• @TootSweet
    link
    English
    1891 year ago

    Jesus. QA is not a corner you should cut when it’s literally life and death.

    • @[email protected]
      link
      fedilink
      English
      51
      edit-2
      1 year ago

      So uh… as someone who works in biotech and understands exactly what level of rigor is required before the FDA allows you to sell a medical device - a term that has specific legal definition, regulations, and restrictions, I’m a bit suspicious this could be fake. This sort of error would indicate a systemic error and abrogation of due diligence at at least 4 different levels, and would be an apocalyptically huge lawsuit.

      Edit: I stand corrected - lots of people are corroborating this whole thing. That’s kind of astounding, tbh.

        • @DriftingDeep
          link
          471 year ago

          “and would be an apocalyptically huge lawsuit.”

          Apocalyptically huge lawsuit, here we come!!!

          • Iron Lynx
            link
            141 year ago

            This all vibes like the kind of lawsuit that ideally should land managers in prison.

            • @DriftingDeep
              link
              91 year ago

              That is a sacrifice I am willing to make!

        • @Quetzalcutlass
          link
          English
          141 year ago

          If the user does not recognize the issue, this may lead to delivery of more insulin than intended

          I love their subtle attempt at shifting blame here.

      • @[email protected]
        link
        fedilink
        551 year ago

        Not fake. I’m a type 1 diabetic on this version of Omnipod and have noticed this before as well as other issues. I also had the app refuse to let me close an innocuous error modal window to activate a pod while I was in another country.

        While I love the hardware, the software feels precisely like it has been outsourced to a team with no knowledge of what T1 is and whoever internally is greenlighting the changes isn’t properly testing.

        The newest officially supported phone is the S21.

      • yazirian
        link
        fedilink
        261 year ago

        There is a video demo of the bug later on the thread.

        Some android devices have a combination .- key on the numeric input UI. This is a contentious enough design choice to have stackoverflow threads on it. That combo key style is what’s used by the device and version shown on the demo. It appears that the device is reading that combo key as - and discarding (or taking absolute value), and not as a leading decimal.

      • @[email protected]
        link
        fedilink
        241 year ago

        I mean they posted the steps to replicate it so it wouldn’t take long to debunk that sort of thing as being fake.

      • @agent_flounder
        link
        English
        81 year ago

        FDA requirements were the first thing that popped into my mind. Is it possible somehow these devices fall under different regulations than “medical devices”? I am only vaguely familiar with the applicable 21 CFR regs. This seems like a pretty gargantuan screw up since it could, I would think, kill people.

  • @the_joeba
    link
    1621 year ago

    I quit Insulet (I was the principal software dev for Android on OP5) because management didn’t care about this kind of thing. I couldn’t stay in good confidence.

    • @[email protected]
      link
      fedilink
      911 year ago

      You should reach out to the dev in the post. Your experience is going to be very interesting to any lawyers he talks to.

      • @the_joeba
        link
        831 year ago

        I’m not going to X, but if anyone contacts me I’d certainly talk.

  • @chaos
    link
    122
    edit-2
    1 year ago

    A story from a type 1 diabetic:

    I had what we will call “an incident” where I took pretty close to this scale of extra insulin. I’m a much heavier insulin user but it varies greatly between people and the kind of person who is dosing fractions of a unit like 0.15 turning into 15 would be a massive problem. It took about an hour for me to get to the hospital and I seemed just fine at that point. I don’t know why because usually the type of insulin I use hits it’s peak within an hour for me. My only guess is that my body was overwhelmed and somehow delayed my reaction to it, which I’ve never seen before.

    I got into the ER and they were very casual about it. From my past experience in medicine I’m guessing they weren’t sure if it really happened and wanted to see how it played out. My blood sugar was somewhere around 100 when they first tested me. 5 minutes later it was in the 40s. At that point the nurse said “oh fuck!” and sprinted to grab D50 (basically a sugar infusion) from where they keep their meds. I have been a paramedic (not just an EMT) and I can count the number of times I’ve seen a nurse run on my fingers.

    They started an IV in both arms and were pumping sugar in to keep me alive. My memory gets kinda hazy after that. They kept checking my blood for potassium levels because burning through that much insulin + glucose uses it up and can stop your heart. Eventually they had to start a central line (like an IV but straight into your heart) in my neck to deliver insulin because they were worried all the sugar they were giving in both arms would burn my arm veins. I remember the feeling when they started it and used a probe to see if it was in the right place the “tickling” feeling literally in my heart. I ended up in the ICU on 1-to-1 with a nurse because they had to monitor me so closely. If I had been later to the ER by 10-15 minutes I wouldn’t be telling you this story. I also had the benefit of knowing what happened ahead of time, which you would not if your pump magically multiplied your dose by 100 and you didn’t notice.

