Moderators: richierich, ua900, PanAm_DC10, hOMSaR

 
ORDagent
Topic Author
Posts: 580
Joined: Wed Dec 17, 2003 6:24 am

A32x Corrupt Software

Fri Jan 26, 2007 11:48 pm

I just flew B6 for the first time last week and despite a major mechanical on the return I would highly recommend them. The service is truly top notch.

The mechanical was due to the computer system crashing. The pilot told us they would need to reset the computer due to a corrupt file. Then they needed to swap out the hardware and in the end the end the aircraft had to be swapped completely since the entire computer system got screwed up. The pilot told us that the software problem was a corrupt file due to a software flaw from and update that was sent out by Airbus! WTF do the run Windows? Anyhow does anybody know what kind of updates Airbus would send out and since the mechanics said it was an Airbus issue would Airbus compensate B6 for the software issues which obviously cost B6 a lot of revenue?

The best part about this delay for me was that three days after the flight delay I received an email from B6 apologizing for the delay and they gave me a voucher for $50.00 dollars and didn't complain after the flight! Even with the long delay I've become a B6 fan in a big way!
 
DfwRevolution
Posts: 9305
Joined: Sat Jan 09, 2010 7:31 pm

RE: A32x Corrupt Software

Sat Jan 27, 2007 12:21 am

Quoting ORDagent (Thread starter):
Anyhow does anybody know what kind of updates Airbus would send out and since the mechanics said it was an Airbus issue would Airbus compensate B6 for the software issues which obviously cost B6 a lot of revenue?

This has happened to a few A32x series lately including a BA A319 in-flight. Airbus is investigating the software issue and will certainly issue a "patch" once the issue is resolved.

B6 won't receive "compensation" from Airbus for the maintenance issue.
I have a three post per topic limit. You're welcome to have the last word.
 
trent900
Posts: 520
Joined: Wed Dec 17, 2003 6:06 am

RE: A32x Corrupt Software

Sat Jan 27, 2007 4:43 am

My parents experienced this situation last year on an EazyJet 319. They were just ready to push back when the computer 'crashed'. Apparently all that was needed was a 'cold boot' of the system, caused about a 15 minute delay.

D.
 
KELPkid
Posts: 5247
Joined: Wed Nov 02, 2005 5:33 am

RE: A32x Corrupt Software

Sat Jan 27, 2007 4:57 am

Quoting DfwRevolution (Reply 1):
This has happened to a few A32x series lately including a BA A319 in-flight. Airbus is investigating the software issue and will certainly issue a "patch" once the issue is resolved.

B6 won't receive "compensation" from Airbus for the maintenance issue.

First of all, are we talking FMS (flight management system) or FBW (fly by wire) software? Or maybe even FADEC software?

Second, if it's the FBW system, you'd think that once the software is in place, barring any accidents attributed to faulty programming, that the code would be pretty much "set in stone" and very infrequently updated...(due to the aircraft's certification...I know that, for example, the FAA reviews the code and has code guidelines for any flight critical systems!).
Celebrating the birth of KELPkidJR on August 5, 2009 :-)
 
rpaillard
Posts: 417
Joined: Mon Apr 25, 2005 12:57 am

RE: A32x Corrupt Software

Sat Jan 27, 2007 5:23 am

Quoting ORDagent (Thread starter):
it was an Airbus issue would Airbus compensate B6 for the software issues which obviously cost B6 a lot of revenue
Well, my VW dealer never compensate me for various electronics problem in my car. They fix it for free. I figure that Airbus will address the concern, just like any other OEM, and send it for free to airlines. I would love to read the End User Licence Agreement for aircraft software ?

Raphael

[Edited 2007-01-26 21:24:33]
FLY SKYTEAM JETS
 
User avatar
zeke
Posts: 15113
Joined: Thu Dec 14, 2006 1:42 pm

RE: A32x Corrupt Software

Sat Jan 27, 2007 5:26 am

Sounds like total BS to me.

Just an informed opinion from some one who has flown buses for some time.
Human rights lawyers are "ambulance chasers of the very worst kind.'" - Sky News
 
DfwRevolution
Posts: 9305
Joined: Sat Jan 09, 2010 7:31 pm

RE: A32x Corrupt Software

Sat Jan 27, 2007 5:49 am

Quoting Zeke (Reply 5):
Sounds like total BS to me.

Just an informed opinion from some one who has flown buses for some time.

Flight International: British Airways A319 loses all flight displays at night

The aircraft, G-EUOB, was eight minutes into the flight to Budapest at about 19:26, and nearing FL200, when there was “an audible clunk” noise, several electrical systems ceased to operate, and the cockpit became dark.

Among the electrical systems which failed were the primary flight displays and navigation displays on both the captain’s and first officer’s instrument panels. The crew also lost the upper electronic centralised aircraft monitor (ECAM) display, the autopilot and auto-thrust, intercom and general flight-deck lighting.

An attempted ‘Mayday’ transmission was not received by air traffic controllers because the aircraft’s radio was no longer powered. The highly experienced captain maintained aircraft attitude by the external horizon and standby instruments. Investigators believe the standby horizon was probably “not powered or lighted” and in any case should have remained usable for only another five minutes.

In a special bulletin on the 22 October incident the UK Air Accidents Investigation Branch (AAIB) states that the aircraft remained in the “degraded condition” for about two minutes.
I have a three post per topic limit. You're welcome to have the last word.
 
pelican
Posts: 2431
Joined: Mon Apr 05, 2004 9:51 pm

RE: A32x Corrupt Software

Sat Jan 27, 2007 6:00 am

Quoting DfwRevolution (Reply 7):
Among the electrical systems which failed were the primary flight displays and navigation displays on both the captain's and first officer's instrument panels. The crew also lost the upper electronic centralised aircraft monitor (ECAM) display, the autopilot and auto-thrust, intercom and general flight-deck lighting.

Were does it say this problem was caused by a flawed software update? Sure it's a serious issue, but why are you saying it's the problem ORDagent has witnessed?
I don't say you're wrong I would just be happy to have more information to follow your reasoning. (especially because your link doesn't work for me)

pelican
 
captaink
Posts: 4010
Joined: Wed May 23, 2001 10:43 am

RE: A32x Corrupt Software

Sat Jan 27, 2007 6:02 am

Quoting Zeke (Reply 5):
Sounds like total BS to me.

Just an informed opinion from some one who has flown buses for some time

When I worked at the airport something similar happened to an Air Jamaica 320 at our station. I don't see why it is BS. Maybe the airplanes you fly are in excellent condition and run OSX.

Kidding about the last part.
Look Up
 
User avatar
freakydeaky
Posts: 115
Joined: Sun Nov 06, 2005 3:04 am

RE: A32x Corrupt Software

Sat Jan 27, 2007 9:07 am

There is not just one "main" computer on an Airbus. There are many "computers" for many different systems.

I would imagine that a particular system's computer was malfunctioning and as maintenance was involved, they probably figured out that it was something to do with an Airbus update or something.

Basically, since the mechanic doesn't make passenger announcements (at least none that I've seen), the pilot was just relaying what maintenance control or the mechanics were telling them.

Interestingly enough, usually a complete power down and restart of the affected system usually will fix it. Since the law prohibits departing the ground with malfunctioning systems, ya gotta fix it on the ground. Now, if it happens in flight, it's usually not as big a deal because there's usually 2 computers per system and you can usually press on if it's a minor failure.
"Finish each day and be done with it. You have done what you could."
 
NoUFO
Posts: 7397
Joined: Tue Apr 17, 2001 7:40 am

RE: A32x Corrupt Software

Sat Jan 27, 2007 9:39 am

Quoting DfwRevolution (Reply 7):

Those stalls are actually not that uncommon. It is said that especially Avidyne's new "glass cockpit" stalls from time to time without any possibility to reboot it in flight. Garmin's G1000, the direct competitor, comes with a red reboot button. (It's the red button in the middle: )

http://homepage.hispeed.ch/AdrianKienzi/ils/Columbia_400_Garmin_G1000_01.jpg
Picture: http://www.flightforum.ch/forum/showthread.php?t=44685
I support the right to arm bears
 
777236ER
Posts: 12213
Joined: Sat Aug 18, 2001 7:10 am

RE: A32x Corrupt Software

Sat Jan 27, 2007 9:41 am

Quoting Zeke (Reply 10):
You are mixing events, that DC bis failure was not a software failure, AFAIK it was a specific problem to the easyjet fleet (hardware).

You're mixing events too! You're talking about G-EZAC, which incidently had an RTF hardware arangement that despite only using power from one DC bus, Airbus claims meets certification standards. There's also the question of why the AC ESS p/b didn't work as it was meant to - that could be due to a software issue.

But anyway, DfwRevolution was talking about G-EUOB, which has already had a recommendation that Airbus change the associated ECAM actions (which is software, is it not?).

To quote the Safety Recommendations to date of the G-EUOB incident:

Safety Recommendation 2006-051
It is recommended that the aircraft manufacturer, Airbus,
reviews the existing ECAM actions for the A320 series
aircraft, given the possibility of the simultaneous inflight
loss of the commander’s and co‑pilots’ primary
flight and navigation displays. They should consider
whether the priority of the items displayed on the ECAM
should be altered, to enable the displays to be recovered
as quickly as possible and subsequently issue operators
with a revised procedure if necessary.

Safety Recommendation 2006-052
It is recommended that the aircraft manufacturer,
Airbus, should review the A320 series aircraft Master
Minimum Equipment List Chapter 31, INDICATING/
RECORDING SYSTEMS and reconsider whether it
is acceptable to allow the ECAM lower display unit to
be unserviceable. They should amend the requirement,
as necessary, to take account of the possibility of the
simultaneous in-flight loss of both the commander’s and
co-pilot’s primary flight and navigation displays and the
ECAM upper display.

Safety Recommendation 2006-053
The aircraft manufacturer, Airbus, should identify those
aircraft with the single power supply to the standby
artificial horizon and advise the operators of the potential
implications of this configuration.

Safety Recommendation 2006-054
It is recommended that the aircraft manufacturer, Airbus,
revises the information about the power sources for
the standby artificial horizon provided in Flight Crew
Operating Manuals for the A320 series aircraft to reflect
the actual status of the aircraft to which they apply.
Your bone's got a little machine
 
User avatar
zeke
Posts: 15113
Joined: Thu Dec 14, 2006 1:42 pm

RE: A32x Corrupt Software

Sat Jan 27, 2007 9:46 am

Quoting FreakyDeaky (Reply 11):
There is not just one "main" computer on an Airbus. There are many "computers" for many different systems.

 checkmark  they go into the hundreds.

Quoting FreakyDeaky (Reply 11):
Since the law prohibits departing the ground with malfunctioning systems, ya gotta fix it on the ground.

Depends on the MEL, e.g. you could dispatch with a FMC unserviceable.

Quoting FreakyDeaky (Reply 11):
Now, if it happens in flight, it's usually not as big a deal because there's usually 2 computers per system and you can usually press on if it's a minor failure.

Computers can be reset in flight, the QRH has procedures for that.
Human rights lawyers are "ambulance chasers of the very worst kind.'" - Sky News
 
777236ER
Posts: 12213
Joined: Sat Aug 18, 2001 7:10 am

RE: A32x Corrupt Software

Sat Jan 27, 2007 9:53 am

Quoting Zeke (Reply 10):
The report sounds drastic, but at the end of the day they needed to turn one switch off, and all would have changed significantly (BUS TIE OFF) or starting the APU will power the majority of screens.

Sorry, nope. The APU was already running, supplying AC1. The BTC tripped open, leaving the AC1 busbar not energised leading to AC ESS being not energised.. Pressing the BUS TIE p/b would have just ensured both BTCs were open, which was already the case. It wouldn't have changed the situation.

The AC ESS p/b should have energised AC ESS using AC2. For some reason, this didn't happen.
Your bone's got a little machine
 
lincoln
Posts: 3133
Joined: Mon Nov 01, 2004 11:22 pm

RE: A32x Corrupt Software

Sat Jan 27, 2007 10:09 am

Quoting Rpaillard (Reply 4):
I would love to read the End User Licence Agreement for aircraft software ?

Oh, you didn't see this paragraph?

"...IS NOT FAULT TOLERANT AND IS NOT DESIGNED, MANUFACTURED, OR INTENDED FOR USE OR RESALE AS ONLINE CONTROL EQUIMPENT IN HAZARDOUS ENVIRONMENTS REQUIRING FAIL-SAFE PERFORMANCE, SUCH AS IN THE OPERATION OF NUCLEAR FACILITIES, AIRCRAFT NAVIGATION OR COMMUNICATION SYSTEMS, AIR TRAFFIC CONTROL...."

(No that's not really from the Airbus EULA, it's an excerpt from the JAVA EULA that makes me chuckle every time I read it. Java...for nuclear facilities or aircraft navigation. Eek.)

Lincoln
CO Is My Airline of Choice || Baggage Claim is an airline's last chance to disappoint a customer || Next flts in profile
 
User avatar
zeke
Posts: 15113
Joined: Thu Dec 14, 2006 1:42 pm

RE: A32x Corrupt Software

Sat Jan 27, 2007 10:12 am

Quoting 777236ER (Reply 13):
You're mixing events too!

Yep I did, I was thinking of the easyjet one, not the BA.

The safety recommendations seem fair enough, it is a fair way down the ECAM to get to the AC ESS p/b. They try and look after the engines before the systems which seems fair enough.

Standbys can be an ISIS, which in my view should be mandatory, the technology is cheap enough. Did BA opt for the digital standby ?
Human rights lawyers are "ambulance chasers of the very worst kind.'" - Sky News
 
777236ER
Posts: 12213
Joined: Sat Aug 18, 2001 7:10 am

RE: A32x Corrupt Software

Sat Jan 27, 2007 10:29 am

Quoting Zeke (Reply 18):
Standbys can be an ISIS, which in my view should be mandatory, the technology is cheap enough. Did BA opt for the digital standby ?

Actually, whilst G-EUOB didn't have an ISIS, it had the ISIS wiring provisions. This is an Airbus Modification. The older, pre-ISIS wiring had the standby artificial horizon supplied from the 28v DC ESS bus, which is usually supplied from the AC1 bus. If AC1 fails then the standby horizon loses power and will spin down after about five minutes. With the ISIS wiring upgrade, it actually remains powered, using the 28v DC HOT bus. This was the case in the G-EUOB incident, although it wasn't illuminated.

The G-EUOB incident wasn't a big deal. Yes, it was dramatic and would be pretty worrying when a lot of instruments and lights go down all of a sudden in cruise. However, simply pushing the AC ESS button restored most functions, as it should have done. Even if the lower ECAM was u/s, as is allowed in the MEL, then quite early on in the paper QRH they'd have pressed the AC ESS button.

The worrying incident is G-EZAC, where the AC ESS p/b didn't work as it was meant to and so left one bus unpowered. This is either a hardware or software fault, or a crew training/CRM problem (it's possible the crew didn't have the detailed knowledge of the electrical system to appreciate the function of this p/b. If they didn't know if it was in AUTO or ALTN, they should have recycled it a few times. It's possible they didn't press it at all.)

