Daniel sent us this one — and it's one of those questions where the more you think about it, the stranger it gets. Trains run on fixed tracks. One degree of freedom. Forward or backward. No lane changes, no oncoming traffic to dodge, no steering decisions at all. So how do they still slam into each other? And what's actually involved in coordinating hundreds of trains so they don't all end up in the same place at the same time? It feels like it should be the easiest transportation problem to solve, and yet.
Yet we keep having catastrophic collisions. And here's the thing that grabbed me right away — this isn't really a story about driver error, the way car crashes are. It's about the fundamental physics of stopping something that weighs twenty thousand tons, and the coordination nightmare of sharing a single track among dozens of trains that can't see each other and can't stop quickly. The problem is way harder than it looks from the outside.
Which is exactly the kind of problem you love. So where do we even start?
Let's start with the number that blew my mind when I first dug into this. A hundred-car freight train moving at fifty-five miles per hour has kinetic energy equivalent to about one point five kilotons of TNT. That's roughly one-tenth of the Hiroshima bomb. And you have to dissipate all of that energy through braking systems that are distributed across a train that might be two miles long. This isn't like stopping a car. You're not just squeezing brake pads against a rotor and coming to a halt in a few hundred feet.
One-tenth of a nuclear weapon, rolling through downtown.
And the stopping distance for a fully loaded freight train at fifty-five miles per hour under ideal conditions is one and a half to two miles. Dry rail, good brakes, everything working perfectly. In practice, it can be longer. So right there, you have the core of the problem. The engineer can see maybe half a mile ahead on a straight track, less on a curve. But they need one and a half to two miles to stop. Which means that by the time they see an obstacle — another train, a car on a crossing, a rockslide — they physically cannot stop in time. The stopping distance exceeds the sight distance. That's not driver error. That's physics.
The engineer is essentially driving blind, in terms of being able to react to anything in their path.
And this is the first big misconception that most coverage gets wrong. When you hear about a train crash, the instinct is to ask, why didn't the driver just hit the brakes? But the engineer often has no meaningful way to avoid a collision once it becomes visible. The decision that matters happened miles back — whether to slow down, whether to stop at a signal, whether the dispatcher gave them authority for that section of track. The crash itself is just the physics playing out.
Which makes the whole system sound terrifying, honestly. So how do we keep these things from hitting each other in the first place? Because clearly most trains don't crash.
Right, and that's where the coordination systems come in. But before we get to signals and dispatching, let me geek out on the braking systems themselves for a minute, because they're fascinating and they're nothing like what most people imagine.
I want to understand what "hitting the brakes" actually means on a train.
There are three braking systems on a modern freight train, and they work in completely different ways. The first is dynamic braking. This is clever — you take the traction motors that normally drive the wheels and you reverse them, turning them into generators. The wheels are now being slowed by the resistance of generating electricity, and that electricity gets dumped into a resistor grid on top of the locomotive. You've probably seen those grids — they look like giant toaster coils — and they glow red-hot from dissipating all that energy. Dynamic braking is great for controlling speed on long downhill grades, but it fades at low speeds because there's not enough rotation to generate resistance. It can't bring a train to a complete stop on its own.
It's like engine braking in a car, but instead of just compressing air in the cylinders, you're actually generating electricity and turning it into heat.
That's exactly the right analogy. Now, the second system is the one that actually does the heavy lifting for stopping — the air brake system. This is the Westinghouse system, invented by George Westinghouse in 1869, and the basic principle hasn't changed much. Every car on the train has its own air reservoir and brake cylinder. A brake pipe runs the entire length of the train, and it's kept pressurized — typically around seventy to ninety pounds per square inch. When the engineer wants to apply the brakes, they reduce the pressure in that pipe. The reduction in pressure triggers a valve on each car, which releases air from the car's reservoir into its brake cylinder, pushing the brake shoes against the wheels.
Wait — so reducing pressure applies the brakes? That seems backwards.
It's deliberately backwards, and that's the genius of it. It's a fail-safe design. If the train separates — if a coupling breaks — the brake pipe is severed, pressure drops to zero, and every car on the train automatically applies its brakes. Same thing if there's a major leak. The default state is "stopped." You need active pressure to keep the brakes off. This is why you'll sometimes hear about a train losing its air and grinding to a halt — that's the fail-safe working as designed.
That's elegant. So the system is designed so that failure means stopping, not losing control. But I'm guessing there's a catch.
The catch is speed — or rather, the lack of it. The brake signal travels down that pipe at the speed of sound in compressed air, which is roughly nine hundred to a thousand feet per second. On a two-mile-long train, it can take thirty to sixty seconds for the last car to even begin braking after the engineer initiates a brake application. Think about that. The front of the train is slowing down while the back of the train is still rolling at full speed, and they don't know what the front is doing for up to a full minute.
The train is essentially fighting itself during braking — the front cars are pulling against the rear cars that are still pushing.
This is called "run-in" and "run-out" — the slack between cars compresses and extends, and managing that is one of the hardest skills in train handling. Get it wrong and you can derail your own train from the forces involved, even without hitting anything. This is also why the third system — the emergency brake — is not the simple solution it sounds like.
This is the "big hole" thing, right? I've heard that term.
"Big-holing" it. The emergency brake application dumps all the air from the brake pipe as fast as possible — a rapid, maximum reduction. Every car brakes as hard as it can. But here's the problem. When you apply maximum braking force across a two-mile train that's still in motion, the rear cars slam into the front cars because of the delay in the brake signal propagation. You can get massive in-train forces. Worse, you can lock the wheels. And when a steel wheel locks up on a steel rail, it creates a flat spot — a ground-down section of the wheel — within seconds. Now you've got a wheel that's no longer round, and its braking effectiveness is severely compromised. You've also damaged the rail. So in some situations, an emergency brake application can actually make things worse — you lose control, you damage the equipment, and you might not even stop faster than a controlled full-service application.
The thing that sounds like the obvious emergency response — slam on the brakes — is itself a risk. That's a perfect example of a system where intuition fails.
That's a recurring theme in rail safety. The intuitive solution is often wrong. The physics doesn't care what feels right.
Okay, so we've established that stopping is a nightmare of physics and distributed systems. Now the other half of the equation — how do you prevent trains from being in a situation where they need to stop in the first place?
This is where signaling comes in, and it's where things get both clever and concerning. The basic idea is that you divide the track into blocks — fixed segments, typically a few miles long — and you only allow one train in a block at a time. Signals at the entrance to each block tell the engineer whether the block ahead is clear. Green means at least two blocks ahead are clear. Yellow means the next block is clear but the one after that is occupied — so proceed but be prepared to stop at the next signal. Red means stop. This is fixed-block signaling, and it's been the backbone of rail safety for over a century.
The block length is calculated based on worst-case stopping distance.
You size the block so that even the heaviest, fastest train on that line can stop within the block length if it sees a yellow signal. But here's where it gets interesting — that calculation assumes the engineer sees the signal and reacts immediately. And it assumes the train's brakes are working at full capacity. Neither of those assumptions is always true.
What about moving-block signaling? I've heard that term.
Moving-block is the modern upgrade. Instead of fixed segments, each train continuously calculates its own safe stopping distance based on its speed, weight, brake condition, and track gradient. It broadcasts its position, and the train behind maintains a distance equal to its own stopping distance plus a safety margin. The blocks aren't fixed — they move with the trains. This allows trains to run much closer together safely, which increases capacity. High-speed rail systems and modern subways use moving-block signaling. But most of the US freight rail network is still on fixed-block, and a huge portion doesn't even have that.
The dark territory thing.
We'll get there, because that's where the really scary stuff lives. But first, let's talk about what happens when the human in the cab makes a mistake, because even the best signal system is useless if the engineer misses a signal.
This is where fatigue comes in, right? Twelve-hour shifts.
Twelve-hour shifts, often starting at odd hours, frequently changing schedules. The Federal Railroad Administration data from twenty twenty through twenty twenty-five shows fatigue as a contributing factor in fifteen to twenty percent of serious rail incidents. And it's not hard to see why. If you're running a train at three in the morning, staring at signals in the dark, the monotony itself becomes a hazard. Your attention drifts. You might not notice that signal change from green to yellow until it's too late.
The Amtrak one eighty-eight crash in twenty fifteen — that was the Philadelphia one, right?
Amtrak one eighty-eight, May twenty fifteen. The train entered a fifty-mile-per-hour curve at a hundred and six miles per hour. The engineer was distracted — he was reportedly concerned about a radio report of a rock-throwing incident on a nearby train and lost situational awareness. By the time he realized the curve was coming, it was far too late. Eight people died, over two hundred injured. The National Transportation Safety Board found that Positive Train Control — the automated system that could have overridden his speed — was installed on that section of track but not yet activated. The system was there. It just wasn't turned on.
That's infuriating. The technology exists, it's physically present, and it wasn't switched on.
That's not an isolated case. The twenty seventeen Amtrak Cascades derailment near DuPont, Washington — the inaugural run of a new high-speed service. The train entered a thirty-mile-per-hour curve at seventy-eight miles per hour. Three people died. Positive Train Control was installed on the locomotive and along the track, but it wasn't activated. The system was still in testing. So you had a train running at more than double the speed limit on a curve, with a safety system physically present but not operational.
Let's talk about PTC then — what it actually is, and why it took so long to implement.
Positive Train Control is essentially a government-mandated automated enforcement system. It uses GPS to know where the train is, an onboard database that knows every speed restriction, signal, and track condition on the route, and a computer that can override the engineer. If the train is going too fast for an upcoming curve, PTC applies the brakes. If the train is about to run a red signal, PTC applies the brakes. If the train is entering a work zone without authorization, PTC applies the brakes. It's the backstop for human error.
Congress mandated this after the two thousand eight Chatsworth collision in California — twenty-five people died when a Metrolink commuter train ran a red signal and hit a Union Pacific freight train head-on. The engineer was texting.
Congress passed the Rail Safety Improvement Act in two thousand eight, requiring PTC on all lines that carry passengers or hazardous materials. The original deadline was December twenty fifteen. It got extended. And extended again. The final deadline was December thirty first, twenty twenty — twelve years after the mandate. And even now, there are gaps. The system prevents certain types of collisions — train-to-train collisions, overspeed derailments, unauthorized entry into work zones. But it does not prevent derailments from track defects, bearing failures, broken rails, or bridge collapses. It's a specific tool for specific failure modes.
It's not a magic safety blanket. It's a targeted intervention.
And here's the other thing — PTC only works where it's installed. Which brings us to dark territory.
This is the part that genuinely shocked me when I first learned about it. Forty percent of US rail miles have no signals at all?
No signals, no automatic train detection, no PTC. These are the secondary and branch lines — lower traffic, lower speed, but still carrying freight, sometimes hazardous materials. In dark territory, trains operate entirely on what's called "verbal authority" from a dispatcher. The dispatcher issues a track warrant — essentially a permission slip that says you are authorized to occupy this section of track between point A and point B. The engineer reads it back, confirms it, and proceeds. There's no automatic enforcement. There's no system watching to make sure two trains don't have authority for the same track at the same time. It's purely procedural.
Which works until the dispatcher makes a mistake.
Or until the engineer mishears. Or writes down the wrong milepost. The whole system depends on a single human getting it right every time, with no technological backstop. And when it goes wrong, it goes catastrophically wrong.
The Springfield, Ohio crash.
February twenty twenty-four, near Springfield, Ohio. Two Norfolk Southern freight trains, head-on collision in dark territory. The dispatcher had given both trains authority for the same section of track. They were moving toward each other on a single track with no signals, no PTC, nothing to warn either crew. By the time they saw each other, it was far too late. Both engineers survived, but the locomotives were destroyed. And this is the thing — this wasn't a mechanical failure. It wasn't a track defect. It was a pure coordination failure. A single dispatcher managing hundreds of miles of track, issuing warrants verbally, and one error produced a head-on collision.
That's the dispatching problem, right? Let's go there, because the mental model of how dispatching works is fascinating and terrifying in equal measure.
Imagine you're a dispatcher. You're sitting in a control center, often hundreds of miles from the tracks you're managing. You have a computer screen that shows you a schematic of your territory — maybe two hundred, three hundred miles of track. You can see where trains are, but in dark territory you might only know their position from the last radio check-in. Your job is to issue track warrants — authority for trains to occupy specific sections of track — and to coordinate meets and passes. If two trains need to use the same single-track section in opposite directions, you have to arrange for one to wait in a siding. You're doing this for dozens of trains simultaneously, across hundreds of miles, often on twelve-hour shifts, often at night.
The tool you're using is essentially verbal communication over radio, backed by a computer system that's only as good as the data entered into it.
The system is called Track Warrant Control. The dispatcher issues a warrant with specific limits — milepost numbers, track names, time limits. The engineer copies it down, reads it back, and only then proceeds. If the dispatcher accidentally types the wrong milepost, or if the engineer copies it incorrectly, or if there's a miscommunication about which track the warrant applies to, there's no automatic system to catch it. Just two humans trying to coordinate through voice communication.
That sounds like the aviation system before cockpit resource management and automated conflict alerts. The "hint and hope" communication style I've talked about before — it's killed people across industries.
And it's still the standard operating procedure for a huge portion of the US rail network. The reason it persists is cost. Equipping dark territory with signals and PTC is enormously expensive — we're talking about an estimated fifteen to twenty billion dollars to fully equip US freight rail. The railroads have been resistant because these are lower-traffic lines and the cost-benefit analysis, from their perspective, doesn't justify it. Until a crash happens.
Let's talk about the different types of collisions, because I think that'll help people understand the failure modes.
There are three main types. Rear-end collisions — a following train fails to stop and hits the train ahead. This is what signaling is primarily designed to prevent, and it's what PTC is most effective against. If the signal system is working and PTC is active, rear-end collisions should be nearly impossible. Head-on collisions — two trains on the same track, moving toward each other. These are almost always dispatching errors or switch failures. One train is given authority for track that another train is already occupying, or a switch is misaligned and sends a train onto an occupied track. These are the deadliest because the closing speed is the sum of both trains' velocities. And side-swipe collisions — at switches, crossings, or when a train overhangs onto an adjacent track. These are less common but still dangerous.
The switch failure mode is interesting. A single misaligned switch can send a train onto the wrong track.
Switches fail in multiple ways. They can be manually set incorrectly by a maintenance crew. They can be damaged by weather — ice and snow can prevent proper alignment. They can have electrical failures in the control system. In dark territory, switches are often manually operated, so there's no remote indication to the dispatcher that a switch is in the wrong position. A train approaches, the crew doesn't know the switch is misaligned, and suddenly they're on a track they weren't supposed to be on, potentially heading toward another train.
The twenty twenty-three East Palestine derailment in Ohio wasn't a collision — it was a bearing failure that overheated and caused a derailment. But it illustrates the same point about undetected failures cascading.
East Palestine was a mechanical failure — an overheated wheel bearing that wasn't caught in time by the trackside detectors. But the broader lesson is the same. The system has layers of defense — signals, PTC, detectors, dispatcher oversight, crew procedures — and a crash happens when multiple layers fail simultaneously. East Palestine was a bearing failure that should have been caught by the hotbox detector. The detector did trigger, but the crew didn't have enough time to stop before the bearing failed completely. One layer worked, but not soon enough, and the next layer — the ability to stop quickly — was limited by the physics we talked about earlier.
What you're describing is a system where safety depends on every layer working perfectly, and when one layer fails, the others often can't compensate because the physics gives you no margin.
That's the fundamental tension. Rail safety is a battle between physics and coordination. The physics says you can't stop quickly. The coordination systems — signals, dispatching, PTC — are designed to ensure you never need to stop quickly, because you're always separated from other trains by enough distance and time. When the coordination works, the system is extraordinarily safe. When it fails, the physics takes over, and the results are catastrophic because there's no second chance. No steering to avoid the obstacle. No braking reserve. No shoulder to pull onto.
Which brings us to the surprising insight you mentioned earlier. The safest trains are the ones with the most automation, and the most dangerous are the ones with the least.
If you look at safety statistics globally, the systems with the lowest accident rates are high-speed rail networks like Japan's Shinkansen and France's TGV, and modern subway systems. These have moving-block signaling, continuous automatic train control, and essentially no dark territory. The Shinkansen has carried over ten billion passengers since nineteen sixty-four with zero fatalities from derailments or collisions. That's not because Japanese engineers are better at driving trains — it's because the system is designed so that the human can't make a catastrophic error. The automation catches everything.
At the other end of the spectrum, you've got US freight in dark territory.
Where the accident rate is orders of magnitude higher. Not compared to cars — rail is still far safer per passenger-mile than driving. But compared to what's achievable with modern signaling and automation, the US is lagging badly. The European Train Control System, ETCS, is the European equivalent of PTC, but it's more advanced — it's a moving-block system with continuous communication between trains and control centers. Europe has been rolling it out for two decades. Japan has had similar systems since the nineteen eighties. The US is still struggling to get basic PTC fully operational on all required lines.
