A potentially lethal computer

Hi folks.

Last night a friend of mine called. He was a bit upset, as his car
had stopped, with no warning, in the middel of nowhere. He had
waited for an hour for the tow truck, but it never arrived. He had
called somebody to come over and help tow his car to town, but
it turned out his car did not have a tow-rope attachment but some
attach-a-weird-bolt-to-the-bumper arrangement which he did not
understand how worked.

After a couple of hours at the roadside trying frantically to get
out of there, and with no chance to do road-side repairs, he tried
the only thing he could: Fill another 10 liters og gas on the tank,
and see what happened. The car started and he could drive the
10 km to the gas station and fill up.

So what has this story to do with computers?

It turned out that my friend had trusted the car computer which
informed him something like "XXX km to next refueling", leading
him to believe that he could actually get to town on the onboard
fuel.I have no idea why the thing displayed the wrong message,
the fuel level sensor might be proken or the remaining distance
might have been computed based on invalid statistics, but my
friend is not a n engineer, let a lone a computer programmer,
so he trusted what the computer told him. And was caught
completely by surprise when the car stopped.

Why is this computer potentially lethal?

My friend got away from this inciden whith no harm, as it
was not very cold, some -2C to 0C. In three months that
would have been a very different story. The place where the
car broke down is 'weird' in that it is close to the coast but
easily drop to -20C and below in winter, not counting wind-
chill in near-gale-force winds which are common in the area
in winter.

Had the incident occured in mid-winter with an unprepared
person (not bringing thermo suits or thermo blankets in the
car), this computer glitch could easily turn very nasty.

As far as I am concerned, the estimating-the-distance-left-
to-refueling is a gadget is best left out, since the driver will
handle the fuel in a different way, accounting for uncertainties,
if he does *not* get (unreliable) info from the computer.

In other words, this is a classic case of "no info is better
than wrong info."

Rune

Rune Allnor wrote:
> Hi folks.
>
> Last night a friend of mine called. He was a bit upset, as his car
> had stopped, with no warning, in the middel of nowhere. He had
> waited for an hour for the tow truck, but it never arrived. He had
> called somebody to come over and help tow his car to town, but
> it turned out his car did not have a tow-rope attachment but some
> attach-a-weird-bolt-to-the-bumper arrangement which he did not
> understand how worked.
>
Rune,
Your friend is nieve.
http://news.bbc.co.uk/1/hi/england/cumbria/7366371.stm
Bless, Syms. 

Rune Allnor wrote:
> Hi folks.
> 
> Last night a friend of mine called. He was a bit upset, as his car
> had stopped, with no warning, in the middel of nowhere. He had
> waited for an hour for the tow truck, but it never arrived. He had
> called somebody to come over and help tow his car to town, but
> it turned out his car did not have a tow-rope attachment but some
> attach-a-weird-bolt-to-the-bumper arrangement which he did not
> understand how worked.
> 
> After a couple of hours at the roadside trying frantically to get
> out of there, and with no chance to do road-side repairs, he tried
> the only thing he could: Fill another 10 liters og gas on the tank,
> and see what happened. The car started and he could drive the
> 10 km to the gas station and fill up.
> 
> So what has this story to do with computers?
> 
> It turned out that my friend had trusted the car computer which
> informed him something like "XXX km to next refueling", leading
> him to believe that he could actually get to town on the onboard
> fuel.I have no idea why the thing displayed the wrong message,
> the fuel level sensor might be proken or the remaining distance
> might have been computed based on invalid statistics, but my
> friend is not a n engineer, let a lone a computer programmer,
> so he trusted what the computer told him. And was caught
> completely by surprise when the car stopped.
> 
> Why is this computer potentially lethal?
> 
> My friend got away from this inciden whith no harm, as it
> was not very cold, some -2C to 0C. In three months that
> would have been a very different story. The place where the
> car broke down is 'weird' in that it is close to the coast but
> easily drop to -20C and below in winter, not counting wind-
> chill in near-gale-force winds which are common in the area
> in winter.
> 
> Had the incident occured in mid-winter with an unprepared
> person (not bringing thermo suits or thermo blankets in the
> car), this computer glitch could easily turn very nasty.
> 
> As far as I am concerned, the estimating-the-distance-left-
> to-refueling is a gadget is best left out, since the driver will
> handle the fuel in a different way, accounting for uncertainties,
> if he does *not* get (unreliable) info from the computer.
> 
> In other words, this is a classic case of "no info is better
> than wrong info."
> 
> Rune

Not to mention "marketing info is worse than no info", and "everything 
my car tells me is marketing".

