T45 - TOOTHLESS TIGER OR MAJOR HARDCORE WARSHIP??

[DingDong]

To all who frequent these hallowed pages: Has anyone here been part of the development of the Type 45?

What would you say about the class, is it under armed or is it about right.

I have a preconcieved idea, however i'm having to do a small presentation about it and wandered you would forward some comments

 

[Not_a_boffin]

Not been part of the design team on the ship, but have had to deal with the IPT & PCO from time to time. It's probably fair to say the following...

1. The AAW system should be the absolute mutts nuts in terms of performance. But - we should have bought the industry standard VLS (with the potential for a number of sensible weapons already integrated) and maintaining the SAMPSON will be a challenge. Why anyone would think that adding a rotating mechanical element to a radar that could be fixed (as SPY1 & EMPAR are) is beyond me.

2. Operating a 16 te helicopter (on the rare occassions it embarks) without a handling system is just barking.......I know it's going to mainly work with Lynx, but really. BTW the official line is that motions are so benign, it won't need a handling system - 16 tonnes of aircraft have a motion all of their own!

3. The ME fit is a disaster waiting to happen - and all because Buff bowed to pressure from Rolly's and mandated WR21. We now have a ship with unreliable, complex cycle turbines, backed up with 2 very small diesels that are no longer manufactured by wartsila. If RR sell more than a dozen WR21 I'll be astonished.

4. She could probably do with more weatherdeck. The RAS position is actually very good (except for ammo). Operating those Pacifics out of the funny little boat bay above the tumblehome will be interesting though.

5. Could have been worse - it could have been a modified 23!

 

[Prochnow]

The following is an interesting read on the 45...

http://www.theregister.co.uk/2004/09/06/ams_goes_windows_for_warships/

Being in the RNR my day job is IT support. I do have an overly nerdy interest in the 45s Command Operating systems. I think I can say with some conviction (12 years and a degree in information systems) that anyone with any ounce if IT support knowladge knows UNIX is far superior than any MS operating system in terms of performance, reliability, security and robustness. So regardless of what any "independent survey" says I'm frankly gob smacked that the RN would allow the Command Operating System to be Windows based.

Quoted in the above URL “Anyone with elementary knowledge of computer science can see that Microsoft Windows, as described here by Gates, is inherently insecure by design.†is – for me at least – fascinating.

 

[Shakey]

The Ops room is going to be running on Windows? For f*ck's sake! 8O

 

[andym]

does it have 32 pndrs and the odd carronade up front?

 

[FlagWagger]

The following is an interesting read on the 45...

http://www.theregister.co.uk/2004/09/06/ams_goes_windows_for_warships/

Being in the RNR my day job is IT support. I do have an overly nerdy interest in the 45s Command Operating systems. I think I can say with some conviction (12 years and a degree in information systems) that anyone with any ounce if IT support knowladge knows UNIX is far superior than any MS operating system in terms of performance, reliability, security and robustness. So regardless of what any "independent survey" says I'm frankly gob smacked that the RN would allow the Command Operating System to be Windows based.

As a professional safety engineer (not health and safety, but making sure things work correctly and safely) I don't have any pre-conceived reservations about which OS should or should not be used; however as a professional safety engineer I would expect to see a reasoned argued justification, in the form of a safety case, that failures within the OS cannot and do not affect safety (or functionality, reliability, availability or any other "-ility"). Sadly, from first hand experience of working with the developer, I don't think such an argument will be presented - it will more likely be "here it is - take it or leave it!".

Looking slightly deeper into the "why" of the switch; from reading the article, it appears that the drive to Windows has not been driven by technical requirements arising from the designers and/or customers, but is instead a result of AMS' (now BAeSystems) use of a sub-contract IT department's desire to remove all things "non-Windows". FFS, since when did design decisions get taken by sub-contract service suppliers?

This decision reflects two major problems with today's defence engineering approach:

1. There is a major ignorance within MessyBeast's organisation about the distinction between the systems that it is producing to supply to its customers and its own internal IT systems - while it may be reasonable to mandate MS for the latter on grounds of commercial efficiency, such restrictions must not be applied to the former without the consent of the design authorities.

2. With the virtual monopoly that MessyBeast has created for itself, I doubt whether the DPA has the necessary power, nor indeed the motivation, to insist that a sound engineering decision is instead of deferring to a commercial decision taken by a sub-contractor.

Quoted in the above URL “Anyone with elementary knowledge of computer science can see that Microsoft Windows, as described here by Gates, is inherently insecure by design.†is – for me at least – fascinating.

Security is not my concern, I'm more worried, nay scared, of the fundamental non-determinism of Windows (i.e. no-one, not even the MS designers, can predict with certainty what it will do) and as such it should not be allowed to be used within any system interfacing with a weapons system, especially not when such a system could support autonomous engagment.

 

[SailbadTheSinner]

Security is not my concern, I'm more worried, nay scared, of the fundamental non-determinism of Windows (i.e. no-one, not even the MS designers, can predict with certainty what it will do) and as such it should not be allowed to be used within any system interfacing with a weapons system, especially not when such a system could support autonomous engagment.

The ship will have to be covered by a safety case and the software will have to attain the appropriate SIL level

Nothing to see, move along

 

[Streaky]

When Windows goes wrong, will the phone call to the support department be charged at national rates, or premium?

 

[Levers_Aligned]

When Windows goes wrong, will the phone call to the support department be charged at national rates, or premium?

And, should a fault develop in the weapons IT package, will it take the remaining Platform Management System with it (assuming the two are compatible, interfaced and indeed, on the same version level.)

Levers

 

[SailbadTheSinner]

Not been part of the design team on the ship, but have had to deal with the IPT & PCO from time to time. It's probably fair to say the following...

1. The AAW system should be the absolute mutts nuts in terms of performance. But - we should have bought the industry standard VLS (with the potential for a number of sensible weapons already integrated) and maintaining the SAMPSON will be a challenge. Why anyone would think that adding a rotating mechanical element to a radar that could be fixed (as SPY1 & EMPAR are) is beyond me.

2. Operating a 16 te helicopter (on the rare occassions it embarks) without a handling system is just barking.......I know it's going to mainly work with Lynx, but really. BTW the official line is that motions are so benign, it won't need a handling system - 16 tonnes of aircraft have a motion all of their own!

3. The ME fit is a disaster waiting to happen - and all because Buff bowed to pressure from Rolly's and mandated WR21. We now have a ship with unreliable, complex cycle turbines, backed up with 2 very small diesels that are no longer manufactured by wartsila. If RR sell more than a dozen WR21 I'll be astonished.

4. She could probably do with more weatherdeck. The RAS position is actually very good (except for ammo). Operating those Pacifics out of the funny little boat bay above the tumblehome will be interesting though.

5. Could have been worse - it could have been a modified 23!

1. The design is lighter than radars such as SPY-1, allowing the radar to be higher, and extending the radar horizon. Note EMPAR also rotates

2. I was on the T45 IPT when this was being discussed. As I recall there was no handling system available at the time for Merlin other than PRISM - and that was deleted to save money

3. The engine competition was a joke. On paper WR21 should be excellent, we'll see....

4. RAS was carefully thought through - as were the replenishment routes
Ammo for the 4.5 has to go forward due to the superstructure shape. I doubt if they'll have to RAS 4.5 that often though. The boat bays are actually a lot larger than you might think - if I recall they can take 40ft boats. The handling gear was planned to be a combined davit/crane which should be safe and quick. Weatherdecks are bad for RCS - that is why there are hardly any.

5. No argument there! There is a fair amount of pullthrough from Type 23 - for example the command system.

 

[SailbadTheSinner]

When Windows goes wrong, will the phone call to the support department be charged at national rates, or premium?

And, should a fault develop in the weapons IT package, will it take the remaining Platform Management System with it (assuming the two are compatible, interfaced and indeed, on the same version level.)

Levers

IIRC PMS is separate from the command system and they are not interfaced (security accreditation)

 

[FlagWagger]

The ship will have to be covered by a safety case and the software will have to attain the appropriate SIL level

All pigs fed and ready to fly! SIL (the level is unnecessary by the way) is a target that defines how well the software will need to be written, it is not a number that can be applied retrospectively. If Windows has been pre-selected then any determination of SIL will be nugatory.

 

[Muffler]

The ship will have to be covered by a safety case and the software will have to attain the appropriate SIL level

Nothing to see, move along

Absolutely

I don’t see why anyone should have a problem with windows, what’s up with taking an existing product that will work on any computer system and adapting it to your needs.
In the long run it`s got to be better than developing a system from scratch that will give all sorts of teething troubles, go way over budget and have more bugs than an ole dog.

……

 

[FlagWagger]

The ship will have to be covered by a safety case and the software will have to attain the appropriate SIL level

Nothing to see, move along

Absolutely

I don’t see why anyone should have a problem with windows, what’s up with taking an existing product that will work on any computer system and adapting it to your needs.
In the long run it`s got to be better than developing a system from scratch that will give all sorts of teething troubles, go way over budget and have more bugs than an ole dog.

You aren't serious, surely? Windows is one of the most over-blown buggy pieces of software going; it has taken years, nay decades, to reach its current version and still the "Blue Screen of Death" is encountered.

