@safe/DIP1028 explained in meme form

[Adam D. Ruppe]

On Thursday, 28 May 2020 at 22:54:07 UTC, Andrei Alexandrescu 
wrote:
> We need a few more folks of Walter's caliber. Whom we don't 
> have.

Let's, for sake of argument, assume this is true.

> he is just like anyone liable to make mistakes.

Indeed.

'nuff said, argument destroyed.


But let me expand anyway: Walter likes to talk about aviation 
safety. A big part of that is remembering that all parts fail and 
you need to make sure that a failed part isn't a disaster that 
brings the airplane down. Right now we are very reliant on 
perfect parts. A cheap way to improve this is redundancy - 
engineering a 99.9% safe part is an enormous challenge, but 
having two separate parts each 90% safe with a system that can 
survive any one of them failing gives you that same 99.9% 
reliability.

One of the important aspects of designing this system is ensuring 
the backup system isn't linked to the primary system. Walter has 
described how Boeing had two independent teams with a third team 
just making sure the other two hadn't coincidentally came up with 
the same conclusion or otherwise shared a failure mode.

We might not be able to achieve excellence in individual parts. 
But we ought to be able to design a system that's greater than 
the whole of its parts. A big part of that is redundancy, yes, 
but it is also important to have variety, so the backup part 
doesn't have the same failure characteristics as the primary.

We shouldn't be looking for two Walters. (well ok, having two 
Walters would be pretty cool. but not for this purpose). We need 
diversity here. It is OK to make mistakes, but if the SAME 
mistake is made at the same time, we haven't gained anything.