Knowing how difficult it can be to find a wiring fault or failure in the "real" world, I'm still totally baffled by this ACARS message too.
I suspect it probably translates to a "lack of signal" condition, but I would still like to know, too.

EMI/EMC issue?
 

Hi,

Question:


Could be this facts be associated to Lightning? And subsequently:

2:13:45 WRN/WN0906010213 279002506F/CTL PRIM 1 FAULT
2:13:51 WRN/WN0906010213 279004006F/CTL SEC 1 FAULT

A very strong "interference" can even reset a System and in extreme cases damage buses ("connections" between sub systems), etc. I know Airbus SAS redundancy is also on the physical location of critical modules. And i know the a/c interior is protected (inside a Faraday shield). And also the lightning activity at that night was reported as "low" at the region.

mm43, do you fly A340 and not A330?

some of your comments do not apply to the A330.

I wonder if you would still feel that way today.

One of the realities that plague video game designers is the fact that as we age one of the first skills that is lost is what is known as "fine motor control," especially in the hands. FMC does not refer to reaction time; it has to do with the ability to make small, discrete movements as opposed to large sweeping ones. People who suffer from poor FMC often appear to be "overreacting" physically to the stimulus but it's not a reaction problem.

I have long wondered if poor FMC isn't the true explanation behind this crash:

American Airlines Flight 587 - Wikipedia, the free encyclopedia

I'd bet my bottom dollar that if your old teacher put a group of 45 year olds who had never piloted before in that test,he'd get very different results.

The complexity is mitigated by redundancy, as you state - and the components themselves (derived from the 80186) were obsolete in computing terms in the late '80s, but highly predictable and easy to understand at a circuit level. To compare that to the incredibly dense multi-pipelined designs used in consumer level computers even 10 years ago is like comparing a trusty old pick-up truck engine (powerful enough to do the job, but reliable over long periods of time) to that of a Formula 1 racer (Immensely powerful, but prone to frequent failure).

They used 68000s in some of those STS systems. Again - relatively obsolete technology, but comparatively simple and predictable.

I think it was as valid a direction to take when designing the next generation of airliners as any - especially given the accidents that happened in the '70s and '80s with mechanical/hydraulic systems failing due to damage. I studied Software Engineering under Peter Mellor, who you'll see in the Risks archives occasionally, especially relating to the A320 - and what I learned was that the process that they went through designing the systems was utterly exhaustive. Whatever the naysayers profess when it comes to "Keeping it simple", the fact is that the hydraulic systems required for widebody airliners and the artificial feel required to make such controls make sense to a pilot are anything but simple.

DFBW was proven in military terms for a decade before the A320 started carrying passengers, and I think that was a more than reasonable lead time. The US did not openly develop FBW airliners in tandem, but the B777 followed hot on the heels of the A320 - as such I suspect that something similar was on the drawing board as the A320 progressed from the testing phase to production and service. The only difference between the latest generation of Boeing aircraft and that of Airbus is that Airbus developed a new control philosophy based around the new systems, whereas Boeing had their FBW systems drive a facsimile of a "traditional" flight deck environment. The "ain't Boeing, ain't going" crowd like to say that they don't trust computers in charge of their aircraft, but the B777 (and presumably the B787) is as reliant on it's computers as any Airbus FBW model.

That is not a correct use of the term 'turbulent flow'.

Fine Motor Control
 

I think I would. Landing on a carrier, which was my most demanding task, demands small precise control movements, not sweeping ones. At my age, 74, I clearly do not have the same ability to do fine work such as drawing with a pencil but I believe that I still have the same ability to sense pressure. I don't play computer games nor do I even have a "joy stick" on any of my computers but the very few times I tried one, I found it difficult because the stick moved and I had no tactile feedback. For the same reason, I have always disliked a mouse.

Failures (BEA rprt #2, pg 36)
 

Hi,

The sub systems "interact in a completely safe way" (protocols, CRC, etc.)

A (HARD) failure as mentioned strongly motivates me to go deeper in the issue.

NAV TCAS FAULT (2 h 10): ... it could be the consequence of an electrical power supply problem or of an external failure.

F/CTL PRIM 1 FAULT (2 h 13): ...or be the result of a failure.

F/CTL SEC 1 FAULT (2 h 13)...or be the result of a failure.

1.16.2.4.3. Interruption of the messages:

... loss of one or more system(s) essential for the generation and routing of messages in the aircraft: ATSU / SDU / antenna... or loss of electrical power supply: this would imply the simultaneous loss of the two main sources of electrical power generation.

Intriguing: A redundant System possibly hit by multiple failures.

Question: What kind of "external stimuli" (to a redundant "electric/electronic" System) has the ability to make it (possibly) fail in that way?

Note: BEA analysis on above msgs. show first other possible reasons and is not conclusive (by lack of further info.; ACARS is for other purpose).

jcjeant,You are really something, you are !.
And very sneaky, too : By that one sentence, you now have everything for criticizing the french system, the BEA independence, the weakness of the French judicial conclusions and penalties involved (they have nothing to prove anything!)...Unfortunately for you, it's also an absolute
BULL!!!! !
This is an excerpt of the bill instituting the BEA and its duties and priviledges :
(The Prosecutor for the Republic is to receive a copy of the technical investigation report in case of the opening a prosecution case).Which is, btw, what has happened as Air France and Airbus are in a manslaughter lawsuit.

Try again

Lemurian

I was trying my best to figure that one out. Thanks for the ennabling legislation.
Do you have more of the Law ? Maybe I'll just withdraw from the discussion, I didn't get much of the Concorde proceedings, either.

ACARS / Satellite Signal Failure
 

Hi folks.

As to the ACARS, we know for sure that at least one message would have been sent by the aircraft (60 seconds after preceding event) that should have been received between 2h15m00s and 2h15m14s. (BEA Report, 17-12-2009, p 36ff)

At least BEA will know by now (FDR), whether this non-occurrence of the expected class 2 fault message is due to (1) the sudden end of the flight at that point in time or due to (2) satellite communication issues in the storm or even (3) fatal electronic failures in the aircraft.

BEA reported a minor technical issue with the radio management panel at takeoff from Rio, but it appears insignificant as it has not been followed up by further info (at least to my knowledge). (BEA Report, 02-07-2009, p. 70)

Perhaps we will find out during the announced press conference this upcoming week, why and how the flight met its tragic end only about 6nm from the LKP at 02h10m, despite the operations center receiving messages until 02h.14m.26s (important: we cannot conclude that it was transmitting until then!).

In fact, we know little more than three months ago, and the recovery of the CVR and FDR this close to the LKP has raised more questions than it provided answers. Based on the sea drifts, we know at least that the calculations with regard to the point of impact by the US Coast Guard, the Brazilian Navy and the US Navy (BEA Report 17-12-2009, p. 80) appear to have been very accurate back then.

Testability issue
 

Hi,

Introduced more than FBW: a new control philosophy.

Good issue to be discussed later.

I will go deeper to later comment on that.

A question, regarding "predictability" of a complex "electric/electronic" a/c:

A test 787 (ZA001) was hit by a lightning bolt and survived. (landed). During the Test phase or Certification process, the airliners are "lightning tested"?

Or expressing in another way: It´s really impossible (indeed near zero probability) to "reset" or even damage the wiring/buses if the a/c is hit by a powerful "cloud-cloud" bolt?

I know the several cases, Iran Air Force 747, JP case, IIRC a P3 in US, etc. that went down (for mech. reasons). My question is on the "Testability" issue on that specific subject.

An a/c after an UAS issue being hit in it´s nose section by a "very intense current" (thousands of amps), facing severe turbulence (with the crew in a "dark" cockpit, interior lights dim*) can become "faulty"? Or, What can cause "multiple failures" in a "redundant computer system"?

(*) No significant lightning activity that night.

I have it in my RV such engine, modified (fail safe fuel supply and redundant ignition) to be more reliable than the original.

Right!

Tactile feedback and "old" hands
 

I gotta go with Smilin' Ed.

Trouble with a small stick that moves 30 degrees or so off-axis is you really can't tell instinctively if you're commanding half or a third or three quarters or.... Larger sticks such as those on jet fighters are easier to figure out whether you are commanding max or half or...

If the small stick has a good "load" to it that requires greater and greater pounds of pressure along the way, then could be a player.

Viper stick moved zero originally. See the black-nosed Block I jets I flew in mid 1979. Block 5 modified the stick for 1/8 inch of movement. Breakout force to command gee or roll rate was same, but theoretically the stick stopped moving when you reached "X" pounds for pitch or roll. Apparently, someone thot we would then stop pulling more. Seems that a few guys were pulling over 100 pounds in a fight to ensure they were asking for all the jet could give!! I never noticed, to be honest, the ham fist I was.

I fly the online sim Warbirds and use a simple stick that is very stiff. The gimpy ones that move a lot and move easily are harder to use for fine corrections.

Safety Concerns
Thanks for highlighting the matter. :D

Yes, rudder travel is limited as follows:--

A340 - 31.6° and 3.5°
A330 - 35° and 4°

A corrected RTLU graphic is at post #109. Not the only time I have made the mistake.:\

Nothing wrong with that per se. Anyone used to driving a modern car would be completely at a loss trying to drive a Ford Model T. Also, the sidestick control method had been in use in military jets for some time before the A320 went into service, so it's not like they were springing a complete unknown into the pilot community.


I don't think so, but the laws of probability suggest that many a FBW Airbus model has been struck by lightning in one form or another in their 23 years of airline service and not one has fallen from the sky because of it.

I don't know, and neither does anyone else - which is why I'm waiting for the report to come out. At this point we don't even know if the computer system had anything to do with the loss of the aircraft, so we're into heavy speculation by even bringing it up!

And the 80186 used in the A320 is of similar vintage, so why consider one to be more suspect than the other?

(Nerdy aside : I know that the 68k series was much more friendly to program at assembler level than the 8086 series, but that's not really relevant here...)

IIRC the Airbus FBW stick does so via a simple spring mechanism.

As a flight-obsessed kid I used to play F/A-18 Interceptor on my old Amiga 500* with a digital joystick (either rate was commanded or it wasn't). Lots of fun, but I'm unsure of the relevance. As an aside, that 23-year-old piece of entertainment software had the best sound FX of any sim I've used since...

* - Hence why I know about the 68k

Hi,

Dunno where we go with that ... for me it's nowhere.
The copy of the investigation report (who is also public) it's just a information document and can't be used by prosecutors for point any responsible or irresponsible people or corporation
The only reports used will be those show at the court by the experts named for this case.
Those can be interrogated also by the judge of instruction and will also be called by the judge in the court when the trial run.
The BEA can also be interrogated by the judge of instruction or at the trial ... but the BEA report is not a exhibit for the court ...
Only will be exhibit .. the judiciary experts reports ... even if it's a conform copy of the BEA report.
BEA experts are not judiciary experts (otherwise .. how BEA can be independent of justice?)
Again refer to the last trial in France about aviation accident (the Concorde trial who is even not yet closed as AF and Continental are going in appeal)
Wait for the AF447 trial ... (in how many years ??) .........

UAS->ALTN2->LOSA(loss of situational awareness)->LOC1->Recovery?->LOC2?->Recovery?->EOFLT(end of flight)

seems to be the simplest chain without invoking gremlins.

Smilin_Ed said
This is very fascinating and reminds me of riding a fast motorcycle. This is a subtle physico-mental thing that cannot be described, but is very instinctual for a experienced rider. There is no question in my mind that the airplane should respond to physical force so that a pilot can "feel" it in his own structure. There is probably a fancy medical word - is it proprioception? Astronauts in weightlessness lose track of their limbs unless they can see them. The lack of physical stress on the body divorces the mind from it in a very strange way. One astronaut experienced a strange glowing watch floating before his eyes while half-asleep in orbit, only to discover somewhat later that it was his own arm he was seeing.

The control input should match the physical stress of acceleration, because the pilot has to "feel" how to fly the airplane based on what it's doing to his body.

Originally posted by RR_NDB ...
The BEA later rectified that comment, and the TCAS was found to have a self checking function that sampled all values and tested to see if they matched reality. Apparently they didn't, and the TCAS was inhibited to prevent the potential for mayhem. Note the graphic showing the cause, e.g. Cockpit effect messages without fault ... now incorrect and added in red.

http://oi53.tinypic.com/1zbxshl.jpg

Where is the TCAS antenna?

TCAS Fail?
 

Thanks for the chart MM43.

Altitude is fed to the TCAS via the transponder. The transponder looks at only one altitude input at a time. Alternate altitude can be switched in. There is no airspeed input to the TCAS or the transponder.

Altitude out from the ADR is modified by (reportedly) as much as 300 feet as a low airspeed correction. Therefore, you could expect a 300 foot altitude shift if the pitot ram pressure were suddenly blocked while the moisture drain remained open, yielding an airspeed approaching zero.

The BEA assumption is that the TCAS faulted due to internal logic from airspeed approaching zero. The supposed rationale for this logic: "TCAS was inhibited to prevent the potential for mayhem." The only mayhem would be Collision Avoidance being compromised.

If this logic exists, why isn't it in the transponder, instead of in the TCAS? The transponder didn't fail. You don't want a 300 foot error in your altitude reported to other aircraft, just as much as you don't want erroneous evasive maneuvers. The transponder is needed for the TCAS to function. TCAS is not needed for the transponder to function.

Therefore, from the data we have, the BEA explanation for TCAS Fail is mistaken.

The two TCAS antennas are above and below the forward cabin. They are about a foot long, half a foot wide, and about two inches tall.

TCAS Fail?
 

Hi,
Did you meant that the BEA explanation (which is from Airbus experts) is mistaken because there is no link between ADR losses and TCAS?
Have a look at this (now revised) procedure:
http://takata1940.free.fr/ADR1+2+3FAULT%281%29.jpg
http://takata1940.free.fr/ADR1+2+3FAULT%282%29.jpg

Last Commands of Captain Dubois
 

Absturz von Air-France-Airbus: Pilot war in kritischer Flugphase nicht im Cockpit - SPIEGEL ONLINE - Nachrichten - Panorama

Stall led to Rio-Paris Air France crash, says German press

ChristiaanJ,
A possible explanation could be “bus overload”, a temporary and usually benign situation were data could be missing for one or more bus cycles (also depends on the bus protocol used).

New leak
 

New leak, this time from "Der Spiegel" magazine, source is claimed to be an "expert close to the investigation":

- captain Marc Dubois not in cockpit when incident started
- he entered cockpit during incident and tried to help save AF 447
- FDR shows that AF 447 took evasive action to avoid heavy weather and there are no signs of major turbulences
- FDR shows "steep" pitch up shortly after "failure of air speed indicators". Der Spiegel doesn't know if the pitch upwards was initiated by pilots or aircraft computers

Source:
Absturz von Air-France-Airbus: Pilot war in kritischer Flugphase nicht im Cockpit - SPIEGEL ONLINE - Nachrichten - Panorama

TCAS
 

As an SLF with engineering and IT background, I'm surprised that TCAS depends on ADR. 3D coordinates and speed derived from GPS should be reliable data to feed anticollision logic.

Wozzo

I read it that the pilots tried to steer through the various CB's ie not go around it but through, attempting to avoid the worst

The captain Mark Dubois is alleged to being heard shouting instructions to the crew.

I too read that the captain is supposed to have entered the cockpit, however, the fact that his body was found during the first days would suggest to me he was perhaps near the cockpit but not yet "in"

The source is obviously not revealed, and although one would have hoped that the captain was in the cockpit during the CB period, there are no indications in this press document that the cockpit was understaffed.

Yes, that's what I read also (and maybe translated in a bad way, re: "go around" not an option given the size of weather build-up); except that I don't think that captain being in the cockpit (but maybe not strapped in) excludes the possibility of his body being found (don't think the cockpit survived in one piece).

Since even the most basic Mode C transponder transmits altitude information based on the standard pressure setting, any receiving TCAS-equipped aircraft needs to measure from the same datum.

Hi,

Possible pitch up......

From HMC blog:

http://i.imgur.com/9mNNj.jpg

TCAS
 

Altitude mode (both ATC and TCAS) is dependant on ADRs.
Triple ADR fault rev.19 (compare with rev.16 above); see ATC ALTI MODE and TCAS inop:
http://takata1940.free.fr/ADR1+2+3FAULT%283%29.jpg

and TCAS scheme:
http://takata1940.free.fr/TCAS.jpg

one of the first skills that is lost is what is known as "fine motor control," especially in the hands

gums has made some comments on the F16 stick. I recall from a course years ago (so it might be scratchy) that the initial test article had a zero break out stick arrangement which was unflyable due to low level muscular tremors. If I recall correctly, the initial mod was to introduce a 4lb break out load to get rid of the non-commanded small perturbations.

Without wishing to appear too mechanistic, another factor that should
govern design is perhaps the resolution of the shoulder/arm/hand
assembly, which can apply quite large forces full scale, but will have
limited resolution, or granularity, at low force levels. If the initial
force is low, small variations in that force will be difficult to
control, because of resolution limits and signal to noise ratio. If the
initial force is high, then small variations will be much further up the
linearity curve and thus easier to control. If there is position as well
as force feedback, then so much the better. As in mechanics, the human
body has many compound servos, which have limited resolution, response
times and signal to noise ratio.

Not really my field, but isn't this what artificial feel systems are designed
to address ?...

jcjeant: In that scenario, an aft CG would certainly make things worse.

The demands placed on avionics computers have increased a lot since the
early days, and current systems do in fact use much more powerfull
processors, some of which are pipelined, have extensive cache memories,
as do current desktop computers. Without appearing complacent, I
don't see any real problem with this as avionic systems have arguably
the most rigorous development processes applied to them than any other
development activity. It's very unlikely that any fundamentally serious
bugs would ever be found in the software. By bugs, I mean noncompliance
with original spec. Of course, all this becomes toast if there were
holes in the original spec that failed to recognise and cater for corner
cases, or assumed that they would never occur.

To demonstrate one aspect of how rigorous the whole process is, take the
example of redundant systems. Very often, where a system is say, dual or
triple redundant, both the the hardware and software will be designed
and built to the specification by separate development teams who are
forbidden to collaborate or talk to each other. Often, different
programming languages and hardware processor architectures will be
chosen as well. For example, team A may use Ada on PowerPc, team B, C on
68K/Coldfire, team C, Jovial on Intel x86 etc. The whole point of this
is to enforce separate thinking, different algorithmic processes and a
unique approach to development. Once the development and testing to spec
is complete, the different finalised systems are again rigorously tested
against each other, ie: compared to ensure that they all agree. Afaik,
no other industry, with the exception of nuclear uses these extreme and
very costly development processes and there is much more to it than the
above brief description.

I worked on avionics in Basingstoke in the mid 80's and even in those
days, the process was quite rigorous. Much of the less critical software
was still being written in assembler, with fadec software catered for by
custom in house control languages. Most of the modules were quite short,
not more than a page or so of assembler and it was designed to be clear
from inspection what the code was doing. For testing, every module was
tested on a simulator running on a Vax or HP mini, with module input
data set up to ensure that every path through the code was executed and
that expected or sane output values appeared for good and bad input
data. Once this was complete, the modules were linked to final code
image and tested to the original product spec, again with normal and bad
input data and with a variety of hardware failures injected for good
measure.

While I have almost complete faith in the avionic systems design, i'm
not so sure about items like pitot probes, which may have been certified
20 years ago and are now perhaps working well outside their original design
limits at least some of the time...

Control breakout forces
 

Salute!

Good point John the Moderator.

I'll try to talk with some of those guys in the demo program, but I can't help thinking that GD had the 1 pound breakout force.

The "stiff" stick in the first few dozen jets didn't feel like it took much pressure to "breakout". The Block V jets with the small movement felt "squishy" at first, but might have helped with formation flying. Didn't do a thing for A2A fights. You will note that our force-versus-command plot was not linear ( roll command gradient graphic posted earlier). Wonder what the plot looks like for the 'bus? Same question for pounds per degree of control stick deflection - is it constant?

+++++++++++++++++++++++++++++++=

Sadly, a new leak points to a "pitch up" and ensuing loss of control. Makes me cry.

more on this later.

A330 FCOM Bulletin 09
 

Hi,
This is no news, a bulletin inserted in each A330 flight manual (3.08.09). Note that this bulletin was published 10 years before AF 447:

http://takata1940.free.fr/FCOM09%281%29.jpg
http://takata1940.free.fr/FCOM09%282%29.jpg
http://takata1940.free.fr/FCOM09%283%29.jpg
http://takata1940.free.fr/FCOM09%284%29.jpg
http://takata1940.free.fr/FCOM09%285%29.jpg

That the unnamed source doesn't have a clue about the one thing that really matters, reduces his credibility to virtually zero, IMHO.

takata, I suspect some of the data will remain sealed "forever" in the interests of the victim's privacy.