Rhino
Well-Known Member
- Joined
- Jul 20, 2009
- Messages
- 1,483
You are correct. I'm also a bit curious where that came from. According to the Code of Federal Regulations, there is no Part 23 Sec 23.1329.I don't think that's what that means (although having each servo on its own fuse is, IMO, a good idea). It means that a failure in one component cannot cause a failure in another. The terminology in aerospace is Fault Containment Region (FCR), and the boundaries of an FCR are determined (partly) via tools such as FMEAs.
I'm guessing the "parts list" in his link has something to do with that, but I'm not sure. I know I can't find that verbiage anywhere else when I search for it. A failure in one component in a system causing a failure of another component is not the same as simply affecting the operation of another component. Regardless, he does refer to what is often called a cascade failure, and it doesn't call for multiple breakers, fuses, etc. A single one of any of those components could fulfill that need. So could physical overrides and shear pins.
We should probably also note that an autopilot disconnect switch is not a true physical disconnect at all. It provides no true protection against runaway conditions in autopilot or servos. It is merely a momentary switch that signals an autopilot that the pilot wants it to disengage. It does not physically disconnect the autopilot. A runaway autopilot may simply ignore that signal, and runaway servos would not be affected by it at all. Breakers, fuses and physical disconnect switches on the servos provide the ultimate runaway protection, because they prevent a runaway condition from affecting the flight controls no matter where the runway condition originated.
Last edited: