[OT] Locomotive radio remote control systems failure

Discussion:

James Cameron

2018-11-09 07:13:15 UTC

Interim report into a runaway train incident.

Driver was in cement loading facility using remote control to move the
train under loading chutes.

"While the last pair of wagons were being aligned, the train came to a
stop past the intended stop location."

"he selected reverse to re-align the final two wagons with the loading
chutes. However, after selecting reverse, the train became
unresponsive to his remote commands."

"he attempted multiple times to reset the remote control equipment
with the portable remote transmitter. After allowing time for the
remote control system to recover, the locomotive continued to be
unresponsive to his commands."

"driver decided to walk to the lead locomotive TR11 to undertake a
cold restart of the remote control system at the receiver located on
the rear of the locomotive. Before he started to walk, at about 0846,
the train slowly began rolling away" [cue twilight zone theme]

http://www.atsb.gov.au/publications/investigation_reports/2018/rair/ro-2018-014/

--
James Cameron
http://quozl.netrek.org/
--
http://www.piclist.com/techref/piclist PIC/SX FAQ & list archive
View/change your membership options at
http://mailman.mit.edu/mailman/listinfo/piclist

RussellMc

2018-11-09 08:10:29 UTC

Permalink

Lucky [tm] pedestrians

Image: Loading Image...

" ... At approximately 0846[1
<http://www.atsb.gov.au/publications/investigation_reports/2018/rair/ro-2018-014/#footnote1>
] on 21 September 2018, a TasRail freight train rolled away from a loading
facility at Railton, Tasmania. There was no train crew on board the freight
train at the time. The train travelled for about 21 km before being routed
into a dead-end siding in Devonport.

At about 0909, the train collided with the end of a dead-end siding,
destroyed a fence line and travelled in a derailed state for about 60 m
into a public area (Figure 1). Two pedestrians within the public area
received minor injuries from fence debris."

Real time games:

The Network Access Manager in TasRail Train Control, with the assistance of
the TasRail Rolling Stock Assets Manager, were able to monitor the progress
of the train using the real time locomotive performance monitoring system.
The Network Access Manager communicated this information to the police
during the runaway. The police used this information to coordinate their
resources to the area ahead of the runaway train. The police concentrated
on stopping vehicles and pedestrian traffic at level crossings and about
the railway corridor.

Post by James Cameron
Interim report into a runaway train incident.
Driver was in cement loading facility using remote control to move the
train under loading chutes.
"While the last pair of wagons were being aligned, the train came to a
stop past the intended stop location."
"he selected reverse to re-align the final two wagons with the loading
chutes. However, after selecting reverse, the train became
unresponsive to his remote commands."
"he attempted multiple times to reset the remote control equipment
with the portable remote transmitter. After allowing time for the
remote control system to recover, the locomotive continued to be
unresponsive to his commands."
"driver decided to walk to the lead locomotive TR11 to undertake a
cold restart of the remote control system at the receiver located on
the rear of the locomotive. Before he started to walk, at about 0846,
the train slowly began rolling away" [cue twilight zone theme]
http://www.atsb.gov.au/publications/investigation_reports/2018/rair/ro-2018-014/
--
James Cameron
http://quozl.netrek.org/
--
http://www.piclist.com/techref/piclist PIC/SX FAQ & list archive
View/change your membership options at
http://mailman.mit.edu/mailman/listinfo/piclist

--
http://www.piclist.com/techref/piclist PIC/SX FAQ & list archive
View/change your membership options at
http://mailman.mit.edu/mailman/listinfo/piclist

Harold Hallikainen

2018-11-12 17:41:21 UTC

Permalink

It will be interesting to see what they find. "Dead man switches" have
been common in trains for a long time. It's interesting that the loss of
radio control did not shut down the train.

Here, in the Denver CO USA area, the light rail is the first in the US to
use Positive Train Control ( http://www.rtd-fastracks.com/ep3_149 ). As I
understand it, its main purpose is to slow or stop the train if it's
approaching a dangerous situation (another train, curve at too high a
speed, improperly set track switch, etc.). Here, though, it's also
apparently being used to control signals and crossing gates. Gates are
required to go down 20 seconds before the train arrives (see
https://safety.fhwa.dot.gov/hsip/xings/com_roaduser/07010/sec04b.cfm ).
Here, the concern has been that gates are going down too early,
encouraging drivers to drive around them. As such, one line here is
operating with a waiver and "persons of flag" at each crossing. Another
line does not have a waiver, but has test trains running (for the past
several months). Flaggers are at each crossing.

Harold

--
FCC Rules Updated Daily at http://www.hallikainen.com
Not sent from an iPhone.
--
http://www.piclist.com/techref/piclist PIC/SX FAQ & list archive
View/change your membership options at
http://mailman.mit.edu/mailman/listinfo/piclist

David Van Horn

2018-11-12 20:31:08 UTC

Permalink

After all this time, you'd think we could get trains right...
And we're now trying spacecraft and self driving cars. 😊

-----Original Message-----
From: piclist-***@mit.edu <piclist-***@mit.edu> On Behalf Of Harold Hallikainen
Sent: Monday, November 12, 2018 10:41 AM
To: Microcontroller discussion list - Public. <***@mit.edu>
Subject: Re: [OT] Locomotive radio remote control systems failure

It will be interesting to see what they find. "Dead man switches" have been common in trains for a long time. It's interesting that the loss of radio control did not shut down the train.

Here, in the Denver CO USA area, the light rail is the first in the US to use Positive Train Control ( http://www.rtd-fastracks.com/ep3_149 ). As I understand it, its main purpose is to slow or stop the train if it's approaching a dangerous situation (another train, curve at too high a speed, improperly set track switch, etc.). Here, though, it's also apparently being used to control signals and crossing gates. Gates are required to go down 20 seconds before the train arrives (see https://safety.fhwa.dot.gov/hsip/xings/com_roaduser/07010/sec04b.cfm ).
Here, the concern has been that gates are going down too early, encouraging drivers to drive around them. As such, one line here is operating with a waiver and "persons of flag" at each crossing. Another line does not have a waiver, but has test trains running (for the past several months). Flaggers are at each crossing.

Harold

--
FCC Rules Updated Daily at http://www.hallikainen.com Not sent from an iPhone.
--
http://www.piclist.com/techref/piclist PIC/SX FAQ & list archive View/change your membership options at http://mailman.mit.edu/mailman/listinfo/piclist

--
http://www.piclist.com/techref/piclist PIC/SX FAQ & list archive
View/change your membership options at
http://mailman.mit.edu/mailman/listinfo/picl

John Gardner

2018-11-12 20:39:02 UTC

Permalink

...after all this time you'd think we could get trains right...

+1...

--
http://www.piclist.com/techref/piclist PIC/SX FAQ & list archive
View/change your membership options at
http://mailman.mit.edu/mailman/listinfo/piclist

rossano gobbi

2018-11-21 20:55:17 UTC

Permalink

Trains ain’t so easy to run like it seems. :-)
And often, what with cars would be considered a fairly normal event, like bumping at low speed into another car, with trains it would be considered as an unacceptable risk...

Post by John Gardner
...after all this time you'd think we could get trains right...
+1...
--
http://www.piclist.com/techref/piclist PIC/SX FAQ & list archive
View/change your membership options at
http://mailman.mit.edu/mailman/listinfo/piclist

--
http://www.piclist.com/techref/piclist PIC/SX FAQ & list archive
View/change your membership options at
http://mailman.mit.e

Harold Hallikainen

2018-11-22 00:16:58 UTC

Permalink

Post by rossano gobbi
Trains ain’t so easy to run like it seems. :-)
And often, what with cars would be considered a fairly normal event, like
bumping at low speed into another car, with trains it would be considered
as an unacceptable risk...

Today I ran across the specifications for the Denver light rail system:

https://nacto.org/docs/usdg/rtd_light_rail_design_criteria_regional_trans_district.pdf

There's a LOT that goes into the design!

Harold

rossano gobbi

2018-11-22 12:05:03 UTC

Permalink

And that’s for a light railway, in the States. Imagine here in Old-World, with all the EU, national and local rules and regulations to look after when designing trains, safety system and related infrastructure... Today with the TSI ( https://www.era.europa.eu/activities/technical-specifications-interoperability_en ) we’ve kind of made a step forward but still, there’s a LOT of stuff in there. The biggest topic in it probably being ETCS, the supposedly-unified new train control system specifications which really struggled to fight their way among an incredible lot of old and new national train protection systems of all sorts developed in the last hundred years (an amazing collection of engineering solutions of any kind, imho) but which seem to have finally take the right (long) way to one day become a european standard who will supposedly let train ride seamlessly through national borders. Maybe.

And then there’s the implementation problem, of course. So that you may find yourself with two (extremely complicated, SIL-4, not-cheap-at-all) systems developed with the same standard specs, lets say a train and the infrastructure it rides on, who for some unfathomable reason (a bug? Different specs interpretation by different, or even the same, manufacturers?) are incompatible. The difference with other fields being here that trains, with people on them, then come to a stand and one wonders: why can’t we just get trains right? :-)

Rossano

Post by Harold Hallikainen

https://nacto.org/docs/usdg/rtd_light_rail_design_criteria_regional_trans_district.pdf
There's a LOT that goes into the design!
Harold
--
FCC Rules Updated Daily at http://www.hallikainen.com
Not sent from an iPhone.
--
http://www.piclist.com/techref/piclist PIC/SX FAQ & list archive
View/change your membership options at
http://mailman.mit.edu/mailman/listinfo/piclist

--
http://www.piclist.com/techref/piclist PIC/SX FAQ & list archive
View/change your membership options at
http://mailman.mit.edu/mailman/list

Christopher Head

2018-11-13 07:12:40 UTC

Permalink

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Post by David Van Horn
After all this time, you'd think we could get trains right...

Well, I’d say we largely can, considering I ride a driverless light
train to work every day, which AFAIK has never crashed (at least not in
a serious way, which would have made the news).

Post by David Van Horn
Here, the concern has been that gates are going down too early,
encouraging drivers to drive around them.

Sounds like the part we can’t get right is people!
- --
Christopher Head
-----BEGIN PGP SIGNATURE-----

iHUEARYIAB0WIQQl7biEw6IqP57fjDtLFNZko10+CwUCW+p5aAAKCRBLFNZko10+
C2viAP97mI4fp3pnypr2c9ZO4lGDgtw5r4V0JlNoh+k2GvmR+QEA8M4Sl1eOrNK0
/1dMdBgXPHSK19Boi8TWWjlDl5Hu8gQ=
=v94i
-----END PGP SIGNATURE-----

--
http://www.piclist.com/techref/piclist PIC/SX FAQ & list archive
View/change your membership options at
http://mailman.mit.edu/ma

RussellMc

2018-11-13 12:06:40 UTC

Permalink

Post by Harold Hallikainen
It will be interesting to see what they find. "Dead man switches" have
been common in trains for a long time. It's interesting that the loss of
radio control did not shut down the train.
I'll hazard that, having largely got trains right*, somebody added a layer

that created an artificial "person" and that the train reacted correctly
because the "person" continued to respond as a person should on the train
side of its black box but it's brain, or sensory input system (aka radio
link) had failed on the 'other side' of the black box, and the system
analysis had failed to conclude that dead I/O should result in dead- person
emulation.

R

__________________________________

* When:

- *The French spend 50 million+ Euro
<https://www.telegraph.co.uk/news/worldnews/europe/france/10845789/French-rail-company-order-2000-trains-too-wide-for-platforms.html>*"shaving"
1300 station platforms because new trains are "too wide"

- *100 people die when a carriage throws a wheel rim at 120 mph
<https://wiki2.org/en/Eschede_derailment+Brights>*("What's this thing
protruding through the floor?") and is essentially ignored (and you haven't
equipped passenger emergency stop signalling because it's too dangerous to
give them that power in a train this fast) and then carriages get sideways
and take out people mowing the embankment, and anything else within range.

- You can make lists like *this
<https://wiki2.org/en/List_of_TGV_accidents+Brights>.*

then one may conclude that we have trains only "almost right".

Russell

--
http://www.piclist.com/techref/piclist PIC/SX FAQ & list archive
View/change your membership options at
http://mailman.mit.edu/mailman/listinfo/piclist

Christopher Head

2018-11-13 18:03:39 UTC

Permalink

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Wed, 14 Nov 2018 01:06:40 +1300

Post by Harold Hallikainen
I'll hazard that, having largely got trains right*, somebody added a layer
that created an artificial "person" and that the train reacted
correctly because the "person" continued to respond as a person
should on the train side of its black box but it's brain, or sensory
input system (aka radio link) had failed on the 'other side' of the
black box, and the system analysis had failed to conclude that dead
I/O should result in dead- person emulation.

This may be true, though it seems odd. Having read a little about remote
control systems for locomotives, it seems like they were fairly well
thought-out for the most part; for example, apparently, the remote
control units even include accelerometers that apply emergency brakes
if they detect that the operator has fallen over (presumably in case of
being hit by the train). I would have thought “the radio signal
disappears” would be one of the first things that the designers would
think about…
- --
Christopher Head
-----BEGIN PGP SIGNATURE-----

iHUEARYIAB0WIQQl7biEw6IqP57fjDtLFNZko10+CwUCW+sR+wAKCRBLFNZko10+
CxYMAQCpwmsixZtL1Ij7OlrP4pKFkc+hNsg7W4xG3GVVnaB++gD/RdU2VtMottpP
KnTxz9JjBg/POenICFOM2dhWwc3ZTgc=
=JROp
-----END PGP SIGNATURE-----

--
http://www.piclist.com/techref/piclist PIC/SX FAQ & list archive
View/change your membership options at
http://mailman.mit.edu/

David Van Horn

2018-11-13 18:52:27 UTC

Permalink

What happens in the case of jamming, deliberate or accidental?
Link lost, train stops.. I can imagine someone doing that just to be a jackass.

-----Original Message-----
From: piclist-***@mit.edu <piclist-***@mit.edu> On Behalf Of Christopher Head
Sent: Tuesday, November 13, 2018 11:04 AM
To: ***@mit.edu
Subject: Re: [OT] Locomotive radio remote control systems failure

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Wed, 14 Nov 2018 01:06:40 +1300

Post by Harold Hallikainen
I'll hazard that, having largely got trains right*, somebody added a
layer that created an artificial "person" and that the train reacted
correctly because the "person" continued to respond as a person should
on the train side of its black box but it's brain, or sensory input
system (aka radio link) had failed on the 'other side' of the black
box, and the system analysis had failed to conclude that dead I/O
should result in dead- person emulation.

This may be true, though it seems odd. Having read a little about remote control systems for locomotives, it seems like they were fairly well thought-out for the most part; for example, apparently, the remote control units even include accelerometers that apply emergency brakes if they detect that the operator has fallen over (presumably in case of being hit by the train). I would have thought “the radio signal disappears” would be one of the first things that the designers would think about…
- --
Christopher Head
-----BEGIN PGP SIGNATURE-----

iHUEARYIAB0WIQQl7biEw6IqP57fjDtLFNZko10+CwUCW+sR+wAKCRBLFNZko10+
CxYMAQCpwmsixZtL1Ij7OlrP4pKFkc+hNsg7W4xG3GVVnaB++gD/RdU2VtMottpP
KnTxz9JjBg/POenICFOM2dhWwc3ZTgc=
=JROp
-----END PGP SIGNATURE-----

--
http://www.piclist.com/techref/piclist PIC/SX FAQ & list archive View/change your membership options at http://mailman.mit.edu/mailman/listinfo/piclist

--
http://www.piclist.com/techref/piclist PIC/SX FAQ & list archive
View/change your membership opti

Christopher Head

2018-11-13 21:30:28 UTC

Permalink

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Tue, 13 Nov 2018 18:52:27 +0000

Post by David Van Horn
What happens in the case of jamming, deliberate or accidental?
Link lost, train stops.. I can imagine someone doing that just to be a jackass.

I think the type of remote-control locomotives we’re talking about are
only used in yards, so presumably physical security of the premises
could deal with that problem. Now, radio control of rear locomotives on
a mainline train, with the transmitter in the lead unit where the
engineer is? That seems like a bigger problem.
- --
Christopher Head
-----BEGIN PGP SIGNATURE-----

iHUEARYIAB0WIQQl7biEw6IqP57fjDtLFNZko10+CwUCW+tCdAAKCRBLFNZko10+
Cw6SAP4sknJopgBhggEiNEU4ii4NfQzSQHEgk4Z5beCcw5y46gD/b1ZtkTpaYHXg
rknttVLght54zvIgqJlwzI12YntcoQk=
=WGs4
-----END PGP SIGNATURE-----

--
http://www.piclist.com/techref/piclist PIC/SX FAQ & list archive
View/change your membership options at
http://mailman.mit.edu/mailman/listinfo/picli

s***@agilent.com

2018-11-14 06:31:16 UTC

Permalink

And then there is this one:
http://www.atsb.gov.au/publications/investigation_reports/2018/rair/ro-2018-018/

Four locos and 268 wagons! Travelled 90 km in 50 minutes (according to news reports) But aloooooong way from any pedestrians...

Stephen

-----Original Message-----
From: piclist-***@mit.edu <piclist-***@mit.edu> On Behalf Of James Cameron
Sent: Friday, 9 November 2018 6:13 PM
To: ***@mit.edu
Subject: [OT] Locomotive radio remote control systems failure

Interim report into a runaway train incident.

Driver was in cement loading facility using remote control to move the train under loading chutes.

"While the last pair of wagons were being aligned, the train came to a stop past the intended stop location."

"he selected reverse to re-align the final two wagons with the loading chutes. However, after selecting reverse, the train became unresponsive to his remote commands."

"he attempted multiple times to reset the remote control equipment with the portable remote transmitter. After allowing time for the remote control system to recover, the locomotive continued to be unresponsive to his commands."

"driver decided to walk to the lead locomotive TR11 to undertake a cold restart of the remote control system at the receiver located on the rear of the locomotive. Before he started to walk, at about 0846, the train slowly began rolling away" [cue twilight zone theme]

http://www.atsb.gov.au/publications/investigation_reports/2018/rair/ro-2018-014/

--
James Cameron
http://quozl.netrek.org/
--
http://www.piclist.com/techref/piclist PIC/SX FAQ & list archive View/change your membership options at http://mailman.mit.edu/mailman/listinfo/piclist

--
http://www.piclist.com/techref/piclist PIC/SX FAQ & list archive
View/change your membership options at
http://mailman.mit.edu/mailman/listinfo/piclist