India Software Brief group on LinkedIn has a post on protection from bad software. The actions to be taken by an outsourcer (the one getting the software developed) are all necessary acceptance checks. The problem is what happens when the acceptance checks fail? Sure, reject the product but what happens to rolling out the services that depend on getting this software?
Acceptance checks can provide assurance that bad software does not get accepted. It does not provide assurance that good software will be delivered.
Far better to check the outsoursee's processes and be assured that the final acceptance checks will not turn up serious deficiencies or defects. An incremental model of development, with actual functioning code delivered would give a better estimate of the progress. This, of course, requires that the outsourcer put resources to test each increment and give feedback.
A while back I posted my views about QA and QC. The outsourcer must verify the QA processes and, by providing feedback on each increment, become part of QC. I suspect the root cause of all outsourcing horror stories lie in not doing this.
31 March 2011
Cyber Weapons against Embedded Systems
Watch this video on Stuxnet.
I suppose the answer, for systems that can justify the additional cost, is not to use standard off-the-shelf hardware. The people who built stuxnet knew the details of the Seimens SCADA systems that run the centrifuges. They would also know the details of the centrifuges. Iran, like Pakistan, does not have the capability to build centrifuges. (India's nuclear programme, I think, does not require centrifuges.)
Not using standard hardware and firmware means building them in the country. Good news for Indian engineers.
Safety is one dimension of embedded software quality. Safety includes security against malicious attacks. Watch this webinar on security in eHealth.
I suppose the answer, for systems that can justify the additional cost, is not to use standard off-the-shelf hardware. The people who built stuxnet knew the details of the Seimens SCADA systems that run the centrifuges. They would also know the details of the centrifuges. Iran, like Pakistan, does not have the capability to build centrifuges. (India's nuclear programme, I think, does not require centrifuges.)
Not using standard hardware and firmware means building them in the country. Good news for Indian engineers.
Safety is one dimension of embedded software quality. Safety includes security against malicious attacks. Watch this webinar on security in eHealth.
25 March 2011
A Better Way of Putting it
A few days ago I posted on Optimization: Objectives and Constraints. Today I read Seth's post. He puts it much better.
Are there Bugs in our Society?
Breaking India is a book by Rajiv Malhotra. The book also has a discussion group breakingindia@yahoogroups.com. I am member of the group and it is quite surprising to note the paranoia that some of us have.
It is the author's thesis that "India's integrity is being undermined by three global networks". The one that the book deals with is "Dravidian and Dalit identity separatism being fostered by the West in the name of human rights". (The other two, with which the book does not deal, are Islamic radicalism linked with Pakistan, and Maoists and Marxist radicals backed by China.)
The Dalit and Dravidian situation are two fault lines of our society. It is a creation of our society. It is a defect in our society. It was created by us. It was not caused by some bug that came from outside. As with software, we must acknowledge that the defect is our creation; not the result of maliciousness of outsiders (or the stupidity of users).
It is the author's thesis that "India's integrity is being undermined by three global networks". The one that the book deals with is "Dravidian and Dalit identity separatism being fostered by the West in the name of human rights". (The other two, with which the book does not deal, are Islamic radicalism linked with Pakistan, and Maoists and Marxist radicals backed by China.)
The Dalit and Dravidian situation are two fault lines of our society. It is a creation of our society. It is a defect in our society. It was created by us. It was not caused by some bug that came from outside. As with software, we must acknowledge that the defect is our creation; not the result of maliciousness of outsiders (or the stupidity of users).
What is Redaction?
I was browsing through Michael Barr's post about the unintended acceleration problem in Toyota cars. He uses the term redaction/redacted at a number of places. It is a word that I had never come across. He explains the term in the second paragraph of his post but since I wanted to get to the details of likely defects in Toyota's software, I missed it. A Google look up led me to believe it meant a frame or a side-bar that one commonly finds in article and books. (Incidentally Hindu's series on WikiLeaks concerning India also mentions redaction by the Indian Embassy of the Indian Ambassador's statement.)
I downloaded Appendix A to NASA's report from NHTSA's site. When first I saw the document on the screen I thought there was some problem with my internet connection. It took me a couple of seconds to realize that those black boxes were redaction - plain and simple censoring. To me that appears very suspicious.
I have browsed through the post mentioned above and the subsequent post. Both posts deserve study. I strongly urge all those concerned with quality of large embedded software to study the posts.
I downloaded Appendix A to NASA's report from NHTSA's site. When first I saw the document on the screen I thought there was some problem with my internet connection. It took me a couple of seconds to realize that those black boxes were redaction - plain and simple censoring. To me that appears very suspicious.
I have browsed through the post mentioned above and the subsequent post. Both posts deserve study. I strongly urge all those concerned with quality of large embedded software to study the posts.
15 March 2011
acmet's Tools BU Should Have Hired Parsis
I am currently reading historian Ramachandra Guha's book, "A Corner Of A Foreign Field". As its subtitle says it is the Indian history of a British Sport. I am no fan of Mr. Guha, but I was asked by my brother not to pre-judge and read the book. I am currently progressing at a couple of pages a day. Not because of Mr. Guha's writing, which is excellent, nor the content, which he presents very well, but because I continue to be pre-occupied with caring for my mother, working out, exploring avenues for remunerative work, and drinking beer.
The book is a social history of cricket. Guha writes in the preface, "The making of modern India is its theme, with cricket serving merely as a vehicle, as my chief source of illustrative example". Though I have read just 56 pages, I recommend this book very highly.
Coming back to the subject of this post. People who have worked with me know the importance that I attached to a written record - Records of Discussion, Minutes of Meetings, Code reviews comments recorded by email, ... Now I know why it was so hard.
Guha says, " ... we, as a people, have a criminal indifference to the written record" (pg 46). He goes on to say, "Among the things borrowed by the Parsis from the British was a regard for facts". He mentions one Mr. Framji Patel who wrote a book that talked only of Parsi cricket and not Hindu cricket. The reason that the Mr Patel gave was that he would be "poaching on the preserves of my friend Mr. Telang, who, like a Rishi, has long contemplated writing a history of Hindu cricket".
Mr Guha's tongue-in-cheek comment: "This was a mistake, for Telang's book never appeared. Like a Rishi, the Hindu sportsman would operate only in the oral tradition".
The Tools BU had a lot of wannabe Rishis (some were even named Rishi:-).
The book is a social history of cricket. Guha writes in the preface, "The making of modern India is its theme, with cricket serving merely as a vehicle, as my chief source of illustrative example". Though I have read just 56 pages, I recommend this book very highly.
Coming back to the subject of this post. People who have worked with me know the importance that I attached to a written record - Records of Discussion, Minutes of Meetings, Code reviews comments recorded by email, ... Now I know why it was so hard.
Guha says, " ... we, as a people, have a criminal indifference to the written record" (pg 46). He goes on to say, "Among the things borrowed by the Parsis from the British was a regard for facts". He mentions one Mr. Framji Patel who wrote a book that talked only of Parsi cricket and not Hindu cricket. The reason that the Mr Patel gave was that he would be "poaching on the preserves of my friend Mr. Telang, who, like a Rishi, has long contemplated writing a history of Hindu cricket".
Mr Guha's tongue-in-cheek comment: "This was a mistake, for Telang's book never appeared. Like a Rishi, the Hindu sportsman would operate only in the oral tradition".
The Tools BU had a lot of wannabe Rishis (some were even named Rishi:-).
14 March 2011
Optimization: Objectives & Constraints
Optimization is maximizing a desired objective function subject to given constraint relations.
Hospitals have to make profit, otherwise they cannot grow, or buy new machines, or get better qualified (meaning more expensive) doctors. They must provide the best medical care and treat patients in a manner that does not offend the patient's dignity. Given that a hospital has positioned itself for a certain type of customer, in its day-to-day operation its charges are no longer a variable.
So what should be the objective function and what the constraint? Should it maximize profit under the constraint that patient care and handling does not fall below some minimum threshold? Or should it maximize the patient experience under the constraint of some minimum profit?
What of software companies? Should you maximize thruput (executable lines of code, function points) per person and minimize Quality (documentation, reviews, unit tests, ...) subject to the constraint that acceptance checks are passed? Or should you maximize Quality subject to the constraint of minimum thruput acceptable by the customer?
(True story: We once undertook work that the customer wanted done in 7 months. We said, we would deliver but without testing. The customer said that was okay as long as it was top quality. The project proceeded. After 7 months till about another 18 months all lived through interesting times.)
What we choose as objective and what we set as threshold for the constraints depends on how we see ourselves. It is what we are - and are not. It is about our values.
One objective is not intrinsically superior to another. What is important, however, is that objectives, and constraint limits, must be consistent through out the organization. That is what forms the culture of the organization.
Hospitals have to make profit, otherwise they cannot grow, or buy new machines, or get better qualified (meaning more expensive) doctors. They must provide the best medical care and treat patients in a manner that does not offend the patient's dignity. Given that a hospital has positioned itself for a certain type of customer, in its day-to-day operation its charges are no longer a variable.
So what should be the objective function and what the constraint? Should it maximize profit under the constraint that patient care and handling does not fall below some minimum threshold? Or should it maximize the patient experience under the constraint of some minimum profit?
What of software companies? Should you maximize thruput (executable lines of code, function points) per person and minimize Quality (documentation, reviews, unit tests, ...) subject to the constraint that acceptance checks are passed? Or should you maximize Quality subject to the constraint of minimum thruput acceptable by the customer?
(True story: We once undertook work that the customer wanted done in 7 months. We said, we would deliver but without testing. The customer said that was okay as long as it was top quality. The project proceeded. After 7 months till about another 18 months all lived through interesting times.)
What we choose as objective and what we set as threshold for the constraints depends on how we see ourselves. It is what we are - and are not. It is about our values.
One objective is not intrinsically superior to another. What is important, however, is that objectives, and constraint limits, must be consistent through out the organization. That is what forms the culture of the organization.
04 March 2011
Focus: Broad & Narrow
A few posts ago I commented on focus. Seth Godin calls it a The Simple Two Step Process.
Subscribe to:
Posts (Atom)