September 10, 2011
Stupidity Kills
This is a post on a matter just a bit too serious for Bridgebunnies, and it has nothing to do with Houston. On the other hand, it fits here perfectly. Let me put to you a simple physics question, to see if you understand the notions of airplane thrust, lift, and piloting in general.
You are the pilot of a jet airliner with 200+ passengers aboard. For reasons that are not your fault, something has gone seriously wrong. The weather is extremely foul outside -- you're in the middle of a very nasty thunderstorm. The autopilot has just shut itself off. You are at cruising altitude, but airspeed indications are unreliable and the stall warning is sounding. At least the engines seem to be operating normally. What do you do?
A. Push the engines to the max, and lower the nose of the aircraft to pick up speed.
B. Reengage the autopilot and make the computer sort it out.
C. Push the engines to the max, and pull the nose up to gain altitude, then throttle back to idle.
D. Break out the laptops and play games until you overshoot your airport by an hour.
Got your answer? Go below the fold.
If you picked B. you're being silly, because you can't make the computer do anything; it will just kick back into manual mode, because that's what it's programmed to do.
If you picked D, you probably will never fly for a commercial passenger airline again, much like the idiots who overflew a midwest airport last year.
If you picked A, congratulations, you understand the basics of air flight.
If you picked C, congratulations, you're fully qualified to fly for Air France!
That's right. Some of you may remember Air France flight 447, which disappeared in a thunderstorm over the Atlantic, while flying from Rio de Janeiro to Paris with 228 aboard back in 2009. After two years of searching, the black boxes were recovered and found to be readable last May. The preliminary reports were released in July, and they are pretty damning, of both Airbus and Air France.
I hadn't realized they were found until a local blogger friend by the nom de plume of Rorschach had commented on it last April. Give credit where it's due -- while he misidentified the rudder as the source of the problem, he also penned this prophetic passage:
The design philosophy of the Fly-By-Wire system is also different from that of Boeing designs. EADS programmed the aircraft controls to only perform the maneuvers that the computer, taking all of the design loads of the structures involved into account, decides the aircraft can do safely. But when equipment is designed, the design load is usually several times smaller than the calculated load at failure. This difference is called safety margin which is often 4 or more times the design load. Further, structural materials are rated for their minimum strength, which they ALWAYS exceed in real life, so there are levels of safety piled upon more levels of safety so the maneuver could be much more aggressive than the system would allow and still be completed safely.
But the Airbus system will not perform it regardless of the actual safety margin available, taking that decision away from the pilot. The Boeing system is predicated on the notion that the Pilot, and not the aircraft, knows what is best for the situation at hand. The system will warn the pilot when he is departing from the safe operating envelope of the airframe but will continue to allow the maneuver up to the absolute bare minimum safety margin on the assumption that if the pilot is commanding such a radical maneuver the aircraft must be in imminent danger of collision/crash and the pilot is given every bit of control the airframe can muster in order to save the aircraft. As you can see, this is a significant difference in design philosophy [from Airbus]. The pilot is deemed to need to be saved from himself at all times. Further, since the system assumes that the computer will actually be in control of the aircraft at all times, there is no feedback mechanism in the Airbus's flight controls. The pilot has a joystick which has no force-feedback so he cannot "feel" when he is approaching the flight rule design limits. The Boeing system makes the controls increasingly stiff as the aircraft is deemed to be departing the safe envelope and shakes them when the aircraft is approaching the "hard limits" or when the aircraft begins to stall as well as activating the stall warning horn. This philosophy of saving the pilot from himself breeds complacency by the pilots who do not practice emergency procedures as often because they believe that the computer will save them.
Let me point out that such a a "shaker system" is built into many (if not all) of the single-engine recreational aircraft operated in the U.S. today.
From the Wikipedia article: "An interim report from the BEA on 27 May 2011 revealed that the aircraft crashed following an aerodynamic stall. It further revealed that minutes prior to the crash, the pitot tubes (speed sensors) started to give inconsistent readings. The cause of the faulty readings is yet to be determined, but a theory is that ice formed on the pitot tubes, which would have caused them to freeze, giving inconsistent measurements owing to their reliance on air pressure measurements to give speed readings. A later report from the BEA, released on 29 July 2011, indicated that the pilots had not been trained to fly the aircraft "in manual mode or to promptly recognize and respond to a speed-sensor malfunction at high altitude", nor that this was a standard training requirement at the time of the accident."
Let me repeat that astounding bit of information. THE PILOTS WERE NOT TRAINED TO FLY THE AIRCRAFT IN MANUAL MODE.
Jaw. Dropping. But again, Rorschach explains:
All of the A3XX series (except the 310) utilize a flight control computer to control the aircraft because they are designed to be aerodynamically unstable and cannot be controlled by a human. This allows the control surfaces to be much smaller limiting drag and the associated fuel consumption. A very small control surface change results in a very large change in the aircraft's attitude. The A310 is aerodynamically stable, but just barely. (emphasis added)
Flight 447 was an Airbus 330, and they have issues with weak rudders -- Ror correctly deduced that the pitot tubes had iced (a known issue), but theorized that the plane had gone into overspeed, and induced a "Mach tuck" by hitting the sound barrier, and that the pilot had sheared the rudder off by over-controlling in the recovery. In fact, some maneuvers just before everything went to hell makes it look like the pilot had that possibility in mind due to the turbulence.
But what actually happened is a splendid example (if 200+ dead can be "splendid") of undertrained people having to deal with a bad situation and little margin for error. Summarizing the Wikipedia article:
The autopilot disengaged when the airspeed indicators started disagreeing with each other. None of the three computers agreed as to how fast the airplane was going. The plane started to roll right, so the pilot pulled left and up. The stall alarm went off, as the plane started to climb. The airspeed indicators started showing anything from 60 to 275 knots. The pilot continued to pull the nose up, and they reached maximum altitude moments later, with the power at max. The plane was in a stall condition but the stall warnings stopped, as all airspeed indications were now considered invalid by the aircraft's computer; either due to low speed or the high nose angle.
In other words, the plane was oriented nose-up but descending steeply. As a result, the plane was passing through the air "belly-first," which airspeed sensors are not designed for, and the aircraft's computer thus deemed the airspeed readings invalid (not that they were very valid to start due to icing).. The plane was now on a three-and-a-half minute doom ride to the ocean. About twenty seconds later, the pilot dropped the nose a bit, which re-validated the computer stall warning, and the alarm sounded. Confused, the pilot pulled the nose back up. The plane was descending at almost 11,000 feet per minute, a fact of which the pilots were aware, but they weren't sure they could trust their instruments.
The final note is brutal in its antiseptic simplicity:
The recordings stopped at 4 hours 14 minutes and 28 seconds absolute time (02:14:28 UTC), or 3 hours 45 minutes after takeoff. At that point, the plane's ground speed was 107 knots, and it was descending at 10,912 feet per minute, with the engines' N1's at 55%. Its pitch was 16.2 degrees (nose up), with a roll angle of 5.3 degrees left. During its descent the plane had turned more than 180 degrees to the right to a compass heading of 270 degrees. The plane was stalled during its entire 3 minute 30 second descent from 38,000 feet.
The third interim report added several conclusions:
The A330 has a rather checkered history. As of June 2011, the Airbus A330 had been involved in thirteen major incidents, including six confirmed hull-loss accidents and two hijackings (which can't be held against it of course), for a total of 338 fatalities.
It has been observed that in the modern age, for a major disaster to happen, a whole lot of things have to go wrong. Once again, that is shown to be true. Brilliance is transitory -- but stupidity is forever, and only eternal vigilance will keep its deadly results at bay.
Comments are disabled.
Post is locked.
You are the pilot of a jet airliner with 200+ passengers aboard. For reasons that are not your fault, something has gone seriously wrong. The weather is extremely foul outside -- you're in the middle of a very nasty thunderstorm. The autopilot has just shut itself off. You are at cruising altitude, but airspeed indications are unreliable and the stall warning is sounding. At least the engines seem to be operating normally. What do you do?
A. Push the engines to the max, and lower the nose of the aircraft to pick up speed.
B. Reengage the autopilot and make the computer sort it out.
C. Push the engines to the max, and pull the nose up to gain altitude, then throttle back to idle.
D. Break out the laptops and play games until you overshoot your airport by an hour.
Got your answer? Go below the fold.
If you picked B. you're being silly, because you can't make the computer do anything; it will just kick back into manual mode, because that's what it's programmed to do.
If you picked D, you probably will never fly for a commercial passenger airline again, much like the idiots who overflew a midwest airport last year.
If you picked A, congratulations, you understand the basics of air flight.
If you picked C, congratulations, you're fully qualified to fly for Air France!
That's right. Some of you may remember Air France flight 447, which disappeared in a thunderstorm over the Atlantic, while flying from Rio de Janeiro to Paris with 228 aboard back in 2009. After two years of searching, the black boxes were recovered and found to be readable last May. The preliminary reports were released in July, and they are pretty damning, of both Airbus and Air France.
I hadn't realized they were found until a local blogger friend by the nom de plume of Rorschach had commented on it last April. Give credit where it's due -- while he misidentified the rudder as the source of the problem, he also penned this prophetic passage:
The design philosophy of the Fly-By-Wire system is also different from that of Boeing designs. EADS programmed the aircraft controls to only perform the maneuvers that the computer, taking all of the design loads of the structures involved into account, decides the aircraft can do safely. But when equipment is designed, the design load is usually several times smaller than the calculated load at failure. This difference is called safety margin which is often 4 or more times the design load. Further, structural materials are rated for their minimum strength, which they ALWAYS exceed in real life, so there are levels of safety piled upon more levels of safety so the maneuver could be much more aggressive than the system would allow and still be completed safely.
But the Airbus system will not perform it regardless of the actual safety margin available, taking that decision away from the pilot. The Boeing system is predicated on the notion that the Pilot, and not the aircraft, knows what is best for the situation at hand. The system will warn the pilot when he is departing from the safe operating envelope of the airframe but will continue to allow the maneuver up to the absolute bare minimum safety margin on the assumption that if the pilot is commanding such a radical maneuver the aircraft must be in imminent danger of collision/crash and the pilot is given every bit of control the airframe can muster in order to save the aircraft. As you can see, this is a significant difference in design philosophy [from Airbus]. The pilot is deemed to need to be saved from himself at all times. Further, since the system assumes that the computer will actually be in control of the aircraft at all times, there is no feedback mechanism in the Airbus's flight controls. The pilot has a joystick which has no force-feedback so he cannot "feel" when he is approaching the flight rule design limits. The Boeing system makes the controls increasingly stiff as the aircraft is deemed to be departing the safe envelope and shakes them when the aircraft is approaching the "hard limits" or when the aircraft begins to stall as well as activating the stall warning horn. This philosophy of saving the pilot from himself breeds complacency by the pilots who do not practice emergency procedures as often because they believe that the computer will save them.
Let me point out that such a a "shaker system" is built into many (if not all) of the single-engine recreational aircraft operated in the U.S. today.
From the Wikipedia article: "An interim report from the BEA on 27 May 2011 revealed that the aircraft crashed following an aerodynamic stall. It further revealed that minutes prior to the crash, the pitot tubes (speed sensors) started to give inconsistent readings. The cause of the faulty readings is yet to be determined, but a theory is that ice formed on the pitot tubes, which would have caused them to freeze, giving inconsistent measurements owing to their reliance on air pressure measurements to give speed readings. A later report from the BEA, released on 29 July 2011, indicated that the pilots had not been trained to fly the aircraft "in manual mode or to promptly recognize and respond to a speed-sensor malfunction at high altitude", nor that this was a standard training requirement at the time of the accident."
Let me repeat that astounding bit of information. THE PILOTS WERE NOT TRAINED TO FLY THE AIRCRAFT IN MANUAL MODE.
Jaw. Dropping. But again, Rorschach explains:
All of the A3XX series (except the 310) utilize a flight control computer to control the aircraft because they are designed to be aerodynamically unstable and cannot be controlled by a human. This allows the control surfaces to be much smaller limiting drag and the associated fuel consumption. A very small control surface change results in a very large change in the aircraft's attitude. The A310 is aerodynamically stable, but just barely. (emphasis added)
Flight 447 was an Airbus 330, and they have issues with weak rudders -- Ror correctly deduced that the pitot tubes had iced (a known issue), but theorized that the plane had gone into overspeed, and induced a "Mach tuck" by hitting the sound barrier, and that the pilot had sheared the rudder off by over-controlling in the recovery. In fact, some maneuvers just before everything went to hell makes it look like the pilot had that possibility in mind due to the turbulence.
But what actually happened is a splendid example (if 200+ dead can be "splendid") of undertrained people having to deal with a bad situation and little margin for error. Summarizing the Wikipedia article:
The autopilot disengaged when the airspeed indicators started disagreeing with each other. None of the three computers agreed as to how fast the airplane was going. The plane started to roll right, so the pilot pulled left and up. The stall alarm went off, as the plane started to climb. The airspeed indicators started showing anything from 60 to 275 knots. The pilot continued to pull the nose up, and they reached maximum altitude moments later, with the power at max. The plane was in a stall condition but the stall warnings stopped, as all airspeed indications were now considered invalid by the aircraft's computer; either due to low speed or the high nose angle.
