X-Virus-Scanned: clean according to Sophos on Logan.com Return-Path: Received: from mx2.magma.ca ([206.191.0.250] verified) by logan.com (CommuniGate Pro SMTP 4.3.4) with ESMTPS id 984904 for flyrotary@lancaironline.net; Sat, 04 Jun 2005 21:16:47 -0400 Received-SPF: none receiver=logan.com; client-ip=206.191.0.250; envelope-from=ianddsl@magma.ca Received: from mail4.magma.ca (mail4.magma.ca [206.191.0.222]) by mx2.magma.ca (8.13.0/8.13.0) with ESMTP id j551G02S011011 for ; Sat, 4 Jun 2005 21:16:01 -0400 Received: from binky (ottawa-hs-64-26-156-111.s-ip.magma.ca [64.26.156.111]) by mail4.magma.ca (8.13.0/8.13.0) with SMTP id j551FuEW027972 for ; Sat, 4 Jun 2005 21:15:59 -0400 Reply-To: From: "Ian Dewhirst" To: "Rotary motors in aircraft" Subject: RE: [FlyRotary] Re: Rotary risks Date: Sat, 4 Jun 2005 21:15:49 -0400 Message-ID: MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_008F_01C5694A.950905A0" X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 Importance: Normal In-Reply-To: This is a multi-part message in MIME format. ------=_NextPart_000_008F_01C5694A.950905A0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit Al, Thanks for the apology. Your e-mail's led me to believe that you were comparing what you know of the EC-2 to what you know of the engine ECM in your automobile, I assumed you meant a Subaru automobile, my apologies. I don't disagree with you when you contend that there is risk in flying behind a rotary. I understand that your intention is to make flying behind a rotary safer, thank you in advance for the effort you put into it. -- Ian -----Original Message----- From: Rotary motors in aircraft [mailto:flyrotary@lancaironline.net]On Behalf Of al p wick Sent: Saturday, June 04, 2005 5:53 PM To: Rotary motors in aircraft Subject: [FlyRotary] Re: Rotary risks You ask me all these questions about my installation. I don't understand why. It has no bearing on the subject. Let's pretend I fly the highest risk aircraft ever made. Does that mean all my risk statements below have no substance? Does that mean there are no rotary risks? What in the world makes you think I'm comparing the two types of engines? I apologize for my "long winded" remark. I can see how it would appear condescending and inappropriate. -al wick On Sat, 4 Jun 2005 13:48:55 -0400 "Ian Dewhirst" writes: Hi Al, I was not going to bother replying to your posts but your last one pushed me over the top. I have a couple of questions: 1) Do you have two ECMs? Having redundant crank angle sensors is great, feeding them all into one computer is no better then having only one crank sensor. 2) Have you tested limp home mode on climb out? 3) How is your power output with a partially shorted temp sensor? I'm betting it is not going to be too good - like none. 4) How old is your ECM? Most people junk their cars after 10 years, where did you get data to support the reliability of the ECM as it ages? I do have some experience in automobile failure modes, I am a licensed auto technician with OBDII training. I have colleagues who work on Subaru's, one fellow works at a local dealership, and two others work at independent garages. FYI Subaru's, like every other vehicle ever made, do come in on a hook and they do coast to a stop from time to time. One last thing, you wrote: "Sorry for being so long winded, I have the impression that stuff like this haven't been discussed before." That's right, we are all morons that don't grasp concepts like risk and redundancy. While I plan to have fully redundant ignition and fuel, (using an EC-2 as primary and a megaSquirtNSpark as a backup) Tracy (and his many customers) concluded that some inputs like a crank angle sensor did not represent a failure risk, he seems like a pretty smart guy who considers the decisions he makes. 1600+ hours suggests to me that his decisions are pretty good. You may be a great analyst - your skills as a diplomat leave a lot to be desired. -- Ian -----Original Message----- From: Rotary motors in aircraft [mailto:flyrotary@lancaironline.net]On Behalf Of al p wick Sent: Saturday, June 04, 2005 10:43 AM To: Rotary motors in aircraft Subject: [FlyRotary] Re: Rotary risks First, let's try to get a perspective. There is no job as creative as that of Design Engineer. This guy is making hundreds of decisions. How many inputs do I need, what size resistor, how wide should that track be, how do I isolate that from vibration, etc etc. It's a very very high risk activity. So easy to overlook something. Many of the decisions are arbitrary. You are just making your best guess. The Japanese produce superior products. When we analyzed their success 30 years ago, we found they used certain tools in the design and validation phase that U.S. designers didn't. One of these is the FMEA (see web site). They get a group of engineers together and say" Ok, this is our best guess on how it should be designed, what's going to fail?". They go thru each characteristic and rate them for risk. Then they find a way to prove how far from failure each of those items are. For example, they'll say"Ok, the alternator is going to fail. This will produce an ac voltage." So then they measure how large the ac voltage can get before the device dies. Then they take action if there is not a large safety margin, retest. They end up with numbers that measure their safety margin. So I would encourage reviewing all the various failure modes of the ECM. Deliberately subject it to experiences beyond what it will normally see. Unplug each sensor, see how it handles it. Apply heat way beyond normal, apply vibrations beyond normal. There are very simple ways to do this. It doesn't have to be some long drawn out thing. However, statistically, we know if you have true redundancy in this particular device, then you get to multiply the probability of failure. So if the probability of shut down is 1 time in 1000 hours, since we have two with independent probabilities, our odds plummet to 1 time in 1 million hours. So all you need are two independent circuits. When in doubt, just take a look at what the auto designers have done. They use more than one sensor to measure each characteristic. They compare the sensor results to historical data. They instantly recognize the sensor is providing false data, then warn you, and use tables or other sensor to keep you plugging along. That's why you don't see vehicles sitting on the side of the road. Sorry for being so long winded, I have the impression that stuff like this haven't been discussed before. -al wick Artificial intelligence in cockpit, Cozy IV powered by stock Subaru 2.5 N9032U 200+ hours on engine/airframe from Portland, Oregon Prop construct, Subaru install, Risk assessment, Glass panel design info: http://www.maddyhome.com/canardpages/pages/alwick/index.html On Sat, 4 Jun 2005 07:50:46 -0500 "William" writes: Al, What changes would be required? (reference your statement below) Bill Schertz KIS Cruiser # 4045 ----- Original Message ----- From: al p wick To: Rotary motors in aircraft Sent: Friday, June 03, 2005 9:50 PM Subject: [FlyRotary] Re: Rotary risks You bring up very important points. If you guys can develop robust solutions for each of the challenges, then you can end up with a powerplant that has some fabulous failure modes. Here is a great example, I suspect your ECM shutdown risk is now somewhere around 1 time in 1000 (maybe 500) hours. But with simple changes that make the system genuinely redundant, you would automatically raise that to 1 time in 1000000 hours. That is fantastic for a custom low volume ECM. -al wick Artificial intelligence in cockpit, Cozy IV powered by stock Subaru 2.5 N9032U 200+ hours on engine/airframe from Portland, Oregon Prop construct, Subaru install, Risk assessment, Glass panel design info: http://www.maddyhome.com/canardpages/pages/alwick/index.html ------=_NextPart_000_008F_01C5694A.950905A0 Content-Type: text/html; charset="US-ASCII" Content-Transfer-Encoding: quoted-printable
Al,=20
 
Thanks for = the=20 apology.  Your e-mail's led me to believe that you were comparing = what you=20 know of the EC-2 to what you know of the engine ECM in your = automobile, I=20 assumed you meant a Subaru automobile, my=20 apologies.
 
I don't = disagree with=20 you when you contend that there is risk in flying behind a rotary.  = I=20 understand that your intention is to make flying behind a rotary safer, = thank=20 you in advance for the effort you put into = it.
 
--=20 Ian
 
 
 
 -----Original = Message-----
From:=20 Rotary motors in aircraft [mailto:flyrotary@lancaironline.net]On = Behalf Of=20 al p wick
Sent: Saturday, June 04, 2005 5:53 = PM
To:=20 Rotary motors in aircraft
Subject: [FlyRotary] Re: Rotary=20 risks

You ask me all these questions about my installation. I don't = understand=20 why. It has no bearing on the subject. Let's pretend I fly the highest = risk=20 aircraft ever made. Does that mean all my risk statements below = have no=20 substance? Does that mean there are no rotary risks?
 
What in the world makes you think I'm comparing the two types of=20 engines?  
 
I apologize for my "long winded" remark. I can see how it would = appear=20 condescending and inappropriate.
 
-al wick
 
 
 
 
On Sat, 4 Jun 2005 13:48:55 -0400 "Ian Dewhirst" <ianddsl@magma.ca> = writes:
Hi=20 Al, I was not going to bother replying to your posts but your last = one=20 pushed me over the top.  I have a couple of=20 questions:
 
1)=20 Do you have two ECMs?  Having redundant crank angle sensors is=20 great,  feeding them all into one computer is no better = then=20 having only one crank sensor.  
2)=20 Have you tested limp home mode on climb = out?
3)=20 How is your power output with a partially shorted temp sensor?  = I'm=20 betting it is not going to be too good - like = none.
4)=20 How old is your ECM?  Most people junk their cars after 10 = years, where=20 did you get data to support the reliability of the ECM as it=20 ages? 
 
I do have=20 some experience in automobile failure modes, I am a licensed = auto=20 technician with OBDII training. I have colleagues who work on = Subaru's, one=20 fellow works at a local dealership, and two others work at = independent=20 garages.  FYI Subaru's, like every other vehicle ever = made, do=20 come in on a hook and they do coast to a stop from time to = time. =20
 
One last thing, you wrote:
 
"Sorry for being so=20 long winded, I have the impression that stuff like this haven't been = discussed before."
 
