X-Virus-Scanned: clean according to Sophos on Logan.com Return-Path: Received: from [24.25.9.102] (HELO ms-smtp-03-eri0.southeast.rr.com) by logan.com (CommuniGate Pro SMTP 5.0.3) with ESMTP id 863200 for flyrotary@lancaironline.net; Sun, 04 Dec 2005 21:15:32 -0500 Received-SPF: pass receiver=logan.com; client-ip=24.25.9.102; envelope-from=echristley@nc.rr.com Received: from [192.168.0.253] (cpe-066-057-036-199.nc.res.rr.com [66.57.36.199]) by ms-smtp-03-eri0.southeast.rr.com (8.12.10/8.12.7) with ESMTP id jB52EjfU016747 for ; Sun, 4 Dec 2005 21:14:46 -0500 (EST) Message-ID: <4393A295.9000001@nc.rr.com> Date: Sun, 04 Dec 2005 21:14:45 -0500 From: Ernest Christley User-Agent: Mozilla Thunderbird 1.0.2-6 (X11/20050513) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Rotary motors in aircraft Subject: Re: [FlyRotary] Re: Intersting flight References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: Symantec AntiVirus Scan Engine al p wick wrote: >On Sun, 4 Dec 2005 14:32:10 -0500 "Ed Anderson" > writes: > > >>I think the old adage KISS goes a long ways - as you know, it is >> >> >possible to > > >>decrease reliability (not to mention increasing weight and cost) by >>increasing redundancy pass a certain point - more parts to break. >> >> > >Wow, I TOTALLY disagree with above statement. But note that I define >"redundant" as having independent failure odds (same as logical "or" >circuit). We always have risk reduction with redundancy. HUGE risk >reduction, because you multiply the odds. So 1 circuit has 1 in 100 odds >of failure. 2nd independent circuit jumps the odds to 1 in 10000! That's >why they run two power leads to the ECM on OEM cars. Also multiple ground >leads. Much much safer. > >Perhaps you allude to cases where you add a second switch, but power has >to flow thru both switches for circuit to operate. In that case, yes, you >actually increase your risk. > Al, I think Ed alludes to the case that an individual can't actually determine what the hell he has once a certain level of complexity has been reached. Remember, most of us don't do failure analysis for a living. I can analize a simple system for failure modes. The simpler the bettter. Add in ten or twelve switches, and I'll have to start guessing at what I've got, and will most likely settle for a "That looks good", and move on. I do that all the time when developing software. When given a new body of code to debug or modify, my first step is to go through and remove all of the error handling and exception checking. Oh, they will go back in (I never actually save the file I cut all that stuff from), but it is just impossible to analyze something that is overly complex. Simple systems allow us (the average builder) to analyze all the possible failure modes and build in appropriate safeguards. Adding redundancy can complicate the system beyond our ability to analyze, at which point it becomes a serious liability (hidden failure modes). Can we agree on this statement? Redundancy only increases reliability to the point that the designer can still analyze said reliability. -- This is by far the hardest lesson about freedom. It goes against instinct, and morality, to just sit back and watch people make mistakes. We want to help them, which means control them and their decisions, but in doing so we actually hurt them (and ourselves)."