Category: Systems

Data Interpretation

More on that subject of number crunching. I’m not so much concerned about the numerous ways and means to produce reliable statistics as the ethical factors involved in their production.

Two things. One is the importance of saying truth to power and the other the importance of seeing things as they really are rather than how you or I would like them to be.

Starting with the first. If ever it was a hard day to say this but asserting truth is not one of several options, it’s the best option.

Whatever any short-term gains there are in distorting a description of a current situation, in the longer term the truth will out. Now, that may not have always been so. It’s often said that the victors write history. That famous view had some validity when literacy was not universal or when texts were chained in church libraries. Now, information speeds through the INTERNET (and whatever its successor will be). Controlling or supressing information has become like trying to build a castle out of sugar on a rainy day.

The second factor is more troublesome and, for that matter, more difficult. It could be the tug of war between subjectivity and objectivity. What we see is so much dependent upon the observer. What we hear is conditioned by what we’ve heard in the past.

I saw this often in the interpretation of a written narrative. Aviation accidents and incidents are reported. Databases full of multivarious reports of different origins siting there waiting to be read. This is a good thing.

It’s the choice of language that shapes our understanding of past events. That can be voluminous and contradictory. It can be minimalist and ambiguous. It can have peculiar expressions or fuzzy translations. Even if reporters are asked to codify their observations, with a tick box, there remains wide margins.

The writer of a story often knows what they want to say. It might be obvious to them what happened at the time of writing. Then it’s the reader who takes that up. A text could be read years later. Read by many others. Similar stories may exist, all written up differently. Hopefully, slight variations.

Seeing things as they really are, rather than how you would like them to be, without bias, requires more than a degree of care. A great deal of care.

It’s hard enough for an enlightened and skilled analysist to take a sentence and say “yes” I know exactly what happened. Not just what but all six of these – who, what, were, when, how and why. In future, the artificial intelligence tools that get used by authorities will have the same challenge.

For all our technological wonders, it’s the writers of reports that shapes our understanding. From a couple of sentences to a massive dissertation.

Try telling that to a maintenance engineer whose last job of the day, before going home, is to file an occurrence report after a terrible day at work. In a damp hanger with a job only half done. Tomorrow’s troubles looming.

POST: Rt Rev Nick Baines and his Thought for the Day on BBC Radio 4 is thinking the same this morning. Truth is truth. In his case it’s Christian truth that he has in mind. There lies another discussion.

The Power of Numbers

If I was to give advice to a politician in power, it would go like this: numbers matter but don’t let them dictate the right course of action. Of course that’s fully loaded advice. The right course of action is subjective. That can mean expert or non-expert judgement of such a great wide range of felicity that it doesn’t bear thinking about.

For a long time, there was a mantra that organisational policy should be data driven. There’s quite a bit of wisdom in this statement as an alternative to arbitrary opinion and volatile reactivity. There’s no doubt an organisation is better off if it has a few able number crunchers.

I can recollect times when I’ve been advised to look favourably upon one way of presenting information as opposed to another way. Not that either was in error but that one way would reflect better on the management of an organisation. This is a perfect example of Lies, Damned Lies and Statistics[1]. Which is often nothing to do with lies but rather the presentation of information. Some would say manipulation.

Sacking a head of a Bureau of Statistics because the numbers their technical people produce are not favourable, well that’s one way to go. It’s the sort of action that’s take in devoutly authoritarian countries. Better not be embarrassing the higher ups at any cost.

Suddenly, I’m taken back to my “O” level history lessons. Our enthusiastic secondary school teacher who wanted us to love the Russian revolution as much as she did. It’s a fascinating but brutal period for Europe. Here I’m thinking of Stalin’s Five-Year Plans. A Russian official, in the late 1920s, would have been very unwise indeed to produce anything other than favourable statistics. However, for all the cruelty and suffering Russia did archive a rapid industrialisation.

Numbers matter. My dictum. If they are wildly inaccurate or manipulate numbers, they are worthless. Even presentational they are worthless because few will believe. Credibility is key but that’s often the issue. Who do you trust?

My domain has been aviation safety numbers. The analysis of these numbers can be of significant consequence. Going back to that data driven philosophy, if the numbers are wrong the direction of travel will be wrong. When policy making has an objective basis then it’s much easier to justify to a wide audience. There are advantages in having trustworthy numbers.

In the ideal world, a degree of independence is essential. This is so that the producers of statistics and associate information can endeavour to be accurate and unbiased. Doing this without fear or favour to any interested party can take some resolve. It’s only possible in an environment that is both inquisitive and respectful.

I say “degree of” as an observation. Just as investigators often follow the money trail, it’s as well to consider who is paying the bills. The analyst’s salaries must come from somewhere. Again, in an idea cultural environment where integrity and trust are valued, it’s not those who are funding the number crunching work that should determine (dictate) the results. Let the numbers speak.

The ideal world doesn’t exist but it’s clearly unwise to swerve away from it at speed.

[1] https://www.york.ac.uk/depts/maths/histstat/lies.htm

Why 12,500 Pounds?

Regulation is a strange business. It often means drawing lines between A and B. Bit like map making. Those lines on a map that mark out where you are and the features of the landscape. You could say that’s when all our troubles start but it’s been proven unavoidable. As soon as our vocabulary extends to words like “big” and “small” someone somewhere is going to ask for a definition. What do you mean? Explain.

For a while you may be able to get away with saying; well, it’s obvious. That works when it is obvious for all to see. An alpine mountain is bigger than a molehill. When you get to the region where it’s not clear if a large hill is a small mountain, or not then discussion gets interesting. Some say 1000 ft (about 300 m) others say much more. There’s no one universal definition.

[This week, I drove through the Brecon Beacons. Not big mountains but treeless mountains, nevertheless. Fine on a clear day but when it rains that’s a different story. This week Wales looked at its best].

Aviation progressed by both evolution and revolution. Undeniably because of the risks involved it’s a highly regulated sector of activity. Not only that but people are rightly sensitive about objects flying over their heads.

For reasons that I will not go into, I’ve been looking at one of these lines on a regulatory map. One that’s been around for a long time.

I cannot tell you how many discussions about what’s “minor” and what’s “major” that have taken place. That’s in terms of an aircraft modification. However, these terms are well documented. Digging out and crewing over the background material and rationale is not too difficult, if you are deeply interested in the subject.

The subject I’m thinking about is that difference between what is considered in the rules to be a “large” aeroplane and a “small” aeroplane. Or for any American readers – airplane. So, I set off to do some quick research about where the figure of weight limit: maximum take-off weight of 12,500 pounds or less originated for small airplanes (aeroplanes).

I expected someone to comment; that’s obvious. The figure came from this or that historic document and has stuck ever since. It seems to work, most of the time. A confirmation or dismissal that I wanted addressed the question, is the longstanding folklore story is true. That the airplane weight limit was chosen in the early 1950s because it’s half the weight of one of the most popular commercial transport aircraft of that time.

There is no doubt that the Douglas DC-3[1] is an astonishing airplane. It started flying in 1935 and there are versions of it still flying. Rugged and reliable, this elegant metal monoplane is the star of Hollywood movies as well as having been the mainstay of the early air transport system is the US. Celebrations are in order. This year is the 90th anniversary of the Douglas DC-3[2].

What I’ve discovered, so far, is that the simple story may be true. Interestingly the rational for the weight figure has more to do with economic regulation than it has with airplane airworthiness. The early commercial air transport system was highly regulated by the State in matters both economic and safety. Managing competition was a bureaucratic process.  Routes needed approval. Thus, a distinction established between what was commercial air transport and what was not.

POST 1: There is no mention of 12,500 pounds in the excellent reference on the early days of civil aviation in the US. Commercial Air Transportation. John H. Frederick PhD. 1947 Revised Edition. Published by Richard D. Irwin Inc. Chicago.

POST 2: The small aircraft definition of 12,500 pounds max certificated take-off weight first appears in US CAB SPECIAL CIVIL AIR REGULATION. Effective February 20, 1952. AUTHORIZATION FOR AIR TAXI OPERATORS TO CONDUCT OPERATIONS UNDER THE PROVISIONS OF PART 42 OF THE CIVIL AIR REGULATIONS. This was a subject of economic regulation in the creation of the air taxi class of operations.

[1] https://airandspace.si.edu/collection-objects/douglas-dc-3/nasm_A19530075000

[2] https://www.eaa.org/airventure/eaa-airventure-news-and-multimedia/eaa-airventure-news/2025-07-17_dc3_society_celebrate_90_years_douglas_dc3_airventure25

Aircraft Safety and Fuel Starvation

Unsafe. In common language it’s the opposite to being safe. So, take a definition of “safe” and reverse it. Let’s say to be safe is to be free from harm (not a good definition). That would lead to “unsafe” being subject to harm or potentially being subject to harm. The probabilistic element always creeps in since it’s the future that is of concern. Absolute safety is as mercurial or unreal as absolute certainty.

Let’s apply this to an aircraft. The ultimate harm is that of a catastrophic event from which there is no escape. Surprisingly, taking a high-level view, there are few of these situations that can occur.

Flying, and continuing to fly, involves four forces. Lift, Weight, Thrust and Drag. It’s that simple. An aircraft moves through the air with these in balance. Flying straight and level, lift opposes weight and thrust opposes drag.

Yes, there are other safety considerations. If there are people on-board. For example, it’s important to maintain a habitable environment. At higher altitudes that requirement can be demanding. Structural integrity is important too. Otherwise flying is a short-lived experience.

In the recent Air India fatal accident, the four forces of flight were not maintained so as to make a continued safe flight possible. The wings provided lift but the force that was deficient was thrust.

Two large powerful engines, either of which could have provided enough thrust, were unable to do so. The trouble being fuel starvation. Fuel starvation occurs when the fuel supply to the engine(s) is interrupted. This can happen even when there is useable fuel on board an aircraft[1].

Sadly, in the records there are numerous aircraft incidents and accidents where this has happened. Quite a few fuel starvation incidents and accidents occur because of fuel mismanagement. This can result from a pilot selecting an incorrect, or empty, fuel tank during a flight.

Now and then, it is the aircraft systems that are at fault. The pilot(s) can be misled by a faulty fuel indication system[2]. In one notable case, a major fuel leak drained the aircraft’s fuel supply[3].

When there is useable fuel on-board an aircraft, the imperative is to restart and recover. It is not uncommon or unreasonable for there to be a delay in restarting engine(s), especially when a fuel starvation event is entirely unexpected. Diagnosis takes time given the numerous potential causes of a starvation event.

In cruise flight there is time available to perform a diagnosis and take appropriate corrective action. Both take-off and landing have their hazards. Both are busy times in the cockpit. When looking at the worldwide safety numbers, less fatal accidents occur on take-off than landing. The numbers Boeing provide put take-off at 6% and landing at 24% of fatal accidents. Each one only occupies about 1% of the total flight time.

Although these are the numbers, my view is that, even though take-offs are optional and landings are mandatory, the requirements for adequate thrust are most critical during take-off. This is arguable and it reminds me that safety assessment is never simple.

[1] https://www.faa.gov/lessons_learned/transport_airplane/accidents/G-YMMM

[2] https://asn.flightsafety.org/asndb/322358

[3] https://asn.flightsafety.org/asndb/323244

Understanding Boeing 787 Avionics

In what I’ve written so far, I’ve taken the humancentric view much as most commentators. The focus of interest being on what the two Air India crew members were doing during the critical moments of this tragic flight. Let’s shift perspective. It’s time to take an aircraft level view.

On the Boeing 787-8 “Dreamliner”, the flight deck has two crew seats and two observer seats. One observer seat is directly behind and between the two crew seats. Since these observer seats are not mentioned in the preliminary report, it’s responsible to assume that they were unoccupied.

In my days working on civil aircraft certification, it was often as a part of a multidisciplinary team. I suppose one of the privileges of working on aircraft avionic systems is that they touch every part of a modern civil aircraft. That meant working with highly experienced specialist in every technical field, including flight test pilots and engineers.

When it came to reviewing aircraft system safety assessments, we’d often put it like this, you look at the aircraft from the inside out and well look at the aircraft from the outside in. Meaning that the flight test team looked at how the aircraft flew and performed. Systems engineering specialists focused on how the aircraft functioned. What was the detailed design, the means and mechanisms. It was by putting these differing perspectives together that a comprehensive review of an aircraft could be established.

Here’s where I need to be careful. Although, I worked on the technical standards1 for complex aircraft systems, I did not work on the Boeing 787 at initial certification.

If I go back 25-years, a major change that was happening with respect to aircraft systems. It was the move to apply Integrated Modular Avionics (IMA). This was a move away from federated systems, where just about every aircraft function had its own box (autopilot, autothrottles, instruments, etc.) There was a fundamental architectural difference between federated and IMA systems.

The Boeing 787 has what is called a Common Core System (CCS). As an analogy let’s think of a time before the smart phone became universal. I had a Nokia mobile phone, a Canon camera, a HP calculator, a Dell lap-top, lots of connectors and pen and paper. Now, the only one that has survived the passage of time is the pen and paper.

So, it is with modern civil aircraft. An Integrated Modular Avionics (IMA) hosts the applications that are necessary for safe flight and landing. The IMA hosts functions that provide, Environmental Control, Electrical, Mechanical, Hydraulic, Auxiliary Power Unit (APU), Cabin Services, Flight Controls, Health Management, Fuel, Payloads, and Propulsion systems.

Information is digitised (sensors, switches and alike), processed and then acted upon. General Processing Modules (GPM) inside the aircraft CCS perform the functions needed. There’s an array of these GPMs and redundancy to provide a high integrity aircraft system.

An aircraft’s Fuel Shutoff Valve Actuator depend on the above working as intended in all foreseeable circumstances. No doubt the accident investigators are undertaking an analysis of the Boeing 787 avionics architecture to gain assurance that it worked as intended.

  1. Standards: EUROCAE started a working group (Number 60) in September 2001, which was tasked to define guidance. Later, in November 2002, there was a merge with an RTCA steering committee (Number 200). ↩︎

Fuel Control Switches

I’ll not go any further than the investigation report that’s in the public domain. The Air India AI171 Boeing 787-800 Preliminary Report is published for all to read. The aircraft’s Enhanced Airborne Flight Recorder (EAFR) has been replayed. Sadly, this report raised questions as much as it closes down erroneous theories.

It warrants saying again, and again. My thoughts are with the friends and families of those affected. They deserve to know exactly what happened and as far as is possible, why. Not only that but the global travelling public need to be confident that any necessary corrective action is being taken to prevent a recurrence of such a rare fatal accident.

What requires a one or two words is one of the commonest ways we interact with electrical and electronic systems. The humble switch. In fact, they are far from humble and come in lots of shapes and sizes. The general idea is that a mechanical device, that can be manipulated with a purpose in mind, is used to control the flow of electrical current. There are non-mechanical switches, but I’ll not go there for the moment.

I remember conversations with my aircraft electrical engineering colleagues. It goes like this – you deal with the small currents (avionic systems), and we will deal with the big ones (power systems). Also, a mantra was that all electrical systems are, in part, mechanical systems. Switches, cables, generators, control valves, relays, bonding, you name it, they are in part, mechanical systems. In the past traditional electrical engineers got a but jittery when faced with “solid state” controls (semiconductors).

Switches. I’ve seen the words “cognitive engagement” used. In simpler terms, by design, pilots interact with switches with a purpose in mind. Equally, as in the world of human factors, unprotected switches can be operated in error, unintentionally or by physical force.

So, what are the chances of two protected Fuel Control Switches moving, within seconds of each other, at the most critical phase of an aircraft’s flight?

[There is a discussion to be had in respect of timing. Remember the record from the flight recorders is a sampling of events. The sampling rate maybe as low as one per second. Note: EASA AMC2 CAT.IDE.A.190.]

These cockpit switches are designed and certificated to perform as intended under specified operating and environmental conditions. That’s a wide range of vibration and temperature (shake and bake).

Switch operation is indicated by their physical position[1]. In addition, operation of these switches will be evident by cockpit indications. The concept being that a flight crew can confirm that the Fuel Control Switches have moved by their effect on the engines. If a crew need to take corrective action it is in relation to the information presented to them by the engine instrument system.

The report makes it clear that both mechanical switches transitioned from ‘RUN’ to ‘CUT-OFF’ almost immediately as the aircraft became airborne. That is a worst-case scenario. The time available to recognise and understand the situation, for training to kick-in, and then to take appropriate corrective action was insufficient.

This leads me to think that there may be a case for disabling the Fuel Control Switch function up until at least an altitude where aircraft recovery is possible. Now, these switches need to be available up until the V1 speed is achieved (Example: aborting a take-off with an engine fire). After that an aircraft is committed to becoming airborne.

I suspect the reason there is no inhibit function is the possibility of adding another potential failure condition. Inadvertent and unrecoverable disabling of ‘CUT-OFF’ are scenarios that would need to be considered. No doubt a reasonableness argument was used. No crew would shut-down both engines down immediately an aircraft became airborne, would they?

POST: I hope I haven’t given the impression that this is a case of simple switches and wires. The Boeing 787 is a digital aircraft.  Mechanical fuel technology plays its part but control functions are digital.

[1] Designs that offer switch illumination are not used in this case.

Causal Chains in Accidents

It becomes apparent to me that there’s much commonplace thinking about accidents. What I mean by this is that there’s simple mental models of how events happen that we all share. These simple models are often not all that helpful. Commonplace in that journalists and commentators use them as a default. It’s a way of communicating.

Don’t worry I’m not going on a tirade of how complex the world happens to be, with a dig in the ribs for anyone who tries to oversimplify it. We need simple mental models. Answering questions and explaining as if everything is an academic paper doesn’t help most of us.

I talk of no less than the causal chain. That’s a love of putting the details of events into a chronological sequence. For an aviation accident it might go like this – fuel gets contaminated, fuel is loaded onto aircraft, engine stops, pilot makes an emergency landing, aircraft ends up in a field and an investigation starts. The headline is dominated by the scariest part of the sequence of events. Key words like “emergency” are going to command the readers attention.

In my example above it’s reasonable to assume that there’s a relationship between each link in the chain. The sequence seems obvious. It’s easy to assume that’s the way the situation developed and thus made the accident or incident. However, it doesn’t have to be so. Let’s say there was contaminated fuel but not sufficient to stop an engine. Let’s say for entirely unrelated reasons (past events) the spluttering of the engine led the pilot to think that there was a fire on-board. Fuel was shut down. Thus, events took a different sequence.

Anyway, my point is an ancient maximum. Question what you first hear (or see). The recent tragic fatal accident in India is an example of much speculation often based on a proposed orderly sequence of events. Many commentators have lined them up as, this happened, and then that happened and then something else happened. QED.

What I’ve learned from reading and analysing accident reports over the years is that such major accidents are rarely, if ever, a simple sequence or only a couple of factors combined.

Yes, adding circumstantial factors to a causal chain adds realism. Even that is not so easy given that each factor has a different potential influence on the outcome. Atypical circumstantial factors are time of day or night, weather, atmosphere conditions and the human and organisational cultural ones.

To make sense of the need to put events in an order a more sophisticated model is the fishbone diagram[1]. The basic theme is the same. A core causal chain. What’s better is the injection of multiple factors to make a more authentic accident model.

Although, we do think in a cause-and-effect way about the world, if there are more than 4 or 5 factors combined in a random manner these models are far from authentic. My message is not so sophisticated, beware of simple sequences as being definitive.

[1] https://asq.org/quality-resources/fishbone

Managing Risk After Aircraft Accidents

Let me clarify. I can no more predict the future than is illustrated in the humour of this news report. “Psychic’s Gloucester show cancelled due to ‘unforeseen circumstances[1]‘”

Predicting the outcome of an aircraft accident investigation is just as fraught with unforeseen circumstances. For a start, the evidence base is shallow in the first weeks of an investigation. As the clock ticks so increasingly, new information either confuses or clarifies the situation.

Despite the uncertainty, aviation professionals do need to try to anticipate the findings of a formal investigation before they are published or communicated in confidence. It’s not acceptable to sit back and wait to be told what has been found.

In aviation, post-accident there is an elevation of operational risk. The trouble is that assessing that elevation is hindered by the paucity of reliable information. Equally, a proliferation of speculation can escalate risk assessments beyond what is needed. The reverse is true too.

Let’s look at the difference between commentary and speculation. One is based on evidence and the other may not be. One takes the best professional assessment and the other may be more to do with beliefs, prejudices or the latest fashionable thinking.

In reality, it’s not quite as binary. Since speculation in the financial sense may be based on a lot of calculation and risk assessment. Generally, though there is an element of a leap of faith. Opinions based upon past experiences commonly shape thinking.

Commentary on the other hand, like sports commentary is describing what’s happening based upon what’s known. Sometimes that includes one or two – what ifs. In football, that match deciding penalty that was only missed but for a small error.

Commentary includes analysis and study of past accidents and incidents. Trying to pick-up on any apparent trends or patterns is of paramount importance.

Those responsible for aircraft operations, whether they be airlines or safety regulators, need to have an immediate response. That maybe done in private. Their decision-makers need to have a theory or conjecture based on as much analysis and evidence as is available. Like it or not, the proliferation of commentary and speculation does have an impact.

In a past life, one of the actions that my team and I took was to compile a “red book” as quickly as possible post-accident. That document would contain as much reliable information as was available. Facts like aircraft registration details, a type description, people, places and organisation details that were verifiable. This was not a full explanation. It was an analysis, compilation and commentary on what had happened. The idea being that decision-makers had the best possible chance of acting in a consistent manner to reduce risk in the here and now.

[1] https://www.gloucestershirelive.co.uk/whats-on/whats-on-news/psychics-gloucester-show-cancelled-due-7250094

Enhancing Transport Safety

There’re claims that Artificial Intelligence (AI) will make transport safer. It’s to put a positive spin on the introduction of AI. Implying that existing safety deficiencies can be addressed with the power of AI.

It’s difficult to disagree with this simple assertion. There’s a list of risks that continue to be troubling. With directed design effort there are functions that AI can perform that mean it can have an advantage over conventional systems. With good design, no doubt high performing systems can be constructed.

In aviation, for example, if I consider the top five fatality risks, there’s a persistence of specific categories. We never seem to get away from loss of control in-flight (LOC-I) being high on that grim list. Runway related issues persist, and the hardy perennial of mid-air collision remains. Over the years progress has been made addressing controlled flight into terrain (CFIT), but that category of destructive events never disappears.

It’s fascinating to see that the industry thinks that AI itself is a risk[1]. High probability but low impact. This is considering a broad description of risk rather than a safety focus. Here the concern is related to the difficulties of practical implementation of this new technology.

Marketing people will big up the possibilities brought about by AI. This is what’s going on in relation to the most recent mid-air collision fatal accident. With sound justification given how crude elements of air traffic management are in specific locations.

We will never entirely displace “see and avoid” as a means of collision avoidance. Scanning the horizon looking for other air users. In my opinion, relying on this technique in relatively busy traffic areas is unwise, to say the least. This is where airborne AI assistants have much operational safety potential. Sucking up multiple information sources and processing masses of information to give accurate and instant advice. Such systems can be designed to give real-time updates not only to improve situation awareness but give avoiding action guidance, or even automated responses.

Let’s get back to the general assertion that AI will make aviation safer. On this one I’d be more cautious. For example, looking at LOC-I incidents and accidents there’s a complex mix of causal factors, and circumstantial factors. In addition, there’s the complexity of potential recovery actions too. Solving problems in 4-dimentions whatever the weather, whatever any damage incurred and however pilots react. This is where the probability numbers start to stack up.

That catch all disciplines “human factors” makes outcomes particularly difficult to calculate. Accidents are known where pilots and automation fight each other to produce bad outcomes.

AI is a machine. It will speedily crunch numbers in a mechanical manner. An extremely advanced manner but without emotion or, yet, not matching the imaginative capabilities of the human brain. Or for that matter the sophistication of human senses.

Would exceptional capable AI have saved Swissair Flight 111[2], for example? Sadly, I think not. On the day, likely an automated airborne system would have made the same decisions as the pilots. Decision making without the sense of precisely how the aircraft fire was developing would still have been hamstrung. I could raise other cases too.

Will AI make transport safer. In part. Not as a universal cure all.

[1] https://www.iata.org/en/publications/economics/reports/risks-2025-brief/

[2] https://www.bst-tsb.gc.ca/eng/rapports-reports/aviation/1998/a98h0003/a98h0003.html

Technology and Probability

Everyday numbers don’t scare me. The day, the date, the time are important and simply communicated. I can throw a couple of round numbers at anyone, and they should know what’s happening. Yes, convention does matter. Standards matter. I don’t know how, but I know some people struggle with the 24-hour clock notation.

When we get to small scales and tiny numbers, less familiarity means that it’s not so easy to communicate. To make those numbers meaningful media people like to use analogies. A common one is saying that a thing is: less than the width of a human hair. If you still have it, and I do, hair is an everyday item.

Let’s say a human hair is typically 100,000 nanometres wide. Sounds big in nanometres. That’s a tenth of a millimetre. Now, I can get a plastic ruler and visualise that size. My perception of scale depends on where I put the decimal point. Remember in SI Units a “nano” is 1 x 10-9[1]. Something to think about when seeing newspaper headlines about nanotechnology.

Visual depictions do help. Even if they can be slightly misleading when comparing dissimilar objects. Our planet, Earth is about 12,756 kilometres in diameter. So, for a bit of fun I could say the Earth is about 128 x 109 times wider than a hair on my head. Nice but not so useful. Tiny probability numbers like the range from 1 x 10-6 to 1 x 10-9 require some imagination.

It’s not such a big leap. Let’s say that I make mistakes. That said, I’m well trained at a specific simple task. Flicking a switch at the right time. My measured error rate is about 1 in 100. However hard I try, I make mistakes, not necessarily the same one, but with a reasonably quantifiable average frequency when nothing changes.

A well-designed machine, doing the same mechanical task, can do better than me. It’s measured error (or failure) rate is about 1 in 10,000. That might be considered good if it’s merely to switch on a toaster at precisely 6 am. It might not be so good if the result of a single mistake is instant death. In other words, I’ve become highly dependent on this mythical machine.

To do better, I could devise a means of checking the results of this machine. If I did this checking perfectly, entirely independently and without distraction, then experiencing a negative result might get up to a rate of one in a million. With this arrangement, I’m still not happy enough to place my life, or the lives of my colleagues in the hands of such a system.

Instead, I’ll construct two entirely independent well-designed machines, each doing the same simple task and each constantly checking the other one. Now, I’m cooking on gas, as the expression goes. Will this result in a negative outcome rate of around 1 in 1 x 108? One in a ten million. At least it’s an analysis worth doing. However, calculations may not give the result as one in a ten million. That result can hinge on the notion of what is entirely “independent”.

To make my general point here I have grossly oversimplified a problem. What I hope I have conveyed is that tiny probability numbers can be grasped without entertaining rocket science or nuclear physics. In the world of computational systems, we can make machines that are exceptionally good at performing consistently, persistently and error free. Not perfect. Not at all. Not prefect in so much as making life and death decisions.

[1] https://www.nano.gov/about-nanotechnology/just-how-small-is-nano