Tuesday, December 01, 2009

Warming-Gate Just Gets Worse; Will Doyle Notice?

It isn't just "tricking" inputs, nor smashmouth "peer review", nor data which was dumped.

It's also in the programming-code, as Cramer found out at Volokh.

Remember that the Wisconsin Legislature will be considering a bunch of Doyle's 'Global Warming Prevention' legislation in January.  This will be expensive stuff--just like the budget--and will most likely cause a number of businesses to think VERY serioiusly about leaving Wisconsin.  Think Jimbo cares about this?

There are four major classes of such bugs known definitively to be in the code.

1) Use of static data or static places: This means the code sometimes stores things in a particular place, but always the same place. If two instances of the code are ever running at the same time, they will step on each other, producing incorrect output. This is the least serious, as someone could simply assure us that they never ran two instances at once. We’d have to trust them on this, but under normal circumstances, that wouldn’t be a disaster.

2) Failure to test for error conditions. In many places, the code fails to test for obviously insane error conditions but just goes on processing. That means that if the input is somehow fundamentally broken, the output may be subtly broken. Again, we don’t have the input to retest.

3) Reliance on the user to select the correct input sets. The code relies on the user to tell it what data to process and doesn’t make sure the data is correct, it must trust the user. CRU had data sets with identical names but fundamentally different data. There’s no way now to be sure uncorrected data wasn’t used where corrected data was appropriate or that data wasn’t corrected twice.

4) Reliance on the user to select the correct run-time options. During the run, many of the programs relied on the user to select the correct options as the run progressed. The options were not embedded in the results. A single mis-key could cause the output to be invalid.

Unfortunately, these types of defects combine in a multiplicative way. A mis-key during a run could result in subtly bad input that could cause an error condition that’s not detected resulting in radically bad output that’s not detected because of lack of input validation ...

And there's probably more.  So maybe--just maybe--the (D) folk, both in the Wisconsin legislature AND in Congress, should call off their plans to save the planet for a bit.

No comments: