Quote Originally Posted by Dr.Al View Post
Thanks @metric_taper .

The Nanodac is the thing that's mounted in the door; the thyristor pack on the DIN rail mount is an EPACK. Both come from Eurotherm, so they're well suited to talking to one another over the modbus TCP link. All that link does at the moment is write a set-point to the EPACK Thyristor pack and read the current back (for display).

I also don't trust relays, and don't trust thyristors or solid-state relays either! At least with the contactor (which is just a big relay really) it isn't switching as often as the thyristors are so there's a reasonable chance the contacts won't have welded. I do like having the physical switch in line with the heater coils as a belt-and-braces thing though. At least that means I can guarantee that the coils are electrical isolated even if something goes wrong with the contactor. For an overheat event to happen, there needs to have been at least two failures: something going wrong with the thyristor pack and something going wrong with either the over-temperature detection or the contactor. I'm sure that wouldn't be enough redundancy for an aeroplane application, but hopefully it's good enough for a heat treatment oven!
I was confused as I was seeing a LCD screen controller on the internet search of the product, and failed to look at your front panel holding the system, so I thought you had some micro-package version.
I have had the SSR fail short, for room temperature heater using a low current controller. I end up using a conventional metal contact thermostat rated for the heater current. That's set up as a high limit off, so like you know, don't cycle current through contacts if you want reliability.
I worked on the biz jet and commuter size aircraft. The biz jets were the BAE-HS125-800, Falcon 50/2000, SAAB2000, Piagio180, Bombardier RJ50/70/90/100/200 but started with the BeechCraft model 2000 Starship (carbon fiber pusher turbo prop, a dud design), and the BeechJet, which was a Mitsubishi Diamond II, sold to them, and now called a Hawker. they also bought the BAE125-800 jet design.
The auto pilot I worked on was dual-dual, fail passive. Cant' use that for auto land. The air transport division of the company I worked at, did an early commercial Cat III autoland, that was the BAE L1011, that was triplex design, and analog. That was before my time, that morphed to digital, and they used the microslice 2900 chip set with their custom microcode. I was told they spent $8meg in 1980 dollars doing a verification analysis. But those guys/gals in air transport were in a different world of safety compared to my lesser pee-on division. Boeing became their #1 customer, and Airbus locked any content out of their airframe. The only saving thing was customers wanted Collins Radios, the name sake of the companies product line. When I left they were buying Ethernet data switches.
So those two Boeing 737 Dash 8 that went down, that was pilot error, and a stupid design that fails any safety analysis. Our FAA, your JAA/(EU equivalent) requires pitch trim runaway to be an critical level of design prevention. So avionics uses the nuclear safety method of fault tree analysis, and adding up components in parallel or series to get the failure rate of 1 per million hours of operation for a pitch trim runaway. Having two weeks apart not good. But Boeing, let the pilot always fly the airplane. If these dumb underskilled pilots would have done that (one did, recovered, then reengaged to crash into the ground), they could have flown all the way to their destination. This underskill is a real problem. Many accidents where they want to use autoland all the time, and can't do a real landing outside a simulator. The real problem was the lack of annunciation of the AOA sensors (angle of attack), confusion with underskilled software subcontractor computer science educated, and no mentoring on safety. The specification was messed up, as some idiot at Boeing wanted to charge for some display feature. It was a major change to the airframe flying machine, and should have required training and instructional input at a minimum. That problem of safety at Boeing came from when they bought Mcdonald-Douglas, which was a reversal of management, and different safety ideas. The old guard safety people of the original Boeing were overkill. Airbus does not have this same mentality, and it has it's own issues. They take control from the pilot, so it's philosophy thing.