Monday, September 19, 2005
Why My Wife Rules
What I don't get is the requirement for having 3n+1 separate entities for true redundancy, where n is the number of possible failed entities. It seems like 2n+1 would be sufficient, and indeed, this is what I've seen in throttle-by-wire systems when redundancy (rather than just fault detection) is required. A few of us kicked this around at work and came to the same conclusion. Is it just the desire to have a supermajority of entities working properly in a mission-critical role? I'm OK with that philosophy.
UPDATE: Ah. The problem assumes that a particular defective entity doesn't always transmit the same incorrect message to all of the other entities; that is, it may "lie" to some but not all. That's why at least 2/3rds + 1 of the entities need to be functioning properly.
I wonder what the Turks think of this definition?