Software Design Affects Society
Review: What Is Design?
Legalism in Licensing Consumer Software
Some Major Software Failures
What Is Design?
The difference between analysis and design can be defined in the
following way:
- If only one answer to the problem exists, and finding it merely
involves putting together the pieces of the puzzle, then the activity
is probably analysis. For example, processing data and using it to test
a theory, is analysis.
- On the other hand, if more than one solution exists, and if
deciding upon a suitable path demands creativity, choice taking,
testing, iteration, and evaluation, the activity is most certainly
design.
- Design can include analysis, but it also must involve at least
one of these other elements.
- Design inherently involves tradeoffs: analyzing the advantages
and disadvantages of various design decisions.
Some Software Design Failures
- The Therac-25 Radiation Therapy Machine (1985-87)
- Software-Related Auto Recalls (2004)
- The Y2K Problem (2000)
- The ILOVEYOU Computer Virus (2000)
The Therac-25 Radiation-Therapy Machine (1985-87)
Overconfidence was the culprit in the most widely known case of unsafe
software. It involved the Therac-25, a radiation-therapy machine.
Between June 1985 and January 1987, six known accidents occurred,
involving patients being given massive overdoses of radiation. Two
patients in Galveston, TX died.
A machine like the Therac-25 can deliver two kinds of radiation, X-rays
and electrons. Electrons work well for irradiating cancers near the
surface. For cancers further in, X-rays are used. To get the X-rays, a
tungsten shield is placed over the patient's body. A very powerful
stream of electrons is directed at it, which causes it to emit X-rays.
The X-rays must be emitted only when the shield is in place.
Here is the error that caused the problem: The operator prepared to
send X-rays, then realized she had made a mistake. She switched the
machine over to electrons, and the shield retracted. But it retracted
before the intensity of the beam was lowered. Patients felt a severe
burning sensation, and this was only the start of their problems.
Radiation sickness followed.
Some of the software from the Therac-20, a previous version, was reused
in the Therac-25. The Therac-20 had included a mechanical interlock.
But it had been run for years without any software problems being
noticed. So the mechanical interlock was removed on the Therac-25.
Turns out, when the bug occurred in the Therac-20, before any harmful
radiation could be emitted, it blew a fuse.
Source: http://courses.cs.vt.edu/~cs3604/lib/Therac_25/Therac_1.html
The General Motors Air Bag Recall (July 1998)
General Motors Corp. recalled nearly 1 million cars with air bags that
can deploy inadvertently, company officials said today. About 863,000
GM [cars] from the 1996 and 1997 model years are being recalled, along
with 103,000 ... cars from model year 1995...
The National Highway Traffic Safety Administration was investigating 96
complaints involving ... air bags inadvertently deploying while the
cars were being driven under normal conditions over paved roads. GM
told the agency there was an increased risk of an air bag deployment in
a low-speed crash or when an object strikes the car's floor. An agency
report said there were complaints of 10 crashes and 53 injuries.
The autos are being recalled to change the software programming for the
air bag computer....
http://kwtv.newsok.com/investigators/consumer/CW71398.htm
A Verbatim Copy from
www.nhtsa.gov
General Motors Corporation
Models: Cadillac
SRX
Year: 2004
Number Potentially Involved: 11,375
Dates of Manufacture: March 2003 -- January 2004
Defect: On certain passenger vehicles equipped with all wheel
drive, the antilock brake system (ABS) may improperly temporarily
isolate the driver from the foundation brake system for a maximum of
1.25 seconds. This can cause an increase in braking distance, which
could result in a crash.
Remedy: Dealers will reprogram the ABS electronic control unit.
The manufacturer has reported that owner notification is expected to
begin during April or May 2004. Owners may contact Cadillac at
1-866-982-2339.
[NHTSA Recall No. 04V151/GM Recall No. 04018]
A Verbatim Copy from www.nhtsa.gov
DaimlerChrysler Corporation
Models: Chrysler
Pacifica
Year: 2004
Number Potentially Involved: 34,561
Dates of Manufacture: January - July 2003
Defect: On certain sport utility vehicles equipped with a NGC-1
powertrain control module, the software protocol used to test the
vehicle exhaust gas recirculation (EGR) system may lead to engine
stalling under certain circumstances, increasing the risk of a crash.
Remedy: Dealers will install revised engine controller software,
which will eliminate the potential for the stalling condition. The
manufacturer has reported that owner notification began on March 15,
2004. Owners may contact DaimlerChrysler at 1-800-853-1403.
[NHTSA Recall No. 04V113/DaimlerChrysler Recall No. D15]
The Y2K Problem: Bug or Feature?
PROBLEM: How do we represent a calendar date in a computer program or
file?
Suppose memory (RAM, especially) is very expensive and every character
(byte) is precious?
What happens if we need to change the representation?
If we see a long-term problem coming, when should we start spending
money to fix it?
The REAL Y2K bug: was 2000 a leap year, or not?
The ILOVEYOU Computer Virus (2000)
The ILOVEYOU virus arrived as a "script" (small Visual BASIC program)
hidden in an e-mail attachment. When the attachment was opened in
Microsoft Outlook, the program ran. It
copied itself to lots of the user's files
e-mailed a copy of itself to everyone in the user's address book
looked around for passwords
Design Question: why should a PC allow little programs to arrive in
e-mail messages, and to run without asking the user?
Source: http://www.cert.org/advisories/CA-2000-04.html
The Bottom Line
- Reliable and safe software is NOT EASY to create.
- It's easy to criticize companies for software design errors, but
these were unintended.
- Perhaps they didn't make the management commitment to sufficient
testing, or rushed the schedule, or provided insufficient budget for
proper work.
- Computers are everywhere in our lives -- our businesses and our
very lives depend on them. The work we do is IMPORTANT.
Notes from Lecture of Nov. 22, 2005
Betsy
Broder's Notes on Identity Theft (PDF file, 18 mb)
