Replies to This Discussion

Permalink Reply by Ellison Chan on May 29, 2012 at 11:40am

First, even if the signal was lost, and the receiver continues sending the last signal to the decode, the craft will not fly away at full throttle, unless that was the last signal sent.  My idea is that because we have all the sensors on the IMU, the craft should never be allowed to fly away at full throttle.  With geo-fencing fully implemented, the craft should only fly within preset limits.

From my point of view, I don't think that the decoder is the place to put any kind of failsafe algorithm.  It's task is simple to decode the PWM signals coming from the receiver.  It's got a small memory, and the code on it needs to run as fast as possible, without complicated delays, that may be introduced to figure out failsafe.

• ▶ Reply

Permalink Reply by Zen on May 29, 2012 at 12:05pm

First, even if the signal was lost, and the receiver continues sending the last signal to the decode, the craft will not fly away at full throttle, unless that was the last signal sent.

Fair, but it holds the last signal sent, and in my case that was (near) full throttle.  At which point it stayed at (near) full throttle for about 15 minutes.

I'm not saying the decoder is the place to do the processing, I'm just simply trying to point out that the "brain" has no idea what's going on and cannot make a decision based on information its not receiving in the first place. 

Let me explain it this way:  If I'm flying and all of a sudden signal is lost, the brain should say, "hey, I'm no longer being told what to do, I should do something about that." (autopilot, gps hold, altitude hold, beep)

Geo-fencing is a great bandaid for the problem, and a good fail-failsafe, but it is not a fix. With a craft that has the ability to assume control - at the very least stabilize itself and warn the user - geo-fencing should never come into play, but as a last resort we know the craft will crash within that zone.  My issue is that the brain is not being given enough info and is completely blocked from assuming control when it is no longer being told what to do as is the case with signal loss. It does us no good to have all these sensors to collect data if we can't do anything in response to the data we're collecting.

• ▶ Reply

Permalink Reply by Jake Stew on May 29, 2012 at 12:06pm

Again people are trying to get fancy without the proper foundation.  We need a watchdog system with multiple timers so that failure conditions can be recognized before we do anything else.

Right now the APM has no watchdog system and intentionally ignores it's RX inputs which not only is bad design but actually defeats the safety feature of having the RX drop the throttle signal.

Both of these things should have been done from day one in the beta stage, long before version 1.0.  I mention that not to shame anyone, but to point out that's the first thing that needs to be done now.

Zen would not have lost his quad if these things had been done.  We have to start from worst case (total loss of control) and then deal with the more minor cases.

The reason we can't forge ahead is because we'll repeat the same mistake made in the first place.  We'll have a really cool system that does all kinds of fancy things but can't get the basics right.  

Already people are thinking the geofencing is a magic pill for safety.  It's not!  It does nothing for loss of control.  If the APM tries to turn back when it hits the geofence and it doesn't work the craft will sail off exactly like it did before.  Really cool system, but no basic safety foundation.

• ▶ Reply

Permalink Reply by Brad Smith on May 29, 2012 at 12:02pm

i don,t know what would happen if we all had different failsafe,s programed ? we probably need to approach this as "What if a newbie done this" and keep in mind the different platforms . My GF approach  could be adjusted for most platforms and would be easy to implement with a MP update ,but it would be better if it followed predefined waypoints  back to home and auto landed and for ground vehicles should just shut down

• ▶ Reply

Permalink Reply by Zen on May 29, 2012 at 12:13pm

I am a newb - this was my first rc ever, my first build, and my first loss due to lack of safety.  Whatever system is designed to give the APM the ability to detect signal loss is fine by me.  Watchdog et al.  I'm simply stating, from a newbs perspective, that buying into autopilot hardware that won't autopilot seems a might bit silly.  If signal is lost because my tx/rx gear is cheap or whatever I would not in a million years have expected my craft to hold throttle and fly away.  At the very least I would expect it to drop out of the sky, but since we're talking about improving safety that isn't a great answer either...

• ▶ Reply

Permalink Reply by Ellison Chan on May 29, 2012 at 11:11am

Sorry, guys there's already a thread talking about the legalities, can we not limit discussion here to technical issues?

• ▶ Reply

Permalink Reply by Jake Stew on May 29, 2012 at 12:13pm

One thing Zen mentioned is that since his craft flew off he has no idea what happened to it.  If someone was knocked unconscious or bleeding or otherwise injured from his copter crashing on them he had no way to offer assistance.  If you can help the person you injure it sure goes a long way towards mitigating the damage.  If they die from injuries when you could have saved them your reckless endangerment just went to manslaughter.  That's from a misdemeanor or minor felony (fine+probation) to 5-10 years in prison.  If it started a fire in the woods he has no chance to put it out.  That's also the difference between an accident and prison time.  He also has no pieces with which to rebuild his project and he's out his entire investment.

If you're at 400ft killing the throttle isn't going to be safe by any means, but not killing it sure makes it a lot more dangerous.  It can fly higher and further which makes it much more dangerous than the initial situation.  When it crashes it will also keep spinning the motors and running current through a damaged circuit.  That makes the risk of fire or injury that much greater.

• ▶ Reply

Permalink Reply by Zen on May 29, 2012 at 12:16pm

A safe flying field - lol, that won't help you any if your chopper flys away on its own because of control signal failure and a lack of response from the APM, but in general, sure.

• ▶ Reply

Permalink Reply by Jake Stew on May 29, 2012 at 12:50pm

There's really no such thing as a safe field if your aircraft takes off under power and runs away until the batteries run out.

I highly doubt anyone flies so far out in the country that their plane/quad can't make it to *something*.  Even if you are far away from populated areas your LiPo battery can easily start a fire if it's damaged.  Starting a big forest fire is probably just as dangerous as crashing in a city.

• ▶ Reply

Permalink Reply by Jake Stew on May 29, 2012 at 12:41pm

What a n00b!  You don't even know that you're only supposed to fly from a boat out in international waters or out in Siberia if you don't have a boat?

LOL!  I feel for you man.  You lost all your gear then on top of that had people shitting on you in this forum for not knowing what you were doing.  Then they started dissing on the 9X transmitter.  Hopefully you feel a little better now that we figured out it was a flaw in the APM which defeated the safety of your perfectly good transmitter system.

I think 3DR should, at a minimum, send you a new unit for their cost or split the damages with you.  Legally they're probably liable for the whole thing anyways since they provided no warning that their unit actively disables the 9X failsafe.

Have you tried asking them?

• ▶ Reply

Permalink Reply by Zen on May 29, 2012 at 12:50pm

I have not. I guess I assumed I was up shit creek based upon the negative feedback I've been getting here.

• ▶ Reply

Permalink Reply by Jake Stew on May 29, 2012 at 1:01pm

I would ask them how far they are willing to go to make you whole again.  I'm sure they'll do something for you.  They're not a bad company, but they obviously can't start giving out free gear for every crash.

I think in your case they can help you out in some way or another though.  You endured the abuse of this forum to bring a major flaw to light.  I would say that you potentially saved them a lot of money by getting them out of this bug for cheap.  They can now warn people about this "feature" and avoid a lot of future liability.

Had someone been injured they would have been up shit creek.  This is exactly the kind of case lawyers chase ambulances for.

• ▶ Reply

• ‹ Previous
• 1
• 2
• 3
• 4
• 5
• …
• 13
• Next ›
• Page