My first job was working in the aerospace industry, working for McDonnell Douglas (which is now part of Boeing). One tenet drilled into me during my tenure building military aircraft was the concept of “fail safe“. One example of a fail safe design is the control switch for the C-17 hydraulic pumps. The primary pump is directly connected to the engine, and is on by default. If the pilot wants to turn the pump off, he or she presses the button which applies power to the solenoid to disable the pump. Since hydraulic pressure is required to fly the plane, turning the pump off is an unusual condition, so active power is necessary to disable it. If any of the components in the chain fail, the pump stays on, which is the safest condition for the aircraft.
One question that this experience leads me to ask, during a design review is “how is this design fail safe”. But, this video reminded me of systems that are inherently in-stable and got me to thinking about fail safe processes. Which processes at work would go out of control without personal intervention?