X-Virus-Scanned: clean according to Sophos on Logan.com
Return-Path: <marv@lancaironline.net>
Sender: <marv@lancaironline.net>
To: lml@lancaironline.net
Date: Fri, 24 Aug 2007 16:52:50 -0400
Message-ID: <redirect-2283063@logan.com>
X-Original-Return-Path: <hwasti@lm50.com>
Received: from jrcda.com ([206.130.116.53] verified)
  by logan.com (CommuniGate Pro SMTP 5.1.11)
  with ESMTP id 2281771 for lml@lancaironline.net; Fri, 24 Aug 2007 03:13:55 -0400
Received-SPF: none
 receiver=logan.com; client-ip=206.130.116.53; envelope-from=hwasti@lm50.com
Received: from [192.168.1.101] (cbl-238-61.conceptcable.com [207.170.238.61] (may be forged))
	(authenticated bits=0)
	by jrcda.com (8.12.11.20060308/8.12.11) with ESMTP id l7O7DGbc013671
	for <lml@lancaironline.net>; Fri, 24 Aug 2007 01:13:17 -0600
X-Original-Message-ID: <46CE8505.4030701@lm50.com>
X-Original-Date: Fri, 24 Aug 2007 00:13:09 -0700
From: Hamid Wasti <hwasti@lm50.com>
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
X-Original-To: Lancair Mailing List <lml@lancaironline.net>
Subject: Re: [LML] fallibility in the digital age
References: <list-2281340@logan.com>
In-Reply-To: <list-2281340@logan.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

Steve Colwell wrote:
> I assumed (dangerous word) the dual B&C Voltage Regulators with Crowbar
> Overvoltage Protection would protect my backup TruTrak ADI with its own
> back-up battery and the Garmin 396 also hooked to ships power.  How likely
> is overvoltage protection to fail?  By the way, I really appreciate the
> Professional Input on LML as one who has little knowledge of technical
> issues. 
>   
You are right, rather than assuming it is better to look at hard data 
and engineering analysis. One way to do that is to turn to people with 
appropriate backgrounds who have already done that and published their 
findings. RTCA (http://www.rtca.org) has done engineering analysis as 
well as analyzed real word data to come up with the DO-160 spec. This 
specification has been evolved over the years and currently stands at rev E.

Section 16 of DO-160E, titled "Power Input," talks about the types of 
abnormal voltages that a device can encounter on various aircraft 
electrical system. "Category B" of this section most closely resembles 
most certified and experimental aircrafts: DC system supplied by an 
engine driven alternator/generator where a battery of significant 
capacity is floating on the bus at all times (paraphrased).

Section 16.6.2.4.d specifies that a device to be certified for use in a 
28V system should be able to handle a momentary surge of 60V for 0.1 
second and 40V for 1.0 second.  A device being certified for use in a 
14V system has to survive half the voltages for the same duration.

The way I read the big picture is that RTCA has determined that these 
are the worst cases voltage levels that a device connected to the 
described aircraft electrical system is likely to encounter due to an 
abnormal condition in the power system. Can your particular B&C 
regulator with crowbar over-voltage protection limit the worst case 
transients to a lower voltage? Maybe, maybe not. How much engineering 
resources are you willing to commit to do a thorough failure analysis to 
get a definitive answer that you will be willing to bet your life on?

I do not know how TruTrack or Garmin or any other company has designed 
their power input, so I can only ask pointed questions without providing 
any answers.  It is possible that the input will handle such voltages, 
either by design or by luck (most things can survive beyond their specs 
most of the time). If the voltages do lead to a failure, what will 
likely fail? What will the failure mode be and how far down the path 
will the destructive voltage travel before a device fails in such a way 
that the voltage is not passed on to the next stage? Will that kind of a 
failure happen before or after the point in the power path where the 
internal battery jumps in? Will this cascade failure take out the 
battery charging circuit and the battery pack itself? I do not know the 
answer to those questions and unless a qualified engineer at the 
manufacturer has sat down and analyzed all of this, nor does the 
manufacturer. The marketing person's stock answer of "We have a great 
product and you do not have to worry about it" does not carry much weight.

However, all that said, your alternator going nuts and putting out 60V 
for 0.1 seconds is not the worst thing you need to worry about. Section 
22 of DO-160E, titled "Lighting Induced Transient Susceptibility" talks 
about the types of voltage and current surges that power and I/O cables 
can encounter as a result of a lightning discharge in the vicinity of 
the aircraft (we are not talking a direct hit here). Once again, devices 
are categorized based on where they are located, the type of airframe 
(metal or composite) and how critical the device is. The lowest test 
levels start at 100V or 4A (whichever limit happens first) for a 
duration of approximately 150 microseconds and goes up to 1,600V and 
5,000A for a duration of close to 1,000 microseconds (the times are 
square wave approximations of asymmetric double exponential waveforms). 
Typical TSO'd panel mount devices are designed to handle level "A3" 
which calls for a 6/69 waveform to 300V or 60A, whichever is reached 
first. The "6/69" means that the waveform has a 6 microseconds rise to 
maximum voltage/current followed by an exponential decay with a half 
life of 69 microseconds.

Regards,

Hamid