who I? Welcome, dear reader, to another installation of Who, Me? in which, for your glee, we tell tales of Regizens who wreak havoc – either by their own design or by others – but mostly escape unscathed.
This week’s hero, whom we’ll rewrite as “Sedgwick,” worked as a systems engineer in the R&D department of a large pharmaceutical company. The company was then in a feverish race (perhaps literally) against a giant competitor to find a breakthrough drug to treat a specific disease.
Roger that? Systems essential, downtime bad.
The company had just upgraded its “minicomputer-based system that performed simultaneous data acquisition and reduction for many channels of chemical analysis instruments,” and Sedgwick was tasked with training users on its operation.
The customer was already using a turnkey version of the system. The upgrade allowed for far more fine-grained control and access to the underlying system. The multi-user system had an account for each user, and each account was assigned a numerical privilege level. Each command had at least one required permission level, and sometimes two. For example, to kill one of your own programs, medium permission was required, but to kill any program in the system, highest was required. As Sedgwick puts it, “Of course, with so much power at his fingertips, the system manager needed training or else chaos could ensue.”
Indeed, Sedg. In fact it might.
Once everything was up and running – with live data, we should add – the system manager asked for a demonstration of the permissions system.
Of course, Sedgwick created an account for himself with medium-level access, which shouldn’t be able to kill many programs on the system. That’s only reasonable.
And for the demonstration, he also created a dummy high-level process that his demo account couldn’t finish, but of course it wouldn’t have any effect if the demonstration went wrong, yes?
That sense of foreboding you have? Read on because Sedgwick gave the orders to kill them Main process for coordinating data collection – on live data – knowing that the system would never allow such a thing.
Unbeknownst to poor, poor Sedgwick, the latest overhaul of the system had introduced a bug – which was soon to be patched – in the command privilege tables.
At this point, we’re assuming readers are familiar with the unit of time known as an “ohnosecond,” which defines the elapsed time between making a mistake and realizing you made a mistake.
Not much more than a single hour before the first angry chemists banged on the windows, wondering where their work had gone.
Sure, it was hardly Sedgwick’s fault there was a glitch in the system. But his confidence that there was no such mistake was utterly misplaced. Always assume there is a bug.
In the end, both the company Sedgwick worked for and his competitor were breakthrough by a Swedish corporation and eventually merged. If it wasn’t for a fatefully killed trial…
Have you ever changed the course of history with the push of a button? Prevented (or hastened) a major advance through accidental heroism? Tell us all about in an email to Who? Me and we can share your story. ®
https://www.theregister.com/2022/11/07/who_me/ Bravado changed the course of pharmaceutical history • The Register