back to article Don't panic, but a 'computer error' cut the brakes on a San Francisco bus this week

A trolley bus crash in San Francisco is being blamed on a "computer error" that left the vehicle without working brakes. The San Francisco Examiner reports that a prang on Jackson and Scott streets Monday that sent the bus driver to the hospital was the result of a failure in the components that control the brake system. The …

Page:

  1. HieronymusBloggs

    The handbrake needs a computer's cooperation before it will work? What prevents a parked bus from rolling away when the battery goes flat?

    1. a_yank_lurker

      I believe the air brakes operate on positive pressure to disengage

      1. Alan Brown Silver badge

        > I believe the air brakes operate on positive pressure to disengage

        Correct and I can tell you from experience that one of the more amusing ways to annoy a trucker is to discharge his air tank. It takes quite a while to be refilled (whilst the engine's running to drive the teeny pump that does it) before he can drive off.

    2. Yet Another Anonymous coward Silver badge

      >What prevents a parked bus from rolling away when the battery goes flat?

      That would be ridiculous.

      It would be like leaving a train with hundreds of tank cars full of fuel oil parked on a hill above a town, with vacuum brakes that only operate while the engine is running, without any crew overnight and without a note telling the fire service not to use the engine kill switch when there is a minor fire.

      1. cd

        I have professionally taught railroad air brakes and study incident reports as part of keeping current, your post is largely fact-free. Some of the words are right, though, if only they were used in a different context completely. Not surprising because even experienced railroad people don't always understand how the brakes actually work, esp this latest generation of trainees.

        In that particular case and in a few others, we can trace the root cause to the kind of people who sit at desks and have no actual physical experience with something coming up with blathering unclear rulebook pages and procedures that have gaping holes in the real world, they apparently think they can spackle holes in reality with enough of them. Note that the crew who let that happen were "certified", which as anyone who has dealt with certified anything knows, is not reassuring except to the dim.

        Needless to say, even more pages are now required to make sure that "certified" crew are doing the job correctly. Yet more accidents keep occurring, even though railroading can be very simple if sense is applied. If one can find anyone who possesses sense, they probably won't stand for being certified under the current regimen. There simply aren't enough ibuprofen available on this planet.

        On the bus: The brake pedal should directly act on the brakes. <--Period there. Power thingies and augmentations can be attached but should not be in the way of that direct link. See above para about experience-free fatasses who design things nowadays. I would not drive a vehicle with braking by wire, although I drive an old bike that has cable brakes. I made the cables myself so trust them, even though I'm not certified to do so.

        1. petur

          Don't step in an airbus then. Or in several modern cars.

          Drive/fly by wire is not new, you know?

          What is happening here, however, is just plain bad design. Having a critical system with single point of failure. <- period there

          1. leexgx

            yep there should always be dual systems in place for normal brakes brakes if 1 of them fails to act it should fail safe in a way that applies the brakes , hand brake should be isolated Independent system from the normal brakes and this is a massive fail linking both of them in this way

            coaches from years ago even have backup E brake handle just in case for some reason the air brakes lock the brakes open state (practically nearly impossible, but nearly is not good enough with more then 50 people and no seatbelts), you just push it down and it overrides the air brakes by forcing the brake clamps directly via a motor

          2. leexgx

            i dont really like airbus flight control design as its just a flying flight simulator that the pilots tell it where it goes and can lead to crashes (officially most of the crashes are pilot error but the confusion from flying the plane all the time can lead to situations when something not normal happens can cascade into a crash)

            boeing planes also use fly by wire on the newest planes as well but the diferance is all they did was modernise the systems and made sure the pilot is the person who flys the plane when needed with no hindrance and confusion (no force feedback on airbus on the sticks) the automation on the new boeing planes assists the pilot but at no point does not interfere with them, most boeing crashes have been mechanical failure of some sort of pure stupid pilot flying(not error)

            1. imanidiot Silver badge

              Citation needed.

              Where do you get this drivel from? A former airliner captain (now working for a large aircraft maintenance company) has told me something entirely different.

        2. Cuddles

          "The brake pedal should directly act on the brakes."

          There's no such thing as acting directly on the brakes. The brakes are on the wheels, the pedal to control them is inside next to the driver; some kind of linking system between the two is always going to be required. An electronic link is not inherently less safe than a mechanical one, and can actually be much safer and less susceptible to failure if done properly. The system in this particular case may or may not have had a safe design, but it's just as easy to design an unsafe mechanical system; the use of wires or mechanical parts tells you nothing about how safe the system as a whole actually is.

          1. The First Dave

            "There's no such thing as acting directly on the brakes."

            Yes there is - I had to teach this to my daughter a couple of months ago - quite scary, but still:

            Top of a hill, 30MPH

            Turn off the engine.

