back to article CIA used 'illegal, inaccurate code to target kill drones'

The CIA is implicated in a court case in which it's claimed it used an illegal, inaccurate software "hack" to direct secret assassination drones in central Asia. The target of the court action is Netezza, the data warehousing firm that IBM bid $1.7bn for on Monday. The case raises serious questions about the conduct of Netezza …

COMMENTS

This topic is closed for new posts.
  1. A J Stiles
    WTF?

    Two things come out of this story:

    Two things come out of this story:

    1. When procuring custom software, *always* insist on Source Code, right from the outset. You are the one with the money, and there's always someone else out there who will oblige.

    2. The world would benefit from an international treaty banning the use of unstaffed aircraft as weapons.

    1. Anonymous Coward
      Grenade

      Really?

      1. When procuring custom software, *always* insist on Source Code, right from the outset

      So a company is to give up it's trade secrets (and therefore how it makes money) to the customer, so said customer can fuck off to the bloke down the road who'll do it for a bottle of whisky and a night with 2 cheaper hookers?

      2. The world would benefit from an international treaty banning the use of unstaffed aircraft as weapons

      So that rules out cruise missiles then. Best left to irattional,jumpy, adrenaline fuelled sky jocks then. Wow feel safer already.

      Thank fuck your not in any sort of position of power.

      1. Anonymous Coward
        FAIL

        Re: Really?

        "So a company is to give up it's trade secrets (and therefore how it makes money) to the customer, so said customer can fuck off to the bloke down the road who'll do it for a bottle of whisky and a night with 2 cheaper hookers?"

        Erm, if someone is paying you, they can certainly insist on the source code. If you don't want to provide it, then maybe they should be doing business with someone who will provide the code. As for the puerile remarks about whisky and hookers, there are legal frameworks for preventing people "fuck[ing] off to the bloke down the road".

        "Thank fuck your not in any sort of position of power."

        Your what? Really, indeed.

        1. JimC

          > insist on the source code

          Yep, the customer can most certainly insist on the source code, and even on copyright assignation or privileges which would also be needed if anyone else were to work on it.. However if the price without source code is a fraction of the price with sourcecode and rights, as would not be unreasonable, then the customer may well decide they don't need the sourcecode that badly after all.

      2. A J Stiles
        FAIL

        But it isn't a secret

        "So a company is to give up it's trade secrets (and therefore how it makes money) to the customer, so said customer can fuck off to the bloke down the road who'll do it for a bottle of whisky and a night with 2 cheaper hookers?" -- the only dignified respons I can give this is, "bollocks".

        If I am paying you for the software, then what is inside it is by definition *not* a secret from me.

        1. Anonymous Coward
          Thumb Down

          Not a secret?

          Oh but it is. Very much so. That's why there are usually clauses in EULAs prohibiting reverse engineering etc. You may specificy *what* it does but *how* it does it is very much how I make my living, and I'm not in a sharing mood unless you're willing to pay me to compensate for the risk I'm taking in putting my livehood in your hands.

          1. A J Stiles

            Values

            There is a little principle called "Life before property". According to which, the life of even the lowliest human being is worth infinitely more than the secrecy of your precious Source Code.

            1. Dave 15

              Clearly only in fantasy land

              This has never held water.... try stealing something from a rich man and notice you get far more time 'inside' than the average murderer.

        2. Sooty

          depends on the contract

          in general, if you contract a company to write some software on your behalf, you are perfectly entitled to the sourcecode, if you want it.

          it will likely cost you considerably more than just getting the software itself though.

        3. Anonymous Coward
          Anonymous Coward

          orly?

          WOW. So you know exactly how Photoshop works? or MS Word?

          you must be a GENIUS.

          1. A J Stiles

            No

            I have neither Photoshop nor MS Word installed on any of my machines.

            I do, however, have the GIMP and OpenOffice.org -- along with the Source Code from which I compiled them.

        4. Dave 15

          SO you know...

          Whats inside Windows? Or your favourite browser?

          I think not.

          And the reason not is that the code is not yours, you have only paid a licence fee to use the software.

      3. wayne 8
        Terminator

        Don't have escrow where you live?

        Here in the USA the source code is placed in escrow with a trusted third party.

        1. Dave 15

          true ... but

          as far as I know escrow software isn't available to the customer unless the supplier has gone bust.

    2. Anonymous Coward
      Anonymous Coward

      @A J Stiles

      You're right. Two things do come out of this story.

      Firstly, killing people is a really shitty business which no amount of complicated legal wrangling, re-definition of terms, or general mucking about with language is going to change.

      Secondly, if - as sometimes stated - we only really advance technologically when we're busily killing each other that's a shining endorsement of neither humankind, nor technology.

      As far as I can tell this whole story is a case of three sets of people who make killing machines having a squabble about who should get paid and how: Frankly I don't care. I'd rather they threw all their fuckery-foo into the sea because the world doesn't need more assholes with guns and ammunition no matter what the justification is.

      Someone's going to lose their life because of this shit and all the USA seems bothered about is who might be embarrassed, as if it's just a case of someone having pissed their pants at school.

      How fucking pathetic can you be.

      1. Charles Manning

        Advancement

        "Secondly, if - as sometimes stated - we only really advance technologically when we're busily killing each other that's a shining endorsement of neither humankind, nor technology."

        Of course that is bollocks. Tech advances happen all the time.

