Slashdot Mirror
Fly-By-Wire Contributed To Air France 447 Disaster
Hugh Pickens writes "The Telegraph reports that although fly-by-wire technology has huge advantages, Airbus's 'brilliant' aircraft design may have contributed to one of the world's worst aviation disasters and the deaths of all 228 passengers onboard Air France Flight 447 from Rio de Janeiro to Paris. While there is no doubt that at least one of AF447's pilots made a fatal and sustained mistake, the errors committed by the pilot doing the flying were not corrected by his more experienced colleagues because they did not know he was behaving in a manner bound to induce a stall. The reason for that fatal lack of awareness lies partly in the design of the control stick – the 'side stick' – used in all Airbus cockpits. 'Most Airbus pilots I know love it because of the reliable automation that allows you to manage situations and not be so fatigued by the mechanics of flying,' says Stephen King of the British Airline Pilots' Association. But the fact that the second pilot's stick stays in neutral whatever there is input to the other is not a good thing. 'It's not immediately apparent to one pilot what the other may be doing with the control stick, unless he makes a big effort to look across to the other side of the flight deck, which is not easy. In any case, the side stick is held back for only a few seconds, so you have to see the action being taken.'"
This topic has been beaten to death by professional pilots and aviation experts on pprune.
When i read the annotated black box transcript a few weeks ago, i asked airplane experts about this. They told me:
If one pilot pulls and the other pushes the stick, there is an optical and audio signal.
Also the person was questioned if he pulls the stick and he confirmed it. Unluckily it was already too late by then.
I am no expert, but the root cause was IMHO the crew ressource management and training problem.
Did the same person write the title and the summary of this story? Fly by wire has nothing to do with the control stick and everything to do with how the control inputs are sent to the control surfaces; some control schemes simply permit some cockpit/stick design decisions that in turn led to what the story is actually talking about... Though, you know, I think they should go back to lever & cable systems, then the pilot wouldn't be able to stall the aircraft because he'd never be able to exert enough force to pitch up. :P
Even as you read this, your pants are strangling your loins! Aaa!
The problem described in the summary has nothing whatsoever to do with fly-by-wire. Yes, there may be an opportunity for improvement in that there should be some force feedback from one stick to the other. By that does not mean the plane can not be flown by wire. Plus, the fundamental issue in this accident is an operator mistake not corrected for by the other people present. I.e. it's a crew training & management issue.
Just in case this is a Boeing fan doing some Airbus bashing: Boeing is using fly by wire as well in the 777 and later designs.
I wondered why the pilots didn't respond to a stall by instinct. The feel of the plane should have been a major clue that something was wrong with their course of action. A lack of feel in the FBW system would certainly be a contributing factor in this kind of situation.
The problem is your "feel" could be completely wrong when you lack visual clues and lead you to actions that worsen a situation. Pilots are trained to trust their instruments rather than what their body is telling them because of this.
I'm a consultant - I convert gibberish into cash-flow.
While there is no doubt that at least one of AF447's pilots made a fatal and sustained mistake, we still will blame the competitions system, so that they will buy ours and not theirs.
Don't get me wrong, Airbus would do the same. Or at least all of the governments involved.
Don't fight for your country, if your country does not fight for you.
FYI they belly-flopped the plane, the nose was actually pointing up the whole time they were falling.
Are you under the impression that The Telegraph is an American publication?
Where's the editorial control today? How did they sneak this obvious industrial hit-piece past the editors? Didn't have your coffe yet huh?
And as there are mostly americans here on slashdot people will be only too willing to drink to anti-European kool aid.
I expected better from slashdot.
It's the same reason why a motion simulator ride at an amusement park can be so convincing. You feel like you are flying but you are sitting right there. Tilting backwards feels very similar to forward acceleration. Flying in a controlled banked turn feels alot like sitting still.
I love Jesus, except for his foreign policy.
Or somebody could have looked at the artificial horizon at any point, at the GPS ground speed indicator and/or the altimeter during the climb phase.
Only the airspeed indicators were out, and not even for the whole time. Were the pilots not looking at ANY of their instruments?
It's not a logical fallacy, the use of the term "begs the question" has meant "raises the question" for quite some time now, it's mostly just pedantic assholes that refuse to recognize the difference.
Red herring #1: This isn't news.
--Maybe not to some of us. But TFA is new, and in a more general publication than the sources many of you have cited.
Red herring #2: This is an American anti-Airbus hit piece.
--Probably not. The Telegraph is a UK publication, and the title seems deliberately designed NOT to call out Airbus. See #3...
Red herring #3: The title blames FBW, that is a separate issue from back-driven controls.
--Quite right. Perhaps the author wished to avoid seeming anti-Airbus; perhaps he just wasn't precise in his phrasing. You sure don't have to read far to find out the truth.
Red herring #4: This is bullshit. The pilots fucked up.
--Perhaps you're not familiar with the English phrase "contributed to." It doesn't mean the same as "caused." In any safety-critical occupation, a piece of equipment that obscures the actions of one of the team members impedes the type of cross-checking that was a major reason for using a team in the first place.
No system is perfect. People are perfectly free to say that they think this is a minor issue which will only come up in very rare circumstances, more than compensated for by merits of the side-stick. Others might argue that the risks outweigh the benefits. I am smart enough to know that I am not qualified to have an opinion on the issue.
I'm just tired of the hysteria here.
a big effort to look across to the other side of the flight deck, which is not easy
Now, it's a long time since I've been on a flight deck, but they weren't that big. What's changed so much that it's such a huge imposition for someone to look at the guy in the other seat and see "oh yes, he's pulling back on the stick" and then maybe slap him around the head until he stops.
politicians are like babies' nappies: they should both be changed regularly and for the same reasons
in my opinion the biggest issue was that the pilots weren't aware of the huge angle of attack (AOA) that they were maintaining, and AFAIK they didn't have an AOA indicator in the cockpit. it was also dark and in a big storm, thus there were no external references.
they had the plane pitched up about 10 degrees, which is not that big. they also had speed - they were close, but not below stall speed. but at the same time they were falling badly, which meant their angle of attack on the wing leading edge was at least 30 degrees if not more.
remember that the basic reason of a stall is always high AOA - not speed, not pitch, but high AOA.
of course, you 'should' be able to put it together - high pitch, large negative vertical speed -> high AOA. it seems the young co-pilot didn't. :(
Yeah! Let's go smash up some looms!
They did get stall warnings, but only when they (briefly!) tried to put the nose down a bit, early on in the transcript. Pulling the nose back up, the stall warning went away - the plane's stall warning couldn't work at such low airspeeds or AoA (angle of attack).
So they had an alerting system that responded counter-intuitively. Pulling the nose up into a deeper stall actually made the stall warning go away. I've read on pprune that many pilots consider that if commercial airliners had AoA displayed in the cockpit (plus the training to use them) - apparently modern aircraft are already measuring AoA, it's just not displayed - it would be a far less ambiguous indication of stall and how deep it is, as opposed to guessing from a combination of airspeed, flap/slat settings, weight, attitude & wing loading.
yes, this was how the whole thing started - that they got an incorrect airspeed indication, and thus the autopilot disengaged. after a short while, the speed indication was correct again. unfortunately, human errors added up starting from there.
although I would argue that the first mistake that they made was to fly into the storm, which every one else navigated around at that time. in aviation, you have to have at least 3 mistakes in a row to have an accident - here, flying into the storm, the frozen airspace indicator and then human error.
The airspeed dropped to a level where it was ambiguous (below something like 60 knots indicated), and that killed the stall warning. It reactivated when they pushed the nose down, which increased the airspeed to above the threshold.
The stall detectors base their alert on the amount of airflow and pressure on certain parts of the wing. At certain angles and speeds, there is either too much lift-like pressure generated(despite still being in a stall) or there is insufficient airflow to trigger the sensor, even to alert to the lack of airflow. More or less, it just assumes you aren't flying anymore since as far as the system can tell, there is no longer wind over the wing
If the only way you can accept an assertion is by faith, then you are conceding that it can't be taken on its own merits
So.... wouldn't the computer system take landing gear configuration and altitude into account in order to determine that "not flying anymore" must mean FSCKING STALLING?
When one pilot takes over flying, whether mechanical, hydraulic, or electronic controls, a confirmation is supposed to happen -- something like "You have the plane" and an acknowledgement. This has been true for several decades. It doesn't make sense to blame fly by wire if the pilots the did not use the established protocol, and it is not even clear whether the pilots did.
No, that's not what happened at all. It's quite clear what happened. The one pilot was a fucking moron, and he had the stick pulled back the entire goddamn time they were stalled out and falling out of the sky. The other pilot had his stick pushed forward, trying to nose it down and gain some airspeed. The piece of shit computer system on the Airbus averaged the two inputs, finally concluding that keeping the control surfaces level was a good compromise. Only seconds before impact did the junior pilot (who should have never been behind the stick of a Cessna, let alone a commercial aircraft) release his control stick, allowing the aircraft to begin recovering, but by then it was too late.
This is more of a loss of instrument data problem. The pilots (and the computers) did not have reliable altitude, airspeed, or vertical speed information. They were in a storm at night. Read the third interim report, which has the data from the flight recorders. See section 1.16.6, "Reconstruction of information available to the crew".
Bear in mind that this event started with loss of airspeed information: "The PF then said âoeWe haven't got good ... We haven't got a good display ...of speed"
and the PNF "We've lost the speeds"." This was due to pitot tube icing. From the voice recorder information, it appears that the pilots never again trusted the airspeed information presented. The speed data did come back for a while, but then was lost again.
The aircraft was then in a high altitude stall: The airplane's parameters were then: altitude about 35,800 ft, vertical speed -9,100 ft/min, computed speed 100 kt and falling, pitch attitude 12 deg. and engine N1 for both engines at 102%. But one of the pilots said At 2 h 12 min 04, the PF said that he thought that they were in an overspeed situation, perhaps because a strong aerodynamic noise dominated in the cockpit. The report says "Despite several references to the altitude, which was falling, none of the three crew members seemed to be able to determine which information to rely on: for them, the pitch attitude, roll and thrust values could seem inconsistent with the vertical speed and altitude values."
Again, this is in a storm, at night, over ocean. All the crew has is its instruments. The crew misjudged which data was correct and which was wrong. Still, they had several minutes, three pilots, and plenty of airspace and altitude to deal with the problem. There was a way out. If the initial events had happened over high mountains, there would have been far less time to deal with the situation.
There are fighters which are designed unstable for maneuverability and can't fly at all if they lose their air data inputs. They have ejection seats. Transport aircraft are more stable and can manually flown without air data inputs, but it's not easy. A technical argument here is that aircraft with computer-assisted flight controls should have much more redundancy in the basic air data inputs (altitude and airspeed). If the sensors had worked, the computers would have prevented this. The Airbus had three pitot probes, but they were all the same, and vulnerable to icing. It may be appropriate to require some completely different sensors, mounted on different parts of the aircraft, as a backup.
Much of the blame belongs to Thales, which built the pitot probes. There were known problems with those probes before this crash. Air France has since replaced all Thales probes with Goodrich probes.
I find the half-assed approach when it comes to automation disconcerting. Either let the computers fly it and the humans are simply there as adjuncts and baby sitters, or let the humans fly it and the computer just corrects for fuck-ups. But in this case it was bunk information that confused even the computer. Blacking out screens is sort of a half-assed way to go about telling the world you're confused.
And why is it they still use Pitot tubes when GPS has fairly high resolution in three dimensions?
What did Chernobyl, Three Mile Island and the Space Shuttle Challenger have in common?
All three disasters were due to erroneous decisions made by (otherwise) smart, trained people at the wee hours of the morning. This has been shown to be have a bad effect on human decision making,
So the first thing I noticed was the fact that this disaster happened at 2am (not sure what time zone it was in or what time zone the pilots were in but you get the point).
Obviously someone has to be awake at all times to fly a plane (or operate a nuclear plant) but perhaps they could've timed the captain's rest better and made it clearer who was in charge when he was asleep.
Some time ago I read a lot about the stupid Airbus stick control which "averages" the movements of both pilots and *does not* have force feedback.
How I saw it was that while the pilots *knew* the plane was stalling, they did not know *why*. That piece of information could have been obtained with a typical joystick system were both pilots' sticks are mechanically connected (coupled).
I even remember a study (in 1987) where pilots explicitly prefered coupled sticks :
In a 1987 evaluation of side stick controllers Summers et al (1987) found that under simulated ‘surprise’ hand overs pilots Cooper Harper rating of the schemes were (in descending order):
Coupled sides sticks with algebraically summed inputs (1.4),
Uncoupled side sticks with algebraically summed inputs and disconnect switch (final A320 implementation) (1.8),
Uncoupled with algebraically summed inputs and priority logic (original A320 implementation) (3.3), and
Uncoupled side sticks with with algebraically summed inputs (3.4).
Why did Airbus decided to use uncoupled sticks? that will always remain a mistery to me.
I've done a little researching on the A330's sensor system, and here is what I have found. Firstly, this article describes pilot union concerns about the official report, and details some interesting facts about the stall warning system. Specifically, the stall warning system on the A330 sounded for 50 consecutive seconds before ceasing. This was apparently due to the computer system automatically turning off the warning once the plane had dropped below 70 miles per hour, since that speed was supposed to be far outside the operating parameters of the plane. When the pilots finally pointed the nose down and gained airspeed, the stall warning began to sound again.
Here is another very interesting and authoritative article on the specifics of the A330 stall and angle of attack systems. The A330 does in fact use an angle of attack vane as pictured in the linked article. Interestingly, according to the article, the angle of attack is not actually displayed clearly or at all in the cockpit. This seems to me to be a gross design deficiency in the A330.
So, here is how I see it. The airspeed pitots were almost certainly frozen, causing the pilots and the computer to lose knowledge of the speed of the air over the aircraft. However, the angle of attack indicator was based on different system, a vane, which was likely not affected by ice. The stall warnings in the aircraft were likely based largely on the computers sensor inputs from the angle of attack indicators. Thus, the pilot should probably have known, based on the stall warnings that the airplane had a high angle of attack, which was resulting in a stall. They should probably have suspected their pitots were iced, and known that the stall system was based on different sensor inputs. However, the fact that the stall warnings stopped due to low airspeed, and the fact that the angle of attack reading was not easy or possible to see contributed to the pilots' mistaken control inputs. In other words, the pilots likely should have known better, but the design of the instrument display and warning system had significant flaws.
This and no other is the root from which a tyrant springs; when first he appears as a protector - Plato (423 to 327 BC)
Yeah, I get the joke, so don't bother with whooshing.
The thing that always amuses (yet frustrates) me is that the Luddites weren't against technology, they were against workers being replaced by machines. If the mills had kept the same workforce but doubled production, diversified, or whatever, they wouldn't have complained.
A true Luddite would not complain about fly-by-wire as it's not replacing anyone. They'd applaud it because it was enhancing the skills of the people who were there.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Every component in the system introduces the possibility of error, agreed.
People can detect and correct certain classes of error better than machines, but machines can detect and correct certain classes of error better than people.
People can self-repair, to an extent. Blake's 7 Liberator-style auto-repair is still sci-fi. Sadly.
Well-trained humans can identify errors in their training but can also forget the training that is correct. Computers cannot (yet) do either.
A perfect balance is what we need.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
...which are fly by wire.
First, I fail to see the relationship between joysticks and tactile feedback, secondly it's very possible and often done for fly by wire systems to provide force feedback and other haptic ques. The failure is with the designers of the system who opted to omit such feedback, not intrinsic to fly by wire.