            Apply the brakes, release.

            Apply the brakes, release.

            Apply the brakes, panic when nothing happens, press REALLY hard and the car WILL stop.

            1. Prst. V.Jeltz Silver badge

              press REALLY hard and the car WILL stop.

              "press REALLY hard and the car WILL stop."

              Not if its a Citroen Xantia I discovered. If engine is off, brakes will not operate at all.

        3. Alan Brown Silver badge

          "Yet more accidents keep occurring,"

          And that word - "accident" is half the problem.

          If it was predictable, it wasn't an accident, it was inevitable and the only question was "when".

          With modern safety systems in place there are very few wrecks/crashes/etc that are actually attributable to mechanical or electronic failures - and when they are we seldom allow such failings to remain unremediated.

          As with industrial "accidents" where operators are found to have bypassed safety interlocks or procedures for speed, many of the rail industry's problems have similar causes. Similar observations apply for road crashes. The screamingly vast majority are caused by multiple levels of operator error on multiple parts.

          The aviation industry noticed this decades ago and that's why human factors is a mandatory study subject for pilots. All the safety precautions in the world are no use if the monkey in control decides they're too much nuisance and deliberately breaks them - and that's why the safest course of all is to eliminate the monkey whenever possible.

      2. This post has been deleted by its author

      3. drone2903 in Kanuckistant

        That would never happen now... would it ?

        like

        https://en.wikipedia.org/wiki/Lac-M%C3%A9gantic_rail_disaster

  2. Anonymous Coward
    Anonymous Coward

    Whaaat?

    Does pressing the brake pedal not activate brakes on each wheel?

    I've yet to see a motor (not an engine?) that can overpower brakes when they are applied.

    Or I am just completely missing something here?

    1. Old Used Programmer

      Re: Whaaat?

      I'd have to look for data on the particular bus involved, but Muni has a variety of vehicles, including electric busses that use overhead wires to get power.

      1. Alan Brown Silver badge

        Re: Whaaat?

        "including electric busses that use overhead wires to get power."

        aka "trolley bus" - which is what was specifically mentioned in the story.

        Electric motors have substantial torque and having the controllers fail to switch out drive current when the brakes are operated (or accelerator lifted) is going to result in the vehicle taking a _lot_ longer to slow down than normal even with full braking applied.

        Good luck in the average driver thinking about other available methods of turning off the juice when this happens. Even someone with some instruction is going to have a moment's panic before they react (A relative drove trolleybusses in Wellington, NZ in the 1980s. Even those old electromechanical control systems would fail in interesting ways from time to time)

        The story says only the driver was injured. Did this happen in the marshalling yard/bus garage?

        1. Herbert Meyer

          Re: Whaaat?

          Trolley buses, in common with electric rail cars, only use overhead or third rail power for the traction motors. The general power for systems is supplied by batteries, charged by wheel generators that only work when the vehicle is moving. So a completely flat battery is a big deal. The car must be towed or pushed (or jumped, a very dangerous operation) to recharge batteries enough to power systems up.

          1. Alan Brown Silver badge

            Re: Whaaat?

            "The general power for systems is supplied by batteries, charged by wheel generators that only work when the vehicle is moving. "

            Wellington's ones had a small motor-generator onboard for charging the batteries (old electromechanical systems means it was easier to use a small 400V motor to drive a generator and keep them charged that way.)

            They also had a small onboard diesel generator (about 5kW) which was there specifically to allow the bus to be pulled to the side of the road if the power went out so it wouldn't obstruct traffic. (I only ever experienced this being used twice in the time I lived there)

            Most importantly of all, they had a button beside the driver marked "emergency power cut off", which did exactly what it said. It would be "unusual" if it was absent on a Muni trolleybus or any other kind of heavy electric traction vehicle.

            Without knowing the full investigation and noting the statements about thyristors, my pick is that the brakes worked but the motors weren't cut off (or possibly went to full power even before he hit the brakes), so the bus didn't stop in the distance the driver was expecting to and he didn't hit the emergency shutoff quickly enough to recover in the remaining space (or at all).

            The "traction motor overspeed condition" is a good indicator it went to full power. The report states that there's an emergency power off as well as a "poles down" switch and a couple of other options.

            It doesn't take much of a shunt to hurt people if they're not strapped in and anyone who's not driven a EV shouldn't underestimate their acceleration (I was surprised even in a Leaf, They get off the line and up to 30mph faster than any muscle car), so a "failure to full power" at switchon in the morning might easily result in the bus lurching forward and hitting the one parked in front of it at enough speed to hurt the driver.

    2. ilmari

      Re: Whaaat?

