For novel ideas about building embedded systems (both hardware and firmware), join the 40,000+ engineers who subscribe to The Embedded Muse, a free biweekly newsletter. The Muse has no hype and no vendor PR. Click here to subscribe.

By Jack Ganssle

Expectations of Perfection

Published 9/05/2003

It was a horrible. Traffic lights stopped working. At Starbucks the lattes cooled. And when the cell phones went out drivers were left with nothing to do but. drive.

It was wonderful. New Yorkers were nice to each other, gave strangers rides home. There was no looting. The people had a snow day in August, a crisis that turned into a chance to get out of the house and meet the neighbors.

Seems to me the system might be a bit over-designed. One failure in 25 years? That's astonishing, a phenomenal record.

Talking heads might claim we need a more reliable grid, but they're spouting nonsense. If it is indeed necessary to update the system, "more reliable" isn't a valid engineering specification. What are the numbers? Is one failure per decade acceptable? Once a century? We engineers can build systems of astonishing reliability. but is the public willing to foot the cost?

A better system might need more redundancy; do you want that extra power plant in your back yard? How much pollution will we tolerate. especially now that older power plants will be exempted from certain emissions regulations?

My dad worked on the F-11F in the 1950s. When the hydraulic test jig couldn't break the tail assembly the Navy complained mightily because the aircraft was too strong. Engineers all, they understood that excessive strength meant too much weight and reduced speed, altitude and fuel range. The World Trade Center was designed to withstand 140 knot winds, not those of infinite velocity. Offshore drilling rigs are typically good for 100 foot waves, not the eye-popping but utterly unrealistic monsters in The Perfect Storm. Perfection is rarely a design goal.

Engineering is the art of managing compromises. Make it strong enough but don't degrade performance. Build a reliable system, but at an acceptable cost.

Some complain that the power failure compromised certain critical services, yet it seems most hospital ICUs et al had their own emergency backups. It's foolish to make the entire grid perfectly reliable for the few who cannot stand an interruption. Just as centralized mainframes gave way to distributed servers, critical users should have their own local UPSes or generators. That's cheaper overall and more dependable, since a minor tree fall might have no impact on the grid yet yank the plug for a cluster of houses or buildings.

There's a certain social value to the occasional failure, as well. They remind us just how dependent we are on a steady flow of electrons. Kids are astonished at all of the things that no longer work when that stream disappears.

And maybe each of us has a responsibility to conserve, a much cheaper route than replacing the grid. Replace those incandescents with low-power long-lived compact fluorescent bulbs (http://www.pulsarlamps.com/html_en/product_01_001.asp?cat=CFS). They're only about 5 bucks and last nearly forever. Notch up the A/C temperature a bit. Unplug those thieving wall transformers when you're not charging the phone, drill, or laptop. Turn the computer off for the night.

My hat is off to those engineers who have built a system that powers every bit of our lives, with astonishing reliability.