On 10/29/2013 6:55 PM, Walter Bright wrote:
On 10/29/2013 5:54 PM, H. S. Teoh wrote:
Is there a third instalment, or is this it?
That's it.
The ideas are actually pretty simple. The hard parts are:
1. Convincing engineers that this is the right way to do it.
2. Convincing people that improving quality, better testing, hiring better
engineers, government licensing for engineers, following MISRA standards, etc.,
are not the solution. (Note that all of the above were proposed in the HN thread.)
3. Beating out of engineers the hubris that "this part I designed will never
fail!" Jeepers, how often I've heard that.
4. Developing a mindset of "what happens when this part fails in the worst way."
5. Learning to recognize inadvertent coupling between the primary and backup
systems.
6. Being familiar with the case histories of failure of related designs.
7. Developing a system to track failures, the resolutions, and check that new
designs don't suffer from the same problems. (Much like D's bugzilla, the test
suite, and the auto-tester.)
