• TootSweet@lemmy.world
    link
    fedilink
    English
    arrow-up
    182
    arrow-down
    2
    ·
    1 year ago

    Jesus. QA is not a corner you should cut when it’s literally life and death.

    • gravitas_deficiency@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      62
      arrow-down
      14
      ·
      edit-2
      1 year ago

      So uh… as someone who works in biotech and understands exactly what level of rigor is required before the FDA allows you to sell a medical device - a term that has specific legal definition, regulations, and restrictions, I’m a bit suspicious this could be fake. This sort of error would indicate a systemic error and abrogation of due diligence at at least 4 different levels, and would be an apocalyptically huge lawsuit.

      Edit: I stand corrected - lots of people are corroborating this whole thing. That’s kind of astounding, tbh.

      • xalo@lemm.ee
        link
        fedilink
        arrow-up
        52
        ·
        1 year ago

        Not fake. I’m a type 1 diabetic on this version of Omnipod and have noticed this before as well as other issues. I also had the app refuse to let me close an innocuous error modal window to activate a pod while I was in another country.

        While I love the hardware, the software feels precisely like it has been outsourced to a team with no knowledge of what T1 is and whoever internally is greenlighting the changes isn’t properly testing.

        The newest officially supported phone is the S21.

      • yazirian@kbin.social
        link
        fedilink
        arrow-up
        26
        arrow-down
        1
        ·
        1 year ago

        There is a video demo of the bug later on the thread.

        Some android devices have a combination .- key on the numeric input UI. This is a contentious enough design choice to have stackoverflow threads on it. That combo key style is what’s used by the device and version shown on the demo. It appears that the device is reading that combo key as - and discarding (or taking absolute value), and not as a leading decimal.

      • Laticauda@lemmy.ca
        link
        fedilink
        arrow-up
        24
        ·
        1 year ago

        I mean they posted the steps to replicate it so it wouldn’t take long to debunk that sort of thing as being fake.

      • agent_flounder@lemmy.world
        link
        fedilink
        English
        arrow-up
        7
        ·
        1 year ago

        FDA requirements were the first thing that popped into my mind. Is it possible somehow these devices fall under different regulations than “medical devices”? I am only vaguely familiar with the applicable 21 CFR regs. This seems like a pretty gargantuan screw up since it could, I would think, kill people.

  • the_joeba@lemmy.world
    link
    fedilink
    arrow-up
    157
    ·
    1 year ago

    I quit Insulet (I was the principal software dev for Android on OP5) because management didn’t care about this kind of thing. I couldn’t stay in good confidence.

    • mosiacmango@lemm.ee
      link
      fedilink
      arrow-up
      86
      ·
      1 year ago

      You should reach out to the dev in the post. Your experience is going to be very interesting to any lawyers he talks to.

  • chaos@lemmy.world
    link
    fedilink
    arrow-up
    122
    ·
    edit-2
    1 year ago

    A story from a type 1 diabetic:

    I had what we will call “an incident” where I took pretty close to this scale of extra insulin. I’m a much heavier insulin user but it varies greatly between people and the kind of person who is dosing fractions of a unit like 0.15 turning into 15 would be a massive problem. It took about an hour for me to get to the hospital and I seemed just fine at that point. I don’t know why because usually the type of insulin I use hits it’s peak within an hour for me. My only guess is that my body was overwhelmed and somehow delayed my reaction to it, which I’ve never seen before.

    I got into the ER and they were very casual about it. From my past experience in medicine I’m guessing they weren’t sure if it really happened and wanted to see how it played out. My blood sugar was somewhere around 100 when they first tested me. 5 minutes later it was in the 40s. At that point the nurse said “oh fuck!” and sprinted to grab D50 (basically a sugar infusion) from where they keep their meds. I have been a paramedic (not just an EMT) and I can count the number of times I’ve seen a nurse run on my fingers.

