PPRuNe Forums - View Single Post - The Atlantic Glider. Some final notes
Thread: The Atlantic Glider. Some final notes
View Single Post
Old 15th July 2004 | 04:02
  #31 (permalink)  
arcniz
 
Joined: Sep 2001
Posts: 356
Likes: 0
From: 38N
The perceived complexity of computerized control systems often comes from the lack of access to clear functional descriptions of "how things work".

The whole technology of computing is barely 60 years old. Most of the programming concepts used in software design are less than 40 years out of the cradle. And the specific rules for a given system are often largely made up by the designers as they are going through the process.

Usually the best description of how the system works is the system itself! Unfortunately, proprietary interests combined with the lack of very effective intellectual property protection for software concepts used in small-volume production cause the design owners to intentionally obscure the exact nature of the processes by which values are determined and decisions are made. So they 'translate' the actual design into a simplified fictional design which appears in the public documentation and procedural manuals. Inevitably, errors in translation occur. And then misunderstandings follow. These errors can be expected to INCREASE over the design life of highly computerized aircraft families as incremental changes are made to systems based on intermediate documents or versions that convey incomplete understandings of the original system design concepts. This is the digital equivalent of metal fatigue.

Of course, undiscovered errors will occur in the original designs, as well. The identification and correction of these will depend on the rigor of analysis and testing during development, plus the trial-and-error realities of actual use.

Just as civil aviation authorities use a wide scope of sins to encompass the idea of 'pilot error', the aviation community should be a bit less respectful and a bit more critical of inadequately functional or simply dumb designs for computerized control algorithms and user interfaces. Embrace the concept of 'design error' as a correctable fault.

In the Air Transat case, the functionality of the Airbus fuel flow monitoring and alerting system was (and is) clearly less functional than similar systems that one can buy off-the-shelf and install in anything from a DC-3 to a Concorde. The lack of timely, precise, and meaningfull information about the vanishing life juices of that aircraft was the second designed-in trap (after the fuel line reversability) that led the pilots onto their nearly catastrophic dance with destiny.

Sure, criticize the pilots. But raise your standards for what is acceptable in aircraft systems. The flying community does not have to roll over just because A or B designs a system that is half-warm cr*p.

Insist on systems that work well and make sense.

Complain, on the record, when they don't.

Encourage exhaustive independent design review of the actual aircraft system designs at their most basic level of detail.
arcniz is offline