Slashdot Mirror
Computer Error Caused Qantas Jet Mishap
highways sends word that preliminary investigations into a Qantas Airbus A330 mishap where 51 passengers were injured has concluded that it was due to the Air Data Inertial Reference System feeding incorrect information into the flight control system — not interference from passenger electronics, as Qantas had initially claimed. Quoting from the ABC report: "Authorities have blamed a faulty onboard computer system for last week's mid-flight incident on a Qantas flight to Perth. The Australian Transport Safety Bureau said incorrect information from the faulty computer triggered a series of alarms and then prompted the Airbus A330's flight control computers to put the jet into a 197-meter nosedive ... The plane was cruising at 37,000 feet when a fault in the air data inertial reference system caused the autopilot to disconnect. But even with the autopilot off, the plane's flight control computers still command key controls in order to protect the jet from dangerous conditions, such as stalling, the ATSB said."
I'm sure this comes as no surprise to the /. community. Nice to see the truth actually did surface though.
"About two minutes after the initial fault, (the air data inertial reference unit) generated very high, random and incorrect values for the aircraft's angle of attack," the ATSB said in a statement.
Correct me if I'm wrong but don't most modern aircraft have an inertial navigation system and a seperate angle of attack transmitter protruding from the plane? Why no redundancy?
The incident was the fourth involving Qantas planes in two-and-a-half months[read TFA for the other 3 incidents]...
The plane's French-based manufacturer has issued an advisory on the problem and will also issue special operational engineering bulletins to airlines that fly A330s and A340s fitted with the same air data computer, the ATSB said.
Does Qantas' aircraft maintenance suck or does Airbus' quality control suck? Do both suck?
;)
Finally, shame on the PR guys for blaming passenger electronics. Maybe it's a feature, not a bug...in case any government decides that they want to make another 9/11
...tried turning it off and then on again.
SOOOOO.... you are saying the inertial dampeners were offline?
Obama is a twitter sock puppet
This isn't an isolated incident. Although I think the string of technical incidents suffered by Qantas isn't a coincidence either. "A global alert was issued in 2005 after a Malaysia Airlines Boeing 777 en-route to Kuala Lumpur from Perth experienced similar problems. Investigators found a software glitch in a unit made by the same US manufacturer as the one in the Qantas plane combined with a mechanical problem." http://www.australianit.news.com.au/story/0,24897,24499849-15306,00.html
Cheapest way to experience zero G? Go along to your nearest glider/sailplane club and have a trial lesson. If you ask nicely, some of instructors will give you an aerobatic flight (loops, wing-overs, stalls, but not spins).
If the cable breaks during a winch launch, at a couple of hundred feet, you go zero g in order to recover. The motto is that if the mud (on the floor) floats around your face then you got it about right, whereas if it plasters itself on the canopy then you were too enthusiastic.
Before you go solo (which you can do at age 16/15/14 depending on where you live) you have to be able to repeatedly demonstrate that you can recover from cable breaks and also from a spin started at 1000ft in which you are descending at 100ft/s.
Not an experience you will forget.
For those that are interested in coding/test methodologies, the FAA created a system called "DO178B" which defined as set of software assurance standards for aircraft. (Note, it's not coding standards, it's assurance standards)
Wiki link: http://en.wikipedia.org/wiki/DO-178B
It set different standards for different types of code. The movies would be Class E, a non-critical nav system maybe C or D, FCS probably A. But even then, the code can be made modular to decrease the assurance level required. For instance, an artificial horizon needs to work, right? But you normally have more than one in a cockpit. If one goes bad, you can use the other, not catastrophic. But the key is the pilot(s) need to recognize that it's busted. What if one froze in place in flight during landing? The pilot might follow it and go ka-boom.
So by itself, an electronic artificial horizon would require level A ($$$) software so that it 'never' fails. This is very very expensive (for level A the post-compiler machine code must be analyzed for possible compiler issues, and MC/DC http://en.wikipedia.org/wiki/Modified_Condition/Decision_Coverage coverage)
So instead, they write it to a lower level, and then create a small set of code that cross-checks everything and kills off any horizon that's malfunctioning by placing a big "X" (or whatever) on the screen instead. Lower risk and greatly reduced cost.
I'm sorry Dave, I'm afraid I can't do that...
"lack of quality control is one of the pillars of slashdot"
Most active cell phones won't cause problems. Hell, I've accidentally left my cell phone on while flying IFR and I didn't notice a thing. The track on flightaware didn't show any problems either.
The problem is that we don't know for certain that the cell phone is working properly. This is why we have regulations such as 14CFR91.21 and policies that below 10,000 AGL, you may not operate any instruments.
A quick look at NASA's ASRS database shows 9 entries concerning potential interference from portable electronic devices. So this isn't just an academic concern. Several of these entries indicated that the reporters had seen these sorts of issues before, but that it hadn't been reported.
When the flight crew tells you to shut off your toys before landing, gentlemen (and ladies, if there are any here) SHUT IT OFF! The risk of a screw-up is not yours to take. You can scream and holler at the flight crew about the injustice of denying you ten more minutes on your crack-berry once you're safely in the terminal building. Until then, their word has the full force of Admiralty Law. Shut it off or they'll do it for you.
Nearly fifty percent of all graduates come from the bottom half of the class!
If you need an autopilot to keep the airplane from stalling, then yes, you probably have a stall within seconds after disconnecting the autopilot. And in a stall situation you have no lift from the wings, therefore the plane will immediately and rapidly lose altitude. Modern Airbus and Boeing are engineered to dive forward in these cases, so the stall is self-limiting in the sense that the aircraft will fall until the air is denser or airspeed is higher to let the wings generate lift again thus recovering from the stall.
The resulting forces are well within design limits of current airframes but may seriously injure passengers that had not used their seatbelts or were walking around at this moment.
Yes and no. Yes, the air is not THAT thin, but first there is a big difference in the security requirements between 21th century airlines and WWII military aviation. Second, the A330 has a very different (and more fuel efficient) wing profile from the B-29, which stalls at only 91kts.
No. I am a pilot, and you are confusing 37000 feet with 56000 feet. At the altitude where the U-2 flys, over 3 miles higher than 37000 feet, the stall and maximum allowable speeds are nearly on top of each other.
At 37000 feet you have a wide margin of speed available between stall and cruise. What gets closer together is the airplane's top cruise speed and the Mach limit.
The dive after autopilot disconnect is crap; the airplane should be trimmed for level flight by the autopilot to save fuel and system wear.
The dirty secret about airbus airplanes is that the autopilot is never really disconnected; the flight computers will always play 'nanny'. In this case, the computer got 'vertigo' and said 'ZOMG we're too steep', slammed the plane around to keep up speed. Wrong move by the wrong system. If the autopilot disconnects, the airplane should hand control to the pilots, not try to tear the plane apart.
Looking at the article, people suffered spine damage as a result of the (improper) maneuver. Considering that one Airbus aircraft has had a tail fall off in flight due to stress cracking, I'd wonder if this airplane hadn't exceeded it's structural G-force limits during the computer's unscheduled aerobatics.
The A330 also has much more powerful engines but neither of those really matter. The reason the pilot controls didn't respond is a matter of fly-by-wire philosophy. Do you allow the pilot to put the plane is a situation that will stall the plane or worse break it, or do you prevent the pilot from flying outside the capabilities of the plane. Airbus's philosophy is the latter. The only problem is - what if the flight control computer is wrong.
You do *not* need an autopilot to fly at that altitude. And yes I am an autopilot engineer.
Nonsense. The air is thin but not THAT thin. B-29 Superfortresses routinely flew at that height, via human piloting. You don't "need" an autopilot.
Firstly, the B-29 had the wings of a glider and cruised at 220 knots. The Airbus by contrast has swept wings optimized for cruise at .82 mach. What makes you think your intuition about the B29 is worth anything given the differences between those aircraft?
Secondly, the B29 was flown by autopilot in cruise. Preview "Bringing the Thunder" on Google books, page 155, for the memoirs of a B-29 pilot.
That said, this is not even an autopilot issue. The true source of this problem is the flight control system of the Airbus, which features a "self protection" system that intends to prevent the aircraft from stalling at any expense, and in this case, actively threatens the safety of the aircraft itself.
The truly frightening thing about this is that the air data computer clearly resumed normal operation at some point during the dive, and the aircraft was recoverable. Had this been a permanent failure of the air data computer, an airbus pilot has no way to override the aircraft's intentions and recover from the dive. An airbus pilot can only watch, as the airplane says, "No, really, I'm stalling, I have to hold the nose down and pick up airspeed!". With a failed ADC computer constantly and erroneously telling flight controls that the aircraft is in stall, an Airbus would dive, trying to recover, until it impacts the ground.
By contrast, A pilot of a Boeing aircraft can tell his aircraft that it's worldview is wrong and fly it by hand in any circumstance.
This represents a fundamental difference in philosophy. Airbus trusts the computer and the system more than it trusts the pilot -- It says that the probability of a systems failure causing incorrect control commands and threatening the aircraft is less than the probability of a confused, tired, or impaired pilot losing control of the aircraft. Boeing, by contrast, trusts the pilot more than it trusts the system.
There have been aircraft accidents where an Airbus aircraft has crashed in situations where a Boeing aircraft would have been flyable by a human pilot.
There have also been aircraft accidents where a Boeing aircraft has crashed due to incorrect pilot procedures which could have been overridden by an Airbus aircraft's flight control system.
Each philosophy has its risks and rewards.