On 6/1/2012 6:25 AM, Jacob Carlborg wrote:
On Friday, 1 June 2012 at 01:16:28 UTC, Walter Bright wrote:
[When I worked on flight critical airplane systems, the only acceptable
response for a self-detected fault was to IMMEDIATELY stop the system,
physically DISENGAGE it from the flight controls, and inform the pilot.]
Plane/computer:
ERROR ERROR, I just wanted to inform you that I've detected an error with the
landing gear. I will now disengage the landing gear from the plane, I hope you
do not need to land.
:)
I know you're joking, but the people who design these things have a lot of
experience with things that fail on aircraft, why they fail, and how to design a
system to survive failure.
And the record of airline safety speaks for itself - it is astonishingly,
unbelievably, good.
(I don't know the landing gear system in detail, but I do know it has multiple
*independent* subsystems to get it down and locked.)
