Not sure if this has been brought up or not but I was thinking about a smart e-stop (or pause) that would be on the gantry so that if something happens where there is a perceived threat of danger or damage then you could hit the button.
The button would not function as a real e-stop but instead pause everything until its cleared and then it would resume. Were as will an e-stop you might need to start the whole process (of whatever was being done) over again.
Or it could be a multi-function push switch with pull until clicked being pause and push until click being e-stop. Probably need one at the main electronics bundle, and one on each side of the gantry.
This is a good idea and something that we would like to integrate. There are two options really as you’ve mentioned:
Hardware e-stop that cuts power to the whole device. This would be the “safest” solution but at the trade-off of being annoying during false alarms.
Software e-stop which would halt all motors and turn off all peripherals, etc. This would be a less-annoying version during a false-alarm, but could potentially fail to work if there was a software problem that caused the original emergency, which also prevented the e-stop from functioning.
We already have a software based e-stop function built into the web app, controller, and firmware. We also have a watchdog that doesn’t allow pins to be “on” for more than an hour I think (like a water pump for example) though this can be problematic in the case of implementing something like grow lights or fans. We’ve also talked about implemented a user configurable “safe state” that would allow the user to specify what state the bot should go into during an emergency. So for example the lights could stay on during an emergency state, but all other peripherals would turn off. This would be dangerous though and would need to be used with caution if modified outside of the “everything goes off” default.
Anyways, we’ll keep you updated on this front, and feel free to post any more ideas you have!
I think you could do both on one button. Down would be for e-stop because you would activate it on the farmbot (adding to spell checker) by slapping it down in an emergency and it would also lock stay down until twisted. And a pull out on the button could be pause because its the one you have more time to perform.
Sorry to say there is another option you missed here I will list the three.
Hardware e-stop that cuts complete system power.
Hardware e-stop that cuts like motor power but leaving power to like the raspberry pi control parts and informs them that they cannot proceed forwards. Advantage here is state at stop is still in logic and the system can save debugging information while remaining almost as safe as first type of hardware stop.
Software stop what is one of the most hazard forms due to software fails.
My second type of hardware e-stop is not hard to implement with the parts you have used. You will notice in ramps there is a power rail split between the power that feeds the motors and the power that feeds the logic controlling the motors this is here to in fact allow the second type of power stopping. Basically keep all peripherals on isolated power rails from what powers the raspberry pi and the Arduino mega so those lines can be cut making the second type of hard ware e-stop. Loss of power on the peripheral rails can be informed to the raspberry pi so allow it to store state. Stored state does help with debugging why did that malfunction.
Sorry I don’t agree with bagginsdata idea with pull out on a e-stop button for pause. This is totally not recommend. If you want software stop button add a pause button next to a hardware e-stop of one form or the other. The issue with pulling out on a e-stop button is the quite simple one the day you are panicked you pull out hard end up with the top of e-stop button in hand then with no way to operate hardware e-stop.
All safety buttons are push in for a reason. Human panicked pulling out breaks stuff.
I have no problem with that. But when I said pull up that was not for panic mode that was for a time when you calmly know that you want to get in the plot and do something but you dont want the system’s normal functions heading your way while you are there. It could totally be another button though.
And a fob that you carried with you and used off of you belt or key chain would be AWESOME!!!
(I just reread my post and see why you thought it was what I was talking about, sorry I am not always clear)
You did not consider users. Some people will want to pause because something is going kind of wrong. Anything like a pause button or a e-stop has to be classed as being used while in panic state. When building CNC machines and the like general work place heath and safety requirement to be inside law here also forbids having a e-stop with any extra task as well.
There are commercial made e-stop buttons that are stacked switch items.
Basically bagginsdada your idea of putting extra action on a e-stop from a space idea at first sound like good reality its bad in fact really bad due to how human react. Depending on country machine would be going to some countries e-stop with extra action is illegal with quite massive fines for the person owning the machine. So this idea of pull to pause should not be done. Extra push in button next to hardware e-stop for pause (software e-stop) can be done
Something else why the idea of yours is illegal in places. You have paused the machine something is going wrong still and you need to activate the e-stop so when person pushes e-stop button in for a short time frame the pause is released before the hardware e-stop is engaged. Different countries laws state that hit a e-stop cannot cause machine to undertake more actions and releasing pause could allow machine to send instructions.
And a fob that you carried with you and used off of you belt or key chain would be AWESOME!!!
A fob as a e-stop is a total pain. Notice how these are fairly big and make it clean about 160 hours of operation. To make a e-stop wireless the requirement is the bit away from the machine is constantly transmitting and the bit on the machine is constantly receiving. E-stop in wireless is triggered when the fob bit stops transmitting, Flat battery, Pressed, Out of Range, radio interference or Crushed are all triggers for the wireless e-stop. Yes run to grab phone and where phone is happens to be shield and you are wearing a wireless E-stop machine stops. Software pause button is a lot simpler to implement. A pause button does not have the mandated requirement that it absolutely works as a e-stop has.
Using pure software e-stop requires full source code auditing to be legal ins some countries. Software/hardware pause functions/buttons don’t have the same legal requirements. To understand legal requirement you are dealing with its key to use terms e-stop and pause covering different usage cases. E-stops have mandated functional certainty. Pauses if they don’t work bad luck.
Sorry to say bagginsdada I understood exactly what you said and I just happen to understand the legal requirements around e-stop and pause buttons. All safety buttons active there safety feature when pushed it and any pull out action is to restore normal function this rule applies to pause and e-stop buttons to stay legal globally.
This is one of the idea you hear all the time when people are trying to compact size of CNC control boxes and the like. It is purely no go.
Yeah I already said I of course would not have a problem with the e-stop being a separate button. Why would I? It was just an idea, a pass thought.
Would a pause fob still be legal and practical for a pause function only? I was not thinking about the constantly transmitting type but the car remote type.
Can you link the rules on pause buttons, I found a bunch on e-stops but cant find them and I would like to know.
http://www.plantengineering.com/home/single-article/e-stop-buttons-designed-to-enhance-machine-safety/cfd909cfecfe38f67473f740b6f613cf.html
bagginsdada e-stops have a lot of rules. A Category 0 stop immediately removes energy to the machine actuators
Yes 1) Hardware e-stop that cuts complete system power. 2) Hardware e-stop that cuts like motor power but leaving power to like the raspberry pi control parts and informs them that they cannot proceed forwards. Advantage here is state at stop is still in logic and the system can save debugging information while remaining almost as safe as first type of hardware stop.
These are both Category 0 e-stop solutions. As it says cut energy from machine actuators you are not required to cut power from the complete system. Master power switch must cut power from complete system yes that could be my 1 e-stop. The third option where you send a message to controller to stop is a Category 1 and is in fact harder to make because hitting the e-stop should start a timer that will do after a particular amount of time has past does one of the Category 0 stops. So controller informed then it gets so much time to safe park the machine. Adds a lot of complexity and risk because the machine does not instantly stop this is required with some robotic arms and the like where the joints have to engage parking locks or they will risk falling to the ground without power. Nothing about farmbot design suggests needing a Category 1 e-stop at this stage. There can be legal trouble at times using a Category 1 e-stop when a Category 0 e-stop could have been used. So you would always attempt for a Category 0 e-stop if having a e-stop and only using Category 1 if there is no other choice.
The thing is pause buttons don’t have direct rules. A general machine stop, go, pause that are not e-stop fall under a simple set of rule. They come back to a simple term in all OHS rules around the world. Must be design with operator in mind. Yes super vague written in to most of the OHS rules around the world but has huge legal meaning. Designing with operator in mind means allowing for operator panicky and putting way too much force on it. Also if pause button is next to e-stop you have to consider that human misses e-stop button hits pause button result should still be attempting to stop. So a pull out pause button next to a push in e-stop is basically will get you into legal trouble. Even placing toggle switches near e-stop can get you into trouble…
bagginsdada when ever designing a control interface for a machine you must consider the user is having a metal meltdown at the time while they are trying to use it. This is why your buttons around machines are mostly push in.
A pause or stop button or power off on a remote fob that only transmits when button is pushed is legal as long as you only call pause or stop or power off and looks nothing like a e-stop or a master power switch. As soon as you “call item”/“look like” e-stop or master power switch it has specialist legal requirements and anything near either of those items cannot cause if hit by mistake worst outcome or you have broken Must be design with operator in mind. so expect OHS fine.
In usage manual a transmit on press only remote would have to be written in operation manual for machine do not depend on any functions on this remote to function like a e-stop/master power switch. Yes just in case someone decides to come and inspect and checks the operation manual. Something else that is a trap is depending on how powerful the machine you are operating by remote some countries OHS demand that the fob has a led that flashes to show function when button is pressed and that is to stay inside Must be design with operator in mind.
So yes we can do a lot with controls bagginsdada and stay inside the legal rules. Staying inside legal rules is fairly much keep on checking against against the requirement of Must be design with operator in mind.
I would put master power switch, e-stop and pause with outer controls buttons as related under the common “direct physical controls”.
Why because design a pause system does involve taking in account not to cause issues if someone fits an e-stop or master power switch.
It is normally better to design direct physical control placement and the like with a unified overview. Unified layout would be useful in cases people go to assist with friends machine.
Even with a pause system you might want to have a relay to cut power off from motors like the bare min Category 0 e-stop. So I see possibility for some electronic overlap between the pause you want and e-stops.
This is the super fun part about the different terms. Just because you call a button pause on a machine does not forbid it performing an action of an e-stop advantage calling it pause you don’t have the same level of legal requirements. Pause button on a remote is heck lot simpler due to not having regulation.
E-stop and pause don’t have to be electronically completely different things. With pause it does pay to consider if like the power to motors and the like should be cut by relay to increase safety if person is moving around machine while pause is set. This again is Must be design with operator in mind. I high lighted that term out of OHS so much for lot of reasons because it is what caused the electronic side of e-stop and pause buttons to overlap. If machine will hold itself in position without power leaving power on everywhere with pause hit is bad design. Same applies to implementing just a simple stop button.
There are a lot of cases were people make the mistake of not powering stuff down with a relay in case of pause. Implementing pause correctly could truly involve putting everything in place that you could just wire a Category 0 e-stop button into the right place and it right also have created a system that support Category 1 or 2 e-stops without major trouble even that I prefer them not used.
So splitting this into two separate items could make life harder.