Originally Posted by ”PJ2”
The ability to take the Airbus into Alternate or Direct Law resides within the design of the autoflight system but is a profoundly non-standard approach with this design and is entirely within test-pilot territory.
Originally Posted by ”PJ2”
I state this strongly because it is not even in the realm of an "ad-hoc, emergency response" to a badly degraded aircraft or flight control system. I could not see this kind of system intervention condoned or even considered by any Airbus pilot nor can I see it as a legitimate response in the present discussion.
Thank you PJ2, you have answered my question. As the only person in the thread that I know to have been an A330 Commander, I put great credence to your remarks. As I’ve already stated – I have never flown any ABI product or any other FBW transport. My very limited knowledge of FBW transports is all ‘book learning”, and far removed from thorough. I have no hands on experience nor do I have the advantage of an AOM to which I may refer..
I believe I understood the difference between the ABI concept and the Boeing concept prior to your post. I just wasn’t certain if there was some acceptable method for the crew [other than a switch] to bypass the other modes/Laws and go to Direct Law in a single step. I now understand there is not.
I understand that in the Boeing actual control of the servos is still achieved by wire as it is in the Airbus when in Direct Law/C* Law. I know that there are no cables, pulleys or push rods. Both airplanes are still controlled “by wire”. It is not a major issue for me, just a difference in philosophy.
I am not challenging that difference in philosophy here as I do not think it relevant to the accident. They were not in a Boeing and there is no point in debating any subtle differences that may exist nor the different thought processes of the respective manufacturers.
The essential decision by the design and engineering people is, because the autoflight system is beyond it's design capabilities either during a serious system failure (hydraulic, electrical or data-loss) or a "jet upset", (> 10deg ND, 30NU, 50deg roll, approximately), it can no longer reference and interpret the situation the aircraft is in and necessarily hands control over the flight crew.
That’s good information and part of what I was getting at, perhaps too indirectly by not trying to ruffle any feathers. My apologies if you felt your's were.
I knew that there had to be limits to the autoflight system, I just didn’t know what they were. Now that you’ve told me, it fits right into my theories regarding the possible cause of the event. I am not implying nor did I mean to imply that the upset was caused by the autoflight system. In fact I think that whatever happened to the airplane was the cause of all those messages sent after it occurred and during its duration. I believe that the upset would just as readily have occurred in a B777 as it did in the A330 given the identical scenario. Whether or not it affected the recovery attempts that must have followed is wholly unknown and I’m not speculating that it did or didn’t.
In and encounter with extreme turbulence the aircraft could easily, in my opinion, exceed 10deg ND, 30deg NU, or even 50deg of roll (although not so likely the latter) in either type. If that should happen you say it “hands control over to the flight crew”. I assume that means it reverts (or degrades as you put it) to the equivalent of Direct Law. Is that correct?
Any one of five flight control computers on the 330 will provide full use of all flight controls without restrictions.
Excellent and just as I surmised; there is a great deal of redundancy. Redundancy is required in all critical systems, including flight control computers. The more a particular failure mode is considered to be possible or likely, the greater the redundancy provided. Next question: What happens should all five computers become inoperative at once or in rapid succession? I think I know but I would like you to tell me.
I have to emphasize that there is nothing in the A330 design in terms of pilot interventions that were not available in the B707/DC8 design. The flight control computers do not mysteriously "modify" pilot input to do what the engineers and designers really want but haven't told the flight crew.
That is understood and in fact I took it for granted. It could hardly be otherwise or you would need astronaut training and have to revert to the phrase: “Houston, we have a problem”.
Whether or not what “they told the flight crews” has been adequate, or said crews got the ‘memo’ is another matter. Given the many recent “incidents” and the changing procedures, it appears it may not have been. When there is much complexity and information is inadequate the otherwise benign can readily become the mysterious. Like it or not, pitot failures will cause loss of data but should not create pitch-overs or other erratic behavior. The fact is they appear to have done just that.
To be clear because there is a question, in Alternate law 1 & 2, pitch law is referenced to 'g' loading, (same as Normal law). The AOM does not specify that Pitch Alternate Law restricts 'g' loading to "2.5" but I suspect they do. In Direct Law, the aircraft is a "DC8".
The essential question is, "can the pilot get whatever 'g' s/he can pull above certification limits (2.5 positive, 2.0 negative, flaps up)? The answer is, yes in Direct Law and likely no, in pitch alternate laws 1 & 2, (1 is the same as 2 in pitch).
I understand that as well. I do not mind your being “direct” at all, that is what I wanted; somebody who knows the airplane who will give me a direct answer and not a lot of malarkey. I trust you won’t mind my being direct either.
I don’t need to know the intricate programming of the software, I just need to know – what will it do - in a given set of circumstances – and what will it not do. You have been of great help. You answered my question and you also confirmed the beliefs I already had.
In other words, there are indeed limits to the capabilities of Normal Law, as well as Alternate law 1 & 2. Whether they are measured in terms of “g” or in terms of pitch up, pitch down, and roll, those limits CAN be exceeded, perhaps not by the pilot, but by other forces – such as extreme turbulence.
Although I may not have stated it with sufficient clarity, that’s been my premise all along and the reason for my queries. If I understand you correctly, that does NOT mean that the pilot is suddenly handed an unflyable airplane. It just means that he is now flying it in the equivalent of Direct Law. The fact that the signals to the actuators/servos are by wire, rather than by cables or rods is irrelevant.
In the event of a total electrical failure (not relevant to AF447 IMO) and/or loss of hydraulic pressure from the engine driven source, the pilot would still have ship’s battery to the ESS Bus (or whatever you call its equivalent) and hydraulics and electricity both from the RAT – if it deploys and functions. The airplane is controllable for at least battery life (I guess about 30 min) while the crew restores a better source of electrical power and/or relights and engine that supplies hydraulics. The airplane must have at least 3 hydraulic sources [A, B, & C or whatever nomenclature is used.], which is quite standard. Since it is a twin, either engine running would be sufficient as a source of both electrical and hydraulic power.
If total electric power is lost and cannot be restored or provided by the RAT, when the ships battery dies the ability to operate the servos ends and control would be lost. Likewise, If hydraulic pressure cannot be maintained by the RAT, or all fluid is lost, functional servos cannot direct non existent pressure to any control, and control is again lost.
My main point is: In extreme turbulence the limits of pitch, bank, roll, yaw, speed and “g” associated with Normal, Alternate 1 & Alternate 2 “LAWS” can, one or all, be exceeded in short order. I suspect that such exceedence, if experienced, would most probably trigger a host of warnings and flags in rapid succession – just as it triggers AP and A/THR disconnect.
If the airplane is heavy and already flying at or near is maximum altitude, an extreme updraft could easily place it above that maximum altitude and take it into the “corner”. In that case it will upset. Whether or not it could be recovered from the upset is pure conjecture. Such an updraft followed by a similarly severe downdraft could fail the horizontal tail surfaces or the fin, or the entire tailcone. In other words, extreme turbulence is the equivalent of “Tilt” in a pinball machine. Game over.
Feel free to correct me please, if you find any of this thinking to be off-the-wall. I’m not talking about a bump or two here or even about severe turbulence. I’m talking about extreme turbulence – which is essentially an unknown quantity – greater than severe. I’m not aware of any transport that has survived an encounter with extreme turbulence. Correct that too if you have knowledge of such and instance.
Did it happen like that? I do not know. I just know that AF447 was lost. We owe it to our brothers who flew it and those who rode on it to leave no stone unturned until we know why – that it may not be repeated if humanly possible. This I believe necessary even if one or more of the overturned stones happens to reveal unpleasantries.
I hope this is of some help - I'm being a bit "direct" only to save space and not to dismiss concerns. This is the way the system works - there is only complexity, but not mystery.
I say again, I have no problem whatever with your being “direct” and hope that you have no problem with my being equally direct.
Agreed, I see complexity, perhaps more complexity than truly necessary, but I do not see mystery.
In very broad terms, I see FBW as necessary in military applications. The maneuverability of a modern fighter cannot be achieved unless it is inherently unstable and inherent instability cannot be controlled without the aid of computers.
In transport aircraft that is not the case; they are inherently stable. We have it and are expanding its use because it is supposed to provide greater efficiency, less weight and save money. Does the cost of all the bells and whistles actually justify the effeciences gained? I don’t really know but I suspect not.
Me thinks the ultimate goal of automation is the eventual elimination of piloted aircraft. Think of the money that would save and you’ve just justified the cost. We’re a very long way from that but eventually it will be achieved and passengers will be quite happy with it assured as they will be that absolutely nothing can go wrong, go wrong, go wrong.
Meanwhile I will hope that an A380 doesn’t vanish in the night on its way to Perth while its crew leafs through the QRH in search of some obscure procedure, or fall victim to a disgruntled Bedouin with 500 souls on board. I hope too that the Dreamliner’s resin doesn’t become unglued or succumb to an undetected invisible crack in its fail-safe fuselage, or that its multiple electric motors that replace the hydraulics will not mysteriously fail when needed. We live in interesting times.
What happened to AF447 after 0215Z is immaterial in terms of systems design, aircraft response and crew handling.
That’s a pretty strong statement to make given the data currently available. Is there something you know that the rest of us don’t, or is that just your version of conjecture?
I note that the shuttle accidents are referenced in comparison to automation accidents regarding "tons of money" etc.
You misread my intent. The reference to the Shuttle bears but one resemblance to AF447 and it is this: Humans are not infallible at any level and neither is the technology they develop. Technology is also not superior to the forces of nature. The technology did not fail in the Shuttle losses; humans failed. As Robert Burns would say:
"But, Mousie, thou art no thy lane,
In proving foresight may be vain;
The best-laid schemes o' mice an 'men
Gang aft agley,
An' lea'e us nought but grief an' pain,
For promis'd joy!"