In message <OF22225E14.C5328610-ON882576D4.007473C1-882576D4.00754859@US.Schneider-E lectric.com>, dated Wed, 24 Feb 2010, ralph.mcdiar...@ca.schneider-electric.com writes:
>An emergency over-ride could be a simple as turning off the ignition, >but I'd add that it is not always that simple when a failure catches >the operator by surprise while in highway traffic. I very strongly disagree with just turning off the ignition. We have read here abut different vehicles having different ignition switch 'features', and many lock the steering when the ignition is off. Also, the ignition switch itself may be a software-mediated function. I want a mechanical link (rod or Bowmen cable) to the throttle itself, with no intermediary. > >I think that all safety-critical functions (like accelerator or >braking) should be single-fault tolerant, but may not always be easy to >implement. That's the whole point, isn't it? EMI isn't a 'single fault' agent - it liable to cause several faults at once. -- OOO - Own Opinions Only. Try www.jmwa.demon.co.uk and www.isce.org.uk John Woodgate, J M Woodgate and Associates, Rayleigh, Essex UK I should be disillusioned, but it's not worth the effort. - This message is from the IEEE Product Safety Engineering Society emc-pstc discussion list. To post a message to the list, send your e-mail to <emc-p...@ieee.org> All emc-pstc postings are archived and searchable on the web at: http://www.ieeecommunities.org/emc-pstc Graphics (in well-used formats), large files, etc. can be posted to that URL. Website: http://www.ieee-pses.org/ Instructions: http://listserv.ieee.org/request/user-guide.html List rules: http://www.ieee-pses.org/listrules.html For help, send mail to the list administrators: Scott Douglas <emcp...@socal.rr.com> Mike Cantwell <mcantw...@ieee.org> For policy questions, send mail to: Jim Bacher: <j.bac...@ieee.org> David Heald: <dhe...@gmail.com>
