|
||||||||||
|
Geoffrey Landis
Continuing the line of thought about computers, the shuttle runs three identical computers, with the output states compared at each calculation. If one is at odds with the other two, this is flagged to the pilot's attention, so the pilot can take that one off-line.
Originally the computers were supposed to take off-line the one that was wrong, but the astronauts very energetically informed the shuttle designers that they did not want to fly a shuttle where the computers can shut themselves off.
In addition to this, there is a 4th computer ready as a back-up if one of the three is turned off.
In addition to that, there is a different backup computer, with different hardware and independently-written software that can be put on-line in case of a problem which is generic to type. All of this with 1976 technology! (upgraded since the first flights, though)
We might want to think about how much backup we want. With current technology, shuttle-level backup won't incur a heavy mass penalty, and the extra spare processing power will always be useful when not in a failure mode.
|
|
|