Reply by josephkk October 23, 20132013-10-23
On Tue, 22 Oct 2013 08:19:17 -0700, John Larkin
<jjlarkin@highNOTlandTHIStechnologyPART.com> wrote:


>On Tue, 22 Oct 2013 10:04:48 -0400, Phil Hobbs
><pcdhSpamMeSenseless@electrooptical.net> wrote:
>
>>On 10/21/2013 05:07 PM, Robert Baer wrote:
>>> Phil Hobbs wrote:
>>>> On 10/21/2013 02:24 AM, Anthony Stewart wrote:
>>>>> I first designed high reliability products for Aerospace in 1975
>>>>> using Mil-HBK-217. It was based on generic components with stress
>>>>> factors for environment, design stress levels or margin based on
>>>>> actual field reliability data..
>>>>>
>>>>> It is based on the assumption that the design is defect-free and
>>>>> proven by test validation methods and the material quality is
>>>>> representative of the field of data collected, which would be
>>>>> validated by vendor and component qualification. The overall =

product

>>>>> would be validated for reliability with Highly Accelerated Stress
>>>>> Screening (HASS) and Life Test (HALT) methods to investigate the =

weak

>>>>> link in the design or component.
>>>>>
>>>>> Failures in Test (FIT) must be fixed by design to prevent future
>>>>> occurrences and MTBF hours are recorded with confidence rates.
>>>>>
>>>>> The only thing that prevents a design from NOT meeting a 50 yr goal
>>>>> is lack of experience in knowing how to design and verify the above
>>>>> assumptions for design , material & process quality.
>>>>>
>>>>> You have to know how to predict every stress that a product will =

see,

>>>>> and test it with an acceptable margin requirement for aging, which
>>>>> means you must have the established failure rate of each part.
>>>>>
>>>>> This means you cannot use new components without an established
>>>>> reliability record. COTS parts must be tested and verified with
>>>>> HALT/HASS methods.
>>>>>
>>>>> In the end, pre-mature failures occur due to oversights in =

awareness

>>>>> of bad parts, design or process and the statistical process to
>>>>> measure reliability.
>>>>>
>>>>
>>>> The '217 methodology has been discredited pretty thoroughly since =

then,

>>>> though, as has the Arrhenius model for failures. (It's still in use,
>>>> because the alternative is waiting 50 years, but AFAICT nobody =

trusts

>>>> the numbers much. The IBM folks I used to work with sure don't.)
>>>>
>>>> It's pretty silly when your calculation predicts that reliability =

will

>>>> go _down_ when you add input protection components or a power supply
>>>> crowbar.
>>>>
>>>> Cheers
>>>>
>>>> Phil Hobbs
>>>>
>>>    Well....adding parts reduces OVERALL reliability due to the fact =

they

>>> can (and will) fail.
>>>    Some parts,when they fail can induce spikes or surges that will
>>> stress "protected" parts.
>>>    So, in some (specific) cases it is not silly.
>>>
>>
>>I find it very hard to believe that input protection networks increase=20
>>the field return rate.
>>
>>Cheers
>>
>>Phil Hobbs
>
>Hey, those current limiters on power output stages and those =

overtemperature

>shutdown circuits increase the FIT rates!


This discussion reminds me of a bit of conversation i once overheard.  =
The
discussion was about some new (back then) high energy density metallized
film capacitors.  The goal energy density was something like 20 mF*V per
in^3 at 400 V.  The manufacturer could make them with a lifetime of 200 =
to
300 hours.  The operational goal was 168 hours.  The problem arose when
the customer insisted on 168 hour burn-in on 100% of the parts.  After
burn-in they could no longer meet operational goals due to the limited
life.  IIRC the infant mortality period was something like 2 hours at 120
% rated voltage. Never did hear how it all worked out though.

?-)
Reply by Tim Williams October 23, 20132013-10-23
"josephkk" <joseph_barrett@sbcglobal.net> wrote in message 
news:vcue69t2iau9p97dtvgld4nki4185vknk4@4ax.com...

>>But, it was *really* disappointing to "discover" (d'uh!) that the
>>machine no longer could *retain* it's program image in the absence
>>of power!  Every startup now required IPL from secondary storage.
>> From the user's standpoint:  "Gee, that sucks!  Now, tell me again,
>>why is this an IMPROVEMENT??"
>
>That's not all; the new memory wasn't any faster or that much lower 
>power.
>A long time a go (~ 40 years) i worked on computer that used core with 
>120
>ns access time and 300 ns cycle time, faster than DRAM nearly 20 years
>later.


Which still hasn't changed much; RAS/CAS cycle times are around, erm, I 
see figures around 10ns.  Quite a bit less in absolute terms, but with CPU 
clock rates over a thousand times higher, it simply hasn't scaled 
accordingly.  I/O is even worse; one figure puts PCIe latency on the order 
of a microsecond (I forget if that's fractional or multiple us?), 
absolutely no different from the old ISA bus (8MHz, though only 8 bit).

Tim

-- 
Seven Transistor Labs
Electrical Engineering Consultation
Website: http://seventransistorlabs.com
Reply by josephkk October 23, 20132013-10-23
On Sun, 20 Oct 2013 09:47:09 -0700, Don Y <this@isnotme.com> wrote:


>Hi Tim,
>
>On 10/20/2013 2:37 AM, Tim Williams wrote:
>> "Don Y" <this@isnotme.com> wrote in message
>> news:l402nd$7gu$1@speranza.aioe.org...
>>> I worked on a "tester" for *core* memory for a US bomber in the
>>> late 70's.  Core?  WTF??  (actually, there are good reasons to
>>> use core -- size NOT being one of them!)
>>
>> I have some JAN microminiature tubes of recent production.  Good =

reasons,

>> yes... just not many! ;-)
>
>"Newer is always better", right?  :-/
>
>I remember the first semiconductor memory boards we used in Nova2's
>(or maybe 3's?).  Really cool to see all those (identical) chips
>in neat rows and columns (I think it was 4K on a 16x16 board?).
>
>[Of course, it had been similarly cool to see that fine "fabric" of
>cores on a similarly sized board!]
>
>But, it was *really* disappointing to "discover" (d'uh!) that the
>machine no longer could *retain* it's program image in the absence
>of power!  Every startup now required IPL from secondary storage.
> From the user's standpoint:  "Gee, that sucks!  Now, tell me again,
>why is this an IMPROVEMENT??"


That's not all; the new memory wasn't any faster or that much lower =
power.
A long time a go (~ 40 years) i worked on computer that used core with =
120
ns access time and 300 ns cycle time, faster than DRAM nearly 20 years
later.
Reply by josephkk October 23, 20132013-10-23
On Sat, 19 Oct 2013 18:22:03 -0700, Don Y <this@isnotme.com> wrote:


>Hi Joseph,
>
>On 10/19/2013 5:33 PM, josephkk wrote:
>> On Thu, 17 Oct 2013 08:32:15 +0100, Paul E Bennett
>
>>> I don't know where your utilities are based but I am certain that the=

 ones

>>> near me have all upgraded their systems over the years (just to cope =

with

>>> demands).
>>
>> Here we get into some of the interesting parts.  They do not replace
>> working gear without a really good reason.  Particularly if it =

involves

>> major investment in compatible equipment in some way.  Face it, =

rebuilding

>> refineries and such is very expensive.  And generally not done even
>> piecemeal.
>
>You replace preemptively when the cost of a *required* replacement
>(i.e., after a failure) exceeds the cost of the preemptive maintenance.


Unfortunately not so.  The relevant manager has her/his eye altogether =
too
closely on the quarterly figures that determine his/her bonus to do that.
That preempts the preventative maintenance.

>
>They replaced all the gas lines (*to* each residence as well as
>the feeds throughout the subdivision) here in the past year or two.
>(i.e., "piecemeal").


And it might have been the result of a PUC or Court order, both rather
non-negotioable.  It is amazing how the CA PUC suddenly developed some
teeth after the San Bruno disaster.

>
>The time involved was incredible!  A single residence would take
>the better part of a day (the crews had to leave the property
>looking the same as when they arrived).  So, there would be 6 or 8
>crews working the neighborhood at a time.  And, this went on for
>months!
>
>When they (later) came through to replace the mains (and upgrade
>them in the process), they first "located" all of the buried
>services (phone, CATV, electric, water, sewer) in the roadway.
>Then, cut "spy holes" through the asphalt and excavated down
>to expose each such service, verify its presence and its depth
>below grade.
>
>Then, they used a "horizontal drill" to burrow under the street
>while working to avoid each of these services whose path the drill
>would cross (from the time the service is exposed to the time it
>is reburied, it remains *their* liability).  While the drill could
>run ~700 ft in a day, all the prep work and followup work made it
>more like 50 ft per day, overall -- by the time the spy holes
>were all filled in, pipe sleeve shaded, etc.
>
>*Then*, they had to switch all those *new* residential "drops"
>over to the new feed and "abandon" the old feeder.
>
>I.e., this was a *huge* investment.  Yet, everything was "working"
>at the time it was undertaken.  Obviously, the concern was that
>a natural failure after several decades underground could easily
>cost them millions of dollars (if a gas leak followed a pipe into
>a residence and started a fire/explosion).
>
>The same is true of other utilities.  E.g., the City replaces
>water meters continuously (rotating schedule).  Failures can
>result in leaks.  *Or*, billing errors (often in the consumer's
>favor!).
>
>It's just a case of expected valuation:  is it cheaper to be
>proactive or reactive?  Do the math...
Reply by John Larkin October 22, 20132013-10-22
On Tue, 22 Oct 2013 10:04:48 -0400, Phil Hobbs
<pcdhSpamMeSenseless@electrooptical.net> wrote:


>On 10/21/2013 05:07 PM, Robert Baer wrote:
>> Phil Hobbs wrote:
>>> On 10/21/2013 02:24 AM, Anthony Stewart wrote:
>>>> I first designed high reliability products for Aerospace in 1975
>>>> using Mil-HBK-217. It was based on generic components with stress
>>>> factors for environment, design stress levels or margin based on
>>>> actual field reliability data..
>>>>
>>>> It is based on the assumption that the design is defect-free and
>>>> proven by test validation methods and the material quality is
>>>> representative of the field of data collected, which would be
>>>> validated by vendor and component qualification. The overall product
>>>> would be validated for reliability with Highly Accelerated Stress
>>>> Screening (HASS) and Life Test (HALT) methods to investigate the weak
>>>> link in the design or component.
>>>>
>>>> Failures in Test (FIT) must be fixed by design to prevent future
>>>> occurrences and MTBF hours are recorded with confidence rates.
>>>>
>>>> The only thing that prevents a design from NOT meeting a 50 yr goal
>>>> is lack of experience in knowing how to design and verify the above
>>>> assumptions for design , material & process quality.
>>>>
>>>> You have to know how to predict every stress that a product will see,
>>>> and test it with an acceptable margin requirement for aging, which
>>>> means you must have the established failure rate of each part.
>>>>
>>>> This means you cannot use new components without an established
>>>> reliability record. COTS parts must be tested and verified with
>>>> HALT/HASS methods.
>>>>
>>>> In the end, pre-mature failures occur due to oversights in awareness
>>>> of bad parts, design or process and the statistical process to
>>>> measure reliability.
>>>>
>>>
>>> The '217 methodology has been discredited pretty thoroughly since then,
>>> though, as has the Arrhenius model for failures. (It's still in use,
>>> because the alternative is waiting 50 years, but AFAICT nobody trusts
>>> the numbers much. The IBM folks I used to work with sure don't.)
>>>
>>> It's pretty silly when your calculation predicts that reliability will
>>> go _down_ when you add input protection components or a power supply
>>> crowbar.
>>>
>>> Cheers
>>>
>>> Phil Hobbs
>>>
>>    Well....adding parts reduces OVERALL reliability due to the fact they
>> can (and will) fail.
>>    Some parts,when they fail can induce spikes or surges that will
>> stress "protected" parts.
>>    So, in some (specific) cases it is not silly.
>>
>
>I find it very hard to believe that input protection networks increase 
>the field return rate.
>
>Cheers
>
>Phil Hobbs


Hey, those current limiters on power output stages and those overtemperature
shutdown circuits increase the FIT rates!


-- 

John Larkin                  Highland Technology Inc
www.highlandtechnology.com   jlarkin at highlandtechnology dot com   

Precision electronic instrumentation
Picosecond-resolution Digital Delay and Pulse generators
Custom timing and laser controllers
Photonics and fiberoptic TTL data links
VME  analog, thermocouple, LVDT, synchro, tachometer
Multichannel arbitrary waveform generators
Reply by Phil Hobbs October 22, 20132013-10-22
On 10/21/2013 05:07 PM, Robert Baer wrote:

> Phil Hobbs wrote:
>> On 10/21/2013 02:24 AM, Anthony Stewart wrote:
>>> I first designed high reliability products for Aerospace in 1975
>>> using Mil-HBK-217. It was based on generic components with stress
>>> factors for environment, design stress levels or margin based on
>>> actual field reliability data..
>>>
>>> It is based on the assumption that the design is defect-free and
>>> proven by test validation methods and the material quality is
>>> representative of the field of data collected, which would be
>>> validated by vendor and component qualification. The overall product
>>> would be validated for reliability with Highly Accelerated Stress
>>> Screening (HASS) and Life Test (HALT) methods to investigate the weak
>>> link in the design or component.
>>>
>>> Failures in Test (FIT) must be fixed by design to prevent future
>>> occurrences and MTBF hours are recorded with confidence rates.
>>>
>>> The only thing that prevents a design from NOT meeting a 50 yr goal
>>> is lack of experience in knowing how to design and verify the above
>>> assumptions for design , material & process quality.
>>>
>>> You have to know how to predict every stress that a product will see,
>>> and test it with an acceptable margin requirement for aging, which
>>> means you must have the established failure rate of each part.
>>>
>>> This means you cannot use new components without an established
>>> reliability record. COTS parts must be tested and verified with
>>> HALT/HASS methods.
>>>
>>> In the end, pre-mature failures occur due to oversights in awareness
>>> of bad parts, design or process and the statistical process to
>>> measure reliability.
>>>
>>
>> The '217 methodology has been discredited pretty thoroughly since then,
>> though, as has the Arrhenius model for failures. (It's still in use,
>> because the alternative is waiting 50 years, but AFAICT nobody trusts
>> the numbers much. The IBM folks I used to work with sure don't.)
>>
>> It's pretty silly when your calculation predicts that reliability will
>> go _down_ when you add input protection components or a power supply
>> crowbar.
>>
>> Cheers
>>
>> Phil Hobbs
>>
>    Well....adding parts reduces OVERALL reliability due to the fact they
> can (and will) fail.
>    Some parts,when they fail can induce spikes or surges that will
> stress "protected" parts.
>    So, in some (specific) cases it is not silly.
>


I find it very hard to believe that input protection networks increase 
the field return rate.

Cheers

Phil Hobbs

-- 
Dr Philip C D Hobbs
Principal Consultant
ElectroOptical Innovations LLC
Optics, Electro-optics, Photonics, Analog Electronics

160 North State Road #203
Briarcliff Manor NY 10510

hobbs at electrooptical dot net
http://electrooptical.net
Reply by October 21, 20132013-10-21
On Mon, 21 Oct 2013 13:07:06 -0800, Robert Baer
<robertbaer@localnet.com> wrote:


>Phil Hobbs wrote:
>> On 10/21/2013 02:24 AM, Anthony Stewart wrote:
>>> I first designed high reliability products for Aerospace in 1975
>>> using Mil-HBK-217. It was based on generic components with stress
>>> factors for environment, design stress levels or margin based on
>>> actual field reliability data..
>>>
>>> It is based on the assumption that the design is defect-free and
>>> proven by test validation methods and the material quality is
>>> representative of the field of data collected, which would be
>>> validated by vendor and component qualification. The overall product
>>> would be validated for reliability with Highly Accelerated Stress
>>> Screening (HASS) and Life Test (HALT) methods to investigate the weak
>>> link in the design or component.
>>>
>>> Failures in Test (FIT) must be fixed by design to prevent future
>>> occurrences and MTBF hours are recorded with confidence rates.
>>>
>>> The only thing that prevents a design from NOT meeting a 50 yr goal
>>> is lack of experience in knowing how to design and verify the above
>>> assumptions for design , material & process quality.
>>>
>>> You have to know how to predict every stress that a product will see,
>>> and test it with an acceptable margin requirement for aging, which
>>> means you must have the established failure rate of each part.
>>>
>>> This means you cannot use new components without an established
>>> reliability record. COTS parts must be tested and verified with
>>> HALT/HASS methods.
>>>
>>> In the end, pre-mature failures occur due to oversights in awareness
>>> of bad parts, design or process and the statistical process to
>>> measure reliability.
>>>
>>
>> The '217 methodology has been discredited pretty thoroughly since then,
>> though, as has the Arrhenius model for failures. (It's still in use,
>> because the alternative is waiting 50 years, but AFAICT nobody trusts
>> the numbers much. The IBM folks I used to work with sure don't.)
>>
>> It's pretty silly when your calculation predicts that reliability will
>> go _down_ when you add input protection components or a power supply
>> crowbar.
>>
>> Cheers
>>
>> Phil Hobbs
>>
>   Well....adding parts reduces OVERALL reliability due to the fact they 
>can (and will) fail.


That's true but these components will also prevent others from
failing.  That isn't what the reliability numbers show, however.


>   Some parts,when they fail can induce spikes or surges that will 
>stress "protected" parts.
>   So, in some (specific) cases it is not silly.


The numbers are silly and they way they're normally used is even
worse.  It's the old "be careful what you ask for because you're
likely to get it".
Reply by Robert Baer October 21, 20132013-10-21
Phil Hobbs wrote:

> On 10/21/2013 02:24 AM, Anthony Stewart wrote:
>> I first designed high reliability products for Aerospace in 1975
>> using Mil-HBK-217. It was based on generic components with stress
>> factors for environment, design stress levels or margin based on
>> actual field reliability data..
>>
>> It is based on the assumption that the design is defect-free and
>> proven by test validation methods and the material quality is
>> representative of the field of data collected, which would be
>> validated by vendor and component qualification. The overall product
>> would be validated for reliability with Highly Accelerated Stress
>> Screening (HASS) and Life Test (HALT) methods to investigate the weak
>> link in the design or component.
>>
>> Failures in Test (FIT) must be fixed by design to prevent future
>> occurrences and MTBF hours are recorded with confidence rates.
>>
>> The only thing that prevents a design from NOT meeting a 50 yr goal
>> is lack of experience in knowing how to design and verify the above
>> assumptions for design , material & process quality.
>>
>> You have to know how to predict every stress that a product will see,
>> and test it with an acceptable margin requirement for aging, which
>> means you must have the established failure rate of each part.
>>
>> This means you cannot use new components without an established
>> reliability record. COTS parts must be tested and verified with
>> HALT/HASS methods.
>>
>> In the end, pre-mature failures occur due to oversights in awareness
>> of bad parts, design or process and the statistical process to
>> measure reliability.
>>
>
> The '217 methodology has been discredited pretty thoroughly since then,
> though, as has the Arrhenius model for failures. (It's still in use,
> because the alternative is waiting 50 years, but AFAICT nobody trusts
> the numbers much. The IBM folks I used to work with sure don't.)
>
> It's pretty silly when your calculation predicts that reliability will
> go _down_ when you add input protection components or a power supply
> crowbar.
>
> Cheers
>
> Phil Hobbs
>

   Well....adding parts reduces OVERALL reliability due to the fact they 
can (and will) fail.
   Some parts,when they fail can induce spikes or surges that will 
stress "protected" parts.
   So, in some (specific) cases it is not silly.
Reply by John Larkin October 21, 20132013-10-21
On Mon, 21 Oct 2013 12:24:45 -0400, Phil Hobbs
<pcdhSpamMeSenseless@electrooptical.net> wrote:


>On 10/21/2013 02:24 AM, Anthony Stewart wrote:
>> I first designed high reliability products for Aerospace in 1975
>> using Mil-HBK-217. It was based on generic components with stress
>> factors for environment, design stress levels or margin based on
>> actual field reliability data..
>>
>> It is based on the assumption that the design is defect-free and
>> proven by test validation methods and the material quality is
>> representative of the field of data  collected, which would be
>> validated by vendor and component qualification.  The overall product
>> would be validated for reliability with Highly Accelerated Stress
>> Screening (HASS) and Life Test (HALT) methods to investigate the weak
>> link in the design or component.
>>
>> Failures in Test (FIT) must be fixed by design to prevent future
>> occurrences and MTBF hours are recorded with confidence rates.
>>
>> The only thing that prevents a design from NOT meeting a 50 yr goal
>> is lack of experience in knowing how to design and verify the above
>> assumptions for design , material & process quality.
>>
>> You have to know how to predict every stress that a product will see,
>> and test it with an acceptable margin requirement for aging, which
>> means you must have the established failure rate of each part.
>>
>> This means you cannot use new components without an established
>> reliability record.  COTS parts must be tested and verified with
>> HALT/HASS methods.
>>
>> In the end, pre-mature failures occur due to oversights in awareness
>> of bad parts, design or process and the statistical process to
>> measure reliability.
>>
>
>The '217 methodology has been discredited pretty thoroughly since then, 
>though, as has the Arrhenius model for failures.  (It's still in use, 
>because the alternative is waiting 50 years, but AFAICT nobody trusts 
>the numbers much.  The IBM folks I used to work with sure don't.)
>
>It's pretty silly when your calculation predicts that reliability will 
>go _down_ when you add input protection components or a power supply 
>crowbar.
>
>Cheers
>
>Phil Hobbs


Our gear is, in the field, many times more reliable than 217 or Bellcore
calculations, and the failures tend to be point issues, not random component
failures. Once noticed, most of the failures can be understood and the products
improved. So if our designs were perfect, MTBF would be much better than what we
are seeing.


-- 

John Larkin                  Highland Technology Inc
www.highlandtechnology.com   jlarkin at highlandtechnology dot com   

Precision electronic instrumentation
Picosecond-resolution Digital Delay and Pulse generators
Custom timing and laser controllers
Photonics and fiberoptic TTL data links
VME  analog, thermocouple, LVDT, synchro, tachometer
Multichannel arbitrary waveform generators
Reply by Phil Hobbs October 21, 20132013-10-21
On 10/21/2013 02:24 AM, Anthony Stewart wrote:

> I first designed high reliability products for Aerospace in 1975
> using Mil-HBK-217. It was based on generic components with stress
> factors for environment, design stress levels or margin based on
> actual field reliability data..
>
> It is based on the assumption that the design is defect-free and
> proven by test validation methods and the material quality is
> representative of the field of data  collected, which would be
> validated by vendor and component qualification.  The overall product
> would be validated for reliability with Highly Accelerated Stress
> Screening (HASS) and Life Test (HALT) methods to investigate the weak
> link in the design or component.
>
> Failures in Test (FIT) must be fixed by design to prevent future
> occurrences and MTBF hours are recorded with confidence rates.
>
> The only thing that prevents a design from NOT meeting a 50 yr goal
> is lack of experience in knowing how to design and verify the above
> assumptions for design , material & process quality.
>
> You have to know how to predict every stress that a product will see,
> and test it with an acceptable margin requirement for aging, which
> means you must have the established failure rate of each part.
>
> This means you cannot use new components without an established
> reliability record.  COTS parts must be tested and verified with
> HALT/HASS methods.
>
> In the end, pre-mature failures occur due to oversights in awareness
> of bad parts, design or process and the statistical process to
> measure reliability.
>


The '217 methodology has been discredited pretty thoroughly since then, 
though, as has the Arrhenius model for failures.  (It's still in use, 
because the alternative is waiting 50 years, but AFAICT nobody trusts 
the numbers much.  The IBM folks I used to work with sure don't.)

It's pretty silly when your calculation predicts that reliability will 
go _down_ when you add input protection components or a power supply 
crowbar.

Cheers

Phil Hobbs

-- 
Dr Philip C D Hobbs
Principal Consultant
ElectroOptical Innovations LLC
Optics, Electro-optics, Photonics, Analog Electronics

160 North State Road #203
Briarcliff Manor NY 10510

hobbs at electrooptical dot net
http://electrooptical.net