Slashdot Mirror
When Bad Software Can Kill
bhoman writes "A wrist computer that tracks and calculates safe diving times and
limits for SCUBA divers had a dangerous software bug that may have been covered
up by company executives.
This SF Chronicle Article
details the problem, product, company, and some of the lawsuits.
According to the Chron article, company execs tried to cover up and
deny the problem for years, but their
official website
makes it look like they did a voluntary recall."
Fortunately, there are still (I hope) some companies out there that are honest and worry about the safety of their users, particularly in life-critical applications.
What a slimy guy though, to prevent any notice of the fault from getting out, and firing managers for trying to get the word out! Man. Makes me angry. *Fumes*
On the issue of punishing companies for unsafe practices like this, sometimes it's 50/50. Depends how much sway they have. I'm not anti-capitalist über-left cynical jaded moron, but after reading Fast Food Nation recently, I don't have a whole lot of faith in the government's ability to control this kind of activity on a large scale. The government used to have a lot more power over companies since Theodore Roosevelt's time, but the book seems to point the finger at the Reagon era for the change.
Anyway, it wouldn't have been bad PR to admit a mistake, hell it's only human to make mistakes, even when something is as serious as this. The problem shouldn't have been there at all, but it was caught before anyone was hurt, so they should have just apologised and fixed it. Cover-ups make me sick.
Yup...
I've always wondered why the Engineers had to sit through the ethics lectures, and the Comp Sci people didn't. In this day and age, we are relying on automated systems and programs enough so that the people making them should be aware of the consequences of failure.
Until one of the software packages that controls the new-ish electronic traction, suspension and stabilization systems bugs out killing a family of 6 in their SUV.
The sad part is that for an error like this, multiple people will have to die or risk death before anyone will clue into what the error could be.
I know some people will hate to hear this, but, like your insulin pump, maybe these types of devices should be considered medical devices. These things are not simple devides like a heart rate monitor, or bicycle trip computer. When you life is a product's hands you need someone like the FDA looking out for you.
The dogcow says "Moof!"
When I dive, I plan with a conservative dive table. Why risk your life just so you can stay underwater for another few minutes?
Corporations, by their very nature, don't care about their customers. All they care about is profits. Granted, some people within coporations may care about customers, but they have to follow the corporate rules.
Leeman and Ruchti (the founders of the company) ought to be thrown in jail for a long time and the company liquidated. All proceeds should be given to those harmed by their actions. I don't care that the current owners "didn't know" about the problems. It should serve as an incentive for future people/corporations that you will be held responsible for what your company does.
But why is the rum gone?
Who are you? The apprentice of "PhysicsGenius"? That would at least explain the pseudo-intellectual gibberish you are writing.
That being said: what makes you believe that it was a programming error? If you had bothered to read the article instead of spouting some nonsense about mathematics and the "flaw of modern computer science", you would have seen that it was a design error, meaning the specification itself is in error. You can answer "the equivalence" problem, but if the specification is flawed you're going to get flawed code. Garbage in, garbage out.
-- The plural of 'anecdote' is not 'data'.
I would have to say that the above is the best argument I have ever seen for open source software. If your life is on the line, if you may be damaged by software, then that software sourcecode should be forced to be open source. At the very least it would prevent weasly scumbags from thinking they could cover up their misdeeds, at best it might insure that companies would try and get the product right when peoples lives are at stake.
ok, I work at a dive shop in Toronto Canada, I am a certified rescue diver. No diver should _EVER_ rely strictly upon a dive computer, they should always have a backup depth and pressure gauge. Not only that but they should plan their dive using Naui or padi (or similar) dive tables and follow their plan. If at that point their computer thinks they can stay longer.. thats good but follow your plan anyway, better safe than sorry! The point is, get trained properly, and use ur brain not a computer to do the thinking.
Don't forget about these little modules, that *most* of us in society today bet our safety on, putting our very lives in the hands of the developers. So many people just dont even realize they are there, or what they are doing.. zero clue..
Even if you drive an old vehicle that doesn't have these things, the guy next to you, or behind, in that huge SUV you probably does.
Airplanes too, its bad for one to fall out of the sky due to bad code...
---- Booth was a patriot ----
The size and complexity of most computer programs makes proving any property about them incredibly difficult. Proving the equivalence between a specification and an implemented program just is not feasible with today's technology, though research in model checking and software engineering are making advances.
The fundamental issue is that there's no way to prove that the specification itself is correct. After all, humans write specifications, just like humans write computer programs. Do you expect to mathematically prove that the specification is correct? If not, then you'll still be left with buggy software.
What this comes down to is that there are lots of ways to make software more reliable. Mathematical solutions help. So do, better compilers and programming languages. So do better software management principles. So do software patterns, and a dozen other things. But none of these is the silver bullet that's going to solve all our software reliability problems.
That's the irony. Good management practices, including systematic diligence about assumptions, would have avoided this defect. The fact that the grandparent poster essentially thought "it compiles, it runs without crashing, and it's efficient" would mean that it worked and was ready to ship is the problem itself.
Instead of self-indulgently frittering away your life as a stupid, self-righteous troll on an Internet message board, why don't you do something useful? Say, like killing yourself.
He's a troll. Probably a PhysicsGenius clone. The problem is that most of the people moderating the comments are so fucking stupid that they don't recognize pseudointellectualism when they see it. They read through his bullshit comment about computer science students feeling stupid and inferior compared to math students (which is in itself so laughably incorrect it should have stood out to them immediately), and off they go. Hey, he used big words..must be worth +5 Interesting!
Even if they were pros, the injured divers made a rookie mistake.
Diving is really, really wonderful and very safe if you follow proper security measures. But like in many other activities there are always some risks involved, and it is YOUR responsabiliy to do all you can to minimize this risks.
You never trust your computer alone, you always doble check with the tables, and you memorize the tables, just in case. Ok, calculations with Nitrox are more difficult than with air, but anyway after a while you should develop some mental aproximations to right values based on experience.
I mean, I would never accept a "5 hours to fly safely" time, after 3 dives in a row (RTFA). No matter what computer says it, I'll relax in the sun for at least 12 hours before even getting close to an airport.
On the other hand, Uwatec executives should be impaled on air tanks, and dragged to Bonaire, Cozumel, or any other location full of divers year round, where we can take turns torturing them for years before killing them and feeding their corpses to the sharks.
There were just less than 400 defective computers, this could have been solved quite easily.
I've never worked in an environment where the specifications and the infrastructure stayed constant long enough to finish a proof of correctness.
I've never worked in an environment where I was coding on top of something that was already proven correct.
I've never worked in an environment where the specification itself was proven correct. For example, the dive computer problem was that somebody didn't specify that the computer should count time at the surface as 79% nitrogen.
As a security geek, I'd be delighted to see perfectly correct code. There have been plenty of attempts to devise formal models of security, e.g. Bell-LaPadula and Clark-Wilson. Apply those all you want, but in real life zlib will have a buffer overflow, and the minimum-wage operator who needs a new refrigerator will sell information to the nice private detective.
amen. As a conservative (read: pro business) individual, I am smart enough to know that in order for government to not smother corporations, they must act responsibly, and the punishments for violations of the public trust should be severe. That is the trade off.
We don't want government getting too involved with businesses, but we want them to kick them in the ass hard when they do something that not only can hurt/maim/kill someone, but also creates an adverse environment for corporations who DO act responsbibly.
In the end, you are correct: both left and right do not want companies to get away with 'hiding' a recall that could potentially hurt someone. That is not politics, its common sense. If they DID hide this recall or information about flaws in the product, they need to be taken out to the proverbial woodshed, even if it puts them out of business.
Tequila: It's not just for breakfast anymore!
This kind of story makes you want to stick your head in the sand and not buy any critical applications from corporations...Unfortunately, for some "leaders of industry," protecting image is more important than the safety of the users. Users are expendable; image is not.
So you're saying you're not going to ever drive a car again?
Computer applications aren't the only life-critical products we depend on. You put your life in the hands of corporations every minute of the day. How are you going to make sure your house is structurally sound? Buy open-source lumber and build it yourself? Are you going to keep eating food which has been prepared by corporations?
But as you, the Pinto history and others point out, corporations will only care about the lives of their consumers to the point at which it becomes economically favorable to do so. If it's cheaper to settle 10 probable death cases than issue a recall for the faulty product, they settle. The value of human life doesn't factor in. Today's cars only sell themselves on safety because it has become economical to do so, i.e., consumers value safety and demand it from their products.
This is why we need government oversight. I'll tell you what makes me want to put my head in the sand: how we are not funding the oversight agencies enough to do their job. We just passed two tremendous tax cuts in three years; I don't know where the cuts are going, but I feel like people take safe food and transportation for granted around here. I hope at least the sand is clean.
All that mathematical methods allow you to do is prove that code satisfies a specification. Unfortunately, in most application domains, generating a rigorous specification is not significantly easier or less error-prone than just writing code.
I think it's very sad when CS people fail to notice this obvious fact.
Yeah.. it's not like divers are taught that you use a computer to augment your diving, and that you should still fill out your dive tables or anything.
It's not like you aren't supposed to fly on a plane within 24 hours of diving, or anything.
It's not like every diver knows that the dive computers and dive tables are approximations, and that they can vary drastically for a number of reasons.
Pushing the absolute limits of what your computer says you are allowed is dumb.
I'm not saying the company is not responsible to a degree... they absolutely had an obligation to make their gear as safe as possible, and not informing the diving world that their gear had a flaw was totally unacceptable.
There is a large element of recklessness involved in this situation.
I'm an avid scuba diver, but I have never been keen on using the dive computer for this very reason; rather I go for the manual method even though you supposedly cut your dive time down.
Having worked in software for many years, I have yet to see a perfect program, and I have never wanted to trust my life and/or health to the programming and testing skills of someone else.
You are a 'certified rescue diver'? That has as much weight in the diving community as saying you are 'Network +' certified in a room full of CCNPs. You are positively wrong.
