The Scariest Software Bugs and Development Nightmares in History
Sauce AI for Test Authoring: Move from intent to execution in moment.|xBack to ResourcesBlogPosted October 31, 2023
The Scariest Software Bugs and Development Nightmares in History
Tune in to hear five truly terrifying tales about how a lack of proper testing can be you time, money, or even living as you know it.
In the Halloween episode of the Sauce Labs podcastTest Case Scenario, host Jason Baum is join by testing expert Evelyn, Nikolay, and Marcus. The group dresses up in costumes, gathers around, and shares three package development repugnance stories from story. Tune in below to hear really terrifying tales of how a lack of proper test can cost you time, money, or even life as you cognise it.
Software Bugs and Testing Horror Stories | Test Case Scenario by Sauce Labs
A Computer Worm That Resulted in a Felony Conviction
Evelyn Coleman kick off the episode with a scary storey of a school experiment gone incorrect.
Cornell University graduate student Robert Tappan Morris created a computer warm — simply to testify it could be done, according to one of his friends. On November 2, 1988, Morris released the insect into the wild — not from Cornell, where he studied, but from the Massachusetts Institute of Technology (MIT) in hopes he ’ d never be caught. By exploiting weak passwords and early vulnerabilities, the insect infected an estimated 2,000 computers within 15 hours, leave the machine “ dead in the water ”, according to Harvard University ’ s Clifford Stoll.
While the worm inflict an estimated $ 10 million in damages, it also exposed vulnerabilities and spurred inquiry that improved digital security. And the ghoulish guy who unleash the worm? He received a felony conviction under the1986 Computer Fraud and Abuse Act. After serving three years ’ probation, completing 400 hours of community service, and paying a fine of $ 13,326, he landed a job at MIT in 2006, where today he works as a tenured professor.
A Careless Push to Production That Cost Millions
Nikolay Advolodkin shares another rightfully terrifying tale of package evolution proceed wrong.
He used to act for a company that was responsible for receiving web requests from digital advertisers. His team append information to the incoming web requests, so they could more easily identify their customers and get the ads more targeted. After update a 404 page, his team pushed it to production.
At the clip, they had a load haltere with three server they ’ d deploy on. After deploy it on the first waiter, things were OK. So, they began deploy it to the second. Their DevOps guy was shortly flooded with alarm. After machine-controlled tests started neglect, he asked if the team should hesitate any changes. The squad convinced him the alerts were probably just false positives, and later deployed to the last server.
Suddenly, their chat application started slow down. The net ram for not only their team, but also the parent company ’ s. After investigating, they found the page they deploy was a fewmegabyte in size — way bigger than it should have be. Hundreds of thousands of web requests were come in with every second that passed, and the company ’ s services were getting redirected to the new 404 page. The failure cost their customer zillion of dollars.
The key takeaway? Trivial changes are not always as trivial as they may seem. Always conduct the time to consider the potential wallop of your software deployments.
The Software Defect That Could Have Harmed Lives
Marcus Merrell narrate a revulsion floor about a disastrous defect with the Oklahoma State Sex Offender Registry.
The Registry countenance people to conduct queries to figure out which offenders lived nearby. At some point, someone noticed that the URL interrogation string, which included information like a person ’ s societal protection number, date of birth, and home address, look spookily similar to a SQL query. In fact, it was namedSQL string.
For at least three years,according to one publication, hackers could extract personal info from the database.
At some point, someone figured out that the database besides allowed people toupdate records— for example, to take yourself off the list or add someone to the list. Long story short, someone added the Governor of Oklahoma to the inclination of sexual offenders, says Merrell.
I think it ’ s carnival to say this bug could have cost people their lives.
Can & # x27; t get enough? Here are two more terrifying tales ...
The Malfunction That Made a Spacecraft Self-Destruct
On June 4, 1996, the European Space Agency establish theAriane 5 rocket into space.
SUSA automates exploratory testing with persona-driven behavior, catching bugs that scripted automation misses.
Just 37 seconds into its initiative flight, the projectile — which cost $ 7 billion and 10 days to build — trend off path and begin to decay, stimulate the self-destruct mechanics to activate two second later. Fiery ruble soon fell from the sky, scattering across the swamps of Gallic Guiana.
After a public enquiry, it was determined that the team & # x27; s decision to repurpose code from theAriane 4, without update the necessary values and verify their underlying assumptions, caused the failure.
In entire, the incident cost over $ 370 million in indemnification and stay our understanding of the Earth & # x27; s magnetosphere by nearly four age.
The User Error That Caused Complete Chaos for Customers
Willie Conrad once worked for a society that hosted content for large medium brand. By using & quot; tin & quot; searches stored in a MySQL database, his team made it possible for visitors to see tailored message base on the landing page they originally viewed.
When it arrive time to update the queries, Willie exported the record as a CSV file and processed it offline to generate the necessary updates.
& quot; You should have seen me go, & quot; said Willie. & quot; I was in my element — My fingers danced over the keyboard, frantically tap out ` grep ` and ` sed ` command like some kind of belowground elite hacker, about to dazzle the macrocosm with their hurrying and cunning after breaking in to the world & # x27; s most secure missile-defense scheme. The keyboard was nearly overheating from the craze. I imagine of every conceivable little detail. Single and three-fold quotation in the query string?No problem.Full UTF-8 support?You bet.Proper special character escaping?Please."
Willie require to double-check that everything seem right. The only problem was that there be X of thousands of interrogation. So, he appear at a representative sampling.
& quot; I constitute just one little oversight, & quot; tell Willie. & quot; The rattling first row of my CSV file had the * names * of the columns, instead of the actual data. & quot;
To fix the fault, Willie produced an update statement. He never mean for it to run, of course. After all, that would demolish every query in the database!
Willie confidently edit the first row and then proceeded with the update.
Soon after, Willie received a slew of email that suggested the wrong content was being served on client websites. Plumbing videos showed up on a gardening site. Investment advice appeared in the place of recipes. The emails kept coming, and his squad soon realized that all the queries be set to the literal string, & quot; QUERY & quot; — despite the fact that Willie had deleted that top row.
& quot; It was entire chaos, & quot; said Willie. & quot; I had merely destroy every single landing page, for every client in our system. & quot;
Bewildered about where he went wrong, Willie began to investigate. He observe that the CSV file had not one but two sheets. While he had deleted the maiden row from the maiden sheet, he had neglected to delete the first row from the second sheet — have all hell to break loose.
Fromthis experience, Willie come to appreciate disaster recovery drills, which make restoring from a backup faster and less error-prone. He & # x27; s also (clearly) more cautious about leverage schoolbook processing hacks.
Lesson Learned: & quot; Always Be Testing & quot;
Historically, QA teams have been underestimate, irrespective of whether they fail or succeed. If they fail, developer adopt that flawed code is inevitable. If they succeed, developers ne'er see the costly mistakes their tester have preclude. In either scenario, even the most well-intentioned teams can underestimate the importance of testing.
But these terrifying tales demonstrate that it & # x27; s critical to prevent bugs from escaping into product. If account has taught us anything, it & # x27; s that the mantra & quot; always be testing & quot; is relevant whether you & # x27; re incite to reduce occupation risk, continue your job, create your users felicitous, or husband worthful imagination.
More debugging resources
Content Marketing Consultant
Share this post
Start debugging in minutes with Sauce Labs
Deliver quality software continuously
Automate This With SUSA
Upload your APK or URL. SUSA explores like 10 real users — finds bugs, accessibility violations, and security issues. No scripts needed.
Try SUSA FreeTest Your App Autonomously
Upload your APK or URL. SUSA explores like 10 real users — finds bugs, accessibility violations, and security issues. No scripts.
Try SUSA Free
