Computer synchronization and redundancy - Should Looping use spaceflight computer designs?

Computers in Spaceflight: The NASA Experience

https://history.nasa.gov/computers/Ch4-2.html

When I first heard of looping, diagnosed less then a year ago, the first thing I though of was the NASA computer voting system where they all have to agree.

Is this being used with looping DIY or commercial ?

More on the Space Shuttle computers: http://klabs.org/DEI/Processor/shuttle/shuttle_primary_computer_system.pdf

And specifically on the voting: The engineers never trusted electronic circuits to do the voting. See below:

AS. How are actuators controlled?
Killingbeck. For the aerosurface actuators, each of the
four computers sends out an independent command on
an independent bus. With no failures, the commands
should be identical. The voting is done at the actuator
using a hydraulic voting mechanism, called a forcefight voter. In it, there are four hydraulic ports called
secondary ports, each commanded by one of the four
GPCs. The secondary ports go into the primary ports,
which are heavy-duty actuators that connect to what’s
called a “summing bar,” which is no more than a massive
sive steel rod. If there are three good computers and
one bad one, the three good commands physically outmuscle the fourth. This limits the control authority a
little bit–we don’t get the total force we’d like to get,
but there’s still enough power to control the vehicle. If
you have a large enough pressure differential for a large
enough time, the port is hydraulically bypassed, which
relieves the pressure in that one port. The remaining
three ports then regain their full authority.
Macina. This voting is important, since a computer is
never allowed to turn itself off or turn another computer off. The summing and bypass occur at the actuator; the bad computer continues to operate as if it were
still controlling the vehicle. The communication and
listen mode synchronization may be broken between
the bad computer and the other three, but the bad
computer still has control of its port and still issues
commands on that data channel.

Closed loop systems exist as both commercial and open source systems. Medtronic just got FDA approval for their version. But, open source medtronic, close loop systems already exist due to development in the diabetic patient community. I think a really applicable example that explores some of the inherent dangers between closed and open loop systems is the recent Boeing crashes.

So, right now, we can fly our airplanes (insulin pumps) like stunt planes. We can do loops and crazy acrobatics. We can do whatever we want.

Automated systems restrict some of that flexibility, which makes people nervous. May also be prone to certain failures.

https://www.bloomberg.com/news/articles/2019-04-11/sensors-linked-to-737-crashes-vulnerable-to-failure-data-show

Reminds me of this,

That is interesting, thanks

I am all new to this, what kind of fail safes do these loop systems have ?

A second 737 Max crash raises questions about airplane automation… Lion Air 610 crashed because a faulty sensor erroneously reported that the airplane was stalling.

image

I dont want to skew your opinion one way or another. You will come to your own opinion and that will provide valuable perspective to the community. But, if you are considering starting to use some tech, do discuss it with the community.

Here’s an entry paper that discusses the tech landscape for diabetes and some resources to get more information. There are good youtube vidoes and links in the references on the last couple pages. BEWARE: Its a long paper Part_1_Cleaned_for_PPE_Final_Paper_v5.docx (7.7 MB)
Part_2_Cleaned_for_PPE_Final_Paper_v5.docx (7.2 MB)

The general failsafe on a loop system, is if it doesn’t believe a CGM sensor because its data doesn’t make sense, or if it doesn’t believe the pump delivery motor is correctly advancing, then it shuts down insulin delivery and raises an alarm.

In this sense it’s kind of like a failsafe on a train. If anything goes wrong, shut down the engine and engage brakes and stop the train and let a human figure it out. In fact all you have to do to engage brakes is just stop delivering air pressure to them.

Aerospace engineering is a lot tougher. You can’t just turn off all the engines and stop supplying hydraulic pressure to all control surfaces whenever a sensor goes bad.

From the cited article:

Writing for Nature , NYU Professor Beth Simone Noveck cites OpenAPS as an instructive example of collective intelligence: the capacity of groups — including societies, companies, communities, and families — to make good decisions. In the case of the artificial pancreas, the online open-source community seems to have shown significantly greater collective intelligence than the combined conventional medical, economic, and regulatory institutions we built back in the pre-Internet era to solve these kinds of problems.

I am a beneficiary of this open-source project. My Loop system over the last 29 months has delivered better glucose control with half the effort. It’s reduced my glucose variability, total insulin usage, and dangerous hypos. Most importantly, I can confidently depend on it to keep my glucose in a safe and healthy range while sleeping.

I definitely see these patient-driven systems deriving from a “greater collective intelligence than the combined conventional medical, and regulatory institutions we built in the pre-internet era …” This is a disruptive force that the long-established stakeholders should best recognize and accept. They really have no choice. This is real patient-centered care, not merely the marketing feel-good terms used by various for-profit health care systems.

1 Like