        War does speed the process up because people don't get so hung up on safety/testing. If a product has some problems but gives a military advantage then it will get used.

        For example consider a hypothetical case where someone invents a new way to make parachutes twice as fast and half the cost, but there is glitch whereby one in a thousand parachutes fails to open. That new parachute would get deployed pretty smartly during a big war because the benefits of doubling your parachutists outweighs the costs of killing 1/1000 parachutists. The numbers even work for parachutists since doubling the number of people in a group way more than doubles your chances of survival.

        Where this breaks down is during a protracted low-key war that is far away. The majority of people are not in war mode and think with health and safety mindsets. They'd want that 1/1000 glitch to be found, fixed and tested before the new parachutes get deployed. The nett result is a longer war and more paratrooper deaths.

        Militarily it makes sense to deploy with the known 1-13m error and fix it off-line. That gives you the use of an improved (though imperfect) tech. When you're exploding a huge warhead, 1-13m error is probably insignificant anyway.

        1. Anonymous Coward
          Anonymous Coward

          missed the point (and the target)...

          "Militarily it makes sense to deploy with the known 1-13m error and fix it off-line."

          Yes it makes sense if you dont care about killing civillians. Infact it makes sense to deploy even if it kills 100 civillians for every 1 soldier... Militarily.

          But that is the whole kcufing point. It is not the Military's version of "makes sense" that is causing the outrage here.

    3. Skymonrie
      Pint

      I'll have

      The Windows source code, a pound off ATI graphics driver and a beer please.

      If companies can sell proprietary software, why can't these people. I can only imagine the next season of Robot Wars using this software to really give the crowd a buzz...saw

    4. Unlimited
      FAIL

      @A J Stiles

      Are you sure that the software was commissioned by Netezza?

      From the article:

      "The partnership between the two firms strengthened, and in August 2008 Netezza acquired exclusive rights to distibute[sic] Geospatial"

      Company A has already written a piece of software, and they sell company B the right to _distribute_ it.

      Are you saying company B should now have source code rights?

    5. Anonymous Coward
      WTF?

      Errr... guess again

      If you think the government will let you supply them compiled code without the source to stick on their TS network, you're dumber than a box of rocks. Code is a mandatory requirement, after all they paid for and for that matter, they want to make sure it doesn't have anything in it that it shouldn't, like for example unauthorized overrides or back doors. DoD work is in a completely different realm than commercial work. Our job is to make the other guy die for his country, not make as much money as possible.

    6. Dave 15

      unmanned aircraft vs missile?

      Prey what really is the difference? We've been using missiles since WW2, seems a little late to put that gene back in the bottle. And in honesty a missile isn't much different to an airborne torpedo which goes back even further....

  2. jake Silver badge

    And the Bush legacy continues ...

    No doubt the extreme right will blame it on Obama, despite the fact that these wheels were set into motion long before he had anything resembling political power ...

    Waste, America.

    1. Apocalypse Later

      But...

      ...Obama is in charge now, right? So the further use, and the recently increased use, of drones for assassination is down to him. Not that I am against it.

      Of course, the CIA really shouldn't have let George Bush personally vet and pass software for their weapons systems.

      1. Destroy All Monsters Silver badge
        FAIL

        Not against it, eh?

        Compare:

        "President Obama has significantly expanded use of clandestine drone assassinations [operating in countries not at war with US], despite heavy criticism from the UN and others."

        "Comrade Stalin has significantly expanded use of clandestine NKVD assassination [operating in countries not at war with the USSR], despite heavy criticism from the UN and others."

        At least Stalin could not be embarrassed by lousy and overpaid state employees trying to crack one off playing Software Management Gurus.

      2. Dave 15

        True enough...

        You can't blame the last guy if you've not at least tried to do something about it.

  3. OrsonX
    Happy

    Drone targetting accuracy...

    ...should have got Chloe to do it...

  4. Dan 10

    Jesus!

    I can kind of envision a CIA staffer thinking that up to 13 metres error for supposed 'smart' ordnance is acceptable, but a IT salesman? I mean, I though they were paragons of virtue, untainted by the impurities of greed...

    1. Ross 7

      Salesmen

      Well they did tell them!

      To be fair, 13m out when you're dropping 100lb of RDX on someone is still going to end in a successful, yet messy outcome. The only real difference is which particular passers-by happen to die at the same time.

      The term surgical strike when using anti tank rounds is hardly accurate after all...

      The sad thing is I imagine that rather than suspending their actions until the issue was fixed, the CIA just upped the lb-age on their on their weps to make doubly sure of a kill, ensuring more deaths of non-targetted people.

    2. John Smith 19 Gold badge
      Alien

      @Dan 10

      "I can kind of envision a CIA staffer thinking that up to 13 metres error for supposed 'smart' ordnance is acceptable, but a IT salesman? I mean, I though they were paragons of virtue, untainted by the impurities of greed..."

      Hmm. The sarcasm is strong in this one.

  5. The Other Steve
    WTF?

    I don't know what the most amazing part of this story is

    But I think it may well be the idea that someone working on spatial technology for armed UAVs was not competent in the correct way to do numerical computing without arseing up the floats and getting rounding errors.

    OTOH what's the blast radius on the rockets these thing pack ? Somewhere between 1 and 13 meters by any chance ?

    1. Daniel 1

      I can tell you the not-so amazing parts

      1. The code worked fine on one chipset.

      2.. They decided to use a cheaper chipset (because a one-time purchase of a chip represents a major investment, in a device that drops a couple of hundred thousand dollars of explosives on someone, each time it flies).

      3. Floating point errors crept in, because people couldn't get it to work with the new chipset.

      4. They decided to lie about the results, or ignore the errors.

      The disgusting thing about the armaments industry, is that the death and slaughter actually happens as a side-affect of a series of rounding errors, generated by a process largely driven by greed, emotion and personal favour.

  6. Charles Calthrop

    skip

    the most amazing part of the story is that pointy finger guy's photo

    1. Lance 3

      Louie Anderson

      The guy that looks like Louie Anderson?

  7. Rogerborg

    This is utterly unacceptable

    They might kill the WRONG innocent civilian bystanders.

  8. ratfox
    WTF?

    Confusing

    Let me see if I got the story straight:

    - CIA wants a targeting software as precise as possible, but ended up accepting an imprecision of up to 13 meters, hoping it is precise enough in most case

    - Netezza did whatever it could to make the CIA happy, including ripping imperfect code from IISi

    - IISi... was not willing to deliver an imperfect solution? Is complaining about the code grab? They are also complaining that the CIA is using a solution that might kill innocents?

    I would have thought that the ordinance is powerful enough that 13 meters is an insignificant error... And it is unlikely that the CIA is going to say "OMG we might kill innocent people with such an imprecision, we have to wait until the boffins get it down to 1 meter"

  9. Anonymous Coward
    Anonymous Coward

    1 - 13 m

    From a practical/military point of view an error of 1 - 13 m probably isn't a show stopper against a soft target like a mud brick building, HE bombs are area weapons after all.

    The only downside is collateral damage and the Americans don't seem to mind that too much going on past performance in Afghanistan and Iraq.

    1. TimeMaster T
      Megaphone

      Title.

      The American >Government and Military< don't seem to mind "collateral damage".

      Many American Citizens have issues with it.

      Please remember that the former and the later are not the same.

      1. fatchap
        Troll

        For who?

        But I thought the US Governement was for the people, by the people. That would make them the same.

        1. Dave 15

          Democracy...

          A falacy, a lie, and not even remotely matching the governed with the governing.

          Don't forget for example Mr Blair - overwhelming power in the UK parliament from 25% of the votes cast.... and they are arguing here over whether to fix that!

          One day we will have real democracy - the sort where the people control what the government do, until then we have elections.

      2. Charles Manning

        The latter want the former there

        I'm sure many individuals in the American government and military don't like collateral damage either.

        Clearly the majority of Americans don't care. America is one of those democracy things where people choose their government and thereby choose their actions.

        The Americans also have the right to bear arms so that they can rise up against any government that goes too far off base. They are not doing that, so clearly they don't care about the matter that much.

        1. Anonymous Coward
          Anonymous Coward

          Clearly...

          "The complex case, which has so far received scant press attention..."

          More likely, the majority of Americans don't even know about this, and plenty of other similar situations. Defense reporting generally doesn't make it into the trough of our mainstream media.

    2. Anonymous Coward
      Anonymous Coward

      13 metres

      Even if a target is within the weapon blast radius, if they are behind one or more walls, the probability of a kill are likely to be substantially reduced. A 13 metre error could even place a weapon in the wrong building - not what one would call a surgical strike.

      Given that this type of attack has been used to attack targets in Pakistan, a country with which the USA is not at war, collateral damage might be fairly important. If this was not the case, they would have simply carpet bombed Waziristan.

  10. John Smith 19 Gold badge
    FAIL

    Lots of Fail to go round I think

    The Developers

    "It's going to take a long time to port this"

    How much assembler did you use for this package?

    x86 is not exactly an *obscure* hardware architecture and given the rather floating point heavy nature of GIS stuff I'd like to think they had a test suite of tricky problems to check the quality of a port.

    The hardware suppliers.

    "The answer is yes, provided you have the money."

    The client

    "Skippy" does not look like a guy who take "no" for an answer, even when it should be given and he should accept it.

    Call it the "Carter Burke" school of management. *any* requirement accepted to get/keep deal -> FUBAR.

    1. Liam Johnson

      The Developers

      If you read the article, it sounds like they did port it to the x86, test it with their wonderful set of tricky problems and figured out it didn't work. They had a look at the issues and decided is was weird floating point compatibility stuff and they would need some time to fix it.

      Hardly a big fail.

      The big fail is the other guys who ported it to the x86 (in a day?), tested it, figured out it didn't work but god knows why, and put it into action anyway.

    2. Shooter

      Thumbs up...

      ...purely for the "Carter Burke" reference!

      1. John Smith 19 Gold badge
        Happy

        @Shooter

        When most people think of greedy defense con-tractors shipping half finished equipment Ronny Cox's character in Robo Cop "Dick Jones," comes readily to mind (BTW ED209 problem was modeled on the US Army's "Sgt Yorke" anti aircraft gun programme fiasco).

        Jones is a bad guy but he *knows* he's a bad guy. He does bad things because they pay and he reckons that "Only idiots and little people go to jail."

        Burke is much more delusional and possibly more convincing as a result. He just want's what he feels his hard work entitles him to.

        Unfortunately he feels that includes *everything*.

        He really sees *nothing* wrong in what he has done other than he might have made a few "Errors of judgment."

        One kind of corporate executive might be reformed (or rather discouraged) if they believed in the risk of swift and effective law enforcement (for example by a unit of incorruptible and nearly un-killable cyborgs)

        The other would never change. Only some "Terminal therapy" would cure their behavior.

    3. Anonymous Coward
      Alert

      Endian-ness

      PowerPC chips are big-endian and x86 chips are little-endian. This alone can cause serious headaches when porting floating-point code.

      http://en.wikipedia.org/wiki/Endianness#Floating-point_and_endianness

  11. Christopher Cowan

    blast radius

    http://www.wired.com/dangerroom/2009/06/why-was-pakistan-drone-strike-so-deadly/

    This article suggests a 200 ft (60 m) blast radius for a Mk82 bomb launched from a drone, I don't think being out by 42 ft (13 m) is going to make much difference.

    1. Daniel 1

      Great big bombs do not an "assassination" make

      If they could fix the targeting, the warhead would only need to be the size of a hand grenade.

      These guys kept the bad figures out of their sales pitch because they didn't want to damage their marketing collateral - because, it turns out, the only thing they were marketing, was collateral damage. People should be ready volunteer, to be someone else's collateral, before saying any of that is okay.

  12. JaitcH
    WTF?

    Two faced US Government defender of Hollywood rights used palgerised software

    It is surprising that the biggest proponent of enhanced action against those distributing Hollywood films on-line is guilty of using copied/plagerised software.

    Another example of US government hypocrisy.

    The CIA was also a big player in bringing drugs north from Mexico whilst the DEA was busy fighting the trade. Some morals.

    1. Destroy All Monsters Silver badge
      Big Brother

      You don't understand...

      The "biggest proponent of enhanced action against those distributing Hollywood films" is not the government but the "content-producing industry". Which is wining and dining Congress.

      If the government decides tomorrow to seize and use for its own ends whatever it needs, it does so. It may even leisurely twist some arms to retrospectively pass a law legitimize things (or maybe you didn't pay your taxes or gave material assistance to terrorists?)

      And if you are lucky and actually getting paid, well it's money fresh off the printers of the federal reserve. Which is what... a few bucks a container?

      "A Government of Men, Not Laws"

  13. Anonymous Coward
    Black Helicopters

    and bears s**t in the woods

    A headline saying something about the CIA, Illegal and Kill

  14. snakebite

    additional details

    There's an interesting video interview with the chairman of iiSi at TheStreet.com, which covered this story a couple of months ago. Before he was the chairman of a technology company, he was an attack helicopter pilot in Viet Nam.

    http://www.thestreet.com/story/10810646/cia-may-have-bought-faulty-drone-software.html

  15. Anonymous Coward
    Black Helicopters

    Lives at stake?

    Sounds to me more like deaths at stake.

    And I hope I never work anywhere where the management get Mr Pointy Finger in to motivate the staff.

    One slightly less grim idea relieves the grimness of the whole scenario: perhaps a "malfunctioning 30 million dollar weapon" will turn round and do a Jason Bourne on its masters.

  16. Robert Carnegie Silver badge

    I wonder more than ever now

    I already wondered why Microsft didn't just have the heads of Linux, Mozilla and Opera murdered. And now we have somebody performing litigation that is embarrassing and inconvenient to a government agency that can drop a rocket bomb onto your cell phone. THAT'S the optimism.

    1. LaeMing

      Well,

      within 1 to 13 metres of your cell phone anyway. But your point still stands.

  17. chris 130
    Grenade

    NHS has opposite problem

    They want to save people with software that doesn't work.

    Trained people on Millennium (PAS) and Choose & Book

    Absolute crap software, not fir for purpose.

    1. Gilbert Wham

      aaaaah!

      *Please* don't remind me about PAS. I was just starting to feel better, too...

  18. Robert Hill

    So few actually know about ports here...

    The answer to the problem was apparent on page one of the article, to anyone that has had to actually port software. The second someone read "PowerPC" to "x86" port, alarm bells should have rung.

    The PowerPC arch is so different from the x86, and more importantly THE MATH LIBRARIES are almost certainly different between the compilers. Not too much different if you are adding up two-decimal currency transactions, but on successive floating point calculations the aggregate errors are most certainly going to differ.

    So the iiSi engineers probably had to do a deep dive on the respective math libraries on each compiler, and take into account various register precisions between the two architectures. Yeah, that can take a few months, easy. And frankly the salespeople of Netezza should have expected a few months lead time on something like an architecture port...

    Oh, wait - I forgot. People who actually understand the base technology aren't hired any more...

    1. BlueGreen

      not sure but...

      ... I believe that most arches these days try and mostly succeed in following the ieee flop standard(s). It is a very complex area though.

    2. Notas Badoff
      Boffin

      "The numbers", he said, "are awful."

      Thank you for stating the obvious in a way that even the continuously mystified begin start enlightenment.

      It's not the to plus too gives fore that is the problem. It is FP operations run a couple thousand times to develop one result. And then millions of those combined artfully. You have to *know* what you are doing with _each_ FP operation, and how to detect or correct for every possible aberration. Errors are cumulative.

      Quite literally real world stuff, and rounding at the end won't get you zwei vs. drei pfennigs, but rather gets you 'asia' or 'dysnomia', when you really wanted something more specific, like a particular offset on Sadozaitop.

      "A nightmare storm of blistering light seared through the blackness and ..."

