Well nothing works forever on a warship anyways, and the Navy is already very big on Preventative Maintenance (i.e. "fix it until it's broke"). So any plan assuming that a system will stay up for an entire deployment is negligent from the start; you might as well practice having to reboot the system from that perspective.
My understanding, and my experience from working with NT4 machines back then, is that you had to reboot them every so often. It wasn't just a matter of practicing rebooting.
Sure, I'm just saying that was (and is) par for the course already for the Navy. It would be like complaining that the software comes in a ugly box... even if it came in a nice box, the Navy would just throw the box away and stuff it in an ugly box anyways.
And I'm saying that the boxes wouldn't insist on getting ugly or most of the equipment wouldn't insist on preventive maintenance in the middle of an attack. The NT4 boxes might well have insisted on being rebooted at an in-opportune moment.
> The NT4 boxes might well have insisted on being rebooted at an in-opportune moment.
Well I've been on a boat that used NT4 for stupid office tasks and HP-UX somewhere in the actual Combat Control System.
Guess which one shit the bed in the middle of our graded inspection when we were supposed to be tracking a simulated enemy in a life-or-death situation? (Hint: MS didn't write the OS).
To rephrase it a bit, there are vanishingly few pieces of gear that the Navy assumes that must work in the middle of an attack, and most of the pieces that do fall under that assumption have manual overrides/backups/inherent redundancy/etc. In our situation, we switched over to paper-based methods and managed to keep the contact situation until the system could be rebooted.
So if the Navy builds a ship that is single-point-of-failure on any commodity-OS-driven computer they deserve what they get. We've known since before WWII that survivability in combat requires redundancy.
Honestly on a surface ship I can't think of very many 1-hit-kill components. Even in WWII tiny little Destroyer Escorts were able to withstand multiple shell hits from Japanese Heavy Cruisers and even the Yamato. (The Battle off Samar, if you want to wiki it).
With the move toward computerization and long-range missile-based combat there's probably a lot of risk with the Fire Control System, Radars (e.g. AEGIS), stuff like that. But even blind you can at least run away, and the CIWS has an independent fire-control radar for last-resort self-defense.
Submarines are more problematic. There's only the one pressure hull, only the one reactor, only the one main propulsion train, and watertight compartmentalization only exists for the reactor compartment.
This makes everything about subs more expensive since all work that affects these things has to be formally controlled and QA'ed, re-tested, etc. to avoid losing more subs like we lost Thresher and Scorpion.
I think it was Win 95/98 that would reboot after 49 days. Not too many people got to experience that. I think NT4 might have reset the uptime counter after the same period.
