Crashing an In-Flight Entertainment System

rabblerouzer writes "Hugh Thompson, who was interviewed by Slashdot on the dangers of e-voting, now has a cool blog entry on how he was able to bring down the gaming/movie console on an airplane. He calls it one of the most interesting examples of a software 'abuse case' he has ever seen." Fortunately the IFE system is totally disjoint from the avionics.

Looks like the airline got their own back.

[LighterShadeOfBlack]

TFA:

Unable to connect to database server

Slashdotted Already

[quanticle]

No replies and its already Slashdotted. And I thought nobody RTFAs.

Re:

[Anonymous Coward]

Ooh... so close. There are people that read slashdot articles. There are also people that post to slashdot discussions. I'll simply leave it as an exercise to the reader to figure out what the intersection of those two groups is.

But seriously, those who generally read the article have less of a chance of getting a post higher up in the discussion that those who just jump in (Whether they jump in due to a high level of comfort in the subject, or sheer bravado.) This means that people who post early ar

Profit?

[delirium of disorder]

0. Install wireless NIC to In-Flight Entertainment System
1. Connect to wireless WAN and Internet
2. Install web server and post link to slashdot
3. Short sell airline stock
4. ???
5. Profit!

Re:Profit?

[Burning1]

Holy crapshit. I think you've found the missing "???."

1. Steal underpants.
2. Short sell fruit of the loom stock.
3. Profit!

Long?

[LFS.Morpheus]

Wouldn't you want to buy Fruit of the Loom, since the victims will have to buy new underpants?

Re:

[c_forq]

Wouldn't it be the opposite? I think that the correct choice would be to buy stock, at least I hope people would buy new underwear instead of abandoning the idea.

I once crashed a bowling alley....

[eggoeater]

No kidding... It was in the late 80s on a new electronic scoring system they had just installed.
I made a trivial and totally unintentional mistake in the set-up (punching in
number of players, their names, etc) and it brought down the whole system.

Re:I once crashed a bowling alley....

[innocent_white_lamb]

The bowling alley here runs their scoring systems on Amigas. No kidding. The guy who runs the place has a stack of them in the back room for spare parts. I have no idea what he will do when he runs out of spares...

Re:

[zCyl]

The bowling alley here runs their scoring systems on Amigas. No kidding. The guy who runs the place has a stack of them in the back room for spare parts. I have no idea what he will do when he runs out of spares...

Go on strike?

Re:

[hoggoth]

> The bowling alley...
> ...runs out of spares

+1 unintentionally funny

Probably redundant by now, but...

[EvanED]

Hugh Thompson, who was interviewed by Slashdot on the dangers of e-voting, now has a cool blog entry on how he was able to bring down the gaming/movie console on an airplane

What, did they link /. to it?

Go look up "fortune" or something

[Dun Malg]

Fortunately the IFE system is totally disjoint from the avionics

"Fortunately"? Hardly has anything to do with fortune. See, they made it separate on purpose. Might as well have said "fortunately the IFE system isn't connected to the pilot's brain" or "fortunately the IFE system isn't connected to the oxygen in the cabin", for all the fucking sense it makes.

Re:

[honkycat]

Umm, I'm as big a fan of linguistic pedantry as anyone, but according to the OED:

fortunately, adv., In a fortunate manner; by or with good fortune, happily, luckily, successfully.

It certainly was good fortune for the passengers that it was separate. It's not that way by happenstance, but it's still fortunate. I think the word you want to get all huffy about is fortuitous.

fortuitous, a., That happens or is produced by fortune or chance; accidental, casual.

Re:

[SirTalon42]

As a previous poster higher up in the article mentioned, the entertainment system on a flight DID cause it to catch on fire, apparently each seat had its own system and it overheated and caused some issue with critical wires. It is still fortunate for the passengers that the system on their plane didn't have any flaws like that which COULD take down the flight.

Face it, you failed as a grammar nazi (but now you get a second chance to redeem yourself by correcting my mistakes in grammar ;-)

The word wasn't "fortune"

[Foerstner]

The word wasn't "fortune," though. It was "fortunately." Unlike "fortune," "fortunately" does not imply that luck was involved. It simply means that it was a beneficial arrangement. The sentence in the summary does not imply, in any way, that mere luck is responsible for the arrangement of the avionics and entertainment systems. You invented that ridiculousness on your own. "Fortunately" is derived from "fortune," but that does not mean that they carry the same meaning, as any dictionary will tell you.

Another example...if I give you "a murderous look" it does not mean (or even imply) that I killed you, attempted to kill you, or even contemplated a violent act toward you. "Murder" and "murderous" are not as close in definition as they are in derivation.

Re:Go look up "fortune" or something

[radtea]

There is no reasonable scenario which would ever put the IFE system in a position to affect the avionics

You are committing the logical fallacy of "Argumentum ad Stultum": argument from stupidity.

Arguments that commit this fallacy have the form:

It would be stupid to do X
No one would ever do anything stupid
------------
Therefore no one would ever do X

The second premise is so obviously false it hardly needs mention.

So, simply because there is no reasonable scenario that would put the IFE system in a position of affecting the avionics does not mean there is no probable scenario in which this could occur. It requires good engineering, good management and yes, good luck, to ensure independence. Every engineer knows that we must try to eliminate luck from the process and must never, ever rely on it, but also that it will always be a factor.

One obvious way in which the IFE could affect the avionics is via coupled grounds. Grounding in aircraft is never simple, and maintaining fully independent power supplies has been a challenge for IFE and avionics engineers. IIRC the 777 was delayed for a while due to the need to do some redesign on the power systems to ensure independence was retained. In any system so complex there will always be an element of luck, despite the engineer's best efforts.

Re:

[idonthack]

Obviously you've never worked with people that write software.

Not a big surprise

[alshithead]

This is a system someone thought would not be attacked. Someone was obviously wrong. All systems need to be considered as targets and protected as best they can. There is always a trade off of security versus accessibility but I don't see that as the problem in this case. They went cheap, quick, and dirty and put a system into place where security was a minor concern at best.
 

Re:Not a big surprise

[Detritus]

It doesn't have to be an "attack", it can be something as simple as a stuck switch or a book placed on top of a keyboard. On an airplane, you have to consider the two-year-old who wants to play with the pretty buttons.

Re:

[1u3hr]

All systems need to be considered as targets and protected as best they can.

Why bother spending time and money protecting a Tetris system? In TFA, it failed, they reboot, it works. Sorry if you lose your high-score.

TFA?

[Pikoro]

Wow, 5 entire copies of TFA in the comments so far... Do you people not browse the comments before you post?

Carefull, this may encourage people to actually RTFA...

Re:

[Barny]

If their post of the article is modded up funny it would be considered parody though :P

Hm.

[JoshJ]

I'm not so sure I'd want to put my name out there as "the guy who brought down the computers on a plane". He'll be lucky not to land on the no-fly list, I think.

Re:

[f00Dave]

I'm not so sure I'd want to put my name out there as "the guy who brought down the computers on a plane". He'll be lucky not to land on the no-fly list, I think.

Not anymore ... thank you, Slashdot, for the alt-press exposure! -grin-

Re:Hm.

[evilviper]

I'm not so sure I'd want to put my name out there as "the guy who brought down the computers on a plane"

A sad commentary on the state of freedom in this country.

Re:

[cheezedawg]

A sad commentary on the state of freedom in this country.

It is absurd to treat the parent's post as anything other than the anonymous and hyperbolic ramblings that they are. The post is not a commentary on anything (well, a meaningful commentary at least).

Re:

[springbox]

Well, I think that's a really sad idea. I noticed people in the article's comments were basically saying the same thing, as if he reached into the system and altered the code to do something bad. He crashed a non-critical system that was either poorly written or poorly tested using the expected input devices. Just goes to show how paranoid some people have become.

intent...

[Animaether]

sure, it wasn't critical - and I'd hate to have him get on a no-fly list or get fined or be banned from that airline.. or whatever.

But this isn't just some kid accidentally hitting that remote, changing things to 5, then playing.. or then realizing they can hit up a few more times.. and then playing.

This guy actually knew, in his mind, what was going on.. Not only that... at the point where things would go wrong, he actually paused, sat back, made the change that might make things go wrong and enjoyed the h

As a side note...

[Rackemup]

On a recent Air Canada flight the flight attendant actually came on the PA to tell everyone that the in-flight entertainment system was being turned on for our use. She then proceeded to tell us to be sure we didn't push 4 of the buttons on the main screen or else the screen at your seat would crash and they would be unable to fix it in flight. I thought it strange that a computer entertainment system installed in an aircraft would be a "work in progress" instead of just installing a full-functional system. Among the buttons we were not to touch? Weather and Flight tracking...of course.

Yeah tell me about it ....

