Forgot your password?
Bug Transportation

Investigators Suspect Computers Doomed Air France Jet 403

Posted by timothy
from the scary-thought dept.
DesScorp writes "Investigators working with the wreckage of Air France flight 447 believe the aircraft suffered cascading system failures with the on-board computers, eliminating the automation the aircraft needed to stay aloft. 'Relying on backup instruments, the Air France pilots apparently struggled to restart flight-management computers even as their plane may have begun breaking up from excessive speed,' reports the Wall Street Journal. Computer malfunctions may not be an isolated incident on the Airbus A330, as the NTSB is now investigating two other flights 'in which airspeed and altitude indications in the cockpits of Airbus A330 aircraft may have malfunctioned.'"
This discussion has been archived. No new comments can be posted.

Investigators Suspect Computers Doomed Air France Jet

Comments Filter:
  • by Anonymous Coward on Sunday June 28, 2009 @08:17AM (#28503125)

    It is possible that you are at stall speed and moving several hundreds of km per hour in relation to the ground according to your GPS.

    The winds are very strong higher up and if you're in a tail wind, the above scenario is very possible.

  • by Rattenhirn (1416947) on Sunday June 28, 2009 @08:20AM (#28503143)

    Have you thought this out? Why would flying into a headwind speed up the plane? Just sayin'...

    It doesn't speed up, it just faces as much air resistance as it would face flying 150 mph with no wind. That's a quite significant value if you want to figure out if your plane is going to break apart or not...

  • Re:Suspect?.... (Score:5, Informative)

    by UnknowingFool (672806) on Sunday June 28, 2009 @08:21AM (#28503153)

    I think you both are thinking of the FAA. The whole purpose of the NTSB is to research and investigate civil transportation accidents. They then present their conclusions and recommendations to the regulating authority in that industry. For the airline industry, the FAA then has to implement any recommendations. For the most part, the FAA does not always implement all the recommendations due to cost, business concerns, practicality, national concerns, politics, etc.

    In this case, the black boxes have not been recovered and it might be very difficult to pinpoint a cause without them. But the NTSB knows of similar cases that may have occurred in the US that did not lead to accidents. If there job wasn't to ensure that the fleet of aircraft in the US is safe, they may just sit on their asses and do nothing. But it is their job to ensure safety so they will investigate whether this might have led a situation similar to the Air France flight. They will probably share their data with Air France, the Brazilian authorities, Airbus, the FAA, etc when the investigation is concluded.

  • by MichaelSmith (789609) on Sunday June 28, 2009 @08:23AM (#28503165) Homepage Journal

    A GPS recorded speed of 100mph, into a 50mph headwind = 150 mph airspeed.

    Have you thought this out? Why would flying into a headwind speed up the plane? Just sayin'...

    Lets say the pilot wants to fly at 500 knots AIS (Indicated Air Speed). They set ground speed to 500 knots with GPS but the air is going the other way to 100 knots. Airspeed is now 600 knots.

  • by rrossman2 (844318) on Sunday June 28, 2009 @08:25AM (#28503183)

    it doesn't speed up the plane... but the plane is moving 150 mph compared to the air. That's air speed.

    Let's reverse it.. A plane must travel so fast to stay in the air.. let's say 130mph to keep things sane. So if you have a plane flying at 140mph with no wind any direction, the plane will stay up. That same plane could slow to 125mph with a 15mph headwind, and still stay up since in effect the plane is "traveling" at 140mph. Now if there was a TAIL wind of 15mph while the plane was flying at 125mph, the effective speed of the plane would only be 110mph and it wouldn't be able to stay up, it would stall.

  • Re:Suspect?.... (Score:4, Informative)

    by dhovis (303725) * on Sunday June 28, 2009 @08:49AM (#28503351)

    Actually, the NTSB should be involved in this investigation. I think you can get up to 5 organizations joining to investigate a crash.
    1) Country of Origin (Brazil)
    2) Country of Destination (France)
    3) Country of Carrier (France)
    4) Country of Airframe Manufacturer (France/Germany/EU)
    5) Country of Engine Manufacturer (US)

    Notice that #5 was US. The engines on the plane in question were GE.

  • Design Philosphy (Score:5, Informative)

    by Old Sparky (675061) on Sunday June 28, 2009 @09:02AM (#28503457)

    Scary stuff.

    The Wall Street Journal article oversimplifies the problem with the Airbus
    design philosophy. In effect; Too Damn Much reliance on the automated flight
    control system for basic safety-of-flight.

    A prime example?

    Rudder hinges.

    Airbus has notoriously []
    underbuilt the rudder hinges on the A300 (and, no doubt, the A330) in the
    interest of lightness and efficiency. They have chosen to rely on the
    automated flight control system to limit loads on the structure, instead of
    building the necessary robustness into that structure.

    This is great when flight conditions are all peachy, but in a thunderstorm, at
    night, with sensors (iced-up pitot tubes?) that are prone to failure, well
    then you have a failure scenario that the designers never built into their
    simulations, and the rescue/recovery teams in the south Atlantic find the
    rudder 37 miles from the rest of the wreckage.

    Forwarded from a colleague (names redacted);

    >> This from a friend and NWA pilot I flew the B-757
    >> with out of our Tokyo base.........Now obviously on the A-330
    >> Well, I'm sure you have all heard of the Air France accident. I fly
    >> the same plane, the A330.
    >> Yesterday while coming up from Hong Kong to Tokyo , a 1700nm
    >> 4hr. flight, we experienced the same problems Air France had while
    >> flying thru bad weather.
    >> I have a link to the failures that occurred on AF 447. My list is
    >> almost the same.
    >> []
    >> The problem I suspect is the pitot tubes ice over and you
    >> loose your airspeed indication along with the auto pilot, auto
    >> throttles and rudder limit protection. The rudder limit protection
    >> keeps you from over stressing the rudder at high speed.
    >> Synopsis;
    >> Tuesday 23, 2009 10am enroute HKG to NRT. Entering Nara Japan
    >> airspace.
    >> FL390 mostly clear with occasional isolated areas of rain,
    >> clouds tops about FL410.
    >> Outside air temperature was -50C TAT -21C (your not supposed to get
    >> liquid water at these temps). We did.
    >> As we were following other aircraft along our route. We
    >> approached a large area of rain below us. Tilting the weather radar
    >> down we could see the heavy rain below, displayed in red. At our
    >> altitude the radar indicated green or light precipitation, most
    >> likely ice crystals we thought.
    >> Entering the cloud tops we experienced just light to moderate
    >> turbulence. (The winds were around 30kts at altitude.) After about
    >> 15 sec. we encountered moderate rain. We thought it odd to have
    >> rain streaming up the windshield at this altitude and the sound of
    >> the plane getting pelted like an aluminum garage door. It got very
    >> warm and humid in the cockpit all of a sudden.
    >> Five seconds later the Captains, First Officers, and standby
    >> airspeed indicators rolled back to 60kts. The auto pilot and auto
    >> throttles disengaged. The Master Warning and Master Caution
    >> flashed, and the sounds of chirps and clicks letting us know these
    >> things were happening.
    >> The Capt. hand flew the plane on the shortest
    >> vector out of the rain. The airspeed indicators briefly came back
    >> but failed again. The failure lasted for THREE minutes. We flew the
    >> recommended 83%N1 power setting. When the airspeed indicators came
    >> back. we were within 5 knots of our desired

  • by digitalchinky (650880) <> on Sunday June 28, 2009 @09:05AM (#28503477)

    The problem largely is that the difference between airspeed and ground speed can mean the difference between supersonic airflow over the airframe, or not enough to maintain flight. At cruising altitude (FL300 and above) you don't have a very large speed differential between these two danger areas, so windshear is something you want to avoid. (i.e. Thunderstorms)

    Your question about wind speed is a little difficult to answer, it would depend on the aircraft type, but then it also depends upon what you are doing in the aircraft too, straight and level, in a turn, high g, and so on, so there are a whole host of factors to consider.

  • by Rich0 (548339) on Sunday June 28, 2009 @09:05AM (#28503479) Homepage

    Both are important.

    Too little airspeed = too little lift and a stall (which is very dangerous on something as big as an airliner, though theoretically recoverable at that altitude granted you'll waste quite a bit of fuel and scare the living daylights out of the passengers).

    Too much airspeed = shock waves rip the wings right off the plane. They're not fighters and while those wings actually are pretty strong they can only make them so heavy and be able to carry payload.

