WorldWide Drilling Resource

Sometimes We Need Redundancy by Britt Storkson Owner, P2FlowLLC Redundancy is often viewed as a negative thing when it comes to the written and spoken word. Most of us do not want to hear the same thing over and over again. Redundancy is essential for computer con- trols, but every additional component must be carefully considered. Too much redundancy increases cost, complexity, and reduces reliability. Too little, and the safeguards are not adequate. Redundancy, simply put, is adding additional “secondary” components to serve as a reference or re- placement should the primary components fail. When we say secondary, we do not mean marginal or inferior in any way. We mean they are not the primary source of information for the computer, but can be a satisfactory substitute. If one sensor is “bad”, then the computer can switch to another “good” sensor and advise the operator of sensor failure. How does the computer know if the sensor is bad? All sensors output a voltage. This voltage is nothing more than information. The voltage value and what it means is deter- mined by the sensor manufacturer. The voltage output from a good sensor is usually somewhere between 1 and 5 volts DC (direct current), but there are many variations. The computer (microprocessor) then reads (or measures) the voltage output by the sensor and uses it to determine how to operate the equipment. If this voltage goes above or below the manufacturer’s determined limits, then 99% of the time the sensor is bad. For ex- ample, one of the pressure sensors I use outputs a voltage which ranges from 1 to 5 volts. For a 0-100 psi pressure sensor, the manufacturer has determined 1 volt means 0 psi and 5 volts would mean 100 psi (pressure sensed). If we read 0.5 volts or 6 volts coming from this sensor, then the sensor is bad. Often, more than one of the same sensors is used in critical applications. The computer can designate one as a primary sensor, and switch to another sensor if the primary sensor is deemed unreliable. The operator should be advised via a display or warning light that the sensor is bad, so it can be replaced as soon as possible. The article entitled “Lion Air crash shows cockpit computers are no substitute for pilot skills” ( Los Angeles Times , February 4, 2019) suggests sensor issues for the crash of Lion Air Flight 610 which took off from Jakarta, Indonesia, October 29, 2018. Thirteen minutes later, it crashed into the Java Sea killing all 189 passengers and crew. There are two angle-of-attack (AOA) sensors on that aircraft, a Boeing 737 MAX jetliner. While the investigation is still on- going, it is suspected the failure of a single AOA sensor, along with faulty software, could cause the computer to think the air- plane was beginning to stall, then send the aircraft into a dive as a counter-measure. There is speculation that a third sensor, along with corrected software, would have rendered the failure of one sensor a nonissue. While we should never indiscriminately add components as a knee-jerk reaction to any problem, this could be the correct approach in this case. Sometimes control components need more software support, not less, to make sure everything works properly. The objective here is not to “work harder”, but to “work smarter”. While much computer control software and hardware in a wide variety of applications could be eliminated without consequence, we need to be selective about what stays and what goes. Sometimes software and hardware needs to be added to make a quality control system, and that’s where developer skill and diligence comes into play. Britt Britt Storkson may be contacted via e-mail to michele@ worldwidedrillingresource.com 53 WorldWide Drilling Resource ® APRIL 2019 Have an article idea? Submit it to us today. Call Bonnie at 850-547-0102 or e-mail bonnie@ worldwidedrillingresource.com