
Fatal Dose – Radiation Deaths linked to AECL Computer Errors (1994) - pionerkotik
http://www.ccnr.org/fatal_dose.html
======
gregmac
> She verified everything else and turned on the beam. The machine stopped and
> the computer screen flashed "Malfunction 54," a mysterious message not even
> mentioned in the Therac-25 manual.

> [...] the Therac-25 typically issued up to four error messages a day. It did
> so by displaying "Malfunction" plus a number, from 1 through 64. No
> explanation was offered by the computer nor was there any reference to the
> malfunction codes in the operator's manual. Technicians could, in most
> cases, bypass the irritating malfunctions simply by pressing the "p" key,
> for "proceed." Doing so became a matter of habit.

Even if you're not doing safety-critical systems, there are many lessons to be
learned just from this bit alone.

Use human-readable error messages, and make sure they are understandable to
the users/operators of your software (not just developers). Including a
specific error code is fine -- it can disambiguate similar errors, and make it
very easy to do a 'find all' in source to go directly to the offending spot --
but that doesn't help your user.

If you're going to allow users to bypass an error, make it deliberate. The
best way to do this is debatable, but through years of bad software, users
have been trained to dismiss popup messages by pressing OK or 'yes' or
'proceed'.

When you show an important error, make sure it's different from informational
messages or warnings. Showing users routine warnings and messages is fatiguing
and basically just trains them to always press the 'p' key.

> According to a computer system's analysis of FDA documents, the computer
> would not accept new information on a particular phase of treatment (in the
> case of both Tyler accidents, changing the x-ray mode to electron mode) if
> the technician made the changes within eight seconds after reaching the end
> of the prescription data. That's what Malfunction 54 meant.

Consider if they had actually tried to show an error message for this (or even
document what it meant). Something like "Data on screen does not reflect
actual parameters being used. Proceed?" Hopefully at some point during
development, someone would question that: "why are we allowing them to proceed
in this case?" "If we can detect that is the case, why even show this as an
error, instead of just updating the parameters?"

~~~
couchand
"why even show this as an error?" is one of my favorite questions. It's the UI
equivalent of "make illegal states unrepresentable".

> Use human-readable error messages, and make sure they are understandable to
> the users/operators of your software (not just developers). Including a
> specific error code is fine -- it can disambiguate similar errors, and make
> it very easy to do a 'find all' in source to go directly to the offending
> spot -- but that doesn't help your user.

Yes. Remember, however, that much software needs to be localized, even if the
initial developer didn't think to. Error codes are much better than hard-coded
English-language error messages; map them to a message at the last possible
moment.

~~~
ryacko
I think thirty bytes of ASCII text was too expensive, as opposed to
translation prices which might be much cheaper.

------
jonawesomegreen
I went to an engineering school in Canada for Electrical/Computer Engineering
and this was an example of engineering failure we studied in a course about
software quality assurance and engineering ethics. Not sure if its widely used
as a case study outside of Canada, but it really stuck with me. Especially
when designing critical systems.

There are two types of reactions to the Therac-25 story.

1) We need to put a lot of process in place to review and test and ensure we
have proper interlocks in place.

2) They just didn't have enough talent on the team. It couldn't happen here.

You want some people with reaction 1 working on a safety critical system.

~~~
noir_lord
I'd say there are 3 with the third been

3) I'd never work on life critical medical (or anything else) software, I know
I fuck up and even the best can (and I'm not).

I simply wouldn't want it on my conscience that an easily preventable error
(in hindsight) hurt someone.

~~~
URSpider94
This is why Quality is such an awesome field. It's all about how a group of
smart, skilled, but fundamentally fallible people can build a product with an
arbitrarily high level of safety. If it's done properly, no one individual
should be able to create a bug that can cause a failure like this.

~~~
mcguire
For a second there, I thought you were about to quote the best QA job opening
I ever saw: "Want to work with fun, smart people? And make them cry?"

------
Ensorceled
I worked at a medical imaging company in Toronto in the 80's and 90's.
Therac-25 was very much top of mind for all companies in our industry and
changed everything from how we did Design, Development and QA to how the FDA
reviewed and approved devices running our software.

~~~
matt4077
It was one of the standard examples in my introductory computer science
classes, along with the Ariane overflow and the inaccurate system clock on
some missile defence system that got a bunch of soldiers killed in Iraq when
someone missed the scheduled restart hack.

~~~
ceejayoz
The missile defense system issue:

[https://en.wikipedia.org/wiki/MIM-104_Patriot#Failure_at_Dha...](https://en.wikipedia.org/wiki/MIM-104_Patriot#Failure_at_Dhahran)

> The Patriot missile battery at Dhahran had been in operation for 100 hours,
> by which time the system's internal clock had drifted by one-third of a
> second. Due to the missile's speed this was equivalent to a miss distance of
> 600 meters.

------
hammock
I wonder about the increasing use of x-rays in non-medical applications.
Industrial applications, or even with the public- like the backscatter
machines that TSA and police forces use. Therac-25 seems to be the only story
we have where something went wrong - but what are the chances a bad thing
could happen, or already happened, in another machine?

TSA employees are not permitted to wear dosimeters[1], which makes it hard to
detect these things. Scientific American, the most established magazine in the
US, is among respected bodies that have recommended dosimeters for
accountability reasons.[2]

There are also extremely infrequent (and sometimes rigged) studies done on the
equipment, and they often find dangerous conditions. For example:

>Doses for some of the baggage screeners exceeded the maximum dose for the
public.... Some EDS machines were not well maintained (i.e., they had bent
curtain rods and missing curtain flaps).... Most EDS machines emitted low
levels of radiation; a few exceeded regulatory limits.[2]

[1][https://www.tsa.gov/blog/2011/06/30/tsa-cancer-cluster-
myth-...](https://www.tsa.gov/blog/2011/06/30/tsa-cancer-cluster-myth-buster)
[2][https://www.scientificamerican.com/article/airport-
screeners...](https://www.scientificamerican.com/article/airport-screeners-to-
be-monitored/?redirect=1)
[3][https://www.cdc.gov/niosh/hhe/reports/pdfs/2003-0206-3067.pd...](https://www.cdc.gov/niosh/hhe/reports/pdfs/2003-0206-3067.pdf)

~~~
toss1
TSA Officers aren't permitted to wear dosimeters on the job.

PRetty damning, if you ask me.

Here's their fationale from teh FAQ in the linked article [1]

"Q: Why aren’t your officers permitted to wear dosimeters?

A: There is a really good reason for this. The emissions from our X-ray
technology are well below the requirements that would require their routine
usage. To help reassure passengers and employees that the technology is safe,
however,health physicists with the U.S. Army have been conducting area
dosimeter surveys at multiple airports nationwide."

This is at best massively flawed reasoning by the TSA, and at worst a
deliberate misleading rationale.

1) While the NORMAL dosage is of course well below any level that would make a
dosimeter useful, a dose from a malfunction or bent/broken/missing shield
panel could easily exceed dosimeter detection thresholds.

2) Spot checks are nice, but unless they are very frequent, they could easily
miss a malfunction and leave it overdosing agents and people for a long time.
Even if inspections are every 6 months at every airport station, that will
leave a malfunction overdosing people for on average, three months.

3) Detecting, identifying, and repairing a malfunctioning system could be done
much sooner and at lower cost by using dosimeters, either on employee
volunteers or just hanging them on the chairs & workstation surrounds.

It is this kind of frankly stupid stick-your-head-in-the-sand reasoning that
breeds distrust of governments and the companies that supply them.

[1] [https://www.tsa.gov/blog/2011/06/30/tsa-cancer-cluster-
myth-...](https://www.tsa.gov/blog/2011/06/30/tsa-cancer-cluster-myth-buster)

~~~
gridlockd
I'll give them the benefit of the doubt and say this is poorly worded. TSA
officers also aren't permitted to hygrometers on the job. Why? Because there's
no point to wearing a hygrometer as a TSA officer. Unlike with the dosimeter,
that doesn't need to be spelled out.

That doesn't mean they aren't allowed to perform dosimeter readings _at all_ ,
it just means it's not acceptable to carry this equipment around all the time.

> While the NORMAL dosage is of course well below any level that would make a
> dosimeter useful, a dose from a malfunction or bent/broken/missing shield
> panel could easily exceed dosimeter detection thresholds.

Do you actually _know_ that these could be harmful, or is it just a suspicion?

