Linux in safety critical systems

> implying that planes don't have redundant, compartmentalized, overridable computer systems

Planes never fell out of the sky due to software problems. Even hardware issues is in low single digit percentage. Absolute majority of plane crashes is retard pilot.

telegraph.co.uk/travel/news/kevin-sullivan-qantas-flight-72-computer-failutre/
Insufficient input sanitation is a software problem.

Nowhere is says it's an input issue. And it's still a pilot problem because all planes have manual override functionality - precisely for this reason. No system is failproof, this is why manual control exists even in the highest automated systems. Not knowing how to disengage computer control is a pilot retardation.

>computers don't make planes fall out of the sky so we shouldn't bother making software as correct as possible
thank fuck you retards don't work in the aerospace industry

>Absolute majority of plane crashes is retard pilot.
Just blame the pilot he is dead anyway. No one would ever admit an engineering fault even if there is one.

Pitot tube froze over and airspeed indicator displayed nonsense, autopilot couldn't operate and disengaged. Despite this, the airplane continued level flight. Pilot pulled the stick and applied thrust, causing high speed stall. He continued to pull up in a vertical stall for the rest 4 minutes of his life. Was this plane malfunction or pilot error?

Most plane accidents are like this.

good God, why the fuck would anyone risk that
I wouldn't even want to put OpenBSD into safety critical environment

does anything beside the screens run it?

>Three years later, a report by the Australian Transport Safety Bureau found that incorrect data sent to one of the aircraft's computers had caused the nose-dives as the plane sought to correct perceived errors that did not actually exist.
The aircraft had three computers. Faulty data sent to one of the computers caused the autopilot to automatically perform shocking and faulty corrections.

The fault is in the software. Faulty input to one of three computers should cause an alarm for the pilot to deal with, rather than the plane's autopilot going nuts on its own. The plane clearly should not have performed corrective action on its own without consulting the pilots.

>planes don't fail because of software problems
>"here's an example where one did"
>haha no system is foolproof!
>it's still a pilot issue!

>Would you put your life in the hands of C?
Never. The null reference was a billion dollar mistake, even Hoare admitted it.

Why do you let Rust live rent free in your head?

Mad. This is why we have backup artificial horizon and backup altimeter. You can fly your ass without being able to see shit.

Also why you shouldn't fly LCC

You can do other kinds of error checking in C too.

C is fine until eighty people die and your company loses billions for it.

Attached: toyotaC.png (906x639, 96K)

Attached: toyotaCnile.png (909x637, 60K)

Why do you let C and user do the same?

All of these can be made to be errors, which stop the program from compiling.