<p><span class="h-card" translate="no"><a href="https://mastodon.social/@bagder" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>bagder</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@kurtseifried" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>kurtseifried</span></a></span> yet that is exactly what is done in safety critical environments. During the Apollo program, there were two independent navigation computers, each developed by different teams (the primary one, the famous AGC was developed by a university, MIT I think? And the spare emergency computer was by IBM).</p><p>Completely different hardware and software, both of which could get the lunar lander back to the command module.</p><p>Perhaps this idea isn't so bad after all? At least for certain software.</p>