~~~
toss1
I won't give them the benefit of the doubt on poor wording (they have plenty
of time and resources to get it right).

As far as we know, there is no general ban on wearing instrumentation of any
other on the job, unless it is somehow clumsy and would interfere with their
duties or the appearance of their uniform.

In contrast, the simplest dosimeter is typically a very small patch of
photographic paper in an envelope opaque to visual light but transparent to
harder radiation (towards the gamma end of the spectrum). It is like an inch
square, or like a typical nametag, easily worn in a shirt pocket, no more
visible to anyone else than a credit card in the shirt pocket.

The only plausible reason to forbid this is to prevent any kind of
whistleblower event.

Of course I do not know the actual levels of radiation inside each machine or
all of their possible failure modes. However, we do know

1) high-energy radiation dosage is cumlulative -- each day's dose adds up, so
if you have 1/100th of a critical dose each day in a workzone, in less than
four months, you should be banned from that work zone. This is the way it
works in many facilities dealing with radiation sources, and everyone wears
dosimeters which are checked, and people are reassigned when the total dosage
exceeds the prescribed level.

2) There are medical limits on how many x-ray and CT-Scan procedures are
allowed for patients, again due to the cumulative nature of radiation
exposure. Even with the very low-doses of modern machines, these are a concern
and are tracked (I know this from the experiences of several close family
members).

3) The TSA machines do produce sufficient radiation in their beam to fog
ASA800 and higher film. This is definitely a non-trivial dose. Tho obviously
not lethal in a single dose (e.g., if you rode through the machine), it is
significant. If an interior shielding panel is bent or somehow mis-installed
during manufacturing, maintenance, or repair, it is entirely plausible that
people working regularly in the area of the leaking radiation could be
overexposed.

So, no, this is not even close to mere suspicion or Luddite "ooh radiation
bad" \-- and yes, we do know that these _could_ be harmful, especially over
extended periods.

I hope you are not an employer with that attitude.

~~~
gridlockd
> As far as we know, there is no general ban on wearing instrumentation of any
> other on the job, unless it is somehow clumsy and would interfere with their
> duties or the appearance of their uniform.

Who is "we"? Aren't you just pleading ignorance here? What do really you know
about what TSA agents can and can't wear? Anything can "interfere" with the
_appearance_ of a uniform, including a "small photographic patch".

> The only plausible reason to forbid this is to prevent any kind of
> whistleblower event.

Then why do they do allow third party monitoring?

Having further looked into this, the page you posted is outdated and they
ended up handing out dosimeters themselves:

[https://www.livescience.com/36079-airport-security-
screening...](https://www.livescience.com/36079-airport-security-screening-
personal-radiation-monitoring.html)

The result was negative. Of course you can't _prove_ a negative, maybe there's
radiation somewhere else where they _didn 't_ look...

> 2) There are medical limits on how many x-ray and CT-Scan procedures are
> allowed for patients, again due to the cumulative nature of radiation
> exposure.

> 3) The TSA machines do produce sufficient radiation in their beam to fog
> ASA800 and higher film. This is definitely a non-trivial dose.

According to: [https://www.radiologybusiness.com/topics/business-
intelligen...](https://www.radiologybusiness.com/topics/business-
intelligence/tsa-tests-radiation-scanners-acceptable-levels)

 _" TSA claims the “backscatter machines” cannot produce more than 0.005
millirem of radiation per scan. In comparison, the agency says, a chest x-ray
exposes patients to 10 millirem of radiation, and the maximum recommended
exposure to radiation from man-made sources is 100 millirem per year."_

That would mean that if you had a machine that was _completely unshielded_ ,
you would have to perform 2000 scans to get the equivalent of a chest X-Ray.
Compare that to the radiation exposure of your average flight attendant.

~~~
toss1
>> Anything can "interfere" with the appearance of a uniform, including a
"small photographic patch".

Not if it is _inside_ your pocket. Get real.

>> Then why do they do allow third party monitoring?

Obviously because they can control when it is done as well as how the results
are distributed, or not distributed.

>> " TSA claims the “backscatter machines” cannot produce more than 0.005
millirem of radiation per scan. In comparison, the agency says, a chest x-ray
exposes patients to 10 millirem of radiation, and the maximum recommended
exposure to radiation from man-made sources is 100 millirem per year."

>> That would mean that if you had a machine that was completely unshielded,
you would have to perform 2000 scans to get the equivalent of a chest X-Ray

1) this assumes that the "0.005 millirem per scan" is the total output of the
machine, including all radiation absorbed by the lensing & shielding. We do
not know if this figure is the total generation output, or only the total
amount put to the target & receiving sensors.

2) one thing we do know is that the radiation will NOT be scattered evenly;
there will be lobes and hotspots and cold spots.

3) even if we assume .005millirem/scan, at the rate of two/minute, that's 1000
minutes to get a chest x-ray, or 16 hours, basically two work days. In LESS
THAN ONE MONTH, they are over the yearly dose.

More importantly, this is only counting the backscatter machines that are
specifically designed for super-low doses as they are specifically irradating
people.

This does NOT look at the luggage scanners, either for carry-ons or for
checked luggage, which likely have much higher outputs.

Finally, even if your arguments are correct and there is truly no risk, there
should be no problem at all for officers to wear their own dosimeters -- the
results would merely be putting their minds at ease that they are not getting
exposed.

Thus, we are back to the only reason to prevent officers from wearing
dosimeters is an attempt to control the information and prevent whistleblowers
and/or lawsuits.

Again, I sincerely hope you are not an employer with this attitude.

~~~
gridlockd
> Obviously because they can control when it is done as well as how the
> results are distributed, or not distributed.

Let's apply some Occam's Razor here.

I am led to believe they _know_ that these machines are harmful and therefore
they are carefully orchestrating all testing of these devices by, among
others, all of the following parties: "U.S. Army Public Health Command, the
Food and Drug Administration’s (FDA) Center for Devices and Radiological
Health (CDRH), the National Institute of Standards and Technology (NIST), and
the Johns Hopkins University Applied Physics Laboratory (APL)".

That's all done to prevent some sort of mass lawsuit, which might cost the
United States some money.

The simpler explanation is that TSA rules are simply really strict, because
that's just how TSA rules are.

[https://www.quora.com/Are-TSA-screeners-permitted-to-wear-
ra...](https://www.quora.com/Are-TSA-screeners-permitted-to-wear-radiation-
exposure-badges)

The rules don't have to make _sense_. There's a whole lot about the TSA and
its procedures that doesn't make sense.

> We do not know if this figure is the total generation output, or only the
> total amount put to the target & receiving sensors.

I'm content with the description given that these machines "cannot produce"
more than that. You can do your own research on the matter.

> 3) even if we assume .005millirem/scan, at the rate of two/minute, that's
> 1000 minutes to get a chest x-ray, or 16 hours, basically two work days. In
> LESS THAN ONE MONTH, they are over the yearly dose.

...assuming _no shielding whatsoever_. You would hope that after two months
without shielding on the device, _someone_ might notice. Even then, such
exposure would be well below the occupational limit for radiation workers
(5000 millirem):

[https://ehs.stanford.edu/manual/radiation-protection-
guidanc...](https://ehs.stanford.edu/manual/radiation-protection-guidance-
hospital-staff/maximum-permissible-occupational-doses)

> This does NOT look at the luggage scanners, either for carry-ons or for
> checked luggage, which likely have much higher outputs.

Fair enough, but you picked an article that was specifically concerned with
those backscatter devices.

~~~
toss1
>>I am led to believe they know that these machines are harmful and therefore
they are carefully orchestrating...

That's not even close to the simplest explanation. Far simpler is that they
are careless, clueless, and paranoid, and don't want anyone finding out
something bad on their watch. Or they just don't want to allow anyone to get
concerned.

>> The rules don't have to make sense. Unless we're living in a Kafka or
Vonnegut book, they are supposed to have actual reasons and make sense.

Calling out one particular type of measuring device, which happens to measure
the one plausible type of hazard in that workplace, yeah, that's suspicious.

>> .assuming no shielding whatsoever. Does not assume no shielding whatsoever,
only a plausible hotspot or focus. The point is that the potential dosing is
in the range of values that could cause a hazard, and even at 10% of that
value, would be overdosing within a year. It is not like it is totally off the
scale (as are many of the public's fears).

>> You would hope that after two months without shielding on the device,
someone might notice.

Yes, you would hope that. However, if you've ever read reports on industrial
issues, you'll find that far worse and more noticeable hazards go
unnoticed/unfixed for YEARS at a time before they get around to killing
someone. And this sort of low-level radiation is particularly pernicious, as
it is completely unnoticeable until after it is too late.

The simple solution is, assuming that these machines are largely safe (which I
generally expect), is to say "you can buy dosimeters on your own dime and wear
them if you like, just keep them out of sight in your pocket while on duty. If
anyone gets any unexpectedly high readings, we'll investigate, but remember
since you haven't got a chain of custody around the meter, it'll be only the
beginning of an investigation, not immediate acceptance of your results."

Ye, it may turn out to be bit more work, but it shows you're on the side of
worker safety, and on the road to getting things fixed. Mostly, it'll quell
any fear and likely cause no one to wear one.

With the rules as it is, I'd be damn sure to sneak dosimeters into my clothes
while working there.

------
dev_dull
> _The hospital staff, physicist Fritz Hager, and his technician, who had
> worked the machine in both accidents, stayed at the console long after
> everybody else had gone home for the weekend, typing and retyping the
> prescription into the computer console, determined to re-create Malfunction
> 54._

Thank God for the curious minds of this world, the people who have he patience
and dedication to reproduce bugs.

~~~
mortb
Yes, it seems that this hospital staff were the testers that AECL should have
had themselves. A great tester is curious, imaginative, dedicated, patient and
worth a good salary.

------
FiatLuxDave
A cobalt machine killed a patient just a few days ago, in Voronezh, Russia.
The patient was crushed between the movable treatment table and the
collimator. As far as I can tell from the limited information available on the
web, the problem was not software but rather a stuck manual switch.

Sorry for linking the daily fail, but the only articles I can find in English
seem to be in UK tabloids:
[https://www.dailymail.co.uk/news/article-7066289/Cancer-
pati...](https://www.dailymail.co.uk/news/article-7066289/Cancer-patient-
crushed-death-malfunctioning-radiation-treatment-machine-Russian-
hospital.html)

по-русски:
[https://dni.ru/regions/2019/5/23/424405.html](https://dni.ru/regions/2019/5/23/424405.html)

~~~
wolf550e
That's kinda like being killed by jacked up car crushing person working on the
car underneath. Nothing to do with radiation or software. With a static device
where operator does not position the jack, the cause would be lack of
mechanical maintenance or material failure (unlikely).

~~~
jschwartzi
The failure mode of the switch contributed to this accident, and a switch
which does not exhibit this failure mode should have been used if possible. If
not possible, then the switch should have been moved through a test actuation
before reaching a position where the failure mode causes the patient to be
killed. This test actuation should be performed each time the table is moved.
Finally, the pathway that the switch passes through should be periodically
cleared of debris and the switch tested on a regular basis. If the test
actuation fails(indicating switch failure) then the table should reset to a
safe position.

As an aside, every time I step on the treadmill at the gym I check that the
emergency stop button works and that the incline down and speed down buttons
work. I have been stuck on a treadmill which I couldn't stop or slow down
before.

~~~
jdsully
All mechanical devices will fail eventually. While a test actuation might
reduce the risk somewhat - its not going to be a sure thing. Remember the
table didn't kill the last patient that stepped on it - why would anyone
suspect the switch would fail now.

Mechanical failures need to be dealt with differently than software. Parts
must be replaced _before_ they fail. Even if they appear to work correctly.
Software doesn't wear out so its a whole different ball game.

------
scandox
> The truth is that any software program will probably contain one error for
> every 500 lines of code. The Therac-25's software program, relatively crude
> by today's standards, probably contained 101000 lines of code. At one error
> for every 500 lines, that works out to the possibility of twenty errors.

