Re: a system that fails spectacularly
On Dec 7, 2005, at 2:17 PM, Poul-Henning Kamp wrote: Some of us have been trying to drive this point though for some time: 99.99% of all programmers have no idea what a leap-second is. 100.00% of everybody live on a planet whose rotation is slowing by a couple of milliseconds per day per century. I'm sure we could identify a wealth of other issues upon which some large majority of programmers, engineers, system designers and other agents for technological change share a lack of vision. The question remains whether a leap second (or other obscure fact of the universe like - say - general relativity) is (a) physically necessary and is (b) pregnant in implications for humankind. All proposals being entertained agree that leap seconds (or 3600 packaged as a leap hour) are physically necessary. The question is whether the implications can be ignored. I assert not. "Some of us" - that is, you - assert that no possible harm can come to billions of people and millions of intertwined technological systems from allowing leap seconds to pile up over the course of centuries. Your position isn't a point to be driven home, it is a complex topology of ramifications that we would be far closer to understanding if we actually pursued the obvious risk and cost/benefit analyses. And these are the people who program the technology that runs our civilization. Might not education be a more appropriate cure for ignorance? Start by making the ITU document public. Think about it next time you press a button. Think about general relativity and big blobby terrestrial planets the next time you're zipping along at a couple hundred meters/second, 10 kilometers up in a metallurgist's realization of an aerodynamicist's dream. Shall we seek ways for the metallurgist to ignore solid state physics or the airframe designer, fluid dynamics? The Earth rotates. For some purposes, some people can ignore this. For other purposes, other people can't. Deciding the implications requires actual thought and planning. Is this really a radical notion? Rob Seaman National Optical Astronomy Observatory
Re: a system that fails spectacularly
On Wed, 7 Dec 2005 14:35:04 +, "David Harper" <[EMAIL PROTECTED]> said: > Rob Seaman wrote: > > I don't know whether to be more embarrassed for the company or for > > the international standards process. How many companies claim ISO > > 9000 conformance? If they don't comprehend the requirements of > > international standards pertaining to their products, how likely is > > it that they comprehend their customers' requirements? > > I am reminded of the Dilbert cartoon from way back when, in which the > pointy-haired boss is talking to a potential customer. > > > Customer: "Your product looks good, but you can't be our supplier unless > yoru company is ISO 9000 certified." > > PHB: "So ... you don't care how bad our internal processes are, as long > as they're well-documented and used consistently." > > Customer: "That's right." > > PHB: "Our documented process says I must now laugh in your face and > double our price." > > > I think says everything you need to know about ISO 9000 in the real > world. > > David Harper > Anyone know where I can get a copy of this Dilbert cartoon? I've been asked to do some software testing and validation using ISO 9000 certified processes (whatever that means) and would love to use this as the first slide in my presentation... -- Conrad __ Stellar Science Ltd. Co. - "Stellar Scientific Software Solutions" [EMAIL PROTECTED] 1-877-480-4950 www.stellarscience.com
Re: a system that fails spectacularly
In message: <[EMAIL PROTECTED]> "Poul-Henning Kamp" <[EMAIL PROTECTED]> writes: : ISO9000 certification only means that you have documented your : quality assurance process. : : There is no requirement that your documentation pertains to : or results in a quality product. : : One of the Danish ISO9K consultants used to bring a ISO9000 : certification case along to explain this to companies: It was : basically the entire ISO9000 process for a small company written : on one page of paper and the essence was "We don't gove a hoot about : quality". : : The information that company X is "iso9000 certified" only conveys : one bit of information: The company has a quality policy. : : You still need to read their quality policy to know what it is, : and on average, the ISO9000 certified ones contain less usable : or even readable information, than the other kind. ISO 9000 only requires like 3 or 5 documents. Small companies can comply with just a notebook that contains these documents, assuming that the quality policy doesn't require more... Warner
Re: a system that fails spectacularly
In message <[EMAIL PROTECTED]>, Brian Garrett writes: >And you've gotta love the interpretation of UTC as "Universal Time Code" in >the Canadian report. If they don't understand what UTC is, or at the very >least understand that their users are going to be confused by their >misleading use of the acronym, it's hardly a surprise that a leap second is >going to pull the rug off their code and expose the bugs they've swept >underneath it. Some of us have been trying to drive this point though for some time: 99.99% of all programmers have no idea what a leap-second is. And these are the people who program the technology that runs our civilization. Think about it next time you press a button. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 [EMAIL PROTECTED] | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.
Re: a system that fails spectacularly
- Original Message - From: "Steve Allen" <[EMAIL PROTECTED]> To: Sent: Wednesday, December 07, 2005 7:01 AM Subject: Re: [LEAPSECS] a system that fails spectacularly > On Wed 2005-12-07T06:59:39 -0700, Rob Seaman hath writ: > > it seems that one of two things must be true. Either the fact that > > the letter is dated December 5, 2005 indicates that they just now got > > around to acting on the July, 2005 announcement of the upcoming leap > > second - or, they acted upon this in a more timely fashion and > > decided to embargo the announcement until the latest plausible moment > > at which it would be possible for their lawyers to later argue timely > > notification of their customers. > > ACR is not alone, see Saab, who announced much earlier > > http://www.transpondertech.se/node1924.asp?intContentID=3197 > > also reported by Canada > http://www.ican.nf.net/R4update.htm > And you've gotta love the interpretation of UTC as "Universal Time Code" in the Canadian report. If they don't understand what UTC is, or at the very least understand that their users are going to be confused by their misleading use of the acronym, it's hardly a surprise that a leap second is going to pull the rug off their code and expose the bugs they've swept underneath it. Brian Garrett
Re: a system that fails spectacularly
Rob, ISO9000 certification only means that you have documented your quality assurance process. There is no requirement that your documentation pertains to or results in a quality product. One of the Danish ISO9K consultants used to bring a ISO9000 certification case along to explain this to companies: It was basically the entire ISO9000 process for a small company written on one page of paper and the essence was "We don't gove a hoot about quality". The information that company X is "iso9000 certified" only conveys one bit of information: The company has a quality policy. You still need to read their quality policy to know what it is, and on average, the ISO9000 certified ones contain less usable or even readable information, than the other kind. >And the proponents of a change to the UTC standard are undoubtedly >going to assemble a number of such phantasmogorical reports in >"support" of their position. Why bother to change an international >standard for the naive and cynical perceived benefit of commercial >interests when those interests can't even be bothered to implement >the standard in the first place? Because the standard is badly thought out, hard to implement correct and impossible to test comprehensively in practice ? Just because it is an agreed international standard doesn't mean that it is the best solution to the problem, technically correct, technically optimal or even a good thing to begin with. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 [EMAIL PROTECTED] | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.
Re: a system that fails spectacularly
On Wed 2005-12-07T14:56:35 +, Markus Kuhn hath writ: > As a general-purpose management standard, ISO 9001 obviously says > nothing about how you have to handle leap seconds. ISO 9001 does not > even specify any particular level of quality. All it does is tell you > how you must document what level of quality you are producing and what > you do to make sure it remains the same for all instances of the same > product. This became a long-running joke in the morris dance community. A few years back some English town councils decided to become ISO 9000 compliant. That required them to ascertain that all of their sub-contractors were also compliant. This extended to morris sides who were to be remunerated for dancing their traditional dances outside pubs at town festivals. Despite having done such for uncounted decades, the morris side leaders suddenly had to fill out forms describing their own quality control processes. Most of those forms came back to the town council stained with beer and chips. -- Steve Allen <[EMAIL PROTECTED]>WGS-84 (GPS) UCO/Lick ObservatoryNatural Sciences II, Room 165Lat +36.99858 University of CaliforniaVoice: +1 831 459 3046 Lng -122.06014 Santa Cruz, CA 95064http://www.ucolick.org/~sla/ Hgt +250 m
Re: a system that fails spectacularly
Steve Allen wrote: On Wed 2005-12-07T06:59:39 -0700, Rob Seaman hath writ: it seems that one of two things must be true. Either the fact that the letter is dated December 5, 2005 indicates that they just now got around to acting on the July, 2005 announcement of the upcoming leap second - or, they acted upon this in a more timely fashion and decided to embargo the announcement until the latest plausible moment at which it would be possible for their lawyers to later argue timely notification of their customers. ACR is not alone, see Saab, who announced much earlier http://www.transpondertech.se/node1924.asp?intContentID=3197 I find particularly telling the statement, "It should be noted that users so far have not reported this as a problem, not even in the busiest traffic areas." also reported by Canada http://www.ican.nf.net/R4update.htm And also, "The problem is easily resolved with the enclosed software upgrade." (By the way, note how the previous statement is garbled in the Canadian report by the inclusion of too many negatives.) also reported by USCG http://www.uscg.mil/hq/g-m/moa/docs/Saab505.pdf http://www.uscg.mil/d14/units/feact/images/safety%20alert.pdf Google is your friend. -- Steve Allen <[EMAIL PROTECTED]>WGS-84 (GPS) UCO/Lick ObservatoryNatural Sciences II, Room 165Lat +36.99858 University of CaliforniaVoice: +1 831 459 3046 Lng -122.06014 Santa Cruz, CA 95064http://www.ucolick.org/~sla/ Hgt +250 m -- William Thompson NASA Goddard Space Flight Center Code 612.1 Greenbelt, MD 20771 USA 301-286-2040 [EMAIL PROTECTED]
Re: a system that fails spectacularly
Upon rereading my message, I'd like to backpedal a bit. I did not intend to assert any knowledge or comprehension (or even opinion) about the company's internal operations and decision-making process. We would likely all be interested, however, if Mr. Bell were to comment on the delay between the July 2005 announcement of the upcoming leap second and the December reaction of the company to same. For instance, are such leap second announcements in fact conveyed in a timely fashion to the commercial community? Mr. Bell should also be aware that this message is being distributed to several dozen members of an internet mailing list that has existed for half a dozen years precisely to discuss leap second related issues and the definition of Coordinated Universal Time. The archives for that mailing list are available from: http://rom.usno.navy.mil/archives/leapsecs.html I was not being ironic in applauding this company's decision to make a public statement on the issue. The issues involved are much larger than any individual company. Blaming poor Mother Earth, however, for her middle-aged unsteadiness in the face of the laws of physics would seem rather - well - unkind. Rob Seaman National Optical Astronomy Observatory
Re: a system that fails spectacularly
On Wed 2005-12-07T06:59:39 -0700, Rob Seaman hath writ: > it seems that one of two things must be true. Either the fact that > the letter is dated December 5, 2005 indicates that they just now got > around to acting on the July, 2005 announcement of the upcoming leap > second - or, they acted upon this in a more timely fashion and > decided to embargo the announcement until the latest plausible moment > at which it would be possible for their lawyers to later argue timely > notification of their customers. ACR is not alone, see Saab, who announced much earlier http://www.transpondertech.se/node1924.asp?intContentID=3197 also reported by Canada http://www.ican.nf.net/R4update.htm also reported by USCG http://www.uscg.mil/hq/g-m/moa/docs/Saab505.pdf http://www.uscg.mil/d14/units/feact/images/safety%20alert.pdf Google is your friend. -- Steve Allen <[EMAIL PROTECTED]>WGS-84 (GPS) UCO/Lick ObservatoryNatural Sciences II, Room 165Lat +36.99858 University of CaliforniaVoice: +1 831 459 3046 Lng -122.06014 Santa Cruz, CA 95064http://www.ucolick.org/~sla/ Hgt +250 m
Re: a system that fails spectacularly
Rob Seaman wrote on 2005-12-07 13:59 UTC: > > http://www.acrelectronics.com/alerts/leap.htm > > Even more remarkably, they proudly proclaim: > > "The quality systems of this facility have been registered by UL to > the ISO 9000 Series Standards." > > So we have a company that manufactures "a complete line of safety and > survival products" (!) that are precisely intended to convey UTC as a > primary function of the devices. This company claims to have > followed an international standard focused on achieving quality > control through best practices in management. As a general-purpose management standard, ISO 9001 obviously says nothing about how you have to handle leap seconds. ISO 9001 does not even specify any particular level of quality. All it does is tell you how you must document what level of quality you are producing and what you do to make sure it remains the same for all instances of the same product. Customers could in theory asked the company to review their quality control documentation, and if they had found that no adequate leap-second test is part of their quality control process, then they would have known what (not) to expect. The big problem with the ISO 9000 standards is that they do not require manufacturers to make all their quality-control procedures easily downloadable from their web site. As a result, hardly any customer ever gets a chance to look at all this otherwise perfectly sensible documentation. The whole problem with ISO 9001 and friends is that they originated in the military market. There, customers are far too nervous about their enemies reading the quality control manuals of their kit. The resulting secrecy surrounding the ISO 9001 documentation has de-facto rendered the entire idea utterly useless. It could be easily fixed by adding a publication requirement to the ISO 9000 certification process, but I doubt that anyone other than civilian customers would want that. And these standards are not written by civilian customers. Markus -- Markus Kuhn, Computer Laboratory, University of Cambridge http://www.cl.cam.ac.uk/~mgk25/ || CB3 0FD, Great Britain
Re: a system that fails spectacularly
Rob Seaman wrote: I don't know whether to be more embarrassed for the company or for the international standards process. How many companies claim ISO 9000 conformance? If they don't comprehend the requirements of international standards pertaining to their products, how likely is it that they comprehend their customers' requirements? I am reminded of the Dilbert cartoon from way back when, in which the pointy-haired boss is talking to a potential customer. Customer: "Your product looks good, but you can't be our supplier unless yoru company is ISO 9000 certified." PHB: "So ... you don't care how bad our internal processes are, as long as they're well-documented and used consistently." Customer: "That's right." PHB: "Our documented process says I must now laugh in your face and double our price." I think says everything you need to know about ISO 9000 in the real world. David Harper -- Dr David Harper Wellcome Trust Sanger Institute, Hinxton, Cambridge CB10 1SA, England Tel: 01223 834244 Fax: 494919 http://www.sanger.ac.uk/Users/adh/
Re: a system that fails spectacularly
On Dec 6, 2005, at 3:27 PM, Steve Allen wrote:Finally we begin to see folks stand up and identify their systems as having abysmally failed to implement the UTC standard. http://www.acrelectronics.com/alerts/leap.htmEven more remarkably, they proudly proclaim: "The quality systems of this facility have been registered by UL to the ISO 9000 Series Standards."So we have a company that manufactures "a complete line of safety and survival products" (!) that are precisely intended to convey UTC as a primary function of the devices. This company claims to have followed an international standard focused on achieving quality control through best practices in management.I applaud the company's decision to go public in advance. However, it seems that one of two things must be true. Either the fact that the letter is dated December 5, 2005 indicates that they just now got around to acting on the July, 2005 announcement of the upcoming leap second - or, they acted upon this in a more timely fashion and decided to embargo the announcement until the latest plausible moment at which it would be possible for their lawyers to later argue timely notification of their customers. I am copying this message to John Bell, the company's indicated contact for this issue, for his comment.They indicate that one must physically disconnect the unit in order to get it to work after the leap second.And the proponents of a change to the UTC standard are undoubtedly going to assemble a number of such phantasmogorical reports in "support" of their position. Why bother to change an international standard