Scanner safety boards
we have been intending on taking the plunge and fitting all our lasers with scan fail boards. As we have a bit of spare cash floating about at the moment im as keen as ill be for a while!
Has anyone used any of the various boards available(medialas, hb, ela, etc)
Any recomendations? :?:
Member
Hi,
you might want to contact Gento; check out his little baby:
http://www.gento.de/Safety_Input.pdf
as featured here:
http://www.laserfreak.net/forum/view...er=asc&start=0
It basically says:
* up to 8 (color) channels can be switched
* additional mechanical releais for shutters
* determine scan area via x and y settings, everything else is no-go
* watchdog checks for CPU faults
* etc.
* probably < $200 (?, well, you gotta ask him about the price...;-))
Cheers
Christoph
Popelscan is still alive - check out here!
Hehe,
unfortunatly, i can only read english..
I have been doing a bit more hunting, and have found a company making what looks to be the best board at a good price. This new board has many many more features than the others..
More info as it comes to hand(after ilda)
Senior Member
Hi Chw9999,
Thanks for pointing out this board by Gento. I actually know Gento, and met him at several LaserFreak conferences, but I did not know that he was into Laser Safety boards.
Although my primary language is English, I can read and speak a little bit of German since my grandparents from both sides were from Germany...
This board seems to have high aspirations. It is not unlike the scanner safety boards from MediaLas. I have a HUGE problem with both of these however since both of them are based on a microprocessor. I can tell you for sure that neither of these would ever gain approval for us inside the US, and if any self-respecting government outside of the US became aware that laser safety was being predicated on the workings of a microprocessor, they wouldn't approve of it either.
The problem inside the US (and also outside, if the respective government became aware of it) is that the software that runs on such a design would be construed as "Safety Critical Software" and I can tell you from direct experience that the US will hold this kind of divice to the same standard that it holds medical devices. As such, both the hardware and software would have to be "Validated" (something that medical and military hardware and software must go through) and this is an expensive and time-consuming task.
Having written around five articles on audience scanning and having participated in the creation and updating of laser safety standards, I certainly applaud ANY efforts to increase the safety of laser projectors and thus, of our industry. However, I do find it unfortunate when these efforts are misguided resulting in only a marginal increase in laser safety (or worst -- the appearance of an increase in laser safety when in actuality there is a decrease). One system that I evaluated actually failed in an un-safe manor. That is one thing that many people in this industry do not understand -- the concept when something fails, it must FAIL SAFE, and prevent the likelihood of an unsafe exposure.
There is one new system on the market from HB Laser Components in Germany that uses only analog techniques and, although I have not examined it closely, I saw it at a recent tradeshow and it seems quite good. HB's web site can be found here (although I did not find a reference to this scanner safety product):
http://www.hb-laser.com
There is another system coming which has been peer-reviewed by two separate, well respected, laser safety institutes and is currently pending US Government approval. This system uses only analog components and non-sequential digial logic and it was absolutely designed to FAIL SAFE. In fact, it will prevent an unsafe laser exposure even in the event of five simultaneous system failures (including failures within its own circuitry). Once it is approved it will no doubt become public knowledge...
Best regards,
William Benner
Pangolin Laser Systems
Member
Hello Bill,
without CPU Eagle wouldn't have reached the Moon on July 16th 1969, as a side remark.
You probably have read over the fact that my safety board uses a CPU independent watch dog.
If the CPU is not working properly it will shut down the Lasers within 10 msec.
An additional benefit is that no measuring instruments/oscilloscope are neccessary for adjustment.
The LCD fulfills this task. That is important for Laserfreaks without such equipment.
I'd be glad to send you a sample so you can get a picture about it.
Greetings,
Gento
p.s. English instructions are in work.
Senior Member
Hi Gento,
Yes, you are right about the Eagle. In fact, my father worked on the Apollo space program, during Apollo 10 and Apollo 11. Did you know that a software bug nearly caused the Eagle to have to abort on Apollo 11? (actually it was a sensor, but it was the software's reaction to the sensor that would have been problematic)
In any case, a watchdog is a very simplistic device. As long as software is twidling a bit every so often, the watchdog is happy. But who says that software was implemented properly in the first place (my biggest problem with CPU-based designs)? Who says the hardware is really fully functional? Who says that the capacitors on the oscillator are the correct type and value so that, sporadically, the microprocessor does not run at some harmonic of the clock (I have seen this happen a lot!!). Who says that there is not an undiscovered metastability waiting?
In the US, the "who" would be an independant validation body that would closely scrutinize all aspects of the design -- not only the software, and render a decision. Once validated, if ANYTHING changed, the entire system would have to be re-validated. I suggest that this would also be the case outside the US.
