I think the underlying problem is that a control system was designed with the assumption that its purpose was to make the pilot force feedback feel right, for regulatory compliance reasons. Therefore it was designed with low reliability requirements, presumably on the basis that if it doesn't work, no biggie because it's only there to make the controls feel right, and that only happens when the plane is about to stall, which never happens...
Then...it turned out that when this control system malfunctions (which is can, quite often, due to aforementioned low reliability requirements), it will actually crash the plane.
The lesson is probably: make sure that some system you're designing with low reliability characteristics (only uses one sensor, doesn't have redundant power supplies...) will fail with safe or benign outcomes.
Then...it turned out that when this control system malfunctions (which is can, quite often, due to aforementioned low reliability requirements), it will actually crash the plane.
The lesson is probably: make sure that some system you're designing with low reliability characteristics (only uses one sensor, doesn't have redundant power supplies...) will fail with safe or benign outcomes.