Slashdot Mirror

← Back to Stories (view on slashdot.org)

Can Software Kill?

Posted by ryuzaki0 on from the of-course dept.

mykepredko writes "Eweek has an interesting, if somewhat long article titled Can Software Kill? The article focuses on a programming error that resulted in 28 Panamanian cancer patients receiving many times an expected lethal dose of radiation. The article briefly mentions, but doesn't go into detail, the 1991 Patriot Missile Failure that resulted in the deaths of 28 American service men and women."

42 of 562 comments (clear)

  1. Sure it can kill. by grub · · Score: 5, Funny


    Can Software Kill?

    Certainly. A complete set of Novell manuals dropped from 40 stories up packs the same kinetic energy as a 10 car freight train moving at 80 km/h.

    --
    Trolling is a art,
    1. Re:Sure it can kill. by micromoog · · Score: 5, Funny

      Given the choice between that and actually reading them, I'll take the 40 stories. At least then I have an outside chance of survival.

    2. Re:Sure it can kill. by Charlton+Heston · · Score: 5, Funny

      Any tree that would voluntarily take part in Novel documentation deserved to die.

      --
      Get your stinking paws off me you damn dirty ape
    3. Re:Sure it can kill. by robslimo · · Score: 5, Informative

      Ha, ha.

      It's a serious topic, even more so since the over-radiation shit in Panama happened so recently.

      The infamous Therac-25 incidents happened between 1985 and 1987 and should be required reading... too bad the three Panamanian medical physicists cited in the article hadn't paid attention to it.

    4. Re:Sure it can kill. by maxwell+demon · · Score: 5, Funny

      He was talking about throwing the manual, not the terminal. Although being hit by a terminal thrown from a few stories high might actually be terminal as well.

      --
      The Tao of math: The numbers you can count are not the real numbers.
  2. Software that kills... by bmorton · · Score: 5, Funny

    Apparently it can only kill people in groups of only 28.

    1. Re:Software that kills... by fizban · · Score: 5, Funny

      Yeah, 7-bit operating systems kill in groups of 28. 8-bit systems kill in groups of 32.

      --

      +1 Insightful, -1 Troll. What can I say, I'm an Insightful Troll.

    2. Re:Software that kills... by Adriax · · Score: 5, Funny

      That's a hardware limitation they hope to have fixed before too long.

      --
      I don't suffer from insanity, I enjoy every minute of it!
    3. Re:Software that kills... by Theodore+Logan · · Score: 4, Informative

      And 64 bit integers converted to 16 bit integers kill, if not people, at least big budgets.

      --

      "If you think education is expensive, try ignorance" - Derek Bok

  3. answer to subject: by Anonymous Coward · · Score: 4, Funny

    No.

    Next story please, does it look like I have work to do?

    1. Re:answer to subject: by maxwell+demon · · Score: 4, Funny

      Not even if it's a killer app?

      --
      The Tao of math: The numbers you can count are not the real numbers.
  4. Why 28 deaths? by _xs_ · · Score: 4, Funny

    Is 28 deaths the level at which we get concerned?

  5. Lethal Weapon by AtariAmarok · · Score: 4, Funny

    If software is outlawed, only outlaws will have software.

    --
    Don't blame Durga. I voted for Centauri.
    1. Re:Lethal Weapon by shystershep · · Score: 4, Insightful

      Software doesn't kill people; programmers kill people.

      --
      The bigotry of the nonbeliever is for me nearly as funny as the bigotry of the believer. - Albert Einstein
  6. Of course! by zuikaku · · Score: 5, Funny

    One must be very careful when you kill -9!

  7. EULA's by onyxruby · · Score: 5, Interesting

    If a software maker is found negligible and convicted of manslaughter (unintentionaly causing death) due to buggy software, would that void out the whole EULA business since they all claim they can't be held responsible? Or would the burden pass on the poor chap that used it for being irresponsible enough to use something where the maker couldn't be held accountable? Lets's face it, why are only software companies able to make themselves free from accountability when every other industry has to design for it?

    1. Re:EULA's by Unknown+Relic · · Score: 5, Insightful

      I'm not positive, but aren't most of these type of disclaimers saying something along the lines of "We do not give permission for this software to be used in environments where failure could result in loss of life. In the event of such unauthorized use, we will not warranty the product, nor be held accountable for any damages it may cause"? If this is the case, than I have no problem with this, as they are saying the software isn't good enough to use in such a situation, if you do so, you're on your own. Anything that's mission critical to a degree where lives depend on it, should be licensed with that in mind (which I imagine software for nuclear power plants, etc. is).

      If the organization that's being entrusted with people's lives cheaps out and uses software in environments it's not rated for, there's no way the manufacturer should be held liable. It's not different than tires on cars. If you're ripping around at 150mph on non Z-rated tired, and one blows, it's your own damned fault, not that of the manufacturer.

    2. Re:EULA's by stratjakt · · Score: 5, Interesting

      What other manufacturer would be held accountable?

      My TV comes with a warrantee, but that says they wont be liable for any damage or caused by the use of the tv.

      I bought a bucked of concrete paint a week ago. It's guaranteed not to fail, but that guarantee doesnt cover the cost to remove/strip/repair the damage caused by bad paint (thousands), just 20 bucks for a new can of paint.

      In court you'd have to prove negligence or deliberate behavior. You'd have to prove Sony designed the TV to electrocute you, etc.. The fact they get it UL listed is enough to get past that.

      For software you'd have to show that they deliberately put the flaws in, or knew about the flaws and didnt care (depraved indifference)..

      But I'm no lawyer so who knows.. Everyone can go fucking sue everyone else.

      All I know is if Dr Pib puts a family member on an untested, unproven life support system, and it fails, I'm suing the Doctor.

      --
      I don't need no instructions to know how to rock!!!!
  8. Yes by paranode · · Score: 5, Insightful

    Software can kill, just like any other stupid mistakes if left unchecked.

    insert open source plug here

  9. Software? no - humans, yes. by smharr4 · · Score: 4, Insightful

    Software will only kill people through bad programming.

    It is humans that make the underlying mistakes

  10. Tonight on Fox... by The+I+Shing · · Score: 5, Funny

    Tonight on Fox...

    WHEN SOFTWARE ATTACKS!
    with host Mitch Pileggi

    --
    You are in error. No-one is screaming. Thank you for your cooperation.
  11. Therac-25 by addaon · · Score: 4, Informative

    Anyone who hasn't read this paper, should.

    --

    I've had this sig for three days.
  12. software does not kill... by dummkopf · · Score: 4, Insightful

    ... dumb programmers kill!

  13. Software cannot kill ... by maxwell+demon · · Score: 5, Insightful

    ... but it can make the hardware controlled by it kill.

    --
    The Tao of math: The numbers you can count are not the real numbers.
  14. A dumb question, yet a good one by phorm · · Score: 5, Interesting

    Can negligence in any area kill? Yes.
    Software is no different from hardware in this aspect. If it is handling mission-critical or potentially-lethal equipment... great care should be taken to ensure its integrity.

    Trusting those that make your irraditation software is no different from trusting the those that made your life-support hardware.

    Human error, or mechanical, can mean death in both cases. If the error is glaring, it becomes a case of negligence.

    Unfortunately in cases of software or even computer hardware operating environment becomes an often overlooked factor. Stress tests are needed... data collisions checked for, line noise, redundancy, etc. When we're talking about people's lives, that extra parity bit can be just as important as a backup-parachute...

  15. Set Phasers on Stun by jhines0042 · · Score: 4, Informative

    A good book that tells how technology can cause death, destruction, and mayhem entitled "Set Phasers on Stun". Includes the Therac radiation machine accidents, nuclear accidents, and many other odd stories.

    --
    42 - So long and thanks for all the fish.
  16. It can only be attributed to human error by Trolling4Dollars · · Score: 4, Funny
    The article focuses on a programming error that resulted in 28 Panamanian cancer patients receiving many times an expected lethal dose of radiation.

    So are you saying they INTENDED to kill their patients and this software just did it more efficiently? ;P

    --
    Un-news
  17. RISKS Digest... by Dr.+Zowie · · Score: 4, Informative
    ... is a forum that talks about specifically this kind of stuff. Being moderated the old-fashioned way, with a benevolently autocratic editor, it has much higher quality posts than the /. average.


    There was a good discussion of this event some months ago; the current issue has blurbs on topics ranging from computer viruses to aircraft cockpit management.

