New threads and interesting conversations directly in your inbox. Sign up now and get a daily summary of the latest forum activities!
Discussion in 'Rocketry Electronics and Software' started by Steve Shannon, Feb 4, 2020.
These two posts distill the problem very well.
I get that. The statement made in the first post of this thread was, "must have their initiators mechanically disconnected from potential power sources while being transported or when presented for pre-flight inspection." Unfortunately, this is ambiguous. The way it is written, it can mean disconnect the power source to the device that could trigger the charges, or it could mean disconnecting the pyro power from the electronics that could trigger the charges, but it could also be interpreted as opening a leg of the circuit going to the charges. The first two options are acceptable from a general electronics and safety point of view, at least the way modern altimeters are designed, the last interpretation is not acceptable from a pyrotechnic/explosives safety point of view unless a shunt is also used.
That’s correct, Tony. Currently there is no requirement for a shunt. And frankly, shunting an igniter or e-match without isolating it from a power source just places it in the low current leg of a current divider circuit. Unless the shunt is very low impedance and heavy enough to withstand the current the shunt may burn through like a fuse and then all of the current will pass through the igniter or e-match. That doesn’t mean shunts have no value, but it’s important to understand the limitations to protection that a shunt provides.
Our requirement allows either disconnecting power at the battery or disconnecting the initiators. Shunts alone are not a substitute.
In many cases, disconnecting the initiators with some kind of switch at the bulkplate level may be easier than trying to add a power switch to the AV bay, there is generally a little bit of room in the bulkplates and/or parachute bays to add a switch. A N/C lever switch with a "remove before flight" pin holding it open before launch would do the trick.
Screw style switches are tiny. None of my avbays are so crowded that I couldnt fit one in.
Or the same type of switch on the battery lead. Attach a string to the pin, put the rocket on the pad, pull the string from a safe distance.
I love throwing you under the bus - welcome to the conversation!
Nope, they’re definitely not the same. Someone asked about the aerospace industry and I just gave some examples. Like I said, we’re in hobby land here. While people put tons of time into their rockets, they are different animals.
Yeah, but then you have to get everything to line up, drill the holes, an fiddle with it on the pad. I just did one on my Rocketry Warehouse G3, it ended up being very messy. I DO have a few 29mm/38mm AV bays that aren't going to accommodate a screw switch... I'll have to twist and tape, probably on the ematch leads. Not what I really want, so I'll tape the crud out of the leads after twisting, and affix it to the payload tube with two or three wraps of masking tape so it can't come loose in flight.
Same here. We might need someone to design a new “perfect” switch for tiny avbays.
Yes, you would never shunt an intiator alone; disconnect and shunting have to be in concert and are recommended in most explosive manuals I have reviewed. But Tripoli has its own rules regarding this. Personally, I would never just leave a leg open on a low current e-match, but maybe I'm paranoid.
Adding the switch to the bulkplates will be easier in most cases, because there are already either screws or shear pins to line up the payload tube with the AV bay. Getting your sled and bulkplates to line up with a screw hole in the AV bay switch band is a PITA, even if you have some kind of indexing.
Just thinking aloud... Could you 3d print a bulk head for one end of the bay with a spot to mount a slider switch across, but within the bulkhead itself? Print a tube going across that aligns with the switch so you could very easily push a small object in from one side of the tube or the other to switch it.
Just wanting to make sure I fully understand the new rules...
Any electronic device that is connected to energetics (charges, igniters, electric matches, or rocket motors) must have the power source physically disconnected from the energetic. This can be done by a physical disconnect in the wiring - connector, removing leads from terminals, twist and tape (not sure I have them all listed here) - or a mechanical switch. The energetics must remain disconnected thru one of the above means at least until you are at the pad. Then...
If you are using an approved wireless switch you can connect the power source to the electronic device as long as the rocket is pointed in a safe direction and the approved wireless switch is in a safe state (open).
If you are using anything other than an approved wireless switch then you cannot connect the power source to the electronic device until the rocket is upright on the pad (assuming this means installed on the rod, rail or tower) and pointed in a safe direction.
