DozyWannabe

But in this case there was no apparent "confusion" over laws. The drop to Alternate was called by the PNF, but the PF either didn't notice or disregarded the call. At no point does the PF question why the aircraft is respnsing the way it is and at no point does he quesiton the fact that the aircraft is clearly not in a protected mode.

Because the system works differently to other airliners. Traditional layouts have the AP designed with hard limits, whereas the Airbus design has those limits as part of the flight control logic. In any case, it's not a good idea to use AP when there is a pitot/static failure as the AP limits can take an aircraft right up to the edge of stall (see the Birgenair 757 case).

It's more of a jump from Normal to Direct than it is via Alternate, that's for certain - and because autotrim is designed to replace manual trim by feel (because there's no backdrive), a systems failure in the middle of bad weather is not a good time to be made to do it for real.

A lot of lay folk (and indeed the press) are unaware that the T7 is in fact full FBW, because the fact was not publicised as widely when the T7 was launched. The T7 computers *did* come under a lot of scrutiny during the BA038 investigation - especially in the early days before the AAIB ruled them out as a contributing factor.

I've said this before, but the Boeing system is in fact more complex than Airbus's from an engineering standpoint because of the backdrive. In fact it would have been unwise to attempt backdrive on the A320 because of the immense amount of extra complexity involved - the almost decade-long gap between the A320 and B777 projects meant that the hardware could handle the extra load safely.

The most concise way of describing the difference in approach to protection is that the Boeing system significantly increases resistance to yoke movement when the safe limits are reached whereas the Airbus system simply holds the aircraft in the maximum commanded attitude deemed safe.

Comparing the systems statistically is difficult because the Airbus system is applied across the range where as the Boeing system was applied to only one model (two now that the B787 is in service).

Totally - I was referring to failure modes only. Because one can egress from a fighter in mid-air, a failure mode in which the system can regress to a single data feed if necessary is workable. In an airliner it's simply not reliable enough because there are more lives at stake, and they don't have banng seats.

"Graceful degradation" is an engineering term that simply means that the system is designed to keep the remaining system components functioning in a way that can assist the operator, rather than dumping them in the cacky at the first hurdle. It has no bearing on the way the operator uses that system in a degraded state!

The myriad failure modes are grouped into "Laws" simply to aid understanding. In this case, Alternate Law exists to keep the aircraft handling as close to the way it does in Normal Law as it can, so that a pilot is not thrown into a situation where the aircraft is suddenly handling differently across all axes of movement. The pilots only need to remember one thing really - outside of Normal Laws the aircraft is effectively unprotected and needs to be treated as such. Which is not to say that it's not a good idea for pilots to understand the control laws - they should. But the only need-to-know golden rule is that out of Normal Law you need to be careful with manual control inputs.

Airliners do - it's in the nature of the beast.

That happens automatically - autothrust disengages with AP in this situation.

Because there's a worst case scenario failure mode where the failure is in the hardware logic rather than the sensors. If the aircraft is attitude-limited in an inappropriate way because of this then a situation can arise where the aircraft cannot be recovered.

Trust me - no procedures were followed here, standard or otherwise. My personal feeling is that the PF was in the grip of a startle response at AP disconnect from which he never fully recovered. At no point does he talk about control laws and at no point does he acknowledge the information that is in front of him - he simply grabs the stick and starts heaving on it.

If the systems behaves as advertised it will stay within all limits up to the edge of that limit if the pilot tries to exceed them.

There are technical questions that need addressing - the Stall Warning design needs looking at, as well as a backup system that will disable and latch FD in the case of UAS where Normal Law is not recovered among other things. Similarly organisational issues - why the UAS procedure was not drilled into these pilots, why it was the norm that two pilots who had no high-altitude manual handling training or experience were in a position that cut safety margins a little too fine - again, among other things.

But the psychological/human factors investigation is where the heart of solving this accident lies and I'm loath to even try to unravel that.