Slashdot Mirror
Court Orders Breathalyzer Code Opened, Reveals Mess
Death Metal writes with an excerpt from the website of defense attorney Evan Levow: "After two years of attempting to get the computer based source code for the Alcotest 7110 MKIII-C, defense counsel in State v. Chun were successful in obtaining the code, and had it analyzed by Base One Technologies, Inc. By making itself a party to the litigation after the oral arguments in April, Draeger subjected itself to the Supreme Court's directive that Draeger ultimately provide the source code to the defendants' software analysis house, Base One. ... Draeger reviewed the code, as well, through its software house, SysTest Labs, which agreed with Base One, that the patchwork code that makes up the 7110 is not written well, nor is it written to any defined coding standard. SysTest said, 'The Alcotest NJ3.11 source code appears to have evolved over numerous transitions and versioning, which is responsible for cyclomatic complexity.'" Bruce Schneier comments on the same report and neatly summarizes the take-away lesson: "'You can't look at our code because we don't want you to' simply isn't good enough."
If you got your hands on and analyzed the sourcecode to most DVD' players, TV's (Panasonic runs linux!) and other devices that are complex you will discover that in order to ship it earlier the code is an utter mess.
Programmers are not joking when we complain about the "It compiles? Ship it!" statement.
the fault is the Executive staff that refuse to listen to their experts (programmers) and do what they recommend. Instead we get morons that know nothing about programming making unrealistic deadlines and forcing death march coding marathons to give up the mess we have today.
Do not look at laser with remaining good eye.
At a previous job we had to buy a third-party driver for an embedded PCMCIA controller. The software vendor delivered code that (the first time around) produced about 1200 lines of warnings when we compiled it. We queried them about it and they responded that "we don't compile with warning output enabled". Our reply to them was that our coding standard was that the compile would fail on warnings, and we wouldn't accept their code unless they fixed all the warnings... they cleaned up their act, and fixed a couple of previously unresolved problems in the process.
Less is more.
If I were the manufacturer, at this point I'd say: (1) lawyers are expensive; (2) competent programmers are expensive, but less expensive than lawyers; (3) our business is selling the beathalyzer, not the software, so we gain nothing by keeping the source secret; (4) this publicity is hurting us; (5) let's hire some more competent programmers to clean up the code, and then we can make it public; (6) profit!
This is different from the case of the voting machines. In the case of a voting machine, there are lots of people who might be motivated to hack it, lots of people have access to the machines, and it only takes one compromised machine to throw a close election. If you believe in security by obscurity, then there is at least some logical argument for keeping the voting machine code secret. In the case of the breathalyzer, there's not even that lame argument.
Find free books.
No, but some no trivial amount of code is running the x-ray machine at the dentist, processing my credit card, managing my fuel injection, saving my thesis paper, and timing stoplights throughout my city.
We trust our lives and livelihoods to shitty code every day and the plain fact of the matter is that shitty code usually works. As programmers we like to think of ourselves as artists; creating a master piece of perfectly engineered code. In reality, all projects face budget and time constraints, most projects have legacy code which is hard to maintain, and most teams have at least one guy who just doesn't get it.
If the code works, and you can show empirically that the code works, that is proven beyond a reasonable doubt it my opinion. Not beyond any doubt, but that isn't the standard that our justice system is based upon.
Actually, research I read when I got my DUI in 2007 seemed to indicate the release of alcohol vapors into the air by the lungs can vary widely between persons, by as much as 20%.
This has nothing to do with body size, type or metabolic rates that I'm aware of, but more research is obviously needed for the scientific community to reach a consensus. The sampling process is fundamentally flawed but the courts have routinely rejected any evidence to the contrary.
I don't know about 49 of the states, but in Washington state, if you want something more accurate than a breathalyzer, you have to demand the police take you to the hospital to have blood drawn at your own expense. They are required by law to comply, but 99% of DUI suspects know nothing of their rights.
If I got pulled over again that same night, I would have driven home without a DUI and even if they did manage to get me to perform parking lot special olympics(also called the field sobriety test), I would have asked for a lawyer. Like most first time offenders, I took a plea deal to avoid significant jail time and paid the ridiculous fine and took alcohol awareness classes. The whole thing was a farce, intended to make money.
I blew .086% and easily could have challenged the results in court, given the breathalyzer had a sticker on it that said it hadn't been calibrated in 2 years.
You can't legislate goodness. Let each to his own destiny, by will of his freely made choices.
I work on embedded system stuff every day. At the end of the day, there are NO lint warnings in my code. First, I tend to avoid coding practices and designs that generate lint warnings. By and large, lint warns for a good reason most of the time. Second, in the limited number of situations where lint flags something incorrectly, there are methods for silencing the warnings via special comments. I'm currently working on a 50000 line project, and there are about 70 places in the entire code base were we had to tell lint to ignore a warning. Each warning suppression is documented as to why lint is incorrect.
Lint isn't a perfect tool by any means but in my opinion, anyone developing C code without it is not acting in a professional manner.
Well, if we assume the machine was sensitive up to the LD50 for ethanol of 0.5% BAC, then with only 4 bits of precision the uncertainty just from the rounding error is comparable to the difference between being over the limit and being completely sober. This was covered in the comments on Bruce Schneier's blog. That one's probably wrecked a few peoples' lives too.
To get more convictions... this makes sense now.
Common wisdom holds that the end of a breath from the "bottom" of the lungs contains a higher percentage of alcohol than the main body of the breath, this is held to be why the officer will tend to tell you to push harder to get that last higher sample into the device. If anything sets off the machine, it'll be that last bit with a more concentrated sample.
Whether that reflects the *actual* blood alcohol level in any well defined and useful fashion needs to be explored some more.
This seems to make sense to me. The breathalizer is supposed to measure the blood alcohol content, and this is done by measuring the alcohol content in air expelled by the *lungs* (with a knowlege of partial pressures).
But if you equally weight beginning readings with ending readings, then you can be skewed by the first reading, which comes from the air in the mouth, instead of the lungs (giving low scores for people with time since their last drink, and people high scores with a recent last drink).
I would think that this method would give a more accurate reading by filtering out the readings from 'mouth air' and giving preference to 'lung air'.
But regardles, tests should have been done using both methods, and comparing to blood test to see which returns more consistantly accurate results. I wonder if those tests need to be made public as well.
Remember when it used to be you couldn't drunk drive?
Then it was you couldn't be behind the wheel while drunk?
Then it became you couldn't even be in the driver's seat with the car off while drunk?
Then it became you couldn't drive if you couldn't get out and walk in a straight line?
Then it became reciting your alphabet backwards...
Then suddenly, you couldn't have an arbitrary percentage of alcohol in your blood to do all those things.
Then it became whatever the machine said your blood alcohol might be.
There are no laws against drunk driving anymore. There are laws about not being able to potentially operate a vehicle if a machine determines you have enough alcohol on your breath.
What doesn't kill you only delays the inevitable
I disagree. Anything upon which guilt or innocence rests on needs to be held to a higher standard.
For many other applications, especially non-government ones, if the code doesn't work well, then customers probably aren't going to buy it, and changes will be made. For instance, your example of fuel-injection code. If you don't do that correctly, you're going to have an engine that runs like crap and get poor economy. Cars that run poorly generally don't sell well. They might sell some, but as we see with GM and Chrysler, you have to do better than that to avoid bankruptcy.
Saving your thesis paper? The code in TeX is probably some of the most bug-free code around. At least I hope you're using TeX and not something crappy like MS Word for a thesis. But even MS Word isn't that bad, since so many businesses rely on it and don't have problems with random data corruption to my knowledge.
Timing stoplights is a good counterpoint to your example. In my experience, stop lights have horrible timing most places I go. It's almost like they're intentionally designed to make you stop at every single light, unless you drive at > 80mph on surface streets. Why is such poor performance accepted from our traffic lights? Because they're run by the government, and we the people don't have a choice. That's exactly the same as this breathalyzer crap: if you're accused, you don't get a choice about which breathalyzer they use on you. It's decided by the government (probably with help from bribes), and that's what they use, whether it works well or not.
Don't always assume the judge will, in fact, look at the evidence and arguments. In their eyes, it doesn't look good to overturn a DUI conviction. Period.
.07 and got arrested per the usual.
Had a buddy of mine leave a night club and he got pulled over for supposedly making an illegal left turn. Blew over the state's
However, the judge didn't care that there was no reason to be pulled over (with photos of the left-turn sign) since the cop explicitly said it wasn't due to erratic driving, *only* the 'illegal' left turn. Examples must be made. DUI upheld.
Hell, even I got pulled over once for simply driving at 2am, but my breathalyzer revealed a stunning 0.00% BAC. After chatting with the cop for a bit, turns out they were just looking for easy DUI targets, and I happened to be driving on the same road as them.
but why were you driving while over the limit anyway. Driving a car is dangerous, not just for you, but for those around you, by being under the influance of alcohol you are risking killing someone. Why take the risk? if you need to drive don't drink any alcohol.
Equipment can break down and programming errors do occur. Because of the safety issues involved, signals are equipped with a "conflict monitor." A conflict monitor is a simple device, completely independent of the controller, that watches the signal operate. It does this by monitoring a number of conditions, including the voltage to the individual bulbs in the heads.
If a condition occurs which is not normal (for example opposing greens) the conflict monitor detects the condition and shuts down the intersection. Normally, it places the signal on "flash mode." The main street is given a flashing yellow, to indicate that the situation is not normal and caution is needed. The secondary street is given a flashing red light that should be treated like a stop sign. For safety reasons, the signal will not normally reset itself. A technician must visit the intersection, determine the problem and reset the controller.
Since I'm not an American I don't know how a drunk stop works, but here in Denmark, you get to blow on a mobile device, if it shows up as drunk you are taken to the hospital for a blood sample and only that blood sample will be used against you.
Are only the mechanical readings being used in the US?