[SystemSafety] Making Standards available .....

Philip Koopman Phil.Koopman at HushMail.com
Fri May 13 02:10:22 CEST 2016 

Les,

You might find some of the lectures here relevant and useful:
    http://www.ece.cmu.edu/~ece649/

You (and other instructors) are welcome to use the material with 
appropriate attribution.

Lectures 17-24 mostly cover safety and safety-related topics.  But many 
of the other lectures are relevant to creating safe software.
This course has been running for many years and is due for an overhaul, 
so I look forward to seeing other responses.   Best wishes for your 
excellent adventure!

Best,
-- Phil

On 5/12/2016 7:08 PM, Les Chambers wrote:
> Great conversation were having.
> There is an update on my excellent adventure to get functional safety taught
> at Queensland University.
> I had a positive chat with the head of School at an alumni function last
> night. Over finger food he agreed to talk to me about the prospect. He
> seemed like a good stick.
> So when I do turn up I'd like to have something positive to suggest. So if
> anyone on this list can help me, I'd appreciate it. My thoughts are as
> follows:
> - A curriculum for a semester course on functional safety (including any
> experiential advice on teaching the subject).
> - Any freely available teaching materials
> - A list of free reading resources on the Web.
> - A list of recommended texts for an undergraduate on this subject.
>
> I could put some time into finding this stuff myself, but it occurred to me
> that there are people on this list who are in the teaching business and can
> probably reel off answers from the top of their heads in a few seconds.
>
> A single semester may not sound like much to the zealots amongst us. I think
> York runs a major post grad programme on the subject. But overall I think it
> will have to start small, if it is to happen at all. My sense is that a
> short course should include lots of drama and case studies to leave an
> impression and feed a desire to look into this subject further. It would be
> especially compelling if linked to the process of getting a job.
>
> ---------------
> As a sidebar, Chris Hills asked me off-list where the Arabs told me to start
> reading the Quran. The answer is worth repeating to all. The section they
> bookmarked was Surat Maryam (Mary) XIX. It's the story of Mary and the
> virgin birth. It turns out that both the Christian and the Moslem faiths
> revere the same stories. I thank Chris for asking the question as it caused
> me to reflect. And, two years after the event, I had the revelation that in
> their wonderful oblique Arab way they were telling this infidel that,
> despite religious and cultural differences we are fundamentally the same.
>
> In the context of our discussion is relevant for to quote a paragraph from
> this section:
> 12. (It was said to his son): "O Yahya (John)! Hold fast the scripture [the
> Taurat (Torah)]." And We gave him wisdom while yet a child.
>
> Cheers
> Les
>
> -----Original Message-----
> From: systemsafety
> [mailto:systemsafety-bounces at lists.techfak.uni-bielefeld.de] On Behalf Of
> Peter Bernard Ladkin
> Sent: Thursday, May 12, 2016 1:45 PM
> To: systemsafety at lists.techfak.uni-bielefeld.de
> Subject: Re: [SystemSafety] Making Standards available .....
>
> On 2016-05-12 00:49 , Les Chambers wrote:
>> Some information has such societal benefit that it must be free.
> That's likely so, but I am not sure for a number of reasons that IEC 61508
> quite falls into that category. The phrase does capture, though, an
> anomalous situation which is not yet recognised by everyone on this list. I
> am gratified increasingly to see others such as Les and Thomas grasping the
> nettle firmly.
>
> I don't think the issue will go away. And I don't think it should go away.
>
> There is a document purporting to represent the state of the practice in the
> development of the E/E/PE parts of safety-critical systems. Nowadays, that
> is pretty much all safety-critical engineered systems.
>
> Getting safety-critical systems right is, um, critical. By which I mean
> socially critical. We have enough people ploughing their cars into groups of
> pedestrians that we don't need the cars to do it by themselves. Not to speak
> of what happens when Fukushima Daichi NPP floods.
>
> This document is of international legal significance. In many countries, it
> represents the touchstone for whether you are criminally prosecuted for a
> programmable-electrotechnical system failure which caused injury or death.
> In at least those countries, it also represents the criteria under which you
> (or your company) may be convicted by a court for unlawful killing.
>
> Pretty serious stuff. You'd think it would be a basic part of the education
> of any electrotechnical engineer. But it's not. The main reason is that most
> engineers and engineering professors, and pretty much all students, can't
> get hold of it.
>
> That is a fact which some people here are apparently unwilling to concede.
> They say: You can buy it (it'll only cost you a quarter of a new car). Your
> company can buy it. It's in the library. If it's not in the library, it's in
> one a train ride away. It's there. Make the effort.
>
> We could test the practicality of this suggestion easily. Let me propose the
> following game to someone who does not now have access to a copy either on
> hisher bookshelf or computer or through the company. I give out a clause
> number. You get a week to say here what that clause says. I'll give out
> numbers at the rate of one a day. Let's see how long this game lasts. I
> would guess not long enough for this list to violate copyright in any
> substantial way. [1]
>
> It is a basic principle in many countries that the law of the land is
> available in source to its citizens, either freely or at a nominal charge.
> Some would say that that is a basic principle of democracy (although not all
> countries are democratic, most like to claim that they are; it's seen as a
> Good Thing for rulers to have The People's Backing). Because of its status
> as a touchstone for prosecutions, IEC 61508 is one step removed from being a
> de facto law [2].
>
> Not all standards are alike. IEC 61508 is not like a standard for
> electrical-system sockets in buildings or for the plugs that fit them. The
> device itself is all you need to be able to check if it conforms, a
> phenomenon validated by business travelers the world over on a daily basis.
> But to check if kit conforms to IEC 61508 is a specialist professional skill
> which costs great expense to exercise. And, unlike plugs, retroactive
> conformance is all but impossible to ascertain.
>
> This situation is deliberately maintained by an elite. I am part of that
> elite. I am a volunteer worker on that standard. I'm very lucky. Germany
> basically lets anyone with appropriate technical background and sufficient
> motivation participate as a guest in standards committees. Thereby I have
> free personal access to what must amount by now to a six-figure-sum of
> intellectual property [3] [4] [5]. Most countries don't have comparable
> arrangements, and I didn't know about any of this when I chose to come here
> over two decades ago. Most professional engineers don't have such
> opportunity.
>
> People who are part of the elite don't think of themselves as such. I talk
> about matters concerning IEC 61508 with other members of the elite many
> times a week. It's like talking about the weather, our kid's schooling or
> suchlike. We all share the privilege. Such conversations are difficult to
> impossible on this list because most people don't have access. That is,
> access to the document which is supposedly the foundation of the
> professional activity of almost everyone here (except the aerospace,
> automotive and medical people).
>
> There is also the issue of technical quality. Quality through obscurity is
> about as effective as its companion, security through obscurity [6].
>
> The key questions are thus. Is this what we think is the best way to
> determine and exercise engineering best practice on system safety? If not,
> how can we improve it?
>
> PBL
>
> Footnotes
>
> [1] Let's also compare this game with that knowledge represented, say, by
> Bedford and Cooke's text on Probabilistic Risk Analysis or Birolini's text
> on Reliability Engineering. I'll give out a section number. You quote me the
> first two sentences of that section. That game, in contrast, would be
> pointless.
>
> [2] Its rail equivalents, CENELEC 50128 and 50129, actually are law in
> Germany.
>
> [3] And which, I assure German taxpayers, does get passed on to students who
> take our uni courses.
> Which will end, after fifteen years, probably permanently, in two months
> time. Some of those students and former students have contributed to the
> standardisation process in return. Thank you Chris Goeker, Hauke Kaufhold,
> Jan Sanders, Tim Schürmann and Bernd Sieker!
>
> [4] A data point. We once gave technical advice on a very specific piece of
> relatively simple, and small, physical kit which had gone wrong. Just
> obtaining the standards pertaining to that specific kit, its use,
> installation and maintenance, cost our clients a five-figure amount.
>
> [5] It is well protected. There is a blue folder which says I shall not give
> it to third parties, to whose conditions I have legally committed myself.
>
> [6] There are notable exceptions. William Kahan won the Turing Award for,
> amongst other things, his technical contributions to the IEEE standard 754
> on floating-point arithmetic for microprocessors ( See for example
> http://scholar.google.de/scholar_url?url=http://i-n-d-e-p-t-h.googlecode.com
> /files/IEEE754.pdf&hl=de&sa=X&scisig=AAGBfm3ZeM2pqTnY4wkwL68WLh_miz2U9Q&noss
> l=1&oi=scholarr&ved=0ahUKEwiH8uWdu9PMAhVJ2hoKHSeXCa4QgAMIKigCMAA
>    ). This standard, negotiated in committee during the 1970's by my
> grad-school pal Jerry Coonen who got his PhD for this work with Kahan, is of
> the very highest technical quality, as acknowledged clearly through Coonen's
> PhD with the then-leading math department in the world, and Kahan's award.
> That was my introduction to engineering standards. Nothing else has quite
> lived up......
>
> Prof. Peter Bernard Ladkin, Faculty of Technology, University of Bielefeld,
> 33594 Bielefeld, Germany Je suis Charlie
> Tel+msg +49 (0)521 880 7319  www.rvs.uni-bielefeld.de
>
>
>
>
>
>
>
> _______________________________________________
> The System Safety Mailing List
> systemsafety at TechFak.Uni-Bielefeld.DE
>


-- 
Phil Koopman -- Phil at Koopman.us -- www.ece.cmu.edu/~koopman

More information about the systemsafety mailing list