| ▲ | perihelions 5 days ago | ||||||||||||||||
> "large enough machines to not OOM before markets closed for the day" Reminded of that missile defense system that was designed to be software-reset once a day, except the design assumptions changed (a war started) and it was ordered to be left running nonstop, as an emergency measure; after being left on for a week, failed, causing a large number of deaths. That one had some kind of integrator that accumulated floating-point roundoff over time. | |||||||||||||||||
| ▲ | peterfirefly 5 days ago | parent | next [-] | ||||||||||||||||
https://en.wikipedia.org/wiki/MIM-104_Patriot#Failure_at_Dha... | |||||||||||||||||
| |||||||||||||||||
| ▲ | 0xffany 5 days ago | parent | prev | next [-] | ||||||||||||||||
Also on the topic of missiles, it reminded me of Raymond Chen's classic Null Garbage Collector https://devblogs.microsoft.com/oldnewthing/20180228-00/?p=98... | |||||||||||||||||
| ▲ | mohaba 5 days ago | parent | prev | next [-] | ||||||||||||||||
Patriot missile range gate. I remember covering that in a numerical analysis class. | |||||||||||||||||
| ▲ | scottlamb 5 days ago | parent | prev [-] | ||||||||||||||||
> Reminded of that missile defense system that was designed to be software-reset once a day, except the design assumptions changed (a war started) and it was ordered to be left running nonstop, as an emergency measure I'm sure you've simplified the story, but it seems like a bit of process failure for a missile defense system to assume peacetime. There's writing software that implements the requirements, and then there's making sure the requirements are right both up front and when you really rely on them in a critical way. | |||||||||||||||||