←back to thread

The Therac-25 Incident (2021)

(thedailywtf.com)
449 points lemper | 4 comments | 27 Aug 25 06:57 UTC | HN request time: 0.001s | source
Show context
isopede ◴[27 Aug 25 08:23 UTC] No.45036862[source]
I strongly believe that we will see an incident akin to Therac-25 in the near future. With as many people running YOLO mode on their agents as there are, Claude or Gemini is going to be hooked up to some real hardware that will end up killing someone.

Personally, I've found even the latest batch of agents fairly poor at embedded systems, and I shudder at the thought of giving them the keys to the kingdom to say... a radiation machine.

replies(6): >>45036933 #>>45036958 #>>45037102 #>>45037245 #>>45037729 #>>45042356 #
SCdF ◴[27 Aug 25 09:05 UTC] No.45037102[source]
The Horizon (UK Royal Mail accounting software) incident killed multiple postmasters through suicide, and bankrupted and destroyed the lives of dozens or hundreds more.

The core takeaway developers should have from Therac-25 is not that this happens just on "really important" software, but that all software is important, and all software can kill, and you need to always care.

replies(2): >>45037211 #>>45037542 #
hahn-kev ◴[27 Aug 25 09:21 UTC] No.45037211[source]
From what I've read about that incident I don't know what the devs could have done. The company sure was a problem but also the laws basically saying a computer can't be wrong. No dev can solve that problem.
replies(6): >>45037255 #>>45037256 #>>45037983 #>>45039517 #>>45040795 #>>45044314 #
1. V__ ◴[27 Aug 25 11:06 UTC] No.45037983[source]
> Engineers are legally obligated to report unsafe conduct, activities or behaviours of others that could pose a risk to the public or the environment. [1]

If software "engineers" want to be taken seriously, then they should also have the obligation to report unsafe/broken software and refuse to ship unsafe/broken software. The developers are just as much to blame as the post office:

> Fujitsu was aware that Horizon contained software bugs as early as 1999 [2]

[1] https://engineerscanada.ca/news-and-events/news/the-duty-to-...

[2] https://en.wikipedia.org/wiki/British_Post_Office_scandal

replies(2): >>45044340 #>>45050809 #
2. simulator5g ◴[27 Aug 25 19:55 UTC] No.45044340[source]
I don't think it's fair to blame individual developers for a systemic failure. Its not their fault there is no governing body to award or remove the title of "software engineer" and promote the concept of a software engineer refusing to do something without harming their career. Other engineering disciplines have laws, lobbied for by their governing body, that protect the ability of individual engineers to prevent higher-ups from making grave mistakes.
replies(1): >>45046864 #
3. lmm ◴[28 Aug 25 00:15 UTC] No.45046864[source]
> Its not their fault there is no governing body to award or remove the title of "software engineer" and promote the concept of a software engineer refusing to do something without harming their career.

Those governing bodies didn't form by magic. If you look at how hostile people on this site are to the idea of unionization or any kind of collective organisation, I'd say a large part of the problem with software is individual developers' attitudes.

4. donatj ◴[28 Aug 25 11:20 UTC] No.45050809[source]
I have worked in this industry for 20 years and never met a piece of software I would deem "safe". It's all duct tape and spit. All of it.

I have had software professionally audited by third parties more than a few times, and they basically only ever catch surface level bugs. Recently, the same we the audit finished we independently found a pretty obvious sql injection flaw.

I think the danger is not in producing unsafe software. The real danger is in thinking it can ever can be safe. It cannot be, and anyone who tells you otherwise is a snake oil salesman.

If your life depends on software, you are one bit flip from death.