Slashdot Mirror
Court Orders Breathalyzer Code Opened, Reveals Mess
Death Metal writes with an excerpt from the website of defense attorney Evan Levow: "After two years of attempting to get the computer based source code for the Alcotest 7110 MKIII-C, defense counsel in State v. Chun were successful in obtaining the code, and had it analyzed by Base One Technologies, Inc. By making itself a party to the litigation after the oral arguments in April, Draeger subjected itself to the Supreme Court's directive that Draeger ultimately provide the source code to the defendants' software analysis house, Base One. ... Draeger reviewed the code, as well, through its software house, SysTest Labs, which agreed with Base One, that the patchwork code that makes up the 7110 is not written well, nor is it written to any defined coding standard. SysTest said, 'The Alcotest NJ3.11 source code appears to have evolved over numerous transitions and versioning, which is responsible for cyclomatic complexity.'" Bruce Schneier comments on the same report and neatly summarizes the take-away lesson: "'You can't look at our code because we don't want you to' simply isn't good enough."
Poorly written code is one thing, but does it ultimately work?
Lint, as a static code analyzer, is bound to have false positives. More so in embedded systems, where you're dealing with registers and occasionally "violating" type safety where no type adequately exists. It's really not super surprising that 60 percent of the code is reported by Lint.
I Browse at +4 Flamebait
Open Source Sysadmin
Er, why would it need or be expected to be? It's a commercial product. I don't think most bank websites are "coded" to any specific standard either.
Often wrong but never in doubt.
I am Jack9.
Everyone knows me.
Clearly their programmers were not drunk enough when making this. Or, they were too drunk.
not written well, nor is it written to any defined coding standard
Ah, so it's like most of the code in the world.
Ok, I'm not happy that some people almost certainly were measured inaccurately by these things. I'm not happy that this company was allowed to pull this kind of shit -- when you do government contracting, the government should own what you do.
However, I am very glad that the precedent has been set.
And I am especially glad that not only is there precedent, but there's a real live example of why we need this stuff to be open.
Don't thank God, thank a doctor!
...from the article:
So, make sure to strip out those TODOs before checking in the code. Bah!
The Army reading list
80% of the code in business fits this description. With 20 year old legacy code written by 50 consultants, then upgraded in India, then ported from one platform to another to another, and a database engine switch or two. Code gets senile. What do they expect? Good thing we're all just commodities... human lego bricks easily replaced with cheaper plastic.
Disconnect your television. Do your own research. Draw your own conclusions. They're probably lying. Don't be a sheep.
I don't think most bank websites are "coded" to any specific standard either.
http://www.myshop.com.tr
Just because code is not written to some official standard does not mean it is guaranteed to be buggy. Undisciplined coding is as bad as undisciplined specifications - results can indeed be ugly. It is preferable if the coders follow good practices, and there ideally would be a clear system for specifying program behaviour in testable ways. It is easier to produce good code with robust behaviour if good practices are followed from design through coding to testing and documentation, but it is not impossible to achieve good results in other ways also.
Did they find any coding bugs, or did they just criticize the approach to coding?
Those who can make you believe absurdities can make you commit atrocities. - Voltaire
What is the typical variance of the readings? Does the division use the simple built-in rounding down or have they added rounding? What range of values can the breathalizer represent? Is this device used as the only device to determine intoxication level?
Ultimately the question boils down to has anyone been convicted directly as a result of one of these when their blood alcohol level was within legal limits?
And the kicker? The new version of the breath tester runs Windows:
While Draeger's counsel claims that the "The Alcotest [7110] is the single best microprocessor-driven evidential breath tester on the market", Draeger has already replaced the antiquated 7110 with a newer Windows® based version, the 9510. The computer code in the 7110 is written on an Atari®-styled chip, utilizing fifteen to twenty year old technology in 1970s coding style.
Good luck getting the source code for that one, or analyzing it for bugs.
Just read Schneier's comments. He cites some of the more important things:
Readings are Not Averaged Correctly: When the software takes a series of readings, it first averages the first two readings. Then, it averages the third reading with the average just computed... There is no comment or note detailing a reason for this calculation, which would cause the first reading to have more weight than successive readings.
That alone should be enough -- the readings are not averaged correctly. But it goes on:
The A/D converters measuring the IR readings and the fuel cell readings can produce values between 0 and 4095. However, the software divides the final average(s) by 256, meaning the final result can only have 16 values to represent the five-volt range (or less), or, represent the range of alcohol readings possible. This is a loss of precision in the data; of a possible twelve bits of information, only four bits are used. Further, because of an attribute in the IR calculations, the result value is further divided in half. This means that only 8 values are possible for the IR detection, and this is compared against the 16 values of the fuel cell.
So we know it's buggy and inaccurate, to a moronic degree. If that wasn't enough:
Catastrophic Error Detection Is Disabled: An interrupt that detects that the microprocessor is trying to execute an illegal instruction is disabled, meaning that the Alcotest software could appear to run correctly while executing wild branches or invalid code for a period of time. Other interrupts ignored are the Computer Operating Property (a watchdog timer), and the Software Interrupt.
So, basically, it's designed to always return some value, even if it's wildly inaccurate, and even if the software is executing garbage at the time.
In other words: It appears to be a very low-level equivalent of Visual Basic's "on error resume next".
Whiskey. Tango. Foxtrot.
So to answer your question: No, it does not work. Even if it did somehow work, there's obviously an unacceptably poor level of quality control here.
Don't thank God, thank a doctor!
So I can't tell if this analysis of the code indicates that the breathalizers in question are somehow flawed. Perhaps they're coded inelegantly or poorly, but do they actually spit out inaccurate numbers?
This will not stop the state from using this to make a felon of you.
The Navy Motto "IF it ain't broke Fix It" "A day is wasted if you don't learn something new"
If you got your hands on and analyzed the sourcecode to most DVD' players, TV's (Panasonic runs linux!) and other devices that are complex you will discover that in order to ship it earlier the code is an utter mess.
Programmers are not joking when we complain about the "It compiles? Ship it!" statement.
the fault is the Executive staff that refuse to listen to their experts (programmers) and do what they recommend. Instead we get morons that know nothing about programming making unrealistic deadlines and forcing death march coding marathons to give up the mess we have today.
Do not look at laser with remaining good eye.
I thought it was funny.
12. Defects In Three Out Of Five Lines Of Code: A universal tool in the open-source community, called Lint, was used to analyze the source code written in C. This program uncovers a range of problems from minor to serious problems that can halt or cripple the program operation. This Lint program has been used for many years. It uncovered that there are 3 error lines for every 5 lines of source code in C.
While Draeger's counsel claims that the "The Alcotest [7110] is the single best microprocessor-driven evidential breath tester on the market", Draeger has already replaced the antiquated 7110 with a newer Windows® based version, the 9510.
If a breathalyzer was a person, it would be required to be schooled and licensed in the appropriate field of study to be used as evidence at a trial. I might have an amateur interest in ballistics, but I'm not qualified to testify about it at a trial, regardless of the fact that I'm possibly more familiar with my particular firearm than the expert witness hired.
Have you been touched by his noodly appendage?
Cyclomatic complexity? http://en.wikipedia.org/wiki/Cyclomatic_complexity
What the heck does that mean? A 6502?
About freakin time someone put that stupid test to the test, I always knew them to be sometimes buggy, especially when I know some people to have passed that test, when they could have not even stood up on their own, and yet someone who has no discernable symptoms of being drunk, was blowing way over the limit...for sure there were bugs in their system, all systems have bugs...
if M$ cant program without bugs, why do they think they could?
SysTest said, 'The Alcotest NJ3.11 source code appears to have evolved over numerous transitions and versioning, which is responsible for cyclomatic complexity
I'm pretty sure the paths through the program measure the cyclomatic complexity. Not that fact that it has numerous 'transitions' or versioning.
Looked through TFA but don't see the actual code. Just curious if that was released to the public, or if only the reports on it were.
At a previous job we had to buy a third-party driver for an embedded PCMCIA controller. The software vendor delivered code that (the first time around) produced about 1200 lines of warnings when we compiled it. We queried them about it and they responded that "we don't compile with warning output enabled". Our reply to them was that our coding standard was that the compile would fail on warnings, and we wouldn't accept their code unless they fixed all the warnings... they cleaned up their act, and fixed a couple of previously unresolved problems in the process.
Less is more.
the issue is not just how bad the code looked it was the crap that was in the code. for something that like what the article is talking about it needs to be accurate. as my programing professor used to say. "crap in crap out"
Seriously, is anyone actually shocked by this? Their code is protected by copyright, so it's not like anyone can simply take the source code and use it. And it's not like there's some sort of secret in the medical proven fact that, generally speaking, a certain percentage of alcohol in a person's breath indicates a corresponding percentage of alcohol in the same person's blood supply. So the only basis the company had to refuse to release the code was because they knew it was a mess.
If someone says he and his monkey have nothing to hide, they almost certainly do.
Which is why things like this http://en.wikipedia.org/wiki/MISRA_C exist.
It would have to be written correctly to work, wouldn't it? even if the code runs flawlessly: It doesn't average correctly. It tries several times to analyze a sample, but then averages them incorrectly, point 2 FTFA. They can program, but failed basic math.
In general, I was under the impression that the standard for criminal cases were weighted heavily to reject any technique, evidence, or device that had any appreciable chance of a false positive.
Have you been touched by his noodly appendage?
It appears that the NJ Supreme Court wasn't swayed too much by the source code evaluation. They're planning on reinstating the device with only minor modifications.
Xfce: Lighter than some, heavier than others. Just right.
The source code was a miserable mess. But I didn't see anywhere that the source code caused the machine to give spurious or inaccurate results. Much ado about nothing?
A NYC lawyer blogs. http://www.chuangblog.com/
10 REM Alky 0.1 A. Coder 2001
20 REM Turn off lights and buzzer
24 POKE 201,0
26 POKE 202,0
28 POKE 53280,0
29 REM Any Breath?
30 IF PEEK(200) = 0 THEN GOTO 30
32 REM Buzzer
33 POKE 53280,1
34 PAUSE(2)
35 POKE 53280,0
36 REM Lights...
40 A = 10 * RND(1)
50 IF A > 5 GOTO 80
60 REM Red light
70 POKE 201,1
75 GOTO 100
76 REM Green Light
80 POKE 202,1
100 PAUSE(3)
120 GOTO 20
AT&ROFLMAO
Is that like the recipe to the Big Mac? That should be a secret, or we won't get innovation in taste.
Any static analysis is going to have false positives. There are better tools available than Lint, but even those tend to have enough false positives to make the percentage look fairly horrible.
Just because it cries wolf a lot doesn't mean that it's not occasionally correct.
If I were the manufacturer, at this point I'd say: (1) lawyers are expensive; (2) competent programmers are expensive, but less expensive than lawyers; (3) our business is selling the beathalyzer, not the software, so we gain nothing by keeping the source secret; (4) this publicity is hurting us; (5) let's hire some more competent programmers to clean up the code, and then we can make it public; (6) profit!
This is different from the case of the voting machines. In the case of a voting machine, there are lots of people who might be motivated to hack it, lots of people have access to the machines, and it only takes one compromised machine to throw a close election. If you believe in security by obscurity, then there is at least some logical argument for keeping the voting machine code secret. In the case of the breathalyzer, there's not even that lame argument.
Find free books.
Do they keep booze on hand for unit testing?
-- if you mod me down, I will become more powerful than you can possibly imagine
So... what about all those people who have been found guilty after being tested with those devices? What happens to them?
