indonesia LionAir crash

[barbos]

https://www.nytimes.com/2018/11/27/...tion=click&module=Top Stories&pgtype=Homepage

It did not take long (3 months) for a new and reportedly safer (!!!) plane to kill itself and its passengers. And the cause of disaster is this new safety feature. Long story short: Boeing added a system which prevents stalls but failed to mention it enough in the manual. In previous flight it malfunctioned but pilots were able to turn it off and land safely, then mechanics "fixed" it by replacing sensors which did not fix it, next flight pilots did not know about the system or how to turn it off and crashed. One can blame pilots for not familiarizing themselves with a new plane but how hard it is for a computer to realize that the pilots are not happy with what you (computer) are doing? They were fighting for 10 minutes, more than enough to have a conversation:
Computer: "What the fuck are you doing?"
Pilot: "No, what the fuck are YOU doing?!"
Computer: "Glad you asked, I am trying to prevent stall by putting nose down"
Pilot: "Stop doing it, we are not stalling"
Computer: Sensors say we are.
Pilot: Sensors are wrong, so stop fucking around,
Computer: OK, stopping.

I understand AirBus is particularly guilty of not taking pilots seriously and has had few crashes where pilots did not what and why was happening

And these air speed sensors are seriously faulty. One of the recent crashes happened because pilots forgot (!!!) to turn its heater on. Apparently it has to be done manually, I fail to understand why is that so. Also I don't understand why not to have more sensors and compare their readings and determine if there is a malfunction and then report it to the pilots? If I remember correctly french plane which crashed had 3 and was comparing their readings but it failed to make pilots aware of what happened, autopilot simply turned itself off without explaining why, pilots panicked and then stalled (ironically) the plane.

And more about these stupid airspeed sensors, there is a fucking GPS already, you can measure your absolute speed, then there are these acelerometers and gyroscopes which give you enough information to determine airspeed independently from these sensors.

 

[steve_bank]

In reliability engineering there is an idea that as you add complexity to a systm to make it more safe you end up making more unsafe.

There is a video of an Airbus crash at a Paris airshow. The pilot was making a low pass with wheels down. He got into a situation where he tried to pull up but the computer would not let him. The computer thought the pilot would stall.

There also can be limits in fly by wire systems on gs. It won't let you exceed a limit in a turn. The flip side is in an emergency you may need to pull a lot of gs.

Systems are complex beyond the ability of humans to fully comprehend. Commercial jets are possibly the most complex system.

 

[Worldtraveller]

The reason most airspeed (pitot/static tube combinations) don't have automatic heaters is that it would require installing another sensor on a system that can already be finicky as is. GPS isn't precise enough to use in general for commercial aviation, mostly due to the lag in the systems. It may be getting there, but from talking to a couple of systems guys I know at Boeing, that's one of the main reasons.

The other main reason (and this applies to lots of things on aircraft, not just the systems/sensors) is that the regulations still require analog/manual systems for pretty much everything, for safety/backup reasons. These are actually good regulations, and have done a lot to improve the safety of aviation, but a lot of times (as in this case), pilot/airline training doesn't keep up with the technical changes.

The airbus A320 at the airshow was one of 2 major incidents involving the computer wanting to do something that the pilot didn't. That resulted in 3 fatalities. The second incident I know of happened about a year later after the 'bug' was supposedly fixed. Luckily, the pilot managed to over ride the flight computer, since that aircraft was full of passengers.

This latest incident really sounds like it's a matter that the airline did not properly train pilots on the new system .

 

[barbos]

In reliability engineering there is an idea that as you add complexity to a systm to make it more safe you end up making more unsafe.

This is what happened here, but I doubt boeing knew about such idea.

There is a video of an Airbus crash at a Paris airshow. The pilot was making a low pass with wheels down. He got into a situation where he tried to pull up but the computer would not let him. The computer thought the pilot would stall.

I believe you are talking about this
It did not have anti-stall system, pilots simply stalled it.

There also can be limits in fly by wire systems on gs. It won't let you exceed a limit in a turn. The flip side is in an emergency you may need to pull a lot of gs.

Systems are complex beyond the ability of humans to fully comprehend. Commercial jets are possibly the most complex system.

Well, I would argue that safety system is too dumb and it caused a crash.

 

[barbos]

The reason most airspeed (pitot/static tube combinations) don't have automatic heaters is that it would require installing another sensor on a system that can already be finicky as is.

Why not? Pilot forgot to turn it on and plane crashed because of it.

GPS isn't precise enough to use in general for commercial aviation, mostly due to the lag in the systems. It may be getting there, but from talking to a couple of systems guys I know at Boeing, that's one of the main reasons.

GPS does not have lag, Current GPS does not have enough altitude accuracy, the rest is more than adequate if not excellent for everything plane needs. Of course, as I said, plane needs air-speed, not absolute speed, so some complications is required, but at the very least GPS can help to detect malfunction in other sensors. Plus new GPS receivers are order of magnitude more accurate. (20 cm)

The other main reason (and this applies to lots of things on aircraft, not just the systems/sensors) is that the regulations still require analog/manual systems for pretty much everything, for safety/backup reasons.

No, they don't require that anymore. There is no analog anything anymore.

These are actually good regulations, and have done a lot to improve the safety of aviation, but a lot of times (as in this case), pilot/airline training doesn't keep up with the technical changes.

According to news, Prior to crash Boeing only mentioned the name of the system without even explaining what is does.
They apparently thought it was so reliable that nobody would ever need to switch it off.

The airbus A320 at the airshow was one of 2 major incidents involving the computer wanting to do something that the pilot didn't. That resulted in 3 fatalities.

No, official blame was on pilots and they were charged with that.

The second incident I know of happened about a year later after the 'bug' was supposedly fixed. Luckily, the pilot managed to over ride the flight computer, since that aircraft was full of passengers.

This latest incident really sounds like it's a matter that the airline did not properly train pilots on the new system .

Pilots around the world disagree, they put the blame on Boeing which only now started explaining this new system.
Solution is pretty simple, Computer should always tell the pilot what it is doing and why so the pilots can override it.Plus computer should account for possibility that sensors could be faulty.

 

[Jimmy Higgins]

Are analog attitude indicators problematic and get stuck? I would presumably want a gyro over a small LCD screen. Not often, but sometimes, the analog is better... heck we still are using the pitot tubes for velocity.

 

[barbos]

Are analog attitude indicators problematic and get stuck? I would presumably want a gyro over a small LCD screen. Not often, but sometimes, the analog is better... heck we still are using the pitot tubes for velocity.

Why are we talking about it? Analog (round) gauges are simply unnecessary dead weight. All modern planes have two pilots with two sets of LCD screens. All screens would have to die in order for it to be a big problem and even then I do think there is a some kind of minimal set of digits-only display for altitude-speed-orientation and such. I guess it can be called analog.

10 LCD screens and "analog" on top

I am not aware of any alternatives to pitot tubes. but yes, they do get stuck and crash modern jets way too often.

 

[Worldtraveller]

Are analog attitude indicators problematic and get stuck? I would presumably want a gyro over a small LCD screen. Not often, but sometimes, the analog is better... heck we still are using the pitot tubes for velocity.

There are a few recent exceptions that I know of (the new Boeing plane may be one), but until recently, the FAA interpreted FAR 25.1333 as either needing a non-powered backup, or at the very least, having a non-powered backup as the best/easiest option.

I work mostly on older aircraft anyway (and I'm a structures guy, not avionics), and I have yet to see a commercial aircraft without the non-powered instruments at least to meet the requirement above. That's not to say there aren't any, I have seen some newer business jets for instance, that don't have them.

Pitot tubes are required for airspeed regardless of the nature of the display, since airspeed is based on reading the difference between the static pressure and dynamic pressure. There is at least one incident I know of (out of Lima, Peru, I forget which airline) where the dynamic port was covered with tape on the ground, and the pilots didn't notice it on their walkaround. The plane crashed shortly after takeoff because they couldn't get accurate speed/altitude readings and went into the water at night.

I suspect the FAA might hit Boeing with some fines, and issue an AD requiring training and updating the flight manuals of the aircraft with this new system.

 

[Loren Pechtel]

In reliability engineering there is an idea that as you add complexity to a systm to make it more safe you end up making more unsafe.

Yeah, you have to evaluate the risk of the system doing something undesirable vs the benefit of it avoiding something undesirable.

There is a video of an Airbus crash at a Paris airshow. The pilot was making a low pass with wheels down. He got into a situation where he tried to pull up but the computer would not let him. The computer thought the pilot would stall.

There also can be limits in fly by wire systems on gs. It won't let you exceed a limit in a turn. The flip side is in an emergency you may need to pull a lot of gs.

Personally, I think the answer is an in-between approach: Let the plane enforce safety limits etc, but give the pilot a switch--big, obvious but under a cover. Hit that and the plane will quit trying to keep you from leaving the safe envelope and switch to announcing what it thinks the danger is, instead. In reality the plane may be confused about the envelope, in reality the choice may be between something risky and certain disaster.

I would also like the plane to have a better picture of the bottom of the airspace. We have the technology, give the fly-by-wire planes an elevation map of the world. Combine that with GPS and the plane knows where the terrain is and the fly-by-wire can avoid maneuvers that would cause it to hit that terrain. (And in a hijack scenario this could be made non-overridable--while hijackers could crash a plane through fuel exhaustion they couldn't 9/11 a target.)

 

[Loren Pechtel]

Are analog attitude indicators problematic and get stuck? I would presumably want a gyro over a small LCD screen. Not often, but sometimes, the analog is better... heck we still are using the pitot tubes for velocity.

Analog systems can be made to work without any power. Digital systems can't.

 

[bilby]

Are analog attitude indicators problematic and get stuck? I would presumably want a gyro over a small LCD screen. Not often, but sometimes, the analog is better... heck we still are using the pitot tubes for velocity.

There are a few recent exceptions that I know of (the new Boeing plane may be one), but until recently, the FAA interpreted FAR 25.1333 as either needing a non-powered backup, or at the very least, having a non-powered backup as the best/easiest option.

I work mostly on older aircraft anyway (and I'm a structures guy, not avionics), and I have yet to see a commercial aircraft without the non-powered instruments at least to meet the requirement above. That's not to say there aren't any, I have seen some newer business jets for instance, that don't have them.

Pitot tubes are required for airspeed regardless of the nature of the display, since airspeed is based on reading the difference between the static pressure and dynamic pressure. There is at least one incident I know of (out of Lima, Peru, I forget which airline) where the dynamic port was covered with tape on the ground, and the pilots didn't notice it on their walkaround. The plane crashed shortly after takeoff because they couldn't get accurate speed/altitude readings and went into the water at night.

I suspect the FAA might hit Boeing with some fines, and issue an AD requiring training and updating the flight manuals of the aircraft with this new system.

Brisbane has a problem with a local solitary mud-dauber wasp, which makes mud nests in small holes. They have a tendency to build them in the pitot tubes of aircraft at YBBN, unless the tubes are covered after landing - but of course that means that someone needs to ensure that they are uncovered before takeoff.

I believe it's now mandatory under CASA rules to inspect and cover pitot tubes at YBBN if the aircraft has been on the ground for more than two hours. We haven't had any crashes, but we have had aircraft forced to turn back to the airport after strange instrument readings at or shortly after takeoff.

 

[Jimmy Higgins]

Are analog attitude indicators problematic and get stuck? I would presumably want a gyro over a small LCD screen. Not often, but sometimes, the analog is better... heck we still are using the pitot tubes for velocity.

Analog systems can be made to work without any power. Digital systems can't.

Yes, thank you for that random reply.

 

[barbos]

Are analog attitude indicators problematic and get stuck? I would presumably want a gyro over a small LCD screen. Not often, but sometimes, the analog is better... heck we still are using the pitot tubes for velocity.

Analog systems can be made to work without any power. Digital systems can't.

Too bad that without power these working systems are useless on big planes

 

[barbos]

I suspect the FAA might hit Boeing with some fines, and issue an AD requiring training and updating the flight manuals of the aircraft with this new system.

I think it's much worse than that. Boeing introduced a system which crashed a plane in a matter of months since introduction.

 

[barbos]

The 737 MAX is an airframe design that dates back to 1967. It is the latest in Boeing's line-up, includes a "fly-by-wire" (that is, computer controlled) electronic flight control system and highly efficient turbofan engines. Because the engines are also more powerful and heavier than previous versions of the airplane, the tendency for an "underslung" (under the wing) mounted engine to cause the nose of the airplane to rise when thrust is increased, especially at lower airspeeds, becomes more pronounced.
Boeing compensated for the nose-up tendency by programming the flight control computers to apply nose-down stabilizer trim automatically, a function that is invisible to the pilot even when hand-flying the airplane.

Looks like the reason for this system is engines which are too powerful.
So turning it permanently off is not really a good option. Boeing is in serious shit.

