If your system requires 100% perfection from all of its subcomponents, it is a shitty, fragile system. Robust systems can be made of parts with known failure rates.
This this this. I really see this as the core of my job, career even. Build reliable systems out of unreliable parts. Hardware fails, software has bugs, people have bad days. Yet we still make insanely reliable stuff.
Until you actually launch the missile, it should be ok to do nothing.
People will invariably fuck up. The system needs affordences to handle those inevitablys. Ideally a drunk commander shouldn't matter, matter much anyway.
Accidentally launching a missile is pretty hard and I'm confident that we have enough safeguards against that. I'm not so sure we have enough safeguards against terrorists stealing nuclear weapons (or the essential components for making one). You only need somebody with motive and motivation, and a mistake by pair of truck drivers. It's fairly hard to make a reliable system out of that failure mode.
Very much this: A system should be designed with the mindframe that the user won't be at 100%. Especially this, weirdly - because in a time of crisis, folks might not be at 100% even though they should be.
Its why some things just won't work unless put together just right - to account for people's mistakes. It'd make sense for a submarine to refuse to dive if the seals aren't sealed, for example. I'd think there would be something that could be applied even for this.
That sounds very good, but now here are your real-world constraints.
You have a network of detection systems which you give you (optimistically) 15-40 minutes of warning before everything and everyone you've ever known and cared about ends. In that time you have to make the decision to launch a counter-attack. Your decision needs to be something which can be rapidly acted upon, but also needs to be something that absolutely cannot be interfered with by any adversary launching the first strike. If you delay, your ability to counterattack will be forever lost. If you're wrong, you'll be setting off Armageddon.
In theory sure, but point me to the long-term practice of making it actually work. In practice, nuclear weapons have been subject to obvious and critical fuck-ups.
jfoutz|9 years ago
Until you actually launch the missile, it should be ok to do nothing.
People will invariably fuck up. The system needs affordences to handle those inevitablys. Ideally a drunk commander shouldn't matter, matter much anyway.
wongarsu|9 years ago
Broken_Hippo|9 years ago
Its why some things just won't work unless put together just right - to account for people's mistakes. It'd make sense for a submarine to refuse to dive if the seals aren't sealed, for example. I'd think there would be something that could be applied even for this.
M_Grey|9 years ago
You have a network of detection systems which you give you (optimistically) 15-40 minutes of warning before everything and everyone you've ever known and cared about ends. In that time you have to make the decision to launch a counter-attack. Your decision needs to be something which can be rapidly acted upon, but also needs to be something that absolutely cannot be interfered with by any adversary launching the first strike. If you delay, your ability to counterattack will be forever lost. If you're wrong, you'll be setting off Armageddon.
Now... describe how you make that work.
M_Grey|9 years ago