Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I learned from working on aviation systems is that when a system enters an unknown state, it must be disabled and locked out.

In software, this is known as an assertion failure. When the assert trips, the program is, by definition, in an unknown state. A program cannot reasonably be allowed to continue in an unknown state - it may launch nuclear missiles. The only thing to be done is exit directly, do not pass Go, do not collect $200.



Thanks for posting this. I have worked on non critical flight software and thought that this philosophy might work well.

I wonder how easy the certification is for such software? For work I might have to write Do178 code in the future.


I use it in the software I write. I should do a presentation sometime about how the aviation industry should be influencing software development.


I would be very interested in that!


What if the plane is mid flight?


Engage the backup. Everything flight critical is dual.


It won’t be in mid-flight for much longer.


I like this mindset.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: