PPRuNe Forums - View Single Post - AF 447 Thread No. 9

2nd Aug 2012, 03:46

#952 (permalink)

RR_NDB

Join Date: Feb 2011

Location: Nearby SBBR and SDAM

Posts: 875

Likes: 0

Received 0 Likes on 0 Posts

Causal, non causal, fault tolerance and graceful degradation

Quote:

if Airbus had presented the information loss of speed in such a way that it is comprehensible in 1 second

I´ll repeat: It is VERY EASY to diagnose UAS before the garbage coming from the Pitot´s destroy the confidence of the crew in the machine.

And it seems airbus SAS had no competence (an absurd approach imho) to implement a better solution. Delegate was natural. Easy, no investment.

And it would be easy, later to blame dead guys.

But,

If the man-machine interface (a good one, assertively) presented a clear indication the history certainly would* be completely different.

Who would ignore or not believe an alarm (garbage coming from the sensors) AND resulting anomalies like degradation.

I insist, F-GZCP had:

1) A ridiculous design WRT UAS (no redundancy)

2) An absurd man-machine interface behavior aggravating a "minor" issue (a brief probes "cold")

Result:

A critical and dangerous System. And the POB of F-GZCP paid it.

(*) Specially if training was developed to this scenario. BTW a very simple training.

I´m sorry the way i put. It´s sad. IMO the accident was designed by Airbus SAS. The victims were the operator (with some % of responsability, obviously) and all POB.

The crew errors (all, like CRM, etc.) occurred after two very serious design issues.

Technically speaking i repeat: It is very easy to detect the UAS onset. And even to (automatically) disable the subsystems in order to not process garbage and feed it to non properly trained pilots.

Therefore the effective System (plane+crew) could benefit from a non causal approach: It´s output could occur before it´s input. Why? Because after UAS detection you block the garbage to contaminate the System. A System with several other problems as the recommendations suggest.