    All this to say, this is pretty fucking serious.

    • @[email protected]
      link
      fedilink
      30
      edit-2
      1 year ago

      Am a medic. Had a similar call, but dude ended up having a rare tumor on his pancreas called and insulinoma. They produce and hold a bunch of insulin and can occasionally rupture and flood your system with insulin. Ofcourse we didn’t Know he had one at the time.

      We had a non Diabetic PT that we found with a glucose that just read low. So 30< with our glucometers. Dumped 100 of d20 into him with absolutely no changes. Ended up infusing 4 more bags of d20 into him during transport. Got him up to like 80 and then watched him become unresponsive again 5 min later. Checked again and found it to be back to 40. He was in a room a few min later. Normally Im glad we don’t cary d50 anymore that shit was like using a sledge hammer to hammer in a tack nail. But this was the one time d20 wasn’t cutting it.

      Anyways, glad you are alive. Shit can be scary.

  • @Clbull
    link
    74
    edit-2
    1 year ago

    So if I understand it, a bug has been identified that’s potentially going to make diabetics OD on insulin and die.

    That’s fucked.

  • @randon31415
    link
    701 year ago

    FDA: we have rigorously tested the pump and have found no issues.

    Public What about the app, which can control the pump and was written by the lowest bidder with no QA department?

    FDA: We have no jurisdiction over phone apps, due to the legislation that gives us jurisdiction over pumps being from the 70s. I guess, just don’t use the app?

    • @[email protected]
      link
      fedilink
      211 year ago

      It’s wild because in a lot of cases the FDA does have jurisdiction over the apps, they just choose not to check them.

  • @grue
    link
    English
    63
    edit-2
    1 year ago

    This, right here, is why “professional” software “engineers” should be licensed.

    • @[email protected]
      link
      fedilink
      211 year ago

      Former healthcare to software engineer working on a master’s here. My colleagues who were licensed back in healthcare weren’t all of the same quality. They all made mistakes at one point or another, some pretty bad some minor. There’s no difference though, minor could just as well become major.

      The way they get around it in healthcare is by throwing more people at the problem. You have a physician who is good at pointing in the general direction of the problem and a solution, then you have all the auxiliary staff who will narrow down on the solution based on their field. But at any single point all of them could fuck up, or one of them could.

      Now that I’m a software engineer and I’ve written enough code to do stuff. I can confidently say that licensing will not solve this problem. Especially if there aren’t enough people involved. Which is probably what was missed in the beginning.

      Anyway long rant over.

      • @grue
        link
        English
        101 year ago

        Licensing isn’t about magically ensuring that the practitioner won’t make mistakes; it’s about holding the practitioner accountable for his mistakes, which in theory gives him more incentive to be more careful – or to change his practice’s workflows and systems so as to be better able to detect and correct mistakes.

        In fact, I would argue that the “throwing more people at the problem” phenomenon in healthcare is an example of that very thing. Do you think they’d keep staffing levels equally high without licensing? 'Cause I sure don’t.

        • lad
          link
          fedilink
          01 year ago

          So, what you say is let’s hold the lowest level accountable, the person who may don’t have any power over the fcked up decisions about the amount of developers, presence of QA, and timeline.

          No, licensing will not make “accountable” people magically incentivised enough to make no mistakes

          • @grue
            link
            English
            51 year ago

            A licensed Professional Engineer is exactly the opposite of the lowest level person. In fact, that’s part of the point: giving the experts the power to say “no” to unsafe/unethical management.

            • lad
              link
              fedilink
              11 year ago

              Ok, stated that way it makes more sense, thanks for the explanation

              Don’t think that kind of thing is going to happen, though

    • @[email protected]
      link
      fedilink
      171 year ago

      Never gonna happen as long as the demand is so much higher than the supply.

      Perhaps it should be a requirement for certain things though, like the medical area.

      • @grue
        link
        English
        191 year ago

        You don’t have to have a college degree to become a licensed P.E.; it just takes more years working under the supervision of one. (I think it’s something like your options are a bachelor’s degree + 4 years P.E. supervised experience or 8 years P.E. supervised experience alone.)

          • @grue
            link
            English
            81 year ago

            First of all, there is little to no requirement to be NCEES FE/PE or even EIT certified to work as an engineer in the USA, unfortunately.

            In software “engineering,” sure. In e.g. civil engineering, on the other hand, pretty much everybody’s either gonna be licensed or on the path to it.

            I guess the regulators don’t consider software to count as real engineering, LOL!

              • @grue
                link
                English
                7
                edit-2
                1 year ago

                I cannot name any states that require NCEES certification and it certainly isn’t federal

                You conspicuously left out local jurisdictions, and guess what: that’s where the requirements kick in (except maybe for trivial stuff, the city or county is going to want plans to have a P.E.'s stamp on them before they’ll issue a building permit).

                Also, NCEES certification and professional licensure isn’t the same thing, so your claim was kind of a red herring in two ways. Licenses are issued by the state.

      • DarkenLM
        link
        fedilink
        161 year ago

        Let me tell you some shocking news: Most of the majors in Computer Science and Engineering (in the university I took it, one of the most prestigious in my country) don’t know shit about software engineering. They know only how to burp out the same leetcode style programs they were taught and that’s it. I’d trust a guy that managed to learn software engineering on it’s own through years of FAFO than (most) university majors.

  • @FlickOfTheBean
    link
    571 year ago

    Christ Almighty this is the dystopian software future that my college computer science ethics professor was working so hard to delay.

    • Flying Squid
      link
      111 year ago

      The dystopian part is when they’ll require you to pay a subscription to give you proper insulin dosages.

    • @FruitfullyYours
      link
      341 year ago

      It looks like the advisory/recall notice came out (depending on time zones) either before his posts or shortly thereafter.

      Looks like the company has jumped on this right away as they should.

      They have several non app solutions for bolus dosing. Looks like the app is new (iOS version isn’t even out yet) and they didn’t vet their consultants output adequately. Probably because this was some quick port that was outsourced and management didn’t pay attention because ‘requirements are the same’.

      Super important in med device development to have adequate internal oversight of developers to ensure requirements are properly rigorously tested. Especially in a class III device like this

      • @[email protected]
        link
        fedilink
        31 year ago

        Scary that the device can be convinced to kill you. I don’t care how bad the app is, that shouldn’t be possible.

      • @[email protected]
        link
        fedilink
        171 year ago

        It’s available in other regions as well.

        1. Select “Yes”, even if you aren’t from the US.
        2. Open the menu on the top right and select your region the bottom.
        3. Profit.

        Super simple and intuitive. /s

        • @[email protected]
          link
          fedilink
          -21 year ago

          Don’t forget to have a VPN. I recommend Mullvad because they accept Monero which cannot be tracked down to every detail of its purchase & location (all the way down to IP address for Bitcoin the Snitchcoin).

    • °˖✧ ipha ✧˖°
      link
      fedilink
      191 year ago

      Wow, what a shit website. It just led to a neverending sequence of confirmation boxes untill I refreshed the page enough that it let me through.

  • @Veneroso
    link
    351 year ago

    Thanks to Bush II, medical device manufacturers are immune to class action lawsuits!

    Yay Capitalism!

    My Dad had the leads on his pacemaker fail and caused his heart to be repeatedly and continuously shocked.

    Leads were replaced but guess who paid for that?

    It wasn’t the manufacturer!

    • @foggy
      link
      51 year ago

      If your dad managed to torture the CEO, do you think a jury would convict?

      Like honestly.

      • @Veneroso
        link
        4
        edit-2
        1 year ago

        To be fair, prison treatment aside, the fact that the elderly don’t rob banks, confuses me greatly.

        Guaranteed housing, meals, and health care.

        Sure it’s prison, but what is an elder care home, but a prison. for the elderly?

        Certain states have better prisons.

        Use that social security check to travel to NY and not Texas or Florida.

        • @foggy
          link
          31 year ago

          Use that social security check to pay a lawyer to get you into a really nice jail.

          • @Veneroso
            link
            21 year ago

            You’re not thinking big enough! Just run for president and claim election interference!

  • @ramenshaman
    link
    341 year ago

    As a diabetic, holy fucking shit! I’ve been on the fence about getting a pump because it’s just one more thing that can fail.

    • @[email protected]
      link
      fedilink
      51 year ago

      I don’t think you should take that as a main/sole argument against using a pump, there are many other pump manufacturerers oit there. I fir example am very happy with ma Dana i. (Apperently unlike the Omnipod, which seems very odd to me tbh) it has some saftey functions built into the device itself, so even if the controling software on my phone fucks up and doesn’t respect it’s hard limits the pumps driver still will. Unlike Apps or any management software I imagine the driver to be quite simple and thus less prone to errors like that.

    • @jose1324
      link
      -231 year ago

      Has nothing to do with the pump though. Just get like a omnipod dash

      • @ramenshaman
        link
        23
        edit-2
        1 year ago

        Huh? The omnipod dash is another pump from the same company that also has an app. What’s the difference? They’re both susceptible to bugs.

