I'm beginning to see that big red EPO switch that sits in several places in the lab, now being placed in the center of the dash. Smack that switch and the only power left is emergency sources to steering and brakes (and whatever else I forgot) or the car "smarts"(computer) transforms over to the "limp home" mode to get you off those railroad tracks when the gates have you bracketed. Oh, I forgot our industrial designers that won't be able to stand any such atrocity looking like a giant pimple in the middle of the beautiful face (of death) The space shuttle used to have 3x redundancy. If one showed up as the odd man, it got shut off and the system went into alarm mode, and the humans had to pay attention, such as aborting the flight. The earlier shuttle computers were the same power as IBM XT's way into the 90's. - Bill
________________________________ From: Richard Nute <rn...@san.rr.com> To: ralph.mcdiar...@ca.schneider-electric.com Cc: EMC-PSTC@LISTSERV.IEEE.ORG Sent: Wed, February 24, 2010 5:23:24 PM Subject: Re: [PSES] Toyota In my Avalon as well as in Lexus, the ignition on-off is a push-button. Override "off" is to hold the button down for 3 seconds kinda like override off on your PC. I've had to do this on my PC, but I haven't tried it on the car yet. So, it would appear the ignition on-off is also a firmware system. Yesterday, a woman testified before Congress that, under uncommanded acceleration, she shifted the car to neutral and reverse with minimal effect. Is the transmission firmware controlled? On the other hand, Airbus planes are firmware controlled. At least three layers of redundancy. Which didn't help AF 447, an Airbus A330, when the computers were sent conflicting data. See: http://www.airsafe.com/plane-crash/air- rance-flight-447-airbus-a330-atlantic-ocean.htm Computers do lock up in the presence of conflicting data. On 2/24/2010 13:22, ralph.mcdiar...@ca.schneider-electric.com wrote: > > An emergency over-ride could be a simple as turning off the ignition, > but I'd add that it is not always that simple when a failure catches the > operator by surprise while in highway traffic. > > I think that all safety-critical functions (like accelerator or braking) > should be single-fault tolerant, but may not always be easy to implement. > _____________________________________ _______________________________________________ > > * > Ralph McDiarmid* | * Schneider Electric ** | Renewable Energies > Business* | *CANADA* | > > > - This message is from the IEEE Product Safety Engineering Society emc-pstc discussion list. To post a message to the list, send your e-mail to <emc-p...@ieee.org> All emc-pstc postings are archived and searchable on the web at: http://www.ieeecommunities.org/emc-pstc Graphics (in well-used formats), large files, etc. can be posted to that URL. Website: http://www.ieee-pses.org/ Instructions: http://listserv.ieee.org/request/user-guide.html List rules: http://www.ieee-pses.org/listrules.html For help, send mail to the list administrators: Scott Douglas <emcp...@socal.rr.com> Mike Cantwell <mcantw...@ieee.org> For policy questions, send mail to: Jim Bacher: <j.bac...@ieee.org> David Heald: <dhe...@gmail.com> - This message is from the IEEE Product Safety Engineering Society emc-pstc discussion list. To post a message to the list, send your e-mail to <emc-p...@ieee.org> All emc-pstc postings are archived and searchable on the web at http://www.ieeecommunities.org/emc-pstc Graphics (in well-used formats), large files, etc. can be posted to that URL. Website: http://www.ieee-pses.org/ Instructions: http://listserv.ieee.org/request/user-guide.html List rules: http://www.ieee-pses.org/listrules.html For help, send mail to the list administrators: Scott Douglas <emcp...@socal.rr.com> Mike Cantwell <mcantw...@ieee.org> For policy questions, send mail to: Jim Bacher <j.bac...@ieee.org> David Heald <dhe...@gmail.com>
