this post was submitted on 04 Dec 2023
820 points (98.1% liked)

Software Gore

5274 readers
57 users here now

Welcome to /c/SoftwareGore!


This is a community where you can poke fun at nasty software. This community is your go-to destination to look at the most cringe-worthy and facepalm-inducing moments of software gone wrong. Whether it's a user interface that defies all logic, a crash that leaves you in disbelief, silly bugs or glitches that make you go crazy, or an error message that feels like it was written by an unpaid intern, this is the place to see them all!

Remember to read the rules before you make a post or comment!


Community Rules - Click to expand


These rules are subject to change at any time with or without prior notice. (last updated: 7th December 2023 - Introduction of Rule 11 with one sub-rule prohibiting posting of AI content)


  1. This community is a part of the Lemmy.world instance. You must follow its Code of Conduct (https://mastodon.world/about).
  2. Please keep all discussions in English. This makes communication and moderation much easier.
  3. Only post content that's appropriate to this community. Inappropriate posts will be removed.
  4. NSFW content of any kind is not allowed in this community.
  5. Do not create duplicate posts or comments. Such duplicated content will be removed. This also includes spamming.
  6. Do not repost media that has already been posted in the last 30 days. Such reposts will be deleted. Non-original content and reposts from external websites are allowed.
  7. Absolutely no discussion regarding politics are allowed. There are plenty of other places to voice your opinions, but fights regarding your political opinion is the last thing needed in this community.
  8. Keep all discussions civil and lighthearted.
    • Do not promote harmful activities.
    • Don't be a bigot.
    • Hate speech, harassment or discrimination based on one's race, ethnicity, gender, sexuality, religion, beliefs or any other identity is strictly disallowed. Everyone is welcome and encouraged to discuss in this community.
  9. The moderators retain the right to remove any post or comment and ban users/bots that do not necessarily violate these rules if deemed necessary.
  10. At last, use common sense. If you think you shouldn't say something to a person in real life, then don't say it here.
  11. Community specific rules:
    • Posts that contain any AI-related content as the main focus (for example: AI β€œhallucinations”, repeated words or phrases, different than expected responses, etc.) will be removed. (polled)


You should also check out these awesome communities!


founded 1 year ago
MODERATORS
 

Reminds me of the Therac-25 incident..

top 50 comments
sorted by: hot top controversial new old
[–] [email protected] 186 points 11 months ago (1 children)

Jesus. QA is not a corner you should cut when it's literally life and death.

[–] [email protected] 49 points 11 months ago* (last edited 11 months ago) (5 children)

So uh… as someone who works in biotech and understands exactly what level of rigor is required before the FDA allows you to sell a medical device - a term that has specific legal definition, regulations, and restrictions, I’m a bit suspicious this could be fake. This sort of error would indicate a systemic error and abrogation of due diligence at at least 4 different levels, and would be an apocalyptically huge lawsuit.

Edit: I stand corrected - lots of people are corroborating this whole thing. That’s kind of astounding, tbh.

[–] [email protected] 63 points 11 months ago (2 children)
[–] [email protected] 44 points 11 months ago (1 children)

β€œand would be an apocalyptically huge lawsuit.”

Apocalyptically huge lawsuit, here we come!!!

[–] [email protected] 12 points 11 months ago (1 children)

This all vibes like the kind of lawsuit that ideally should land managers in prison.

[–] [email protected] 9 points 11 months ago

That is a sacrifice I am willing to make!

[–] [email protected] 12 points 11 months ago

If the user does not recognize the issue, this may lead to delivery of more insulin than intended

I love their subtle attempt at shifting blame here.

[–] [email protected] 52 points 11 months ago

Not fake. I'm a type 1 diabetic on this version of Omnipod and have noticed this before as well as other issues. I also had the app refuse to let me close an innocuous error modal window to activate a pod while I was in another country.

While I love the hardware, the software feels precisely like it has been outsourced to a team with no knowledge of what T1 is and whoever internally is greenlighting the changes isn't properly testing.

The newest officially supported phone is the S21.

[–] [email protected] 25 points 11 months ago

There is a video demo of the bug later on the thread.

Some android devices have a combination .- key on the numeric input UI. This is a contentious enough design choice to have stackoverflow threads on it. That combo key style is what's used by the device and version shown on the demo. It appears that the device is reading that combo key as - and discarding (or taking absolute value), and not as a leading decimal.

[–] [email protected] 24 points 11 months ago

I mean they posted the steps to replicate it so it wouldn't take long to debunk that sort of thing as being fake.

[–] [email protected] 8 points 11 months ago (1 children)

FDA requirements were the first thing that popped into my mind. Is it possible somehow these devices fall under different regulations than "medical devices"? I am only vaguely familiar with the applicable 21 CFR regs. This seems like a pretty gargantuan screw up since it could, I would think, kill people.

load more comments (1 replies)
[–] [email protected] 159 points 11 months ago (1 children)

I quit Insulet (I was the principal software dev for Android on OP5) because management didn't care about this kind of thing. I couldn't stay in good confidence.

[–] [email protected] 90 points 11 months ago (1 children)

You should reach out to the dev in the post. Your experience is going to be very interesting to any lawyers he talks to.

[–] [email protected] 81 points 11 months ago

I'm not going to X, but if anyone contacts me I'd certainly talk.

[–] [email protected] 120 points 11 months ago* (last edited 11 months ago) (1 children)

A story from a type 1 diabetic:

I had what we will call "an incident" where I took pretty close to this scale of extra insulin. I'm a much heavier insulin user but it varies greatly between people and the kind of person who is dosing fractions of a unit like 0.15 turning into 15 would be a massive problem. It took about an hour for me to get to the hospital and I seemed just fine at that point. I don't know why because usually the type of insulin I use hits it's peak within an hour for me. My only guess is that my body was overwhelmed and somehow delayed my reaction to it, which I've never seen before.

I got into the ER and they were very casual about it. From my past experience in medicine I'm guessing they weren't sure if it really happened and wanted to see how it played out. My blood sugar was somewhere around 100 when they first tested me. 5 minutes later it was in the 40s. At that point the nurse said "oh fuck!" and sprinted to grab D50 (basically a sugar infusion) from where they keep their meds. I have been a paramedic (not just an EMT) and I can count the number of times I've seen a nurse run on my fingers.

They started an IV in both arms and were pumping sugar in to keep me alive. My memory gets kinda hazy after that. They kept checking my blood for potassium levels because burning through that much insulin + glucose uses it up and can stop your heart. Eventually they had to start a central line (like an IV but straight into your heart) in my neck to deliver insulin because they were worried all the sugar they were giving in both arms would burn my arm veins. I remember the feeling when they started it and used a probe to see if it was in the right place the "tickling" feeling literally in my heart. I ended up in the ICU on 1-to-1 with a nurse because they had to monitor me so closely. If I had been later to the ER by 10-15 minutes I wouldn't be telling you this story. I also had the benefit of knowing what happened ahead of time, which you would not if your pump magically multiplied your dose by 100 and you didn't notice.

All this to say, this is pretty fucking serious.

[–] Flyingostrich 28 points 11 months ago* (last edited 11 months ago)

Am a medic. Had a similar call, but dude ended up having a rare tumor on his pancreas called and insulinoma. They produce and hold a bunch of insulin and can occasionally rupture and flood your system with insulin. Ofcourse we didn't Know he had one at the time.

We had a non Diabetic PT that we found with a glucose that just read low. So 30< with our glucometers. Dumped 100 of d20 into him with absolutely no changes. Ended up infusing 4 more bags of d20 into him during transport. Got him up to like 80 and then watched him become unresponsive again 5 min later. Checked again and found it to be back to 40. He was in a room a few min later. Normally Im glad we don't cary d50 anymore that shit was like using a sledge hammer to hammer in a tack nail. But this was the one time d20 wasn't cutting it.

Anyways, glad you are alive. Shit can be scary.

[–] [email protected] 72 points 11 months ago* (last edited 11 months ago)

So if I understand it, a bug has been identified that's potentially going to make diabetics OD on insulin and die.

That's fucked.

[–] [email protected] 69 points 11 months ago (1 children)

FDA: we have rigorously tested the pump and have found no issues.

Public What about the app, which can control the pump and was written by the lowest bidder with no QA department?

FDA: We have no jurisdiction over phone apps, due to the legislation that gives us jurisdiction over pumps being from the 70s. I guess, just don't use the app?

[–] [email protected] 18 points 11 months ago

It's wild because in a lot of cases the FDA does have jurisdiction over the apps, they just choose not to check them.

[–] [email protected] 61 points 11 months ago* (last edited 11 months ago) (30 children)

This, right here, is why "professional" software "engineers" should be licensed.

[–] [email protected] 20 points 11 months ago (1 children)

Former healthcare to software engineer working on a master's here. My colleagues who were licensed back in healthcare weren't all of the same quality. They all made mistakes at one point or another, some pretty bad some minor. There's no difference though, minor could just as well become major.

The way they get around it in healthcare is by throwing more people at the problem. You have a physician who is good at pointing in the general direction of the problem and a solution, then you have all the auxiliary staff who will narrow down on the solution based on their field. But at any single point all of them could fuck up, or one of them could.

Now that I'm a software engineer and I've written enough code to do stuff. I can confidently say that licensing will not solve this problem. Especially if there aren't enough people involved. Which is probably what was missed in the beginning.

Anyway long rant over.

[–] [email protected] 10 points 11 months ago (3 children)

Licensing isn't about magically ensuring that the practitioner won't make mistakes; it's about holding the practitioner accountable for his mistakes, which in theory gives him more incentive to be more careful -- or to change his practice's workflows and systems so as to be better able to detect and correct mistakes.

In fact, I would argue that the "throwing more people at the problem" phenomenon in healthcare is an example of that very thing. Do you think they'd keep staffing levels equally high without licensing? 'Cause I sure don't.

load more comments (3 replies)
[–] [email protected] 17 points 11 months ago

Never gonna happen as long as the demand is so much higher than the supply.

Perhaps it should be a requirement for certain things though, like the medical area.

load more comments (28 replies)
[–] [email protected] 56 points 11 months ago (1 children)

Christ Almighty this is the dystopian software future that my college computer science ethics professor was working so hard to delay.

[–] [email protected] 11 points 11 months ago

The dystopian part is when they'll require you to pay a subscription to give you proper insulin dosages.

[–] [email protected] 53 points 11 months ago (3 children)
[–] [email protected] 32 points 11 months ago (1 children)

It looks like the advisory/recall notice came out (depending on time zones) either before his posts or shortly thereafter.

Looks like the company has jumped on this right away as they should.

They have several non app solutions for bolus dosing. Looks like the app is new (iOS version isn't even out yet) and they didn't vet their consultants output adequately. Probably because this was some quick port that was outsourced and management didn't pay attention because 'requirements are the same'.

Super important in med device development to have adequate internal oversight of developers to ensure requirements are properly rigorously tested. Especially in a class III device like this

load more comments (1 replies)
[–] [email protected] 27 points 11 months ago (1 children)

Life saving info, only available in the US.

[–] [email protected] 15 points 11 months ago (1 children)

It's available in other regions as well.

  1. Select "Yes", even if you aren't from the US.
  2. Open the menu on the top right and select your region the bottom.
  3. Profit.

Super simple and intuitive. /s

load more comments (1 replies)
[–] [email protected] 18 points 11 months ago

Wow, what a shit website. It just led to a neverending sequence of confirmation boxes untill I refreshed the page enough that it let me through.

[–] [email protected] 36 points 11 months ago

Sounds like the FDA should be involved here somehow..

[–] [email protected] 33 points 11 months ago (9 children)

As a diabetic, holy fucking shit! I've been on the fence about getting a pump because it's just one more thing that can fail.

load more comments (9 replies)
[–] [email protected] 33 points 11 months ago (4 children)

Thanks to Bush II, medical device manufacturers are immune to class action lawsuits!

Yay Capitalism!

My Dad had the leads on his pacemaker fail and caused his heart to be repeatedly and continuously shocked.

Leads were replaced but guess who paid for that?

It wasn't the manufacturer!

load more comments (4 replies)
[–] [email protected] 31 points 11 months ago

"But why would you do those steps in that order?" - The programmers, probably.

I'm wondering if the field where you input the insulin amount is the same as you input the carbs, as that'd easily explain the bug. Reuse of the same field without proper checks can easily lead to... "Funny" results. If the carbs and insulin fields are completely separate, then that's some very weird math bug they've put in there, somehow.

[–] [email protected] 30 points 11 months ago (1 children)

part of the reason why the pharmaceutical industry is pretty rough and requires several verifications, as it only takes one mistake to be a fatal one.

[–] [email protected] 27 points 11 months ago (1 children)

Any time someone bitches about government oversight and regulations, I think about cases just like this. In many cases we should WANT a large bureaucracy with plenty of checks and approvals overseeing things like this.

load more comments (1 replies)
[–] [email protected] 28 points 11 months ago (1 children)

can anyone with more insight explain what checks and balances had to have failed for this to make it to the field? i understand that this is like obviously potentially lethal but i don't really know how this kind of thing would normally be prevented.

[–] [email protected] 25 points 11 months ago* (last edited 11 months ago)

Usually something in the testing process, or perhaps the testing process itself is lacking. For medical applications it should be pretty rigorous as the consequences if something slips through can be very bad.

If this is a new feature, then every step of the process designed to make sure it works failed. Which those are precisely will depend on the project, it could mean that multiple devs and QA had a look and either missed it or didn't think to test for it. Where I work the developer implementing a feature tests it, then 2 other developers review the code, one of them also tests it, then it goes to dedicated QA who will test it more in depth and also do regression tests (checking that existing functionality still works). The testing QA member also checks with another QA member about anything they may have missed in their test steps. But this can vary heavily, also depending on the general model of development cycle (agile or waterfall) etc - though I'm working on much less critical software, no ones going to get injured even if nothing works correctly.

If the bug was introduced through an update to this or another feature, their regression tests might be lacking.

It's also possible (though imo extremely negligient for such an application) that they don't have dedicated QA in the first place, and even don't require their devs to test comprehensively in place of dedicated QA.

Or, they found the bug, but management didn't want to allocate the resources to fix it.

Imo something like this slipping through shows negligience of some form, it's impossible to guarantee bug-free software, but this is not some obscure, hard to reproduce error.

[–] [email protected] 10 points 11 months ago

That reminds me of that one Hacknet contract

[–] [email protected] 8 points 11 months ago

This is not a mundane detail, Michael!

load more comments
view more: next β€Ί