Museum Wire
Law 0 · Katie's LawEvery system is shaped by the human drive to do less work. This is not a flaw. It is the economic force that produces all software — and all software failure.Law I · Boundary CollapseWhen data crosses into a system that interprets structure, without being constrained, it becomes executable.2026 IncidentAxios. 70 Million Downloads a Week. North Korea Inside.Law II · Ambient AuthorityWhen a system trusts the presence of a credential instead of verifying the intent behind it, authentication becomes indistinguishable from authorization.AXM-001Set Theory — Membership, Boundaries, and BelongingLaw III · Transitive TrustWhen a system inherits trust from a source it did not verify, the attack surface extends to everything that source touches.2026 IncidentClaude Code — The Accept-Data-Loss FlagLaw IV · Complexity AccretionSystems do not become complex. They accumulate complexity — one reasonable decision at a time — until no single person can hold the whole in their head.Law V · Temporal CouplingCode that assumes sequential execution, stable state, or consistent timing will fail the moment concurrency, scale, or latency proves the assumption wrong.2026 IncidentCopy Fail — 732 Bytes to Root on Every Linux DistributionAXM-002Boolean & Propositional Logic — True, False, and the Excluded MiddleLaw VI · Observer InterferenceWhen the system that monitors health becomes a participant in the system it monitors, observation becomes a failure vector.2025Amazon Kiro — The 13-Hour Outage2025Operation Chrysalis: The Notepad++ Supply Chain Hijack2025Replit Agent — The Vibe Code Wipe2025Shai-Hulud — The npm Worm That Ate Its Own Ecosystem2024Air Canada Chatbot — The Policy That Wasn't2024Change Healthcare — One-Third of US Healthcare, One Missing MFA2024CrowdStrike — The Security Update That Broke the World2024Google Gemini Image Generation — The Six-Day Pause2024XZ Utils — The Two-Year Infiltration20233CX — The Supply Chain That Ate Another Supply Chain2023Amazon Prime Video — The Per-Frame State Machine2023Bing Sydney — The Chatbot That Went Rogue2023Samsung ChatGPT Leak — The Employee Who Pasted the SecretEFFODE · LEGE · INTELLEGELaw 0 · Katie's LawEvery system is shaped by the human drive to do less work. This is not a flaw. It is the economic force that produces all software — and all software failure.Law I · Boundary CollapseWhen data crosses into a system that interprets structure, without being constrained, it becomes executable.2026 IncidentAxios. 70 Million Downloads a Week. North Korea Inside.Law II · Ambient AuthorityWhen a system trusts the presence of a credential instead of verifying the intent behind it, authentication becomes indistinguishable from authorization.AXM-001Set Theory — Membership, Boundaries, and BelongingLaw III · Transitive TrustWhen a system inherits trust from a source it did not verify, the attack surface extends to everything that source touches.2026 IncidentClaude Code — The Accept-Data-Loss FlagLaw IV · Complexity AccretionSystems do not become complex. They accumulate complexity — one reasonable decision at a time — until no single person can hold the whole in their head.Law V · Temporal CouplingCode that assumes sequential execution, stable state, or consistent timing will fail the moment concurrency, scale, or latency proves the assumption wrong.2026 IncidentCopy Fail — 732 Bytes to Root on Every Linux DistributionAXM-002Boolean & Propositional Logic — True, False, and the Excluded MiddleLaw VI · Observer InterferenceWhen the system that monitors health becomes a participant in the system it monitors, observation becomes a failure vector.2025Amazon Kiro — The 13-Hour Outage2025Operation Chrysalis: The Notepad++ Supply Chain Hijack2025Replit Agent — The Vibe Code Wipe2025Shai-Hulud — The npm Worm That Ate Its Own Ecosystem2024Air Canada Chatbot — The Policy That Wasn't2024Change Healthcare — One-Third of US Healthcare, One Missing MFA2024CrowdStrike — The Security Update That Broke the World2024Google Gemini Image Generation — The Six-Day Pause2024XZ Utils — The Two-Year Infiltration20233CX — The Supply Chain That Ate Another Supply Chain2023Amazon Prime Video — The Per-Frame State Machine2023Bing Sydney — The Chatbot That Went Rogue2023Samsung ChatGPT Leak — The Employee Who Pasted the SecretEFFODE · LEGE · INTELLEGE
Keyboard Navigation
W
A
S
D
or arrow keys · M for map · Q to exit
← Back to Incident Room
1996catastropheGovernment

Ariane 5 Flight 501 — The Integer That Destroyed a Rocket

ESA's Ariane 5 rocket self-destructed 37 seconds after maiden launch. A 64-bit to 16-bit integer conversion in the guidance system caused total navigation failure. The backup system had identical code and failed identically.

2 min read
Root Cause

Inertial reference system software reused from Ariane 4 contained a 64-bit float to 16-bit signed integer conversion. Ariane 5 was faster than Ariane 4, so horizontal velocity exceeded 32,767 and overflowed. Both primary and backup systems ran identical code.

Aftermath

The $370 million failure led to one of the most thorough software failure analyses ever published. The investigation board's report became a foundational document in software engineering education.

The Incident

On June 4, 1996, the European Space Agency's Ariane 5 rocket — carrying four Cluster satellites worth $370 million — veered off course 37 seconds after its maiden launch from French Guiana and self-destructed.

The Root Cause

The inertial reference system (SRI) software was reused from the Ariane 4 rocket. It contained a conversion from a 64-bit floating-point number representing horizontal velocity to a 16-bit signed integer. On Ariane 4, this value never exceeded 32,767 — the maximum value a 16-bit signed integer can hold. Ariane 5 was faster. The value overflowed.

The overflow caused the SRI to crash and send diagnostic data to the flight computer. The flight computer interpreted this diagnostic data as flight data, calculated that the rocket was wildly off course, and commanded the nozzles to correct — swinging them to their maximum deflection. The resulting aerodynamic forces tore the rocket apart. The self-destruct system activated.

The backup inertial reference system — the one designed to take over if the primary failed — contained identical software. It had already failed in the identical way, 72 milliseconds earlier.

The Pattern

The Ariane 5 failure is the canonical example of three compounding failures: code reuse without revalidation of assumptions (Ariane 4's speed constraints did not apply to Ariane 5), identical backup systems (redundancy without diversity is not redundancy), and a software error converting into a physical catastrophe through a chain of misinterpretation.

Why It Matters

The backup system failed identically because it was identical. This single fact has been cited in thousands of engineering courses, papers, and safety standards. If your backup runs the same code, it will fail the same way. Redundancy requires diversity — in implementation, in assumptions, in failure modes.

Techniques
integer overflowcode reuse