      My fuess is that They probably made it behave much like a vehicle powered by a diesel engine and automatic transmission, rightmost pedal to accelerate, let go and it freewheels, left pedal for braking.

      So in order to get regenerative braking while still having the pedals behave the same way, they needed electronics on the brake, to first do regenerative braking, and switch over to friction braking at some point.

      In other industries, like forklift trucks that are available with different power options, they just don't bother with that, and make lifting the right most pedal equal maximum regenerative braking effort, and then retain mechanical linkage to the brakes from the left pedal. It takes some time for drivers to adjust, and the mechanical brake is almost never needed. And no, the motors can't overpower the brake.

  3. nilfs2
    Unhappy

    Emergency brake controlled by a computer!!!

    Now I'm scared

    1. Lee Mulcahy

      Re: Emergency brake controlled by a computer!!!

      Reading the article, it seems that it was a thyristor or some such electrical component that failed. This is not the same as a computer.

      1. Anonymous Coward
        Anonymous Coward

        Re: Emergency brake controlled by a computer!!!

        ... and either no failure analysis was done or the results were ignored. That's a lawsuit right there.

      2. kain preacher

        Re: Emergency brake controlled by a computer!!!

        thyristor was bart. this was computer error.

        1. Stoneshop

          Component failure

          thyristor was bart. this was computer error.

          From the article: "were also replaced on 100 BART"; emphasis for your enlightenment

        2. Doctor Syntax Silver badge

          Re: Emergency brake controlled by a computer!!!

          "thyristor was bart. this was computer error."

          From TFA:

          The Examiner notes that faulty circuitry components – thyristors linking the brake and accelerator pedals to the motor – were also replaced on 100 BART... trains last year.

          It seems clear enough that thyristors were at fault in both cases.

          Thyristors are electronic and computers are electronic so obviously it's a computer error; any newspaper would say the same thing.

          1. Anonymous Coward
            Anonymous Coward

            Re: Emergency brake controlled by a computer!!!

            "Thyristors are electronic and computers are electronic so obviously it's a computer error; any newspaper would say the same thing."

            Thyristors are power components, nothing to do with computers. Given the age, though, I'd be more inclined to suspect a more modern technology like IGBJTs. Catastrophic failure of gate drivers isn't unknown.

            1. Martin-73 Silver badge

              Re: Emergency brake controlled by a computer!!!

              Indeed, amongst the power electronics 'maker' crowd IGBTs are well known for being 'that thing that randomly stops working' due to spikes of any kind.

          2. Anonymous Coward
            Anonymous Coward

            Re: Emergency brake controlled by a computer!!!

            "Thyristors are electronic and computers are electronic so obviously it's a computer error; any newspaper would say the same thing."

            See also:

            "Nuclear war = bad therefore nuclear power = bad", and the far less-reported "hurricanes kill people therefore wind power = bad". And the ever-popular "My dog has four legs. This cat has four legs. Therefore this cat is a dog"

      3. hplasm
        Unhappy

        Re: Emergency brake controlled by a computer!!!

        We are fast approaching the tabloid singularity where a piece of wire will be seen as ' computer' by Joe Public- because magic (technology).

      4. Al fazed
        Thumb Up

        Re: Emergency brake controlled by a computer!!!

        controlled by a computer ? Not a problem ! Computer software designed by a human ? Now I am scared .

    2. Anonymous Coward
      Anonymous Coward

      Re: Emergency brake controlled by a computer!!!

      Between anti-lock braking that (temporarily) removes breaking pressure and "active collision avoidance" that will apply emergency braking I think you will find that computers are already in control of the brakes in a new car. I've yet to check inside my new Honda HRV to see if the brake pedal does something physical connected to the brakes or it just provides a sensor input. I'm not sure I want to know. At least I have the handbrake to fall back on ..... oh no ...... its electric and "automatic" too.

  4. Anonymous Coward
    WTF?

    Shouldn't they have a 'safe' failure mode?

    If the connection is lost it should be seen as the brakes being applied. Then instead of driving wildly with no brakes, it would simply come to a halt in the street and people could safely disembark. As opposed to becoming a real-life remake of Sandra Bullock's worst movie.

    1. Flocke Kroes Silver badge

      Re: Shouldn't they have a 'safe' failure mode?

      2nd worst. You forgot/repressed the sequel.

      1. Graham Dawson Silver badge

        Re: Shouldn't they have a 'safe' failure mode?

        Four.......knots! *shakes around a bit more*

    2. CommanderGalaxian
      Boffin

      Re: Shouldn't they have a 'safe' failure mode?

      "If the connection is lost it should be seen as the brakes being applied".

      Indeed.

      Presumably the basics of fail safe design was beyond them. Yet, it's standard stuff - if the breaking unit is not continuously receiving a signal via the link that says "do not brake", then the brakes should be applied automatically.

    3. Crazy Operations Guy

      Re: Shouldn't they have a 'safe' failure mode?

      Pretty much every other form of transportation uses that model, if the brakes fail, automatically slowly apply the brakes. Trains will slow down to a gentle stop when it senses that the operator isn't in control or doesn't receive the "Safe To Go Fast" signal. Planes and even spacecraft will disconnect the automatic systems and sound an alarm to inform the meat-sack that its now their problem. Drones will land if they either lose signal or get confused. Hell, even cheap dollar-bin R/C cars will stop if they don't receive instructions...

      1. Anonymous Coward
        Anonymous Coward

        Re: Shouldn't they have a 'safe' failure mode?

        "Pretty much every other form of transportation uses that model, if the brakes fail, automatically slowly apply the brakes."

        You've actually put your finger on the problem. Fail-safe brakes cannot be too fierce, or accidental application could cause problems of its own. Trains have loads of space to slow down. But cars and buses do not A system that would be effective and fail safe would be extremely dangerous if it failed in nose to tail traffic; gentle application of brakes is of no use going down a steep hill in SF.

        1. Anonymous Coward
          Anonymous Coward

          Re: Shouldn't they have a 'safe' failure mode?

          Gentle application of brakes may not be ideal if the system fails going down a steep hill, but it is a much better alternative to NO brakes.

          Ignoring the odds of a communication failure to the brakes when you just happen to be descending a really steep hill, who says you have to pick a particular braking force and stick with it? Start gentle (to give any vehicles behind - as well as occupants of this one - time to react) and then increase braking force to insure you come to a stop.

          1. John Brown (no body) Silver badge

            Re: Shouldn't they have a 'safe' failure mode?

            ..not forgetting of course that in this instance the failure was the accelerator which failed in "pedel to the metal" mode rather than a more safe "cut the power" mode.

            1. Anonymous Coward
              Anonymous Coward

              Re: Shouldn't they have a 'safe' failure mode?

              That's what I get for reading the headline and not the article, but that's way stupider than having the brakes fail in "off" position. The engineers responsible should never be allowed to be engineers ever again.

  5. m0rt

    "Every vehicle goes through routine maintenance and is checked every morning to ensure the vehicle is safe for operation. We only put vehicles on the street that are safe and meet all state requirements for Muni service."

    Riiiiight.

    Just like this bus, in fact.

    1. Doctor Syntax Silver badge

      "Just like this bus, in fact."

      And only a few customers were involved.

      And it was a state-sponsored hacker.

      There's always more in the PR handbook.

  6. Magani
    Unhappy

    Safe, huh?

    "... insisted to The Register that the electric trolley busses are completely safe."

    Safe? As shown by the bus in the accompanying article that sent the driver to hospital?

    Has no one there ever heard of the philosophy of 'Failsafe'?

    1. Yet Another Anonymous coward Silver badge

      Re: Safe, huh?

      The bus was perfectly safe - it was only the driver and passengers that were in any danger.

      1. Crazy Operations Guy

        Re: Safe, huh?

        San Francisco has some pretty steep hills where the bottom is a simple t-intersection with a piddly guard rail preventing a vehicle from going into the bay. It would be perfectly reasonable to think that a bus might lose braking going down one of those hills and t-bone a school bus with both ending up on the bottom of the bay in a matter of seconds.

  7. JeffyPoooh
    Pint

    System Design 101

    You're doing it wrong.

  8. Kevin 6

    Wow what a design

    Why not just use a simple method like the emergency brake lever connected to a drum like on cars, and once it moves it can physically sever the power without the need of a computer to tell it to slow down. The lever itself could act as the conductor, and when its in operation mode it could be a giant switch for the power to the wheels so when its pulled the circuit opens.

    1. Anonymous Coward
      Anonymous Coward

      "Why not just use...the emergency brake lever connected to a drum like on cars"

      (a) because Bowden cable linkages are more unreliable and need much more maintenance than modern electronics or hydraulics.

      (b) because stopping a bus quickly with a manually operated braking system would take an awful lot of force - hydraulic brakes need servos and if they fail the stopping distance increases dramatically.

      (c) good luck with taking a large electric motor drawing power and suddenly interrupting the circuit with a manual switch. The magnetic circuit can no longer be maintained by the circulating current, and with the circuit open a lot of energy has to go somewhere. It usually goes into winding-destroying arcs, after which you have wheels which have no braking at all.

      I don't mean to come over all superior because not that many people have experience of power electronics and motor drives, but the challenges of stopping a bus quickly are surprisingly complex. Which is why situations like this occur in the first place. The problems with trains, of course, are much bigger still, which is why they need dedicated rails and long stopping distances.

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like