Re: Projects where people can die

Back-up systems.

Types of computing that can result in death:

some kind of controller of something physical
a system that produces data that people's exposure to something is based on
a system that produces information used to decide if something or somewhere is safe

In the latter two cases, the calculation is usually done off-line, with time for reflection becfore action. What's needed is independent back-up calculations to corobborate the first one.

In the first case, controllers of physical systems, it's controller malfunction that is the danger. You must have either back-up controllers that monitor the primary and can detect malfunction and take over, or else security measures that physically prevent the system from doing anything dangerous even if the controller instructs it to do so.

In other words, if peoples' lives are really at stake, it's back-up systems you want to demand. Personally I'd ask for one in Perl and another in another language on a separate box.

Forget that fear of gravity,
Get a little savagery in your life.

Comment on Re: Projects where people can die

Replies are listed 'Best First'.
Re^2: Projects where people can die by ptum (Priest) on Sep 07, 2006 at 20:32 UTC
I strongly concur with the idea of systemic redundancy. In the case of E911 location systems, for example, some of them are programmed with the notion of fallbacks, such that the appropriate Public Safety folks get a reasonably precise location where it is available, and a less precise one (along with information about its precision) when the most precise location is not available, continuing to fall back to less and less precise information. In general, if my life were at stake, I would prefer that your system be cross-checked by a robust set of independent production processes (and human agents) to maximize my chances (in addition to an exhaustive test suite).	[reply]

Replies are listed 'Best First'.

Re^2: Projects where people can die
by ptum (Priest) on Sep 07, 2006 at 20:32 UTC

I strongly concur with the idea of systemic redundancy. In the case of E911 location systems, for example, some of them are programmed with the notion of fallbacks, such that the appropriate Public Safety folks get a reasonably precise location where it is available, and a less precise one (along with information about its precision) when the most precise location is not available, continuing to fall back to less and less precise information.

In general, if my life were at stake, I would prefer that your system be cross-checked by a robust set of independent production processes (and human agents) to maximize my chances (in addition to an exhaustive test suite).

[reply]