Slashdot Mirror
Airbus Plans to Expand Cockpit Automation
Carl Bialik from WSJ writes "Airbus plans computerized systems that could automatically maneuver jetliners to avoid midair collisions, without pilot input, the Wall Street Journal reports. From the article: 'For the first time, flight crews of Airbus planes will be instructed and trained to rely on autopilots in most cases to escape an impending crash with another airborne aircraft. Currently, all commercial pilots are required to instantly disconnect the autopilot when they get an alert of such an emergency, and manually put their plane into a climb or descent to avoid the other aircraft. The change, which hasn't been announced yet, comes after lengthy internal Airbus debates and despite skepticism from pilot groups and even some aircraft-equipment suppliers.'"
Most people today would probably refuse to board a plane that flies without a human pilot, yet the development is inevitable. It will just take time.
The owls are not what they seem
After all the crash of one of the first fly by wire A320 aircraft at a French air show in 1998 there were numerous questions raised about the suitability of its control software. The investigation claimed pilot error but there is considerable evidence that the data in the flight recorders was falsified. The thought of a pilot being advised to leave it to software is very worrying.
The flight computer wasn't downing vodka martinis in the bar before it got on the plane. I don't have a problem with this, but some of my friends who are pilots probably will.
It's good to use your head, but not as a battering ram.
The downside of this faith in technology soon becomes apparent, however. The following five examples graphically illustrate this.
a. When my brother was assigned captain to the then newly introduced Airbus A 310 - a plane which in the 1980s was considered a high-tech aircraft but today already appears antiquated - he told me about an incident that gave me pause: During the last stage of the final approach, a bolt of lightning struck the nose of the aircraft, damaging the plane's electronic equipment in the process. The confused on-board computer still had a suggestion to make, however, and flashed it on the screen: "Shut down engines."
Now no sensible pilot in the world would do that during this stage of flight, so "Colleague Computer's" suggestion was ignored. The incident itself makes one stop and think, however: Isn't there the danger that at some point in the future the on-board computer will not merely make a suggestion but go ahead and take action itself? Isn't there perhaps even a danger that one day, in keeping with the new philosophy I mentioned earlier, the pilot will only be able to intervene to the extent permitted by the computer? No matter how enthusiastically one may basically embrace technical progress, anyone who has retained any critical perspective at all will find it impossible to answer this question with an unequivocal "no". The following additional examples make it clear that a healthy dose of scepticism is by no means unwarranted.
b. On 26 June 1988, a brand-new Air France A 320 that was participating in an air show crashed in a wooded area in the Alsatian town of Habsheim near Mulhouse while performing an extremely low altitude fly by. When the pilot reached the end of the runway and wanted to power up the engines from minimum thrust to the thrust required for climb, the aircraft failed to react to his signal to commence the climb: Since the plane had been flying over the airfield at minimum speed (VLs) on the verge of a stall, the on-board computer refused to obey the command to lift the nose, for if the low thrust had remained unchanged, lifting the nose would have caused the plane to stall and then crash. The plane had not yet attained the higher speed necessary to avert a stall, however, because a jet engine needs several seconds to accelerate. Thus the A 320, controlled by computer logic and unresponsive to the pilot's will, flew into the adjoining woods.
c. On 14 September 1993, a Lufthansa A 320 crashed in Warsaw while landing on a wet runway in the rain. Due to the strong crosswind, the pilot tilted the plane slightly to the right just before touchdown; it thus touched down first on the right main landing gear and then on the left. As a consequence of the A 320's construction at the time, the spoilers (which changes the airflow round the wings, modifying the lift and thus bringing the plane down to the ground) did not work because the main landing gear on both sides were not fully weighted and the wheels - due in no small part to the aquaplaning effect - were not turning at the programmed speed. In short: According to the logic of the computer, the plane had not yet landed but was still turning. Thus the spoilers, which would create a braking effect, were not to be activated. At that time neither the thrust reversers nor the spoilers of an Airbus A 320 - in contrast to a Boeing 737, for instance - could be manually activated. As a result, the aircraft - braked too slowly and too late - raced towards the end of the runway. The human being (pilot) was helpless.
As if that were not enough, the on-board computer did one more thing: The pilot could not fully activate the thrust reversers to brake the plane because the engine performance had been reduced to a maximum of 71 percent of full reverse thrust in order to protect the engines. A captain friend of mine remarked: "That would not have happened with my B 737."
Conclusion: "The pilot, who in a crisis decides against protecting the engine
Infiltrated dot Net
I'd be very skeptical this program given the history Airbus aircraft have had with their control systems and their general managerial attitudes for safety.
For instance, the crash of Flight 587, an Airbus A300 in November 2001 was caused by a "delamination" of the vertical stabilizer's composite structure - moisture got in between the layers of composite material and caused them to pull apart. Subsequent inspections found other aircraft with signs of vertical stabilizer delamination. The Canadian Transportation Safety Board has recommended detailed checks of Airbus A3000 rudder assemblies because of the issue.
The problem is that manual inspections can't always reveal signs of delamination - it often requires ultrasound inspection - something Airbus has refused to support, and there has even been accusations that Airbus has tried to inappropriately lobby the NTSB against such a recommendation.
Airbus' overreliance on technology and dysfunctional managerial culture continues to put passengers at risk - and this new automated system ensures that the pilot has even less control than he or she did before. Trusting that system to do the right thing in a crisis is always a risky proposition - trusting a manufacturer with such a generally shoddy attitude towards safety makes it even riskier.
why don't they write some software to handle crisis management for the company ... like what the company should do if all their new planes are found to have some serious flaw ... just leave the company directors out of the decision ...
... which involves many human lives and is more important than the corporate well being of airbus!
when they do that, then perhaps we can consider trusting the computer to do crisis management of planes
f3773t
Currently, all commercial pilots are required to instantly disconnect the autopilot when they get an alert of such an emergency
This is just outright not true.
While it IS true that a pilot is required to obey a traffic resolution solution provided by a TCAS system (Traffic Collision Avoidance System), he's by no means required to disconnect the autopilot before doing so. In an emergency (and a TCAS yelp is an emergency), you just grab the controls and do what you have to. The autopilot will either a) disengage on its own or b) live with your control inputs.
The Airbus may be special since the newer ones are all fly-by-wire, meaning the pilot's inputs go to a computer that then decides what control surfaces to move. It may very well be that on the fly-by-wire stuff the autopilot overrides the pilot, but that's downright scary. I've seen autopilots happily chase a wandering VOR needle due to some sort of course roughness that a pilot would just simply ignore.
I'm all for cockpit automation as it makes flying significantly safer, but taking the pilot more and more out of the equation frightens me in some ways... equipment isn't 100% reliable, even when triply redundant, and the automation isn't always right. Every pilot that's spent any significant amount of time with glass panels has at least once scratched his head and asked, "why the hell did it do that?"
All opinions presented here aren't mine.
To put it a little more verbosely than the other posters.
A system to avoid mid-air collisiosn exists. It's called TCAS, and it works well. But when TCAS issues a Resolution Advisor (aka a loud voice in the cockpit booming "CLIMB CLIMB" or "DIVE DIVE"), it means that Air Traffic Control has already failed to do its job, and, given the refresh rates of ATC radar, ATC isn't likely to be of much help any more. In such a case, you have two pieces of information:
A) ATC has failed.
B) You better do what the box says, or you something bad will happen.
In this case, the failsafe triggered, one crew did what the box told them to do (DIVE); the other followed ATC and ignored the box.
When a system fails, and the backup kicks in, you follow the backup.
Yes, there are problems with the Boeing philosophy: pilots make plenty of mistakes. But there are serious concerns with Airbus. Getting code to perform flawlessly isn't cheap, nor does it happen (as an Airbus that came darn close to running out of fuel over The Netherlands proved a few months ago); in addition, every airliner has interface problems, and a great number of accidents in both Boeing and Airbus involve the crew not understanding what the aircraft is saying. Airbus adds in the bonus of the aircraft not understanding what the crew is trying to do (A300 crash in Nagoya was it?), and in the mix, automates enough procedures to cause a real mess when then automation fails/cannot be used (a rainy missed approach over the Baltic Sea, perhaps).
And all that comes down to liability. Pilot error settlements may not be cheap, but the manufacturer isn't liable to the same degree as a software design flaw.
We will have too trust our lives more and more too machines, we already do it in hospitals...
Aircraft have been overriding pilots' intentions for years in specific instances. Computers can process and act faster than humans can to a situation that can be fatal in a matter of seconds. For instance, flight computers have *instantly* taken control of an aircraft that is either taking off or landing and it hits a wind shear. Those couple of seconds when a pilot's brain is trying to figure out what the hell just happened could easily be fatal that close to the ground. I know at least a couple models have this on them, people just don't realize it.
This has been around for more than eight years. This is only news because they are expanding its abilities.
On a side note, there was an article in The Wall Street Journal today about software glitches on aircraft. It focuses on a 777, but also alludes to some Airbus problems. Basically, the 777 flight software sent the computer conflicting data which sent it on a rollercoaster type ride, pushing it almost to stall. Airbus has been having a few problems with the onboard computers completely shutting down all the cockpit instruments/lighting/displays except one. Fun times!
-- toolie
How about implementing international standards for collision avoidance similar to what exists in the marine world, e.g., if one aircraft is overtaking another, the one overtaking vectors starboard (that's right), the one being overtaken vectors port (that's left). If approaching head-on, both vector starboard, if approaching at right/oblique angles, the one to starboard descends (if altitude and terrain allows) and the one to port ascends. Seems simple to me.
Actually, this is how the rules are currently. Generally, you alter course to the right to avoid other aircraft. This avoids one pilot altering to the left while the other alters to the right, putting you right back on a collision course.
Of course, in practice, this doesn't always work and some common sense is involved: if going to the left is the safer option, that's what you should do. For instance, when approaching a terminal area and you know the pilot ahead will have to turn to the right shortly for an approach, pattern, checkpoint, etc.
Of course, the ideal solution is to stick to your flight plan when flying IFR, keeping your eyes open when flying VFR and when flying VFR stay within VFR conditions, keeping your eyes open all the while, and fly conservatively. But no, that would be too sensible and would not earn lawyers (no legislation required) and avionics manufacturers enough money (no having to retrofit needless systems into aircraft and recertify them).
I have no idea what you're getting at here. There's no mass conspiracy in this regard.
You're again describing exactly how it works now: while in VFR conditions, even while on an IFR flight plan, the pilot is responsible for seeing and avoiding other aircraft. In addition, generally, commercial carriers are required to be on an IFR flight plan or clearance at all times.
This works most of the time, but the additional safety net is ATC monitoring all participating aircraft (not all aircraft have to talk to ATC) and separating IFR from other IFR and IFR from other participating VFR.
TCAS came about to solve a couple of problems: a) ATC is human and makes mistakes and when you have 400 lives on the line, a backup system is a good idea and b) when flying long distance overwater, you're not talking to ATC for a good chunk of your flight time.
All opinions presented here aren't mine.
There is only one way to insure that mission-critical software is 100% reliable: Abandon the 150-year old algorithmic software model (the Turing Computing model) and embrace the non-algorithmic, signal-based, synchronous software model (the behavioral computing model). Don't say you weren't warned, Airbus, Lockheed, Boeing, NASA, FAA, etc... The internet does not forget. ahahaha...
You seem to know more about aviation than I do, so I'm not going to dispute you when you say the pilot is a safer bet than the system. However, I do think that we will eventually reach a point where the failure rate of an automated system is lower than the rate of human error -- a point when routing the decision making of some problems through the pilot actually increases the rate of an error. And I don't think this is too far into the future.
The progression to this as follows:
Instrument planes that are still human-flown with an order of magnitude more sensors than they currently have. Have backups for them (pressure, GPS, and dead-reckoning altitimeters, etc.) Record tons of flight data. Then what you do is add prototypical "auto-pilot" systems that are supposed to deal with imperfect inputs. Have the auto-pilot make decisions during the flight plan that don't actually translate into flight manuvers. Then you can analyze it on the ground to see how the real flight and the simulated flight match up... see what new kinds of logic and detection and resolution algorithms need to be added to the programming. Rinse, repeat. Eventually you should have an autopilot that makes all the "right" decisions even when weird stuff happens in the air, and you can verify that after the fact.
Then you let the autopilot fly, with human pilots for failsafe. Try that for a few years.
Eventually once you get enough flight hours you should feel reasonably confident the auto-pilot system has enough internal redundancy and "experience" that it bests most actual pilots. Its a time consuming, iterative process. But it can have enormous potential.
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
Unfortunately, that programmer is tasked by his employer (the aircraft manufacturer/airlines[indirectly]) with the duty to do whatever it takes to save the aircraft in any situation. It's just a bonus if there is no loss of life in the process. This 'laissez faire' attitude doesn't take into account the 'edge conditions' mentioned in the parent post where the software doesn't know what to do. This is just a logical outgrowth of the 'Life Is Cheap But Toilet Paper Is Expensive' mentality of big busines.
At this rate, they should give pilots a manual override switch to turn off the flight computer's higher brain functions or just scrap all computerized avionics alltogether and go back to the seat-of-your-pants, fly-by-wire days.... =/
This situation also reminds me of a Werner Von Braun quote:
Wow! Insightful an disparging at the same time!
Perhaps this is ultimately (in a way) the mantra of big business. It seems that way due to their past behavior--the most noteworthy of that seems to be the collapse of Enron.
Except that the A300 is not a fly-by-wire design.