X-Virus-Scanned: clean according to Sophos on Logan.com X-SpamCatcher-Score: 80 [XXX] (100%) Contains spammy domain Return-Path: Sender: To: lml Date: Thu, 21 Dec 2006 17:05:37 -0500 Message-ID: X-Original-Return-Path: Received: from imo-d05.mx.aol.com ([205.188.157.37] verified) by logan.com (CommuniGate Pro SMTP 5.1.3) with ESMTP id 1699318 for lml@lancaironline.net; Thu, 21 Dec 2006 16:51:32 -0500 Received-SPF: pass receiver=logan.com; client-ip=205.188.157.37; envelope-from=Sky2high@aol.com Received: from Sky2high@aol.com by imo-d05.mx.aol.com (mail_out_v38_r7.6.) id q.bd2.bab3bc3 (42809) for ; Thu, 21 Dec 2006 16:50:44 -0500 (EST) From: Sky2high@aol.com X-Original-Message-ID: X-Original-Date: Thu, 21 Dec 2006 16:50:42 EST Subject: Re: [LML] System level reliability X-Original-To: lml@lancaironline.net MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="-----------------------------1166737842" X-Mailer: 9.0 Security Edition for Windows sub 5358 X-Spam-Flag: NO -------------------------------1166737842 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Content-Language: en In a message dated 12/21/2006 1:44:38 A.M. Central Standard Time, =20 fredmoreno@optusnet.com.au writes: I originally ordered my engine with dual Lightspeed ignition systems and=20 designed my electrical supply system accordingly. I have since learned tha= t=20 Lightspeed no longer ships dual ignition systems, and only recommends a sin= gle=20 Lightspeed and a single magneto as backup. It was reported to me that the=20 problem was NOT the Lightspeed ignition systems, but rather the LACK of=20 reliability with experimental aircraft power systems. Apparently too many=20= forced=20 landings have occurred because of total electrical failures. Fred, =20 Well, I am ready to comment. =20 This morning I sent the following email to Klaus: <<<<<<<<<< =20 Klaus, =20 It was reported on the Lancair Mail List that Light Speed Engineering is no= =20 longer shipping/selling dual ignition systems and only recommends a single =20 system with a mag backup because of too many experimental aircraft's unreli= able=20 electrical systems. =20 I find this hard to believe. =20 Can you tell me if this is true? =20 Scott Krueger Lancair 320 N92EX, Dual Plasma III System with crank sensor, Essential bus =20 arrangement and backup battery for the primary ignition. 1st Place, 2006 Air Venture Cup Race Formula RG Red Division. 232.8 mph. 1st Place, 2006 Redmond 100 (Lancair factory), 320 Division and beat 6 of =20 the 7 360 powered Lancairs, 242 mph. >>>>>>>>>>>>>>>> His reply was just received: {{{{{{{{{{{{{{{{{ =20 Thanks for letting me know and also for your support on the List(s). I can'= t=20 monitor them and set things straight, that would be a full time job.=20 There was a concern for a while when we had a few sensor failures on the =20 Continentals used on Lancairs. The engine builder would set up the proper =20 clearance per our instructions, test run the engine and deliver it. The prou= d owner=20 would then install his own baffeling between the case and our mounting =20 bracket. This would reduce the clearance to the point that the sensors could= get =20 damaged.=20 We are now shipping all Direct Crank Sensor boards with the new "Skip plate= "=20 that will protect the sensors when there is interference. This makes the DC= S=20 board practically indestructible. Now that we have these components available, we are shipping single and dua= l=20 Plasma Systems on a daily basis. There never was an issue with the Lycoming=20= =20 engines. Please see the service bulletin on our web page also. Keep up the good work. Klaus Savier Light Speed Engineering P.O. Box 549 416 E. Santa Maria St. #15 Santa Paula, CA 93060 _klaus@lightspeedengineering.com_ (mailto:klaus@lightspeedengineering.com)=20 Tel: (805) 933-3299 Fax: (805) 525-0199 }}}}}}}}}}}}}}}}}}}}}}}}}} =20 The lack of reliability is sometimes in the reporting of problems, causes=20 and solutions. Here it was the failure of the builders to understand the T= CM=20 engine package that was bought and the importance of the sensor position. =20 =20 I have no problem with my dual LSE ignition by relying on the Essential Bus= =20 distribution system and a backup battery for 1/2 of the ignition system in=20 case there is some weird sort of unforeseen total electrical failure. That= is=20 also why the header tank is automatically maintained with at least 8 gallon= s=20 of fuel at all times as it is the single non selectable 100LL source for th= e =20 engine.=20 It would be interesting to know the causes of total electrical system=20 failures in experimental aircraft, but we shall probably never know. My gu= ess: a=20 combination of poor system architecture coupled with poor workmanship=20 standards on things like connectors, couplings, joints, wire chaffing prote= ction and =20 such. Is that because you already know the causes and consequences of TOTAL=20 electrical failures in STC SEL aircraft, like Cessnas? From my perspective= , they=20 are the same except that an experimental builder has the opportunity to do=20 better and often does. Elder* Cessna aircraft (I have some experience) use= =20 crappy components and connectors and are frequently full of architecture an= d=20 design shortcuts used to save MONEY, not lives. Of course, it would cost e= ven=20 more money to improve those faults that become known. It seems that the mo= st=20 frequent total electrical system loss in an old standard aircraft is usuall= y=20 because of alternator failure and complete battery depletion - not usually=20 seen in time by the pilot because there were no idiot lights like "ALT OUT= ". =20 Instead there has been reliance on scanning the ammeter (if present). =20 Everybody includes the obscurely placed ammeter in their 30 second scan, do= n't they?=20 =20 =20 *Elder aircraft =3D those produced before modern competition (like Cirrus,=20 Columbia, Diamond, etc.) began to appear. =20 The correct approach to system architecture has been demonstrated by the FA= A=20 approval of all-electric single engine night/IFR airplanes such as Columbia= .=20 I attach (which I have done before) the system architecture for the=20 Columbia from the pilot=E2=80=99s operating handbook. You can go to the=20 _www.fly-columbia.com_ (http://www.fly-columbia.com/) web site and downloa= d the POH, a PDF=20 document, for a cleaner copy. Sorry, I cannot trust that the FAA knows any better than an experimental =20 aircraft builder that actually built his/her airplane and studied available=20= =20 information on how-to-do-it. Uh, aircraft built for personal education and=20= =20 recreational use (I know I have read that phrase somewhere). Yes, the curr= ent FAA=20 requirements seem better - maybe they learned something from experimental=20 builders. I know Cessna has for their LSA entry. =20 I concur with most of your succeeding points - one should consider the =20 environment and mission of the plane and its systems when one is designing=20= in=20 safety and redundancy - to some reasonable level. One of the things the bu= ilder=20 cannot fix with hardware is the loss of life from serious lapses of=20 judgement, training and knowledge in the other single-point failure, the pi= lot.=20 =20 Thanks for the brain tickler, =20 Scott Krueger AKA Grayhawk Lancair N92EX IO320 SB 89/96 Aurora, IL (KARR) A man has got to know his limitations. =20 As noted elsewhere, the key to best reliability is redundancy and absence o= f=20 single point failures that by themselves can bring you to grief. =20 Common (and not so common) single point electrical failure sources can=20 include =20 * batteries, =20 * relays, =20 * circuit breakers, =20 * wire terminations, =20 * chaffed wires causing tripped circuit breakers, =20 * attachment nuts or screws coming off, =20 * vibration-induced mechanical failures of attachments and structures= ,=20 =20 * etc. =20 If the probability of a single point failure is one in one thousand per=20 flight hour (vacuum pumps are worse), the probability of two such independe= nt=20 failures occurring in the same hour is one in one million. Here we presume= the =20 failures are not linked. Linkage might include two alternators driven by=20= a=20 common belt, a lightning strike, failure of the crankshaft, etc. =20 My recollection is that FAR 23 requires a quantitative safety case to be=20 made that shows the probability of a failure or set of failures causing los= s of=20 aircraft is less than one in ten million. I presume that the Columbia=20 electrical system was able to satisfy this type of analytical scrutiny. Th= us the=20 architecture used offers us an excellent starting point to design our own=20 systems for maximum safety and reliability. =20 I tried to simplify Columbia diagram with the sketch attached. Please=20 forgive my lack of Autocad drafting skill. The sketch suggests a simplifie= d=20 architecture that builders might start with as a basis for their electrical= power=20 distribution systems. I would suggest that we kick it around a bit, and=20 then perhaps somebody with greater skills than mine can generate a clean dr= awing=20 that includes the collective wisdom gathered from multiple inputs. It coul= d=20 then be referred to in the community as a well-conceived starting point for= =20 electrical system design. =20 Some notes: Diode feed of avionics buss and essential buss provides=20 automatic supply of power in the event of a buss failure, but the pilot cou= ld remain=20 unaware of the bus failure because of this automatic operation. Therefore,= I=20 believe that an integral element must be pilot notification of a buss=20 failure via a low voltage alarm. =20 In my case, electrical system design started with the recommendations of Bo= b=20 Nuckolls=E2=80=99 in Aeroelectric Connection. I then revised it to incorpo= rate some=20 of the features of the Columbia system, modified to reflect limitations an= d=20 options on my own aircraft. =20 As an example, Columbia carries two large alternators. My IO-550 is=20 configured to carry one large alternator (70 amp) and one smaller B&C alter= nator (20=20 amps). So I use the big alternator on the A buss and connect the high=20 current stuff like hydraulic pump, landing lights and such, and put smaller= loads=20 on the B buss. If the A buss fails (alternator failure, for example) I kno= w=20 immediately to shed load to get the total system load under 20 amps to=20 prevent the excess being drawn from the B battery. During the load sheddin= g, I can=20 keep the airplane upright at night in IFR because the essential instruments= =20 remain operational throughout the event. For my airplane, this includes th= e=20 Chelton primary flight display, back up instruments (including RC Allen=20 electric attitude indicator) and their night lighting, and the single Light= speed=20 ignition system. =20 I would not treat a single buss failure as an emergency, but I would put th= e=20 airplane on the ground ASAP before another failure occurs. Going back to=20 the earlier example, if you are working with one in one thousand failure=20 rates, and one system dies, then the chances of the rest of the system dyin= g is=20 one in one thousand in the next flight hour, not one in one million. One i= n a=20 million applies to both systems failing (a total system failure) in the sam= e=20 flight hour. So when one system fails, you have used a good portion of you= r=20 nine lives already. Conserve those that are left. =20 Personally I think one in one thousand is lousy odds, so it is time to put=20 the airplane on the ground quickly when the odds have slid this far as woul= d=20 happen if one system fails. =20 As another adaptation, a lot of folks here are using Chelton flight=20 displays. When equipped with the Pinpoint GADAHRS and magnetic sensing uni= ts, you=20 will find that they are designed to permit dual independent power supplies=20= from=20 separate busses. So you can connect only one of these supply lines to the=20 essential buss (forgetting the other) or (preferably) connect each individu= al=20 supply line to each buss to get as close as possible to the electrical supp= ly=20 (battery and alternator). =20 With our complex and high performance experimental aircraft, I think it is=20 high time to propose some =E2=80=9Cexperimental standards=E2=80=9D for syst= em designs that=20 provide enhanced reliability. I would suggest that some attention to the=20 electrical system design and development of a =E2=80=9Crecommended electric= al architecture=E2=80=9D is a good place to start. =20 Your comments, please. =20 -------------------------------1166737842 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Content-Language: en
In a message dated 12/21/2006 1:44:38 A.M. Central Standard Time,=20 fredmoreno@optusnet.com.au writes:
<= FONT=20 style=3D"BACKGROUND-COLOR: transparent" face=3DArial color=3D#000000 size= =3D3>

I originally ordered my engi= ne=20 with dual Lightspeed ignition systems and designed my electrical supply sy= stem=20 accordingly.  I have since learned that Lightspeed no longer ships du= al=20 ignition systems, and only recommends a single Lightspeed and a single mag= neto=20 as backup.  It was reported to me that the problem was NOT the Lights= peed=20 ignition systems, but rather the LACK of reliability with experimental=20 aircraft power systems.  Apparently too many forced landi= ngs have=20 occurred because of total electrical=20 failures.

Fred,
 
Well, I am ready to comment.
 
This morning I sent the following email to Klaus:
<<<<<<<<<<
 =20
Klaus,
 
It was reported on the Lancair Mail List that Light Speed Engineer= ing=20 is no longer shipping/selling dual ignition systems and only recommends a si= ngle=20 system with a mag backup because of too many experimental aircraft's=20 unreliable electrical systems.
 
I find this hard to believe.
 
Can you tell me if this is true?
 
Scott Krueger
Lancair 320 N92EX, Dual Plasma III System with crank sensor, Essential=20= bus=20 arrangement and backup battery for the primary ignition.
1st Place, 2006 Air Venture Cup Race Formula RG Red Division. 232.8=20 mph.
1st Place, 2006 Redmond 100 (Lancair factory), 320 Division and beat 6=20= of=20 the 7 360 powered Lancairs, 242 mph.
>>>>>>>>>>>>>>>>
His reply was just received:
{{{{{{{{{{{{{{{{{
Thanks for letting me know and also for your support on the List(s). I=20 can't monitor them and set things straight, that would be a full time=20 job. 
There was a concern for a while when we had a few sensor failures on th= e=20 Continentals used on Lancairs. The engine builder would set up the proper=20 clearance per our instructions, test run the engine and deliver it. The prou= d=20 owner would then install his own baffeling between the case and our mounting= =20 bracket. This would reduce the clearance to the point that the sensors could= get=20 damaged. 
We are now shipping all Direct Crank Sensor boards with the new "Skip=20 plate" that will protect the sensors when there is interference. This makes=20= the=20 DCS board practically indestructible.
Now that we have these components available, we are shipping single and= =20 dual Plasma Systems on a daily basis. There never was an issue with the Lyco= ming=20 engines.
Please see the service bulletin on our web page also.

Keep up the good work.

Klaus Savier
Light Speed Engineering
P.O. Box 549
416 E. Santa Maria St. #15
Santa Paula, CA 93060
Tel: (805) 933-3299  Fax: (805) 525-0199
}}}}}}}}}}}}}}}}}}}}}}}}}}
 
The lack of reliability is sometimes in the reporting of=20 problems, causes and solutions.  Here it was the failure of the builder= s to=20 understand the TCM engine package that was bought and the importance of= the=20 sensor position. 
 
I have no problem with my dual LSE ignition by relying on th= e=20 Essential Bus distribution system and a backup battery for 1/2 of=20= the=20 ignition system in case there is some weird sort of unforeseen total=20 electrical failure.  That is also why the header tank is=20 automatically maintained with at least 8 gallons of fuel at all times a= s it=20 is the single non selectable 100LL source for the=20 engine. 

It would be interesting to k= now=20 the causes of total electrical system failures in experimental aircraft, b= ut=20 we shall probably never know.  My guess: a combination of poor system= =20 architecture coupled with poor workmanship standards on things like=20 connectors, couplings, joints, wire chaffing protection and=20 such.

Is that because you already know the causes and conseque= nces=20 of TOTAL electrical failures in STC SEL aircraft, like Cessnas?  F= rom=20 my perspective, they are the same except that an experimental builder has th= e=20 opportunity to do better and often does.  Elder* Cessna aircraft (I hav= e=20 some experience) use crappy components and connectors and are frequently=20 full of architecture and design shortcuts used to save MONEY, not=20 lives.  Of course, it would cost even more money to improve those fault= s=20 that become known.  It seems that the most frequent total=20 electrical system loss in an old standard aircraft is usually because o= f=20 alternator failure and complete battery depletion - not usually se= en=20 in time by the pilot because there were no idiot lights like "ALT=20 OUT".  Instead there has been reliance on scanning the ammeter=20 (if present).  Everybody includes the obscurely placed ammeter in=20 their 30 second scan, don't they? 
 
*Elder aircraft =3D those produced before modern=20 competition (like Cirrus, Columbia, Diamond, etc.) began to=20 appear.    

The correct approach to syst= em=20 architecture has been demonstrated by the FAA approval of all-electric sin= gle=20 engine night/IFR airplanes such as Columbia.  I att= ach (which=20 I have done before) the system architecture for the Columbia from the pilot=E2=80=99s operat= ing=20 handbook.  You can go to the www.fly-columbia.com web site an= d=20 download the POH, a PDF document, for a cleaner=20 copy.

Sorry, I cannot trust that the FAA knows any better than an experimenta= l=20 aircraft builder that actually built his/her airplane and studied available=20 information on how-to-do-it.  Uh, aircraft built for personal education= and=20 recreational use (I know I have read that phrase somewhere).  Yes, the=20 current FAA requirements seem better - maybe they learned something from=20 experimental builders.  I know Cessna has for their LSA entry.
 
I concur with most of your succeeding points - one should consider= the=20 environment and mission of the plane and its systems when one is=20 designing in safety and redundancy - to some reasonable=20 level.  One of the things the builder cannot fix with hardware&nbs= p;is=20 the loss of life from serious lapses of judgement, training and=20 knowledge in the other single-point failure, the pilot. 
 
Thanks for the brain tickler,
 
Scott Krueger=20 AKA Grayhawk
Lancair N92EX IO320 SB 89/96
Aurora, IL (KARR)

A m= an=20 has got to know his limitations.
 
 
As noted elsewhere, the key to= best=20 reliability is redundancy and absence of single point failures tha= t by=20 themselves can bring you to grief. 

