Good morning all, I enjoyed reading all the excellent stories, failure event descriptions, arguments of pros & cons and thoughts (from John, Chris and Luis etc.) pertaining the debate of safety on dual mags, dual E-ignition or one meg plus one E-ignition redundant aircraft engine systems.... Well, I am glad to see this discussion actually got us into a classical technical debate on pros & cons in safety between conventional engineering vs digital engineering, which has been going on for several decades across all the so called "high integrity and high reliability" industries, such as nuclear, aerospace, chemical and medical ....A famous topic debate on this issue in the aerospace or aviation industry for example is the debate on "flying by wire"!! Frankly, I am on the camp of opposing the concept of "flying by wire" within the safety/reliability & risk assessment academic community, and this is simply because the folks who have been advocating the concept of "flying by wire" are the "extremist" in engineering design... For the same reason, I am a none believer of a truly autonomous and safe unmanned cars & trucks or ground-based transportation system based on AI technology due to theoretically obstacles or limitations in coding highly reliable and safe software packages based on human brains. The chilling fact is that over 75% catastrophic accidents from all high-integrity industries were contributed by software and human errors combined! Guess what, the single most "unreliable component" in our man-machine systems (such as aviation) is the human brain itself!
Obviously, my views on this topic is taking a balance between the two approaches and avoid going for both extreme ends of the argument! In other words, I believe an one mag (mechanical) plus one E-ignition redundancy makes a lot of sense in risk reduction based on theorems & reliability engineering principles. I understand what's in the mind of Luis on dual "independent e-ignition" component and DC power channels... The issue here is that the two e-ignition channels are not truly independent as you would believed! Yes, it looks independent in a physical sense but it is inherently connected or identical due to the design and manufacturing processes! Although I have not done a model based risk assessment myself to compare the trade-offs in risk & reliability of these two ignition configurations, but I am confident (based on expert judgement) that a meg plus e-ignition configuration would highly likely to be the winner in terms of safety risk concerns... I am sure other people in the aviation industry have done a rigorous model based risk assignment comparison on this matter. Just to offer some food for thoughts for folks here who might be interested in this topic debate...! Best of luck! Dr. Hsu On Fri, Jul 8, 2022, 8:07 AM Luis Claudio via KRnet <krnet@list.krnet.org> wrote: > I think these discussions are healthy and welcoming. I read them and go > "hmmm" then I make my own decisions. I have been flying since 1966 when I > took my first ride as a civil air patrol cadet in High School in a PA-22 > 108HP. As a student at Embry-Riddle, I was an understudy of Dr. Richie > (RIP) a true pioneer in failure analysis (FMEA) of everything > aviation-related. I understand failure modes, and most importantly how to > mitigate the risk for each independent system or collectively (through risk > priority number= severity x occurrence x detection...) I am also very > familiar with E-Mags and other electronic ignitions which is why after > careful consideration I chose a dual SDS ignition system. It wasn't by > "gosh or by golly" that I arrived at my conclusion. Considering that my > initial choice of ignition system was a Dual Bendix D3000 mag with a single > failure mode (the main coupling), I asked what else is out there... and > here is what I considered > > 1. A dual mag setup such as the aforementioned dual mag - Four points, > four capacitors, one coupling = Total 5 points of failure minimum > 2. An independent mag with an electronic ignition driven by the timing > gears - Minimum of four points of failure (points, capacitor, two couplings) > 3. An "E-Mag like" with an electronic ignition driven by the timing gears > - Engine couplings = two points of failure (minimum) > 4. Two independent electronic ignitions with no mechanical moving parts - > dual independent battery backups - Component failure > 5. Just screw it and go sailing... > > My most predictable component failure is the spark plugs. So moving > forward I then wrote a proactive maintenance schedule in my POH and > annotated it in my conditional inspection form to reduce the risk of > component failure. Additionally, during my selection process, I > prioritized the failure modes of each system, mechanical and electronic... > from highest RPN to lowest RPN noting that it’s worth emphasizing that it’s > nearly impossible to address every potential failure. Instead, I focused on > addressing the potential failures that would most jeopardize the safe > outcome of my flights and I chose from analysis and not from bells and > whistles... just my rambling thoughts here trying to justify that $50K I > spent on getting educated at Embry-Riddle back in the day... keep building > > Luis R Claudio, KR2S N8981S > On Friday, July 8, 2022 at 06:23:13 AM CDT, victor taylor via KRnet < > krnet@list.krnet.org> wrote: > > > To answer Chris yes I do have a flying KR2 with a single electronic > ignition though I was actually talking to Dan Diehl yesterday about adding > a magneto for a backup. > I do contract work for Velocity Aircraft as a pilot. We love electronic > ignitions and put them on every airplane. They are the way to go and in the > past have gone 100% electronic ignition but over time have had enough > failures that we went back to having one mag. I also test fly new airplanes > for M-Square who builds the Zenith CH-750 SLSA. I actually have had two > electronic ignition failures with brand new aircraft there in the last > couple of years. M-Square is still committed to 100% electronic at this > point. Just to be clear I’m not knocking electronic ignitions nor their > reliability. If you have dual electronic ignitions though you likely are > relying on the same electrical system to run both systems. Up until four > months ago I had never had a magneto failure in my 40 years of flying but > recently I lost a magneto while ferrying a Grumman AA1A. Fortunately the > other one got me to the nearest airport where a safe landing was made. > There is a reason why aircraft manufacturers such as Velocity have reversed > their positions on going 100% electronic. And that reason is failures in > the past and accidents such as the one in Kissimmee. > When Teladyne Continental first built their full FADEC engine system it > kept experiencing total ignition failures in flight. After over a year of > flight testing with multiple in flight failures yet not a single one in the > test cell they finally got to the bottom of it. The problems was found to > be the frequency that the US government uses to communicate with submarines > was interfering with the FADAC system. The fix was simple by shielding the > system. > One of the functions of this group is to make the KR’s safer. That’s done > by discussions and experience. Mostly bad experiences and I’ve personally > had those bad experiences as a professional test pilot. All of us in this > group look at canopy latches a little closer today than we did a year ago. > Controls have gotten balanced, fifth bearings have been added to engines, > fuel tanks are being moved to the wings etc. You would think that over the > years we’ve fixed every possible failure point. Have we? > It’s our duty in this group to be devils advocate at times and to point > out past failures of similar systems. > > Victor > > > On Jul 8, 2022, at 00:24, John Gotschall via KRnet <krnet@list.krnet.org> > wrote: > > > > > > Hi all, > > > > Quite a bit of commentary about risk, system failure etc. > > > > So I am convinced everything will fail sooner than later. I make my > living on failing machines, so I may appear a pessimist about machines, or > an optimist about future employment fixing them. On the upside there is so > much failed stuff I get paid more than just several times every day since > 1988 to set those broken machines straight. > > > > I find it particularly interesting to see the failures that come in > groups or waves. I experienced such an odd failure scenerio in aviation > recently. > > > > I bought an experimental flying boat, a volmer home built, OMG, what a > pretty unit! And a blast to fly! A cub can't touch a volmer for fun. > Sadly I broke that and am still working to fix it. > > > > Anyway there is an annual seaplane fly in at NW Idaho, and I and a > friend went in the volmer. What a blast! the mountain crossing, middle of > nowhere overnight camping, etc. However the alternator quit near Idaho and > we made our way there and home by never turning on the battery switch the > whole time, except to run the starter motor, and then to cross under the > Seattle class B. Needed adsb working for that. > > > > I found the High current alternator output wire had failed by vibration > fatigue and had simply broken off that big alternator output post. Simple > to fix, and I replaced the entire wire with welding cable, better for > vibration. No big deal. > > > > Then I broke the Volmer (another story), and needed another flying boat > so bought a lake LA-4. We found it in Arkansas and flew it home to the > Seattle area. > > > > The same seaplane fly in came up in Idaho this year, and we went again > this time in the lake. A complete blast for all the same reasons, but on > the way home the alternator quit outputting current! This time the plane > has heavy electrical laods that quickly consumed and flattened the battery > in short order (less than 40 minutes) on the final leg home. instead of > panic we just turned west to get out from under the class B, shut all the > electrical off and used the hand hydraulic backup pump to operate the gear > and flaps. Made the uneventful landing at home in the backyard and went > digging for the fault. > > > > Dang if it wasn't the SAME DAMN WIRE that broke in the Volmer! On the > second occurrence of the same trip. Except this time the wire pulled out of > a bad crimp rather than broke off. Pulled out of a bad crimp on a > certified factory built plane. hmmm. > > > > Well, both the Volmer and the Lake are dual mag lycomings. An o290 and > o360. > > > > So I will say mags are a great choice, from experience. In both cases > mags brought us all the way home. My kr has one mag and one electric > ignition. It'll probably make it home without an electrical system. > > > > cheers! > > > > > > jg > > > > > > > > -- > > KRnet mailing list > > KRnet@list.krnet.org > > https://list.krnet.org/mailman/listinfo/krnet > > > -- > KRnet mailing list > KRnet@list.krnet.org > https://list.krnet.org/mailman/listinfo/krnet > -- > KRnet mailing list > KRnet@list.krnet.org > https://list.krnet.org/mailman/listinfo/krnet >
-- KRnet mailing list KRnet@list.krnet.org https://list.krnet.org/mailman/listinfo/krnet
