Circuit Flaws Blamed For China Train Crash 103
hackingbear writes "The Xinhua news agency reports that a signaling equipment circuit design flaw and lack of safety alertness in railway management caused a high-speed train to ram into a stalled train near the city of Wenzhou in east China's Zhejiang Province on Saturday, leaving 40 people dead and 191 injured. A lightning strike triggered the malfunction, which resulted in a green alert light failing to turn red, leaving railway personnel unaware of the stalled train, the official said. The Beijing National Railway Research and Design Institute of Signal and Communication Co., which was responsible for designing and building the signaling system, has posted an apology letter on its website, offering condolences and promising to 'shoulder any due punishments that may result from the investigation.' Domestic media has raised more questions over the explanation. 'Why was such seriously flawed equipment in use for nearly two years without being detected? Why was it installed in as many as 76 rail stations across the country? Are there other problems with the railway apart from equipment flaws?'"
Who to blame? (Score:4, Insightful)
The problem in China is not the rush forward that leads to mistakes. It's the government's abject failure to take responsibility at any step along the path.
Re:Who to blame? (Score:4, Insightful)
As long as the engineers are allowed to approach it from the "let's fix the problem" angle, it should probably turn out alright (in the future). It really depends on how the government responds to public outcry.
Re:Who to blame? (Score:4, Insightful)
It does appear that there is a tipping point being reached here. The media, even state-run media, is becoming bolder, and the Chinese leadership seemingly less willing to just smash skulls to get rid of bad news. Fifty years ago, most Chinese people would not have even heard of the rail accident, and those that did would have kept their mouths shut. Now, suddenly, you have journalists openly demanding heads roll and demanding to know why the government what they believe to be a faulty system be installed.
Of course, it doesn't help that the propaganda wing of the Chinese government was caught red handed sending dictates to news outlets to only report positive news surrounding the accident. That's another amazing thing, that people who leaked such dictates are still walking and talking.
Re: (Score:1)
Not only that, but the conspiracy theorists are seen as having as much (if not more) credibility as the news. The more the government tries to hide stuff, the more it looks like it has something to hide, and people start to believe anything. Really weird stuff is bubbling to the surface (not just the cancelled rescue effort), and there's nothing the government can do to refute it as people just assume they are lying. Even normal people who support the government (or just try to shoot down crazy conspiracy t
Blame the Chinese government! (Score:2)
There's a video on Youtube, showing a horde of backhoes digging a hole, and burying the train. The government claims that it was a security measure, ie, dispose of the modern technology so that outsiders couldn't recover and examine the government secret hardware onboard the train. In the video, two bodies fall from the cars as they are being moved from the bridge and buried. While most people are shocked at the idea of bodies falling out of the cars - I point them out only to emphasize the fact that the
MUCH more to the story than you see on Slashdot (Score:5, Informative)
See more on these English sites:
http://shanghaiist.com/2011/07/25/wenzhou_high-speed_rail_col.php [shanghaiist.com]
http://www.chinasmack.com/ [chinasmack.com]
1. Rescue efforts were called off twice, first time 5 HOURS after accident, and again 3 hours later, with officials claiming both times there were no more signs of life. Survivors were pulled out after each time. When questioned about why this could happen, railway ministry spokesman calls finding survivors "a miracle" Press and public extremely disgusted at irresponsible rescue effort and crassness in public relations. Railway spokesman says they relied on on-site rescue officials in making the determination, with quote "it doesn't matter whether you believe them or not, I believe them" -- which has now become a meme used to mock gov officials.
2. Removal and dismantling of wreckage began HOURS after accident. Wreckage was broken up and BURIED on site for some reason, leaving experts and lay public shocked and dumbfounded. Public suspicion is that the railway ministry was trying to hide evidence, pointing to the way other nations handle accident scenes (not touching it until investigators have combed through everything). The dismantling and burial was caught on amateur film, which shows 2 bodies falling out of the wreckage as a team of excavator machines break the train carriages apart for on-site burial. MUCH anger over this issue.
