Originally Posted by
Dr Jekyll
There are cases were one invalid or rejected input means subsequent inputs cannot be processed properly, EG running totals or counts may ne inaccurate. Certainly in the case of a control system it's generally better to keep going, but from the developers point of view it isn't always clear whether it's a 'keep running regardless' scenario or a 'once you're on the wrong line every station is likely to be the wrong station' scenario.
So in mission critical systems it's like this - a 'car breaks down at the traffic lights, it happens, even if the car has already been checked, the traffic lights shouldn't then fail, across the entire city, and every road crossing that has to be made then has to be handled manually'. Moreover, you've got a car blocking the traffic lights now, so there's only one thing you can do, and that's reroute the traffic around the obstacle - that's a fail safe, and you normally need two of them, for fairly obvious reasons - the second route is likely to come under pressure pretty fast too. But don't ever, ever, just assume that you can push the traffic through a blocked route - that's what causes the system to crash. This has NOTHING to do with 'the chances of your car breaking down', especially, coming back to reality, when we know this issue is highly likely to be attributable to human error, ie faulty data input. And that's before adding all the military traffic and not stress testing the system properly, ever, it seems.
The key characteristics of this incident seem to be lack of competence and wishful thinking. Only saved, btw, because 'the car was eventually moved out of the way', and the only route available was restarted.