PART 1: DON’T MAKE THIS FATAL MISTAKE
Low-cost electronics modules and “how-to” design guides for hobbyists have made it easy to pop together working prototypes. That’s fine for hobbyists, but if you are planning on selling your creation to the masses, you need to be sure you understanding the following:
There is a HUGE difference between
a prototype and a production-ready design
If your prototype design was generated by experienced senior engineers, then they are likely to be aware of the many additional challenges that must be overcome in moving that design into production.
However, if your prototype design was based on cut/paste “reference designs,” pre-packaged modules, or hobbyist schematics, then you may not even be aware that there is a difficult path forward. In fact, you may make this fatal assumption: The prototype works, therefore let’s build a million of them and get rich!
Unfortunately, that fatal assumption will probably not lead you to wealth, but instead will create excruciating anxiety as you watch your new product crash when it exhibits one or more of the following problems:
- intermittent performance
- inexplicable shutdowns
- excessive power drain (e.g. frequent battery replacement or recharging)
- errors or even total failure due to normal variations in power source or environmental factors such as temperature and humidity
- failure to properly operate over the device’s warranty period
- breakage when being normally shipped and handled
- customer frustration due to a poor user interface
- errors when operating near other electronic devices
- other electronic devices malfunctioning when near your device
- failure due to common levels of electrostatic discharge
and this biggie:
- customer injury or death
In future newsletters we’ll provide some tips on how to minimize the risks listed above. In the meantime, if you think that you need some guidance in moving from prototype to production, please contact me. We enjoy helping startup firms achieve their dreams.
Van Brollini’s new book is an essential addition to the test engineer’s library, as well as the library of any product manager.
The Handbook contains practical advice that is based on Mr. Brollini’s extensive experience with test development, including unique insights that I have not seen elsewhere, insights that will provide the test engineer with a quantum leap in productivity.
The test engineer will also appreciate the fact that Brollini’s methods — clearly presented as a series of rules, tips, and straightforward equations — are practical and cost-effective, illustrated by real-world examples throughout.
The Handbook’s teachings can be applied with basic math and spreadsheet tools, although Brollini does recommend Design Master™ for best efficiency, particularly for more advanced applications.
(I have known Van for many years, as he was one of the first engineers to adopt our Design Master software. From time to time he has offered suggestions for improvements, which were incorporated into the software.)
The Test Engineer’s Measurement Handbook is available through the DACI website.
Excerpts from “Lithium Battery Shipments On Passenger Planes ‘An Unacceptable Risk,’ Say Aircraft Makers,” by Suman Varandani, 10 March 2015 International Business Times:
“Aircraft makers and pilot unions are calling for a ban on the transport of lithium battery shipments aboard passenger planes following fears of fires that could prove difficult for aircraft fire protection systems to contain. An industry paper obtained by The Associated Press (AP) cited recent tests conducted by the Federal Aviation Administration (FAA) that showed overheating of the batteries could result in explosions.”
“The FAA tests revealed that batteries emit explosive gases when overheated, and that aircraft fire protection systems ‘are unable to suppress or extinguish a fire involving significant quantities of lithium batteries, resulting in reduced time available for safe flight and landing of an aircraft to a diversion airport,’ according to AP. ‘Therefore, continuing to allow the carriage of lithium batteries within today’s transport category aircraft cargo compartments is an unacceptable risk to the air transport industry.'”
Note that charging of the lithium batteries is not required to initiate a fire; a fire can start with the batteries sitting unconnected in their shipping containers. Triggers can include a manufacturing fault (short) in a single battery cell, a short caused by mechanical puncture during rough handling or travel, shorted terminals due to improper packaging, external overheating, or battery gas emissions that can be ignited by electrostatic discharge.
Update 3-21-15: I guess the word is spreading about lithium batteries and aircraft safety. A reader sent in this pix of a warning label that was on his recently purchased lithium batteries:
An assignment a few years ago required some very specialized design work. We provided a detailed report with many specific recommendations, many of which were ignored. When we politely pointed this out to the client, we were told, “Just because we pay you for advice, that doesn’t mean we’ll follow it.”(1)
Fair enough. Managers sometimes have to make difficult tradeoffs, with technical advice being only one of many parameters that must be considered. Consultants should therefore not be offended when a manager decides to assign a lower priority to their recommendations — we don’t see the big picture; the manager does.
In another example, a colleague of mine — arguably one of the top experts for guiding the preparation of winning proposals for military contracts — arrived to head up a hot time-sensitive proposal effort, only to spend two days sitting in a waiting room. Whether the client was suddenly engaged in an emergency task or whether they were being woefully inefficient doesn’t matter; this was the client’s prerogative, and nothing to get upset about. (My colleague was paid handsomely for sitting.)
Bottom line: although consultants should expect to be treated with professionalism and respect, they should not expect to be given any special privileges or accommodations, and they certainly should never demand such treatment. We are there to do a job with minimal hand-holding, not to be treated like visiting royalty, and our egos should be accordingly prepared.(2)
Note 1: In this example, the subsequent eruption of significant technical problems indicated that ignoring our advice was not a wise decision.
Note 2: For example, a consultant should not assume that an office will be provided, or even a desk. Be prepared to grab a table in the cafeteria, or to use the desk of someone who’s on vacation.
The cargo fire hypothesized by Canadian pilot Chris Goodfellow to explain the disappearance of Malaysian Flight 370 (see “Malaysian Flight 370: Canadian pilot’s analysis goes viral“) is a reasonable one.
According to Malaysian officials, the plane was carrying 440 pounds of lithium batteries. Lithium batteries, sitting inert (not being charged or discharged), were identified as the cause of the fire and resultant 2010 crash of a UPS 747 flight at Dubai. Ironically, even though “improper storage” in that case was determined to be the cause of the fire, I have never read any explanation of how improper storage can ignite a lithium battery. It appears more likely that lithium batteries, under certain conditions not completely understood (e.g. a combination of battery construction and chemistry, heat, vibration, and/or shock) can spontaneously ignite, albeit very rarely.
In addition to pilot Goodfellow’s comments, an added interesting point is that Flight 370 also gained very high altitude shortly after communications ceased. It could be that the pilots, upon becoming aware of the fire at that time, tried to quickly elevate the plane to quell the fire by starving it of oxygen. This might have been an excellent maneuver for most fires, but lithium batteries, once ignited, create their own oxygen and will continue to burn at high altitude.
Bottom Line: Until the cause of the disappearance of Flight 370 is positively determined, the possibility of a lithium battery fire is a reasonable hypothesis, and worth investigating.
Innovative thinking includes taking old established technologies and applying them to modern applications. Peugot has recently proved this point by using compressed air instead of the battery (and/or supercapacitor) typically used in hybrid vehicles for stop-start energy savings.
For details please see “The car that runs on AIR: Peugot reveals plans for hybrid set to hit the streets next year“
Please see “JAL reports problem with 787 battery on Helsinki-Tokyo flight,” 9 Nov 2013 Reuters, and “Battery Problems on Boeing’s 787 Dreamliner Are Back” by Meghan Foley, 11 Nov 2013 WallStCheatSheet
As mentioned previously (e.g., “Boeing’s Fix for its Flaming Lithium Batteries: Is There A Fatal Flaw?“), until Boeing digs down to the root cause of their lithium battery problems, they — and those who fly on the Dreamliner — will continue to be exposed to undefined risk.
(Note: Boeing provided a report, “Certification of 787 Battery Solution,” back in April, which lists “improvements” and “enhancements,” but makes no mention of a root cause.)
(Photo from “Oklahoma Jury Finds Toyota Liable For Sudden Acceleration Fault; Awards $3M In Damages,” by Arjun Kashyap, 25 Oct 2013)
Back in 2009 this newsletter started to express skepticism about Toyota’s insistence that unintended acceleration in their vehicles — in some cases resulting in fatalities — was due to a floor mat that could cause the accelerator pedal to stick. (Those earlier posts are listed at the bottom of this post.)
The reasons for the skepticism were (a) the number of reported cases was relatively high compared to other non-Toyota models, (b) there was at least one case where it was clear that a stuck pedal could not be the cause, and (c) the investigation by the National Highway Traffic Safety Administration (NHTSA) appeared to have some major flaws. Also, DACI’s own experience in investigating several low-probability events has convinced us that customers who report such problems tend to be too easily dismissed, rather than receiving the respectful assumption that they are honest and observant and reporting the problems carefully; i.e. the sudden acceleration stories related by some Toyota owners were not consistent with the floor mat hypothesis. Finally, it didn’t help Toyota’s credibility when Toyota employees were caught congratulating themselves on how they had slowed and limited the accident investigation.
Despite the above reservations, the official report by the NHTSA was that the root cause was the floor mat. Well, after several years it turns out that a detailed analysis of the electronics, as brought out during a recent trial, has confirmed that it was not just the floor mat. Key trial results are detailed in “Toyota Case: Vehicle Testing Confirms Fatal Flaws,” by Junko Yoshida in the 31 October 2013 EETimes. Here’s an excerpted summary of the problems identified:
• Software bugs that specifically can cause memory corruption
• Unmaintainable code complexity in Toyota’s software
• A multifunction kitchen-sink Task X designed to execute everything from throttle control to cruise control and many of the fail-safes
• That all Task X functions, including fail-safes, are designed to run on the main CPU in the Camry’s electronic control module
• That the brake override that is supposed to save the day when there is an unintended acceleration is also in Task X
• The use of an operating system in which there is no protection against hardware or software faults
• A number of other problems
The deficiencies in the throttle design are shocking, because good rules exist for the design of safety-critical electronics (e.g., Chapter 4, “Safety Analyses,” in The Design Analysis Handbook).
The Toyota case makes one wonder how many other possibly-catastrophic flaws are lurking within the cars we drive, or in other electronics-guided machinery, due to poorly-designed safety-related systems.
Prior Toyota Unintended Acceleration Posts:
3 Feb 2010
Stop Driving Recalled Toyotas
21 Feb 2010
Toyota Joins The Gallery Of Shame
A Tesla Model S electric vehicle, which uses lithium batteries, burst into flames after supposedly running over a road obstruction. The state trooper who investigated the event did not find evidence of an obstruction.
The car’s battery pack is located in the floor, so it is possible that an obstruction ruptured the pack. But without confirmation, it is also possible that the battery pack erupted in flames due to an internal defect, similar to the Boeing incidents. Low-probability incidents by their very nature will occur rarely, but when they do occur they can be deadly when associated with high energy storage system, such as battery packs.
Photo above from the USA Today report: http://www.usatoday.com/story/money/cars/2013/10/02/tesla-fire-stock-falls-analyst-downgrade/2911345/