for the naive and cynical perceived benefit of commercial interests when those interests can't even be bothered to implement the standard in the first place?I don't know whether to be more embarrassed for the company or for the international standards process. How many companies claim ISO 9000 conformance? If they don't comprehend the requirements of international standards pertaining to their products, how likely is it that they comprehend their customers' requirements? Where in this is the responsibility of the ITU to promulgate the UTC standard? What is the absolutely vast responsibility of ISO in claiming to offer a worldwide standard in quality control?And what exactly is the liability of the Underwriting Laboratory in such a case? "UL is the trusted source across the globe for product compliance." Are we to infer any better compliance of the corporate world with SI standards, for instance, than with the UTC standard?Clearly astronomers are the fall guys. RightRob SeamanNational Optical Astronomy Observatory
Re: a system that fails spectacularly
Francois Meyer wrote: I hardly understand how it is reasonably possible to use a GPS-derived UTC without taking into account the leap second information from the GPS navigation message. Unless the unit gets the UTC-GPS offset from the receiver just once at hardboot time and then forget about leap secs... Puzzling. I doubt the unit deals with GPS time at all. Probably it sets its own clock to the UTC value reported by the receiver, leaving all handling of GPS time, UTC-GPS offsets, leapseconds, etc, to the GPS receiver. Then, when the GPS receiver updates its UTC estimate by one second early in the new year the unit's clock is suddenly out by a second. The fact that they write that UTC is adjusted in the first few minutes of 2006 is a clue. Of course, the adjustment really happens in the last minute of 2005. At a previous leap second (1995/96) I logged the NMEA output of a Garmin 100 GPS receiver. This (fairly old) receiver outputs fix information once every two seconds. The change from odd numbered to even numbered seconds happen a few fixes after midnight: $GPRMC,235959,A,5137.56,N,00047.48,W,001.6,019.7,311295,,*07 $GPRMB,AV*71 $GPR00,,*45 $GPGLL,5137.56,N,00047.48,W*75 $PGRMA,437,f,2*01 $GPXTE,A,A,,,N*3C $GPBWC,235959,,T,,M,,N,*17 $GPRMC,01,A,5137.56,N,00047.48,W,001.5,021.4,010196,,*0E $GPRMB,AV*71 $GPR00,,*45 $GPGLL,5137.56,N,00047.48,W*75 $PGRMA,437,f,2*01 $GPXTE,A,A,,,N*3C $GPBWC,01,,T,,M,,N,*17 $GPRMC,03,A,5137.56,N,00047.48,W,001.6,024.1,010196,,*0F $GPRMB,AV*71 $GPR00,,*45 $GPGLL,5137.56,N,00047.48,W*75 $PGRMA,437,f,2*01 $GPXTE,A,A,,,N*3C $GPBWC,03,,T,,M,,N,*15 $GPRMC,05,A,5137.56,N,00047.48,W,001.7,026.7,010196,,*0C $GPRMB,AV*71 $GPR00,,*45 $GPGLL,5137.56,N,00047.48,W*75 $PGRMA,437,f,2*01 $GPXTE,A,A,,,N*3C $GPBWC,06,,T,,M,,N,*10 $GPRMC,07,A,5137.56,N,00047.48,W,001.6,025.8,010196,,*03 $GPRMB,AV*71 $GPR00,,*45 $GPGLL,5137.56,N,00047.48,W*75 $PGRMA,437,f,2*01 $GPXTE,A,A,,,N*3C $GPBWC,08,,T,,M,,N,*1E $GPRMC,09,A,5137.56,N,00047.48,W,001.7,027.5,010196,,*03 $GPRMB,AV*71 $GPR00,,*45 $GPGLL,5137.56,N,00047.48,W*75 $PGRMA,437,f,2*01 $GPXTE,A,A,,,N*3C $GPBWC,10,,T,,M,,N,*17 $GPRMC,12,A,5137.56,N,00047.48,W,001.8,028.1,010196,,*0D $GPRMB,AV*71 $GPR00,,*45 $GPGLL,5137.56,N,00047.48,W*75 $PGRMA,437,f,2*01 $GPXTE,A,A,,,N*3C $GPBWC,12,,T,,M,,N,*15 Ed Davies.
Re: a system that fails spectacularly
On Tue, 6 Dec 2005, Steve Allen wrote: > Finally we begin to see folks stand up and identify their systems > as having abysmally failed to implement the UTC standard. > > http://www.acrelectronics.com/alerts/leap.htm > > In particular, see their technical bulletin > http://www.acrelectronics.com/alerts/Technical%20Bulletin%202005-12%20_Leap-Second_%20V1_1.pdf > > They indicate that one must physically disconnect the unit in order to > get it to work after the leap second. I hardly understand how it is reasonably possible to use a GPS-derived UTC without taking into account the leap second information from the GPS navigation message. Unless the unit gets the UTC-GPS offset from the receiver just once at hardboot time and then forget about leap secs... Puzzling. -- Francois Meyer Tel : (+33) 3 81 66 69 27 Fax : 3 81 66 69 44 Observatoire de Besancon - BP1615 - 25010 Besancon cedex - FRANCE Université de Franche-Comté ** CNRS UMR 6091 *
