Slashdot Mirror
Computer Error Caused Qantas Jet Mishap
highways sends word that preliminary investigations into a Qantas Airbus A330 mishap where 51 passengers were injured has concluded that it was due to the Air Data Inertial Reference System feeding incorrect information into the flight control system — not interference from passenger electronics, as Qantas had initially claimed. Quoting from the ABC report: "Authorities have blamed a faulty onboard computer system for last week's mid-flight incident on a Qantas flight to Perth. The Australian Transport Safety Bureau said incorrect information from the faulty computer triggered a series of alarms and then prompted the Airbus A330's flight control computers to put the jet into a 197-meter nosedive ... The plane was cruising at 37,000 feet when a fault in the air data inertial reference system caused the autopilot to disconnect. But even with the autopilot off, the plane's flight control computers still command key controls in order to protect the jet from dangerous conditions, such as stalling, the ATSB said."
I'm sure this comes as no surprise to the /. community. Nice to see the truth actually did surface though.
"About two minutes after the initial fault, (the air data inertial reference unit) generated very high, random and incorrect values for the aircraft's angle of attack," the ATSB said in a statement.
Correct me if I'm wrong but don't most modern aircraft have an inertial navigation system and a seperate angle of attack transmitter protruding from the plane? Why no redundancy?
The incident was the fourth involving Qantas planes in two-and-a-half months[read TFA for the other 3 incidents]...
The plane's French-based manufacturer has issued an advisory on the problem and will also issue special operational engineering bulletins to airlines that fly A330s and A340s fitted with the same air data computer, the ATSB said.
Does Qantas' aircraft maintenance suck or does Airbus' quality control suck? Do both suck?
;)
Finally, shame on the PR guys for blaming passenger electronics. Maybe it's a feature, not a bug...in case any government decides that they want to make another 9/11
...but don't expect the airlines to care about the facts when they decide to stop letting you use electronic devices on their flights. Common sense didn't get in the way of them banning nailclippers, shaving razors, liquids and many other innocuous day-to-day items.
-- Sex is the antonym of pringles. Once you pop it's time to stop.
...tried turning it off and then on again.
put the jet into a 197-meter nosedive.
I've been in nose dives before.. it's awesome fun. Everyone is screaming and the assholes who refuse to keep their seatbelt fastened while seated quickly learn the *reason* why they request you to do this.
People pay good money for this experience, and with a little malfunction or two they give it to you for free. When you throw in the fact that you could very well be experiencing the last few minutes of your short pathetic little life - you can't get a better adrenaline rush.
How we know is more important than what we know.
...until you get all the bugs worked out of those systems. And unfortunately, lessons of these kinds are often paid in tragedy. These passengers should consider themselves lucky that the pilots reacted so quickly.
Not trying to be too flippant, as I can scarcely imagine the complexity of trying to create what essentially needs to be an infallible system in such a complex problem space. As a programmer, thinking about putting my life in the hands of a computer program scares the living hell out of me. The whole issue is that computers, by and large, lack "common sense", and are prone to accept garbage input without question.
Apparently, this was caused by "a malfunctioning computer". Isn't there sort of redundancy check on anything that could cause the computer to send the plane plummeting toward the earth? One faulty computer can cause this? I'm sure the article is over-simplifying the problem, but still...
Irony: Agile development has too much intertia to be abandoned now.
SOOOOO.... you are saying the inertial dampeners were offline?
Obama is a twitter sock puppet
This isn't an isolated incident. Although I think the string of technical incidents suffered by Qantas isn't a coincidence either. "A global alert was issued in 2005 after a Malaysia Airlines Boeing 777 en-route to Kuala Lumpur from Perth experienced similar problems. Investigators found a software glitch in a unit made by the same US manufacturer as the one in the Qantas plane combined with a mechanical problem." http://www.australianit.news.com.au/story/0,24897,24499849-15306,00.html
"Apparently, this was caused by "a malfunctioning computer". Isn't there sort of redundancy check on anything that could cause the computer to send the plane plummeting toward the earth? One faulty computer can cause this? I'm sure the article is over-simplifying the problem, but still..."
Yes. It's called "a pilot". Under some circumstances "plummeting towards the earth" is a legitimate maneuver. Keeping it there too long isn't...unless of course you're stopping a hijacking.
Shai Schticks:"You don't make peace with friends, you make peace with enemies"
So the autopilot ...jumped?
As we all know, Qantas never crashed. Def-definitely never crashed.
From the summary: "not interference from passenger electronics, as Qantas had initially claimed"
Care to show me where Quantas claimed that? It seems to be all the rage to say that Quantas are shifting the blame, but so far I've seen nothing at all to indicate that was the case. What I *have* seen was a statement from Quantas saying they were investigating passenger electronics as a possible cause. Now I know it doesn't make such good news, but I'm afraid there's a world of difference between being investigating something and trying to place the blame on it. Unfortunately that's a distinction that appears to be lost on the crowd...
And what do you think Qantas is going to retort? That the malfunction was caused by radio signals from passengers' electronic devices. Duh! Look at it. A computer starts spewing "random data". That can only be caused by random radio waves from random clicking with a wireless mouse. No, in a few months time, everyone bringing a wireless mouse on board will be considered a terrorist.
"We're investigating passenger electronics as a possible cause" is just marketing speak for "While we have no idea what happened, we want you to think it was passenger electronics."
paintball
As they are as stupid as cows.
Errors are only made by Humans, from the design up to the operation level.
These "announcements" are made just to hide some possibly high level human error.
If a sensor is feeding wrong data it's because of either a human engineering error or because of some fault that goes undetected (by humans)!
Maybe Computers will never be as intelligent as Humans.
For sure they won't ever become so stupid. [VR-1988]
This is precisely why having commercial aircraft under total computer control is a bad idea. Even though you can fly "stick" everything must first be put through the computer - which as we have just seen is not infallible.
.. this wouldn't have been a sidebar on page 5 of most papers. There would be 200 dead people lying in pieces near perth. Any computer malfunction which causes an aircraft to nosedive 650 feet in seconds is a VERY serious bug.
Swiss German is a spoken only language [1], the Swiss write standard German [2]. And the LHC is in French spoken part of Switzerland and therefore the official project languages for the LHC are English and French.
[1] Meaning: There are no official spelling rules and if one wants to write down Swiss German anyway one has to make up spelling on the fly.
[2] http://en.wikipedia.org/wiki/Standard_German
And I had almost finished building my 2KW Bluetooth mouse and with the Flight simulator rig, you know, in that little shed just after the airport fairway...
It takes 40+ muscles to frown, but only four to extend your arm and bitchslap the motherfucker
For those that are interested in coding/test methodologies, the FAA created a system called "DO178B" which defined as set of software assurance standards for aircraft. (Note, it's not coding standards, it's assurance standards)
Wiki link: http://en.wikipedia.org/wiki/DO-178B
It set different standards for different types of code. The movies would be Class E, a non-critical nav system maybe C or D, FCS probably A. But even then, the code can be made modular to decrease the assurance level required. For instance, an artificial horizon needs to work, right? But you normally have more than one in a cockpit. If one goes bad, you can use the other, not catastrophic. But the key is the pilot(s) need to recognize that it's busted. What if one froze in place in flight during landing? The pilot might follow it and go ka-boom.
So by itself, an electronic artificial horizon would require level A ($$$) software so that it 'never' fails. This is very very expensive (for level A the post-compiler machine code must be analyzed for possible compiler issues, and MC/DC http://en.wikipedia.org/wiki/Modified_Condition/Decision_Coverage coverage)
So instead, they write it to a lower level, and then create a small set of code that cross-checks everything and kills off any horizon that's malfunctioning by placing a big "X" (or whatever) on the screen instead. Lower risk and greatly reduced cost.
Not likely. How did it take off in the first place?
Jeez. Would it be too hard to pick one measurement system and stick with it? FYI, 37000 feet = 11 277.6 meters
that's a mystery
[...] incorrect information from the faulty computer triggered a series of alarms [...]
Avionics is mission critical/life support stuff. That means all stuff - including darn cables - must detect errors. Triple (at least) redundancy is there for a reason - to go on working no matter what.
This will not only cause some heads rolling (figuratively speaking), but also in charges and very likely conviction. And this would be very easy to find: in avionics (like in all similar fields) all the review documents have signatures and very clear (and strict) distribution of responsibilities.
All hope abandon ye who enter here.
Queerarse
Is it really necessary to use this term?
histories to date. Qantas is one of the safest airlines in the world. Anyway, aside from the likes of Ariana,http://en.wikipedia.org/wiki/Ariana_Afghan_Airlines air travel remains amongst the safest forms of mechanised transport. Compare and contrast the risks of road traffic accidents and their level of fatality amongst the under 30's.
Posts, MyBio or Sig, may contain satire, sarcasm, bolded nouns be sardonic or even witty & be Church of SD
A better article link would have been the official ATSB media release document
I don't need to test my programs.. I have an error correcting modem.
That approved the outsourcing to save a few bucks.
I bet all the execs drive top safe euro BMWs
Liberty freedom are no1, not dicks in suits.
That's the most likely explanation for the faulty onboard computer system that's feeding incorrect data to the flight control.
Oh, and how easy is it to override one reverse thruster engaging in flight?
Lars T.
To the guy who modded me down from perfect to terrible Karma - Apple haters still suck
At about 3 minutes, the software prevents roll beyond 67 degrees. At about 4:30, an attempt is made to stall the aircraft, at which time the software overrides the throttle settings. http://www.youtube.com/watch?v=LO5l6_d6yck "Blimey!"
That sounds unlikely to me. The autopilot is generally not engaged until a few minutes after takeoff. Even if it disengaged suddenly during a stable ascent, there is no reason for the plane to suddenly start falling out of the sky. (That would be a stall, and commercial airliners have so many stall warning devices that it requires some truly extraordinary circumstances to stall one.)
In any event, if your airliner was stalled for a good ten seconds, you would have lost several thousands of feet and would probably no longer be around to complain about it.
It is actually far more likely that a small plane blundered into the flight path or the airliner and forced a temporary altitude change to avoid him (Happens all the time...there is significant tension between the airlines and GA pilots for this reason).
What information do you have that makes you believe the pilot was lying?
But I am very suspicious of these statistics. For one, I can't find the exact formula they're using. I think they must be using something like "distance travelled divided by number of deaths". Which IMO is not a good measure when comparing with road travel. And how do they come up with "1 in 5000" chance of dying in a car accident. Doesn't this also imply that every one in 5000 motorists will have a fatal accident?
A better measure would be number of flights divided by crashes. Or number of hours flying divided by crashes.
As you said, this same part is used on several makes of aircraft. In fact the only similar occurrence I know of actually happened on a Boeing 777. You can read the details here.
It is concerning that a single failed sensor can cause this sort of upset, but it doesn't (at first glance) seem like either Boeing or Airbus are any better where this particular failure mode is concerned. And both the A330 and the B777 have excellent safety records, considerably better than the previous generation of planes. Without playing down the seriousness for the passengers who were hurt, at least the rest of the flight control system seems to have prevented the plane pulling its wings off in both cases.
So, someone at /. needs to proofread the titles that are actually posted on the main page of /. On the main page, this story had the title "Computer Error Caused Qantas Jet[.]" When I saw that, I thought that a computer error had caused a certain Quantas jet to exist, which gave me a quick laugh for the morning.
S)pin! spin! spin! All the way down!
Rethinking email
Quantas can suck it. Saying that wifi caused this. total BS.
they also said that a wireless mouse caused a similar incident last month.
total BS.
They don't build planes susceptible to interference from consumer devices. They know the frequencies quite well. Everything on an airplane is shielded.
They're using their grammar skills there.
Here's what I said when the original article appeared. Good to know I can still diagnose software bugs; even in software I didn't have anything to do with writing.
Cheers,
Dave
They that can give up essential liberty to obtain a little temporary safety deserve neither safety nor liberty.
Ben
Apparently it is: http://www.merriam-webster.com/dictionary/qwerty
Someone that gets it right, or at least, seems to agree with me. :-) I believe that the "deaths per passenger mile" are just for PR. The real measure should be either "deaths per incident" or "survivors per incident." Otherwise, we are measuring how many people get killed when everything goes as planned.
Why, without your clothes, you're naked, Miss Dudley!
Let the mythbusters test that
That was _Airframe_ and no, the circumstances there were backwards. The man flying the plane was the pilot's son and not certified on flying that particular model of aircraft. A counterfeit part failed, causing a warning light to appear in the cockpit. The pilot panicked and took over manual control of the plane. Not knowing how to control the plane under those circumstances, the plane then porpoised three times before the pilot lost consciousness and the autopilot could take over and resume normal flight.
Completely backwards situation to this one.
Overrated? What the hell? How can this post possibly be overrated with a score of 2? Come on, you asshole moderator. Show your face and defend your score. I dare you. I'm sure you're far too cowardly to do it, but I dare you to come here and reply to my post and tell me why you think this post is "Overrated". No doubt you're too chicken to do it, but I'll be waiting.
If you mod me Overrated, you are admitting that you have no penis.
That's right, morons, my laptop and other electronic gear DOES NOT AFFECT THE FLIGHT CONTROLS!!!
And neither does my 3.5 ounces of liquid! Real terrorists always work in groups. Don't think for one minute that a bunch of them aren't going to combine their 3 ounces.
No, the computer did what it was programmed to do.
Unfortunately the programming specs did not require the program to do the most reasonable thing when presented with bad input data.
There should have been some testing spec along the lines of "and furthermore it should be possible to replace any air data input by /dev/random without affecting safety of flight".
In the old days I'd require that any program would tolerate a simulated money at the keyboard. Sooo many programs failed that simple test!
If you read about it on the news, you don't have to worry about it. That's why it's news, because it's unusual.
It's the ways people die that the newspaper doesn't bother reporting that are going to get you.
Nostalgia's not what it used to be.
It's still too early to tell what happened.
The info now is that one of the air data units produced a bad inertial reference. There are three such units in an Airbus, and the flight control computers should have been able to vote the bad data out of the consensus for a single failure. That didn't happen, and it's important to understand why. That's the real problem. Single failures of inertial units should not produce a loss of control.
Apparently the failed inertial unit correctly produced a fault indication. Then, two minutes after the fault indication, it started producing bad pitch data. This resulted in a pitch-down command from the flight control system, which was trying to stabilize the aircraft but running off bad data. Maximum pitch down was 8.5 degrees and the aircraft only lost 650 feet of altitude. But at the tail end of the aircraft, the accelerations were high. The injured passengers were probably not belted in.
The air data units themselves are made by either Honeywell or Litton (now Northrup-Grumman). So far, the manufacturer hasn't been identified publicly.
Loss of inertial reference is serious. The pilot's artificial horizon display was also producing wrong data. In clouds, the pilot can't reliably tell which way is up. But at least an Airbus is basically stable. In unstable aircraft that require active control to fly at all, like most of the stealthed aircraft, this is an eject situation.
(I've dealt with inertial problems in robot ground vehicles. Our DARPA Grand Challenge vehicle worked badly because we had about 4 degrees of heading noise in the inertial system. We tried to compensate for that in software, but never got the compensation to work well enough. We needed to upgrade to a far more expensive fibre optic gyro. After we donated the vehicle to UC Santa Cruz, they got a FOG gyro and are currently installing it.)
It would be FAR worse of an electronic device would have been found to have caused the problem. That would mean I could design a "death ray" transmitter. The powerfull microwave with a beam antenna. I aim it at airliners as they fly over. No need to get a bomb past TSA. What a disaster that would be.
Now it sounds like they can fix this with some procedural changes and training and later with a software fix.
Okay, I am an avionics software engineer, who also understands electronics. Here's some info.
I cannot comment on the Airbus specifically, since I did not work on it directly, but on other aircraft (747, &c) it works like this:
There are 2 air data computers. These take in sensor reading from various parts of the ship and calculate results based on these readings and then distribute the information to other parts of the ship via an internal communications bus.
Sometimes the calculations are performed by the remote device and the ADC just passes them on; for example, the altimeter takes air pressure readings and calculates altitude and airspeed.
I'm glossing over some details for clarity, but you get the overall picture.
That's the theory, now let's look at reality and personal experience.
1) It turns out that a bad solder joint can act like a diode (perhaps someone from the physics department can further explain?), so an AC signal passing through such a joint will generate high frequency interference, much like a light dimmer does. On past aircraft there have been instances where quite a bit of EM interference was generated and such interference has been a problem BUT... ...those were instances of bad solder joints on devices actually installed in the aircraft, and which were directly coupled to other devices, so it's no big surprise that massive amounts of high frequency interference were getting fed to other systems and causing general mayhem.
The general fear is that your iPod might have such a fault, and that the random frequency it generates is exactly what is needed to spoof a signal needed by system. Some of the older navigation systems are based on "presence of RF signal", and could conceivably be confused by a much closer/much weaker transmitter.
Modern nav signals are modulated in various ways, so that the system can tell the difference between a real signal and noise.
2) Having written software which receives information from both nav computers, one might ask the question: What do you do when the nav computers disagree?
In a modern aircraft, YOU IGNORE IT. We found cases where the nav computers disagreed on the altitude calculation by 600 feet, which is a HUGE differential. If you try to throw up some sort of error message, maintenance will pull your product (not the broken computers) and send it back with a note saying "it keeps showing an error message".
This, of course, is very expensive for everyone involved. The process never ends, and the nav computers never get repaired. So the expedient solution is to ignore problems you discover in other people's devices and keep your mouth shut. So long as it's not your product that knocks the plane out of the sky, you're good.
3) A curious feature of software is that it's repeatable. If you give it the same inputs, it will calculate the same outputs every time.
So the question arises, if you have two identical devices making calculations on identical input data and there's a fault in the software, will redundancy do any good?
What we found is that identical systems will behave identically, and if one side goes haywire the other side will screw up in exactly the same way, and there will generally be no way to detect this. If the input doesn't seem quite right, then check it with the other side. It's saying the same thing? Well, OK. It must be correct... it just seems funny though.
(Note: You generally can't use different algorithms for your calculations, because there really aren't that many ways to multiply rate times time, for instance. All the behaviour is precisely specified and there aren't too many ways to code "if this happens, do that". Also, having multiple algorithms would *double* the amount of certification work you need, since it would result in essentially two different devices. Certification costs 15x the amount of development.)
This is why software systems on aircraft have extremely strict internal consistency requirements - it's mu
I don't understand why accusations are made before the review has been performed and conclusions drawn. I'm not sure whether anyone suffered from this specifically, but it doesn't seem responsible or professional.
The problem is that the fly-by-wire computer in the Airbus determines the state of the plane. The plane will only stabilize if the computer tells the plane to. The fact that the plane has a stable design is irrelevant to the fact that the computer controls the plane and not the pilot. If the computer decides that crashing the plane is the proper thing to do, there is nothing anyone can do except take out the computer. This is not your grandfather's autopilot. Think more along the lines of Airplane 2's autopilot, which is where I think Airbus gets it's design from [cue MI theme music].
You're also wrong on the stability of military aircraft. Several US fighter jets and even the new bombers are not aerodynamically stable, and cannot be flown by hand. Many others are also only aerodynamically stable at supersonic speeds. You can prove this by making Styrofoam replicas of military aircraft and launching them by hand. An aerodynamically stable design will glide, and one that is not will crash spectacularly. If you cannot make a glider of an aircraft design, then it is not aerodynamically stable at subsonic speeds.
Not Swiss German. Just normal German with typical internet spelling and grammar.
Don't forget that Friday is Hawaiian shirt day.
A kid with a GameBoy, huh?
Don't forget that Friday is Hawaiian shirt day.
I thought we would all die in the rise of the machines, not the descent of the machines.
Historically all aircraft have been self-trimming, otherwise they were more likely than not to end up a big smoking hole in the ground. Another notable exception is the Concorde, which predates the F-117.
But with fly by wire, there is really no reason for aircraft to fly stable. The difference between normal flight with the aircraft under pilot control, and autopilot, is a shade of grey. If the computer is always flying the aircraft why make the aircraft more stable, when you could make the aircraft more responsive or more efficient instead and have the computer keep it on the straight and narrow.
"On the other hand, there is no incentive to design such instability into an airliner and lots of reasons not to (like what happens when the autopilot fails)."
But, that makes flight... less ... interesting.
I rather LIKE *most* (but not all) of the turbulence. Sometimes, I had to stick my face between the window and seat to keep my smiles out of view. However, on a trip to Asia in '98, the Air France plane's wings were literally (virtually/almost) flapping like a bird (well, exaggerating...), but it was *quite* noticeable. On landing, the touchdown was so stiff i thought the gear would fail or penetrate the deck.
On an SWA flight from Seattle, same time frame, we had that massive weather front on the West Coast. The turbulence was so horrible, i wasn't smiling on that flight. Nobody was. It was so bad we kept losing altitude, couldn't evade, had little or no room to climb, and it kept getting worse. It got so much worse the SWA attendants were passing out extra food, began jumping around and playing games, and did anything they could to create laughter to distract us from the outside.
When we safely touched down in San Jose, we ALL burst out in cheers. IIRC, some people had tears in their eyes, and seemed drained by the experience. I think everyone of us thanked the cockpit crew and the attendants, but really it was fate/karma/engineering and weather that individually could have yanked our plugs.
Previously: "Linux... Toward the Sunrise..." Now: "Linux... Toward the-- No, now, part of Every Sunrise"
Okay so it wasn't someones phone that did it, but this is not the first instance of aircraft instrument trouble in that area. Now what else is in the area of Exmouth? 1 : The phased antenna array, 2 : Pine gap .. Americas installation which is part of the echalon program.
now both of these, the phased antenna array in particular pump out massive amounts of em interference.
Since this isnt the first instance of plane trouble in the area, merely the most reported/ serious, maybe they should look into the EM in the area and see if that could be having an effect. Thats alot more EM then all the mobile phones in Perth city put together.
I know the airbus systems are pretty heavily computerised, but I am not sure about how hardened they are.
I know someone on here said they are an auto pilot engineer. Thoughts?