WEBVTT

00:00.000 --> 00:11.520
So, hi everyone, my name is Mia and I'm here to tell you something about the weirdest

00:11.520 --> 00:19.240
bugs in history, who knows what this thing is, raise your hand, 1, 2, 3, quite a few people.

00:19.240 --> 00:23.760
So the story starts in September 1999 at NASA Jet Propulsion Lab.

00:23.760 --> 00:28.400
So this is the Mars Climate Orbiter, which was one of the biggest projects of NASA.

00:28.400 --> 00:32.880
Now this thing basically, it's a robotic probe, it's about the size of a small car,

00:32.880 --> 00:38.840
and there are no astronauts on warm nothing, just a bunch of sensors and a bunch of electronics.

00:38.840 --> 00:42.560
And so it's something like a weather satellite for a Mars, so the idea was that it would

00:42.560 --> 00:47.160
cruise to Mars, get into the orbit and study the weather and climate there.

00:47.160 --> 00:51.960
The team had been working on this for many years, so this is a huge project, it was kind

00:51.960 --> 00:55.080
of a big deal, it cost millions of dollars.

00:55.080 --> 00:59.840
And after 10 months of just traveling through space, it was finally getting there.

00:59.840 --> 01:06.400
So this was the deployment there, and everyone was watching it live on TV, and what

01:06.400 --> 01:12.440
was supposed to happen is that the orbiter was supposed to enter orbit and then come

01:12.440 --> 01:16.240
behind the Mars and say, hey, I made it.

01:16.240 --> 01:22.280
And so people were waiting, everyone was watching it live on TV, and there was a silence.

01:22.280 --> 01:26.440
They were waiting for a few minutes, for a few hours, but there was nothing, there was absolutely

01:26.440 --> 01:28.040
no signal there.

01:28.040 --> 01:29.440
So what happened?

01:29.440 --> 01:34.320
At first, no one knew, they didn't get any signal, but they had no idea why.

01:34.320 --> 01:38.800
What was supposed to happen is that it was supposed to be around 110 kilometers from

01:38.800 --> 01:39.800
Mars.

01:39.800 --> 01:45.320
However, at some point, they realized that it was 57 kilometers from Mars, so that means

01:45.320 --> 01:51.040
that it was very close to it, and that altitude the Mars and atmosphere just tore it apart.

01:51.040 --> 01:55.920
So it probably broke into pieces or burned up, no one actually knows.

01:55.920 --> 01:57.960
So what happened here?

01:57.960 --> 02:01.440
What could have pushed it so far of the course?

02:01.440 --> 02:08.240
So the spacecraft was built by an external contractor, it was a team that built a spacecraft,

02:08.240 --> 02:11.640
and now it's the whole team that was operating it, right?

02:11.640 --> 02:13.800
So there were these two teams.

02:13.800 --> 02:18.160
And there was one piece of software that was calculating the force of thruster firing, and

02:18.160 --> 02:23.520
it was integrated with the navigation software that was used by the operation team.

02:23.520 --> 02:28.640
And they took the numbers afterwards to realize that it was happening, and all the numbers

02:28.640 --> 02:29.640
were right.

02:29.640 --> 02:36.640
But the meaning of them was off, it was off by a factor of 4.45, and then they realized

02:36.640 --> 02:38.760
where it was the problem.

02:38.760 --> 02:44.760
So the software that was outputting those values was using pound for seconds, which is basically

02:44.760 --> 02:47.120
the imperial measure of impulse.

02:47.120 --> 02:51.440
And the navigation software that was reading the same data was using Newton's seconds,

02:51.440 --> 02:52.440
which is metric.

02:52.440 --> 02:54.840
So basically, had two teams.

02:54.840 --> 02:57.280
One team was producing some data.

02:57.280 --> 03:01.440
The second team was reading the data, and they saw that they were using the same units

03:01.440 --> 03:02.440
but they weren't.

03:02.440 --> 03:06.280
And think about it, this is the project that was running for months, and for years, it was

03:06.280 --> 03:12.120
quite a big deal, and every time during the mission, when the orbit is small thrusters

03:12.200 --> 03:18.600
far to adjust its course, basically, the data was misinterpreted.

03:18.600 --> 03:23.880
So you might be wondering, how is it possible, and this is such a stupid error?

03:23.880 --> 03:29.280
Well, this is most a communication failure, because NASA's team just assumed that everything

03:29.280 --> 03:33.960
was in metric, they never actually checked it, and they didn't have any tests, they just

03:33.960 --> 03:37.880
assumed it's metric, because while we use metrics, so why not?

03:37.880 --> 03:44.200
And the worst part of it is that actually, some people at NASA, from some inconsistencies

03:44.200 --> 03:45.880
weeks before the failure.

03:45.880 --> 03:50.640
So they reported to the management, but management said, now that could not happen, it's

03:50.640 --> 03:51.640
impossible.

03:51.640 --> 03:56.240
And so yeah, this is what happened afterwards.

03:56.240 --> 04:00.680
Speaking of single mistakes that caused worldwide destruction, and I think this, you're

04:00.680 --> 04:03.640
a developer at Google one day, you push a comment.

04:03.640 --> 04:09.360
It's a very small change, and what happens next?

04:09.360 --> 04:14.560
Every website in Google is marked as dangerous, including Google itself.

04:14.560 --> 04:21.800
So this is exactly what happened in 2002 when a Google engineer made one tiny typo.

04:21.800 --> 04:27.080
So for 14 minutes, every Google search said, this side, my hardware computer, and even

04:27.080 --> 04:28.480
Gmail was affected.

04:28.480 --> 04:33.760
Email started going to say, to scam spam, and the best part is there's only one service

04:33.760 --> 04:36.760
that wasn't affected, which is the ads.

04:36.760 --> 04:41.360
And they're now up here in random, here in my slides too, because the ads are everywhere

04:41.360 --> 04:43.760
and un-destroyable.

04:43.760 --> 04:49.160
You might be wondering why I know the ads, I have no idea, I guess ads always work.

04:49.160 --> 04:50.480
So what went wrong?

04:50.480 --> 04:54.280
Well, one of the engineers, while updating the malware registry, which is basically just

04:54.280 --> 04:59.880
a list of dangerous websites, and instead of entering a specific URL, they accidentally

04:59.880 --> 05:05.320
added just one character, which is a forward slash, and in technical terms, this means

05:05.320 --> 05:06.320
everything.

05:06.320 --> 05:09.800
So you might be wondering, did they have tests?

05:09.800 --> 05:11.600
Well, they didn't.

05:11.600 --> 05:17.840
That's not every bug, it's fixing, and some bugs are so iconic that they actually never

05:17.840 --> 05:18.840
get fixed.

05:18.840 --> 05:20.840
Who knows a game civilization?

05:20.840 --> 05:23.400
Oh, go ahead, a lot of people.

05:23.480 --> 05:28.280
So it's a strategy game where you build and grow civilization in your competing against

05:28.280 --> 05:33.280
historical leaders like Napalau and Cleopatra or Jinguis Khan.

05:33.280 --> 05:34.640
And then there's Gandhi.

05:34.640 --> 05:40.440
It's a leader known for peace, for diplomacy, and at first, everything seemed normal, Gandhi

05:40.440 --> 05:45.040
preferred negotiations over war just as you would expect.

05:45.040 --> 05:49.520
But a players' progress or the game, and civilizations became more advanced, they actually

05:49.520 --> 05:51.960
started noticing something strange.

05:51.960 --> 05:58.360
The moment Gandhi unlocked atomic technology, he started dropping nukes of everyone.

05:58.360 --> 06:00.840
So why did this happen?

06:00.840 --> 06:06.160
Well, popular story says that developers gave Gandhi the lowest aggression rating, because

06:06.160 --> 06:12.080
he was the most peaceful development right, and later in the game, when all civilizations

06:12.080 --> 06:17.000
became more peaceful, the game automatically lowered all aggression scores.

06:17.000 --> 06:20.720
So because his score was one, when it lowered, it became minus one, which is basically

06:20.720 --> 06:24.040
in binary, the highest possible number.

06:24.040 --> 06:26.480
And now here comes the plot twist, actually.

06:26.480 --> 06:29.120
So many people know this story.

06:29.120 --> 06:32.000
And actually, it's not true.

06:32.000 --> 06:35.280
How this started is that it started at Reddit.

06:35.280 --> 06:36.840
Someone made a joke about it.

06:36.840 --> 06:39.240
Hey, Gandhi is throwing nukes.

06:39.240 --> 06:43.680
And game developers thought, well, actually, this is a really good joke.

06:43.680 --> 06:47.720
People are tweeting about it, I guess there was no Twitter back then, but whatever was

06:47.720 --> 06:48.720
there.

06:48.720 --> 06:54.000
They said, let's maybe write the way, let's use it, so let's introduce the bug.

06:54.000 --> 06:59.920
So because people are making jokes, and ready, they introduced the bug, and so that's

06:59.920 --> 07:06.840
how a myth became a joke, and it never got fixed.

