Re: a system that fails spectacularly

2005-12-09 Thread Clive D.W. Feather
Steve Allen said:
 This became a long-running joke in the morris dance community.  A few
 years back some English town councils decided to become ISO 9000
 compliant.  That required them to ascertain that all of their
 sub-contractors were also compliant.

Actually, it does nothing of the sort.

An organisation going for qualification must set up an ISO 9000 boundary.
Everything inside must conform to the processes, so anything coming in
through the boundary must be assessed each time it comes in.

The boundary can go around more than one organisation. So many organisations
find it easier to force their suppliers and sub-contractors inside the
boundary than to deal with stuff coming in. In other words, it's easier to
only buy widgets from ISO 9000 compliant suppliers than to provide an
inbound widget quality test department.

--
Clive D.W. Feather  | Work:  [EMAIL PROTECTED]   | Tel:+44 20 8495 6138
Internet Expert | Home:  [EMAIL PROTECTED]  | Fax:+44 870 051 9937
Demon Internet  | WWW: http://www.davros.org | Mobile: +44 7973 377646
Thus plc||


Re: a system that fails spectacularly

2005-12-09 Thread Clive D.W. Feather
M. Warner Losh said:
  * A second is represented by an integer from 0 to 61;
[...]
  but this specification
  follows the date and time conventions for ISO C.

Of course, ISO C fixed this misunderstanding many years ago.

--
Clive D.W. Feather  | Work:  [EMAIL PROTECTED]   | Tel:+44 20 8495 6138
Internet Expert | Home:  [EMAIL PROTECTED]  | Fax:+44 870 051 9937
Demon Internet  | WWW: http://www.davros.org | Mobile: +44 7973 377646
Thus plc||


Re: a system that fails spectacularly

2005-12-09 Thread Peter Bunclark
On Fri, 9 Dec 2005, Clive D.W. Feather wrote:
 boundary than to deal with stuff coming in. In other words, it's easier to
 only buy widgets from ISO 9000 compliant suppliers than to provide an
 inbound widget quality test department.

From what I understand from some of the recent emails, you would not have
to provide an inbound widget quality test department, but rather an
inbound widget manufacturer's quality control procedure test department.

This is to keep consistency with the model that ISO9000 compliance means
your products can be crap as long as you document how you arrive at that
assessment.

Pete.


Re: a system that fails spectacularly

2005-12-09 Thread Daniel R. Tobias
On 9 Dec 2005 at 10:42, David Harper wrote:

 On the other hand, the idea of ISO 9000 compliant Morris dancers is a
 very funny one. Presumably, they'd have to standardise the size of
 their pig's bladders. There's a Monty Python sketch just waiting to be
 written.

 I'm guessing that their level of ISO 9000 compliance falls in inverse
 proportion to the amount of beer they drink. As does their likelihood
 of observing leap seconds correctly.

But if they fail to observe the leap second properly, the timing and
synchronization of the dancers will be off, and they might collide
catastrophically into one another!  We must fix this danger right
away!

--
== Dan ==
Dan's Mail Format Site: http://mailformat.dan.info/
Dan's Web Tips: http://webtips.dan.info/
Dan's Domain Site: http://domains.dan.info/


Re: a system that fails spectacularly

2005-12-08 Thread David Harper

Poul-Henning Kamp wrote:

Some of us have been trying to drive this point though for some time:

  99.99% of all programmers have no idea what a leap-second is.

And these are the people who program the technology that runs our
civilization.


The confusion runs deeper than that.

I discovered last year that implementations of Java up to and including
Java 1.3 did not implement the correct daylight saving time rules for
the United Kingdom during the period between 27 October 1968 and 31
October 1971 when the U.K. kept its clocks permanently one hour ahead of
GMT and called this British Standard Time.

The daylight saving time rules were implemented as little more than a
blanket starts on the last Sunday in March, ends on the last Sunday in
October prescription, with no provision for irregularities such as
BStandardT.

As a result, Java programs would assume that the U.K. was keeping GMT
during the winter months of 1968/9, 1969/70 and 1970/1 when in fact the
clocks were an hour ahead.

This error was fixed in Java 1.4, when a rather more sophisticated
mechanism was added for handling daylight saving time rules, based upon
the Unix zoneinfo database, which does know about the irregularities
and exceptions.

When even Sun Microsystems can make this kind of mistake, with all of
the resources at its disposal, Joe or Jane Programmer working for a
small company can be forgiven for not being familiar with the arcane
world of leap seconds. There are, after all, only 102 of us on this
mailing list :-)

David Harper

--
Dr David Harper
Wellcome Trust Sanger Institute,  Hinxton,  Cambridge CB10 1SA,  England
Tel: 01223 834244 Fax: 494919 http://www.sanger.ac.uk/Users/adh/


Re: a system that fails spectacularly

2005-12-08 Thread Randy Kaelber
On Thu, Dec 08, 2005 at 09:15:08AM +, David Harper wrote:

 When even Sun Microsystems can make this kind of mistake, with all of
 the resources at its disposal, Joe or Jane Programmer working for a
 small company can be forgiven for not being familiar with the arcane
 world of leap seconds. There are, after all, only 102 of us on this
 mailing list :-)

If it were not for two things: Me as a kid listening to WWV for *hours*
over my grandfather's shortwave radio (yeah, I was a weird kid... makes
for a weird adult, too.) and me happening to fall into a job in
interplanetary missions, I'd be blissfully ignorant of the leap seconds
issue, too!


--
Randy Kaelber[EMAIL PROTECTED]
Scientific Software Engineer
Mars Space Flight Facility, Department of Geological Sciences
Arizona State University, Tempe, Arizona, USA


Re: a system that fails spectacularly

2005-12-08 Thread Poul-Henning Kamp
In message [EMAIL PROTECTED], Rob Seaman writes:
On Dec 7, 2005, at 11:57 AM, Poul-Henning Kamp wrote:

 ISO9000 certification only means that you have documented your
 quality assurance process.  There is no requirement that your
 documentation pertains to or results in a quality product.

That was kind of my point, too.  We have standards bodies that don't
promulgate their standards.  [...]

You need to look even further down the foodchain, starting from the bottom:

* First comes people who make buying decisions based on price.

* Then comes engineers who are only in it for the money.

* Then comes product managers cutting corners to push out a cheap product early.

* Then comes companies who only care about money


The kind of people who even care enough to think about participating
in standards writing, are leagues above those four by the simple
fact that they actually do care in the first place.

And as we all know from the standards we work with, even those people are pretty
underperforming to begin with.


In an ideal world, I would love to educate them all about the errors
of their ways, but I'm too old to seriously contemplate such a
project.

Leapseconds are simply too technically tricky for the species we
are dealing with.  They are OK if confined to science labs, but out in
the real world where people think McDonalds food does not make you fat
leap seconds are just no feasible.

--
Poul-Henning Kamp   | UNIX since Zilog Zeus 3.20
[EMAIL PROTECTED] | TCP/IP since RFC 956
FreeBSD committer   | BSD since 4.3-tahoe
Never attribute to malice what can adequately be explained by incompetence.


Re: a system that fails spectacularly

2005-12-07 Thread Francois Meyer
On Tue, 6 Dec 2005, Steve Allen wrote:

 Finally we begin to see folks stand up and identify their systems
 as having abysmally failed to implement the UTC standard.

 http://www.acrelectronics.com/alerts/leap.htm

 In particular, see their technical bulletin
 http://www.acrelectronics.com/alerts/Technical%20Bulletin%202005-12%20_Leap-Second_%20V1_1.pdf

 They indicate that one must physically disconnect the unit in order to
 get it to work after the leap second.

I hardly understand how it is reasonably possible to use a
GPS-derived UTC without taking into account the leap second
information from the GPS navigation message.

Unless the unit gets the UTC-GPS offset from the receiver
just once at hardboot time and then forget about leap secs...

Puzzling.

-- Francois Meyer
Tel : (+33) 3 81 66 69 27   Fax : 3 81 66 69 44
Observatoire de Besancon - BP1615 - 25010 Besancon cedex - FRANCE
 Université de Franche-Comté ** CNRS UMR 6091 *


Re: a system that fails spectacularly

2005-12-07 Thread Rob Seaman
On Dec 6, 2005, at 3:27 PM, Steve Allen wrote:Finally we begin to see folks stand up and identify their systems as having abysmally failed to implement the UTC standard. http://www.acrelectronics.com/alerts/leap.htmEven more remarkably, they proudly proclaim: "The quality systems of this facility have been registered by UL to the ISO 9000 Series Standards."So we have a company that manufactures "a complete line of safety and survival products" (!) that are precisely intended to convey UTC as a primary function of the devices.  This company claims to have followed an international standard focused on achieving quality control through best practices in management.I applaud the company's decision to go public in advance.  However, it seems that one of two things must be true.  Either the fact that the letter is dated December 5, 2005 indicates that they just now got around to acting on the July, 2005 announcement of the upcoming leap second - or, they acted upon this in a more timely fashion and decided to embargo the announcement until the latest plausible moment at which it would be possible for their lawyers to later argue timely notification of their customers.  I am copying this message to John Bell, the company's indicated contact for this issue, for his comment.They indicate that one must physically disconnect the unit in order to get it to work after the leap second.And the proponents of a change to the UTC standard are undoubtedly going to assemble a number of such phantasmogorical reports in "support" of their position.  Why bother to change an international standard for the naive and cynical perceived benefit of commercial interests when those interests can't even be bothered to implement the standard in the first place?I don't know whether to be more embarrassed for the company or for the international standards process.  How many companies claim ISO 9000 conformance?  If they don't comprehend the requirements of international standards pertaining to their products, how likely is it that they comprehend their customers' requirements?  Where in this is the responsibility of the ITU to promulgate the UTC standard?  What is the absolutely vast responsibility of ISO in claiming to offer a worldwide standard in quality control?And what exactly is the liability of the Underwriting Laboratory in such a case?  "UL is the trusted source across the globe for product compliance."  Are we to infer any better compliance of the corporate world with SI standards, for instance, than with the UTC standard?Clearly astronomers are the fall guys.  RightRob SeamanNational Optical Astronomy Observatory

Re: a system that fails spectacularly

2005-12-07 Thread David Harper

Rob Seaman wrote:

I don't know whether to be more embarrassed for the company or for
the international standards process.  How many companies claim ISO
9000 conformance?  If they don't comprehend the requirements of
international standards pertaining to their products, how likely is
it that they comprehend their customers' requirements?


I am reminded of the Dilbert cartoon from way back when, in which the
pointy-haired boss is talking to a potential customer.


Customer: Your product looks good, but you can't be our supplier unless
yoru company is ISO 9000 certified.

PHB: So ... you don't care how bad our internal processes are, as long
as they're well-documented and used consistently.

Customer: That's right.

PHB: Our documented process says I must now laugh in your face and
double our price.


I think says everything you need to know about ISO 9000 in the real world.

David Harper

--
Dr David Harper
Wellcome Trust Sanger Institute,  Hinxton,  Cambridge CB10 1SA,  England
Tel: 01223 834244 Fax: 494919 http://www.sanger.ac.uk/Users/adh/


Re: a system that fails spectacularly

2005-12-07 Thread Markus Kuhn
Rob Seaman wrote on 2005-12-07 13:59 UTC:
http://www.acrelectronics.com/alerts/leap.htm

 Even more remarkably, they proudly proclaim:

 The quality systems of this facility have been registered by UL to
 the ISO 9000 Series Standards.

 So we have a company that manufactures a complete line of safety and
 survival products (!) that are precisely intended to convey UTC as a
 primary function of the devices.  This company claims to have
 followed an international standard focused on achieving quality
 control through best practices in management.

As a general-purpose management standard, ISO 9001 obviously says
nothing about how you have to handle leap seconds. ISO 9001 does not
even specify any particular level of quality. All it does is tell you
how you must document what level of quality you are producing and what
you do to make sure it remains the same for all instances of the same
product.

Customers could in theory asked the company to review their quality
control documentation, and if they had found that no adequate
leap-second test is part of their quality control process, then they
would have known what (not) to expect.

The big problem with the ISO 9000 standards is that they do not require
manufacturers to make all their quality-control procedures easily
downloadable from their web site. As a result, hardly any customer ever
gets a chance to look at all this otherwise perfectly sensible
documentation.

The whole problem with ISO 9001 and friends is that they originated in
the military market. There, customers are far too nervous about their
enemies reading the quality control manuals of their kit. The resulting
secrecy surrounding the ISO 9001 documentation has de-facto rendered the
entire idea utterly useless. It could be easily fixed by adding a
publication requirement to the ISO 9000 certification process, but I
doubt that anyone other than civilian customers would want that. And
these standards are not written by civilian customers.

Markus

--
Markus Kuhn, Computer Laboratory, University of Cambridge
http://www.cl.cam.ac.uk/~mgk25/ || CB3 0FD, Great Britain


Re: a system that fails spectacularly

2005-12-07 Thread Steve Allen
On Wed 2005-12-07T06:59:39 -0700, Rob Seaman hath writ:
 it seems that one of two things must be true.  Either the fact that
 the letter is dated December 5, 2005 indicates that they just now got
 around to acting on the July, 2005 announcement of the upcoming leap
 second - or, they acted upon this in a more timely fashion and
 decided to embargo the announcement until the latest plausible moment
 at which it would be possible for their lawyers to later argue timely
 notification of their customers.

ACR is not alone, see Saab, who announced much earlier

http://www.transpondertech.se/node1924.asp?intContentID=3197

also reported by Canada
http://www.ican.nf.net/R4update.htm

also reported by USCG
http://www.uscg.mil/hq/g-m/moa/docs/Saab505.pdf
http://www.uscg.mil/d14/units/feact/images/safety%20alert.pdf

Google is your friend.

--
Steve Allen [EMAIL PROTECTED]WGS-84 (GPS)
UCO/Lick ObservatoryNatural Sciences II, Room 165Lat  +36.99858
University of CaliforniaVoice: +1 831 459 3046   Lng -122.06014
Santa Cruz, CA 95064http://www.ucolick.org/~sla/ Hgt +250 m


Re: a system that fails spectacularly

2005-12-07 Thread Rob Seaman

Upon rereading my message, I'd like to backpedal a bit.  I did not
intend to assert any knowledge or comprehension (or even opinion)
about the company's internal operations and decision-making process.
We would likely all be interested, however, if Mr. Bell were to
comment on the delay between the July 2005 announcement of the
upcoming leap second and the December reaction of the company to
same.  For instance, are such leap second announcements in fact
conveyed in a timely fashion to the commercial community?

Mr. Bell should also be aware that this message is being distributed
to several dozen members of an internet mailing list that has existed
for half a dozen years precisely to discuss leap second related
issues and the definition of Coordinated Universal Time.  The
archives for that mailing list are available from:

   http://rom.usno.navy.mil/archives/leapsecs.html

I was not being ironic in applauding this company's decision to make
a public statement on the issue.  The issues involved are much larger
than any individual company.

Blaming poor Mother Earth, however, for her middle-aged unsteadiness
in the face of the laws of physics would seem rather - well - unkind.

Rob Seaman
National Optical Astronomy Observatory


Re: a system that fails spectacularly

2005-12-07 Thread William Thompson

Steve Allen wrote:

On Wed 2005-12-07T06:59:39 -0700, Rob Seaman hath writ:


it seems that one of two things must be true.  Either the fact that
the letter is dated December 5, 2005 indicates that they just now got
around to acting on the July, 2005 announcement of the upcoming leap
second - or, they acted upon this in a more timely fashion and
decided to embargo the announcement until the latest plausible moment
at which it would be possible for their lawyers to later argue timely
notification of their customers.



ACR is not alone, see Saab, who announced much earlier

http://www.transpondertech.se/node1924.asp?intContentID=3197


I find particularly telling the statement, It should be noted that users so far
have not reported this as a problem, not even in the busiest traffic areas.


also reported by Canada
http://www.ican.nf.net/R4update.htm


And also, The problem is easily resolved with the enclosed software upgrade.