Another problem is why all the RTF equipment was on one bus. Airbus could probably justify this to the regulators with the use of the AC ESS p/b, meaning the loss of one generator wouldn't lead to the loss of RTF. However, it seems to me that the idea isn't particularly in the spirit of redundancy, which is after all a fundamental of aircraft safety. Different radios should be hardwired to different busses.
Your bone's got a little machine
 
necigrad
Posts: 173
Joined: Thu Sep 13, 2001 2:25 am

RE: A32x Corrupt Software

Sat Jan 27, 2007 11:39 am

Quoting ORDagent (Thread starter):
The mechanical was due to the computer system crashing. The pilot told us they would need to reset the computer due to a corrupt file. Then they needed to swap out the hardware and in the end the end the aircraft had to be swapped completely since the entire computer system got screwed up. The pilot told us that the software problem was a corrupt file due to a software flaw from and update that was sent out by Airbus! WTF do the run Windows?

The Windows joke gets made a lot. For real, probably every other week I have a fligt where the aircraft needs to be "rebooted" on my gate. Dunno why, but it happens, and I can only recall it happening on an Airbus. "Rebooting" isn't quite what it sounds like though. It mostly just involves pulling a circut breaker for X seconds or minutes. Still funny.
 
mham001
Posts: 5745
Joined: Thu Feb 03, 2005 4:52 am

RE: A32x Corrupt Software

Sat Jan 27, 2007 12:06 pm

Tell you what, reading this, if I had a choice in pilots, 777236ER or Zeke, well...give me the guy with the 7s any day.
 
united757
Posts: 99
Joined: Fri Jul 21, 2006 11:53 am

RE: A32x Corrupt Software

Sat Jan 27, 2007 1:15 pm

Quoting NoUFO (Reply 12):
Garmin's G1000, the direct competitor, comes with a red reboot button. (It's the red button in the middle: )

There is no reboot button. The red button is pressed if the second PFD goes out, and the system needs to be set to revisionary mode, which displays essential engine information on the main (left) PFD.
 
User avatar
litz
Posts: 2367
Joined: Wed Dec 24, 2003 6:01 am

RE: A32x Corrupt Software

Sat Jan 27, 2007 1:55 pm

Quoting Trent900 (Reply 2):
My parents experienced this situation last year on an EazyJet 319. They were just ready to push back when the computer 'crashed'. Apparently all that was needed was a 'cold boot' of the system, caused about a 15 minute delay.



Quoting FreakyDeaky (Reply 11):
Interestingly enough, usually a complete power down and restart of the affected system usually will fix it.

Setting aside the why's, how's, and the who's responsibles ....

This is actually fairly common for Airbus aircraft, and as mentioned has to be fixed on the ground before an aircraft can legally depart.

Listen carefully to your scanners, you'll often hear a ground controller tell someone to hold for an aircraft while it "recycles".

That's "airline-speak" for rebooting an Airbus' computer system ...

 Smile

(one memorable radio exchange concerned an America West pilot told to hold for a 'recycle' ... "a what?" he responded to ATC ... ATC responded "you fly airbus aircraft, you know what I mean - when you shut everything down and restart" ... pilot responded "ohhhh yeah ... holding ...")

- litz
 
elvis777
Posts: 346
Joined: Sat Aug 20, 2005 9:23 am

RE: A32x Corrupt Software

Sat Jan 27, 2007 2:35 pm

Howdy Zeke,

Perhaps the issue is not really BS but rather limited to a certain eads series. Does the 32x series share the same flight control, intrument,etc.. software that a 33x (34x)series bird? Is the software issue limited to certain configurations of certain 32x series. In other words perhaps the birds affected had a different fadec code(different engine?)? I really am not familiar with these birds... maybe the B6 guy was making stuff up or maybe the passanger misheard but it appears that there is still an issue related to software.... Now is it due to an upgrade, or has it not been fixed ?

Peace

Elvis777
Leper,Unevolved, Misplaced and Unrepentant SportsFanatic and a ZOMBIE as well
 
Yellowstone
Posts: 2821
Joined: Wed Aug 16, 2006 3:32 am

RE: A32x Corrupt Software

Sat Jan 27, 2007 3:15 pm

I was flying out of SJC on a UA Airbus (can't recall if it was a 319 or 320) a few years back when they had some electronics issue after pullback. They tried fixing it for 10 or 15 minutes, then told us that they would try resetting it by turning the aircraft off, then back on again. All the lights and fans turned off, then back on, and off we went. Of course, "turning the plane off" may have been a bit of a simplification on the part of the pilots.
Hydrogen is an odorless, colorless gas which, given enough time, turns into people.
 
Fly2HMO
Posts: 7184
Joined: Sat Jan 24, 2004 12:14 pm

RE: A32x Corrupt Software

Sat Jan 27, 2007 3:35 pm

I think most of you are misunderstanding Zeke. He's not saying what happened was BS, he's saying the way the pilot described is BS.

The programs in airplanes don't necessarilly use "files" and they don't have operating systems either, like Windows or OSX, so they don't crash in the same way. All the programs really are is a bunch of lines of code being repeated over and over or when needed. Programs used in airplanes are more along the lines like what you would find in say, a handheld GPS, a scientific calculator, (or more closely related) your car's ECU. They all have highly specialized coding which is unique for their own specific purposes.

There are exceptions though. One is the Apollo MX-20 MFD (now Garmin GMX-200) for GA aircraft, which we have in our flight school's cessna. When you first boot it up, you get a blue screen, and in a very,very tiny font, it says "Windows 2000" IIRC.

My aircraft performance instructor was one of the lead computer engineers that did the coding for the F-16s FBW system back when it was being developed. He told us lots of very interesting (and some scary) stories about the whole process. He showed us a book that was 6" thick and weighed about 10lbs. IIRC, According to him, the book only contained 5% of the code for the FBW system, and there were many books like that.

Nowadays, they could've fit all that in a floppy disk. Who would've thought floppy disks would become obsolete? Big grin

Maybe an actual computer engineer can chime in and elaborate some more.
 
User avatar
zeke
Posts: 15113
Joined: Thu Dec 14, 2006 1:42 pm

RE: A32x Corrupt Software

Sat Jan 27, 2007 4:07 pm

Quoting Elvis777 (Reply 26):
Does the 32x series share the same flight control, instrument,etc.. software that a 33x (34x)series bird?

Not exactly, they are slightly different. The 320 series has ELAC and SECs as the flight control computers and a FMGC, on 330/340 we have PRIMs and SECs and FMEGCs. Have flown all three types, but I am not current on the 320 series at the moment. The instruments are basically the same, the newer aircraft have electronic standbys, and LCD screens instead of CRT monitors and mechanical style standbys, we can view FADEC output on our NDs, which cannot be done on the 320, the 330/340 has a altitude hold button, on the 320 its is the expedite climb and descent button.

Other systems are also slightly different, like electrical system we do not have the "clunk" which is unique to the 320 series for bus transfer, we have a no break power transfer. Above 777236ER said the APU was already running, supplying AC1, on the 340 the APU would power AC BUS 1-1, 1-2, 2-3, 2-4 if they were not powered by the associated engine generators, and the procedure for an AC BUS failure is slightly different as we have more redundancy

If it is FADEC software as you suggested, that is certified separately by the engine manufacturers, not Airbus. All aircraft software goes through a rigorous testing process before it gets anywhere near the line.

Quoting Elvis777 (Reply 26):
Is the software issue limited to certain configurations of certain 32x series.

That maybe the case, it maybe limited to a particular modification number, however a "computer problem" on the aircraft does not tell the pilot of a corrupt file. If say a spoiler/elevator computer (SEC) faults, you get a BING, master caution light, and on the ECAM a message "F/CTL SEC 1 FAULT" telling you to run the effected SEC off then on. No message of corrupt files come up, the screens in the cockpit are not like monitors on PCs, we do not have a terminal window were we can see output or error messages from individual computers. Through the FMGC mechanics can do some onboard diagnostics, but still it will will not say that a file is corrupt.

Quoting Elvis777 (Reply 26):
I really am not familiar with these birds... maybe the B6 guy was making stuff up or maybe the passenger misheard but it appears that there is still an issue related to software.... Now is it due to an upgrade, or has it not been fixed ?

I find crews are generally fairly honest about stuff as frequent travellers can often know more about a route than the people flying it. If they travel a route every week, and a pilot only gets rostered once a year to do that sector, the frequent traveller will be able to spot BS, I have know people to be hauled up in-front of the boss for telling little white lies that are spotted by frequent travellers.

All I can do is reiterate that in the cockpit we have no way to actually see the direct output of the aircraft computers like a dumb terminal, nor do we get a file corrupt messages, all the computers get powered up and self test when the aircraft powers up.

The possibility I was thinking about is a laptop for in the cockpit that is used for performance calculations with octopus or similar and storage of electronic documents. That does run on a windows laptop but it is not connected to the aircraft per say. That software is written by Airbus and does get updates, the laptops are supplied by the airlines and do break as airlines generally do not buy top of the line industrial laptops. I do not know how B6 do their calculations, via books, laptop, ACARS, we do all our performance over ACARS, failing that we can SMS the performance computers at head office for the data so we have no need for a laptop. If that laptop went U/S, in my view it would not be cause for an entire aircraft swap.
Human rights lawyers are "ambulance chasers of the very worst kind.'" - Sky News
 
777236ER
Posts: 12213
Joined: Sat Aug 18, 2001 7:10 am

RE: A32x Corrupt Software

Sun Jan 28, 2007 5:00 am

I think the crux of the matter is, as usual, the crew. Increased automation in aircraft improves overall safety dramatically, but that are potential problems. With the crew perhaps not dealing with the details of systems daily there's more potential for the crew to be overwhelmed with failures and degraded systems. As systems become transparent to the crew, dealing with failures becomes difficult. Ideally, the system will cope with failures without crew intervention. Take the case of the AC ESS p/b - I can't off the top of my head see any need for the crew to use it in a non-failure scenario. So it would improve safety if the p/b was deleted and the system itself detected when the AC ESS bus needed AC1 or AC2 power.

If the manufacturers are going down the route of increased automation and more systems transparency for the crew (which they are) they either need to concentrate more on letting the system deal with failures, or improve crew understanding of the way systems work. Physically simplifying systems has many benefits, not the least of which is that its helps crew in situations where the automatic systems fail.

Take the fuel systems on modern aircraft. The 747-400 fuel system is relatively complicated, despite automation. Either physical or software failures will leave the crew dealing with a failing system of the complexity of a 747 classic fuel system (or even more complicated, considering the tail tank). That's not in keeping with the philosophy behind automation.

Even physically simplifying systems can still lead to problem when the crew don't fully understand how they work. Take the A330, which has quite a simple fuel system. Crew can still be confused to the point where they can run out of fuel over the Atlantic.

I think the holy grail of systems, and something that will be pushed by the manufactuers, is to have complete transparency for the crew. Take the fuel system, it's not beyond imagination to let the crew have no access to fuel pump or crossfeed systems. There's nothing the crew can do to those systems that a computer couldn't do, often better. A fully automated fuel system could have prevented the Air Transat deadstick landing. A fully automated fuel system can deal with any scenario provided the system remains automated in failure modes. I can see the A350XWB et al. simply with engine fuel switches, nothing else.
Your bone's got a little machine
 
David L
Posts: 8551
Joined: Tue May 18, 1999 2:26 am

RE: A32x Corrupt Software

Sun Jan 28, 2007 5:28 am

Quoting 777236ER (Reply 30):
Take the A330, which has quite a simple fuel system. Crew can still be confused to the point where they can run out of fuel over the Atlantic.

Are you thinking of the Air Transat A330 that had to glide to the Azores? Wasn't that a case where the Captain just didn't believe what the instruments were actually telling him?

Edit: Apologies, 777236ER, the smell of burning from the kitchen panicked me into posting before I was ready! Transat incident noted.

Edit 2: The smell of burning turned out to be the smell of "just right".  Smile


[Edited 2007-01-27 21:55:31]

[Edited 2007-01-27 21:58:05]
 
elvis777
Posts: 346
Joined: Sat Aug 20, 2005 9:23 am

RE: A32x Corrupt Software

Sun Jan 28, 2007 5:46 am

Hi Zeke,

Good explanation.

Peace

Elvis777
Leper,Unevolved, Misplaced and Unrepentant SportsFanatic and a ZOMBIE as well
 
777236ER
Posts: 12213
Joined: Sat Aug 18, 2001 7:10 am

RE: A32x Corrupt Software

Sun Jan 28, 2007 6:51 am

Quoting David L (Reply 31):
Are you thinking of the Air Transat A330 that had to glide to the Azores? Wasn't that a case where the Captain just didn't believe what the instruments were actually telling him?

Edit: Apologies, 777236ER, the smell of burning from the kitchen panicked me into posting before I was ready! Transat incident noted.

Yup. The Transat incident shows that despite simple systems, ECAM actions, CRM and all the rest of it can still lead to problems when the crew don't know enough about their systems and have to much power to mess about with them.

Don't worry about the kitchen thing, posting here earlier made me leave a bottle of cillit bang on a still-warm hob. Cue a disaster.
Your bone's got a little machine
 
klkla
Posts: 847
Joined: Fri Jul 16, 2004 8:51 am

RE: A32x Corrupt Software

Sun Jan 28, 2007 6:59 am

edited: corrected my error.

[Edited 2007-01-27 23:01:41]
 
ORDagent
Topic Author
Posts: 580
Joined: Wed Dec 17, 2003 6:24 am

RE: A32x Corrupt Software

Sun Jan 28, 2007 7:00 am

Quoting Zeke (Reply 5):
Just an informed opinion from some one who has flown buses for some time.

I'm only quoting what the pilot said. Of course he's not going to dumb down his comments for the public as they have no real idea about FBW systems etc.

Quoting FreakyDeaky (Reply 11):
Interestingly enough, usually a complete power down and restart of the affected system usually will fix it

I know they tried that too. One other thing that the pilot mentioned is that they had to re load all the naviagtion data for N. America into the computer. I know B6 uses laptops instead of the standard flight bag. Was this what he may have been refering to?
 
User avatar
zeke
Posts: 15113
Joined: Thu Dec 14, 2006 1:42 pm

RE: A32x Corrupt Software

Sun Jan 28, 2007 7:14 am

Quoting ORDagent (Reply 35):
One other thing that the pilot mentioned is that they had to re load all the naviagtion data for N. America into the computer. I know B6 uses laptops instead of the standard flight bag. Was this what he may have been refering to?

Could be, the onboard FMC uses a database from honeywell, it is loaded via 3.5" disks with a floppy drive on the centre console. The FMC has two databases stored on it, the current one, and either the next or previous one. The disks are normally kept in the cockpit.

The laptop can be used for charts and performance calculations, it is not actually connected to the aircraft, except for maybe the power cord.

I cannot see why either event would cause an aircraft change.
Human rights lawyers are "ambulance chasers of the very worst kind.'" - Sky News
 
bravogolf
Posts: 360
Joined: Thu Apr 21, 2005 6:18 am

RE: A32x Corrupt Software

Sun Jan 28, 2007 7:35 am

OK, here's the ultimate fix. Go back to cables and pulleys and steam gauges. The Luddites were right.
 
BA777ER236
Posts: 170
Joined: Wed Sep 27, 2006 1:18 am

RE: A32x Corrupt Software

Sun Jan 28, 2007 7:56 am

Quoting 777236ER (Reply 30):
I think the holy grail of systems, and something that will be pushed by the manufactuers, is to have complete transparency for the crew. Take the fuel system, it's not beyond imagination to let the crew have no access to fuel pump or crossfeed systems. There's nothing the crew can do to those systems that a computer couldn't do, often better.

I simply cannot agree with you here. This thread started off discussing the unreliability of some electronic systems. I am also thinking of a fairly recent incident, where a Virgin A340-600 had two engines flame out, because part of the 'transparent' automatic fuel system actually failed.

Quoting 777236ER (Reply 33):
Yup. The Transat incident shows that despite simple systems, ECAM actions, CRM and all the rest of it can still lead to problems when the crew don't know enough about their systems and have to much power to mess about with them.

Yes, the A330 system couldn't be much simpler, and is similar to many twin engined jets flying today. In this case the ECAM actions were inappropriate (the crew followed them, and the a/c ran out of fuel). I don't think the CRM worked very well here(highly debatable, I'm sure!)

Are you really saying that because the crew selected ONE particular switch (the crossfeed switch) to on when it was inappropriate, that you would take away the facility to use this simple but very useful and sometimes vital method of balancing fuel from the flight crew.
The truth of the matter, was that the crew were crucially distracted by the engine indications, and blindly followed the ECAM actions for a fuel imbalance, without checking the reasons/implications for doing so. This has been addressed by Airbus bulletins and increased training, but most pilots are amazed that the crew got themselves into that position anyway. In fact, an automated system may well have achieved the same result, as the cause of the imbalance was a highly unusual fuel leak that would have been very hard to diagnose. Had the system been automated to the extent that you imply, then presumably, you would not have the facility for the crew to intervene. This could have been potentially been disastrous as well, and I don't think I would like to fly such an a/c.

Quoting 777236ER (Reply 30):
Physically simplifying systems has many benefits, not the least of which is that its helps crew in situations where the automatic systems fail.

I quite agree, but I think you have just made and unmade your point here.

There is a very strong school of thought amongst CRM circles, that pilots are already too far out of the loop with the level of automation extant. Simply increasing that level to one of complete transparency, is not going to help situational awareness or alertness in the flight decks of the future.

Cheers  Smile
Flying would be easy if it wasn't for the ground
 
777236ER
Posts: 12213
Joined: Sat Aug 18, 2001 7:10 am

RE: A32x Corrupt Software

Sun Jan 28, 2007 8:01 am

Quoting BravoGolf (Reply 37):
OK, here's the ultimate fix. Go back to cables and pulleys and steam gauges. The Luddites were right.

Which would lead to more expensive fares, more pollution, worse handling characteristics...and reduced safety. And you're still trusting your life to a hydraulics systems engineer. Fly by wire isn't the future, it's the past. Anyone who thinks FBW is new fangled technology needs to go back to the 80s.
Your bone's got a little machine
 
DfwRevolution
Posts: 9305
Joined: Sat Jan 09, 2010 7:31 pm

RE: A32x Corrupt Software

Sun Jan 28, 2007 8:11 am

Quoting Zeke (Reply 10):
You are mixing events, that DC bis failure was not a software failure, AFAIK it was a specific problem to the easyjet fleet (hardware).

Ah, that would make sense. I was under the impression that the flight crew of the BA aircraft had to "reboot" rather than switch to back-up hardware. The former (IMO) would have indicated a software issue.
I have a three post per topic limit. You're welcome to have the last word.
 
User avatar
zeke
Posts: 15113
Joined: Thu Dec 14, 2006 1:42 pm

RE: A32x Corrupt Software

Sun Jan 28, 2007 4:34 pm

Quoting BA777ER236 (Reply 38):
The truth of the matter, was that the crew were crucially distracted by the engine indications, and blindly followed the ECAM actions for a fuel imbalance, without checking the reasons/implications for doing so.

The fuel imbalance checklist did clearly say to look at the possibility of a fuel leak, however they did it from memory. The ECAM has now changed to do some simple maths for people, it uses the start fuel, and the fuel burnt in the engines, and FOB, of there is a disagreement a new ECAM "FUEL LEAK" pops up. At our company we have been doing that calculation on flight plans going back decades at every position, which in my view is normal airmanship. The imbalance they had was 7 tonnes, which immediately would have made me think fuel leak.

From what I understand the FO calculated that the fuel was being consumed at a rate of 15t/hr which is about 50% more than a 744. This calculation was dismissed by the captain as a indication problem, so they did the ECAM, but dismissed the checks. They did some more checks and decided to divert to Lajes airport about 12 minutes after the fuel imbalance. 27 minutes later enroute to Lajes the right engine flamed out, about 13 minutes later the left engine flamed out. They were 65nm from Lajes at FL345.

If I ever needed to do a cross feed for fuel imbalance I look at the fuel flow of the lower side engine, and the amount of fuel that needs to transferred, and come up with a approximate time that the transfer should be complete. While this is not an airbus procedure, it is a procedure I have been using for years before I even flew jets, to me its common airmanship.

Quoting DfwRevolution (Reply 40):
Ah, that would make sense. I was under the impression that the flight crew of the BA aircraft had to "reboot" rather than switch to back-up hardware. The former (IMO) would have indicated a software issue.

No "reboot" function in flight or even on the ground, one can reset a computer in flight, and power down the entire aircraft on the ground, neither is a "reboot" per say. The crew did not really revert to backup hardware either, they followed the electronic checklist (ECAM) which rerouted the AC essential bus power supply from AC BUS 1 to AC BUS 2.

The crew basically lost AC BUS1 which powers the AC ESS BUS, the crew carried out ECAM, and on selecting the "AC ESS FEED" button basically everything was restored, as the AC ESS BUS was powered by AC BUS2.

After finishing ECAM actions, No 1 TRU (Transformer Rectifier Unit) and the CM1 windshield and window heat, and ENG 1 thrust reverser remained inoperative, the continued their flight to the destination.

At the destination the mechanics reset the systems, and the aircraft behaved normally for about a week without further incident, at that stage the UK AAIB got hold o the occurrence report and removed a number of components from the aircraft for testing (No 1 GCU (Generator Control Unit) DMC (Display Management Computer) 1, 2, & 3, No 2 SDAC (System Data Acquisition Concentrator), No 2 FWC (Flight Warning Computer) and tested the electrical system, IDGs (Integrated Drive Generator), and electrical connectors. No further problems have been experienced.
Human rights lawyers are "ambulance chasers of the very worst kind.'" - Sky News
 
Tristarsteve
Posts: 3667
Joined: Tue Nov 22, 2005 11:04 pm

RE: A32x Corrupt Software

Sun Jan 28, 2007 6:05 pm

As usual on airliners this thread has gone off in two directions. The reboot direction, and the In flight electrics failure direction.
It started with reboot.
When you power up an A320, all the computors do a power up test and come on line. They are very reliable and a computor fails this test very rarely. Perhaps one power up in fifty you will get a failure message from a single computor. The first line of attack is to reboot this single computor by cycling the relevant CBs and 9 times out of ten this will bring it on line. Once in a blue moon you will recycle the whole aircraft power, but this is rare. I can think of two failures where I would do this. One is a GPS fault, because a CB cycle of the MMR CB does not produce the desired effect, the other is the Cabin CIDS system, because there are so many CBs involved that you might miss one. If this all fails and the computor is still showing a failure message, then get out the MEL and you can usually dispatch with it inop. In the past five years of handling 4 A320 a day, I can think of only one case where I had to ground the aircraft and wait for a new computor. That was a failure of the Equipment cooling computor ( the AEVC) of which there is only one on board.
But to reboot a computor using CBs needs knowledge of which CBs to cycle, and for how long. There is one system, the FWC (Flight Warning Computor) which has a big capacitor in it and needs to be powered down foe SEVEN MINUTES before it is dead. The pilots might not know which CBs to cycle, so power down the whole aircraft because it is quicker, but the average mechanic will very rarely power down an aircraft. There are much easier ways to sort it out.
The biggest problem for the line mechanic nowadays is that the systems fail so rarely that you can't remember what to do. So a CB chart, and a CB cycling guide are needed to remind you.
The A320 is good for us because a CB cycle will clear the message if the computor powers up and checks out. The B777 is more problematical because a lot more of the messages are latched in Non volatile memory, so after a CB cycle the message will remain, and you have to know what to do to erase it!
 
David L
Posts: 8551
Joined: Tue May 18, 1999 2:26 am

RE: A32x Corrupt Software

Sun Jan 28, 2007 8:08 pm

Quoting BA777ER236 (Reply 38):




Quoting Zeke (Reply 41):

Thanks, guys. That's really the direction I was headed with the Air Transat incident but it's a lot more convincing coming from people who actually use the systems.  Smile
 
777236ER
Posts: 12213
Joined: Sat Aug 18, 2001 7:10 am

RE: A32x Corrupt Software

Sun Jan 28, 2007 9:33 pm

Quoting BA777ER236 (Reply 38):
I simply cannot agree with you here. This thread started off discussing the unreliability of some electronic systems. I am also thinking of a fairly recent incident, where a Virgin A340-600 had two engines flame out, because part of the 'transparent' automatic fuel system actually failed.

Which is why further transparency and automation of systems has to lead to automation of failure systems. Take the easyJet A319 - it's all very well having a simple and automated electrical system, but when the crew don't realise that pressing the AC ESS p/b will restore most systems, then the crew don't know their systems well enough. The cure is more training and more simulator sessions, or increased automation. If the AC ESS p/b were replaced with a computer, the A319 wouldn't have lost its radios.

Quoting BA777ER236 (Reply 38):
Are you really saying that because the crew selected ONE particular switch (the crossfeed switch) to on when it was inappropriate, that you would take away the facility to use this simple but very useful and sometimes vital method of balancing fuel from the flight crew.

The simple, useful and vital method of balancing fuel can be achieved just as easily with a flight computer. Cockpit systems have developed over decades to prevent pilots from crashing aircraft. Various crashes have lead to the deletion of cockpit systems as diverse as separate leading edge retraction handles to pitot heat switches. Function after function has been replaced by computers and the crew have been taken completely out of the loop. There's nothing stopping cross-feed switches, fuel pump switches, hydraulic pump switches, electrical config switches, IRS switching controls etc. from being more automated. It would improve safety.

Quoting BA777ER236 (Reply 38):
The truth of the matter, was that the crew were crucially distracted by the engine indications, and blindly followed the ECAM actions for a fuel imbalance, without checking the reasons/implications for doing so. This has been addressed by Airbus bulletins and increased training, but most pilots are amazed that the crew got themselves into that position anyway. In fact, an automated system may well have achieved the same result, as the cause of the imbalance was a highly unusual fuel leak that would have been very hard to diagnose. Had the system been automated to the extent that you imply, then presumably, you would not have the facility for the crew to intervene. This could have been potentially been disastrous as well, and I don't think I would like to fly such an a/c.

The problem is that the push has been for crew actions to be incredibly procedurised. But the expectation is still on the crew to have detailed knowledge of any given system in a failure scenario. An individual pilot may go an entire career without ever having to deal with any failure with a certain situation. I don't like the concept of crew having to think outside the box for the first time regarding a system whilst airborne.

It's much better for engineers on the ground to consider failures and actions on the ground before the aircraft even takes flight. The fuel crossfeed code would include a two-line algorithm to stop the system opening the cross-feed valve when one side fuel consumption is higher than expected, indicating a possible leak.

Quoting BA777ER236 (Reply 38):
There is a very strong school of thought amongst CRM circles, that pilots are already too far out of the loop with the level of automation extant. Simply increasing that level to one of complete transparency, is not going to help situational awareness or alertness in the flight decks of the future.

If you want to improve systems situational awareness for the crew then you need more training, more simulator time and less automation with systems. On the other hand, if you take crew even further out of the loop of some systems, you improve safety. There's no reason for the crew to have any awareness or interaction with, for example, the fuel system. A computer can handle fuel pump selection and crossfeed selection completely independent of crew action; the crew can be left with engine fuel selectors and perhaps fuel dump actions, maybe through the CDU/MCDU.

The way to improve flight safety is with more automation, not less.
Your bone's got a little machine
 
BA777ER236
Posts: 170
Joined: Wed Sep 27, 2006 1:18 am

RE: A32x Corrupt Software

Sun Jan 28, 2007 11:34 pm

Quoting 777236ER (Reply 44):
The way to improve flight safety is with more automation, not less.

OK, that's your opinion, and I respect it, but it certainly isn't mine.

In 27 years of flying various types I have had numerous cases of automated/computerised systems crash on me, and I now (surprise!) fly the 777. Boeing designed the a/c very well, and the systems on board are, in my opinion, a very good blend of simplicity and automation with the ability to manually override most of the systems controlled through the overhead panel. The Electronic Checklist (ECL) is excellent (a step ahead of the Airbus ECAM), and for example, the fuel imbalance checklist, has a lengthy narrative to it, so that an 'Air Transat' situation shouldn't arise.

I can't think of a single system on the 777 that I would like to have 'simplified' with further automation. Any more would be an unnecessary cost, and would have to demonstrably improve safety margins. Interestingly, Boeing's 787 has a very similar overhead panel to the 777, and I think (apart from commonality)this is probably due to the 777 having a very good flight safety record with few incidences of crews doing the 'wrong things' with the overhead panel.

There will always be incidences of pilots not knowing a sufficient amount about the technical aspects of the a/c that they fly, but the vast majority are keen and knowledgeable, and the worst thing that you could do (in my opinion) would be to design them further out of the loop. I know that engineers, in general, will look at this from a different perspective, but they don't have to fly the bl**dy aeroplanes! (no insult intended to any engineers reading!)

Quoting Zeke (Reply 41):
If I ever needed to do a cross feed for fuel imbalance I look at the fuel flow of the lower side engine, and the amount of fuel that needs to transferred, and come up with a approximate time that the transfer should be complete. While this is not an airbus procedure, it is a procedure I have been using for years before I even flew jets, to me its common airmanship.

Precisely what I do, and all of my colleagues. I agree, it's basic airmanship. As a matter of interest, most of our 737s have an egg-timer fitted to remind the crew of end of calculated transfer time. I apologise that I over simplified the 'Air Transat' situation, it was late, and I was more intent on making a point!


Cheers
 Smile
Flying would be easy if it wasn't for the ground
 
User avatar
zeke
Posts: 15113
Joined: Thu Dec 14, 2006 1:42 pm

RE: A32x Corrupt Software

Mon Jan 29, 2007 12:38 am

Quoting BA777ER236 (Reply 45):
The Electronic Checklist (ECL) is excellent (a step ahead of the Airbus ECAM), and for example, the fuel imbalance checklist, has a lengthy narrative to it, so that an 'Air Transat' situation shouldn't arise.

The same sort of narrative is on the 330 as well, they just did not read it.

The ECL is a step ahead of ECAM, and so it should be, it came out later, the 380 will be a step ahead again. The 330/340 ECAM and systems is better than the 320, just natural progress.

What airbus has always done better is what you see on the system pages is the actual position of valves/switches etc, on the Boeing from my experience, it indicates the overhead panel switch position, not necessarily the valve/switch position back in the aircraft.
Human rights lawyers are "ambulance chasers of the very worst kind.'" - Sky News
 
777236ER
Posts: 12213
Joined: Sat Aug 18, 2001 7:10 am

RE: A32x Corrupt Software

Mon Jan 29, 2007 2:27 am

Quoting BA777ER236 (Reply 45):

In 27 years of flying various types I have had numerous cases of automated/computerised systems crash on me, and I now (surprise!) fly the 777. Boeing designed the a/c very well, and the systems on board are, in my opinion, a very good blend of simplicity and automation with the ability to manually override most of the systems controlled through the overhead panel. The Electronic Checklist (ECL) is excellent (a step ahead of the Airbus ECAM), and for example, the fuel imbalance checklist, has a lengthy narrative to it, so that an 'Air Transat' situation shouldn't arise.

The 777 is a step above the A320 in terms of automation. For example, the easyJet and BA busbar failures shouldn't happen with the 777 - the loss of a generator will always lead to the system automatically closing a bustie.

The 777 ECL is more detailed than the ECAM, but it can still be ignored and misinterpreted. The A330 ECAM and QRH should have prevented the crew from opening the crossfeed valves and ultimately running out of fuel. If, in a 777, one wing tank has a fuel leak there's nothing to stop a pilot from opening the crossfeed valves and condemning the aircraft to run out of fuel.

Quoting BA777ER236 (Reply 45):
I can't think of a single system on the 777 that I would like to have 'simplified' with further automation. Any more would be an unnecessary cost, and would have to demonstrably improve safety margins.

Why not the crossfeed system? The Air Transat scenario could have happened just as easily on a 777, despite the ECL. There's nothing a pilot can do with the crossfeed valves that a computer can't do just as well, if not better.

Twenty years ago, Boeing (amongst others) were bitching and moaning about the A320 - complaining about FBW, the use of hardlimits and automation. Ten years ago the 777 surpassed the A320 with such things like the Thrust Asymmetry Computer and simplified systems.

On a future aircraft, the fuel system could be completely transparent and it would improve flight safety. I can't think of a failure scenario where the crew would need direct access to fuel pump and crossfeed control, given the appropriate computer systems.
Your bone's got a little machine
 
User avatar
Starlionblue
Posts: 20034
Joined: Fri Feb 27, 2004 9:54 pm

RE: A32x Corrupt Software

Mon Jan 29, 2007 4:51 am

Quoting FLY2HMO (Reply 28):
The programs in airplanes don't necessarilly use "files" and they don't have operating systems either, like Windows or OSX, so they don't crash in the same way. All the programs really are is a bunch of lines of code being repeated over and over or when needed. Programs used in airplanes are more along the lines like what you would find in say, a handheld GPS, a scientific calculator, (or more closely related) your car's ECU. They all have highly specialized coding which is unique for their own specific purposes.

Well, most machines have an OS, and even FMS computers do. However, unlike most other OSs every process is run inside a virtual machine. Essentially ever process (program) has it's own OS and virtual hardware. So the OS crashes, only that process is affected. In the same way, if the process crashes, other processes are insulated from it. Needless to say, other instances of the same VM/process pair are also running.
"There are no stupid questions, but there are a lot of inquisitive idiots." - John Ringo
 
Pihero
Posts: 4318
Joined: Mon Jan 31, 2005 5:11 am

RE: A32x Corrupt Software

Mon Jan 29, 2007 5:08 am

Sorry to barge in so late (and I'm glad, because I probably would have blown a fuse ).
Thanks for Zeke and BA777ER236 for the pilot's input and many many thanks to TristarSteve for having put, once again, things right in terms of technical objectivity .
This thread reminds me a lot of a similar one on civav about pilot less airliners. The idea was basically wishful thinking about getting rid of the overpaid idiots sitting in the pointy nose of the airplane.
It won't happen soon.
What 777ER236 advocates is

Quoting 777236ER (Reply 44):
Cockpit systems have developed over decades to prevent pilots from crashing aircraft.



Quoting 777236ER (Reply 44):
Function after function has been replaced by computers and the crew have been taken completely out of the loop. There's nothing stopping cross-feed switches, fuel pump switches, hydraulic pump switches, electrical config switches, IRS switching controls etc. from being more automated. It would improve safety.

That's an opinion to which I certainly do not subscribe to.
A lot has been written on this thread about the 330 Lajes even. One could add the Gimli 767 glider...I remember that a very similar failure happened to an A-320 between Orly and Brest,a few weeks before the 330 incident. The stress and the urgency were not on the same scale, though as the airplane had less than 6 tons of fuel on board. Guess what ? The crew identified a drastic leak, shut down the affected engine and landed safely.
I imagine that along the pitot heat, the window heat system comes into the etc... that you cite above ?
Well I had some electrical arcing on the captain's windscreen just after takeoff once with no way of immediately shutting electrical power to that window as it was automatic. I performed the fastest circuit-to-land I ever managed in 30 years of flying ! ( For those flying the bay Bus, I am responsible for the QRH amendment ).
In fact the subject of this thread should be about. automation, CRM, procedures...etc... and not another anti Airbus flame bait.
We have two ways at the moment to improve flight safety :
1/- Invest into some increased automation
2/- Spend more money into training, and in many respects return to some of the pre eighties way of flight training.
What is worrying to me is the lack of air lore / culture /-manship the majority of nowadays cadets show when they join an established airline. If the airline has been established for some time, you'll have a number of older pilots who could pass some of their tricks of the trade to the younger ones. If not, it is only procedures and flying by rote...that would be safe enough 90% of the time...What about the remaining ten ? In those you'll find Sioux city, Baghdad DHL 310,....etc...etc...along with thousands of instances of avoided weather, diversions, refusals to dispatch... and so on... that no one except the chief pilot would ever know.

Quoting 777236ER (Reply 44):
There's no reason for the crew to have any awareness or interaction with, for example, the fuel system. A computer can handle fuel pump selection and cross feed selection completely independent of crew action; the crew can be left with engine fuel selectors and perhaps fuel dump actions, maybe through the CDU/MCDU

That reminds me of a 744 departing from NRT to fly across the Pacific. At top of climb, they realised they could not transfer the fuel from the tailplane tank.
They initially elected to continue until someone realised that the airplane could be -would have been- in a very serious aft C.o.G situation...return to japan was mandatory, followed by a drastically overweight landing as they couldn't dump fuel...
This example alone proves that progress also comes from experience. Now you could put that failure into a software and the next crew it will happen to will know (or will things be automated still ?).

Quoting BA777ER236 (Reply 38):
There is a very strong school of thought amongst CRM circles, that pilots are already too far out of the loop with the level of automation extant. Simply increasing that level to one of complete transparency, is not going to help situational awareness or alertness in the flight decks of the future.

Couldn't have said it better !
Contrail designer
 
User avatar
Starlionblue
Posts: 20034
Joined: Fri Feb 27, 2004 9:54 pm

RE: A32x Corrupt Software

Mon Jan 29, 2007 6:41 am

Pihero's post gave me a thought about a parallel from my own industry. Computers are now more user friendly than ever, but for really mission critical apps, one still needs professionals.
"There are no stupid questions, but there are a lot of inquisitive idiots." - John Ringo
 
wing
Posts: 1366
Joined: Sun Oct 01, 2000 9:10 pm

RE: A32x Corrupt Software

Mon Jan 29, 2007 7:35 am

I have experienced this sort of problem in my previous airline,we had 3 A321s.One of them had an FMGS data base problem.The new data cycle uploaded and there were some SID's and STAR's and runways and everything were lost.Many points we were using on routes were "not in database".

The problem later identified, as the company ordered a limited European area from the database provider to save money,since Turkish Cyprus airline was limited to fly certain destinations,it didnt need to have all the world database.It sound logical but the floppy disc turned out to be a different area database rather than our part of the world.

