Airbus prepares safety warnings following A321 incident
Join Date: Jan 2005
Location: W of 30W
Posts: 1,916
Likes: 0
Received 0 Likes
on
0 Posts
The fact is there may well be one scenario out there where no protections is desirable but even if there was the protections have already saved literally thousands of pilots backsides already.
Hudson river hero successfully landed his stricken A320 on a river. What more evidence do you non believers need to confirm that the design is sound.
And ask Sullenberger what he thinks about his 320 that refused to flare the way he wanted to ...
Join Date: Sep 2008
Location: MI
Posts: 570
Likes: 0
Received 0 Likes
on
0 Posts
Captain-Crunch -
Hey DC-ATE, missed you post earlier, tried to private mail you but says it's disabled.
Hey DC-ATE, missed you post earlier, tried to private mail you but says it's disabled.
Captain-Crunch -
Oh, Give me a steel cable connected directly to the FCU anyday!
Oh, Give me a steel cable connected directly to the FCU anyday!
Join Date: Sep 2000
Location: Bielefeld, Germany
Posts: 955
Likes: 0
Received 0 Likes
on
0 Posts
Originally Posted by Captain-Crunch
It's more likely, considering human nature and liability, that they just quietly issued a new FADEC software"load" to fix the machines inability to deal with common ice in the fuel and upped the dia of the fuel lines.
My view is derived not only from the accident report but also from someone who works with the engine manufacturer closely, who is an expert on critical SW, and who has been a respected and trusted colleague of mine for two decades.
I don't know whether that's enough for you. But it's enough for me. And I'm the expert.
PBL
Join Date: Mar 2010
Location: overthehillsandmountains
Posts: 140
Likes: 0
Received 0 Likes
on
0 Posts
CONF iture
"ask Sullenberger what he thinks about his 320 that refused to flare the way he wanted to ..."
You're too subtle for me, but maybe that A320 knew what was the best amount of flare.
DC-ATE-Crunch: I also took cars apart and understood what they were made of.
Now I can't even see what's in there... But they're much better cars. And safer.
Imagine steel cables running to the far corners of an A380. Firstly they're so heavy that it wouldn't perform.
Secondly can you honestly say all on board the QF machine would be alive today if Airbus used 1950's design standards?
You're too subtle for me, but maybe that A320 knew what was the best amount of flare.
DC-ATE-Crunch: I also took cars apart and understood what they were made of.
Now I can't even see what's in there... But they're much better cars. And safer.
Imagine steel cables running to the far corners of an A380. Firstly they're so heavy that it wouldn't perform.
Secondly can you honestly say all on board the QF machine would be alive today if Airbus used 1950's design standards?
Join Date: Jul 2008
Location: UK
Age: 69
Posts: 475
Likes: 0
Received 0 Likes
on
0 Posts
The Hudson outcome has absolutely nothing to do with the aircraft type, but everything with the decision making and the ability.
And ask Sullenberger what he thinks about his 320 that refused to flare the way he wanted to
And ask Sullenberger what he thinks about his 320 that refused to flare the way he wanted to
The NTSB concludes that, despite being unable to complete the Engine Dual Failure checklist, the captain started the APU, which improved the outcome of the ditching by ensuring that a primary source of electrical power was available to the airplane and that the airplane remained in normal law and maintained the flight envelope protections, one of which protects against a stall.
Once you have you will realise that criticising FBW has more to do with misplaced ego than any design deficiency.
Join Date: Jun 2009
Location: US
Posts: 497
Likes: 0
Received 0 Likes
on
0 Posts
Sully could have landed any Boeing with no automation in the Hudson with no problem. Airbus had nothing to do with his success. He was a very competent pilot and could have landed any type of aircraft in the Hudson with no automatic help. I think most of us would hope we could too. We just don't need the opportunity to display it like he did.
Join Date: Jan 2005
Location: W of 30W
Posts: 1,916
Likes: 0
Received 0 Likes
on
0 Posts
Safety Concerns
You would be welcome to quote me if I have ever criticized FBW … but do you only understand the difference between FBW and protections ?
NTSB report on US1549
Maybe there is a difference between maintaining the flight envelope protections alive and actually use it ... what do you think ?.
Where in the report, is it said that the protections took over to prevent the 'green' Sullenberger to stall ... Please quote !?
More on the Hudson Here
To be in DIRECT LAW would have helped Sully, but once again, do you only understand what's the difference between DIRECT and NORMAL ... and yes, both are still FBW.
And please, don’t forget to quote the thousands reports that would support your earlier statement …
You would be welcome to quote me if I have ever criticized FBW … but do you only understand the difference between FBW and protections ?
NTSB report on US1549
Maybe there is a difference between maintaining the flight envelope protections alive and actually use it ... what do you think ?.
Where in the report, is it said that the protections took over to prevent the 'green' Sullenberger to stall ... Please quote !?
More on the Hudson Here
To be in DIRECT LAW would have helped Sully, but once again, do you only understand what's the difference between DIRECT and NORMAL ... and yes, both are still FBW.
And please, don’t forget to quote the thousands reports that would support your earlier statement …
Join Date: Sep 2008
Location: MI
Posts: 570
Likes: 0
Received 0 Likes
on
0 Posts
kwateow -
DC-ATE-Crunch: I also took cars apart and understood what they were made of.
Now I can't even see what's in there... But they're much better cars. And safer.
DC-ATE-Crunch: I also took cars apart and understood what they were made of.
Now I can't even see what's in there... But they're much better cars. And safer.
As to the 380.....there really isn't a need for that monster anyway. It's just one manufacturer trying to outdo the other IMHO.
Join Date: Jul 2002
Location: UK
Posts: 3,093
Likes: 0
Received 0 Likes
on
0 Posts
Stability protection was the whole purpose behind the first generations of FBW anyway, as the military aircraft in which it was installed were inherently unstable and needed constant computer correction to maintain flight.
I don't think there's a single incident where the protections have caused a hull loss - at least not when there hasn't been a major malfunction.
Where in the report, is it said that the protections took over to prevent the 'green' Sullenberger to stall ... Please quote !?
To be in DIRECT LAW would have helped Sully
In fact at no point has Sullenberger even hinted that the aircraft did anything other than what he asked of it (besides the obvious double engine failure due to birdstrike) and the link you provide only goes to your supposition in an earlier thread - and like it or not, the fact that you have an axe to grind with Airbus is well known.
Anyway, as I understand it the protections allow for up to 60 degrees of bank if the pilot commands it - much more and you risk a spiral dive.
Last edited by DozyWannabe; 16th Dec 2010 at 22:50.
Passion Flying Hobby Science Sponsor Work
Join Date: Apr 2004
Location: Belgium
Age: 68
Posts: 461
Likes: 0
Received 0 Likes
on
0 Posts
DC-ATE
Merc's Distronic+ cannot be turned off and has the last word in a number of situations. Although not full FBW, I am afraid you may have to quit driving somewhere in the future...
d3
d3
Join Date: Jan 2005
Location: W of 30W
Posts: 1,916
Likes: 0
Received 0 Likes
on
0 Posts
Disagree strongly. Sullenberger had no need to place the aircraft in an attitude outside the protection boundaries, and I believe the protections were a useful backstop
Strange definition for a flare ...
Join Date: Mar 2009
Location: on the ragged edge
Posts: 80
Likes: 0
Received 0 Likes
on
0 Posts
"Ex-spurt"
PBL,
Well, even though I don't think it's a conspiracy, I noticed that most people who go around calling themselves "experts" are anything but that. Witness the so-called "Aviation Experts" touted in the popular press who frequently cannot answer basic questions about the accident aircraft. For instance, "expert", it sounds like you're not even sure which programing language is used on the trent FADEC system. Since you provided no links or quotes at all to back up your assersion that the investigative process is infallible, it appears to me you may making nothing but an:
PBL, please state your background that qualifies you as an expert on the trent FADEC system, and if not that, exactly what kind of expert are you claiming to be? It has nothing to do with conspiracies. Accident investigations are inherently political by their very nature. Ambitious human beings write the reports. You made a claim that we should just trust authority that the FADEC did it's job, and to give your claim credibility I need to know how many years working on aerospace software you have.
That's a fair question isn't it?
CC
Well, even though I don't think it's a conspiracy, I noticed that most people who go around calling themselves "experts" are anything but that. Witness the so-called "Aviation Experts" touted in the popular press who frequently cannot answer basic questions about the accident aircraft. For instance, "expert", it sounds like you're not even sure which programing language is used on the trent FADEC system. Since you provided no links or quotes at all to back up your assersion that the investigative process is infallible, it appears to me you may making nothing but an:
Argument from authority (also known as appeal to authority) is a fallacy of defective induction, where it is argued that a statement is correct because the statement is made by a person or source that is commonly regarded as authoritative. The most general structure of this argument is:
On the other hand, arguments from authority are an important part of informal logic. Since we cannot have expert knowledge of many subjects, we often rely on the judgments of those who do. There is no fallacy involved in simply arguing that the assertion made by an authority is true. The fallacy only arises when it is claimed or implied that the authority is infallible in principle and can hence be exempted from criticism.
- Source A says that p is true.
- Source A is authoritative.
- Therefore, p is true.
On the other hand, arguments from authority are an important part of informal logic. Since we cannot have expert knowledge of many subjects, we often rely on the judgments of those who do. There is no fallacy involved in simply arguing that the assertion made by an authority is true. The fallacy only arises when it is claimed or implied that the authority is infallible in principle and can hence be exempted from criticism.
That's a fair question isn't it?
CC
Last edited by Captain-Crunch; 17th Dec 2010 at 04:47.
Join Date: Sep 2000
Location: Bielefeld, Germany
Posts: 955
Likes: 0
Received 0 Likes
on
0 Posts
Captain-Crunch,
you are welcome to question my credentials. You are also welcome to check them out. My identity is no secret.
I guess I could mention a couple of recent developments that don't yet appear in the public record. Our textbook on computer-related system safety is almost finished in draft, and will be published next year by Springer Verlag. And I have recently been invited to join the German standards committee responsible for the functional safety of systems involving programmable electronic components in order specifically to develop guidelines for the application of the international standard IEC 61508 to critical-software development in Germany. This standard governs all applications other than aerospace and medical devices (there are also specific derived standards for other domains such as process control and railway systems). I am on the international maintenance team for the software part of IEC 61508.
Is that the kind of thing that would enable a layman such as yourself to agree that I am expert?
As for my colleague who vouched for the accuracy of the FADEC judgement in the BA038 report, you are welcome to guess who he might be, but will get no confirmation from me.
PBL
you are welcome to question my credentials. You are also welcome to check them out. My identity is no secret.
I guess I could mention a couple of recent developments that don't yet appear in the public record. Our textbook on computer-related system safety is almost finished in draft, and will be published next year by Springer Verlag. And I have recently been invited to join the German standards committee responsible for the functional safety of systems involving programmable electronic components in order specifically to develop guidelines for the application of the international standard IEC 61508 to critical-software development in Germany. This standard governs all applications other than aerospace and medical devices (there are also specific derived standards for other domains such as process control and railway systems). I am on the international maintenance team for the software part of IEC 61508.
Is that the kind of thing that would enable a layman such as yourself to agree that I am expert?
As for my colleague who vouched for the accuracy of the FADEC judgement in the BA038 report, you are welcome to guess who he might be, but will get no confirmation from me.
PBL
Last edited by PBL; 17th Dec 2010 at 07:06.
Join Date: Sep 2000
Location: Bielefeld, Germany
Posts: 955
Likes: 0
Received 0 Likes
on
0 Posts
Originally Posted by DC ATE
Well, when they start making cars FBW, I'll quit driving too !
PBL
Join Date: Sep 2000
Location: Bielefeld, Germany
Posts: 955
Likes: 0
Received 0 Likes
on
0 Posts
Originally Posted by DozyWannabe
I don't think there's a single incident where the protections have caused a hull loss - at least not when there hasn't been a major malfunction.
PBL
Join Date: Mar 2009
Location: on the ragged edge
Posts: 80
Likes: 0
Received 0 Likes
on
0 Posts
Very Impressive PBL,
Sorry to doubt your good word, but we get instant experts coming out the ears around here as I'm sure you can appreciate.
Although I was not asking for your identity, it appears your group is comprised of Ph.D's and has experience in accident investigation. I picked up a Computer Studies A.S. degree and studied for a time at an Aviation University and took courses in Aviation Safety and Accident Investigation so this sort of thing interests me. I later assisted in the preliminary investigations of a couple of accidents in our pilot union and my flight safety report (flameout in a typhoon) was used in the clearing of one crew of blame for an overrun accident. I'm not familiar with the language standard you maintain, but it sounds very interesting.
I suspect I could comprehend some of the FADEC architecture if I had access to it; but I'm sure it's proprietary. (not the physical code, but flowcharts would be interesting.) It would be interesting to know how the sw handles all fuel temp probes iced up. On AF447 it was clear to us on that thread that no one considered the possibility of all three airspeed probes and all static probes icing up at the same time. Rather than exercising a flight with unreliable airspeed strategy: N1 and deck angle, which pilots of most jets would employ, the software apparently biased out most of the backup systems according to the ACARS transmissions. In other words, the autopilot and auto throttle were incapable of operating with no pitot static system and abruptly dropped out throwing it all in the lap of the pilot on a dark and stormy night with partial panel.
This seems like a serious software design oversight imho, at least from a pilot's perspective. Arguments that it was approved and certified by experts really mean little if you are a student of Aviation history as I am. All designs eventually crash with any appreciable time in service.
If you ask me, adding more and more complexity to this automation monster we have created and keeping everything in extreme secrecy is what really does the industry a disservice imho.
KISS baby, KISS! (keep it sim...)
And I think it's best to realize that this is after all, a pilot's rumour network, not a tabloid for the public to read. Right?
Best Regards,
CC
Sorry to doubt your good word, but we get instant experts coming out the ears around here as I'm sure you can appreciate.
Although I was not asking for your identity, it appears your group is comprised of Ph.D's and has experience in accident investigation. I picked up a Computer Studies A.S. degree and studied for a time at an Aviation University and took courses in Aviation Safety and Accident Investigation so this sort of thing interests me. I later assisted in the preliminary investigations of a couple of accidents in our pilot union and my flight safety report (flameout in a typhoon) was used in the clearing of one crew of blame for an overrun accident. I'm not familiar with the language standard you maintain, but it sounds very interesting.
I suspect I could comprehend some of the FADEC architecture if I had access to it; but I'm sure it's proprietary. (not the physical code, but flowcharts would be interesting.) It would be interesting to know how the sw handles all fuel temp probes iced up. On AF447 it was clear to us on that thread that no one considered the possibility of all three airspeed probes and all static probes icing up at the same time. Rather than exercising a flight with unreliable airspeed strategy: N1 and deck angle, which pilots of most jets would employ, the software apparently biased out most of the backup systems according to the ACARS transmissions. In other words, the autopilot and auto throttle were incapable of operating with no pitot static system and abruptly dropped out throwing it all in the lap of the pilot on a dark and stormy night with partial panel.
This seems like a serious software design oversight imho, at least from a pilot's perspective. Arguments that it was approved and certified by experts really mean little if you are a student of Aviation history as I am. All designs eventually crash with any appreciable time in service.
If you ask me, adding more and more complexity to this automation monster we have created and keeping everything in extreme secrecy is what really does the industry a disservice imho.
KISS baby, KISS! (keep it sim...)
And I think it's best to realize that this is after all, a pilot's rumour network, not a tabloid for the public to read. Right?
Best Regards,
CC
Last edited by Captain-Crunch; 17th Dec 2010 at 10:24.
Join Date: Sep 2000
Location: Bielefeld, Germany
Posts: 955
Likes: 0
Received 0 Likes
on
0 Posts
Captain Crunch,
thank you for your gracious reply.
You are right about design and code being proprietary. Your suggestion (flow charts, which no one uses any more as far as I know) concerns design. Then there is the coding. General industry knowledge (not of RR in particular; I have no specific knowledge of the quality of their SW and do not wish to suggest that I have) suggests that in delivered safety-critical SW one can expect about 1 error in about 1000 lines of executable code (LOC). State of the art for the last few years appears to be about 1 error in 25,000 LOC; that has been achieved in well-documented products derived according to a very strict and well-proven analytical regimen during development. So in, say, 150,000 LOC one would not be surprised to find between 6 and 150 errors.
A distinguished colleague of mine proposes that all safety-critical software in any domain should be published, by law, so that anyone is enabled to check and comment on the quality of the product. ( And of course to enable the usual army of computer-obsessives to find faults in it faster than the developer ) I think that proposal has a lot to recommend it. First, quality of product will be on public display, so the public will be able to make up its collective mind on a matter of public interest, namely safety of flight. Second, quality will likely improve.
Presumed-quality of SW has been for far too long judged by the process used to develop it, and not by objective properties of the resulting SW product. No correlation has been demonstrated in the scientific and engineering literature between the "usual" features of quality-of-process and the quality of the resulting product, except for those processes which explicitly involve determining objective properties of the product (such as the exclusion of possibilities of run-time failure). The goal of my standardisation work is to bring more focus upon evaluating properties of the SW product.
It seems to be both of those, at least. And who am I to judge its purpose?
PBL
thank you for your gracious reply.
Originally Posted by Captain-Crunch
I suspect I could comprehend some of the FADEC architecture if I had access to it; but I'm sure it's proprietary. (not the physical code, but flowcharts would be interesting.) It would be interesting to know how the sw handles all fuel temp probes iced up. .....
Originally Posted by Captain-Crunch
If you ask me, adding more and more complexity to this automation monster we have created and keeping everything in extreme secrecy is what really does the industry a disservice imho.
Presumed-quality of SW has been for far too long judged by the process used to develop it, and not by objective properties of the resulting SW product. No correlation has been demonstrated in the scientific and engineering literature between the "usual" features of quality-of-process and the quality of the resulting product, except for those processes which explicitly involve determining objective properties of the product (such as the exclusion of possibilities of run-time failure). The goal of my standardisation work is to bring more focus upon evaluating properties of the SW product.
Originally Posted by Captain-Crunch
And I think it's best to realize that this is after all, a pilot's rumour network, not a tabloid for the public to read. Right?
PBL
Join Date: Sep 2008
Location: MI
Posts: 570
Likes: 0
Received 0 Likes
on
0 Posts
PBL -
Do you drive a car with Electronic Stability Protection (ESP)? Most new European cars have it. So do remember not to rent a car if you visit Europe.
Do you drive a car with Electronic Stability Protection (ESP)? Most new European cars have it. So do remember not to rent a car if you visit Europe.
Join Date: Mar 2005
Location: England
Posts: 730
Likes: 0
Received 0 Likes
on
0 Posts
To be honest most modern cars have some element of "FBW" with electronic throttle (gas) pedals. I'd be dubious of buying a car with FBW type steering or braking systems though given how often systems like ABS or ESP seem to throw a wobbler.
Anyway, back to aircraft.
Anyway, back to aircraft.
Join Date: Oct 2005
Location: UK
Posts: 209
Likes: 0
Received 0 Likes
on
0 Posts
Surely being equipped with EGPWS negates about 80% of the debate in this thread?
"Yellow represents a cautionary alert 60-seconds prior to the predicted time of impact and is accompanied by a "caution terrain" aural message. And red indicates terrain that the aircraft could impact within 30 seconds; it is accompanied by an aural "terrain, terrain, pull up"
Given at worst case you have 30 seconds until terrain contact, the Airbus FBW protections will have no impact on clearance of terrain? Or is that too simplistic a view for some on here?
Atreyu
"Yellow represents a cautionary alert 60-seconds prior to the predicted time of impact and is accompanied by a "caution terrain" aural message. And red indicates terrain that the aircraft could impact within 30 seconds; it is accompanied by an aural "terrain, terrain, pull up"
Given at worst case you have 30 seconds until terrain contact, the Airbus FBW protections will have no impact on clearance of terrain? Or is that too simplistic a view for some on here?
Atreyu