From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-0.4 required=5.0 tests=AC_FROM_MANY_DOTS,BAYES_00
	autolearn=no autolearn_force=no version=3.4.4
X-Google-Language: ENGLISH,ASCII-7-bit
X-Google-Thread: 107f24,582dff0b3f065a52
X-Google-Attributes: gid107f24,public
X-Google-Thread: 1014db,582dff0b3f065a52
X-Google-Attributes: gid1014db,public
X-Google-Thread: 109fba,582dff0b3f065a52
X-Google-Attributes: gid109fba,public
X-Google-Thread: 103376,bc1361a952ec75ca
X-Google-Attributes: gid103376,public
X-Google-ArrivalTime: 2001-08-06 07:55:54 PST
Path: 
 archiver1.google.com!newsfeed.google.com!newsfeed.stanford.edu!newsfeeds.belnet.be!news.belnet.be!psinet-eu-nl!psiuk-p4!uknet!psiuk-n!news.pace.co.uk!nh.pace.co.uk!not-for-mail
From: "Marin David Condic" <dont.bother.mcondic.auntie.spam@acm.org>
Newsgroups: comp.lang.ada,comp.lang.c,comp.lang.c++,comp.lang.functional
Subject: Re: How Ada could have prevented the Red Code distributed denial of
     service attack.
Date: Mon, 6 Aug 2001 10:42:23 -0400
Organization: Posted on a server owned by Pace Micro Technology plc
Message-ID: <9kmacg$dqr$1@nh.pace.co.uk>
References: <bebbba07.0107292308.d1192fc@posting.google.com>
 <3B687EDF.9359F3FC@mediaone.net> <GHFDJp.G7q@approve.se>
 <slrn9mi1q3.7kb.randhol+abuse@kiuk0156.chembio.ntnu.no>
 <GHGA3t.Izq@approve.se> <rqS3i3DF$uU2@eisner.encompasserve.org>
 <made-on-a-macintosh-977839-21883@usenet.l1t.lt>
 <3B6A588C.B67A9CF8@isltd.insignia.com> <9ked6d$mtr$1@nh.pace.co.uk>
 <ypTa7.3739$e%4.109795@news3.oke.nextra.no>
NNTP-Posting-Host: 136.170.200.133
X-Trace: nh.pace.co.uk 997108944 14171 136.170.200.133 (6 Aug 2001 14:42:24
 GMT)
X-Complaints-To: newsmaster@news.cam.pace.co.uk
NNTP-Posting-Date: 6 Aug 2001 14:42:24 GMT
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 5.50.4522.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
Xref: archiver1.google.com comp.lang.ada:11370 comp.lang.c:72459
 comp.lang.c++:80317 comp.lang.functional:7341
Date: 2001-08-06T14:42:24+00:00
List-Id: <comp.lang.ada>


"Tor Rustad" <torust@online.no.spam> wrote in message
news:ypTa7.3739$e%4.109795@news3.oke.nextra.no...
>
> Not quite, it's with high probability a *wrong* conclusion to assume
> simultanouse HW fault in duplicated/independent HW.
>
I don't know where you got the idea I said it was correct to assume
simultaneous HW fault in duplicated/independent HW. If anything, I was
stating that this was the *correct* design given that it is not very likely
that the sensors on *both* channels would simultaneously go bad. (If they
do, you're screwed anyway and your rocket is going in the ocean and there
isn't anything I can do about it with software.) Hence, detecting that a
sensor value is way out of any sane and reasonable range might be sufficient
grounds to shut down the bad channel and switch to the other side.

FDA is a very tricky business, so it is hard to second-guess the decisions
that were taken in this regard without full knowledge of all the hardware
and software issues. I'd be inclined to believe that the original designers
knew what they were doing in designing that FDA.

--
Marin David Condic
Senior Software Engineer
Pace Micro Technology Americas    www.pacemicro.com
Enabling the digital revolution
e-Mail:    marin.condic@pacemicro.com
Web:      http://www.mcondic.com/