I was just reading this article about the Airbus A380 that had an engine blow up (they landed safely), and this quote from the interview caught my eye:
“…the fuel dumping system had failed and we were about 50 tonnes over our maximum landing weight. In the Airbus and the A380 we don’t carry performance and landing charts, we have a performance application. Putting in the ten items affecting landing performance on the initial pass, the computation failed. It gave a message saying it was unable to calculate that many failures.”
I’m a little humbled by that statement; in my life as a web developer, I think the general approach to error correction has been “if that many things go wrong at once, reboot the server and start polishing your resume.” This is a great illustration of the need to properly consider failure modes when designing software–and to be aware of the consequences! Kind of hard to reboot an airplane…