Safe Speed Forums

The campaign for genuine road safety
It is currently Fri Mar 29, 2024 13:08

All times are UTC [ DST ]




Post new topic Reply to topic  [ 65 posts ]  Go to page Previous  1, 2, 3, 4  Next
Author Message
PostPosted: Wed Jul 28, 2010 10:50 
Offline
User

Joined: Wed Jul 14, 2010 15:33
Posts: 115
dcbwhaley wrote:
Steve wrote:
We've recently had to do just that several times where I work (we get lumbered with stuff from closed design centres), and one of those was internal, undocumented code.

So have I and it isn't easy.

Quote:
Decent software engineers leave comments within their code to make it easier for others (and themselves) to pick up.

But if. as OP, is suggesting there is some nefarious secret code in the device it is hardly likely to be commented with "This is the bit where we deliberately put in inaccuracies so the the user can get more hits" is it? Any half decent engineer could hide it behind a maze of spaghetti code and computed goto's. Indeed, many less than half decent designers do that routinely to all their code :) .


You seem to be making assumptions that I did not make.

Simple question: if you have the source code for the device, do you know more about it, or less about it?

_________________
http://kalvis.com/


Top
 Profile Send private message  
 
PostPosted: Wed Jul 28, 2010 10:58 
Offline
User
User avatar

Joined: Wed Mar 30, 2005 13:55
Posts: 2247
Location: middlish
trakgalvis wrote:
Simple question: if you have the source code for the device, do you know more about it, or less about it?


more clearly.. but you still need to know what the requirements are to see if the implementation fulfills them


Top
 Profile Send private message  
 
PostPosted: Wed Jul 28, 2010 11:04 
Offline
Supporter
Supporter
User avatar

Joined: Thu Oct 16, 2008 13:45
Posts: 4042
Location: Near Buxton, Derbyshire
Quote:
It is important that we can check the black boxes used by the police, and a start would be to have the source code used by them:


I should have asked this before I started offering opinions but: why do you that it is important to see the source code? Is it because you feel that the design is imperfect and does not work properly, despite meeting the specification (which itself might not be adequate). Or do you suspect that there may be a back door in the code which allows the operator to deliberately falsify the results? Or something else more subtle?

_________________
When I see an adult on a bicycle, I do not despair for the future of the human race. H.G. Wells
When I see a youth in a motor car I do d.c.brown


Top
 Profile Send private message  
 
PostPosted: Wed Jul 28, 2010 11:10 
Offline
User

Joined: Wed Jul 14, 2010 15:33
Posts: 115
dcbwhaley wrote:
Quote:
It is important that we can check the black boxes used by the police, and a start would be to have the source code used by them:


I should have asked this before I started offering opinions but: why do you that it is important to see the source code? Is it because you feel that the design is imperfect and does not work properly, despite meeting the specification (which itself might not be adequate). Or do you suspect that there may be a back door in the code which allows the operator to deliberately falsify the results? Or something else more subtle?


My working assumption is that it is just bad, and the tests of it insufficient. I am not considering the more evil options at the moment.

_________________
http://kalvis.com/


Top
 Profile Send private message  
 
PostPosted: Wed Jul 28, 2010 11:13 
Offline
User

Joined: Wed Jul 14, 2010 15:33
Posts: 115
ed_m wrote:
trakgalvis wrote:
Simple question: if you have the source code for the device, do you know more about it, or less about it?


more clearly.. but you still need to know what the requirements are to see if the implementation fulfills them


Also you need to consider what the requirement ought to be for it to do its job.

_________________
http://kalvis.com/


Top
 Profile Send private message  
 
PostPosted: Wed Jul 28, 2010 11:40 
Offline
Friend of Safe Speed
Friend of Safe Speed
User avatar

Joined: Sun Sep 25, 2005 10:16
Posts: 7986
Location: Moved to London
dcbwhaley wrote:
So have I and it isn't easy.

It is true that invididuals may struggle (although not all individuals), but if the code was open to all then it would be easy for a group to club together and decode it.

dcbwhaley wrote:
But if. as OP, is suggesting there is some nefarious secret code in the device it is hardly likely to be commented with "This is the bit where we deliberately put in inaccuracies so the the user can get more hits" is it? ....

I don't think that was said.
I think the point is looking for something we suspect isn't there, or confirming something that has been claimed to be there.

For example, the expert witness (and ex MD of Tele Traffic) Frank Garrett has gone on record as saying the LTI doesn't trap slip errors on a static surface, but magically does on moving ones "because it’s not designed to measure stationary targets" – what? LIDAR? :lol:
Can you spot the obvious paradox within his claim? Finding the code that does that should be easy, should it actually exist!

_________________
Views expressed are personal opinions and are not necessarily shared by the Safe Speed campaign


Top
 Profile Send private message  
 
PostPosted: Wed Jul 28, 2010 11:45 
Offline
User

Joined: Wed Jul 14, 2010 15:33
Posts: 115
Steve wrote:
dcbwhaley wrote:
So have I and it isn't easy.

It is true that invididuals may struggle (although not all individuals), but if the code was open to all then it would be easy for a group to club together and decode it.

dcbwhaley wrote:
But if. as OP, is suggesting there is some nefarious secret code in the device it is hardly likely to be commented with "This is the bit where we deliberately put in inaccuracies so the the user can get more hits" is it? ....

I don't think that was said.
I think the point is looking for something we suspect isn't there, or confirming something that has been claimed to be there.

For example, the expert witness (and ex MD of Tele Traffic) Frank Garrett has gone on record as saying the LTI doesn't trap slip errors on a static surface, but magically does on moving ones "because it’s not designed to measure stationary targets" – what? LIDAR? :lol:
Can you spot the obvious paradox within his claim? Finding the code that does that should be easy, should it actually exist!


Also it is claimed that there are important differences (so more than just units etc) between the US and UK versions of the code. What are these differences, and why are they there?

_________________
http://kalvis.com/


Top
 Profile Send private message  
 
PostPosted: Wed Jul 28, 2010 15:24 
Offline
Gold Member
Gold Member
User avatar

Joined: Mon Mar 26, 2007 16:34
Posts: 4923
Location: Somewhere between a rock and a hard place
The reason I lean towards trakgalvis is because a major part of my job is programming computerised medical devices and I can’t tell you how many times a new unit comes out which makes me feel like I’m doing the beta testing. I would like to name and shame them, but I won’t.

They always, without fail, give us assurance that it is not a problem with their equipment when I find a problem but instead something I have done or the way I have programmed it.

I have to take it on the chin but when I download my ‘duff’ program into the very same unit for which a firmware upgrade/lobotomy has come out from 1.04 to 1.08 my program works and the fault has mysteriously disappeared.

Apart from filling in an incident report http://www.hse.gov.uk/riddor/ there’s nothing I can do to hold these wealthy companies to account. If we could pull the firmware or software apart in the same way you could with a car if Ford sold you a lemon I think that would be good.

With firmware I can’t tell them the fault, I can only tell them the effect which they can lie through their teeth about :x

_________________
The views expressed in this post are personal opinions and do not necessarily represent the views of Safe Speed.
You will be branded a threat to society by going over a speed limit where it is safe to do so, and suffer the consequences of your actions in a way criminals do not, more so than someone who is a real threat to our society.


Top
 Profile Send private message  
 
PostPosted: Wed Jul 28, 2010 21:06 
Offline
Life Member
Life Member

Joined: Sat Mar 27, 2004 13:50
Posts: 2643
dcbwhaley wrote:
I would be very surprised if you could extract much information from the bare source code, without cooperation from the design engineers.


Why? I've lost count of the number of times I've tracked down obscure bugs by careful analysis of the (often unfamiliar and poorly-commented) source code.

_________________
Only when ideology, prejudice and dogma are set aside does the truth emerge - Kepler


Top
 Profile Send private message  
 
PostPosted: Wed Jul 28, 2010 21:37 
Offline
Gold Member
Gold Member

Joined: Fri Sep 24, 2004 23:26
Posts: 9263
Location: Treacletown ( just north of M6 J3),A MILE OR TWO PAST BEDROCK
Big Tone wrote:
The reason I lean towards trakgalvis is because a major part of my job is programming computerised medical devices and I can’t tell you how many times a new unit comes out which makes me feel like I’m doing the beta testing. I would like to name and shame them, but I won’t.



Been in similar situations ,and would like to think that being medical kit , the problems werem't as acute .Problem is that possibly not enough testing for the not so obvious has been done, in the rush to get the kit out on the market ,so the poor bod ,usially in the field has to do the testing ,with little feedback - been there and had the tee shirt .( No digs at the design guys -ot's all at the markerting /sales or as most often the bean counting end -buy stuff at 5% lower =difference between a profit and covering design costs) .

