Slashdot Mirror
Failed Avionics a Possible Cause of BA038 Crash
Muhammar writes "As you may have heard by now, both engines of the Boeing 777 aircraft flight BA038 suddenly cut off without warning at very low altitude and low speed during autopilot-assisted landing at Heathrow. A prompt reaction of the pilots prevented the stall and saved all lives aboard. The crash landing short of the runway tore off the landing gear on impact, and the fuselage plowed a long, deep gouge in the grass. With the investigation ongoing, the available information points to an electronic control problem as the most likely cause of the sudden engine power loss."
If it is a software problem, then expect more public scrutiny of software based machinery. Especially after the US Senate vs UK debacle over the source code for the new joint-combat fighter.
My little Linux and tech blog
I'm sure the CIA will make "unofficial" statements shortly saying that they have credible evidence that it was Iranian terrists behind the whole thing.
This guy's the limit!
A bit of FUD here I think - unless I read TFA wrong, the entire thing is under investigation and no one is saying anything for at least a month. The autopilot apparently sensed the need for more thrust and warned the pilots of this. It might be premature to say that a software problem is the likely cause of failure...
"As the intrepid kobold companion continues his journey, he begins to wonder... if priests raises dead, why anybody die?
They actually have a decent excuse for lost luggage for once.
If you haven't made a developer cry, you've wasted a day.
The pilots then manually increased throttle - to no avail.
For both engines to malfunction like this at the same time greatly seems to point to a fuel delivery problem.
This does not necessarily mean "running out of gas" - as a plane like this has multiple tanks, valves and pumps, all of which can be configured multiple different ways - which change during the flight.
A simplistic example: they could have been running both engines off one tank - which went dry - though another was full - or both engines were being fed from a common fuel pump which failed, etc. These things *shouldn't* happen - but the investigation will tell...
"It might be premature to say that a software problem is the likely cause of failure..."
Unless it was running on an OS like Windows for Aircraft, "now with fewer crashes".
Yes, I know it's all custom designed. But thinking about the infamous Windows for Warships I couldn't resist
"It is a greater offense to steal men's labor, than their clothes"
Now we're all going to be forced to re-learn Ada!
What I've read is that the pilots observed a relatively gradual loss of power symmetrically on both engines. This tells me that I can rule out engine problems with FADEC and fuel. It all points to the auto-throttle. Autopilot tells where it wants the plane to go and autothrottle calculates how much throttle is needed. It then commands both engines FADECs via the bus system which is doubly redundant. What I'm thinking is that auto-throttle is supposed to be backed up, bypassed by a manual direct control to the engine FADECs from the cockpit throttle control?
Any B777 avionics mechanics around - I only know military jets...
www.tribalnetworks.org - helping tribal people around the world to own their own means of high-tech communications
>> A prompt reaction of the pilots prevented the stall and saved all lives aboard. If the stall was prevented and therefore never happened and never existed, what stall was there to be prevented?
I've read several summaries, such as this one, which state that the pilots did something to save the lives of the passengers. But I've never read a news article that provides the information that supports this claim. I'd like to read about what the pilots did to save the situation. Can anyone point out a news article that is actually coherent, and tells more than how many 777s are in service around the world?
Let's just wait for the official forensics rather than patched together rumours shall we?
AT&ROFLMAO
let's remember purely mechanical systems fail too, and more often than modern electronic controls
It's uncanny how they made the flight control system sound just like my wife.
As Coward stared at the controls, the autothrottle demanded more thrust.That's a feature that is sadly lacking, though.
Show me on the doll where his noodly appendage touched you.
Maybe programmers would get more respect if we wore snappy uniforms like pilots?
The summary is completely wrong.
Current thinking is that the engines switched into reverse, not cut out. Hence the louder than normal engine noise passengers and spectators heard. This happens usually in the very last stages of landing to assist with slowing. 2 miles out and at 200mph this isnt supposed to happen.
