Have you looked @ Tandem's upcoming (2nd half of this year) ControlIQ for their X2 pump? It probably won't be as user-tweakable as OpenAPS. I couldn't convince myself to try OpenAPS for my 7 year old T1D. He recently switched to a Tandem pump and we are eagerly awaiting this software update.
My boyfriend is T1D and uses Omnipods so this is exciting news. He has also used a Dexcom (G6 I think) to monitor glucose levels. Unfortunately the Dexcom's are a bit pricy and so he can't always afford them. I have talked to him about Nightscout and closed loops or even semi-closed loops and while he is interested I haven't pursued it heavily because he isn't as technically inclined (or interested) as I am. If I were a T1D I would using some form of a closed loop system but I worry too much about bugs or problems he might run into that he wouldn't be able to solve or diagnose quickly.
While nightscout is pretty mature and the pumps/monitors they've cracked fairly reliable I think he will probably just wait for some of the closed loop systems that are starting to enter the market (or are they still just semi-closed, or maybe they call them hybrid, I can't remember). Even then I'm sure it will be a few years yet until they are affordable enough.
If he is on Android I'd recommend xDrip+ for the CGM readings. It is really nice to have on the phone with control over the data and ability to upload if he wants. Also great to be able to snooze and set the alarms as desired.
I'd be interested how they test a Class C medical device that can kill you if you send the wrong commands. It surely is an amazing story and a great write-up, but I'd be wary of hacking insulin pumps, let alone using them.
You can read about the “We Are Not Waiting” movement and the ethical considerations of doing this research, writing the software, and documenting and even to an extent productizing the software for mass consumption.
It is not a zero sum game. Not having this control over the pump can also kill you, because the systems that were available before this movement got started were so poor.
When the hacker community started putting together remote monitoring systems for the CGMs that allowed, e.g. parents to watch their kids at school, or through the night from the next room, that improved quality of life and maybe even saved lives.
Hackers have already tapped into the Medtronic pump to build the world’s first closed loop system. The OnniPod is just another pump in line to be reverse engineered.
If you saw first hand the quality of software being put out by Dexcom and Insulet, this work is serving as an important check&balance as well as pushing them to invest in R&D versus sitting back and milking their patents.
It’s also worth noting that the pod has important hardware safeguards that mitigate the impact of a software error on the remote control side. You can’t just send a message asking for 100 units of insulin because the hardware won’t dose it. You can also hear (and somewhat feel) each 0.05 unit of insulin being delivered as a click about once every 1.5 seconds.
And again I’ll reiterate that it’s not a zero sum game. The software and UI is so bad on the Insulet/Omnipod side that it’s easy to screw up a basal program, or when applying a temp basal on top of an extended bolus, or when changing a pod while an extended bolus is active. All these events can result in low blood sugar events that are potentially dangerous.
Efforts like Nightscout have actually saved lives and while they are not without risk (what thing worth doing is?), the T1D world has been measurably improved because of their efforts.
Finally I’ll says that the reverse engineering effort already uncovered one significant bug in the protocol that we know of. They didn’t delve into the details of the “nonce” but I’m willing to bet that imaging the chip was not actually necessary and that the “encryption” is some homebrew POS which is highly insecure. We deserve to know the protocol which is protecting the communication between the pod and the controller, for example is there a secure DH key exchange happening when a new pod is paired and initialized? Can a third-party controller potentially spoof commands to my kids’ pods? OmniPod would never disclose how this works, so I’m supppsed to just trust them.
I know folks that work on Nightscout and I agree with everything in this post. I find them to be very thoughtful and circumspect about the work (the contributors often have T1D or family with T1D). Besides that, a closed loop system (which as yet is only partially implemented or is still somewhat inconsistent) is a holy grail for a lot of these folks.
Most of them are already well acquainted with manually managing insulin and the existing products and can handle any mishaps for the most part.
I don't really understand in detail how insulin pumps work, so I want to ask why are there not commercial closed-loop systems available? It seems like an obvious development that pump makers should have implemented a long time ago. Is there a complication that makes it harder than it sounds, or is it something like regulatory concerns or just plain laziness?
Few competitors, no reason to innovate. And they're charging $8-12,000 for a new pump setup. That was our experience 5 years ago with Medtronic. Not a single update in 4 years with our son's 530g pump. With his new pump (from Tandem) we're expecting a pretty big software patch/upgrade later this year. Beta Bionics is working on their artificial pancreas (dual hormone) that should be out next year. So newer/more-nimble players are forcing the bigger companies to start innovating. Having said that, it never comes soon enough ;)
I got a chance to try out the beta bionics artificial pancreas in a research trial and it is a truly new innovation in this field, it lifted about 90% of the constant thinking about bolus and blood sugar from me and allowed me to live my life. It truly deserves all the hype that it is getting.
Wow that's great to hear! Was it insulin-only or did it also have glucagon onboard? I know they're working towards releasing the insulin-only version first. I can't wait for the dual-hormone version to become available. It'll allow my wife and I to sleep through the night without worrying that our son won't wake up when he drops too low.
In short, real humans and these medical devices are inexact. The device must choose “How much insulin should be dosed?”. Lawsuits argue medical devices should be flawless, so no company will bring out a device that could be pointed out as causing an incorrect amount of drugs being delivered
The open source insulin pump and continuous-glucose-monitors as a feedback systems are just incredible BUT they require the user to be very aware of what is easy and reliable and what can be flaky (see all the details about pod screamers - e.g. the pod can’t continue, or drift in cgm data)
Every time a self-driving car kills one person, it's national headlines for a week, with no shortage of people calling for the people responsible to be jailed. It will be like that the first few times that a commercial closed-loop system kills a person.
> this work is serving as an important check&balance as well as pushing them to invest in R&D versus sitting back and milking their patents.
Thank you for your reply. This is what angers me the most. They drug companies have a solution. Keep buying insulin, keep buying needles, keep buying new pods, sensors, and apps. No, this can be fixed, it can be better.
Thank you for your reply, very interesting! I have no doubt that this project is great help to many people, and it's a shame that any medical device of this kind is closed source. Being involved in the development of medical software, I know how important testing is, and given the chaos that reigns in some open source projects, I'd be wary of hacking a medical device. I see both sides and surely it's a balancing act.
No, you're not better off. If you want to get a medical product like this licensed, you have to prove that you performed rigorous, multi-staged testing and document all your development including all emerging risks. I have participated in such licensing efforts and I doubt that an open source project has the means of providing such rigorous testing.
I didn't say it was implemented well. Perhaps they should changing shift operators would quietly change the values without any disturbance to checksum integrity.
The other unfortunate side-effect of this research is that they just explained in detail how to hack into an un-suspecting users pump.
Imagine the other version of this story, where an advanced attacker does all of this, because "Prominent Political Figure X" wears this insulin pump...
Aside from all the technical arguments, why don’t more devices give me clear explicit control (pairing, even if I want to allow remote control) and even better transparent indication of how the device is running
To what extend would you be willing to write down a living will exonerating the manufacturer and be extra clear with your loved ones that you're choosing to take a risk?
> but I'd be wary of hacking insulin pumps, let alone using them.
If you have type 1 diabetes hacked insulin pumps or otherwise, the disease will kill you prematurely. It's a question of "when" rather than "if". Mostly this is because the disease requires constant attention - attention of the sort humans aren't good at providing, even if their life depends on it. Listen to this talk about OpenAPS. See where she says so has to wake up on average 200 times a month - or any 6 times a night, every night, regardless of whether she's pulled at 24hr day or had a good night out to monitor her levels:
https://www.youtube.com/watch?v=p76hGxv3-HE
I know the authorities will find it an anathema, but this is a very good argument for allowing the development of open source medical devices outside of the current regulations. The existing system is about controlling the private sector - making sure someone doesn't kill someone for the sake of a quick dollar. Open source turns that equation on it's head. No one is selling anything - so there is no quick buck to be made. It's just sane, sensible people trying to stay alive, and are very, very aware if they get it wrong it will kill them.
While there is a cost advantage as the talk makes plain this isn't what motivated them. Their hashtag spells out the motivation: #WeAreNotWaiting. Waiting means a chance of dying. A capitalist system that has to be tightly constrained by government regulation to prevent it from killing too many people turned out to be far slower than open source doing the same thing.
Again, listen to the talk. Listen to the lengths the people who use OpenAPS went to make sure their novel devices didn't kill them. Learn how they voluntary pooled millions of device hours of data, and made it open available so they could all learn from it. Unlike you, I'd trust OpenAPS firmware long before I trusted some closed source solution on the promise that "we are making money from it - trust us". Thanks all the same, but I'll prefer to trust the people who would be killed by it if they get it wrong.
For those who aren't initiated in the world of T1D there is some amazing research coming out of the Faustman lab (MGH). There is both a promising cure (BCG vaccine), but also research which indicates that islet cells _do_ regenerate for decades after diagnoses. Islet cells are the part of the pancreas that generates insulin - needed to store/save sugar. That means, that the pancreas is constantly trying to repair the damage from the immune system.
Let that sink in.
Many diabetics suffer from 'random' lows or highs that can't be explained. Not because they aren't doing the right things - because they are - but more likely because their body is bringing islet cells online, producing extra insulin, then the immune system promptly kills them and knocks off the extra production. It's a war within the body!
This is why Loop is sooo amazing and needed. You need a closed loop system that monitors and calibrates to these kinds of bio and environmental changes. Unexpected sprint for two blocks to get to class in time? no problem. Unexpected insulin production in the blood stream? no problem. This project is truly hero work.
As a spouse to a T1D, life is sometimes scary. I, like many partners always have a backup plan in the back of our minds for that that fateful day of an extreme low will not be caught in time. It's scary.
I for one, look forward to life with a bionic partner.
Totally agree. To be clear, I wasn’t trying to overhype the ‘cure’ but rather emphasize that the problem is way more complicated than many believe because of the islet regeneration. That’s why I’m a believer in the tech we have now because it’s the most viable path to long term management.
I'll get my hopes up when something is released. For now it's Loop and some other things. One trend that I don't like is fully automatic without a way to do manual override of all things. The variation between people and needs and even the same person is too great and hasn't been codified. Loop with Omnipod is somewhat on this side currently, but it is still new too.
My girlfriend has a Medtronic 640g pump and I still hope that one day, she can use it to close the loop. I looked into the wireless communication (which can read the current glucose levels and send boluses), but apparently the protocol is encrypted. I would like to work at the protocol, but decrypting a wireless protocol seems too hard for me. But I still hope that some day, the Medtronic pumps will be hacked, too.
Hats off to the author! This is an incredible story and you're made of stronger stuff than I. I'd be too afraid of the consequences of screwing up to attempt something like this.
Gotta believe that at some point it's easier, as well as safer, to just design a new "open pod" from scratch. This was a truly heroic reverse-engineering effort, and the people behind it are more than equal to the task of designing a new product. (Or at least they'd better be.)
The company can and will invalidate all of this hard work with the click of a mouse button. What's the long-term goal here?
Why don't you let the hobbyist decide what he or she thinks is safe to hack on.
As a T1D myself, having to spend about 50% of my waking life second-guessing what my endocrine system is up to (with the same system screwing with my cognitive ability to successfully do so), I want to Close The Loop as quickly as possible, barring an actual cure.
Yes, it is dangerous "hacking" these systems. But just as dangerous is every one of the daily decisions I have to keep making myself, over and over again.
I think it's fine if you're willing to accept the risk. My 7 year old has been a type 1 diabetic since he was 19 months old. Despite being a software developer and being tech savvy, I'm unwilling to use a DIY solution like this on him. If I had type 1 diabetes, I'd be more likely to try it.
Having said that, we still benefit from these efforts. I run Nightscout on Heroku so I can monitor his blood glucose levels remotely while he's in school. This is less necessary now that he's using a Dexcom CGM (they provide their own glucose sharing app.) His previous pump/CGM was made by Medtronic - their sharing functionality is/was atrocious and Nightscout's bridge made it serviceable. We also have a few tablets around the house so we can keep an eye on it throughout the day and night.
An single extra unit (or less) of insulin can kill a type 1 diabetic. I don't expect non-diabetics to understand what that means, but it's not more than a few drops of insulin.
What ISF does your kid have that a single unit will kill him/her? A single unit is barely noticeable on the graph for me.
I've been using Loop for a few weeks now and the improvements in quality of life are so huge that any concerns I had about safety went away. Reading the docs, which are a great example on how documentation should be written, helped a lot with that too.
The typical level of sensitivity is absolutely in range for a single unit to produce a catastrophic event.
It sounds like you may have a low sensitivity factor. The usual starting point for estimating this, along with using the "1800 rule", puts typical sensitivity around a drop of 50 points in blood sugar for every unit of insulin. This based on a weight around 65-70 kilos and 0.5 units/day/kilo.
Of course it depends on other details too, even time of day. (My wife, who uses a medtronic pump, clocks in at right about this level but is less sensitive in mornings and more so later on. her pump is programmed for these time-dependent sensitivity fluctuations )
This level of sensitivity absolutely has lethal potential with a single-unit swing. If you're in the low end of normal at 75 points and take another unit dropping it to 25, this is plenty low to cause a person to pass out and thereby be unable to take corrective action, with lethal consequences, especially if the pump is still delivering a basal dose inching levels even lower.
You might argue that careful people shouldn't encounter this situation, and you'd be right. But it still can and does happen, meaning a hobbyist setup that gets something even a little bit wrong has that same potential.
I don't recall off the top of my head, but keep in mind he weighs roughly 50lb. As I mentioned in other comments, Tandem's coming out with their equivalent of Loop (called "ControlIQ") in the 2nd half of this year, so I'd obviously prefer a supported solution. Plus, it's unlikely the school system is going to be willing to have anything to do with a non-official system.
What kills is an unchecked persistent low blood sugar causing confusion, black out, coma, and eventually cardiac arrest.
A single unit of insulin in isolation, to a T1D with undepleted glucagon stores is going to cause a low but won’t result in a black out.
A single extra unit of insulin, to a small child, who just completed a long day of exertive activity, and who had lows earlier in the day which drew on their body’s natural glucagon store, and who is not being monitored by a third party, that could be dangerous.
Keep in mind the accuracy of dosing with a syringe is not much better than +/- 0.25 units, this is why continuous monitoring is so crucial. You never quite know how well the insulin is absorbing, how well the carbs are being digested, maybe even how many carbs exactly were ingested in the first place.
For a small child with a carb ratio of 30g/unit (1 unit of insulin “covers” 30 carbs) and a sensitivity upward of 200/unit (1 unit of insulin without any carbs lowers blood sugar 200 points), being dosed by syringe, without a CGM, you are fighting lows pretty regularly and have to be able to recognize and treat them (glucose tabs, juice, cake frosting when things get more serious, and glucagon injection when things get critical).
I’ve never had to gluke my kids, but the day will likely come. We carry glucagon, juice boxes, and tabs everywhere.
T1D is potentially life threatening pretty much every day. You do the best you can with the tools you have to keep blood sugars in range without too many lows (too high is long-term bad, too low is short-term bad).
What an amazing story, and with so many incredible details along the way.
The proprietary technique for reading contents of the locked chip is pretty fascinating in the context of Secure Enclave...
The reverse engineering efforts were stymied for months by a bug in Omnipod’s CRC calculation!
The perseverence in bringing this all to fruition is one of the best things I’ve woken up to on HN in a long while.
Both my kids have T1D and use Omnipods. I’ve been looking forward to this for years.
EDIT: Is it just me, or is a bad title significantly holding back this post? This story is worth way more than 23 points in 5 hours.