Problem i feel with trakgalvis -think is his obsession with trying to get inside black boxes - ( like the guy who tilted at windmills) -the information is on a need to know basis -and from their opinion -do we need to know ?

_________________
lets bring sanity back to speed limits.
Drivers are like donkeys -they respond best to a carrot, not a stick .Road safety experts are like Asses - best kept covered up ,or sat on


Top
 Profile Send private message  
 
PostPosted: Wed Jul 28, 2010 21:42 
Offline
Friend of Safe Speed
Friend of Safe Speed
User avatar

Joined: Thu Mar 11, 2004 11:19
Posts: 1795
The lti-2020 has a serial interface. Wonder if it would be possible to make it dump a copy of its firmware?


Top
 Profile Send private message  
 
PostPosted: Wed Jul 28, 2010 22:35 
Offline
Supporter
Supporter
User avatar

Joined: Thu Oct 16, 2008 13:45
Posts: 4042
Location: Near Buxton, Derbyshire
teabelly wrote:
The lti-2020 has a serial interface. Wonder if it would be possible to make it dump a copy of its firmware?

Most programmable devices have means of preventing the code been read. I would be surprised if this device isn't protected in that way.

_________________
When I see an adult on a bicycle, I do not despair for the future of the human race. H.G. Wells
When I see a youth in a motor car I do d.c.brown


Top
 Profile Send private message  
 
PostPosted: Thu Jul 29, 2010 09:10 
Offline
Gold Member
Gold Member
User avatar

Joined: Mon Mar 26, 2007 16:34
Posts: 4923
Location: Somewhere between a rock and a hard place
botach wrote:
Big Tone wrote:
The reason I lean towards trakgalvis is because a major part of my job is programming computerised medical devices and I can’t tell you how many times a new unit comes out which makes me feel like I’m doing the beta testing. I would like to name and shame them, but I won’t.

Been in similar situations ,and would like to think that being medical kit , the problems werem't as acute.
I could tell you stories that would make your hair curl Botach; that's if you haven't heard some already from someone you know ;)

How something hasn’t come back to bite me I’ll never know; not because I am doing anything wrong or badly but because these systems fail and then, amongst other things, the patient has no means of attention calling. No attention calling = no nurse or carer will turn up to help them.

I don’t need to mention just how potentially life threatening that is which is why trakgalvis’s link about your life being literally in the hands of someone’s software/firmware particularly resonates with me.

There's a new piece of kit which just locks up when a certain function is used or under particular circumstances. But not since firmware upgrade 1.04 to 1.08. It's not good and should never have got to us before thorough testing by them – not us!

It’s an endless cycle of getting to know the bugs, quirks and work-arounds. It’s not good and I am powerless to do anything about it except complete another incident report, complain to to the manufacturer and get fobbed off...

_________________
The views expressed in this post are personal opinions and do not necessarily represent the views of Safe Speed.
You will be branded a threat to society by going over a speed limit where it is safe to do so, and suffer the consequences of your actions in a way criminals do not, more so than someone who is a real threat to our society.


Top
 Profile Send private message  
 
PostPosted: Thu Jul 29, 2010 09:52 
Offline
Gold Member
Gold Member
User avatar

Joined: Wed Dec 08, 2004 14:26
Posts: 4364
Location: Hampshire/Wiltshire Border
One effect of most new equipment being controlled by microprocessors is that manufacturers can release half-tested products knowing that that any latent faults can mostly be fixed later by an Internet update. In the old "hardware" days a recall was so costly that they used to make sure things were basically OK before launch.

This has encouraged a "race to market" to beat your competitors and has resulted in the scenario which you describe.

_________________
Malcolm W.
The views expressed in this post are personal opinions and do not represent the views of Safespeed.


Top
 Profile Send private message  
 
PostPosted: Thu Jul 29, 2010 14:55 
Offline
User

Joined: Wed Jul 14, 2010 15:33
Posts: 115
malcolmw wrote:
One effect of most new equipment being controlled by microprocessors is that manufacturers can release half-tested products knowing that that any latent faults can mostly be fixed later by an Internet update. In the old "hardware" days a recall was so costly that they used to make sure things were basically OK before launch.

