Tomorrow we will start killing you, or why we need engineers

    Hi, Habr. Under this pretentious heading, I would like to talk about what “engineering science” is, what is the main duty of an engineer and what happens if he cannot cope with it - it seems to me that recently this topic has become more and more relevant, while I do not see her public discussion.

    I was inspired by this story (with my active participation) last weekend with the “neural interfaces” of Bitronics Lab - children's educational sets for EEG removal and muscular activity, which upon closer examination turned out to be simply unsafe to use because of their failure to comply with the basic requirements. to the electrical safety of medical equipment.

    The story is very revealing in that it demonstrates how as the complexity grows, the system made up of seemingly safe components of the system becomes dangerous - and using the example of a simple, everyday and intuitive system, rather than an atomic reactor or jetliner, who love take as examples the authors of books like my favorite " Inviting Disaster ".

    In addition, on the one hand, this story with as happy an end as possible (the manufacturer quickly acknowledged the problem and is now working on its solution), and on the other, revealed depths that many people did not realize, having become history about people.

    So, a respected Russian company that has a whole pack of equally respected partners, does not cheap, but in demand modern training kits, using time-tested and considered perfectly safe components - Arduino, sensors, personal computer.



    It would seem that could go wrong?

    If you watch Bitronics training videos (especially, the site for some reason slips them instead of a description of the set), then the bundle will be more than obvious - this is a regular Arduino Uno board, an analog interface scarf for ECG sensors, several electrodes attached to the skin, and wires, makket and other trifle. The whole system is connected to the USB port of the computer. One of the electrodes in the example, from which the screenshot below is taken, is glued to the scalp immediately behind the ear.



    First problemwhich the authors of the kit did not take into account, begins with the fact that higher electrical safety requirements are imposed on medical equipment - and not just. The fact is that in most domestic situations, an electric shock does not cause the victim any harm, because a person instinctively pulls his hand off, breaking the circuit - deaths mainly occur when, before the impact, the person grabs the conductive circuit well enough so that the body jerk allowed him to unhook, and he can no longer open his hand, because the arm muscles are paralyzed by the current flowing through them (if the current exceeds the so-called release threshold, the value is rather small, only a few milliamperes).

    The problem with medical equipment is that electrodes are mostly fixed.on the patient in such a way that, in principle, he cannot free himself from them with a reflex movement — for example, in the case of removal of an EEG or ECG, they are glued to the skin. Moreover, for measurements, the highest quality contact of the electrodes with the skin is required, therefore, special gels are often used, which improve this contact. Finally, electrodes can be located at points that are even less pleasant in terms of electric shock than in everyday situations - on the chest in the region of the heart, on the head, and so on.

    In such a situation, currents of about 1 mA and sometimes less become dangerous, which in everyday life will cause a maximum of some unpleasant sensations. In addition, since a non-zero potential may be present on the electrodes during operation, a person may receive an electric shock even with fully functional equipment, for example, if he takes up a grounded object (instrument housing, radiator, water pipe, etc.).

    The current standards for the safety of medical equipment separately, explicitly and explicitly describe the case of current flowing through the patient's body in such situations - and prescribe very strict limitations of such currents: no more than 0.1 mA constant, no more than 0.5 mA once in the event of a malfunction equipment (and in some cases, the limits are reduced by another ten times, seeGOST 30324.0-95 ).

    But maybe everything is fine with us - after all, the Arduino is powered only from 5 V, this voltage will not give a current higher than a few dozen microamps? ..

    The second problem that the developers did not take into account is that on the computer case, in which their system is turned on, the voltage can be much, much higher.

    In general, this knowledge is trivial and accessible to at least every other enikei supplier - due to the widest use of sockets in Russia without a grounding contact and, moreover, without grounding connected to them, an AC voltage of exactly half of the network, that is, 230 / 2 = 115 V.

    The fact is that in the input filter of a typical switching power supply there is a pair of capacitors forming a divider between the mains supply and the computer case - during normal operation, when the computer is connected to a grounded three-pole outlet, the current through these capacitors goes to ground. These capacitors may be absent in the cheapest Chinese junk, but in any minimally decent technique they are, because the requirements for electromagnetic compatibility require filtering the noise generated by the power supply.

    If you have electrical wiring at home without grounding, then you can take an ordinary multimeter and, sticking it between a computer and a heating battery, personally see about 115 V and about 0.5-1.5 mA (plus or minus, depending on the other one included in computer equipment, in the power supply units of which there are also these capacitors).

    This is usually unpleasant, but not dangerous - accidentally touching the computer, heating the feet on the radiator will cause the user to get a slight tickle and withdraw his hand. However, users of the periphery, the same gaming keyboards in aluminum cases, regularly complain about the attendant sensations, and on Facebook they told me about a case in which the lack of grounding was dangerous at all - there was a grounding line between the sockets in the office, but it wasn’t was connected; the user, who took both the heating battery and the computer at the same time, did not receive 1 mA, but ten to twenty times more - because all the computers in the room were beating it with a current.

    However, we are talking about the Bitronics Lab suite, which:

    • connected to a computer without galvanizing, i.e. It has the same 115 V potential on all of its contacts as on an ungrounded computer case, with a short circuit current of 0.5-1.5 mA to the earth;
    • connected to the user by a special electrode, on which there is the same potential of 115 V;
    • the electrode is glued to the user's skin, and not just anywhere, but on the head.

    What effects will a user touch a grounded heating battery, I don’t want to think - I was told that with electrooculography, thirty volts randomly applied to the electrodes are perceived as the brightest flash before my eyes, but due to a different arrangement of the electrode, something like a light form will appear electroconvulsive therapy (according to current WHO rules, is prohibited for juvenile patients and requires written consent from adults).

    Moreover, even the grounding of the computer does not guarantee the absence of unpleasant effects - the heating battery may relate to a different ground loop than the ground in the sockets, and if they are not very well made, there may be a potential of tens of volts between them.

    Finally, a leak can occur in general on any other device, for example, on a cheap Chinese smartphone charging - and a carefully grounded computer itself will serve as a “lightning conductor” through which - and on its way through you - this current will freely flow. In this way, they die from the charging smartphone in the bathroom - the cast-iron bath and metal pipes are grounded, and high humidity dramatically increases the likelihood of breakdown inside the charger and simultaneously reduces skin resistance.

    Thirdly, the manufacturer does not even consider the option of faulty equipment - a power supply in a computer or other peripheral equipment, as a result of which an honest 230 V from the socket will fly to the ungrounded computer case and from it to the electrodes glued to the user's head. And it cannot be said that such a malfunction is so unbelievable - Bitronics Lab designers are designed for use by unprepared users in uncontrolled conditions, that is, there can be anything else as equipment.

    Chinese 200-ruble charges officially sold in Russian storesand at the same time having a gap between the primary and secondary circuits in the region of 1 mm (this is electrical strength in the region of 300 V, that is, even less than in an outlet of amplitude voltage in normal conditions), I took it apart and saw it personally.

    Now I would like to see how the engineers and management of Bitronics Lab say, looking into the eyes of their customers, the phrase “if in a set worth 25,000 rubles we would not save 500 rubles at a galvanic isolation, a cheap Chinese power supply unit would not have killed you - but with on the other hand, the Chinese are not to blame in any case. ”

    The case of Bitronics Lab, which produces children's kits that could potentially shock a child and even kill, of course, is not unique - in a bunch of articles on the same Habré devoted to the next smart socket, you can find a lot of violations of the banal electrical safety rules. How many such products are already on sale and circulation - one can only guess.

    So what is engineering?


    If you ask numerous activists of robotics and other STEM, they will most likely tell you that engineering is the science of creating machines and structures that help people. This is fundamentally wrong. Engineering is the science of creating machines and structures that do not kill people. Anyone can build a house, but only a good engineer can build a house that does not bury the residents under its rubble.

    Airplanes and rockets that do not fall from the sky, houses that do not bury under the rubble of residents, children’s designers who do not break with current, shopping centers that do not burn visitors to the cinema - all this is real engineering.

    image

    Engineering is one of the most regulated and documented areas of human activity, covered with hundreds of standards, requirements, procedures and recommendations. And all these documents are, in fact, written in blood - in the blood of tens of thousands of people who died because someone saved, didn’t calculate, didn’t foresee or warned.

    Engineering never relies on theses like "so far no one has been hurt by it" - because too many already relied on them, from workers at the Oppaou plant, who crushed ammonium nitrate with explosives because he had never detonated before (561 dead, more than a half thousands of wounded, the plant was completely destroyed, the adjoining city was partially destroyed), until the leadership of NASA, literally selling permission to launch the Challenger shuttle, because before the burnout of the sealing rings did not lead to an accident (7 dead).

    “We observed a similar phenomenon in the course of several previous flights, and we have absolutely no reason to worry about landing safety,” read the letter of the head of the last flight of the shuttle Columbia (7 dead).

    Engineering is a huge, colossal accumulated amount of knowledge about what and how to do so that no one is hurt.

    In order to understand that this or that construction will kill you, it is not necessary to use it at all, and even more so - to personally observe the problem. It is not necessary to burn a new shopping center to make sure that the lack of emergency exits will kill dozens of people - the requirements for emergency exits were described in the SNiPs a decade ago, and if there are no emergency doors on the shopping center's plan, then it is not necessary to draw conclusions about its insecurity. to visit, and even more so - to burn in it.

    It is not necessary, while sitting in the Bitroniksov EEG meter, to touch a grounded battery with your foot - the safety requirements of medical devices are also described in the standards many years ago, and they are described there not at the request of the left heel, but according to the results of investigations of deaths of people killed by medical devices before how these requirements have been described. And if there is no galvanic isolation in the EEG meter, then it is absolutely not necessary to put it on his head, and even more so - to beat oneself through him with a conclusion about his insecurity.

    Tomorrow we will start killing you.


    Unfortunately, although I see quite a lot of discussions on STEM education in Russia, they all boil down to how to teach schoolchildren and students to do something useful , but not something safe . Security issues, from elementary rules to security of complex systems, are simply not discussed, as if they do not exist - and if the word “security” sounds somewhere, then you can be absolutely sure that the words “work on the Internet” will be a continuation.

    And now we already see the 5-kilogram drones flying back and forth over the crowd of guests in Skolkovo, the ASI-supported project of electroconvulsive neurointerface, rocket engines exploding in garages and many other amazing things - so much that I personally start to frighten the time when everything these startups will grow up and start designing real airplanes and real medical devices with the same level of responsibility.

    How do those who already should have hammered into their heads react to this, that there is no more important goal than to prevent a person from being killed by a car?

    Let me give you some quotes from a discussion about the case of Bitronics Lab on Facebook this weekend. Directly with screenshots, because otherwise it will be difficult to believe in places that these are not grotesque fictional characters.

    Timur Bergaliev, the CEO of Bitronics Lab , does not understand what the problem is, and also believes that the 5-volt LDO in the Arduino will in principle be able to work as a fuse, if that:



    Yuri Ammosov , MIPT teacher , research supervisor Timur Bergaliyev, thinks that it is not necessary raise a noise around such a problem, but you just need to help Timur in a friendly way to stop trying to kill people:



    Andrei Guriev , a federal tutor in robotics for children's technology parks Kvantorium , believes that in the worst case, the user will receive a “cheerfulness charge”, but generally no one this especially not at fault would be:



    Yes, and in general all the hype, most likely, sucked from the finger:



    Even after the manufacturer has recognized the problemand the potential danger of the device, Mr. Guryev continued to insist that he did not see anything like that in this, the safety requirements for medical equipment do not apply to a toy EEG meter, and the whole story is just black PR ordered by competitors.

    Alexey Filimonov , brand manager of the Educational Robotics department of the Digis Group company , which supplies such products, has a lot of fun with Guriev. The dialogue, again, occurs after the manufacturer himself has acknowledged the existence of the problem. This is a very funny idea, isn't it, that a child can be electrocuted, maybe even dead?



    This is not to say that the problem was not completely noticed by the media - the “industry” publication Edurobots immediately released the newsthat says ... nothing. Like, here on Facebook a dispute broke out, Artamonov believes that everything is bad, and Guryev disagrees with him.



    I think that even on a Saturday evening, it was possible to find a third-party person with experience in working with medical equipment and understanding the basics of security for at least half an hour - at least walking through the comments on the same facebook, looking at the profiles of their authors and selecting a couple a person who has no obvious relationship to me, nor to Guryev, nor to Bitronics Lab, but who has relevant jobs.

    But no, why do something on a subject such as child safety? Let's better sit quietly and wait for the comments of our readers.

    Is that enough?

    It seems to me that if you are looking for a crisis in Russian engineering education, it is not at all that the robot did not travel fast enough along the lines somewhere in the competition.

    What shall we do with it, how shall we live with it


    If we talk about this particular situation, on Monday, Bitronics Lab acknowledged the existence of the problem and promises in the near future to all buyers of the designer to send electrical isolation for the USB port based on ADuM4160.



    If you do not touch upon the question that such a situation should not have taken place at all, then in current circumstances the Bitronics Lab reaction is as fast and adequate as possible.

    As for the global problem, to be honest, I don’t see a simple solution here - we are imperceptibly losing a whole branch of knowledge, at least in a public field. More precisely, not even the industry, but the methodology of work in it. Losing fun, with a twinkle, with jokes and jokes. Inside individual large companies, I think engineering culture will be preserved to some extent for a long time (who said “Roscosmos”? ..), but the education and constellation of young startups can be considered lost in principle.

    State certification and other regulatory measures will help a little - Russian laws are as strict here as they are optional. The safety certificate of low-voltage devices can be issued for 10-20 thousand rubles from a photo and without a single test, and the same Bitronics will never get to any medical equipment certification, because it will not declare itself as such.

    In general, only one thing remains - to make such cases as public as possible. No companionable help, no quiet sweeping of traces under the carpet - any mistake that endangers the life and health of people should become public. How do we like to speak at ASI NTI - “the digital footprint of knowledge and competencies”? Ignorance and incompetence should also have its own digital footprint.

    I emphasize that in this case I don’t really care how well the price of Bitronics Lab kits is justified, how well they perform the declared functions, how they are sold and those are all the details of the business that should concern only the seller and the buyer, well, maybe sometimes the tax office .

    But the release of goods that do not meet safety requirements, should be punished. And every developer, as well as his every manager, must understand that sooner or later - but this punishment will happen, and may cost him money, reputation, and the entire business.

    However, it is even more frightening how many people — including those who stand above a particular manufacturer, who stand on the part of the customer and who seem to be interested in solving such problems before they really show themselves — do everything to get the brakes down. and forget about it. They do not even try to understand something, they just immediately get up in a defensive position: these are all speculations, rumors, we know the manufacturer personally - the highest professionals work there (alas, I can’t give a screenshot or link, the author of this statement soon banned me; there was an employee of another university), you are rude, your tone is unacceptable, your assaults are paid for by competitors, we will not talk to you. Their song does not change even when the producer himself has already publicly stated both about the problem and its solution - no, there are still few facts, we still don’t believe

    I do not know what these people are afraid of - that their sales will fall? What will they get fired if it turns out that they trade in unsafe equipment for a year? And what do they hope for when it’s obvious to everyone that the problem has already come out - that all this will remain inside Facebook and will be forgotten in a couple of days, especially if you carefully remove references to your names from posts on this topic? What will their clients and management appreciate their prudence and business approach?

    In any case, you have to do something about it.

    Otherwise, in another 10 years, we will be buying Chinese electronics, if only because it is safer to use it.

    Also popular now: