Pivoting

Eric S. Raymond esr at thyrsus.com
Tue Apr 25 15:24:46 UTC 2017 

Mark, heads up - policy issue related to old GPS support.

Hal Murray <hmurray at megapathdsl.net>:
> 
> Stromeko at Nexgo.DE said:
> > Even if you only consider physical hardware, based on the  projected
> > lifetime of automotive qualified systems (15 years or longer)  you have to
> > expect a much longer actual lifetime in the field. 
> 
> ianbruene at gmail.com said:
> > 19:14 <ianbruene> One should always put a multiplier on one's
> > estimate of how long their code will be in use: code expected to
> > last for 5 years lasting 20 got us Y2K. ...
> 
> Right.  I think there are two issues tangled up here.
> 
> One is that there is a tradeoff between building in a long lifetime and 
> catching problems during a normal lifetime.  I'm not sure which is more 
> likely.  Consider what happens if a server gets fired up with a broken clock 
> and starts answering all requests with 1970.  Do you want to reject that, or 
> pivot it to 2036?

Well put, and good on you for putting your finger squarely on the dilemma.

I'm not sure which is more likely either.  In the absence of such
knowledge, my call is to (a) do the *simplest* possible thing - that
is, incur the least possible code complexity - and carefully document
our assumptions and the failure modes.

I also think we should continue trying to have insights about this problem,
but not bet on a breakthrough. And not try to solve it before 1.0; I rate
the risk from code destabilization higher than the gain until we're much
surer of our ground than we are now.

> The other is that there really is a 20 year rollover with old GPS units.  
> (Newer units have 13 bits.)  I think that turns into 3 choices:
>   Don't support really old GPS units.
>   Advertise the default lifetime.
>   Allow the user to specify the pivot time and/or life time, either at build 
> time or at run time or both.

This is where I'd like Mark to check in.  I think I'm changing my mind about
this, but there's a piss-off-legacy-users issue not to be lightly dismissed.

I used to think we needed to support all GPSes back to the beginning
of time.  But I think I was failing to separate expensive
high-precision reflocks (about which people do get cheesed off when
they fall out of support) from generic GPSes, which are now dirt-cheap and
effectively disposable.

Dirt-cheap and effectively disposable changes the tradeoffs, especially
with 13-bit week counters that make the service life 157 years.  I'm coming
around to the view that it's reasonable *given this combination of
circumstances* to disclaim support for old GPSes.

But I'm open to counterargument on that.
-- 
		<a href="http://www.catb.org/~esr/">Eric S. Raymond</a>

Please consider contributing to my Patreon page at https://www.patreon.com/esr
so I can keep the invisible wheels of the Internet turning. Give generously -
the civilization you save might be your own.

More information about the devel mailing list