[graderjs]

Then I'm wondering how a mobile phone could pose such a threat to an aircraft. I imagine this sort of storm would cook their instruments, or at least make them go crazy for a while, and likely induce corruption in their digital systems. As we saw with bad software in 737 max control, trouble in those systems can down craft, i think you're underestimating the risk.

There's more info on aviation affects here https://www.skybrary.aero/index.php/Impact_of_Space_Weather_...

[cpgxiii]

Mobile phones don't. There are practical and political reasons for not allowing phone use, but meaningful risk to the safety of flight is not one of them.

Instruments are fine, what could suffer problems are RF receivers (radio, radar, GNSS) but outside of interference during the event and the potential need to reboot problematic equipment, the critical instruments (pitot-static, accelerometers and gyros) aren't particularly exposed. In terms of effects to the aircraft systems directly, all that article mentions are upset events, and those are already a design consideration.

The 737-Max story came about specifically because it was not a FBW aircraft and not designed as such with sufficiently redundant systems. The safety case was that crews could disable the system if it misbehaved, rather than it being essential for flight like a real FBW system would be.

[graderjs]

Cool, that's good to know, thanks. What's your background on this that makes you qualified to answer with certainty? Also what are political reasons for no phones on flights?

[cpgxiii]

Background in electrical engineering, presently in robotics research, and a strong interest in avionics. The concerns that commercial aircraft face are shared with basically every other self-propelled electromechanical system (planes, cars, robots, spacecraft). Insufficient care in hardening these systems has resulted in (likely) fatalities before - evidence suggests that at least some of Toyota's "unintended acceleration incidents" were caused by cosmic-ray upsets in ECUs that weren't sufficiently redundant. Note that upsets are well enough understood for SpaceX to fly using redundant aerospace processors rather than the traditional radiation-hardened processors.

The political reasons are that no one wants a plane full of people talking on their phones and further distracted from listening to the safety briefing and flight crew instructions. Airlines don't want it and passengers don't want it. People do want network access on planes, which is widely available albeit slow. The only sincere technical concerns involve legacy radio equipment (ILS and glideslope), but I'm not aware of any demonstrated interference issues. Plenty of cases of interference from someone parking a large truck or 747 in front of the ILS antenna, though.

[graderjs]

Cool, thanks for that. I really appreciate your time on this. It's rare to find a real expert amongst all the speculators (of which for most topics I am one) here. :)

How many redundant processors do you need per one "effective" processor you can count on for a typical SpaceX launch?

[cpgxiii]

The simple answer is you need at least three to identify and recover from a single failure, five for two simultaneous failures, and so on (generally assuming failures can be recovered from automatically by rebooting the failed controller). Depending on the planned exposure, you can estimate the probability of upset events and thus the likelihood of multiple failures within the failure->reboot time interval and pick the number of computers accordingly. Radiation exposure depends on altitude - low-earth orbits outside of the Van Allen belts are fairly low due to protection from the Earth's magnetic field, while trips to other planets must be more hardened (either via shielding, significantly greater redundancy, or rad-hard circuit design).

The most difficult part, historically, is ensuring no single point of failure in a redundant system. Put three computers on a single bus, and it's likely each of the three bus transceivers could cause a complete system failure (so you've tripled the failure rate). In some systems like aircraft FBW, each of the controllers has its own connection to the actuators and its own actuator. The computers are connected to each other to detect if each other have failed, but as a fallback the control surface and actuators are designed so that two good actuators can physically overpower a bad actuator, and this ensures that the mechanical coupling doesn't become the failure point.

[graderjs]

Thanks this is really interesting. It makes sense about how to calculate how many processors you'd need based on the time and upset frequency. Really appreciate your answers! :)