    3. Dave 15

      And certainly never make it into sales or management

      Sales and management are reserved for those with no idea about technology (At least in 90% of cases)

  19. Anonymous Coward
    Grenade

    Whats the problem?......

    the CIA / Israelis don't give a #### if they chalk up massive collateral damage on targets, regardless of race, gender, religion or country!

    just so long as the general target area is blasted by lethal shrapnel.

    One hole in the ground when observed from 8km away is pretty much as any other, regardless of wether there was a class of little kids or terrorists at the impact point.

    Either way the hick that pressed the button got his kicks watching the pretty explosion and seeing all the rag dolls being blown into the next district.

    1. Matt Bryant Silver badge
      FAIL

      RE: Whats the problem?.....

      Of course, it is so much more caring and correct when the "Palestinians" instead send a suicide bomber into a Sbarro pizza resteraunt, a bar, a shopping mall or onto a bus. That way you make sure you kill random Jews at exactly the point you want to target. Well, when your target is the whole of Israel, and you view all Jews (and Israeli Christians, any tourists in the area, or any Israeli Muslims that just happen to be there) as somehow lesser human beings then I suppose your rounding error problem really doesn't factor.

      And I suppose you think it is much more noble to get a hijacker trained in the basics of flying a jumbo so you can make sure he can crash it into the right highrise building. After all, when you're trying to kill thousands of civillians, you really wouldn't want to hit anything other than an easily recognisable landmark, right? By the way, how many uniformed soldiers were killed on 9/11, compared to how many civillians?

      And, for you, it must be much more acceptable to send actual individuals with the backpack bombs onto the buses and trains, as happened on 7/7 in London. Much mroe considerate! Of course, if there wasn't a group of morally-defiiceint, fanatical murders like AQ trying to impose their relegious views on the Word then we wouldn't need to be trying targeted attacks in Pakistan/Afghanistan, and if the "Palestinians" had accepted the UN partition plan back in 1947 then they'd already have their own state and there wouldn't be a need for the Israelis to target precision strikes on those that send suicide bombers and fire rockets at Israeli civillians.

      For the uninformed or just deliberately ignorant, a CEP of 13m is considered "precision" by the military. After all, if they simply wanted to ensure a kill and didn't care about the surrounding villagers, they could always send several Tomahawks (CEP 50m with the old navigation systems, still only 10m even with military GPS due to control in the terminal dive) with 2000Lb warheads (deadly blast radius of almost a kilometer, even amongst buildings) and just flatten the whole neighbourhood. Ignoring drone missiles or cruise, a single F-15E could deliver the neccessary ordinance to wipe an entire village off the map, and the US isn't exactly short of F-15s or bombs.

      This story is about an operational neccessity (killing Jihadi suicide mission planners hiding in Pakistan villages before they can plan more missions that usually kill Pakistani and Afghanistani muslims civillians) leading to the CIA being forced to accept a software tool that could only guarantee a CEP of 13m. Whether the CIA was involved in the Netezza plan to rip off ISSi is a commercial law matter will come out in the commercial court case. The reason the CIA was pushing so hard was they needed the tool to carry on the Presidential orders of Obumbler, not some murderous whim.

      1. Dave 15

        Subtlety not required

        Would love to avoid the subtlety of targetting the nutter. If instead we target whole towns then we will both kill the nutter AND make the population so scarred of retaliation they won't put up with another.

        Personnally I would take out an entire palestinian town every time there is a strike into israel, and vice versa. Similar for afghanistan and pakistan.

        There is a problem about what to do about home grown terrorists - and these are becomming a menace - removing say Bradford from the map seems extreme, but then the muslims claim not to support the nutters but they do still turn up to listen to the preachers of death and turn blind eyes to the recruiting in the mosque.

  20. Arctic fox

    Very interesting discussion

    What is also interesting is the rather "peculiar" down-voting pattern. A few weapons techies lurking, too shy to actually post perhaps?

  21. BlueGreen

    Metacomment

    tangential, but has anyone noticed the unusual number of downvotes of the posts here?

    Probably not cia black ops but curious nonetheless.

    (and if someone could metavote me up or down that'd close the circle nicely, thanks).

    1. bluesxman
      Coat

      RE: Metacomment

      I think you're mistaken, the down-voting pattern is most likely due to a rounding error.

  22. blackworx
    Black Helicopters

    Pesky floating point errors

    I've had my share but luckily I don't make a habit of reverse engineering targeting systems on the Q.T for the C.I.A.

    Oh, and only 13 metres? Shurely your average missile is going to knock out a bigger diameter than that anyway? Then again - I suppose 13m could mean one or even two houses down, meaning fiery death at tea time for some hapless innocents and nothing more than a bad dose of tinnitus for the target.

    1. Arctic fox
      Thumb Up

      @Pesky floating point errors

      "Then again - I suppose 13m could mean one or even two houses down, meaning fiery death at tea time for some hapless innocents and nothing more than a bad dose of tinnitus for the target."

      A cogent point. Blast vectors are very strange beasts (blast structure is not conventionally symmetrical and the development of the blast from ignition appears to have some non-linear dynamics) - you do not have to be _that_ far off target (%-age wise) before your kill probability graph starts to drop a _lot_ faster than one might have thought. Bottom line is that _real_ accuracy is not an optional extra, either in terms of minimising collateral damage or in achieving the kill.

  23. John Smith 19 Gold badge
    Boffin

    For the record the IEEE standard is 754-2008

    The *original* version is 754-1985. People have had a *long* time to get comfortable with it.

    However the article "What every computer scientist should know about floating point arithmetic" in the march 1991 issue of Surveys of the ACM (Listed in the Wikipedia article references) states Power PC and Intel have implemented different *parts* of the standard. 19 years later *hopefully* their implementations are more complete and convergent.

    Robert Hill's point about FP libraries is well made. Nevertheless systems which have big chunks of FP code are *known* to have portability issues and special precautions need to be taken to preserve accuracy. these issues have been around for *decades*. I'd find it *very* hard to believe the hardware designers commissioned their own *bespoke* compiler version for their kit and hardware that could not use a 3rd party compiler because it was so *different* would defeat the whole point of using of using commodity processors in the first place.

    Note also that compliance to the standard does not *guarantee* trouble free results. We're definitely in "Numerical analysis" territory here where even the *order* of evaluating the elements of the equations can affect the answer, especially applied over 1000s (millions?) of data points with the results being fed back iteratively. Kind of like those oh-so-accurate General Circulation Models so beloved of weather forcasters and climate modellers everywhere.

    BTW AFAIK this software was a *product*, designed to be sold as a *package*, as was the next (x86 hosted) version. The hardware company *did* have an exclusive license to *distribute*, not reverse engineer to make their own mods or port it to another architecture. If they were so concerned they should have made more of effort to get one of their boxes of new hotness into the developers hands sooner.

    As others have pointed out you don't get source with AutoCAD, SAP or MS Office. For *very* valuable customers you *might* have "Software escrow" where a copy of the source is available for release *if* the company goes belly up.

    Still plenty of fail to go round.

    1. Charles Manning

      Some embedded FP detail

      If you stick to standards then you very rarely get any real portability problems. I spent many years working on GPS and the same code would produce the same results when running on ARM, x86 or PowerPC with no tweaking.

      However I have encountered some compilers for odd-ball 8 and 16-bit architectures that did not implement IEEE FP and these had problems. One in particular implemented a horrid 48-bit double that created big steps in GPS position. I would very much doubt that a drone would use anything less than 32 bits and thus doubt these would be the problem.

      It is always possible to fully implement IEEE FP in software, but this can raise problems with code size, execution speed etc. Execution speed is a very significant when you're calculating the position of a high speed object and jitter in the calculation time can kick up multi-metre position errors.

      I hunch that the biggest problems in this code were not strictly FP issues but were more likely jitter issues in the positioning algorithm. These can be fixed with Kalman filters etc, but that's not something that is easy to do under huge pressure to deliver.

      1. Frank Rysanek

        even just different x86 chipsets?

        Someone has previously reported that the code worked fine on one x86 "chipset", but not on another one. And that it was a piece of onboard hardware in the drones... yes it goes against the supposed "data harvesting" categorization of the software product. That reference to two x86 chipsets may be related to another problem, rather than the originally described FP precision issue.

        Difficult to say what the word "chipset" is supposed to mean here - whether just the system bridges, or if the CPU is implied as well. E.g., a mobile Core2 certainly has some more oomph than an Atom.

        Either way: I recall that the people making the RTAI nanokernel (for hard-realtime control under Linux) do have statistics and testing tools to evaluate a particuar chipset's IRQ latency, and it's true that even among "x86 PC compatibles" some brands and models of chipsets show reasonably deterministic responses, while other chipsets show quite some interesting anomalies in interrupt service response time. This was real news with the introduction of Intel 8xx series of chipsets, where Interrupts were delivered inband over the HubLink for the first time in x86 history, rather than out-of-band via discrete signals or a dedicated interrupt bus - so that interrupt messages were competing for bus bandwidth (time) with general bulk payload. At that time, competing "old-fashioned" chipsets such as the SIS 650 had a much better IRQ delivery determinism than the early Intel Pentium 4 chipsets. Some cases of high IRQ latencies are attributed to unaustere use of SMI by the BIOS, e.g. for software emulation of features missing in hardware... but that again tends to go hand in hand with a particular chipset, stems from BIOS modules provided by the chipmaker etc. Don't know what the situation is now, how the different later generations of Intel hardware behave, how the Geode compares for instance...

        Heheh, were (GP)GPU's involved by any chance? That's another area where floating point math can screech in its hinges...

  24. Petrea Mitchell
    WTF?

    Really, *that* Skip McCormick??

    _AntiPatterns_ has been the second biggest influence on me as a programmer of all the books I have ever read. (The top spot goes to _The Design of Everyday Things_.) I'm having trouble reconciling what I'm reading here with the voice of that book. I guess the "Fire Drill" section (see

    http://sourcemaking.com/antipatterns/fire-drill) was written by his co-author.

    1. John Smith 19 Gold badge
      Boffin

      @Petrea Mitchell

      It would seem he was describing anti-patterns from the PoV of having *implemented* some of them.

  25. Anonymous Coward
    Anonymous Coward

    Very interesting article

    Please keep this up to date.

  26. Charlie 3
    Stop

    Old story

    This story is probably familiar to every small development firm in the world. A medium size company licences your product, then sells it to a bigger company, promising shiny new features at an impossible price and expects it to work. You are expected to make it work on an impossible deadline.

    Lives are rarely at risk. Rarely.

  27. Version 1.0 Silver badge
    Happy

    Ah - but it does actually work!

    It's been know for a long time that the CIA can locate and target a cell phone signal so what the Taliban have been doing is giving a message and a cell phone to a small Afghan boy and telling them walk a short distance away before making the call.

    Then duck.

  28. Steve Medway
    Flame

    Big Endian vs Little Endian

    PowerPC vs x86.... weird results 1-to-13m differences that'll be due to the endianness of the code I expect.

    To trawl through code and ensure all your code uses the same format isn't simple a cut and paste job but it's not a mammoth unsurmountable issue either. Two months to port the code including testing seems about right to me, any less and I suspect issues would creep in.

    Here's my take on the situation:-

    1. There was no refusal to port the code even though there was no contractual obligation - IISi simply told their *Customer* you can have your code when it's ready but you can't have a hastily recompiled beta (seems pretty fair to me - a company where the techies rule I suspect).

    2. Netezza sold a product that didn't actually exist - not exactly criminal - didn't Bill G do the same with DOS, he inked the deal with IBM before he'd bought the company that actually wrote the DOS that ended up on PC's (pretty normal practice in the software Biz).

    3. Netezza did the big no-no, Sounds to me like they did a quick recompile of the PPC source on x86 rather than really actually reverse engineering the code. To reverse engineer the code would have taken longer than to properly port the real code. (This was illegal because the code wasn't Netezza's, they only had a licence to use the PPC code on on PPC hardware - x86 code on x86 hardware would requires a new licence from IISi (A Judge has already decided this).

    4. The CIA probably did give a shit about the accuracy (only at time of purchase mind you) which is why they bought the product in the first place. The trouble is that the CIA had a deadline too. That deadline had to be met, if what's ready by the deadline has some 'limitations' (never call them bugs) specified in a document they'll still be happy because their deadline was met and the audit trail complete. It really doesn't matter if the bloddy thing doesn't work because there was a 'limitations document' to go along with it.

    5. Sales people are not the most honest of people. The 'really good ones' are usually the best liars - that's how it is! They sell a fantastic product but what gets installed is a rough beta due to lack of time before a deadline which couldn't realistically be met.

    The moral of the story - Sales people are the root cause of 99% of all IT fuckups.

    1. Charles Manning

      Naaah

      Endian screw ups on FP numbers do not give 13m errors. They give solar-system scale errors.

      It is way more likely to be a reverse engineering error. When you're reverse engineering stuff like this you can often see the big picture (eg. GPS data goes in here, position data comes out here) but it is way harder to see the detail (eg. how the positions get filtered). These little details are especially hard to figure out for code dealing with movement, errors, noise etc.

    2. BoldMan

      Agreed!

      > The moral of the story - Sales people are the root cause of 99% of all IT fuckups.

      The most accurate statement on this topic so far!

  29. Zolkó Silver badge

    Eurofighter = bad !

    Where is Lewis Page when you most need him ? He who thinks the UK military should buy yankee stuff instead of expensive UK kit.

  30. Henry Wertz 1 Gold badge

    Ridiculous

    Re having the source code, AND re: "But I think it may well be the idea that someone working on spatial technology for armed UAVs was not competent in the correct way to do numerical computing without arseing up the floats and getting rounding errors."

    I don't get any impression of incompetence, except on the part of the CIA -- they were perfectly competent -- the problem is the CIA saying "Well, we need it now, we don't care if it works yet!!!" They KNEW it didn't work, IISi told them the code they had didn't work yet and refused to ship, so Netezza shipped code (which they also said was not fully functional). This was not a matter of competence, IISi said they'd need maybe two months to gloss over the floating point hardware differences so the results would be identical, and the CIA ended up getting code within a week or two. It's not incompetence when someone demands code in like 1/8th the time the developer says they need, and the code turns out buggy!

    @Daniel 1, I don't know if you fully read the article -- IISi and Netezza, neither one decided to use a cheaper chipset. And nobody lied -- they TOLD the CIA the code was not working and they decided to use it anyway. That's the ridiculous part.

  31. John Smith 19 Gold badge
    Boffin

    To correct an impression...

    "Geospatial" is a data analysis/data warehousing application.

    It is *not* an embedded system running on Predator drone autopilots or their ground based control systems.

    BTW does anyone know how big an impact closing this deal would have had on Netezza's earnings? I'm guessing the influence on what price they'd get from IBM might have had something to do with their keenness to ship what in essence was a non existent product.

  32. Ramazan
    IT Angle

    IEEE754

    Different endianness can't be the reason behind that 13m error. Similarly, I'm not convinced that different compiler can be the cause. Bugs in optimizer may be, but _very_ unlikely. Most probably just difference in FP precision, e.g. double/64 on PPC vs ext/80 on x86

  33. Justin 17
    FAIL

    Missing the point

    You're all missing the point, the software was being used to find the general area of a target. The drone strikes are not conducted against a geolocation, they're conducted using laser guided Hellfire missiles against a target. All you need is to guide the designator into the general area. 1-13 m is plenty good enough.

  34. Glyph
    WTF?

    ppc -> x86?

    Where is the overflow? x86 has 80bit fpu registers (at least for intel), and ppc has 64bit. I would have expected any problems to occur going the other direction. So what am I missing?

  35. Clive Galway
    FAIL

    @ Charles Manning

    "For example consider a hypothetical case where someone invents a new way to make parachutes twice as fast and half the cost, but there is glitch whereby one in a thousand parachutes fails to open"

    "The numbers even work for parachutists since doubling the number of people in a group way more than doubles your chances of survival".

    Wrong.