  18. ethics & liability by v_1_r_u_5 · · Score: 4, Interesting

    There must be a point where software makers can no longer say "DISCLAIMER: IF WE BREAK YOUR MACHINE, IT'S NOT OUR FAULT." If you look at every piece of software's license, you'll see a clause like that. Imagine if every industry took that approach:

    DISCLAIMER: IF YOUR CAR'S BRAKES FAIL, IT'S NOT OUR FAULT. TOUGH LUCK!

    DISCALIMER: IF THIS MEDICINE KILLS YOU, OH WELL.. NOT OUR FAULT!

    etc.

    Some laws must be passed and software makers must be held accountable- they should no longer be able to hide under the big umbrella of the disclaimer.

  19. Yes. It can. by Mr.+Slippery · · Score: 5, Informative

    Sadly, this is nothing new.

    Every software developer needs to read Peter Neuman's book Computer-Related Risks , and keep up with the Risks digest (comp.risks).

    Learning from other's mistakes is much less painful.

    --
    Tom Swiss | the infamous tms | my blog
    You cannot wash away blood with blood
  20. Re:Patriot missile -- really a "failure" by irokitt · · Score: 4, Informative

    The problem was actually one of training and clueless operators. IIRC. the coordinates of the missile launcher had to be updated several times a day. The technicians went several days without doing so. A Scud flew into the area the Patriot was supposed to be protecting, but the system was so confused as to where it was that it thought it was another batteries' responsibility and did nothing. The Scud crashed into an area with Coalition troops and killed 28, the largest death toll due to a single action in Desert Storm.

    --
    If my answers frighten you, stop asking scary questions.
  21. Re:of course it will by Bombcar · · Score: 5, Insightful

    You see, if I'm a doctor, and I screw up and overdose you, it isn't a news item. I'll get reprimanded, maybe sued. No one will even notice if it happens many times, because each time it is a different doctor in a different circumstance.

    But if I'm a computer software engineer and have a bug in a program that gets 3 people an overdose, then it will be noticed and much howling will be done over it. Even if the total number of errors have gone down, the type of error is new and there is a common factor between all the cases. And so we will complain.

    And, I think, rightly. Computers are a tool, not to be trusted, always to be checked. I fear many people believe the computer can never be wrong (because it is so complex as to be indistringuishable from magic, and magic is never wrong) - perhaps this is why there isn't much howling about Diebold voting machines: It's digital, so it must be better!

    --
    Fellowship 9/11
  22. Sure it can by aduzik · · Score: 5, Insightful
    Software is an engineered thing, just like any other tool upon which we rely. Think about airplanes, which occasionally have mechanical failures in flight. Think about Columbia, which burned up because of engineering defects. So, if the software is flawed, it will certainly cause eventual damage. Sometimes it's benign -- restarting Word isn't so big a deal -- but sometimes it's catastrophic.

    This is why I've always thought it's vitally important to have good, precise specifications in place and excellent quality assurance for any life-critical application. It's even better with many eyes overseeing every step of the process -- wait... that smacks of open source, doesn't it?

    If you ask me -- and you haven't, but I'll tell you anyway -- what would be the best way to prevent catastrophe, it would be to PREVENT CHANGES TO THE SPEC. In college, our software engineering prof. gave us an assignment, then halfway through, she changed the spec on us. Well, not surprisingly, there wasn't a single project that worked faultlessly, and many of us were doing really well before that.

    Software itself doesn't kill people. Bad software written by overworked developers writing to a constantly-changing specification with not nearly enough QA does. That is, people inadvertantly -- we hope -- kill people with software. Yeah yeah, it's cliche, but it works.

    --
    If it's not one thing it's your mother.
  23. Is this what you meant? by Anonymous Coward · · Score: 5, Funny

    Microsoft Windows: A thirty-two bit extension and graphical shell to a sixteen-bit patch to an eight-bit operating system originally coded for a four-bit microprocessor which was written by a two-bit company that can't stand one bit of competition

    -- author unknown

  24. We Need Software *Engineers* by Vagary · · Score: 4, Interesting

    The problem is that in every other development environment, the legal liability ultimately rests on the engineer who signed off on the quality assurance. But because software developers are not professionals and have no professional code of conduct, their signatures are meaningless. The only way software can become as reliable as other engineered products is to create the profession of software engineering*. And I'm not just talking about giving CompSci students a ring: many CompSci curriculums don't require any engineering techniques at all, and those that do usually devote less time to engineering than they do to sorting algorithms. The software industry requires fundamental changes, and legal liability is at most the catalyst.

    * Yes, I know there are a couple of schools out there that offer SoftEng degrees, but until industry distinguishes them from CompScists and requires the engineering designation for key positions they are meaningless.

  25. Umm.... Cruise Missiles? by RockClimbingFool · · Score: 4, Insightful

    Last time I checked, we don't have a bunch of kamakazi pilots for our Tomahawk Cruise Missiles. We make software to intentionally kill people all the time.

  26. This is why I quit by willpost · · Score: 4, Insightful

    I was working for a desktop consulting company, and I was the only database developer there.

    One of my customers wanted to convert a database, and originally I thought, no problem just convert some tables and redraw some forms.

    It turns out this database was also going to store information about blood matching, transplants, and it would also calculate daily drug doses for the nurse to sign off on for kids getting marrow transplants. Success is measured in how many months the kid gets to live.

    If I was working on a team using a more robust platform I might have had more confidence to push forward. However, this is Microsoft Access and i'm the only guy who would know how this thing would work. This means it would be very easy for some kid's death to point towards me.

    So I quit.

    By the way, if anyone has work for a database developer, feel free to contact me at will_spangler@juno.com. I'm quite good with MS Access.

    1. Re:This is why I quit by YrWrstNtmr · · Score: 4, Insightful

      What you should have done is to point out the failings in their current system, i.e Access. Point them towards a more robust solution, that will actually work for their needs. Then built it, and charged through the nose for it.

      As it is, you left the thing to be built by someone else. On an insecure system. Possibly with worse skills than you.

      Sometimes the developer has to push back against managements wishes. You might have won, but at worst, you'd be no worse off than you are now.

  27. Worry About This Every Day by Chokai · · Score: 4, Interesting

    The next time you visit the doctor watch the workflow of the office staff. Increasingly chances are they will probably be entering your medical information, and I mean the clinical stuff, not your address into some type of computer system.

    I currently work for a small Electronic Medical Records company. At some level I worry about potentially killing someone every day. In fact our bug tracking tool has a special category in it called "Patient Safety" which is the highest priority bug. We deal with things most of you probably wouldn't think of such as a tool for writing Prescriptions, which given the fact that many drugs interact ( potentially fatally) has to catch and alert the physician to such cases. I also deal with lab results which if reported incorrectly could lead to a potentially fatal decision by the doctor and so forth.

    Consultants and pundits like to say that computer control reduces the chances of human error and failure, this is said IMO to comfort the masses. To state the obvious I suspect EVERYONE on Slashdot knows that in reality that statement is not true, the human error has just been moved to a different point in the chain. A tired programmer is just as likely to make a mistake as a tired machinery operator. The difference is that that software might be used by 5,000 machines, whearas that operator runs 1.

  28. Many modern warfare weapons use software by Kegetys · · Score: 4, Insightful

    If that Patriot missile failure counts as a "software kill" then surely software does kill; Look at the amount of people killed in Iraq for example by different types of bombs and cruise missiles that are guided (and detonated) by software.

  29. Re:You clueless cretin. by canajin56 · · Score: 5, Informative

    The Davis-Besse nuclear reactor in Ohio was running its safty monitoring systems on an NT server. And it got infected by Slammer and crashed. Fortunatly, the system had an analog backup, and the reactor had already been offline all year, after inspectors discovered a 6" hole through the cement in the reactor head, which left the core exposed.

    --
    ASCII stupid question, get a stupid ANSI
  30. SCADA software certainly can... by blueZ3 · · Score: 4, Interesting

    In a former life ( :-> ) I was employed by a large multi-national that worked with utilities. Some of our software used SCADA protocols to remotely switch breakers - not household breakers, these switches control significant segments of the US power grid. All the software and documentation contained numerous warnings, because if a utility employee manually switched of a segment to make repairs, and switch was remotely turned on, someone could be killed. There are numerous other software applications that control (potentially) deadly devices - robots, industrial equipment, etc. Failure of the software, or problems with operator headspace, create a potential for death when working with almost any software that controls physical entities.

    --
    Interested in a Flash-based MAME front end? Visit mame.danzbb.com