[Phillipharryt]

Ok perhaps I could change that to "every working button on the shuttle will do the same thing every time I press it".

Your mention of zero gravity has brought up another consideration for me. Assuming it's a capacitive touchscreen you need to ensure no conductive material ever floats into contact with it by mistake. Switches and buttons have covers and rails to prevent accidental pressing but how do you manage that with touchscreens? Apple manages it on your phone because a false negative is ok in that case, I don't think you can allow that on a spacecraft. How is a floating glove finger differentiated from a glove actually attached to hand?

[bumby]

I don't think the "every working button" buys you much here because is could just as easily be stated as "every working touchscreen does the same thing every time I press it". The point from reliability engineering is that everything works until it doesn't. The difficulty with software systems is that they often have complexity that is tough to understand all the paths let alone test/mitigate them (see Boeing 737 Max as a recent example).

You bring up really good points on the zero gravity considerations. It would be interesting to see SpaceX's FMEA on this system to see what all they've considered.

[Phillipharryt]

?? Touchscreen interfaces almost always have contextual displays. So no touching it doesn't always do the same thing every time I press it. The space where a spacebar is on your phone is the same space that is sometimes the camera button. I think contextual design does not suit important interfaces.

[bumby]

I meant it in terms of pressing a working contextual display. I think we're saying the same thing. Software introduces many more failure pathways so it's often not suitable for primary hazard mitigation.