Poor quality software is killing people

We have recently seen one of the largest killings by bad programming in the case of the Boeing 737 Max

The Boeing company has a black eye from their recent screw-up with two of their newest jets crashing.

Simply put, this error was caused by poor quality programming, and not following standard aircraft safety software principles. It was exacerbated by their greed in trying to sell what is an essential safety feature as a downloadable paid option, which the low-cost airlines like Lion and Ethiopian airlines didn’t buy.  

This is a powerful jet, and it can if you pull the stick up go into a stall pretty easily. That is not a defect, that is an inherent risk when you have a plane with really potent engines which are much safer in other scenarios, so nothing wrong with having powerful engines. But the input to the stall detector software was a single sensor, even though there are 2 sensors on the plane, it only read one of them. And so when the single sensor malfunctioned, the plane thinks that it is heading up when it isn’t. The second mistake, even more stupid, is that the computer code that said:

  IF sensor > 34 degrees then push nose down 1 degrees/sec  

(my formula is approximate), didn’t have a loop counter, so that if this had been done more than a few times it would stop for a while, as clearly the pilot is trying to override the program. In the Lion Air case, the pilot tried over and over to pull up from impending doom, and lost the battle, killing all aboard. Boeing has just updated the software, and added a few lines of code to this little program. This error will costs them billions when all the lawsuits are settled.


I was trained in programming at JPL as a youth, and when they are making space probes that will travel for 10 years  without the possibility of any repair, they always put in an odd number of sensors for each critical measurement, and have the sensors vote on the measurement, and if it is 2 to 1 they pick the majority, and eventually turn off the bad sensor because there is no point in listening to it. To have only one sensor, which is unfortunately all too common in automotive safety systems, is a bad practice, because that single cheap sensor can cause a serious accident. This is the thing that worries me about all these fancy car safety systems, is that they are put in by cheap companies that don’t have any redundancy on the critical systems.  

I remember a friend sued Porsche when they got one of the high end Cayenne Turbo models and it changed lanes abruptly almost killing them. This is all due to bad programming, and instead of letting car companies keep their code secret, i believe all safety systems for any device (car, bus, train, plane, nuclear power plant) should have their code openly published, so that outside programmers can inspect it and find weaknesses. There are a lot of retired and under-employed programmers who should receive a bounty for finding errors and dangers in code that is critical to the safety of the public.

Anyone with experience in military or space software systems, would have raised red flags on the Boeing code, which was clearly done by rookie programmers and it indicates that Boeing has a serious internal malfunction that they would try to monetize a critical safety system. They are spending more money on lobbying now to fix it, when what they need is better engineering management, not more lobbyists.