3. Victim families were immediately offered 172000 RMB government compensation plus 50000RMB "early signing bonus" to those who agree quickly. Chinese internet explodes again in disgust at the thought of using the phrase "award money" for death compensation, and of trying to rush grieving families into legal settlements. It looked like they were selling condos rather than giving financial aid. Most families refuse, saying they want answers rather than money. Internet is filled with posts comparing the disparity between compensation amounts for foreign nationals who die in China vs Chinese citizens -- tens of millions of RMB vs hundreds of thousands. Also comparisons to Chinese nationals who die in other countries (mainland tourists who died in Taiwan: 1.8 million RMB each) Yesterday, after Premier Wen visited the site, the compensation package was raised to a minimum of 915000RMB. People still calling this insultingly low.
4. Second day of the accident, media was informed of official narrative and government directive. Press is ordered to use only the official name for the accident, devote most of their air time to stories of rescue heroism, and forbidden from investigating on their own initiative. Some journalists are rebelling, with public offering support but also voicing apprehension about safety of these journalists.
5. Official death toll is currently at 40 with the passing of a critically injured passenger yesterday. The passenger manifest is still not public. List of dead, missing, and injured is still not released, even though the railway moved to an id card based ticketing system earlier this year, which would make this information computerized and easily accessible. Public is comparing this to the release of names of deceased in the Norway shooting incident. Public suspicion is that the real death toll is far above 40. Much frustration directed at railway ministry and government over lack of information.
There's a lot more controversies here but those are the main ones. This has blown up to a HUGE national discussion about transparency and government accountability. Much disgust on the Chinese internet over the handling of this accident.
Re: (Score:2)
See more on these English sites:
http://shanghaiist.com/2011/07/25/wenzhou_high-speed_rail_col.php [shanghaiist.com]
http://www.chinasmack.com/ [chinasmack.com]
Shanghaiist and especially Chinasmack tend to republish a lot of rumors without bothering to verify them.If you want to get some facts, better check Robert Soong's EastSouthWestNorth [zonaeuropa.com] blog.
Such as this post: Rumors About The Wenzhou Train Crash: How Many Have Your Forwarded? [zonaeuropa.com] (Permalink does not work, scroll down about half the page)
By the way, both Shanghaiist and Chinasmack can be reached from within China, while EastSouthWestNorth is blocked, guess what?
~ Stan
Re: (Score:2)
Great links. Thanks for the additional info!
Re: (Score:2)
I think you may have misunderstood what Chinasmack actually does. Fauna does a great job in translating the popular threads on the mainland China BBSs - latest stories, pictures, videos, and topics that are "hot".
Chinasmack is not a news organisation in any way. Fauna translates what the thread posters said. Chinasmack is not there to "verify" what is being posted but to help outsiders and those without Chinese language skills to understand what is being said / posted on mainland discussion sites.
Re: (Score:1)
This is why I value Roland's EastNorthWestSouth blog as so much better. Not only does he translate a lot of the most hot topics that are beeing discussed in China, but also provides valuable background information, comments and "reality checks".
Chinasmack is not there to "verify" what is being posted but to help outsiders and those without Chinese language skills to understand what is being said / posted on mainland discussion sites.
Not everybody knows this and may end up endlessly reposting rumors as facts because, well, he found them on some "English" sites...
~ Stan
Re: (Score:2)
5. ... The passenger manifest is still not public. List of dead, missing, and injured is still not released,
The Shanghai metro distributes a daily free magazine called Metro Express [metrosh.com], which is read by every commuter on their daily ride to work (a couple of millions?). They have been extensively covering the accident and some days ago published the complete list of victims, including names and parts of their ID card number. This is how I found out one of the victims was an Italian woman, by the way.
From another post:
Now, suddenly, you have journalists openly demanding heads roll and demanding to know why the government what they believe to be a faulty system be installed.
If you think this is "sudden", you ha
Re: (Score:2)
The central government is supporting this as a way to keep the local government officials under pressure and let people vent.
Luckily, there is no such thing as venting, only reinforcement of behavior. Let's hope they continue to make this mistake. It could lead to actual change.
Re: (Score:2)
Why the government? (Score:2)
Schadenfreude (Score:2)
The schadenfreude I've seen in comments and the press, not necessarily on this site, has been disgusting.
Re: (Score:1)
It may not necessarily be a liberals fault. But why are you so quick to let Obama off the hook?
Re: (Score:3, Insightful)
Re: (Score:2)
Re: (Score:1)
Re:Schadenfreude (Score:4)
The callousness of the government and the companies that have been executing the scam called "China speed train" is disgusting. People have been pointing out the problems and predicting that accidents due to faulty designs will happen. The people who built the train are responsible, disgusting and what not, not the people who call them out.
Re: (Score:2)
The people in charge of the system, and those in charge of overseeing those in charge, are responsible. For the most part, China bought some trains and tracks then reverse engineered them before copying all over the country. It's not a Swedish or Japanese design fault. Meanwhile, blame has been passed to the engineering center in China that designed the circuit. Total bullshit.
One more thing. A Chinese family I know told me recently that there have been several incidents that never made it into the new
Because (Score:5, Insightful)
Why was such seriously flawed equipment in use for nearly two years without being detected?
Because it hadn't been struck by lightning until now.
Why was it installed in as many as 76 rail stations across the country?
Because hardware designs are re-used.
Are there other problems with the railway apart from equipment flaws?
Probably.
Re:Because (Score:5, Insightful)
Because it hadn't been struck by lightning until now.
Life-critical systems should have a dead-man switch, and/or a watchdog timer. The moment it was struck by lightning, the fact that part of the system didn't "report back" should have prevented the train from moving. If the lightning strike happened while the train was moving, then it should have triggered a mechanism that slows down the train to a halt.This is similar to how, if an elevator's power is cut, it expands "claws" into safety rails.
Re:Because (Score:4, Interesting)
EOS failures can do funny things. Single IOs can fail while the rest of the chip works fine. It's hard to catch such problems. Ideally during startup, you'd run a test on every pin to make sure they're all still working. Even if the lightning strike occurred immediately before the crash, I would hope that after being hit by lightning they'd stop and test their systems.
This sounds like it's more a problem with their safety protocols, and less a problem with the particular circuit that failed.
Re:Because (Score:4, Insightful)
EOS failures can do funny things. Single IOs can fail while the rest of the chip works fine.
That's possible, which is why you should install independent, redundant systems. Some problems are very difficult to catch, even with redundant systems, which is all the more reason to have multiple redundancy.
This sounds like it's more a problem with their safety protocols, and less a problem with the particular circuit that failed.
That's always possible, but I still think that diagnostic/sensor circuits should have been able to catch this without human intervention (IMHO).
Re: (Score:2)
It is trivial to catch such problems. There are alternative circuit designs which are immune to open, closed, and stuck at failures. Usuall
Re: (Score:2)
The other commonly used design is input, output and logic voting on dual or triple redundant systems. We have two control systems at work. One uses the former method you described (our control system), the other uses voting mechanisms and is our SIL rated emergency shutdown systems.
Though there are plenty of companies who use the SIL rated systems for standard control applications due to their ability to cope with complete circuit failure without any downtime.
Re: (Score:2)
Well, any piece of equipment can fail, and of course you'd expect lightning to do serious damage. However a single failure shouldn't be sufficient to cause an accident. A train being halted and stop signal being raised - that should count as normal operation, not a failure mode. So if train passes a signal which it shouldn't have, there should be a second system which detects this problem.
The article gives the impression that there was only one such system. That would be a design issue. Typically on Europ
Re: (Score:2)
Fail.
Re: (Score:3)
Re: (Score:2)
Railway safety system (Score:2)
I am a bit surprised how this could happen.
A normal automatic signaling system on high-speed/high-traffic rails works by dividing the track into segments. As a train enters a segment the signaling lights controlling that segment turn to red (and often the system even counts the number of axles/wagons entering the segment). Only if this trains enters the next segment (then 'protected' by the signal light in front of that) the first signal light turns back to green.
This is not something a lightning strike sho
Re: (Score:2)
Re: (Score:1)
Why was such seriously flawed equipment in use for nearly two years without being detected?
Because it hadn't been struck by lightning until now.
Its kind of in the nature of design that you think about how things are going to turn out before they happen. You shouldn't have to wait for a lightning strike to find out that your signal doesn't fail safe.
If true, they are clueless (Score:4, Interesting)
Why was such seriously flawed equipment in use for nearly two years without being detected?
Because it hadn't been struck by lightning until now.
If this analysis is true, the designers are not familiar with the term "fail safe".
I'm an engineer with over a decade of experience in the signalling business (although thankfully not the Chinese one). Fail Safe is what it's all about.
Note to Slashdot editors - your summaries really suck lately: TFA says "A lightning strike triggered the malfunction". That is NOT a "circuit flaw". It is an externally induced failure (which the system should dectect) and to compare the two terms is to compare rocks with pudding.
Re: (Score:2)
Then you know that US systems, despite a fail-safe design, have failed unsafe when struck by lightning.
Train Company is burying evidence (Score:5, Informative)
Just to let people be aware, there has been significant controversy (as far as that is possible in China, and also in overseas communities such as the Chinese community in the USA) in terms of handling of the disaster.
For example, soon after the train crash, the crashed trains were moved off the elevated rail and (literally) buried "to let the other trains run on time"; this was criticized as being too early a move (10 h after the crash), without a thorough enough search for survivors. Reporters were barred from the scene, and pleas from the families of the train crash victims to search through the wreckage were ignored. Indeed, 20h after the crash, one of the uniforms (acting against his orders) was able to locate a 2-yr-old girl still alive; she has been transported to the hospital and is now in good condition, and people are trying to figure out how to tell her that her parents both died in the crash. In general, officials from the train lines have been stonewalling, but have been apparently quite forthcoming with compensation money for the families.
It seems suspicious to me: are they trying to cover up something?
Re: (Score:1)
Re: (Score:2)
If you are looking for references, it's all over the news, at least the Chinese news. Here are a handful that I easily pulled off Google News:
http://in.reuters.com/article/2011/07/30/idINIndia-58534820110730 [reuters.com]
http://www.christianpost.com/news/china-train-crash-social-media-users-allege-cover-up-52793/ [christianpost.com]
http://www.reuters.com/article/2011/07/25/us-china-train-censorship-idUSTRE76O1IG20110725 [reuters.com]
http://mg.co.za/article/2011-07-29-anger-mounts-as-families-mourn-china-train-crash-victims/ [mg.co.za]
http://www.3news.co.nz/Toddler [3news.co.nz]
Seppuku (Score:2)
Is there a harakiri tradition in China?
China is learning the hard way... (Score:2)
Cheap Parts (Score:2)
Oh shit! They make our parts too!
Seriously though, things like this need redundancy, error reporting, heartbeat checkups, and automated validation every time it boots up. It's engineering, there is no excuse.
Well, this is hardly satisfying.... (Score:3)
The article is written by Xinhua news staff and contains no technical information at all. The article is mostly your typical laymen fluff filled with public outrage, pundit soundbites, and general background information. The lack of details about the nature of the "circuit design flaw" really precludes this from being considered "news for nerds". As someone with experience working in an FDA regulated environment, oversight and accountability of projects and tasks is something I am quite familiar with. I wonder how much (if any) details will emerge that will answer some of the questions the circuit geeks among us would ask. I know it is a poor substitute (and maybe slightly off-topic), but this article from years ago has always stuck with me and constantly reminds me of the perils the electronics industry continues to face.
http://spectrum.ieee.org/computing/hardware/bogus [ieee.org]
Re: (Score:2)
The entire thing reeks of a cover-up. First they bury the train because they don't want people "stealing" their "secrets." What secrets? Who would steal secrets from a failure?
And now they're blaming this on some technical glitch that they don't care to specify.
The whole thing doesn't add up.
Re: (Score:3)
Probably not, on the surface it looks like bad design. But given how they buried the evidence of the crash (alongside with some bodies, and some apparently still moving) off the tracks before any investigation of the causes, they may never learn what was the problem. But the value of life is not so high in places with a lot of people, so if you're in China, and value your life, you'd better arrange your transportation according to your ideas of safety.
As I've said before, building a rival of the Shinkansen
Re: (Score:2)
Also, with over 200 dead and wounded, there's nothing to ROFL about.
Positive Train Control (Score:2)
I wonder how long it will take for them to implement Positive Train Control [wikipedia.org], either buying it from someone who already makes it or building their own?
