Slashdot Mirror
Computer Error Caused Qantas Jet Mishap
highways sends word that preliminary investigations into a Qantas Airbus A330 mishap where 51 passengers were injured has concluded that it was due to the Air Data Inertial Reference System feeding incorrect information into the flight control system — not interference from passenger electronics, as Qantas had initially claimed. Quoting from the ABC report: "Authorities have blamed a faulty onboard computer system for last week's mid-flight incident on a Qantas flight to Perth. The Australian Transport Safety Bureau said incorrect information from the faulty computer triggered a series of alarms and then prompted the Airbus A330's flight control computers to put the jet into a 197-meter nosedive ... The plane was cruising at 37,000 feet when a fault in the air data inertial reference system caused the autopilot to disconnect. But even with the autopilot off, the plane's flight control computers still command key controls in order to protect the jet from dangerous conditions, such as stalling, the ATSB said."
I'm sure this comes as no surprise to the /. community. Nice to see the truth actually did surface though.
"About two minutes after the initial fault, (the air data inertial reference unit) generated very high, random and incorrect values for the aircraft's angle of attack," the ATSB said in a statement.
Correct me if I'm wrong but don't most modern aircraft have an inertial navigation system and a seperate angle of attack transmitter protruding from the plane? Why no redundancy?
The incident was the fourth involving Qantas planes in two-and-a-half months[read TFA for the other 3 incidents]...
The plane's French-based manufacturer has issued an advisory on the problem and will also issue special operational engineering bulletins to airlines that fly A330s and A340s fitted with the same air data computer, the ATSB said.
Does Qantas' aircraft maintenance suck or does Airbus' quality control suck? Do both suck?
;)
Finally, shame on the PR guys for blaming passenger electronics. Maybe it's a feature, not a bug...in case any government decides that they want to make another 9/11
...but don't expect the airlines to care about the facts when they decide to stop letting you use electronic devices on their flights. Common sense didn't get in the way of them banning nailclippers, shaving razors, liquids and many other innocuous day-to-day items.
-- Sex is the antonym of pringles. Once you pop it's time to stop.
...tried turning it off and then on again.
put the jet into a 197-meter nosedive.
I've been in nose dives before.. it's awesome fun. Everyone is screaming and the assholes who refuse to keep their seatbelt fastened while seated quickly learn the *reason* why they request you to do this.
People pay good money for this experience, and with a little malfunction or two they give it to you for free. When you throw in the fact that you could very well be experiencing the last few minutes of your short pathetic little life - you can't get a better adrenaline rush.
How we know is more important than what we know.
...until you get all the bugs worked out of those systems. And unfortunately, lessons of these kinds are often paid in tragedy. These passengers should consider themselves lucky that the pilots reacted so quickly.
Not trying to be too flippant, as I can scarcely imagine the complexity of trying to create what essentially needs to be an infallible system in such a complex problem space. As a programmer, thinking about putting my life in the hands of a computer program scares the living hell out of me. The whole issue is that computers, by and large, lack "common sense", and are prone to accept garbage input without question.
Apparently, this was caused by "a malfunctioning computer". Isn't there sort of redundancy check on anything that could cause the computer to send the plane plummeting toward the earth? One faulty computer can cause this? I'm sure the article is over-simplifying the problem, but still...
Irony: Agile development has too much intertia to be abandoned now.
SOOOOO.... you are saying the inertial dampeners were offline?
Obama is a twitter sock puppet
This isn't an isolated incident. Although I think the string of technical incidents suffered by Qantas isn't a coincidence either. "A global alert was issued in 2005 after a Malaysia Airlines Boeing 777 en-route to Kuala Lumpur from Perth experienced similar problems. Investigators found a software glitch in a unit made by the same US manufacturer as the one in the Qantas plane combined with a mechanical problem." http://www.australianit.news.com.au/story/0,24897,24499849-15306,00.html
As we all know, Qantas never crashed. Def-definitely never crashed.
From the summary: "not interference from passenger electronics, as Qantas had initially claimed"
Care to show me where Quantas claimed that? It seems to be all the rage to say that Quantas are shifting the blame, but so far I've seen nothing at all to indicate that was the case. What I *have* seen was a statement from Quantas saying they were investigating passenger electronics as a possible cause. Now I know it doesn't make such good news, but I'm afraid there's a world of difference between being investigating something and trying to place the blame on it. Unfortunately that's a distinction that appears to be lost on the crowd...
So what if they do make such claims?
If all it takes is a kid with a gameboy to bring down the Airbus then their entire fleet should be grounded.
The aircraft systems design would be completely unsafe as there are far more powerful transmitters in any urban area.
No, in truth, Airbus planes would be raining from the skys if it were indeed susceptible to such interference. It would have never been certified.
But more important, why did the controls not respond to the pilots? Why would the computers be programmed to prevent a Stall in an *diving* aircraft?
Sig Battery depleted. Reverting to safe mode.
For those that are interested in coding/test methodologies, the FAA created a system called "DO178B" which defined as set of software assurance standards for aircraft. (Note, it's not coding standards, it's assurance standards)
Wiki link: http://en.wikipedia.org/wiki/DO-178B
It set different standards for different types of code. The movies would be Class E, a non-critical nav system maybe C or D, FCS probably A. But even then, the code can be made modular to decrease the assurance level required. For instance, an artificial horizon needs to work, right? But you normally have more than one in a cockpit. If one goes bad, you can use the other, not catastrophic. But the key is the pilot(s) need to recognize that it's busted. What if one froze in place in flight during landing? The pilot might follow it and go ka-boom.
So by itself, an electronic artificial horizon would require level A ($$$) software so that it 'never' fails. This is very very expensive (for level A the post-compiler machine code must be analyzed for possible compiler issues, and MC/DC http://en.wikipedia.org/wiki/Modified_Condition/Decision_Coverage coverage)
So instead, they write it to a lower level, and then create a small set of code that cross-checks everything and kills off any horizon that's malfunctioning by placing a big "X" (or whatever) on the screen instead. Lower risk and greatly reduced cost.
Not likely. How did it take off in the first place?
At 37000 feets the air is so thin that the range between the cruise speed and stall speed is relatively small. In other words, you need an autopilot to fly in that altitude. So a dive after an autopilot disconnect makes sense, although it's questionable if has to be so strong that some passengers get hurt.
If the pilots lost consciousness they would lose control of the aircraft and may slump on to the controls and put the plane into an unsafe course.
The computers put the plane INTO a dive to prevent a stall they *thought* was taking place.
In this case the pilots attempted to abort the 'safety' maneuver but the computer decided that the pilots through incompetence or perhaps incapacitation did not actually intend to kill all aboard and took the action it thought was necessary.
Jeez. Would it be too hard to pick one measurement system and stick with it? FYI, 37000 feet = 11 277.6 meters
RTFA. The computer was being fed random and wildly varying attitude inputs. It first pitched up, then dived, presumable responding to different random attitude inputs.
Regarding the earlier point: ATC people say they regularly hear the distinctive "ditda ditda" of an active cellphone on their channel because the pilots haven't turned off their own cellphones. So (a) active cellphones are failing to crash planes, even on presumably the most sensitive part of the craft, the flight deck, and (b) pilots know it and don't care.
Consciousness is an illusion caused by an excess of self consciousness.
histories to date. Qantas is one of the safest airlines in the world. Anyway, aside from the likes of Ariana,http://en.wikipedia.org/wiki/Ariana_Afghan_Airlines air travel remains amongst the safest forms of mechanised transport. Compare and contrast the risks of road traffic accidents and their level of fatality amongst the under 30's.
Posts, MyBio or Sig, may contain satire, sarcasm, bolded nouns be sardonic or even witty & be Church of SD
I'm sorry Dave, I'm afraid I can't do that...
"lack of quality control is one of the pillars of slashdot"
because a diving aircraft CAN stall; a stall occurs when the angle of attack ( the angle between the mean chord of the wing and the relative airflow past the wing) exceeds a critical value. A stall can occur at any airspeed and is not dependent on the aircraft attitude. A stall condition is effectively the loss of th ability of an airfoil to generate lift, and could for example prevent an aircraft from being able to pull out of a dive.
http://en.wikipedia.org/wiki/Stall_(flight)
hmmm... my CAPTCHA is 'terrify'
Most active cell phones won't cause problems. Hell, I've accidentally left my cell phone on while flying IFR and I didn't notice a thing. The track on flightaware didn't show any problems either.
The problem is that we don't know for certain that the cell phone is working properly. This is why we have regulations such as 14CFR91.21 and policies that below 10,000 AGL, you may not operate any instruments.
A quick look at NASA's ASRS database shows 9 entries concerning potential interference from portable electronic devices. So this isn't just an academic concern. Several of these entries indicated that the reporters had seen these sorts of issues before, but that it hadn't been reported.
When the flight crew tells you to shut off your toys before landing, gentlemen (and ladies, if there are any here) SHUT IT OFF! The risk of a screw-up is not yours to take. You can scream and holler at the flight crew about the injustice of denying you ten more minutes on your crack-berry once you're safely in the terminal building. Until then, their word has the full force of Admiralty Law. Shut it off or they'll do it for you.
Nearly fifty percent of all graduates come from the bottom half of the class!
Did you fit that magnetron inside the mouse or did you just bluetooth-enable your microwave?
Nonsense. The air is thin but not THAT thin. B-29 Superfortresses routinely flew at that height, via human piloting. You don't "need" an autopilot.
>
>>>incorrect information... prompted flight control computers to put the jet into a 197-meter nosedive.
Nice. I hear that car manufacturers want to include similar accident-avoidance measures in cars. That's just what I need - my car's old computer going senile, and suddenly swerving me head-on into oncoming traffic.
The government is not your daddy. Its purpose is not to raid middle-class neighbors' wallets and give it to you.
If you need an autopilot to keep the airplane from stalling, then yes, you probably have a stall within seconds after disconnecting the autopilot. And in a stall situation you have no lift from the wings, therefore the plane will immediately and rapidly lose altitude. Modern Airbus and Boeing are engineered to dive forward in these cases, so the stall is self-limiting in the sense that the aircraft will fall until the air is denser or airspeed is higher to let the wings generate lift again thus recovering from the stall.
The resulting forces are well within design limits of current airframes but may seriously injure passengers that had not used their seatbelts or were walking around at this moment.
At about 3 minutes, the software prevents roll beyond 67 degrees. At about 4:30, an attempt is made to stall the aircraft, at which time the software overrides the throttle settings. http://www.youtube.com/watch?v=LO5l6_d6yck "Blimey!"
That sounds unlikely to me. The autopilot is generally not engaged until a few minutes after takeoff. Even if it disengaged suddenly during a stable ascent, there is no reason for the plane to suddenly start falling out of the sky. (That would be a stall, and commercial airliners have so many stall warning devices that it requires some truly extraordinary circumstances to stall one.)
In any event, if your airliner was stalled for a good ten seconds, you would have lost several thousands of feet and would probably no longer be around to complain about it.
It is actually far more likely that a small plane blundered into the flight path or the airliner and forced a temporary altitude change to avoid him (Happens all the time...there is significant tension between the airlines and GA pilots for this reason).
What information do you have that makes you believe the pilot was lying?
Yes and no. Yes, the air is not THAT thin, but first there is a big difference in the security requirements between 21th century airlines and WWII military aviation. Second, the A330 has a very different (and more fuel efficient) wing profile from the B-29, which stalls at only 91kts.
RTFA. The computer was being fed random and wildly varying attitude inputs.
They should get Debian software.
No. I am a pilot, and you are confusing 37000 feet with 56000 feet. At the altitude where the U-2 flys, over 3 miles higher than 37000 feet, the stall and maximum allowable speeds are nearly on top of each other.
At 37000 feet you have a wide margin of speed available between stall and cruise. What gets closer together is the airplane's top cruise speed and the Mach limit.
The dive after autopilot disconnect is crap; the airplane should be trimmed for level flight by the autopilot to save fuel and system wear.
The dirty secret about airbus airplanes is that the autopilot is never really disconnected; the flight computers will always play 'nanny'. In this case, the computer got 'vertigo' and said 'ZOMG we're too steep', slammed the plane around to keep up speed. Wrong move by the wrong system. If the autopilot disconnects, the airplane should hand control to the pilots, not try to tear the plane apart.
Looking at the article, people suffered spine damage as a result of the (improper) maneuver. Considering that one Airbus aircraft has had a tail fall off in flight due to stress cracking, I'd wonder if this airplane hadn't exceeded it's structural G-force limits during the computer's unscheduled aerobatics.
Auto-pilot can make mistakes. But humans make mistakes much more frequently. We are all safer if we turn the piloting of heavy machines over to computers. That California train wreck never would have happened if we had taken the emotional, error-prone sack of meat out of the control system.
A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
The flight crew adamantly demands a shut off my iPod shuffle, which has the EM characteristics of a wristwatch. I will continue to ignore them.
A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
The A330 also has much more powerful engines but neither of those really matter. The reason the pilot controls didn't respond is a matter of fly-by-wire philosophy. Do you allow the pilot to put the plane is a situation that will stall the plane or worse break it, or do you prevent the pilot from flying outside the capabilities of the plane. Airbus's philosophy is the latter. The only problem is - what if the flight control computer is wrong.
You do *not* need an autopilot to fly at that altitude. And yes I am an autopilot engineer.
While you're right that the iPod shuffle can't cause problems, you're wrong to not listen. Saying its ok to not follow a rule because you know better is a poor excuse, assuming harm would not be caused if the rule were followed. You may eventually get some other device at some point and still think you're right and you may be right, but there will always be a blurry line between the time when you're right and the time you're wrong. People shouldn't have to put their trust in your hands because you think you know better.
Nonsense. The air is thin but not THAT thin. B-29 Superfortresses routinely flew at that height, via human piloting. You don't "need" an autopilot.
Firstly, the B-29 had the wings of a glider and cruised at 220 knots. The Airbus by contrast has swept wings optimized for cruise at .82 mach. What makes you think your intuition about the B29 is worth anything given the differences between those aircraft?
Secondly, the B29 was flown by autopilot in cruise. Preview "Bringing the Thunder" on Google books, page 155, for the memoirs of a B-29 pilot.
That said, this is not even an autopilot issue. The true source of this problem is the flight control system of the Airbus, which features a "self protection" system that intends to prevent the aircraft from stalling at any expense, and in this case, actively threatens the safety of the aircraft itself.
The truly frightening thing about this is that the air data computer clearly resumed normal operation at some point during the dive, and the aircraft was recoverable. Had this been a permanent failure of the air data computer, an airbus pilot has no way to override the aircraft's intentions and recover from the dive. An airbus pilot can only watch, as the airplane says, "No, really, I'm stalling, I have to hold the nose down and pick up airspeed!". With a failed ADC computer constantly and erroneously telling flight controls that the aircraft is in stall, an Airbus would dive, trying to recover, until it impacts the ground.
By contrast, A pilot of a Boeing aircraft can tell his aircraft that it's worldview is wrong and fly it by hand in any circumstance.
This represents a fundamental difference in philosophy. Airbus trusts the computer and the system more than it trusts the pilot -- It says that the probability of a systems failure causing incorrect control commands and threatening the aircraft is less than the probability of a confused, tired, or impaired pilot losing control of the aircraft. Boeing, by contrast, trusts the pilot more than it trusts the system.
There have been aircraft accidents where an Airbus aircraft has crashed in situations where a Boeing aircraft would have been flyable by a human pilot.
There have also been aircraft accidents where a Boeing aircraft has crashed due to incorrect pilot procedures which could have been overridden by an Airbus aircraft's flight control system.
Each philosophy has its risks and rewards.
Typically, recent civilian and many military aircraft are "three dimensionally stable". The only exceptions to this are stunt planes and fighter aircraft. For pretty much everything else, the airplane will not only continue to fly straight and level once trimmed but will even return to straight and level after a control is deflected. That is, push the yoke forward and the increased speed causes additional lift and the plane returns to level flight. Deflect the yoke the other direction, the rudder or the ailerons and the same sort of "counter force" does the same thing; the plane returns to level flight. It just won't necessarily be on the same course as before. This is something that is typically demonstrated to a student pilot on their first flight with an instructor.
The old inertial autopilots kept a plane on the same course based on the directional gyro, turn and bank and rate of climb devices. Good enough to give the pilot a break but they only kept the plane headed in the direction originally input. Modern autopilots tie into the global positioning system and on-board navigation computers to allow things like a great circle route to be flown under autopilot that also corrects for changes in wind.
Only a very few recent fighter planes are so unstable that they require the on-board computer to keep the plane flying. The F-117 was the first such aircraft deployed. The idea is that making a fighter plane unstable means that it has no inherent preference as to which way to fly thus making it more maneuverable. On the other hand, there is no incentive to design such instability into an airliner and lots of reasons not to (like what happens when the autopilot fails).
Cheers,
Dave
They that can give up essential liberty to obtain a little temporary safety deserve neither safety nor liberty.
Ben
It would be more accurate to say that stall is a function of airspeed and attitude. It's not dependent ONLY on airspeed or attitude, but you can induce stall by varying either.
Why yes, I AM a rocket scientist!
i think this was a prudent policy when portable electronics and wireless devices first became popular. planes were operated by complex & high tech machinery, and they had not been tested against such EM interference. it would have been foolish to allow such devices to be operated on a plane before studying the interaction between these devices and airplane equipment.
however, it's now 2008. the "we don't know what might happen, so let's just ban all electronic devices" attitude is no longer acceptable. FAA or NTSB should have conducted research into the safety of using such devices on planes. flight equipment regulations should have been updated to ensure safe operation in an environment with active wireless/electronic devices. and if needed, cellphone, laptop, and other wireless device manufacturers could be required to test the EM output of their products to determine whether they pose a significant risk of interfering with other electronic equipment.
these studies have to be done eventually, and frankly they've been put off for much too long already. there's absolutely no reason why we can't determine once and for all whether consumer electronics pose a threat to passenger planes.
And you'll have your iPod forcibly taken away and disabled, you'll get to finish the flight duct taped to the chair, and arrested on landing. The flight crews authority is pretty much absolute, complain once the flight is over, write letters to the FAA/NASA/TSB but when they give you an instruction you would be extremely foolish to ignore it.
S)pin! spin! spin! All the way down!
Sounds like a status report from the McCain campaign.
Overrated? What the hell? How can this post possibly be overrated with a score of 2? Come on, you asshole moderator. Show your face and defend your score. I dare you. I'm sure you're far too cowardly to do it, but I dare you to come here and reply to my post and tell me why you think this post is "Overrated". No doubt you're too chicken to do it, but I'll be waiting.
If you mod me Overrated, you are admitting that you have no penis.
Interesting side note. The equipment companies developed aluminum grade crossing gates, but the railroads preferred the wood or fiberglass ones for legal reasons. After a crash, you can find the fragments in the front of the car to prove it ran through the barrier before being hit by the train.
Intron: the portion of DNA which expresses nothing useful.
And my understanding is that Boeing does it the other way, where it allows the human pilot to override the computer, correct? Funny, I always figured that doing it the airbus way would get someone into trouble some day...
But, then again, how many times have pilots/pilot error brought down aircraft? Maybe we should let the machines be the last line of defense =)
With an aerodynamically stable airplane, if the attitude control computer fails, it's still may be possible to fly it "by hand." With an unstable airplane, the only thing the pilot can do is punch out under the same circumstances. Fly by wire (and lots of computing power) makes it possible to control an airplane that is aerodynamically unstable; it does not require that the plane be unstable. That's a design decision. Hopefully Airbus, etc. still provide the equivalent of a turn and bank indicator, rate of climb indicator, and gyro-compass so the pilot has a chance of flying the plane even if the attitude control computer goes wonky (and a way to take the attitude control compuer off-line).
Your second example is very bogus. As an example, a flying wing such as the B-2 will make a very poor Styrofoam glider but the origins of the flying wing goes back to WWII. Quite obviously, the B-35, N9M, etc. didn't have a flight control computers but were controllable none the less. The problem with your example is that modeling things like the effect of a wing's dihedral on Styrofoam glider scales and speeds is difficult to do. This is primarily a result of the simple fact that lots of effects such as boundary layer conditions are not linear. It takes a huge amount of effort to craft an aerodynamic replica of a full size airplane that allows wind tunnel tests to be run on scale models and still get valid results. Just because a styrofoam model doesn't glide says little or nothing about the stability of the full size airplane.
Cheers,
Dave
They that can give up essential liberty to obtain a little temporary safety deserve neither safety nor liberty.
Ben
What's the difference? Wouldn't an aluminum gate be just as busted as a fiberglass one if a car ran through it fast enough to shatter the fiberglass?
We hope your rules and wisdom choke you / Now we are one in everlasting peace