Mahatma Kote

It doesn't hold for software engineering either. And given that most modern aircraft systems are the product of software engineering it's a worry.

I've run dozens of young bright programmers who think the software tools and environment they worked in was foolproof. Anything dot net and Java and it must be good!

Actually that's totally false. In reality almost all software generated on these types of systems is not deterministic nor foolproof. For time critical applications like machine control they are worse than useless.

Luckily, I assume, modern aircraft control systems use real time executives with deterministic software languages - i.e. no garbage collection and very precise timing available.

Sadly though the people who code this stuff are trained at university in the soft languages and from what I can see have no idea about reliable, efficient and/or elegant programming. As a result there is a massive amount of program specification required to compensate plus massive amounts of test cases. My experience is that most code can be programmed to meet the test cases - and then can be expected to fail outside the test-case environment.

The A330 upset near Learmonth was an example where the software and system test cases failed and critical timing issues suddenly came into play.

Almost certainly having a crusty old programmer used to working on bare iron in C or C++ would be a better option. They've had years of seeing all the different ways software and systems can stuff up and so are far better placed to design and write conservative bullet-proof code.

A0283

My impression is that what was published is between what you gentlemen both state. Little has been expressed in official press conferences but it is a little bit more than suggested.

On the CVR - KNKT officially declared that the pilots were the only voices in the cockpit and that they had been working hard very hard till the end. At the same time there was a continuous series of alarms going off.

On the FDR - the only information we have is small cutouts from the parliamentary hearing. I have matched the extracted data with that of earlier statements and find that it matches quite good. But it does not go beyond 24,000 ft.

The international press appears to have dropped this case. Other sources continue to provide information but it takes more time to process that. It appears that a number of damaged flight control surfaces and parts have been found. I would need more and better photos and more study time to be able to identify them with certainty though. Pieces are multiple meters long, white, and have floated all the way to Sulawesi. Based on the initial search, marine traffic patterns, and currents it is not impossible that they have not been spotted before.

One official item from a number of press conferences that rather suprised me is, that originally the cockpit was said to be found on a specific location that was later confirmed by side scan sonar. First stated being at 500 m from the main fuselage. Days later changed to 20 m from the main fuselage. What was stated is that the 'cockpit' was buried deep in 'the mud'. So a section floating around or dragging over the seabed is unlikely. Later both pilots where located but (till now) only the F/O recovered and identified. That recovery was at a time when only the 20 m cockpit location was mentioned.

If both statements were basically correct you get the impression that there were 2 fracture surfaces. The first in front of the wing. The second just behind the cockpit. That would confirm with my early remarks about fracture surfaces location probability being higher in the region of production breaks.

If thats all true then we get a forward cylindrical fuselage section at 500 m. And the separated cockpit section at 20 m from the main fuselage and wing. That would appear to point to a breakup scenario that is different from that of the pprune majority view. Which might point to another chain of events ... below 24,000 ft.

So, at this stage we are not sure where the cockpit was, and not sure where the forward section is located. I have no idea why this information is not published.

Pprune posters have expressed their admiration for the divers (and others). I think it is also time to express the same for the local fishermen in Sulawesi. Fishing 50 km offshore in a small boat, finding remains, and carrying them back to shore ... says it all.

training wheels

_Phoenix, your interpretation of the auto translation is out of context. The author of the blog is saying that there is nothing in the CVR that suggests a bomb or explosion went off due to terrorism. All that could be heard on the CVR was the pilot and copilot struggling to control the aircraft right until the last moments. The blog author then goes on to hypothesize that an explosion due to other causes can not be ruled out and gives the example of the TWA 800 where the fuel tank exploded due to a short circuit.

The blogger then implies that if a short circuit occurred causing a fuel tank explosion (eg, like TWA 800), then the short circuit would have prevented the CVR and FDR from recording the sound of an explosion as well. This point is mentioned to give credit to the blogger's 'fuel tank explosion' hypothesis since no explosion was heard on the CVR.

So the blogger is not at all suggesting that the CVR and FDR stopped recording before impact in QZ8501.

And, yes, I am fluent in Bahasa Indonesia.

BenThere

Exploding fuel tanks has been a problem characteristic of Boeings. Catastrophic stalls in flight have been a problem characteristic of Airbii.

What creeps into my consciousness as the recent Airbus hull losses have unfolded is that astute, engaged, qualified crews would have seen their situations developing, recognized and countered the weather threats, and take mitigating action before the crises occurred.

I don't disparage any crew faced with a life-threatening situation. It's not easy to maintain indefinite, unrelenting diligence. And staring out the window with 1000 NM's left to go doesn't lend itself to rabbit like reflexes. Who of us knows how we'd react to a sudden crisis on any given day?

My point is only that we must always pay attention, scan for anomalies, and never turn it all over completely to George.

.Scott

Thanks training . I am not versed in Indonesean, but was pretty sure there was a problem with context.

.Scott

There were a couple of news stories posted today that included this quote:
Does this imply that Airbus and AirAsia may not want to accept the findings?

Ian W

It certainly appears that is the case - it may even be that they have already raised objections and this is a shot across the bows to prevent further 'interference'.

That raises all sorts of potential issues and it would be easy to speculate on the bete noir that Airbus is complaining about and similarly the problems that AirAsia may not want raised.

It is another of those areas where we must wait and see. Certainly it looks like a good supply of popcorn may be needed.

_Phoenix

A0283,
By the way, the article in discussion states:


Training wheels,
Also the recovered tail section shows two major ruptures: from the fuselage and from the THS, so most likely there were two impacts.
In case of a break-up scenario, recording would stop in midair. But yes, I agree, let's wait for something more official and credible.

unworry

@IanW @andianjul and others

This isn't a software logic/coding issue but one of system design.

There are two primary actors, the automated flight computers and human pilots, who have varying control of the flight. A critical factor in the handling of these upsets seems to depend on the nature of the failover/hand-off (here, catch) to the crew.

I know its mainly about risk mitigation (stall/over-speed avoidance) but once such an incident has occurred, it appears the system as a whole is inherently vulnerable, exacerbated by deficiency in training, crew awareness and identification of the problem, their response and computer assistance in alternate configurations.

So is this just the way it is nowadays? Take all precautions to avoid an upset, then ... good luck?

Clandestino

Yeah and NTSC is famous worldwide for its technically impeccable reports like the one on MI185.

Ian W

I think that you are understating the problems.

The approach to training and operational flight now is that flight crew are positively discouraged from manual flight at cruise levels. The psychological impact of just taking control of the aircraft and 'manually' flying it rather than leaving it to the AP is considerable for some flight crew. They may have thousands of hours in the cockpit but almost no time at all manually flying at cruise. No amount of time in a nice safe simulator will provide the mental effect of flying the real thing manually at height. So just having the AP give control to the flight crew (for some crews) is sufficient stress and some may not cope too well.

The problem is that the AP normally calls it a day, when something is going wrong and the aircraft has distinct problems. So not only are the crews already stressed due to just having control, they also have the added alerts and problems to sort together with the 'calming' alarms, alerts, scrolling warnings on ECAM and barber poles changing colors etc. Perhaps even losing the standard instruments.

This mix of beancounters wanting efficient flight chasing crews who hand fly, lack of any hands-on training/practice in cruise and 'graceful degradation' of the systems increasing system complexity and the number of 'what is it doing now' questions all added to an inflight emergency, is a recipe for guaranteed failures.

It seems we are starting to see some of these failures; the industry is going to need to respond constructively to block these holes in the cheese. Don't hold your breath though as the first reaction appears to be to deny the problem - a management version of automation surprise.

PT6Driver

AO283

Not saying this is the case but:
If there was a mid air breakup and the cvr & fdr stopped recording short of impact then the evidence for the breakup sequence is the "expertly recovered wreckage". Having been dragged on board, cut up, dropped etc etc, I wonder how much evidence is left?
Any investigation should examine all the evidence not just rely on cvr, fdr. The recovery operation apears to have dictated the direction of the investigation.

Having said that my thoughts still lie with the breakup on surface contact.

rideforever

Apparently we are to wait until Augst before the report arrives. Is there a precedent for such a delay before releasing the data and preliminary report?

What would the impact be on the industry be if this was similar to AF447?

Sop_Monkey

One would think it would be right and proper to get the report out ASAP so we can all learn from this tragic event. That surely would enhance safety.

Which begs the question, Is safety the authority's first priority?

"What would the impact be on the industry be if this was similar to AF447?" None!

Ian W

If there would be no industry impact, Indonesia would not have issued the public cease and desist warning to Airbus and AirAsia. There are one or more things to come out that neither will like.

Centaurus

Both pilots struggling at the controls? Does that mean one pilot handling and both shouting in fear? Or both grabbing the side stick with neither knowing what the other was trying to do? And was that a media interpretation third hand? So much pure speculation.

.Scott

I have been asked for citations for this Jonan quote:The clearest one is here:
The MalayMail Online

Here's another:
Venture Capital Post

In both cases, search for "interfere" - or just read the whole article.

Ollie Onion

If that quote is true then it points to a complete whitewash of a report. Sounds like they are lining up Airbus to take the blame. My previous post regarding the Asiana crash was trying to make this point. In that report the Koreans didn't accept pilot error and blamed the manufacturer for badly designed automation, I suspect in this report the pilots will be exonerated and Airbus will be blamed regardless of the facts. That is the only conclusion I can come to considering the secrecy of the investigation so far combined with quotes like above.

ATC Watcher

Then you probably never read an Indonesian investigation report before. (or any other for that matter)

ramble on

Great Post IanW- SPOT ON