There is a tried and true method that is used to avoid failure modes. When you build your LSI-11 computer systems, you used structured software development and unit level debugging. But you stated out a long time ago using machine code and fingerboned that machine code into the computer using toggle switches. Then you decided to write an assembler for the PDP8 and you debugged that. Next you build a compiler for the PDP11. Then came a macro language and you wrote your macro set. On and on through countless operating systems, intel chips, and visual based computer aided development tools, Java and TCP-IP, Routers, and switches, fiber optics, and multiplexers, a billion bugs were removed from all those layers, one layer after the next. Oh how soon you forget. Now you talk into your computer and I see your words on my computer screen without any spelling errors.
This is how a billion failure modes are removed from a system and a technology, one at a time over decades and lifetimes. On Wed, May 31, 2017 at 3:28 PM, Jed Rothwell <[email protected]> wrote: > Axil Axil <[email protected]> wrote: > >> A good engineer will imagine a billion ways in which an invention will >> fail so that invention is built to avoid all those failure modes. >> > It is not possible to avoid a billion failure modes, or even 100. A > product designed to avoid too many modes will not work. It will have so > many layers of protection they will interfere with one another. Early > designs for many products suffer from this problem. For example, a railroad > locomotive design on paper (that was never built) had spikes in the wheels, > and holes in the rails, to prevent slipping. This would never have worked > in the real world. > > You have to discover first whether a failure is possible, or plausible. If > it is not, a design to avoid that problem will itself be cause problems, > interfere with other functions, and add unnessary cost and complexity. For > example, suppose you imagine that cold fusion causes intense muon > radiation. You might take steps to avoid damage from this. These steps will > cost money, and they may interfere with the operation of the machine or > cause a safety problem. It is a fact easily established that cold fusion > does *not* cause muon radiation. This is an imaginary problem. So there > is no need for protection against it. Adding unnessary protection and > unwanted features to a product does not make it better. Keep doing this and > the product becomes unusable, and even dangerous. > > - Jed > >
