On Fri, 12 Feb 1999 06:09:24 -0800 (PST) firstname.lastname@example.org writes:
>Ron Kean [email@example.com] wrote:
>>The date-related embedded chip problem is greatly overblown. There
>>reason why a date-sensitive maintenance monitoring system would be
>>knowingly designed to catastrophically shut down the power supply
>>because of a date discrepancy.
>Tell that to the Swedes; their software essentially said:
> if (year == '99')
> produce_power ();
>Luckily that was in their main control system rather than the
>systems, so they could just reset the date and keep running.
>But the biggest problem with this argument is the idea that software
>'knowingly designed' to act in this way. Software wasn't 'knowingly
>to fail in ten months from now, that's just an unexpected side-effect
>other design choices; few people expected it to still be running
>Most of the bugs I see are not 'knowingly designed' into the system,
>they're the consequence of plugging together software which has been
>designed to do one thing and also does others that no-one considered
>they dropped it into their system; for example, I was reading an
>while ago decrying the increasing use of C++ as people drop more and
>reusable objects into their Windows programs without understanding
>the objects actually do, and add many new bugs due to unexpected
>These controllers are knowingly designed to fail in certain ways when
>certain things happen. Whether anyone actually knows what those
>modes are or considered them when they built their system around
>controllers is another question entirely.
Thanks for pointing out that software which is patched and updated haphazardly over time, especially by programmers who may not have a comprehensive understanding of the software being modified and the application, is likely to have bugs.
The programs in embedded controller devices tend to be short and simple in comparison to high level control application software, and designed for a very limited function, such as condition and fault monitoring. It seems that the power generation and distribution system as a whole would grant very limited independent authority to embedded controllers, since the power companies would want maximum oversight and control to reside in generating plant control rooms and grid and switchyard control rooms. I concede that it's an open question as to just how much trouble will result from date-related problems in embedded controller devices.