Category: Aviation

Exploration and Innovation

Is there a human on the planet who has never seen the Moon? I guess, there must be a small number. The Earth’s satellite comes and goes from the night sky. Its constancy can’t be denied. Lighting the way when it’s full.

Accurate measurements say that the Moon is drifting away from us. The pace is nothing to be concerned about. It’s not going to become a free flying object careering across the universe. Space 1999[1] is pure fiction. Let’s face it we haven’t even got a working Moon Base here in 2025.

What motivated humans to go to the Moon in the 1960s? The simplest answer is the explorer’s quote: because it’s there. A quote that can be applied to any difficult journey that’s being taken for the first time. It implies a human longing to explore. An insatiable desire to go where no one has gone before. That’s nice, only it’s a partial story.

Technology accelerated in the post-war era as science and engineering built upon the discoveries and inventions that conflict drove. Then the promise of peace dissolved into the Cold War. Sides arranged in immoveable ideological opposition. The technological race was on. Intense competition drove the need to be display global superiority.

Potentially destructive forces were, for once, channeled into a civil project of enormous size. The Apollo missions. The aims and objectives of which were “civil” in nature, however the resulting innovations had universal applications. Companies that made fighter jets and missiles turned their hands to space vehicles. Early rockets were adaptations of intercontinental missiles.

1969’s moon landing put down a marker in history that will be talked of in a thousand years. Putting humans on the Moon for the first time is one of the ultimate firsts. That first “small step for man” may be as important as the first Homo sapiens stepping out of Africa. A signpost pointed to what was possible.

More than five decades have gone by. Instead of looking up to the heavens we now look down to our mobile phones. Rather than applying our intelligence to exploration we strive to make machines that can surpass us. Of course this is not a true characterisation. Exploration has merely taken a different a direction.

Will humans step into the final frontier again? Yes, but not as the number one priority. Plans to return to the Moon exist. It’s the intense competition that drove the Apollo missions that is missing. The advantage of being first to establish a working Moon Base is not so overwhelming. Even this base as a stepping stone to the planet Mars is viewed as a longer term ambition.

One advantage of this century over the last is the advances in automation and robotics that have become commonplace. Modern humans don’t need to do everything with our hands. Complex machines can do much of the work that needs to be done. Footsteps on another planet can wait a while.

Enough of us continue to be amazed and inspired by space exploration. The challenge is not to achieve one goal. It’s to achieve many.

POST: I watched Capricorn One, the 1970s movie about a fake Mars mission. It could do with a remake. In many ways it is easier to fake now than it was with film and colour televisions the size of washing machines.

[1] https://www.imdb.com/title/tt0072564/

Rapid Change: Social Media’s Role

I don’t think we understand the impact our world of superfast global communication is having on human behaviour. A digital event happens with a group looking on, and gasping, and within hours it’s a talking point across great swaths of the INTERNET and social media. Worldwide in seconds.

We could be at a pivotal moment of human evolution. Every time humans have progressed there’s been something in our environment that has necessitated change. If we go back tens of thousands of years, it was the climate. People moved, searching for better prospects. When the rains disappear, migration happened. This still happens. Millions live in that time warp.

However, for those of us who live in communities where our basic needs are met, bar disasters, it’s different forces that motivate change. I say this after having watched a couple episodes of “Human[1]” a BBC series about the origins of modern humans. Billions of us fixate not on finding enough food or shelter but on scrolling.

I’m talking about a couple who got caught on camera. Obviously, they thought that their evening out at a rock concert was a private matter. It turned out to be anything but private. Suddenly these two people spark controversy and debate without any intention of doing so[2]. We live in a time where global social media can thrust a spotlight on any event, almost anywhere. The proliferation of high-definition cameras and the ease with which pictures spread has all speeded up in the last couple of decades. Any picture or video can go anywhere on Earth at lightning speed.

Past moments of human evolution never had these superfast phenomena to adapt to. Sure, we have had great steps in technology. I read that people are taller now than they were in medieval times. Industrialisation may have had downsides, but we are mostly better fed as a result.

Social media is not benign. It grabs attention, it demands an opinion, it drives rapid judgement and gets passed on to spark more cycles of comment and opinion. This conveyor-belt of comment and opinion takes on a life of its own.

There’s such a mix that it’s not always easy to determine what’s true and what’s people pushing their own certainties and prejudices. Judgements are expected to be immediate. Any appeal to caution and considered thought can be seed sown on fallow ground. Like a Vicar in an empty church.

These behaviours are being applied to the daily News and events like the recent Air India accident. Attention increases when there’s tragedy and mystery. There’s wisdom in saying that people should wait for the formal accident investigation to conclude. Only this does nothing to impede a rain forest of judgements. Real and self appointed experts fight to get their view top billing.

Maybe these are ephemeral and of no great consequence. I don’t believe that because, like it or not, decision makers are influenced by social media’s compelling nature. What this says to me is that adaptation isn’t an option it’s a necessity. Appealing to past custom and practice isn’t going to work. I don’t have an answer as to the nature of this adaptation. Sitting quietly waiting for attention to subside isn’t a good course of action.

POST: It’s kinda funny that a magazine like WIRED highlights how to dump social media. How to Delete All of Your Social Media Accounts: Instagram, X, Facebook, TikTok, and More | WIRED

[1] https://www.bbc.co.uk/iplayer/episodes/m002fc72/human

[2] https://www.nbcnews.com/tech/tech-news/astronomer-responds-coldplay-concert-kiss-cam-moment-rcna219678

Aircraft Safety and Fuel Starvation

Unsafe. In common language it’s the opposite to being safe. So, take a definition of “safe” and reverse it. Let’s say to be safe is to be free from harm (not a good definition). That would lead to “unsafe” being subject to harm or potentially being subject to harm. The probabilistic element always creeps in since it’s the future that is of concern. Absolute safety is as mercurial or unreal as absolute certainty.

Let’s apply this to an aircraft. The ultimate harm is that of a catastrophic event from which there is no escape. Surprisingly, taking a high-level view, there are few of these situations that can occur.

Flying, and continuing to fly, involves four forces. Lift, Weight, Thrust and Drag. It’s that simple. An aircraft moves through the air with these in balance. Flying straight and level, lift opposes weight and thrust opposes drag.

Yes, there are other safety considerations. If there are people on-board. For example, it’s important to maintain a habitable environment. At higher altitudes that requirement can be demanding. Structural integrity is important too. Otherwise flying is a short-lived experience.

In the recent Air India fatal accident, the four forces of flight were not maintained so as to make a continued safe flight possible. The wings provided lift but the force that was deficient was thrust.

Two large powerful engines, either of which could have provided enough thrust, were unable to do so. The trouble being fuel starvation. Fuel starvation occurs when the fuel supply to the engine(s) is interrupted. This can happen even when there is useable fuel on board an aircraft[1].

Sadly, in the records there are numerous aircraft incidents and accidents where this has happened. Quite a few fuel starvation incidents and accidents occur because of fuel mismanagement. This can result from a pilot selecting an incorrect, or empty, fuel tank during a flight.

Now and then, it is the aircraft systems that are at fault. The pilot(s) can be misled by a faulty fuel indication system[2]. In one notable case, a major fuel leak drained the aircraft’s fuel supply[3].

When there is useable fuel on-board an aircraft, the imperative is to restart and recover. It is not uncommon or unreasonable for there to be a delay in restarting engine(s), especially when a fuel starvation event is entirely unexpected. Diagnosis takes time given the numerous potential causes of a starvation event.

In cruise flight there is time available to perform a diagnosis and take appropriate corrective action. Both take-off and landing have their hazards. Both are busy times in the cockpit. When looking at the worldwide safety numbers, less fatal accidents occur on take-off than landing. The numbers Boeing provide put take-off at 6% and landing at 24% of fatal accidents. Each one only occupies about 1% of the total flight time.

Although these are the numbers, my view is that, even though take-offs are optional and landings are mandatory, the requirements for adequate thrust are most critical during take-off. This is arguable and it reminds me that safety assessment is never simple.

[1] https://www.faa.gov/lessons_learned/transport_airplane/accidents/G-YMMM

[2] https://asn.flightsafety.org/asndb/322358

[3] https://asn.flightsafety.org/asndb/323244

Understanding Boeing 787 Avionics

In what I’ve written so far, I’ve taken the humancentric view much as most commentators. The focus of interest being on what the two Air India crew members were doing during the critical moments of this tragic flight. Let’s shift perspective. It’s time to take an aircraft level view.

On the Boeing 787-8 “Dreamliner”, the flight deck has two crew seats and two observer seats. One observer seat is directly behind and between the two crew seats. Since these observer seats are not mentioned in the preliminary report, it’s responsible to assume that they were unoccupied.

In my days working on civil aircraft certification, it was often as a part of a multidisciplinary team. I suppose one of the privileges of working on aircraft avionic systems is that they touch every part of a modern civil aircraft. That meant working with highly experienced specialist in every technical field, including flight test pilots and engineers.

When it came to reviewing aircraft system safety assessments, we’d often put it like this, you look at the aircraft from the inside out and well look at the aircraft from the outside in. Meaning that the flight test team looked at how the aircraft flew and performed. Systems engineering specialists focused on how the aircraft functioned. What was the detailed design, the means and mechanisms. It was by putting these differing perspectives together that a comprehensive review of an aircraft could be established.

Here’s where I need to be careful. Although, I worked on the technical standards1 for complex aircraft systems, I did not work on the Boeing 787 at initial certification.

If I go back 25-years, a major change that was happening with respect to aircraft systems. It was the move to apply Integrated Modular Avionics (IMA). This was a move away from federated systems, where just about every aircraft function had its own box (autopilot, autothrottles, instruments, etc.) There was a fundamental architectural difference between federated and IMA systems.

The Boeing 787 has what is called a Common Core System (CCS). As an analogy let’s think of a time before the smart phone became universal. I had a Nokia mobile phone, a Canon camera, a HP calculator, a Dell lap-top, lots of connectors and pen and paper. Now, the only one that has survived the passage of time is the pen and paper.

So, it is with modern civil aircraft. An Integrated Modular Avionics (IMA) hosts the applications that are necessary for safe flight and landing. The IMA hosts functions that provide, Environmental Control, Electrical, Mechanical, Hydraulic, Auxiliary Power Unit (APU), Cabin Services, Flight Controls, Health Management, Fuel, Payloads, and Propulsion systems.

Information is digitised (sensors, switches and alike), processed and then acted upon. General Processing Modules (GPM) inside the aircraft CCS perform the functions needed. There’s an array of these GPMs and redundancy to provide a high integrity aircraft system.

An aircraft’s Fuel Shutoff Valve Actuator depend on the above working as intended in all foreseeable circumstances. No doubt the accident investigators are undertaking an analysis of the Boeing 787 avionics architecture to gain assurance that it worked as intended.

  1. Standards: EUROCAE started a working group (Number 60) in September 2001, which was tasked to define guidance. Later, in November 2002, there was a merge with an RTCA steering committee (Number 200). ↩︎

Fuel Control Switches

I’ll not go any further than the investigation report that’s in the public domain. The Air India AI171 Boeing 787-800 Preliminary Report is published for all to read. The aircraft’s Enhanced Airborne Flight Recorder (EAFR) has been replayed. Sadly, this report raised questions as much as it closes down erroneous theories.

It warrants saying again, and again. My thoughts are with the friends and families of those affected. They deserve to know exactly what happened and as far as is possible, why. Not only that but the global travelling public need to be confident that any necessary corrective action is being taken to prevent a recurrence of such a rare fatal accident.

What requires a one or two words is one of the commonest ways we interact with electrical and electronic systems. The humble switch. In fact, they are far from humble and come in lots of shapes and sizes. The general idea is that a mechanical device, that can be manipulated with a purpose in mind, is used to control the flow of electrical current. There are non-mechanical switches, but I’ll not go there for the moment.