When considering safety, the first thing a safety engineer will look for is that all possible failure modes of a system have been considered and either ruled out or an appropriate defence is engineered - ideally the failure mode is removed from the design, otherwise a barrier is engineered or where neither approach is appropriate a warning is given. The key thing, however, is that the design is understood from the perspective of function, i.e. what does my design do, and safety, i.e. what do I have to make sure it doesn't do. If we're talking weapons systems, then personally I think native Windows presents problems; if we're talking navigation then I have less of an issue but if we're only talking of the Wardroom comfort systems I couldn't give two hoots!

 

[SailbadTheSinner]

The ship will have to be covered by a safety case and the software will have to attain the appropriate SIL level

All pigs fed and ready to fly! SIL (the level is unnecessary by the way) is a target that defines how well the software will need to be written, it is not a number that can be applied retrospectively. If Windows has been pre-selected then any determination of SIL will be nugatory.

Nope

The SIL is a target which the system has to attain either directly or via risk mitigation measures

Anyway, this isn't windows XP we are talking about

And believe it or not Insyte are subjecting the CMS to very intensive testing along with MBDA

 

[FlagWagger]

The SIL is a target which the system has to attain either directly or via risk mitigation measures

Nope - the SIL is a target that an overall function needs to attain - I'll dig out my trusty copy of DEF STAN 00-56 Issue 2 (the proper one before it was emasculated to make it easier to meet) and get the precise definition if you wish.

Anyway, this isn't windows XP we are talking about

And believe it or not Insyte are subjecting the CMS to very intensive testing along with MBDA

Testing does not prove anything - design it correctly in the first place rather than relying on testing to remove the errors. If you're interested in the cost difference between building it right first time and having minimal testing versus the conventional buil-debug-rebuild-debug cycle, have a look at the paper written by Jim Sutton and Praxis Critical Systems (as was) on teh C130J Mission Computer (I think). There are a number of other good papers on the Praxis site that also demonstrate getting software, and by extension systems, right first time is not difficult - it just requires a degree of discipline that many in the UK engineering industry have now lost through the excessive application of successive cost-accounting/cost reduction initiatives that mean added value is sacrificed in favour of the lowest price

EurIng FlagWagger BSc MSc CEng MIET MSaRS

 

[SailbadTheSinner]

Testing does not prove anything

An interesting philosophy

I agree that getting the design right is important

But T45 is taking an an evolutionary approach. The Type 45 CMS is based on the T23 command system - we have decades of experience on that

Anyway, it is rather a shame that posters are already knocking equipment before it is even in service

 

[FlagWagger]

Testing does not prove anything

An interesting philosophy

I agree that getting the design right is important

And not one that is unique to myself - I'm an old school engineer who believes in that the current approach of getting the customers to do the product validation is wrong (I'm currently working in the nuclear safety field so this philosophy is essential to the health of my neighbours!).

But T45 is taking an an evolutionary approach.

Nooooooo! Design of safety critical systems cannot be based on an interative approach with any degree of confidence - safety must be considered from Day 0 and not considered as a bolt-on extra.

The Type 45 CMS is based on the T23 command system - we have decades of experience on that

Hmmm, I remember it took BAe Matra nearly 10 years after commissioning the first T23 to gain the necessary clearances to operate in a high-threat environment - I guess it'd be a real shame to waste all that development work undertaken by the RN

Anyway, it is rather a shame that posters are already knocking equipment before it is even in service

I'm not knocking the equipment per se, I do however have major reservations about the development approach - PM sent.

 

[Levers_Aligned]

Anyway, it is rather a shame that posters are already knocking equipment before it is even in service

Woah! Maybe a more critical, cynical approach is needed instead of the bog standard 'shut the **** up Jack ... it WILL work because we say so' approach. How many times have we had (and not just in IT/CMS environments) blank spaces in boxes and panels where 'it will be fitted later' or items switched off permanently because 'it never worked properly, anyway'. The idea (as you know ... I don't have to tell you) is to have a functioning platform, able to manouvre and defend itself in and out of the shite rather than an unreliable white elphant masquerading as 'the most modern, deadly warship ever built'. Type 23 spent a long time being labelled the Skoda Class Frigate because of it's low budget, low delivery shiteness. I'd like to know that for 600 rather large ones per hull, our fantastically rich compardes at BAE will give us a rather much needed replacement (not upgrade) for the Type 42. If we are using a derivitive of the most abused operating system on the planet, the confidence perhaps can be forgiven for being dented. If I go onto a T45 and speak to our surface picture operators of the future and they don't wrinkle their noses and say, 'it's shit', then I will be similarly pleased.

But you know what Jack is like ...

Levers

 

[Bernoulli]

Levers, check your PMs.