This has encouraged a "race to market" to beat your competitors and has resulted in the scenario which you describe.


Also, if the market is the police, say, there is less feedback to correct problems.

_________________
http://kalvis.com/


Top
 Profile Send private message  
 
PostPosted: Thu Jul 29, 2010 15:02 
Offline
User
User avatar

Joined: Wed Mar 30, 2005 13:55
Posts: 2247
Location: middlish
malcolmw wrote:
One effect of most new equipment being controlled by microprocessors is that manufacturers can release half-tested products knowing that that any latent faults can mostly be fixed later by an Internet update. In the old "hardware" days a recall was so costly that they used to make sure things were basically OK before launch.

This has encouraged a "race to market" to beat your competitors and has resulted in the scenario which you describe.


are there any examples of this before microsoft started releasing buggy windows betas ?
(i like to have someone to blame yasee)


Top
 Profile Send private message  
 
PostPosted: Thu Jul 29, 2010 15:08 
Offline
User

Joined: Wed Jul 14, 2010 15:33
Posts: 115
ed_m wrote:
malcolmw wrote:
One effect of most new equipment being controlled by microprocessors is that manufacturers can release half-tested products knowing that that any latent faults can mostly be fixed later by an Internet update. In the old "hardware" days a recall was so costly that they used to make sure things were basically OK before launch.

This has encouraged a "race to market" to beat your competitors and has resulted in the scenario which you describe.


are there any examples of this before microsoft started releasing buggy windows betas ?
(i like to have someone to blame yasee)


Better to use LINUX!

_________________
http://kalvis.com/


Top
 Profile Send private message  
 
PostPosted: Thu Jul 29, 2010 18:56 
Offline
Supporter
Supporter
User avatar

Joined: Thu Oct 16, 2008 13:45
Posts: 4042
Location: Near Buxton, Derbyshire
ed_m wrote:
are there any examples of this before microsoft started releasing buggy windows betas ?


I don't think that there is much to be gained by comparing a consumer operating system with the VHDL code used in instruments such as the 20-20

_________________
When I see an adult on a bicycle, I do not despair for the future of the human race. H.G. Wells
When I see a youth in a motor car I do d.c.brown


Top
 Profile Send private message  
 
PostPosted: Thu Jul 29, 2010 20:35 
Offline
User
User avatar

Joined: Wed Mar 30, 2005 13:55
Posts: 2247
Location: middlish
dcbwhaley wrote:
ed_m wrote:
are there any examples of this before microsoft started releasing buggy windows betas ?


I don't think that there is much to be gained by comparing a consumer operating system with the VHDL code used in instruments such as the 20-20


i didn't think i was :)


Top
 Profile Send private message  
 
PostPosted: Thu Jul 29, 2010 23:05 
Offline
Gold Member
Gold Member

Joined: Fri Sep 24, 2004 23:26
Posts: 9263
Location: Treacletown ( just north of M6 J3),A MILE OR TWO PAST BEDROCK
[quote="malcolmw"]One effect of most new equipment being controlled by microprocessors is that manufacturers can release half-tested products knowing that that any latent faults can mostly be fixed later by an Internet update. In the old "hardware" days a recall was so costly that they used to make sure things were basically OK before launch.

This has encouraged a "race to market" to beat your competitors and has resulted in the scenario which you describe.[/quote

In the 80's I worked for a firm that did very nicely on maintenance contracts on a couple of firm's kit ,brought out to beat the opposition -one was software controlled ,the other was processor driven ,but all the faults were hardware -things like lock ups due to things like poor quality components ,static build-up etc etc .OK- one gave you wrong numbers -the other ,naming the product would name & shame ,but nothing life threatening( except to senior management :D to whom lack of comms is a major disaster) .

Just noticed a thingy from trakgalvis "Better to use LINUX" -problem is that both of these were pre Windows ,one used a processor used in well proven stuff -but the engineering was duff .

_________________
lets bring sanity back to speed limits.
Drivers are like donkeys -they respond best to a carrot, not a stick .Road safety experts are like Asses - best kept covered up ,or sat on


Top
 Profile Send private message  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 65 posts ]  Go to page Previous  1, 2, 3, 4  Next

All times are UTC [ DST ]


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You can post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group
[ Time : 0.029s | 13 Queries | GZIP : Off ]