Bad design -- no kill switch

R

rf

1 kW
Joined
Sep 18, 2007
Messages
381
I'm new here. Only not really. I built a very nice ebike with the help of smart folks here a few years ago. Rode it to work daily for almost a year. It failed and dumped continuous full-power to the rear wheel on a start from a traffic light. Rush hour. Front wheel came off the ground, no matter how much I stood up and leaned forward I couldn't bring it back down. Woke up in the street with a crowd of people staring down at me and ambulance attendees arriving. I recovered from the concussion in a couple days. At least I was wearing a helmet.

It was a prototype. I threw it together. It was my fault. It had no kill switch. Worse, it had a microprocessor in charge of everything with no emergency overrides. I'm a programmer, I should know better. Most likely the Cycle Analyst crashed while the system was at full throttle. It stayed at full throttle with no brains to impose limits. So I stopped riding it to work.

Now it's time to re-engineer the toy and make it work again. Safely. So I need some ideas for a kill switch or other similar safety mechanisms. Never trust a computer to impose limits when safety is at stake.

The machine:

* 26" moutain bike
* Crystalyte 408 rear wheel.
* 72-volt controller
* Cycle Analyst (early version)
* 72-volt battery comprised of 64 - A123 cells

Bike has a solid top/cruise speed of 40 mph. Okay, that's probably a bit crazy, but it's soooo much fun!

I'm thinking of simply adding a cutoff switch on the battery pack, stubbed out to the handlebars. But it would be nice if enough power remained to keep the Cycle Analyst functioning -- assuming it hasn't crashed. Yes, I know that's a bit messier. Every motorcycle I ever owned had a cutoff switch on the handlebars. Seems like a natural. (Or simply dumb not to have it.)

In addition it would be nice if the power cutoff extended to the last 1/8th inch of throttle travel ... just to be sure the harried rider doesn't have to think too much in an emergency.

If this has already been discussed (a dozen times perhaps) please point me in the right direction. It's been a while since I've been back here.

Mahalo!

Richard
 
Hmmm..ebrakes? When you pull either brake handle, it cuts power to the motor. Pretty much standard on all controllers. Most kits also have a kill switch. At least the ones I built did. Push button, same as ebrake except stays disabled until you push it again.
 
I was under the impression that it was pretty much a rule that you have to use ebrakes for this very reason. The ebrakes act as the kill switch at least, and at best, they activate the helpful ebrake as well. I suppose if that fails, a handlebar mounted on off switch sounds like a logical next step. However, most on off switches go to the controller, not the line between the battery. An on off switch for one of the battery pack lines sounds like a simple fool proof solution that would work no matter what.

Personally, if safety is a concern, I'd consider lower voltage, as you seemed to imply. I don't know if 48v will toss your front wheel in the air, but you'd probably be able to get around quick enough depending on your winding. I am honestly amazed you didn't get busted for having that much power on a bicycle. I suppose all you'd have to say is you slipped off your bike. What is your torque arm setup like by the way? It must be pretty tough to withstand that sort of setup. What kind of helmet do you wear?
 
:) My helmet was a Bell bicycle helmet. Broke it instead of my skull.

My larger point, which I might have made more explicitly, was that leaving the controller in control of everything is not good, or rather, I think it's wrong.

You don't route all cutoffs and safeties back through the same single point of failure and hope for the best. Controllers are fallible and complex. My controller with the third-party microprocessor-based Cycle-Analyst pulling it's strings is even worse.

I bought a DAK bread machine many years ago. It made great bread. One day I smelled plastic melting. It was the frame around the lid of the machine melting. The display was showing goofy nonsense. The microprocessor had crashed. It was supposed to be in sole control of cooking temperature. That was idiotic. It continued to melt down until I pulled the plug from the wall. The next model added a separate, mechanical high-temp cutoff switch. Duh!

Ebrake? Another signal to the controller. No, that's not enough. Redundant safety mechanisms are necessary. Why do all motorcycles have kill switches? Why do NO ebikes have kill switches? Electric cars have multiple master relays they call contactors.

http://www.diyelectriccar.com/forums/showthread.php/contactor-failure-49133.html

My ebike needs the equivalent of a master power contactor with a kill switch. An independent power disconnect between motor and battery.

Does that seem unreasonable?

I hate to add the complexity or sacrifice a volt or two of power. But it really seems unreasonable not to have it.

As far as lower power is concerned, the Cycle Analyst is programmable in that regard. But I need the extra power to ride up my hill to home. (Most cars will go way over the speed limit, not so they can break the law. Mostly so they can negotiate hills and stuff.)

Thanks,

Richard
 
There are a few different designs around on the forum for MOSFET soft start / precharge circuits, these are the ideal place to have the kill switch connected...ignition combined kill switch in one unit totally separate system to the controller/ CA circuit
 
rf said:
Does that seem unreasonable?
Click to expand...

No. (meant to say no, oops)

It seems you skimmed my post, perfectly reasonable, unless you were speaking to the other post. I totally agree with the cut in one of the lines directly from the battery, I did make a suggestion for that.

