Comment by londons_explore
16 days ago
You can do an awful lot to make a device like a microwave safe with loads of failsafes...
But rarely do those failsafes protect reliably against 'the mainboard was splashed with salt water'.
Even with triple redundant relays, how do you know the salt water didn't just wet them all?
In almost every system with failsafes there will be conditions that can bypass them. The goal is not to make it impossible for the unsafe condition to happen, but to make it so that in the expected uses the failure will not happen.
In this case it's a domestic microwave and the mainboard is housed inside the electronics enclosure, so covering the whole mainboard in salt water is not an expected occurrence in a domestic kitchen.
But there are ~1 billion microwaves in the world... I'm sure it has happened somewhere. As a designer of a billion-sold device, your job is to make sure that the expected number of people harmed by your device is substantially less than one, which gets really hard when all the risks are multiplied by 1e9.
Your job is to make sure the number of people harmed _while using the device as intended in a reasonable situation_ is as close to 0 as possible.
A domestic microwave is for use only on land, indoors, in a domestic kitchen, and in an unmodified form. In these conditions there is no conceivable way that salt water could saturate the main board, or bypass all the interlocks in another way.
Yes there are ways that all the safety systems can be bypassed, but not while a reasonable person is using the device as intended.
> As a designer of a billion-sold device, your job is to make sure that the expected number of people harmed by your device is substantially less than one
Source? People take risk in their day to day life and should expect to take risk. Why would they expect their microwave to be completely free of risk?
I noticed when tearing down an old microwave for salvage that the light bulb was part of the power circuit. If the bulb burned out, so did the microwave.
Reminds me of a comment from a previous time this story was posted here:
https://news.ycombinator.com/item?id=41509748
> Even with triple redundant relays, how do you know the salt water didn't just wet them all?
The design typically includes a mix of normally open and normally closed switches. If everything failed in the same direction (closed) it wouldn't satisfy the failsafe.
If you're spilling conductive liquid on the board, it's going to blow fuses anyway. It's more likely to short to ground than to short only to the precise path needed to activate.
In that situation one of the switches should short the mains voltage and blow the fuse when the door is opened.