Kev writes:

At the same time: Mxsmanic, apparently they've designed FADEC to fail
without being catastrophic.

The designed-for failure modes are never a problem. The problem with
digital systems is with unforeseen failures, which usually have no
correlation with real-world constraints and are often catastrophic
failures in consequence.

You always need a way to disconnect the computer, and it has to be a
mechanical disconnection, not just an option on the screen menu.

My own personal worry is coming automobiles with totally electronic
steering and brakes. I'm sorry, even thoughI design reliable embedded
systems and I still would hate owning a car like that :-)

If you design embedded systems, you know why such a car would be
risky.

--
Transpose mxsmanic and gmail to reach me by e-mail.