James Lux, P.E. Task Manager, SOMD Software Defined Radios Flight Communications Systems Section Jet Propulsion Laboratory 4800 Oak Grove Drive, Mail Stop 161-213 Pasadena, CA, 91109 +1(818)354-2075 phone +1(818)393-6875 fax
> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Mike Monett > Sent: Thursday, October 16, 2008 3:51 PM > To: time-nuts@febo.com > Subject: Re: [time-nuts] Frequency Stability of Trimble Mini-T > > "Lux, James P" <[EMAIL PROTECTED]> wrote: > > [...] > > > Even without TMR or other similar schemes, the probability of > > upset IS pretty low. However, as Black or Scholes said (I can't > > remember which), "One should not confuse very low probability with > > impossible". If it absolutely, positively can't take any hit, then > > some more work is involved. > > > James Lux, P.E. > > How do you do that? Any web links to study? Do what? Drive the rates really, really low? There's a whole literature of failure tolerance where you trade off probability of failure in a box against how many boxes against failures in the voting mechanism, etc. Then, there's the whole class of algorithms pertaining to the "Byzantine Generals Problem" (unreliable, uncooperative actors communicating by unreliable links) > > As far as I know, it is impossible to absolutely guarantee against > metastability. Do you wait a week for the metastability to settle? > > If zero probability of failure is so important, you would also have > to include the probability of a solder joint opening, or a chip > failing due to metal migration or latent ESD damage. That is never > zero. Indeed.. That's what the whole shake and bake and egregious margin testing is all about for flight hardware. You hope that the testing will find the latent defects. If you're sending it to Jupiter, you don't get a chance to get it back for repair. And, when you're only building one unit, all the statistics in the world saying that it's a 1E-6 or 1E-12 chance of failure doesn't necessarily give the folks at the launch readiness review a warm fuzzy feeling. So they obssess.. "just in case".. And it still doesn't always work right (Galileo High Gain Antenna, Mars Observer Orbit insertion, Mars Polar Lander entry/descent/landing, etc.) > > Of course, after the system is perfect, someone will take it and put > it on a destroyer running Windows:) Or send you data in pounds when you expect (and the interface document says) Newtons, or you get a solar flare at just the wrong time.. Stuff happens.. _______________________________________________ time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts and follow the instructions there.