[taniwha]

I fly across the pacific a few times every year and they always warn people to take it easy and be patient with the IFE "or it will crash" - which is certainly true - without trying I managed to spend 10 hours staring at a Windows CE "some thing bad happened" dialog box .... couldn't even turn the damn thing off when I wanted to sleep

Re:

[mspohr]

Last week I flew from SFO to Frankfurt on Lufthansa. Halfway through the 12 hour flight the entire entertainment system crashed and had to be reset... Imagine my surprise to see the Windows CE boot sequence on my screen...

I can't believe that people in the real world build systems based on such a piece of crap.

Re:

[slacktide]

I wholeheartedly agree. You may find this picture relevant to your interests, I took it on Dec. 26 2006, onboard a Delta Airlines flight from New York to Seattle.

http://i12.tinypic.com/2j17rc4.jpg [tinypic.com]

The IFE had to be rebooted 3 or 4 times during a 5 hour flight, some people's screens never worked at all. Luckly I caught a snapshot of the offensive software's startup screen.

Re:

[Bob54321]

I may have been hallucinating (I don't like flying a consequently drink lots...) but I'm sure the Qantas IFE runs on Linux.

Re:

[atomicstrawberry]

Maybe the Air Canada aircraft I flew on last time were the exception rather than the rule, but I'm not at all surprised to hear something like this. They were clearly in drastic need of some upgrades. I just hope that they were skimping on maintaining the unimportant systems in order to afford to maintain the critical systems.

Torture!

[MWoody]

Wait wait wait, so let me get this straight: you have to sit in that seat and stare at the 4 buttons they specifically told you not to push? For hours on end? That is my own vision of a personal hell.

Re:

[Don_dumb]

She then proceeded to tell us to be sure we didn't push 4 of the buttons on the main screen or else the screen at your seat would crash and they would be unable to fix it in flight.

So what did happen when you pressed the buttons?

Bug in the article too!

[mr_zorg]

0 I think the author meant 0 < value <= 5 instead. If it was truely as written, it should accept any number, since that basically means 0 (value = 5) and 0 is always 5...

Re:

[mr_zorg]

Ack, perhaps the author did exactly what I just did. Forgot to escape his < symbols... What I meant to say was:

0 < value = 5

I think the author meant 0 < value <= 5 instead. If it was truely as written, it should accept any number, since that basically means 0 < (value = 5) and 0 is always < 5...

Shoulda hit "preview". Doh.

That's suboptimal.

[jd]

Since the number has to be between 1 and 4, you can do one of:

• value = (value % 5)
• value = (((value - 1) & 3) + 1)

But, if you want to confuse them, use:

value = ((12 >> value) & 3)

as this gives you greycodes.

Okay

[Mathness]

Okay, who entered the number 5 and kept pushing +? Congratulation, you just crashed the server.

Some of these systems run Linux, and how I got bla

[Samarian Hillbilly]

I was coming back from a conference wearing a hat with a promenent penguin on it, when our in-flight system crashed. As it was re-booting it was obvious to some of the more tech-minded passengers that it was running through the Linux boot sequence. I started hearing calls of "lynch the guy with the penguin hat", from the seats behind me...

You can tell it's Linux when it crashes.

[VirtualSquid]

I suspect it might be fairly common for seat-back computers to crash?
I don't know enough about Linux to understand what it said on my screen when it was trying (and failing) to boot back up again:
http://washedashore.com/misc/inflight_error.jpg [washedashore.com]
(This was April 23, 2005, on a flight from Bucuresti Romania to NYC.)
-Ben

Re:You can tell it's Linux when it crashes.

[iabervon]

Looks like the terminal was doing fine, but the server was down so it didn't have anything to run.

Re:

[greyc]

The output is pretty clearly that of a shell script being executed with 'set -x'. There's quite a bit of debug output there; aside from that, it seems to be doing little aside from setting a few environmental variables.

The ldd call would make sense for debug output, but interestingly it doesn't print anything like what ldd would. In fact, it likely isn't the usual ldd(1) [tin.org], but another binary that happens to have the same name; especially since the debug output stops there, suggesting that it didn't return a

Abuse case

[tcdk]

He calls it one of the most interesting examples of a software 'abuse case' he has ever seen.

He doesn't get out much.... oh, on a plane?

I think it's more of a case of bad quality control. If the testing environment of the developers had contained a single "lets throw an exception" or maybe a "lets try to lock up a process at 100%" test, they would have see that they needed to at a bit of exception handling (in the first case).

But writing good test cases can be hard.

Anyway. I've seen code like this tons of times. Some people apparently have issues with (how hard can it be), so they use equal instead, but one day, the step value is changed from 1 to 2 (make it go directly from 99 to 101), or some routine fails and returns a default value of -1. And suddenly the code is in the twilight zone.

Anyway^2, I actually did find this rather un-interesting.

Re:

[iamacat]

Some people apparently have issues with (how hard can it be)

Very hard, apparently.

Way too much effort

[plsuh]

Deliberately crashing the IFE system is no great accomplishment. At least some of the darn things crash themselves just fine with no abuse. I was on a Virgin Atlantic flight from Washington, DC to London a couple of years ago, and the IFE systems would crash on a regular basis by groups of four seats. You could be blissfully watching a movie and then poof, everything goes dark. The flight attendant would reset the system and then sometimes it would come back up and other times it would just sit there at a dark screen. Uptimes varied from 10 minutes to a couple of hours. Very, very frustrating, both for the kids trying to play but getting frustrated and cranky and for the parents trying to keep their sanity during an eight hour flight.

--Paul

Re:

[Animats]

Virgin Atlantic flight ... to London a couple of years ago

What, that low-end system with an Nintendo NES emulator and an analog TV tuner, run from an under-the-seat box that cuts into legroom?

cookie monster

[Tablizer]

"Today, Sesame Street was brought down by the number 5"

Not connected to the avionics system....

[stox]

but it is connected to the sewage control system. Now we know the mysterious source of ice falling from the skies lately. Could it be?

TSA

[sidb]

Who let that guy onto the plane with a brain over 3 ounces? Don't they know that thing is a deadly weapon? Heads are going to roll.

Similar Crash

[Roger W Moore]

Several years ago I managed to crash an in flight entertainment system on a united flight completely inadvertently. The system in question required only had a few games for free with the rest costing money to unlock. Since I objected to having to pay for the games I restricted myself to the free games until suddenly in the middle of a game of pong it got more and more sluggish until the screen freezes, goes black and the system reset itself. I went back into pong, cranked up the number of balls to the max allowed (4 IIRC) and noticed that now it would crash within a minute or two.

Playing around (there really was nothing better to do) I found that quickly wiggling the bat around with 4 balls on the screen would crash the system. After about the 4th or 5th crash the system came back up but this time with all the games enabled! After that I was careful not to crash the system but still about 30 minutes from landing it crashed again and came back up with only the free games.

I wondered at the time how such an easily triggered failure could have been overlooked. Unlike the article my crash only affected my screen...but at least there was some beneficial affect!

Re:Similar Crash

[Marcos Eliziario]

Bad Man, Bad!
Now wait for the folks from IFEAA (IFE Association of America) to send their lawyers at you branding copies of the DMCA and calling you a pirate.

The Airline and Aircraft

[Spritzer]

Based on the description of the IFE system and having recently flown and played a version of Tetris which fits his description ..... Delta 767 I'll see if I can confirm the hack without the crash (I guess I'm just too nice) next week.

Peanuts.....

[Taulin]

This would be all true and believable if it weren't for the fact that airlines stopped serving peanuts on flights a few years ago due to allergy complaints. If you have had peanuts served to you lately, let me know what airline it was because I miss them!

Red Hat and Delta

[Johnny Mnemonic]

I flew Delta today, and they rebooted their IFE to try and address an issue. I thought it was pretty interesting when I saw the familiar linux boot messages appear, and indeed it was Red Hat--complete with Tux icon. I hadn't heard of Delta's use of Linux, and if it wasn't for the reboot you would never have know--who knows where Linux is in use by the masses, and don't realize how important it is becoming to them?

Unfortunately, the reboot didn't fix the issue. ;(

Level of Safety

[s31523]

The entire plane entertainment system goes down (and thankfully the cascading system failure didn't spill over to the plane navigation system)!

There was/is no danger of this happening. I develop software for major airline Flight Management Systems (FMS) and the entertainment system is physically separated from the FMS as well as other "flight critical" systems. Also, Software on an aircraft needs to be developed according to the guidelines of RTCA's DO-178B, which classifies the fallout of software into "levels". The most critical, Level A, like autopilot and flight controls requires very stringent evidence of verification. The least critical, Level E, requires basically no verification or documentation whatsoever, and this is what entertainment systems are developed under.

There was a case in the early days when in-flight entertainment systems were first put on planes where a short in the video system crashed other critical computer components due to the entertainment system and flight system being on the same electrical bus. This obviously caused changes to the rules, so now everything is separated.

Re:

[icepick72]

Okay, I followed these instructions. Now what?

Re:

[f_raze13]

The real title: How to crash a personal blog Summary: Post a link to it on /.

Re:Slashdotted already?

[linuxmop]

So an article about hacking into insecure software is hosted on a site that displays information about its internals whenever there's high load... Fantastic.

Mirrordot to the rescue

[idonthack]

http://mirrordot.org/stories/78b27588587fb8b086acd 346451d845a/index.html [mirrordot.org]

Re:

[Bob54321]

This was the case about 1 hour before it actually appeared on Slashdot. I was voting in the Firehose section and could not read the article.

Re:Err

[iluvcapra]

Well, gee. I hope that that little map of the Atlantic Ocean with my plane superimposed on it only has read privileges on /dev/autopilot :).

Re:Err

[Harmonious Botch]

Well, gee. I hope that that little map of the Atlantic Ocean with my plane superimposed on it only has read privileges on /dev/autopilot :).

Load a copy of flight simulator, and find out for sure.

Re:

[iamacat]

movingmap is not a device, at most it would be a UNIX domain socket if it's implemented as a daemon.

Re:Err

[dxlts]

No offense, but I don't think avionics are your run of the mill programmers

I assume you meant "avionics programmers" aren't run of the mill. I hate to burst your bubble, but for the most part that's not true. I've been a programmer in the aerospace industry for 10 years. Seven of those years were at Boeing, doing (among other things) avionics programming. Unfortunately, from what I saw, avionics programmers for the most part are no smarter than your average programmer. There are a handful of really smart guys who do all the really hard (and high risk) parts of the code, and the remaining 99% of the programmers do the kind of simple, tedious code that you could (almost) train monkeys to do. Not surprisingly, most of them really aren't all that smart. I understand how you might have that misconception though. I used to have that misconception too. I remember when I got my first aerospace job, and I was really intimidated by the fact that I was going to be working with the "big dogs", the hardcore programmers who all had 180 IQ's, etc. I also remember the total shock and disappointment when it turned out to be just the opposite.

Re:

[evilviper]

I assume you meant "avionics programmers" aren't run of the mill. I hate to burst your bubble, but for the most part that's not true. I've been a programmer in the aerospace industry for 10 years.

Ergo, true, ipso facto. Q.E.D.

Well done.

Re:Err

[Bronster]

Well, in your case it's obviously not even an 081 IQ or you would have mastered simple string reversal...

Re:Err

[ikkonoishi]

20.

Since 100 is an average IQ then the opposite of a number 80 points above average would be a number 80 points below average.

Re:

[reezle]

Wouldn't IQ 200 be Twice as smart as average, IQ 50 be half as smart as average?
Then the opposite of 180 would be appx 55-60...?

Re:

[Mycroft_VIII]

Nope, IQ is not a linear measurement (usually).
There are quite a few IQ tests and they are usually structured so that the majority of people fall right around 100 with a max possible score of 200.
    IIRC, over 80% of all people fall in the 10 point range around 100 (or maybe it was with 10 points of 100).
      A 150+ on most tests is in the upper 2% of the population.

Mycroft

Re:Err

[Dhalka226]

IQ scores are a standard distribution with a standard deviation of 10 and a mean of 100. Therefore,

IQs +/- 1 standard deviation from the mean, that is, 90-110, account for approximately 68% of all scores.

The 80-120 range will account for roughly 95% of the scores.

And 70-130 will include over 99%.

Obviously, an IQ of 180 is astoundingly high. An IQ of 55-60 is, I believe, in the mentally retarded range. Since there's not really a good way to quantify "half as smart" and "twice as smart," you could consider that accurate if you wanted, I suppose. Personally, when I think of somebody who is "half as smart as average," I don't think it's that bad.

From Wikipedia: [wikipedia.org]

* mild mental disability: IQ 50-55 to 70; children require mild support; formally called "Educable Mentally Retarded".

* moderate disability: IQ 35-40 to 50-55; children require moderate supervision and assistance; formally called "Trainable Mentally Retarded".

* severe mental disability: IQ 20-25 to 35-40; can be taught basic life skills and simple tasks with supervision.

* profound mental disability: IQ below 20-25; usually caused by a neurological condition; require constant care.

There are also a bunch of debates as to bias and whether IQs really measure anything worthwhile which I'm sure you can find on the same Wikipedia page if you're interested.

Re:Err

[Anonymous Coward]

You forgot one more category

IQ 70-85 - idiot that will buy what advertisers tell them to buy. #1 buyer of 4WD SUV's because they believe they will be safer. Believe that they really are the center of the universe. Prime candidates for Middle managenent, Sales and Marketing departments.

Re:

[dr_canak]

Actually,

per the WAIS-III manual sitting in front of me, the std. dev is 15, not 10. Therefore, 85-115 is +/- 1 s.d. from the mean of 100. But your point is still accurate that a an IQ of 185 is astoundingly high. Mental retardation is -2 s.d.'s below average, which puts that at an I.Q. of =70. You also need significant adaptive impairment in at least two domains (e.g. communication, self care, interpersonal skills, etc...)

just my .02
jeff

Re:

[tezbobobo]

Except the IQ test is not an even distribution. I know it's meant to be but in real life test it is skewed. Take for example the number of people who can master 20, and then the number who can master 180.

Re:Err

[colfer]

SwissAir 111 went down because the in-flight entertainment & gambling system had been rushed into service, and due to its design overheated and burned down the plane in-flight. This was its design: a separate computer for each seat. The computers (presumably single cards) were located in the ceiling near the front of the passenger compartment. So were the avionics wires. The entertainment/gambling devices overheated, caught fire and the plane crashed near Nova Scotia. Greed. SwissAir is no more.

Re:Err

[inviolet]

Interesting. I went to swissair111.org [swissair111.org] and read up on the incident. They are now reporting that "MICHAIL ITKIS, CEO OF INTERACTIVE FLIGHT TECHNOLOGY CHANGES NAME TO MIKE SNOW". So apparently we need an extra step in the old cliche:

1. Create fly-by-night company to produce in-flight entertainment systems.
2. Rush the product to market prematurely.
3. Organize an IPO.
4. Profit !!
5. Observe the product causing airplanes to crash and burn.
6. Change name and move away.

Re:

[Ours]

SwissAir is no more but not because of that crash.
It's no more because it was manages by a bunch of greedy, prentencious bastards that are currently in court to answer for their doings. At least one guy is going to jail for a couple of years.

Re:Err

[bigwave111]

Actually, no, it takes more inside information than that. My dad worked for Swissair for 30 years and its downfall was actually the acquisition of Sabena and the contractual agreement created in the acquisition. At the time, it was a solid investment, but as the overall financial state of Sabena fell apart, Swissair was legally obligated to have to try and save them, draining their resources. The in-flight entertainment was simply a last can of gasoline tossed on an intensely burning flame.

Re:Err

[Registered Coward v2]

SwissAir 111 went down because the in-flight entertainment & gambling system had been rushed into service, and due to its design overheated and burned down the plane in-flight. This was its design: a separate computer for each seat. The computers (presumably single cards) were located in the ceiling near the front of the passenger compartment. So were the avionics wires. The entertainment/gambling devices overheated, caught fire and the plane crashed near Nova Scotia.

Yes, the wiring insulation burned and brought down the plane. A friend's wife was on that plane, so I have an interest beyond the technical.

Another interesting event was the crash of an Airbus flight control system, resulting in an inflight rebooting message; the pilots flew on in manual.

Greed. SwissAir is no more.

Yes, but it was due to them overpaying their employees and not controlling other expenses as well - a problem many European state run airlines have. Look at Alitalia for example - they could lease planes with crews for less than it costs to fly their own. Europe's carriers are heading towards teh same consolidation and liquidation taht US ones have expereineced and only a handful will survive. I think BA Lufthansa and Air France will probably be the last standing.

Avionics programmers

[Okian Warrior]

Okay, I *am* an avionics programmer. Here's some background.

FAA regulations categorize software in 5 different levels of criticality, depending on how a failure of the software would affect the safety of the plane. Level "A" software is reserved for things like the "low fuel" alarm, which could potentially knock the plane out of the air on failure, to level "C" for things like the cabin pressurization system where the pilots can take emergency actions to compensate, to level "E" for things like the microwave in the kitchen.

(Beware: I gloss over a few details for clarity.)

The higher levels of software criticality have progressively higher levels of standards for testing. In the case of level-A software, each individual line of code must be examined for correctness in the context of the rest of the code. Each line of code must be executed as part of testing and actively shown to be correct, and each line of code must be individually code reviewed by another engineer.

At the higher levels of software, limit testing is required for all function arguments and if-statements. Multiple-clause if statements such as "if A and B but not C" must be tested for all combinations of the subject clauses, and so on.

In addition to this, all avionics software I've worked on makes a distinction between showing erroneous information and showing *no* information (or, working incorrectly versus not working at all). If the digital altimeter goes blank, the pilots will notice and can take corrective action. If the altimeter is reading the wrong information, then that's a critical failure which could cause an accident.

Thus, avionics software innards are heavily checked throughout execution to ensure proper operation, and any failure causes the system to immediately go offline. All function arguments are ASSERT'ed for correct range, all calculations are checked for range and accuracy, &c.

The entertainment system, and in particular a game within the entertainment system, is almost certainly a level-E software component, and so is not required to go through such rigorous testing. The hardware has to be shown to not interfere with the avionics and that's about it.

Re:Avionics programmers

[Voice of Meson]

Interesting stuff this critical code. When I started out as a grad at a large Aerospace company we were given shiploads of Flight Control Computer code to unit test for a new(ish) fighter aircraft. Most of the stuff we worked with was what you have described as 'Level A' code but I didn't really understand what it all meant at the time.

Anyway, the level of testing required was very, very high. I say that even though we were grads working on it, because it was not our choice what to test and what to leave, and they were done multiple times with different people, the the branches, lines run etc compared. It was the lowest level of the software tests and everything was in modules about 30 lines long that needed 100% coverage, every logical combination tested out etc. Plus the languages they used (ADA95, fortran(77?) and assembly) were cut down to remove anything too untestable. I think 'while' loops were out because, as opposed to 'for's, there is a chance of a infinite loop. That sort of stuff. Would be a nightmare to code in.

In not sure how other FCC's usually are, but interestingly this one had 4 CPU's with a fifth 'controlling' one or something and basically each calculation would be performed on all 4 then the results correlated and the majority answer taken. I guess to protect it from a freakish glitch or maybe some deliberate interferance? Not sure, but surely accurate.

Fly-By-Wire - It's not just the software that crashes.

Re:Avionics programmers

[unts]

From the mighty Wikipedia [wikipedia.org]:

The hardware of a typical autopilot is a set of five 80386 CPUs, each on its own printed circuit board. The 80386 is an inexpensive, well-tested design that can implement a true virtual computer. New versions are being implemented that are radiation-resistant and hardened for aerospace use, but this aged computer design is intentionally favored because it is inexpensive and its reliability and software behavior are well-characterized.

If it ain't broke...

Re:Err

[Anonymous Coward]

TFA

One of the most interesting examples of a software "abuse case" came to me rather abruptly on an airplane flight from Las Vegas to Orlando in mid 2005.

Each seat in the airplane had a small touch screen monitor built into the head rest of the chair in front, and on this particular airline, passengers could watch a variety of television channels and play a few simple games. One such game looked remarkably similar to the classic strategy game Tetris, where players use their skills to manipulate falling blocks on a screen to try and form horizontal lines. I'm a big fan of Tetris; for a few months in 1998 I was borderline obsessed with it. I would start looking at everyday objects and start mentally fitting them together with other tings in the room to form weird line configurations. One of the options on this particular airborne version of Tetris was to alter the number of blocks one could see in advance on the screen before they started falling.

To give myself the biggest advantage in the game, I pressed the + control as many times as it would allow and got to the maximum value of 4. I then put on my "bad guy" hat on and asked: How *else* can I change the value in this field? Near my armrest was a small phone console; you know, the one where you can make very important calls for a mere $22 per minute. I noticed that the phone had a numeric keypad and that it also controlled this television monitor embedded in the seat in front of me.

I then touched the screen in front of me to highlight the number "4" in the options configuration shown in Figure 1. I tried to enter the number 10 into that field through the phone keypad with no luck: it first changed to the number "1" followed by the number "0". Frustrated, I then made the assumption that it would only accept single digit values. My next test case was the number "8"; no luck there either, the number didn't change at all. I then tried the number 5: success! '5' is an interesting test case, it's a "boundary value" just beyond the maximum allowed value of the field which was '4'. A classic programming mistake is to be off by 1 when coding constraints. For example, the programmer may have intended to code the statements:

0 value 5

When what actually got coded was

0 value = 5

I now had the software exactly where I wanted it, in an unintended state; the illegal value 5 was now in my target field. I then turn my attention back to the screen and hit the + button which, to my complete surprise, incremented the value to 6! Again, an implementation problem, the increment constrain probably said something like "if value = 4 do not increment." In this case, the value wasn't 4 but 5 so it happily incremented it to 6! I then continue to increment the value by pressing the + button until I get to 127 and then I pause for a moment of reflection. 127 is a very special number; it is the upper bound of a 1 byte signed integer. Strange things can happen when we add 1 to this value, namely that 127 + 1 = -128! I considered this for a moment as I kicked back a small bag of peanuts and in the interest of science I boldly pressed the + button once more. Suddenly, the display now flashes -128 just for an instant and then poof...screen goes black.

Poof...screen of the person next to me goes black.

Screens in front of me and behind me go black.

The entire plane entertainment system goes down (and thankfully the cascading system failure didn't spill over to the plane navigation system)!

After a few minutes of mumbling from some of the passengers, a fairly emotionless flight attendant reset the system and all was well. I landed with a new-found respect for the game of Tetris and consider this to be the most entertaining version of it I have ever played.

.

Re:Err

[iocat]

It sounds good. Too good in fact. In fact, it sounds like BS. It basically reads like an urban myth. Also, given that the max value was 4, its unlikely the field size onscreen would have been big enough to display a 3 digit number. I also can't think of any domestic carrier in 2005 that had a combo touch screen / telephone thingee in the back of every seat. The only one I can think of now is Thai in their Royal Thai section.

Can anyone intuit the airline? Because without an airline name, I call bullshit on this story. I would guess it had to be business class, and probably a foriegn carrier, if the story is to be believed.

Re:

[iocat]

Sorry to reply to my own post, but someone down below suggested it may have been a Delta 767. The Song (Delta's low cost brand) airline has the Panasonic eFX IFE which offers what he describes I think in every seat (my bad for not flying Song I guess!). Link here [panasonic.aero]. The story still seems way to slick to me (as a former tester, I would have tried that sequence of events pretty quick), but evidence of an IFE that fits the description makes it inherently more believable.

Re:Err

[mikael]

What happens if the plane has to make an emergency landing? Do the authorities shoot it down?

Re:Err

[jackbird]

In that case, the landing has definitely caused an emergency.

Re:Err

[Unnngh!]

Once the number in the Tetris game rolls over to -128, the plane is supposed to go down by itself. If the authorities can guide the falling plane to land perfectly between the high rise and the parking garage, they will clear the row and move on to the next level...

uh.... yeah....

[Anonymous Coward]

You've been on Slashdot for 5 years, and now you start posting, and you come up with one of the least useful posts possible.

You just summarized TFA's explanation of "what went wrong," but less succinctly and less coherently than TFA.

Way to go.

Re:

[Gothic_Walrus]

Shit. Beaten to it multiple times in the space of the two minutes it took me to put my post together. So much for noble intentions... >_

There is a NAME for the bug...

[UnknownSoldier]

It's called a 'fencepost [wikipedia.org]' bug, or 'off-by-one [wikipedia.org]' bug.

Dam lazy programmers not using Assert() these days... :)

(And yes, I am one, programmer that is, not lazy :)

Re:There is a NAME for the bug...

[AndroidCat]

And when you compile the code in release, where is your friend now?

Re:

[Danny Rathjens]

Right there with him if he is a game developer apparently. :) I boot out of linux into windows once in a blue moon to play a game and have been quite surprised to see code that millions of dollars went into developing like WoW or FFXI throwing assertion errors. Apparently they compile release builds with assertions enabled nowadays!

Re:There is a NAME for the bug...

[RAMMS+EIN]

``Dam lazy programmers not using Assert() these days... :)''

Because we all know that the constraint that you got wrong in the actual code will be correct in the assert. Right? Right?!

Re:

[ArsenneLupin]

``Dam lazy programmers not using Assert() these days... :)''

Because we all know that the constraint that you got wrong in the actual code will be correct in the assert. Right? Right?!

Moreover, an assert would not have fixed this particular problem. The purpose of an assert is to highlight errors by making the code crash right away as soon as an unexpected condition arises, rather than dragging the error condition along, and only crash much later. In our case, this would have made the screens blank as soon as he pressed 5...

Re:

[burnttoy]

Probably wouldn't fire anyway. How often have you seen...

#ifdef DEBUG
#define ASSERT(x)
#else
#define ASSERT(x) ... a real definition goes here.
#endif ...but the release builds do not define DEBUG... From what I've seen (and, good god, I've seen some code) that's fairly typical programming.

ASSERTS are all well and good but not as useful as they seem for 2 reasons. Firstly the assert would never have been fired in the IFE software as, clearly, nobody tested this code path anyway and secondly if an assert _does_

Re:

[McFadden]

Yeah, mod me troll, and then admit you thought the same thing.

Re:

[Cheesey]

Here is another picture of an in-flight entertainment system running Linux, seemingly booting up:

http://www.shelleytherepublican.com/2006/12/01/lin ux-the-reliability-myth-debunked.aspx [shelleytherepublican.com]