Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

This has been normal practice on airline computers for decades. The 757 used dual systems (the third being the pilot). Each channel:

1. used a different CPU architecture and brand 2. used different circuits 3. used different algorithms 4. used different languages 5. were developed by independent teams 6. with a third independent team to verify there were no inadvertent similarities

If the two channels disagreed, they were automatically electrically isolated, and the pilot was notified and was expected to take over.



And this is why the 757 systems failed far too often, because taking N-Modular Redundancy to this level causes a great deal of false positives.

For this reason it was rejected for use on the 777 by the FAA Chief Scientific and Technical Advisor for Flight Controls.

With regard to the 777 Flight Control System Design, "Bob Yeh" released a number of documents on the system.

http://www.citemaster.net/get/1472830e-8785-11e3-9b63-00163e...


I didn't know this. It makes sense, and the reference indicates they did some solid statistical work on the experiences with those methods.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: