david joyce wrote:
> ...It is entirely reasonable to allow for one unlikely event, but
> the odds of two unlikely independent events happening simultaneously
> are such that I am happy to use gliding for the back up mode.
Agree but ever play with the actual math? [I think fwg is correct!]
Consider a case, familiar with automobiles, where the battery starts the
engine, but for the trip back home it's dead. Assume the odds of this
are 200/1, to include possible poor system design, fabrication, or
maintenance, but whether accurate will be shortly seen as irrelevant.
Assume also the average flight is 1 hour for simpler math. If the odds
of either alternator or regulator failure are one in 1,000 hours, then
the odds of both charging system and battery failure are one in 200,000
for each flight. Sounds good but...
Over say 500 hours of airframe time for one's flying the plane, we're
down to 400/1 for the chances of being caught someday, some year not
knowing how long further flight is possible on the 914 if it's running
at all. Reflecting also the odds of all other system failures causing a
serious in-flight problem, the overall odds grow shorter. This
phenomenon is evident in accident data, where builders too often do
things for critical systems the FAA would not approve, and system
failures occur at very low airframe times.
Consider now two independent alternator/battery systems. Or that the
odds of an emergency battery pack failing is also 200,000/1. The odds
of both systems failing becomes 40 billion/1, making it irrelevant
whether 200/1 odds on battery failure may be too low, because over the
assumed years of flying it's still 80 million/1. A far cry from 400/1.
For this reason, seems FAA may not make failure probabilities
controlling for approval if full redundancy is provided (per AC 23.1309-1C).
Regards,
Fred F.
|