Now they know.
June 17, 2011 3:27 AM Subscribe
Aviation Week and Space Technology explains that sequence of events in the crash that killed all 228 people onboard the flight from Rio de Janeiro to Paris can be segmented into two distinct phases.
In the first phase, the pilots were dealing with the failure of speed readings that are almost certain to be linked to iced-over pitot tubes. The second phase began when speed indications returned to normal and the aircraft was at the edge of its flight envelope but under control and not stalled. Phase two also coincided with the captain’s return to the cockpit from an agreed-upon rest.
AF447 would not have crashed if the aircraft had been of an older generation. “Highly automated aircraft have saved many lives, but they fail differently than aircraft of 20 years ago,” he says. He sees it as a “failure of the industry” that pilot training has not kept in step with the latest aircraft technologies. He also argues for improved upset recovery training, as “we are not explicitly training that” and the AF447 A330 “seems to have had pitch-and-roll authority all the way down to the water.”
(Previously: French plane lost over Atlantic, A complete meteorological analysis of the loss of AF447, The question was whether anyone really wanted to know.)
AF447 would not have crashed if the aircraft had been of an older generation. “Highly automated aircraft have saved many lives, but they fail differently than aircraft of 20 years ago,” he says. He sees it as a “failure of the industry” that pilot training has not kept in step with the latest aircraft technologies. He also argues for improved upset recovery training, as “we are not explicitly training that” and the AF447 A330 “seems to have had pitch-and-roll authority all the way down to the water.”
(Previously: French plane lost over Atlantic, A complete meteorological analysis of the loss of AF447, The question was whether anyone really wanted to know.)
If you read the report, it is quite horrifying. What seems to have happened is this:
1. The pitot tubes iced, causing speed readings to fail
2. The pilot flying switched off the autopilot and for whatever reason put the plane into a steep climb which reduced the airspeed, then levelled out. Because of the reduced airspeed the plane was now flying at a higher angle of attack to maintain lift.
3. The pitot tubes uniced so the speed readings returned. The plane was cllose to stall so stall warnings were sounding.
4. During this time the pilot flying and the co-pilot attempted to get the captain to come forward from the cabin, where he was resting, but he didn't
5. With the plane already close to stalling and at a high altitude, the pilots put the engines to maximum and increased the angle of attack. (At this point, and almost all points until they lost control) they could have recovered from the stall very simply by simply pitching the nose down and trading altitude for speed, but stall recovery training teaches pilots to minimize altitude loss to avoid crashing in a low-altitude stall).
6. The pilots continued to pitch the nose up and gun the engines, until the plane was flying at such an extreme attitude that the stall warnings ceased because the attitude was considered invalid and must be a mistake. By now the plane was flying at 60 km/h. (Another word for this would 'falling'). The ceasing of the stall warnings may have convinced the pilots they were doing the right thing.
7. At some point, the pilots did the right thing and pitched the nose down -- but this resulted in the stall warnings beginning again as the plane entered what the software considered a 'valid' attitude. So the pilots pulled back on the stick again.
8. The pilots retained pitch and roll authority all the way down. Basically they flew it right into the ocean.
So it seems like a horrible double whammy of stall recovery procedures which were inappropriate for high altitude, plus a massively flawed stall warning indicator system. Obviously there is some pilot error in there too.
posted by unSane at 4:03 AM on June 17, 2011 [16 favorites]
1. The pitot tubes iced, causing speed readings to fail
2. The pilot flying switched off the autopilot and for whatever reason put the plane into a steep climb which reduced the airspeed, then levelled out. Because of the reduced airspeed the plane was now flying at a higher angle of attack to maintain lift.
3. The pitot tubes uniced so the speed readings returned. The plane was cllose to stall so stall warnings were sounding.
4. During this time the pilot flying and the co-pilot attempted to get the captain to come forward from the cabin, where he was resting, but he didn't
5. With the plane already close to stalling and at a high altitude, the pilots put the engines to maximum and increased the angle of attack. (At this point, and almost all points until they lost control) they could have recovered from the stall very simply by simply pitching the nose down and trading altitude for speed, but stall recovery training teaches pilots to minimize altitude loss to avoid crashing in a low-altitude stall).
6. The pilots continued to pitch the nose up and gun the engines, until the plane was flying at such an extreme attitude that the stall warnings ceased because the attitude was considered invalid and must be a mistake. By now the plane was flying at 60 km/h. (Another word for this would 'falling'). The ceasing of the stall warnings may have convinced the pilots they were doing the right thing.
7. At some point, the pilots did the right thing and pitched the nose down -- but this resulted in the stall warnings beginning again as the plane entered what the software considered a 'valid' attitude. So the pilots pulled back on the stick again.
8. The pilots retained pitch and roll authority all the way down. Basically they flew it right into the ocean.
So it seems like a horrible double whammy of stall recovery procedures which were inappropriate for high altitude, plus a massively flawed stall warning indicator system. Obviously there is some pilot error in there too.
posted by unSane at 4:03 AM on June 17, 2011 [16 favorites]
In a world jam-packed with sound bite news, it is always refreshing to finally read an article that offers a comprehensive and lucid report on an incident. Thank you for posting this piece.
posted by Sparkticus at 4:03 AM on June 17, 2011 [2 favorites]
posted by Sparkticus at 4:03 AM on June 17, 2011 [2 favorites]
It amazes me that with all that technology there isn't a failsafe old-school device that could be deployed as a measure of last resort in the event that the modern avionics and computer systems are horribly messed up, because clearly they do get messed up.
Go back to the bare fundamentals of flying and the true nature of a situation may well be revealed.
posted by bwg at 4:09 AM on June 17, 2011
Go back to the bare fundamentals of flying and the true nature of a situation may well be revealed.
posted by bwg at 4:09 AM on June 17, 2011
The failsafe old-school device is supposed to be the pilot.
I'll save the rant, and my blood pressure, for another time.
posted by seanmpuckett at 4:22 AM on June 17, 2011 [2 favorites]
I'll save the rant, and my blood pressure, for another time.
posted by seanmpuckett at 4:22 AM on June 17, 2011 [2 favorites]
The failsafe old-school device is supposed to be the pilot.
True, but if the pilot doesn't trust his instruments he'll instinctively fly by the seat of his pants. And it's been well established that even the very best pilots can't fly successfully by the seat of their pants in reduced visibility.
posted by veedubya at 4:29 AM on June 17, 2011
True, but if the pilot doesn't trust his instruments he'll instinctively fly by the seat of his pants. And it's been well established that even the very best pilots can't fly successfully by the seat of their pants in reduced visibility.
posted by veedubya at 4:29 AM on June 17, 2011
The really new information in this article is unSane's #6 & #7 above, which is indeed chilling. The stall warning systems seem to have given the pilot flying correct information, but in such a manner that it prompted him to do the exact opposite from what he should have - e.g. providing positive reinforcement of the pitch up inputs and negative reinforcement of the nose down ones. Yikes.
posted by googly at 4:45 AM on June 17, 2011 [1 favorite]
posted by googly at 4:45 AM on June 17, 2011 [1 favorite]
But veedubya, if they had trusted their 'seat-of-their-pants' instincts, they would have lived. Hell, my dog knows to push the stick forward and increase power to get out of a stall, and she's only VFR certified.
posted by mojohand at 5:11 AM on June 17, 2011 [10 favorites]
posted by mojohand at 5:11 AM on June 17, 2011 [10 favorites]
The failsafe old-school device is supposed to be the pilot.
So many times this is the opposite of the truth, unfortunately. For every pilot who manages to ditch the plane into the Hudson after a bird strike there are ten who fly the plane in circles until it hits a mountain. Once you have no visual input the human body is just staggeringly bad at knowing what's going on in terms of attitude, acceleration and so on.
Moreover many recovery procedures are counter-intuitive. In this case the plane seemed to be slowing down and losing height, so the pilot set the engines to max and pulled back on the stick. But at the altitude they were at, the engines were not powerful enough to increase the speed given the insane angle of attack they were already at.
Furthermore by this point they almost certainly didn't trust the airspeed indicator, which had already failed once. It was showing 60km/h, and the stall warning indicator had quit because the aircraft was in a supposedly impossible attitude.
The irony is, if they had simply put the aircraft back into a clean flight configuration, and taken their hands off the controls, the plane would have resumed normal flight in a matter of seconds, certainly less than a minute.
posted by unSane at 5:19 AM on June 17, 2011 [1 favorite]
So many times this is the opposite of the truth, unfortunately. For every pilot who manages to ditch the plane into the Hudson after a bird strike there are ten who fly the plane in circles until it hits a mountain. Once you have no visual input the human body is just staggeringly bad at knowing what's going on in terms of attitude, acceleration and so on.
Moreover many recovery procedures are counter-intuitive. In this case the plane seemed to be slowing down and losing height, so the pilot set the engines to max and pulled back on the stick. But at the altitude they were at, the engines were not powerful enough to increase the speed given the insane angle of attack they were already at.
Furthermore by this point they almost certainly didn't trust the airspeed indicator, which had already failed once. It was showing 60km/h, and the stall warning indicator had quit because the aircraft was in a supposedly impossible attitude.
The irony is, if they had simply put the aircraft back into a clean flight configuration, and taken their hands off the controls, the plane would have resumed normal flight in a matter of seconds, certainly less than a minute.
posted by unSane at 5:19 AM on June 17, 2011 [1 favorite]
Yeah, I guess in this case they were believing their instruments too much. The bit about the stall warning ceasing because of out of range inputs is horrifying. It reminded me of the crash that, I think it was a Russian airliner, where the captain let his son play with the controls. Unbeknownst to the crew, something the boy did caused a partial disengagement of the autopilot, but there was no audible alert for that action.
And here it is: Aeroflot Flight 593. Another Airbus.
posted by veedubya at 5:22 AM on June 17, 2011
And here it is: Aeroflot Flight 593. Another Airbus.
posted by veedubya at 5:22 AM on June 17, 2011
Mojo, I"m pretty sure they didn't think they *were* in a stall. They didn't know the airspeed indicator was correct. They didn't trust it, so they didn't trust the stall warning, which was acting weird anyway.
Moreover the article says that the stall recovery procedure they were taught was NOT to put the nose down, because this would be dangerous in a low altitude stall of the kind that typically happens to the big birds on approach or take-off. Instead they were told to blast the engines, but of course at that altitude it really didn't do much.
posted by unSane at 5:23 AM on June 17, 2011
Moreover the article says that the stall recovery procedure they were taught was NOT to put the nose down, because this would be dangerous in a low altitude stall of the kind that typically happens to the big birds on approach or take-off. Instead they were told to blast the engines, but of course at that altitude it really didn't do much.
posted by unSane at 5:23 AM on June 17, 2011
Maybe he was just doing what he was taught but this sounds like massive operator error. Was there no visibility at all?
posted by nathancaswell at 5:32 AM on June 17, 2011
posted by nathancaswell at 5:32 AM on June 17, 2011
I don't believe that they sat in the cockpit of a plane falling like a stone and after trying once to do something and after hearing the stall warning they elected to do nothing at all. We must be missing some important piece of information.
posted by hat_eater at 5:34 AM on June 17, 2011 [3 favorites]
posted by hat_eater at 5:34 AM on June 17, 2011 [3 favorites]
The pilot flying switched off the autopilot
The autopilot turned itself off automatically; it can't operate without valid airspeed indication.
To me, a lot of discussion around the crash falls under the category of 20/20 Hindsight. It looks obvious from this vantage point that of course the plane was in all sorts of strange attitudes, but it can be very disorienting when you're in the clouds and all of a sudden instruments start failing. You are taught from the beginning of your instrument training to trust your instruments, but if you're getting three orthogonal indications from three different instruments, what do you trust?
One trend in (general aviation) flight training I've noticed over the past ten years or so is the increasing reliance on the aircraft systems and the decreasing emphasis on proper piloting skills. The reason for this is that just about every new aircraft built today has the same technology as the Big Iron (sometimes better, since it's easier to certify stuff for small aircraft). Newly-minted private pilots are being taught to take off, flip on the autopilot, and only turn it off again a hundred feet off the ground on short final. These shiny glass cockpits provide huge amounts of valuable information, but it's very easy to get lost in them. Inadequate training means that minor system failures cascade into catastrophic crashes.
Incidentally, the stall horn is not triggered by the airspeed indication. There's a separate system that is physically activated by the airflow over the wing.
It amazes me that with all that technology there isn't a failsafe old-school device that could be deployed as a measure of last resort in the event that the modern avionics and computer systems are horribly messed up, because clearly they do get messed up.
Funny enough, it wasn't the new-school equipment that messed up on this flight - it was a very old piece of technology. Pitot tubes are very simple, but they do have a tendency to ice up in bad weather and this particular model seems to have been particularly prone to icing. Using the old steam gauges wouldn't have helped in this case, as they would use the same pitot tubes that the new equipment does.
posted by backseatpilot at 5:35 AM on June 17, 2011 [6 favorites]
The autopilot turned itself off automatically; it can't operate without valid airspeed indication.
To me, a lot of discussion around the crash falls under the category of 20/20 Hindsight. It looks obvious from this vantage point that of course the plane was in all sorts of strange attitudes, but it can be very disorienting when you're in the clouds and all of a sudden instruments start failing. You are taught from the beginning of your instrument training to trust your instruments, but if you're getting three orthogonal indications from three different instruments, what do you trust?
One trend in (general aviation) flight training I've noticed over the past ten years or so is the increasing reliance on the aircraft systems and the decreasing emphasis on proper piloting skills. The reason for this is that just about every new aircraft built today has the same technology as the Big Iron (sometimes better, since it's easier to certify stuff for small aircraft). Newly-minted private pilots are being taught to take off, flip on the autopilot, and only turn it off again a hundred feet off the ground on short final. These shiny glass cockpits provide huge amounts of valuable information, but it's very easy to get lost in them. Inadequate training means that minor system failures cascade into catastrophic crashes.
Incidentally, the stall horn is not triggered by the airspeed indication. There's a separate system that is physically activated by the airflow over the wing.
It amazes me that with all that technology there isn't a failsafe old-school device that could be deployed as a measure of last resort in the event that the modern avionics and computer systems are horribly messed up, because clearly they do get messed up.
Funny enough, it wasn't the new-school equipment that messed up on this flight - it was a very old piece of technology. Pitot tubes are very simple, but they do have a tendency to ice up in bad weather and this particular model seems to have been particularly prone to icing. Using the old steam gauges wouldn't have helped in this case, as they would use the same pitot tubes that the new equipment does.
posted by backseatpilot at 5:35 AM on June 17, 2011 [6 favorites]
From what is known, they had reasons not to trust the speed indicator and the stall warning. Fine, scratch those. They still knew the attitude and vertical speed. 150 seconds is not enough to figure out that they are in a stall? To break out of a rut and try to do something? I can't believe it.
posted by hat_eater at 5:42 AM on June 17, 2011
posted by hat_eater at 5:42 AM on June 17, 2011
It might look hard to stall an aircraft but commercial airliners fly at a height and speed where the margins are small. There is the coffin corner where these planes fly. There was an excellent account in Babbage, the technology blog of The Economist called The Wild Blue Coffin Corner which is well worth a read.
posted by sien at 5:55 AM on June 17, 2011 [3 favorites]
posted by sien at 5:55 AM on June 17, 2011 [3 favorites]
I think one thing a lot of laymen like myself don't realize (and something I learned from other discussions on this topic) is that the weightless feeling of falling is caused by downward acceleration, and not simply downward velocity. This seems to lead to a lot of the "how could they not tell they were falling?" confusion that I've seen.
posted by moonbiter at 6:07 AM on June 17, 2011 [1 favorite]
posted by moonbiter at 6:07 AM on June 17, 2011 [1 favorite]
"Was there no visibility at all?"
No. There was effectively no visibility at all. it was a dark night with thick clouds. It was turbulent, and a bunch of different, conflicting alarms were going off. It's hard enough to figure out which way is up with properly functioning instruments. When you have to quickly figure out which ones are lying to you, it can be a very difficult task.
Not only did the autopilot switch itself off, the flight control system (which sits between the input devices and the control surfaces) suddenly switched to "alternate law" which is, "You're on your own as far as keeping the plane within the safe flight envelope, because the software can't figure out what's going on."
As a pilot, I can imagine what they were thinking: "Holy shit, the altimeter is unwinding at 10,000 fpm. When I push the stick forward, I get a stall warning. I don't trust the airspeed indicator, and we could be in a tailplane stall (one possible outcome of an icing encounter) doing 600 knots and about to rip the wings off if I push forward again." Pulling the stick back is pretty much the RIGHT way to recover from a tailplane stall.
Note that AF was scheduled to replace the under-heated pitot tubes within a couple of months, but hadn't done it yet. The pitots were known to be prone to icing, and an easy solution to that is to heat them sufficiently. The under-heated pitots were a result of a desire to reduce the power requirements, which they did, but obviously at a terrible cost.
One instrument that might have helped is an AOA (Angle of Attack) indicator, which makes it easier to keep the plane flying under a wide range of conditions of loading, airspeed or altitude. I don't think any commercial airliners use them, but they're quite common in military planes (which are probably subject to crazier loading with external fuel and weapons). Another that might have helped is an independent Malcolm horizon, which should be cheap and easy to manufacture these days with solid state accelerometers (as in the $20 Wii nunchuk) and $2 laser pointers.
Another way this accident might have been avoided is for the flight to have diverted well to the west of the powerful storms. However, that would have required the flight to make a fuel stop in Madrid or Lisboa instead of continuing nonstop to Paris, motivating the crew to choose the direct route.
posted by Hello Dad, I'm in Jail at 6:17 AM on June 17, 2011 [12 favorites]
No. There was effectively no visibility at all. it was a dark night with thick clouds. It was turbulent, and a bunch of different, conflicting alarms were going off. It's hard enough to figure out which way is up with properly functioning instruments. When you have to quickly figure out which ones are lying to you, it can be a very difficult task.
Not only did the autopilot switch itself off, the flight control system (which sits between the input devices and the control surfaces) suddenly switched to "alternate law" which is, "You're on your own as far as keeping the plane within the safe flight envelope, because the software can't figure out what's going on."
As a pilot, I can imagine what they were thinking: "Holy shit, the altimeter is unwinding at 10,000 fpm. When I push the stick forward, I get a stall warning. I don't trust the airspeed indicator, and we could be in a tailplane stall (one possible outcome of an icing encounter) doing 600 knots and about to rip the wings off if I push forward again." Pulling the stick back is pretty much the RIGHT way to recover from a tailplane stall.
Note that AF was scheduled to replace the under-heated pitot tubes within a couple of months, but hadn't done it yet. The pitots were known to be prone to icing, and an easy solution to that is to heat them sufficiently. The under-heated pitots were a result of a desire to reduce the power requirements, which they did, but obviously at a terrible cost.
One instrument that might have helped is an AOA (Angle of Attack) indicator, which makes it easier to keep the plane flying under a wide range of conditions of loading, airspeed or altitude. I don't think any commercial airliners use them, but they're quite common in military planes (which are probably subject to crazier loading with external fuel and weapons). Another that might have helped is an independent Malcolm horizon, which should be cheap and easy to manufacture these days with solid state accelerometers (as in the $20 Wii nunchuk) and $2 laser pointers.
Another way this accident might have been avoided is for the flight to have diverted well to the west of the powerful storms. However, that would have required the flight to make a fuel stop in Madrid or Lisboa instead of continuing nonstop to Paris, motivating the crew to choose the direct route.
posted by Hello Dad, I'm in Jail at 6:17 AM on June 17, 2011 [12 favorites]
... if an airplane evolves to a point that it relies on the plusses of the human and fails to take into account the minuses it is the system that has erred, not the pilot.
(The above link includes quotes from my Dad on the subject at hand.)
posted by tdismukes at 6:34 AM on June 17, 2011 [2 favorites]
(The above link includes quotes from my Dad on the subject at hand.)
posted by tdismukes at 6:34 AM on June 17, 2011 [2 favorites]
I'd been keeping a vague eye on this, and wondering why my phone knows which way is up and an airliner doesn't. I'm assuming this is ludicrously simplistic, but I'm not at all clear why.
posted by cromagnon at 6:41 AM on June 17, 2011 [1 favorite]
posted by cromagnon at 6:41 AM on June 17, 2011 [1 favorite]
Wow, three pilots and none of them knew how to recover from a stall? Airspeed near zero, altitude dropping at 10,000ft per minute and your response is to pull back on the stick for three minutes straight? Wtf?
At least in the Aeroflot one they managed to recover but just didn't have enough altitude left.
posted by no_moniker at 6:46 AM on June 17, 2011
At least in the Aeroflot one they managed to recover but just didn't have enough altitude left.
posted by no_moniker at 6:46 AM on June 17, 2011
Thanks, Hello Dad, I'm in Jail. I had no idea what tailplane stall can do.
posted by hat_eater at 6:55 AM on June 17, 2011
posted by hat_eater at 6:55 AM on June 17, 2011
6. The pilots continued to pitch the nose up and gun the engines, until the plane was flying at such an extreme attitude that the stall warnings ceased because the attitude was considered invalid and must be a mistake
So that's not a training issue, that's a grossly mis-designed piece of software.
posted by octothorpe at 7:14 AM on June 17, 2011 [3 favorites]
So that's not a training issue, that's a grossly mis-designed piece of software.
posted by octothorpe at 7:14 AM on June 17, 2011 [3 favorites]
Agreeing with octothorpe. All the code monkeys here recognize #6 as 'swallowing an exception'. If 'Invalid Input' and 'Operating Normally' look/sound the same to the user, you've screwed up mightily.
posted by benito.strauss at 7:31 AM on June 17, 2011 [3 favorites]
posted by benito.strauss at 7:31 AM on June 17, 2011 [3 favorites]
Here's a post by a pilot that goes a little bit into the politics of the faulty pitot tubes.
posted by eye of newt at 8:47 AM on June 17, 2011 [1 favorite]
posted by eye of newt at 8:47 AM on June 17, 2011 [1 favorite]
Moreover the article says that the stall recovery procedure they were taught was NOT to put the nose down, because this would be dangerous in a low altitude stall of the kind that typically happens to the big birds on approach or take-off.
Handling stall -- or the threat of stall in wind shear situations -- is taught to commercial pilots. But this is true of both high altitude stalls and low. High altitude stall recovery is one of the first things pilots are taught, and the rule is ironclad -- if you are stalling *at altitude*, you put the nose down. Period, end of statement. At low altitude, you use power, but in neither *high* nor *low* altitudes do you pull up and hold up if you think you are in a stall.
This is basic stuff. It is hard for me to believe that two trained pilots insisted on keeping the nose up because they were afraid of hitting the ground, and it is improbable that both of them would pull back *and hold back* if they had any though that they were stalling.
There are two events here -- the initial loss of airspeed indication and the stall, which was recovered from, then the long fall to the ocean, which was not. The actions initially -- power up -- aren't ideal, but would recover. The actions following -- trying to hold the nose up for minutes while they fell -- makes *no sense at all* if they thought they were stalling. None.
My only guess -- they didn't think they were stalling. They were assuming that their airspeed indications were wrong, thus, stall warning were also wrong, being based on airspeed. There are two backup indicators, one for airspeed, one for altitude. They ignored airspeed (or saw it different that the airspeed on the PFD and discounted both) but trusted altitude, and saw they were losing altitude fast.
These guys were convinced that they were in a dive.
They thought that airspeed was invalid, they were descending rapidly, they didn't have a horizon, so they thought they were in a dive and trying to pull out. In fact, they were in a deep stall and falling out of the sky.
Argument against: Engine power. If they thought they were in a dive, they'd throttle back. The summary article says they pushed forward at the start of the event (when they were assuming airspeed was accurate and they were stalling.) What it doesn't mention is if they left the power up, or if they pulled it back after the first stall event. If they did, the pilot flying was convinced he was in a dive.
Until I get a full look at the report, I can only speculate. But, right now, based on that summary, the only thing that makes sense is that they thought they were in a screaming dive and needed to get the nose up before they hit Vne.
The plane wasn't flying in normal law, the crew seemed certain that they were not getting accurate airspeed readings, so the question becomes "What did they think the plane was doing?"
We may never know that answer. But I'll put my cards down on this -- if, during the fall, they held the stick back *and* pulled power back, they were assuming that they were in a dive. If they thought they were in a dive, and they pulled the stick back and power back, then they were doing exactly what they were taught to do. The problem isn't the actions, it was not recognizing the problem and using the wrong recovery. The question then becomes "Why did they think they were in a dive when they were in a deep stall?"
If they left power up, then things get more confusing, because then they're taking contradictory actions -- they're pulling up to avoid a dive, but powering up to avoid stall. If you're diving, gaining airspeed is automatic. If your stalling, pulling up is the wrong thing to do, period.
Finally: The French Aviation Authority is infamous for, in the past, using this rule to investigate crashes. If the plane wasn't French, it was a mechanical flaw. If it was, it was pilot error. I really wish we could have NTSB, AAIB, or JAXA on this, who have no problems telling it like it is. I heard that BEA has taken steps to correct this, but having seen far too many minority reports of "The pilots were idiots" when an Airbus or ATR fell out of the sky from them, I'm not automatically willing to assume that their first cut description is correct -- esp. without full cockpit transcripts and data recorders being released.
Call me a cynical, untrusting bastard if you must. I'm not sure I could argue with that.
posted by eriko at 8:55 AM on June 17, 2011 [10 favorites]
Handling stall -- or the threat of stall in wind shear situations -- is taught to commercial pilots. But this is true of both high altitude stalls and low. High altitude stall recovery is one of the first things pilots are taught, and the rule is ironclad -- if you are stalling *at altitude*, you put the nose down. Period, end of statement. At low altitude, you use power, but in neither *high* nor *low* altitudes do you pull up and hold up if you think you are in a stall.
This is basic stuff. It is hard for me to believe that two trained pilots insisted on keeping the nose up because they were afraid of hitting the ground, and it is improbable that both of them would pull back *and hold back* if they had any though that they were stalling.
There are two events here -- the initial loss of airspeed indication and the stall, which was recovered from, then the long fall to the ocean, which was not. The actions initially -- power up -- aren't ideal, but would recover. The actions following -- trying to hold the nose up for minutes while they fell -- makes *no sense at all* if they thought they were stalling. None.
My only guess -- they didn't think they were stalling. They were assuming that their airspeed indications were wrong, thus, stall warning were also wrong, being based on airspeed. There are two backup indicators, one for airspeed, one for altitude. They ignored airspeed (or saw it different that the airspeed on the PFD and discounted both) but trusted altitude, and saw they were losing altitude fast.
These guys were convinced that they were in a dive.
They thought that airspeed was invalid, they were descending rapidly, they didn't have a horizon, so they thought they were in a dive and trying to pull out. In fact, they were in a deep stall and falling out of the sky.
Argument against: Engine power. If they thought they were in a dive, they'd throttle back. The summary article says they pushed forward at the start of the event (when they were assuming airspeed was accurate and they were stalling.) What it doesn't mention is if they left the power up, or if they pulled it back after the first stall event. If they did, the pilot flying was convinced he was in a dive.
Until I get a full look at the report, I can only speculate. But, right now, based on that summary, the only thing that makes sense is that they thought they were in a screaming dive and needed to get the nose up before they hit Vne.
The plane wasn't flying in normal law, the crew seemed certain that they were not getting accurate airspeed readings, so the question becomes "What did they think the plane was doing?"
We may never know that answer. But I'll put my cards down on this -- if, during the fall, they held the stick back *and* pulled power back, they were assuming that they were in a dive. If they thought they were in a dive, and they pulled the stick back and power back, then they were doing exactly what they were taught to do. The problem isn't the actions, it was not recognizing the problem and using the wrong recovery. The question then becomes "Why did they think they were in a dive when they were in a deep stall?"
If they left power up, then things get more confusing, because then they're taking contradictory actions -- they're pulling up to avoid a dive, but powering up to avoid stall. If you're diving, gaining airspeed is automatic. If your stalling, pulling up is the wrong thing to do, period.
Finally: The French Aviation Authority is infamous for, in the past, using this rule to investigate crashes. If the plane wasn't French, it was a mechanical flaw. If it was, it was pilot error. I really wish we could have NTSB, AAIB, or JAXA on this, who have no problems telling it like it is. I heard that BEA has taken steps to correct this, but having seen far too many minority reports of "The pilots were idiots" when an Airbus or ATR fell out of the sky from them, I'm not automatically willing to assume that their first cut description is correct -- esp. without full cockpit transcripts and data recorders being released.
Call me a cynical, untrusting bastard if you must. I'm not sure I could argue with that.
posted by eriko at 8:55 AM on June 17, 2011 [10 favorites]
"Thanks, Hello Dad, I'm in Jail. I had no idea what tailplane stall can do."
posted by hat_eater at 9:55 AM
Seconded, with thanks, here, too. Moreover, the nature of tailplane stall due to icing, as a phenomenon aggravated often at low altitude on landing approach by normal landing configuration changes, and for which recognition and immediate correct recovery action is necessary, will make me a lot more willing to reverse configuration changes early and fast, and go around on any control feel deviation during landings.
posted by paulsc at 8:58 AM on June 17, 2011
posted by hat_eater at 9:55 AM
Seconded, with thanks, here, too. Moreover, the nature of tailplane stall due to icing, as a phenomenon aggravated often at low altitude on landing approach by normal landing configuration changes, and for which recognition and immediate correct recovery action is necessary, will make me a lot more willing to reverse configuration changes early and fast, and go around on any control feel deviation during landings.
posted by paulsc at 8:58 AM on June 17, 2011
octothorpe: "6. The pilots continued to pitch the nose up and gun the engines, until the plane was flying at such an extreme attitude that the stall warnings ceased because the attitude was considered invalid and must be a mistake
So that's not a training issue, that's a grossly mis-designed piece of software"
Exactly that.
posted by wierdo at 8:58 AM on June 17, 2011 [1 favorite]
So that's not a training issue, that's a grossly mis-designed piece of software"
Exactly that.
posted by wierdo at 8:58 AM on June 17, 2011 [1 favorite]
Oh, yeah: My previous guess (high altitude windshear leading to exceeding Vne and breakup) was wrong. But until we got the black boxes, we could only guess based on very limited data of what happened to the plane (It was flying, then it apparently had some instrumentation failure and fell out of the sky.)
Hmm. There were a bunch of ACARS messages that we telling us that the plane was, at best, confused. Now they're saying that no, really, there was a brief airspeed indication loss, but everything was fine, the pilots were dumb.
I'm not sure if I buy that. Why were those messages sent? What was the plane telling the pilots?
posted by eriko at 8:59 AM on June 17, 2011
Hmm. There were a bunch of ACARS messages that we telling us that the plane was, at best, confused. Now they're saying that no, really, there was a brief airspeed indication loss, but everything was fine, the pilots were dumb.
I'm not sure if I buy that. Why were those messages sent? What was the plane telling the pilots?
posted by eriko at 8:59 AM on June 17, 2011
Clearly eriko and others understand this world a lot better than I do. One question that pops into my mind though is that could not a simple cup of water shown that they their angle of attack was way above the horizon as opposed to them thinking they 'were in a screaming dive' as eriko said?
I appreciate they were wildly disorientated and did not trust the information displayed on their instruments.
posted by numberstation at 9:00 AM on June 17, 2011 [1 favorite]
I appreciate they were wildly disorientated and did not trust the information displayed on their instruments.
posted by numberstation at 9:00 AM on June 17, 2011 [1 favorite]
I don't think they were confused about being in a dive or not. You have to remember this was not exactly clear air they were flying through: they had flown right into the mother of all thunderstorms which had been masked on their weather radar by two storms in front of it, which they'd slipped between.
So they were in a tricky situation before the Pitot tubes iced up. Once the tubes iced and they lost airspeed indications and therefore autopilot, they were now trying to fly through a massive storm cell manually. They probably tried to gain altitude to get above the weather, but doing so robbed them of airspeed and put them in stall - which may not have been at all obvious given the turbulence they were probably experiencing.
So the engines are on full (takeoff/go-round) and the plane is pitched up -- they're probably thinking there's no possibility of a stall but are not taking into account the thinness of the air which reduces the engine power and the lift at any given speed. One report says they didn't realize they were in a stall until the captain came in. When you are losing altitude at 1000' a minute it takes a lot of guts to put the nose down. It's quite possible they also thought at some point they'd gotten caught in a downdraft.
posted by unSane at 9:17 AM on June 17, 2011
So they were in a tricky situation before the Pitot tubes iced up. Once the tubes iced and they lost airspeed indications and therefore autopilot, they were now trying to fly through a massive storm cell manually. They probably tried to gain altitude to get above the weather, but doing so robbed them of airspeed and put them in stall - which may not have been at all obvious given the turbulence they were probably experiencing.
So the engines are on full (takeoff/go-round) and the plane is pitched up -- they're probably thinking there's no possibility of a stall but are not taking into account the thinness of the air which reduces the engine power and the lift at any given speed. One report says they didn't realize they were in a stall until the captain came in. When you are losing altitude at 1000' a minute it takes a lot of guts to put the nose down. It's quite possible they also thought at some point they'd gotten caught in a downdraft.
posted by unSane at 9:17 AM on June 17, 2011
could not a simple cup of water shown that they their angle of attack
In a moving aircraft, you've got more forces than just gravity. If you watch this video starting at 2 min, you can do a complete roll, and that cup of water will never know.
posted by bitmage at 9:56 AM on June 17, 2011 [8 favorites]
In a moving aircraft, you've got more forces than just gravity. If you watch this video starting at 2 min, you can do a complete roll, and that cup of water will never know.
posted by bitmage at 9:56 AM on June 17, 2011 [8 favorites]
they didn't have a horizon
Not true. Backup horizon at least, and furthermore there is no indication that they lost anything else but airspeed. This is one of the great difficulties of the crash, that they apparently completely ignored basic instrumentation. I also observe that this has led many observers to dismiss the official report of the data, despite the credibility of the BEA, and I suspect that this will be one of those enduring mythological crashes along with AA 587 and the Concorde crash that will forever be shrouded in conspiracy theories.
posted by Catfry at 9:58 AM on June 17, 2011
Not true. Backup horizon at least, and furthermore there is no indication that they lost anything else but airspeed. This is one of the great difficulties of the crash, that they apparently completely ignored basic instrumentation. I also observe that this has led many observers to dismiss the official report of the data, despite the credibility of the BEA, and I suspect that this will be one of those enduring mythological crashes along with AA 587 and the Concorde crash that will forever be shrouded in conspiracy theories.
posted by Catfry at 9:58 AM on June 17, 2011
Actually those are bad examples. More like Mulhouse-Habsheim or Perpignan, you often hear dark mutterings about the intransigence of the French and supposed conspiratorial tampering with the evidence.
posted by Catfry at 10:00 AM on June 17, 2011
posted by Catfry at 10:00 AM on June 17, 2011
...the captain re-entered the cockpit. What role he played subsequently is not clear yet, because the full cockpit voice recorder content has not been published.
It seems like this story may be changing a bit when we know what was said in the cockpit. For now, it's just instrument recordings.
posted by warbaby at 10:13 AM on June 17, 2011
The failsafe old-school device is supposed to be the pilot.
One of the classical ironies of automation.
If the pilot:
* rarely flies the airplane themselves
* and when they do fly the airplane, they're actually flying a layer of control software overtop of the airplane
* and when things get *Really Hairy*, the autopilot and the layer of control software both bail out, leaving the pilot holding the bag
What do you think will happen to most pilots over time?
Pilots with deep experience flying manually retire, and the new generation adapt to being supervisory controllers. Overall system performance improves for routine cases, still fails in extreme cases.
posted by anthill at 10:15 AM on June 17, 2011 [2 favorites]
One of the classical ironies of automation.
