| *** toscalix has joined #trustable | 07:50 | |
| *** iker has joined #trustable | 08:04 | |
| paulsherwood | https://trustable.io resolves to the gitlab pages page | 09:32 |
|---|---|---|
| paulsherwood | is shaun still on holiday? | 09:32 |
| iker | he is back | 09:33 |
| *** Shaun has joined #trustable | 09:41 | |
| Shaun | paulsherwood: Apologies my IRC didn't have freenode as auto join, back today so been doing some catchup reading | 09:43 |
| paulwaters_ | flatmush - standup? | 09:49 |
| flatmush | I guess, sorry was busy | 10:01 |
| paulwaters_ | ta | 10:02 |
| flatmush | STANDUP! Order: flatmush, iker | 10:03 |
| flatmush | ## Ben Brewer (flatmush) | 10:03 |
| flatmush | * Done | 10:03 |
| flatmush | - Attempted to upstream git patches, but the build cycle takes too long. | 10:03 |
| flatmush | - Started work on junctioned version of freedesktop-sdk based minimal-distro. | 10:03 |
| flatmush | * Doing | 10:03 |
| flatmush | - Read Olwens e-mails and respond | 10:03 |
| flatmush | - E-mail about current status of minimal-distro and any issues | 10:03 |
| flatmush | - Getting minimal-distro to build using freedesktop-sdk elements. | 10:03 |
| flatmush | ## Iker Perez (iker) | 10:03 |
| Shaun | iker is away from his desk so I'll go | 10:04 |
| Shaun | Also I'm back lol | 10:04 |
| Shaun | ## Shaun Mooney | 10:04 |
| Shaun | * Done | 10:04 |
| Shaun | - Drawn control model functional diagram | 10:04 |
| Shaun | - Pushed control diagram to repo | 10:04 |
| Shaun | * Doing | 10:04 |
| Shaun | - Project catchup | 10:04 |
| Shaun | * Next | 10:04 |
| Shaun | - Writing up autonomous car STPA | 10:04 |
| Shaun | - Losses and Hazards | 10:04 |
| Shaun | - Detail responsibilites and control actions | 10:04 |
| Shaun | * Issues | 10:04 |
| Shaun | - None | 10:05 |
| Shaun | ## Iker Perez ( iker ) | 10:05 |
| iker | * Done | 10:12 |
| iker | - Add gitect to av-stpa repo | 10:12 |
| iker | * Doing | 10:13 |
| iker | - Debug gitect code in av-stpa and minimal-distro repos | 10:13 |
| iker | - Understand Flatpak SDK | 10:13 |
| iker | - Analyse the way the minimal distro uses buildstream | 10:13 |
| iker | * Next | 10:13 |
| iker | - Change the way in which fredesktop is installed | 10:13 |
| iker | # Craig Griffiths? | 10:13 |
| flatmush | # Discussion | 10:14 |
| Shaun | _o_ | 10:14 |
| iker | __O_ | 10:15 |
| flatmush | STANDUP ENDS! | 10:15 |
| paulsherwood | Shaun: have you done a scan of prior art, to see if there is any existing STPA work we can benefit from? | 11:20 |
| paulsherwood | for example.... https://www.ipa.go.jp/files/000056813.pdf see second-last page | 11:29 |
| Shaun | paulsherwood: I have had a quick look but nothing in detail. I was going to look in more detail now I have my own initial diagram to see how they differ | 11:50 |
| paulsherwood | ack | 11:50 |
| paulsherwood | i think there is more detial in the mit diagram, so i suggest we modify ours to include it, and reference the original work in the commit? | 11:50 |
| paulsherwood | also i think i'm backtracking from my previous idea that the diagram for autonomous could be the same as normal vehicle | 11:52 |
| paulsherwood | arguably the mit diag is more like an existing design | 11:52 |
| paulsherwood | whereas for av, maybe that's too prescriptive (since those controllers might not be present in av - achieved in a different way perhaps) | 11:53 |
| paulsherwood | i think i've just said conflicting things :-) | 11:53 |
| Shaun | Yes I was wondering how much detail we should go in. I think there is a balance we need to strike between keeping it high level enough to allow users to have their own design i.e. not be too prescriptive, but it needs to include enough detail to actually be useful | 11:55 |
| paulsherwood | ack | 11:55 |
| paulsherwood | can dihaa render colours? would be nice to distinguish between control signals and feedback | 11:56 |
| Shaun | For example I'm not sure we need to get into air conditioning, but the idea of including electrical load into the design is something I hadn't thought, and a high level section for "electrics" is a good addition | 11:56 |
| Shaun | I don't think it can do colours on arrows | 11:56 |
| paulsherwood | awww | 11:56 |
| paulsherwood | Nancy Leveson mentioned yesterday an airline battery overheat problem... where one safety system detect smoke, but another shut down some functions (including that safety system) in the event of too much power drain... | 11:58 |
| paulsherwood | Shaun: presumably you have seen http://sunnyday.mit.edu/STPA-Primer-v0.pdf ? | 12:01 |
| Shaun | Shutting down safety systems doesn't seem too clever. I'll have a look for prior art and see how they include electrical safety. Did Nancy mention if they had done STPA on that airline battery problem? | 12:02 |
| paulsherwood | she didn't, but it was an actual incident, made the news, so i would expect stpa had not been done | 12:03 |
| Shaun | I've got that PDF but haven't read through it yet, it points you to read the handbook and the actual first | 12:06 |
| paulsherwood | :) | 12:06 |
| paulsherwood | but it also provides a tutorial, which i would expect to be helpful in learning the method | 12:07 |
| Shaun | Yes the tutorial seems extremely useful | 12:08 |
| * paulsherwood wonders if there's an explicit convention in STPA diagrams that control goes down, feedback goes up | 12:19 | |
| * Shaun has seen them go sideways | 12:20 | |
| Shaun | but hasn't seen any feedback go down or control actions go up | 12:21 |
| paulsherwood | ack | 12:21 |
| Shaun | I do think it's explicitly written that control should flow down, with a hierarchy of controllers. For example the diagrams including government and legislation have the president or congress at the very top and an employee completing a task near the bottom, with a management structure inbetween | 12:27 |
| paulsherwood | ack | 12:43 |
| * paulsherwood notices that Shaun should have offered a MR of losses... | 12:48 | |
| * Shaun adds MR | 13:05 | |
| Shaun | I've just added the .md with a list of hazards and losses. I'll add an issue to generate a pdf from that and the diagram | 13:05 |
| * paulsherwood adds comments | 13:11 | |
| * paulsherwood wonders if there's any way to get the ci to actually report some gitect evidence, rather than just say 'it ran' | 13:12 | |
| paulsherwood | Shaun: just fix the s/breaking/braking/ and i'll approve | 13:35 |
| Shaun | paulsherwood: +1 to your comment about a small list to begin with. The list of losses is largely from one of their examples, and the material seems to say start small then expand later on | 13:38 |
| Shaun | I've just updated the spelling mistake | 13:38 |
| paulsherwood | sorry... pls comment on what is environmental loss? | 13:39 |
| Shaun | "Environmental impact" would probably be more appropriate | 13:41 |
| paulsherwood | what kind of thing are you meaning? | 13:42 |
| Shaun | Excessive fumes I guess would be the big one, or just generally driving in an eco way (no excessive accelerating for example). Again this was on their list, and it seemed a good idea to include. Once we expand on the hazards it might turn out that non of them are linked to this loss, but I thought it was worth having on the list. | 13:47 |
| Shaun | Which makes me realise the hazards list is incomplete because I haven't done the link to losses | 13:47 |
| Shaun | i.e. put which losses each hazard could lead to | 13:47 |
| paulsherwood | ok pls fix that and restate as impact, and *then* i'll approve :) | 13:51 |
| Shaun | will do | 13:51 |
| Shaun | pushed the updated. To be honest, I'm not 100% sure of the loss list, as it seems like most hazards *could* lead to all of the losses, but I've just followed their examples and I guess it will become more obvious what's important to list as we get better at STPA | 14:20 |
| paulsherwood | Shaun: you need to decide... L-1 or L1 etc | 14:21 |
| Shaun | paulsherwood: oops. fixed | 14:24 |
| * paulsherwood squashes and merges | 14:36 | |
| paulsherwood | iker: pipeline failed? | 15:09 |
| iker | I am adding a new test to the branch | 15:09 |
| iker | it will test the markdown text, it has some bugs that I need to fix | 15:10 |
| iker | but the previous version should be ok | 15:10 |
| *** paulwaters_ has quit IRC | 15:23 | |
| *** toscalix has quit IRC | 16:14 | |
| *** Shaun has quit IRC | 16:52 | |
| *** iker has quit IRC | 16:54 | |
Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!