In other words, the plane was oriented nose-up but descending steeply. As a result, the plane was passing through the air "belly-first," which airspeed sensors are not designed for, and the aircraft's computer thus deemed the airspeed readings invalid (not that they were very valid to start due to icing).. The plane was now on a three-and-a-half minute doom ride to the ocean. About twenty seconds later, the pilot dropped the nose a bit, which re-validated the computer stall warning, and the alarm sounded. Confused, the pilot pulled the nose back up. The plane was descending at almost 11,000 feet per minute, a fact of which the pilots were aware, but they weren't sure they could trust their instruments.
The final note is brutal in its antiseptic simplicity:
The recordings stopped at 4 hours 14 minutes and 28 seconds absolute time (02:14:28 UTC), or 3 hours 45 minutes after takeoff. At that point, the plane's ground speed was 107 knots, and it was descending at 10,912 feet per minute, with the engines' N1's at 55%. Its pitch was 16.2 degrees (nose up), with a roll angle of 5.3 degrees left. During its descent the plane had turned more than 180 degrees to the right to a compass heading of 270 degrees. The plane was stalled during its entire 3 minute 30 second descent from 38,000 feet.
The third interim report added several conclusions:
- The pilots had not applied the unreliable airspeed procedure.
- The pilot-in-control pulled back on the stick, thus increasing the angle of attack and causing the plane to climb rapidly.
- The pilots apparently did not notice that the plane had reached its maximum permissible altitude.
- The pilots did not read out the available data (vertical velocity, altitude, etc.).
- The stall warning sounded continuously for 54 seconds.
- The pilots did not comment on the stall warnings and apparently did not realize that the plane was stalled.
- There was some buffeting associated with the stall.
- The stall warning deactivates by design when the angle of attack measurements are considered invalid and this is the case when the airspeed drops below a certain limit.
- In consequence, the stall warning stopped and came back on several times during the stall; in particular, it came on whenever the pilot pushed forward on the stick and then stopped when he pulled back; this may have confused the pilots.
- Despite the fact that they were aware that altitude was declining rapidly, the pilots were unable to determine which instruments to trust: it may have appeared to them that all values were incoherent
The A330 has a rather checkered history. As of June 2011, the Airbus A330 had been involved in thirteen major incidents, including six confirmed hull-loss accidents and two hijackings (which can't be held against it of course), for a total of 338 fatalities.
- On 30 June 1994, on a test flight an A330 owned by Airbus was simulating an engine failure on climbout. The aircraft crashed shortly after takeoff from Toulouse, killing all seven on board.
- On 24 July 2001, the Liberation Tigers of Tamil Eelam attacked Bandaranaike International Airport, Colombo, Sri Lanka. Two SriLankan Airlines A330s were destroyed among other airliners and military aircraft.
- On 7 October 2008, Qantas Flight 72, an A330-303 (VH-QPA), suffered a rapid loss of altitude in two sudden uncommanded pitch down manoeuvres causing serious injuries while 150km (81nmi) from the Learmonth air base in northwestern Australia. After declaring an emergency, the aircraft landed safely at Learmonth. 106 people onboard were injured, fourteen seriously. A year after the incident Qantas still did not know what caused the computer malfunction.
- On 25 December 2009, a passenger on Northwest Airlines Flight 253, an A330-300, attempted to detonate explosives in his underwear while the flight was in the air. Passengers and crew subdued the perpetrator, Umar Farouk Abdulmutallab
- On 12 May 2010, Afriqiyah Airways Flight 771, an A330-202, crashed on approach to Tripoli International Airport, Libya, on a flight from OR Tambo International Airport, Johannesburg, South Africa. All but one of the 104 people on board were killed. The sole survivor was a nine-year-old Dutch boy. The investigation has been hampered by the Libyan civil war.
It has been observed that in the modern age, for a major disaster to happen, a whole lot of things have to go wrong. Once again, that is shown to be true. Brilliance is transitory -- but stupidity is forever, and only eternal vigilance will keep its deadly results at bay.
Posted by: ubu at
11:29 PM
| Comments (1)
| Add Comment
Post contains 2174 words, total size 16 kb.
19kb generated in CPU 0.0087, elapsed 0.0197 seconds.
25 queries taking 0.016 seconds, 21 records returned.
Powered by Minx 1.1.6c-pink.
25 queries taking 0.016 seconds, 21 records returned.
Powered by Minx 1.1.6c-pink.