CONF iture

'shysters' - No. Did I say so ?
'arrogant' - Not wrong. But over confident would be more appropriate.

1. What are, in your mind, those 2 events ?
2. Why, in your mind, it *might* have been useful for the PNF to see what the PF was doing with the stick ?

RR_NDB

Hi,

FBW is clearly a way to optimize an a/c. (weight reduction, easier to design with redundancy, etc.)

Question for EE and pilots acquainted with Digital FBW a/c:

The problems arise when the machine (a/c) enter some certain states?

E.g.: TAM 3054 overshoot, AF447 first with THS "going" to 13 degrees NU and later presenting erratic SW indications. These planes entered exceptional "states"?

May we consider these planes "entered" strange states difficult to be understood (almost impossible in short time) by crews yet submitted to abnormal and stressful situations?

In non DFBW these "strange states" are rare. The NW 6231 727 (Thiells) Pitot's "memorized pressure due icing" misleading the entire crew. Perhaps we can say the plane entered an "strange state" with it's Pitot's "showing" altitude (instead the speed) to the (astonished) crew.

In summary, my 1st question is:

State machines concept may explain several cases where the crew was not able to even understand what was going on?

Observe the issue is not FBW (a good approach) but how we "protect" the plane using "finite States machines". And Airbus SAS pioneered this.

A possible 2nd question is:

Is it possible, by training, prepare the crew to timely understand (the strange states) and act accordingly?

Are we capable to preview the "strange states" the complex machines (full of protections) may enter?

Lyman

An excellent, excellent question.

The bottom line here in this entire discussion re: AB fbw, is that it is highly functional in virtually all its iterations when confronted with straight forward challenges to remaining in the air.

If no one else has figured this out, the problem arises, as it does with ALL aircraft, when the monkey grabs the football.

Airbus have this less figured out than other types, and their arrogance in admitting to it is still killing people.

Abnormal situation requires abstract and intuitive action.

NOT ALTERNATE. Bowing to ALTERNATE solutions is killing us.

We don't need ALTERNATE, we need CUSTOMIZED.

And CUSTOMIZATION comes from the cerebellum, not the thirty year old chip, programmed by people who still do not "get" ABNORMAL.

One cannot anticipate that which he has no experience with.

Zorin_75

Nose pointing up, plane going down, blaring stall warning. Very strange state. Maybe they should teach that in flight school.

Lyman

I've done that, in flight school. It is an odd regime, and it was shown to me by my instructor. I still remember it. "Hold back stick". WHAT?

Did any of the crew on 447 experience such an attitude? Ever?

As above, To get creative, one needs to have some confidence in a solution, not grab at straws.

To get where you need to be, to save your life, one needs to know where one is.

RR_NDB

Hi,

With highly capable pilots instead of just "trained operators".

IMO the training requirements are much higher when operating complex machines.

Unless you think (erroneously) everything can be previewed by engineers during design phase.

Perhaps "IT people" influence on Airbus SAS Design approach was excessive.

Many years ago a friend (ex. Air Force one pilot and Safety Board Head) told me: A good pilot must always call his plane by "Sir". With a lot of respect.

An a/c using Finite States Machines in their Systems design approach IMHO requires much more respect. You must be very careful (and respectful) with it.

Their behaviour is never completely understandable. The old "Testability issue" of Complex Systems.

Lyman

Testability

The a/c cannot be tested in these places, but her pilots can be....

To stay ahead of one's aircraft requires one must know more than she.

DozyWannabe

The "IT People" (actually real-time systems architects and engineers, and among the best in their field at the time) simply implemented a set of specifications from the aeronautical engineers, who themselves consulted with pilots, in exactly the same way that electromechanical engineers have always done in aviation.

Philosophically speaking, the computer specialists only dealt with the "How" - the "What" came from the same people it has always come from.

Airliners have always been complex systems, and have only grown in complexity over time. I suspect very few pilots during the middle decades of the last century knew exactly how the Q-feel system on their Comets and 707s worked, and I'm pretty sure even fewer pilots knew how advanced avionics suites such as those on the Trident and L-1011 worked. The only difference between that generation and the current generation have been how the various systems were implemented, but this will always come up against a seemingly innate human distrust of technology. I wonder how many of BEA's "old guard" took great exception to the (then) new-fangled autoland system, for example.

Lyman

The complexity is by and large manufactured of whole cloth. In addition, in dumbing down the threshold of operation, the "complexities" become sequestered in myth, and therefore become unmitigable by tacit agreement; operators will not be trained to them.

No one is better able (potentially) to handle a dynamic situation than the one who is present. To suggest that solutions have already been discerned for every possibility, and Programmed into an airplane, is not only myopic, it has the aroma of Death about it.

Case in Point. "We think Auto Trim UP into a Stall is a solution." On what Planet? Rather than allow that, why was it not aggressively disallowed? Yet in overspeed, the THS is locked in place, when at least arguably, it has a function in correcting PITCH to corral speed.

Independent of training level, how is that desirable?

Explain?

CONF iture

That’s even worse Lyman, under Normal Law, the system logically thinks it’s time to cancel autotrim by reaching Alpha Prot or slightly above, but when the situation has degraded and Alternate Law is active, the system thinks it’s smart to autotrim all the way whatever the Alpha …

Airbus : If you think you have some doubt about the data you receive, just keep things simple, degrade all the way straight to Direct Law. Make things easier for your crew. Airplanes fly well in Direct Law too ... including yours.

Cool Guys

While on the subject of simplicity I would like to butt in if I may.

I can understand how the pilot on AF447 reacted in the way he did. I can’t say that I can explain it but I can understand it. Years ago I pushed the wrong button when my colleague got his fingers caught in a machine. I switched the Run Switch to the “off” position rather than hitting the Emergency Stop button. The Run Switch stopped the machine after its present cycle. The Emergency Stop instantly cut all power. At the point where my colleague got his fingers stuck I had 5 seconds to hit the Emergency Stop to prevent a blade from slicing his fingers off. In the rush I switched the wrong control (I pulled the stick back rather than push it forward). I realised my mistake and I quickly hit the Emergency Stop. Fortunately I reacted fast enough and my colleague still has his fingers.

In the above example I had complete understanding of these controls because I designed them, but I had no practical training on what to do in this circumstance so I did the wrong thing when I needed an instant reaction. However because of my understanding of the controls, and because I had sufficient time, I was able to save the day. Practical training gives you a natural reflex to do something quickly in an emergency situation but understanding gives you the ability to think about the situation and work out what is the right thing to do even if you have not been trained on the procedure. Understanding is gained by theoretical learning and quick response is gained by practical training, actually doing what you should do in real life when a emergency situation occurs.

However these 2 things are related. Training helps understanding and understanding helps training. Sully was not trained on water landings but due to his in depth knowledge he was still able to perform the feat. When learning a complex process you need both. Simplicity is also a factor. After this incident I changed the layout of the front panel including making the Emergency Stop more prominent and simplifying the layout. I simplified the interface. A machine operator or pilot has better things to think about than excessively complex controls. A pilot definitely has many other things to think about. If something is simple it is easier to understand and it is easier to train people on. It is like these 3 things form a triangle. Understanding – Training - Simplicity. You need all 3 sides. If you increase one you naturally increase the other 2. If you reduce one you reduce the other 2. If you make something simpler the person’s understanding will be better and it will be easier to train him. If you make something more complex the person is likely to have a lower understanding and it will be more difficult to train.

A group of semi knowledgeable people generally make things overly complex. One single knowledgeable person can generally make the same thing more simple.
It is easier to make something complex than to make it simple. Unfortunately it is easier to make a complex interface than a simple one.

Obviously an aircraft control system will be a complex system but it should not be made more complex than what it needs to be, and even if someone has done all that is required to get everything totally sussed, surely he would be better off working out how to get laid by his wife than to work out some overly complex interface.

