Radiotherapy linac engineer here, this is why we have layers and layers of interlocks, both physical and software. It is a very intentional act to strip back those layers (we can and do, but very rarely and always taking appropriate measures to ensure safe practice) The safety innovations of today are writen in the blood of the past

Some more details for those wondering what happened under the hood - It wasn't the lack of a beam spreader, it was the X-ray target that was incorrectly configured. We make medical use X-rays by hitting a [tungsten] target with high energy electrons. Most of the energy goes into heat, so >100x the amount of electrons need to hit that target to produce a similar X-ray dose vs delivering a beam of electrons for treatment. One reason this race condition was hard to catch was that it required the tech to erroneously select and electron treatment (machine begins to remove the target from the beam line) and reenter the correct setting of X-ray mode while the target was still moving. Since that console saw the target was in motion, it didn't check which way it was moving nor what state it ended in so X-ray outputs were applied with the target out of the beam line. The devices used to monitor the radiation produced by the machine do not operate well at 100x the dose rate and significantly under-measure what has left the machine, further increasing the dose to the poor patient. You normally can't feel radiation, but the current of electrons was so high the patients were essentially zapped like they touched a high voltage wire, that also shredded their cells and DNA. Unfortunate that these lessons had to be written in blood, but I'm glad to this day radiations devices have many layers of redundancy and interlock codes have gotten more descriptive.

Thanks for touching on the "any idiot shouldn't be able to just call themselves a software *engineer*" subject

For those curious, the ring he mentioned is related to the Quebec Bridge in Canada, which collapsed twice during its construction. It’s a fascinating story.

One of the key people who helped find the software race condition bug was Frank Borger at the University of Chicago Medical school. He was active in the Chicago Area Real Time Society, the local DECUS group for the Chicago area. I met him at a number of these meetings but did not hear about his role in figuring out what happened to the THERAC systems until years later.

Software engineering has taught me a lot about being intellectually honest and humble. Between compiler errors, my own pre-review testing, code review feedback, automated test failures, and bug reports, I've been repeatedly reminded over the years that no matter how confident I can be that I thought through something correctly, I can still make logical errors, fail to consider certain contexts, etc. I'm glad I work in the video game industry. Heheh, the stakes are much lower.

Anecdote about bugs: There is no such thing as bug free code. Once I was responsible for the safety of a software driven robot handling plutonium products. The developers were given 2 week to specify their smallish modules, 2 weeks to code ad deliver it bug free (?) .. and then I would use a Monte-Carlo rig that I developed to test their code on a very fast computer for EIGHT WEEKS. In every case I would find maybe 4 or 5 bugs in the first couple of days. Then 2 or 3 more in the first 2 weeks. Then it would go quiet .. BUT .. in a couple of cases a rare timing bug would be detected in week 6 or 7 after working through millions of random tests which passed. Just as well we found & fixed these bugs! (After this I used my Monte Carlo rig on many other less critical projects .. I found zillions of bugs in 'bug free' code)

I was a developer on a medical device when the therac-25 tragedy happened. it was a truly sobering event to those of us in the industry. you are absolutely correct that many lessons were learned, many regulations written, many procedures changed. but a handful of the core causes remain a problem to this day. More so in concurrent and real-time systems. My Hope around this is twofold. first that every developer realizes that these problems can occur regardless of the program and language regardless of the operating system, regardless of the quantity of unit tests. second, Nancy's seminal paper on the disaster should be required reading for every software engineer

the fact that you had to change the thumbnail to *this*…

I work for the company (AECL was legally continued on to be CNL) that made the THERAC, we went on to make nuclear reactors that are controlled by software code. It is so expensive to make quality code, and the real difference between when someone calls themselves a "software engineer" and being an actual software engineer.

I'm in my last year of engineering at UofA right now, and theres a mandatory risk management and safety class. So many computer / software engineers roll their eyes about safety. There was even that controversy a few years back with APEGA ordering job boards to stop using "Software Engineer" for non engineering jobs. All this to say that even today software is regarded as this ultimate safe tool, perhaps even more so because of the prevalence of the PC. Thanks for your breakdown Dave!

Thank you for bring this issue up. I work in medical devices, mostly in automated robotic surgery. Reading the Therac-25 is mandatory for anyone working on mission critical code that could hurt/kill people. This was why ISO-62304 was created, which is the software live cycle requirements for software used in medical devices.

This is one of the reasons why I have reservations about autonomous vehicles. The risk of loss of life is huge, and the automotive industry tends to rush development to be the first to market.