The dive computer uses algorithms to calculate the amount of nitrogen going into and out of the tissue compartments. Different pressures affect the rate you on and off gas. If you drop to 100 feet, you are absorbing gas quickly. If you then ascend to 80 feet, you will off-gas some of the absorbed nitrogen at one rate and yet still on-gas nitrogen at a different rate. Ascend again and the same thing occurs, off gas some of the previous nitrogen and still on gas nitrogen at another rate. This is called 'multi-level' diving. Tables assume you are at the deepest depth for the whole dive. If you were to do a square profile (descend, stay at one depth, and then do a straight ascent) then a dive computer has a lesser no-decompression limit than the table would. What you have confused is a dive computer that is air integrated. that may, as a feature, have a different display that calculates your given air consumption and figures out how long you may stay at depth before reaching a reserve point (generally 500 psi). That is simple algebra, but decompression algorithms are a lot more complicated.
I should know, I teach this several times a month as a current and experienced dive instructor (check my profile) and use this information weekly on my technical dives to wrecks where we (my dive group) consider anything above 200 feet to be shallow. I have been on most of the sites that the article mentioned in passing (Florida caves [look at my web site]), the Andrea Doria, U-boats, etc.
Dive computers may be used to help avoid decompression, but not for decompression diving. I generate my own tables for any technical dive. Most people commenting here so far seem just to be newbie divers themselves. It is like someone that just finished a VB class starts spouting off about C++.
Most divers don't know how to properly ascend and decompress as it is. for the laymen, think of it like a soda bottle that is slightly agitated with dissolved gases (CO2). You would slowly open the bottle until there is a slight release in pressure and then close it; allows gasses to equalize, and then open, stop, repeat. You are allowing the gas to escape slowly enough that bubbles do not form. In the case of diving and human bodies, it is to prevent nitrogen from forming bubbles. Most divers just do direct ascents too quickly or a quickly stop at 15 feet before hitting the surface. The best way to ascend is to do a full stop (assuming a deep dive) at 40 feet for 15-20 seconds, stop at 30 feet for 30-60 seconds, stop at 20 60 seconds, and a stop at 10 for 120-180 seconds. this allows the nitrogen time to slowly come out at a slow rate; i.e. like opening the coke bottle slowly so it doesn't spill over.
If you decompress properly, then flying isn't a big deal. The general problem with flying after diving is the reduced pressure. You are going at a reduced pressure (most commercial craft will pressurize to no more than 8000 feet) so the nitrogen currently in the body comes out more quickly.
Cave, wreck, and deep diver.
At the bottom of their recall web page:
"We apologize for any inconvenience this may have caused you."
Now *that* is an understatement...
Being comfortable and being dumb are two very different things. Pushing the absolute limit set by your dive computer IS DUMB, and if you are comforatable with that then it is VERY dumb. You give the reasons not to push the limits yourself. 1)Every person is different, 2)the dive tables that the PC programming is based upon is an approximation, 3)as is the programming itself.
You have a pretty fine-tuned bullshit detector if you can tell the difference safe and not safe when pushing the limits of a dive computer. One problem with this particular computer was that it gave the right results MOST of the time, but in certain situations it gave very wrong results (short, frequent dives). No one's bullshit meter would have detected the problem with these dive computers that gave reasonable results 99% of the time and then totally screwed you the other 1%. Neither is there any way you could have "researched" the algorithms in this particular computer to determine its accuracy because the error came from a hidden programmning error. So I think we return to the original idea - pushing the limits of any dive computer is very dumb.
The bigger issue here for /.ers is that because of its digital readout too much importance was probably given to the dive computer's implied precision. I'm sure it said it something like it was safe to fly after 6 hours and 18 minutes. Digital readouts imply greater accuracy than is often actually present, whether it is regarding a safe number of minutes to fly displayed on a dive computer or milliseconds until your cake is ready on the microwave. Placing one's life on th eline using this implied but non-existent accuracy is very dumb. All that apparent accuracy is totally useless given your original parameters were wild-ass guesses and approximations to begin with.
On the other hand, one does tend to take for granted, for example, supervised or standardized testing procedures / quality control to be in place regarding such products as airbags in cars, and as was mentioned in earlier posts, medicinal equipment. And a lot of this goes for guns, too, though i don't mean to start an NRA/regulation flamewar here.
Manufacturers of gear in the more critical fields are definitely aware that consumers expect them to adopt adequate safety measures. Does this make the cover-up worse? In principle, I'd say yes. But legally, I dunno (IANAFL) ... Of course, once you plunge in, that's your own decision. And my diving instructor did in fact tell us, even with all these fancy computers around these days, know your dive tables and multilevel wheel. Plan the dive and dive the plan.
But one does wonder, who should start initiatives to protect such specific consumers? Organisations of peers (PADI, in this case)? Government? Or is it, in the end, as simple as: every man for himself? Seems to me that these scattered, fragmented suits that the article mentions, are bound to be less effective than a collective effort could be.