Re: (Score:3)
Probably about the same time we do. LA Metro sure could have used it.
You should see USA railroad signaling equipment! (Score:5, Informative)
Re: (Score:1)
I worked on US rail signaling equipment (Background = Physics PhD). I have never been so impressed with over-designed, fail-safe equipment. They plan for everything, including multiple lightning strikes. They do such things as positioning their relays upside down so that the armature falls to NC by gravity if the spring breaks. They have many years of experience, and all of our equipment is for sale. I think the NIH mentality bit China in the arse this time.
And yet train accidents still occur here.
Re:You should see USA railroad signaling equipment (Score:5, Informative)
Re: (Score:2)
Only in the same sense that an autopilot that doesn't prevent someone intentionally flying into a building isn't automatic.
Re: (Score:2)
Re: (Score:1)
If you pay attention to the accidents, you will see the train accidents are almost always due to human error, not signaling equipment failure. Drivers going thru flashing red signals, engineers under the influence or texting, and occasional sabotage. Signal equipment almost always fails safe. This causes very annoying (but safe) delays while the equipment is fixed.
I'm aware of that, but I see it as a deficiency in the design scope of safety equipment.
Re: (Score:1)
Re:You should see USA railroad signaling equipment (Score:4, Funny)
What happens if there is a local gravity abnormality AND the spring breaks?
Re: (Score:1)
Duh. The wormhole will keep you safe until gravity returns to normal. Obviously.
Re: (Score:1)
Still from statistics, US rail safety record is hardly stellar
http://ilookchina.net/2011/07/25/high-speed-rail-tragedy-in-china-reveals-small-minds-in-the-west/
"
In 2007, there were thirty-three rail accidents listed for the world, and the United States had nine (27% of the total) killing seven and injuring more than a hundred, while India had three accidents killing 80 and injuring twelve.
China (ruled by what Charles Lane calls the unelected elite) had two rail accidents killing four and injuring two.
Score:
Re: (Score:1)
If you look at the death and injury totals, though, the US has lower numbers. The number of accidents may be greater, but it appears as though the severity of each accident is considerably lower, especially given how high of a volume the US tends to have.
Then again, we probably also have slower rails, meaning the collisions aren't at as high of speeds, reducing the severity of collisions. Who knows what those numbers mean aside from the fact that we have a ton of collisions and the overall severity of th
Re: (Score:3)
The French TGV is also pretty impressive. Despite holding the world record for the highest speed derailment, there hasn't been a single fatality when operating on high speed lines.
Source: http://en.wikipedia.org/wiki/TGV#Accidents [wikipedia.org]
They should have outsourced it... (Score:1)
What's different? (Score:1)
I see no difference between the Chinese Media and any western country's Media. They just have no idea
In this case, yes there has been an admission of fault, a fault caused by lightning.. OK put the reporter on the equipment certification panel and decide what tests should be conducted before the equipment is 100% safe to be certified for use. I bet the reporter will think many of the current tests being conducted are stupid or unnecessary. you could check 1,000,000 scenarios but it will be the 1,000,001st
Signaling system by Hollysys? (Score:5, Interesting)
As I pointed out when this first happened, Hollysys [slashdot.org] claims to have designed and built the signalling system. They issued a denial that the system failed. [prnewswire.com] Now we have a unit of "China Railway Signal & Communication Co" taking responsibility. They're affiliated with what used to be General Railway Signal in the US, which is now part of Alstom. It's not clear who built what here. "China Railway Signal & Communication Co" may be the installation contractor.
A little of what happened is clear. There are two separate systems involved. One is classic railroad signaling, with track circuits, wayside equipment, and cab signals. The classical designs are simple and robust. That's the safety-related system. The other is the train control system which uses a unit at the head and tail of each train, communicating to a central headquarters. Those systems are elaborate and computerized, but not considered life-safety systems. Either system is normally sufficient to prevent collisions.
In normal operation, the train control system does most of the work. It knows about train identity, schedules, and speeds. If the train control system is working right, the safety-related system never intervenes.
In a power failure, though, the train control system can lose contact with a train, since it uses active equipment on each train. That probably happened here. With a total power loss, the dead train isn't reporting to central control.
