Slashdot Mirror
Investigators Suspect Computers Doomed Air France Jet
DesScorp writes "Investigators working with the wreckage of Air France flight 447 believe the aircraft suffered cascading system failures with the on-board computers, eliminating the automation the aircraft needed to stay aloft. 'Relying on backup instruments, the Air France pilots apparently struggled to restart flight-management computers even as their plane may have begun breaking up from excessive speed,' reports the Wall Street Journal. Computer malfunctions may not be an isolated incident on the Airbus A330, as the NTSB is now investigating two other flights 'in which airspeed and altitude indications in the cockpits of Airbus A330 aircraft may have malfunctioned.'"
A bug in software! This is like the article about how RMS has the same opinion he had a month ago.
I believe that the Airbus aircraft are pure fly-by-wire (die-by-wire). Meaning they have no physical connections between the cockpit controls and the control surfaces. No hydraulics, no cables, nuttin.
So, when the computers went bye bye, then everyone was in a huge version of a paper airplane.
Computers should not fly planes unless you have an ejector seat.
When Fascism comes to America, it will call itself Anti-Fascism, and tell you to give up your guns.
I'll trust human reaction ahead of computerized flight, any day.
Well, you're out of luck there. The Airbus design is 100% fly-by-wire. It's my understanding that if and when the computers failed, there was essentially nothing that the pilots could have done. In fact, it's my understanding that the transmissions from the plane once the failure had occured were rather horrific in part because the pilots knew this for at least several minutes before the crash.
I'm not sure what design changes would have to be made to the Airbus planes to incorporate manual override functionality. I do know that it would quickly become a matter of fighting-fury Nationalism on the part of the Europeans if the outcome of this study were that the Airbus planes, like the Boeing planes that already have manual override, need a retrofit to be allowed to continue to fly over the US.
I am not an expert on any of this, and I'm sure others can add more to suppliment or refute what I say.
Airbus still have rudimentary mechanical connections to the control surfaces, enough to hold a level flight and conduct a visual approach. Everything else would never get an airworthiness certificate. In Airbus planes, the flight computer is directly between the pilots input and the control surfaces and in nomal flight mode, it doesn't pipe that input through if it thinks the pilot inputs are bogus or unsafe.
Everywhere I've looked I've read about the computer switching to lower and "no protection" modes when it detects that critical sensors send implausible or conflicting data, to avoid the garbage-in garbage-out scenario. Which sounds fine at first.
And then I thought about the probably very rare event when all redundant sensors report the samefaulty data, when the dataset passes all sanity checks because all sensors are off by the same amount or experience the same malfunction. (Airbus and Air France seemed to have made the blunder to build a sensor redundancy group with pitot tubes from the same supplier which is a serious WTF?! in itself. I just hope they didn't chose the same or similar model.) Now let's say all pitot tubes are covered in ice and register the same value for forward airspeed which seems much lower than it really is: the computer will now spool up the engines and prevent a stall which to it seems inevitable otherwise. Compared to a human pilot, it has no real heuristics, no gut feeling and no method of interpreting vibration, sound and other clues to decide properly to discard ALL input values from the entire redundant group of sensors and insted rely on indirect cues to airspeed and possible airframe stress from overspeed.
I think Airbus will have to incorporate a flight envelope protection kill switch, a large red button to disable any influence the computer takes on the movement commands, forcing it to translate all pilot inputs directly to the servos after the kill switch is activated.
Pilots do make mistakes or cannot input fast enough to compensate for turbulence and crosswinds, which is why computerized control is a pretty useful tool - but as computers, software and sensors can fail - and fail in absolutely unpredictable ways, there should be a method to always override computer flight envelope protection. Merely pushing the stick against the computer should not be enough - it must require the pilot to willfully and explicitly enable an override mode.
With the pilots willfully and explicitly wanting to disable the computer, the pilot's will must take precedence. "Sorry Dave, I can't let you do that" is no acceptable scenario.
The simple fact of the matter is this: we put redundancy into aircraft for reasons of safety. This is one reason why I've never like the Airbus system - if the computers fail (as redundant as they may be), the pilots are shit outta luck. I've always considered them to have a bit of a God Complex, contending that they could write software and make hardware to run it on that was more reliable than the current manual backup systems. I've always wondered why nobody considers this total detachment of pilot control in an emergency "acceptable" - computer error can be just as deadly a problem as pilot error, but if the computer has failed, I trust the pilot a million times more.
As a software engineer, I know how crappy your average software is, and since my company builds custom hardware to run the software on, I'm well aware of how high defect rates can run, even with top-shelf components and manufacturing techniques. As we try to make everything in the system software-driven, we need to realize just how stupid software systems are when inputs go outside nominal ranges, and how fragile hardware can be when they *oops* used a set of chinese knockoff capacitors in the latest aircraft electronics, and nobody noticed. This shit happens all the time, so it's absolutely retarded to not have a fully-manual backup mode. Sure, maybe the manual backup will fail. Sure, maybe the pilot will screw-up. But it's stupid not to give them the chance to succeed.
I hope this crash (and other recent incidents) help bring to light how stupid the Airbus control philosophy is. Christ, if they think the pilots are useless, they should just install ILS at every single major airport and let the computers fly the planes.
Man is the animal that laughs.
And occasionally whores for Karma.