Maker Pro
Maker Pro

computer reliability

J

JosephKK

Robert said:
Whoever wrote the data entry program
should be strung up buy the balls for NOT checking
the validity of EVERY parameter entered during entry!
There is absolutely NO excuse!
The Rules of Operating System Design
#1 Applications must never crash the OS.
#2 APPLICATIONS MUST NEVER CRASH THE OS.

#3 applications must not crash other applications.
 
J

JosephKK

JeffM  wrote:
APPLICATIONS MUST NEVER CRASH THE OS.

miso@ sushi.com said:
It's really hard to arm chair analyze the BSOD.

You're not keeping up with the thread.
...and the fact that the term even exists and is widely recognized
is evidence that that platform is the wrong choice.

1) In 1997, the guided missile frigate USS Yorktown
was dead in the water for over an hour
because **an app** tried to divide by zero,
showing that OS (NT) is unsuitable for mission-critical operations.
The point is, on a properly-designed OS,
the *application* layer shouldn't be permitted to take down the OS,
thereby taking down the entire system it controls.

2) In 2010, the Deepwater Horizon was running NT
(again, shown unsuitable for mission-critical operations) and
was so unreliable that the operator disabled parts of the system.http://google.com/search?q="Deepwater.Horizon"+DrillWorks+%2BDrillWorks+-inurl:groups+-JeffM&hl=allhttp://www.oilandgasonline.com/product.mvc/DrillWorksPREDICT-0001
"DrillWorks software operates [only] on Windows 95/98/NT4.0"

The logical thing for that multi-billion dollar corp to have done was
1) Stop using the unreliable OS.
2) Select a reliable OS (to which they have the source code).
3) Hire someone to write an app that does the task
with the corp RETAINING FULL RIGHTS TO THE SOURCE CODE.

This isn't rocket surgery.

...and while Keith criticized my syntax, *he* did get my point.
Joel is leaning in the right direction too.
I've had usb soundcards lockup linux in the past.

Well, as an example, there's OpenBSD
which is widely known as an extremely stable platformhttp://google.com/search?q=OpenBSD+Theo+audits
...and if apps are open and written to POSIX standards,
they can be run on *many* platforms.

...but, when presented with a life-and-death situation,
people who go immediately to *Windoze* are clearly clueless.

The term buggy whip exists, but you hardly hear it mentioned these
days. BSODs used to be common, but with protected memory, they are
rare.

Yes the rate has declined, it is still too common.
BSD is no picnic either. You just don't hear much about it because it
is usually only used in servers, and servers don't tend to get a lot
of weird ass stuff attached to them. Servers run a very small subset
of the available software.

Wow, you are seriously misinformed here. Funky cards for interface to
strange, even one-off equipment, used to be normal in the BSD world.
The PLC world experimented with M$ compatability and found it more
trouble than they wanted. Worse the PLC world found that M$ front end
tools became popular but drivers were always problematic. Now the old
hats are gone and they are between a rock and a hard place. Consider
the security implications of that.
 
J

JosephKK

Found this recently:

++++++++++

Subject: Tech worker: 'Blue screen of death' on oil rig's computer

Gregg Keizer, *Computerworld*, 26 Jul 2010

A computer that monitored drilling operations on the Deepwater Horizon
had been freezing with a [BSOD] prior to the explosion that sank the
oil rig last April, the chief electrician aboard testified Friday at a
federal hearing.

In his testimony Friday, Michael Williams, the chief electronics
technician aboard the Transocean-owned Deepwater Horizon, said that
the rig's safety alarm had been habitually switched to a bypass mode
to avoid waking up the crew with middle-of-the-night warnings.

Williams said that a computer control system in the drill shack would
still record high gas levels or a fire, but it would not trigger
warning sirens, He also said that five weeks before the April 20
explosion, he had been called to check a computer system that
monitored and controlled drilling. The machine had been locking up
for months. You'd have no data coming through." With the computer
frozen, the driller would not have access to crucial data about what
was going on in the well.

The April disaster left 11 dead and resulted in the largest oil spill
in U.S. history.

==========

What can i say? MS Windows should not be used for safety critical
systems in any way.

Neither should Transocean. Odd that BP should have to pay for their
mistakes. I guess Transocean is too small to be worth suing.

Regards,
Martin Brown

The lawsuits are already there. Just not much mentioned.
 
G

Grant

Do you truly use anything that is not replicated in another OS?

Just the same, an OS that crashes over that is not worthy of the
appelation OS.

Try, throw, catch exceptions is relatively new in programming.

But...

MSFT's latest MSIE-9 demo code source has an empty exception handler.

So, ignoring the available error handling language constructs is as
bad as using the wrong language. Management possibly think they're
doing the right thing, but the reality is that code works with empty
exception handlers, as long as you don't test those exceptions :(

AFAIR the compiler doesn't report unhandled exception for an empty
handler.

So it all looks good for the reports. Fails in reality?

Grant.
 
G

Grant

Can and usually does are not the same. I would bet that i can run XP
for 1 year at a crack so long as i do not do nay updates (which always
require a reboot). In linux i have done nearly a year, but power
failure got in the way, and i could keep the system completely up to
date.

You wont get a year's uptime on WinXP if you *use* the system, and Win7
still needs regular rebooting to keep it happy. Larger memory and faster
CPUs hide the issues for longer these days.

And, MSFT is planning to build safe rebooting into the next windows
version. That is, one may hit the reset switch and the system will
reboot *without losing user data*. So much for MSFT uptime.

Linux only needs a reboot to install a new kernel, and, there's an
optional way around that too (see kexec).

Grant.
 
G

Grant

Found this recently:

++++++++++

Subject: Tech worker: 'Blue screen of death' on oil rig's computer

Gregg Keizer, *Computerworld*, 26 Jul 2010

A computer that monitored drilling operations on the Deepwater Horizon
had been freezing with a [BSOD] prior to the explosion that sank the
oil rig last April, the chief electrician aboard testified Friday at a
federal hearing.

In his testimony Friday, Michael Williams, the chief electronics
technician aboard the Transocean-owned Deepwater Horizon, said that
the rig's safety alarm had been habitually switched to a bypass mode
to avoid waking up the crew with middle-of-the-night warnings.

Williams said that a computer control system in the drill shack would
still record high gas levels or a fire, but it would not trigger
warning sirens, He also said that five weeks before the April 20
explosion, he had been called to check a computer system that
monitored and controlled drilling. The machine had been locking up
for months. You'd have no data coming through." With the computer
frozen, the driller would not have access to crucial data about what
was going on in the well.

The April disaster left 11 dead and resulted in the largest oil spill
in U.S. history.

==========

What can i say? MS Windows should not be used for safety critical
systems in any way.

Related story in latest comp.risks says they turned off the alarm
system at night so workers could sleep and not have to wake up for
the frequent false alarms at 3:30 :(

Grant.

Kind of a clue that some serious things were let to just slide. If i
managed a $100 million rig and there was some sloppy and safety
critical software like that, the programmer would be on the rig
troubleshooting it 24/7. And maybe his boss to boot.

But that's the point, no? Lots of places take the same risks, yet
they're only found out after disaster strikes. Risk management :(

I suppose BP and their contractors are still in front, if not,
they'll call on the govts to fix things, like the failing banks
did. We live in corrupt times.

Grant.
 
J

JosephKK

Try, throw, catch exceptions is relatively new in programming.
Only over 20 years old, i was using constructs of that nature by 1987.
Plus, i think it was standardized in "C" in 1999. Plus "assert" goes
all the way back to K&R days.
But...

MSFT's latest MSIE-9 demo code source has an empty exception handler.

So, ignoring the available error handling language constructs is as
bad as using the wrong language. Management possibly think they're
doing the right thing, but the reality is that code works with empty
exception handlers, as long as you don't test those exceptions :(

AFAIR the compiler doesn't report unhandled exception for an empty
handler.

So it all looks good for the reports. Fails in reality?

Grant.

Wouldn't know, i don't expect to ever test MSIE-9.
 
P

Paul Keinanen

Only over 20 years old, i was using constructs of that nature by 1987.
Plus, i think it was standardized in "C" in 1999. Plus "assert" goes
all the way back to K&R days.

Nested exception handling is nothing new, there was a complete chapter
about it in the VAX/VMS Architecture Handbook from the mid 1970's.
 
M

Martin Brown

I have never seen an OS, not even Windows crashed by an application
programmer divide by zero. I have seen multiuser VAXes brought to their
knees by naive undergraduate code transposing large arrays though. It
was still running just very very slowly with everything I/O bound.

Most minimal embedded kernels would survive this and if you are lucky
log it dump the registers and report the address where the exception
occurred for later fixing. One of the most expensive bugs ever was the
range checking exception handler on the Ariane 5 test launch 501:

http://en.wikipedia.org/wiki/Ariane_5#Notable_launches

The improved SRBs allowed it to go faster downrange and a 16 bit
integer conversion overflowed. It was doing a core dump down the booster
control telemetry channel that ultimately caused the explosion.
Only over 20 years old, i was using constructs of that nature by 1987.
Plus, i think it was standardized in "C" in 1999. Plus "assert" goes
all the way back to K&R days.

Dynamically scoped exception handling goes back a lot further than that.
PL/I in the late 60's had it and as a result of the trouble it caused
Ada went for statically scoped exception handling.

C++ probably took the throw and catch concept from Common Lisp which
also predates it. We were working on a compiler for CL in 1984 whilst
the standard was still in flux.

Statically scoped exception handling like in Ada was better and more
robust if you care about being able to understand large codebases.

A history of exception handling and sample user exception handlers in
various languages exists on Wiki, but the following comments are good:

http://www.csci.csusb.edu/dick/cs320/sebesta/14.html
Wouldn't know, i don't expect to ever test MSIE-9.

MS are a conundrum. Some of their practitioners have written eminently
sensible books on good industry practice like Steve McConnells code
complete. But still they have loads of buffer overruns and code where
debug asserts have other side effects. It is telling that code metrics
(which look for roughly the equivalent in code of dry solder joints in
hardware) are only in the most expensive industrial team versions of
their software and not in the educational, professional or hobby ones.

If you don't teach people to use the best available tools from the
outset they quickly acquire bad habits.

Regards,
Martin Brown
 
N

Nobody

Only over 20 years old, i was using constructs of that nature by 1987.
Plus, i think it was standardized in "C" in 1999.

C doesn't have try/catch; that's C++ (which first appeared in 1983 but
wasn't ratified as a standard until 1998, and exceptions were one of the
last features to be reliably implemented, which meant that programmers
often avoided using them).

The only "exceptions" in C99 are floating-point exceptions, which either
set a flag or generate a signal.

You can implement the equivalent of catch/throw in C using setjmp/longjmp,
but you have to maintain your own handler stack, and there's no way to
implement "finally".
 
Top