Tweet
Tweet

Slide 1

Slide 1 text

Andrew Godwin @andrewgodwin Programmers LEARN FROM WHAT CAN Pilots?

Slide 2

Slide 2 text

Andrew Godwin Hi, I'm Author of 1.7 Django & South migrations Senior Software Engineer at Really likes cheese FAA & EASA PPL, working on IR

Slide 3

Slide 3 text

flickr.com/photos/russss/16735398019/

Slide 4

Slide 4 text

Learning about aviation Applying lessons to coding 1 2

Slide 5

Slide 5 text

Commercial flying is very safe AIRLINES GA 0.2 11.2 CARS/TRUCKS 0.53 MOTORCYCLES 15.6 Source: 2005 Nall report, 2004 NHTSA stats, 1991-2000 FAA stats, 40mph avg. road speed (fatal accidents per million hours) General aviation is still not bad

Slide 6

Slide 6 text

Pilot Source: 2005 Nall report Mechanical Other 76% 16% 9% GA ACCIDENT CAUSES

Slide 7

Slide 7 text

COMMON CAUSES Controlled flight into terrain (CFIT) Disorientation in clouds (VFR in IMC) Bad decision making (get-there-itis)

Slide 8

Slide 8 text

WHY DO I KNOW THIS? Detailed investigation of every accident

Slide 9

Slide 9 text

HOW DOES IT HELP US? Let's look at common problems

Slide 10

Slide 10 text

Soft Failure Explicit disengage signals Covering inaccurate instruments Replacing parts at first sign of issues

Slide 11

Slide 11 text

Soft Failure Crash hard on any serious error Redundancy, not single system reliability Freedom to get rid of servers whenever

Slide 12

Slide 12 text

Noisy Warnings Limited number of warning sounds Clear, unambiguous text & speech No constant low-level warnings

Slide 13

Slide 13 text

Noisy Warnings Don't email/notify on every tiny error Choose 5 top errors, solve them first If you ignore it for a week, delete the warning

Slide 14

Slide 14 text

Poor Testing Every part tested to destruction Well known statistical limits Knowing when, not if, things fail

Slide 15

Slide 15 text

Image: © Boeing 2010

Slide 16

Slide 16 text

Poor Testing Test latency, memory issues, dodgy network and other unusual things Interactions are as important as individual units

Slide 17

Slide 17 text

Automation Reliance Tested without autopilot/instruments Plane usually advises, rarely controls Easy to see what's happening and why

Slide 18

Slide 18 text

flickr.com/photos/wkharmon/4631001766

Slide 19

Slide 19 text

Automation Reliance Don't rely on magical automatic failover Regularly practice manual recovery steps Know what your systems are doing

Slide 20

Slide 20 text

People Reliance Checklists for everything Warnings built around common assumptions Reduce workload at critical times

Slide 21

Slide 21 text

No content

Slide 22

Slide 22 text

People Reliance Checklists for releases/testing/onboarding Automate common tasks Reduce workload at critical times

Slide 23

Slide 23 text

Bad Priorities Aviate, Navigate, Communicate Minimum Equipment Lists Mayday priority

Slide 24

Slide 24 text

Minimum Equipment Quiz Passenger video screens Lavatory ashtrays Air conditioning Fuel recepticle caps Seatbelt signs Weather radar

Slide 25

Slide 25 text

Minimum Equipment Quiz Passenger video screens Lavatory ashtrays Air conditioning Fuel recepticle caps Seatbelt signs Weather radar

Slide 26

Slide 26 text

Margaret Hamilton

Slide 27

Slide 27 text

Bad Priorities What are your critical features? What can you do without? Know what you want to fix first and test most

Slide 28

Slide 28 text

Unclear Responsibility Single person always in command Others are always listened to Clear, concise communication

Slide 29

Slide 29 text

Unclear Responsibility Single person makes key decisions Others are always listened to Clear specifications and expectations

Slide 30

Slide 30 text

Blame Culture There is never a single cause of an accident Individual problems identified and addressed Blaming someone solves nothing

Slide 31

Slide 31 text

Blame Culture There is never a single cause of a problem Work back and find all of the bad factors Blaming people makes things worse

Slide 32

Slide 32 text

Deadlines Always carry extra fuel Always have an alternate Land safely rather than at the destination

Slide 33

Slide 33 text

Deadlines Don't schedule everyone at maximum Always expect unknown problems Ship good code rather than to a deadline

Slide 34

Slide 34 text

Takeaways

Slide 35

Slide 35 text

Checklists First step before automation

Slide 36

Slide 36 text

Filter unimportant errors Keep ignoring it? It's not important.

Slide 37

Slide 37 text

Pick your key features Don't worry about breaking minor stuff

Slide 38

Slide 38 text

Reward good decisions It's often not the people staying late

Slide 39

Slide 39 text

Ops are like pilots Boredom punctuated by moments of terror

Slide 40

Slide 40 text

Thanks. Andrew Godwin @andrewgodwin eventbrite.com/jobs