The good: This particular breathalyzer has been proven to be the unreliable POS that it apparently is. This unit, and others like it, will finally start being held to a stronger coding standard.
The bad: every sleezeball, ambulance chasing, "call lee free", douchebag of a lawyer will use this case to attack the credibility of any and all breathalyzers made in the past, present, or future, spreading enough FUD to juries everywhere that an unacceptable number of drunken idiots get the God given right to keep their license until they finally end up killing someone.
As a person, I think groups like MADD spend most of their time trying to scare monger politicians into pushing us as close to prohibition as possible. I believe that alcohol can be used responsibly. But I also know that this case is going to result in DUI's getting overturned for people that damn sure don't deserve it. Borderline cases will get knocked down, cases will get thrown out, and the people that broke the law, that did something wrong, will walk out of a court room 'vindicated.' They didn't do anything wrong when they had six beers and drove home, it was that confounded *machine* that *said* they broke the law. The *machine* was busted, ergo they didn't break the law. In short, this case is going to make a lot of O.J. Simpson's. The jury said they didn't commit a crime, so they didn't. No harm no foul. Technicality? Bah! They're as innocent as the sweet baby Jesus.
I'd like to think things will wash out in the end. This case will probably end up making it harder to get off on this particular technicality in the long term. In the short term? Here come the appeals. Maybe the state is partially at fault for buying shoddy equipment. (Or maybe not. Did they do a code review? Do they have the resources to one? Probably not. Did you do a code review of the 3com switch in your server room? Their selection criteria can certainly be questioned, but it probably doesn't change the fact that someone drank enough to blow a .22 then decided to drive home.)
But in the end, the drunks are still going to be drunks. And tomorrow some of them will probably get to file appeals, and some of the ones that shouldn't be on the road, or even in public, will get to slip out of this brand new loophole. I'm not sure that that deserves a cork-popping celebration.
(and yes: We all handle our booze differently. Arbitrary limits that determine "drunk" may or may not be the answer. Hardcore drunks will keep driving even after losing their license. DUI's are as much moneymakers for the States as speeding tickets. Yadda yadda yadda.)
There are some people that if they don't know, you can't tell 'em.
"While Draeger's counsel claims that the 'The Alcotest [7110] is the single best microprocessor-driven evidential breath tester on the market', Draeger has already replaced the antiquated 7110 with a newer Windows® based version, the 9510."
The new improved version is Windows based...
From his report:
"When the software takes a series of readings, it first averages the first two readings. Then, it averages the third reading with the average just computed. Then the fourth reading is averaged with the new average, and so on. There is no comment or note detailing a reason for this calculation, which would cause the first reading to have more weight than successive readings."
Wrong, Bruce. The first two readings have the least weight, and each subsequent reading has the same weight as all the previous readings combined.
Average after two readings = (r1 + r2) / 2.
Average after the third = ((r1 + r2) / 2) + r3) / 2.
Average after the fourth = (((r1 + r2) / 2) + r3) / 2) + r4) / 2.
The last average boils down to r1/8 + r2/8 + r3/4 + r4/2.
Makin' good money selling your books, are ya Bruce?
My quick read of the averaging method implies that the average is one half the last reading plus one half the previous average. Just a simple way to do a running average. More importantly what are the error limits using the device. If the limit is 0.08 % and it reads 0.09 what is the +/- bounds? How is it zeroed and spanned will of course be important as well.
What does this imply for the commercial software development world? Can THEY be held to produce code and be punished for sloppy code, even if their code is used in medical areas, nuclear power plants and other places?
Imagine if FINALLY people trying to sue msoft and other can have their winning day in court. What this could mean is that WE, the consumer, stop or reduce getting dragged through upgrade cycles of crap code, paying for code that was released on a marketing schedule rather than a "85%-95%ready" benchmark.
Previously: "Linux... Toward the Sunrise..." Now: "Linux... Toward the-- No, now, part of Every Sunrise"
If I'm reading this right, the most recent reading is given a 50% weight: new_average = (latest_reading + previous_average)/2. That would actually give readings in the past less weight, in some convoluted way. This is better than giving the first reading the most weight, but yes, the "average" is still not an arithmetic average.
I work on embedded system stuff every day. At the end of the day, there are NO lint warnings in my code. First, I tend to avoid coding practices and designs that generate lint warnings. By and large, lint warns for a good reason most of the time. Second, in the limited number of situations where lint flags something incorrectly, there are methods for silencing the warnings via special comments. I'm currently working on a 50000 line project, and there are about 70 places in the entire code base were we had to tell lint to ignore a warning. Each warning suppression is documented as to why lint is incorrect.
Lint isn't a perfect tool by any means but in my opinion, anyone developing C code without it is not acting in a professional manner.
With something like the breathalyze, it probably involves complex engineering calculations, so the code is probably written by an engineer with limited programming ability. I would expect trial and error, patchy code to come form calculations based on empirical data.
it's probably just like all the other FORTRAN codes out there written by engineers that are ugly, but give us right answers day in and day out.
Sure the code is bad, buggy and looks like spaghetti. The only thing a judge is going to care about is the results. If you can test a bunch of different samples and get consistent results it passes and works who cares what the code looks like. But if it returns inconsistent results, then there is a problem.
Get a person drunk, measure their blood alcohol level with some known good method, measure it with a few of these devices, and see how close they all are. How is a doomed-to-not-convince-judges approach of analyzing the device's inner workings to describe how they could fail better than simply demonstrating that the devices fail? Do the devices not fail?
The real question is "Does it work repeatedly, reliably, and accurately?"
It doesn't matter how complex and/or ugly the code is if the code works beautifully.
There is no "-1 offended" or "-1 you don't agree with me" mod options for a reason.
Typical "enterprise-ready" "industrial grade" code.
Before these things came into service, who approved them and what was their test procedure? Did they just look at the brochure?
