Fog Creek Software
Discussion Board




Engineering failures - Charles de Gaulle

A tragedy since people were killed, today the roof of the one-year-old terminal, a 'jewel of design, safety and comfort ' at the charles de gaulle airport outside Paris, collapsed:

http://story.news.yahoo.com/news?tmpl=story&cid=518&e=4&u=/ap/france_airport_collapse

Built by credentialed licensed engineers using all the latest engineering techniques, computer modelling, and licensed contractors.

I have a fascination with these failures such the Tacoma Narrows Bridge and others, since they are so common despite over 2000 years of experience with creating buildings and bridges.

It also makes me skeptical of those who say software engineering is not real engineering because there are failures, unlike other fields of engineering.

Dennis Atkins
Monday, May 24, 2004

I am a structural engineer, so I can answer with some authority.  I don't actually believe that these accidents are as common as you seem to, especially considering the number of building projects that are going on every day.  As a matter of fact, I would think that there may be one or two such failures each year in the Western world (not quite as many as BSOD that occur each year!)

Engineering is a statistical science, in Australia there is a 5th percentile chance of a given design load being exceeded and a 5th percentile chance of a given material being under strength - combined there is an extremely small chance that failures can occur.  In days past, a structural failure rarely led to a catastrophic failure as there were a number of load paths, but as architects get more and more fancy, redundancies in the strucure gets less and less, meaning a badly forged connection or incorrectly designed member can lead to collapse.

Perhaps more in line with the software industry, there is increasing pressure on Engineers to get work out quickly and Contractors to build quickly, which means that mistakes can and do happen.  Younger engineers are often used to do the modelling and numbers, but unfortunately, they are less able to analyse the results and see potentially incorrect results from early on.  In most engineering practices, a single engineer is responsible for the majority of the design, which is often given a cursory check, again meaning that mistakes can slip through.

Despite this, engineering safety records are impressively good, which is in large part due to the stringent training and professional development requirements, barriers to entry for people not up to the grade and certifications that ensure that engineers act with the utmost professionism in their working lives.

I am sure that the issues that led the collapse in France will be thoroughly investigated, and the causes made fully public for the betterment of the entire profession, much like the failure of the Tahoma bridge.

Aussie Mick
Monday, May 24, 2004

Software engineering has nothing to do with reliability. It's about structuring large systems. Reliability may spring from that, but it's really taking our eye off the ball when we start comparing genitals with other engineers. A lot of damage was probably caused by well-intentioned people who believed masochistic tools and methodologies would solve all our problems and make users sing in the streets.

People say they want reliability. Bullshit, most people want cheap and fast; those who want reliability are educated buyers who seek it out, just like with anything else. There's nothing wrong with the people who like the 20 cent hotdogs at the neighborhood Scarf 'n Barf, but most make cheap food at home or look around for professionally done food.

The same is true for the "programming priesthood." We have to look around for the best tools; either we pay some money or do extra work. And other programmers look at us strangely for not just grabbing the 20 cent hotdog. This is the current state of computing.

Tayssir John Gabbour
Monday, May 24, 2004

As an aeronautical engineer and currently software coder, I would say that the difference is that most civil and aeronautical designs are life critical, while most software designs aren't. Charles de Gaulle is just one example of what happens if a bug occurs in a civil engineering design.

When a software bridge fails, you reboot it and it's up again in a few seconds without any real harm done. One could build a software bridge that fails once per millennium instead of once per month, but it would be a thousand times more expensive. That's why most customers go for the $1,000 bridge instead of the $1,000,000 one. Or they opt for the bridge with the fancy design, automatic stairways and coffee corner instead of the boring safer one.

Is that bad? Or does that mean that software development is not a real discipline? Not at all. It's just a different design philosophy. While many customers wish that software were as reliable as a concrete bridge, they are not prepared to pay for it.

I also concur with Aussi Mick's statement about modelling. One of the biggest mistakes I saw being made, when still involved in aircraft certification, is that (young) engineers and managers relied too much on computational models (e.g. finite element methods, fatigue analysis, aeroelastic computations, etc.). The use of such computer models is very attractive as it is much cheaper than building real models. The problem is that the uncertainty of such models is often underestimated, thus eating into the safety margins.

See, even in civil and aeronautical engineering it's the software that causes the real problems ;)

Jan Derk
Monday, May 24, 2004

Oh, I agree with you for sure. I am almost positive that this will prove to be a design problem (I mean just look at the dang building already and you can see its going to collapse eventually) that was brought on by reliance on software simulations, whcih should never be relied upon.

Dennis Atkins
Monday, May 24, 2004

But ultimately it is the responsibility of the engineer who decided he wanted to trust some software algorithm that he himself didn't understand nor know for sure was reliable or effective. No differenty than the surgeon who tries out a new technique he learned about in the Weekly World News.

Dennis Atkins
Monday, May 24, 2004

Cos, see, the structural engineer signed off on the plans and put his license number and stamp on them. When he did that, he took responsibility for the building regardless of the methods he used. If he used unproven tools, hat is his fault and liability, not the unlicensed tool makers.

Dennis Atkins
Monday, May 24, 2004

Disasters never happen alone. There's always a combination of factors coming into play. *If* it was a design mistake than it is most likely one created by an unexperienced engineer whose supervisor was sick, which was certified by on a monday morning by an inspector with a hangover that was under huge pressure from management to get this thing ready or he would lose his job. So who is to blame?

They should give the guy that designed the roof construction of this car a price:
http://story.news.yahoo.com/news?g=events/ts/052304parisairport&a=&tmpl=sl&ns=&l=1&e=27

Jan Derk
Monday, May 24, 2004

There is certainly no argument from me that the structural engineer is to blame (if it turns out to be a design problem).  Regardless of whether the model was wrong, software package wrong or anything else, it is ultimately the responsibility of the engineer who signed the drawing and he or she will be the person who will pay the price (in liability and/or by going to jail).  It is something that crosses my mind every time I sign a drawing.

No engineer would expect any different.

Aussie Mick
Monday, May 24, 2004

Grrrr, yahoo links to image change when they add new ones. What I meant was this car:
http://us.news1.yimg.com/us.yimg.com/p/rids/20040523/i/r2121119123.jpg

Hopefully this URL stays stable.

Jan Derk
Monday, May 24, 2004

<quote taken out of context "...you reboot it and it's up again in a few seconds without any real harm done" />


Unless its a respirator running on Win2K.

Yo
Monday, May 24, 2004

>> "I would say that the difference is that most civil and aeronautical designs are life critical, while most software designs aren't."

I would think that there are also life critical pieces of software also.  Spaceship, medical equipment, etc etc..

Name
Monday, May 24, 2004

He you guys, you might notice that I used the word *most* before the word software. It does explicitly imply that there is software being build that is as critical as bridge or airplane. Gee, one really has to cover all bases when posting on JoelOnSoftware.

Jan Derk
Monday, May 24, 2004

Any life-critical software goes through much more intensive design, more thorough testing, and is also one hell of a lot more expensive to design than the typical corporate project.  It's obvious that there's a trade-off between quality and price, and the more critical the software, the more you're going to pay for it.  When lives are on the line, you're more willing to pay.  When it's "simply" your company's reporting database, you'll spend less, then get pi$$ed at your developers for not turning it out fast, cheap, AND perfect.

GML
Monday, May 24, 2004

I think its the building maffia. I mean with that they (building maffia) bribed some guy to accept their offer and they build it with substandard materials.

Look at those acient greek, roman, egyptian buildings.  After thousands of years they still stand and they were build with primitive methods and knowledge.

Ok like the other poster said nowadays people want fancy buildings and will cut back on reinforcements but still I think it was some corrupt contractor that build it.

I remember once reading that one of the first laws written down was in babylon and it was something like: If you build the building and it falls appart. There will be death penalty for it.

I'm sure a lot of software would be alot better with the same laws. Just look at the pacemaker and similiar devices software. If the software crashes --> multi dollar case and seller loses all customers. Thats why that software is stable vs desktop applications. Desktop applications are the the shanti towns of software development (major building projects).

blaZiT
Monday, May 24, 2004

shanti towns = third world ghethos that are build from whatever part you find and gives you a dry place to hide. Translated to desktop applications. --> In general it works so why complain?

See pic of shanti town: http://www.ofthepen.com/elaine/album2/album2-Images/1.jpg

blaZiT
Monday, May 24, 2004

blaZit - Roman buildings used to collapse with monotonous regularity - especially the dodgy apartment blocks.  We just see the survivors and they were decently built ;-)

a cynic writes...
Monday, May 24, 2004

I strongly recommend the writings of Henry Petroski on the subject of engineering failures and much besides.

Data Miner
Monday, May 24, 2004

Buildings that survive from the Roman era (and before) are proof of the adage "if it's gonna fail, it's gonna do it early". They are NOT proof that the Romans were better at civil engineering than later generations.

Martha
Monday, May 24, 2004

"Any life-critical software goes through much more intensive design, more thorough testing, and is also one hell of a lot more expensive to design than the typical corporate project."

It is critical that ALL software, even typical corporate projects, be built to the same standards of testing  and safety as software for life-critical applications.

Until this happens, software development can not consider itself a branch of engineering. REAL engineering has much higher standards of quality.

Real Engineer
Tuesday, May 25, 2004

ah yes, you must be one of those people who push for things like all bridges withstanding a magnitude 12 earthquake or something. thus ensuring no bridges ever get built.

engineering is about picking the right tradeoffs.

'the perfect is the enemy of the good'

mb
Tuesday, May 25, 2004

Real Engineer, you demonstrate why engineers are often regarded as dopes. You try to claim that engineering is associated with higher standards, and software isn't, without any appreciation of the criteria applying to software.

If you're such a genius, please go and spend 10 years building the next word processor, and then try to sell it for $200 million.

Spare us from the Engineers.

Engineer with a brain
Tuesday, May 25, 2004

I, too, am an engineer (but not a software one):

<It is critical that ALL software, even typical corporate projects, be built to the same standards of testing  and safety as software for life-critical applications.>

That's just stupid on the face of it.

<Until this happens, software development can not consider itself a branch of engineering. REAL engineering has much higher standards of quality.>

That's absolutely true; but of course, it can never happen.  The vast majority of software development is nothing like engineering (unless you work for NASA), and it *cannot* be.  The sooner we get over that, the better off we'll all be.

Grumpy Old-Timer
Tuesday, May 25, 2004

At $200 million total price the next Word processor would be a  bargain. Works out at a dollar a user. Charge $2 billion 'cos everybody would pay $10 to be spared the quirks of Word.

Stephen Jones
Tuesday, May 25, 2004

"Until this happens, software development can not consider itself a branch of engineering. REAL engineering has much higher standards of quality. "

No.  "Engineered" products fail all the time.  The difference is that for certain domains, such as building bridges, failure of a design is automatically life threatening and so is held to a much higher standard.  This is not true for software.  Engineering is about design tradeoffs.  You don't design a cell phone with the same restrictions as designing a aircraft's radio.  Similarly you don't define a word processor with the same restrictions as an aircraft's flight control system.

A product should meet the needs of the majority of its users.  If failure of the product could be life-threatening, the product must meet much higher standards than a product which is not that important.  To do otherwise is an incredible waste of resources.

MikeMcNertney
Tuesday, May 25, 2004

$200 million is the unit price that Real Engineer would need to ask for his product. He might sell one to the US DoD.

One of the old saws about engineering is that it's conducted within defined budgets, as opposed to science, which doesn't care.

Engineer with a brain
Tuesday, May 25, 2004

*  Recent Topics

*  Fog Creek Home