Saturday, January 29, 2011

"Software Safety - Where's the Evidence?" Tuesday April 5th, 2011

Anyone up for Road Trip to London this spring? Safety-Critical Systems Club is sponsoring Software Safety – Wheres the Evidence:

Demonstrating system safety is difficult at the best of times. When software is involved, it often seems impossible. What constitutes evidence? From what sources can it be obtained? How much is enough? These questions, and others, are often asked, but so far the answers have been vague.

This workshop will discuss software reliability and safety. The purpose is to identify the current state of the art, the principal questions that need to be addressed, and the difficulties to be overcome in addressing them.

The workshop will examine many sources of safety evidence, including design and production; testing, deployment and assessment; and operational use. It will consider many kinds of evidence, such as analyses of products at various stages of development, results of product use (in testing and operation), data about the processes used to develop the product, and even legal and contractual evidence.

It is hoped that this workshop will lead to a continuing discussion on software reliability and safety . at subsequent workshops, in the Safety Systems Newsletter, and in other media.

The event is limited to forty people so sign up early.

Cost is around $400 USD in today's, Jan 29 2011, Pounds to Dollars exchange rate, room and travel is not included in that price.

Anyone know of any similar Software Safety Clubs here in the US? There are a few Firmware groups around such as Firmware Engineers of Northeast Ohio, not specifically focused on Software Safety. By the way there was related group created on LinkedIn for Firmware Recruiters. Leave a comment if you know of any related groups.

What does the Facebook Generation do when Internet and Cell Phones are gone?

On the daily commute I usually listen to The BBC News Hour. Yesterday they reported that Egypt Shut Off All Internet Access and all cell phone cariers.

Seems the "Facebook Generation", as the news reports have referred to the protesters, are not happy about lack of having good paying manufacturing jobs. Hmm... Better places around for that discussion.

I bring this up here in the Embedded Space because of the connectivity issues. For example EETimes is reporting Cellular modules for machine-to-machine (M2M) communications will reach over 100 million in 2015. Related areas of connectivity are eHealth, such as The 4 "-e’s" of eHealth: connectivity, conformity, usability, security by Jennifer Hesse and Dr. Joseph Kvedar's related Keynote at the 2010 Connected Health Symposium.

My question to you is what happens when Internet and Cell Phone technology is gone? We could go back to FidoNet on Plain Old Telephone lines, or Amateur Radio always the communications of last resort because the Hams look forward and prepare for this kind of service.

Keep in mind that some are adopting Sinclair Lewis's 1935 classic It can't happen here as their modern planing book, rather than seeing it as classic literature:


..."Nonsense! Nonsense!" snorted Tasbrough. "That couldn't happen here in America, not possibly! We're a country of freemen."...

Friday, January 21, 2011

Philway PC Board House Fire

At approximately 10:30PM on Wednesday night, Jan/19/2011 Philway Products Inc. of Ashland, Ohio burned to the ground. Fortunately no one was hurt.

Philway was the oldest continually operating board house in the US. It was also my preferred PCB vendor, sharp people and good quality for the rugged environments I deal with.

Purportedly the owner said on a TV interview that he was not sure if he was going to rebuild or not. Will be a great loss if that is the case. Also makes me wonder even if they did want to rebuild, would the EPA allow it? Ammonia, Sulfuric Acid, Nitric Acid, Formaldehyde and other chemicals are used to make PCBs.

Philway was big in the military and Hi.Rel. Aerospace, there could be a significant ripple effect from this event. I've never been a fan of "Just In Time" inventory for just this reason. Luckily from my perspective no work of mine was in process.

Someone wondered what will happen about tooling? Do we have to pay for it again should they rebuild? Obviously we will if they don't rebuild. Time will tell, the lives of those involved deserve more consideration and help right now, some links from the news:

Sunday, January 9, 2011

Are you going to learn assembly language in 2011? First Job? Does your job make you happy?

