[SystemSafety] Automobile Emissions "Cheat" Devices
Les Chambers
les at chambers.com.au
Wed Jun 22 23:43:34 CEST 2016
Martyn
> I think it's immmoral to write safety critical software without a formal specification. How can I intervene effectively?
Martyn , my man, this is an excellent question!
Firstly, let me say that all I can see in your future is an eternal mortification of the flesh as you abominate the English (and the technological) countryside with your insistence that we all think harder. Don't you know that the real toil of thinking is to be avoided? especially if you can click on an app that will do it for you.
Why, just yesterday, I wrote three JavaScript switch statements with no code in the default slot. Hah! I have surrendered to sloth on the altar of getting a feature rich product out the door, and am feeling no pain (yet another example of the normalisation of deviance in my own head).
But seriously though ... My personal view is that the formal specification process is the domain of the virtuoso in our profession. This is precisely the thing that my suggested hard-core Jesuit/Jedi/MSF organisation could specialise in. Just imagine yourself turning up at the front gates of the US health care system, light sword in hand, intimidating them into professional development practices. What a rush!
In terms of modes of intervention. All I can offer is the following:
1. Build better Tools.
Support formal specification with smarter tools. I have to believe that if the same amount of intellectual intensity required to build a self driving car were applied to formal specification support, we would be further along with this problem than we are ... Though I grant you that this activity operates at the peak of the human intellect and is therefore hard to automate ... It also requires a detailed knowledge of the user's requirements, which is yet another stumbling block for the slothful unthinkers amongst us.
2. Indoctrinate the children.
Find children with an aptitude and a love of maths and science, and teach them the principles from birth, to the point where it resides more in muscle memory than in the frontal lobes ... To the point where a backward E or an upside down A appears on the page as a natural reaction rather than as the subject of conscious thought ... Much like Roger Federer's reaction to a tennis ball fired at him at more than 200 kilometres per hour.
Sidebar: An image from the first Star Wars movie has stuck in my head for decades. You may recall the scene where the young Jedi were being trained in light sabre combat with floating spheres called Remotes. Remotes fired laser pulses at the student. Luke Skywalker practised with one in transit to his adventure on the Millennium Falcon. The latest Star Wars movie alluded to the remotes. Hans Solo was checking out the Falcon, found languishing in a junkyard. He came upon a remote lying in dust on the floor, he briefly picked it up, glanced at it, and then cast it aside. I suspect that this is an excellent metaphor for what will happen to your formal specifications unless hard-core zealots such as yourself work harder on upping their usability and, as a result, cutting their cost.
3. Intimidate the capitalists and other technologically unwashed power brokers.
Bet on self interest, it's the only horse that's trying. If commercial interests don't get paid without a formal specification, they will build a formal specification. The requirement to produce one therefore needs to be attached to conditions of contract and be mandated in international standards that are called out in contracts. Are formal specs still called out in 61508 at SIL 4? I don't know, I can't afford to read it.
Further, an international engineering organisation with real power and no political or commercial affiliation can make the horses try harder, especially if ignoring them means career or financial loss or jail. I note that receiving a "visit" from a Jedi was a non-trivial event due to the destructive power they could wield in your "comfortable existence", if you ignored them. I recently saw the head of MSF instructing members of the United Nations to stop killing doctors. Unfortunately MSF's only real power lies in nonviolent protest - the ability to absorb evil to the point where it becomes obvious to all that it must be crushed - the Mahatma Gandhi/Nelson Mandela/Martin Luther King style approach.
All in all, I'd put it to you that the real toil of courage, discipline and intellectual effort is a class of flesh mortification that not everyone wishes to engage in. Back in the day, not everyone wanted to cloak themselves in black robes and float down dark rivers to convert the heathen (and get an arrow in their back for their pains - absorbing real or perceived evil often requires you to sacrifice your life). But there were (and are) a hard-core that did (and do). A modern metaphor is the astronaut. There will always be a hard-core. An Australian nurse who survived the C130 shelling of the MSF Hospital in Kunduz , Afghanistan recently told her story. I wondered at the courage of this lady and 'these people' in general. To all of them we owe our current comfortable middle-class existence.
It's true that formal methods are hard, but they are worthy of attention by our profession's hard-core. So if your moral outrage is strong, let it fuel your actions. I encourage you ignore the arrows and get on with them.
Les
From: systemsafety [mailto:systemsafety-bounces at lists.techfak.uni-bielefeld.de] On Behalf Of Martyn Thomas
Sent: Wednesday, June 22, 2016 1:26 AM
To: systemsafety at lists.techfak.uni-bielefeld.de
Subject: Re: [SystemSafety] Automobile Emissions "Cheat" Devices
On 21/06/2016 15:00, Les Chambers wrote:
Fundamentally the planet needs an organisation staffed with highly competent and internationally respected engineers, independent of government and commercial interests that can intervene when an organisation of any kind is about to do something immoral with technology.
I think it's immmoral to write safety critical software without a formal specification. How can I intervene effectively?
Martyn
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20160623/ac6e1b32/attachment-0001.html>
More information about the systemsafety
mailing list