If the pilot:
* rarely flies the airplane themselves
* and when they do fly the airplane, they're actually flying a layer of control software overtop of the airplane
* and when things get *Really Hairy*, the autopilot and the layer of control software both bail out, leaving the pilot holding the bag
What do you think will happen to most pilots over time?
Pilots with deep experience flying manually retire, and the new generation adapt to being supervisory controllers. Overall system performance improves for routine cases, still fails in extreme cases.
posted by anthill at 10:15 AM on June 17, 2011 [2 favorites]
One of the great problems of instrument failure is that the instruments very rarely tell you they've failed. The typical failure mode is just showing you bad data. This makes flying require a lot of judgement calls, and sometimes people make bad judgements.
The pilots here were faced with a clear case of some sort of instrument failure: the pitot airspeed was obviously wrong at some point, so they appear to suspect it is faulty even once the icing clears and the instrument starts working again. (Why else would you hold stick-back when your airspeed shows you're in a stall?) Unfortunately, they apparently failed to believe the other instruments that showed attitude and altitude. It seems you have two possible situations:
1. you're in a dive, so try to get the nose up and reduce speed. This would require you to disbelieve airspeed & attitude indicator (artificial horizon), but believe altitude.
2. you're in a stall, so try to get the nose down and regain speed. This would require you to disbelieve... nothing? The warning system? Everything else in the cockpit is indicating you're stalled and falling out of the sky. Low airspeed, high AOA, decreasing altitude.
Armchair pilot: it seems like they made a good educated guess early on but failed to change their minds when other evidence started accumulating that their guess wasn't right. I've only ever been in one aircraft emergency, but three minutes in that case would've been a goddamned eternity to re-evaluate your decisions.
posted by introp at 10:20 AM on June 17, 2011 [1 favorite]
The pilots here were faced with a clear case of some sort of instrument failure: the pitot airspeed was obviously wrong at some point, so they appear to suspect it is faulty even once the icing clears and the instrument starts working again. (Why else would you hold stick-back when your airspeed shows you're in a stall?) Unfortunately, they apparently failed to believe the other instruments that showed attitude and altitude. It seems you have two possible situations:
1. you're in a dive, so try to get the nose up and reduce speed. This would require you to disbelieve airspeed & attitude indicator (artificial horizon), but believe altitude.
2. you're in a stall, so try to get the nose down and regain speed. This would require you to disbelieve... nothing? The warning system? Everything else in the cockpit is indicating you're stalled and falling out of the sky. Low airspeed, high AOA, decreasing altitude.
Armchair pilot: it seems like they made a good educated guess early on but failed to change their minds when other evidence started accumulating that their guess wasn't right. I've only ever been in one aircraft emergency, but three minutes in that case would've been a goddamned eternity to re-evaluate your decisions.
posted by introp at 10:20 AM on June 17, 2011 [1 favorite]
Could someone explain whether storm conditions/technology would have prevented the use of GPS as a backup source of altitude/airspeed data? On a recent trip into the middle of nowhere, I was surprised to find how capable the GPS built into my cellphone is, without any comms reception at all. It's only positionally accurate to within 15m or so, but zipping around the mountains in a car, it tracked the actual speed/heading/angle of climb/descent far better and faster than I had expected (from a consumer device).
It's mystifying to me that the pitot tubes ice up, and a) there isn't a temperature/flow sensor in them to indicate that that might have happened b) there aren't alternate instruments measuring airspeed that will raise an alarm if some divergence in readings occurs. Or more accurately, it's mystifying to me that such systems weren't sufficiently available and reliable to get the pilots out of trouble in this instance.
posted by anigbrowl at 10:49 AM on June 17, 2011
It's mystifying to me that the pitot tubes ice up, and a) there isn't a temperature/flow sensor in them to indicate that that might have happened b) there aren't alternate instruments measuring airspeed that will raise an alarm if some divergence in readings occurs. Or more accurately, it's mystifying to me that such systems weren't sufficiently available and reliable to get the pilots out of trouble in this instance.
posted by anigbrowl at 10:49 AM on June 17, 2011
More armchair (a few hrs in an ultralight) piloting:
I think the Airbus has far too many 'hidden' inputs on the flight model. Coming from the world of cable-and-pulley controls, you'd think that autopilot off means you have total control. On fly-by-wire you never do, and the computer may be interpreting your inputs through unexpected models.
It sounds like, by the time they sorted the pitot issue, they were in a nose-high mushing descent with the wings completely stalled. Airspeed is untrustworthy, wings are level, why are we still descending? Stick forward, alarms start to scream. Stick back.
The silencing of alarms when airspeed drops below 60kt is a _bad_ design issue. You get silence for two modes: 'everything's ok', and for 'sensor inputs are unbelievable, ignoring'.
The quick bit about the horizontal stabilizer position being auto-trimmed is disturbing. If I'm understanding it correctly, keeping the stick back activated some sort of trimming function that would be 'zeroing' the stabilizer in a high-angle position. This would make pushing the stick forward less effective, and further confuse the issue. You end up with a plane that is in a very different configuration than the pilot's mental model thinks it is.
posted by bitmage at 10:50 AM on June 17, 2011 [1 favorite]
I think the Airbus has far too many 'hidden' inputs on the flight model. Coming from the world of cable-and-pulley controls, you'd think that autopilot off means you have total control. On fly-by-wire you never do, and the computer may be interpreting your inputs through unexpected models.
It sounds like, by the time they sorted the pitot issue, they were in a nose-high mushing descent with the wings completely stalled. Airspeed is untrustworthy, wings are level, why are we still descending? Stick forward, alarms start to scream. Stick back.
The silencing of alarms when airspeed drops below 60kt is a _bad_ design issue. You get silence for two modes: 'everything's ok', and for 'sensor inputs are unbelievable, ignoring'.
The quick bit about the horizontal stabilizer position being auto-trimmed is disturbing. If I'm understanding it correctly, keeping the stick back activated some sort of trimming function that would be 'zeroing' the stabilizer in a high-angle position. This would make pushing the stick forward less effective, and further confuse the issue. You end up with a plane that is in a very different configuration than the pilot's mental model thinks it is.
posted by bitmage at 10:50 AM on June 17, 2011 [1 favorite]
Could someone explain whether storm conditions/technology would have prevented the use of GPS as a backup source of altitude/airspeed data?
What is important in figuring out whether you are close to stall speed is your speed through the local air mass, as well as the density of that air mass. The flow of air over your wings generates lift. Thin air generates less lift so you need to go faster.
Gps do not tell you your speed through the local air. It tells you the speed over the ground, but since the air can and do move, the air flow over your wing could be substantially faster or slower than what your ground speed indicates. This discrepancy between ground speed and air speed is unacceptable, and thus GPS is not used, not even for backup.
Air density also varies at any given altitude and so you have the same problem.
Pitot probes is the most reliable technology available for measuring local air speed and triple instrumentation redundancy is normal.
No commercial planes from any manufacturer use anything else, to my knowledge.
posted by Catfry at 11:10 AM on June 17, 2011
What is important in figuring out whether you are close to stall speed is your speed through the local air mass, as well as the density of that air mass. The flow of air over your wings generates lift. Thin air generates less lift so you need to go faster.
Gps do not tell you your speed through the local air. It tells you the speed over the ground, but since the air can and do move, the air flow over your wing could be substantially faster or slower than what your ground speed indicates. This discrepancy between ground speed and air speed is unacceptable, and thus GPS is not used, not even for backup.
Air density also varies at any given altitude and so you have the same problem.
Pitot probes is the most reliable technology available for measuring local air speed and triple instrumentation redundancy is normal.
No commercial planes from any manufacturer use anything else, to my knowledge.
posted by Catfry at 11:10 AM on June 17, 2011
The silencing of alarms when airspeed drops below 60kt is a _bad_ design issue. You get silence for two modes: 'everything's ok', and for 'sensor inputs are unbelievable, ignoring'.
The stall warning is generated from the Angle of Attack sensors. These are dependant on air flow above a certain speed to work (They are basically vanes that turn to seek least resistance in the air stream). Below 60 kts (reported from the pitots) the airplane diregards their data because it cannot determine what actual AoA is.
posted by Catfry at 11:17 AM on June 17, 2011
The stall warning is generated from the Angle of Attack sensors. These are dependant on air flow above a certain speed to work (They are basically vanes that turn to seek least resistance in the air stream). Below 60 kts (reported from the pitots) the airplane diregards their data because it cannot determine what actual AoA is.
posted by Catfry at 11:17 AM on June 17, 2011
I follow that, but if you're flying (gear is up) and showing less than 60kt something is wrong. The pilot needs a clear warning of 'no airspeed!' at that point. Having the alarms go quiet implies to a pilot dealing with a confusing situation that things are getting better.
posted by bitmage at 11:39 AM on June 17, 2011
posted by bitmage at 11:39 AM on June 17, 2011
I suspect they do get an alarm about dangerous air speed on the Ecam, just not an audible stall warning.
(note I'm not actually someone who knows everything about Airbuses, I just really like to read the discussions on airliners.net. I have repeated here what I have read over there)
posted by Catfry at 11:48 AM on June 17, 2011
(note I'm not actually someone who knows everything about Airbuses, I just really like to read the discussions on airliners.net. I have repeated here what I have read over there)
posted by Catfry at 11:48 AM on June 17, 2011
Gps do not tell you your speed through the local air. It tells you the speed over the ground, but since the air can and do move, the air flow over your wing could be substantially faster or slower than what your ground speed indicates. This discrepancy between ground speed and air speed is unacceptable, and thus GPS is not used, not even for backup.
I get that part, and why you might have sudden large discontinuities even under good conditions. But what does this have to do with things like altitude and AoA? Sorry for asking such a naive question, but I'm having difficulty seeing how the pilots are better off without any ground-relative data if the local air data is invalid or completely confusing.
I've seen birds essentially hovering in place in a stiff wind, I appreciate that you might be flying safely and have a ground speed of 0kt. And I appreciate that air moves up and down as well as horizontally, so that there are similar considerations for AoA. I'm just baffled as to how these pilots seemed unaware that they were in a steep climb at a high altitude and essentially falling gracefully downwards.
posted by anigbrowl at 11:52 AM on June 17, 2011
I get that part, and why you might have sudden large discontinuities even under good conditions. But what does this have to do with things like altitude and AoA? Sorry for asking such a naive question, but I'm having difficulty seeing how the pilots are better off without any ground-relative data if the local air data is invalid or completely confusing.
I've seen birds essentially hovering in place in a stiff wind, I appreciate that you might be flying safely and have a ground speed of 0kt. And I appreciate that air moves up and down as well as horizontally, so that there are similar considerations for AoA. I'm just baffled as to how these pilots seemed unaware that they were in a steep climb at a high altitude and essentially falling gracefully downwards.
posted by anigbrowl at 11:52 AM on June 17, 2011
I think most of the warnings are designed to sound of to prevent entering a stall. The problem is when you actually manage to ignore them and develop a full stall the instruments can no longer tell you good info.
posted by Catfry at 11:52 AM on June 17, 2011
posted by Catfry at 11:52 AM on June 17, 2011
anigbrowl:
I personally think those pilots would not have been better of with more info. As far as I can tell from the preliminary note, they had all normal data except air speed. They had altitude. They had attitude. Both the normal and the backup horizon. Nothing was wrong with any of that data.
I cannot tell whether GPS would be a good idea as a backup altitude indicator. But in this particular incident it isn't actually relevant. And I can't see how GPS would be able to tell you Angle of Attack?
I'm just baffled as to how these pilots seemed unaware that they were in a steep climb at a high altitude and essentially falling gracefully downwards.
Yes. This is the mystery.
posted by Catfry at 12:02 PM on June 17, 2011
I personally think those pilots would not have been better of with more info. As far as I can tell from the preliminary note, they had all normal data except air speed. They had altitude. They had attitude. Both the normal and the backup horizon. Nothing was wrong with any of that data.
I cannot tell whether GPS would be a good idea as a backup altitude indicator. But in this particular incident it isn't actually relevant. And I can't see how GPS would be able to tell you Angle of Attack?
I'm just baffled as to how these pilots seemed unaware that they were in a steep climb at a high altitude and essentially falling gracefully downwards.
Yes. This is the mystery.
posted by Catfry at 12:02 PM on June 17, 2011
Oh another thing. I think you think that introducing an independent data source for their situation would be something they could go to in case all 'their' systems seized up. I think the problem is one of determing what systems are actually wrong and what you can trust. In this case they seemed to distrust more systems than were actually wrong. Who is to say they wouldn't distrust GPS if they had that?
posted by Catfry at 12:07 PM on June 17, 2011
posted by Catfry at 12:07 PM on June 17, 2011
Sorry catfry, I was using AoA when I meant attitude.
posted by anigbrowl at 12:08 PM on June 17, 2011
posted by anigbrowl at 12:08 PM on June 17, 2011
I haven't read this but I suspect another reason not to use GPS is it just isn't accurate enough consistently enough. The critical phases of flight are during takeoff and landing. The vast vast number of accidents occur here. Accidents in Cruise are very rare (Also one reason this crash is so exceptional), and it just isn't worth it to marginally improve the situation in cruise if it means introducing instrumentation that is potentially dangerous during landing or takeoff.
posted by Catfry at 12:22 PM on June 17, 2011
posted by Catfry at 12:22 PM on June 17, 2011
In this case they seemed to distrust more systems than were actually wrong.
Is there a sequence of maneuvers they could have performed to determine which instruments could be trusted? 'Maneuver x has effect y on instrument a, that means the air speed is accurate.'
I keep remembering something that an aviation correspondent said a few weeks back when they first announced finding the boxes. He spun a scenario where the pilots got hung up solving a problem, and because they were over-tired either over-focused on the problem or just failed to notice that the plane was descending. I suppose the current data doesn't preclude that analysis. Either way, I get a dark shiver thinking about what it must have felt like to realize you were about to hit.
(And I keep wondering still how it was that one young girl was able to survive.)
posted by lodurr at 1:00 PM on June 17, 2011
Is there a sequence of maneuvers they could have performed to determine which instruments could be trusted? 'Maneuver x has effect y on instrument a, that means the air speed is accurate.'
I keep remembering something that an aviation correspondent said a few weeks back when they first announced finding the boxes. He spun a scenario where the pilots got hung up solving a problem, and because they were over-tired either over-focused on the problem or just failed to notice that the plane was descending. I suppose the current data doesn't preclude that analysis. Either way, I get a dark shiver thinking about what it must have felt like to realize you were about to hit.
(And I keep wondering still how it was that one young girl was able to survive.)
posted by lodurr at 1:00 PM on June 17, 2011
Is there a sequence of maneuvers they could have performed to determine which instruments could be trusted? 'Maneuver x has effect y on instrument a, that means the air speed is accurate.'
In hindsight yes, but people are generally not good at doing hypothesis-and-test style troubleshooting, nevermind when late at night while saturated with adrenalin and with alarms going off. And with only a few minutes in which to act, a procedure might have taken too long, even if there was one buried in with the rest of the manuals.
Troubleshooting against the real world and troubleshooting against a software system requires different strategies. Improving airplane control system design to make humans' intuitive troubleshooting strategies more effective might be what needs to happen...
posted by anthill at 1:15 PM on June 17, 2011
In hindsight yes, but people are generally not good at doing hypothesis-and-test style troubleshooting, nevermind when late at night while saturated with adrenalin and with alarms going off. And with only a few minutes in which to act, a procedure might have taken too long, even if there was one buried in with the rest of the manuals.
Troubleshooting against the real world and troubleshooting against a software system requires different strategies. Improving airplane control system design to make humans' intuitive troubleshooting strategies more effective might be what needs to happen...
posted by anthill at 1:15 PM on June 17, 2011
I did say that they seemed to distrust their instruments, but only because that is one of the few reasons I can come up with for why they behaved the way they did. I don't actually know that they did.
I think the procedure when distrusting a particular instrument is to cross reference with other types of instruments. If your air speed disappears you look at your thrust settings and the state of the engines. Then you look at where your nose is pointing. Taken together, these should tell you if your air speed makes sense or not. It's a bigger problem if you lose confidence in more than one instrument.
It is also supposed to be the non flying pilot that does this, while the flying pilot concentrates on flying 'pitch and power', basically pointing the nose slightly upwards, wings level, and power at a high setting. This should keep the plane stable at any altitude, giving time for troubleshooting.
posted by Catfry at 1:25 PM on June 17, 2011
I think the procedure when distrusting a particular instrument is to cross reference with other types of instruments. If your air speed disappears you look at your thrust settings and the state of the engines. Then you look at where your nose is pointing. Taken together, these should tell you if your air speed makes sense or not. It's a bigger problem if you lose confidence in more than one instrument.
It is also supposed to be the non flying pilot that does this, while the flying pilot concentrates on flying 'pitch and power', basically pointing the nose slightly upwards, wings level, and power at a high setting. This should keep the plane stable at any altitude, giving time for troubleshooting.
posted by Catfry at 1:25 PM on June 17, 2011
Some supplemental info. I grabbed this off a flying website which was a repost from AvWeb:
Posted on AvWeb:
Airbuses Fly "Like a Video Game" I would like to offer my comments and perspective with regard to the Air France Flight 447 accident. I have been a A-330 captain since 2003 and have over 4500 hours in the aircraft. While many A-320 pilots undoubtedly have more series time, I believe this probably makes me one of the most experienced A330 pilots in the world.
When asked how I like the aircraft, I tell people that there is likely no easier airplane to take over an ocean, and that the systems design and presentation is superb. That said, the automation is more complex and less intuitive than necessary, and the pilot-aircraft interface is unlike that of a conventional aircraft. Most important with regard to this accident is the fly-by-wire sidestick control. The sidestick itself has a very limited range of motion, making inadvertent over-control very easy. Of even greater significance, the stick itself provides no "feel" feedback to the pilot. That is, unlike a conventional aircraft, the pilot does not get a sense through pressure of how much input is being sent to the control surfaces. The most important advice I give to pilots new to the Airbus is to treat the aircraft not as an airplane, but as a video game. If you wait for the sidestick to tell you what you are doing, you will never get an answer.
