Re: over-automation with glass cockpits

From: (don shifris)
Organization: 1st Solutions Inc.
Date:         04 Aug 96 16:44:56 
References:   1 2
Followups:    1 2
Next article
View raw article
  or MIME structure

In article <airliners.1996.1528@ohare.Chicago.COM>, says...
>In article <airliners.1996.1454@ohare.Chicago.COM>, Rob Tremblay
><> writes:
>>The Airbus has a safety feature that only allows a pilot to pull the
>>maximum g-limit of the airplane- no more. Why would you want to
>>overstress the airframe?
>What if a situation arises where the only way out requires overstressing
>the airplane?  This could be recovery from unusual attitudes, or evasive
>action to avoid traffic or terrain.  There have been accidents where the
>the airframe was overstressed in order to recover.  For certification, the
>airframe must withstand 150% of published G-limits without failure.
>Someday that extra 50% percent may be needed.  From what I've read, Airbus
>FBW doesn't give you that option, even in direct law.  I don't know about
>Boeing's FBW.
There is kind of a fundemental problem here. If we are going to make the pilot
ultiimtely responsible, we better make sure he has ultimate responsibility.
The problems with current situation are pretty well understood. Airbus
airplanes have this nasty habit of second guessing the pilot at very
inopportune times. I suggest you take a good look at the post accident
investigation for the LH A320 that was destroyed on landing at Warsaw. On an
aircraft that didn't second guess the pilot, that landing would have been a
total non-event. Instead the aircraft thought it knew better, and would not
allow the spoilers, reverse thrust, or brakes to be applied because the
aircraft doesn't have enough weight on the gear. Aircraft ends up going right
off the end of the runway and is destroyed. Given the choice between a
guaranteed fatal accident, and possibly overstressing the airframe, I think
most of us would pick the overstressing the airframe. If you overstress the
airframe, the aircraft might crash. If you don't, you are certainly to crash.
That is an easy judgment call.

My other concern is over 'bugs' in this stuff. I have worked in the computer
industry for a long time. People are taught to solve specific problems in
specific ways. The Airbus approach is to use seperate teams, and seperate
hardware to insure this doesn't happen. The problem is that since these people
tend to be educated the same way, they tend to solve the problem the same way,
so it is very likely that the same, possibly bad, underlying assumption were
used in all solutions. I produced a disk driver for a super minicomputer to
address a specific problem. The manufacturer also produced a disk driver to
solve the same problem. Anyone who looked at the resultant machine code would
have concluded that the same person wrote both. I never did find out who wrote
their version, but I never communicated with him. Food for thought.

My opinions anyway