Thread: Ack! My ACK!
View Single Post
  #6  
Old July 10th 03, 04:14 AM
Gerry Caron
external usenet poster
  
Posts: n/a
Default

"A@AA" wrote in message
...
Jim, assuming that the ELT does act as he believes it does - that it
alarms when
a secondary battery dies, and that happens shy of it's stated service
life - I'd
think that was bad.

That's one helluvan assumption. Is 3 years in use shy of it's stated
service life? What is the stated service life? Did it alarm because the
battery died or was there a short in the remote that drained the battery and
triggered the ELT? If there was a short, was it internal to the battery
(random failure), caused by a cold solder joint (workmanship),
water/moisture intrusion or excessive vibration from a poorly located mount
(bad installation), or a large current induced into the connecting cable
(secondary effect)?

There are lots of possible failure modes and results. Until you've analyzed
the failure and determined the root cause, you can draw no conclusions
regarding the design or anything else.

As for being bad, maybe not. What does the System Safety Analysis say?
Which is worse; a latent failure where it doesn't work when you need it or a
false alarm? At least with the false alarm you are alerted to the fact it's
not working. You do monitor guard, don't you?

If you can't call it a design flaw, what do you call it? A Bad Thing(tm)?

Maybe, or possibly a Feature? ;-) It could be that way because it's the
safest failure mode. Or maybe the company (and their lawyers) wanted it
that way. Much more likely to be sued if it fails to work after a crash
than if it false alarms. Then again, it could be a very unlikely random
failure mode.

And don't try to argue that random failures are design flaws. Take a course
in reliability engineering. If you're bored, read MIL-HDBK-17.

I agree, he should contact the manufacturer before coming to an open forum
and
posting stuff like this, it may be a completely different situation than
what
he's describing.

He absolutely should. The holder of a TSOA is legally bound to investigate
reported failures of their product. (note the key word "reported.") If
they find a design flaw that compromises flight safety, they must report it
to the FAA within 24 hours. They'll probably argue with the FAA over the
corrective action, but they will report it. If they don't report it, they
risk having their TSOA pulled and their business shut down. Even minor
issues can result in SILs or SDRs, which exist to improve the product and
safety so it pays to report it.

But it might be *exactly* as he's describing, and I don't
think his lack of an EE degree means he can't reasonably comment that a
product's designed in failure mode is awfuly unwise.

True, it might be exactly as described, but I'm with Jim on this one. I
don't think that even with an EE degree he can reasonably comment on the
design. Only someone who has specific knowledge of the design and can
evaluate all the data surrounding the failure can make a reasonable comment.

In 26 years in aerospace, I've learned a few things. One of the big ones is
to not publicly speculate on a failure--you're probably wrong and will only
make a fool of yourself. Get the data, analyze it, verify cause and effect,
and only then make your statement.

Gerry