I remember conversations with my aircraft electrical engineering colleagues. It goes like this – you deal with the small currents (avionic systems), and we will deal with the big ones (power systems). Also, a mantra was that all electrical systems are, in part, mechanical systems. Switches, cables, generators, control valves, relays, bonding, you name it, they are in part, mechanical systems. In the past traditional electrical engineers got a but jittery when faced with “solid state” controls (semiconductors).

Switches. I’ve seen the words “cognitive engagement” used. In simpler terms, by design, pilots interact with switches with a purpose in mind. Equally, as in the world of human factors, unprotected switches can be operated in error, unintentionally or by physical force.

So, what are the chances of two protected Fuel Control Switches moving, within seconds of each other, at the most critical phase of an aircraft’s flight?

[There is a discussion to be had in respect of timing. Remember the record from the flight recorders is a sampling of events. The sampling rate maybe as low as one per second. Note: EASA AMC2 CAT.IDE.A.190.]

These cockpit switches are designed and certificated to perform as intended under specified operating and environmental conditions. That’s a wide range of vibration and temperature (shake and bake).

Switch operation is indicated by their physical position[1]. In addition, operation of these switches will be evident by cockpit indications. The concept being that a flight crew can confirm that the Fuel Control Switches have moved by their effect on the engines. If a crew need to take corrective action it is in relation to the information presented to them by the engine instrument system.

The report makes it clear that both mechanical switches transitioned from ‘RUN’ to ‘CUT-OFF’ almost immediately as the aircraft became airborne. That is a worst-case scenario. The time available to recognise and understand the situation, for training to kick-in, and then to take appropriate corrective action was insufficient.

This leads me to think that there may be a case for disabling the Fuel Control Switch function up until at least an altitude where aircraft recovery is possible. Now, these switches need to be available up until the V1 speed is achieved (Example: aborting a take-off with an engine fire). After that an aircraft is committed to becoming airborne.

I suspect the reason there is no inhibit function is the possibility of adding another potential failure condition. Inadvertent and unrecoverable disabling of ‘CUT-OFF’ are scenarios that would need to be considered. No doubt a reasonableness argument was used. No crew would shut-down both engines down immediately an aircraft became airborne, would they?

POST: I hope I haven’t given the impression that this is a case of simple switches and wires. The Boeing 787 is a digital aircraft.  Mechanical fuel technology plays its part but control functions are digital.

[1] Designs that offer switch illumination are not used in this case.

Causal Chains in Accidents

It becomes apparent to me that there’s much commonplace thinking about accidents. What I mean by this is that there’s simple mental models of how events happen that we all share. These simple models are often not all that helpful. Commonplace in that journalists and commentators use them as a default. It’s a way of communicating.

Don’t worry I’m not going on a tirade of how complex the world happens to be, with a dig in the ribs for anyone who tries to oversimplify it. We need simple mental models. Answering questions and explaining as if everything is an academic paper doesn’t help most of us.

I talk of no less than the causal chain. That’s a love of putting the details of events into a chronological sequence. For an aviation accident it might go like this – fuel gets contaminated, fuel is loaded onto aircraft, engine stops, pilot makes an emergency landing, aircraft ends up in a field and an investigation starts. The headline is dominated by the scariest part of the sequence of events. Key words like “emergency” are going to command the readers attention.

In my example above it’s reasonable to assume that there’s a relationship between each link in the chain. The sequence seems obvious. It’s easy to assume that’s the way the situation developed and thus made the accident or incident. However, it doesn’t have to be so. Let’s say there was contaminated fuel but not sufficient to stop an engine. Let’s say for entirely unrelated reasons (past events) the spluttering of the engine led the pilot to think that there was a fire on-board. Fuel was shut down. Thus, events took a different sequence.

Anyway, my point is an ancient maximum. Question what you first hear (or see). The recent tragic fatal accident in India is an example of much speculation often based on a proposed orderly sequence of events. Many commentators have lined them up as, this happened, and then that happened and then something else happened. QED.

What I’ve learned from reading and analysing accident reports over the years is that such major accidents are rarely, if ever, a simple sequence or only a couple of factors combined.

Yes, adding circumstantial factors to a causal chain adds realism. Even that is not so easy given that each factor has a different potential influence on the outcome. Atypical circumstantial factors are time of day or night, weather, atmosphere conditions and the human and organisational cultural ones.

To make sense of the need to put events in an order a more sophisticated model is the fishbone diagram[1]. The basic theme is the same. A core causal chain. What’s better is the injection of multiple factors to make a more authentic accident model.

Although, we do think in a cause-and-effect way about the world, if there are more than 4 or 5 factors combined in a random manner these models are far from authentic. My message is not so sophisticated, beware of simple sequences as being definitive.

[1] https://asq.org/quality-resources/fishbone

Managing Risk After Aircraft Accidents

Let me clarify. I can no more predict the future than is illustrated in the humour of this news report. “Psychic’s Gloucester show cancelled due to ‘unforeseen circumstances[1]‘”

Predicting the outcome of an aircraft accident investigation is just as fraught with unforeseen circumstances. For a start, the evidence base is shallow in the first weeks of an investigation. As the clock ticks so increasingly, new information either confuses or clarifies the situation.

Despite the uncertainty, aviation professionals do need to try to anticipate the findings of a formal investigation before they are published or communicated in confidence. It’s not acceptable to sit back and wait to be told what has been found.

In aviation, post-accident there is an elevation of operational risk. The trouble is that assessing that elevation is hindered by the paucity of reliable information. Equally, a proliferation of speculation can escalate risk assessments beyond what is needed. The reverse is true too.

Let’s look at the difference between commentary and speculation. One is based on evidence and the other may not be. One takes the best professional assessment and the other may be more to do with beliefs, prejudices or the latest fashionable thinking.

In reality, it’s not quite as binary. Since speculation in the financial sense may be based on a lot of calculation and risk assessment. Generally, though there is an element of a leap of faith. Opinions based upon past experiences commonly shape thinking.

Commentary on the other hand, like sports commentary is describing what’s happening based upon what’s known. Sometimes that includes one or two – what ifs. In football, that match deciding penalty that was only missed but for a small error.

Commentary includes analysis and study of past accidents and incidents. Trying to pick-up on any apparent trends or patterns is of paramount importance.

Those responsible for aircraft operations, whether they be airlines or safety regulators, need to have an immediate response. That maybe done in private. Their decision-makers need to have a theory or conjecture based on as much analysis and evidence as is available. Like it or not, the proliferation of commentary and speculation does have an impact.

In a past life, one of the actions that my team and I took was to compile a “red book” as quickly as possible post-accident. That document would contain as much reliable information as was available. Facts like aircraft registration details, a type description, people, places and organisation details that were verifiable. This was not a full explanation. It was an analysis, compilation and commentary on what had happened. The idea being that decision-makers had the best possible chance of acting in a consistent manner to reduce risk in the here and now.

[1] https://www.gloucestershirelive.co.uk/whats-on/whats-on-news/psychics-gloucester-show-cancelled-due-7250094

Impact of Speculation

The sadness of the loss of live and the suffering of air crash victims’ families, must be respected. On 12th June, Air India’s London Gatwick bound flight AI171 crashed after take-off from Ahmedabad airport. Only one passenger walked away from this catastrophe. Additionally, there were fatalities on the ground as the Boeing 787 aircraft came down in a built-up area.

My heartfelt condolences to those connected with this tragic fatal accident.

The technical accident investigation is well underway. In time, a probable cause for this accident will be determined. This will be published and available to all. As per the international arrangements of ICAO Annex 13 a report will be published. Organisations, with appropriate expertise, will carefully sift through the evidence to establish a sequence of events. This is not a matter of establishing blame. It’s a process of determining what happened with the aim of preventing it from happening again.

Meanwhile, the widespread reporting of the accident can only offer speculation as to the details of who, what, where, when and how and why. There are facts. The time, place and the people involved. Media interviews, with whatever pictures and video recording there are dominate the public domain. However, this is far from the volume of information the accident investigators will handle. They will have access to every nut and bolt, every document, every recording.

After another aircraft accident, back in August last year I wrote: Speculation is a natural human response. When faced with a paucity of information we often put together what we know and then make a best guess as to what happened or what might happen. However, wise or unwise it’s not possible to stop speculation.

In the case of flight AI171 the global media speculation has been, and is, of a new order of magnitude. Normally, the authorities caution against giving too much weight to early conjecture. This is prudent in that the obvious is often not as obvious as it might first seem. Accident investigation can be like putting the pieces of a complex jigsaw together. Deliberately and with great care.

What has been surprising in this case is the intensity of the speculation related to this accident both through traditional and social media. The proliferation of experts offering opinions has reached a new high. Until conflict and war grabbed the headlines everyday a novel theory, or a variation of a theory has been offered. Each one chasing credibility and expanding on limited sources.

Let’s not be pious. I’m not immune from this need to fill a void. My own reasonably well-informed theories float around in my head, but I question my senses in sharing them with others. It’s not a fear of being wrong, as I might be, no, more a fear of cluttering up a confusing mass of information to an even greater extent. Piling theories on top of theories.

Can we have too much of “experts” offering their opinions? Some will be trustworthy and considered, and others will not. How far is it reasonable to stretch what little is known into detailed stories of possible cause and effect?

How is the average person going to tell the difference between sound reasoning and imaginative nonsense? This problem was brought home to me in a recent conversation. When a newspaper revelation is told to me as a “fact” when I know it isn’t, then I see the dangers in excessive speculation.

This may not matter so much to me. In so far as it affects me. However, to an air crash victims’ family this not considerate. To be led to thinking that the cause of an accident is generally known, when it isn’t, that’s disrespectful. It’s the downside of speculation. Not something that is ever going to stop, it’s true. What some keyboard warriors need to think about is the impact of their wild guesses or prejudices.

POST 1: Even reputable publishers latch on to theories that are at best well intentioned and at worse just flying a kite. Air India crash: Early speculation points to possible dual-engine failure | Engineering and Technology Magazine

POST 2: To be fair this YouTube commentator does a good job at making it clear what is fact and what is not https://youtu.be/dIgnR0zw3FU

Enhancing Transport Safety

There’re claims that Artificial Intelligence (AI) will make transport safer. It’s to put a positive spin on the introduction of AI. Implying that existing safety deficiencies can be addressed with the power of AI.

It’s difficult to disagree with this simple assertion. There’s a list of risks that continue to be troubling. With directed design effort there are functions that AI can perform that mean it can have an advantage over conventional systems. With good design, no doubt high performing systems can be constructed.

In aviation, for example, if I consider the top five fatality risks, there’s a persistence of specific categories. We never seem to get away from loss of control in-flight (LOC-I) being high on that grim list. Runway related issues persist, and the hardy perennial of mid-air collision remains. Over the years progress has been made addressing controlled flight into terrain (CFIT), but that category of destructive events never disappears.

It’s fascinating to see that the industry thinks that AI itself is a risk[1]. High probability but low impact. This is considering a broad description of risk rather than a safety focus. Here the concern is related to the difficulties of practical implementation of this new technology.

Marketing people will big up the possibilities brought about by AI. This is what’s going on in relation to the most recent mid-air collision fatal accident. With sound justification given how crude elements of air traffic management are in specific locations.

We will never entirely displace “see and avoid” as a means of collision avoidance. Scanning the horizon looking for other air users. In my opinion, relying on this technique in relatively busy traffic areas is unwise, to say the least. This is where airborne AI assistants have much operational safety potential. Sucking up multiple information sources and processing masses of information to give accurate and instant advice. Such systems can be designed to give real-time updates not only to improve situation awareness but give avoiding action guidance, or even automated responses.

