Reports of A400 Crash, Saville, Spain
Join Date: Apr 2014
Location: Washstate
Age: 79
Posts: 0
Likes: 0
Received 0 Likes
on
0 Posts
A400M crash due to fubar data
https://www.yahoo.com/tech/s/exclusi...--finance.html
Exclusive: A400M probe focuses on impact of accidental data wipe
basically some torque calibration data got wiped during software installation/checkout. Missing that data, computers decided engines were maybe harmed and to prevent further damage- simply shut down- Three out of four engines..
HAL wins again !!
So much for ' fail safe' modes due to garbaged data...
Exclusive: A400M probe focuses on impact of accidental data wipe
...Yet as the pilots took off, another safety feature came into play only to turn against the crew, industry experts said.
Without the vital data parameters, information from the engines is effectively meaningless to the computers controlling them. The automatic response is to hunker down and prevent what would usually be a single engine problem causing more damage.
This is what the computers apparently did on the doomed flight, just as they were designed to do.
"Nobody imagined a problem like this could happen to three engines," a person familiar with the 12-year-old project said.
Without the vital data parameters, information from the engines is effectively meaningless to the computers controlling them. The automatic response is to hunker down and prevent what would usually be a single engine problem causing more damage.
This is what the computers apparently did on the doomed flight, just as they were designed to do.
"Nobody imagined a problem like this could happen to three engines," a person familiar with the 12-year-old project said.
HAL wins again !!
So much for ' fail safe' modes due to garbaged data...
Join Date: Jun 2009
Location: Paris, France
Age: 62
Posts: 61
Likes: 0
Received 0 Likes
on
0 Posts
Missing calibration parameters on 3 engines, detected after getting airborne
Exclusive: A400M probe focuses on impact of accidental data wipe | Reuters
I can't understand why a very possible failure mode (lack or erasure of parameters) is not self-detected (e.g. by a checksum/hash mechanism), and reported in pre-flight checks. Note: I'm an engineer designing security-critical software (though no safety-critical as in aviation).
(..) the key scenario being examined is that the data -- known as "torque calibration parameters" -- was accidentally wiped on three engines as the engine software was being installed at Airbus facilities. (..) European NATO buyers have now been instructed not to use the Airbus computer system that was used to conduct the software installation on the A400M, people familiar with the order said. (..) the first warning pilots would receive of the engine data problem would be when the plane was 400 feet (120 meters) in the air, according to a safety document seen by Reuters.
Last edited by fgrieu; 10th Jun 2015 at 05:37.
Join Date: Mar 2006
Location: USA
Posts: 2,515
Likes: 0
Received 0 Likes
on
0 Posts
I've long been skeptical of FADEC systems that decide that an engine should go to idle, or shut down absent pilot input. In many cases (eg uncommanded reverser deployment), it's easy to see the logic, but I've always thought that it's best to have some sort of override built in, just in case of corrupt data.
The latest twist in the tale - Airbus is now running out of ramp space to park its grounded A400Ms Airbus running out of room to park grounded A400Ms - IHS Jane's 360
Sycamore
I had to chuckle at your "park em on the grass". I put this down to how we sometimes miss the glaringly obvious. It reminded me of a story from the space race in the 60s. Apparently the Americans spent $10 million trying to develop a biro type pen that would perform in zero gravity. The soviets used a pencil.
I had to chuckle at your "park em on the grass". I put this down to how we sometimes miss the glaringly obvious. It reminded me of a story from the space race in the 60s. Apparently the Americans spent $10 million trying to develop a biro type pen that would perform in zero gravity. The soviets used a pencil.
Join Date: Oct 2002
Location: ɐıןɐɹʇsn∀
Posts: 1,994
Likes: 0
Received 0 Likes
on
0 Posts
Originally Posted by Sycamore
It reminded me of a story from the space race in the 60s. Apparently the Americans spent $10 million trying to develop a biro type pen that would perform in zero gravity. The soviets used a pencil.
A common urban legend states that NASA spent a large amount of money to develop a pen that would write in space (the result purportedly being the Fisher Space Pen), while the Soviets just used pencils. There is a grain of truth: NASA began to develop a space pen, but when development costs skyrocketed the project was abandoned and astronauts went back to using pencils, along with the Soviets. However, the claim that NASA spent millions on the Space Pen is incorrect, as the Fisher pen was developed using private capital, not government funding. NASA – and the Soviets - eventually began purchasing such pens.
Fisher Space Pen Co.
Join Date: Feb 2006
Location: Hanging off the end of a thread
Posts: 32,891
Received 2,829 Likes
on
1,207 Posts
Park them on the `grass`...they are `tactical `aircraft after all...
Join Date: Aug 2014
Location: New Braunfels, TX
Age: 70
Posts: 1,954
Likes: 0
Received 0 Likes
on
0 Posts
I had to chuckle at your "park em on the grass". I put this down to how we sometimes miss the glaringly obvious. It reminded me of a story from the space race in the 60s. Apparently the Americans spent $10 million trying to develop a biro type pen that would perform in zero gravity. The soviets used a pencil.
1. NASA used pencils all through the Mercury and Gemini programs. It was not until Apollo that they used pens.
2. The "space pen" was developed commercially by the Fisher company at zero cost to NASA or the government. (And it cost $2M to develop, not $10M) It did not sell well commercially because it was pricey. Not until they sold their pens to NASA did Fisher call it the "Space Pen", but they made a bundle from that point on. Indeed Fisher claimed that their space pen saved the astronauts on the moon on Apollo 11. The toggle for the switch that armed the launch engine for the lander broke off. Buzz Aldrin used a pen to reach inside the switch to close the circuit and launch the lander. Fisher still markets the space pen and still claims it saved Apollo 11. But in his book Buzz revealed that he did not use a Fisher space pen to do the job.
3. Russia used (and continues to use) Fisher space pens on all its Soyuz flights as well as Mir and ISS flights. Its still the only pen that works in zero G.
Opinion is divided on that one, Ken.
Ballpoints don't feed by gravity, the feed by capillary action. Most won't work if held upside down for any length of time because the -1g tends to pull the ink away from the ball and, once separated from it, the ink loses its capillary action. Zero g is a different matter. There is no force to pull the ink either way so the surface tension can do its work.
One of the astronauts on ISS (or was it Space Lab?) tried it with a ball point he nicked from NASA and reported in his blog that it was working fine.
That said, if the 50c biro stopped working they wouldn't be able to do their homework any more so the space pen is certainly a safer option!
Ballpoints don't feed by gravity, the feed by capillary action. Most won't work if held upside down for any length of time because the -1g tends to pull the ink away from the ball and, once separated from it, the ink loses its capillary action. Zero g is a different matter. There is no force to pull the ink either way so the surface tension can do its work.
One of the astronauts on ISS (or was it Space Lab?) tried it with a ball point he nicked from NASA and reported in his blog that it was working fine.
That said, if the 50c biro stopped working they wouldn't be able to do their homework any more so the space pen is certainly a safer option!
I've long been skeptical of FADEC systems that decide that an engine should go to idle, or shut down absent pilot input. In many cases (eg uncommanded reverser deployment), it's easy to see the logic, but I've always thought that it's best to have some sort of override built in, just in case of corrupt data.
But it wasn't a FADEC system. FADEC systems are certified under engine rules and have their own backup, fail-safe protocols. If a FADEC system had it's data wiped beforehand you wouldn't even have been able to takeoff.
The linked articles suggest that they have the ability input engine specific torque calibrations - but as a long time engine guy it's inconceivable to me that the FADEC would not have a 'default' torque calibration, and/or set some sort of no-dispatch message (or even prevent the engine from starting) if the engine specific torque calibration was corrupted or "wiped".
We're still not getting the full story.
I've long been skeptical of FADEC systems that decide that an engine should go to idle, or shut down absent pilot input.
a sensed unsafe condition (e.g. rotor overspeed), or
failures have made the FADEC incapable of safely controlling the engine.
I know there is still a certain skepticism of FADEC, but the fact is that engine control caused shutdowns and "loss of thrust control" events are roughly an order of magnitude better with FADEC than with the old hydromechanical systems.
I keep thinking there is still more to this than is being reported. It is a "FADEC" control. For those of you who may not know, on a turboprop, the FADEC will adjust the prop to hold a constant speed, then adjust the turbine to hold the desired output torque (and the FADEC measures the torque on the output shaft directly - at least on the turboprop I worked on many moons ago it measured the shaft twist to determine the output torque).
The linked articles suggest that they have the ability input engine specific torque calibrations - but as a long time engine guy it's inconceivable to me that the FADEC would not have a 'default' torque calibration, and/or set some sort of no-dispatch message (or even prevent the engine from starting) if the engine specific torque calibration was corrupted or "wiped".
The linked articles suggest that they have the ability input engine specific torque calibrations - but as a long time engine guy it's inconceivable to me that the FADEC would not have a 'default' torque calibration, and/or set some sort of no-dispatch message (or even prevent the engine from starting) if the engine specific torque calibration was corrupted or "wiped".
And I can't imagine that if it wasn't the case (ie no "fallback / safe mode") this would not raise some alerts during the static tests that have (hopefully ?) been undertaken before this flight !?
Another question: given that the aircraft was most likely nowhere near MTOW wouldn't this situation allow some measure of controlled flight / managed emergency landing ? Or where they extremely unlucky not being able to walk out of this one ?