Disconnect and reconnect power at least once every 120 days, but maybe it should be every 25 days.

Wot cood posiblie go rong?

It's as if the writing of and functioning of software in aircraft systems isn't the subject of standards. If only software engineers could anticipate the remote possibility that the software they design will be running continuously in hardware that doesn't take a coffee break.

From what I’ve been told there certainly is.

The New Zealand Transport Accident Investigation Commission is merely acting on a request for assistance from Chilean civil aviation authorities who have jurisdiction over investigating this incident due to the airliner being in international airspace when it occurred and the airliner being on the Chilean civil register. However, because NZ was the nearest country and that is where the airliner landed and is now grounded, I guess it is only natural for Chilean civil aviation authorities to ask TAIC to secure all evidence until they can get their own investigators to Auckland. Under the Transport Accident Investigation Commission's charter, they are required to render assistance to foreign civil aviation and maritime authorities if requested. For those of you outside NZ, TAIC's mandate is to investigate, on a no blame basis, accidents and serious operating incidents in the aviation, maritime and railway transport modes. Their primary purpose is not to point the finger, but to get to the bottom of what actually occurred, any relevant background information, what can be learned from the findings, and how such an occurrence can be prevented from happening in the future. Any legal prosecutions in NZ come not from TAIC, but from other government agencies and regulatory bodies, such as NZ Civil Aviation Authority, NZ Maritime Authority, Waka Kotahi NZ Land Transport Agency, or NZ Police.

Airbus gave flight crew a heads up about erroneous sensor inputs causing uncommanded nose down inputs before QF72? News to me.

I'm no fan of Boeing. The 787 is a piece of garbage. The single point of failure behind the MAX accidents is abhorent design philosphy. No argument from me there. I just dont get why Airbus seems to get a freep ass when the only reason that 330 didn't spear into the ground precisely as the Max did was luck. At least the Max pilots had a memory item specifically designed to address the trim runaway in the 737. No such procedure in the 330 back in 2008, unless I"m mistaken?

Anyway, let the Boeing bashing continue. Any manufacturer that makes me sit there and twist the heading bug whilst in managed lateral navigation for 10 hours at a time deserves all the criticism it gets.

System redundancy at Airbus at least means that: redundancy. Different systems. At Boeing, it's misinterpreted to mean "more of the same".

Airbus's ELACs are truly redundant Motorola and Intel systems at the hardware level, and programmed in different languages, by different teams, precisely to provide redundancy at the code/microprocessor level. You might get a hint of why that matters right about when all three GCUs fail at the same time in a 787 because of a coding error.

See here for more detail: https://www.pprune.org/tech-log/5175...ls-a320-2.html

I'm also noting that Boeing did another booboo with their integrated IRSs in the 787 that can no longer operate independently of GNSS. That's (really) bad news when you're being spoofed.

The 787 (and the MAX) are piss poor designs that should never have been approved to fly. Can't wait for one of the first few 787's that came off the line to get a lightning strike in the wing. They're an accident waiting to happen. Which is only acceptable in which world? Right. Accounting world. And that's who runs that company these days.

Shame.

More speculation
 

Concerning: 2. What is programmed to occur to the pitch flight control surface positions (primarily elevator and THS) when electrical power is lost...when electrical power is restored..?

One possible scenario could be a pilot trying to maintain attitude during the outage by control input - unsuccessfully - then power being restored while a (possibly full deflection) input is still being applied...

For those interested in the FAA’s directive regarding depowering the CDN/aircraft, the link below will explain it somewhat.

https://ioactive.com/reverse-enginee...ess-directive/

Sweet! :E
Sounds like they are running Windows OS. At one of my customers, the boss bought an accounting system running on windows, using SQL Server als Database. Three years ago they were forced to add a POS (PointOfSales) module issuing the cryptographically linked cash-receipts as per government anti-fraud-laws.
Since then, every 3 weeks +/- one week one of the 10 cashier systems would lock up (while cash customer is waiting).
Manufacturer "looked into it" didn't find anything to fix and installed a Sunday morning reboot of application and database server,
problem "solved the Microsoft way".

The merchandise handling system (the one I wrote) runs 24/7 on an ORACLE database on Linux (yes, open source). Current uptime is 300 days (e.g. since last hardware failure). In my 35 years of experience I cannot imagine any problem on Linux that would "require" a server reboot to clear.
One of the biggest Austrian Banks I do consulting for is running slightly north of 300 ORACLE Databases on Linux, including multi terabyte trading systems,
and not one of them "needs" periodical reboots.

Lesson to learn:
any system that needs regular reboots to keep working contains abysmal software not thorougly tested.
If after start, cruise and landing an FMC accumulates "debris" data that needs to be cleared by reboot the software is crap,
not thorougly cleaning up data traces after completing the "landing" phase.
That could be because the designing engineers were idiots, or because cost cutting mangement did not provide them with ample resources for thoroughly testing before claiming "read for business".
You may guess what my experience in that field is.

hint:
I've witnessed a european airlive got bust because clueless management went from hierarchical database system to relational database (e.g. total redesign) w/o having their own engineers lead in that process and impatiantly declaring "transition done" when it wasn't.

‘Hey. What does this button do?’ Oops!

Is this a good old case of " One can seldom encounter a problem so serious that ones rash or ill-thought-out reactions are incapable of making the problem much worse."

https://www.aviationtoday.com/2015/0...-software-fix/


Avionics Today 05-05-2015] Boeing will provide a software update later this year to address an issue that causes the 787 Dreamliner’s Generator Control Units (GCUs) to simultaneously go into failsafe mode after being powered continuously for 248 days. The FAA has issued an Airworthiness Directive (AD) calling for 787 operators to address the glitch, which is caused by a software counter internal to the GCUs that will overflow after 248 days of continuous power, the AD states.

https://www.aviationtoday.com/wp-con...ng20787209.jpg

Boeing 787-9 Dreamliner. Photo: Boeing

According to the FAA’s directive, when a 787 has been powered continuously for 248 days, it can lose all Alternating Current (AC) electrical power due to the GCU software anomaly. The directive requires a repetitive maintenance task for electrical power deactivation on 787s.

“This condition is caused by a software counter internal to the GCUs that will overflow after 248 days of continuous power. We are issuing this AD to prevent loss of all AC electrical power, which could result in loss of control of the airplane,” the FAA’s directive states.

Boeing plans on issuing a software update for the 787 by the fourth quarter of 2015 to address the issue.

Originally, Boeing observed this GCU software issue during lab testing after eight months of continuous power. After discovering the issue, Boeing recommended the AD’s mandated actions to operators on April 19, 2015.

“It is important to note this issue was observed in the lab only after eight months of continuous power, which would be highly unusual. All operators have already completed the cycle off-cycle on fix, and they know how often they need to do it in the future until the software update arrives later this year,” a spokesman for Boeing told Avionics Magazine.

Most importantly, the AD addresses an anomaly that would only occur under extremely rare conditions within normal airline fleet schedules. By performing a power-off/power-on cycle, operators eliminate the risk that all six generators aboard the aircraft would lose power at the same time.

In the directive, the FAA indicates that in the occurrence that the four main GCUs associated with the engine mounted generators were powered up at the same time, the four GCUs would all fail at the same time. This would result in a “loss of all AC electrical power regardless of flight phase,” the AD states.

Boeing 787 fleet maintenance records indicate that all in-service airplanes have already performed a power-off/power-on cycle within their ongoing maintenance schedules. Operators that have a definitive record of a power cycle within the last 120 days do not need to take any immediate action, Boeing has confirmed. A total of 28 aircraft in the U.S. registry are affected by the AD, which has also determined that the cost of the electrical power deactivation is one work hour at $85 per deactivation cycle.
Since it first entered service in 2011, Boeing has delivered 258 total 787s, and has a backlog of 847 undelivered Dreamliners.

So is the system so stupid that it doesn’t even warn of the impending need to power off if it hasn’t been done by the correct interval?
Why does it let the aircraft take off if it will decide to shut everything down half way through the flight?

Outrageous! What monkeys are coding these things ?

HP and Dell managed to sell a lot of Enterprise class SSDs (solid state disks) made by SanDisk, where the firmware programmers managed to implement an operating hours counter that causes the thing to irrevocably brick, as soon as it reaches 32768 (2 to the power of 15) hours.
https://www.thestack.technology/ssd-...hours-sandisk/
In an instant all your terabytes of data on the SSDs - while still "stored" - cannot accessed anymore.
And the unit cannot be patched, as it doesn't talk to the outside world anymore.

Now, if you installed a couple of them in a server, for redundancy for instance, the tiny variations of the internal clocks
will have them die within for example 10 hours of each other, just like the EC135 accident at night over Edinburgh when
the second engine (twin engine redundancy, we've heard it) went silent some 32 seconds after the first one,
while the POH claims the differently sizes tanks should(!) cause a 4 minute delay between fuel starvations.

Boeing engineering? The same outsourced low cost software engineers?

https://www.industryweek.com/supply-...hour-engineers

Remember some big brains who didn’t anticipate Y2K.

That shutdown is not a planned feature ( hence no advance warning) but result of a miscoded counter software !

I think you're crediting "the system" with intelligence, when it fact it's just following a set of pre-defined rules.

It doesn't look ahead. It doesn't anticipate. It doesn't know that it will have to shut down. It just reaches a particular timed point at which (if I understand correctly) the software falls over.

That's assuming of course that it is a software issue. Which given that a 'fix' was apparently made available several years ago is by no means nailed on.

For crying out loud! Exactly this subcontractor company's "engineers" two years ago needed diskspace for a task in the huge bank I mentioned earlier. They found a directory containing a lot of files named arch<blabla>.log . Thinking these are just left over log files they deleted them w/o talking to the grown ups.
But it was the transactions logs of database which are pivotal for being able to recover the database in case of media failures.
Luckily one of us overpair european dinosaurs discovered that mess and took counter action.

One would think management immediately cancelled that subcontract and employed a couple more local pros, being thankfor "lesson learned w/o damage".
But we all can guess who still is allowed and payed to mess with central, business critical banking databases.

Too cheap to get rid of, seems to be management's motto.

Is it ever likely that an aircraft would remain electrically powered up continuously for 248 days? Possible, certainly but likely?
And when was the last time that LATAM 787 was totally dark?

hopefully not the CCR reset switches 😀