Automation software/hardware

[JohnW2]

Same as a totally safe machine John, an ideal to which one can aspire.

Exactly. but BAS said that one "does not design" systems which do not achieve that (unachievable) aspirational goal - which is clearly nonsense. One obviously designs to get as close as one can to the ideal, rather than 'refuse to design' because the ideal is unattainable! As I said, Black & White!

Kind Regards, John

 

[ban-all-sheds]

You seem to live in an incredibly 'black and white' world ... and seemingly also somehow sheltered from the realities of what actually goes on in the world. Exactly what is a 'totally secure system'?

And you seem to have lost the ability to read and comprehend English.

Just where did I use the term "totally secure system"?

 

[ban-all-sheds]

You seem to live in an incredibly 'black and white' world

You say that like it's news BAS has always (well as long as I've known him in here) lived in a black and white world where he's right and anyone disagreeing with him is wrong.

Surely it is self-evident that if I am right, people who disagree must be wrong.

 

[SimonH2]

Just where did I use the term "totally secure system"?

All in all, I'd suggest the risks are no more than relying on a bored and inattentive operator to notice something is wrong and stop the pump (say if a pipe burst of became uncoupled).

Doesn't matter.

You do not design insecure systems. End of.

A system is either secure or it isn't, if it isn't completely devoid of security risks/vulnerabilities then it isn't secure.

There is only one meaning that a sensible person with a good grasp of the English language can draw from your statement. You do not accept that one should build a system with any security risk <End of>. So either it has no security risk whatsoever, or you do not design it <End of>.

A system without any security risks is what most people would call "totally secure".

No doubt "BAS's English Dictionary" has different meanings


For the rest of us, we work on the basis of "secure enough for the requirements of the application, having taken account of the risks". At one extreme we have things like wireless doorbells - totally insecure since there is no coding at all to prevent one pushbutton triggering any bell (at least from the same manufacturer). There's no safety of life issue (in almost all cases), just a nuisance factor if your doorbell goes off any time someone visits two doors down the street.
That's an insecure system - are you suggesting it's wrong to design such a system ?

At the other extreme, if it was something where safety of life or risk of serious damage/pollution comes into it, then I'd not consider a radio system (even with coding) if a hardwired system was practical. The application in question isn't one of those systems, and knowing the environment it works in, a hardwired system would not be practical or reliable anyway.

 

[SimonH2]

You say that like it's news BAS has always (well as long as I've known him in here) lived in a black and white world where he's right and anyone disagreeing with him is wrong.

Surely it is self-evident that if I am right, people who disagree must be wrong.

Ha ha, it's unlike you to use the phrase "if I am right"

 

[ban-all-sheds]

There is no such thing as a 100% secure system, or 100% safe system.

There's no such thing as 100% fitness, 100% healthiness either, but somehow I doubt you go around complaining when you see advice to adopt a fit and healthy lifestyle, or see someone described as 'fit' or 'healthy', do you.

If I say that car manufacturers should not design unsafe vehicles, would you criticise that?

 

[JohnW2]

If I say that car manufacturers should not design unsafe vehicles, would you criticise that?

No, I wouldn't criticise, but I would point out that the statement is meaningless unless you define what degree of 'unsafeness' you would categorise as 'unsafe' - since, as you agree, "100% safe" is unattainable. Without such a definition, it's just a sloppy statement.

Kind Regards, John

 

[stillp]

Safe, in the context of control systems, means that the probability of failure has been reduced to a tolerable level. There are plenty of protocols that can be used, and there are standards that describe how to evaluate such systems.

 

[ban-all-sheds]

If I say that car manufacturers should not design unsafe vehicles, would you criticise that?

No, I wouldn't criticise, but I would point out that the statement is meaningless unless you define what degree of 'unsafeness' you would categorise as 'unsafe' - since, as you agree, "100% safe" is unattainable. Without such a definition, it's just a sloppy statement.

Yes of course, how silly of me.

I imagine they would say that, as sold, the product as a whole (including a moulded plug) was 'intrinsically safe', and that they had (assuming they had!) supplied the product with a warning that it might become unsafe (or be damaged) if the plug were removed.

I don't think that there is any legal basis for an electrician 'locking off' an installation if (s)he considers it to be unsafe

does that necessarily mean that, in service (rather than in terms of passing the test), 14.5A for an hour would be unacceptable or 'unsafe'?

(A few out of a great many, BTW).

 

[Simon35]

Just where did I use the term "totally secure system"?

All in all, I'd suggest the risks are no more than relying on a bored and inattentive operator to notice something is wrong and stop the pump (say if a pipe burst of became uncoupled).

Doesn't matter.

You do not design insecure systems. End of.

A system is either secure or it isn't, if it isn't completely devoid of security risks/vulnerabilities then it isn't secure.

There is only one meaning that a sensible person with a good grasp of the English language can draw from your statement. You do not accept that one should build a system with any security risk <End of>. So either it has no security risk whatsoever, or you do not design it <End of>.

A system without any security risks is what most people would call "totally secure".

No doubt "BAS's English Dictionary" has different meanings


For the rest of us, we work on the basis of "secure enough for the requirements of the application, having taken account of the risks". At one extreme we have things like wireless doorbells - totally insecure since there is no coding at all to prevent one pushbutton triggering any bell (at least from the same manufacturer). There's no safety of life issue (in almost all cases), just a nuisance factor if your doorbell goes off any time someone visits two doors down the street.
That's an insecure system - are you suggesting it's wrong to design such a system ?

At the other extreme, if it was something where safety of life or risk of serious damage/pollution comes into it, then I'd not consider a radio system (even with coding) if a hardwired system was practical. The application in question isn't one of those systems, and knowing the environment it works in, a hardwired system would not be practical or reliable anyway.

How reliable is your wireless system, in the event that it's required to stop the pump to prevent injury?

Can you quantify that reliability, with a number?

 

[SimonH2]

How reliable is your wireless system, in the event that it's required to stop the pump to prevent injury?

Can you quantify that reliability, with a number?

How reliable is the bored operator, reading the paper or on farcebook on his phone, in the event it's required to stop the pump to prevent injury ? Can you quantify that reliability with a number ?
No ? Thought not.

And, can you cite reasonable events where stopping the pump is required to avoid injury ? Do you know what the system actually is that's being discussed ?

 

[bernardgreen]

How reliable is your wireless system, in the event that it's required to stop the pump to prevent injury?

The radio can be very un-reliable without creating any hazard of injury. If the wireless fails then the "keep pumping" signals will not be received and the pump will stop after the time out period. This could be as short as 5 seconds if spilt slurry is a problem.

There is no way to ensure injury is 100% impossible. The operator at the end of the pipe could be looking into the end of the pipe while dialling the start pumping command. Preventing that is training and the use of common sense.

NOTE the start command requires the operator to set a switch to ON and then dial 3 or 4 digits and is not a single button The keep pumping commands can be auto generated as long as the switch is ON. The stop command ( immediate stop ) would be generated when the switch was turned OFF or when a single button was pressed.

 

[Simon35]

How reliable is your wireless system, in the event that it's required to stop the pump to prevent injury?

Can you quantify that reliability, with a number?

How reliable is the bored operator, reading the paper or on farcebook on his phone, in the event it's required to stop the pump to prevent injury ? Can you quantify that reliability with a number ?
No ? Thought not.

And, can you cite reasonable events where stopping the pump is required to avoid injury ? Do you know what the system actually is that's being discussed ?

No need to quantify with a number, in fact there is no need to do anything unless you have decided that you want a control system involved in running this pump. At which point it needs to be done correctly.

The process/system being discussed would be examined by looking at the risks, and reducing those risks by other means such as changing working practices, fixed guarding, before electrical safety controls were considered. If the risk is reduced to an acceptable level by having somebody on the end of a phone, then no need to design any safety electrical controls.

If, on the other hand, there is a need to reduce risk by means of safety electrical controls, then the process is clearly defined in the relevant standards. Those standards are based on the reliability of the system. If you don't adhere to those standards, or the electrician who is considering doing this work doesn't adhere to those standards then you are leaving yourself wide open to prosecution in the event of an accident.

 

[Simon35]

How reliable is your wireless system, in the event that it's required to stop the pump to prevent injury?

The radio can be very un-reliable without creating any hazard of injury. If the wireless fails then the "keep pumping" signals will not be received and the pump will stop after the time out period. This could be as short as 5 seconds if spilt slurry is a problem.

There is no way to ensure injury is 100% impossible. The operator at the end of the pipe could be looking into the end of the pipe while dialling the start pumping command. Preventing that is training and the use of common sense.

