http://www.railwayage.com/index.php/blogs/david-schanoes/why-occupancy-=-vitality.html?channel=00
"Occupancy = vitality. And you want to know the great, great advance U.S. railroads made in signal control systems? It begins way back in the 1870s, with the design, testing and installation of the closed track circuit.
You know what that did? That separated the “office” from the “field” in the determination of track occupancy. Now the register of the condition of the track, occupied/unoccupied, no longer existed simply in the block operator’s memory, or on the train dispatcher’s train sheet, but in the field itself, and that register, that information, could be communicated, by signals, to trains following and/or opposing that train’s movement. Pure genius, almost.
I’m pretty certain, given the speed of the collision, that the section of track outside the stations between Rosenheim and Holzkirchen was not equipped with any mechanisms for registering occupancy, and communicating that occupancy to trains in the section. So once the signal was displayed and the westbound was allowed into the block, the only thing that might have prevented a collision was line of sight distance.
Now, it’s possible that something else is the cause; that something somewhere malfunctioned to produce a “false clear”—the signal engineer’s nightmare, equivalent to the train dispatcher writing a lap order—and that the human operator in charge of the signals did not improperly authorize movement into the section of track.
That’s possible. But that doesn’t change the fact that such systems as PZB do not remedy the underlying, and fatal, weakness of any train control system that is not based—first, last and always, on the separation of the field from the office in determining occupancy."
An "expensive model collector"
n012944Semantics? Not at all. I have been critical of the dispatcher. What is telling is that you are so excited to be able to place blame on a railroad employee, that you won't listen to people who DO THE JOB, as to why he shouldn't have been able to do what he did.
Of course it is a case of semantics: broad vs narrow definitions. Did you design an ATC? Neither did I, but I can find, read and if necessary, translate reports of an accident. Can you?
C&NW, CA&E, MILW, CGW and IC fan
schlimm n012944 Avoid using the term? You might want to reread my posts, as I have used "the term" in everyone of my posts. The issue is that there was two cases of human error. The dispatcher for doing what he did, and the system designer for designing the system to allow the dispatcher to do what he did. Semantics. But it is telling that for a system as flawed in design as some suggest, this is the first and only time that a human manipulated the PLZ-90 in a manner that caused any problem.
n012944 Avoid using the term? You might want to reread my posts, as I have used "the term" in everyone of my posts. The issue is that there was two cases of human error. The dispatcher for doing what he did, and the system designer for designing the system to allow the dispatcher to do what he did.
Semantics. But it is telling that for a system as flawed in design as some suggest, this is the first and only time that a human manipulated the PLZ-90 in a manner that caused any problem.
Semantics? Not at all. I have been critical of the dispatcher. What is telling is that you are so excited to be able to place blame on a railroad employee, that you won't listen to people who DO THE JOB, as to why he shouldn't have been able to do what he did.
n012944Avoid using the term? You might want to reread my posts, as I have used "the term" in everyone of my posts. The issue is that there was two cases of human error. The dispatcher for doing what he did, and the system designer for designing the system to allow the dispatcher to do what he did.
schlimm I used the phrase because that is what the articles said and because that was determined to be the primary cause of the crash. You avoid using the term because you have a vested interest.
I used the phrase because that is what the articles said and because that was determined to be the primary cause of the crash. You avoid using the term because you have a vested interest.
Avoid using the term? You might want to reread my posts, as I have used "the term" in everyone of my posts. The issue is that there was two cases of human error. The dispatcher for doing what he did, and the system designer for designing the system to allow the dispatcher to do what he did.
BaltACD schlimm It's telling that you chose to omit the final responses made between wizlish and I, that we were quibbling about semantics of a narrow vs broader meaning of 'system.' I was simply providing a service by translating articles. And passing on the conclusions of the investigation. The dispatcher switched from the PLZ-90 to an alternate signaling device, according to reports. FYI: Fail-safe means that a device will not endanger lives or property when it fails. The PLZ-90 did not malfunction of fail. It was bypassed by the dispatcher legitimately to allow what he thought would be a safe meet. BTW, all systems (in the broad sense) can fail. Automated systems are clearly safer than when humans interfere. A signal system that can be 'switched off' without a exhustive series of checks and balances, that affect all trains in the territory of operation is a FAILED system.
schlimm It's telling that you chose to omit the final responses made between wizlish and I, that we were quibbling about semantics of a narrow vs broader meaning of 'system.' I was simply providing a service by translating articles. And passing on the conclusions of the investigation. The dispatcher switched from the PLZ-90 to an alternate signaling device, according to reports. FYI: Fail-safe means that a device will not endanger lives or property when it fails. The PLZ-90 did not malfunction of fail. It was bypassed by the dispatcher legitimately to allow what he thought would be a safe meet. BTW, all systems (in the broad sense) can fail. Automated systems are clearly safer than when humans interfere.
It's telling that you chose to omit the final responses made between wizlish and I, that we were quibbling about semantics of a narrow vs broader meaning of 'system.' I was simply providing a service by translating articles. And passing on the conclusions of the investigation. The dispatcher switched from the PLZ-90 to an alternate signaling device, according to reports. FYI: Fail-safe means that a device will not endanger lives or property when it fails. The PLZ-90 did not malfunction of fail. It was bypassed by the dispatcher legitimately to allow what he thought would be a safe meet.
BTW, all systems (in the broad sense) can fail. Automated systems are clearly safer than when humans interfere.
A signal system that can be 'switched off' without a exhustive series of checks and balances, that affect all trains in the territory of operation is a FAILED system.
Exactly
A system that allowed operator error of this kind to enter the equation isn't a system that did its job properly. It's supposed to prevent human error by a dispatcher or train crew, not allow it to happen.
Never too old to have a happy childhood!
It's telling that you chose to omit the final responses made between wizlish and I, that we were quibbling about semantics of a narrow vs broader meaning of 'system.' I was simply providing a service by translating articles. And passing on the conclusions of the investigation. The dispatcher switched from the PLZ-90 to an alternate signaling device (Z-1), according to reports.
FYI: Fail-safe means that a device will not endanger lives or property when it fails. The PLZ-90 did not malfunction of fail. It was bypassed by the dispatcher with 'special signal Z-1' legitimately to allow what he thought would be a safe meet.
Update:
The train accident with eleven dead near Bad Aibling could have been prevented if the railcar concerned would have fitted with the system RCAS. That says Professor Thomas Strang, who developed the system at the German Aerospace Center (DLR) in Oberpfaffenhofen. And that also says Heino Seeger, who by the end of 2012 was Chief of the Bavarian Oberland Bahn (BOB).
Seeger has tested the RCAS in his time as BOB head on their former routes. "The RCAS is the answer to prevent terrible conflicts like in Bad Aibling" says Seeger."I am sure that the RCAS is the future."
The abbreviation stands for RCAS "Railway Collision Avoidance System". "It is a technique that works completely independently of the system along the railway line," says developer strand. Equipment in the locomotives draws while moving all kinds of current data on the train, for example, the direction, the speed and the braking conditions. Over the radio, the devices are in contact and the same analyzes this data. "Now, when two trains, for whatever reason, come so close to each other that a collision is imminent, an alarm is triggered in the stands of the train driver, prompting them to an immediate emergency," says Strand. "When we designed the RCAS, we had the prevention of precisely such an accident scenario as in Bad Aibling in mind."
The articles stand on their own merits.
schlimmThe PLZ system did not fail; the dispatcher did by overriding it, as almost anyone would correctly read my comment. As a whole the "system" failed only by permitting human interference at that level.
I believe that you somehow managed to have missed his entire point.
This safety system, meant to safeguard against human error to prevent tragedies such as this, shouldn't be able to be overridden in this manner. By being able to be needlessly disabled, it didn't protect against human error, which created a situation that led to a fatal wreck. Thus it indeed failed.
The safety system is clearly flawed since it didn't prevent what was an easily preventable incident that clearly didn't have to happen. Like someone else said, look up what fail safe means.
PZB uses three frequencies to indicate speed restrictions: 500 hz, 1000 hz and 2000 hz, with the 2000 hz signal indicating "stop". Unfortunately, unlike at least some versions of US ATS systems, the absence of an appropriate carrier is not readily detected by a train's pickup - hence it's possible to "turn off" PZB. The enforcement zone is from the area in approach to the distant signal to the home signal, enforcing a stop in the absence of appropriate action by the train operator. US ATS pickups are supposed to notice if a transponder is out of service. One of the reasons for the development of coded cab signals in the 1940s was to eliminate the window between transponders.
The signal indication should have governed in the case of transponder failure. I's still possible for bad behavior to make things worse, since a "call-on" should only be good for restricted speed to the next signal.
A few years ago an Amtrak train rear-ended a stopped NS doublestack in Chicago when the engineer and an instructor resumed track speed after receiving a restricting indication.
The hope is that PTC will reduce the size of existing safety holes, but the possible misuse of overrides makes it unlikely they will be eliminated.
BaltACD I don't know how a single individual in US train operations can 'turn off' a signal system - ANY SIGNAL SYSTEM. There are any number of mistakes that a Train Dispatcher can make in the performance of their duties - turning off the signal system - IS NOT one of them
I don't know how a single individual in US train operations can 'turn off' a signal system - ANY SIGNAL SYSTEM.
There are any number of mistakes that a Train Dispatcher can make in the performance of their duties - turning off the signal system - IS NOT one of them
I am not sure if the reports of "turning off" the signal system are accurate, or just lay press simplistic reporting. There is already a Wikipedia article about this accident https://en.wikipedia.org/wiki/Bad_Aibling_rail_accident that asserts that the train director at Bad Aibling caused a "Substitution" aspect on the Exit Home Signal to be displayed, which indicates that the train may proceed past a stop or defective signal, roughly corresponding to a North American "Call On" signal. Several questions are raised in my mind, particularly since I don't understand, especially from a technical perspective, how train movements are protected. This line, like many in Germany (and some other European countries) has Home signals protected by Distant signals. The Home signals are contolled by either an operator under the direction of a Train Director or by the Train director directly.
Among the questions I have not resolved are 1) How are trains detected? 1a) is the detection over all territory as with typical track circuit systems, or is it only at selected points (e. g. wheel detectors)? 1b) Will the signals get automatically "knocked down" when the train passes them, or some other point, or dies the operator have to do this? 2) Are the opposing Home signals to a section of track mutually locked (I don't use the term interlocked to avoid confusion, but technically it's the same concept such as employed for the opposing head block signals in an APB signal system)? 2a) Are the 2 opposing Home signals controlled by the same person. 2b) If there is some form of check locking between the opposing Home signals does the system nevertheless permit a call on signal to be given?
After viewing the video linked by beaulieu on the 9th upthread it appears there is a station Bad Aibling Kurpark which has no siding and has a single set of opposing Home signals located just beyond the platforms (one on either side, staggered) on the Kolbermorr side, the latter being the station from which the second train should have been held. For the train director to have completed the intended move it appears that both the Kurpark and Kolbermorr Home signals would have to be cleared or called on.
Lots of questions on this one.
I don't understand how the dispatcher could shut off the entire system for all trains. Has someone else pointed out, the PZB seems to be somewhat similiar to Automatic Train Stop here in the US. Automatic systems like ATS, ATC and/or cab signals are able to be shut off, but on individual trains. Even PTC will be able to be shut off on a train if it fails. (Yes, large sections of signal systems can be shut off, but it requires signal department people in the field. Affected individual trains are notified about such things and there are rules and procedures for such occurances.) I just can't imagine a person in an office being able to push a button/throw a switch and turn off a safety system.
I wonder if the whole story is being reported? Could it be the reporters have simplified the explanation? Or were told a simplified explanation by authorities?
Jeff
schlimm n012944 Sad how certain posters on here seem almost glib that it appears to be human error...but sadly not unexpected. It is also inexcusable if the system permitted anything other than the equivalent of a restrict and proceed signal to be displayed. That is what needs to be addressed here. Tumble down can be a life saver. Glib? Because I went to the trouble of finding detailed articles and translating the more pertinent contents? It is what it is. Clearly evry system needs ways to override and use manual controls. But the dispatcher failed to inform either engineer that there was another train ahead, compounding his error. Glib? All I hear from our railroaders is a defense of the dispatcher by criticizing the system that he shut off. And not one word of sorrow for the passengers or two locomotive drivers (engineers) who were killed. A real tragedy that need not have happened.
n012944 Sad how certain posters on here seem almost glib that it appears to be human error...but sadly not unexpected. It is also inexcusable if the system permitted anything other than the equivalent of a restrict and proceed signal to be displayed. That is what needs to be addressed here. Tumble down can be a life saver.
Sad how certain posters on here seem almost glib that it appears to be human error...but sadly not unexpected.
It is also inexcusable if the system permitted anything other than the equivalent of a restrict and proceed signal to be displayed. That is what needs to be addressed here. Tumble down can be a life saver.
Glib? Because I went to the trouble of finding detailed articles and translating the more pertinent contents? It is what it is. Clearly evry system needs ways to override and use manual controls. But the dispatcher failed to inform either engineer that there was another train ahead, compounding his error.
Glib? All I hear from our railroaders is a defense of the dispatcher by criticizing the system that he shut off. And not one word of sorrow for the passengers or two locomotive drivers (engineers) who were killed.
A real tragedy that need not have happened.
It is sad that you think that by pointing out the flaws in the system that is somehow "defending" the dispatcher. This is not a mutually exclusive argument. The system that I use will permit me to override signals in certain situations. When it does permit me, it will not give signals in the field that would pemit trains to run at anything approaching track speed. A failsafe. The dispatcher failed the passengers and train crew, the system failed the passengers and train crew.
Interestly, I just went over this thread again, and counted the times you used the phrase "human error". Four. Not in a quote from a news article, just times you wrote it as your conclusion. And not one word of sorrow from you for the passengers or two locomotive drivers (engineers) who were killed. So yes, glib.
But you are correct, an avoidable tragedy.
BaltACDAnd systematic error that the human error permitted both trains to operate at track speed.
schlimm Wizlish schlimm So, thank heavens, not another Andreas Lubitz. I had been worried about that... And he did not test positive for alcohol when tested. As hard as it may be for some to accept, this was human error.
Wizlish schlimm So, thank heavens, not another Andreas Lubitz. I had been worried about that...
schlimm
So, thank heavens, not another Andreas Lubitz. I had been worried about that...
And he did not test positive for alcohol when tested. As hard as it may be for some to accept, this was human error.
And systematic error that the human error permitted both trains to operate at track speed.
Wizlish schlimm His behavior "was not consistent with the applicable rules in line", the Chief Public Prosecutor Wolfgang Giese said at the press conference. Had the man, who in 1997 completed his training for dispatchers, acted rule compliant, the disaster would not have happened. The investigators conclude from {I think a better one-word semantic translation ewould be 'not' here] intentional actions of the married 39-year-old, which is why he is not currently in custody. So, thank heavens, not another Andreas Lubitz. I had been worried about that...
schlimm His behavior "was not consistent with the applicable rules in line", the Chief Public Prosecutor Wolfgang Giese said at the press conference. Had the man, who in 1997 completed his training for dispatchers, acted rule compliant, the disaster would not have happened. The investigators conclude from {I think a better one-word semantic translation ewould be 'not' here] intentional actions of the married 39-year-old, which is why he is not currently in custody.
[translated from the SZ.de, the online version of Munich's national newspaper]
The train accident in the district of Rosenheim, in February 9 Eleven people died and 85 were injured, some seriously, has been caused by human error. This preliminary result was shared by investigators on Tuesday at a press conference in Bad Aibling .
His behavior "was not consistent with the applicable rules in line", the Chief Public Prosecutor Wolfgang Giese said at the press conference. Had the man, who in 1997 completed his training for dispatchers, acted rule compliant, the disaster would not have happened. The investigators conclude from intentional actions of the married 39-year-old, which is why he is not currently in custody.
What's the difference between PLZ and the (I thought it was) PZB system?
The thing is, that you stop being able to blame PZB the moment it's been turned off. I was making a point a few posts ago that a 'proper' safety system wouldn't have been capable of 'just being turned off' in a way that, as Balt noted, lets two trains (run by folks who would surely have known better than to run at track speed into known danger) collide head-on at high speed. It appears to me as if the system induced the wrong kind of trust as built: a sense that it would be safe to run trains with the system working, and no apparent indication to the runners when that safety was, essentially, arbitrarily shut off without warning.
There are some listed 'worthless things' in aviation: the altitude above you, the runway behind you, the fuel sitting in the truck. Here is a railroad analogue: the safety system that does nothing when it is arbitrarily overridden. (I have just been looking at the Amtrak 188 thread and have to wonder about the disabling of safety in the northbound direction 'because it was impossible to reach an excessive cruise speed up to that point in normal operation'...)
schlimm Human error. The well-meaning dispatcher turned of the PLZ controls. He will be prosecuted as well.
Human error. The well-meaning dispatcher turned of the PLZ controls. He will be prosecuted as well.
Dispatcher - Tower Operator
In the US there are procedures designed to protect against such a happening.
Did the German controller follow the proper procedures in allowing the train to pass - did he even attempt to comply with the procedures or are there no procedures in place.
If the track is signalled, why didn't the trains get downgraded signal indications as the approached each other.
The failure of the PLZ system is that both trains were operating at track speed despite the human error.
http://www.bbc.com/news/world-europe-35585302
I am guessing there were no intermediate signals, nor track circuits for any cab signals to react to on the segement of track where this happened.
schlimmwizlish: I think it's just a problem in semantics. I was using 'system' in the narrow sense, of the 'PLZ system' itself, while you are including the human override. But we are really saying the same thing.
Yes, I agree.
wizlish: I think it's just a problem in semantics. I was using 'system' in the narrow sense, of the 'PLZ system' itself, while you are including the human override. But we are really saying the same thing.
schlimm - what is your opinion of James Reason and his theories? What 'better' references have been produced since 'Human Error' was published, and what models would now produce the "safest" results for organizations trying to develop and adopt a good safety culture? What is new and significant in 'Organizational Accidents Revisited' (which came out last month and I don't have the money to get) that wasn't in the original?
Our community is FREE to join. To participate you must either login or register for an account.