Jesus. QA is not a corner you should cut when it's literally life and death.
Software Gore
Welcome to /c/SoftwareGore!
This is a community where you can poke fun at nasty software. This community is your go-to destination to look at the most cringe-worthy and facepalm-inducing moments of software gone wrong. Whether it's a user interface that defies all logic, a crash that leaves you in disbelief, silly bugs or glitches that make you go crazy, or an error message that feels like it was written by an unpaid intern, this is the place to see them all!
Remember to read the rules before you make a post or comment!
Community Rules - Click to expand
These rules are subject to change at any time with or without prior notice. (last updated: 7th December 2023 - Introduction of Rule 11 with one sub-rule prohibiting posting of AI content)
- This community is a part of the Lemmy.world instance. You must follow its Code of Conduct (https://mastodon.world/about).
- Please keep all discussions in English. This makes communication and moderation much easier.
- Only post content that's appropriate to this community. Inappropriate posts will be removed.
- NSFW content of any kind is not allowed in this community.
- Do not create duplicate posts or comments. Such duplicated content will be removed. This also includes spamming.
- Do not repost media that has already been posted in the last 30 days. Such reposts will be deleted. Non-original content and reposts from external websites are allowed.
- Absolutely no discussion regarding politics are allowed. There are plenty of other places to voice your opinions, but fights regarding your political opinion is the last thing needed in this community.
- Keep all discussions civil and lighthearted.
- Do not promote harmful activities.
- Don't be a bigot.
- Hate speech, harassment or discrimination based on one's race, ethnicity, gender, sexuality, religion, beliefs or any other identity is strictly disallowed. Everyone is welcome and encouraged to discuss in this community.
- The moderators retain the right to remove any post or comment and ban users/bots that do not necessarily violate these rules if deemed necessary.
- At last, use common sense. If you think you shouldn't say something to a person in real life, then don't say it here.
- Community specific rules:
- Posts that contain any AI-related content as the main focus (for example: AI βhallucinationsβ, repeated words or phrases, different than expected responses, etc.) will be removed. (polled)
You should also check out these awesome communities!
- Tech Support: For all your tech support needs! (partnered)
- Hardware Gore: Same as Software Gore, but for broken hardware.
- DiWHY - Questioning why some things exist...
- Perfect Fit: For things that perfectly and satisfyingly fit into each other!
So uhβ¦ as someone who works in biotech and understands exactly what level of rigor is required before the FDA allows you to sell a medical device - a term that has specific legal definition, regulations, and restrictions, Iβm a bit suspicious this could be fake. This sort of error would indicate a systemic error and abrogation of due diligence at at least 4 different levels, and would be an apocalyptically huge lawsuit.
Edit: I stand corrected - lots of people are corroborating this whole thing. Thatβs kind of astounding, tbh.
βand would be an apocalyptically huge lawsuit.β
Apocalyptically huge lawsuit, here we come!!!
This all vibes like the kind of lawsuit that ideally should land managers in prison.
That is a sacrifice I am willing to make!
If the user does not recognize the issue, this may lead to delivery of more insulin than intended
I love their subtle attempt at shifting blame here.
Not fake. I'm a type 1 diabetic on this version of Omnipod and have noticed this before as well as other issues. I also had the app refuse to let me close an innocuous error modal window to activate a pod while I was in another country.
While I love the hardware, the software feels precisely like it has been outsourced to a team with no knowledge of what T1 is and whoever internally is greenlighting the changes isn't properly testing.
The newest officially supported phone is the S21.
There is a video demo of the bug later on the thread.
Some android devices have a combination .-
key on the numeric input UI. This is a contentious enough design choice to have stackoverflow threads on it. That combo key style is what's used by the device and version shown on the demo. It appears that the device is reading that combo key as - and discarding (or taking absolute value), and not as a leading decimal.
I mean they posted the steps to replicate it so it wouldn't take long to debunk that sort of thing as being fake.
FDA requirements were the first thing that popped into my mind. Is it possible somehow these devices fall under different regulations than "medical devices"? I am only vaguely familiar with the applicable 21 CFR regs. This seems like a pretty gargantuan screw up since it could, I would think, kill people.
I quit Insulet (I was the principal software dev for Android on OP5) because management didn't care about this kind of thing. I couldn't stay in good confidence.
You should reach out to the dev in the post. Your experience is going to be very interesting to any lawyers he talks to.
I'm not going to X, but if anyone contacts me I'd certainly talk.
A story from a type 1 diabetic:
I had what we will call "an incident" where I took pretty close to this scale of extra insulin. I'm a much heavier insulin user but it varies greatly between people and the kind of person who is dosing fractions of a unit like 0.15 turning into 15 would be a massive problem. It took about an hour for me to get to the hospital and I seemed just fine at that point. I don't know why because usually the type of insulin I use hits it's peak within an hour for me. My only guess is that my body was overwhelmed and somehow delayed my reaction to it, which I've never seen before.
I got into the ER and they were very casual about it. From my past experience in medicine I'm guessing they weren't sure if it really happened and wanted to see how it played out. My blood sugar was somewhere around 100 when they first tested me. 5 minutes later it was in the 40s. At that point the nurse said "oh fuck!" and sprinted to grab D50 (basically a sugar infusion) from where they keep their meds. I have been a paramedic (not just an EMT) and I can count the number of times I've seen a nurse run on my fingers.
They started an IV in both arms and were pumping sugar in to keep me alive. My memory gets kinda hazy after that. They kept checking my blood for potassium levels because burning through that much insulin + glucose uses it up and can stop your heart. Eventually they had to start a central line (like an IV but straight into your heart) in my neck to deliver insulin because they were worried all the sugar they were giving in both arms would burn my arm veins. I remember the feeling when they started it and used a probe to see if it was in the right place the "tickling" feeling literally in my heart. I ended up in the ICU on 1-to-1 with a nurse because they had to monitor me so closely. If I had been later to the ER by 10-15 minutes I wouldn't be telling you this story. I also had the benefit of knowing what happened ahead of time, which you would not if your pump magically multiplied your dose by 100 and you didn't notice.
All this to say, this is pretty fucking serious.
Am a medic. Had a similar call, but dude ended up having a rare tumor on his pancreas called and insulinoma. They produce and hold a bunch of insulin and can occasionally rupture and flood your system with insulin. Ofcourse we didn't Know he had one at the time.
We had a non Diabetic PT that we found with a glucose that just read low. So 30< with our glucometers. Dumped 100 of d20 into him with absolutely no changes. Ended up infusing 4 more bags of d20 into him during transport. Got him up to like 80 and then watched him become unresponsive again 5 min later. Checked again and found it to be back to 40. He was in a room a few min later. Normally Im glad we don't cary d50 anymore that shit was like using a sledge hammer to hammer in a tack nail. But this was the one time d20 wasn't cutting it.
Anyways, glad you are alive. Shit can be scary.
So if I understand it, a bug has been identified that's potentially going to make diabetics OD on insulin and die.
That's fucked.
FDA: we have rigorously tested the pump and have found no issues.
Public What about the app, which can control the pump and was written by the lowest bidder with no QA department?
FDA: We have no jurisdiction over phone apps, due to the legislation that gives us jurisdiction over pumps being from the 70s. I guess, just don't use the app?
It's wild because in a lot of cases the FDA does have jurisdiction over the apps, they just choose not to check them.
This, right here, is why "professional" software "engineers" should be licensed.
Former healthcare to software engineer working on a master's here. My colleagues who were licensed back in healthcare weren't all of the same quality. They all made mistakes at one point or another, some pretty bad some minor. There's no difference though, minor could just as well become major.
The way they get around it in healthcare is by throwing more people at the problem. You have a physician who is good at pointing in the general direction of the problem and a solution, then you have all the auxiliary staff who will narrow down on the solution based on their field. But at any single point all of them could fuck up, or one of them could.
Now that I'm a software engineer and I've written enough code to do stuff. I can confidently say that licensing will not solve this problem. Especially if there aren't enough people involved. Which is probably what was missed in the beginning.
Anyway long rant over.
Licensing isn't about magically ensuring that the practitioner won't make mistakes; it's about holding the practitioner accountable for his mistakes, which in theory gives him more incentive to be more careful -- or to change his practice's workflows and systems so as to be better able to detect and correct mistakes.
In fact, I would argue that the "throwing more people at the problem" phenomenon in healthcare is an example of that very thing. Do you think they'd keep staffing levels equally high without licensing? 'Cause I sure don't.
Never gonna happen as long as the demand is so much higher than the supply.
Perhaps it should be a requirement for certain things though, like the medical area.
Christ Almighty this is the dystopian software future that my college computer science ethics professor was working so hard to delay.
The dystopian part is when they'll require you to pay a subscription to give you proper insulin dosages.
Official announcement from Insulet:
It looks like the advisory/recall notice came out (depending on time zones) either before his posts or shortly thereafter.
Looks like the company has jumped on this right away as they should.
They have several non app solutions for bolus dosing. Looks like the app is new (iOS version isn't even out yet) and they didn't vet their consultants output adequately. Probably because this was some quick port that was outsourced and management didn't pay attention because 'requirements are the same'.
Super important in med device development to have adequate internal oversight of developers to ensure requirements are properly rigorously tested. Especially in a class III device like this
Life saving info, only available in the US.
It's available in other regions as well.
- Select "Yes", even if you aren't from the US.
- Open the menu on the top right and select your region the bottom.
- Profit.
Super simple and intuitive. /s
Wow, what a shit website. It just led to a neverending sequence of confirmation boxes untill I refreshed the page enough that it let me through.
Sounds like the FDA should be involved here somehow..
As a diabetic, holy fucking shit! I've been on the fence about getting a pump because it's just one more thing that can fail.
Thanks to Bush II, medical device manufacturers are immune to class action lawsuits!
Yay Capitalism!
My Dad had the leads on his pacemaker fail and caused his heart to be repeatedly and continuously shocked.
Leads were replaced but guess who paid for that?
It wasn't the manufacturer!
"But why would you do those steps in that order?" - The programmers, probably.
I'm wondering if the field where you input the insulin amount is the same as you input the carbs, as that'd easily explain the bug. Reuse of the same field without proper checks can easily lead to... "Funny" results. If the carbs and insulin fields are completely separate, then that's some very weird math bug they've put in there, somehow.
part of the reason why the pharmaceutical industry is pretty rough and requires several verifications, as it only takes one mistake to be a fatal one.
Any time someone bitches about government oversight and regulations, I think about cases just like this. In many cases we should WANT a large bureaucracy with plenty of checks and approvals overseeing things like this.
can anyone with more insight explain what checks and balances had to have failed for this to make it to the field? i understand that this is like obviously potentially lethal but i don't really know how this kind of thing would normally be prevented.
Usually something in the testing process, or perhaps the testing process itself is lacking. For medical applications it should be pretty rigorous as the consequences if something slips through can be very bad.
If this is a new feature, then every step of the process designed to make sure it works failed. Which those are precisely will depend on the project, it could mean that multiple devs and QA had a look and either missed it or didn't think to test for it. Where I work the developer implementing a feature tests it, then 2 other developers review the code, one of them also tests it, then it goes to dedicated QA who will test it more in depth and also do regression tests (checking that existing functionality still works). The testing QA member also checks with another QA member about anything they may have missed in their test steps. But this can vary heavily, also depending on the general model of development cycle (agile or waterfall) etc - though I'm working on much less critical software, no ones going to get injured even if nothing works correctly.
If the bug was introduced through an update to this or another feature, their regression tests might be lacking.
It's also possible (though imo extremely negligient for such an application) that they don't have dedicated QA in the first place, and even don't require their devs to test comprehensively in place of dedicated QA.
Or, they found the bug, but management didn't want to allocate the resources to fix it.
Imo something like this slipping through shows negligience of some form, it's impossible to guarantee bug-free software, but this is not some obscure, hard to reproduce error.
That reminds me of that one Hacknet contract
This is not a mundane detail, Michael!