My first job was working in the aerospace industry, working for McDonnell Douglas (which is now part of Boeing). One tenet drilled into me during my tenure building military aircraft was the concept of “fail safe“. One example of a fail safe design is the control switch for the C-17 hydraulic pumps. The primary pump is directly connected to the engine, and is on by default. If the pilot wants to turn the pump off, he or she presses the button which applies power to the solenoid to disable the pump. Since hydraulic pressure is required to fly the plane, turning the pump off is an unusual condition, so active power is necessary to disable it. If any of the components in the chain fail, the pump stays on, which is the safest condition for the aircraft.
One question that this experience leads me to ask, during a design review is “how is this design fail safe”. But, this video reminded me of systems that are inherently in-stable and got me to thinking about fail safe processes. Which processes at work would go out of control without personal intervention?
The F/A-18 airframe is inherently instable. The flight control system keeps it flying straight. Obviously, in this example, multiple systems failed and thank goodness the pilot ejected safely. However, this gives an example of an inherently instable process that is held in place by a flight control system. The flight control system fails, the aircraft crashes.
At work, our bug management process is inherently instable. If the individuals on the change control board don’t play their role, then generally bugs will not be fixed. This is something that I should rethink. Also, what other processes are not fail safe?