The pilots did not "Prevent a stall" the engines were either dead or in reverse, meaning the best the pilots could to was try to glide the plane in.
The landing gear was not torn off on impact but about half way into the "touchdown".
There, fixed that for ya.
If something like this happens only once every 12 years, instead of engines and propellers coming off every couple of months like on the DC-4s and Connies, then I should accept the fact that these new fangled machines are pretty damn good. But note that the triple 7 has had some incidences with its electrical systems that didn't make the papers. I believe only the Concorde has a better record, and that without fly-by-wire, but at the very high cost of very vigilant maintenance requirements.
What?
the importance of having a human on board watching over the machinery. If this was a pilotless drone, it surely would have crashed, killing all on board.
What?
There is little to no point in uninformed speculation.
The facts that we know so far are those in the interim AAIB report.
The AAIB will publish their full report in due course, at which point we can expect to know what happened.
That's it, basically.
It's still a bit early to jump to conclusions, but from now on I think I'll feel safer in planes that have not done away with the cables for transmission, and substituted them with an all-electronic control. If the software fails, I want the pilot to be able to _pull_ at the thing and have a nice physical path to the flaps, instead of an disconnected joystick.
Rome taught me patience and assiduous application to detail. Virtues which temper the boldness of great, general views.
Given that the plane is heavily instrumented, available, and didn't burn, this should be a simpler case to examine. Hopefully, a lot can be learned. At least more than if it crashed and burned in a jungle, or into the ocean.
I think your skepticism about such things is justified. After the recent crash in Brazil, it seemed to me that by far the biggest and strongest response was that officials tried to manipulate public thinking. (Click on "more" under "About This Video".)
In that case, it was difficult to control perceptions because too many people knew that the runway had just been re-surfaced, and had been put back in service before the non-skid grooves had been cut.
Too often, the "news" is not an honest attempt to understand and communicate the truth. I hope U.S. taxpayers will think about that as those with power in the U.S. government, who have investments in oil and weapons, try to involve the bankrupt U.S. government in a war with Iran. What are the facts? Maybe the average person has no way of knowing.
I follow several aviation forums regularly and this has obviously been the number one topic since it happened and thought I should share some interesting findings:
A report of an earlier software problem with the 777.
The interesting part:
"a second accelerometer then failing and the latent software anomaly allowing
the ADIRU to once more utilise the previously failed accelerometer
information with its high output values in its computations, resulting in
erroneous acceleration outputs into the flight control outputs but not the
navigation (ground speed, velocity, position, etc.) outputs."
Of the two current theories - i.e. a sotfware issue or contaminated fuel - I'm more inclined to believe a software issue since as a precaution during landing both engines use separate fuel tanks and pumps without crossfeeding and it would be quite a coincidence if two such independent systems failed at the same time. An analysis of the fuel filters will probably reveal a lot. If it indeed turns out to be the computer that failed, it will be somewhat ironic that the first* such accident involves a Boeing even though many have considered the higher degree of automation Airbus scary.
*) Neither the official investigation nor the conspiracy theory blames the computer for the A320 crash in Mulhouse-Habsheim but those who aren't familiar with the conspiracy theory immediately assume that the theory blames the computer since it was the first civilian fly-by-wire.
The problem was not computers. After extensive investigation, the authorities
have released what actually caused the accident. The evidence is clearly visible
in these pictures:
http://www.heathrowpictures.com/pictures/images/picturegallery_baw_b772_gymmm20.jpg
The cause for the engine problems is massive ingestion of dirt. The manuals clearly
specify that the engines need to be run on air, not dirt. Even small quantities
of dirt can cause loss of power.
Glad that's cleared up then.
I'l let the boys at the AAIB know about the cause - that'll save a shit load of time and money - and I'll have a word with Boeing and see if they know about this 'redundancy' thing of whuch you speak.
AT&ROFLMAO
Careful about running around and calling them heroes. If it was pilot error that caused this (pilot error causes >80% of plane crashes) then you won't be so quick to happily burble that they saved everyone. The initial reports seem to mostly have come from statements by the pilots that they lost power but - again, statistics and not a judgment on this case - pilots lie, too, and say things like "I lost power" rather than admitting, "I pulled back the throttle way too much, way too early, and the engines cut out, so I lost power".
I'd like to think they're heroes, sure; but the statistics warn otherwise.
Anyway, this entire subject should not have been greenlit because it's useless speculation.
There is serious redundancy on all FBW aircraft. Also, since the DC10, manufacturers try to ensure that controls and power is routed separately so that damage in one area will not remove all controls.
See my journal, I write things there
777 Autothrottle works by moving the throttle levers. What Autothrottle wants, it gets through a servo connected to the flight control in question. So, no, Autothrottle wasn't getting none neither.
So somewhere between both throttle levers, and the independent systems they run through and the thrust coming out of the engine something failed. The common elements that I can think of: A. The shared space in the cockpit of the throttle levers, B. symmetrically designed systems, C. identical fuel condition D. the air the engines flew through, and of course, E. the flight crew moving the levers. As of now, E. has been ruled out (since the Autothrottle had the same problem), barring something really weird (like spilling a coffee cup of 1M H2SO4 on the flight controls). A-D are all equally improbable at the moment.
Why don't you go fuck yourself?
Posting anon for obvious reasons.
:)
I work in the avionics industry and this was exactly my thought as well. These systems are becoming much more complex than you would expect embedded software to be. Several address spaces and over a dozen threads is fairly normal with most newer systems.
Typically the safety critical industry likes to tout itself as being better designed than other software because it conforms to various standards, particularly do178b. At their core, these standards basically say you need to have processes that everyone understands in place when you design your software and you need have documentation that shows you tested all the different elements of functionality. The testing may be fairly rigorous depending on who is doing it, but at the end of the day they arent doing much that microsoft/oracle/your favorite well known software vendor doesnt do. (although I am sure that many here beleive that ms doesnt test its software)
The first linked article is more-or-less gossip, and gives no reason to blame the avionics. Not to say that it wasn't, but we want some evidence. The second is a much more reasoned article, and gives a number of possibilities, including avionics but also a number of others, all of which is possible. My favourite is fuel contamination - but we shall see.
The simple "running out of fuel" hypothesis is very unlikely. All aircraft are supposed to carry reserves to divert to another airport (not far in this case) plus ninety minutes flying. While cheapo airlines might short-cut on this, I cannot imagine BA doing so. There is no indication that the aircraft had been "stacked" for any length of time, so it shoudl have landed with two hours worth of fuel on board. There have been cases of aircraft being misfueled, but on a regular run between two sophisticated endpoints, this seems unlikely.
Consciousness is an illusion caused by an excess of self consciousness.
No, I'm New Here
Otherwise, how else would it have been able to cope with the expansion of the airframe during flight? Ok, it was not FBW as we know it today but remember this was an aircfact designed in the early 1960's. It used LOTS of technology only ever used before in Military aircraft.
is a very brave man ...
Chance of that - pretty darn slim!
Should be very interesting to see what the 30-day report says. They recovered all of the FDR/CVR, so with all that data, I'm sure they have already re-run what happened in the simulator and could address most of the speculation. However, may be a bit more challenging to determine *why* it happened - i.e. assuming that *both* engines didn't spool up, why?
Hulk SMASH Celiac Disease
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
You've got a leg up on me if you learned it even once.
What sound do people on rollercoasters make? Hint: it's not Xbox 360.
.....that's right, idle speculation from Slashdot readers, sure to be right on the money and more likely to reveal the true cause than the trained, expert investigators!
Please post this at every /. article on aviation.
People, if you are so interested in aviation then get off the couch, take lessons and get some first hand experience. I know little airplanes are not completely the same as big airplanes, but you will be closer to some factual opinions.