I'd like to see your torque arm setup, if you don't mind. I am curious.

I recently purchased a on off switch that uses a key, I wonder if I could splice that directly into one of the power wires from the battery to act as a kill switch. I definitely think it's a wise move to have that as an option. The on off switch I purchase is said to be rated for my voltage, who knows if that is true. If you do a good job of soldering and use thick enough wire, you probably wouldn't see much loss from the switch and such.
 
bowlofsalad said:
I recently purchased a on off switch that uses a key, I wonder if I could splice that directly into one of the power wires from the battery to act as a kill switch. I definitely think it's a wise move to have that as an option. The on off switch I purchase is said to be rated for my voltage, who knows if that is true. .
Click to expand...

It maybe OK for voltage, but unlikely any good for much current...I could be wrong and it could be some big HD key switch, or you are maybe running low currents..20 amps or so ..otherwise the current will be a killer for most of those switches.

If a controller has an 'ignition wire' then that is a possible place to fit a kill switch. The controllers I have seen power on the processor via the ignition switch, so cutting the ignition line kills power to the processor.
OK< so this does not protect from an internal short on the board keeping the MCU powered on, but it is a better way than nothing at all, even in the intervening period till a good high current main contactor / breaker is found.
 
http://endless-sphere.com/forums/viewtopic.php?f=2&t=12075&p=366904#p366904

Methods is going to be selling them I believe

http://endless-sphere.com/forums/viewtopic.php?f=14&t=48166

http://endless-sphere.com/forums/viewtopic.php?f=31&t=49026&p=723490&hilit=+precharge#p723490

http://endless-sphere.com/forums/viewtopic.php?f=3&t=40142&p=725528&hilit=+precharge#p725528
 
rf said:
It had no kill switch. Worse, it had a microprocessor in charge of everything with no emergency overrides. I'm a programmer, I should know better. Most likely the Cycle Analyst crashed while the system was at full throttle. It stayed at full throttle with no brains to impose limits
Click to expand...
You raise a good issue to discuss.,

However I think you have missed a possible fault condition. On hall effect throttles and typical ebike controllers a bad ground connection will let the throttle signal float high. It is also possible that the CA crashed, but a bad connection could also account for this.

Some things you could do:

- E-brake levers bypass the CA and override the throttle input so good idea even though it still depends on the controller processor.

- Controller power switch on the bars will power down the processor in the controller which for brushless motors will stop them from running. This works without depending on any software so I think this is sufficient.

- Having the battery cable or motor phase cables accessible for grabbing to yank the connector apart might be a good idea anyway in case of a short in the controller or motor or battery issue.
 
-dg said:
- Controller power switch on the bars will power down the processor in the controller which for brushless motors will stop them from running. This works without depending on any software so I think this is sufficient.

-
Click to expand...
Yep my view..often called the 'ignition ' wire on many controllers
 
A contactor would be better than a relay, but big automotive relays will often carry 40amps. You would want a 12v supply for the coil that you could break. A couple of 40a relays in parallel might be just the ticket. However the load is really quite a troublesome one, a contactor should really be used in a safety circuit.
 
Hence the reason for the solid state MOSFET switching devices...the one I wanted to post as a link I can't find, but on the forum somewhere is a MOSFET design switch/contactor unit
 
That's a lot of fast responses ... Thanks!

Sorry, Salad, I was responding to you and others at the same time. My torque arm is nothing special. With all the interest in it here and elsewhere I guess I'll have to look at mine more carefully. I've simply been lucky so far.

The Ebrake was someone's answer to the kill switch, I suspect. It's not sufficient in my mind. Especially since things take off again as soon as you let go. I think it was a nod towards simplicity at an inappropriate time and place. Kill switches are cheap and simple on a gas-powered engine. They're messy and expensive on electric power. And lives cannot be trusted to a single computer. Airplanes are flown by computer all the time -- but notice the triple and quadruple redundancy.

The work going on with contactors looks good, NeilP. That looks like the right place to hook in a kill switch. Other subsystem failures might want to hook in there too -- like the battery pack itself, low-voltage, over-amp, etc.
 
I forgot to mention. This bike never had the ability to do wheelies before that day or since. It took the full override of limits provided by the Cycle Analyst to allow the controller to put FULL power to the wheel. When the CA is awake it imposes stern limits on power. When it crashes you're stuck in whatever condition it was in before it lost it's mind!

The CA is a very nice tool. But a dangerous and poorly thought out one. Definitely something to think about.

There are ways to make single-microprocessor controlled systems respond more favorably during subsystem failures. To do so takes planning and thought. And there are places where a single-microprocessor is simply inappropriate and unsafe.

Richard
 
Kill switch requirements vary depending upon whether it's a brushed or brushless motor. AFAIC ebrake cutoffs are mandatory and a legal requirement in many locals.

Brushed motors require the ability to cut off the main power from the battery, and the only appropriate way is with a proper contactor.

Brushless motors only need a power cut to the brain of the controllers, because without the MCU our 3 phase brushless motors simply cannot run, because they require properly timed alternating pulses. The power on that circuit is quite low since the controller uses only well under 1 amp. That makes the physical requirements of the switch quite low. Personally, I don't like running pack voltage up to the handlebars, so my first line of defense are my ebrake cutoff activated by one or both brake handles. That makes sense because a rider's first instinct is to hit the brakes. I wire the controller's MCU supply through a conveniently located key switch, which also acts at my on/off switch, since my controllers take months to drain a battery pack when simply switched off there.

I don't see the need for anything more, and at the high current and voltage levels I run a DC contractor to be able to cut power mains would be about as expensive as one of my controllers. Even with the wire going up to the handlebars that activates your relay, an on/off switch like my keyswitches would still be required, because small wires like that, which are subject to bending every time the handlebars are turned and are relatively exposed, are too likely to be damaged or shorted. They can easily be cut or shorted in the same event as the ebrake wire, so I don't view them as adequate backup to each other.

John
 
John has it exactly right again. I'm surprised that you had such an incident on a brushless motor, it's pretty rare.

Brushed is another story, gotta kill all power to a brushed controller that fails. But just killing the ignition wire is enough for brushless controllers.

One option would be a deadman switch like they have on jet skis. Jerk the lanyard attached to your wrist off the bars, and it kills power to the throttle, or the controller brain power.

Or it could be like modern power tools, have a button you have to push to enable the throttle. If you let go of the button, the bike stops. But really, ebrakes should be sufficient. Keep one hand on the brakes, reach down and unplug the battery. You can't reach down and easily disconnect one handed? Fix that.
 
If your brakes can't lock the motor wheel under WOT you need better brakes.

But yes, you also need some form of emergency power disonnect in the event of major failure, smoking battery, etc. For my 30A bikes and under I make sure to have the battery-controller connection within easy reach.

Of course, you an add a ton of parts and deal with extreme complexity - high power/voltage stuff requires those steps. 40MPH would appear you've built a small emoto, not an eBike.

30A and under? Simple and fewer components the better IMO. Either way, your motor wheel brake should be capable of stalling the motor wheel under WOT.....
 
Good point, John. Killing a brushless motor shouldn't be that difficult or costly. Interrupting full battery power shouldn't be necessary.

Simpler, well-designed analog controllers should be relatively safe. Although I hate to part with it, the Cycle Analyst should probably be removed. It makes things a bit too unpredictable and dangerous. Too bad they didn't stick to data gathering. Giving it the ability to set things like top speed is what went too far. Rats.

Lots to think about.

Thanks.

Richard
 
What about these?
Kawasaki_Jet_Ski_Kill_Switch.JPG

My cell_man controller has a power on terminal, would it work?
 
As Ykick suggested, you still need full power cutoff for a number of other problems -- like fire.



Question about Ebrakes: I forgot, are they logic high? What happens if you cut the wire to the Ebrake signal?
 
rf said:
Although I hate to part with it, the Cycle Analyst should probably be removed. It makes things a bit too unpredictable and dangerous. Too bad they didn't stick to data gathering. Giving it the ability to set things like top speed is what went too far. Rats.
Click to expand...


Well don't part with it, just use it for what you need...Disconnect the pin 6 wire on a V2 CA, the green throttle override one, and it can be used just for what you want with no danger of it sending a control voltage down the throttle override line.
 
This sort of thing:

file.php


From this thread
http://endless-sphere.com/forums/viewtopic.php?f=3&t=40142.
 
So, to clarify: you have a CA V2 and it is not installed in normal limiting mode, but is custom wired for Current or Speed Throttle mode?
Is the CA working now or does the WOT failure persist?
 
rf said:
As Ykick suggested, you still need full power cutoff for a number of other problems -- like fire.
Click to expand...

Proper fusing is what covers that along with any other shorts in the power mains. That brings up an interesting question, should our packs have multiple smaller fuses to potentially minimize an "event" by protecting segments of the pack from shorts in other segments? This would seem especially warranted in battery types that are more volatile like R/C lipo so commonly used. It may do little good without physical segregation to prevent the heat from spreading and creating thermal runaway in adjacent packs, but I don't know enough to say.

John
 
You must log in or register to reply here.

Similar threads

T
*USED FOR SALE* Grin Technologies 52V eBike DIY Build
Replies
2
Views
1,348
tomceg123
T
R
    • Like
A critique of mid-drive riding recommendations (and hub drive criticisms)
Replies
15
Views
5,241
Bullfrog
B
B
2004 Rocky Mountain Switch 2kW
Replies
5
Views
920
Timmy@Ozz
T
E-HP
    • Like
DIY Newb FAQ?
Replies
20
Views
2,491
neptronix
neptronix
D
Considering this set-up. $300 Any thoughts?
Replies
19
Views
1,834
Ebuilt
E
Back
Top