[Plura-list] A $700 CPAP becomes a limited BIPAP through a software patch; State treasurers demand ventilator manufacturers publish manuals; Ten graphic novels for kids, teens and adults in lockdown

Cory Doctorow doctorow at craphound.com
Wed Apr 15 14:51:11 EDT 2020

Today's links

* Jailbreak for CPAP machine reveals hidden ventilator functionality: A
$700 CPAP becomes a limited BIPAP through a software patch.

* State treasurers demand ventilator manufacturers publish manuals:
Colorado, Pennsylvania, Illinois, Delaware, and Rhode Island want the
Right to Repair.

* Ten graphic novels for kids, teens and adults in lockdown: My picks
for True North Comics.

* One person is in charge of oversight for $2.2T in stimulus: Bharat
Ramamurti is the sole member of the Congressional Oversight Commission.

* Universities want to infect students' laptops with undetectable
rootkits: Invigilation tools + shared laptops + overstretched IT
departments = Bad, bad news.

* I Void Warranties for a Living: Name-your-price stickers.

* 2600 Magazine hit hard by pandemic: Bail 'em out by buying the current
ish as a download.

* This day in history: 2005, 2010, 2015, 2019

* Colophon: Recent publications, upcoming appearances, current writing
projects, current reading


🔇 Jailbreak for CPAP machine reveals hidden ventilator functionality

Right to Repair has never been more urgent. There's a reason farmers
have been on the front lines of R2R: they have pressing deadlines ("make
hay while the sun shines") and are located far from service depots and
transport hubs.

That's why farms have workshops and even forges. They have to rely on
their own ingenuity to fix their stuff, or they have to do without,
often at critical junctures.

During pandemic, hospitals taken on the characteristics of farmers:
isolated from service with urgent needs. And so do we all, to a greater
or lesser extent, as our stuff breaks down and no one is around to fix it.


There are three major reasons companies like Apple, John Deere and
Medtronic have fought so hard against R2R, killing 20 bills at the state

1. It lets them charge you extra for repairs and parts.

2. It lets them decide when a device needs to be retired so they can
sell you a new one (Tim Cook called longer Iphone usage cycles the
biggest threat to Apple profits).

3. It lets them charge you extra for features already in the device.
Independent repair could subvert this, committing "Contempt of Business

This is rampant in med-tech. Think of sleep apnea CPAP devices: they had
proprietary data-formats that allow manufacturers to charge doctors to
monitor their use.


They're also riddled with spyware that lets insurers gouge you on
consumables and deny benefits to people who need them:


Enter Resmed's Airsense 10, a CPAP machine that the company claims
cannot be retrofitted to perform ventilator functions, because it can
only push air, not pull it out again:


Security researcher Trammell Hudson analyzed the Airsense 10 and found a
mode in its firmware that allows it to pump air both in and out of the
user's lungs. He's released Airbreak, a jailbreaking patch for the
Airsense to turn it into a limited ventilator replacement.


This is presently only for research purposes. As Hudson writes, "in its
current form [this patch] should be considered a proof of concept and is
not intended for use in a life-support capacity."


Significantly, the jailbreak brings "the AirSense S10 to near feature
parity with BiPAP machines from the same manufacturer, boost the maximum
pressure output available, and provide a starting point to add more
advanced emergency ventilator functionality."

Hudson and colleagues are calling on Resmed to release an official,
supported patch that enables the latent functionality in their widely
available, low-cost CPAP machine.


🔇 State treasurers demand ventilator manufacturers publish manuals

The treasurers of Colorado, Pennsylvania, Illinois, Delaware, and Rhode
Island have demanded that ventilator manufacturers "release all service
manuals, service keys, and schematics" so hospitals can maintain their
equipment during the crisis.


This follows on from US PIRG's delivery of a 43,000 signature petition
to the major manufacturers:


Med-techs are having to violate copyright law and risk civil and
criminal penalties to maintain lifesaving equipment, and the alternative
is letting people die.


The Ifixit folks are maintaining a repository of med-tech repair info,
and are looking for your contributions, should you have any scanned
manuals, etc.



🔇 Ten graphic novels for kids, teens and adults in lockdown

I made a list of ten great graphic novels for the True North Comics
podcast, including kids' comics and stuff for teens and grownups
(including nonfiction and memoir):


For kids: Dragons Beware/Giants Beware (Rafael Rosado/Jorge Aguirre);
The Glorkian Warrior Eats Adventure Pie/The Glorkian Warrior Delivers a
Pizza (James Kochaka: You will laugh until you weep. Such amazing
parent/kid bedtime reading); Phoebe and Her Unicorn (Dana Simpson)

For teens: Drawn To Sex (Erika Moen and Matthew Nolan)

Adults (comics): Bloom Country Episode XI: A New Hope (Berkeley
Breathed: Trump has done some really terrible things, but at least he
brought Breathed out of retirement); YUGE! (Garry Trudeau)

Adults (memoir): Girl on Film (Cecil Castellucci: A memoir of growing up
in the arts, but also a true story about the biological nature of memory.)

Adults (nonfic): Making Comics (Lynda Barry: She's a certified MacArthur
'Genius' and this shows why: her method for making comics is really a
way of making meaning.)

Adults (fic): Paper Girls (Brian K. Vaughan and Cliff Chiang); Woman
World (Aminder Dhaliwal) Concrete Park (Tony Puryear: The first two are
so good, afrofuturist masterpieces, really — but the creator appears to
have orphaned them. Maybe this will nudge him to finish?)

One person is in charge of oversight for $2.2T in stimulus

Bharat Ramamurti is the sole member of the Congressional Oversight

Congress has appointed just one person to oversee the $2.2 trillion
stimulus. That person has no staff, office, or colleagues. He
communicates with the public solely by his Twitter account.

His name is Bharat Ramamurti, and he just got his blue tick.


Ramamurti, a former Warren staffer, is the sole member of the
Congressional Oversight Commission. He also oversees the Main Street
Lending Facility, which offers federal loans to businesses with fewer
than 10k employees/$2.5B in revenues.


He must prepare and release a report on the stimulus spending within 30
days. The other committee positions remain vacant because Nancy Pelosi
Kevin McCarthy and Mitch McConnell have failed to make their
appointments, and Pelosi and McConnell have not jointly chosen a chair.

Meanwhile, Ramamurti is diligently trying to prepare his report by
tweeting questions to Congress, asking how the money is being spent.


Ramamurti doesn't even have an Inspector General to backstop his work
because…Trump fired the IG, Glenn A. Fine.

Lest you think this is unique to late-stage grifterism's approach to
handing out massive checks to plutes, recall the situation when Obama
appointed the (now disgraced sexual predator) Eric Schneiderman to hand
out billions in the 2012 National Mortgage Settlement.

Schneiderman was given no staff or office – not even a desk. While
laboring in obscurity, Schneiderman handed out get-out-of-jail-free
cards to bankers who were preying on 12m homeowners who were in $700b in


At least Ramamurti is genuinely committed to ensuring that trillions are
not used to line the pockets of the super-rich while leaving the rest of
us to starve. Pity he doesn't even have a single person to help him.


🔇 Universities want to infect students' laptops with undetectable rootkits

The Australian National University is insisting that students install
"invigilation" software that monitors their computer use to prevent
cheating during tests.

This is incredibly worrisome.


These exam proctoring are typically rootkits that sink incredibly deep
hooks into the OS, and it's not really feasible for students to
determine whether these tools have been fully removed, or even whether
they're currently operating.

These exam proctoring are typically rootkits that sink incredibly deep
hooks into the OS, and it's not really feasible for students to
determine whether these tools have been fully removed, or even whether
they're currently operating.

Think of what it means to have university-supplied, unremovable,
omnipotent rootkits installed on the laptop that you ALSO use for
finance, dating, telemedicine, and psychiatric counselling.

Or what it means to have this installed on a laptop that you share with
a household.

This is an increasingly common situation, because laptops are how you
participate in society during lockdown, and the economy is imploding,
leaving parents, siblings, and co-habitants to share a laptop or be
excluded from the world because they can't afford to buy their own.

That means that your parents' employers' trade secrets are being
monitored by university-supplied spyware.

Worse still, uni IT departments – which have always struggled with
security and ops – are stretched thinner than ever, facing
layoffs/furloughs/hiring freezes.

Key personnel on sick leave (or have died in the pandemic) and they are
being asked to support orders of magnitude more activity than ever
before. It's a bonanza for cybercriminals as their traditional
adversaries are overtaxed and understaffed.

This is generally worrisome, but it's particularly a problem with ANU,
which has a history of ghastly cybersecurity failures and massive breaches.


Compromising online proctoring software is a really scary prospect: if
someone can seize control of the university's back-end, then, by design,
they can undetectably and unstoppably take over the computers of the
entire student body.

Compromising online proctoring software is a really scary prospect: if
someone can seize control of the university's back-end, then, by design,
they can undetectably and unstoppably take over the computers of the
entire student body.

A massive explosion in Zoom use revealed unforeseen failure modes and
new defects. We should expect this to happen again with invigilation
tools. The different is that invigilation tools are designed to operate
against computer owners' consent, and to hide those operations.

That makes their defects far more consequential.

This is a ticking timebomb.


🔇 I Void Warranties for a Living

Jilles has created a set of "I Void Warrantis For A Living" stickers
that you can get for a name-your-price donation via Stickertrade or by
Paypal to jilles at jilles.com. I've asked for a set and sent along NZ15,
which seemed like a fair price?


A note to Americans: Independent repair DOES NOT VOID YOUR WARRANTY and
has not since 1975!



🔇 2600 Magazine hit hard by pandemic

Like all magazines, the venerable hacker quarterly 2600 has been hit by
the pandemic. In their case, they printed a full run of their current
issue, then had their distributor bail on them because all the
bookstores are closed.


You can help rescue them by buying the current ish as a DRM-free


They're also selling an anthology of all of 2019's issues as a PDF:


I have a lifetime sub to 2600, and I've been reading it for decades.
I've even contributed to it. I love it to pieces (literally, some of my
old issues are falling apart). It is a force for good in the world.


🔇 This day in history

#15yrsago India's amazing statement on IP and international development

#10yrsago Big Content's dystopian wish-list for the US gov't: spyware,
censorship, physical searches and SWAT teams

#10yrsago JK Rowling on Britain's Conservative "nasty" Party

#5yrsago Arkansas cops send malware to whistleblowers' lawyers

#1yrago Leaked, "highly classified" French report shows that the
slaughter in Yemen depends on US support

#1yrago RIP, science fiction and fantasy Grand Master Gene Wolfe,
1931-2019 https://www.tor.com/2019/04/15/gene-wolfe-in-memoriam-1931-2019/

#1yrago Investors controlling $3B in Facebook stock demand Zuckerberg's
ouster, and they will lose

#1yrago Silicon Valley's techie uprisings reveal growing support for
socialism in tech

#1yrago Not just Apple: Microsoft has been quietly lobbying to kill
Right to Repair bills

#1yrago EFF to Facebook: enforce your rules banning cops from creating
sockpuppet accounts and be transparent when you catch cops doing it

#1yrago America today feels like the last days of the Soviet Union

#1yrago Air tanker drops are often useless for fighting wildfires, but
politicians order them because they make good TV

#1yrago The #ShellPapers: crowdsourcing analysis of all correspondence
between Shell and the Dutch government


🔇 Colophon

Today's top sources: Aestetix (https://aestetix.com), UEberLauch
(https://twitter.com/UEberLauch, Slashdot (https://slashdot.org/), Naked
Capitalism (https://nakedcapitalism.com/).

Currently writing: My next novel, "The Lost Cause," a post-GND novel
about truth and reconciliation

Currently reading: I'm getting really into Anna Weiner's memoir about
tech, "Uncanny Valley" and Jo Walton's forthcoming novel "Or What You Will."

Latest podcast: Podcast swap: Wil Wheaton on Little

Upcoming appearances:

* Apr 16, Stories are Super Weird. Here's Why They Work, Clarion Teen
Writing Classes

* Apr 22, Flatten The Curve Summit https://flattenthecurve.tech/

* Apr 23, Canada Reads Q&A

Upcoming books: "Poesy the Monster Slayer" (Jul 2020), a picture book
about monsters, bedtime, gender, and kicking ass. Pre-order here:

(we're having a launch for it in Burbank on July 11 at Dark Delicacies
and you can get me AND Poesy to sign it and Dark Del will ship it to the
monster kids in your life in time for the release date).

"Attack Surface": The third Little Brother book, Oct 20, 2020.

"Little Brother/Homeland": A reissue omnibus edition with a new
introduction by Edward Snowden: https://us.macmillan.com/books/9781250774583

This work licensed under a Creative Commons Attribution 4.0 license.
That means you can use it any way you like, including commerically,
provided that you attribute it to me, Cory Doctorow, and include a link
to pluralistic.net.


Quotations and images are not included in this license; they are
included either under a limitation or exception to copyright, or on the
basis of a separate license. Please exercise caution.
How to get Pluralistic:

Blog (no ads, tracking, or data-collection):


Newsletter (no ads, tracking, or data-collection):


Mastadon (no ads, tracking, or data-collection):


Twitter (mass-scale, unrestricted, third-party surveillance and


Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):


When life gives you SARS, you make sarsaparilla -Joey "Accordion Guy"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: OpenPGP digital signature
URL: <http://mail.flarn.com/pipermail/plura-list/attachments/20200415/dc98c0e0/attachment.sig>

More information about the Plura-list mailing list