    Assuming say normal parachutes fail to open one in 2K, as a parachutist using the new type, you still have doubled the chance of suffering from failure regardless of the size of group you jump in.

    1. Apocalypse Later

      Misunderstanding

      "The numbers even work for parachutists since doubling the number of people in a group way more than doubles your chances of survival".

      I think what he was saying was that AFTER landing, a larger group of paras would have a better chance of prevailing and surviving individually than a smaller group, and the cheaper/faster parachute manufacture would make larger drops practicable.

      After all, you would expect to lose far more than one in a thousand in a live-fire operation.

  36. Pahhh
    WTF?

    Seems to me everyone is wrong

    IISi has no legal obligation it seems to try to delivery what the customer wanted in the timeframe that they needed. But they could have done. They could have given them what was being asked even with known glitches as long as there is full disclosure. Heck a "proof of concept pre-release". Its the customers responsibility to then make judgement on whether they were happy with this.

    Turns out the CIA were happy with the margin of error. Depending on its use , they might not be unethical about it either. Like a previous poster wrote, if you are dropping ordinance with a 60m radius the potential that you are going to be off target by 13m is irrelevant.

    But ISSi were bureaucratic about it.

    Netezza's response was bad but not surprising when backed into a corner.

    If I was Netezza, I would look at my contracts closely so in the future you are protected against situations like this. I would also choose partners that are willing to try their damnest who have the same level of urgency as you have.

    Given full disclosure, it is up to the CIA to decide if / when / how the technology should be used, not ISSi.

    No doubt I will get flamed for siding against the "innocant party who tried to do the right thing".

  37. Ramazan
    Pint

    @Glyph: regress or progress?

    I'd bet that x86 version is actually _more precise_ than old PPC one. And this 1-13m deviation isn't an error but an improvement

  38. asdf
    WTF?

    inept CIA should only scare the innocent

    How the hell did this story ever get out? The CIA should have taken care of the IP details on the down low properly in the first place in addition to getting the code fixed. Sad that the fact that this was never about security of the public and always was about a bunch of greedy evil baby boomers getting theirs before they face the devil. As for the FP errors the BOINC community has dealt with this with different science apps running on different platforms for the general public. I believe their are now some standardized math libraries out there that guarantee consistency across platforms at a very minor expense of performance.

  39. gollux
    Thumb Up

    Meh, what's a little collateral damage?

    Let God sort the souls. And those who miraculously survive a near strike due to SNAFU software can attribute their survival to God and feel they're really ordained to continue their fight.

  40. Ramazan
    Thumb Down

    IISi were lazy/greedy

    Netezza was able to produce a port in requested timeframe, and they weren't the original developers, mind you.

    So could do IISi of course, they just didn't want for whatever reason.

    All this buzz about 1-13m regress is a nonsense. x86 FPU can produce more precise results than PPC, and any good CS person must know that and how to accomplish that (not the case with El'Reg readers apparently).

    > "They are satisfied," Wiltshire wrote in an email to Netezza executives, adding that the customer "believes that the minor discrepancy in metrics between the 10100 and the TwinFin 12 is due to the TF doing a better job."

  41. Apocalypse Later

    Update

    Those who are agonizing about the morality of drone strikes might want to read today's stories crediting such strikes with stopping imminent Mumbai style terrorist attacks in a number of European cities. No significant collateral damage involved, apparently (unidentified individuals riding in a pickup truck with al Qaida bigwigs are target of opportunity, not bystanders).

  42. John Smith 19 Gold badge
    Flame

    To the amusing folk who think innocent bystanders don't count

    That sort of attitude makes the *relatives* of those bystanders (and most of them have a few) want to come to *your* country and and deliver the sort of indiscriminate random death (from their PoV) that the West has shown their relatives.

    IOW *Perfect* suicide bomber recruiting material.

    AFAIK the *true* precision strike weapon is the sniper.

    1 round. 1 kill.

    No civilian casualties.

  43. Matt Bryant Silver badge
    Stop

    RE: To the amusing folk who think innocent bystanders don't count

    "That sort of attitude makes the *relatives* of those bystanders (and most of them have a few) want to come to *your* country and and deliver the sort of indiscriminate random death (from their PoV) that the West has shown their relatives....." Unfortunately, the Taleban aren't a social club, they are a group of Southern Afghan tribes and have solid support amongst those tribes. That support is matched in a number of tribes in Pakistan whom consider themselves part of the same ethnic group, regardless of the international border. They would already take any opportunity to strike at us as their tribal leaders and religeous leaders have already told them we are the enemy. There is unfortunately little hope of an Anbar Awakening happening in the area so us getting all wound up about killing a few bystanders along with the AQ and Taleban bigshots is just making it easier for them to find cover.

    ".....1 round. 1 kill....." Besdes the fact that high velocity rounds that can kill at 1000m+ can over-penetrate and you get 1 round and 2 kills, or a miss and an unintended kill, the reason we're having to make drone strikes is because these hits are happening deep inside territory we just can't get snipers in and out of in time to make the kill. We are often working on reports or radio/telephone intercepts that give very small windows of opportunity. If we relied on snipers we'd probably succeed in less than 10% of instances.

    Seeing as the people we are targetting are responsible for the bomb attacks killing dozens of Afghans and Pakistani civillians every week, I suppose it can be morally balanced to say that killing a few civillians in hostile tribes saves more civillians in friendly areas of Afghanistan.

This topic is closed for new posts.

Other stories you might like