On Sat, Sep 15, 2018 at 9:35 PM Henry Spencer <hspencer@xxxxxxxxxxxxx> wrote:
Indeed, they have already been convinced of it once, although for
well-proven professionally-built hardware in favorable circumstances:
Sea Launch's Zenits had no separate FTS at all. Per standard Russian
practice, they had a triple-redundant guidance system, which in the event
of unresolvable disagreement, shuts down the engines -- it has happened to
a couple of Zenits. No bomb on board, no radio link. And yes, Sea Launch
being a US-registered company, they needed FAA launch licenses. However,
getting this past the FAA was undoubtedly *greatly* eased by the fact that
they were launching from very empty ocean.
Remember that there's a not-at-all-tiny firmware codebase inside the GPS
system, which needs to be considered too. (Can high-end non-consumer GPS
systems have firmware bugs? Why yes, actually, they can -- although the
only such bug I have personal experience with was nothing so dire.)
If that means it would be getting its position data from the same GPS
system the control system is using, that would worry me. For safety, you
ought to have dissimilar data sources -- ideally, one GPS and one non-GPS
source, but at the very least, two separate GPS receivers from two
different manufacturers.