There's one valuable lesson that every software engineer need to learn, and that is, "You can't use 9 women to make a baby in one month". In other words, don't rush it.

A family member of mine was friends with the woman who was injured by the Therac-25 machine in Hamilton, Ontario. Although she unfortunately later ended up passing away from her cancer within a few weeks, her autopsy revealed that her hip was completely destroyed and that she would have needed a full hip replacement. I remember the first time I heard about that and being absolutely horrified at the idea of being killed by the revolutionary machine meant to save you. AECL made a bunch of changes afterwards to try and make it safer but they didn't correctly identify the issue and more people ended up being hurt and killed afterwards.

Excellent video. Sadly, having worked for decades on the software of nuclear and high security systems, I can safely say that fewer than maybe 5% of even highly experienced& qualified engineers have any regard or 'feel' for safety or security. Additionally I found that they CANNOT be trained to be safer or more security aware even if their weaknesses are noted. I also found that if you find major - but subtle - defects in the code produced by supposedly very senior engineers, they will vehemently assert that their code is perfect.

As always Dave, a great video. I'd like to add though, it was a combibation of a race condition and an overflow error... the code that checked if the collimator was in place would return a zero, before the beam could fire. To make sure zero wasn't present until the check had been performed, code in the setup loop would increment the variable in question, named Class3. The variable Class3 was 8-bit, and would therefore overflow when it reached 255. This meant that the beam could fire even if the collimator wasn't in place, when Class3 overflowed, approximately 0.4% of the time. Courtesy of Matt Parker's brilliant book: Humble Pi - A Comedy Of Maths Errors.

Hi Dave .. your videos are all amazing but this one is one of your best from my perspective. As an engineer in Canada and wearing the ring since 1990s, and going form structural to software careers, you articulated exactly what i tell myself, colleagues and younger aspiring programmers and engineers. This story should be part of anyone's studies in school.. university .. and work. I will share with many. Be well and thanks again for sharing on your channel.

To me what I find more interesting is how the programmer has never been identified or seen again.

Dave, people got into your channel because it felt conversational, with a knowledgeable guy who has a knack for walking through complicated situations and explaining them clearly. Gratuitously sexual thumbnails on a video about a tragedy, and weird AI images in the video itself, don’t feel like what “Dave’s Garage” should be about, IMO.

I was taught this case in a Software Quality Management course at uni, and it is singlehandedly responsible for my enduring insistence on quality process

My father was an electroradiology technician in a clinic. Many times as a child I was amazed with all that equipment from soviet times. It was like sci-fi movie in real life. I love that old design but scare as f*ck of radiation. If you as a kid see how that shit works, the noise when cathode are spinning, transformers buzzing, warning lights light up... damn its so cool and traumatizing at the same time.

In the 1980's, while working at a computer/software consulting firm I received a request from a local university to develop a machine for psychological research. The machine was to administer electronic shocks to people taking tests. I took one look at the requirements, decided that it was an unethical and dangerous application and refused to participate. I'm sure our insurance company is still thanking us!

I'm wondering what accidents will happen in the future because code has been taken from AI output, and only cursorily checked by some cheap developers in a "best cost" country.

I knew someone who worked for Picker International (now part of Marconi/Philips) in Solon, Ohio in the late 1980s and he told me about the Therac-25 linear accelerator incident back then and it sent shock waves through the industry. I actually interviewed for a job at Picker and they were using PDP-11s, I believe 11/34, to control the systems built in the department where I interviewed. I was pretty humbled by what I heard about the incident and I did not trust myself to be working on code that had the potential to cause grave harm if something went wrong. We’re pretty accustomed to PCs being reliable these days, but in the 1980s DEC reliability was good but not perfect. What would happen in the event of a computer failure, or worse a partial failure such as disk head crash?…

I was very interested when a co-worker doing embedded software told me about a document titled 'MISRA C' (Motor Industry Software Reliability Association, C Language). While some might read it as a simple list of good programming practices, I read it as a list of rules that were developed because something bad happened when it was done another way, and this new practice would address the issue. Much like the safety labels on step ladders, which were added to prevent another person from suffering that type of ladder injury.

As a cancer patient, I feel terrified of the idea that a device which meant to cure me, can be my killer because of a software bug!

Glad you’re talking about the Therac, but I was hoping for a much more in-depth technical explanation of the code flaws from your expert perspective given how delightfully detailed you’ve been for many other technical topics on this channel. If you ever were inclined to do a part 2 of this with more details, I for one would be very interested to see it.