That's right, we are all morons that don't grasp concepts = like risk=20 and redundancy.  While I plan to have fully redundant ignition = and=20 fuel, (using an EC-2 as primary and a megaSquirtNSpark as a = backup)=20 Tracy (and his many customers) concluded that some inputs like = a crank=20 angle sensor did not represent a failure risk, he seems like a = pretty smart=20 guy who considers the decisions he makes.  1600+ hours suggests = to me=20 that his decisions are pretty good. 
 
You may be a great analyst - your skills as a diplomat = leave a lot to=20 be desired.
 
--=20 Ian
 
 
-----Original Message-----
From: Rotary motors = in=20 aircraft [mailto:flyrotary@lancaironline.net]On Behalf Of = al p=20 wick
Sent: Saturday, June 04, 2005 10:43 = AM
To: Rotary=20 motors in aircraft
Subject: [FlyRotary] Re: Rotary=20 risks

First, let's try to get a perspective.
There is no job as creative as that of Design Engineer. This = guy is=20 making hundreds of decisions. How many inputs do I need, what size = resistor, how wide should that track be, how do I isolate that = from=20 vibration, etc etc. It's a very very high risk activity. So easy = to=20 overlook something. Many of the decisions are arbitrary. You are = just=20 making your best guess.
 
The Japanese produce superior products. When we analyzed = their=20 success 30 years ago, we found they used certain tools in the = design and=20 validation phase that U.S. designers didn't. One of these is the = FMEA (see=20 web site). They get a group of engineers together and say" = Ok, this=20 is our best guess on how it should be designed, what's going to = fail?".=20 They go thru each characteristic and rate them for risk. Then they = find a=20 way to prove how far from failure each of those items are.
For example, they'll say"Ok, the alternator is going to fail. = This=20 will produce an ac voltage." So then they measure how large the ac = voltage=20 can get before the device dies. Then they take action if there is = not a=20 large safety margin, retest. They end up with numbers that measure = their=20 safety margin.
 
So I would encourage reviewing all the various failure modes = of the=20 ECM. Deliberately subject it to experiences beyond what it will = normally=20 see. Unplug each sensor, see how it handles it. Apply heat way = beyond=20 normal, apply vibrations beyond normal. There are very simple ways = to do=20 this. It doesn't have to be some long drawn out thing.
 
However, statistically, we know if you have = true redundancy in=20 this particular device, then you get to multiply the probability = of=20 failure. So if the probability of shut down is 1 time in 1000 = hours, since=20 we have two with independent probabilities, our odds plummet = to 1=20 time in 1 million hours. So all you need are two = independent=20 circuits.
When in doubt, just take a look at what the auto designers = have done.=20 They use more than one sensor to measure each characteristic. They = compare=20 the sensor results to historical data. They instantly recognize = the sensor=20 is providing false data, then warn you, and use tables or other = sensor to=20 keep you plugging along. That's why you don't see vehicles sitting = on the=20 side of the road.
 
Sorry for being so long winded, I have the impression that = stuff like=20 this haven't been discussed before.
 

-al wick
Artificial intelligence in cockpit, Cozy IV = powered=20 by stock Subaru 2.5
N9032U 200+ hours on engine/airframe from = Portland,=20 Oregon
Prop construct, Subaru install, Risk assessment, Glass = panel=20 design=20 = info:
http://www.maddyhome.com/canardpages/pages/alwick/index.html
=
 
 
On Sat, 4 Jun 2005 07:50:46 -0500 "William" <wschertz@ispwest.com>=20 writes:
Al,
What changes would be required? = (reference=20 your statement below)
Bill Schertz
KIS Cruiser # 4045
----- Original Message ----- =
From:=20 al = p wick=20
To: Rotary motors in=20 aircraft
Sent: Friday, June 03, = 2005 9:50=20 PM
Subject: [FlyRotary] = Re: Rotary=20 risks
 
You bring up very important points. If you guys can = develop=20 robust solutions for each of the challenges, then you can end = up with=20 a powerplant that has some fabulous failure modes. Here = is a=20 great example, I suspect your ECM shutdown risk is now = somewhere=20 around 1 time in 1000 (maybe 500) hours. But with simple = changes that=20 make the system genuinely redundant, you would = automatically=20 raise that to 1 time in 1000000 hours. That is fantastic for a = custom=20 low volume ECM.
 
 

-al wick
Artificial = intelligence in=20 cockpit, Cozy IV powered by stock Subaru 2.5
N9032U 200+ hours on=20 engine/airframe from Portland, Oregon
Prop construct, Subaru = install, Risk=20 assessment, Glass panel design=20 = info:
http://www.maddyhome.com/canardpages/pages/alwick/index.html
= ------=_NextPart_000_008F_01C5694A.950905A0--