I tried to test some different modes and frankly nothing else comes to my mind anymore other than to put a heavy 40A relay to a main power line and attach a servo to it, so I could map it to one of taranis switches so in a case of malfunction or lost orientation I would be able to kill drone in the air or on the ground and stop props _immediately_.
Any other option I tried - a combination of 'land' mode with throttle cut off, an improved failsafe on remote switch off - none of that cuts power feed to props immediately, and quite often it leads to horrible results, like if in loiter mode drone suddenly gets to a GPS free zone or glitch, and starts something erratic, or flips over and tries to destroy everything around spinning props at full power ignoring remote commands to cut throttle input to zero.
I had only 3 incidents like that and I know now what it is, but it does not make my platform any safer.
What do you do for a physical kill switch? Do you have one built? If yes, how was it done?
Yes i want this functionality(Motor Emergency Stop) on APM 2.x as well. In my opinion is a very useful feature for safety and should have been implemented on APM as a final mechanism as well.
Has anyone figured out a workaround for the lack of emergency stop yet?
Doesn't seem to be any option on the market yet. What is needed is a single channel RC transmitter and receiver. None of this running through WiFi mickey-mousing either. At the receiver, a bank of 20A or 30A back-to-back power MOSFETS in parallel to function as a low-loss relay; pretty simple. Should cost less than $5 for parts. Hobby-K could probably make it for $5.50.
I know some in the ArduPilot camp will say "ahh, but we have that feature in ArduCopter, or it will be in version <pick a number and pick a date>..." baloney. Failsafe cutoff needs to be independent of ANY other software/hardware.
I've had my copter crash on a roof and the motor just keep going because the ESC will continue at the last input....
Funny how old posts sit for over a year and one person fires it up! And people just have to chime in!
Don't just want to kill the power. The SCR is a waste and you want to have to write software to program the ATtiny chip! Using the MOSFETs one can have a power on/off mechanism instead of having to pull the connectors apart. In addition, the MOSFETs can be used to control inrush current when powering up so the connector contacts don't fry. Simple logic output from a single channel receiver to pull it low, or perhaps trip a latch.
Or use one RC channel connected to an RC controlled switch (avail at hobbyK) to trip the MOSFETs. Personally I like the idea of a single channel RC transmitter dangling around my neck to be pressed in an emergency.
Yep, so lets make in work for good !!
The solution I am submitting here is a Kill by Design, cheap-lightweight and lethal.
The Attiny sketch I am using to trigger the SCR is about 30 lines and the 3 components could be easily integrated on the current sensor board.
I'd like to read more about your solution:
-Can you show me a small form factor 50-100 amps Mosfet that can operate on a 20-40 minutes at full load ?
- How would you activate it from a receiver ?
I think a solution in combination with both of your proposals would be perfect.
Does anyone know of any cheap 1 channel radio receiver?
or actually, you could just use an existing channel on the quads receiver and monitor the PWM cycle and finally toggle a MOSFET to kill the motor power. What would the effect of sending a 0 throttle signal through the PWM signal pin to the ESCs? That would eliminate the need for a heavy and expensive transistor to kill the motor power.
However, it is safer and not too difficult to kill the main control power line.There is no mention of the weight of this relay, and it is certainly not ideal: https://www.hella.co.nz/en/products/relays-flashers/mini-relays-nor...
To activate the 'kill mode' I am certainly not against adding a small Arduino Mini or even better an ATtiny, this would also allow for my 5050 RGB light strips to be controlled!
The real discussion point for me is surrounding the MOSFET which will be used to trip the 100A motor line.
Something along these lines looks plausible: https://www.digikey.com/product-detail/en/stmicroelectronics/STL100...
I am open for suggestions :-D
Cheers for all the replies.
I think its all depends on how you calculate the risk mitigation.
The Kill Switch by design is used as the last option in the chain of command, and depending on the requirement, you might have to trigger it from an independent control system , i.e. separate frequency-&-receiver separate power supply and an absolute guarantee to kill ''on the spot''. Its up to the designer to set the requirements, but on this particular case I was interested by the kill mechanism.
Using a Mosfet as a Master Switch, is adding a weak link in the system, that can cause a risk of failure in the power suppply. .
HK sells a switch device that connects to a spare channel of the RC receiver...I have NEVER had an RC transmitter or receiver fail so this is a reasonable approach. I have looked at single channel RC xmitter and receivers; none available.
@Patrick how is adding a MOSFET creating a "weak link"? FYI the Pixhawk has two back-to-back MOSFETS for power switching...yes I know that is only 3A for the flight controller.
For the 100A...just parallel multiple MOSFETs. Here is an example to use for power switching...could add an LTC1696...
Use the TRIGGER and REST as a manual on/off switch. INput to gate of Q1 can be from the output of the HobbyK RC switch...
Just for the fun of it I posted a clip from a circuit using the LTC1696 and a crowbar...
Nice diagrams :-)
By design, any components that you add to the power supply can be a source of failure. Adding multiple components in parallel as you are suggesting can attenuate this risk but add to the BOM and Weight because these active components need to sink the heat somehow.Additionally, you need to feed the power to activate the system, either you bleed off some from the battery or you have supply from an other source.
Basically we are comparing the master switch -vs- the ignition system in a plane. The Master activate a Relay to supply electrical system and the ignition is controlled by having the coils shorted to ground by the ignition switch.
Forget about added parts and weight for the moment. What we are pursuing is a method that will work which will allow the user to turn power on and off remotely. Then we can worry about the costs...and optimize!
Adding more MOSFETs is NOT going to increase the risk of failure except by one red hair...look at an ESC which has ten or more!
@ Thomas, if you think your design is good, just call it a Remotely Controlled Master Switch .... not a Kill Switch ;-)
To illustrate the difference and the risk associated, lets say that you need a constant radio signal to activate the Master Switch, what happens if this radio signal is lost ? Technically the Master Switch would turn OFF , causing an unintentional crash... This is what we call a risk of failure....
Statistically, the Master Switch must be reliable at 100% at all time of the system operation and the Kill switch must be reliable 100% at failure, depending on the design of the system , it can be less than 0.01 % of the time, so your Master Switch design must be 10,000 times more reliable than a Kill Switch.