PPRuNe Forums - View Single Post - AF 447 Search to resume (part2)
Thread: AF 447 Search to resume (part2)
View Single Post
Old 26th May 2011 | 17:11
  #2466 (permalink)  
syseng68k
15 Anniversary
 
Joined: Jun 2009
Posts: 335
Likes: 57
From: Oxford, England
takata, #2450

Hi,

Thanks for the reply.

I thought you were perhaps being a bit paranoid, but yes, there are
always those in life who do little but try to find fault and apportion
blame. Iirc, others have said, the A330 has a decade or more of impeccable
safety record, so there can be nothing fundamentally wrong with it.
If airbus make recommendations to customers that they then choose to
ignore, or drag their feet in implementation, then it's clear who is
at fault. Perhaps part of the problem is that there is not enough
regulatory involvement. A recommendation is, after all, not a legal
requirement.

I'm not so clear about the second part of Fact3 paragraph, which, no
disrespect intended, looks a bit smoke and mirrors. Irrespective
of how complex such problems are, they *all* need to be identified,
together with a defined procedure to allow the crew to recover from the
situation. Anything alse is just dodging the issue. Perhaps this has
been done and is being ignored by the airlines in terms of training,
but not enough data here to comment on that.

The probe icing problem still nags though, one of the failure
modes of your "too complex" set and the first and critical link in so
many parts of the system. Looking in from outside, it really does
amaze me that this has been allowed to drag on for so long. As an insider,
perhaps you could comment on the reasons for this ?. Irrespective
of how serious the problem is in reality, fixing that would be one fewer
item to cause trouble and one more step towards the goal of "zero defects".

There's a good systems reason to fix it. While it's easy to design a system
that only ever gets fed good data, the software overhead involved
in trapping and recovering from bad data can be considerable and complex
in itself. Thus, more likely to have hidden faults in implementation. This
means that any primary data source has the added responsibility to ensure
unambiguous output at all times. That is, the data is always within expected
limits, or a clear error signal generated. Of course it doesn't absolve
the data consumers of the responsibility of doing their own checks, but
it's one less thing to have to deal with. In essence, it's better not to to
have to deal with errors in the first place. Better if they can be
designed / engineered out...
syseng68k is offline