Go Back  PPRuNe Forums > Flight Deck Forums > Rumours & News
Reload this Page >

Spanair accident at Madrid

Rumours & News Reporting Points that may affect our jobs or lives as professional pilots. Also, items that may be of interest to professional pilots.

Spanair accident at Madrid

Old 9th Nov 2008, 11:23
  #2381 (permalink)  
 
Join Date: Aug 2007
Location: London, New York, Paris, Moscow.
Posts: 3,632
SPA83

OK define "Bad Troubleshooting"

They stopped the probe overheat problem, albeit not at the root cause, but enough to dispatch the aircraft.

Was the TOWS system snagged or would that have prevented dispatch (as well as initiating investigation)
glad rag is offline  
Old 9th Nov 2008, 11:49
  #2382 (permalink)  
 
Join Date: Feb 2008
Location: Belgium
Posts: 58
I think that TOWS was a no-go item.
Bis47 is offline  
Old 9th Nov 2008, 11:56
  #2383 (permalink)  
 
Join Date: Apr 2005
Location: UK
Posts: 459
"Bad Trouble shooting"

Thread is very long, am I correct in saying that a pilot reported defect was sorted out buy a normal use of an MEL item ?

If the above is correct, we need to be clear on how we go on from here.

Do we remove the MEL or expect engineers and pilots to understand every problem that can exist on an aircraft and judge every MEL item with their limited information.

I understand that many many aircraft attempt to T/O with various items/controls in the wrong config, most often picked up by config warn systems, on some occasions config did not operate or crew took off anyways, some are lucky and maintain flight, some are not.

May be this age old problem can be sorted out the same way logic has now been applied to engine rev, think they call it 3 lines of defence, think a 767 rev in flt and loss of aircraft drove that change.

Sorry for drift, Joetoms.
Joetom is offline  
Old 9th Nov 2008, 12:36
  #2384 (permalink)  
 
Join Date: Jul 1999
Location: 58-33N. 00-18W. Peterborough UK
Posts: 3,043
Do we remove the MEL or expect engineers and pilots to understand every problem that can exist on an aircraft and judge every MEL item with their limited information.
MELs are produced by factory engineers to allow aircraft to fly with certain bits inop.

When the MD-80 RAT Heat MEL was written up it allowed flight with no forecast icing conditions. Simple, and no problem so far. Pull the RAT Heater circuit breaker and off you go. Crucially, what wasn’t considered by the MEL writers was why the RAT might Heat on Ground. A failure of Relay R2-5 (Flight Mode) would do it – which would also disable the TOWS. So, pull the RAT Heat circuit breaker, RAT Heat problem fixed, TOWS is now inop with NO indication of failure. And I defy any line engineer, no matter how smart, to raise his hand and say “Hold on guys, RAT Heat on, I bet R2-5s failed and we can’t just pull the RAT breaker because the TOWS might also be inop”. That’s down to the MEL actions and, from what I’ve seen in this case, they ain’t up to the job.

This accident has been waiting to happen from the day the aircraft left Long Beach. Very poor TOWS/Flight/Ground logic design, and very poorly written MEL.
forget is offline  
Old 9th Nov 2008, 12:49
  #2385 (permalink)  
 
Join Date: Aug 2007
Location: London, New York, Paris, Moscow.
Posts: 3,632
Forget,

"This accident has been waiting to happen from the day the aircraft left Long Beach. Very poor TOWS/Flight/Ground logic design, and very poorly written MEL. "

Yep, seems that way from the limited info on here, the final nail being the training of the operators, apparently less comprehensive than that envisaged when AC was designed..........
glad rag is offline  
Old 9th Nov 2008, 13:56
  #2386 (permalink)  
 
Join Date: May 2007
Location: Both Emispheres
Posts: 226
forget, you write:
And I defy any line engineer, no matter how smart, to raise his hand and say “Hold on guys, RAT Heat on, I bet R2-5s failed and we can’t just pull the RAT breaker because the TOWS might also be inop”.

I have no experience in airplane maintenance, but I believe many good engineers would think exactly along these lines. Just like pilots develop a "pants seat" feeling over time, engineers do the same, actually their most important quality is not only to be able to repair, but to properly diagnose first.

Beside, in this case, there has been a major lack of proper analysis and logic thinking.
A failure in which and electrical device, be an heater, bulb or whatever else, remains ON all the time, it's obviously a failure of the circuit that energizes it, not a failure of the device itself.
The breaker there is really meant just to cut power in case a short circuit overdrawing current, or when there something else wrong with the heater itself.

I know many automotive mechanics that are really unable to deal with even the simplest electrical problem, while others are surprisingly good. I suppose the same happens with airplane engineers, not everyone has the same skills and is equally proficient in all areas. E.g. a local hydraulics guru said to "better not touch electrics", if you get what I mean.

I feel very bad for the engineer(s) that service the A/C that day, but it cannot be contended that they failed to properly diagnose a fault that was very well in their own domain.

Then we can discuss if we want engineers to be smart or not, if was poor design, if we need better diagnostic flowcharts, etc, but saying that the mechanics properly worked on the A/C in case, it's like saying the pilots properly executed the T/O checklist.
el # is offline  
Old 9th Nov 2008, 14:16
  #2387 (permalink)  
 
Join Date: Jul 1999
Location: 58-33N. 00-18W. Peterborough UK
Posts: 3,043
I feel very bad for the engineer(s) that service the A/C that day, but it cannot be contended that they failed to properly diagnose a fault that was very well in their own domain.
(Is this what you meant to say - or the reverse?)

They followed the manufactures documents (MEL) relating to RAT Heat.
forget is offline  
Old 9th Nov 2008, 15:04
  #2388 (permalink)  
 
Join Date: Aug 2008
Location: Canary Islands, Spain
Posts: 240
Well, Boeing (McDonell) was made aware of their TOWS limitations after Detroit accident. And as a result they DID take action: They tried to convey that the TOWS was not a 100% trustworthy device to be relied upon and that at least it should be checked as frequently as possible, specially shortly before each attempt to take off.

Tons of airplanes fly everyday with TOWS that do not produce overly noticeable signs of failure.

It has happened with similar results (accidents leading to deaths) to 737's and even 747's (Lufthansa 540), i.e. !!!!

A better TOWS is always desireable, but in its absence, crew/training/manteinance/regulation discipline on exercising frequent tests would usually save the day (it would've in Spanair case, in theory, of course, because the crew could've just as well neglected to carry out a pre-engine start TOWS test, i.e., or the failure occurred after testing).

So only (a small) part of the blame, from my point of view, lies on the TOWS designers. But no point on not having a re-design for 2009. Nowadays it should be a cheap and easy endeavour and no point on risking lifes for a stupid $100 microcontroller re-do.

Making an alarm to warn on a malfunction of an alarm is, as you can guess, a "catch-22". The "lighted iluminator" or "alarm failure warning" could've just as well have failed. Not to mention that a diagnosis system might imply the TOWS is fine only to find out that the loudspeakers to sound the "horn" have blown up right around that time. So we would need an alarm for an alarm for an alarm for an alarm failure.

Nothing is really better than an "actual test" to see if the thing works or not for sure.

Except the better solution of a design in which the TOWS announces both, a working and a bad config state. Then "silence" can only means it is not working right and hopefully crew will recognize silence as something is wrong.

I think that human error can not be eliminated. It has happened before and after "commercialism" and will continue to happen. "Stupid" human error happens to INCREDIBLY top of line PERFECTLY trained pilots (i.e. chief test pilot for airbus A330 case, etc), on INCREDIBLY safe "culture" airlines.

It happens even more to "bad pilots" on crappy airlines, and it also happens more to crappy designed or maintained planes, of course.

But it just can not be eliminated.

So, in my view, rather than "training" (which is consistently ignored by us humans after a few years of repetitive tasks), regulation, etc, I vote for technology to try to tack these problems. Technology will introduce their own set of problems, DIFFERENT from human errors, but those problems (hopefully) CAN be resolved and eventually be done with. Human error CAN NOT be ever "fixed" and done with. Unless humans are substituted by "robots". Thus my point.

Let's say that 10 accidents a year are PROVOKED by pilots doing something "stupid" to perfectly safe/working planes/conditions.

Let's say that another 10 accidents a year happen because mechanical/electrical/machine failures that humans on board are not capable of overcome (i.e. humans were "useless" against a wild cabin fire, multiple engine failure, catastrophic structural damage, etc).

Let's say 3 accidents a year, due to severe malfunctions, would've ended it total catastrophy if a robot/computer was piloting. But because it was a human, human inginuity saved the situation from a "certain death" against all odds. The human did something no machine would've ever "thought of".

As a result, that year, we had 20 accidents.

If humans "weren't involved" in the equation, we would've had 10+3=13 accidents. We would've saved the lifes involved in the other 7.

Most of those accidents left could probably be "fixed" through even better technology, learning from the errors causing the accidents. But the 10 cases due to human errors, it has been proven through history, are fairly consistent in spite of countries/cultures/training/regulation/comercialism/you name it.

Anyway: the industry is already moving in that direction with airbuses etc. For a while, NEW accidents due to "technological" malfunctions will replace those "saved" by the computers not-allowing pilots to make "stupid" actions.

But eventually those problems will be fixed and, unlike humans that can not be fixed, the rate of accidents will hopefully go down.

I vote for, technology permitting, gradually phase out humans from the equation. It never hurts to have a trained human supervising the whole thing in case something goes major hiwire and he can save the day.

But I'm afraid that if a (redundant, fail-safe) computer can't deal with the situation, the human certainly better be smart and trained (and lucky) to stand a chance.

As it stands today, well over 60% of aviations accidents are the result of "trained" humans making really bad choices on "perfectly fine" (to fly) airplanes under not-extreme conditions (some minor "issues" or "malfunctions" which confused the heck out of the pilot when he *should've* known better).

And, of course, there is a large fleet of airplanes made before technology (redundancy, independently developed multiple-software-agreeable systems) was up to the par on seriously taking over human functions.

It's probably unavoidable. It may take 100 years or 1000 years, but machines will eventually fly us from A to B w/o much fuzz and as few failures as "God" allows. So no point in trying to avoid working on it right now.

Do you wanna know if I'll ever trust my daughter to be transported by a computer? Just ask yourself which you rather send your children with: a "fairly good record computer" or an unknown (but you trust well trained) taxi driver.

Last edited by justme69; 9th Nov 2008 at 15:35.
justme69 is offline  
Old 9th Nov 2008, 17:11
  #2389 (permalink)  
PJ2
 
Join Date: Mar 2003
Location: BC
Age: 72
Posts: 2,429
Philipat;
Your inputs are always informative, intellegent and pragmatic and I have nothing but respect. I will stand corrected as necessary. I think I actually made my point in the earlier referenced post, but to summarise, the issues I saw were as follows:
  1. It is taking far too long to reach a sensible conclusion, balancing the consequences of being too quick or too slow.
  2. Boeing should ensure that all operators of MD8X aircraft are compliant with TOCW check requirements ahead of EVERY TO in the light of this and several prior incidents. Has this been done and, if not, why not?
  3. Boeing should ensure that the MMEL addresses the relay issues involving the RAT probe. Has this been done and, if not, why not?
I understand that there are legal issues and that these these issues have already, largely, been communicated to lines. However, it still seems to me that the set of circumstances involved would justify repetition for the sake of clarity and the possible saving of lives in future.

Wise (Retired) pilots such as yourself have already concluded that, as good airmanship, a final check of the "Killer items" whilst lining up for TO, whilst not required as an official check, makes very good sense. If I were a pilot I would have learned from this thread that this can save your own life and those of passengers. Why is this not a formal final check? Many lines also now mandate that Flaps be deployed after push back and before taxi commences. Why nor ALL lines?

Those are my only issues and, as I said, I am learning from this and stand ready to be corrected.
I think we're on the same page here - I did read your earlier post as well and agree with, "fix it" - in my view (as with many), this thread is, with a number of rabbit trails, some worth it many not, about how to fix it. I think the thread is emminently worthwhile reading through and learning from. I disagree with bubbers44 who states that the thread is a long winded recital and that the accident is "as simple as that", and have said so asking for a clarifying response. I'm not so sure we're on different pages but have merely misconnected.

BOAC:
PJ2 - "If that's all there was to this accident, the thread could have finished on page 1" - I strongly disagree!
No problem - disagreement is more productive than agreement of course, but help me out a bit - why and how do you disagree?

Just to be clear, I was referring to statements made which conclude that the crew screwed up and that's all there is to this long-winded narrative. I strongly disagree with such a statement, as my posts on these matters (safety systems, SMS, data collection and human factors) clearly indicate. I know some posters here eschew such approaches because they consider their operation perfect and do it right every time so they don't need these programs, assorted rexalls and prophylactics against accidents but many others either cannot or do not meet that herculian standard in aviation. So not sure if we've got a disconnect here or what.

The whole point of 2400 posts goes to the heart of human error, system and SOP/MEL design. The entreaty that we just need to ramp up professionalism, expectations and so on is hollow because nobody sets out to be unprofessional let alone have an accident, (obvious and trite). The key in the long-windedness of this remarkable thread is the acknowledgement that while human error can never be eradicated, a sustaining safety culture where high standards of professionalism are expected (and enforced where needed), can help reduce such and that focussing just on the crew or the maintenance people will not prevent the next accident of this type.

A culture which recognizes human error as real encourages "error-checking" behaviours which are essentially "recursive" - not in the sense of second-guessing one's every action or decision, but constantly reviewing what was just done with a view to catching mistakes, is a culture that has embraced the notion that it is possible to be wrong. While there are obvious signs of lack of cockpit discipline here (and in other accidents), why does such continue to occur?

Why do these kinds of accidents happen in the rail industry, medicine and the nuclear industry? People screw up is the reason but such a conclusion, (there is no analysis) is tautological and not informative.

As the point has been made many times here the latest of which is justme69's post above, the TOCWS is a secondary warning system at best - it isn't a "mission-critical part where failure of same will cause loss of the vehicle and crew", so to speak. In fact, if all crews did their job with absolute strict adherence to the SOPs, a TOCWS wouldn't be required, (and that point has been discussed).

Many posts make comments regarding safety cultures, commercial priorities, absence of informed leadership from the CEO and his/her executive team and from my own quarter, lack of belief in or use of safety data and the total absence of CEO comprehension, support or even interest. Sorry, have we misconnected here or have I misunderstood these statements as dismissing these broader notions as trying to convey something else, because it seems to me that the thing to do is go far, far beyond stating that the crew messed up into discovering why -that is what SMS is truly about, (even though it has yet to be done properly in my view).

Last edited by PJ2; 9th Nov 2008 at 17:40.
PJ2 is offline  
Old 9th Nov 2008, 17:43
  #2390 (permalink)  
Per Ardua ad Astraeus
 
Join Date: Mar 2000
Location: UK
Posts: 18,583
PJ - I've no doubt you know my 'simple' pilot's view of this - that the probable cause was pilot error; thus, because we have all learned so much about the MD systems, I say it would have been fruitless to 'end on page 1' (figuratively speaking, of course). I sincerely hope that many pilots and probably line engineers - and hopefully, of course, DDM writers, have learned much from all these pages. Whether there are managerial lessons to be learned - we have to hope the 'enquiry' will reach properly and deeply to establish.
BOAC is offline  
Old 9th Nov 2008, 18:07
  #2391 (permalink)  
 
Join Date: May 2007
Location: Both Emispheres
Posts: 226
Originally Posted by forget
They followed the manufactures documents (MEL) relating to RAT Heat.
They followed proper procedure only partially. Yes, dispatch with disconnected RAT heater is OK per MEL. But, they failed to diagnose an air/ground related failure.
el # is offline  
Old 9th Nov 2008, 18:07
  #2392 (permalink)  
PJ2
 
Join Date: Mar 2003
Location: BC
Age: 72
Posts: 2,429
BOAC - thanks - I hope that in my writings I never, ever convey disrespect for "simple" pilots as I was one myself before a forced retirement at 60 who happens to have a passion for a particular area. Like any and all profession airman who hang around cockpits long enough, where "pilot error begins", many times I have been in less-than-ideal circumstances which, but for the interventions of crew members and others factors (pucker covers a lot of sin), could have turned out differently and I have been in circumstances where as captain when being pushed by all and sundry, a line was drawn in the sand over which I, my crew and airplane would not be crossing without a change in fuel/MEL/destination etc etc etc...it is "the way" and happens thousands of times every day without comment or visible, spectacular result. Thanks for your response - I know we, pilots through to non-airline contributors are all aiming at one seemingly elusive goal within a system which must always, in the end, pay for itself to survive.
PJ2 is offline  
Old 9th Nov 2008, 18:15
  #2393 (permalink)  
 
Join Date: Oct 2001
Location: Gatwick
Posts: 1,964
el,

If more actions other than dispatching IAW the MEL are required, then the MEL should have stated that. You are not fault finding using the MEL, you are dispatching the aircraft with an inop system. That is what it is there for.
Litebulbs is offline  
Old 9th Nov 2008, 18:57
  #2394 (permalink)  
 
Join Date: May 2007
Location: Both Emispheres
Posts: 226
Litebus, the MEL as the name suggest, is a List only. It doesn't contain the diagnostic procedures, that are specified in other manuals and are part of an Engineer's experience and trade. To restate in other words, the MEL is not a bible to which adhere when mantaining an A/C. and mere observance of it does not gurantee that one have done a good job.

At the end of the day, they dispatched A/C with all the systems depending on R2-5 in ground mode, inoperable.
When I troubleshoot electrical in my car (it's a bit old so sometime it needs that), I use a schematic and try to understand all the reasons and ramifications. I know it's a oversimplifying comparison, but when they did started work on the the A/C, either did not used a schematic, or failed to interpret it properly.

I'm convinced that you can ask any certified engineer on the MD-80, and he will tell you that the expected professional standard would have been either diagnose the real fault, or not release the plane for flight. Remember, an alternate machine was avaialble and it had been considered already.
el # is offline  
Old 9th Nov 2008, 19:17
  #2395 (permalink)  
 
Join Date: Oct 2001
Location: Gatwick
Posts: 1,964
The MEL is not just a list. They can contain reference to maintenance and operational procedures to be carried out when dispatching an aircraft with an inop system.
Litebulbs is offline  
Old 9th Nov 2008, 19:20
  #2396 (permalink)  
 
Join Date: May 2007
Location: Both Emispheres
Posts: 226
To support what you say, can you show us an example for the MD-80, Litebus. My point is that it doesn't contain diagnostic procedures while it can perfectly list maintenance and operational procedures that are immaterial to the consequences of a misdiagnosis.

If I had access to MD-80 diagnostic flowcharts, I would post the section related o symptom "RAT heater ON while on ground". My reasonable expectation is that it would instruct be to test R2-5 at some point.

I rest my case that proper work an A/C cannot be completed using the MEL only, under both legal and practical aspects.
el # is offline  
Old 9th Nov 2008, 20:29
  #2397 (permalink)  
 
Join Date: Feb 2008
Location: UK
Posts: 117
An onlooker's observation:

A bold generalisation - if there were no accidents - ever - then safety provisions would lose credibility. It is the recurrence of accidents that maintains safety awareness. To keep the recurrence rate low, we need long memories.

We can artificially enhance safety awareness by adding 'near misses' to the accident pool. With credible extrapolation they can be as effective as accidents, but much less painful.

We can increase the value of each accident to safety awareness by publishing it widely discuss it at length and looking at what caused it. We get even more safety awareness by looking at what else might have caused the accident. In this way a safety hazard that might have but didn't cause the accident can surface without the need for it to cause an accident. So speculation magnifies the value of each accident to the safety awareness objective.

We get best value out of near misses and the speculation accidents that didn't happen. The killer accidents such as the one that prompted this thread are the expensive ones.

I suspect that the incidence of TOWS episodes has dropped recently, and awareness of the killer items is high at the moment. Paradoxically, over time, awareness will drop, TOWS episodes will begin to save the day again, and at some time in the future, another accident will remind us of these or other killer items.

Every time the TOWS goes off, it means that if a tiny transistor, a small sounder, one of a dozen connections, or a relay had failed to work, hundreds of lives could have been lost. It is a warning to the crew that (probably) a human procedure AND a human check have both failed, and only the last line of defence saved the day. It is a warning that for some reason the human systems are under performing, and that today is one of those days - a day to be extra careful...

The TOWS saves lives. Its contribution to safety awareness depends on whether the crew's response to it is simply to put the configuration right, or to register the TOWS event as a near miss, and add it to the safety awareness pool. Registering it mentally adds it to your own awareness pool. Registering it publically adds it to everybodys.

The TOWS saves lives. If pulling a breaker disables this or any other major warning system, it must be a major factor for the crew who would heed that warning. It cannot be difficult to produce and present to the crew a list of warnings any breaker disables. Knowing that they have no last line of defence against a killer mistake could make a useful difference, especially when today is one of those days...
Rightbase is offline  
Old 9th Nov 2008, 20:56
  #2398 (permalink)  
 
Join Date: Mar 2002
Location: Florida
Posts: 5,248
However the TOWS originally should have been checked prior to each flight. But of course due to that balance between safety and commercial viability it was soon to interpreted to mean prior to the first flight of the day.
safety and commercial viability balances are nice sounding words after the accident in suggesting blame to some mysterious financial organization group but worthless in communicating strategies for preventing accidents .

I see some productive pointers in today's discussions but past tense commercial viability is not one of them.
lomapaseo is offline  
Old 9th Nov 2008, 21:05
  #2399 (permalink)  
 
Join Date: Jul 1999
Location: 58-33N. 00-18W. Peterborough UK
Posts: 3,043
Safety Concerns (?)
Here we go again. Lets get the facts right

NO CB WAS PULLED WHICH AFFECTED THE TOWS
Please point out where this has ever been said

PS. Most people here can read small print.
forget is offline  
Old 9th Nov 2008, 21:23
  #2400 (permalink)  
 
Join Date: Oct 2001
Location: Gatwick
Posts: 1,964
el,

You are not using the MEL to work the aircraft. You are deferring a problem in accordance with the MEL. If you are pulling a C.B. for the RAT heater, you are carrying out a maintenance action to deactivate a system. The reason you are deferring fixing an item can be for many reasons and the most common are time and spares availability.

As has been discussed before, the aircraft appears not to have been in the air mode on the ground, but has had a relay with contacts in the incorrect sense . Relays fail in many ways, so the TOWS may have been working, but just the RAT probe heater contacts of R2-5 failed. This appears to be a reoccurring problem, so maybe it should have been found on previous TOWS tests, but it was not.
Litebulbs is offline  

Thread Tools
Search this Thread

Contact Us - Archive - Advertising - Cookie Policy - Privacy Statement - Terms of Service - Do Not Sell My Personal Information

Copyright © 2018 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.