On 1/3/2019 4:00 AM, Thiago Macieira wrote:
On 1/2/2019 4:00 AM, Thiago Macieira wrote:
I understand you're working with 4.8. I don't care.
That would by why there are hundreds, possibly thousands of companies
all supporting their own fork of Qt and even more moving away from Qt.
They choose to use Qt.
Takes them 1-4 years to get a product out the door which has a 10-20
year market life.
And in those 10-20 years, they're going to get 20-40 updates of Qt.
No, they're not. They will get what they got with 4.8 and that's it.
Some of their developers will periodically monitor "fixes" to later
releases to see if such things can or should be applied to their source
base. Many will just work around issues. Some shops reportedly fixed
things in 4.8 they found, but the fix submission process was so onerous
those fixes exist only in one shop.
By then, Qt has abandon them. There are __many__ medical devices running
4.8 out in the real world saving lives today. We've had this discussion
before. Most likely he is working on a medical device as well since 4.8
seems to be the most popular in that world.
Then they should acquire professional support for their devices, if they need
to keep running on old, not-otherwise-supported versions. The community has
limited resources and I'm not being paid a dime to support old versions, nor
is the company I work for.
They end up supporting it themselves and banding with other
non-competing companies to maintain a common distro.
If you're choosing to stick to an old version, you MUST have a support
mechanism for all your software (not just Qt) because of security issues. For
example, Qt 4.8 is contemporaneous with OpenSSL 1.0.0 and Linux 3.1, both of
which are full of known security issues. So you must either have the knowledge
in-house or you must have an external contract to update those with fixes. It
would be irresponsible to do otherwise. So why not the same for Qt?
Or you architect out everything which could be a security issue. There
is no command line or terminal. The few medical devices I know of
removed all support for inbound connections. The only method of
accessing them is to take the screws out of the case, open it up and
connect the custom debug board. Those few which do "connect" with
external systems are required to initiate the connection themselves with
a limited pre-configured on the device set of hosts. They push data up
in a proprietary manner and, if needed, pull data in a proprietary
manner, all from within a connection they initiate.
Do you really want a surgical robot which is cutting on you running a PC
OS on a PC processor able to connect to the Internet? Some little hacker
poking around looking for financial/identity information could
accidentally have it remove your heart instead of your appendix.
I only know of one medical system that touches the patient where some
Phd. fool touting their John's Hopkins creds planned on using "either
Windows or Ubuntu desktop" to run it. They spent in excess of a year
(might still be) talking to senior tech people looking for an
"architect" to "design" the system, yet wouldn't let them take it off
the desktop. Yeah, I was one they talked with and I hung up on them. It
was a clot monitor for post-op patients too. If they __ever__ manage to
push that through FDA (and I cannot see how it would ever make it
running on _any_ desktop) they will be in those late night 800 number
lawyer commercials for exactly the same reasons you are talking about.
An out of the box desktop has gaping security issues well known on the
Dark Web. Adding insult to injury, anything else could be installed on
there. A user will have to be logged in with the application running
which means anyone who is bored could rotate around to watch cat videos
on You-tube.
Control systems have to be sealed.
Now, if you want a catcher app which runs on any desktop and listens to
packets broadcast by a control system, that is completely different.
They wanted the control system on the desktop.
--
Roland Hughes, President
Logikal Solutions
(630) 205-1593
http://www.theminimumyouneedtoknow.com
http://www.infiniteexposure.net
http://www.johnsmith-book.com
http://www.logikalblog.com
http://www.interestingauthors.com/blog
http://lesedi.us
_______________________________________________
Interest mailing list
Interest@qt-project.org
https://lists.qt-project.org/listinfo/interest