The problem with "sequential logic", whether implemented in a microprocessor, or as standard flip flops and other devices, is that the system becomes much much more complex. Implications of problems grow geometrically and yet can remain undiscovered for a long period of time. Sequential logic provides the possibility of something that I call "statistical problems" -- these are problems that only occur, on average, lets say once every 17 million cycles. It may sound like a large number, but when you are clocking at 16MHz, 17 million cycles happens pretty often. The numbers are only used for illustrative purposes. The point is that you can have a statistical mean time to failure that is high enough to remain undiscovered "in the lab", but then could be very dangerous in the real world.
A famous IBM scientist once said that "all software has bugs". That means that even a 3 line program has some kind of bug, that, sooner or later, under some unforseen circumstance, will cause a problem, even if this problem occurs once every 35 years.
In the US (and I believe outside the US as well -- certainly within the UK) your system would be construed as "safety critical software" and would be held to the standards of medical devices (which are damn high standards). Such software would ideally be written in a language such as ADA, which lends itself nicely to software validation. Your system is probably written in Assembly, or C, right? Also, ideally your entire project should be "open source" so that peers can review the entire design including the software. This is not quite as good as full validation, but at least it is something -- a large number of people can review the design and comment on it, and hopefully result in some global-scope improvement.
In any case, you can see that safety-critical systems implemented in software have a higher likelihood of being problematic sooner or later, when compared with simpler analog circuits which are easy to understand and can be easily peer-reviewed.
In any event, this system would never fly in the US, and I would argue would never fly outside the US if a respective governmental body was made fully aware that the "safety critical component" includes software, and where the software and the entire system had not been validated.
Sorry, but my personal opinion is that HB's scan fail device is much better. It is certainly much faster (sub 100uS) and it is based on simple analog circuits.
Best regards,
William Benner
Pangolin Laser Systems
"Held to the same standards as medical devices..."
Hmmmm.... Anyone remember the Therac-25 accidents that happened in the late 80's? Caused by a fully certified medical device.
Now, granted, this example would seem to support your point of view, since the problem was eventually traced to the software. Furthermore, the solution was a hardware fix, not a software one.
Nevertheless, my point is that you can have a "medically certified device" that *still* manages to fail in some unforseen manner. You can't plan for an infinite number of possible situations no matter which method you use to impliment your interlocks and safegards.
Likewise, your reference to capacitors on the oscillator for the CPU clock failing would apply equally to your analog circuits. (And electrolytics for sure will degrade over time... Ceramics to a lesser degree. Best to use tantalum caps.)
While I agree that *IN GENERAL* it is easier to certify an analog circuit as safe vs a sequential logic device, the fact remains that sequential logic is used for *LOTS* of safety devices throughout the medical and manufacturing worlds. (PLC's anyone?)
Given that you can also accomplish a lot more in software, I'm not at all convinced that we should just abandon it as a solution. It's cost effective, well understood, and likely to be able to offer more functionality vs a strictly analog solution.
Oh, and re: the problem with Apollo 11, I thought it was a CPU overload, which the controllers correctly deduced was caused by the failed sensor. Basically the CPU had too many tasks to handle at once, so it dropped a few low priority items on every other run through to make up the time. The alarm they got while trying to land was the CPU reporting that it was at capacity... But even then, the IMPORTANT stuff kept working. So it is possible to design for an intelligent failure...
Senior Member
Hi Buffo,
Unfortunately, this isn't a safety democracy, that we can hash out amongst ourselves and come to some consensus and move forward. The US and other European governments have already got policies and standards in place regarding safety-critical systems. Gento's design would never fly in the US, or UK period. Sorry, but that's the end of the story. If he doesn't like it, he can talk to CDRH or NRPB until he understands the issues.
You missed my point about the capacitors. I have seen a problem in a lot of designs, or rather, mis-designs. It is a common problem and easily overlooked. The size and type of capacitors on both ends of a crystal. This is surprisingly critical. If they are not chosen correctly, they may cause the system to fail in strange ways. It's a statistical thing... seen it many times... But that's just one element. I worry more about the software in a design like this, than the hardware.
Yes, electrolytics can fail over time, but who uses electrolytics in a safety-critical analog hardware circuit? Also, their time degradation is much more predictable than the metastability characteristics of an un-validated sequential logic design.
Best regards,
William Benner
Pangolin Laser Systems
Member
Input Safety:
http://www.Laser-safety.de/User_manual_Safety_v2.pdf
Gento
Posting Permissions
dave
Reply With Quote