Lifts, Trains and Information Technology

Original author: Dick Lipton
  • Transfer
Reading the blog of Ivan Sagalaev, he found a link to an article that seemed interesting and worthy of translation to me.

Lifts, Trains and Information Technology


Possible methods for creating secure systems.

George Westinghouse was not a theorist, but one of the great inventors of the 19th century. Perhaps his best-known invention was an air brake for a train in 1869. A little later more.

Today I would like to talk about a generalization of Westinghouse's ideas, and about the role that they can play in information technology.


Train brake:

The first trains were called Wagonsway and were used in Germany as early as the 1550s. They rode horses until 1804, when Richard Trevitik, funded by Samuel Homfray, used a steam engine to pull 10 tons of iron and 70 people for 9 miles. This was the beginning of modern trains.

Immediately an important problem arose: how to stop the train? Just drowning out the locomotive is not enough, because the trains were long and moving fast. The inertia is too great for the locomotive to stop the train on its own. The first method used was simple: an operator was assigned to each car, and pulled the hand brake, at the signal of the driver. Pretty soon, the direct air system mechanism replaced - when the driver wants to stop the train, he opens the valve, which sends compressed air to each car. Air forces the brake to press on the wheel. The train stops. Very simple.

And then another problem appears: how to stop the train reliably. Direct air brakes worked well if they worked. But if the can of compressed air is empty, or the pressure is not enough, or there is a leak on the line, the brake will not work. The train will not stop. And that is the problem.
The genius of Westnighhouse was in the invention of the reverse air brake. His great idea was to use compressed air so that the train would travel rather than stop. Here's how his system worked: The brakes in each car were pressed against the wheels by a strong spring. In this state, the train could not move. If the driver wanted to move, he let in compressed air, which pressed the brakes from the wheels, which allowed the train to start moving.

That, I think, was very clever. Note that if the tank with compressed air was empty, or the pressure was not enough, or there were some leaks, then the train was standing. The brakes could not fail to work, as they are always pressed against the wheels by springs.

This system is used today. Once, I was on the Amtrac train going from the District of Columbia to Princeton when we stopped in the middle of the road. It was already late at night, and everyone wanted to go home, and someone asked the conductor when he passed us, what happened? He answered us in technical jargon: “The engine doesn’t want to go” (“The choo-choo she no go”).

Later we learned that the air duct was broken and the brakes were released. We stood for about an hour before we installed a new hose and restored the integrity of the air duct system.

Lifts

Elevators are even older than trains. They existed in time immemorial. But it was only in the middle of the 19th century that tall buildings appeared so that the reliability of elevators became an important enough task. While the buildings were 6 floors or less, security was not so critical, although I would not have entered an unsafe elevator, even at such a low altitude. Be that as it may, as the construction of high-rise buildings, elevators should not only be safe, but also look like that. Otherwise, people will be afraid to use them.

In 1865, Jelisha Otis solved the problem of elevator safety. He invented a mechanism that will stop the falling elevator, even if the support cable breaks. The solution was that the cable pulled the elevator brakes inward, but as soon as the cable loosened, the brakes released and prevented a fall.

Otis's brilliant insight was not an immediate success. He realized that he needed a visual demonstration of the braking mechanism to give the public a sense of security. During the first world exhibition of 1854 in America, Otis built an open elevator shaft. Several times a day, he climbed into the elevator, and cut the cable from the inside. Since the mine was open from the front, all viewers saw this. As soon as the elevator began to fall, the mechanism immediately safely blocked it. What they said every time: "Everything is in order, gentlemen, everything is in order"

This many-thousand-strong, visual demonstration ultimately led his company to success and made high-rise buildings possible.

The main principle.

I think that there is a powerful principle used in the security system of both the train and the elevator. Both of them are designed, so that no action is required. Instead, security is built into the system:
  • In the case of a train: there is no pressure in the system, the brake will stop the train.
  • In the case of an elevator: there is no cable supporting the elevator, the lock will be released and prevent it from falling.

The key principle should be this: do not rely on action, but on the properties of the system. Make the default state, passive state, a safe state, so that when the system crashes, it falls into security.

I always liked such systems. I often wondered if we could use similar passive methods to create better computing systems. Can, for example, build a system safe from viruses using passive methods? Is there a formal model of a passive or active system that we can use as an argument that such a system is possible in principle?

Question for discussion:

Is it possible to use the power of passive methods used by Westinghouse and Otis to solve computer problems?

Also popular now: