Originally Posted by
BDAttitude
1. As I wrote before, I am not sure that the five flips coinciding was transmitted correctly through the com. channel main stream media.
2. Even if it was, the astronomically small probability is irrelevant because it uncovered a massive shortcoming of the FCC to handle an exception that may occure through other failure modes as well. They can only be mitigated by choosing an appropriate architecture.
3. Time argument isn't sound. Time was enough to put the aircraft in an energy state and attitude preventing recovery. No, the ethipoian crew did not push the throttles forward during dive.
4. It has been proven by argument and experiment that pilots are unsuitable for pushing the occurance probability for a rare but catastrophic event from the 1e-6 range to the 1e-9 range. This is due to their human nature and not their training state.
1. I'm discussing the information about the simulator scenario described in the Gates Seattle Times article. If that information is wrong, then my comments about the scenario are irrelevant.
2. You can assert that the simulator scenario can occur through other failure modes, but the onus is on you to explain what they are and how likely they are to occur. Just asserting that an "electrical spike" could do this isn't good enough, unless you are prepared to explain how an "electrical spike" could flip 5 specific bits but not do enough damage to bring down the entire processor. Vague reference to "various hardware factors" adds nothing.
3. I assume you are talking about the simulator runs; however, there is nothing in the reporting that said either the 3 second or longer delay in responding to the runaway trim put the aircraft in an "energy state and attitude preventing recovery." All three pilots recovered the airplane when recognizing the runaway trim within 3 seconds. Two of the three pilots successfully recovered the airplane when taking a longer time to initiate recovery under the scenario as modified by the FAA (it would have been nice iff the Gates article said how long the FAA made the pilots wait).
3. I didn't say the ET302 crew advanced the throttles during the dive--I said the Lion Air crew appeared to have done so (look at the DFDR graphs in the Preliminary Report). I said I thought the ET302 plane was overweight.
4. We're not talking about events with probabilities in the 10**-6 to 10**-9 range. You say you previously pointed out that my analysis of probabilities is "misleading" but I beg to differ. There is no a priori basis for assuming that the 5 bit flips are not statistically independent. There is no architectural reason why they would be likely to be located in a single memory word (or byte) and I'm not sure there is even a scientific basis for assuming that a single neutron could flip multiple closely-located bits (as opposed to multiple neutrons flipping multiple bits independently). The Gates article quoted Dwight Schaeffer, a
former senior manager at Boeing Commercial Electronics, as saying “Five independent bit flips is really an extremely improbable event." So someone with knowledge believes these are statistically independent. I see no reason to start with the assumption that a former employee would throw out a red herring. Assuming statistical independence, a 1-megabyte RAM, and a 5 bit error occurring on every flight, the simulator scenario is testing something with a probability in the area of 10**-22 (not 10**-6).