View Single Post
  #11  
Old May 28th 05, 05:09 PM
Bernd Felsche
external usenet poster
 
Posts: n/a
Default

(Matthew Russotto) writes:
>In article >,
>Bernd Felsche > wrote:
(Matthew Russotto) writes:
>>>In article .com>,
>>>Old Wolf > wrote:
>>>>Matthew Russotto wrote:
>>>>> Bernd Felsche > wrote:


>>>>> >So you get cockups like the ABS/DSC being disable when the driver
>>>>> >presses the brake pedal (too hard) and it won't reset until you
>>>>> >close all windows and shut down.


>>>>> The first part was a deliberate design decision; it was an
>>>>> attempt to fail safe. Reasonable enough,


>>>>Sorry, I'm a bit slow today. Why on earth would you want to disable
>>>>ABS when someone braked too hard ? Isn't that exactly what ABS
>>>>in passenger cars was designed for? (Avoiding brake lockup when
>>>>some moron floors the pedal because they don't know how to brake
>>>>properly).


>>>I think the engineers decided that a high reading from that
>>>particular sensor likely meant a system malfunction, not someone
>>>braking hard.


>>Sorry; that's simply not acceptable as an answer. Either the
>>"engineers" are grossly incompetent or they erred severely in
>>deciding what is a failure by being ignorant of the boundary
>>conditions. Drivers are taught to exert as much pressure as
>>possible, as quickly as possible on ABS-equipped cars for emergency
>>braking.


>My point isn't that it wasn't a mistake, but that it's not a mistake
>particular to software. The _specs_ were wrong.


That's not a valid reason. It may be an excuse but not a valid one.
Specifications shouldn't come out of thin air.

A competent Engineer would have spotted the error in the
"specification" at the beginning. And if not then, then when
checking boundary conditions. I don't work in that area of the
industry yet I know (as would any layman who's tested their skills
in a braking simulator at a motor show) that a pedal force
equivalent to 70 kg of weight is *easily* exceeded by a trained
driver in emergency braking situations.

I expect that the force could exceed 2kN. It wouldn't be a sensor
fault. The hydraulics should safely cope with resulting pressures
and still have a safety factor.

>>This discussion is about the advisability of electronic steering in
>>the real world.


>>The possibility of discontinuous behaviour of software when it
>>fails is known to be potentially catastrophic. The risk of failure
>>outweighs the assumed benefit.


>Purely mechanical systems and electromechanical systems can also
>exhibit "discontinuous behavior" when they fail.


But they typically do not "reset" themselves and conceal their
faults.

I gather that you don't subscribe to comp.risks.
--
/"\ Bernd Felsche - Innovative Reckoning, Perth, Western Australia
\ / ASCII ribbon campaign | I'm a .signature virus!
X against HTML mail | Copy me into your ~/.signature
/ \ and postings | to help me spread!
Ads