COntroller duplication, update one and leave the standby on the previous
software version and fail over to the older version.
On Thursday, 9 March 2023 at 09:01:12 UTC+11 Matthew Geier wrote:
> On Wed, 8 Mar 2023 at 17:39, Tony Galloway a...@...> wrote:
>
>> Wasn’t that long ago there was no 2-way radio, digital or otherwise, and
>> trains ran just fine.
>>
>> Now everything stops without it - what a joke.
>>
>> Must be that wonderful ever onwards “march of progress” that makes
>> everything work so much better.
>>
>> Someone (a group of managers more like it) has written the operation of
> the train radio system into the SMS and made it a 'vital' system so if that
> system is not operational, they are not meeting all requirements for 'safe
> operation'.
> Never mind the railways ran for 100 years without radios and fancy digital
> trunked comms systems.
>
> Seems the concept of a driver looking out the front window and observing
> the status of the signal lamps beside the track is no longer considered
> 'safe'.
> There was no suggestion that interlockings had failed, or the actual train
> control systems were down, what they lost was the network-wide GSM-R-based
> train radio system. They couldn't talk between operations control and
> trains in the field.
>
> I observed the Cronulla branch being operated as a shuttle during the
> outage, showing some initiative on the part of Sutherland station master to
> take local control of the Cronulla branch. I've seen reports that Blacktown
> did the same for the Richmond branch.
> I just hope the relevant staff now don't get reprimanded for 'unsafe
> operations' for showing some initiative to keep things running. Not all
> station staff are safe working qualified anymore - I do wonder how they
> will formally withdraw the qualifications from SMs that still hold safe
> working qualifications, preventing any further local control initiative
> taking on their part again.
>
> They did a software update of the train radio controllers on the weekend.
> I suspect that update wasn't tested under a full load of a busy system - or
> tested long enough - the new software having a 'slow leak', so that it only
> works for a few days - then falls over.
> Vital systems should have redundant controllers with the software of each
> written by different teams so that the two don't have the same bugs. But
> that's expensive - doing all your R&D twice.
>
>