Originally Posted by
Lead Balloon
Disconnect and reconnect power at least once every 120 days, but maybe it should be every 25 days.
It's as if the writing of and functioning of software in aircraft systems isn't the subject of standards. If only software engineers could anticipate the remote possibility that the software they design will be running continuously in hardware that doesn't take a coffee break.
Actually, sometimes it turns out the hardware does need more than a coffee break. I've come across types of RAM on Avionic Systems that can be upset by radiation, and while you can detect it via a fragmented Periodically - scheduled full RAM test, it cannot be cleared through any reset except by a Vcc power down. I've seen products where the customer-sourced hardware contains a register that can count to a finite limit before rolling over, that means either you have a maintenance action to cycle power or accept that at some point soft "Invalid Data" is flagged at counter roll-over and ideally the data consumer switches to a different data source, or no data is available, depending on the system design and integrity.
There is another aspect that rarely seems to get fairly assessed: In my experience, Power-up Cold Start BIT is often when the most rigorous on-aircraft LRU (Line Replaceable Unit) testing can be done (often while outputs are isolated). It strikes me as sensible that this should be run at intervals, at a convenient time (with the aircraft parked), in order to establish the integrity of the LRUs, rather than just relying on the continued apparent good performance of the bits of a system that remain running indefinitely, although if designed well, that should also offer high degrees of assurance about the LRU system integrity, but that cannot cover all cases. For example, during Cold Start BIT, one may check the internal 28V Power Supply hold up capacitance, something which may not be possible at other times, but may be important to confirm that the LRU can still meet the power-interrupt play-through period. Besides, a lot of work goes into developing Power-up Cold Start BIT, so it is heartening for the software engineers, etc., etc., to know that it is being exercised more often than once in a blue moon.
From a crew perspective, any time there is a maximum system reset interval, I hope that either the system makes it clear that that event horizon is approaching, in a suitable timely manner, or that the crew are able to independently conform that the maintenance action has been carried out in the recent past. I hate being asked to trust that something on which lives may depend has been done, but in some circumstances, that is what we have to do.
Just food for thought...