'Oooh, this magical box is super accurate, lasts 18 hours on a single set of batteries and is available in a variety of exciting colours! Let's buy a thousand, hell it is taxpayer's money, let's buy a hundred thousand!'
They whose government reduces their essential liberties for temporary security, receive neither liberty nor security.
> not written well, nor is it written to any defined coding standard
Sorry, what relevance does this have? He's not going to be let off the hook because the company has nigh maintenance and churn costs.
Where is the report on whether this actually measures what it's supposed to measure and is valid from a functional perspective?
Accuracy, not code quality is relevant to the case.
Most production code is crap.
Most - if not all - developers know it.
What matters is, are the results accurate?
Question everything
Er, why would it need or be expected to be? It's a commercial product. I don't think most bank websites are "coded" to any specific standard either.
No, but their bank machines probably are. On one side they don't want to lose money and the other they don't want to be sued for losing customer money. Code is held to a higher standard when something critical is at play, or at least should be. The vast majority of web sites (all?) wouldn't even enter that category, so if there is an odd bug no one is going to care.
Jumpstart the tartan drive.
...teh programmr had ot get drnuk to tesst iit *hic*
Table-ized A.I.
Is the report or the source code available? I don't see any links to them.
It can't be that bad. Poor coding and bad design aside, it obviously passes some standard test and periodically get recalibrated. There's no mention of whether the errors such as incorrect flow measurements would cause low or high results.
Besides, the breathalyzer is usually only used to prove your drunk after its obvious by your mannerisms. Its a bit rare to test sober people ya know.
"DUI defendant finally gets access to breathalyzer code, ironically finds developers were probably drunk when they wrote it". http://www.fark.com/cgi/comments.pl?IDLink=4387892
How about:
int main (void)
{
if(BAC>0.0008)
{
sprintf("Jail");
}else
{
sprintf("Home");
}
}
How hard can that be!?
Worldwide Military budgets: $2100 billion. Worldwide Space Exploration budgets: $38 billion. Really, world? Really?
Please indicate where it is proven to be unreliable. What I see in the report is a lot of criticism of the design and implementation of the code. I see the design of the code would not be acceptable to the U.S. military or the U.S. government and that it would not pass an unnamed standard. I see many "should"s and "can"s and "might"s.
What I don't see is anything that proves the device itself is unreliable.
Did they test the code, and if so what were the results of the test? Were they able to show the device does not work accurately and reliably? I see nothing of that in the report.
There is no "-1 offended" or "-1 you don't agree with me" mod options for a reason.
Are you one of those Twitter users? Is that the latest way of speaking on that?
The only correct answer to the question, "Have you had anything to drink tonight sir?" is "No."
Anything else you say can cause you problems.
If I were God, wouldn't I protect my churches from acts of me?
10 GOTO 10
A moving average is useful if you don't have a large enough data type to store the sum of all the values.
No, it's not. It's 2009, and bits are cheap.
paintball
most of the time. The real question is, does it work all of the time, every time?
"National Security is the chief cause of national insecurity." - Celine's First Law
Here's a novel idea. When traffic police arrest dangerous drivers, whether sober or drunk, they use the in-car camera to record the driver's dangerous behavior. You could be completely sober, wearing a seat belt, and have all lights and safety equipment on your car in perfect condition--but the dash-cam video will show your unwillingness to drive safely.
Instead of tackling drunk driving specifically, how about just tackling dangerous driving? There are plenty of drivers who are extremely dangerous while sober, yet nothing is done about them.
Lint isn't a perfect tool by any means but in my opinion, anyone developing C code without it is not acting in a professional manner.
Corrected to read "Anyone developing C code is not acting in a professional manner"
You know, this would be pretty easy to do:
Get about 100 people, men, woman, kids (oops, not that).
Give them measured amounts of alcohol in beverage of choice. Have some designated fruit juice drinkers. Draw blood for blood alcohol (reference test), do breathalyzer test simultaneously. Record results.
Give to statistician. Analyze results.
Shouldn't be too hard. Where do we sign up?
Faster! Faster! Faster would be better!
I think that cases where .22s are blown are not going to be thrown out just on a faulty breathalyzer argument. Those people are usually detained and then have their blood tested at the police station. Anyone who is that drunk (and is clearly very dangerous) is going to have a way high reading even two hours later. So, in those cases, there should be a mountain of evidence.
Breathalyzers reasonably have a 30% margin of error, sometimes even more, depending on physiological differences between people. People get DUI tickets at a sobriety checkpoint for drinking two glasses of wine with dinner and registering enough to be over a 0.08, or worse in some states, a 0.06 BAC limit. That's ridiculous.
That may be legal, but the DMV has its own set of rules. Merely refusing a roadside breathalyzer can automatically result in a suspension of your driver's license, regardless of what a blood sample later shows.
OK, LOTS of strange posts from people who claim to have read the article but only see that it's bad code, not actually broken.
Read it again. It's broken from a legal liability and trustworthiness standpoint. It's broken from a precision standpoint. It's broken from an algorithm standpoint. It is not trusworthy, precise, accurate, or correct.
"It is clear that, as submitted, the Alcotest software would not pass development standards and testing for the U.S. Government or Military. It would fail software standards for the Federal Aviation Administration (FAA) and Federal Drug Administration (FDA), as well as commercial standards used in devices for public safety. This means the Alcotest would not be considered for military applications such as analyzing breath alcohol for fighter pilots. If the FAA imposed mandatory alcohol testing for all commercial pilots, the Alcotest would be rejected based upon the FAA safety and software standards."
Nobody in the government or military would be allowed to trust this, if it weren't already in use.
"Results Limited to Small, Discrete Values"
Sixteen values is all it displays! It throws away almost all of the precision of the 12-bit ADC, and reduces it to 4 bits! This is NOT precise enough!
