FireLinx considers safety to be our primary concern. Several questions have been raised as to the safety of distributed processing, mostly out of lack of understanding of this powerful technology. We encourage all customers to forward to us any questions they might have, and we'll answer them publicly in this forum.
- Software and hardware keys prevent modules from locking to outside sources.
- Grounding shunts on firing logic in addition to firing power keep circuits extra safe.
- Not one but two computers in each module monitor each other for proper operation and safe themselves if any error occurs. Agreement from both computers plus a specific key from the Command Module are required to enable firing circuits.
- Any loss of positive control from the Command Module causes shutdown.
- Each module is a wireless repeater, forming a communications mesh that keeps modules connected regardless of range, geography, or structures that might interfere.
- If a processor is reset the hardware takes over in a safe mode, automatically shunting power and safeing the switches.
Question: "I heard that during the seeking phase of the radio system, the modules can lock onto any source and that can be used to fire the module."
The Facts: Any wireless system does seek for its master transmitter's signal to establish initial contact. The Direct Sequence Spread Spectrum (DSSS) technology in FireLinx uses a predefined set of network IDs that identify a FireLinx network. In addition, the data packet that is sent must contain exactly the correct information to identify the source as a FireLinx Command Module. Contact must be established and physically confirmed by the operator well before the system is even charged for firing. This plus encryption means that the odds of a random signal occurring accidentally are about the same as getting hit by a meteorite that looks just like Elvis while bicycling in Nepal wearing lederhosen.
Once the Command Module and Firing Module find each other, they exchange random encryption keys which prevents outside communication even with other FireLinx systems. As an additional level of security, Each FireLinx product has a unique identification code. If two FireLinx Command modules are operating in the same area, the firing modules detect this and their lock to the correct system must be physically validated by the operator.
Question: "If the
field module goes rogue, how do you shut it down?"
Safety is always our first and foremost concern. There are a number of safety issues from the previous generation of systems that we have studied and worked hard to address. For example, many systems charge their firing capacitors or allow power to the firing circuits as soon as they are powered or when they prepare for a continuity test. The problem is that once the capacitors have any charge at all - even ¼ of a volt can fire an e-match - you are only one component away from firing the match. In addition, older systems used P-Channel MOSFET switches, which failed in the ON mode. These older switches were also susceptible to small voltage glitches at the input that could turn the switch on. These design flaws made it possible to have a match fire as soon as the power was applied. FireLinx never allows the firing system to charge until the system is Armed, and in fact three separate interlocks are required before the system can fire. These hardware safeties include grounding shunts not only on the power and firing system, but on the logic signals that drive the switches. The logic shunts can only be removed by a 32-bit software key that must be provided by the Command Module. We also use intelligent switches that switch only at 3.3Volt logic levels, not at random glitches.
As for going rogue, this is a valid concern for any RF system that is independently powered and users should know to check for a few simple safeguards. First, the FireLinx modules have built-in hardware "watchdogs", circuitry whose job it is to make sure the software is operating properly and shut down the processor if it is not. If a processor is reset the hardware takes over in a safe mode, automatically shunting power and safeing the switches. As a second level of security, FireLinx modules utilize not one but two processors, who constantly monitor each other for proper operation. No critical function, such as arming or firing, can be performed without agreement from both processors plus the key from the Command Module. Finally, the system has a "heartbeat" signal that must be maintained or the module automatically safes itself. All one has to do is turn off the Command Module, and all field modules must cease firing and safe themselves. The dual processor architecture guarantees that even a software failure in one processor will not prevent shutdown, as it can be performed by either processor independently.
In addition, the FireLinx Command Module has not one dual-processor system, but two complete sets. If anything happens to the electronics during the show, the second set can take over and keep the show going.