Archive for the ‘ELECTRICAL SYSTEMS’ Category

Gulf Oil Rig Disaster

Wednesday, June 23rd, 2010

OOPS Again!

What a surprise! The Deepwater Horizon rig drilling for oil 5000 feet beneath the surface of the Gulf of Mexico broke down and has been gushing oil into our waters since April 20, with no end in sight. It’s another example of the “Nothing can go wrong… go wrong ..go wrong ..go wrong ..go wrong” syndrome — check the article I posted on May 19th about the stock market. The brief stock plunge didn’t do too much damage; the explosion on the Deepwater Horizon, which took the lives of eleven people and continues to spew oil into the Gulf of Mexico is a major catastrophe.

The headline in the June 21st edition of the New York Times,, is “Lapses Found in Oversight of Failsafe Device on Oil Rig.” What does failsafe mean? It means nothing can go wrong. The extensively researched article under that headline reveals that this was no surprise to a great many thoughtful people in the industry.

Brown’s Law
Brown’s law says that for any engineered system to be reliable it needs to meet the following criteria:
Good design
• A technical system design has to assume that the worst-case scenario can definitely occur.
• A system design has to include safety features to cope with the worst-case scenario.
• A system whose failure would be a catastrophe should never include a single point of failure.
• Safety features must be redundant.
• The design of safety features has to take into account practical limitations, such as cost.
• Cost of safety features must be balanced against costs of system failure.
• Nothing is completely failsafe.

Good Test and Maintenance
• The best design in the world is worthless without a serious program of regular testing and maintenance.
• The best testing and maintenance program in the world is worth very little if it is not based on accurate as-built information.
• The best testing and maintenance program in the world is worth very little without keeping complete and accurate records.

The story in the New York Times about the Deepwater Horizon describes how these rules were repeatedly ignored. The safety depended on a device called a blowout preventer (BOP). In the event of an accident this would cause a “blind shear ram” to cut and seal the pipe that connects the well to the outside world. It was supposed to be failsafe. IT DIDN’T WORK!! According to the Times, a confidential report from the year 2000, “concluded that the greatest vulnerability by far on the entire blowout preventer was one of the small shuttle valves leading to the blind shear ram. If this valve jammed or leaked, the report warned, the ram’s blades would not budge.” It was a single-point of failure.

What happened was no surprise — it was deliberately ignoring the principles of good design and test (Brown’s Law) in order to reduce costs. This is turning out to be a very costly set of decisions.


Computer Trades Push Stocks Over The Edge

Wednesday, May 19th, 2010

OOPS. Poor Planning & Computer Trades Push Stocks Over The Edge
May 6th, 2010, the Dow-Jones plunged 1000 points, the largest-ever drop in a single day.

Remember the classic computer joke,

The take-off was smooth and the passengers are belted in their seats. Then they hear an announcement: “Ladies and Gentlemen, welcome to flight 91. You are privileged to be aboard the historic maiden voyage of the first passenger airplane flown entirely by computer. There is no human crew up front, but there are many redundant safety systems. Do not worry. Nothing can go wrong… go wrong ..go wrong ..go wrong ..go wrong.”

This refrain was playing in our memory when we heard the news about the 1000-point plunge in the Dow-Jones on May 6th, 2010, the largest-ever drop in a single day.

“Almost 1.3 billion shares traded on U.S. markets in a 10-minute span…” according to There are various theories about what could have caused this mishap, but they all include the fact that something had triggered automatic trades by networked, computerized systems. The common explanation is that some sort of “glitch” triggered this event, which had the potential of producing worldwide economic crisis. That’s a frightening thought. Even though it didn’t happen, it might have. We believe that attributing the 1000-point plunge in the Dow-Jones to a glitch is wildly inaccurate. There are always glitches—glitches are the norm. The problem was millisecond responses by poorly designed automated, software-driven, integrated computerized trading systems.

Remember the Northeast USA power blackout of 2003—same problem.

This highlights the frightening dangers in expanding systems integration and increasing the rates at which data can be exchanged. I think that convergence of major systems can generate great benefits, but it brings new kinds of dangers. Integrated systems design has to include a study of possible runaway failures of this kind and what can be done to protect against them.


The Securities and Exchange Commission said Tuesday that it would temporarily institute “circuit breakers” on all the stocks in the Standard & Poor’s 500-stock index after the huge market gyrations on May 6, 2010.

The “circuit breakers” will pause trading in those stocks for five minutes if the price moves by 10 percent or more in a five-minute period. The trial run will begin after a 10-day comment period and will last through Dec. 10, the commission said. The “circuit breakers will apply both to rising and falling stock prices.” NY Times, May 19 2010. Do you think a little planning could have addressed this mini-crash before it “just happened”?

Systems designers and integrators please take note!

A Visit with an Innovator

Monday, May 10th, 2010

A Visit with Lighting Control Pioneer, Lutron Electronics Founder, Joel Spira
On April 28th, I had the privilege of attending an event honoring Joel Spira, founder and chairman of Lutron Electronics. This was a rare chance to meet a pioneer in electrical technology, who was donating artifacts to the Smithsonian National Museum of American History tracing the development of solid-state light dimmers from the early 60s through today. They will be displayed in the collection that includes Thomas Edison’s experimental light bulbs and the first lasers. “Collections such as this one from Lutron help us to understand the continuation of the electrical evolution, the process of invention and the history of business and manufacture,” said Brent D. Glass, director of the museum. “American homes changed significantly during the 20th century as people adopted electricity for any number of tasks, including illumination. Objects such as those being donated by Lutron fit in nicely with the switches and control devices we preserve that date back to Edison’s day. Studying the tools of everyday life, such as light switches, helps us to understand our ever-changing technological society,” said Hal Wallace, associate curator of the museum’s electricity collection. “I am pleased to donate these artifacts to the museum,” said Spira. “For the past 50 years, the solid-state dimmer has made homes more beautiful and offices more efficient—all while saving energy and increasing lamp life.”
The Invention
In 1957 GE had produced a solid-state device called a silicon controlled rectifier (SCR). Two years after that Mr.Spira developed a working model of a light dimmer, which controlled power to incandescent light bulbs using an electronic circuit based on the SCR. In 1961 Joel and Ruth Spira founded Lutron Electronics to manufacture and market the dimmer commercially. In 1962 Mr. Spira was awarded a patent for a home light dimmer.
Engineering Talk
The high point of the day for me was trading some memories of 1960s technology with Mr. Spira. He told me how, while in the Navy during World War II, he learned about hydrogen thyratrons, which were used to generate radar pulses. Hydrogen thyratrons are gas-filled tubes that can be used as high power switches operating in fractions of milliseconds. Since AC power reverses direction 120 times per second, a switch that can operate that quickly can control the power delivered by varying the amount of time during each cycle that the switch conducts. The advantage of this type of control is that power is not wasted when the output is reduced. It’s like turning the light switch off for a small amount of time120 times a second. SCRs are solid state devices that can be used this way. Since thyratrons are physically large, but SCRs are not, this got Mr. Spira thinking about the possibilities. He set out to build a circuit that could control the power fed to an incandescent lamp, but which would be small enough to fit into the space of a home-style light switch. Working in the bedroom of his New York City apartment, he succeeded.
Here we are in 2010 and hydrogen thyratrons are still be used to generate radar pulses, because not only can they switch large electrical currents, they can easily handle the thousands of volts that are required for radar. But Mr. Spira’s original solid-state dimmer has evolved into the preeminent means for controlling lighting systems throughout the world.

Technology — World

Saturday, May 8th, 2010

This is the first entry in what I am planning to be a continuing discussion on how technology (especially, but not limited to, electrical technology) fits into, affects, and is affected by our world. By world, I mean our physical, social, economic, political and psychological world.

My point of view is that all design is systems design, whether we intend it or not. In the real world there is no such thing as separate independent systems. There is only the confusing hodgepodge of interacting forces, which we attempt to understand by inventing categories such as electricity, communications, power, economy. We design technology by creating in our minds a rapidly expanding grid of sectors: lighting control, building automation, communications, IT, IP, Internet, social media, fire protection, HVAC, transportation, stock market, government, education, healthcare, industry etc.

If I’m designing a particular device, say a lighting controller, I first have to decide why I should design it. There’s a quick and simple answer: my boss told me to. But why does she want me to? I have to know what I’m aiming at. Do we want to make it cheaper than the competition’s — or better than theirs. Should it be designed to easily tie into a network? Will it have special features like an IP interface, or DALI, or built-in intelligence? Will it have features that will allow it to enhance workers’ comfort and productivity? For example could the controller be integrated into a building system to save energy through daylight harvesting, but at the same time allow someone at a desk to control a task light for their individual comfort level? Before the design is started, the designer should be thinking about questions like these; but at some point, with this in the back of his mind, the designer has to get down to the nitty-gritty details. But it’s very important to return to these questions as the product is being developed. Along the way, it is important to ask yourself, and others, is the device I’m developing answering these questions in the way I intended?

You have to think about the people who will use your controller. My design can be a stroke of genius but it won’t be much good, if people won’t feel comfortable using it, or if the people using it don’t see that it offers them any advantages, no matter how clever it is.

Devices have to fit comfortably with the systems in which they will be used. To my mind the smartest device design is one that can be easily connected to any system; and I think that is clearly the direction in which technology is headed.

I was having breakfast the other day with Robert Akovity of Integrated Building Controls, Inc. ( and talking about building control systems.  His point of view, which I completely agree with, is that the future of integrated building management is with open systems. Any device with an IT interface can be linked with any other and controlled and monitored by a central computer. Robert summed it up by saying that there are really only four types of data transfer points: analog in and out and digital in and out. I would add that this means that we are free to concentrate on optimizing the devices, the systems, and the way in which we send the data back and forth — the infrastructure.

Systems and Devices
If devices are to be integrated into a system, each device should have a unique address. That way any device can be made to talk to any other in a peer-to-peer network. Then the system can be designed, tried, redesigned and retried. It can be a living adaptive organism, changing as the system performance is evaluated and as conditions and needs change.

Systems and systems
As I suggested earlier, giving a system a name, for example security system, is really somewhat arbitrary. Is access control part of the security system — yes; but it could also be part of the fire protection system. Occupancy sensing is typically thought of as used for controlling lighting; but it can also be used to adjust the HVAC in a particular room; and it wouldn’t be a stretch to think of it being part of the security system as well.
We have to open up our thinking about systems as the systems themselves become more open.

Trouble with systems
Everything new that we do to improve things brings with it a new set of problems. A necessary element of progress is coping with and learning from, the new problems that come along. For example I was just reading about the record-breaking short-time drop in the stock market this week, which was not caused by panic or any other human intervention. It was caused by a tiny glitch that triggered a high-speed series of automated events.

System designers always include negative feedback as a stabilizer, but a slight shift can cause the feedback to become positive and precipitate a series of events spiraling out of control — a small change produces a larger change in an ever-increasing unstable spiral.

Another example of this was the Northeast power blackout of 2003.

The moral of this is that we have to consider the ways that systems go wrong as part of the design process and when things do go wrong we should take that as an opportunity to learn how to make things work better.


Thursday, December 3rd, 2009

Welcome to Ed Brown’s weblog.