|
|
|
|
|
|
by pdpi
1642 days ago
|
|
|
> "systematically safe in the presence of failure". And even then, you still need to define "safe". Imagine a lock powered by an electromagnet. What happens if you lose power? The safety-first approach is almost always for the unpowered lock to default to the open state — allow people to escape in case of emergency. Conversely, the security-first approach is to keep the door locked — nothing goes in or out until the situation is under control. A more complex solution is to design the lock to be bistable. During operating hours when the door is unlocked, failure keeps it unlocked. Outside operating hours, when the door is set to locked, it stays locked. The common factor with all these scenarios is that you have a failure mode (power outage), and a design for how the system ensures a reasonable outcome in the face of said failure. |
|
|