BradMilkomeda
Well-Known Member
- Joined
- Feb 26, 2017
- Messages
- 177
- Reaction score
- 28
I think we're talking possibilities here, not probabilities. If we were talking probability, then adding another switch into the system that can lead to a failed deployment (altimeter powered on, deploy power left open), increases the probability of a ballistic return.
Or we can talk about the probability of a switch failing closed compared to the probability of a microprocessor failing with one analog channel set wrong while simultaneously forming and sending the proper string down a serial comms path, while also appearing to be working in the first place (sending lights, beeps, web pages, etc).
I think this discussion is -possibility- driven.
Well said Charles. I am not saying that there might be an issue with the remote switches and remote controlled altimeters, but I think the TRA BoD did not do their due diligence in this decision. I think a complete Failure Modes and Effects Analysis (FMEA) for the complete system should have been requested from the manufacturers in question. If this were an aircraft the design assurance level would then be determined. Is this failure result in a catastrophic, hazardous, major, minor, or no safety effect. Once that is determined for all the failure modes. Then the need for failure mitigation solutions need to be determined. If the current designs do not meet that criteria then and only then do further things need to be added to the system. This is the problem that Boeing has with the 737 Max. They assumed the MCAS was only major so no redundancy is necessary. Obviously it should have been catastrophic instead. Since we have safety distances I don’t believe any of our electronics meet the level of catastrophic. With your high level analysis above I see several situations that do not have a single point failure of the system. Like Charles said above the single failure of the remote system in some cases does not result in a deployment event.
Wow, never saw that one coming!
I have been using Featherweight mag switches for years and a lot of my AV bays have them. I wish this was discussed, tabled, resolved, years ago. But, I get that the Tripoli BoD is just doing their part to ensure we have a hobby, so I thank them for making the hard decisions.
Still this will hurt as it looks like I will have to add redesigning all affected AV bays to my winter maintenance list.
I think it should be probability driven.
Is a mechanical switch not a single failure point? They can fail closed, can't they?
I can't disagree, and I never had an incident.I agree but I am still not convinced that this needed to be such a quick change without any input from the membership and detailed analysis. Especially since they can’t point to an actual occurrence of a failure. If that had occurred then by all means it needs to be fixed immediately.
At work this would be called a knee jerk reaction by management without understanding the ramifications and complete risks.
I can't disagree, and I never had an incident.
Having said that I can see an accidental arming if the flyer doesn't take precautions to keep the rocket away from the magnet in their pocket, or hand, when walking to the RSO or pad.
While I have never had an incident, I have accidentally armed an altimeter. I don't profess to be perfect, but, I am very careful in my procedures.
At the end of the day, the human is the biggest point of failure in our hobby. Although this may be "knee jerk," in regards to magnetic switches, and painful for me personally, I see it as a mitigated step towards a safer hobby.
UL and IEC have established well-documented criteria to establish safe operation of both hardware and software, isn’t it time we do the same across our governing bodies in model rocketry?
L and IEC have established well-documented criteria to establish safe operation of both hardware and software, isn’t it time we do the same across our governing bodies in model rocketry?
We’re at least an order of magnitude below that standard.UL requires physical power disconnects on any system than can use/release more than 200 (or 400 I can't remember) VA of energy. Neanderthals......
What the equivalent VA of a motor burning? The "system" is not just the altimeter.We’re at least an order of magnitude below that standard.
UL requires physical power disconnects on any system than can use/release more than 200 (or 400 I can't remember) VA of energy. Neanderthals......
The TRA BoD did not do anything with magnetic switches. This change is strictly for wireless remote switches like some of the Eggtimer products and the Kate system. I had to read the announcement several times to fully understand what it was saying and intending. Please read it again. It is the first post in this thread.
This revision, which takes place immediately, requires that all devices which control staging or energetic charges must be physically disconnected from power or must have their initiators mechanically disconnected from potential power sources while being transported or when presented for pre-flight inspection.
The Featherweight magnetic switch never was submitted nor approved by the Tripoli Board to be used instead of a physical switch.
Hi Dave,
I interpreted it differently.
Then for clarification I read post 18
Hmmm... Does it matter how that energy is released? Or does it have to stay electrical?
There isn’t really a precise way to convert a VA to a Watt of propulsive energy unless you have a DC Circuit and an impossible “purely resistive” load...
If we throw that little inconvenience out and use 1 V * 1A = 1 Watt, then an Aerotech J250 easily releases more energy than 400 W of energy...
You cannot just rely on firmware and electronics to protect against overtemps and overcurrent faults.
Oh, I’m 100% with you. I’ve seen more than my share of all of the above.
Especially the bit about trusting software. Anybody who engineers software knows the truth: we (software engineers) don’t actually know how to write reliable software. Full stop.
Every once in a while we even crash a billion dollar space probe to cast that fact into sharp relief.
Steve, from Post #1:I’m just getting ready to travel, but I’d like to understand this better, Jim. I don’t believe anything we’re saying should be taken to mean that a person should eliminate any disconnects. We’re just saying the power to the WiFi switch must be dead when taking it up to be inspected and carried out onto the range. We’re okay with the power to the WiFi switch being reconnected at a prep area before the rocket is raised vertical.
Would you not allow the use of a wireless remote switch to switch power to your staging electronics after your rocket is vertical?
I've had this happen with screw switches too. I also had a screw switch with a weak factory-solder joint that failed after I turned it on (would have been a core sample if I didn't notice the beeping stopped out at the pad). Because of those issues with them, I moved everything to Adrian's magnetic switches. In my limited experience, they've been way more reliable & predictable than mechanical screw switches.I had two screw switches on a dual deploy rocket, one for the conventional altimeter, and one for the deployment charges. At the field, I loaded my rocket in the trunk of my car to move it a short distance on a gravel road. The screws were unscrewed several turns (to be off). I was surprised to hear my altimeter beeping when I parked the car, the altimeter screw had vibrated and rotated enough to turn on. Fortunately, the altimeter did not launch detect, and my deployment screw was still off. But now I remove the screws completely. I subjectively feel like my disarmed Proton would have been safer. It was part of my motivation to switch to a Proton.
Jim, what would be your proposed solution to this problem? Personally, I'd rather not be standing on a ladder fiddling around for some switch with my face inches away from several thousand Newton-seconds of potential energy... which is why I came up with the WiFi stuff in the first place....I don't think it is prudent to raise a staged rocket unless the igniter is either properly shunted or disconnected, particularly if it is connected to an energized piece of electronics.
Thanks Cris.Now if you had it operate a motor that closed a mechanical switch, that would work...
Enter your email address to join: