X-Virus-Scanned: clean according to Sophos on Logan.com Return-Path: Received: from m12.lax.untd.com ([64.136.30.75] verified) by logan.com (CommuniGate Pro SMTP 4.3.4) with SMTP id 984479 for flyrotary@lancaironline.net; Sat, 04 Jun 2005 10:47:41 -0400 Received-SPF: pass receiver=logan.com; client-ip=64.136.30.75; envelope-from=alwick@juno.com Received: from m12.lax.untd.com (localhost [127.0.0.1]) by m12.lax.untd.com with SMTP id AABBLDRXSAZS4SRS for (sender ); Sat, 4 Jun 2005 07:46:08 -0700 (PDT) X-UNTD-OriginStamp: L941HVjjYzDhN3itp//mkGy4BKInZyn2iMV2QFOvx9yUnyvqIBS6UQ== Received: (from alwick@juno.com) by m12.lax.untd.com (jqueuemail) id KUNK37UB; Sat, 04 Jun 2005 07:45:37 PDT To: flyrotary@lancaironline.net Date: Sat, 4 Jun 2005 07:43:11 -0700 Subject: Re: [FlyRotary] Re: Rotary risks Message-ID: <20050604.074521.3184.2.alwick@juno.com> X-Mailer: Juno 5.0.33 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=--__JNP_000_30b5.6861.504e X-Juno-Line-Breaks: 8-6,7,13-14,21,26-27,32-33,38,44-45,47-57,59-69,76-32767 From: al p wick X-ContentStamp: 26:13:3557887976 X-MAIL-INFO:13e9e9e190e5e4e020c0b0e159b0f039813d44b00571d9019005443d05510595102409d5e94de184e1a59064f0f47064e0e56124f5a1adfdb1c08db0fd31546075b4a46d75546d04b1541d5d00e5d065d155f435dd2089397d553ded3815012d75dd55b5a1c171801980d5b11485b9257401090d0df5bd4da150440590 X-UNTD-Peer-Info: 127.0.0.1|localhost|m12.lax.untd.com|alwick@juno.com This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ----__JNP_000_30b5.6861.504e Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit First, let's try to get a perspective. There is no job as creative as that of Design Engineer. This guy is making hundreds of decisions. How many inputs do I need, what size resistor, how wide should that track be, how do I isolate that from vibration, etc etc. It's a very very high risk activity. So easy to overlook something. Many of the decisions are arbitrary. You are just making your best guess. The Japanese produce superior products. When we analyzed their success 30 years ago, we found they used certain tools in the design and validation phase that U.S. designers didn't. One of these is the FMEA (see web site). They get a group of engineers together and say" Ok, this is our best guess on how it should be designed, what's going to fail?". They go thru each characteristic and rate them for risk. Then they find a way to prove how far from failure each of those items are. For example, they'll say"Ok, the alternator is going to fail. This will produce an ac voltage." So then they measure how large the ac voltage can get before the device dies. Then they take action if there is not a large safety margin, retest. They end up with numbers that measure their safety margin. So I would encourage reviewing all the various failure modes of the ECM. Deliberately subject it to experiences beyond what it will normally see. Unplug each sensor, see how it handles it. Apply heat way beyond normal, apply vibrations beyond normal. There are very simple ways to do this. It doesn't have to be some long drawn out thing. However, statistically, we know if you have true redundancy in this particular device, then you get to multiply the probability of failure. So if the probability of shut down is 1 time in 1000 hours, since we have two with independent probabilities, our odds plummet to 1 time in 1 million hours. So all you need are two independent circuits. When in doubt, just take a look at what the auto designers have done. They use more than one sensor to measure each characteristic. They compare the sensor results to historical data. They instantly recognize the sensor is providing false data, then warn you, and use tables or other sensor to keep you plugging along. That's why you don't see vehicles sitting on the side of the road. Sorry for being so long winded, I have the impression that stuff like this haven't been discussed before. -al wick Artificial intelligence in cockpit, Cozy IV powered by stock Subaru 2.5 N9032U 200+ hours on engine/airframe from Portland, Oregon Prop construct, Subaru install, Risk assessment, Glass panel design info: http://www.maddyhome.com/canardpages/pages/alwick/index.html On Sat, 4 Jun 2005 07:50:46 -0500 "William" writes: Al, What changes would be required? (reference your statement below) Bill Schertz KIS Cruiser # 4045 ----- Original Message ----- From: al p wick To: Rotary motors in aircraft Sent: Friday, June 03, 2005 9:50 PM Subject: [FlyRotary] Re: Rotary risks You bring up very important points. If you guys can develop robust solutions for each of the challenges, then you can end up with a powerplant that has some fabulous failure modes. Here is a great example, I suspect your ECM shutdown risk is now somewhere around 1 time in 1000 (maybe 500) hours. But with simple changes that make the system genuinely redundant, you would automatically raise that to 1 time in 1000000 hours. That is fantastic for a custom low volume ECM. ----__JNP_000_30b5.6861.504e Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: quoted-printable
First, let's try to get a perspective.
There is no job as creative as that of Design Engineer. This guy is = making=20 hundreds of decisions. How many inputs do I need, what size resistor, how = wide=20 should that track be, how do I isolate that from vibration, etc etc. It's a= very=20 very high risk activity. So easy to overlook something. Many of the = decisions=20 are arbitrary. You are just making your best guess.
 
The Japanese produce superior products. When we analyzed their success= 30=20 years ago, we found they used certain tools in the design and validation = phase=20 that U.S. designers didn't. One of these is the FMEA (see web site). They=20 get a group of engineers together and say" Ok, this is our best guess = on=20 how it should be designed, what's going to fail?". They go thru each=20 characteristic and rate them for risk. Then they find a way to prove how = far=20 from failure each of those items are.
For example, they'll say"Ok, the alternator is going to fail. This = will=20 produce an ac voltage." So then they measure how large the ac voltage can = get=20 before the device dies. Then they take action if there is not a large = safety=20 margin, retest. They end up with numbers that measure their safety margin.<= /DIV>
 
So I would encourage reviewing all the various failure modes of the = ECM.=20 Deliberately subject it to experiences beyond what it will normally see. = Unplug=20 each sensor, see how it handles it. Apply heat way beyond normal, apply=20 vibrations beyond normal. There are very simple ways to do this. It doesn't= have=20 to be some long drawn out thing.
 
However, statistically, we know if you have true redundancy in = this=20 particular device, then you get to multiply the probability of failure. So = if=20 the probability of shut down is 1 time in 1000 hours, since we have two = with=20 independent probabilities, our odds plummet to 1 time in 1 million = hours.=20 So all you need are two independent circuits.
When in doubt, just take a look at what the auto designers have done. = They=20 use more than one sensor to measure each characteristic. They compare the = sensor=20 results to historical data. They instantly recognize the sensor is = providing=20 false data, then warn you, and use tables or other sensor to keep you = plugging=20 along. That's why you don't see vehicles sitting on the side of the road.
 
Sorry for being so long winded, I have the impression that stuff like = this=20 haven't been discussed before.
 

-al wick
Artificial intelligence in cockpit, Cozy IV powered by= =20 stock Subaru 2.5
N9032U 200+ hours on engine/airframe from Portland,=20 Oregon
Prop construct, Subaru install, Risk assessment, Glass panel = design=20 info:
http://www.maddyhome.com/canardpages/pages/alwick/index.html
 
 
On Sat, 4 Jun 2005 07:50:46 -0500 "William" <wschertz@ispwest.com> writes:
Al,
What changes would be required? (= reference your=20 statement below)
Bill Schertz
KIS Cruiser # 4045
----- Original Message -----
= From:=20 al p wick
To: Rotary motors in aircraft=20
Sent: Friday, June 03, 2005 9:50= =20 PM
Subject: [FlyRotary] Re: Rotary= =20 risks
 
You bring up very important points. If you guys can develop robust= =20 solutions for each of the challenges, then you can end up with a = powerplant=20 that has some fabulous failure modes. Here is a great example, I=20 suspect your ECM shutdown risk is now somewhere around 1 time in 1000 (= maybe=20 500) hours. But with simple changes that make the system genuinely= =20 redundant, you would automatically raise that to 1 time in 1000000= =20 hours. That is fantastic for a custom low volume ECM.
 
----__JNP_000_30b5.6861.504e--