Taking into consideration that Air France 447 was at FL 350 (where the safe speed envelope is relatively narrow), that they were in the weather at night with no visible horizon, and that they were likely experiencing at least moderate turbulence, it does not surprise me in the least that the pilots lost control of the aircraft shortly after the autopilot and autothrust disconnected.
Let's keep in mind that these are not ideal conditions for maintaining controlled flight manually, especially when faced with a sudden onslaught of warning messages, loss of autofllght, confusing airspeed indications, and reversion to "alternate law" flight control, in which certain flight envelope protections are lost.
A very bad Airbus design feature is thrust levers that do not move while in autothrust. They are instead set in a detent which would equal climb trust in manual mode. If the pilots did not reset the thrust levers to equal the last cruise power setting, they likely eventually ended up in climb power, making it difficult to reset the proper cruise power setting and adding to what was likely already a great deal of confusion.
But the real problem probably occurred immediately after the pilot flying grabbed the sidestick and took over manually. Unfortunately, airline pilots rarely practice hand-flying at high altitude, and almost never do so without autothrust engaged. As a result, we forget that the aircraft is very sensitive to control inputs at high altitude, and overcontrol is the usual result. Because the Airbus sidestick provides no feedback "feel" to the pilot, this problem is dramatically compounded in this aircraft.
I believe the Air France pilot grabbed the sidestick, made an immediate input (because as pilots, that's what we tend to do), and quickly became quite confused as to what the aircraft was truly doing. This confusion likely was exacerbated by fixating on airspeed indications that made no sense while trying to find a power setting with no airspeed guidance.
When transitioning from autopilot to manual control at altitude in the Airbus, the most important thing to do at first is nothing. Don't move a thing, and then when you do, gently take hold of the sidestick and make very small inputs, concentrating on the flight director (which, in altitude hold, should still have been providing good guidance). Of course, this is much easier said than done with bells and whistles going off all over the place, moderate turbulence and a bunch of thunderstorms in the area. As I said before, treat it like a video game.
So why did the Air France pilot find himself at the limits of sidestick travel, and then just stay there, maintaining a control input that simply could not logically be correct? When things go really bad and we are under intense pressure, it is human nature to revert to what we know from previous experience. Remember, the Airbus flies like no other aircraft in that the sidestick provides no feedback to the pilot. It is a video game, not an airplane.
I believe the Air France pilot unintentionally fell back on all of his previous flying experience, in which aircraft controls "talkedF" to him when he moved them. Distracted by many confusing inputs, he instinctively expected to be able to control the aircraft by "feel" while dividing his attention to address other matters. I've seen it happen in the simulator, and in an Airbus this is a sure way to lose control of the aircraft and is possibly the most dangerous aspect of Airbus design philosophy.
One last note: Airbus pilots often claim that the aircraft "can not be stalled." When the flight controls are in "normal law" this is a reasonably true statement. However, in "alternate law," as was the case here, stall protection can be lost. If we ever practiced this in the simulator, I don't remember it.
Lest anyone think I am blaming the Air France pilots for this accident, let me be clear. Despite all of my experience in the aircraft, I am not the least bit certain that I would have been able to maintain control under the same circumstances. I do feel certain that were you to spring this scenario on pilots in a simulator without warning less than half of them would have a successful outcome. Safely flying the 320, 330 and 340-series Airbus requires something of a non-pilot mindset.
Name Withheld
Editor's Note: We have spoken with the writer of this letter to confirm his identity and honored his request for anonymity. For another analysis of the trials and challenges of flying an A330, be sure to listen to Friday's podcast with airline pilot Jason Goldberg.
posted by Thistledown at 1:40 PM on June 17, 2011 [13 favorites]
Posted on AvWeb:
Airbuses Fly "Like a Video Game" I would like to offer my comments and perspective with regard to the Air France Flight 447 accident. I have been a A-330 captain since 2003 and have over 4500 hours in the aircraft. While many A-320 pilots undoubtedly have more series time, I believe this probably makes me one of the most experienced A330 pilots in the world.
When asked how I like the aircraft, I tell people that there is likely no easier airplane to take over an ocean, and that the systems design and presentation is superb. That said, the automation is more complex and less intuitive than necessary, and the pilot-aircraft interface is unlike that of a conventional aircraft. Most important with regard to this accident is the fly-by-wire sidestick control. The sidestick itself has a very limited range of motion, making inadvertent over-control very easy. Of even greater significance, the stick itself provides no "feel" feedback to the pilot. That is, unlike a conventional aircraft, the pilot does not get a sense through pressure of how much input is being sent to the control surfaces. The most important advice I give to pilots new to the Airbus is to treat the aircraft not as an airplane, but as a video game. If you wait for the sidestick to tell you what you are doing, you will never get an answer.
Taking into consideration that Air France 447 was at FL 350 (where the safe speed envelope is relatively narrow), that they were in the weather at night with no visible horizon, and that they were likely experiencing at least moderate turbulence, it does not surprise me in the least that the pilots lost control of the aircraft shortly after the autopilot and autothrust disconnected.
Let's keep in mind that these are not ideal conditions for maintaining controlled flight manually, especially when faced with a sudden onslaught of warning messages, loss of autofllght, confusing airspeed indications, and reversion to "alternate law" flight control, in which certain flight envelope protections are lost.
A very bad Airbus design feature is thrust levers that do not move while in autothrust. They are instead set in a detent which would equal climb trust in manual mode. If the pilots did not reset the thrust levers to equal the last cruise power setting, they likely eventually ended up in climb power, making it difficult to reset the proper cruise power setting and adding to what was likely already a great deal of confusion.
But the real problem probably occurred immediately after the pilot flying grabbed the sidestick and took over manually. Unfortunately, airline pilots rarely practice hand-flying at high altitude, and almost never do so without autothrust engaged. As a result, we forget that the aircraft is very sensitive to control inputs at high altitude, and overcontrol is the usual result. Because the Airbus sidestick provides no feedback "feel" to the pilot, this problem is dramatically compounded in this aircraft.
I believe the Air France pilot grabbed the sidestick, made an immediate input (because as pilots, that's what we tend to do), and quickly became quite confused as to what the aircraft was truly doing. This confusion likely was exacerbated by fixating on airspeed indications that made no sense while trying to find a power setting with no airspeed guidance.
When transitioning from autopilot to manual control at altitude in the Airbus, the most important thing to do at first is nothing. Don't move a thing, and then when you do, gently take hold of the sidestick and make very small inputs, concentrating on the flight director (which, in altitude hold, should still have been providing good guidance). Of course, this is much easier said than done with bells and whistles going off all over the place, moderate turbulence and a bunch of thunderstorms in the area. As I said before, treat it like a video game.
So why did the Air France pilot find himself at the limits of sidestick travel, and then just stay there, maintaining a control input that simply could not logically be correct? When things go really bad and we are under intense pressure, it is human nature to revert to what we know from previous experience. Remember, the Airbus flies like no other aircraft in that the sidestick provides no feedback to the pilot. It is a video game, not an airplane.
I believe the Air France pilot unintentionally fell back on all of his previous flying experience, in which aircraft controls "talkedF" to him when he moved them. Distracted by many confusing inputs, he instinctively expected to be able to control the aircraft by "feel" while dividing his attention to address other matters. I've seen it happen in the simulator, and in an Airbus this is a sure way to lose control of the aircraft and is possibly the most dangerous aspect of Airbus design philosophy.
One last note: Airbus pilots often claim that the aircraft "can not be stalled." When the flight controls are in "normal law" this is a reasonably true statement. However, in "alternate law," as was the case here, stall protection can be lost. If we ever practiced this in the simulator, I don't remember it.
Lest anyone think I am blaming the Air France pilots for this accident, let me be clear. Despite all of my experience in the aircraft, I am not the least bit certain that I would have been able to maintain control under the same circumstances. I do feel certain that were you to spring this scenario on pilots in a simulator without warning less than half of them would have a successful outcome. Safely flying the 320, 330 and 340-series Airbus requires something of a non-pilot mindset.
