alt Hacker NewsI thought the same, but in a deeper dive into the postmortem, I think it's not a cop out from their side. The report is actually really well done ( I personally was impressed). The reasons it probably was a bit flip is that the CPU did not have edac on it in this instance so bit flips are expected. The consensus mechanism failed in this case and that is what they are updating, because even though the module gave wrong data because of presumably bit flips, the consensus should have prevented the dive.
Replies
thegrim33 • last Saturday at 2:08 AM
Isn't a major feature of consensus algorithms for them to be tolerant to failures? Even basic algorithms take error handling into account and shouldn't be taken out by a bit flip in any one component.
I would argue that designing avionics without EDAC is negligent design by Airbus.
Most modern servers at least implement ECC on their RAM. I would expect flight electronics to be designed to a higher standard.