So ... the need for a switch or physical disconnect is now mandatory and not affected in any way by the model/type of electronic device you are using if you want to fly at a TRA sanctioned launch.
I missed 1996 Safety Analysis of Manufacturers’ Maximum Recommended Liftoff Weight. Can you post a link so that I can download and read it?
If you have a switch on the battery for your wifi switch you can turn it on at the pad but before you put it on the rail. I havent put a screw switch on a 29 mm ebay because I dont have a 29mm avbay but have done it for 38 mm and its no problem. And I dont see it being a problem in a 29 either.
What is the "origin" of this reaction, Steve ?
Is it a reaction to the concerns and protests of "hand-wringers" ?
This is what I did with a 38mm minimum diameter rocket with a nose mounted tracker, Raven II and a featherweight magnetic switch. Night before, put contained ematches (no 4F!) on both channels, apply the battery. Now the magnetic switch defaults to "on" so I use the magnet to switch to off. If the matches don't pop, fine. Wait 10 minutes then turn the whole shebang on in the upright position. Raven cycles, matches don't pop then fine. Last step is shut everything off and disconnect ematches.
Next failure mode to check is plugging in the battery, shut the mag switch off with the magnet (remember it defaults to "on") then connect the ematches with the battery connected and the mag switch off. Turn on the mag switch with the rocket upright and if the Raven cycles and nothing pops I presume the Raven is in satisfactory shape to fly without premature ematch ignition.
The prior on-site technique at the launch was pull the rocket ebay apart, connect the battery, turn off the mag switch. Connect up the ematches of course in a spot where no one would be affected by an act of God event (with the switch in the off mode) and get the rocket ready for flight. Go to pad and activate the mag switch with the rocket upright, on the pad. Perhaps this is too much to expect of an average flier but it has worked for me every time I used it. On the other hand .5 to .75mg of 4f is not that big of a safety hazard as long as the rocket is pointed away from people. Also, once the switch is turned "off" I place the magnet in the equipment box and grab it when walking out to the pad with it in my back pocket.
The only thing this doesn't account for is an "act of God" event that would occur the next day after the Raven passed all the tests the night before. I've heard tell of altimeters that took a hard hit on a flight and then the flier goes to use the rocket the next time and the charges blow the minute the mechanical switch is turned on with the rocket on the pad. In that case doesn't matter what kind of switch is being used!
There is no reason not to use the above protocol test for a mechanically switched altimeter especially if one had a hard hit from say an apogee only deployment of a dual deploy rocket. Popping contained ematches on the bench is no big deal if ones altimeter goes bad.
For staging, I'd be paranoid no matter what and put a mechanical switch on the battery leg of one of the approved wireless devices and test it with the above protocol the day before just to be certain. Yeah, It wouldn't be easy in an MD project unless it was large but I would want an impeccable safety margin on a sustainer ignition circuit. I'm not intelligent enough to design an ignition "shunt" nor do I trust them unless they've been tested in the failure mode they are supposed to protect against.
Lithium batteries can really blast a lot of current through a circuit and a low current igniter (ematch based) will likely still blow. Kurt
No one in their right mind carries around a rocket with the altimeters energized. Why is it okay to walk around with a rocket with its wifi switch active which in the worst case could turn the altimeters on? This aint rocket science guys..... wait
So every Wednesday a bunch of us rocket guys get together for lunch. We had a active discussion about this topic (regarding ejection charges only, no one disagreed with the rule for staging/motor ignitors). Here's our conclusions:
everyone had at least one story where a mechanical switch failed and powered electronics on unexpectedly
many had moved to electronic switches, both mag and wifi, to avoid those issues, and felt they had made the right choice and were safer as a result
this rule will require the replacement or modification of a handful of purpose built, well known devices with an 'unknown number of unknown ways' to comply with the rule
None of us could see how forcing a change in the use of electronics that were specifically built for our hobby would leave us in a safer place where every flyer now has to create their own way of dealing with this issue.
No one walks around with an active altimeter because more of them are designed so a single FET/control line lights a pyro. No redundancy
The single failure mode of the WiFi switch would be to energize the altimeter. It would require both to fail between setup and pad to light a pyro. Single redundancy.
Specifically, the Eggtimer Proton would require a wifi/MPC failure, the FET failure, and the IO Expander to fail between car and pad. Double redundancy. But I would accept arguments that reduce it to single, or up it to triple because the software and hardware combinations are much more complex.
In the no redundancy case, you know of the failure when the pyro goes bang. Incident.
In the redundant cases, you know because you hear the altimeter wake up. And you stop and fix it. Near miss.
In the same sense, no one in their right mind uses a normal ladder out in the field. At least I could bring along an orchard ladder intended for uneven surfaces.
The new policy says you can turn on the wifi at the pad. Doesnt say on the pad. Carry rocket to the vicinity of the pad. Turn on Wifi. Put on pad. Enable altimeters by wifi. No ladder needed
You can also disconnect the energetics from the altimeter, and reconnect it per the
Correct. The intent of this rule is prevent the accidental triggering of energetics WHILE IN TRANSIT. Kate II and the Eggtimer WiFi stuff got a dispensation from the Pope for powering on "at the pad" instead of "on the pad" because they require additional arming steps in order for the energetics to be fully powered on. Short of some kind of catastrophic hardware failure, it is unlikely that they would power the energetics "on" without some kind of explicit action on the owner's part.
No. The hazard is if an altimeter is powered on, during transport for example, and the altimeter detects launch based on a true acceleration or baro signal. The altimeter doesn't have to fail in this scenario.
This is exactly the point. Most of the unplanned ignitions I’ve seen have been working as designed.
Actually that is a failure. It's a false launch detect.
But Fair enough. I assumed that unplanned altimeter powerup would be 1) detectable and 2) cause an immediate WTF response. Halt and fix. But those are just assumptions.
And I've already outlined my plan to comply. I don't agree that it's an overall safety improvement.
The only reason I’m uncomfortable with this logic is that it goes off the assumption that the slim, but present, chance of a rocket coming in ballistic is somehow safer then a charge going off and deploying a rockets recovery system at an embarrassing point during setup.
As a skydiver, I used a device called an AAD (Automatic Activation Device) that would detect ground level, detect an airplane ride up, detect freefall, and monitor altitude on the way down. The idea was that if the AAD's on board computer detected that I was still in freefall at 1000 feet, it would activate a pyro-based cable cutter that would deploy my reserve so that I did not freefall into the ground.
Pretty much every dropzone has signs everywhere reminding people NOT to turn on their AAD and let it calibrate anywhere except the landing area, because if the device were calibrated elsewhere, it might either a. deploy a reserve canopy in the trunk of a car, b. fail to fire when its owner lost altitude awareness in freefall, allowing its owner to crash into the planet at triple digit speeds, or c. deploy a reserve parachute that would entangle with the main parachute, resulting in its owner crashing into the planet at triple digit speeds.
I say all this only to point out that barometric devices can be tricked, and I applaud the INTENT of the rule. I am not sufficiently familiar with HPR procedures and equipment to know whether the rule has unintended consequences, so I have no opinion on whether it is a good rule.
I used to skydive back in the 80's and 90's. Had an AAD that fired for no reason on a normal approach for landing. It tested perfectly well before and after that incident. Stuff happens.....
The whole fallacy to this rule is that a switch I add to my A/V bay will be safer than the devices we have been using, and that every rocket builder will do the same. I haven't seen any references to any kind of study or survey that shows this will be the case.
I also think many mechanical switches are far easier to activate accidentally than any of the electronic switches I have used. Screw switches can vibrate closed, pull switches can get snagged and pulled out inadvertently, even twisted wires could short against metal while exposed and untwisted.
Who wants to make the argument that the plethora of user created mechanical switches will all be safer than the small handful of electronic switches that we now use?
(edited for brevity)
SMT Designs has this very type of switch in his electronics bay kits.
Separate names with a comma.