(By the way, note how the previous statement is garbled in the Canadian report
by the inclusion of too many negatives.)


also reported by USCG
http://www.uscg.mil/hq/g-m/moa/docs/Saab505.pdf
http://www.uscg.mil/d14/units/feact/images/safety%20alert.pdf

Google is your friend.

--
Steve Allen [EMAIL PROTECTED]WGS-84 (GPS)
UCO/Lick ObservatoryNatural Sciences II, Room 165Lat  +36.99858
University of CaliforniaVoice: +1 831 459 3046   Lng -122.06014
Santa Cruz, CA 95064http://www.ucolick.org/~sla/ Hgt +250 m




--
William Thompson
NASA Goddard Space Flight Center
Code 612.1
Greenbelt, MD  20771
USA

301-286-2040
[EMAIL PROTECTED]


Re: a system that fails spectacularly

2005-12-07 Thread Steve Allen
On Wed 2005-12-07T14:56:35 +, Markus Kuhn hath writ:
 As a general-purpose management standard, ISO 9001 obviously says
 nothing about how you have to handle leap seconds. ISO 9001 does not
 even specify any particular level of quality. All it does is tell you
 how you must document what level of quality you are producing and what
 you do to make sure it remains the same for all instances of the same
 product.

This became a long-running joke in the morris dance community.  A few
years back some English town councils decided to become ISO 9000
compliant.  That required them to ascertain that all of their
sub-contractors were also compliant.  This extended to morris sides
who were to be remunerated for dancing their traditional dances
outside pubs at town festivals.  Despite having done such for
uncounted decades, the morris side leaders suddenly had to fill out
forms describing their own quality control processes.

Most of those forms came back to the town council stained with beer
and chips.

--
Steve Allen [EMAIL PROTECTED]WGS-84 (GPS)
UCO/Lick ObservatoryNatural Sciences II, Room 165Lat  +36.99858
University of CaliforniaVoice: +1 831 459 3046   Lng -122.06014
Santa Cruz, CA 95064http://www.ucolick.org/~sla/ Hgt +250 m


Re: a system that fails spectacularly

2005-12-07 Thread Brian Garrett
- Original Message -
From: Steve Allen [EMAIL PROTECTED]
To: LEAPSECS@ROM.USNO.NAVY.MIL
Sent: Wednesday, December 07, 2005 7:01 AM
Subject: Re: [LEAPSECS] a system that fails spectacularly


 On Wed 2005-12-07T06:59:39 -0700, Rob Seaman hath writ:
  it seems that one of two things must be true.  Either the fact that
  the letter is dated December 5, 2005 indicates that they just now got
  around to acting on the July, 2005 announcement of the upcoming leap
  second - or, they acted upon this in a more timely fashion and
  decided to embargo the announcement until the latest plausible moment
  at which it would be possible for their lawyers to later argue timely
  notification of their customers.

 ACR is not alone, see Saab, who announced much earlier

 http://www.transpondertech.se/node1924.asp?intContentID=3197

 also reported by Canada
 http://www.ican.nf.net/R4update.htm


And you've gotta love the interpretation of UTC as Universal Time Code in
the Canadian report.  If they don't understand what UTC is, or at the very
least understand that their users are going to be confused by their
misleading use of the acronym, it's hardly a surprise that a leap second is
going to pull the rug off their code and expose the bugs they've swept
underneath it.

Brian Garrett


Re: a system that fails spectacularly

2005-12-07 Thread Poul-Henning Kamp
In message [EMAIL PROTECTED], Brian Garrett writes:

And you've gotta love the interpretation of UTC as Universal Time Code in
the Canadian report.  If they don't understand what UTC is, or at the very
least understand that their users are going to be confused by their
misleading use of the acronym, it's hardly a surprise that a leap second is
going to pull the rug off their code and expose the bugs they've swept
underneath it.

Some of us have been trying to drive this point though for some time:

  99.99% of all programmers have no idea what a leap-second is.

And these are the people who program the technology that runs our
civilization.

Think about it next time you press a button.


--
Poul-Henning Kamp   | UNIX since Zilog Zeus 3.20
[EMAIL PROTECTED] | TCP/IP since RFC 956
FreeBSD committer   | BSD since 4.3-tahoe
Never attribute to malice what can adequately be explained by incompetence.


Re: a system that fails spectacularly

2005-12-07 Thread M. Warner Losh
In message: [EMAIL PROTECTED]
Poul-Henning Kamp [EMAIL PROTECTED] writes:
: ISO9000 certification only means that you have documented your
: quality assurance process.
:
: There is no requirement that your documentation pertains to
: or results in a quality product.
:
: One of the Danish ISO9K consultants used to bring a ISO9000
: certification case along to explain this to companies:  It was
: basically the entire ISO9000 process for a small company written
: on one page of paper and the essence was We don't gove a hoot about
: quality.
:
: The information that company X is iso9000 certified only conveys
: one bit of information:  The company has a quality policy.
:
: You still need to read their quality policy to know what it is,
: and on average, the ISO9000 certified ones contain less usable
: or even readable information, than the other kind.

ISO 9000 only requires like 3 or 5 documents.  Small companies can
comply with just a notebook that contains these documents, assuming
that the quality policy doesn't require more...

Warner


Re: a system that fails spectacularly

2005-12-07 Thread Conrad Poelman
On Wed, 7 Dec 2005 14:35:04 +, David Harper [EMAIL PROTECTED]
said:
 Rob Seaman wrote:
  I don't know whether to be more embarrassed for the company or for
  the international standards process.  How many companies claim ISO
  9000 conformance?  If they don't comprehend the requirements of
  international standards pertaining to their products, how likely is
  it that they comprehend their customers' requirements?

 I am reminded of the Dilbert cartoon from way back when, in which the
 pointy-haired boss is talking to a potential customer.


 Customer: Your product looks good, but you can't be our supplier unless
 yoru company is ISO 9000 certified.

 PHB: So ... you don't care how bad our internal processes are, as long
 as they're well-documented and used consistently.

 Customer: That's right.

 PHB: Our documented process says I must now laugh in your face and
 double our price.


 I think says everything you need to know about ISO 9000 in the real
 world.

 David Harper

Anyone know where I can get a copy of this Dilbert cartoon? I've been
asked to do some software testing and validation using ISO 9000
certified processes (whatever that means) and would love to use this as
the first slide in my presentation...

-- Conrad
__
  Stellar Science Ltd. Co. - Stellar Scientific Software Solutions
 [EMAIL PROTECTED]  1-877-480-4950  www.stellarscience.com


Re: a system that fails spectacularly

2005-12-07 Thread Rob Seaman

On Dec 7, 2005, at 2:17 PM, Poul-Henning Kamp wrote:


Some of us have been trying to drive this point though for some time:

  99.99% of all programmers have no idea what a leap-second is.


100.00% of everybody live on a planet whose rotation is slowing by a
couple of milliseconds per day per century.

I'm sure we could identify a wealth of other issues upon which some
large majority of programmers, engineers, system designers and other
agents for technological change share a lack of vision.  The question
remains whether a leap second (or other obscure fact of the universe
like - say - general relativity) is (a) physically necessary and is
(b) pregnant in implications for humankind.

All proposals being entertained agree that leap seconds (or 3600
packaged as a leap hour) are physically necessary.  The question is
whether the implications can be ignored.  I assert not.  Some of us
- that is, you - assert that no possible harm can come to billions of
people and millions of intertwined technological systems from
allowing leap seconds to pile up over the course of centuries.  Your
position isn't a point to be driven home, it is a complex topology of
ramifications that we would be far closer to understanding if we
actually pursued the obvious risk and cost/benefit analyses.


And these are the people who program the technology that runs our
civilization.


Might not education be a more appropriate cure for ignorance?  Start
by making the ITU document public.


Think about it next time you press a button.


Think about general relativity and big blobby terrestrial planets the
next time you're zipping along at a couple hundred meters/second, 10
kilometers up in a metallurgist's realization of an aerodynamicist's
dream.  Shall we seek ways for the metallurgist to ignore solid state
physics or the airframe designer, fluid dynamics?

The Earth rotates.  For some purposes, some people can ignore this.
For other purposes, other people can't.  Deciding the implications
requires actual thought and planning.  Is this really a radical notion?

Rob Seaman
National Optical Astronomy Observatory