As someone who is doing disaster response consulting for healthcare and public health: I fucking love you guys. You make my job sooo much easier.

Seriously.

The surveillance you folks do is pretty much indisputable and far more incorruptible compared to everything else we do, in healthcare especially.

Very often you are my "discussion ending gun" when decision makers endlessly want me to prove their (flawed) point of view. A "nope, here are validated wastewater based numbers, you are wrong" is extremely satisfying sometimes.

Thanks folks!

From my understanding your colleague committed a crime under the Indecent Displays (Control) Act 1981 and you can refer the matter to the police - which I would strongly recommend as this is beyond an employee-employer relationship.

And it brings the employer into a position that the company is forced to make sure that the offender cannot reoffend against anyone (not just you). While the first offense is nothing the company can really be held liable for, anything after they have (officially) made aware they can be held liable for.

I am all for cannabis legalisation, and have fought for it for years,even though I don't like to consume it (only makes me sick..)

BUT: I have been a medic on the Oktoberfest for a decade and while these times are long gone, I absolutely support the ban there.

Here's why: First Alcohol and THC do not mix well. At all. In more than 20 years of emergency medicine I saw two THC overdoses - which were easy to handle. But high dose alcohol AND THC is a massive problem and will lead to people getting admitted to ICU for monitoring purpose as it is beyond what the (very advanced) medical services at the Oktoberfest can handle themselves. And ICU beds are in absolute short supply. So while alcohol is a problem and I wish the local government would put more pressure on the waiters to force them to refuse to deliver "the final Maß"(last beer) that pushes people over the edge, my former colleagues can easily handle that. But mixed-agent intoxication is a totally different beast. Don't get me wrong, Alcohol will be the main nox in these cases - but the combination is the problem.

Furthermore the Oktoberfest is crowded as hell. And there is literally zero chance that one is able to smoke without interfering with someone else - staff, other visitors, etc. And just like nicotine letting someone else co-consume without asking them for approval is inconsiderate as fuck - especially as there are drugs that do not mix well with THC, even more so even alcohol comes into play.

You still have times when there is nothing to do?

I haven't seen that.... in decades.

If there is no patient care there is documentation. If there is no documentation there is administration/supplies. If that is done there is something to clean.

And if that is done there might be a paper/medical book to read.Or discuss a case with someone.

...Okay, you got me...I am a former manager.....

But tbf, we have sacred break times here, but when you work you work. (And well, we have less hours than people in other countries)

Good that I'm living in Germany where sabotaging the railway system would probably make it better.

Patients are asked to clean their guts before major rectum and colon surgery,similar to what you do when you get a colonoscopy. Ideally that removes most if not all fecal matter and a significant portion of the bacteria.

Furthermore of course the colon is rinsed before the actual surgery and often during the surgery as well if necessary, if necessary with disinfecting solutions (but far less than one would think - it's actually important to do so to the least amount possible,see below). Additionally wound closures are done with techniques that allow extremely easy healing in the most problematic parts and often multiple sutures are made to adapt tissue borders on multiple layers and in multiple ways. And during and after the surgery strong iV antibiotics are given to prevent infection. But it's actually not a good idea to totally get rid of all bacteria. Especially the guts need a healthy bacterial flora to function and,and this is important here, to avoid "bad bacteria" to take over the space. There is more and more focus to make the right bacteria grow back on the colon/and to some extent the rectum, so there are some procedures that are now done with direct faecal transplants afterwards. Nevertheless often patients will not be allowed to eat for quite some time after an operation and are fed with intravascular solution during that time. Not a pleasant experience but sadly necessary. For more external operations (rectum) patients are also given stool softeners (medication that makes the passing of faecal matter easier) and advised to do disinfecting baths often, sometimes three times a day.

And of course the body is quite good at fighting bacteria and the colon and rectum - it is built to do so,the end of the whole "waste producing" system is outside the actual abdomen inside the pelvic sack,separated by a barrier. And the whole area is heavily supplied with blood (which is actually a good thing for infection control).

And last but not least for major operations there is always the option to create an enterostoma - an artificial opening/shortcut for people to get rid of fecal matter through it. These are usually done through the abdominal wall. After everything has healed up (usually after 6 months+x) the now healed colon and the small intestine/unaffected large intestine are connected back together and the artificial opening is closed.

(Sadly this is not always possible - then patients are getting a "Barbie Butt" - a behind without an opening. Mostly for cancer.)

Another reason I really look forward for them being sued in Europe - This is a highly illegal practice in the EU and has already brought sizeable penalties for various other media outlets, both conventional and online.

And weeks ago the Dutch and German consumer protection agencies as well as the GDPR ombudsman already commented that they are looking into Reddit (Reddit has it's European office in Amsterdam).

That will be fun.

In the name of every medical professional out there:

Fuck Masimo. You piece of shit garbage company.

Masimo does strategically patent troll other companies to keep their monopoly on oxygen saturation technology, deliver a subpar product that is very likely designed with planned obsolescence (which actively endangers patients). It's an absolute shit show.

As someone who does live in a "fully smart" home, used quite some time to plan it and had to fend of "smarthome" manufacturers like flies aroud a shitcake:

90% of all products on the market are a scam and shouldn't be called smart at all - they are fancy "remotes" either via voice or mobile phone. Nothing about that is smart. That's dumb. It is not more convenient compared to a proper lightswitch if I need to know a long specific voice prompt or take my mobile out of its pocket to switch on a certain light.

What the autor of the article requests is already on the market for decades - KNX/EIB any a few other standards (Modbus, Onewire, etc.) are available for ages, are not depending on one brand and one central component. There is no fucking need to stay within a walled garden but the point is: These systems exist for such a long time that they do not show up as "big introduction" at IFA or CES. They evolve gradually and to stay within German exhibitions are found at the Light and Building rather than the IFA. Because the first one is a builders/electronics exhibitions, the later a multimedia/TV trade fair. The Verge is simply at the wrong place.

To give you an idea of my (actually very common, nothing about it is very special) setup/usecases and what I mean with "smart": KNX does everything that requires switching, all sensors, basically all background work excluding the doorbell (works via LAN) and Fingerprint (works via LAN).

Lights:

The system does recognise people automatically when they enter a room and their positioning in a room. Paired with enviromental data (natural light level in the room, outside light, time of the day, our schedule according to our calenders*) it determines the appropriate level of light based on the human centric lightning concept. Light will be brighter and more blue in the morning (unless I am coming home from nightshifts), darker and more orange in the evening (unless we have a party), very dark if you go to the loo at night. It furthermore recognises your positioning in the room (e.g. when you are in a certain part of the kitchen certain lights go on) or that certain power sockets draw power according to a certain charateristic (e.g. the TV goes on)

Temperature:

The system knows current inside and outside temperature and the expected forecast*. It will heat the rooms accordingly, e.g. will turn down the kids rooms during schooldays but have them back at temperature when school ends. If the system recognises that someone is still in the room for long after school should have started it determines that someone is sick/schools off unexpectedly and temps are adjusted accordingly. In the summer the system shuts the blinds according to the light level to keep the heat out - based on the current position of the sun(e.g. the eastern blinds are lowered in the morning but not the western ones) and outside light levels. It will let enough light in for everyone to work but at the same time keep the heat out.

Air quality:

The system measures the air quality of the rooms and outside air quality&temperature and does ventilate accordingly - or ask us to manually open a window if that doesn't provide sufficient clean air. (But won't do so if the Air quality outside is bad)

Windows/Doors:

All of them have sensors showing their opening status, some if they are properly locked.

Doorbell/Fingerprint:

The Doorbell/Fingerprint system is the only system not on the bus as Video is beyond the scope of what the system can transfer.

Devices/Appliances:

Most things are "dumb" integrated first- we see when the washing machine is done because of the power charateristic, we see if the refrigerator is broken the same way. While we use Home Assistant for additional comfort, it is not really necessary.

Visualisation:

We use both KNX only as well as Home Assistant. But I could change over to openHAB, ioBroker or whatever we want tomorrow.

*: This data has input from external sources.

My point is: This is done without much user input. And by using around 30 different brands. With dumb actors and sensors (blind e.g. are just a "on off" motor, windows are binary contacts, same goes for leakage, etc.) so the components can be exchanged easily. And you don't pay the hefty premium everyone tries to sell you for their "remote controlled blinds" (twice the price for a shitty remote,another useless gateway and Alexa...) and it's far easier to use different brands. And if the blind actuator brand goes bust (way more unlikely compared to a smarthome startup) it will work without a cloud and can be exchanged seamlessly with any other brand.

We are there. But it is not fancy enough for the media.

Ganz unironisch:

Ich hab deswegen schon ein Säugling erfolglos reanimiert.

Weil die Mutter dachte es braucht auch Notfallgebühr für Kinder (brauchte es nie) und die Wahl war: Milchpulver für den Rest der Woche und hoffen das Amt zahlt nach 3 Monaten endlich. Oder das.

Kinder haben leider die Angewohnheit oft lange "ein bisschen" krank zu sein um dann blitzschnell zu dekompensieren. Das ist selbst für (Erwachsenen)-Fschpersonal schwierig zu erkennen.

Home Assistant. It is an incredibly powerful smart home solution that is far more capable than any other solution one needs to pay for.

Former (small scale) data protection officer here. While I am long out off the data protection game and there are surely a lot more qualified people out there I maybe can clear up a few misconceptions here and answer a few questions that come up regularly:

(BTW: My first language is not English and all my comments/books on that topic are not in English so excuse me if my translations are sometimes not 100% accurate)

1. Does the GDPR even apply to a instance hosted outside the European Union? It absolutely does. And in fact it is harder to comply to the GDPR outside of the European union. The GDPR does apply to all data collectors (from now on DCs) that collect data of European citiziens. While §2 Section 2a GDPR limits the application of the GDPR to usage within EU laws the collection of EU citiziens information clearly falls under the EU law as long as the EU citizien is within the EU during the collection process.

2. So why is it harder to comply to EU law outside of the EU? Because of local laws. A good example are US homeland security laws that do contradict the GDPR (and various other EU laws) and therefore make it impossible for someone to host EU data in the US complying to the GDPR. Facebook made a pretty costly experience in that regard recently. To comply to the GDPR one would need to keep EU citiziens out of their service AND defederate all EU instances. More of that later.

3. Does the GDPR even apply to Lemmy posts? It absolutely does! GDPR §4.1 states clearly that all information relating to an "online identifier" (aka username) is already protected. So the IP adresses, etc. collected by the initial server aren't even the only personal data. This makes the whole topic a clusterfuck in terms of federation.

4. But what about my small/medium size instance? I am not a business! I make no money. The GDPR does not care a bit about ones intentions here - it applies to all instances that are beyond "personal or intrafamiliy" data collection. This basically means that you can absolutely do what you want with the data you collected at the last family reunion. Maybe one can even get away with a invitation only private instance that only caters to a group of friends knowing each other. But any DC having a public instance is not, by definition, a private DC anymore. Therefore the GDPR does absolutely apply.

5. Can I simply the user for permission to use their data indefinitly and however I want? One surely can ask that. But that automatically invalidates the agreement. (Funnily enough this is exactly what reddit does and why reddit is not in compliance. Which might turn out costly.) The consent always has to be revokeable, amongst other things.

6. So what does the GDPR stipulate? There are three main topic we need to look at: Data deletion, traceability of data transfers and connected to this information about data usage.

Lets start with traceability. Because that makes the federation a federation!

7. What does traceability of data transfers mean? It basically means that a DC must record its data transfers to third parties and ensure that data is handled there according to the consent agreement with the user and the GDPR. Usually a data transfer agreement is necessary to ensure the rights of all parties. This makes it so difficult for a federated system: In theory a instance would need a data transfer agreement with ALL instances that federate data from it. And these instances woud then need to make sure that they don't transfer OR their transferpartner is covered in the original data transfer agreement as well their own one. A receipe for a pretty nice clusterfuck.

8. What does data deletion mean? Under the GDPR every user has the right to have his data deleted from a DC. This does not include data necessary for legal obligations but basically everything else. So the user can at any point revoke his consent and make the instance delete all their data.

9. Okay, I deleted the data on my instance, do I now comply to the GDPR? Surely I can simply ask the user to go to the other instances and ask them to remove the data? No. And here is another problem: The original DC (the users instance) is responsible for the data handled through transfer. That's why one needs a transfer agreement. To ensure that the data is deleted on all instances it was transfered to. There are two exceptions here: "Involuntary data transfer" is generally seen as not being part of the data handling. But that mainly applies to datascrapers like the web archive and similar usage where the data is transfered through general usage of a page that the DC cannot reasonaby prevent without limiting the usage of their service massively. That would very very likely not apply to a service that does provide a specialised api for the transfer. The other one is a data transfer partner not complying. In that case the user can sue the DC, but the DC can sue the transfer partner for breach of contract.

10. What does right to information usage mean? Basically a user has a right to know what happened to their data. So in case of the federation: To what instances got my data transfered to? How did they use it? Did they transfer it?

11. The end: What does that mean for Lemmy? To be honest: I can not fathom a way that put Lemmy in a position that is fully GDPR compliance. There might be one, but I can't imagine one that does not entail full defederation. But Lemmy can and must urgently improve the GDPR compliance as far as possible:

• We need tooling for administrators to easily remove a users personal information from their own instances. Currently this is still very bothersome and time consuming manual work as far as I know.
• We need a tool to federate deletion requests. So once the administrator of the "original instance" deletes the data a request is sent out to all instances and they automatically delete the user data then.
• We need a system to deal with instances who do not follow deletion requests. This, for example, could include a "karma" system - once you are caught to not delete the userdata you are getting bad karma. And with enough bad Karma you get defederated by more and more instances.
• We need a tool to inform people which instances did federate their data.
• We need to optimize data frugality: The less data is collected the better it is.
• We should consider data transfer agreements between the instances being set up automatically.

In theory even then someone can sue an instance owner. Even then we are not 100% in compliance. But it is a far better position in court if one can argue that they did basically everything they can to ensure the users right compared to "I don't give a f****, your honour".

Additionally we should lobby for change in the GDPR to include better rules for federated systems. Also because E-Mail as another federated system is not in compliance - that can easily be weaponized as a good point.