-- 

Tim Wescott
Wescott Design Services
http://www.wescottdesign.com

Do you need to implement control loops in software?
"Applied Control Theory for Embedded Systems" gives you just what it says.
See details at http://www.wescottdesign.com/actfes/actfes.html

Symon wrote:
> Rune Allnor wrote:
>> Hi folks.
>>
>> Last night a friend of mine called. He was a bit upset, as his car
>> had stopped, with no warning, in the middel of nowhere. He had
>> waited for an hour for the tow truck, but it never arrived. He had
>> called somebody to come over and help tow his car to town, but
>> it turned out his car did not have a tow-rope attachment but some
>> attach-a-weird-bolt-to-the-bumper arrangement which he did not
>> understand how worked.
>>
> Rune,
> Your friend is nieve.
> http://news.bbc.co.uk/1/hi/england/cumbria/7366371.stm
> Bless, Syms.
Like my drunken spolling 

On Tue, 30 Sep 2008 17:18:09 -0700 (PDT), Rune Allnor
<allnor@tele.ntnu.no> wrote:

>Hi folks.
>
>Last night a friend of mine called. He was a bit upset, as his car
>had stopped, with no warning, in the middel of nowhere. He had
>waited for an hour for the tow truck, but it never arrived. He had
>called somebody to come over and help tow his car to town, but
>it turned out his car did not have a tow-rope attachment but some
>attach-a-weird-bolt-to-the-bumper arrangement which he did not
>understand how worked.
>
>After a couple of hours at the roadside trying frantically to get
>out of there, and with no chance to do road-side repairs, he tried
>the only thing he could: Fill another 10 liters og gas on the tank,
>and see what happened. The car started and he could drive the
>10 km to the gas station and fill up.
>
>So what has this story to do with computers?
>
>It turned out that my friend had trusted the car computer which
>informed him something like "XXX km to next refueling", leading
>him to believe that he could actually get to town on the onboard
>fuel.I have no idea why the thing displayed the wrong message,
>the fuel level sensor might be proken or the remaining distance
>might have been computed based on invalid statistics, but my
>friend is not a n engineer, let a lone a computer programmer,
>so he trusted what the computer told him. And was caught
>completely by surprise when the car stopped.
>
>Why is this computer potentially lethal?
>
>My friend got away from this inciden whith no harm, as it
>was not very cold, some -2C to 0C. In three months that
>would have been a very different story. The place where the
>car broke down is 'weird' in that it is close to the coast but
>easily drop to -20C and below in winter, not counting wind-
>chill in near-gale-force winds which are common in the area
>in winter.
>
>Had the incident occured in mid-winter with an unprepared
>person (not bringing thermo suits or thermo blankets in the
>car), this computer glitch could easily turn very nasty.
>
>As far as I am concerned, the estimating-the-distance-left-
>to-refueling is a gadget is best left out, since the driver will
>handle the fuel in a different way, accounting for uncertainties,
>if he does *not* get (unreliable) info from the computer.
>
>In other words, this is a classic case of "no info is better
>than wrong info."
>
>Rune

While I sympathize with your friend I'll suggest a different point of
view.   We had a discussion here recently how people have given over
their risk/danger management skills to other "authority".   People
depend on signs, "authority" figures, or computer outputs to tell them
what to do.   I think that's a bad thing and people need to take more
responsibility for themselves.

Most automobiles have had fuel gauges for as long as I've been around,
and I think if someone in a hazardous environment ran a car down close
to E and it quit, people wouldn't have blamed the fuel gauge or the
car manufacturer, they'd have blamed the operator for running it so
close to E in a dangerous environment.  A lack of planning is not a
good excuse if the consequences of failure are high.   Everybody knows
(or should know) that automotive gauges aren't precision instruments.
I think your friend made a mistake in thinking that because a display
is digital then it must be accurate.   What gives one that notion?

I hope he uses the incident to learn (and tell his friends!) that the
gauge is only an estimate and isn't precise enough to trust one's life
with.

Eric Jacobsen
Minister of Algorithms
Abineau Communications
http://www.ericjacobsen.org

Blog: http://www.dsprelated.com/blogs-1/hf/Eric_Jacobsen.php

On Tue, 30 Sep 2008 17:18:09 -0700 (PDT), Rune Allnor
<allnor@tele.ntnu.no> wrote:

>Hi folks.
>
>Last night a friend of mine called. He was a bit upset, as his car
>had stopped, with no warning, in the middel of nowhere. He had
>waited for an hour for the tow truck, but it never arrived. He had
>called somebody to come over and help tow his car to town, but
>it turned out his car did not have a tow-rope attachment but some
>attach-a-weird-bolt-to-the-bumper arrangement which he did not
>understand how worked.
>
>After a couple of hours at the roadside trying frantically to get
>out of there, and with no chance to do road-side repairs, he tried
>the only thing he could: Fill another 10 liters og gas on the tank,
>and see what happened. The car started and he could drive the
>10 km to the gas station and fill up.
>
>So what has this story to do with computers?
>
>It turned out that my friend had trusted the car computer which
>informed him something like "XXX km to next refueling", leading
>him to believe that he could actually get to town on the onboard
>fuel.I have no idea why the thing displayed the wrong message,
>the fuel level sensor might be proken or the remaining distance
>might have been computed based on invalid statistics, but my
>friend is not a n engineer, let a lone a computer programmer,
>so he trusted what the computer told him. And was caught
>completely by surprise when the car stopped.
>
>Why is this computer potentially lethal?
>
>My friend got away from this inciden whith no harm, as it
>was not very cold, some -2C to 0C. In three months that
>would have been a very different story. The place where the
>car broke down is 'weird' in that it is close to the coast but
>easily drop to -20C and below in winter, not counting wind-
>chill in near-gale-force winds which are common in the area
>in winter.
>
>Had the incident occured in mid-winter with an unprepared
>person (not bringing thermo suits or thermo blankets in the
>car), this computer glitch could easily turn very nasty.
>
>As far as I am concerned, the estimating-the-distance-left-
>to-refueling is a gadget is best left out, since the driver will
>handle the fuel in a different way, accounting for uncertainties,
>if he does *not* get (unreliable) info from the computer.
>
>In other words, this is a classic case of "no info is better
>than wrong info."
>
>Rune

While I sympathize with your friend I'll suggest a different point of
view.   We had a discussion here recently how people have given over
their risk/danger management skills to other "authority".   People
depend on signs, "authority" figures, or computer outputs to tell them
what to do.   I think that's a bad thing and people need to take more
responsibility for themselves.

Most automobiles have had fuel gauges for as long as I've been around,
and I think if someone in a hazardous environment ran a car down close
to E and it quit, people wouldn't have blamed the fuel gauge or the
car manufacturer, they'd have blamed the operator for running it so
close to E in a dangerous environment.  A lack of planning is not a
good excuse if the consequences of failure are high.   Everybody knows
(or should know) that automotive gauges aren't precision instruments.
I think your friend made a mistake in thinking that because a display
is digital then it must be accurate.   What gives one that notion?

I hope he uses the incident to learn (and tell his friends!) that the
gauge is only an estimate and isn't precise enough to trust one's life
with.

Eric Jacobsen
Minister of Algorithms
Abineau Communications
http://www.ericjacobsen.org

Blog: http://www.dsprelated.com/blogs-1/hf/Eric_Jacobsen.php

On Tue, 30 Sep 2008 17:18:09 -0700 (PDT), Rune Allnor
<allnor@tele.ntnu.no> wrote:

>Hi folks.
>
>Last night a friend of mine called. He was a bit upset, as his car
>had stopped, with no warning, in the middel of nowhere. He had
>waited for an hour for the tow truck, but it never arrived. He had
>called somebody to come over and help tow his car to town, but
>it turned out his car did not have a tow-rope attachment but some
>attach-a-weird-bolt-to-the-bumper arrangement which he did not
>understand how worked.
>
>After a couple of hours at the roadside trying frantically to get
>out of there, and with no chance to do road-side repairs, he tried
>the only thing he could: Fill another 10 liters og gas on the tank,
>and see what happened. The car started and he could drive the
>10 km to the gas station and fill up.
>
>So what has this story to do with computers?
>
>It turned out that my friend had trusted the car computer which
>informed him something like "XXX km to next refueling", leading
>him to believe that he could actually get to town on the onboard
>fuel.I have no idea why the thing displayed the wrong message,
>the fuel level sensor might be proken or the remaining distance
>might have been computed based on invalid statistics, but my
>friend is not a n engineer, let a lone a computer programmer,
>so he trusted what the computer told him. And was caught
>completely by surprise when the car stopped.
>
>Why is this computer potentially lethal?
>
>My friend got away from this inciden whith no harm, as it
>was not very cold, some -2C to 0C. In three months that
>would have been a very different story. The place where the
>car broke down is 'weird' in that it is close to the coast but
>easily drop to -20C and below in winter, not counting wind-
>chill in near-gale-force winds which are common in the area
>in winter.
>
>Had the incident occured in mid-winter with an unprepared
>person (not bringing thermo suits or thermo blankets in the
>car), this computer glitch could easily turn very nasty.
>
>As far as I am concerned, the estimating-the-distance-left-
>to-refueling is a gadget is best left out, since the driver will
>handle the fuel in a different way, accounting for uncertainties,
>if he does *not* get (unreliable) info from the computer.
>
>In other words, this is a classic case of "no info is better
>than wrong info."
>
>Rune

While I sympathize with your friend I'll suggest a different point of
view.   We had a discussion here recently how people have given over
their risk/danger management skills to other "authority".   People
depend on signs, "authority" figures, or computer outputs to tell them
what to do.   I think that's a bad thing and people need to take more
responsibility for themselves.

Most automobiles have had fuel gauges for as long as I've been around,
and I think if someone in a hazardous environment ran a car down close
to E and it quit, people wouldn't have blamed the fuel gauge or the
car manufacturer, they'd have blamed the operator for running it so
close to E in a dangerous environment.  A lack of planning is not a
good excuse if the consequences of failure are high.   Everybody knows
(or should know) that automotive gauges aren't precision instruments.
I think your friend made a mistake in thinking that because a display
is digital then it must be accurate.   What gives one that notion?

I hope he uses the incident to learn (and tell his friends!) that the
gauge is only an estimate and isn't precise enough to trust one's life
with.

Eric Jacobsen
Minister of Algorithms
Abineau Communications
http://www.ericjacobsen.org

Blog: http://www.dsprelated.com/blogs-1/hf/Eric_Jacobsen.php

On Tue, 30 Sep 2008 17:18:09 -0700 (PDT), Rune Allnor
<allnor@tele.ntnu.no> wrote:

>Hi folks.
>
>Last night a friend of mine called. He was a bit upset, as his car
>had stopped, with no warning, in the middel of nowhere. He had
>waited for an hour for the tow truck, but it never arrived. He had
>called somebody to come over and help tow his car to town, but
>it turned out his car did not have a tow-rope attachment but some
>attach-a-weird-bolt-to-the-bumper arrangement which he did not
>understand how worked.
>
>After a couple of hours at the roadside trying frantically to get
>out of there, and with no chance to do road-side repairs, he tried
>the only thing he could: Fill another 10 liters og gas on the tank,
>and see what happened. The car started and he could drive the
>10 km to the gas station and fill up.
>
>So what has this story to do with computers?
>
>It turned out that my friend had trusted the car computer which
>informed him something like "XXX km to next refueling", leading
>him to believe that he could actually get to town on the onboard
>fuel.I have no idea why the thing displayed the wrong message,
>the fuel level sensor might be proken or the remaining distance
>might have been computed based on invalid statistics, but my
>friend is not a n engineer, let a lone a computer programmer,
>so he trusted what the computer told him. And was caught
>completely by surprise when the car stopped.
>
>Why is this computer potentially lethal?
>
>My friend got away from this inciden whith no harm, as it
>was not very cold, some -2C to 0C. In three months that
>would have been a very different story. The place where the
>car broke down is 'weird' in that it is close to the coast but
>easily drop to -20C and below in winter, not counting wind-
>chill in near-gale-force winds which are common in the area
>in winter.
>
>Had the incident occured in mid-winter with an unprepared
>person (not bringing thermo suits or thermo blankets in the
>car), this computer glitch could easily turn very nasty.
>
>As far as I am concerned, the estimating-the-distance-left-
>to-refueling is a gadget is best left out, since the driver will
>handle the fuel in a different way, accounting for uncertainties,
>if he does *not* get (unreliable) info from the computer.
>
>In other words, this is a classic case of "no info is better
>than wrong info."
>
>Rune

While I sympathize with your friend I'll suggest a different point of
view.   We had a discussion here recently how people have given over
their risk/danger management skills to other "authority".   People
depend on signs, "authority" figures, or computer outputs to tell them
what to do.   I think that's a bad thing and people need to take more
responsibility for themselves.

Most automobiles have had fuel gauges for as long as I've been around,
and I think if someone in a hazardous environment ran a car down close
to E and it quit, people wouldn't have blamed the fuel gauge or the
car manufacturer, they'd have blamed the operator for running it so
close to E in a dangerous environment.  A lack of planning is not a
good excuse if the consequences of failure are high.   Everybody knows
(or should know) that automotive gauges aren't precision instruments.
I think your friend made a mistake in thinking that because a display
is digital then it must be accurate.   What gives one that notion?

I hope he uses the incident to learn (and tell his friends!) that the
gauge is only an estimate and isn't precise enough to trust one's life
with.

Eric Jacobsen
Minister of Algorithms
Abineau Communications
http://www.ericjacobsen.org

Blog: http://www.dsprelated.com/blogs-1/hf/Eric_Jacobsen.php

On Tue, 30 Sep 2008 17:18:09 -0700 (PDT), Rune Allnor
<allnor@tele.ntnu.no> wrote:

>Hi folks.
>
>Last night a friend of mine called. He was a bit upset, as his car
>had stopped, with no warning, in the middel of nowhere. He had
>waited for an hour for the tow truck, but it never arrived. He had
>called somebody to come over and help tow his car to town, but
>it turned out his car did not have a tow-rope attachment but some
>attach-a-weird-bolt-to-the-bumper arrangement which he did not
>understand how worked.
>
>After a couple of hours at the roadside trying frantically to get
>out of there, and with no chance to do road-side repairs, he tried
>the only thing he could: Fill another 10 liters og gas on the tank,
>and see what happened. The car started and he could drive the
>10 km to the gas station and fill up.
>
>So what has this story to do with computers?
>
>It turned out that my friend had trusted the car computer which
>informed him something like "XXX km to next refueling", leading
>him to believe that he could actually get to town on the onboard
>fuel.I have no idea why the thing displayed the wrong message,
>the fuel level sensor might be proken or the remaining distance
>might have been computed based on invalid statistics, but my
>friend is not a n engineer, let a lone a computer programmer,
>so he trusted what the computer told him. And was caught
>completely by surprise when the car stopped.
>
>Why is this computer potentially lethal?
>
>My friend got away from this inciden whith no harm, as it
>was not very cold, some -2C to 0C. In three months that
>would have been a very different story. The place where the
>car broke down is 'weird' in that it is close to the coast but
>easily drop to -20C and below in winter, not counting wind-
>chill in near-gale-force winds which are common in the area
>in winter.
>
>Had the incident occured in mid-winter with an unprepared
>person (not bringing thermo suits or thermo blankets in the
>car), this computer glitch could easily turn very nasty.
>
>As far as I am concerned, the estimating-the-distance-left-
>to-refueling is a gadget is best left out, since the driver will
>handle the fuel in a different way, accounting for uncertainties,
>if he does *not* get (unreliable) info from the computer.
>
>In other words, this is a classic case of "no info is better
>than wrong info."
>
>Rune

While I sympathize with your friend I'll suggest a different point of
view.   We had a discussion here recently how people have given over
their risk/danger management skills to other "authority".   People
depend on signs, "authority" figures, or computer outputs to tell them
what to do.   I think that's a bad thing and people need to take more
responsibility for themselves.