    They started an IV in both arms and were pumping sugar in to keep me alive. My memory gets kinda hazy after that. They kept checking my blood for potassium levels because burning through that much insulin + glucose uses it up and can stop your heart. Eventually they had to start a central line (like an IV but straight into your heart) in my neck to deliver insulin because they were worried all the sugar they were giving in both arms would burn my arm veins. I remember the feeling when they started it and used a probe to see if it was in the right place the “tickling” feeling literally in my heart. I ended up in the ICU on 1-to-1 with a nurse because they had to monitor me so closely. If I had been later to the ER by 10-15 minutes I wouldn’t be telling you this story. I also had the benefit of knowing what happened ahead of time, which you would not if your pump magically multiplied your dose by 100 and you didn’t notice.

    All this to say, this is pretty fucking serious.

    • Flyingostrich@endlesstalk.org
      link
      fedilink
      arrow-up
      30
      ·
      edit-2
      1 year ago

      Am a medic. Had a similar call, but dude ended up having a rare tumor on his pancreas called and insulinoma. They produce and hold a bunch of insulin and can occasionally rupture and flood your system with insulin. Ofcourse we didn’t Know he had one at the time.

      We had a non Diabetic PT that we found with a glucose that just read low. So 30< with our glucometers. Dumped 100 of d20 into him with absolutely no changes. Ended up infusing 4 more bags of d20 into him during transport. Got him up to like 80 and then watched him become unresponsive again 5 min later. Checked again and found it to be back to 40. He was in a room a few min later. Normally Im glad we don’t cary d50 anymore that shit was like using a sledge hammer to hammer in a tack nail. But this was the one time d20 wasn’t cutting it.

      Anyways, glad you are alive. Shit can be scary.

  • Clbull@lemmy.world
    link
    fedilink
    arrow-up
    74
    ·
    edit-2
    1 year ago

    So if I understand it, a bug has been identified that’s potentially going to make diabetics OD on insulin and die.

    That’s fucked.

  • randon31415@lemmy.world
    link
    fedilink
    arrow-up
    70
    ·
    1 year ago

    FDA: we have rigorously tested the pump and have found no issues.

    Public What about the app, which can control the pump and was written by the lowest bidder with no QA department?

    FDA: We have no jurisdiction over phone apps, due to the legislation that gives us jurisdiction over pumps being from the 70s. I guess, just don’t use the app?

  • grue@lemmy.world
    link
    fedilink
    English
    arrow-up
    73
    arrow-down
    16
    ·
    edit-2
    1 year ago

    This, right here, is why “professional” software “engineers” should be licensed.

    • hpca01@programming.dev
      link
      fedilink
      arrow-up
      21
      ·
      1 year ago

      Former healthcare to software engineer working on a master’s here. My colleagues who were licensed back in healthcare weren’t all of the same quality. They all made mistakes at one point or another, some pretty bad some minor. There’s no difference though, minor could just as well become major.

      The way they get around it in healthcare is by throwing more people at the problem. You have a physician who is good at pointing in the general direction of the problem and a solution, then you have all the auxiliary staff who will narrow down on the solution based on their field. But at any single point all of them could fuck up, or one of them could.

      Now that I’m a software engineer and I’ve written enough code to do stuff. I can confidently say that licensing will not solve this problem. Especially if there aren’t enough people involved. Which is probably what was missed in the beginning.

      Anyway long rant over.

      • grue@lemmy.world
        link
        fedilink
        English
        arrow-up
        12
        arrow-down
        2
        ·
        1 year ago

        Licensing isn’t about magically ensuring that the practitioner won’t make mistakes; it’s about holding the practitioner accountable for his mistakes, which in theory gives him more incentive to be more careful – or to change his practice’s workflows and systems so as to be better able to detect and correct mistakes.

        In fact, I would argue that the “throwing more people at the problem” phenomenon in healthcare is an example of that very thing. Do you think they’d keep staffing levels equally high without licensing? 'Cause I sure don’t.

        • lad@programming.dev
          link
          fedilink
          arrow-up
          3
          arrow-down
          3
          ·
          1 year ago

          So, what you say is let’s hold the lowest level accountable, the person who may don’t have any power over the fcked up decisions about the amount of developers, presence of QA, and timeline.

          No, licensing will not make “accountable” people magically incentivised enough to make no mistakes

          • grue@lemmy.world
            link
            fedilink
            English
            arrow-up
            6
            arrow-down
            1
            ·
            1 year ago

            A licensed Professional Engineer is exactly the opposite of the lowest level person. In fact, that’s part of the point: giving the experts the power to say “no” to unsafe/unethical management.

            • lad@programming.dev
              link
              fedilink
              arrow-up
              1
              ·
              1 year ago

              Ok, stated that way it makes more sense, thanks for the explanation

              Don’t think that kind of thing is going to happen, though

    • SorteKanin@feddit.dk
      link
      fedilink
      arrow-up
      16
      ·
      1 year ago

      Never gonna happen as long as the demand is so much higher than the supply.

      Perhaps it should be a requirement for certain things though, like the medical area.

    • doctorcrimson@lemmy.today
      link
      fedilink
      arrow-up
      14
      arrow-down
      58
      ·
      edit-2
      1 year ago

      But I deserve to be paid just as much for my vast technological knowledge even if I didn’t get a bunch of speech and liberal art credits from a college in the middle of nowhere. Bootcamps are the industry standard! /SARCASM, GO GET A REAL DEGREE OR WORK IN FAST FOOD

      • DarkenLM@kbin.social
        link
        fedilink
        arrow-up
        18
        arrow-down
        2
        ·
        1 year ago

        Let me tell you some shocking news: Most of the majors in Computer Science and Engineering (in the university I took it, one of the most prestigious in my country) don’t know shit about software engineering. They know only how to burp out the same leetcode style programs they were taught and that’s it. I’d trust a guy that managed to learn software engineering on it’s own through years of FAFO than (most) university majors.

      • grue@lemmy.world
        link
        fedilink
        English
        arrow-up
        16
        arrow-down
        1
        ·
        1 year ago

        You don’t have to have a college degree to become a licensed P.E.; it just takes more years working under the supervision of one. (I think it’s something like your options are a bachelor’s degree + 4 years P.E. supervised experience or 8 years P.E. supervised experience alone.)

        • doctorcrimson@lemmy.today
          link
          fedilink
          arrow-up
          2
          arrow-down
          2
          ·
          1 year ago

          First of all, there is little to no requirement to be NCEES FE/PE or even EIT certified to work as an engineer in the USA, unfortunately. But if there was, then you would still have to fill out an application documenting your experience, which in the vast majority of cases would be an Engineering course from somewhere other than an ABET / EAC accredited institution rather than simply having no education. Maybe in Canada but I’ve got no idea how things work over there aside from they have stricter regulations on the title.

          Anybody in the USA can call themselves an engineer, and most working programmers do.

          • grue@lemmy.world
            link
            fedilink
            English
            arrow-up
            8
            ·
            1 year ago

            First of all, there is little to no requirement to be NCEES FE/PE or even EIT certified to work as an engineer in the USA, unfortunately.

            In software “engineering,” sure. In e.g. civil engineering, on the other hand, pretty much everybody’s either gonna be licensed or on the path to it.

            I guess the regulators don’t consider software to count as real engineering, LOL!

            • doctorcrimson@lemmy.today
              link
              fedilink
              arrow-up
              2
              arrow-down
              4
              ·
              1 year ago

              I’ve never worked as a Civil Engineer so I can’t really speak for it, but I cannot name any states that require NCEES certification and it certainly isn’t federal.

              • grue@lemmy.world
                link
                fedilink
                English
                arrow-up
                7
                ·
                edit-2
                1 year ago

                I cannot name any states that require NCEES certification and it certainly isn’t federal

                You conspicuously left out local jurisdictions, and guess what: that’s where the requirements kick in (except maybe for trivial stuff, the city or county is going to want plans to have a P.E.'s stamp on them before they’ll issue a building permit).

                Also, NCEES certification and professional licensure isn’t the same thing, so your claim was kind of a red herring in two ways. Licenses are issued by the state.

                • doctorcrimson@lemmy.today
                  link
                  fedilink
                  arrow-up
                  3
                  arrow-down
                  4
                  ·
                  1 year ago

                  So what you’re saying is that each city, county, or district decides on their own whether or not they hire an engineer who was certified by NCEES via PE/FE/EIT licensure? I decided to add a whole bunch of words to make it less confusing this time. Because states have constitutions and legislature in the USA, but township’s policies can change by the acting leader. To me that’s exactly the point I’ve been trying to make, is that the USA severely lacks any central system or regulation on who qualifies as an engineer.

    • FruitfullyYours@lemmy.world
      link
      fedilink
      arrow-up
      31
      ·
      1 year ago

      It looks like the advisory/recall notice came out (depending on time zones) either before his posts or shortly thereafter.

      Looks like the company has jumped on this right away as they should.

      They have several non app solutions for bolus dosing. Looks like the app is new (iOS version isn’t even out yet) and they didn’t vet their consultants output adequately. Probably because this was some quick port that was outsourced and management didn’t pay attention because ‘requirements are the same’.

      Super important in med device development to have adequate internal oversight of developers to ensure requirements are properly rigorously tested. Especially in a class III device like this

      • eluvatar@programming.dev
        link
        fedilink
        arrow-up
        3
        ·
        1 year ago

        Scary that the device can be convinced to kill you. I don’t care how bad the app is, that shouldn’t be possible.

      • Spectrism@feddit.de
        link
        fedilink
        arrow-up
        18
        arrow-down
        1
        ·
        1 year ago

        It’s available in other regions as well.

        1. Select “Yes”, even if you aren’t from the US.
        2. Open the menu on the top right and select your region the bottom.
        3. Profit.

        Super simple and intuitive. /s

        • Chakravanti@sh.itjust.works
          link
          fedilink
          arrow-up
          4
          arrow-down
          6
          ·
          1 year ago

          Don’t forget to have a VPN. I recommend Mullvad because they accept Monero which cannot be tracked down to every detail of its purchase & location (all the way down to IP address for Bitcoin the Snitchcoin).

    • °˖✧ ipha ✧˖°@lemm.ee
      link
      fedilink
      arrow-up
      17
      ·
      1 year ago

      Wow, what a shit website. It just led to a neverending sequence of confirmation boxes untill I refreshed the page enough that it let me through.

  • FlickOfTheBean@lemmy.world
    link
    fedilink
    arrow-up
    53
    arrow-down
    1
    ·
    1 year ago

    Christ Almighty this is the dystopian software future that my college computer science ethics professor was working so hard to delay.

    • Flying Squid@lemmy.world
      link
      fedilink
      arrow-up
      12
      arrow-down
      1
      ·
      1 year ago

      The dystopian part is when they’ll require you to pay a subscription to give you proper insulin dosages.

  • Veneroso@lemmy.world
    link
    fedilink
    arrow-up
    35
    ·
    1 year ago

    Thanks to Bush II, medical device manufacturers are immune to class action lawsuits!

    Yay Capitalism!

    My Dad had the leads on his pacemaker fail and caused his heart to be repeatedly and continuously shocked.

    Leads were replaced but guess who paid for that?

    It wasn’t the manufacturer!

    • foggy@lemmy.world
      link
      fedilink
      arrow-up
      5
      ·
      1 year ago

      If your dad managed to torture the CEO, do you think a jury would convict?

      Like honestly.

      • Veneroso@lemmy.world
        link
        fedilink
        arrow-up
        4
        ·
        edit-2
        1 year ago

        To be fair, prison treatment aside, the fact that the elderly don’t rob banks, confuses me greatly.

        Guaranteed housing, meals, and health care.

        Sure it’s prison, but what is an elder care home, but a prison. for the elderly?

        Certain states have better prisons.

        Use that social security check to travel to NY and not Texas or Florida.

  • ramenshaman@lemmy.world
    link
    fedilink
    arrow-up
    35
    arrow-down
    1
    ·
    1 year ago

    As a diabetic, holy fucking shit! I’ve been on the fence about getting a pump because it’s just one more thing that can fail.

    • neeeeDanke@feddit.de
      link
      fedilink
      arrow-up
      5
      ·
      1 year ago

      I don’t think you should take that as a main/sole argument against using a pump, there are many other pump manufacturerers oit there. I fir example am very happy with ma Dana i. (Apperently unlike the Omnipod, which seems very odd to me tbh) it has some saftey functions built into the device itself, so even if the controling software on my phone fucks up and doesn’t respect it’s hard limits the pumps driver still will. Unlike Apps or any management software I imagine the driver to be quite simple and thus less prone to errors like that.

      • ramenshaman@lemmy.world
        link
        fedilink
        arrow-up
        1
        ·
        edit-2
        1 year ago

        Huh? The omnipod dash is another pump from the same company that also has an app. What’s the difference? They’re both susceptible to bugs.

        Yes it absolutely has something to do with the pump.

  • I Cast Fist@programming.dev
    link
    fedilink
    English
    arrow-up
    32
    ·
    1 year ago

    “But why would you do those steps in that order?” - The programmers, probably.

    I’m wondering if the field where you input the insulin amount is the same as you input the carbs, as that’d easily explain the bug. Reuse of the same field without proper checks can easily lead to… “Funny” results. If the carbs and insulin fields are completely separate, then that’s some very weird math bug they’ve put in there, somehow.

  • Dudewitbow@lemmy.zip
    link
    fedilink
    arrow-up
    27
    ·
    1 year ago

    part of the reason why the pharmaceutical industry is pretty rough and requires several verifications, as it only takes one mistake to be a fatal one.

    • ringwraithfish@startrek.website
      link
      fedilink
      arrow-up
      25
      ·
      1 year ago

      Any time someone bitches about government oversight and regulations, I think about cases just like this. In many cases we should WANT a large bureaucracy with plenty of checks and approvals overseeing things like this.

      • lad@programming.dev
        link
        fedilink
        arrow-up
        4
        ·
        1 year ago

        Except the large bureaucracy must be honest in that case, otherwise it just starts exploiting lack of transparency to do nothing and get benefits for that

  • 🍔🍔🍔@toast.ooo
    link
    fedilink
    arrow-up
    27
    arrow-down
    1
    ·
    1 year ago

    can anyone with more insight explain what checks and balances had to have failed for this to make it to the field? i understand that this is like obviously potentially lethal but i don’t really know how this kind of thing would normally be prevented.

    • LwL@lemmy.world
      link
      fedilink
      arrow-up
      25
      ·
      edit-2
      1 year ago

      Usually something in the testing process, or perhaps the testing process itself is lacking. For medical applications it should be pretty rigorous as the consequences if something slips through can be very bad.

      If this is a new feature, then every step of the process designed to make sure it works failed. Which those are precisely will depend on the project, it could mean that multiple devs and QA had a look and either missed it or didn’t think to test for it. Where I work the developer implementing a feature tests it, then 2 other developers review the code, one of them also tests it, then it goes to dedicated QA who will test it more in depth and also do regression tests (checking that existing functionality still works). The testing QA member also checks with another QA member about anything they may have missed in their test steps. But this can vary heavily, also depending on the general model of development cycle (agile or waterfall) etc - though I’m working on much less critical software, no ones going to get injured even if nothing works correctly.

      If the bug was introduced through an update to this or another feature, their regression tests might be lacking.

      It’s also possible (though imo extremely negligient for such an application) that they don’t have dedicated QA in the first place, and even don’t require their devs to test comprehensively in place of dedicated QA.

      Or, they found the bug, but management didn’t want to allocate the resources to fix it.

      Imo something like this slipping through shows negligience of some form, it’s impossible to guarantee bug-free software, but this is not some obscure, hard to reproduce error.