Name Withheld
Editor's Note: We have spoken with the writer of this letter to confirm his identity and honored his request for anonymity. For another analysis of the trials and challenges of flying an A330, be sure to listen to Friday's podcast with airline pilot Jason Goldberg.
posted by Thistledown at 1:40 PM on June 17, 2011 [13 favorites]
not sure if it was mentioned it upthread but it somehow seems relevant that it was the same Airbus (albeit A320) fly-by-wire technology that contributed to the successful ditch of Flight 1549 in the Hudson. The hagiography of Captain Sullenberger aside, a lot of the work was done for the crew through the excellent/innovative engineering in the flight control system.
posted by lomcovak at 1:56 PM on June 17, 2011
posted by lomcovak at 1:56 PM on June 17, 2011
Thistledown, thanks for that post. I can totally see this happening.
posted by Xoebe at 2:15 PM on June 17, 2011
posted by Xoebe at 2:15 PM on June 17, 2011
I've never flown a plane, but many video games now incorporate some form of physical feedback to the player when they're performing an action. I have to say I'm really surprised that airplane fly-by-wire controls do not Is that true of all of them, military, Boeing, etc.? Or is this an Airbus peculiarity.
posted by longdaysjourney at 3:05 PM on June 17, 2011
posted by longdaysjourney at 3:05 PM on June 17, 2011
(oops, there should be a period after "not." Sorry about that.)
posted by longdaysjourney at 3:07 PM on June 17, 2011
posted by longdaysjourney at 3:07 PM on June 17, 2011
Airbus planes do not have feedback in the sidestick control and they do not have auto moving thrust levers, like some planes do. It is however not particularly an Airbus thing not to have these things.
I think it is one of these things that there has been a debate about whether or not it is a good thing for decades.
posted by Catfry at 3:16 PM on June 17, 2011
I think it is one of these things that there has been a debate about whether or not it is a good thing for decades.
posted by Catfry at 3:16 PM on June 17, 2011
It's become very popular in the past quarter-century to blame dead operators in public transportation failures ... planes, trains, boats, whatever. Drugs are the usual excuse.
In this disaster it might be revealing to ask: What if the pilots didn't screw up? but did the best they could with the information they had in a plane that had gone bad. The question "why didn't they notice their basic instrumentation" might be answered with "there wasn't any." Or mechanical failure - for example, a 1985 crash that killed 520 was the result of a bad repair.
$$Hundreds of millions at stake sometimes makes some evidence hard to see.
posted by Twang at 5:26 PM on June 17, 2011
In this disaster it might be revealing to ask: What if the pilots didn't screw up? but did the best they could with the information they had in a plane that had gone bad. The question "why didn't they notice their basic instrumentation" might be answered with "there wasn't any." Or mechanical failure - for example, a 1985 crash that killed 520 was the result of a bad repair.
$$Hundreds of millions at stake sometimes makes some evidence hard to see.
posted by Twang at 5:26 PM on June 17, 2011
"not sure if it was mentioned it upthread but it somehow seems relevant that it was the same Airbus (albeit A320) fly-by-wire technology that contributed to the successful ditch of Flight 1549 in the Hudson. The hagiography of Captain Sullenberger aside, a lot of the work was done for the crew through the excellent/innovative engineering in the flight control system."
posted by lomcovak at 1:56 PM
It may also seem relevant to recall the 2008 near disaster on a crosswind landing of an A320 at Hamburg, which was found on investigation to be due, at least in part, to a flight control software design issue, wherein pilot flight control inputs were ignored during landing, in favor of software limited aileron movements based on wheel speed sensor readings from a single main landing gear (common for an aircraft to touch down first on one or the other main gears, in a crosswind landing).
posted by paulsc at 4:58 PM on June 18, 2011
posted by lomcovak at 1:56 PM
It may also seem relevant to recall the 2008 near disaster on a crosswind landing of an A320 at Hamburg, which was found on investigation to be due, at least in part, to a flight control software design issue, wherein pilot flight control inputs were ignored during landing, in favor of software limited aileron movements based on wheel speed sensor readings from a single main landing gear (common for an aircraft to touch down first on one or the other main gears, in a crosswind landing).
"... The cause of the incident was a quirk in the Airbus A320's flight computer. On the first near-landing, it switched to ground mode -- which, among other things, limits the power of the ailerons and restricts the pilots' power to move them. They had to look on powerlessly as the flight computer took control and put the plane at the mercy of the storm.The Airbus fly-by-wire philosophy may be seen by some to be a noble attempt to improve air safety by limiting the damage of pilot mistakes in crisis situations by intervention of automation and software management, but at least some of the time, fly-by-wire is the cause of control problems, as military operators of fly-by-wire aircraft have long accepted. But in the commercial aircraft world, the continuing flight test operators are airlines, who book, as often as possible, full loads.
Without immediate and forceful counter-steering with the aileron, the plane was unable to withstand the crosswind. It tipped so far that its wingtip hit the runway. Only when the pilot started to ascend again did the flight computer return to flight mode and free the aileron. "Until (an altitutude of) a few meters above the ground, the landing approach was stable," said BFU investigator Reuss. "But the pilots encountered a situation that they could only escape by taking off again."
posted by paulsc at 4:58 PM on June 18, 2011
The Airbus fly-by-wire philosophy may be seen by some to be a noble attempt to improve air safety by limiting the damage of pilot mistakes in crisis situations by intervention of automation and software management, but at least some of the time, fly-by-wire is the cause of control problems,
Right -- and one of the biggest issues is when a pilot is doing what he's been trained to do, and the FBW system is stopping him.
I'd forgotten that the Airbus side stick has basically no motion. Originally, the F-16 stick was like this, and pilots hated it so badly that they finally changed it to move. It still was a force-sensing stick, but the pilots could feel it move, and thus knew where it was.
Boeing is adamant that fixed sidesticks are The Wrong Answer, and still mounts full yolks.
Another factor that seems to indicate that they could not trust the instruments. One of the ACARS messages sent out was "NAV ADR DISAGREE". The ADRIUs are the Air Data Inertial Reference Units. These are what tell the FBW system how the plane is flying, so that it can fly it. Knowing this is critical, so there are three of them.
NAV ADR DISAGREE is a very bad message. What it means: One of the ADRIUs has been declared faulty and thrown out of the FBW loop -- and the other two, still active, disagree. At this point, the FBW does not have a certain source of inertial reference.
I don't know what the pilots were flying to, but there's at least a 50% chance that the instruments were wrong.
posted by eriko at 7:11 PM on June 18, 2011 [1 favorite]
Right -- and one of the biggest issues is when a pilot is doing what he's been trained to do, and the FBW system is stopping him.
I'd forgotten that the Airbus side stick has basically no motion. Originally, the F-16 stick was like this, and pilots hated it so badly that they finally changed it to move. It still was a force-sensing stick, but the pilots could feel it move, and thus knew where it was.
Boeing is adamant that fixed sidesticks are The Wrong Answer, and still mounts full yolks.
Another factor that seems to indicate that they could not trust the instruments. One of the ACARS messages sent out was "NAV ADR DISAGREE". The ADRIUs are the Air Data Inertial Reference Units. These are what tell the FBW system how the plane is flying, so that it can fly it. Knowing this is critical, so there are three of them.
NAV ADR DISAGREE is a very bad message. What it means: One of the ADRIUs has been declared faulty and thrown out of the FBW loop -- and the other two, still active, disagree. At this point, the FBW does not have a certain source of inertial reference.
I don't know what the pilots were flying to, but there's at least a 50% chance that the instruments were wrong.
posted by eriko at 7:11 PM on June 18, 2011 [1 favorite]
I quote the BEA interim report of july 2. 2009
posted by Catfry at 4:57 AM on June 19, 2011 [1 favorite]
NAV ADR DISAGREEThe ADIRU is a box containing two components, IR, inertial reference unit, and ADR, air data reference unit. The fault message indicates that the data from the ADRs are suspect but it is my understanding that inertial data is unaffected.
Meaning: This message indicates that the EFCSs have rejected an ADR, and
then identified an inconsistency between the two remaining ADRs on one of
the monitored parameters.
posted by Catfry at 4:57 AM on June 19, 2011 [1 favorite]
"To make matters worse, engine margins at high altitude are much smaller than at lower flight levels, where pilots can count on a much greater response to power increases."
What does this mean? That at high altitude the air bus is less responsive to power increases? The, "Im doing something but nothing is happening" syndrome...?
If yes, then I don't like this sentence. It would be clearer to say it this way,
"To make matters worse engine margins at high altitude are very small.
At lower flight levels pilots can count on a much greater response to power increases."
"Fact, Fact" is more digestible than, "A or B results in fact C". I'd much rather have a semi-literate fighter ace who will punch you in the face if you talk $#i*, than a literate aeronautics engineer flying my air bus. IMHO. (^_^)
posted by xtian at 9:05 AM on June 19, 2011
What does this mean? That at high altitude the air bus is less responsive to power increases? The, "Im doing something but nothing is happening" syndrome...?
If yes, then I don't like this sentence. It would be clearer to say it this way,
"To make matters worse engine margins at high altitude are very small.
At lower flight levels pilots can count on a much greater response to power increases."
"Fact, Fact" is more digestible than, "A or B results in fact C". I'd much rather have a semi-literate fighter ace who will punch you in the face if you talk $#i*, than a literate aeronautics engineer flying my air bus. IMHO. (^_^)
posted by xtian at 9:05 AM on June 19, 2011
That changes the meaning of the sentence. You have changed a comparative ('much smaller') to an absolute ('very small').
posted by unSane at 10:35 AM on June 19, 2011
posted by unSane at 10:35 AM on June 19, 2011
« Older Anatomy of a spectacularly bad decision | The New Aesthetic Newer »
This thread has been archived and is closed to new comments
posted by schmattakid at 3:42 AM on June 17, 2011