Learning a new language, rather spoken or computer, is always a good thing. Gets us exposure to different concepts. The book Seven Languages in Seven Weeks: A Pragmatic Guide to Learning Programming Languages (Pragmatic Programmers) is a good example. To me the most important computer language to learn is Assembly Language. I'm sure I'll hear that no one needs to know assembly language any more. I can be fairly certain that those people are not making cost competitive embedded systems in large quantities; smaller code means smaller memory sized parts can be used resulting in lower BOM costs. No mater if you are using the latest wiz-bang Web development language like CoffeScript, or maybe Functional Web functional programming languages and techniques for web development, my personal interest, or tried and true languages like 'C', it is still important to understand the fundamentals of the underlying system. Especially if you want to get close to the hardware.

Programming from the Ground Up by Jonathan Barlett can be downloaded here. The chemicals on dead trees version can be purchased here An introduction to programming using Linux assembly language (the version of Linux used is somewhat dated now but the fundamentals still apply) also gets in to real world issues that never get taught in a class room, for example meetings. When was the last time you had a class on holding meetings? Myself I would have put some more of the fundamentals like "Counting Like a Computer vs Counting Like a Human" at the start of the book, rather than after people are already writing code. Getting back to the section on meetings:

Where Does the Time Go?

Programmers schedule poorly. In almost every programming project, programmers will take two, four, or even eight times as long to develop a program or function than they originally estimated. There are many reasons for this problem, including:

  • Programmers don't always schedule time for meetings or other non-coding activities that make up every day.
  • Programmers often underestimate feedback times (how long it takes to pass change requests and approvals back and forth) for projects.
  • Programmers don't always understand the full scope of what they are producing.
  • Programmers often have to estimate a schedule on a totally different kind of project than they are used to, and thus are unable to schedule accurately.
  • Programmers often underestimate the amount of time it takes to get a program fully robust.

Myself I've found that the time estimate given by Murphy's Law is accurate far to often. Take the estimated time, double it and then raise it to the next higher units. A two minute task will take four hours to complete, due to interruptions from coworkers, ringing phones, slow equipment due to byzantine IT policies, the boss and/or customer changing their mind, again...If you are looking for less cynical view Jack Ganssle often promotes Wideband Delphi as a method of scheduling.

Something to keep in mind, when you are thinking of getting into programming Embedded Systems for the money, consider the words of Pete Warden in How to Hire Coders tells us:

"The best programmers often aren't driven by money...they're after more responsibility, independence, the chance to work with cutting-edge technology or recognition from their peers."

Something to keep in mind when working for that first programming job is that most employers are always interested in new fresh young employees so that they can use them as cheap slaves to improve their lifestyle.

Jacob Morgan offers some good advice, valid no mater where you are in life, in his Working Hard vs Working Smart and the Myth that Young People are Told.

"There isn't a better or worse way to get things done it's based on preference. Personally I'm not capable of bulldozing through a long list of tasks, working ridiculous hours, and sacrificing my life for a paycheck, it's just not me. I don't really admire people that make a ton of money and work ridiculous hours (if I want to make a ton of money I can just get two full time jobs and sleep 3 hours a day), I admire people that are successful yet still have discretionary time and a solid work life balance."

Tom Becker of Man Power Inc. (best known for their temporary and contract recruitment services) wrote in the Talent Management section of the January 2011 Quality Progress Magazine that Happiness Helps; Career development breeds employee engagement, boosts organizational performance. The article is free to all but registration is required to read it (why I have no idea, and I hate registering to read things like this myself).

In 50 Words Or Less:

  • Having discontented employees who don't feel engaged in the workplace often leads to lower retention and a higher rate of absenteeism, which can affect an organization's overall performance.
  • A career development program can help organizations retain and advance talented employees while boosting productivity and business performance.

Something I read not long ago, don't recall where for sure, might have been CNN Money, said that 84 percent of employed people, in the survey, where going to be looking for new jobs "when the economy improves". Sounds like shuffling the deck chairs on a sinking ship to me...

What is Requirement Traceability?

Last week Simula Research Laboratory released A SysML-Based Approach to Traceability Management and Design Slicing in Support of Safety Certification: Framework, Tool Support, and Case Studies.

Abstract:

Context: "Traceability is one of the basic tenets of all software safety standards and a key prerequisite for certification of software. Despite this, the safety-critical software industry is still suffering from a chronic lack of guidelines on traceability. An acute traceability problem that we have identified through observing software safety certification processes has to do with the link between safety requirements and software design. In the current state of practice, this link often lacks sufficient detail to support the systematic inspections conducted by the certifiers of the software safety documentation. As a result, the suppliers often have to remedy the traceability gaps after the fact which can be very expensive and the outcome often is far from satisfactory. Objective: The objective of this article is developing a framework to enable systematic and efficient software design inspections during safety certification. In particular, the framework enables safety engineers and certifiers to extract design slices (model fragments) that filter out irrelevant details but keep enough context information for the slices to be easy to inspect and understand. This helps reduce cognitive load and thus makes it less likely that serious safety issues would be overlooked. Method: Our framework is grounded on SysML which is rapidly becoming the notation of choice for developing safety-critical systems. The framework includes a traceability information model, a methodology to establish traceability, and mechanisms to use traceability for extracting slices of models relevant to a particular safety requirement. The framework is implemented in a tool, named SafeSlice, that supports establishing the traceability links envisaged by the methodology, automated consistency checking of these links, and automated generation of SysML design slices. Results: We provide a formal proof that our slicing algorithm is sound for temporal safety properties, and argue about the completeness of the slices based on our practical experience. We report on the lessons learned from applying our approach to two case studies, one benchmark case and one industrial case. Both case studies indicate that our approach offers benefits by substantially reducing the amount of information that needs to be inspected in order to ensure that a given safety requirement is met by the design."

The paper gives detailed analysis of the theory of traceability, worth your time to read, to find out why you should care about traceability. The one major downfall in my view is that the automation tool they present only works on Windows. Leaving those of us that prefer to do development on Linux and other platforms out in the cold.

To prevent vendor lock-in extortion I always prefer to use Open Source software where it makes sense. Traceability is one area where there is almost no applications at all that support this problem domain. The Web PHP based project TRUC - Tracking Requirements & Use Cases, is the only one that I know. Leave a comment on the ones that you know about.

A simplistic introduction to how to do traceability can be found at eHow How to Create a Requirements Traceability Matrix. Linda Westfall offers up a in more depth introduction Bidirectional Requirements Traceability . How well do you think you will do on Lind's Certified Software Quality Engineering Quiz?

Tom and Kai Gilb explain why bad or non-existent requirements are the root of failed projects, with emphasis on traceability. They have a large number of papers related to the subject, and subjects such as software quality, available for download. The manuscript for the book Evo - Evolutionary Project Management is also available for download.

When it comes to documentation I always like to look to NASA for inspiration, for example the NASA Safety and Mission Assurance Documentation Status Tree Policy, Plans and Documents section and the NASA Software Assurance section, all part of the Office of Safety and Mission Assurance (OSMA).

One paper from the NASA sites above worth pointing out is NASA Complex Electronics Guidebook for Assurance Professionals. One of the things that it wants to accomplish is to stop organizations that were implementing software functions in FPGAs and ASICs to avoid the need to follow the software assurance/safety standards for:

  • Field Programmable Gate Arrays (FPGA)
  • Complex Programmable Logic Device (CPLD)
  • System-on-chip (SoC)
  • Blurring the hardware/software line

It is also an excellent management introduction to those topics, if you are still trying to convince your boss to starting using some modern technologies like FPGA's.

Saturday, January 8, 2011

National Strategy for Trusted Identities in Cyberspace (NSTIC) on your router?

Just in case you missed this Government Press Release yesterday, January 7th 2011, I'm reprinting it here, with a few editorial comments of my own:

At a forum with Silicon Valley business and academic leaders at Stanford University, U.S. Commerce Secretary Gary Locke and White House Cybersecurity Coordinator Howard A. Schmidt today announced plans to create a National Program Office [At what cost to tax payers?] to help [Who asked the Government for this help?] foster an environment in which sensitive online transactions can be carried out with greater levels of trust.

The National Program Office, to be established within the Department of Commerce, would coordinate federal activities needed to implement the National Strategy for Trusted Identities in Cyberspace (NSTIC), an Obama administration initiative aimed at establishing identity solutions and privacy-enhancing technologies that will make the online environment more secure and convenient for consumers.  The national office would serve as the point of contact to bring the public and private sectors together to meet this challenge.

[Will the challenge be government mandated cryptographic systems on all Embedded Devices even if they don't need it, and don't have the power to implement them?]

"The Internet will not reach its full potential [What is it doing now without helpful intervention of various government around the world?] until users and consumers feel more secure and confident than they do today when they go online," Locke said. "A coordinated national strategy to significantly improve online trust will put e-commerce on stronger footing. [With who? Will ITAR regulations prevent me from buying something over Internet in a different country using NSTIC? If it is not worth of being band for export, it probably is not worthy of being used?] The National Program Office will engage the best minds in the field [Who is going to be representing Embedded Systems?] from both the public and private sectors to give people greater confidence that their personal information is safe when they engage in online transactions."

"With the full participation of industry and the general public, NSTIC plans to nurture the development of a secure and privacy-enhancing 'identity ecosystem' for the Internet," Schmidt said. "This identity ecosystem would instill greater confidence in online transactions with less personal information being collected and stored with each transaction, lowering the risk of identity theft." [Nobble goals that Industry should be supporting without government prompting.]

Created in response to President Obama's Cyberspace Policy Review, NSTIC is a key building block in the national effort to secure cyberspace.  NSTIC strives to enhance online trust through increased security and privacy.  It focuses on improving the ability to authenticate individuals [Nineteen Eighty-Four?], organizations, and the underlying infrastructure, such as servers and routers [An Embedded System Device...], involved in sensitive online transactions. At the same time, it provides consumers a choice - those who want to remain anonymous for activities like blogging will continue to be able to do so. Online service providers that opt in to such a system would follow a set of security and privacy guidelines.

NSTIC's anticipated benefits for consumers include increased convenience, security and privacy.  For example, implementation of NSTIC would allow users the option to obtain secure, interoperable credentials from a range of service providers that would authenticate their identity for a variety of transactions such as banking, accessing electronic health records and ordering products [To enhance tax revenue?]. This would simplify these transactions for users and reduce the amount of private information users must reveal to the many organizations they deal with online. Such a marketplace will ensure that no single credential or centralized database can emerge.

In the NSTIC vision, businesses would enjoy new market opportunities, with the ability to deliver services and transactions previously considered too risky.  Government would be able to expand online services for constituents [We know how well E-Voting has been working so far.], so they can operate with greater efficiency and transparency; remove impediments to e-commerce; and increase public safety by bolstering the integrity of networks and systems. [Why does the network need to know my identity? End points yes, but the network itself?]

As the Federal coordinator, the National Program Office would collaborate with other Federal partners, including the Department of Homeland Security and the General Services Administration on NSTIC implementation. The National Program Office would work to:

  • Build consensus on legal and policy frameworks necessary to achieve the NSTIC vision, including ways to enhance privacy, free expression and open markets;
  • Work with industry to identify where new standards or collaborative efforts may be needed;
  • Support collaboration within the government; and
  • Promote important pilot projects and other NSTIC implementations.

E-commerce worldwide is estimated at $10 trillion of business online annually.  E-commerce sales for the third quarter of 2010 were estimated at over $41 billion; up 13.6 percent over the same period last year.

"Identity theft is rampant and growing.  Increasingly sophisticated cyber hackers and thieves continue to steal personal information, bank account data and proprietary information. The NSTIC will take important steps forward to enhance the trust of user and consumer confidence in all of their online transactions," said U.S. Senator Barbara A. Mikulski.   

Senator Mikulski, who chairs the Commerce, Justice, Science subcommittee on Appropriations, added "I will be an active partner with Secretary Locke, NIST Director Gallagher and Cybersecurity Coordinator Schmidt to implement this important program.  I can think of no better place than the National Institute of Standards and Technology for this important initiative to be housed."

"Establishing this office represents an important step in the process of protecting the security and privacy of online transactions, said U.S. Senator John D. Rockefeller IV, Chairman of the Senate Committee on Commerce, Science and Transportation. " It's a critical piece of the larger cybersecurity puzzle.  I look forward to working with the Administration this year in enacting comprehensive legislation [Maybe we should enforce laws that we already have? Like getting banks to actually care when your identity is stolen, because of their lack of security?] that will address the challenges we face in securing cyberspace."

Later this year, the Commerce Department plans to hold a workshop to highlight the existing initiatives in this strategy.  Representatives from industry, academia, civil society organizations, standards-setting organizations, and all levels of government will be encouraged to attend and collaborate on the development of an interoperable identity ecosystem.

Always fully specify requirements; Software Quality Assurance. Why can't I turn off the headlights??

I had mentioned not long ago that I was shopping for a new car, due to my GM rusting, failing transmission and failing fuel pump. I ended up buying a used 2010 Toyota Corolla.

One of the things purchasing the vehicle did was to remind me of how important it is to always fully specify requirements for both hardware and software. You see, it simply never occurred to me to have on my checklist, the requirement of "Does the headlight switch work?". The answer is no! Understand that it is not a broken switch, it is designed not to work!

The car has a light sensor that turns on the headlights anytime the engine is running and it is dark, per some light sensors and computer algorithm hidden away in the Engine Control Unit. Here in cold Pennsylvania I get my car out of the garage to warm it up, before adventuring out on the daily commute to work, while playing Russian Roulette with the local deer population (Hunters complaining there are not enough deer are not hunting around here!). Anyway, my now impossible to turn off head lights are now shining directly into the neighbors bed room window, as the car warms up. While I've seen far to many people driving around here with their headlights off in the dark, would not a simple LED on the instrument panel have been sufficient? A complex device like a automobile should never over ride the judgment of its user. Do we really need technology to control impulses, enforce good behavior? What happens when all technologies fail?

I think "Smart Cars" are about to get to smart. I once almost had a accident on Interstate 80, in a construction zone.

Somehow a car that was over packed pulled from between some construction equipment, in front of me.

This driver could not see out any window but right in front of him, and he was pulling across the interstate traffic, not going with the flow. He could not see out the passenger window, that was facing me.

He shot out from between the construction equipment about twenty feet in front of me, while I was doing 45 MPH, remember it was a construction zone.

The correct solutions to the problem was to floor the gas, so that I could get in front of him while there was still space, and get off on the right hand brim of the road.

Toyota's system, Toyota cars to monitor driver's eyes for safety, would have guaranteed that a crash happened in that situation by applying the breaks.

"Toyota will start building a safety system into some of its cars this year that monitors if a driver is clearly watching the road during situations when a crash may occur. The system is based around a camera that watches the driver's upper and lower eye lids to evaluate how attentive he or she is to the road ahead. It builds on a current system that measures the driver's head direction when driving. The car's safety system continuously monitors the road ahead using a radar system, and if it determines a crash may be possible, it matches this with the driver evaluation gathered from the camera. If the driver doesn't appear to be paying attention it sounds a buzzer and warning light. If things progress and a crash becomes probable then it also tries to gain attention of the driver by quickly applying and releasing the brakes. At this point the car's pre-crash brake assist system is also readied. When a crash is judged to be unavoidable the safety system engages the brakes and seat-belts for the collision."

Moving from Requirements to Software Quality, the January 2010 issue of PragPub Magazine from Pragmatic Programmers, has an article that you should checkout: Rediscovering QA; Three Unusual Attributes for Software Quality Assurance by Chris McMahon.

PragPro Magazine is edited by Michael Swaine who was the long time editor of Dr. Dobb's Journal, giving PragPro the flavor of Dr. Dobb's in its hayday.

Also this week Walter Bright wrote a piece Patterns of Bugs, where he covers several common bug patterns he has encountered over the years. Take note of the articles comments as they point to some interesting sounding papers and tools. For example one of the commenter's, Kennn [SIC], to Walter's piece points out Andrew Koenig classic paper C Traps and Pitfalls, at Literate Programming.

Literate Programming is one of those things that sounds great in theory but I've personally seen it fall apart in practice. In a nutshell Literate Programming is where you write the documentation for the program, and that documentation is then transformed into executable code.

The Open Source schematic capture package gEDA was originally written in NOWEB (which has nothing to do with the Internet Web). Many people wanted to contribute to the gEDA project, but few wanted to be bothered to learn this obscure language. Only after NOWEB was abandoned in favor of straight C code did the project start to advance significantly.

Walter makes a case for creating an Open Source repository for bugs, where people can see the mistakes others have made. Add a rating system, as in which bug happens the most like, '=' rather than '==', and we have the makings for yet an other social networking site to consume our time, distract us from our goals in life, and make some extremely wealthy. Who wants in? :-)

Perhaps NASA's Lessons Learned site would be a good example? Contrast the space and aviation industry with how they learn from their mistakes and share the knowledge, with that of the medical industry, of hospitals and doctors, where they get to bury their mistakes. Those mistakes get covered up, literally and figuratively, so no one learns from them and they are repeated over and over. For inexplicable reasons my wife's hobbies are to collect medical and insurance horror stories, and there are more every day. She could make a career out of it if anyone paid for such a thing. I keep trying to get her to blog about it, but can't get her interested, so far.

Wonder if I'll void the remaining warranty by installing an old fashion low tech. toggle switch...

Sunday, January 2, 2011

US Math Education vs Russian Math Education

I've mentioned the pathetic US Math education system in the past, and given a couple of alternatives like Trachtenberg Speed System of Basic Mathematics and Kiss My Math.

Aleksey Nudelman had an interesting Guest View Editorial in the last weekly edition Software Development Times (It has gone to a monthly magazine format for 2011+, don't expect it to last long myself), Why public school math fails.

Aleksey young son had the opportunity to spend some time in the Russian school system. In their system mathematics is built from the basics of two plus two equals four, where each incremental concept builds on the last. This seems like a good way to learn just about anything. He then contrasts the US mathematics education system:

"...A random set of math topics is presented without emphasis on concept development.

The 'Everyday Mathematics' system is approved and recommended by the U.S. Department of Education; it presents mathematical topics in a random order and does not require students to master basic topics before they progress to more advanced ones.

In an open letter to the U.S. Department of Education in 1999, 200 mathematicians, including Nobel Prize and Fields Medal winners, argued that "Everyday Mathematics" should not be used because it does not follow a logical order of the pupil's math skills. Yet it continues to be used by many school districts across the U.S.

Many parents protest the 'Everyday Mathematics' curriculum adopted by our school district, but they have had no discernible effect. The only way to get it removed is for a group of parents to mount a district-wide campaign against the curriculum. Unfortunately, given the cost of the campaign, it is cheaper to send a child to a private school..."

Aleksey also gives us all something to think about when he was doing job interviews: "the majority of [Russian] candidates were easily able to solve a logical puzzle that had proved difficult for their American counterparts..."

In closing something worth regularly checking out is the English version of the Russian newspaper Pravda. Where else would you learn about the Three giant spaceships to attack Earth in 2012? I don't know about you, but I don't care who is flying them, I'm going to look up 'Scottie' and find out how they fly. :-). There is of course serious articles as well, such as Russian Government Mandates Shift from Microsoft to Linux by 2015. Sometimes you can find out what is really going on in this country by listening to Shortwave Broadcasts and reading foreign papers like Pravda.