Comment by tstrimple
18 hours ago
Tested how? With 100% "unit test" coverage? I can certainly see how a random person on the internet might be highly motivated and actually talented enough to contribute to these sorts of projects. But they don't have the budget and resources that commercial entities have. They don't have the same due diligence requirements. They don't have the same liability. If I use a commercial device unaltered, it's the company's fault if the device fucks up or is defective and causes harm. If I install random internet software on my medical device and it fucks up and causes harm, it's my fault.
I say this as someone who might modify my own medical devices because I'm so fucking jaded over the capitalist march towards enshitification and maximizing profit over human lives. There is simply no way random folks on the internet can test these types of systems to any reliable degree. It requires rigorous testing across hundreds to thousands of test cases. They at best can give you the recipe that works well for them and the few people that have voluntarily tried their version. That doesn't scale and certainly isn't any safer than corporate solutions.
Why do people think constantly something made by some random company is automatically better than something made "DIY".
I totally understand, that because of liability and some more availability of resources, you would expect a company product to be "safe". BUT: if it is your butt that is going to be in the line, then I bet you: you will be much more careful that a random engineer in some random company. About the resources available in a big company, they are usually more directed to marketing, legal (including lobbing to avoid right to repair) and oder areas to maximize revenue, and not exactly in quality.
I worked in 2 different big companies which worked in "mission critical systems" and boy! I can tell you some stories about how unsafe is what they do, and how much money is invested in "cover your ass" instead of making products better/safer.
I thought I explained it, but I'll break it down into smaller words. Medical software doesn't just have to solve one particular users's problems. It has to be generalized to the majority of folk seeking treatment for a particular problem. If one particular CPAP user is able to tweak their settings to work better for their particular lifestyle, it is not generalizeable to every CPAP user. A corporation offering a general solution is put under *far* more scrutiny than a random github repo is. A corporation can be sued for releasing a product that kills people, but good luck convincing a court that your family deserves restitution for you installing a random script you found on the internet into your insulin pump.
This has fuck all to do with how much corporations care about people. It has everything to do with liability laws and how victims can get restitution. It has everything to do with the actual risks of installing random internet scripts versus the corporations who have to jump through regulatory hoops. And it's not to say corporations get everything right. They fuck things up constantly. But they fuck things up constantly with oversight and regulation and you want me to believe random internet users will make a better product without it. It's nonsense.
I have explained it already in other comments, but let me break it down for you again:
The “liability”, “scrutiny”, “regulation” only generate “cover your ass” measures, bureaucracy, red tape, costs, and hardly any real measure to increase quality or safety. My work is in such a critical mission systems company, and they don’t give a shit about safety, just are interested in coming out clean or not waste too much money in settlement with dead people relatives.
> but good luck convincing a court that your family deserves restitution for you installing a random script you found on the internet into your insulin pump.
And good luck fighting a Pharma corporation for whatever did wrong. BTW, you bring the CPAP topic. Maybe you can read this at leisure [1] in this case, because it was a huge scandal, they pay. But 90% of the time, they don’t. And even if this case, with legal cost deducted, and divided by all people, is not a real compensation (spoiler alert: it never ever is!).
Please note in this case they DID KNOW about the issue, and did nothing. So much for liability and scrutiny.
[1] https://www.drugwatch.com/philips-cpap/lawsuits/
> But they don't have the budget and resources that commercial entities have.
Everyone is standing on the shoulders of giants. You're not going from stone tools to jet engines in a month, but you could fix a bug in one in that time.
> They don't have the same due diligence requirements. They don't have the same liability.
Things that exist to try to mitigate the misalignment of incentives that comes from paying someone else to create something you depend on. Better for the incentives to align to begin with.
Notice also that these things are floors, not ceilings. The company is only required to do the minimum. You can exceed it by as much as you like.
> If I use a commercial device unaltered, it's the company's fault if the device fucks up or is defective and causes harm. If I install random internet software on my medical device and it fucks up and causes harm, it's my fault.
And then if the community version fixes a bug that would have killed you and you stick with the commercial version you can sue them for killing you. Except that you're dead.
> There is simply no way random folks on the internet can test these types of systems to any reliable degree.
Basically the entire population is on the internet, so the set of them includes all the people doing it for a corporation. Are they going to forget how to do their jobs when they go home, or when they or a member of their family gets issued another company's device and they want it to be right?