Dead man's switch
A dead man's switch (for other names, see alternative names) is a switch that is automatically operated in case the human operator becomes incapacitated, such as through death or loss of consciousness.
The switch usually stops a machine, and is a form of fail-safe. They are commonly used in locomotives, aircraft refuelling, freight elevators, lawn mowers, tractors, personal watercrafts, outboard motors, chainsaws, snowblowers, tread machines, snowmobiles, and many medical imaging devices.
The Special Weapons Emergency Separation System is an application of a dead man's switch in the field of nuclear weapons.
A dead man's switch may also be used to activate a harmful device, such as a bomb or IED. The user holds down a switch of some sort in their hand which arms the device. When the switch is released, the device will activate, so that if the user is killed while holding the switch, the switch will be released and the bomb will detonate.
Contents
Background
Interest in dead-man's controls increased with the introduction of electric streetcars and especially electrified rapid transit trains, though dead-man equipment was quite rare on US streetcars until comparatively recently. In conventional steam railroad trains, there was always a second person with the engineer, the fireman, who could almost always bring the train to a stop if necessary. For many decades this practice continued on electric and diesel locomotives, even though a single person could theoretically operate them.
With modern urban and suburban railway systems, the driver is typically alone in an enclosed cab. Automatic devices were already beginning to be deployed on newer installations of the New York City Subway system in the early 20th century. The Malbone Street Wreck on the Brooklyn Rapid Transit system in 1918, though not caused by driver incapacitation, did spur the need for universal deployment of such devices to halt trains in the event of the operator's disability. Per Manhattan borough historian Michael Miscione, there have been at least three instances where the dead-man's switch was used successfully - in 1927, 1940, and 2010.[1]
Types
Handle
Pneumatically or electrically linked dead-man's controls, still used today, involve relatively simple modifications of the controller handle, the device that regulates traction power. The main requirement is that the train's emergency brakes are applied if pressure is not maintained on the controller.
Typically, the controller handle is a horizontal bar, rotated to apply the required power for the train. Attached to the bottom of the handle is a rod which, when pushed down, contacts a solenoid or switch inside the control housing. The handle springs up if pressure is removed, releasing the rod's contact with the internal switch, instantly cutting power and applying the brakes.
Though there are ways that this type of dead-man's control could conceivably fail, they have proven highly reliable.
On some earlier equipment, pressure was not maintained on the entire controller, but on a large button protruding from the controller handle. This button also had to be pressed continuously, typically with the palm of the hand so that the button was flush with the top of the handle. Another method used, particularly with some lever-type controllers, which are pushed or pulled rather than rotated, requires that the handle on the lever be turned through 90 degrees and held in that position while the train is in operation.
Some dead-man's controls require the motorman to hold it in the mid-position rather than apply full pressure (see pilot valve).
In modern New York City Subway trains, for example, the dead man's switch is incorporated into the train's speed control. On the R142A car, the train operator must continually hold the lever in place. This was depicted in the movie and book The Taking of Pelham 123, in which a group of men hijack a New York City subway train for ransom, but need to override the dead man's switch in order to escape.
Every lawn mower sold in the US since 1982 has an "operator-presence" device, which by law must stop the blades within 3 seconds after the user lets go of the controls.[2]
Touch sensor
On the Nottingham Express Transit vehicles, the tram's speed controller is fitted with a capacitive touch sensor to detect the driver’s hand. If the hand is removed for more than a short period of time, the track brakes are activated. Gloves, if worn, have to be finger-less for the touch sensor to operate. A back up dead-man's switch button is provided on the side of the controller for use in the case of a failed touch sensor or if it is too cold to remove gloves.
Pedal
A pedal can be used instead of a handle. In the Waterfall train disaster, it appeared that the driver slumped on his seat, keeping the pedal depressed when he died suddenly of a heart attack. In the movie Silver Streak, a man hijacks the train and keeps it running by placing a heavy toolbox on the pedal.
The pedal can also have a vigilance function built in, where drivers must release and re-press the pedal in response to an audible signal. This prevents it from being defeated by the above circumstances, and is a standard feature on British DSD systems.[3]
Some types of locomotive are fitted with a three-position pedal, which must normally be kept in the mid-position. This also eliminates the possibility of accidentally defeating it, although it may still be posible to deliberately do so. Adding a vigilance function to this type of pedal results in a very safe system. However, isolation devices are still provided in case of equipment failure, so a deliberate override is still possible. These isolation devices usually have tamper-evident seals fitted for that reason.
Seat switches
On modern tractors, the switch is beneath the seat, and will cut the engine if the operator gets off the tractor while the transmission is engaged or the power take-off is spinning.
Key switches
On recreational vehicles, such as boats with outboard motors, snowmobiles, jet skis and waverunners, the user has the ignition key attached to his wrist or waist by a leash. The key will be removed from the ignition switch if the rider falls off the vehicle, thus turning off the engine or setting the throttle position to "idle". Some exercise treadmills also have this feature, to stop the treadmill if the user falls. The dead man switch on a treadmill usually consists of an external magnet controlling the circuity that provides power to the treadmill belt.
Altimeter switches
Strategic Air Command developed a dead man's switch for its nuclear bombers, known as Special Weapons Emergency Separation System (SWESS), that ensured the nuclear payload detonated in the event of the crew becoming incapacitated through enemy action. The purpose of this device, unlike other examples mentioned above, was to fail-deadly rather than fail-safe. Once armed, the system would detonate the onboard nuclear weapons if the aircraft's altitude dropped below a predetermined level.[4]
Vigilance control
The main safety failing with the basic dead man’s system is the possibility of the operating device being held permanently in position, either deliberately or accidentally. Vigilance control was developed to detect this condition by requiring that the dead man’s device be released momentarily and re-applied at timed intervals.
There has also been a proposal to introduce a similar system to automotive cruise controls[citation needed].
A hybrid between a dead man's switch and a vigilance control device is a dead-man's vigilance device.
Software uses
Software versions of dead man's switches are generally only used by people with technical expertise, and can serve several purposes; such as sending a notification to friends or deleting and encrypting data. The "non-event" triggering these can be almost anything, such as failing to log in for 7 consecutive days, not responding to an automated e-mail, ping, a GPS-enabled telephone not moving for a period of time, or merely failing to type a code within a few minutes of a computer's boot.
Spacecraft uses
Many spacecraft use a form of dead man's switch to guard against command system failures. A timer is established that is normally reset by the receipt of any valid command (including one whose sole function is to reset the timer.) If the timer expires, the spacecraft enters a "command loss" algorithm that cycles through a predefined sequence of hardware and/or software modes (such as the selection of a backup command receiver) until a valid command is received. The spacecraft may also enter a safe mode to protect itself while waiting for further commands.
While having some similarities to a dead man's switch, this type of device (a command loss timer) is not actually a dead man's switch, because it aims to recover from a hardware failure rather than the absence of human operators. It is generally called a watchdog timer, and is also used extensively in nuclear power control systems. System components on a spacecraft that put it into a safe mode or cause it to execute default behaviors when no command is received within a predefined time window can be considered a dead man's switch, but hardware or software that attempts to receive a command from human operators through an alternate channel is an auto-recovering or adaptive communications system, not a dead man's switch.
Voyager 2 recovered from a command receiver failure with a command loss timer.[5]
Alternative names
- Driver's Safety Device (DSD) is the official UK railway term.
- Dead man's trigger
- Dead man's pedal
- Dead man's handle
- Dead man's control
- Dead man's brake
- Kill switch
- Kill cord
- Vigilance control
- Live-man switch
- Dead man's button
Event recording
The status and operation of both the vigilance and dead-man's may be recorded on the train's event recorder (commonly known as a black box).
See also
References
Cite error: Invalid <references>
tag;
parameter "group" is allowed only.
<references />
, or <references group="..." />
External links
- Deadmans on French trams and guided (trolley) buses (PDF)
- Online Dead Man's Switch service
- Free Online Dead Man's Switch servicede:Totmanneinrichtung
es:Pedal de hombre muerto fr:Veille automatique ko:데드맨 장치 it:Dispositivo vigilante nl:Dodemansknop ja:デッドマン装置 pl:Czuwak fi:Kuolleen miehen kytkin sv:Dödmansgrepp
zh:駕駛失知制動裝置- ↑ Newman, Andy (May 7, 2010). "Not the First Time the 'Dead-Man' Switch Did Its Job". The New York Times. Retrieved May 7, 2010.
- ↑ http://www.uaex.edu/Other_Areas/publications/HTML/FSA-1005.asp
- ↑ http://locodocs.co.uk/brmanuals/DSD-33056-4-Issue1.htm
- ↑ Sagan, Scott Douglas (1995). The Limits of Safety. Princeton University Press. pp. 187–188. ISBN 0691021015. Retrieved 2008-11-16.
- ↑ Voyager Support, DSN Progress Report 42-49, Jet Propulsion Laboratory, November-December 1978. Retrieved 4 March 2009.