The safety system, on the other hand, detects trains because the wheels connect the rails together, normally has battery backup, is supposed to be very robust, and is intended to fail to STOP. Even after lightning strikes and a total power failure, it should still work. (Such systems have been taking lightning hits for a century without problems. Lightning hits railroad tracks and pole lines frequently; in flat country, they're the lowest resistance path to ground.)
But the safety system is high-maintenance. There are bits of it all along the lines; track circuits, wayside equipment, signal enclosures, and various other little and big boxes, all of which need attention. Keeping railroad signalling working right requires a large staff of dedicated, well-supervised signal maintainers. Since the systems are designed to fail to STOP, maintenance failures tend to result in red signals.
If the train control system shows the line as clear, and the safety system shows STOP, this normally triggers an emergency brake application. For a high speed train, that takes several kilometers and can cause wheel flattening. (Train wheels have steel "tires", which have to be replaced periodically. An emergency stop takes a lot of life off a tire.)
The question here is what happened to the safety system. Was there over-reliance on the train control system? Was the safety system bypassed to avoid unwanted emergency stops. That's speculation at this point.
Having worked with Chinese..... (Score:2)
They are sometimes a little too convinced about themselves, especially when you raise questions about unexpected problems, even if the fundamental capability to do sth is there.
If you ask me if i understand the safety systems in a train and on the track, i can say "yes, sure". They are much simpler than most systems i work with.
If i ask if i would feel fit to make the decision to remove a single protective diode without understanding why it is placed there in such a critical system i can only say that i wou
Re: (Score:2)
(Train wheels have steel "tires", which have to be replaced periodically. An emergency stop takes a lot of life off a tire.)
Since you seem to know a lot about trains, do you know anything about where hybrids with power storage have gone, if anywhere? Last I heard they couldn't make them reliable. I have often thought that replacing all the trucks or whatever the wheel packages are called with a power system would be the only way to go, though it would be heinously expensive and thus probably unworkable for the foreseeable future.
Re: (Score:2)
... about where hybrids with power storage have gone, if anywhere?
General Electric is coming out with a diesel-electric with battery storage [getransportation.com] to recover some of the energy used in braking. Dynamic braking on diesel-electrics normally dumps the energy into (huge) resistors, and that can be put into batteries, if you want to carry all those batteries around. Whether this is a win depends on the way the loco is used. It's probably a win for switch engines,which stop and start frequently, and a lose for road locos on long runs, which don't.
Almost all high speed trains are
Re: (Score:2)
General Electric is coming out with a diesel-electric with battery storage to recover some of the energy used in braking.
Several hybrid locomotives (with battery storage) have been produced, at least as prototypes, and all have been massive failures due to the inability to store a useful amount of power so quickly as is needed in this context. What's different about this attempt that will lead it to succeed?
Who made the stuff that broke? (Score:3)
This article talks about their CTCS which is the Chinese Train Control Software based on the European Train Control Software and something called the LKJ automatic control system: Wiki only says Lieche Yunxing Jiankong Jilu Zhuangzhi – device used for train control and monitor in China Railways.
http://www.eeo.com.cn/ens/2011/0727/207313.shtml [eeo.com.cn]
Re: (Score:2)
Probably one presumably in China that copied an existing control system from somewhere, but due to cost (or whatever?) didn't follow everything to the letter and took shortcuts, and a faulty controller being the result.
Happens so often everyone doesn't even think of it anymore. One of the risks in the manufacturing process in China.
China cuts corrners and no rail unions (Score:2)
In the US the rail roads are all union and the workers have the power to say NO to doing unsafe work or repairs. Also in the rail equipment gets tested a lot.
China likes waits for stuff to fail before doing repair work.
Uhh.... (Score:2)
Why was such seriously flawed equipment in use for nearly two years without being detected?
They don't seem to be aware of the whole "made in China" stigma... They should have outsourced if they wanted quality.
Re: (Score:3)
Re: (Score:2)
Have you been to China? They are not like the Japanese, who do keep the best products in the domestic market (because Japanese consumers are extremely discerning and Japanese producers understand them best). Far from it.
One has to ask: (Score:1)
a PHB who saved $10 per install by cutting it (Score:2)
and over ride the real engineers