This story reminds me of a similar situation that happened in the rail transportation industry, where I spent the majority of my career. Prior to the 1980s, safety systems (called interlockings) for railroads and railways involved the use of relays all of which were designed and tested for failure conditions, with critical ones being guaranteed to be failsafe, thanks to springs and gravity. In the 1980s, the industry started developing electronic systems to replace the relays ... a large room of relays could be replaced with a rack of 2 or 3 microprocessors, an obvious economic and maintenance advantage. Since the relay circuits are, in essence, boolean expressions, the microprocessors and their software were written to handle similar boolean expressions. Each relay circuit was broken into its equivalent Boolean expression, and entered into the software as data for processing. Fortunately, a problem with this method was found during early testing. You see, relay circuits are in essence a large machine with massive parallel processing, while a microprocessor only does one thing at a time, even when many software threads are involved. This caused the kind of race conditions in the software that Dave describes in the video. Fortunately, this was found and rectified in two ways: processes were created involving multiple developers, validators and testers to ensure correct and safe operation; and some failsafe relays were maintained, just in case the software did do something other than intended. The industry has been using electronic interlockings for years now, with a wrong-side unsafe failure a very occurrence.

I have seen this covered by a half dozen KZbinrs and almost didn't click. I'm glad I did. You provided a much better representation of the low level issues than any other recount I've seen.

As an industrial control systems specialist I have seen software bugs persist for 30+ years before being discovered due to the exact conditions needed to produce them arising. You can never be too careful with software that is controlling machines.

It's quite disturbing that such device weren't rigorously tested before widespread use measuring radiation levels 🙁

I've worked in a company in the MRI field, nothing therapy related just imaging. Still it's possible to e.g. overheat a patient through absorbed RF energy, and there are physical interlocks in the RF amplifier path. The Therac-25 case was in every engineer/scientist employee's onboarding orientation material, just to remind of past mistakes.

Concise and plainly stated. Well done! One of those sayings that really annoys me is, "Good enough for government work." I was a federal civilian welder in a navy shipyard - if people understood just how damned good our work actually had to be, particularly on SUBSAFE components, only perfectionists would use that saying.

0:20 When Elvis gets THERAC'd

The Therac-25 incident is something studied in my computer engineering course in university. As a high school computer science teacher, I tell my students on Day 1 it's my job to teach them good programming skills and critical thinking because I do not want to die! I'm hoping my students go on to write great code and build awesome things and I want to set a good base for them to build upon. Yes code is written for computers and machines, but it's people who interact with it and people who are affected by what it computes. Something we must be responsible for.

Dave, I found all the developers of the Therac-25, they must be working for GM writing the Infotainment system for their new EVs, as my Blazer EV for sure has never been tested in real world scenarios for flaws the infotainment contains. It is so bad that my car has had error codes from the day it left the dealership a year ago and no dealership has ever figured out how to fix it. Thank you for shedding some light on the importance of great code and better testing.

I’ve heard about this story before but it’s always interesting to revisit from different perspectives. This is one of those seemingly inexcusable events. I’d be curious to see the chain of decisions that led to this software control without redundancy. I worked in the elevator industry for a bit. Modern elevators are software-controlled and have been since the 70s or so but on highly specialized/hardened hardware and every piece of the software chain has an electromechanical backup of some sort. It was sometimes difficult to test design changes because we had to bypass 3-4 layers of redundant safeties to cause the “failure”, and even then, the components had such a large safety margin that almost nothing was truly catastrophic. That’s not to say failures don’t happen, but when they do, it’s almost never a systematic design issue.

Is it possible that the software engineer that was never identified is now working for Boeing as a senior quality assurance engineer???

as a former STE, I am extremely happy to hear a dev say these things. Modern software development practices are falling back in the 80s direction, with eliminating QA, outsourcing dev, etc. Testing is perhaps even more important than development, and as the consequences get ever higher, testing should at least keep up. VCs, of course, push for 0 testing, and must be countered.

I'm amazed that they did away with the mechanical safety fallbacks. My first four years of work experience was in nuclear power and for every electrical system we had a mechanical backup.

Thumbnail choice needs some explaining...

The Therac-25, the poster child of bad user interface design and bad software design meets death.

Taught this in first year computer science. Ethics with computers really makes you realise… Code kills. A tragedy for all involved 😢

I’m a licensed professional engineer and I’ve never met or even heard of a software engineer who had a license to practice as a professional engineer or who even gave a though to how their work would harm the public. That’s why they write the EULA to reject all responsibility for the consequences of their work. All EULA’s basically state “We’re not responsible for anything, ever, under any circumstances, including gross negligence. Good luck.” Even where licensed engineers should absolutely be required to take personal responsibility for their work such as in aircraft control systems, this is not done. Reference Boeing MCAS. Given all this, I'm really not sure what you're talking about here.

Medicine student: How do you cure Cancer? Therac-25: Kill the host.

I would love to think we have learned , but i work in IT in the medical sector so i know better.

Dave, Thanks for showing this case study. It was informative. This case is one of the case studies used in training System Safety and System Software Safety engineers. The case study points to the code reuse and the lack of hardware interlocks. This is the first I heard that they used a single, nonprofessional programmer. We know today it is possible for well designed software to contain flaws (look at the USMC's Osprey during test). Military and industrial entities want to minimize risk to their people and investments. Many put processes in place to minimize software risk through processes based off of standards (for example IEEE and MIL-STD-882). Design and code reviews are essential to this process. System Safety engineering got started with nuclear weapons and submarines, where minor flaws could be fatal. As and old Chief Petty Officer told me, "There isn't a safety regulation in the US Navy that wasn't paid for in blood."

"I'm in this for the like and subs", proceeds to put unrelated eye candy in thumbnail for maximum click bait returns. You're better than that Dave.

I thought this would be about pagers!

Even the first code I wrote included sanity checks on entered data, perhaps comes naturally with a Fortran mindset !

I work in industrial automation, I always conduct myself aware and knowing that both my life and other's lives are on the line when I'm working on or making changes to equipment, whether that be to the wiring or PLC programs. Never be complacent and do professional work you are proud of, never cut corners in our field.

The story of the Therac 25 is covered in the book "Normal Accidents" by Charles Perrow. It is a must read for every engineer, hardware or software, whose work has safety implications, but really should be read by every engineer.

And the scariest part is , that is not just "based on a true story" , it is a real deal and it happened with real people...

Dave, I'm your age & an engineer, & this story has horrified me since the 90s, when I first heard of it.

In "Digital Apollo," it's explained that the original X-15 had two sets of controls: one set of aerodynamic controls (traditional airplane controls) and another set of Reaction Control Systems thrusters. Seeing as how the X-15 left the atmosphere, you needed both systems. The pilots had to master BOTH sets of controls, making it considerably more complex. After having a hard crash which damaged one, they finally integrated the systems using Fly By Wire (FBW), such that one set of controls could handle both parts of the flight envelope. Why didn't they do that to begin with? Because pilots refused to trust their lives to FBW. They didn't trust the computers. They had to get over that. The LM, which Neal Armstrong piloted to the Lunar surface, was FBW. As you mentioned, NASA had very strict rules and processes WRT the development of that software.

I'm a belt and braces guy. I like redundancies to have redundancies and safeguards on top of safeguards. Test it until it breaks, then test every fix to find out what the fix breaks. I wish this kind of history were only of the past, but quite recently a commercial airplane manufacturer got a bit of attention for simple spot check failures.

I hope if someone behind the development or management of it claimed "it'll never happen", they've severely rethought that. Making one's job easier should never be an excuse for a sub-par design and just because you use software a certain way doesn't mean everyone else will or should. I've worked in a company where a developer claimed "no one will ever right-click and select paste" when his attempt to disable pasting was short-sightedly limited to Ctrl + V and another that claimed "no one ever resizes their windows" to account for his poor CSS not scaling to the size of the window! Imagine if those people were developing medical equipment - would you trust them?

I remember reading about this back in the late '80s -- right when I'd started college, majoring in Computer Engineering (sort of a mix of Computer Science and Electrical Engineering). The idea of working on any system that could threaten a person's life still scares the hell out of me, even today, not that my job entails such a thing.

Great video Dave. I work in Healthcare IT and almost think you could replace ‘AI’ for ‘software’ when it comes to the vetting necessary for AI in healthcare. It’s one thing if Dalle draws a toad when you asked for a frog; entirely different when trying to offer possible medication suggestions based on potential disease state. We need to remember that AI in healthcare is there to aid in the process, not dictate it - it’s a tool.

"...combination of software errors, oversight failures, and misplaced trust in technology led to one of the deadliest medical device disasters in history..." So, the plot to Sword Art Online? But seriously, you'd think companies would've learned from earlier mistakes, but nope. I guess Stockton Rush's quote, 'At some point, safety is just pure waste' wasn't as unique as people like to imagine.

You are the fourth high-profile channel I have seen bringing this tragedy to light. I Iove that your rendition is unique, much like the others. For additional view points, see Kyle hull, low level learning and fascinating horror.

My grandmother suffered death from this. They burned her internal organs. She died from complications a few months later. I don't know if it was this machine or not, but same thing happened. We were told it was the tech's fault. My grandfather never sued the hospital, though he should have.

I’m a St Software Engineer and I refuse to work on any software that could affect someone’s life. That’s just too scary for me. I can’t imaging ever saying that my code is error free…

Dave: Another enjoyable post. We could have long conversations about what the term "Software Engineering" can, and should, mean.

I work at a public aquarium with highly automated systems and rely on the same levels of care in our code and sustems design. It's truly scary how quickly and easily the house of cards can fall around you.

Dave, makes me think about how much “old code” still lies in modern product, used by us in every day life?

I think Prime covered this before, too. Absolutely insane that 1 person had total authority over this thing. Would LOVE to see a collab between you two.

Excellent video, Dave. A great reminder for all of us in software and related fields. Especially for those of us who weren’t around when this disaster happened.

I remember writing weather related software for the RAF Back in the early 1990s that converted air pressure from Imperial to metric as the data I received was imperial but the display needed to be metric. I had a small rounding error in my calculation which a squadron leader spotted, the air pressure was used to calibrate plane altitude and the SL explained my rounding error was the equivalent of about 25 feet altitude, not a lot you may think but important during landing. Suitably chastised, I corrected the code and learned to take software that affects lives (even indirectly) much more seriously after that. I was only 22, and no code or design reviews took place. Software engineering has come a long way since then thank goodness

This happened at my local major hospital (Kennestone), in Kennesaw, GA. It's a very good hospital and its accidents like this that improve the safety in all hospitals, unfortunately.

I worked in aerospace on the GPS satellite program for 20 years. The scientists often discussed stories of catastrophes in the industry that resulted from simple errors. One we often discussed was the Ariane 5 disaster. Basically, they reused code from Ariane 4 but it wasn't right for Ariane 5. BOOM. Fortunately we avoided problems on the GPS program thanks to rigorous testing and review.

The real question is why the machine wasn’t pulled from the market after the first error was reported.

dave is a man of culture, the thumbnail lol

Considering how tragic this story is, I find your thumbnail in quite poor taste.

Dave -- As someone who has donw real time software I dlove to hear your view on the Chinook Helicopter FADEC software. This was back in the late 90s early 2000s. Great content 😊

The patients should have done what a guy my dad knew did for his cancer treatments! My dad worked on a Nuclear Reactor. One of his and the other people that worked with him jobs was to "Refuel" the reactor by inserting new Uranium Fuel Pellets into it BUT first the old, now highly radioactive pellets had to be removed. They were pushed out of the reactor and into lead buckets that were then sealed. This one worker had been diagnosed with throat cancer. He went through Chemo but it did not work very well. On his next visit to the doctor, the doctor found his tumor has shrunk for some reason. It was finally revealed he had been exposing his neck to the old, highly radioactive, Uranium Fuel Pellets that were in the buckets before they were sealed. In reality he was giving himself Radiation Treatments! I understand he lived for a few years after he was made to stop his self-treatments.

I love that Elvis is the subject of the pictures 😂

My dad had his first Therac treatment in Yakima,Wa. The next day, his chest swollen like a basketball, he passed away. Yes, it was a Threac 25………

Therac-25 was a case study for my undergrad Software Development class. There was a somewhat similar incident in 2001 at the Panama National Institute of Oncology in which 28 people were overexposed and at least 5 people were killed. In that incident, the machine was the Theratron 780-C Cobalt 60 teletherapy system manufactured by Theratronics Inc from Canada (same company that took over maintenance of Therac) but used a therapy planning software from Multidata software out of St. Louis. Apparently the software permitted incorrect forms of data entry which led to miscalculation of treatment times. I have no idea if the Multidata software directly interfaced with the therapy machine or if it was just used for planning. Regardless, people trusted buggy software and there weren't safeguards in place to prevent overexposure.

This is beyond the problem of the developer doing poor job. This was company wide issue. Wild that trying to blame operators for errors and not even checking their own product in this kind of situation. I'm working also on software field and none of the products I've worked with are putting user in risk and yet if customer complains about error/bug we'll investigate it and do not ignore it. But that was "Wild 80's" back then. This feels more like management seeing SW as 'cheaper option' for hw interlocks thus hiring the hobby programmer to do the job.