Windows Vista Ultimate Sparkly Edition for Aircraft (TM). "Now with fewer crashes and makes your aircraft even shinier!".
Kickass Cheap Web Hosting
Much more likely is they ran out of fuel.
How many escape pods are there? "NONE,SIR!" You counted them? "TWICE, SIR!"
I just watched a CNN report on this crash and it was brought up that the FAA issued a notification that water could get into the electronics giving the same results that happened in this crash. You would think that the electronic systems would be better insulated for just such a problem.
I'm 63% sure the 777 was mentioned on UNIX-HATERS (I know, wrong crowd) back when it was in development. Something about the glass cockpit running on Unix and the FAA/etc. letting it pass certification with less testing than usual because of Unix's supposed proven track record. A good laugh was had by all (suddenly Amtrak's safety record looks appealing, etc.).
Yeah you may sneer, but things are different now that Unix only has Windows to compete against. Plus it's had another decade or so of development since then. Most of you are probably too young to remember how Unix was during its inexplicable rise -- everyone's sessions lock up at once, then the operator comes running into the terminal room and shouts "everybody stop typing! the keyboard buffers are full again!" And we sit at our Teleray 1061s and wait many minutes for the poor thing to stagger to its feet. And that's just bad I/O, the crashes were something else. See how much you'd want to ride in a Unix-controlled plane when *that's* your daily life.
Anyway I'm sure the true story won't be as simple as it being Unix's fault (if current 777s even run Unix), but I'll laugh my ass off if that's even 1% of it.
Each engine has its own separate EEC. Each EEC has full authority over engine operation. In the normal mode, the EEC sets thrust by controlling EPR based on thrust lever position. EPR is commanded by positioning the thrust levers either automatically with the autothrottles, or manually by the flight crew.
Engine flameout protection is provided for an auto-relight and rain/hail ingestion. The auto-relight function is activated whenever an engine is at or below idle with the FUEL CONTROL switch in RUN. When the EEC detects an engine flameout, the respective engine ignitors are activated.
Fuel is supplied by fuel pumps located in the fuel tanks. The fuel flows through a spar fuel valve located in the main tank. It then passes through the first stage engine fuel pump where additional pressure is added. It flows through a fuel/oil heat exchanger where it is preheated. A fuel filter removes contaminants. If the filter becomes clogged, the filter will be bypassed, passing fuel directly to the engine. In that case, a Advisory EICAS message "ENG FUEL FILTER L/R" will be displayed.
When main tank fuel pump pressure is low, each engine can draw fuel from its corresponding main tank through a suction feed line that bypasses the pumps.
with their off-clickers
"The hands that help are better far than lips that pray." - Robert Ingersoll (1833-1899)
Trans-Atlantic flights are often 90 minutes of flying time from a suitable runway. Trans-Pacific flights can be 3 hours or more of flying time from a suitable runway. Needless to say, airlines cannot glide with no power for hours. Air Canada Flight 143 (see http://www.wadenelson.com/gimli.html) was estimated to have a glide ratio of 11:1 with both engines windmilling. So from 40,000 ft, the maximum glide distance would have been about 100km. Sink rate was estimated at 2000 ft/sec meaning with all engines out, you will be visiting some destination at sea level within about 20 minutes.
The immediate diagnosis of the crash at the time it happened was that all the electronics cut off, and people are just now learning it?
Slow Down, Cowboy! It's been 60 minutes since you last successfully posted a comment.
Yep, the plane was actually punctured and he was hit, you can see the hole on the RHS of the aircraft behind the wing, just under windows.
Anyway, his recollection indicates that the plane was punctured before it touched the ground. If that were the case, his "hole" would probably be the point of failure.
I think it is more likely that the puncture happened after the plane hit the ground, caused by debris from the right landing gear ripping away. It would be like this--plane touches down on grass (he thinks they're still smooth in the air); wheels dig in rip off, and punctures hull in quick succession (he has been hit); the plane starts scraping along the hull and engines (he feels the plane "hit the ground hard").
So it's probably just a slightly misleading passenger recollection, but something to think about while we're guessing about the control systems.
Damn, I already moderated this topic. Now I'll have to log in with my sock puppet to comment.
Do the multiple black boxes not have detailed logs of every action of every system?
I mod down anyone who says "I will be modded down for this", regardless of the rest of their comment
My $0.02 is that the air density computation came out wrong for whatever reason. Result: A very lean burn flaming out #2 and causing #1s request for more power to spin out to high RPM with not much to show for it. One passenger inside @the port side said it was takeoff loud how can it be takeoff loud with no power? If the 14:1 air:fuel ratio is wrong...
Hedley
-- The 777 software was written in Ada...
if (engines = OFF) then
PrepareForCrash();
end if;
I am very small, utmostly microscopic.
Sailplanes fly their final approach with an excess of altitude and rely on drag brakes to guide them to the end of the runway. A drag brake which is stuck on could make them land short but these control surfaces are usually fail safe to off.
Airliners rely on engine power modulation to keep them on the glide path. An engine failure will make them land short. So why not land like a sailplane? The descent will be slightly steeper and possibly less comfortable for the passengers but it guarantees that an engine failure in the last minute won't be as fatal.
http://michaelsmith.id.au
Lots of people are discounting the theory that the Prime Minister's (Who happened to be driving by at the time did it) I am not so sure it can be easily discounted - the range on these things are miles, and the power output is probably more than enough to kick out avionics on an plane passing by overhead at low altitude. I doubt we will ever see this made public if it is the case though, for fear of giving some people ideas. There should be exclusion zones around airports.
A good job by the pilots to get the aircraft on the ground wings level.
Hate to burst your bubble, but a loss of engine power does not create a stall. Rather, an increase in Angle of Attack past the critical AoA (which is sometimes simplified to a stall airspeed) creates a stall.
Additionally, much more investigation will happen in the following days and weeks, so locking on to one possible scenario is silly at this point. Offhand, I'd say the preliminary facts support a number of hypotheses, including:
wind shear
fuel starvation
fuel contamination
failure in the engine control
bird strike/bird ingestion
It's Linux, damnit! Pay no attention to renaming attempts by self-aggrandizing blowhards.
Rarely out of gliding distance on transatlantic flights? I just flew on one from Frankfurt to Los Angeles)yesterday, watching the little screen with aircraft position, and I call BS. Flying at somewhere around 36000 ft (it varies during the flight as fuel burns off), we're talking roughly 11km high. L/D (hence glide ratio) is probably around 10:1, so your gliding range is 110km. There's a fair amount of the time that you're more than 110km from land, much less a decent landing spot (e.g. the Outer Hebrides are not what'd I'd call a place to make an "off-airport landing"... nope, it's going to be one of those "unexpected water landings" for sure if all the engines quit.
He just put new batteries in it and was trying it on the in-flight video.
No sig today...
The CAA [British equivalent of the FAA for you Yanks] announced today that, following the BA038 air crash in which neither pilot was named "David", it will be mandatory that all flight crew on all 777 flights must have at least one "David" amongst them.
"A major opportunity was lost" said a spokesman for the CAA. "We must ensure that this never happens again".
Cut to the cockpit of a 777 on final approach.
Pilot (called David): "The autopilot is in trouble, it has asked for increased thrust, but the engines haven't responded."
Copilot (not called David, only one David is mandatory): "You'd better take over."
Pilot: "Increasing thrust manually..." He moves the throttles forwards.
Computer: "I'm afraid I can't do that Dave..."
All I want is a secure system where it's easy to do anything I want. Is that too much to ask ~~ Randall Munroe
It may not be just a software bug. It may be that the software cannot handle some unforeseen hardware state, as happened on the Malaysian Airlines incident a few months ago (that incident was a near-miss but did not result in a crash-- the problem was that the software was unable to handle properly bad data coming in from an accelerometer). Whether this counts as a "software bug" or a "hardware failure" I don't know....
You can prove that the software is bug free for any set of foreseen inputs. The question becomes whether there are unforeseen inputs which can cause problems. Suppose for example, that a sensor fails in an unexpected way-- for example shorting a circuit instead of breaking it, or by sending incorrect data to the computer. In essence you not only have to handle valid inputs from sensors, and normal sensor failures, but you also have to handle sensors which fail in unexpected ways, and you also have to handle every possible electrical fault as well. And then you *still* have to make some assumptions about the underlying communictions between the remaining components.
How, here is the real issue:
Software exists only to process information on underlying hardware. When you have failures in that hardware which cause the information to be corrupted, you cannot count on any results on the software. Hence you software can only be proven bug-free within a reasonably limited set of circumstances. Or, in simpler terms, garbage in? garbage out.
LedgerSMB: Open source Accounting/ERP
What if the main conspiracy theory was set up to dissuade people from the REAL conspiracy?
Better tighten that tinfoil hat.
The OP says the engines "suddenly cut off without warning", but the article he cites says "Both jet engines failed to respond to demands for more power". There is a big difference between failing to respond to an increase, and cutting off.
It didn't get repeated much but early on in the reporting (news.bbc.co.uk I think) a member of ground crew said a pilot had told him that had happened on another plane i.e. sudden power loss although in that case it was a rather better landing. Being just anecdotal, It does need to be treated with caution.
I want a list of atrocities done in your name - Recoil
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
Just to get the message across to others, and correct the "prollyfuelexhaustion" tag, fuel exhaustion was immediately ruled out. A significant quantity of fuel leaked from the crashed plane.
The AAIB initial report is here:
http://www.aaib.dft.gov.uk/latest_news/accident__heathrow_17_january_2008___initial_report.cfm
Oolite: Elite-like game. For Mac, Linux and Windows
It sounds like the flight controls, avionics, and autopilot systems all worked correctly, from reading the articles and the pilot comments. The engine controls themselves might have malfunctioned but the only supporting thing for that is that both engines simultaneously failed to respond. There are many other more likely causes for that, though, particularly some sort of fuel problem such as fuel contamination, no fuel, fuel pump problems, and the like. Even if the engine controls are found to be a fault, though, it's more likely that the problem is a mechanical problem rather than software or electronics. The indications are that the engines were still running but failed to increase thrust when commanded by both the autopilot and the manual throttle levers. Since this occurred at the end of a long flight and there was no subsequent fire after landing even though some of the fuel tanks were ruptured, lack of fuel in the tanks that the engines were feeding from seems a definite possibility.
Unless you are travelling exactly half-way around the world, there are only 2 great circles that connect the source and destination points.
This means that there is the most efficient great circle arc(goind directly towards your destination) and the less efficient great circle arc (going the other direction around the world until you reach your destination....
Perhaps you have a non-standard definition of 'great circle?'
LedgerSMB: Open source Accounting/ERP
The right and left engines are controlled by different computers. The only single points of control are the pilot and a central engine control system. Thus in the absence of pilot error, the only single point of failure is that specific avionics system.
Now the root fault may be due to some sensor or processing system failing and causing a cascade failure to other portions of the system. This sort of thing *has* happened in other 777's (an accelerometer failing in a way as to cause a cascade error into flight control software). In the end the most careful proof of software accurate operation must make certain assumptions about unerlying hardare states. Once hardware starts to go bad, all bets are off (for example, sensors could fail in such a way as to provide apparently valid but wildly inaccurate data to the software which would then return incorrect results (and hence take wrong actions).
LedgerSMB: Open source Accounting/ERP
... That someone didn't ignore the instructions to turn off the iPod just before the crash?
would have been on takeoff, about 4 seconds after the wheels left the ground.
NASA exists in an entirely different competitive environment from MS or Sun or Apple or Linux. I agree that the hoi polloi tolerate entirely too much crap from consumer-grade software, but I don't agree that the performance of NASA's software teams should be used to throw stones at people who are operating in a different world.
