Cart
[Home] [By Thread] [By Date] [Recent Entries]
On Tue, 04 Jan 2005 19:43:05 -0700, Uche Ogbuji <uche.ogbuji@f...> wrote: > And just to clarify my "extraordinary" in the above sentence, it's not > so much that I think of type bugs as completely mythical beasts, it's > more my amazement that a single type-bug (or really any individual bug) > could bring down such an aerospace system, since as we all know (and has > been beaten to death in this thread), such systems typically build in > layers and layers of redundancy. I see the failure as partly due to poorly designed redundancy. The backup system was close enough to identical to the primary system that it failed for the same reasons in the same situation. Someone sent a link earlier in this thread to an account of a series of software based accidents with a radiation therapy machine. The final solution was to put a hardware based dosimeter/shutoff in the radiation stream. David posted some other good examples of redundancy in the systems in his small plane. I guess the main point is that effective redundancy should provide not just duplicate systems, but rather two or more entirely different ways of accomplishing the same thing. ---->N -- .:||:._.:||:._.:||:._.:||:._.:||:._.:||:._.:||:._.:||:._.:||:._.:||:._.:||:.
|
