[
Lists Home |
Date Index |
Thread Index
]
On Thu, 30 Dec 2004 13:37:19 -0700, Uche Ogbuji
<Uche.Ogbuji@fourthought.com> wrote:
> Such scorn easily goes both ways. The next time I take a plane I'll
> cross my fingers that the fly-by-wire designers did not trust their
> event/response loop to cloistered queries written for a declarative
> engine designed by a grinning third party.
I find the airplane example interesting, since I just spent the
morning with my head stuck under an airplane cowling (burned-out
starter solenoid). Obviously, my Piper is fly-by-loose-cable rather
than fly-by-wire, but what makes airplane systems safe -- whether
they're mechanical or electronic -- is not error-free design and
implementation, but an enormous amount of redundancy.
The trick is to make sure that there are always at least two ways to
do most things (in a cheap plane like mine; sometimes dozens, in
commercial airliners) and that they are truly independent of
each-other. For example, even in my Piper Warrior, each of the four
engine cylinders has two separate spark plugs, connected to two
separate magnetos on the accessory drive at the back of the engine. I
have a heater in the static air source (used for altitude and
airspeed), and in case that fails to keep it clear, I have an
alternative static source inside the airplane. I have two fuel pumps
(one mechanical and one electric). I have two separate ways for air
to get into the carburetor in ice blocks one. I have two separate
gyroscopes for orientation when flying in cloud, one powered by
electricity and one powered by the vacuum pump on the engine accessory
drive. I can steer with the ailerons or the rudder; I can control
pitch with the stabilator or (awkwardly) the flaps; I can navigate
using the map and compass, ADF, VOR, DME, or handheld GPS. And so on.
The fancier electronic systems in airliners are designed much the same
way. Obviously, they're a little more reliable than our desktop
applications, but they're far from bullet-proof -- buy yourself an
aviation band scanner at Radio Shack and tune it to a local frequency
(especially ground control), and it won't take you long to hear even
big airliners reporting system failures of all kinds, in the air and
on the ground. They almost never cause trouble (beyond flight
delays), because the redundancy usually makes those failures
non-events, but it's nothing but crude overengineering that makes the
planes safe.
All the best,
David
--
http://www.megginson.com/
|
