Railsigns
Established Member
- Joined
- 15 Feb 2010
- Messages
- 2,503
I would like you to sight [cite] an example of something on the railway that does not fail safe.
1. A signal lamp for a red aspect.
2. TPWS.
I would like you to sight [cite] an example of something on the railway that does not fail safe.
1. A signal lamp for a red aspect.
2. TPWS.
No arguments that it was a wrong side failure.
A wire count is a much simpler task than deciphering millions of lines of code but you are correct that one simple error can cause a dangerous situation.
Waterloo?
Cardiff East Junction?
Watford tunnel?
Broad Oak level crossing, Kent?
That's just from RAIB reports published in 2017.
1. A signal lamp for a red aspect.
2. TPWS.
Correct me if I'm wrong, but I was of the understanding that if there's a signal lamp failure (i.e. a blank signal) then that's automatically interpreted as a "Danger", in addition to being preceded by cautionary signals and the AWS magnet still being active making it subsequently a human failure if the driver overrides the AWS and carries on?
You're not wrong (although a failed signal lamp may hold the preceding signal at red), but the fact remains that a signal lamp that's gone out when it should be lighting a red aspect has not failed safe. This is an example of a 'protected wrong side failure', for the reasons you've given.
1. Yes it does. A blank aspect is the same as a red to a driver.
2. TPWS test is checked every time a driver opens their desk in the cab.
Precisely - the obvious test case in this case; what happens if an aspect is blank at night?
That doesn't make it failsafe. A lamp that's not lit when it should be showing red hasn't failed safe.
TPWS track equipment isn't failsafe. If a loop fails to energise, all protection is lost.
It has because as a driver you are trained to deal with that by stopping immediately.
TPWS is only there to protect against a driver error or incapacitation. TPWS isn’t the main protection, the driver is. In this case the ETCS in cab signaling is the main protection for those speed restrictions and it failed. It’s the whole mantra of some that technology is infallible and humans are defunct that annoys me about all. Software is only as good as the human who programmed it.
I assure you, a signal that's gone dark when it should be displaying a red aspect has not failed safe. Driver training regarding such an occurrence is a form of mitigation, that's all.
I assure you, a signal that's gone dark when it should be displaying a red aspect has not failed safe. Driver training regarding such an occurrence is a form of mitigation, that's all.
Whilst I agree. Isn't failing to a blank state still considered 'safe' ? Failing unsafe would mean showing a proceed aspect when it should be showing a red. Can they do that ? I have seen a signal do something very weird but I have never seen a clear into an occupied section. Anecdotally I have heard it but I considered it more of an urban myth.
Whilst I agree. Isn't failing to a blank state still considered 'safe' ?
Failing unsafe would mean showing a proceed aspect when it should be showing a red. Can they do that ? I have seen a signal do something very weird but I have never seen a clear into an occupied section. Anecdotally I have heard it but I considered it more of an urban myth.
A blank signal that should be at red is less safe than signal showing red (it's more likely that a train will pass it). 'Failsafe' means reverting to the safer option upon failure, i.e. lit at red in the case of the example given.
I would also argue that more Drivers pass Red than Blank.
The railway doesn't do things based on what's "likely" to happen (or not happen).
The utterly scary thing about all this is there is clearly a bug in the coding.
As a driver you know where signals are so you know something is wrong if you don’t see any light at all at night.
CLJ was not an engineered system that failed. It was human error. No ifs and buts. That failure was caused by rogue wires not being cut back after changes to the system.
Waterloo was an installation error, so was Cardiff. Watford was a embankment collapse, nothing to do with signaling. Broad Oak the system was not put back into the correct state. Apart from Watford all are attributed to human error in some way because of time pressures etc. This failure of the digital signaling is because there seems to be a fundamental flaw somewhere in the whole system which is very scary. The others could not fail safe because they weren’t installed or put back correctly.
Quite!!
And for a more recent example, I cite Moreton on Lugg.