NOTE the start command requires the operator to set a switch to ON and then dial 3 or 4 digits and is not a single button The keep pumping commands can be auto generated as long as the switch is ON. The stop command ( immediate stop ) would be generated when the switch was turned OFF or when a single button was pressed.

What if your transmitter electronics fails such that it keeps sending the signal to keep pumping, because it ignores the OFF switch or any other button you press?

What if the receiver electronics fails such that it holds the pump run output high, regardless of not receiving anything from the transmitter.

What's the reliability of your system? I know it's not 100%, no safety related controls are sold as 100% reliable, and don't need to be. What you need to show is that they are reliable enough in relation to the risks, and the manufacturers of off-the-shelf kit can show that if used as per specification, then it meets the required reliability.

ISO 13849-1 or EN 62061 are the applicable standards.

 

[SimonH2]

How reliable is the bored operator, reading the paper or on farcebook on his phone, in the event it's required to stop the pump to prevent injury ? Can you quantify that reliability with a number ?
No ? Thought not.

And, can you cite reasonable events where stopping the pump is required to avoid injury ? Do you know what the system actually is that's being discussed ?

No need to quantify with a number, in fact there is no need to do anything unless you have decided that you want a control system involved in running this pump. At which point it needs to be done correctly.

You really are a glass empty person aren't you !
You criticise anyone for considering a system without all those numbers, but you refuse to accept that there is already a system in place without those numbers. A system which is far from reliable or failsafe.

What if your transmitter electronics fails such that it keeps sending the signal to keep pumping, because it ignores the OFF switch or any other button you press?

What if the receiver electronics fails such that it holds the pump run output high, regardless of not receiving anything from the transmitter.

What if the hydraulic valve sticks and won't stop the pump ? What if the governor on the tractor fails and the pump runs faster ? What if ... ? What if ... ? What if the governor fails, the hydraulic valve sticks, and the stop solenoid on the tractor all fail at once ?

What's the reliability of your system? I know it's not 100%, no safety related controls are sold as 100% reliable, and don't need to be. What you need to show is that they are reliable enough in relation to the risks ...

Precisely, and I believe we've shown that compared to the manual system it no worse.
What if the operator falls asleep ? What if he goes for a "call of nature" ? What if he's just watching something else and misses a visual signal ?
As you should be aware, a manual system is very error prone - which is why manual systems are reduced or eliminated wherever practical.

Even if you went for a wired system, what are the risks there ? How would YOU wire such a system ? Would you wire an E-stop style NC circuit where the pump stops if the circuit is OC ? Would you wire it to require 3 wires, one OC, one NC, anything else is an error ? How would you deal with the inevitable electrical faults that result in the operator stripping the cable back and twisting the wires together ? How would you deal with failure of the electronics ? One thing I am certain of, is that a cabled system WOULD fail in the field (pun only partially intended) - it's a harsh environment out there. Without putting any figures on it, I'd put my money on a radio system (even using public frequencies like PMR446 or CB) being far far more reliable than a wired system.

But, as I've hinted at above, it's clear that you are treating this as "some random mechanical system" without any understanding of what it is, how it's used, or what the risks actually are - actually looking back, you'd hinted at it ("I don't know what pressure" - hint, it's very low, it's about flow not pressure) and stated it explicitly ("I don't know about agricultural systems"). The actual risks of personal injury are very low - this isn't some machine that will pull you in and spit out the mulch, in fact it's hard to see how personal injury could occur without the operator being just plain stupid. In the grand scheme of things, there are far bigger risks to worry about.

If the pump fails to stop when commanded, then the operator just continues spreading the sh1t until it does. He'd have to ignore the fact that the pump failed to stop and then start uncoupling pipes - would you consider it "reasonable" to try and allow for a situation where someone deliberately does that ? In this case I wouldn't.
If some event happens (not high probability) and another event happens such as failure of the controls (not high probability) AT THE SAME TIME (so even lower probability) then the operator drives back to the yard and stops the pump. Problem solves, the "backup" procedure takes over.
IF he's spreading somewhere higher risk, such as right next to a watercourse, then he'd still have the option of a second operator to stop the pump in an event and not wanting to leave the pump running for the time it takes to drive back.

PS - how many radios continue transmitting without a power source ?