrastructure of how we talk to one another.
  663. We see that Free and Open Source software is just
  664. the right thing to do for our society
  665. and in order to bring that to other people
  666. we need to make sure, it's easy and clear for them to use
  667. These are some screenshots from the Gnome 3 release which
  668. Most of who I would say are probably familiar
  669. with already and are forming your own opinions about whether
  670. you… laughs
  671. Gnome 3 is something that you want to use or not
  672. and I think that no mater what perspective you come from
  673. I think that you can see that the Gnome 3 rewrite is done
  674. to address these issues, it's to make our software
  675. sleek and usable by everybody.
  676. I joined Gnome after the Gnome 3 release
  677. and it was the Gnome 3 release
  678. that made me realize that I had to go work for Gnome
  679. because this is our future.
  680. We need to cross the bridge, we need to be able to provide software
  681. to people who otherwise wouldn't be able to use it.
  682. We need to make sure our desktop are accessible by everyone
  683. because we are not going to be able to build
  684. the right infrastructure for a whole society
  685. if we don't bring these people on board too.
  686. This is a second screenshot.
  687. It happens to be Marina from the Gnome community
  688. and she's the head of the Gnome outreach program for women
  689. which is an awesome program and is a kind
  690. of thing that you can do in a non-profit.
  691. But what you may not have seen is that
  692. But what you may not have seen is that
  693. we launched, very recently, an extension website.
  694. extensions.gnome.org
  695. where third-parties can upload
  696. extensions for the Gnome Shell and it's a simple point-and-click
  697. for Gnome 3.2
  698. So you can install all those customizations
  699. and we're trying to build the ways
  700. that Gnome 3 is going to develop over time
  701. So, even though we have a single Gnome Shell vision,
  702. with what I think are great choices,
  703. if you disagree with them, there is a way to implement changes.
  704. Gnome, I think, and I think many agree.
  705. I've actually had a lot of people looking at my computer
  706. I've actually had a lot of people looking at my computer
  707. over my shoulder and say
  708. "Oh my God what is that, that's so great!"
  709. "It's not a Mac, but it looks so good"
  710. "What's the story with that?"
  711. So it's beautiful, but it's a lot more than beautiful
  712. It's non-profit driven
  713. And in the Free and Open Source software space
  714. we have a lot of different ways that we develop our software together.
  715. Some of our projects are more on the Android
  716. or Unity side of things
  717. where they're mostly controlled by a single company
  718. and there are communities that build up around that
  719. but at the end of the day, the ultimate control
  720. of the project is by a single company.
  721. And then we have projects like Gnome that are non-profit focused
  722. and this actually touches on some other stuff that Bruce
  723. was mentioning in his keynote.
  724. What you get for non-profit development, or having a non-profit
  725. that unifies the development in the community is a lot.
  726. And one of the main things that you get is to keep other trust
  727. So the Gnome community for example,
  728. the Foundation is composed of members
  729. there is over 300 members and it varies depending
  730. on where people are and renewing their membership.
  731. But in order to become a member, you have to be a contributor
  732. to Gnome and it's only available to individuals
  733. and if you're a contributor to Gnome
  734. you can become a member, which allows you to vote for
  735. the Board of Directors which influences the direction of the project
  736. help spread infrastructure to support development
  737. and decides to hire people like me.
  738. So who are out there advocating for the ideology of Free and Open Source software
  739. and helping to organize this kind of effort
  740. So if you imagine the situation now,
  741. the Gnome community does not require copyright assignment
  742. but if a non-profit community like the Gnome community were to require,
  743. or were to accept copyright assignment,
  744. those copyrights were to be held by a Foundation
  745. that had an oversight by the contributors
  746. by everyone who has a stake in the community,
  747. by everybody who invest in it.
  748. There is a certain assurance to knowing that the control
  749. of a community is in a non-profit that is
  750. focused on what the contributors want, diversely,
  751. over companies.
  752. I want to stress that I'm not saying
  753. that companies don't have a very important place
  754. in Free and Open Source Software of course.
  755. Companies must be able to develop products
  756. in the Free and Open Source community but we need to
  757. encourage these non-profit structures which are focused on the ideology
  758. and work with companies to help them accomplish their goals.
  759. But under the rubric of non-profits the way that we have in the Gnome community
  760. We have a lot of companies that are involved in Gnome,
  761. on any Advisory Boards,
  762. and are just good participants
  763. but the overall mission of the Gnome Foundation and the community
  764. is the public good.
  765. We are a public charity, so we are focused on the public good
  766. not on our profit.
  767. We care about our profit but for participants in our community
  768. but what it means at the end of the day
  769. is that we want to make the World a better place.
  770. Sounds a little bit hokey
  771. but let's be honest, that where a lot of this
  772. Free and Open Source software came from originally
  773. ideologically that's why we have such great and cool software
  774. We have to start thinking about making the World a better place.
  775. So we, at Gnome, recently launched an accessibility campaign
  776. We want to make 2012 the year of accessibility
  777. This is a perfect example
  778. Yeah, it's really cool work, it's super important.
  779. *crowd clapping*
  780. So this is exactly the kind of thing that a company
  781. might not be able to afford to do
  782. because it's not necessarily in the interest
  783. in increasing the bottom line to work on specific accessibility initiatives
  784. for smaller populations of people.
  785. But we at Gnome understand that this is
  786. incredibly important because a desktop that's not usable by everybody
  787. is one that fails our mission.
  788. So this guy is Robert Cole, he is super awesome
  789. That's a picture of him in his family,
  790. he was kind enough to come forward and let us use
  791. his testimony for accessibility campaign
  792. He was born with a vision defect
  793. So he has no vision in one eye,
  794. and very limited vision in the other eye
  795. He was relying on some proprietary assistive technologies
  796. at one point that were really working for him
  797. he got a grant from his local government in order to
  798. get those technologies and they were assisting him to work.
  799. But then when his system upgraded, he applied for more funding
  800. to get the upgrade of his assistive technologies and he was denied
  801. additional funding.
  802. And he was just out of luck.
  803. Fortunately, Gnome has been a very accessible desktop
  804. and he was able to use Gnome technologies,
  805. and through that he became a very active member of the Gnome community
  806. but with Free and Open Source software technology
  807. whatever we develop is going to be out there,
  808. it's going to be available, you don't have to rely on
  809. expensive proprietary upgrades to know that
  810. you're going to continue to be able to use your software,
  811. should your overall system upgrade.
  812. So making sure that this kind of work is done in a Free and Open Source software environment
  813. is extremely important so we just launched
  814. this accessibility campaign if you donate to Gnome
  815. while this campaign is going on we pledged to use the money
  816. to help develop assistive technologies.
  817. So all this to say: let's choose freedom!
  818. We can choose freedom, we in this room are a very special group of people.
  819. While I'm focusing on what our users are doing and how we must bring our users all…
  820. and I say the broad of users,
  821. we have to think big, we have to think giant!
  822. While we need to do things that bring our user base in,
  823. people in this room are making choices everyday
  824. I can't tell how many iPhones I have seen at this conference
  825. how many Macs I have seen in this conference.
  826. You know we have the technology, it's good.
  827. I don't really tweak my desktop very much anymore at all
  828. I've switched over to Gnome-shell and it's so sleek
  829. and great and I barely use the command line
  830. for things that are connected to my computing environment
  831. and only then when I really feel I can't
  832. It's not for everybody, but we need to choose
  833. free an open platform, we need to develop on them
  834. because it's the only way we're gonna create
  835. these safer and better societies
  836. It's the only way we're going to create a World
  837. where we know that our software can be reviewed
  838. and that it will have integrity
  839. We need to build our communities in the non-profit space
  840. Because we need to create those really good degrees of trust
  841. We need to bring our ideology back into Free software.
  842. Going a little bit out there, I'd say:
  843. It's not about terminology, it's about ideology.
  844. We really need to think about
  845. making the World a better place because we can,
  846. and we should.
  847. I have this picture from the original Apple campaign.
  848. Because it really strikes me that this woman
  849. coming and taking her hammer and,
  850. flinging it against the establishment and the machine
  851. for individuality and our freedom,
  852. and it really speaks to me now.
  853. Let's choose Free and Open Source software
  854. for ourselves, and for our society.
  855. So the Gnome Foundation is a charitable organization.
  856. We accept donations.
  857. And my talk is freely licensed so feel free to quote it
  858. and republish it.
  859. Does anybody have any questions?
  860. *crowd clapping*
  861. Good day.
  862. I guess I personally see it as a really positive future
  863. because I think there is never going to be a year of
  864. the leading desktop where everyone suddenly converts
  865. but it would just be this gradual process.
  866. in the same way that most of us have come to Linux
  867. after some other proprietary process
  868. I'm wondering how you see us engaging with not
  869. the entirety of society, cause that's way to difficult
  870. but what's the next age of the people
  871. that we can engage with and that can then convert
  872. their friends and their parents and so forth?
  873. I also think that the next wave is that we need to get
  874. into schools as much as possible
  875. I think there are a lot of great initiatives to bring
  876. our various free distros into schools
  877. what really strikes me is that, in the United States in particular,
  878. there are a number of non-profits that are set up as technology charities
  879. and what they do is they bring Microsoft licenses and other proprietary licenses
  880. to underprivileged communities and to schools.
  881. They get tax breaks for doing that
  882. What they're actually doing is creating a dependency
  883. on proprietary software and it's a very clever,
  884. very very clever technique
  885. because we're training people to use certain kind of software.
  886. We need to do the same thing.
  887. I know there are a lot of great initiatives already.
  888. Gnome has a number of initiatives that would do this.
  889. And I'd say everybody get involved in your community
  890. and start bringing our software into schools.
  891. I think that a first step.
  892. I think the next step is writing really cool
  893. applications for our Free and Open platforms
  894. If we've got the next cool thing,
  895. then people would want to use it.
  896. There are lots of different steps. I think you're right.
  897. There is no easy answer to make
  898. this the year of the GNU/Linux desktop
  899. it just doesn't happen as easily as that
  900. but there are things that we can do in the schools,
  901. It's, I think, the first place we should start.
  902. Thanks you.
  903. Two things if I could. One is,
  904. for us in Australia and other countries,
  905. if the FDA has approved it, is that it?
  906. Is that accepted here without us having our own standards and rules
  907. setting the software, any of that?
  908. So I haven't actually looked into Australia.
  909. I should have.
  910. I actually thought this morning that I really needed
  911. to check the situation in Australia.
  912. But I know that in any UK and other countries there are comparable bodies
  913. the ones that I've looked in so far
  914. also don't review the source code.
  915. So they have similar review processes.
  916. The FDA only applies in the United States
  917. So each region has its own approval process.
  918. But from what I've discovered, so far in the regions
  919. that I have looked at, they are similar.
  920. The other thing is that there are other areas
  921. where software is extremely important
  922. that you've mentioned during your talk
  923. like avionics and gambling machines, and so on.
  924. And in some places in the World there are
  925. different rules, there is review of code and that
  926. sort of things.
  927. Two things out of that. One is it seems a shame
  928. that there aren't general government standards for
  929. software where it matters. Have you got any thoughts
  930. on how we could make that happen?
  931. We have to become real advocates
  932. and what does really strike me is that
  933. proprietary software companies have such an amazing lobby.
  934. They have so much money that they can pour in
  935. to making sure that the government is deeply
  936. concerned about their innovative edge.
  937. For their products that
  938. they keep they proprietary incentives
    For their products that
  939. they keep they proprietary incentives
  940. Medical devices is a really good example
  941. of how that breaks down.
  942. When you think about the business case
  943. of medical devices, you sort of search and see:
  944. OK, well I'm not buying my heart…
  945. I'm not choosing the brand of my heart device
  946. because it has the best software on it.
  947. I'm choosing Medtronic because they have a good track record.
  948. Because they are a precision manufacturer of really detailed equipment
  949. and they have been for a long time.
  950. If they published their software,
  951. even if they've published their hardware specs,
  952. it's not like Nokia is going to go and start producing medical devices.
  953. And if they did, it would take some time
  954. to get doctors comfortable that the fact
  955. that they will be relying on them.
  956. They're going to get support.
  957. There's this whole issue of the fact that
  958. these proprietary software companies have
  959. a really strong lobbying force.
  960. The only response I got from Medtronic so far
  961. is saying: "Our business case relies on"
  962. "keeping ourselves for proprietary"
  963. In the United States there were a bunch of
  964. Breathalyzer cases, with drunk drivers.
  965. There is a driver who said:
  966. "If you're gonna convict me on the fact that"
  967. "this Breathalyzer said my blood alcohol level was very high,"
  968. "I want to be able to see the source code"
  969. "in order to determine whether or not"
  970. "that was accurately drived"
  971. The company fought it and said
  972. "this is our proprietary technology"
  973. "blablabla".
  974. Eventually the Court said you must produce
  975. the software, the source code and
  976. what the Court found through their experts was
  977. that the results couldn't be relied on.
  978. Amazing stuff, and this happens in a lot of different jurisdictions.
  979. In the United States, some jurisdictions say
  980. you must produce the code, others say no.
  981. But I think at the end of the day
  982. we need to keep it in our dialog, keep asking these questions
  983. throughout our different areas from
  984. breathalysers to medical devices.
  985. And being a really vocal community
  986. about these issues is going to help.
  987. We also need to organize from a lobbying perspective as well,
  988. because there is just so much funding on the other side.
  989. There was a question back there.
  990. Oh, you've got the mic, OK
  991. So first of all, I think that your talk was totally awesome
  992. and thanks for expressing basically the core
  993. of the Free software ideology which is that
  994. Free software is about freedom including
  995. the freedom to know how you're kept alive.
  996. Which I think is really important, so thanks for doing that!
  997. clapping
  998. As far as the remote car exploit stuff, that's
  999. actually from Alexei, Karl and Franzi in the lab
  1000. at UW where I work.
