Place holder for the discussion on Airbus 320 sensors/design/general accident matters etc (see Post 2280 in http://www.pprune.org/forums/showthread.php?t=284415&page=114 in R&N). If anyone posting here wishes a post from the R&N thread copied in to preserve the flow please let us know.

Well I know this may be interpreted as out of subject (the thread was split) but this comes as an answer to some (supposedly) experts here and as an effort to make some people see that Murphy's Law should always be considered everywhere, anytime.

Some excerpts from an study dealing with problems with a machine called "Therac25". Please someone point out whether or not its a trustworthy source:

Despite what can be learned from such investigations, fears of potential liability or loss of business make it difficult to find out the details behind serious engineering mistakes. (Underline is mine)

Most accidents are system accidents; that is, they stem from complex interactions between various components and activities. To attribute a single cause to an accident is usually a serious mistake. In this article, we hope to demonstrate the complex nature of accidents and the need to investigate all aspects of system development and operation to understand what has happened and to prevent future accidents. (underline is mine)

The paper can be obtained @

http://courses.cs.vt.edu/~cs3604/lib/Therac_25/Therac_1.html

study dealing with problems with a machine called "Therac25"

Leveson and Turner's study of the Therac accidents is a classic of computer safety. The link you gave is the most accessible on-line version. It's not on Nancy's WWW site.

I don't think any of the lessons from this story in computer safety in medicine has much relevance to aviation. The cultures are exceptionally different. Let me briefly indicate although it's halfway off-topic. The Therac story was a lot about incompetent engineering (also incompetent user-interface engineering and complete lack of safety analysis) as well as about the lack of any traceability of incidents histories. Aerospace pays a lot of attention to safety analysis and user-interface engineering, and has an international system (or collection of systems) for logging and learning from incidents (the all-operators Telex/Service Bulletin/AD system).

PBL

I don't think any of the lessons from this story in computer safety in medecine has any relevance to aviation. The cultures are exceptionally different.



I respect your opinion, PBL.

However all this makes me feel even more that history repeats itself...

flyingnewbie10:

For the last time - real-time systems such as those used in the A32/3/4/80 are a completely different paradigm and methodology to the imperatively programmed systems that the average person thinks about when discussing computers.

For the last time - real-time systems such as those used in the A32/3/4/80 are a completely different paradigm and methodology to the imperatively programmed systems that the average person thinks about when discussing computers


Everything ends up in imperative code: MOV, PUSH, POP, etc. Processors don't work in the functional mode.

Higher Level has to go to Low Level and there is where s... might happen (I said might).

For the last time, too: Investigators should be open to all possibilities. We have to know the system, how it synchronizes, how it takes input, how it process input, how it takes priorities and so on. Not just make general and pseudo-authoritative statements about it.

However I have a clear disavantadge to defend my point here, as our dear CENIPA says it found the TL pedestal but does not show any photograph or any impression about it. And then sends the piece to the potential "wolf"...

By the way I will ask again: Where are the docs about that (one) TL above idle warning ?

(P.S. : The information about the TL pedestal is confirmed news - from the last day of air traffic parlamentary commission)

Aerospace pays a lot of attention to safety analysis and user-interface engineering, and has an international system (or collection of systems) for logging and learning from incidents (the all-operators Telex/Service Bulletin/AD system).


I think human beings are the same whatever the industry they are engaged into.

Take that (again !!) TL above idle warning and what AI safety director stated about it before Congressmen.

BTW, my guesses:

1 - He was saying the truth (yet to confirm);

2 - The warning could work more frequently than "desirable", showing some problem with TLA sensors (maybe someone understands me here);

3 - The warning related procedure represented a risky overload to the A320 realtime computer system given the available processing capacity.

Forget the conspiracy theory


You should forget yours too.

I don't work for Boeing neither for any TAM 3054 victim.

But I am sure you work for AI somehow...