        Yes it absolutely has something to do with the pump.

        • @jose1324
          link
          -5
          edit-2
          1 year ago

          No? Love the downvotes from people who don’t even know about this.

          It’s an error in the phone app for the omnipod 5. It does NOT happen in the management device of the omnipod 5 or any other omnipod.

          The omnipod dash system does NOT have a phone app that can control the pump, only one that can monitor the stats. The PDM for the dash or the omnipod 5 does NOT have this bug, it is only in the android phone app for the omnipod 5.

          So no. It’s not a pump / pod problem.

          You being scared is unwarranted and has nothing to do with pump systems in general.

          • @[email protected]
            link
            fedilink
            121 year ago

            I mean, if their app is suspectable to a bug that could literally kill you, I would never trust anything from that company again. It’s excruciatingly important that they don’t fuck up, and they did

            • @jose1324
              link
              -31 year ago

              I mean… i can guarantee someone manually inserting insulin has definitely made mistakes in their dosage. For sure.

              Their PDMs are fine and more seriously tested. I agree that you shouldn’t use the phone app, but that’s for most people because it’s early in dev (there isn’t even an iphone version yet) and their other stuff is way older.

          • @jj4211
            link
            71 year ago

            I think people understand this, but it’s not just the stated bug that give people pause.

            If they screwed up this, then what are the odds they made similar as yet unknown mistakes. Seems reasonable to demand some transparency to determine whether the circumstances leading to this screwup are truly limited to this one app versus a more systematic QA issue that could result in other mistakes in other products and software.

          • lad
            link
            fedilink
            11 year ago

            What does the phone app do and what’s it used for? I was under the impression that you input something you calculated on the phone, but it seems that’s a wrong impression. Could you elaborate a bit?

            • @jose1324
              link
              21 year ago

              Onmipod Dash only has a phone app to look at what it’s doing. Control is with the PDM.

              Omnipod 5 has a phone app and a pdm that can control the pod. Only that phone app has this bug. Either you calculate it yourself and bolus or let the device make an approximation

  • I Cast Fist
    link
    fedilink
    English
    321 year ago

    “But why would you do those steps in that order?” - The programmers, probably.

    I’m wondering if the field where you input the insulin amount is the same as you input the carbs, as that’d easily explain the bug. Reuse of the same field without proper checks can easily lead to… “Funny” results. If the carbs and insulin fields are completely separate, then that’s some very weird math bug they’ve put in there, somehow.

  • @[email protected]
    link
    fedilink
    301 year ago

    part of the reason why the pharmaceutical industry is pretty rough and requires several verifications, as it only takes one mistake to be a fatal one.

    • @[email protected]
      link
      fedilink
      281 year ago

      Any time someone bitches about government oversight and regulations, I think about cases just like this. In many cases we should WANT a large bureaucracy with plenty of checks and approvals overseeing things like this.

      • lad
        link
        fedilink
        41 year ago

        Except the large bureaucracy must be honest in that case, otherwise it just starts exploiting lack of transparency to do nothing and get benefits for that

  • 🍔🍔🍔
    link
    fedilink
    281 year ago

    can anyone with more insight explain what checks and balances had to have failed for this to make it to the field? i understand that this is like obviously potentially lethal but i don’t really know how this kind of thing would normally be prevented.

    • @LwL
      link
      25
      edit-2
      1 year ago

      Usually something in the testing process, or perhaps the testing process itself is lacking. For medical applications it should be pretty rigorous as the consequences if something slips through can be very bad.

      If this is a new feature, then every step of the process designed to make sure it works failed. Which those are precisely will depend on the project, it could mean that multiple devs and QA had a look and either missed it or didn’t think to test for it. Where I work the developer implementing a feature tests it, then 2 other developers review the code, one of them also tests it, then it goes to dedicated QA who will test it more in depth and also do regression tests (checking that existing functionality still works). The testing QA member also checks with another QA member about anything they may have missed in their test steps. But this can vary heavily, also depending on the general model of development cycle (agile or waterfall) etc - though I’m working on much less critical software, no ones going to get injured even if nothing works correctly.

      If the bug was introduced through an update to this or another feature, their regression tests might be lacking.

      It’s also possible (though imo extremely negligient for such an application) that they don’t have dedicated QA in the first place, and even don’t require their devs to test comprehensively in place of dedicated QA.

      Or, they found the bug, but management didn’t want to allocate the resources to fix it.

      Imo something like this slipping through shows negligience of some form, it’s impossible to guarantee bug-free software, but this is not some obscure, hard to reproduce error.