  1001. And those exploits were done remotely
  1002. through the telematics units in the cars so just
  1003. like cardiac-implants people can crash you car remotely.
  1004. It's like through a telephone.
  1005. Actually, I meant to get that into a little bit more detail,
  1006. but yes the control of the cars were remote but
  1007. I also want to mention that the HP printer exploit
  1008. that happened recently, where
  1009. over the Internet, folks were able to take control of
  1010. HP printers which not only were able to do all
  1011. kind of terrible things like being able to know what
  1012. you are printing including monitoring to see if you
  1013. are printing text documents and so determining
  1014. what information was included in particular boxes
  1015. but they were also able to set printers on fire.
  1016. laughs
  1017. They weren't? They were!
  1018. "There was a guy at the CCC that had a printer set on fire this year"
  1019. "Yeah!"
  1020. mumbling
  1021. "You should either talk into the microphone or ask a question"
  1022. The question I was gonna ask you is
  1023. You're talking about accessibility
  1024. and one of the things I've noticed is that
  1025. people that are blind are totally fucked
  1026. when it comes to using computers
  1027. and if you want to get a Braille terminal
  1028. it can cost somewhere like 6 or 8 thousand Euros to get them.
  1029. And there is one group in the UK that are looking at
  1030. building affordable ones, I think coming in
  1031. somewhere at a thousand dollars.
  1032. But I wonder what Gnome can do to make it
  1033. so that computers are really accessible in terms of
  1034. alternate methods of interfacing with computers
  1035. especially for people who are blind or unable to see
  1036. and I wonder if you can talk a bit about
  1037. Braille terminals and maybe making them accessible and so on.
  1038. I was gonna say this actually as a separate talk.
  1039. There was a talk on accessibility at this conference,
  1040. but I don't want to get into too much detail
  1041. about the particular initiatives, but with Gnome 2
  1042. there are a lot of assistive technologies for
  1043. vision or magnification.
  1044. Other types of software that are very helpful but…
  1045. and actually Gnome won several awards for
  1046. the accessibility of their desktop.
  1047. But while we rewrote Gnome 3,
  1048. we actually broke a lot of our assistive technologies,
  1049. as part of the necessity of starting all over again
  1050. and starting new.
  1051. So actually our campaign is much more basic than that.
  1052. I'd like for us to get there over time.
  1053. But we have some great software
  1054. but it needs help just to get working.
  1055. So the accessibility campaign
  1056. that we're running now is really fundamental
  1057. If we get a huge level of support from it,
  1058. we can hire developers to work on the stuff and
  1059. start exploring some of those particular initiatives.
  1060. But it's sort of like, now the accessibility
  1061. team at Gnome, at our annual general meeting
  1062. I asked them to give a little presentation
  1063. of where we stand, and the first slide was
  1064. a set of stairs.
  1065. So right now, we have a lot of work to do.
  1066. We need to bring our new system back to
  1067. where we were with Gnome 2,
  1068. and then we need to go beyond.
  1069. We're much further now, with Gnome 3
  1070. than where we were when we launched Gnome 2
  1071. and Gnome 2 went really far
  1072. but we really have along way to go.
  1073. So there was a question for someone right over there
  1074. who had put his hand up, and I'll be really fast.
  1075. If we can have one more question,
  1076. we'll have to wrap it up after that.
  1077. Thank you.
  1078. I am concerned that should your implant fail,
  1079. and you collapsed to the floor, I don't know what to do.
  1080. Is it just CPR or is this something else I should do?
  1081. That's a great question.
  1082. Everybody should be trained in CPR,
  1083. and I've became aware of this and hassle
  1084. the people close to me to get trained in CPR
  1085. when I found I had this heart condition.
  1086. So if somebody collapse in the front of you,
  1087. you should commence CPR,
  1088. you should check their life signs and follow that procedure.
  1089. For me, if I've collapsed now my device
  1090. will most likely shock me and if it doesn't,
  1091. if somebody performs CPR,
  1092. hopefully we can keep my blood circulating until help comes
  1093. and I can be shocked with an external defibrillator.
  1094. The truth is, it often takes so long
  1095. to get an external defibrillator
  1096. and to get people's heart starting again
  1097. that there is often some brain damage by the time that happens.
  1098. So that's part of the reasons.
  1099. There is one in the lobby.
  1100. And it's funny because when I walk by those
  1101. now I think: "Those are for suckers!"
  1102. I've got my own!
  1103. clapping
  1104. So, all this to say I am really glad
  1105. that I have this piece of technology,
  1106. and I'm glad that I can rely on it.
  1107. I just think it can be better and safer.
  1108. Thanks you.
  1109. Unfortunately, we're running out of time,
  1110. but a huge round of applause for Karen.