Winds of Change.NET: Liberty. Discovery. Humanity. Victory.

Formal Affiliations
  • Anti-Idiotarian Manifesto
  • Euston Democratic Progressive Manifesto
  • Real Democracy for Iran!
  • Support Denamrk
  • Million Voices for Darfur
  • milblogs
Syndication
 Subscribe in a reader

Flight 447: New Meaning to the Term "Blue Screen of Death"?

| 5 Comments

There's been some speculation that some of Toyota's braking problems may stem from software interaction issues, and lack of mechanical backup. That's nothing, however, in comparison to what seems to have happened to Air France Flight 447, an Airbus A330 bound from Rio to Paris. Der Spiegel has the report, in "The Last Four Minutes of Air France Flight 447":

"The sheer complexity of the Airbus' systems makes it difficult to control in critical phases of the flight.... Could it therefore be that the flight computer, which is hard to manage in emergencies, actually contributed to the loss of control by the Airbus pilots? Air-safety experts Hüttig and Arnoux are demanding an immediate investigation into how the Airbus system reacts to a failure of its airspeed sensors."

What is known, is that the pilots were trying to reboot the flight computer on the way down. Meanwhile, what's the recommended procedure?

"The responsible pilot now had very little time to choose the correct flight angle and the correct engine thrust. This is the only way he could be certain to keep flying on a stable course and maintain steady airflow across the wings if he didn't know the plane's actual speed. The co-pilot must therefore look up the two safe values in a table in the relevant handbook -- at least that's the theory. "In practice, the plane is shaken about so badly that you have difficulty finding the right page in the handbook, let alone being able to decipher what it says," says Arnoux."

As we hand over more high-powered mechanical devices to software operations based on thousands or even millions of lines of code, with limited auditability given the number of potential interactions, these kinds of question are going to surface more and more often.

5 Comments

It seems it does not matter whether the computers stop or keep running, air speed sensor failure is a critical fault. There is a precedent in Birgenair Flight 301.

Another precedent is Aeroperú Flight 603.

However, I thought computers were not the issue in the flight 447 crash and I am now thinking the same about pitot tubes.

I remember that the Iberia airliner flying just behind them simply turn and dodged the storm. I think they made a 70 km detour.

Why Air France 447 did not?

IMHO the root cause could be established without the data from the black boxes.

Why Air France 447 did not?

The article claims that the 447 didn't carry enough fuel to dodge the storm, make a direct flight to Paris, and arrive with the required margin of fuel. They would have needed to make a refueling stop somewhere along the way.

There was definitely an opportunity to avoid the problem via a different route. But to me, that's a distraction.

A system that is fragile because it does not work well when under manual control, or does not shift easily and smoothly to mechanical control of critical functions on human orders, is a major hazard waiting for an opportunity. The opportunities will always come, eventually.

Such systems do fly every day. Every modern high-end fighter jet becomes somewhere between difficult and impossible to fly if the computer's automatic adjustments are taken away. This is known as "relaxed stability," a nice way of saying the platform is designed to be unstable to maximize maneuverability. That's fine, and casualties are expected and acceptable in order to secure those advantages. The alternative being even more casualties, AND losing.

For a passenger aircraft, that's not fine. For an automobile, that's not fine. For systems that are used en masse, and for whom failure is a critical and likely lethal event, we're going to need to re-assess just what we're willing to do in software, and under what terms.

I disagree. IMHO the distraction began soon after the plane crashed in order to avoid the owner of Air France, the French State, bearing responsibility for what its pilots were told to do. The main cause of the accident was not icing pitot tubes or software glitches, but greed.

Regarding the technical side, I think that in the case of flight 447, they were all dead when the sensors failed over a tropical storm. AFAIK the aircraft keeps flying in a speed range between two limits, stall and overspeed, which change depending on air density (which also depends on pressure - height - and temperature). The first limit is linked to lift, below it, the wings cannot keep the plane in the air. Overspeed relates to damage produced by the air flow, probably in the engines or control surfaces.

Whitout those sensors, by night, and over a tropical storm that shakes the aircraft, neither the computer nor the pilots had any reference to know in which point of that speed range they were. A stall eventually occurs, the plane simply falls like a stone, which is different from a nose dive since the control surfaces do not point to the direction in which they are effective. It is said that an airliner cannot recover from that.

On the issue of safe computer operation when flying, it seems the problem was solved by NASA, that old fashioned, soon-to-be-dismantled agency, in the 1970's (see Space Shuttle's redundant computers).

On cars, I think it is obvious that car manufacturers are increasing profitability filling their products with electronics and emission control technologies, all prone to fail at a higher rate than mechanical components.

Leave a comment

Here are some quick tips for adding simple Textile formatting to your comments, though you can also use proper HTML tags:

*This* puts text in bold.

_This_ puts text in italics.

bq. This "bq." at the beginning of a paragraph, flush with the left hand side and with a space after it, is the code to indent one paragraph of text as a block quote.

To add a live URL, "Text to display":http://windsofchange.net/ (no spaces between) will show up as Text to display. Always use this for links - otherwise you will screw up the columns on our main blog page.




Recent Comments
  • TM Lutas: Jobs' formula was simple enough. Passionately care about your users, read more
  • sabinesgreenp.myopenid.com: Just seeing the green community in action makes me confident read more
  • Glen Wishard: Jobs was on the losing end of competition many times, read more
  • Chris M: Thanks for the great post, Joe ... linked it on read more
  • Joe Katzman: Collect them all! Though the French would be upset about read more
  • Glen Wishard: Now all the Saudis need is a division's worth of read more
  • mark buehner: Its one thing to accept the Iranians as an ally read more
  • J Aguilar: Saudis were around here (Spain) a year ago trying the read more
  • Fred: Good point, brutality didn't work terribly well for the Russians read more
  • mark buehner: Certainly plausible but there are plenty of examples of that read more
  • Fred: They have no need to project power but have the read more
  • mark buehner: Good stuff here. The only caveat is that a nuclear read more
  • Ian C.: OK... Here's the problem. Perceived relevance. When it was 'Weapons read more
  • Marcus Vitruvius: Chris, If there were some way to do all these read more
  • Chris M: Marcus Vitruvius, I'm surprised by your comments. You're quite right, read more
The Winds Crew
Town Founder: Left-Hand Man: Other Winds Marshals
  • 'AMac', aka. Marshal Festus (AMac@...)
  • Robin "Straight Shooter" Burk
  • 'Cicero', aka. The Quiet Man (cicero@...)
  • David Blue (david.blue@...)
  • 'Lewy14', aka. Marshal Leroy (lewy14@...)
  • 'Nortius Maximus', aka. Big Tuna (nortius.maximus@...)
Other Regulars Semi-Active: Posting Affiliates Emeritus:
Winds Blogroll
Author Archives
Categories
Powered by Movable Type 4.23-en