The cost argument — fifteen to twenty billion to fully equip US freight rail — that's a lot of money, but it's also a fraction of what the industry spends on stock buybacks and dividends.
The Class One freight railroads — the big ones, Union Pacific, BNSF, Norfolk Southern, CSX — they've spent tens of billions on shareholder returns over the past decade. The fifteen to twenty billion to fully implement modern signaling and PTC across the entire network is entirely within their means. It's a choice, not an impossibility. And every time there's a crash in dark territory, that choice gets harder to defend.
If someone's listening to this and they hear about a train crash on the news, what should they be asking? What's the framework for understanding what actually went wrong?
First, was Positive Train Control active on that section of track? If PTC was active, certain types of collisions — train-to-train, overspeed on curves, unauthorized entry into work zones — should have been prevented. If a crash happened despite PTC, it's probably a derailment from a track defect, a bearing failure, or a bridge collapse — things PTC doesn't cover. Second, was it dark territory? If there were no signals and no automatic train detection, you're looking at a coordination failure — probably a dispatching error or a miscommunication. Third, was fatigue a factor? Check the time of day, the crew's shift schedule, and whether the engineer had adequate rest. Those three questions will tell you most of what you need to know about any given crash.
That's useful. A mental model for parsing these incidents rather than just absorbing the headline.
The thing is, train crashes are almost never random. They're not acts of God. They're the result of specific, preventable failures in coordination or enforcement. The system knows where the vulnerabilities are. The NTSB investigates every crash and publishes detailed findings. The same failure modes recur — dark territory dispatching errors, fatigue, PTC not activated, track defects that weren't caught in time. The knowledge exists. The question is whether the industry and regulators will act on it.
Which leads to the forward-looking question. We're seeing moves toward autonomous trains — Rio Tinto's AutoHaul in Australia is fully driverless freight, the UK is trialing driverless freight trains. The pitch is that removing the human solves the fatigue problem, the distraction problem, the miscommunication problem. But does it just swap human error for software failure modes?
That's the open question, and it's a real one. Autonomous trains eliminate human fatigue and distraction, but they introduce new failure modes — sensor failures, software bugs, cybersecurity vulnerabilities, edge cases the system wasn't trained on. The Rio Tinto system works because it's a closed network — no grade crossings, no passenger trains, no mixed traffic. It's a controlled environment. The challenge of making autonomous trains work on the general rail network, with mixed traffic, grade crossings, and unpredictable conditions, is orders of magnitude harder.
The coordination problem doesn't go away — it just moves from human dispatchers to algorithms. You still have to manage shared track, meets, and passes. You're just hoping the algorithm doesn't have a bug that puts two trains on the same track.
The fundamental problem — physics plus coordination — remains the same. Automation changes who or what is doing the coordinating, but it doesn't eliminate the need for coordination. And in some ways, it makes the system more brittle. Human dispatchers make mistakes, but they also show judgment in ambiguous situations. An algorithm follows its programming exactly — which is great when the programming is correct, and catastrophic when it isn't.
The train is almost a perfect metaphor for complex systems generally. Safe by design, but only when every layer of defense is actually working. And the next crash won't be a surprise — it'll be a predictable failure of a known vulnerability that wasn't addressed.
That's exactly the right way to think about it. The rail industry knows where the vulnerabilities are. The NTSB has documented them exhaustively. The question is whether we're willing to pay to fix them before the next crash, or whether we'll wait until after. And historically, the pattern has been to wait until after.
Now: Hilbert's daily fun fact.
Now: Hilbert's daily fun fact.
Hilbert: In the eighteen sixties, scientists studying the aurora borealis from the Aleutian Islands used a device called an "electroscope" to detect what they believed were cosmic rays — though the term "cosmic rays" wouldn't be coined until the nineteen twenties. The word "electroscope" comes from the Greek "elektron," meaning amber — the substance that first revealed static electricity to ancient philosophers — and "skopein," to observe. The Aleutian researchers were, in a very literal sense, observing amber-energy from the stars.
Observing amber-energy from the stars.
This has been My Weird Prompts. Thanks to our producer, Hilbert Flumingtop. If you enjoyed this episode, leave us a review — it helps other people find the show. You can find every episode and full transcripts at myweirdprompts dot com. I'm Corn.
I'm Herman Poppleberry. We'll catch you next time.
