Mailing List lml@lancaironline.net Message #59201
From: Frederick Moreno <frederickmoreno@bigpond.com>
Sender: <marv@lancaironline.net>
Subject: Fw: Re: Re-doing my panel - carefully thinking through failures
Date: Thu, 04 Aug 2011 09:30:44 -0400
To: <lml@lancaironline.net>
 Message Header

Undecoded Message
 
Brent has written much on this topic including "In my "Glazed and Confused" presentation on "Glass Cockpits" I say that flying an aircraft with a non-certified, non TSO'ed glass standby (Dynon et al) is like jumping out of an airplane with only your main parachute and your standby plan is the fact you are wearing real soft socks."
 
I concur. 
 
When I was young and stupid (not long ago) I had thoughts of long overwater (think trans-Pacific) flights.  I also have experience with failure modes assessment analysis (FMEA) which frequently shows up failure modes easily over looked.  After reviewing various electrical and instrument configurations I arrived at a system design which is shown in simplified form in the attached sketch.  It consists of two alternators, two batteries, four busses, and a lot of opportunities for cross tie.  I use dual Chelton screens, with PFD off the essential buss (many sources of power), the MFD off of the avionics bus (which has many sources of power), and back up electric attitude  indicator (on essential buss), turn and bank (essential buss) and air speed and altitude indicators.
 
You show me the failure and I can show you the automated or manual work around.  And critical stuff is all double protected with circuit breakers and surge arresters (not shown).
 
But even this diagram is not as safe as it could be.  What about something simple like: a battery relay decides to go flotch?  (One already has done so.)  That causes a main bus to go south forcing you to a cross tie solution, not ideal.  So not shown are by-pass switches and fuses around the relay solenoids I added "just in case" to provide redundancy on all supply routes.
 
 I have a mechanical and electrical fuel pump.  And I have an electronic ignition and a magneto.
 
Two of everything, independent power modes, independent pathways, cross connects, multiple layers of electrical spike and surge protection and independent and different principles of gyroscopic display and  electrical power supply.  Now one begins to achieve realistically (and defensible) high levels of reliability.  
 
If I could only achieve the same with the pilot.
 
Fred Moreno
 


 
 
Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster