| Thread overview | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
October 29, 2013 Everyone who writes safety critical software should read this | ||||
|---|---|---|---|---|
| ||||
 | https://news.ycombinator.com/item?id=6636811 I know that everyone is tired of hearing my airframe design stories, but it's obvious to me that few engineers understand the principles of failsafe design. This article makes that abundantly clear - and the consequences of paying no attention to it. You can add in Fukishima and Deepwater Horizon as more costly examples of ignorance of basic failsafe design principles. Yeah, I feel strongly about this. | |||
Permalink
ReplyOctober 29, 2013 Re: Everyone who writes safety critical software should read this | ||||
|---|---|---|---|---|
| ||||
 Posted in reply to Walter Bright | On Tuesday, 29 October 2013 at 20:38:08 UTC, Walter Bright wrote: > https://news.ycombinator.com/item?id=6636811 > > I know that everyone is tired of hearing my airframe design stories, but it's obvious to me that few engineers understand the principles of failsafe design. This article makes that abundantly clear - and the consequences of paying no attention to it. > > You can add in Fukishima and Deepwater Horizon as more costly examples of ignorance of basic failsafe design principles. > > Yeah, I feel strongly about this. Maybe you should write an article about "Failsafe Design Principles"? Some quick googleing did not turn up anything useful. Only horror stories and anti-examples. The only thing I found is a Star Wars reference [0], which gives the principle "Base access decisions on permission rather than exclusion". [0] http://emergentchaos.com/archives/2005/11/friday-star-wars-principle-of-fail-safe-defaults.html | |||
October 29, 2013 Re: Everyone who writes safety critical software should read this | ||||
|---|---|---|---|---|
| ||||
Posted in reply to qznc | On 10/29/2013 2:22 PM, qznc wrote:
> On Tuesday, 29 October 2013 at 20:38:08 UTC, Walter Bright wrote:
>> https://news.ycombinator.com/item?id=6636811
>>
>> I know that everyone is tired of hearing my airframe design stories, but it's
>> obvious to me that few engineers understand the principles of failsafe design.
>> This article makes that abundantly clear - and the consequences of paying no
>> attention to it.
>>
>> You can add in Fukishima and Deepwater Horizon as more costly examples of
>> ignorance of basic failsafe design principles.
>>
>> Yeah, I feel strongly about this.
>
> Maybe you should write an article about "Failsafe Design Principles"? Some quick
> googleing did not turn up anything useful. Only horror stories and anti-examples.
I wrote one for DDJ a few years back, "Safe Systems from Unreliable Parts". It's probably scrolled off their system.
| |||
October 29, 2013 Re: Everyone who writes safety critical software should read this | ||||
|---|---|---|---|---|
| ||||
Posted in reply to Walter Bright | On 10/29/2013 2:38 PM, Walter Bright wrote: > I wrote one for DDJ a few years back, "Safe Systems from Unreliable Parts". It's > probably scrolled off their system. http://www.drdobbs.com/architecture-and-design/safe-systems-from-unreliable-parts/228701716 | |||
October 29, 2013 Re: Everyone who writes safety critical software should read this | ||||
|---|---|---|---|---|
| ||||
 Posted in reply to Walter Bright | On Tue, Oct 29, 2013 at 02:38:38PM -0700, Walter Bright wrote: > On 10/29/2013 2:22 PM, qznc wrote: [...] > >Maybe you should write an article about "Failsafe Design Principles"? Some quick googleing did not turn up anything useful. Only horror stories and anti-examples. > > I wrote one for DDJ a few years back, "Safe Systems from Unreliable Parts". It's probably scrolled off their system. It's the first google result when searching for the title: http://www.drdobbs.com/architecture-and-design/safe-systems-from-unreliable-parts/228701716 T -- Freedom of speech: the whole world has no right *not* to hear my spouting off! | |||
October 29, 2013 Re: Everyone who writes safety critical software should read this | ||||
|---|---|---|---|---|
| ||||
Posted in reply to Walter Bright | On Tue, Oct 29, 2013 at 02:39:59PM -0700, Walter Bright wrote: > On 10/29/2013 2:38 PM, Walter Bright wrote: > >I wrote one for DDJ a few years back, "Safe Systems from Unreliable Parts". It's probably scrolled off their system. > > > http://www.drdobbs.com/architecture-and-design/safe-systems-from-unreliable-parts/228701716 This article refers to a "next instalment", but I couldn't find it. Do you have a link handy? T -- Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it. -- Brian W. Kernighan | |||
October 29, 2013 Re: Everyone who writes safety critical software should read this | ||||
|---|---|---|---|---|
| ||||
 Posted in reply to Walter Bright | On Tuesday, 29 October 2013 at 21:39:59 UTC, Walter Bright wrote:
> On 10/29/2013 2:38 PM, Walter Bright wrote:
>> I wrote one for DDJ a few years back, "Safe Systems from Unreliable Parts". It's
>> probably scrolled off their system.
>
>
> http://www.drdobbs.com/architecture-and-design/safe-systems-from-unreliable-parts/228701716
Good man yourself! I still can't get my head around the fact that companies fail to provide safety switches that either hand over the control (to humans) or at least disable the software based components completely by switching the machine off.
I always try to convince people (who don't program themselves) that they shouldn't trust software, especially when it comes to safety.
Well, it seems like your old Dodge (?) is still the safest option.
| |||
October 30, 2013 Re: Everyone who writes safety critical software should read this | ||||
|---|---|---|---|---|
| ||||
Posted in reply to H. S. Teoh | On 10/29/2013 3:16 PM, H. S. Teoh wrote: > On Tue, Oct 29, 2013 at 02:39:59PM -0700, Walter Bright wrote: >> On 10/29/2013 2:38 PM, Walter Bright wrote: >>> I wrote one for DDJ a few years back, "Safe Systems from Unreliable Parts". It's >>> probably scrolled off their system. >> >> >> http://www.drdobbs.com/architecture-and-design/safe-systems-from-unreliable-parts/228701716 > > This article refers to a "next instalment", but I couldn't find it. Do > you have a link handy? http://www.drdobbs.com/architecture-and-design/designing-safe-software-systems-part-2/228701618 | |||
October 30, 2013 Re: Everyone who writes safety critical software should read this | ||||
|---|---|---|---|---|
| ||||
Posted in reply to Chris | On 10/29/2013 3:20 PM, Chris wrote:
> Well, it seems like your old Dodge (?) is still the safest option.
:-)
| |||
October 30, 2013 Re: Everyone who writes safety critical software should read this | ||||
|---|---|---|---|---|
| ||||
 Posted in reply to Chris | On 29/10/13 23:20, Chris wrote:
> Good man yourself! I still can't get my head around the fact that companies fail
> to provide safety switches that either hand over the control (to humans) or at
> least disable the software based components completely by switching the machine
> off.
All too often, the reason why management decides to use software to perform tasks is because they don't trust their employees to do anything.
It's a mystery to me why they don't start by finding employees they _do_ trust ... :-)
| |||
Copyright © 1999-2021 by the D Language Foundation