From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,f948976d12c7ee33 X-Google-Attributes: gid103376,public X-Google-ArrivalTime: 2003-06-24 00:10:24 PST Path: archiver1.google.com!news1.google.com!newsfeed.stanford.edu!logbridge.uoregon.edu!arclight.uoregon.edu!wn13feed!wn12feed!worldnet.att.net!204.127.198.203!attbi_feed3!attbi.com!sccrnsc03.POSTED!not-for-mail Message-ID: <3EF7F94D.5080105@attbi.com> From: "Robert I. Eachus" User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0.2) Gecko/20021120 Netscape/7.01 X-Accept-Language: en-us, en MIME-Version: 1.0 Newsgroups: comp.lang.ada Subject: Re: Boeing and Dreamliner References: <3EF5F3F3.6000806@attbi.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit NNTP-Posting-Host: 24.62.164.137 X-Complaints-To: abuse@attbi.com X-Trace: sccrnsc03 1056438615 24.62.164.137 (Tue, 24 Jun 2003 07:10:15 GMT) NNTP-Posting-Date: Tue, 24 Jun 2003 07:10:15 GMT Organization: AT&T Broadband Date: Tue, 24 Jun 2003 07:10:15 GMT Xref: archiver1.google.com comp.lang.ada:39637 Date: 2003-06-24T07:10:15+00:00 List-Id: Hyman Rosen wrote: > The main problem was that the people who wrote this software > didn't leave any indication behind that it was valid only for > data which could be encountered by an Ariane 4. Pure and simple, > the Ariane 4 programmers left a buffer overflow bug in their > code, and the Ariane 5 people tripped over it. The fact that it > was in Ada helped not at all. First, wrong! The software was well documented. And since the programmers had appealed the decision not to protect that particular conversion with a local exception handler, it was a very well documented part of the design. But the tean that wrote the software never saw the Ariane 5 requirements, and the people who could have checked the SRI documentation against the Ariane 5 requirements didn't have access to the SRI documentation. Any attempt to put the two together would have resulted in a much bigger "Hey, wait a minute!" Since the control laws depended on Ariane 4 physical parameters. Changing the control law parameters to match the Ariane 5 was such a simple and obvious necessity, that it took almost Byzantine maneuvers to insure that it didn't happen. I was a boy in short pants when I saw the American space program learn this lesson the hard way. Not letting one contractor's employees talk to the other constractor's employees can cause bad things to happen. The particular case I had in mind though was a Navy vs. Air Force disconnect on the Polaris program. The Range Safety Officer at Patrick AFB was an Air Force Officer, but of course, some Polaris missile testing was done from Navy submarines. The test plan called for a missle to be launched at an angle to see if the guidance system could recover. As was expected the guidance system commanded the missle to loop. (When the missle attitude was too great, the only way to recover was to gain altitude then loop quickly. You can't throttle solid fuel rockets, and the nozzles on the original Polaris were fixed with the only directional control from internal deflectors.) The missle was almost out of the loop when the Air Force RSO destroyed it. My father was a consulting engineer (actually as a radar expert), and I got to spend a couple more days on the beach, which I didn't mind. But I still remember when my father came back to the motel and told us to start packing, the rest of the explosion was going to happen in the Pentagon. The test plans were of course classified, but some (hmmm, jackass is probably the politest term I heard used) had decided that the range safety officer did not need to know the test objectives. So we stopped in D.C. on the way north, and I gather that Rickover "went nuclear" when he found out what had happened. The "stem to stern" review security policies on the program found over a dozen cases where contractors were not considered to have need to know for key technical information. The example that made my father's job easier, was that the radar contractor finally found out what the radars were supposed to be tracking. (Uh, there's all that aluminum in the fuel, and the missile casing is wound fiberglass? No wonder we keep getting screwy velocity readings. We're tracking the exhaust. What was my father there to do? You guessed it. Figure out why the radars were getting incorrect velocity data...) For the record, AFAIK, my father never told me anything that was classified. But there were many cases where I could put two and two, and recently declassifed data together. Then, once I showed the declassified information to my father, I could get the inside story. The Polaris radar problem was one such case.