|
On Sun, 04 Dec 2005 21:14:45 -0500 Ernest Christley
<echristley@nc.rr.com> writes:
> Al, I think Ed alludes to the case that an individual can't actually
> determine what the hell he has once a certain level of complexity has
> been reached.
I certainly agree, as far as analyzing your risks, it is desirable to
keep it simple. The goal is to take action on risk items, not generate
formulas. Just like Ed is doing by replacing his fluid with one less
likely to ignite. That's valuable action. One of the interesting effects
of "winging it" when analyzing risk is that we easily lose perspective.
We don't necessarily take action on the high risk items. Often our
natural response to solve a problem is only marginally effective. If we
just had the discipline to estimate each of the three risk components,
we'd suddenly realize our oversight. Guess I'm preaching again, but this
is such a common problem. And we are talking life and death stuff here.
> Adding redundancy can complicate the system beyond our ability to
analyze, at
> which point it becomes a serious liability (hidden failure modes).
> Can we agree on this statement?
> Redundancy only increases reliability to the point that the designer
can
> still analyze said reliability.
I don't agree with that statement. But I think it's fine if we disagree.
My point is that redundancy yields substantially less risk. Regardless
whether you analyses it or not. I agree with you guys that there is a
limit to the number of things you can make redundant. There are lot's of
other alternatives to reduce risk. Steves "crash" had multiple causes. So
if he addresses more than one, then he is going to substantially reduce
his risk. If he just puts the connector back in place, he still has these
other causes that can bite him in the future.
So one of the causes was that he changed the wiring. That lead to
connector pulling loose. If he had originally made that wire longer, no
problem. If his wires were in a loom, no problem. If he had strain
reliefs on wiring, no problem. All of those are causes. His crash
occurred only because all of those unusual conditions were lined up in
unfavorable way.
So the goal is to take action on many of those items. So that similar
faults are less likely to occur in future. It sounds like Steve will do
that, just like Ed is taking action on his risk items. Hopefully others
of us will do the same. One of the ironies is that taking that action
also is a change to our plane. So when we do that work on the plane, we
have to force ourselves to say"Ok, I'm all done, now what problems have I
caused when doing this valuable work? " It's ironic that taking action to
reduce risk also has a risk.
regards
-al wick
Artificial intelligence in cockpit, Cozy IV powered by stock Subaru 2.5
N9032U 200+ hours on engine/airframe from Portland, Oregon
Prop construct, Subaru install, Risk assessment, Glass panel design info:
http://www.maddyhome.com/canardpages/pages/alwick/index.html
|
|