Common (and not so common) s= ingle=20 point electrical failure sources can include

  • batteries,
  • relays,
  • circuit breakers, <= /FONT>
  • wire terminations,=20
  • chaffed wires causing trip= ped=20 circuit breakers,
  • attachment nuts or screws=20= coming=20 off,
  • vibration-induced mechanic= al=20 failures of attachments and structures,
  • etc. &n= bsp;

 If the probability of=20= a=20 single point failure is one in one thousand per flight hour (vacuum pumps=20= are=20 worse), the probability of two such independent failures occurring=20 in the same hour is one in one million.  Here we presume the=20 failures are not linked.   Linkage might include two=20 alternators driven by a common belt, a lightning strike, failure of the=20 crankshaft, etc.  

My recollection is that FAR=20= 23=20 requires a quantitative safety case to be made that shows the probability=20= of a=20 failure or set of failures causing loss of aircraft is less than one in te= n=20 million.  I presume that the Columbia electrical s= ystem was=20 able to satisfy this type of analytical scrutiny.  Thus the architect= ure=20 used offers us an excellent starting point to design our own systems for=20 maximum safety and reliability. 

I tried to simplify=20 Columbia diagram with the sketch attache= d. =20 Please forgive my lack of Autocad drafting skill.  The sketch suggest= s a=20 simplified architecture that builders might start with as a basis for thei= r=20 electrical power distribution systems.  I would suggest that we kick=20= it=20 around a bit, and then perhaps somebody with greater skills than mine can=20 generate a clean drawing that includes the collective wisdom gathered from= =20 multiple inputs.  It could then be referred to in the community as a=20 well-conceived starting point for electrical system=20 design. 

Some notes: Diode feed of av= ionics=20 buss and essential buss provides automatic supply of power in the event of= a=20 buss failure, but the pilot could remain unaware of the bus failure becaus= e of=20 this automatic operation.  Therefore, I believe that an integral elem= ent=20 must be pilot notification of a buss failure via a low voltage=20 alarm.  

In my case, electrical syste= m=20 design started with the recommendations of Bob Nuckolls=E2=80=99 in Aeroel= ectric=20 Connection.  I then revised it to incorporate some of the features of= the=20 Columbia system, modified to reflect lim= itations=20 and options on my own aircraft.   

As an example, Columbia carries two large alternators.&= nbsp; My=20 IO-550 is configured to carry one large alternator (70 amp) and one smalle= r=20 B&C alternator (20 amps).  So I use the big alternator on the A b= uss=20 and connect the high current stuff like hydraulic pump, landing lights and= =20 such, and put smaller loads on the B buss.  If the A buss fails=20 (alternator failure, for example) I know immediately to shed load to get t= he=20 total system load under 20 amps to prevent the excess being drawn from the= B=20 battery.  During the load shedding, I can keep the airplane upright a= t=20 night in IFR because the essential instruments remain operational througho= ut=20 the event.  For my airplane, this includes the Chelton primary flight= =20 display, back up instruments (including RC Allen electric attitude indicat= or)=20 and their night lighting, and the single Lightspeed ignition=20 system.   

I would not treat a single b= uss=20 failure as an emergency, but I would put the airplane on the ground ASAP=20 before another failure occurs.   Going back to the earlier examp= le,=20 if you are working with one in one thousand failure rates, and one system=20 dies, then the chances of the rest of the system dying is one in on= e=20 thousand in the next flight hour, not one in one million.  One= in=20 a million applies to both systems failing (a total system failure)=20= in=20 the same flight hour.  So when one system fails, you have used= a=20 good portion of your nine lives already.  Conserve those that are=20 left.   

Personally I think one in on= e=20 thousand is lousy odds, so it is time to put the airplane on the ground=20 quickly when the odds have slid this far as would happen if one system=20 fails. 

As another adaptation, a lot= of=20 folks here are using Chelton flight displays.  When equipped with the= =20 Pinpoint GADAHRS and magnetic sensing units, you will find that they are=20 designed to permit dual independent power supplies from separate busses.=20  So you can connect only one of these supply lines to the essential b= uss=20 (forgetting the other) or (preferably) connect each individual supply line= to=20 each buss to get as close as possible to the electrical supply (battery an= d=20 alternator). 

With our complex and high=20 performance experimental aircraft, I think it is high time to propose some= =20 =E2=80=9Cexperimental standards=E2=80=9D for system designs that provide e= nhanced=20 reliability.  I would suggest that some attention to the electrical=20 system design and development of a =E2=80=9Crecommended electrical archite= cture=E2=80=9D is a=20 good place to start.  

Your comments, please.=20

 
-------------------------------1166737842--