Forgot your password?
typodupeerror
Crime Government The Courts Transportation Your Rights Online

Airbus Faces Charges Over 2009 Rio-Paris Crash 187

Posted by timothy
from the so-don't-design-anything-with-risks dept.
mayberry42 writes "A French judge filed preliminary manslaughter charges Thursday against Airbus over the 2009 crash of an Air France jet — opening a rare criminal investigation against a corporate powerhouse. The order from Judge Sylvie Zimmerman targeting the European planemaker centers on the June 2009 crash into the Atlantic of an Airbus A330 bound for Paris from Rio de Janeiro, killing all 228 people on board."
This discussion has been archived. No new comments can be posted.

Airbus Faces Charges Over 2009 Rio-Paris Crash

Comments Filter:
  • by MrEricSir (398214) on Friday March 18, 2011 @01:59AM (#35526818) Homepage

    Forgive me for not knowing much about French law, but what happens if a corporation is found guilty of manslaughter?

    Can specific people be held accountable, is there a fine against the company, etc?

    • by cappp (1822388) on Friday March 18, 2011 @02:33AM (#35526958)
      I'm assuming the French law is similar to the UK one in that the outcome is pretty much financial with a dash of policy change. Corporate Manslaughter [wikipedia.org] in the UK is governed by the Corporate Manslaughter and Corporate Homicide Act 2007 [legislation.gov.uk] which notes that:

      A court before which an organisation is convicted of corporate manslaughter or corporate homicide may make an order (a “remedial order”) requiring the organisation to take specified steps to remedy—

      (a)the breach mentioned in section 1(1) (“the relevant breach”);
      (b)any matter that appears to the court to have resulted from the relevant breach and to have been a cause of the death;
      (c)any deficiency, as regards health and safety matters, in the organisation's policies, systems or practices of which the relevant breach appears to the court to be an indication.

      There is however no personal responsibility assigned i.e. the employees aren't found guilty of aiding or abetting.

      • by arivanov (12034) on Friday March 18, 2011 @03:12AM (#35527092) Homepage

        First, it is not. French law is Napoleonic law and it is extremely strict on the concept of "innocent until proven guilty". The Blair style playing fast and lose with it and declaring all management guilty until proven innocent in an H&S case as per UK H&S legislation is impossible there. No comment who exactly sponsored Blair to push that one.

        Second, for the time being the charge is mostly a formality. This allows resources to continue to be allocated to the case. Otherwise it would have had to go on the cold case shelf. This way the French government can subsidize the search for the black boxes without getting into the usual Boeing vs Airbus or Air France vs the rest of the world subsidies debate. Granted the money in this case is 20-30M so it is a fraction of the usual sums discussed in the context of Airbus or Air France subsidies, but it is money none the less. Additionally, there are resources you cannot buy officially with money like military vessel involvement. This allows these resources to continue being allocated to the case.

      • by cappp (1822388) on Friday March 18, 2011 @03:36AM (#35527194)
        Found it. Seems the French are tougher than their British neighbours. According to the government memo [google.com] I found the following:

        Articles 131-37 to 131-39 of the Penal Code define ten types of penalty specific to legal entities:8 fine, dissolution (for the most serious offences9), prohibition to exercise certain activities for a certain period (especially for the offences of torture and barbarity10), placement under judicial supervision, closure of the establishment for a given period, disqualification from public tenders, prohibition to make a public appeal for funds, prohibition to draw unauthorised cheques or to use payment cards, and confiscation of the thing used or intended for commission of the offence or of the proceeds of the offence.

        • by mdm42 (244204)

          Can't really see the French government applying any of those against Airbus, can you?

  • The article doesn't say how many engines were on this plane.

    Anyway, what happened is that the software failed and gave bad readings. This seems to be cautionary tale regarding the limits of human engineering, and, of course, it'll always be humans who are doing the engineering.

    It also brings up the scary prospect of problems in the software and sensors of a nuclear power plant.

    • It doesn't *have* to be humans that are doing the engineering, does it? Couldn't we, at some point in the future, have AI performing engineering?

      Granted at this stage of technological process it seems a bit far fetched, but that may not be the case in the future. If computers are driving cars and winning game shows, there could be some point where computers can not only initiate engineering tasks, but solve them and perform QA as well.

      • by Rakishi (759894)

        And then seeing no more need for humans, they'll optimize the whole process by just removing us from existence.

        • by MrEricSir (398214)

          As a resident of California, I lived through the era where the Terminator was elected governor and tried to do this.

          Eight terms later? He was mostly unsuccessful.

      • by nathanh (1214)

        It doesn't *have* to be humans that are doing the engineering, does it? Couldn't we, at some point in the future, have AI performing engineering?

        If a human wrote the AI, then the human performed the engineering, not the AI.

        If you mill a block of steel in a CNC you wouldn't say the CNC did the engineering. Programming the CNC is the hard work; the CNC just did the boring labour.

        Similarly if an AI one day designs and builds a bridge, the human who wrote the AI did the hard work. The AI just did the bo

        • You have to ask though, what if AI improves the AI? Is that different than if a human does it?

          If AI programs are capable of identifying, solving, and verifying the solution to a problem, how is that different than humans doing the same thing?

          Sure, you could say "well that's still the work of humans." But isn't that just as fatalistic as saying that *human* destinies are predetermined?

          • by nathanh (1214)

            You have to ask though, what if AI improves the AI? Is that different than if a human does it?

            An AI is just a machine in abstract form. If an AI "improves" an AI it's not different to a human making a machine to build a machine. The human is still the ultimate cause.

            If AI programs are capable of identifying, solving, and verifying the solution to a problem, how is that different than humans doing the same thing?

            Because the AI only exists within the confines of the programming that the human create

            • by h4rm0ny (722443)

              An AI is just a machine in abstract form. If an AI "improves" an AI it's not different to a human making a machine to build a machine. The human is still the ultimate cause.

              I disagree with that. A man can cause a child, but that doesn't mean that the actions of that child are no different to if the man had done them. Cause is only cause. It does not mean that a piece of code that self-modifies without the continued action of its creator is no different in principle to code that doesn't. That "continued action" is critical to the nature of the thing. When something does not require continual action, we now call that independence.

              Because the AI only exists within the confines of the programming that the human creates. It is therefore only a tool of the human mind

              When code becomes self-modifying, it can go beyon

              • by nathanh (1214)

                I disagree with that. A man can cause a child...

                "Ultimate cause" has a specific meaning in philosophy. It doesn't have the same meaning as "create" or "conceive". A man is not the "ultimate cause" of a child. But a man is the ultimate cause of a machine.

                When code becomes self-modifying, it can go beyond the human mind

                Code can only self-modify within the confines of parameters set by the human programmer. Therefore the ultimate cause of the modified code was the human.

                It's the same as creating a sh

                • by Rakishi (759894)

                  "Ultimate cause" has a specific meaning in philosophy. It doesn't have the same meaning as "create" or "conceive". A man is not the "ultimate cause" of a child. But a man is the ultimate cause of a machine.

                  And as I pointed out in another post the ultimate cause of humans is evolution and DNA. Not a specific individual creator but a creator of sorts nonetheless. We have a cause but you seem to claim we are separate from it, why?

                  • by nathanh (1214)

                    And as I pointed out in another post the ultimate cause of humans is evolution and DNA.

                    And I already replied to you.

                    We have a cause ...

                    A "cause" is not the same thing as "ultimate cause". I've also pointed this out in another post.

                    • by Rakishi (759894)

                      And I already replied to you.

                      Nonsensically. Unless your knowledge of evolution and biology is in fact that lacking but I'm assuming otherwise.

                      A "cause" is not the same thing as "ultimate cause". I've also pointed this out in another post.

                      Then please define "ultimate cause" specifically and exactly. You are arguing semantics without defining it except with vague references.

                    • by nathanh (1214)

                      Then please define "ultimate cause" specifically and exactly.

                      It's a standard term in philosophy. Your ignorance is not my problem.

                      www.google.com.

                    • by Rakishi (759894)

                      I did, google provides ambiguous results none of which are from philosophy. The Stanford Encyclopedia of Philosophy also provides no definition as far as I can tell.

                      So once again, what is the definition you claim for the term? You are being very avoidant of defining what you claim is a simple term.

                    • by nathanh (1214)

                      I did, google provides ambiguous results none of which are from philosophy

                      Ambiguity is a defining characteristic of philosophy.

                    • by Rakishi (759894)

                      No, the attempt to remove ambiguity is the defining characteristic of philosophy. Specifically, one finds the source of ambiguity (the axioms or definitions that do not agree) and attempts to see if they can be shown as invalid.

                      Assuming one is of a logical mindset and uses said logical mindset when performing philosophy. That is considered the proper mindset last I checked except for frat boys taking philosophy classes for easy As.

                      So you are in fact saying the definition is whatever you want it to be so tha

                    • by nathanh (1214)

                      So you are in fact saying the definition is whatever you want it to be so that it says you're right and any attempt to argue otherwise you'll simply say you meant a different definition of the term?

                      Yes, you've got me, your dazzling intellect has uncovered my shoddy logic. I am actually a moon child who believes that my soul is formed in the hearts of the atom-god, and "ultimate cause" is actually the name of an anti-evolution cabal, of which I am the grand zombie. Our mission is to destroy philosophy wi

                    • by Rakishi (759894)

                      Amazing, you can make interesting posts that don't make you look like an Eliza script. I was afraid I'd utterly misjudged you. Now if only you could have them be 80% content instead of 100% sarcastic junk.

                      Seriously, I ask you to define your argument more precisely and not be pointlessly enigmatic and this is your response? I figured you actually had an argument somewhere in there, well balls to that it seems.

                      So yeah, go and wank off to your lovely sarcastic and utterly worthless rebuttal to me. I suspect yo

                    • So is arrogance it seems.
                    • by avgjoe62 (558860)

                      I was hoping for an decent intelligent discussion where I'd learn something...

                      You don't hang around these parts much, do you? ;-)

                    • by h4rm0ny (722443)

                      Ambiguity is a defining characteristic of philosophy.

                      Ambiguity is not a defining characteristic of philosophy. You don't read Karl Popper's 'The Logic of Scientific Discovery' and say: "this is not ambiguous, therefore it is not philosophy', or conversely say 'this is ambiguous and therefore may be philosophy'. A 'defining characteristic' is a characteristic which helps distinguish whether something falls into a category or not. And ambiguity is not such a characteristic of philosophy. Indeed philosophy strives to avoid ambiguity in all cases I can currently

                    • by h4rm0ny (722443)

                      Yes, you've got me, your dazzling intellect has uncovered my shoddy logic.

                      Uncovered? More like scaled it and sat on it!

                • by h4rm0ny (722443)

                  Code can only self-modify within the confines of parameters set by the human programmer. Therefore the ultimate cause of the modified code was the human.

                  Which completely misses the point that my post was entirely showing that "cause" was not a limiting factor. Your notion that something must be bounded by its originator would suggest that mankind must still be grubbing for roots in forests because no generation can develop beyond the capacities of the previous.

                  It was explained simply, and thefore I can't do much more than repeat or re-phrase it: dead code can only change in accordance to the people that create it, therefore exists within the bounds of th

                • by timeOday (582209)

                  "Ultimate cause" has a specific meaning in philosophy.

                  What is that meaning? "Ultimate cause" implies something that does not itself have a cause, which makes no sense.

                  IMHO the reason humans tend to attribute ourselves as the "ultimate cause" of things is very simple: 1) we're egocentric, and 2) we don't understand ourselves.

        • by Rakishi (759894)

          By that logic the human didn't do anything either. Humans are after all in the end just some DNA. No different from that AI.

          • by nathanh (1214)

            By that logic the human didn't do anything either. Humans are after all in the end just some DNA.

            Dawkins says something similar in the Selfish Gene.

            • by Rakishi (759894)

              Not really. I simply pointed out that everything we are is written in our DNA and that DNA was created by a specific process. We are machines created for a purpose.

              So by your logic the AI and humans are the results of the evolutionary process which created humans. That process is in turn the result of the physical parameters of the universe. We're not quite sure what that is the result of but the specific parameters are quite likely random (cue anthropic principle). Which in turn means the whole argument ha

              • by nathanh (1214)

                Not really. I simply pointed out that everything we are is written in our DNA and that DNA was created by a specific process. We are machines created for a purpose.

                As I said, Dawkins makes a similar argument in the Selfish Gene.

                So by your logic the AI and humans are the results of the evolutionary process which created humans. That process is in turn the result of the physical parameters of the universe. We're not quite sure what that is the result of but the specific parameters are quite likely rando

                • by Rakishi (759894)

                  As I said, Dawkins makes a similar argument in the Selfish Gene.

                  No, that's the argument made by every biologist out there. It's called evolution.

                  Dawkins was merely pointing out specific quirks of evolution and what drives it (propagation of genes rather than individuals of a species). He didn't make an argument but simply popularized various scientific theories.

                  So are you in fact denying evolution? If so then in what way? What's your counter-argument to my claim other than saying "Dawkins said something similar"?

                  Except for the last sentence (which is a non-sequitir) you are talking about determinism. Which as I've already said, is a question we are unlikely to have answered in our lifetimes.

                  Sigh, so basically you're arguing that humans have a soul

                  • by nathanh (1214)

                    No, that's the argument made by every biologist out there. It's called evolution

                    If you haven't read Dawkin's Selfish Gene you really should. It's an excellent book.

                    Dawkins was merely pointing out specific quirks of evolution and what drives it

                    Because it's quite clear you haven't read it.

                    So are you in fact denying evolution?... so basically you're arguing that humans have a soul ... please don't tell me you're one of those who believes in atom level human identical philosophical zombies.

                    Now you

                    • by Rakishi (759894)

                      If you haven't read Dawkin's Selfish Gene you really should. It's an excellent book.

                      Because it's quite clear you haven't read it.

                      I've read, been a while, it's an old book and most of it I've seen in other places long before I read it. Unlike you I have in fact studied biology more deeply than reading one forty year old book. So, again, your point being?

                      That is all immaterial to the simple fact, which is all I mentioned, that humans are the end result of evolution which function at the level of DNA. Nothing to do with Dawkins but simple biology. You are muddying the argument. Either answer my point directly or admit you have no counte

        • Then it is not an AI in the sense of the word, but only an expert system.

          An AI as the mere mortal understands it is a "conscious" thing as intelligent as a human and knowledgeable in certain things. That does not imply that the crafter of the AI has any knowledge about the things the AI has.

          Your claim is like claiming that Boris Becker never won Wimbledon because he was trained/coached by Ion Åiriac, so the true winner of Wimbledon is Tiriac, sorry, that is bullshit.

          angel'o'sphere

          P.S. granted ... we ha

      • by h4rm0ny (722443)

        It doesn't *have* to be humans that are doing the engineering, does it? Couldn't we, at some point in the future, have AI performing engineering?

        Well once, we programmed in Assembly. These days people are doing things in Python and so much is happening automatically to turn their generic hand-waving into stuff the processors can understand that it boggles the mind. You're just talking about climbing up the tree a little further. The question, as usual, is how to precisely define your problem. I could formally specify a design in Z that was mathematically proven to be correct and design a comprehensive test suite to check adherance. Of course the tes

      • by ghjm (8918)
        With current technology or any plausible extension of current technology, it will remain impossible for an automated system to troubleshoot its own failure. So these future computers will certainly be able to perform many tasks related to design, engineering, production and QA. But if anything goes wrong, you will still have to bring in humans. ...barring an as-yet-unknown breakthrough in AI technology, of course.
    • by acid06 (917409)
      It says it's an A330, a quick Wikipedia search will give you the answer you want.

      By the way, they don't know what happened. They never found the black box or anything like that. So no scaremongering regarding "limits of human engineering", please. The first suspect is and always will be pilot error or mechanical failure (or a combination of the two).
      • by GooberToo (74388)

        The problem with "pilot error" determination is that maybe 50% (made up number of large percentage is accurate) of the time, it actually has absolutely nothing to do with the accident. Pilot error is sort of a catch-all for, "we have no fucking clue what happened and feel we must explain the crash if possible so pilot error is as good as any. Not to mention its very believable."

        • The problem with "pilot error" determination is that maybe 50% (made up number of large percentage is accurate) of the time, it actually has absolutely nothing to do with the accident. Pilot error is sort of a catch-all for, "we have no fucking clue what happened and feel we must explain the crash if possible so pilot error is as good as any. Not to mention its very believable."

          While I agree that "pilot error" can be a catchall it's often a proximate cause of the accident. Poor design or environmental factors can be major contributor, but in modern accidents human (i.e pilot) actions often worsen the situation or create it in the first place - hence "pilot error."

          For example - attempts to land in bad weather rather than divert, especially when it's the second or third attempt. Or the NYC crash where the co-pilot overstressed the rudder which came off. Pilot's turning engines off

        • by jamesh (87723)

          The problem with "pilot error" determination is that maybe 50% (made up number of large percentage is accurate) of the time, it actually has absolutely nothing to do with the accident. Pilot error is sort of a catch-all for, "we have no fucking clue what happened and feel we must explain the crash if possible so pilot error is as good as any. Not to mention its very believable."

          Based on what i've read it seems that the airspeed inputs went bad, causing the computer to throw it's hands in the air and say "I can't do this. You fly it", and it did so in the middle of a fairly big storm. Given that the pilots relied to some extent on the same sensors as the computer (looking out the window to try and gauge your speed doesn't really help when the horizon, stars, and ground aren't visible), the outcome was likely to not be good.

          So in this case it's pilot error because the pilot was in c

        • In this particular crash it is speculated that the speed meter was the problem/cause for the crash.

          Speed is measured with a tube, where the fair wind/slip stream creates pressure. Higher pressure -> higher speed.

          The particular speed meters in that plane where known to make trouble. They had the tendency to accumulate ice, narrowing the diameter of the tube.

          So the speed meter measured a to low speed.

          A possible cause for the loss of this plane is that the autopilot or the pilot decided to go into a steep d

          • by acid06 (917409)
            As you've said - it's speculation. Lately the media has be trying to speculate about a lot of things they shouldn't. They should report the news, not try fabricate the missing bits of news.
      • By the way, they don't know what happened. They never found the black box or anything like that.

        Actually they do have something "like that". The aircraft computers automatically sent diagnostic messages including alerts of various system failures to Air France via satellite. Think of it as text messages. I believe these messages document pitot tube flight data failures and the disengaging of autopilot and autothrust systems. This led investigators to construct reasonable theories of loss of control and to replay these failures in a flight simulator to evaluate crew responses and standard procedures.

    • Re:Double engine? (Score:5, Informative)

      by zonky (1153039) on Friday March 18, 2011 @02:21AM (#35526910)
      Operating too close to limits has long been the suggestion: http://trueslant.com/milesobrien/2009/06/08/the-coffin-corner-and-a-mesoscale-maw/ [trueslant.com]
      • Likely the final cause of the crash was a helmet fire [wikipedia.org].
        • Re:Double engine? (Score:5, Interesting)

          by MichaelSmith (789609) on Friday March 18, 2011 @03:12AM (#35527088) Homepage Journal

          I work as a software engineer in Aviation and I have done some user interface design work on air traffic control systems. One problem I see in many domains is a kind of cascading call for attention. Over time the people who specify the system look for new ways to attract the attention of the user. Usually this happens in the context of addressing a specific problem such as user X failed to recognise condition Y for Z seconds and the solution is to make the condition Z warning flash yellow for N seconds. Okay so thats that problem addressed (but not solved) but now condition Q s is being missed while the warning for condition Z is up so we had better make that warning red and so on.

          I ride a bicycle to work. We get all sorts of patches to the environment which increase the cognitive load on bike riders, for example:

          1. Left lane left turn only bicycles excepted
          2. Bus lane, bicycles permitted where signed
          3. Bicycle lanes colored in green at "attract attention"
          4. Bicycle lanes delineated with tactile edging which by the way is deadly in the wet
          5. Five or six types of bicycle lanes depending on where you are
          6. ..and so on

          You see everybody has their own little local solution but tracking and learning about them takes a lot of cognition.

          My wife bought a new car recently. I wanted her to get a Honda civic hybrid and we test drove it but we settled on a VW Jetta. The Honda has a mess of colored LEDs around the instrument panel. The VW has a little monochrome LCD screen. Thinking about it later I can see that a lot of thought about UI design has gone into the VW. It is a very cool car to drive in the sense that it keeps out of the drivers way as much as possible. It doesn't grab your attention. The lights and wipers are automatic. Thats two jobs you don't have to worry about for a start. The interior looks as dull as hotblack's stunt ship but it draws your attention to stuff you need to know about and little else. Its like a well designed ATC UI. The way they used to be.

    • by Rakishi (759894)

      Your point being? Everything has risk in it and it's always a question of where the failure prone human is. At a desk writing a program is one of the safer places.

      The alternative in this case is to give more power to human pilots who historically are the leading cause of plane crashes. So yeah, the engineered solution may occasionally fail horribly but all the times it doesn't it prevents an even larger number of horrible failures.

    • by GooberToo (74388)

      Anyway, what happened is that the software failed and gave bad readings.

      Before everyone jumps on the anti-AirBuss bandwagon, its important to remember, Boeing has had many such failures resulting in many, many deaths. Their hydraulic failure caused reverse rudder output from its given input. So for example, a pilot would apply a modest amount of right rudder, which would cause the plane to roll left. That's backwards in case you don't know. The pilot would then attempt to compensate for the reversed roll by apply yet more right rudder. The plane would then roll more rapidly lef

    • What? The A330 [wikipedia.org] series has two engines.

      Every once in a while we discover a new problem on airplanes. Normaly people use that discover to make the planes safer, and normaly there isn't an accident when the discover is made. There wasn't an accident when people discovered this problem at the A330. But, unfortunately, due to the result of some risk analysis, Airbus didn't use the discover to make the plane safer, altough some countries oblied the A330 owners to fix the problem. If the plane was brazilian, it wo

    • by Rich0 (548339)

      I don't think the bad readings originated in a software failure. The sensors froze up - so any airspeed indicator design would have bad readings. The computer just pointed out that they were bad, disconnected the autopilot, and gave the pilots full manual control of everything with no safeguards (since the computer knew that it couldn't do a better job than a pilot).

      The pilots failed to notice that their throttle was too low. This may have been exhasperated by the airbus throttle control design, although

  • It seems that this is more a way to get the company to recover the black box and/or answer what really happened to cause the plane to crash.
    It has to be, because they don't even know what caused it.
  • by $RANDOMLUSER (804576) on Friday March 18, 2011 @02:33AM (#35526962)
    NOVA ran an episode [pbs.org] recently about the all manner of crazy coincidences piled on top of each other - one storm hiding behind another, supercooled water plugging all the pilot tubes, fly-by-wire software that wasn't quite ready for a "no airspeed" input, pilot tube upgrades scheduled but not yet performed...

    Sometimes airplanes crash. Proving criminal (I'm assuming negligence) behavior is going to be tricky, at least until they find the black boxes and can prove what caused the crash.
    • by Rich0 (548339)

      The software issue is obviously going to be a big one here. The logic in the design was that in the absence of reliable input the autopilot should do nothing, and the fly-by-wire should accept any manual input and not try to override the pilot, since this could not be done reliably.

      I'm not sure there was really any safe alternative. You don't want a computer overriding the pilot when the machine has no idea what the airspeed is, and at least the pilot can tell if the wings are about to be ripped off or wh

  • by FlyingGuy (989135) <`flyingguy' `at' `gmail.com'> on Friday March 18, 2011 @02:50AM (#35527024)

    This is the result of a computer controlled fly-by-wire airplane having a cascade failure.

    Glass cockpits are pretty and they really take a load of the pilot for a lot of things, but there is such a thing as to much of a good thing

    If it is every factually determined what little chunk of silicone or line of code brought airplane down it will be studied in depth and hopefully they designers will learn something. But one thing is clear, in their rush to make everything digital and get those damn pesky analog instruments the hell out of there, they have taken away many of the pilots most reliable tools to do the one thing they are there to do which is fly the fucking airplane!

    There are two ways to fly an airplane, by reference to the ground or using instruments.

    In the middle of the night, over the ocean, in a storm you do not have reference to the ground so you have to use your instruments, that is if they work.

    To keep a plane in the air, without reference to the ground / horizon a pilot needs a very few things and the are:

    • Attitude Indicator aka an Artificial Horizon
    • Altimeter
    • Air Speed Indicator

    Now even without an airspeed indicator, most or the presumptions were a frozen and clogged pilot tube, you can still get a good clue about airspeed with nothing more then throttle setting. The attitude indicator tells you climb and dive left or right bank and the altimeter is obvious. With everything else dark, a pilot should be able to keep a plane in the air.

    My educated guess is that when the whole interconnected and interdependent system went down they lost the ability to control the engines and the ability to move the aircraft's control surfaces and after that it was just over.

    This is why Boeing for years always ran a hybrid system. The basic control over the airplane was not interdependent on anything and were separate systems that would accept input from the flight computer and make things like autopilot and all that possible while still keeping everything independent from all the other systems. It made for a pain in the ass system but the flight computer taking a shit would not keep the pilot from controlling the engines or other critical systems.

    Unfortunately pilots listened to anymore and neither are engineers. MBA's are running airlines now and all they care about is reducing the head count, cramming more people into the planes and increasing the buck made per mile so they can get 8 figure salaries. This is why Boeing's trusted and proven hybrid system is in it's last throws or is gone completely because AIRBUS sells the bling baby and no CEO wants to be caught short on bling baby!

    • This issue has nothing to do with fly-by-wire or glass cockpits, it has everything to do with false and misleading information being presented while the aircrew is in a situation where they cannot easily determine that said information is false, nor determine the correct information.

      Take for example Birgenair Flight 301, a Boeing 757 (which is non-FBW, non-glass cockpit - a traditionly controlled aircraft in every sense of the word) - during a routine wash before the flight took off, a ground crew member taped over the pitot static ports to prevent damage. However, he never removed the tape before handing the aircraft over to the air crew, and they never spotted it during their preflight walk.

      The aircraft took off, but it wasnt untila couple of minutes into the flight that the errors in the information compounded themselves, resulting in errant readings being presented to both the pilots and the autopilot - the autopilot eventually gave up and disconnected, and the pilots could not orientated themselves even when presented with obviously wrong information (their airspeed indicators gave a speed of 200 KIAS and falling, even with increased application of throttle).

      5 minutes into the flight, the aircraft crashed into the sea.

      The flight was a night flight - the aircrew had no external points of reference to fix on, and thus could not orientate themselves as to the correct pitch, yaw or speed of the aircraft. They were essentially doomed once they took off.

      This Airbus crash is very similar - a pitot static system with known flaws (already identified by Airbus and due to be changed out by Air France) failed at a time when the aircrew had no external reference points (they were in a dense storm front, they had no horizon or other reference points) and the computer systems gave up.

      Note that even with Airbus aircraft, the computers can be overridden - and they themselves know when they are talking bollocks, and will regress into various modes of flight control assistance. One of the messages given out by the aircraft over the maintenance link was that the aircraft systems had regressed into Direct Law - or in other words, the computers took themselves out of the decision making process and started acting as a direct messenger between the control inputs by the pilots and the flight surfaces.

      Your "Boeings system is trusted and Airbuses is not" is common fud and bullshit in the aviation industry and the aviation enthusiast following - its not absolutely no basis in fact and Airbuses control system can fail safe in just the same way as Boeings - the difference is that in standard control law (Normal Law), Airbus provides several flight protection measures, including alpha protection, bank protection and airframe stress protection. Boeing also provide these, but to a lesser extent - however, both systems can either fail back to or be deliberately put into a direct stick-to-surface control mode.
      • by CaptainZapp (182233) on Friday March 18, 2011 @03:35AM (#35527190) Homepage
        Yeah, the plane that Captain Sullenberger landed on the Hudson without any engines didn't have a glass..

        Er, wait!

        That was an airbus 320, er, nervermind.

        But the GP's icing on the cake is the introductory statement:

        This is the result of a computer controlled fly-by-wire airplane having a cascade failure.

        Er; right. Theories abound and nobody has any hard facts, except, aparently, the GP dude.

        Sounds like a Boeing shill to me.

        • There was a cascade failure - the aircraft was sending maintenance messages to its maintenance base at the time of the crash, which told Airbus quite a bit of information, including the fact that the computers had decided to exclude themselves from decision making (which is extremely serious).

          Another thing to note is that the Hudson A320 was still in Alternate Law when it ditched (none of the failures were severe enough to push the computers to take themselves out of the loop, and neither pilot took the measures necessary to do that manually) - the pilots had assistance from the computers to land the aircraft and they still managed to land their plane safely! How could that be if the Airbus system is so unsafe?
      • by tweak13 (1171627) on Friday March 18, 2011 @04:48AM (#35527522)

        the aircrew had no external points of reference to fix on, and thus could not orientate themselves as to the correct pitch, yaw or speed of the aircraft.

        Bullshit.

        Let's assume a complete and total failure of the pitot static system. That takes out 3 instruments: airspeed, altimeter, and vertical speed indicators. Everything else would be fine. Yes, it's true they had no direct measure of the aircraft's speed but they still should have had a working attitude indicator. That would have given them pitch and roll information, and I'm sure there would have been at least some form of skid/slip indication which would have provided yaw information. Engine instruments should have also continued to work normally.

        Now, let's talk about how the information they had was enough to keep them alive even in zero visibility. Since their engine instruments were indicating normal performance, and they had pitch and roll information from the attitude indicator, all they needed to do was place the aircraft in a typical climb attitude. This would have resulted in a normal climb, with an airspeed indication that was decidedly not normal.

        At this point, it's up to the pilot to decide which of the instruments depicting this impossible situation are wrong. Their situation was also complicated by altimeters that were also not indicating correctly, but the method of resolution should still be the same. Increase throttles to climb power, maneuver the aircraft to a normal climb attitude, then troubleshoot. The pilot's reliance on the least reliable instruments and fixating on them rather than try to use secondary indications of the aircraft's speed (cockpit noise, control surface responsiveness) were what caused that crash. They were in a bad situation, but were in no way "doomed once they took off."

        I've personally experienced an airspeed indicator failure while at the controls of a light aircraft at night. Mine was caused by a failure of the instrument itself, but it was still the only direct speed indication in the cockpit. Shortly after takeoff, the airspeed indicator suddenly stopped increasing. I pitched down to accelerate, but saw no change in the gauge. It became clear that it was impossible for me to have pitched down so far and not increased speed, so I checked the other instruments and found I was in a shallow dive and actually losing altitude. I returned the aircraft to what I knew to be a standard climb attitude and returned to the airport without incident. In the beginning, I was far too focused on the failed airspeed indicator, and should have not let things escalate to the point that I was slowly descending at low altitude. I certainly understand how it's tempting to focus in on that and not step back and consider the big picture, but it's what needs to happen in such a situation.

        • I haven't' flown big planes really. But the little planes i fly, all the instruments (gyros etc so turn indicator and artificial horizon) are all run from air from pilot tube. If all pilot tubes where blocked, I would only have a altimeter --but then again on the one larger aircraft I was in, that used a hole on the side of a pilot tube (pressurized cabin) as well.
          • by Rary (566291)

            But the little planes i fly, all the instruments (gyros etc so turn indicator and artificial horizon) are all run from air from pilot tube.

            Are you sure about that? In the little planes I fly, the gyros are powered by air from a vacuum pump, not the pitot tube. This means you can lose the entire pitot-static system and still have an attitude indicator, turn coordinator, and heading indicator. It would not be wise for all instruments in the six-pack to be powered by the same system.

          • by Rich0 (548339)

            I think you're mixing up pitot vs vacuum air.

            The pitot is an external sensor, that is only needed for speed-related measurements. Closely related is the static air sensor which usually gets lumped in which is needed for altitude and speed measurements. You can lose one without the other, and on a sophisticated aircraft I suspect the instrumentation will give the pilot as much info as it can.

            Vacuum air powers SOME of the gyros - it is more of a power source than anything else. Usually the attitude indicat

          • by FlyingGuy (989135)

            Turn in your pilot certificate or go back an re-read your POH before you get behind the controls again for god sake.

            Attitude indicator is run off vacuum which is why there are electrical, static and vacuum operated instruments, hence the term and ability to fly IFR with a partial panel!

        • Even if you as a pilot have some clue, I would not start a post with "Bullshit".

          You flew a one engine propeller machine I asume? With what speed? 150 - 200 nautic miles?

          The airbus in this case flew roughly 500 nautic miles.

          So if you have airspeed indicator failure you can not cause your plane to fly to fast ... as your engines and propeller simply don't have the power for that. More interesting: you realized you have an airspeed indicator failure.
          The airbus pilot likely did not realize he had an airspeed in

      • by JamesP (688957)

        I'm not sure if Birgenair or another similar crash caused by a wasp nesting inside a pitot tube made the message "IAS disagree" mandatory.

        Anyway, that's why when you block a static or pitot port there's a BIG RED TAPE on the protection

    • by Jester99 (23135) on Friday March 18, 2011 @03:21AM (#35527136) Homepage

      There was a NOVA episode about this crash (an earlier commenter linked to it, but here it is again: http://www.pbs.org/wgbh/nova/space/crash-flight-447.html [pbs.org]).

      I won't go into the findings of the NOVA team, but I will point out that your educated guess is completely wrong.

      The airbus does have a considerably more advanced and automated autopilot system than Boeing provides. However, that only is engaged during "Normal Law" flight. When any of the sensors on the plane detect a fault, an alarm chimes, and the system informs the pilot that "Alternate Law" is engaged. In Alternate Law mode, the pilot is allowed to use the full control capabilities of the plane, not the restricted range that the sensors believe to be safe.

      After alternate law engaged, the pilot can control the engines, and all control surfaces to whatever degree of capability he'd like. The plane in question definitely switched to Alt. Law mode; this fact was radio broadcast back to the Airbus HQ shortly before the plane disappeared. There's a high probability that the pilot was mislead by weather radar readings that said that he could shoot through a "hole" between two storm clouds, but which masked the fact that there was a third (much larger) storm further beyond. Once he was stuck in the middle of all those storms, it was game over.

      The pilot and the passengers were not at the mercy of an autopilot that refused to allow corrective action; it is probable that bad data presented to the pilot did not allow him to correctly act.

      • Just a note on your comment - Airbus aircraft have several levels of control law:
        1. Normal Law - the every day flight is done under this set of laws
        2. Alternate Law - there are two alternate laws which apply, both of which have decreased level of protections but the flight computers are still in control
        3. Direct Law - this is the law where a pilot has direct control of everything through the flight computers, no protections are given
        4. Mechanical Law - the flight computers are completely out of the loop, pilot inputs
    • Now even without an airspeed indicator, most or the presumptions were a frozen and clogged pilot tube, you can still get a good clue about airspeed with nothing more then throttle setting.

      Except angle of attack controls airspeed, not the throttle. Throttle controls altitude.

    • by subreality (157447) on Friday March 18, 2011 @06:17AM (#35527932)

      This is common objection to flight envelope protection systems. People's gut reaction is that in an emergency, they'd rather be in total control than have some computer "interfering" with them. But the statistics are on the other side: Pilot error is more common than computer error.

      China Airlines Flight 006 [wikipedia.org] is a prime example. They had a mechanical failure, and while the flight crew was distracted, the plane ended up in an ugly dive. They pulled it out after exceeding 5 Gs, badly damaging the airframe, and losing a considerable amount of altitude. Manual-control advocates say this is a good example of why you don't want a computer imposing limits on you - they had to do drastic things to save the plane. I disagree - if they were flying an Airbus, the computer would have prevented the situation from ever occurring.

      The second argument in favor of flight envelope protection is that it actually enables the pilot to push the plane harder in an emergency. Consider this scenario: you're landing in low visibility, still a good ways out. Everything looks fine, but as you break out of the clouds, holy crap there's a skyscraper. You have a split second to evade it. With mechanical controls, you have to roll hard, but not *too* hard, or you'll ( break the plane | spin | exceed max angle of attack | etc). In a modern Airbus, you slam the stick over, and the plane will roll as fast as it can within its mechanical limits. Perhaps that's not as fast as an experienced military pilot could in a familiar plane which they regularly take to its limits, but a commercial pilot probably hasn't been over 2 Gs in a while, and in that split-second emergency, the computer will let them fly it harder than they ever could on their own.

      So it's time for a car analogy. I have two cars I drive regularly: one has antilock brakes; the other does not. The mechanical limits are similar: light cars, good sticky tires, brake pads with plenty of bite, etc. On a good day, my stopping distance is similar between them, +/- a meter. But I've been put in emergency deer-avoidance situations with both cars on multiple occasions. In the ABS car, that means stomp on the brakes, burn off as much speed as possible in a straight line, and swerve at the last minute once the deer's finally decided which way to dart. In the non-ABS car, I'm pretty good at braking on the track, but both times it's been for a deer, my response was the same: ease into it, feeling where the limit is; crap locked up a wheel, let go for a moment and ease back into it to try to get just shy of the limit again; and occasionally letting off to steer early, because my ability to manage my grip budget is too taxed to get it perfectly right at the last minute. I haven't hit a deer yet - but that's only because I drive the non-ABS car slower.

      The difference is very noticeable: when taken by surprise, the computer can stop faster than I can, AND it lets me focus on the situation instead of the limits of the machine. I believe the same is true for flight control systems, and statistics agree: they prevent more accidents due to pilot error than they cause due to computer malfunction. Note that there's not much difference between Airbus and Boeing these days, but Airbus pulled ahead in safety until Boeing started equipping their planes with flight envelope protection systems. Both brands are considerably safer than they were in the full-manual days.

    • by perpenso (1613749)

      Now even without an airspeed indicator, most or the presumptions were a frozen and clogged pilot tube, you can still get a good clue about airspeed with nothing more then throttle setting.

      IIRC this particular aircraft does not reposition the manual throttle controls as the autopilot changes thrust. I can not image why it is designed to work in this manner. There is a theory that while maneuvering to avoid weather the autopilot reduced thrust below what the levers were visually indicating.

    • by necro81 (917438)

      If it is every factually determined what little chunk of silicone...brought airplane down it will be studied in depth and hopefully they designers will learn something.

      Yes, I hope they will learn that humungous, unrealistic breast implants can be distracting.

      Or did you mean silicon [google.com]?

    • by Rich0 (548339)

      I don't think this is a glass cockpit issue.

      If your pitot tubes freeze, your airspeed will be wrong, period. In fact, a glass cockpit lets the computer factor in input from multiple sources and provide the pilot with the best indications possible given the sensor data available. It could also detect an unreliable airspeed and just red out the display or strongly hint at unreliability to help avoid confusing the pilot. A conventional gauge just gives a reading most of the time (maybe with a big X dropping

  • by RzUpAnmsCwrds (262647) on Friday March 18, 2011 @07:11AM (#35528212)

    It appears that the A330's software works fine. The indications and reversions that the software reported over the data link are consistent with a mechanical failure (possibly caused by freezing) of the Pitot-static system.

    Without airspeed data the A330's autopilot and auto throttle disengaged, and the flight control system reverted to a mode known as "Alternate Law" where most of the restrictions are eliminated. We know that this happened because the aircraft reported it over the data link before the crash.

    The unfortunate reality is that the reversionary modes on the Airbus flight control system are dangerous because they tend to occur at the worst possible times - when there are multiple sensor or computer failures or when the sensors give readings that are outside the operational limits of the control system. In this situation the flight crew has to react quickly and they are often faced with inadequate, contradictory, or confusing instrument readings.

    It is possible to maintain a safe airspeed in an Airbus without the Pitot-static system. The problem is that the pilots need to notice the issue (loss of airspeed data) and react before things get out of hand. It appears that the Air France pilots were unable to do so.

  • That's all very well and good, but shouldn't this be a civil matter, not a criminal one? Especially since there is no evidence of gross negligence on the behalf of Airbus?

When I left you, I was but the pupil. Now, I am the master. - Darth Vader

Working...