The Quantas A330 uncommanded dive from FL37 which propelled dozens of unrestrained passengers into the overhead three years ago has been blamed on a computer glitch and the various press releases are stressing the overall reliability of the sensors and the fly by wire computer system. Yes, its a rare event but the computer code that allowed action based on inputs from one of three sensors without doing any data validation first was an unacceptable programming error. The malfunctioning sensor's data should be compared with immediately prior values and with values from other sensors before being acted upon. And a prior warning to the cockpit of sensor disagreement should be sent. Its truly rare, but it happens and a computer that automatically accepts and acts upon such errors is not safe. All those millions of miles flown and thousands of hours of operation without incident were lucky, but not safe.
The algorithm compared two angle-of-attack indicators. If the readings were close, it averaged the two values and declared that the value to be passed on to further flight control systems. If the two values differed greatly the algorithm did not enter into any evaluation mode to determine reliability or data quality it simply discarded each angle of attack indicator's data and defaulted to the angle of attack determination that had been made 1.2 seconds previously. Unfortunately one of the two angle of attack indicators starting releasing spurious values every 1.2 seconds and the algorithm defaulted to erroneous values that made the flight control computer think the plane was at a very high angle of attack and that a stall would take place if the nose were not lowered immediately.
The pilots were not able to counteract the error since the fly by wire system over rides any pilot input that is unsafe.
Showing posts with label Complex Systems. Show all posts
Showing posts with label Complex Systems. Show all posts
Tuesday, December 20, 2011
Friday, October 14, 2011
AF447 Transcript and Pilot Error orientation...
Its well known that the French investigation is focused on avoiding any allocation of blame. With all the inter-linkages between Airbus, Air France and the French government it is clear that the BEA is actually investigating the French government. The level of disclosure tolerated by the French is abysmally low in comparison to what the NTSB would be revealing.
The above paragraph from an earlier posting on this blog is being repeated in response to some inquiries I've had regarding the recent publication of more complete transcripts in a book that focuses clearly on pilot error and pilot standards.
The French view is that only pertinent conversations get published. The American view is that everything, including the final expletives, get published. It is a question of openness and a dedication to seeing that absolutely nothing is to prevent the deaths that have taken place from being deaths that contribute to future air safety.
There are serious issues as to whether the initial climb was the result of pilot commanded inputs or not. The book fails to address this issue. The fact that irrelevant conversations were taking place is meaningless. The plane was not at an altitude where rules impose a "sterile cockpit" devoid of non-pertinent conversations or activities.
The pilots were suddenly confronted with a situation where the computer suddenly said "your plane". As young pilots with an instructor beside them they've heard that phrase a zillion times but suddenly they are "hearing" it without warning and they are no longer in some small two-seated training aircraft. The computer gave up when limits were exceeded and dumped them into alternate law amidst a flurry of warning messages and loss of instruments coupled with loss of any sense that remaining instruments were or even might be reliable. Its pure hell when a complex system cuts out.
Other, non fatal, incidents indicate a serious likelihood that that initial climb of a few thousand feet was not selected by pilot initiated control inputs. After that the cascade of events proceeds with confusion and unreliable information. The start of the fatal event was that initial climb. Blame the pilots for it? Not yet!!!
The above paragraph from an earlier posting on this blog is being repeated in response to some inquiries I've had regarding the recent publication of more complete transcripts in a book that focuses clearly on pilot error and pilot standards.
The French view is that only pertinent conversations get published. The American view is that everything, including the final expletives, get published. It is a question of openness and a dedication to seeing that absolutely nothing is to prevent the deaths that have taken place from being deaths that contribute to future air safety.
There are serious issues as to whether the initial climb was the result of pilot commanded inputs or not. The book fails to address this issue. The fact that irrelevant conversations were taking place is meaningless. The plane was not at an altitude where rules impose a "sterile cockpit" devoid of non-pertinent conversations or activities.
The pilots were suddenly confronted with a situation where the computer suddenly said "your plane". As young pilots with an instructor beside them they've heard that phrase a zillion times but suddenly they are "hearing" it without warning and they are no longer in some small two-seated training aircraft. The computer gave up when limits were exceeded and dumped them into alternate law amidst a flurry of warning messages and loss of instruments coupled with loss of any sense that remaining instruments were or even might be reliable. Its pure hell when a complex system cuts out.
Other, non fatal, incidents indicate a serious likelihood that that initial climb of a few thousand feet was not selected by pilot initiated control inputs. After that the cascade of events proceeds with confusion and unreliable information. The start of the fatal event was that initial climb. Blame the pilots for it? Not yet!!!
Tuesday, April 26, 2011
When gadgets betray us?
A New Zealand chain of no-frills supermarkets had its computer turn on the lights and unlock the doors of one of its stores at the normal opening time of 8:00am on Good Friday, a holiday on which there were no employees present. Apparently someone called the police at 9:20am reporting that truckloads of groceries were being removed but several shoppers simply went to the self-scan checkout lane and proceeded in a normal fashion until one shopper happened to scan alcohol and the scanner automatically stopped functioning while it awaited managerial confirmation of the purchaser's age. It appears that some shoppers who entered the store simply left when they realized something was amiss. Apparently there were those who took advantage of the situation though and prompted the calls to the police. Police in New Zealand are of course not armed but had no trouble dealing with the situation and the store's manager intends to take no action during a period of time in which he trusts the various shoppers will voluntarily do the right thing by coming in and paying for their groceries now that the store is open and properly staffed.
Subscribe to:
Comments (Atom)