[
Lists Home |
Date Index |
Thread Index
]
On Tue, 04 Jan 2005 19:43:05 -0700, Uche Ogbuji
<uche.ogbuji@fourthought.com> wrote:
> And just to clarify my "extraordinary" in the above sentence, it's not
> so much that I think of type bugs as completely mythical beasts, it's
> more my amazement that a single type-bug (or really any individual bug)
> could bring down such an aerospace system, since as we all know (and has
> been beaten to death in this thread), such systems typically build in
> layers and layers of redundancy.
I see the failure as partly due to poorly designed redundancy. The backup
system was close enough to identical to the primary system that it failed
for the same reasons in the same situation.
Someone sent a link earlier in this thread to an account of a series of
software based accidents with a radiation therapy machine. The final
solution was to put a hardware based dosimeter/shutoff in the radiation
stream. David posted some other good examples of redundancy in the
systems in his small plane.
I guess the main point is that effective redundancy should provide not
just duplicate systems, but rather two or more entirely different ways of
accomplishing the same thing.
---->N
--
.:||:._.:||:._.:||:._.:||:._.:||:._.:||:._.:||:._.:||:._.:||:._.:||:._.:||:.
|
