Quote: (Originally Posted by
AD_ward9)
I am astonished at the lack of basic engineering knowledge from someone developing a rebreather (the K1). I know your background is software, but that is no excuse.
Actually, my background is in engineering. You're the one who is astonishing me.
Since you choose to respond here rather than in the other thread, I'll do it in both places.
Quote:
MTBF (Mean Time Between Failure) is different to MTBCF (Mean Time Between Critical Failure). Both terms are defined very exactly by standards and are a complete science. Their accuracy is excellent as huge numbers of components are tested to give a number for every single part.
Really?
Then you can explain why in the case I cited in the other thread, we saw
actual failures of anywhere from ten to
fifty times more prevalent than predicted,
and we were operating in a more tightly controlled environment than that demanded by the manufacturers to meet those specs!
This is not a matter of fanciful reliance on manufacturer data - this is
real world experience. Investigation showed that
up to half of all the components in these devices had "published" MTBFs that were derived by statistical extrapolation from stress conditons away from the normal and expected operating regime.
The problem with this Alex is that when one does accelerated life testing the shape of the curve is
not scientifically extrapolable to the normal operating environment with exacting confidence - only with
high confidence. In the language of statistics, we can provide some number of sigmas worth of confidence that our number is correct, which
sounds good until you consider the number of individual components in the device! Error rates are additive and as such as component count goes up so does uncertainty. Yet that uncertainty is
not stated in the MTBF (or MTBCF) numbers!
One of the basic foundational principles of science is that you cannot state a measurement without its uncertainty. A raw number is meaningless. This is first semester college level science stuff, and yet you won't find an uncertainty value on ANY published MTBF or MTBCF figure - including yours! Why not? Because
neither you or they know what that number is. Quote:
MTBF is the inverse of the frequency the equipment has a fault, and MTBCF is the inverse of the frequency the equipment has a fault that could kill a user. In practice users often survive critical failures, for rebreathers by about 100:1, so the MTBCF is a pessimistic figure whereas MTBF is quite precise. Remember it is an arithmetic mean.
But you just redefined it Alex.
You claimed that:
Quote:
3. The Open Revolution safety case demands bail out. The equipment forces the user onto bail out. So tell me how can the system operate if it has no bail out?
To take your brakes analogy, try it with the brake lining removed.
But in the same breath you claim the unit has more than a
one billion hour mean time before a critical fault occurs. Which is it Alex?
As I pointed out (and which you have intentionally ignored) if you were to ship 100,000 of these units to people who each dove them 10,000 hours over their lifetime, you'd expect (arithmatically) to have
one critical failure on them over that entire population and lifecycle!
That means the risk of death
if you dive this unit alpine (one in 270,000 assuming 10,000 lifetime diving hours) is
lower than the risk of death by lightning strike (1 in 83,000). Indeed, its roughly the same risk as that of being killed by asteroid impact (1 in 200,000 to 1 in 500,000)
Isn't that good enough for your company to advocate that one can dive the unit without bailout?
Quote:
To get the component MTBF, the manufacturer has made huge numbers of components and tested them.
Yes, but not under realistic conditions. That's because he can't - the amount of time to detect the first failure at a component level is measured in hundreds of thousands of years, even across very large populations of components. So instead what is done is accelerated life testing, where components are exposed to intentional overstress and the failure rate under "normal" conditions is extrapolated.
This is an inexact process, which is why you do not see uncertainties on published MTBFs!
Quote:
So, back to how we get an MTBF figure: we contact every component manufacturer and get his MTBF data for the component we design in. We look at it and if it is better than the industry average for that component (these figures are published), with the stress applied to it in the particular application, then we use the worse figure. This means we always take worst case figures.
So what? Garbage in, garbage out. No uncertainty figures on the MTBFs mean that you're accurately computing a number that has no tolerance, and thus do not know what the tolerance is on the result!
Quote:
We then use a MIL spec method to add the numbers up. There is another method, in a BSI standard but the BSI method is for more light use and not suited to stressed environments.
I understand that Alex. But again, if you have numbers as input that are without uncertainties then you are not stating a scientifically-derived value.
If I tell you that the diameter of this piece is 1.5", I have told you nothing of value at all, because I have not specified a tolerance.
A proper scientific measurement
must include a tolerance. Therefore, if I am going to tell you that I want to specify that piece's diameter, I must say something like "1.5 inches +/- 0.001". THAT is a defensible specification.
An MTBCF of "2.7 billion hours" is worth exactly nothing without a tolerance.
As I pointed out in the other thread, I have had large populations of electronic equipment in controlled environments WELL within manufacturer specifications fail at anywhere from ten to FIFTY times rates their MTBFs would imply.
As I pointed out, the problem was that the MTBF was specified in an incomplete manner, just as yours is.
Compute the uncertainty on your "2.7 billion hour" claim and I suspect you'll be quite disturbed. I know we were, when we started doing this sort of analysis.
In fact, we only had to do it once to realize that the "common usage" of MTBFs in electronic components are really quite fanciful, and thus you cannot use said comparisons as a meaningful tool.
Most people would think that if they had two disk drives available for them to purchase on their computer, one with a 500,000 hour MTBF and one with a 750,000 hour MTBF, that the 750,000 hour one should, over large populations of units, be the more reliable device.
That is not
necessarily an accurate statement.
What if I told you that the 500,000 hour MTBF was +/- 5,000 hours (a 1% tolerance) while the 750,000 hour MTBF was +/- 325,000 hours - a 50% tolerance!
Now which one do you buy? I buy the 500,000 hour one,
because I can more accurately plan life-cycle costs; I have absolutely no idea
where in the 750,000 hour range the device that I have in my hand falls, and two of them may be on polar opposites of their expected service life, with one as little as 325,000 hours and the other at nearly 1.1 million!
When you demand from suppliers (and publish) MTBFs that contain uncertainties then you're putting forward a figure that can be understood to actually mean something.
Quote:
I think you just made a very good point, albeit obliquely: it is very dangerous for amateurs to be let loose designing life critical systems - leave it to the professionals, but demand to see all their calculations and methods.
Yet another personal attack - yet you won't even stand in front of your own design and its claimed MTBCF!
If you truly believe that your device will not fail, on average, for 2.7 billion hours, then certainly you can safely advocate that someone dive it alpine, when
if your specified MTBCF is accurate, even to within only 50%, their risk of getting killed by doing so approximates that of being killed by lightning strike or asteroid impact!