How can pilots compensate for a malfunction if they are not aware of how it works? And recognition is key. If crews don't understand the abnormality, they can't react via an appropriate emergency checklist. For Lion Air, their altitude of 5,000 feet didn't leave much time to analyze the situation and then react.

This is a crust of the problem. Pilots simply don't know what and why is happening.

 

[Jimmy Higgins]

Personally, I think the answer is an in-between approach: Let the plane enforce safety limits etc, but give the pilot a switch--big, obvious but under a cover. Hit that and the plane will quit trying to keep you from leaving the safe envelope and switch to announcing what it thinks the danger is, instead. In reality the plane may be confused about the envelope, in reality the choice may be between something risky and certain disaster.

It seems many crashes occur either when the plane fucks up or the pilots only think the plane is fucking up, but it isn't. There is no reconciling this.

I would also like the plane to have a better picture of the bottom of the airspace. We have the technology, give the fly-by-wire planes an elevation map of the world. Combine that with GPS and the plane knows where the terrain is and the fly-by-wire can avoid maneuvers that would cause it to hit that terrain. (And in a hijack scenario this could be made non-overridable--while hijackers could crash a plane through fuel exhaustion they couldn't 9/11 a target.)

Two crashed into towers, not the ground. The funny thing about this would make the landing in the Hudson impossible as well.

 

[Loren Pechtel]

Are analog attitude indicators problematic and get stuck? I would presumably want a gyro over a small LCD screen. Not often, but sometimes, the analog is better... heck we still are using the pitot tubes for velocity.

Analog systems can be made to work without any power. Digital systems can't.

Yes, thank you for that random reply.

It's not random--I was giving a good reason for having some analog backup instruments.

 

[Loren Pechtel]

I would also like the plane to have a better picture of the bottom of the airspace. We have the technology, give the fly-by-wire planes an elevation map of the world. Combine that with GPS and the plane knows where the terrain is and the fly-by-wire can avoid maneuvers that would cause it to hit that terrain. (And in a hijack scenario this could be made non-overridable--while hijackers could crash a plane through fuel exhaustion they couldn't 9/11 a target.)

Two crashed into towers, not the ground. The funny thing about this would make the landing in the Hudson impossible as well.

The terrain map would include the buildings. In hijack mode it would have forced the plane to climb over the towers instead of impacting. And since the Hudson plane wasn't hijacked the pilot could have turned it off.

 

[steve_bank]

In reliability engineering there is an idea that as you add complexity to a systm to make it more safe you end up making more unsafe.

Yeah, you have to evaluate the risk of the system doing something undesirable vs the benefit of it avoiding something undesirable.

There is a video of an Airbus crash at a Paris airshow. The pilot was making a low pass with wheels down. He got into a situation where he tried to pull up but the computer would not let him. The computer thought the pilot would stall.

There also can be limits in fly by wire systems on gs. It won't let you exceed a limit in a turn. The flip side is in an emergency you may need to pull a lot of gs.

Personally, I think the answer is an in-between approach: Let the plane enforce safety limits etc, but give the pilot a switch--big, obvious but under a cover. Hit that and the plane will quit trying to keep you from leaving the safe envelope and switch to announcing what it thinks the danger is, instead. In reality the plane may be confused about the envelope, in reality the choice may be between something risky and certain disaster.

I would also like the plane to have a better picture of the bottom of the airspace. We have the technology, give the fly-by-wire planes an elevation map of the world. Combine that with GPS and the plane knows where the terrain is and the fly-by-wire can avoid maneuvers that would cause it to hit that terrain. (And in a hijack scenario this could be made non-overridable--while hijackers could crash a plane through fuel exhaustion they couldn't 9/11 a target.)

At least through the 90s the Air Bus policy was computer over pilot, and Boeing was the opposite. U worked on avionics that went into Air Bus and Boeing and went through aircraft certification.

The black box level and aircraft level certification process is pretty rigorous. Sometimes bugs get through but are usual minor. In designing test plans an obscure not so obvious set of events are not tested for.

Out at Everett Boeing has alarge structure where complete airframes are twisted and bent while pressure is cycled.

Back in the 80s a jet went down when a single thrust reverser deployed ib flight, Now there are indendnet redundant back up systems that will force a thrust reverser to stow it if deploys in flight. Safety is an evolutionary process.

 

[barbos]

Another Boeing 737 max crash.
https://edition.cnn.com/world/live-news/ethiopian-airlines-plane-crash/index.html

This is becoming a statistics