Let’s get back to the general assertion that AI will make aviation safer. On this one I’d be more cautious. For example, looking at LOC-I incidents and accidents there’s a complex mix of causal factors, and circumstantial factors. In addition, there’s the complexity of potential recovery actions too. Solving problems in 4-dimentions whatever the weather, whatever any damage incurred and however pilots react. This is where the probability numbers start to stack up.

That catch all disciplines “human factors” makes outcomes particularly difficult to calculate. Accidents are known where pilots and automation fight each other to produce bad outcomes.

AI is a machine. It will speedily crunch numbers in a mechanical manner. An extremely advanced manner but without emotion or, yet, not matching the imaginative capabilities of the human brain. Or for that matter the sophistication of human senses.

Would exceptional capable AI have saved Swissair Flight 111[2], for example? Sadly, I think not. On the day, likely an automated airborne system would have made the same decisions as the pilots. Decision making without the sense of precisely how the aircraft fire was developing would still have been hamstrung. I could raise other cases too.

Will AI make transport safer. In part. Not as a universal cure all.

[1] https://www.iata.org/en/publications/economics/reports/risks-2025-brief/

[2] https://www.bst-tsb.gc.ca/eng/rapports-reports/aviation/1998/a98h0003/a98h0003.html

Technology and Probability

Everyday numbers don’t scare me. The day, the date, the time are important and simply communicated. I can throw a couple of round numbers at anyone, and they should know what’s happening. Yes, convention does matter. Standards matter. I don’t know how, but I know some people struggle with the 24-hour clock notation.

When we get to small scales and tiny numbers, less familiarity means that it’s not so easy to communicate. To make those numbers meaningful media people like to use analogies. A common one is saying that a thing is: less than the width of a human hair. If you still have it, and I do, hair is an everyday item.

Let’s say a human hair is typically 100,000 nanometres wide. Sounds big in nanometres. That’s a tenth of a millimetre. Now, I can get a plastic ruler and visualise that size. My perception of scale depends on where I put the decimal point. Remember in SI Units a “nano” is 1 x 10-9[1]. Something to think about when seeing newspaper headlines about nanotechnology.

Visual depictions do help. Even if they can be slightly misleading when comparing dissimilar objects. Our planet, Earth is about 12,756 kilometres in diameter. So, for a bit of fun I could say the Earth is about 128 x 109 times wider than a hair on my head. Nice but not so useful. Tiny probability numbers like the range from 1 x 10-6 to 1 x 10-9 require some imagination.

It’s not such a big leap. Let’s say that I make mistakes. That said, I’m well trained at a specific simple task. Flicking a switch at the right time. My measured error rate is about 1 in 100. However hard I try, I make mistakes, not necessarily the same one, but with a reasonably quantifiable average frequency when nothing changes.

A well-designed machine, doing the same mechanical task, can do better than me. It’s measured error (or failure) rate is about 1 in 10,000. That might be considered good if it’s merely to switch on a toaster at precisely 6 am. It might not be so good if the result of a single mistake is instant death. In other words, I’ve become highly dependent on this mythical machine.

To do better, I could devise a means of checking the results of this machine. If I did this checking perfectly, entirely independently and without distraction, then experiencing a negative result might get up to a rate of one in a million. With this arrangement, I’m still not happy enough to place my life, or the lives of my colleagues in the hands of such a system.

Instead, I’ll construct two entirely independent well-designed machines, each doing the same simple task and each constantly checking the other one. Now, I’m cooking on gas, as the expression goes. Will this result in a negative outcome rate of around 1 in 1 x 108? One in a ten million. At least it’s an analysis worth doing. However, calculations may not give the result as one in a ten million. That result can hinge on the notion of what is entirely “independent”.

To make my general point here I have grossly oversimplified a problem. What I hope I have conveyed is that tiny probability numbers can be grasped without entertaining rocket science or nuclear physics. In the world of computational systems, we can make machines that are exceptionally good at performing consistently, persistently and error free. Not perfect. Not at all. Not prefect in so much as making life and death decisions.

[1] https://www.nano.gov/about-nanotechnology/just-how-small-is-nano