Replies to This Discussion

Permalink Reply by AndyRozman on January 28, 2013 at 11:55pm

Don't think that will happen... Java has been arround for a long time, and I haven't seen any serious problems with it...

Since whole CareLink data retrieval is written in java (only platform independent language) I don't think they will get rid of that. Problems that Minimed has are not releated to Java, but to incorrect use of it, and also use of native library (this is the one that doesn't allow use of Carelink on any operating system).

Permalink Reply by Nyadach on January 29, 2013 at 1:18am

"To defend against this and future Java vulnerabilities, disable Java in Web browsers." to quote the US Department of Homeland Security's Computer Emergency Readiness Team about recent bugs in it. Think that pretty much sums up how bad. We shouldn't need to use it.

What I would much prefer is access to the software my hospital is using to access the pump via CareLink. That's a full .Net application! If MM have rewritten a "professional" application for a native operating system, they can do for us home users also! And yes while that get's around Java, Mono will get around the issues for other OS's so it really should be just down to MM now.

Permalink Reply by AndyRozman on January 29, 2013 at 2:18am

Aha so, M$ buys Homeland security, with free install of Windows in all their offices and you are a happy camper...

If you had real application for end users (not doctors) and that means not a Web application, you wouldn't need to use java (or you could if you wanted). What Web application Carelink does is, to install java applet and it's native libraries into your computer and run's it. Now what Homeland security calls Java vulnerabilities are not vuln. but are features... You need to have a local access to either USB or COM port (depends on what you use to access the pump, either cable or Carelink USB key), and this is what java application does in this case... Actually MM has gone a step further and created whole communication with pump in this java application (or applet since it's run from Web browser).

Actually they could easily created full application (and please don't ever call .NET application a native application) but then the user would have all the work... Installing application, making upgrades, sometime uninstalling aplication and reinstalling the new one... They created Carlink Web application so that user doesn't have this headaches (they can change base "application" ala web page, or even change a way how "application" communicates with pump (the applet part)) without you even knowing)... It was a good move on their part, only problem is that while starting move was good (actually briliant), they didn't do the follow up... They "forgot" to add support for other browsers (this is now supported with warning as I recall) and support for other OSes (which is still not there, at least not fully), which makes on end, their starting briliant move, now look like a foolishnes...

I am firmly against putting personal (in this case medical) data on "display" on some web page. Actually it's not really on display, but if there was someone who wanted to hack it he could, since this data is stored somewhere "out there", which was only one of the reasons, why I decied agains using Minimed pump, when I was making the selection...

"Getting rid of Java" in this case is actually problem that would take a lot of money and a lot of time, which makes me sure it will never happen.

Permalink Reply by Nyadach on January 29, 2013 at 3:32am

No, my issue is simple. MM have already rewritten it to work on .Net for doctors to use. So why can't we be allowed to use the same application so we don't have to go through the web and Java also?

Mono will hopefully cover it on other OS's, or should depending on what libraries they have used (yes I know Mono doesn't include all the MS libraries). And that takes out the whole security issue as you mention of it being on the web. I would love it to of been a proper application for each system, but that is probably asking far to much considering they've now got both a Java and a .Net version going.

My issue with Java and Flash is that they are the biggest security problems out there currently. And it wasn't just the Homeland Security lot who issued the warning over it. But the issue remains that the two of them are something which should hopefully be removed, and in doing so would greatly reduce the vulnerabilities of any system, be that Mac, Linux or Windows.

On a side note, the .Net application (on at least it's second version now that I've seen, although only played with the latest one) gives a lot more detailed information than the current system. Which seems to hint at (that and the fact it's pretty new, or new just to the hospital possibly) is where MM are developing it. The parts of the application which hold multiple patient details isn't needed for us, but the application itself is much better for cross referencing information.