System Safety & Reliability
- System-level tradeoff -- do you trust HW & SW with people's
       lives?
  - Mission-critical systems use redundancy, and are trusted with
       lives
  - Some safety-critical systems use electromechanical backups
  - Some systems can indirectly cause damage/injury
- The software problem -- software can invite complexity;
       complexity invites problems
  - Traditional fix is use hardware instead of software -- The
       SYMBOL project suggests this doesn't work
Design Challenges:
  - Cheaply available systems from unreliable components
  - Reliable software