Much kudos to the above posters doing real testing. Nowadays it seems to be "enough" to have the redundancy on glossy paper and when SHTF it "didnt work out - let's sue/blame!".
If one comes up with "do not push this button NOW" I'll exactly do that. Resilient systems are hard - period. Would aviation IT learn from aviation flight ops (and "crash reports"/post mortems)?
Will we ever see public reports about what exactly did happen (compare to AWS who put out a very detailled report showing they "missed" out on the human in the loop)