So the airplane was virtually "clueless" about the departure and destination airports and the waypoints,they all had to be created by the latitude/longitudes before every leg.It didnt require the airplane to be grounded but turned to be a pain to fly.
follow me on my facebook page" captain wing's journey log"
 
777236ER
Posts: 12213
Joined: Sat Aug 18, 2001 7:10 am

RE: A32x Corrupt Software

Mon Jan 29, 2007 7:41 am

Quoting Pihero (Reply 49):
A lot has been written on this thread about the 330 Lajes even. One could add the Gimli 767 glider...I remember that a very similar failure happened to an A-320 between Orly and Brest,a few weeks before the 330 incident. The stress and the urgency were not on the same scale, though as the airplane had less than 6 tons of fuel on board. Guess what ? The crew identified a drastic leak, shut down the affected engine and landed safely.

The fact that one crew spotted and solved the problem is irrelevent. The Transat A330 could easily have been a disaster, and it's something that a computer system could have prevented.

Quoting Pihero (Reply 49):
I imagine that along the pitot heat, the window heat system comes into the etc... that you cite above ?
Well I had some electrical arcing on the captain's windscreen just after takeoff once with no way of immediately shutting electrical power to that window as it was automatic.

That's not particularly relevent, because all along the emphasis has been on computerised back up systems as well.

Quoting Pihero (Reply 49):

That reminds me of a 744 departing from NRT to fly across the Pacific. At top of climb, they realised they could not transfer the fuel from the tailplane tank.
They initially elected to continue until someone realised that the airplane could be -would have been- in a very serious aft C.o.G situation...return to japan was mandatory, followed by a drastically overweight landing as they couldn't dump fuel...
This example alone proves that progress also comes from experience. Now you could put that failure into a software and the next crew it will happen to will know (or will things be automated still ?).

The scenario you present would be easily incorporated into even current flight control computers. When the computer-prescribed fuel schedule tries to pump fuel from the tail tank and can't, all it needs is an ECAM/EICAS message with the problem and ECAM/ECS checklist items telling the crew what their options are. The computer could calculate when and where the flight will have a fuel emergency without the use of the trim tank and predict any C of G problems.

Your idea is that it's better to have crew significantly in the loop so they can cope with systems problems that aren't anticipated. I say that history has shown that there are more instances of crew fouling up either healthy systems, or messing up during a failure than there are entirely unpredicted systems problems. I say that it's better for engineers on the ground to anticipate the problems that can occur and set up systems to deal with them. It's better than the halfway house now whereby there's limited control of systems by the crew, limited understanding of systems by the crew and little automatic backup in the event of failures.
Your bone's got a little machine
 
Pihero
Posts: 4318
Joined: Mon Jan 31, 2005 5:11 am

RE: A32x Corrupt Software

Mon Jan 29, 2007 9:30 am

777236,
You really don't see our point, because you are too involved in your demonstration.
What you call relevAnt and irrelevAnt is what p[eople haven't been able to forecast, therefore prevent in their systems.
You only say "a computer would have done it better... may be... but first someone should have put all kinds of occurrences for the said computer to deal with...and a computer that can do it is called a brain, and I for one would agree to invest in human behaviour research instead of some A.I.
A lot of thinking processes have to do with lateral thinking, and I still haven't seen that in a computer.
Look for instance at the Lajes glider :
- The first indication was a low oil temperature alarm on one engine and the crew found out that the oil temp was decreasing and I remember a -30°c. The other indication was quite normal... Crew put the indication on a faulty sensor.
- The second indication was on the same engine a fluctuating high oil pressure...
Being Canadians, I suppose they had quite a good understanding of the effects of cold temperatures on oil indications...As a matter of fact, that high oil press could have been a confirmation of a cold oil... Crew put it onto another faulty sensor...
Now, at this stage a switched-on person like me, sitting in an armchair could ask the question : what has an influence on the oil temperature while it is circulating ?
HAHA !the fuel /oil heat exchanger is the only place where it could be refreshed !...(many other steps leading to a leak right before the heat exchanger )...
Enough said. The day you could design that sort of computer dealing with multiple systems, call me, as it will be time for me to refurbish that bungalow in the Indian Ocean and get my 25 foot Boston Whaler ready for some serious diving and fishing.
Until then, you'll have to accept my very unsafe way of taking you from O to D.

Regards
Contrail designer
 
777236ER
Posts: 12213
Joined: Sat Aug 18, 2001 7:10 am

RE: A32x Corrupt Software

Mon Jan 29, 2007 9:56 am

Quoting Pihero (Reply 53):
You only say "a computer would have done it better... may be... but first someone should have put all kinds of occurrences for the said computer to deal with.

And I can't see why that's a problem. We're not talking AI, we're talking a small step from the level of technology on the aircraft now. Take the example of the Airbus incidents mentioned above. The failure of the crew to realise the AC ESS, or in the case of the BA incident, their failure to select it to ALTN immediately isn't an issue with the Boeing 777. The automatic bus ties will kick in. That's all I'm talking about.

Engineers at Boeing have sat down and considered whether the system needs an AC ESS FEED feature to switch sources for the AC ESS bus, or even whether the AC ESS bus is required. They simplified the system and removed the controls that the crew don't need access to. They've anticipated all possible electrical conditions and determined what the crew can and can't control.

The level of automation in the 777 would have prevented that A319 from flying around without radios. And there's still scope for improvement.

Quoting Pihero (Reply 53):
Look for instance at the Lajes glider :
- The first indication was a low oil temperature alarm on one engine and the crew found out that the oil temp was decreasing and I remember a -30°c. The other indication was quite normal... Crew put the indication on a faulty sensor.
- The second indication was on the same engine a fluctuating high oil pressure...
Being Canadians, I suppose they had quite a good understanding of the effects of cold temperatures on oil indications...As a matter of fact, that high oil press could have been a confirmation of a cold oil... Crew put it onto another faulty sensor...

Exactly the point. In your scenario you're leaving the diagnosis of complicated systems of which the crew don't have full knowledge and have restricted access to, to two stressed, potentially tired, potentially situationally-unaware flight crew who hold their lives and the lives of hundreds of people in their hands.

In my scenario the case has been considered years before hand by a bunch of engineers sat in a nice comfy office with full knowledge of the systems and the aircraft around them.

Quoting Pihero (Reply 53):
Now, at this stage a switched-on person like me, sitting in an armchair could ask the question : what has an influence on the oil temperature while it is circulating ?
HAHA !the fuel /oil heat exchanger is the only place where it could be refreshed !...(many other steps leading to a leak right before the heat exchanger )...
Enough said.

Exactly. You in an armchair sat at home can figure out what the two stressed crew couldn't. The level of detail with which each aircraft system is considered means there are very few scenarios where a flight computer would be flummoxed.

Can you name a scenario that a fuel system computer couldn't deal with but the crew could?
Your bone's got a little machine

Who is online

Users browsing this forum: Ncfc99, StereoTechque, tomcat and 40 guests

Popular Searches On Airliners.net

Top Photos of Last:   24 Hours  •  48 Hours  •  7 Days  •  30 Days  •  180 Days  •  365 Days  •  All Time

Military Aircraft Every type from fighters to helicopters from air forces around the globe

Classic Airliners Props and jets from the good old days

Flight Decks Views from inside the cockpit

Aircraft Cabins Passenger cabin shots showing seat arrangements as well as cargo aircraft interior

Cargo Aircraft Pictures of great freighter aircraft

Government Aircraft Aircraft flying government officials

Helicopters Our large helicopter section. Both military and civil versions

Blimps / Airships Everything from the Goodyear blimp to the Zeppelin

Night Photos Beautiful shots taken while the sun is below the horizon

Accidents Accident, incident and crash related photos

Air to Air Photos taken by airborne photographers of airborne aircraft

Special Paint Schemes Aircraft painted in beautiful and original liveries

Airport Overviews Airport overviews from the air or ground

Tails and Winglets Tail and Winglet closeups with beautiful airline logos