Re: over-automation with glass cockpits

From:         joachim@softouch.bc.ca (Joachim Achtzehnter)
Organization: Softouch Scheduling, Inc.
Date:         08 Aug 96 12:11:49 
References:   1 2 3 4 5
Followups:    1
Next article
View raw article
  or MIME structure

In article <airliners.1996.1598@ohare.Chicago.COM>,
Karl Swartz <kls@ohare.Chicago.COM> wrote:

> Francis Jambon replied to Don Shifris:
>
> > Airbus use a very clever way...
> > made of two computers of different architectures...
> > made by differents teams...
> > different manufacturers...
>
> You seem to have entirely missed the point...
>
> Far from being clever, the Airbus approach foolishly fosters a false
> sense of security.
>
> Boeing ... they spent the money saved on doing more
> rigorous review and testing of the software... but at least
> they didn't bet on an illusion of diversity.

This discussion would benefit if people dropped their respective biases
for or against Boeing/Airbus and US versus European aircraft manufacturers.

The real point is that a sensible approach to fault tolerance does both:
Use rigorous control over design and implementation with extensive test
programs, and try to limit common failure modes of redundant parts of the
system.

Using different people to build the redundant parts certainly REDUCES the
likelihood of common failure modes. I don't think anybody would claim
otherwise.

In terms of "illusion": both approaches can result in complacency if one isn't
careful. Neither rigorous control nor redundancy can guarantee 100% safety.
Both are useful to improve safety. So rather than jump on people with phrases
like "missing the point", "foolishly", etc. lets foster the open discussion of
diverse approaches to achieve safety.

Joachim

--
joachim@softouch.bc.ca (work)
joachim@wimsey.ca      (home)