07:06.840 --> 07:12.160
And to be nice, I knew employee had some micro-sistered California cap mysteriously disappearing

07:12.160 --> 07:13.960
from the database.

07:13.960 --> 07:18.640
People started investigating what's wrong with the database, with the application software,

07:18.640 --> 07:21.680
used to realize that the system wasn't with the software.

07:21.680 --> 07:23.080
It was with his name.

07:23.080 --> 07:25.920
His name was Steve Null.

07:25.920 --> 07:31.200
And in terms of the bug in the 80s, lots of systems didn't know how to parse the string

07:31.200 --> 07:32.200
null properly.

07:32.200 --> 07:37.160
Of course, the director reproduced it in postgres, this was the first thing I did.

07:37.160 --> 07:38.880
And it worked fine.

07:38.880 --> 07:43.720
However, you can find still bugs like this in various super-all systems, for example, I found

07:43.720 --> 07:50.480
an open issue in Apache Flex, which has been open for like 15 years.

07:50.480 --> 07:53.280
And we all know this urban legend.

07:53.280 --> 07:58.120
I have absolutely no idea if this is true if anyone else please tell me.

07:58.120 --> 08:03.640
So this is a person who changed their license plate to drop database to attempt and SQL injection

08:03.640 --> 08:05.280
attack.

08:05.280 --> 08:11.080
And speaking of SQL injection attacks, it cannot mention this comic.

08:11.120 --> 08:12.560
Hi, this is your son's school.

08:12.560 --> 08:14.520
We are having some computer trouble.

08:14.520 --> 08:16.400
Oh dear, did he break something?

08:16.400 --> 08:20.520
In a way, did you really name your son, Robert, job table students?

08:20.520 --> 08:23.320
Oh yes, little bobby tables, we call him.

08:23.320 --> 08:25.720
Well, we've lost the CS students records.

08:25.720 --> 08:27.000
I hope you're happy.

08:27.000 --> 08:31.320
And I hope you've learned to sanitize your database inputs.

08:31.320 --> 08:35.720
And sometimes it's not a problem just with SQL injection attacks, but it's a problem

08:35.720 --> 08:41.040
with lots of data that is testing data or looks like testing data, but it's not.

08:41.280 --> 08:45.200
So there are lots of systems that just remove data that was

08:45.200 --> 08:51.600
testing data, for example, everything was which starts with test, which starts with ABCDE.

08:51.600 --> 08:59.080
And if you're now thinking, well, ABCDE isn't that like testing data, well, actually I have some news for you.

08:59.080 --> 09:07.120
Between 1990 and 2020, over 300 babies in the US have been called ABCDE.

09:08.080 --> 09:12.240
I can imagine how well it goes and holds itself for.

09:13.200 --> 09:18.640
For a long time, we thought that the most expensive book ever was a Codex Eye Sister.

09:18.640 --> 09:22.720
This was a book written by Leonardo da Vinci in the 16th century.

09:22.720 --> 09:28.560
And it was later bought by Bill Gates for 30.8 million in 1994.

09:28.560 --> 09:32.960
So this was a book filled with the thoughts of one of history's greatest minds,

09:32.960 --> 09:37.920
hundred and pages of scientific observations and ideas that were centuries ahead of our time.

09:38.800 --> 09:46.080
So what kind of book would have to be to be that record like some rare manuscript or some historical book?

09:46.080 --> 09:53.520
Well, actually in the 20th century, I book appeared in Amazon, which with a price tag of 23.7 million.

09:54.320 --> 09:56.160
So you might be wondering what kind of book it is?

09:56.880 --> 10:00.160
Well, it was a book about the genetic development of slice.

10:00.880 --> 10:03.360
And just like the cover, it's bug two.

10:04.800 --> 10:13.040
So how did it happen? So on Amazon, there are third-party sellers and they can set their pricing rules,

10:13.040 --> 10:20.400
based on competitors. So for example, you can have a rule always be 0.07% cheaper than the next lowest price,

10:20.400 --> 10:25.760
or always be 27% more expensive than the lowest option. And you have lots of people there,

10:25.760 --> 10:30.640
it was fine because they sort of balance each other. However, the problem here was that there were

10:30.640 --> 10:36.880
only two sellers. So what happened is that those got stuck in a loop. So every time the algorithm ran,

10:36.880 --> 10:44.160
one went up, the second one went up. And again, again, until the book was listed for 23.7 million.

10:44.160 --> 10:49.920
And as soon as people noticed, the problem was fixed and price dropped back to normal.

10:50.560 --> 10:57.680
Our field can sometimes be mysterious to outsiders. When WhatsApp said the maximum number of people in

10:57.680 --> 11:05.360
a group chat, the independent reported it with a comment, WhatsApp increases group chat size limit to 256 people.

11:05.360 --> 11:09.360
It's not clear why WhatsApp set it on such an oddly specific number.

11:11.600 --> 11:18.240
And speaking of 256, did you know that trains in Switzerland weren't allowed to have 256

11:18.240 --> 11:22.400
axles? Axles is this thing, so basically, which connects the wheels.

11:28.640 --> 11:34.480
So to keep track of trains on the Swiss rail network, they place the textures along the rails.

11:34.480 --> 11:38.640
And these sensors will activate with a wheel pass over then and count the number of wheels.

11:38.640 --> 11:45.200
So these detectors stored the axle count in a 8-bit number. So of course, when the count reaches

11:45.200 --> 11:51.040
255, if you add one more, it draws it to zero, which basically means that the train is the

11:51.040 --> 11:57.200
Phantom train. And if you check Swiss Railway Regulation, you will find a section which states exactly

11:57.200 --> 12:03.360
that the total number of axles in the train must not equal to 156. This is actual.

12:04.320 --> 12:08.720
Sometimes it's hard to say what is the button, but it's a feature. Take X of, for example,

12:08.720 --> 12:16.000
all of us use it. In 2016, researchers in Melbourne analyzed 18 genum research journals in

12:16.000 --> 12:21.840
founded 19.6 of gene studies contained errors. Well, did you know there are genes that are called

12:21.840 --> 12:27.280
March 5 or September 15? Excellent, of course. It ought to correct them to date.

12:28.080 --> 12:34.320
And also around 90% of business spreadsheets contain errors, says the European spreadsheet risks

12:34.400 --> 12:39.840
interest group. Yes, there is a non-profit in Europe that analyzes errors in spreadsheets.

12:41.120 --> 12:45.600
There is a story about JP Morgan, who you spreadsheet to calculate risk. There is something

12:45.600 --> 12:50.000
called value at risk, which means what's the most money we could lose in a single day with 95%

12:50.000 --> 12:55.760
certainty. And you can have the glow, which means you can take higher risk or you can have a high

12:55.760 --> 13:01.760
meaning that the risk should be low. And there's one specific calculation that was done in a series

13:01.760 --> 13:08.000
of spreadsheets. And those spreadsheets had some math errors. And there was another control group

13:08.000 --> 13:12.880
that was making sure that the spreadsheets are correct. And there also had errors.

13:14.160 --> 13:19.680
And what happened is actually that it got so bad that what employees started their own unofficial

13:19.680 --> 13:24.400
spreadsheet just to track it because all of them were full of bugs. And by the time they called

13:24.400 --> 13:29.520
the mistake, it was too late. And they published a report that says, after subtracting the

13:29.600 --> 13:33.360
all rates from the new rate, the spreadsheet divided their sum instead of their average.

13:33.360 --> 13:38.320
This error mutates vulnerability by a factor of two and lower the value at risk. What does it mean

13:38.320 --> 13:44.400
that the super complicated, but what does it mean is that JP Morgan lost six billion of dollars

13:44.400 --> 13:49.360
just because someone added two numbers instead of average them in a spreadsheet.

13:51.520 --> 13:56.720
And sometimes, about doesn't cause a disaster, sometimes it just deletes your whole operating

13:56.720 --> 14:02.720
system. Bumblebee was a project designated to enable and video dual GPU support and linked

14:02.720 --> 14:09.040
up laptops, allowing users to off-log graphics rendering to the discrete GPU. Everything was

14:09.040 --> 14:15.760
working fine until one update in 2011. A user created a GitHub issue with a rather urgent

14:15.760 --> 14:24.080
message. Install script does RMRF user for Ubuntu. So basically what happened is that they wanted

14:24.080 --> 14:30.560
to delete some specific folder called XORG. But instead of there was an empty space after

14:30.560 --> 14:36.560
users, so that means it's just wiped out the core of the operating system. And the

14:36.560 --> 14:42.400
author quickly pushed a fix with the comment message, giant bug closing user to be deleted.

14:42.400 --> 14:48.560
So sorry. And of course, this being of insert the community did not hold back in the

14:48.560 --> 14:56.880
comment section. So you could find 884 comments on the comment. How can you complain about

14:56.880 --> 15:04.480
bugs, Mr. Anderson, when you have no operating system? Bleeding Edge really bleeding for someone

15:04.480 --> 15:15.120
now. Now I'm a lack of disk space now. I don't like the folder anyway. I'm here by

15:15.120 --> 15:17.120
it's thank you for your attention.