Great video Dave and thank you for showing us.

One would expect that the software places the machine in an 'unsafe' state at the start and gradually with it's configuration set and checked more flags progress to a checked state. Only if all checks came out succesfully the machine should be allowed to enter a 'operational' stage. But please keep the physical safe-guards in the loop! Thanks Dave, this was really informative!

This is bad, but it’s quite common. I was having lasik surgery and the was a room full of people waiting. The person ahead of me was rolled in. Then 5 mins later, rolled back out….without their procedure done. Huh? We all sat in wonder. 20 mins later I am escorted back. I asked what happened? They told me the machine that does the lasik would not accept their software programming for the procedure. Wait, what? And now you are putting me under and shooting a laser into my eyes? Yes, and be rest assured, also is ok.. uh, no.

Excellent story, Davy! In the course of my Software Development degree, I've used the example of the Therac-25 several times in essays, papers, and exam questions to illustrate how utterly vital it is to seek out edge cases and test them *thoroughly* and to document, document, document in every project, and most especially in any system that is health-, life-, safety-, or even just mission-critical. The Therac is a prime example of hubris and complacency leading to fatal cosequences, something we must fight against to keep it from happening on our watch.

Gee, software in safety critical systems not being tested thoroughly? And written by non-professional programmers? Where have we heard about this before?

I'm a firm believer in the 'belt, braces, and piece of string in pocket' style of philosophy

I heard of another such device with the much simpler problem that if the operator made a typo entering the dose and used DEL to correct it all was fine, but if they used BACKSPACE then the digits on the screen vanished but the number received by the control program contained _all_ the digits entered!

Thanks Dave for this story highlighting that in critical systems where a failure in any component (software is also a component) could cause serious consequences. If fail-safes cannot be implemented then redundancy must be. When involved in designing equipment which safety is required you are responsible.

Thanks for adding actual captions for the Deaf and making video more accessible

Thanks for sharing the story. I had not heard about the Therac-25 even when I working IT in a hospital back in the 90's.

I won't say who I worked for but I was an electronic medical records dev. I found a device driver 'feature' on db2 that added a null terminator at the end of its buffer. Problem was we used rtf to store notes in the db. In some cases there were entire sections of chart notes just gone. Drs had no idea it was happening. I told management and I got "We don't take responsibility for FDA approved, that is on the Dr " . I quit and got out entirely. Thank you for shining a light on this issue!

This was a case i had to look at during one of my software safety courses, did a spot of aircraft navigation code reviews and a few years later code reviews for a medical device as part of our FDA approvals. if i remember correctly there was another case where an error condition was a byte being non-zero, but they just added a '1' when an error was detected. every 256 errors the byte was cleared so you could have a lot of errors but still show as safe to proceed. This is why it's much harder to certify software than hardware. a big part of the certification is based on how you design the code and not just how it runs. FPGA code follows the same route as software in hardware certification as it's impossible to test an FPGA as there can be so many parallel processes running in side, hardware testing for fault conditions is next to impossible. The fun in working in industries where safety is everything and faults can kill. 😞

Dave you are an impressive and captivating story teller. I appreciate the time you take to make your videos.

I studied the Therac-25 case as an undergrad in 2002.... thanks for reviewing this case! I've always wanted a more technical breakdown.

My closest call was harmless. Me and colleague collaborated to write a print driver for a government document printer/binder. There were lots of options for colors, page sizes, orientations etc. Unfortunately we both 'handled' number of copies. We tested all the options extensively but always with one copy - didn't want to waste paper. We let it go live and overnight the agency requested 60 copies of a 100 page manual. The operators fed it paper for hours while it printed the 60^2 copies then at 3 a.m. phoned me to ask why it wasn't stopping? I said pull the power at the wall and I'll look at it in the morning. 😀

Was that thumbnail really necessary? 🙄

The software developer should not be responsible for determining the safety and reliability of the device. The device needs to be tested independently and software flaws identified and given as feedback to the developer. Having been involved in many product development projects in the past, I've never seen designers get it right the first time.

❤Thank You, Dave! ❤ Some people are sensitive to MRI, too. Chuck Norris' wife and some of my close family members also.😢

I've often wondered how the guy who wrote the original MCAS code for Boeing felt when it was realised that it was that system that was responsible for two fatal crashes, not that it was his fault, he did exactly what he was tasked with doing, but it must have been sobering to realise that his lines of code actually put the aircraft out of control.