Slashdot Mirror
Airbus A380 Under Fire
jose parinas writes "The security of the Airbus A380 jetliner is questioned by a U.S. Engineer that faces arrest and bankruptcy in Austria. A year ago, Mangan told European aviation authorities that he believed there were problems with a computer chip on the Airbus A380, the biggest and costliest commercial airliner ever built."
Except now the chip has to be recertified for aviation.
In effect, the article states it has already been modified and there was some sentiment that it really should be re-certified yet once again.
"You should always go to other people's funerals; otherwise, they won't come to yours." -- Yogi Berra
He lived & committed the crime in Vienna, how would your US law provide any protection ?
Try reading stuff, it usually helps.
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
If you care enough to RTFA, you will see the following line
Yet his employer ignored his concerns, he alleges, because fixing the glitches would be costly, could take up to a year and would further delay the A380's launch.(a year behind already)
Really strange reporting. For starters, they don't even get basic facts right, e.g. they report Airbus was "owned by Dutch and British companies", when in fact it is owned by EADS (80% share, French/German) + BAE (20%, British). They also keep calling it a problem between Airbus and Mangan, when the actual events (as per their own article) seem to only involve Mangan and his former employer, TTTech. Airbus doesn't seem to have any involvment in this.
Read the article again. This chip didn't "get through." According to the whistle blower, the company forged his signature on documents approving the chip. If true that means they knew about the problem and tried to cover it up.
I'm not positive this is his blog (it looks more like a static web page) but it does have a ton of information on the subject:
http://www.eaawatch.net/index.html
"Eve of Destruction", it's not just for old hippies anymore...
A slow decompression is even more dangerous than an explosive one because hypoxia can sneak up on anyone without them realising it. It takes a very special person to recognise the symptoms of hypoxia when they're not looking for them specifically.
RTFA! It says that both Airbus AND Boeing are going to be useing this new chip. It seems like people go out of their way to trash stories, when they have no idea what there talking about.
Chances are any disscution on Slashdot will degrade into a flamewar about ID/Christianity within 14 posts.
I agree. However, there are other systems in the aircraft that detect the low pressure, and THESE cause additional alerts, plus the oxygen systems to activate.
In addition, a slow 'leak' gives the pilots great time for an emergency descent. Give me a slow leak over a fast one anyday.
Sorry, that's incorrect.
What you're talking about here is Air France Flight 296. There's a full description on the link, but the short version is that the pilot tried to throttle up because the plane was too low, and the fly-by-wire system overrode him due to a fault. Nothing to do with the autopilot at all --- autopilot landings are quite common these days.
(There's also been a lot of controversy about that accident, because there are a number of irregularities with the investigation indicating that the evidence has been tampered with. Check out this link for more information.)
(Oh, yes; only three people died, although about 50 were injured.)
You are way off on what pilots use autopilot for. On most commercial flights these days the pilot rarely touches the yoke after takeoff. He enters all headings, altitudes, speed and vertical speed settings into the autopilot and the computer takes care of it for him. In my plane I can enter my entire flight plan into the computer before taking off, engage the autopilot at 500 feet off the ground and not touch anything except the radio until the computer has me lined up for a landing at the destination airport.
1. There are already multiple possible failures that could cause a depressurization (cabin window failure, door failure, engine rotor burst, crew error, etc). The design requirements call for systems to alert the crew if the cabin altitude exceeds normal values, and there must be oxygen masks that they can don within 5 seconds. The operational requirements call for the crews to be properly trained in the use of these masks, etc. So even if this chip has a problem, it doesn't necessarily create a new safety issue. Of course, the problem, if it exists, should be corrected.
2. Some business jet aircraft do have an autopilot mode that will automatically descend the aircraft if the cabin altitude exceeds a certain value (several Cessna Citation models, some Gulfstream models, latest Bombardier Global Express, etc). These aircraft often cruise at altitudes up to 51,000 ft, which is quite a bit higher than the maximum altitude for the A380 (apparently 43,000 ft, but typical cruise altitudes will be lower than that). The smaller cabin volume of the business jets mean the cabin depressurizes much quicker, given a similar failure.
Kevin Horton
but the short version is that the pilot tried to throttle up because the plane was too low, and the fly-by-wire system overrode him due to a fault.
If there was a fault anywhere it was in the engine. The pilot claims it didn't spool up fast enough, it may have suffered a stall. The official accident report concluded he simply applied throttle way too later (some conspiracy theories say the FDR was hacked by 3s to make it look like he left it too late). That said, even if that claim of the captain's was true he still furked in several other ways, which led him to be flying 30ft off a runway, when he had intended to be at 100ft (and he would never have hit those trees then..).
Ie, it was definitely compound pilot error (as is often the case), and possibly a (what should have been) problem with an engine. "Computer overrides pilot and flies into trees!" is catchier though, but simply not true - no matter how many times people repeat it.
I use Friend/Foe + mod-point modifiers as a karma/reputation system.
Also, don't forget that the cockpit oxygen masks drop down before the main cabin
Cockpit masks don't "drop down" - They're a far more robust (and bulky) construction than the el-cheapo plastic cup+bag things the passenger cabin has, and anyway the space above the pilots tends to be occupied by switch gear and breakers. They're stowed within easy reach of each pilot (to the side, under the seat).
- the cockpit pressure sensor is pegged at a higher level, so that if there is a slow leak, the pilots can don their masks early and do a more controlled descent.
Lower level surely you mean (be it in terms of altitude or barometric pressure). I'll have to ask to find out if this is true, it doesn't ring true at all with me though.
modern aircraft are fitted with ground avoidance radar (what causes the 'whoop-whoop, pull up!' scenario).
The radio altimeter you mean? The one which provides highly accurate relative readings, but only when you're reasonably close to the ground (ie within 1 or 2k feet)? I've never heard it called "ground avoidance radar"...
But, as for the plane landing itself... well, we're still a fair way off with that one. Airports have to be equipeed with differential GPS beacons that allow the plane to determine its position down to about half a metre.
Ok, now I know you're definitely not a pilot but a troll. If you were a pilot you would know that ILS and auto-land systems have existed since at least the 1960's which can guide an aeroplane to within 50ft or so of the runway and that more recent ILS (since the 80s or so? i don't quite know, maybe before then) can bring the aeroplane to 0ft. You'd also know that ILS uses two polarised planes of radio waves - GPS doesn't come into it at all.
You, sir, are a troll. Mods: please undo parent's "interesting" moderation.
(FWIW, my father *really* is a retired commercial aviation pilot).
I use Friend/Foe + mod-point modifiers as a karma/reputation system.
- Finding the problem is sporting.
- From there, you then have the programmer(s) test it and make sure that there are no more issues.
- Once that has passed, then you have the test group re-design a set of new tests and test them as well.
- Once there, an internal auditor goes over your work.
- From there, an Airbus auditor goes over said work.
- Then an EU FAA-equivilence auditor.
- Then an American FAA auditor.
Just that little bit of a fix, takes no less than 9 months (normally closer to 1.5 years). Delaying the A380 will cause serious issues right now. In fact, there are probably performance clauses penalties associated with this that would probably sink TTTech (hence the reason why they want to cheat).BTW, if you wish to argue with me over this (and some idiot will ), I currently do the coding of the test for the data AND APIs of an american unit that be in the cockpit of the A-380 (and other aircrafts). I have found out that getting this level C cert. has been very sporting.
I prefer the "u" in honour as it seems to be missing these days.
Mangan's blog has significant details. It makes quite a bit of sense if this guy, has more integrity than your average person. He's a super smart guy apparently, and he's probably right, firing him was probably not a good idea. Who wouldn't be miffed, and want to restore their good name? For the Austrian company, I'm betting they don't have the time to improve the design, or fix it properly.
I've read the various articles in the LA Times and WSJ, and his blog, and my take is he is an engineer, and he's not going to let politics and bureaucrats cover this flawed design. Any whistleblower faces this - it's what sets them apart from the average person.
The articles are very interesting, he was testing the system and found flaws not only in the functionality but the system design (not redundant). Seems there's politics and big money involved.
I sat in on an ethics class, directed towards engineers, at Stanford once, forgot the name of the class, but the professor posed the question - if you, as an engineer on a major project (whether it be designing a new drug or a spaceship), and discovered an issue, what would you do? Now perhaps the dishonest person, rushing to finish the project and look good, would move on. The average person would write an e-mail perhaps, and then if nothing was done, perhaps at most quit their job. And if you're fired? Anyway, interesting class.
This is a question of a $500 vs $50 part in a plane that costs a couple hundred million. I would be quite amazed that any company in the modern litigious world would forge a signature to get a part as critical to safety as this one passed when knowing that the part was sketchy.
Airbus didn't forge his signature, that would be the company who makes the $50 part.
In Soviet America the banks rob you!
we're not talking about Airbus forging someones signature so they don't have to spend a few extra bucks on a plane worth millions... we're talking about a manufacturer who forged someones signature so they wouldn't lose out on sales of their $50 part.
Help me take back Slashdot. When did 'News for Nerds' become 'FUD and Conspiracy Theories for Extremist Nutjobs'?
This does not look like a Boeing PR move. This looks like a honest-to-goodness engineer sticking to his ethics.
...
...
From the article:
"Unlike U.S. laws that shield whistle-blowers from corporate retaliation, Austrian laws offer no such protection. Last year an Austrian judge imposed an unusual gag order on Mangan, seeking to stop him from talking about the case.
Mangan posted details about the case anyway in his own Internet blog. The Austrian court fined him $185,000 for violating the injunction.
To help pay living expenses and legal fees, Mangan sold his house in Kansas. With only about $300 left in his bank account, Mangan missed a Sept. 8 deadline to pay his $185,000 fine and faces up to a year in jail. Next month he's likely to be called before a judge on his criminal case.
The family expected to be evicted this month from their apartment, but their church in Vienna took up a collection to pay their rent.
TTTech has offered to drop its legal action against Mangan, court records show, and pay him three months of severance, if he retracts his statements. But Mangan has refused.
Mangan said he was looking for a new job. He has contacted dozens of aerospace firms in the U.S. and Europe, but none have returned his calls. "Nobody wants to touch me," he said."
The pilot had made a slow pass over the field, and when he tried to pull the plane up, the computer overrode his commands thinking he was trying to land, and that is why they crashed into the forest.
While there some conspiracy theories, as with many catastrophes, the generally accepted story differs very substantially from the above.
The aircraft was flown at maximum angle of attack (AOA) at about 30-35 ft above the runway during an air show, with passengers on board. The pilot disconnected the autothrottle system, as its "alpha-floor" system would have automatically increased the engine thrust, preventing him from slowing the aircraft as much as he wanted. The aircraft eventually ended up at about 30-35 ft above the runway, with the engines at idle, and at the maximum allowable AOA.
The co-pilot noted that the obstacles ahead were higher than the aircraft, alerted the pilot, who pushed the thrust levers (i.e. throttles) ahead, and pulled back on the controls. The flight control system did not allow the pilot to raise the aircraft's nose, as that would have required increasing the angle of attack, and the wing would have stalled. The only way out of the hole he dug was to get more thrust. The faster you go at a given AOA, the more lift the wing produces. The fact that lift is now greater than the weight means the flight path starts to curve upwards, and the nose rises, even at the same AOA. But, it takes about 7 seconds for a modern high-bypass ratio turbofan engine to accelerate from idle to full thrust (the regulations allow 8 seconds), and they hit the trees 5 seconds after he pushed the thrust levers forward.
The flight control system's AOA limiting function prevented a much more serious accident, as if the wing had stalled the aircraft would have went out of control. As it was, it hit the trees in controlled flight, and only three people died.
After that, an emergency pilot override was placed in AirBus jets.
There is no emergency override in the Airbus jets. The pilot can manually turn off enough flight control computers to put the flight controls in Direct Law, where there are no longer any artificial limits on what he can do, but this would not have prevented this accident. He would have crashed much earlier in the sequence if he had tried to do the same thing in Direct Law.
The Boeing 777 can takeoff and land automatically.
The Boeing 777 cannot takeoff automatically. It can land automatically, as can all the other modern large airliners, including Airbus A320, A330 and A340.
Kevin Horton
- Water in brake cylinder back end froze up. Cylinder lacked weep hole.
- Brake electronics had two identical systems running in parallel.
- If you pressed one of the brake system buttons for more than 10 msec, but less than 20 msec, one computer might see the keypress, the other might not. Never tested for.
- Brake system uber-boss hardware checks for differences between two computers.
- If it finds a difference, it turns off the secondary computer, WITHOUT SNOOPING AROUND to see if in fact it was the secondary computer that was getting off-track.
- Said turning off is not signaled to the pilots in any obvious way.
- Even if the pilot notices, by flipping to a obscure status-page, that the secondary braking system has been downed, pressing the RESET button doesnt actually reset much of anything.
- Airbus encourages pilots to use auto-braking mode, which supposedly gives a steady 0.3G's of decelleartion.
- If auto-braking doesnt seem to give 0.3G's, some TILT lights go on, but the braking system doesnt try using the suspect bad system, even after the other system is now known to be bad.
I could go on, but I think you see the basic drift here. Not a clue among the designers, testers, or managers.Similar totally foobared design blew up the $400M Ariane rocket. Similarly foobared design for the Airbus flight control computer: lessee-- Pilot is pulling very hard on the stick, should we do what he says or drill a big hole in the ground? Hmmmmmm.....
Full report URL's I can find if anybody is interested.