Prev: ready to run 32bit controller
Next: ARM7
From: D Yuniskis on 7 Jun 2010 22:18
Hi George,

George Neuner wrote:
> On Mon, 07 Jun 2010 12:39:54 -0700, D Yuniskis
> <not.going.to.be(a)seen.com> wrote:
>
>> Can anyone spell "Therac"?
>
> In my sleep. I once threatened to quit a project when the customer
> demanded the software monitor solvent tank levels to prevent both
> running dry and overflow spillage. I demanded hardware interlocks
> shut down the machine if either situation were imminent.
>
> It wasn't that software couldn't handle the situation - it could have

Yeah, but software is more "brittle" than "wires and switches".

> easily. The issue was that the solvent was dangerous and I didn't
> want to have liability in the event of a spill. Also a factor was
> that this project already needed FDA certification and I didn't want
> to deal with EPA reviews on top of that. The hardware wasn't my
> department so all I had to do was write a letter saying there was no
> software responsibility for solvent handling.

I worked on automating a tablet press. Several tons of moving
iron (e.g., 10HP motor to spin the thing). Capable of exerting
forces measured in many tons. Lift a "guard" and lose a finger
in a few ohnoseconds.

Software could read the switches just as a *courtesy*
to the user (i.e., to tell him *which* guard is open).
Always rely on the least corruptible technology for
safety!

Same reason an "emergency brake" is little more than a
cable!
First  |  Prev  | 
Pages: 1 2 3 4 5 6 7 8
Prev: ready to run 32bit controller
Next: ARM7