Slashdot Mirror
When Bad Software Can Kill
bhoman writes "A wrist computer that tracks and calculates safe diving times and
limits for SCUBA divers had a dangerous software bug that may have been covered
up by company executives.
This SF Chronicle Article
details the problem, product, company, and some of the lawsuits.
According to the Chron article, company execs tried to cover up and
deny the problem for years, but their
official website
makes it look like they did a voluntary recall."
Exposure is a good fictional title about a certain floating-point bug in a mainstream CPU by a popular fictional chip maker. Doesn't matter if the software is perfect if the hardware isn't.
Job? I don't have time to get a job! Who will sit around and bitch about being broke and unemployed then?
I have not heard of any fatal problems but a S. Korean Official was locked into his car for 3 hours before finaly smashing the window to get out when the computer crashed .
I am the Alpha and the Omega-3
Agreed. Personally, (and according to PADI recommendations, I believe,) I don't trust computers at all. I have one, yes, but I still trust the tables a whole lot more. Someone recently showed me the wheel, which is apparently easier to screw up than the tables but far more accurate.
Checks and balances. I use the computer to make sure I'm doing the manual calclations correctly, and the manual calculations to keep the computer honest.
Then again, I'm strictly a recreational diver. Pros and semi-pros are a completely different story.
-- Minds are like parachutes... they work best when open.
I attend a small state university that is decidedly not renowned for its CS program. I'm coming up on my senior year. In no less than three class (Data Structure, Software Engineering, Algorithms) I have spent at least a week concentrating purely on proof of the correctness of an algorithm by various methods. Software Engineering took over a month on testing, primarily concentrating on mathematically rigorous proofs and automated tests (because a mathematically correct and proven algorithm can easily be implemented incorrectly). Pardon my insulting question, but when was the last time you attended college?
You like splinters in your crotch? -Jon Caldara
I imagine they teach all CS undergraduates about the THERAC-25, and how simple safety measures like hardware interlocks are much, much more reliable than software...
In this case, couldn't you check dive times against a book or something to make sure you're not completely off the mark?... what about something to measure nitrogen levels? Anything so you're not relying purely on software... (or, as someone has already suggested, you could use two completely different pieces of software).
However, your insulin pump probably has a warning (or the doctor who gave you the instruction on how to use it) that says if you do item A and item B, don't do item C.
As a certified diver (of about a year and a half), I know that they specifically say that you should never go flying less than 12 hours before you take a plane ride (even a small cesna), and, if you do multiple dives you should wait at least 24 hours.
This is not to say that the company was not at fault on this one, but, the divers themselves said that they finished the one dive at 10pm for a flight at 6:30am. I know that the absolute minimum is 4 hours (I did a flying after diving study with DAN), but, this is the limit of the dive tables and should NEVER be approached. All of the major certifying organizations will tell you this.
-CPM
---You're all I need, When the water runs deep, You're all I need, Now I cry my soul to sleep -- Collective Soul, Needs
I don't dive much, but I still have my padi dive table.
h tm l
"For flying up to 8,000 feet after diving: Less then one hour TBT (Total bottom time) , wait 4 hours; less then 4 hours TBT, wait 12 hours." *PADI tive tables (C) 1983
[where TBT = RNT Residual nitrogen time) + Actual Bottom time ]
I dont have my padi manual onhand to estimate how long the folks were down as my table doesn't cover flight, only covers up to 24hours reccomended desaturation time, and doesn't cover this Nitrox stuff.
http://www.stud.ntnu.no/~playboy/diving/diving.
My old PADI book wouldn't cover Nitrox either, so if I were to use it, I would have no choice but to accept their information as fact, or buy new tables.
There is no sanctuary. There is no sanctuary. SHUT UP! There is no shut up. There is no shut up.
They also by their own admitance did their deeper dive later. This also is quite contrary to all of the PADI stuff that I have been taught.
For anyone who doesn't know-- taking the deeper dive second tends to help you get the bends faster (it is similar to the reasons you always start off the night drinking the drink with the highest alcohol content).
There is also some recommendation about not doing more than 3 dives in one day without at least a 1 hour surface interval.
I have been using a Suuanto Stinger for about a year (this is the same one that the British Navy divers use). It has never let me down. But, I also never push it to the limits, nor have I ever done more than three dives in one 24-hour period.
-CPM
---You're all I need, When the water runs deep, You're all I need, Now I cry my soul to sleep -- Collective Soul, Needs
If you're interested in the hazards of software in the real world check out the risks forum.
They take submissions from people about faults and errors in software (and related meatware) that put lives at risk.A weekly digest can be found here.
It's a good read, especially browsing through the archives. eg:
"A woman drowned during a flood when the elevator she was riding in incorrectly sensed a fire alarm and went to the ground floor which was underwater."
"Three people killed when a computer glitch caused a 16-inch pipeline to rupture, dumping 237,000 gallons of petrol."
and so on. Makes you a little paranoid. Now I know why indemnity insurance is so high these days.
You are in a twisty maze of processor lines, all alike.
There is a lot of hype here.
I've never understood the pretty laissez-faire attitude towards LASIK surgery in the states.
I've read several articles when journalist X went to the mall on the corner and had both his eyes done in a snap! Any everything was all smiles and thumbs up.
The normal procedure on this side of the pond is that after a thorough evaluation you get one eye done. After two followups to check that you everything went well and the eye is healing OK you zap the other eye.
Or as we say: Don't look into laser with your remaining eye!
Ofcourse, I'm sure you can find quacks here too...
Oh, and while we are at it, it fucking hurts like royal hell after the sedation wears off. Make sure to stock up on extra strength painkillers.
do a google search for it......Lots of information out about it
_ 25/The rac_1.html
heres one link i found super fast
http://courses.cs.vt.edu/~cs3604/lib/Therac
Lawyers, MBA's, RIAA? A jedi fears not these things!
No it doesn't. A computer maximises bottom time, by calculating how much nitrogen is going in and out of different ``tissue groups'' in your body, and calculating how saturated those tissue groups are.
When you reach a certain level of saturation, the computer has calculated that if you take any more nitrogen in, you will not be able to outgas it safely in time, if you ascend at a normal speed, hence giving you a decompression stop.
The few computers that do use air consumption in their calculations, only use it to make the model more concervative when your air consumption is going up (ie, a sign of stress).
PADI tables are based on the US dive tables.
The US Navy tables are incredibly conservative in some respects (only once case of level II detectable bubbles using Doppler, and none of level III) and horribly unusable for others (recreational divers do NOT decent to a specified depth for a specified time and come right back up).
PADI tables are made for recreational diving, but do not allow for useful multilevel diving; the wheel is better for this, but still less than perfect.
A computer uses internal tables (differ from manufacturer) a pressure sensor and elapsed time device to "credit" time when you go shallower and "debit" time when you go deeper, calculating (supposedly) more accurately to allow you extended dive time than the "block" level tables.
I've owned Suunto Alpha and other models with no problems. Reconstruction with their software and comparing to PADI tables brings reasonable results.
Rodale's Scuba Mag has had this discussion before, and the Bikini Atoll Dive site will NOT allow certain computers to be used (guess which ones) due to shown inaccuracies (Bikini is a decompression dive).
Is the government's ability to "control this kind of activity" in question? According to the article: "The company weathered an investigation by the U.S. Consumer Product Safety Commission, which had inquired about the computer at the end of 1998 but dropped the proceedings many months later without announcing findings. Gilliam and other former Uwatec employees say the company misled the commission by sending it Aladins altered to remove the defect, but Johnson denies the charge." The government investigated - but presumably decided not to proceed. Perhaps because they were fooled by modified units (dumb: for the investigation, they should have bought units from stores like any customer!) No lack of authority or awareness - just a lack of ability on the investigator's part. My mother was legal advisor to the local Environmental and Consumer Protection Division; whenever they suspected anything, their first step was to buy the product in question, posing as ordinary customers. Simple government incompetence/indifference, rather than any structural problem...
Anyway, it wouldn't have been bad PR to admit a mistake, hell it's only human to make mistakes, even when something is as serious as this. The problem shouldn't have been there at all, but it was caught before anyone was hurt, so they should have just apologised and fixed it. Cover-ups make me sick.
According to the article, the coverup certainly made some divers sick:
The computers said they had plenty of time.
But the next day, about an hour into the flight, both men grew nauseous. Iazdi threw up and his fingers went numb. Skaggs' head and shoulder throbbed. They had the bends.
When the plane landed on a stopover in Charlotte, N.C., they rushed to the nearest recompression chamber, in Durham, more than 100 miles away. Shaking, terrified, they spent six hours in the high-oxygen, high-pressure atmosphere that forced deadly nitrogen bubbles from their bodies.
They survived, but the headaches, fatigue and numbness would never go away -
and they would never work again as divers.
Admitting to this fault would have been much worse than just PR; the compensation bill just from these two ex-divers, apparently crippled by this bug, would damage the company severely - and who would ever trust them again, knowing their products have crippled people without warning?!
We read a lengthy paper on this in a software engineering course. This equipment was responsible for delivering massive radiation doses and killing quite a few people. The biggest mistake that they made was removing the hardware interlocks and relying soley on software.
Operators that reported malfunctions would just keep hitting keys when the machine seemed to malfunction and were reported to say "it always does this" when an error message would appear.
I'd suggest that anyone interested in how not to engineer software for life critical applications read the (quite lengthy) paper.
Thus, hobbyists and amateurs use methods very similar to those of the "pros"; both need to ensure the utmost level of safety. Most of the time that caution isn't warranted and things are fine without double-checking everything, but one time in a hundred or a thousand, you are very glad you did. Basically, the extensive checklists become second nature and take only a few minutes to perform; the small amount of time "wasted" is no trade-off at all considering what might otherwise happen.
That's it. I'm no longer part of Team Sanity.
Also as a certified diver (1994) I know that tissue nitrogen saturation is highly dependent on the individual and a multitude of complex factors. There are tables for very general estimations, which have to be very conservative to be useful at all to a diverse group of individuals diving in a variety of circumstances.
Dive computers allow the use of less conservative "tables" by applying the algorithms to sensor data. By applying actual depth/time/gas data to the algorithmic tables a diver can dive more agressive profiles, and also have the convenience of having the calculations automated in real time.
The 'no flying within 12 hours' and similar rules are simple conservative safeguards, and don't assume much at all about dive profiles. Also, it's not just a rule against flying, driving home via a route that elevates you a few thousand feet above your dive elevation can result in the same effects. (I live and dive at sea level, but I can't drive more than a few miles in any direction without significantly increasing my elevation.)
The alleged problem with the computer in question (if I understood the story correctly) is that the program assumed the diver continued breathing nitrox while surfaced between dives. That's a considerable problem, since it provides incorrect data. Even worse, it's an anti-conservative error.
Nitrox diving is an inherently more agressive attempt to increase dive profile limits. I am not personally a nitrox diver, but I understand the principles. I certainly don't want my computer to base it's calculations on an air mixture I'm not breathing between dives.
There is no rational excuse for knowingly allowing such an error to go unreported or fixed.
Narcosis has nothing to do with dive tables... only with depth. The rough figure is 30 meters... I think narcosis at 20 meters is rare if not impossible. All you have to do if you experience narcosis is ascend to a depth where you realize that fish can breathe water, and you can't.
When you learn to dive, you usualy do a deep dive to a) show you what depth you start to experience narcosis and b) learn what it feels like, so you can recognize it when you are diving.
It sounds to me like the market for these computers was agressive divers...people who were trying to push the limits of safe dive times. That means the company should have been even more vigilant of there calcuation methodology, especially considering the price those computers went for.
And as far as fly time, NAUI recommends 24 hours wait time after a dive before flying...extremely conservative, but one again I prefer to be safe (especially since it's a hobby!).
"We make our world significant by the courage of our questions and by the depth of our answers." Carl Sagan
The FDA should inspect any device that gives you a medical advise
It's a common misperception that the FDA inspects medical devices - in most cases, they do not. They merely inspect the paperwork that you provide them to prove that you did the device inspections yourself.
It's actually a relatively rare occurance that the FDA performs an onsight inspection.
-jerdenn
Make sure you visit this site before ever laying down in that chair. A recent study (Feb. 2003, on the site) indicates between 10 and 20% of refractive surgery patients have complications, a number that is far above what the LASIK industry is touting as its failure rate.
Of particular interest are the stories concerning doctors who have overridden software safeguards and have continued the procedure, resulting in broken blades in the eyes and some other not-so-pleasant outcomes. Not strictly in the "bugs killling people" dept., but it does make you think whether you trust your eyes to a software developer.
I have two friends who have had laser eye surgery, one, very succesfully so far, the other somewhat less so.
Things they don't tell you
1) Your eye is stll going to change shape with age, so your prescription will change, so you will have to have it redone in 5 years or so (less if you want to keep driving without glasses)
2) If you indulge in any activities involving pressure (eg scuba diving) or lack of (eg mountaineering) then there is a risk that your eye will deform and render you temporarily unfocussed until normal pressure is restored.
3) the scars cause massive internal reflections and this will affect your night vision when driving.
4) you may need to have tune-ups. two in one friend's case.
5) Cross infection risks means that it is wiser to have each eye done at different times.
I'm not a big fan.