200 errors I think.

~~~
cr0sh
Is it?

Look at the rest of the document. It is almost clear from the errors you can
find throughout the document that this "report" was posted from some original
hard copy run through some form of OCR.

I think this is a particular example of it. Why the number of LOC is 101000?

Maybe the OCR interpreted a bad comma from scanning as a "1", in which case
the number would have read 10,000 LOC - and thus "twenty errors".

As another glaring example of this OCR issue, look for this line:

> "There were [.4ECL] people sitting in our offices telling us it [the
> Therac-25] couldn't hurt anybody when they knew it could."

"[.4ECL]"?

It should read "[AECL]" \- but the scan or the copy it was scanned from
probably had a small break on the arm of the "A" \- which the OCR interpreted
as ".4"

You can find other small anomalies like this elsewhere in the document if you
look for them. They kinda bugged me, but I could tell from the pixels what was
going on.

;)

EDIT: My own mistakes fixed...sigh

~~~
dredmorbius
The author, Barbara Rose Wade, has a website (a copy of story with the same
artifacts is there), and a twitter account. Might ask if the has a copy or
scan on the original. (I'm not on Twitter.)

[https://twitter.com/BarbaraWadeRose](https://twitter.com/BarbaraWadeRose)

------
ducttape12
I remember hearing about this case in college. My professor's point was don't
trust software alone. Always include hardware safe guards when it comes to
safety.

~~~
IfOnlyYouKnew
> Always include hardware safe guards when it comes to safety.

What does that actually mean? Maybe in the Therac-25 case the maximum dosage
could somehow have been limited by a hardware dial in addition to software.
But what form would hardware safeguards take for the millions of decisions
software makes every second on a starting rocket? And considering hardware has
far higher failure rates than no-moving-parts software, wouldn't any system
that lets hardware dominate software decrease safety?

~~~
ClassyJacket
I don't know exactly but the previous generation model had the hardware
interlock that would have prevented this problem so it is possible.

From Wikipedia:

"One, when the operator incorrectly selected X-ray mode before quickly
changing to electron mode, which allowed the electron beam to be set for X-ray
mode without the X-ray target being in place. A second fault allowed the
electron beam to activate during field-light mode, during which no beam
scanner was active or target was in place.

Previous models had hardware interlocks to prevent such faults, but the
Therac-25 had removed them, depending instead on software checks for safety."

------
joering2
This article/site keeps coming back to HN often and I cannot stop reading it.
It reads like a novel - very sad but very good writing. I hope one day we will
see the movie about the issue described.

------
lpage
Previous discussion of the same article [1]

Discussion of another good article on the Therac-25 (with pictures of the
machine) [2]

[1]
[https://news.ycombinator.com/item?id=7992548](https://news.ycombinator.com/item?id=7992548)

[2]
[https://news.ycombinator.com/item?id=12201147](https://news.ycombinator.com/item?id=12201147)

~~~
dang
Also, 2018:
[https://news.ycombinator.com/item?id=17740292](https://news.ycombinator.com/item?id=17740292)

2015:
[https://news.ycombinator.com/item?id=9643054](https://news.ycombinator.com/item?id=9643054)

2014:
[https://news.ycombinator.com/item?id=7257005](https://news.ycombinator.com/item?id=7257005)

2010:
[https://news.ycombinator.com/item?id=1143776](https://news.ycombinator.com/item?id=1143776)

------
mortb
I think this story is not as much a story about a software bug as it is a
story about off hand accident management. If AECL had earlier been more humble
and determined to find the errors maybe they would have? It seems jaw
dropingly ignorantly handled. Why did it have to take so much time and several
people dead before serious effort was put in to find the issues?

------
tantalor
_the staff at Princess Margaret Hospital in Toronto had decided to... measure
all doses of radiation in the beam and, in a fraction of a second, stop
excessive doses before they could reach the patient_

Astonishing this basic safety precaution was not already in use. Do modern
devices do this?

I guess nobody thought about Murphy's Law.

~~~
randlet
Modern linear accelerators (linacs) all have an ion chamber in the beam line
(2 actually I think) to measure the instantaneous output of the machine.

------
scblzn
Nearly the same happened in France years ago :
[https://www.thelocal.fr/20130130/doctors-jailed-over-
cancer-...](https://www.thelocal.fr/20130130/doctors-jailed-over-cancer-
radiation-scandal)

------
Tistel
When I did CS ~20 years ago in Canada this was part of the curriculum (SE
class IIRC). I still reference it when I see reckless decisions being made.

------
baybal2
Quote:

> there have been complaints in the high-tech community that software
> documentation is hampering competitiveness

------
fitzoh
Oh good, the submission title was updated to match the article title and
become less useful.

The previous title noted that this was bout the Therac-25.

~~~
dang
Readers are smart enough to figure that out. It's mentioned in the first
paragraph, after all.

It's good when not every title is completely obvious. It makes readers work a
little and gets the brain out of internet reflex mode.

[https://hn.algolia.com/?query=by:dang%20%22work%20a%20little...](https://hn.algolia.com/?query=by:dang%20%22work%20a%20little%22&sort=byDate&dateRange=all&type=comment&storyText=false&prefix=false&page=0)

~~~
dredmorbius
Therac-25 is among the less clickbaity, knee-jerky clarifcations I can think
of, FWIW.

~~~
dang
It's not about clickbait in this case. It's more like not giving away the
answer to a puzzle. The puzzle itself is a good thing. It jigs us out of the
mode in which we expect everything to be instantly explained. I can't prove
it, but I believe that when operating in that mode, we are more likely to have
predictable responses.

Also, there's a historical aspect to this. We don't need, and needn't presume,
to rewrite the titles of classic articles.

~~~
dredmorbius
I'm a firm believer in providing adequate and sufficient contex. Difficult
enough given HN's 80 character subject field -- I've wordsmithed numerous
submissions to fit. I've also stuck with numerous poor original titles with
gritted teeth knowing HN's policies, sometimes addressing the ambiguity in a
clarifying comment. And I've noted clickbait innumerous emails to HN, some of
which you agree with, some not.

And yes, this is art not science: aimed at effect.

The Therac case study has acquired a recognition the contemporaneous article
(and title) wouldn't have experienced -- the company name was then the more
notable signifier. AECL has been far eclipsed by its most notorious product.
Today, "Therac-25" should lead, on the same basis as "AECL" did in the
original.

I'm generally a follower of Jacob Nielsen on microcontent:

 _Well-written, short text fragments presented out of supporting context can
provide valuable information and nudge web users toward a desired action._

[https://www.nngroup.com/articles/microcontent-how-to-
write-h...](https://www.nngroup.com/articles/microcontent-how-to-write-
headlines-page-titles-and-subject-lines/)

Mrtimer J. Adler does not _fully_ condemn content concealment in book tables
of contents, but his lips are clearly pursed, and nose wrinkled:

 _It used to be a common practice, especially in expository works ... to write
very full tables of contents, with the chapters or parts broken down into many
subtitles indicative of the topics covered. Milton, for example, wrote more or
less lengthy headings, or "Arguments," as he called them, for each book of_
Paradise Lost. _Gibbon published his_ Decline and Fall of the Roman Empire
_with an extensive analytical table of contents for each chapter. Such
summaries are no longer common.... [P]ublishers have come to feel that a less
revealing table of contents is more seductive than a completely frank and open
one. Readers, they feel, will be attracted to a book with more or less
mysterious chapter titles-they will want to read the book to find out what the
chapters are about. Even so, a table of contents can be valuable._

\-- _How to Read a Book_ , p. 33.

The same argument applies to article titles at HN.

You've made the case (and commented on comunity failings) for defusing titles
on hot-button subjects. That's valid.

This isn't that circumstance.

Pandering and information concealment as a deliberate policy, again _not_ the
case for the article as initially written, in the cotext of its time, is
overtly manipulative, to no real gain.

Please don't do that.

------
stuaxo
This sort of thing is why I don't go through airport scanners.

~~~
JudgeWapner
you don't go through airport scanners in 2019 because of crappy software
written 30 years prior?