"Catastrophic Error Detection Is Disabled"
"Diagnostics Adjust/Substitute Data Readings"
"Range Limits Are Substituted for Incorrect Average Measurements"
"The software design detects measurement errors, but ignores these errors unless they occur a consecutive total number of times."
It's not correct. It's not accurate. It's not good enough. The odds are VERY good that some people over the limit have gotten off lucky, and also that some people below the limit now have criminal records.
"People who do stupid things with hazardous materials often die." -- Jim Davidson on alt.folklore.urban
You don't know that. It doesn't compute a simple arithmetic mean for the set of samples, but rather computes a weighted average where the final reading taken is given emphasis.
Whether or not that behavior is "correct" in the sense that it gives an accurate number is impossible to say unless you're a subject matter expert.
All you can say with any certainty is "The comment says it should calculate an average, but it does not calculate an average." It's possible the code is incorrect, and it's also possible that the comment is incorrect, and that when the developer wrote "compute an average," he meant to say "compute the weighted average giving emphasis to more recent values for reasons X, Y, and Z."
Actually, the question is, "Can an expert prove that the code worked reliably and accurately in one particular case?" The uglier and more complex the code is, the harder a time a prosecutor will have establishing proof beyond reasonable doubt.
!#@%*)anks for hanging up the phone, dear.
Messy code is nothing to get worked up about. As long as this code has been proven to work, preferably mathematically (seeing as the results can have a bearing in court), what's the hubbub? Unless it's news to you that the government doesn't care about the tools given to law enforcement as long as they result in more arrests and fines.
To prevent this day from getting worse, I'll just read ERROR as GOOD TH
Companies hire software engineers to do the work of embedded systems developers all the time... they really should stick to desktop code :>
I dont like what you're suggesting; the judical process is bad because it defaults in favor of the defendant. I disagree, I believe it was designed this way on purpose to limit the number of innocent people convicted. Freedom is not a loophole.
*laugh* What do you suggest replacing C with? For many of the microcontrollers I've worked on my alternative is assembly language. Ada is better in many respects, but is hard to find developers for, if you can even get a compiler for your architecture. Things like Java or C# are too damn big to fit in the microcontrollers I usually see. Auto generated code from a model has potential, but the tools are EXPENSIVE and have a steep learning curve.
We're probably screwed in the appeals but there is a fairly simple solution for new arrests which I think is already in place in some jurisdictions.
Get a court order to make them take a blood BAC test when they get to the station.
Si Hoc Legere Scis Nimium Eruditionis Habes
Dev was probably being asked to test his own code. I can see it now... write code, take a shot, test; repeat until code works or dev passes out.
Actually, sounds like a great deal... I wonder if they're hiring?
This is not a robot who stopped the driver and took a breathalyzer and shoved it down the driver's throat. This would have been a trained officer, who would have suspected the driver's behavior and did a test on him right.
My point is why base judgment on a fucking gadget.
Wasn't there sobriety tests or something
-- It is the mark of an educated mind to be able to entertain a thought without accepting it. -- Aristotle
Did you read the Comment There?
The Text is a defense opinion.
My LINTed code has errors. I disage with LINT.
while(1) is an Error LINT wants for(;;)
even the real hit (No default in a switch()) may not be an error. They did not find any errors the found things that could be errors. Math my not be check if the addition can get that high.
The Filter is valid, it just did not match the comments.
The fact that the code was reuse from generation to generation so what.
The watchdog is not the Computer Operating Properly interrupt. And is not required ( Your PC does not have one).
When the Code is read and review AND is shown to have a logic flaw, that is news.
The code could be text book perfect and the defence would hate it.
Next time the Police should follow up with a blood test and be sure, But the DUI would then complain the hospital equipment had bad code too.
To ask whether it "works", one first have to define what "works" means.
That means you'd have to compare it against the requirements it was coded against. My read of Bruce Schneier's blog leads me to believe a certain amount of requirements exist (http://www.schneier.com/blog/archives/2009/05/software_proble.html) but the code does not match the requirements. For example, the requirements apparently want multiple readings taken and averaged with each other. However, the code was not written to match the requirement. That hints to me that not only were requirements likely incomplete, but that insufficient test cases were generated. And it is likely that if this test case is missing, probably many more are missing as well.
It's also interesting that the interrupt to catch illegal instructions was disabled; it's easy to speculate this was done to hide a code crashing issue they couldn't fix before it was shipped. It wouldn't really do for a police officer in the field to be given an "illegal operation please reset" error while trying to check if somebody is alcohol impaired.
So we already know that it doesn't "work" as defined in it's requirements. What it apparently does is to produce some sort of reading indicating some level of alcohol which may or may not be accurate and it might crash all the time except for some electronic duct tape. While that's a pretty neat trick for a prototype, it's hardly what I'd call production level code, and I can't imagine that acceptable in a court of law. But of course, I know nothing about what's "okay" for a court to accept, so that's an uninformed opinion.
That's a long way of saying, "No. No it doesn't work.".
You were mistaken. Which is odd, since memory shouldn't be a problem for you
No 5 - Lacks positive feedback. That in itself is sufficient to render this equipment useless. I also wonder what would happen if the same instruction was issued multiple times, since it doesn't check to see if the process is running.
TOP DSLR Cameras Reviews of the top DSLRs
I'm totally floored that so many people here seem to think that .08 is some magic number that decides the ultimate fate of the world. Do you really think if you blow a .07 that the cop is going to say, "Oh, I'm sorry sir! Please accept my apology and here's a complimentary ticket to the policeman's ball. You have a nice day." DUI/DWI/etc. charges are about impairment. You can be considered impaired at 0.00 if you're unable to safely operate the vehicle. 0.06, 0.07, 0.08, 0.09 is all pretty much the same thing if you're staggering around and unable to function. The number on that unit is just one piece of evidence.
I agree wholeheartedly that the code on these devices (and radar guns and any other device used to collect evidence) must be subject to public scrutiny and should meet strict specifications and requirements. But this decision doesn't mean it's open season on drunk driving. The cops can still arrest you and they can still use proven methods like blood analysis to support their case. Just means they'll have to take you to the station and they won't have the results right away. Which is totally irrelevant because, once they tell you to step out of the car to evaluate your sobriety, you're almost certainly going to jail. And, if you refuse the blood test, you still get a year of bussing it around town.
Can anyone show _1_ case where 2 independent tests contradicted each other?
move along please
I don't care how big a mess my DVD player is, so long as it works. The code can be as confusing as they like, if the thing plays DVDs, then I'm happy.
Well that isn't good enough for a critical system. You'll discover that devices used for things like, say, a bio monitor in a hospital are done to a higher standard. This of course increases cost, but that is worth it because failure is not acceptable and could result in large lawsuit.
Breathalyzers are in a similar situation. Since they can result in serious criminal charges for people, they are a critical system. Thus their code needs to be held to the highest standard.
So I'm ok if my $50 DVD player has messy code, and if that means that maybe I have to reboot it sometimes. Their goal was to give me DVD playback for cheap, not perfection. However I'm not ok if I go to jail because a breathalyzer screwed up its analysis.
The thing is this: Your not required by any law, due to the bill of rights, to give up anything when your pulled over. Part of the whole problem with the breathalyser is not only has it been suspected as being buggy as hell but your waiving your 5th amendment in the process. It's only by virtue that when you sign for your drivers licence that you will face very stiff penalties if you fail to give a breathalyser that it happens at all.
So the idea that a blood test is a given is a bit off. Of course the police are going to ask for one but only a fool, and of course most people are foolish by default never mind with a few drinks in them, would consent to adding to the evidence against them.
Just pointing out that you should not rely on tools to get it right for you (worked with too many auto generated code systems which fail), but you have to accept responsibility for your own actions.
"I think groups like MADD spend most of their time trying to scare monger politicians into pushing us as close to prohibition as possible "
Actually I don't believe so. I think what has happened is that there are enough people working for MADD that make a good living at it, and enjoy the publicity, so a rational organization would simply disband, since they achieved their goals about 10 years ago and do something else productive with their lives and time.
Instead they're basically saying "Oh shit...I don't want to give up this job, I love it", so they're basically scare-mongering to try to convince people to give them more money.
Kinda like the James Brady organization. The poor guy has half his head blown away, so now he's like a turnip, and his wife found a way to wheel the guy around looking for ways to make money off the poor guy's disability. So Sarah Brady makes a good living while parading her poor shell of a husband is left a circus act.
I'm only waiting for people to tell me how much they admire the courage of people like that. Chumps.
This is not necessary.
There is no "-1 offended" or "-1 you don't agree with me" mod options for a reason.
The bad: every sleezeball, ambulance chasing, "call lee free", douchebag of a lawyer will use this case to attack the credibility of any and all breathalyzers made in the past, present, or future, spreading enough FUD to juries everywhere that an unacceptable number of drunken idiots get the God given right to keep their license until they finally end up killing someone.
Good. Breathalizers are crap. Even when they work right, they are crap. They are an ok measure of whether to hold someone for a blood test, but shouldn't be admitted in court. Give the FSB. Take blood. But leave the breathalizer out of it. Oh, and get blood kits that can be administered on scene. Waiting 4 hours to get someone back to the station and have their blood taken by a doctor there won't give good results. Roll EMTs if you have to for every DUI stop, but if you are going to arrest someone for DUI, get their blood at the time of arrest.
Learn to love Alaska
Hell, even I got pulled over once for simply driving at 2am, but my breathalyzer revealed a stunning 0.00% BAC. After chatting with the cop for a bit, turns out they were just looking for easy DUI targets, and I happened to be driving on the same road as them.
So... the officer admitted to you that he pulled you over without proper reasonable cause? As in he was just conducting a "fishing expedition"? That's wrong, and should not be tolerated in this country. In fact when people (sheeple) start considering themselves "lucky" to not get busted or issued any citation when they were doing nothing wrong in the first place, and they're willing to let the cops get away with this behavior, then this nation is truly a fucked up police state.
the bad? that's not bad at all. if the state cannot prove beyond any reasonable doubt that the machine measures accurately every time, then they cannot prove beyond a reasonable doubt that you have commited any crime.
what do you do if you have 1 beer at dinner, drop your cigarette and swerve a little on the way home, get pulled over and the machine reads your .07 BAC as .09?
remember the law not only states that being over .08 BAC is illegal and bad, it also means that being .08 or under is perfectly fine.
think about that. the law says you can drive around all you want with alcohol in your system!! because the people have decided that .08 mark your are too unlikely to cause any real damage to anyone else for them to worry about you as a threat...as long as you drive safely.
if you are driving unsafely you can be removed from the road anyways.
as far as convictions being over turned for people who don't deserve it: if the methods used to obtain that conviction are not reliable or are downright underhanded, then EVERYBODY convicted deserves to be let off. every last one. if someone is driving erratically and dangerously and you can smell alcohol on his breath, why do you need a number on an LED screen to arrest him?
machines like this make lazy cops, lazy cops are bad for society, far worse than drunk drivers.
yes this is a cork popping situation, if the cops have to actually work to take someone off the streets, then perhaps they will make sure their efforts are focussed correctly.
the police aren't there to protect you, not from theives or from drunks, you are the only person with that responsibility.
Why does the code even matter? Even if the code contains errors, the fact of the matter is that the machine itself should be held to the gold standard of the blood test. That should be the only metric (as well as one that lets you know when the machine is malfunctioning, I'll give you that). If it reproduces the blood tests, then it can be used as a reliable proxy. Now, obviously you'd want to hold the manufacturers and end-users to quality control measures which consistently reproduce the correlation and testing should be done under a variety of different conditions to identify any measureable failure rate. But whether the code is or isn't beautiful or does or does not make math errors is inconsequential if it is able to reproduce the blood test. That is, assuming the blood test equipment doesn't share the same errors!
and yes: We all handle our booze differently. Arbitrary limits that determine "drunk" may or may not be the answer. Hardcore drunks will keep driving even after losing their license. DUI's are as much moneymakers for the States as speeding tickets. Yadda yadda yadda.
And where do you actually refute these statements, which you want to pass off as "yadda yadda yadda"?
The whole reason behind "reasonable doubt" is that its (far) more important not to convict an innocent person than not to let a guilty person go. If the breathalyzer used to "prove" someone was driving drunk is flawed, there is reasonable doubt to the proof, ergo this doesnt fly. period.
The argument that police could catch more offenders if they didnt actually have to provide solid proof, can always be applied, and it is always wrong.
you can choose to take an alternative test, blood draw or urine sample.
every day http://en.wikipedia.org/wiki/Special:Random
Could get a drunk convicted without even using a breathalyzer. Things like field sobriety tests, walking a straight line, etc... go a long way. Believe me, in most cases, juries believe whatever an officer says. Take those guys in NY who shot Shawn Bell, on the eve of his wedding: multiple police officers shoot an unarmed man, and no one goes to jail. The cops don't need a breathalyzer. Heck, they don't even need a blood test.
Sure, there are probably marginal cases, but who cares if someone is 0.01 over the limit? The majority of drunken driving accidents involve people *WELL* over the limit - .15, .28, etc... I'm not so much concerned about the guy who's had a little too much and is just driving back from the bar as the guy who's bombed out of his mind joy riding at 95 miles an hour.
The problem here is that this device could have sent innocent people to jail, ruined their career prospects, etc... Think about that: simple carelessness on the part of an engineer (really, a programmer, and lousy one at that!), or greed on part of the company that made this device, ("I don't care if it works, we're losing money by the day. Ship it!") sent honest people to jail.
But, of course, even in the worst case, the only thing which happens to the company is they lose a little income. If any. The cost of their malfeasance is borne by those wrongly convicted, by the taxpayers who must now fund the appeals process, by those whose lives were altered by the drunk drivers this device *didn't* catch.
The executives of the company should have their licenses revoked, and a felony DUI attached to their record. Only when executives are held (personally) accountable for the actions of their companies will we see the situation improve.
The society for a thought-free internet welcomes you.
The first is that in incorrectly averages readings taken, assigning more weight to the first reading than the subsequent ones.
That is what the analysis claims. In fact the algorithm described assigns higher weight to the later, not the earlier readings - and is an (abrupt) approximation to a low-pass noise filter in the analog world. Weighting later values higher in an average is the appropriate sort of filter for a signal that's converging on a correct measurement but contains noise.
Similarly the thing with the "delays" being timed against a running periodic-interrupt clock. Maybe that's the RIGHT thing to do. (I know I'm working with a system RIGHT NOW where it is - and code that returned at a "correct" amount of time from the CALL to the delay routine rather than at the appropriate later clock tick would corrupt the measurement - stretching intervals by the time used in processing the previous tick.) To know if it's inducing errors or avoiding them you have to develop an understanding what the code is up to. If the coders picked the wrong sort of timing the "experts" should have been able to tell us why, and how it corrupted the data. They didn't do that.
There were several other items I take issue with in the analysis - like demanding a recognized programming methodology or claiming that it doesn't pass lint is necessarily bad.
Yes the code MAY be bad. (Those issues with the resolution an handling of out-of-limit values might be a problem. Pity they weren't described well enough to determine if they were.) And "bad" programming style is LIKELY to produce errors. But the issue here is whether the code gets the answer right enough to be used as evidence in a prosecution, not whether it meets an academic or industry programming fad or a style guideline. (Lint, for instance, gripes about a lot of "nits" that are not errors, merely coding issues that are often associated with errors. Nitpicking is why it's called "lint".)
This is not to say that other gripes in the report aren't real problems with the code examined. But those first items rang my bullshit detector. They make the rest of the "expert analysis" suspect. For something like this the experts' reports should focus on JUST things that they can SHOW corrupt the result and describe how. Waving their hands at everything that looks bad and might be a sign of error doesn't cut it.
This jeopardizes future attempts to knock down black box code that really DOES give bad evidence. And it provides a template for knocking down code that gives GOOD evidence that otherwise might be used by an innocent in his defense.
If you're going to do it in a court of law, do it RIGHT!
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Verification can prove that your code is correct but for most programs it is unfeasible.
Verification can prove two EXPRESSIONS of your intent MATCH. It can't prove they're CORRECT. A perfect implementation of "grep" is horribly buggy if what you wanted was "find".
Creating the second expression of your intent (counting the program as the first - though they usually are in the other order), in a form that can be used as an input to a piece of "correctness proof" software, is itself an act of programming, which may introduce errors.
Which is not to say that such tools aren't useful: The more divergent the two representations of intent are, the less likely they'll have identical errors. But it DOES say that they don't PROVE the program is CORRECT.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
There are methods for silencing the warnings via special comments
Did they use them?
I doubt it. The Bigger Number help their case.
Lint doesn't fix the problems, just helps you find problems you have overlooked. It's like an editor or proofreader. No professional author is expected to be perfect, they have people whose job it is to proof writings to ensure they are correct -- Lint does the same thing for code. There's no weakness implied by using it.
I would surmise that anyone not using lint is either writing something trivial, or is unwilling to find out that their code is imperfect.
Equipment can break down and programming errors do occur. Because of the safety issues involved, signals are equipped with a "conflict monitor." A conflict monitor is a simple device, completely independent of the controller, that watches the signal operate. It does this by monitoring a number of conditions, including the voltage to the individual bulbs in the heads.
If a condition occurs which is not normal (for example opposing greens) the conflict monitor detects the condition and shuts down the intersection. Normally, it places the signal on "flash mode." The main street is given a flashing yellow, to indicate that the situation is not normal and caution is needed. The secondary street is given a flashing red light that should be treated like a stop sign. For safety reasons, the signal will not normally reset itself. A technician must visit the intersection, determine the problem and reset the controller.
Everyone seems to forget, that the "breath test" is just one piece of the puzzle. You also have the probable cause for the traffic stop (weaving, speeding, improper lane change etc), the gaze nystagmus test, other field sobriety tests (alphabet, heel to toe, hold one foot up). Yes, the breath test is a good indicator, but, even without it, you can still get a conviction "beyond a reasonable doubt"
You Drove Behind a Cop with Your Brights on and Got pulled Over? Did you lose the Bet? Try it at 20 and 30 Years Old. They will pull you Over every time.
This should serve as a reminder to programmers everywhere to take pride in their work, and tidy up their code before declaring it finished. You never know who is going to read it later.
There is no such thing as U.S. Industry Standards for software development.
The rod you use to measure whether an action is legal or not legal should be a public record. So if this device employs software to perform its function, the software must be in the public record or it should not be used. Noone would stand for secret units to measure the setback for homes, the width of pipes, the diameter of wires required to carry a particular amperage in your home. And nobody should stand for laws or courts that allow for a determination of guilt based on a scale that's not certified by NIST.
If they want to make the law such that aspirated alcohol be no more than x picograms per Liter measured on a scale with no more than +/- 5%, they can do that and get a certified measuring device that works in one pass. Absent that, if the measure is blood alcohol content they should measure the alcohol content of actual blood in a device certified to measure that unit.
Help stamp out iliturcy.
You are completely ignoring the case where an innocent person blows "a .22"... which is the whole point to this appeal and the code audit! I'd rather let a million criminals go free than to lock up one innocent person. You seem to go the other route... lock up anyone, anywhere, for any reason, or no reason. That's what I got out of your post.
Get a driving game or any other skill/reaction based game. I used Grand Prix Legends. Start driving, give yourself time to adjust to get into a grove. Note your average time and accidents. Don't worry to much about speeding, just about making incident free rounds at the maximum of your capibilty BUT in a race so there is traffic.
Then start drinking. Slowly, alcohol doesn't work instantly. EVEN half a beer will impact your performance.
Anyone with any brains can reason this out. We drink alcohol because it affects our brain. To say alcohol does not affect you is just silly. It would be like saying being dipped into icy cold water does not affect you.
When I see people denying alcohol affects them, even to the extent that 0.8 don't means they are drunk, I see someone who is debating with basic chemistry. What would they argue next, that if their blood has no oxygen they ain't dead?
Really, test it with a game. An objective game in which you can measure a simple statistic but one that reflects the task of driving. Doing something repetitive that you think you can do on auto-pilot but still requires split second reactions when you least expect it. GTA4 come to think of it might be better. Oh and if you hit anything, anything at all, well. Hand in your drivers license.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
You seem to be forgetting, sir, that USA's justice system is built on the premise that it is better that 10 criminals go free,than that one innocent man is punished. Does this mean that sometimes lawbreakers have to be let go because the evidence against them is insufficient? Yes. It also means that spurious evidence ought not convict an innocent .
You seem to be forgetting, sir, that USA's justice system is built on the premise that it is better that 10 criminals go free,than that one innocent man is punished. Judging from the size of the prison propulation, I'd argue that in practice, it works exactly the opposite way.
Just because the code isn't elegantly written doesn't mean that it doesn't work or that it gives inaccurate results.
Just drink until the code looks pretty.
Please indicate where it is proven to be unreliable.
Ho hum. So you didn't read the article or the relevant comments.
1/ The weighted average method (to combine multiple readings) it uses can and will give a positive result in a situation where the normal result would be negative. The reverse situation is also possible. There is no indication that they are doing this for a good reason; they may be using this method purely to simplify the code and reduce storage requirements in this ancient embedded device.
2/ They apparently reduce all inputs to 3 bits, again for no visible reason.
3/ The device has various types of error handling turned off so the code will still produce a result even in error situations where it will be meaningless.
Basically 1/ ensures that *every single reading it produces is wrong* (except in some very special cases like the readings all being identical.
Buggy enough for you?
No. Whether there's a significant difference depends on the analog hardware (i.e. the noise characteristics of the A/D converter and the analog circuitry surrounding it) of the device.
I knew zhish breshal... zhing doeshn't work!
The thing is this: Your not required by any law, due to the bill of rights, to give up anything when your pulled over.
Look up the definition of "implied consent." By driving a car, which is a privilege granted by the state rather than a fundamental right, your consent to giving a breathalyzer test upon request is implied. Failure to do so, for any reason, will result in the automatic suspension of your drivers license for six months (in Michigan at least.)
There are some people that if they don't know, you can't tell 'em.
Did the blow a .22, a .01 or did he just eat a kit-kat bar? Thats really the issue that this case is dealing with - given the code review, the machine doesn't know the answer any better than you do.
Yes, but this is why they also drawl blood and analyze the BAC that way. I know around this area they use PBTs (Pre-Breath Tests) to get an idea of what your BAC is, and if close enough (in PA .08 is the "legal limit", but it's a soft limit and they can nail you for any BAC, even .04) they will measure the BAC of the blood its self.
I've worked with microcontrollers with a language called nesC; it's a C-like language that is translated to C in the end, but heavily relies on gcc directives and ASM to offer concepts the C standard cannot support. Things like interrupts and atomic operations. In fact, it should be possible to implement this without needing C or GCC, but it's just the path to least resistance.
There's also Wiring, which borrows not from C, but from Processing. I think it too depends on gcc on the end, but again, means to an end. And of course, there's always BASIC stamps ;)
I Browse at +4 Flamebait
Open Source Sysadmin