Re: [SystemSafety] A Series of SW-related Sociotechnical System Failures

From: Les Chambers < >
Date: Wed, 21 Jan 2015 09:39:52 +1000

I read all those words. Can you confirm my impressions: 1) you are suggesting that systems should be thoroughly specified before they are built
2) further you are suggesting that the usability of a system, as specified, should be validated for its target user community before and during its construction; certainly before it is foisted on unwitting users. In short one should respect one's users' right to simplicity, accuracy and ease of use.
If the answer is yes to both these propositions I would watch my back if I were you. You sound like a dangerous radical.

In general, I weep for the software industry. Instances such as the one you have documented are all too common. 60 years on from the first introduction of computing technology into human systems, people who allocate capital for the construction of these systems are unwilling to pay for what we class as best practice (I call it common sense). Instead they prefer to pick up the pieces of a failed system at much higher cost. The Obamacare debacle acare-case-study.pdf acare-case-study-analysis.pdf

... and the Queensland Health payroll system are classic examples of this. It is often well known by the developers that the system will fail in production (as was the case with both of these systems) yet they are still deployed, usually because of a political commitment or an ill-advised decision by non-technical manager/politician. Even NASA is not immune. I recently heard Chris Hadfield relate the story of a software upgrade in the International Space Station. It failed. All the lights went out, machinery wound down, and they had to rummage around in the archives for some archaic software that could operate the station on limited functionality. This was a case of migration to the boundary by people eminently qualified to do so.

Why, even last Sunday afternoon Microsoft visited a similar scenario on me, and I suspect millions of other Windows 8 users. For some time I've been getting suggestions I should upgrade to Windows 8.1. On the weekend this morphed from a suggestion to a command (the monopolistic arrogance of these people). The message said the upgrade would occur in four hours and there was no button to say no. I closed the message window and got on with my work. Two hours later I went out leaving my machine switched on, forgetting about the Microsoft command. When I returned that evening I discovered the upgrade had been done without my authorisation. Attempting to use Microsoft Word 2007 I discovered it was unstable. It then stopped working altogether. There followed a three hour investigation on Internet forums, were in I discovered that the bog standard Windows 8.1 upgrade does not include everything you need for Microsoft office to keep operating. There are, in fact 20, additional "enhancements" relating to 64-bit processors that need to be installed also. Now my Microsoft Office suite is working, sort of. PowerPoint is still looking for a networked printer that no longer exists and will not allow me to select another printer. In short Microsoft issued a software upgrade that destroyed the integrity of its own signature software products. In this case, for non-technical users, there is no boundary to migrate to. It's just a Bridge too far. I am an optimist though. At some point the people with the money will look beyond the initial capital cost of software construction and take pity on the poor users and the businesses and taxpayers who have to pay for the cost of ownership - some of them with their lives. Les

-----Original Message-----
From: systemsafety-bounces_at_xxxxxx [mailto:systemsafety-bounces_at_xxxxxx Peter Bernard Ladkin
Sent: Tuesday, January 20, 2015 9:37 PM
To: The System Safety List
Subject: [SystemSafety] A Series of SW-related Sociotechnical System Failures

There's a new paper on the RVS publications page at 3.pdf

It's not about a safety-critical system. It's about my experience with a WWW-based ticketing system.
However, the observations are very similar. People aren't thinking about - or specifying - the
system function, and they are in particular not checking that the implemented system is (in this
case, isn't) a refinement of the system function as it should be. Operators are apparently adapting
as Rasmussen says they do - Migration to the Boundary - but it's not clear to me that they should be.

What managed to happen in this case is that a system with virtually 100% reliability over years went
down to 39% reliability in the last year and a half. So much for computers helping!

Best practice in design and evaluation is the same, it seems to me, as in critical systems. That
should be good news, on the basis that we need to keep on banging the same old drum. But it could be
bad news if we are doing so in a vacuum......

PBL Prof. Peter Bernard Ladkin, Faculty of Technology, University of Bielefeld, 33594 Bielefeld, Germany
Je suis Charlie
Tel+msg +49 (0)521 880 7319

The System Safety Mailing List

The System Safety Mailing List
systemsafety_at_xxxxxx Received on Wed Jan 21 2015 - 00:40:31 CET

This archive was generated by hypermail 2.3.0 : Fri Apr 26 2019 - 06:17:07 CEST