Failed Avionics a Possible Cause of BA038 Crash
I can come up with 10 other possible causes... see, I'm a newsman too!
1. Large Wooden Badger a Possible Cause of BA038 Crash
2. Drunken Pilot a Possible Cause of BA038 Crash
3. Sharks With Freakin' Lasers a Possible Cause of BA038 Crash
4. Snakes On Plane a Possible Cause of BA038 Crash
5. Running Out of Fuel a Possible Cause of BA038 Crash
6. Fat Ass in Row 23 Seat B a Possible Cause of BA038 Crash
7. Vitamin D Deficiency a Possible Cause of BA038 Crash
8. Giant Mutant Space Goat a Possible Cause of BA038 Crash
9. Falling From High Altitude a Possible Cause of BA038 Crash
10. CmdrTaco a Possible Cause of BA038 Crash
(I feel a poll coming on...)
Moderator hint: a comment is neither "Flamebait" nor "Troll" if it is true.
The news stories say this is a scenario that pilots don't train for. I was not rebutting your point in this regard.
:-) IANAP but you are so I will defer to you on this area.
My main point is that the may not train for this scenario relating to a 777, but they *do* train for it in other aircraft.
"slow down as much as possible" was also a misstatement. I meant to say "hit the ground as slow as possible" which is usually just above normal landing speed. I suppose I clould have been more clear about this
LedgerSMB: Open source Accounting/ERP
http://tinyurl.com/2nx3ym/ is far more credible than anything else to be seen on the subject
>> full flaps, with lots of drag, for landing, so the engines stay spooled up until about touchdown. So to rephrase, what you point out and I never saw mentioned in any mainstream-media article, is what must be the huge number of disasters avoided by the ability of the pilot to quickly remove the "drag brake" of those 30-degree-flaps to avoid some other kind of problem. The trade-off is that in the statistically-rare engine-out-on-landing, this kind of thing happens. GREAT explanation, thanks !
[[The amount of extra lift at a given speed from flaps 15 to 30 is very small, but the additional drag is quite large...]] A "delayed realization" - by Googling (( ba 38 coward flaps lift )) one can see that in response to both-engines-out the response was to INCREASE the flaps to provide more lift, and possibly to achieve more ground-effect. Your remark raises the possibility that counter-intuitively by backing off on the flaps one might reduce drag while not giving up very much lift... Of course this is a rare scenario and will be even more rare when they fix whatever allowed both sides to shut down simultaneously, but would a computer simulation which models the ground-effect and so forth possibly conclude that the correct response for such an scenario might actually be to BACK OFF on the flaps a little bit ?
From my reading of the reports both engines didn't fail simultaneously, but rather one failed 8 seconds after the first, and while there was fuel onboard that doesn't necessarily rule out fuel starvation from another cause such as contamination or a fuel blockage. While a software or hardware failure is unlikely to be the sole contributer to the cause, reversed inputs / outputs to the FADEC system could have led to the system inadvertenly causing the incident. Say for example the EEC on engine one indicates that it is experiencing fuel starvation from tank 1, and FADEC decides to switch engine one to tank 2, however because of reversed inputs / outputs it was infact engine 2 suffering the effects, now both engines are feeding from tank 2 where the fuel starvation is stemming from (be it cotaminated or blocked)! The time for the system to do the calculations and switch tanks is under 10 seconds, so in reality within 10 seconds the second engine would show similar characteristics. Not entirely different from the British midlands crash in the 1980's only it was the pilots who recieved the reversed information and reacted accordingly and shut down the engine appearing to be on fire, only they actually shut down their good engine. As for the pilots, it is without doubt that their quick reaction saved many lives, immediately upon the problem arising the captain(pilot not flying) raised the flaps, while this raised the ultimate stall speed, it enabled the aircraft to at least make the right side of the fence.