  • by Rich0 (548339) on Sunday June 28, 2009 @09:09AM (#28503507) Homepage

    To confuse things further - you're not actually using indicated airspeed but true airspeed. :)

    The indicated airspeed at those altitudes is often on the order of 300 knots when the plane is really travelling around 500 knots relative to the air and 600 relative to the ground.

    Put it this way - in space if you're travelling at mach 20-30 the airspeed indicator would probably read zero. When you hit an air molecule you're moving very fast relative to it, but so few hit the sensor that it reads zero. Anywhere in-between space and sea level the gauge acts accordingly...

  • by plutoXL (1314421) on Sunday June 28, 2009 @10:29AM (#28504101)

    1. How can an airplane be allowed to carry passengers when the margin to airframe disintegration is so narrow? I can understand falling out of the sky if it stalls, but to be able to tear the airplane apart in level flight? What happened to margin of safety in airframe construction -- or is that whole concept now obsolete?

    The load limits for A330 (and i believe for all other modern big passenger aircraft) are from -1g to +2.5g.

    The ultimate loads, leading to rupture, are 1.5 times the load factor limits. Same for Boeing. Yes you might increase it to 2.0, or 3.0. Same as you could drive a tank instead of a car - costs and risks would probably outweigh the benefits.

    If the aircraft stalled because of significant overspeed and consequent loss of lift, the loads might cross the ultimate load limits. Not so in normal flight conditions, specially because A330 computers restrict the aircraft load within -1g to +2.5 limits. Even with full pilot input, the load would not cross those limits.

  • by Joce640k (829181) on Sunday June 28, 2009 @10:50AM (#28504241) Homepage
    This video shows an Airbus pilot switching off the flight computers then barrel rolling an A320: []

    Any belief that Airbus pilots are somehow under the communist thumb and that square-jawed Boeing pilots would heave manfully at the controls and save the say is, um, 100% laughable.

    FTA: "...the crew apparently shut down or tried to reboot their primary and secondary computer systems."

    Where do they get this garbage? Do they make it up based on their experience with Windows ME?

    FWIW, Airbus have *five* flight computers (not "primary" and "secondary") and any one of them can fly the 'plane. If they're all gone then the aircraft is already in little bits so no, you wouldn't ever be under the dashboard trying to 'reboot' them instead of flying (whatever 'reboot' means - they're designed to reboot themselves under a watchdog timer).
  • Re:Suspect?.... (Score:5, Informative)

    by UnknowingFool (672806) on Sunday June 28, 2009 @11:22AM (#28504545)
    If you google "NTSB investigates Boeing" you 6730 searches with the most popular one about the 737 rudder problem which Boeing acknowledged and fixed. If you google "NTSB investigates Airbus" you get 4990 results. It would appear to me the NTSB investigates all accidents and near accidents regardless of the manufacturer. As a government agency the NTSB will tell the press that they are doing it. Or would you rather they tell no one what they are doing? It's their job to investigate especially in a case where the blackboxes might not be recovered. Now if this was an airplane model that didn't fly in the US, the NTSB would not investigate as it is out of their mandate. But since the Airbus 330 does fly in the US, they have to seriously look at any issues. Or would you rather a crash occur in the US before they get involved.
  • by Beretta Vexe (535187) on Sunday June 28, 2009 @11:26AM (#28504583)

    This video shows an Airbus pilot switching off the flight computers then barrel rolling an A320: []

    It's a full scale simulator not a real aircraft, you can see the border of the simulator room projection screen outside of the cockpit. Do you really thing that a man performing a barrel roll with a jumbo jet have the time to explain in a relax manner what's happening ?

    It's only a demonstration about how the flight computers limit the human command to stay in flight parameters ( and prevent you to attend stupid maneuver like a barrel roll).

  • by Jeremy Erwin (2054) on Sunday June 28, 2009 @11:34AM (#28504655) Journal

    I think he's flying a simulator, and not risking an actual airplane.

  • Re:Suspect?.... (Score:2, Informative)

    by SerpentMage (13390) <ChristianHGross@ ... minus punct> on Sunday June 28, 2009 @12:08PM (#28504999)

    No actually you are wrong about this. Around the early 90's or something like that there was this Lufthansa flight in Poland that ran off the end of the runway. Only two people died, but what was interesting about that flight is that the plane did something that the pilot did not want to do. []

    The article states it was a human error (always is, isn't it...)

    But the reality is that during that time there was a debate on whether or not the computer did the right thing. []

    According to the logic of the computer, the plane had not yet landed but was still turning. Thus the spoilers, which would create a braking effect, were not to be activated. At that time neither the thrust reversers nor the spoilers of an Airbus A 320 â" in contrast to a Boeing 737, for instance â" could be manually activated. As a result, the aircraft â" braked too slowly and too late â" raced towards the end of the runway. The human being (pilot) was helpless.

    The reality is that Airbus with its reliance on computers is going to have these situations where we say, "ooops..." The problem is that there are human lives involved.

    As one engineer said there are both advantages and disadvantages to the approach used by Boeing, and Airbus...

    It's like ABS, great for people who don't know how to drive in bad conditions. But HORRIBLE for somebody who has racing car experience. The question you have to ask yourself is what kind of pilot do you want? Right now the industry is tending towards the ABS crowd.

  • Straw man troll (Score:3, Informative)

    by kylef (196302) on Sunday June 28, 2009 @01:05PM (#28505559)

    This video shows an Airbus pilot switching off the flight computers then barrel rolling an A320: []

    Give me a break. This whole thing was taken in a simulator, which are *programmed* to behave how they think the airplanes will behave, using recorded data from test flights to help. Because they do not test the airframes in extreme attitudes (especially barrel rolls), they have little to no data with which to program the simulator, making demonstrations like this complete nonsense.

    At 3:02 into the video you just posted, the pilot admits, "Not a maneuver you'd normally see in an airliner, and in fact you probably couldn't do it in a real airplane."

    I'm not sure what you were trying to prove. This video doesn't prove anything.

    Any belief that Airbus pilots are somehow under the communist thumb and that square-jawed Boeing pilots would heave manfully at the controls and save the say is, um, 100% laughable.

    LOL, this is the absolute definition of the straw man [] argument. The great-grandparent never made such a claim; just an apolitical observation that he was scared that computers fly the planes and not skilled pilots.

    Stop trying to turn this engineering discussion into a US vs. Europe, Boeing vs. Airbus religious war. Your post is a troll, I'm afraid.

  • Re:Suspect?.... (Score:2, Informative)

    by Anonymous Coward on Sunday June 28, 2009 @01:07PM (#28505581)

    How does the existence of a separate problem make me wrong about this?

    I get your point that computers aren't infallible, but neither is any other system. You've misunderstood the implications of LH 2904:

    1) All large aircraft have autobrakes and autospoilers. They can't be allowed to deploy too early (catastrophic), so there must be restrictions in place like the ones the Wikipedia article describes. These restrictions, problematic or not, would have been there regardless of any fly by wire system. It's a separate design decision, and they would just be implemented mechanically otherwise.

    2) The autobrake logic on newer planes is probably better as a direct result of this incident, and software is much easier to modify than hardware.

    3) It WAS pilot error (with a lot of the blame on the weather information, though). That landing could not have ended well in any case, and he should have gone around (may not have had the time to decide, but the computers can't do that for him).

    4) Even if it had been a 100% software error, no system has been perfect from the start. You might as well argue we shouldn't have any systems on an aircraft. There's a double standard that software should be infallible from the start. Today's safety is a result of lessons from numerous historical crashes.

    5) Software design can take into account all previous lessons, pilots have limited processing power.

  • by grotgrot (451123) on Sunday June 28, 2009 @04:07PM (#28506987)

    How can an airplane be allowed to carry passengers when the margin to airframe disintegration is so narrow?

    There are certification bodies in the US, Europe and many other countries that define what that margin is. The greater the margin the heavier the plane will be, the more fuel it will need and the less load it will be able to carry. So your question really is asking if all these certification bodies are idiots. They are not and are definitely better at it than your armchair speculation. Simple evidence is looking at the rate of crashes and fatalities over time despite the increasing amount of air travel.

    How come you don't walk around always wearing a bulletproof vest? Why aren't all your house doors, windows and walls armoured? Because there are costs and benefits and they all have to weighted together to come up with something appropriate.

    but to be able to tear the airplane apart in level flight?

    It would not tear apart in simple level flight within the normal speed range. It could be torn apart going too fast (ie beyond the certification limits imposed by those national bodies) but even then would not be in level flight but likely dropping. It was a massive thunderstorm with huge air currents they were going through. This [] is an example of what planes can survive where the plane looped, parts flew off and the wings got permanently bent. This [] is an example of a certification test for wing strength. FAA regulations require that wings survive 1.5 times (150 percent) of the highest aerodynamic load that the jet could ever be expected to encounter during flight for 3 seconds. That applies to all airliners. The pitot tubes keep being mentioned because they tell you how fast you are going relative to the surrounding air. If they iced over then you don't know and going to slow will result in a stall, going fast increases discomfort and going too fast can result in bits of the plane breaking off.

    But to be clear it required abnormal circumstances to break apart. Way beyond anything normally or abnormally encountered. If the circumstances happened with any regularity then you would hear about this kind of accident more often.

    If the airplane can send fault messages home, why don't blackbox data streams get sent as well? At least that way there would be some situation info available as opposed to none.

    The fault messages are generally intended for maintenance so that when the plane arrives they can be repaired as quickly as possible and the plane turned around. They also help with long term tracking of wear and tear. Current blackbox recorders record a huge amount of data which would be infeasible to transmit, especially when it has to go via satellite such as when over oceans. Plane crashes are very rare (that is why they make the news) and it is even rarer to not find the blackboxes.

    In some ways reliance on flight computers is like reliance on spreadsheets or calculators -- if you do not understand what is going on and are not capable of doing it yourself then you cannot tell if the software is correct. Essentially, if the computer says it is so then it is, and you either survive or not.

    You overestimate the ability of humans. We are long gone from the days of the lonesome hero sweating it with the control stick. A flying plane is a complex mechanism. You have many control surfaces, air pressures and speeds, centre of gravity, fuel consumption, engine abilities, aerodynamics etc all to take into account. A computer program can do all of that so many times better than a human which includes being both more economical and reacting quicker. The people who make planes are not idiots. Ultimately you have to take the underlying tools you use as is. For example I don't see you insis

  • Re:Straw man troll (Score:4, Informative)

    by shutdown -p now (807394) on Sunday June 28, 2009 @08:38PM (#28508783) Journal

    Give me a break. This whole thing was taken in a simulator, which are *programmed* to behave how they think the airplanes will behave, using recorded data from test flights to help. Because they do not test the airframes in extreme attitudes (especially barrel rolls), they have little to no data with which to program the simulator, making demonstrations like this complete nonsense.

    There are three replies to GP, and they all totally miss the point, including yours.

    He wasn't trying to say that you can do a barrel roll in A320.

    He was saying that you can turn off computers in A320, and still retain full manual control of the airctaft.

  • Re:Suspect?.... (Score:4, Informative)

    by David Horn (772985) <{gro.remagtekcop} {ta} {divad}> on Monday June 29, 2009 @07:19AM (#28512585) Homepage

    Coffin corner does not refer to a simple underspeed/overspeed condition. Limiting factor for speed at high altitude is Mach number, not IAS. Exceeding Mcrit leads to shockwave formation on the leading edge of the wing. This moves the centre of pressure rearwards and causes an uncontrollable nose-down pitching moment known as Mach Tuck.

    It is this that can cause speeds to rise to the point where they're damaging to the airframe.

    At coffin corner, slowing down will give pre-stall buffet, while speeding up gives mach buffet, the precursor to mach tuck. It's almost impossible to tell the difference between the two. Additionally, given the high TAS even small control inputs can have very rapid and extreme effects. It is exceptionally difficult to hand-fly an airliner at high altitude, especially without the benefit of automatic trim.

  • by CompMD (522020) on Monday June 29, 2009 @08:58AM (#28513463)

    No, a handheld GPS would be useless. It can't give you airspeed or attitude. Also, you need line of sight to the satellites. Next time you're on an airliner, try and use a handheld GPS and see how well that works through the skin of the airplane. My Garmin GPSMAP 195 (an actual aviation handheld GPS) cannot always get a satellite fix in a commercial airliner. In an emergency, its not really a big deal where you are or what your groundspeed is. If you don't know your airspeed or attitude (the two things a GPS will *not* give you) you *will* die.

    Disclaiminer: I am an aerospace engineer and a pilot.

You had mail, but the super-user read it, and deleted it!