RR_NDB

Cool Guys

The rule is here:

KISS principle

And the best phrase, IMO:

"It seems that perfection is reached not when there is nothing left to add, but when there is nothing left to take away"

From Antoine de Saint Exupéry, writer and also an aviator.

gums

Just had to get my barb in for Doze, heh heh. And support RR.

Basically, Doze has it right, to a point.

As a systems engineer after I hung up my g-suit, I wrote the specs and the sfwe folks "coded" it. None of the sfwe "engineers" in my company knew squat about aero or mech or actual piloting. No big deal. They were used to dealing in "abstracts" and sfwe design, not a physical system that was to be implemented or simulated in sfwe.

I was their worst nightmare!

I was an aero/EE guy from school, and was a no-kidding pilot with no small amount of experience in various jets. I had also done sfwe work for a few things during my career as a pilot.

I had to explain frame rate requirements due to hysteresis of the mechanical gyro/gimbal platforms and seeker heads of missiles. The old analog systems did the trick via their basic design and had negligible lag as the digital systems had with their frame rates. So we "smooth" the data for control and display. Big deal. But we also had to deal with real world body rates and maybe tgt motion for a weapon and so on. So some functions had to run at very high frame rates while others could lope along at 10 Hz.

enuf background.

As RR says, a finite state machine will react to inputs with very deterministic outputs/actions. That was my company's philosophy for armament control and display systems, and our designs were very easy to validate thru testing. The good news was our systems were easy for the human operators to understand and operate. Our sfwe was not trying to be "intelligent", and "guess" what the human wanted to do.

So I have to throw my lot with the folks that postulate the AF447 crew was presented with conflicting displays and aircraft reactions to their control inputs, and they did not know with certainty what was really happening. Further, their training seemed to emphasize all the FBW protections and the cascade of control law reversions that attempted to retain bank angle limits, pitch angle limits, AoA limits ( read Alpha prot), mach/overspeed warnings, etc. Sheesh!!! Think you would be confused?

Make no mistake, I do not advocate a simple, direct control of the various aero surfaces such as some here believe would save the day. Even the old, old mechanical systems used mechanical/hydraulic components to limit surface deflections and their rates of deflection.

My problem has always been with the "autopilot" type functions and protections that seem inherent in the 'bus FBW design and its reversion modes. For Chrissakes, the jet seems to be extremely stable and docile. Without the autopilot engaged, it should handle just as any large jet. It should also handle well if airspeed/ "q" inputs are lost. But this is where training enters the equation. How does the jet "feel" when most of those "protections" are gone? And worse, what "protections" are still there? So there needs to be a clearly defined reversion sequence that the pilots are trained to deal with, and the more simple, the better, The finite state machine RR and I refer to.

Zorin_75

More precisely, in this state the system thinks it's less smart than the pilot therefore it will do as told without protest.
All these discussions about complex systems are certainly not without merit, but do you think it is a fair assumption this crew would have fared better in a 757?

rudderrudderrat

Hi DozyWannabe,
We never distrusted the technology - but were ready to take over when it failed. When it failed and the AP dropped out, the aircraft felt very familiar because it only had the one manual flight Law (Direct).

Why design a series of sub laws which the pilot very rarely experiences or has the opportunity to practice?

RR_NDB

In Combinational logic " the output is a pure function of the present input only". E.g. the (interlock) micro switch on the door of a Cessna prevents flaps activation.

In Sequential logic the "output depends not only on the present input but also on the history of the input". F-GZCP System "memorized" PF initial NU, maintaining THS at 13deg til the end of the flight.

In TAM 3054 case both pilots didn't understand timely the system output (combinational logic).

Combinational and Sequential logic can help decisively but unfortunately may generate "difficulty to understand" in certain situations specially if you add human factors to the issue.

Not present among us, you know. Most here are open minded professionals always trying to do the best. Using technology and ALWAYS checking it for a "quality control", in a constant "questioning". Something VERY USEFUL for any Project as an important and necessary feedback.

Lyman

"Seeming innate mistrust of technology."

That is a euphemism for "what do you know, my concierge can fly this a/c."

It is out of place here, and harkens to a lay attitude.

Fly by wire is not anything but a new (if thirty years old tech is "new") way to control an aircraft.

It is faster, and generally more responsive and efficient than a human being. It can fly a/c that are unflyable by humans.

Stop. It is also a quick way to the graveyard whilst whistling Dixie if the programming is put together by numpties.

It is a TOOL. A wonderful TOOL. But a TOOL. Those who think it can be operated in fluids without great care are dangerous.

DozyWannabe

I think it was in fact a little more complex than that once you got down into the actual implementation of the design - routing hydraulics, electrical systems and the like. As I said quite a while back, it was only when digital computers started getting involved that the distrust became more vocal, because you had a generation of pilots for whom computers were known as either big number-crunching machines in rooms (which is how they were in real life), or cold, logical machines that frequently went wrong and threatened lives (as they were consistently presented in fiction).

Human psychology is a weird one in that the collective memory can sometimes distort the reality of a situation with cultural perception - this is why I get so mad when people refer to the FCU system as "HAL", because I know that the reality of the former is a million miles from the cultural perception of the latter (which was, after all, a fictitious construct based more on an outgrowth of Asimov's laws as opposed to reflecting any kind of reality). I could go into mind-numbingly dull detail on the subject, but I'll spare you guys that (for now!).

Firstly, there are only three "Laws" that deal with computer-assisted flight (with the MAN TRIM ONLY fallback when everything is out). Alternate is a single law with variations based on the type of failure the aircraft has suffered (in much the same way as failures of specific systems on older designs meant variations in how to deal with those failures), and all you really need to have at the front of your mind is that if you're outside of Normal Law, you don't have any hard protections - consequently the aircraft must be handled as carefully as if it were conventionally-controlled with no protections. Sustained hauling back on the sidestick outside of Normal Law is therefore as much of a no-no as sustained hauling back on the yoke in a conventional aircraft.

Secondly, pilots *are* supposed to practice them (note PJ2's insistence on practicing all modes in the sim, up to and including MAN TRIM ONLY). ColganAir proved that you don't need an all-singing, all-dancing digital flight control system to lull airline training programmes (and the pilots they produce) into a false sense of security when it comes to stall/upset recovery. Thus we get into a bigger problem that affects the whole industry, whereby many of the MBAs that run the airlines and the accountants that provide the balance sheets do not understand that if you cut training costs, you're shaving the safety margins ever further and increasing the risk that there may be people at the controls who will fumble a recovery in an emergency.

The '90s downturn led to the beancounters shaving the maintenance budgets, which in turn led to an Alaska MD-80 falling into the Pacific, and an FAA crackdown. It seems that in response to that their next move was to shave the training budgets, which is just as dangerous - but the effects are slower to materialise - and it's much tougher to prove that a crash caused by pilot error can be traced back to lackadaisical training than it is to prove a stripped jackscrew was caused by shoddy maintenance.

Lyman

Talk about Hamsterwheel.......

DozyWannabe

The system (by which I mean the flight controls) only "memorised" it because there was not a consquential opposite command to move it the other way, either from the sidestick or the trim wheel.

Well, there were procedural complications in that case. The original "reverser inoperative" procedure called for the thrust levers to both be placed in idle and only the engine with the working reverser to be placed into reverse. Airbus discovered several incidents where the lever to the engine with the inoperative reverser was not pulled to idle, extending the landing distance considerably and risking an accident.

As such they came up with a new procedure where both levers were to be pulled all the way through flight idle to reverse on rollout, which made the problem go away, but led to a slight, but noticeable increase in landing distance as the engine thrust on the side with reverser inop would increase, inducing forward thrust on that side.

The TAM crew knew of this latter procedure and indeed used it on the previous leg of the flight, as evidenced by the FDR traces - however the Conghonas runway was short and known to be treacherous, especially in wet conditions. The logical theory is that the very experienced Captain knew of the increased landing distance that the new procedure caused and elected to use the old procedure, ironically, to give him an increased safety margin given the atrocious conditions at Conghonas that night. Unfortunately the crew made the same mistake that had caused that procedure to be revised in the first place and the rest is history.