Most automobiles have had fuel gauges for as long as I've been around,
and I think if someone in a hazardous environment ran a car down close
to E and it quit, people wouldn't have blamed the fuel gauge or the
car manufacturer, they'd have blamed the operator for running it so
close to E in a dangerous environment.  A lack of planning is not a
good excuse if the consequences of failure are high.   Everybody knows
(or should know) that automotive gauges aren't precision instruments.
I think your friend made a mistake in thinking that because a display
is digital then it must be accurate.   What gives one that notion?

I hope he uses the incident to learn (and tell his friends!) that the
gauge is only an estimate and isn't precise enough to trust one's life
with.

Eric Jacobsen
Minister of Algorithms
Abineau Communications
http://www.ericjacobsen.org

Blog: http://www.dsprelated.com/blogs-1/hf/Eric_Jacobsen.php

On Tue, 30 Sep 2008 17:18:09 -0700 (PDT), Rune Allnor
<allnor@tele.ntnu.no> wrote:

>Hi folks.
>
>Last night a friend of mine called. He was a bit upset, as his car
>had stopped, with no warning, in the middel of nowhere. He had
>waited for an hour for the tow truck, but it never arrived. He had
>called somebody to come over and help tow his car to town, but
>it turned out his car did not have a tow-rope attachment but some
>attach-a-weird-bolt-to-the-bumper arrangement which he did not
>understand how worked.
>
>After a couple of hours at the roadside trying frantically to get
>out of there, and with no chance to do road-side repairs, he tried
>the only thing he could: Fill another 10 liters og gas on the tank,
>and see what happened. The car started and he could drive the
>10 km to the gas station and fill up.
>
>So what has this story to do with computers?
>
>It turned out that my friend had trusted the car computer which
>informed him something like "XXX km to next refueling", leading
>him to believe that he could actually get to town on the onboard
>fuel.I have no idea why the thing displayed the wrong message,
>the fuel level sensor might be proken or the remaining distance
>might have been computed based on invalid statistics, but my
>friend is not a n engineer, let a lone a computer programmer,
>so he trusted what the computer told him. And was caught
>completely by surprise when the car stopped.
>
>Why is this computer potentially lethal?
>
>My friend got away from this inciden whith no harm, as it
>was not very cold, some -2C to 0C. In three months that
>would have been a very different story. The place where the
>car broke down is 'weird' in that it is close to the coast but
>easily drop to -20C and below in winter, not counting wind-
>chill in near-gale-force winds which are common in the area
>in winter.
>
>Had the incident occured in mid-winter with an unprepared
>person (not bringing thermo suits or thermo blankets in the
>car), this computer glitch could easily turn very nasty.
>
>As far as I am concerned, the estimating-the-distance-left-
>to-refueling is a gadget is best left out, since the driver will
>handle the fuel in a different way, accounting for uncertainties,
>if he does *not* get (unreliable) info from the computer.
>
>In other words, this is a classic case of "no info is better
>than wrong info."
>
>Rune

While I sympathize with your friend I'll suggest a different point of
view.   We had a discussion here recently how people have given over
their risk/danger management skills to other "authority".   People
depend on signs, "authority" figures, or computer outputs to tell them
what to do.   I think that's a bad thing and people need to take more
responsibility for themselves.

Most automobiles have had fuel gauges for as long as I've been around,
and I think if someone in a hazardous environment ran a car down close
to E and it quit, people wouldn't have blamed the fuel gauge or the
car manufacturer, they'd have blamed the operator for running it so
close to E in a dangerous environment.  A lack of planning is not a
good excuse if the consequences of failure are high.   Everybody knows
(or should know) that automotive gauges aren't precision instruments.
I think your friend made a mistake in thinking that because a display
is digital then it must be accurate.   What gives one that notion?

I hope he uses the incident to learn (and tell his friends!) that the
gauge is only an estimate and isn't precise enough to trust one's life
with.

Eric Jacobsen
Minister of Algorithms
Abineau Communications
http://www.ericjacobsen.org

Blog: http://www.dsprelated.com/blogs-1/hf/Eric_Jacobsen.php