Great narrative, but factually wrong on at least two accounts:
>If the pilots has switched a button to re-enable autopilot, everyone on board would have lived. But they didn’t. One co-pilot made a single, absurd mistake–for twenty full minutes–that brought the plane down.
First factual error: The button they should've switched is not the auto-pilot button (which they operate many times per flight), but the flight mode button (which most pilots never operate in their career). When the plane lost at least two of the three pitot tube readings, it went from the NORMAL "Law" to the ALT "Law", where the airplane doesn't guard itself against many pilot errors. When the pitots de-iced shortly thereafter, the plane did NOT go back to NORMAL "Law": it had to be switched there manually. The pilots did not do that and it seems to be the consensus so far (can't state that for certain before the official report is released) that they did not realize they were flying the plane in ALT and then DIRECT Law.
Second factual error: the "absurd mistake" lasted nowhere near 20 minutes. The first problem appeared at 2:10:03UTC and flying into the ocean occurred at 2:14:28UTC -- 4 minutes 23 seconds in all.
You are right about the 4 min, but there is no such a thing as a flight mode button. Normal, alternate and direct law change automatically depending the number of computers or inputs available. There is a big red ALTERNATE LAW at the HSI, also a big red STALL. The problem is not that they where in alternate law, is that they used the wrong maneuver to recover the plane.
From reading the reports, what you say doesn't make sense. As far as I understand, it's not possible to stall the plane in normal law. They crashed the plane because it was stalled for over 4 minutes. This implies that the plane did not go back to normal law.
Given that the plane was fully functional after the initial glitch (all inputs and all computers OK), this means they had to either force it back to normal law either via a kind of switch (the flight mode button), or pilot it into a configuration where normal law applies (essentially, recover from the stall manually). They obviously failed the latter.
An obvious question resulting from this (also asked in another thread here) is: can the autopilot recover the plane when it already is in alternate law?
It´s true it is not possible to stall the plane in normal mode AND stable air conditions, in fact at high altitudes is possible to lose control of the plane even in normal mode, due to sudden changes in air density or extreme turbulence. This is highly improbable but sometimes happens when changing from one mass of air to another or flying into clear air turbulence.(I know some pilots who have suffered this, flying close to the equator due to captains trying to save fuel climbing above the recommended altitude for that day, or the case of a A320 loosing 4000´ while flying above the Pyrenees due to turbulence and once again trying to save fuel going high).
Once you are at stall there is a protection in alternate mode (if I remember properly) that will pitch down the plane to help getting a recover speed (not like normal law that will prevent you from performing stall and over speed maneuvers), BUT that protection can be overridden (unfortunately in this case) by side stick input. I don´t think you could engage the autopilot in such situation even in normal law(I´ll try at my next simulator). Read my comment below about the maneuver I think they were trying to perform.
Once you are at stall there is a protection in alternate mode (if I remember properly) that will pitch down the plane to help getting a recover speed (not like normal law that will prevent you from performing stall and over speed maneuvers), BUT that protection can be overridden (unfortunately in this case) by side stick input.
So ironically, the correct advice is not to "fly the plane", but "DONT fly the plane" and let it fix itself.
(This is what I would have expected from a reasonably designed automated system, anyway)
I don´t think you could engage the autopilot in such situation even in normal law(I´ll try at my next simulator).
Can you clarify whether going from alternate to normal law requires a specific action, or is it automatic?
Well, yes in this case , but if you have obstacles ahead maybe your best option is keeping the plane close to the stall in order to climb, so you need to fly the plane. That is the reason most of this protections must have an override.
The modes are automatic, if you have all the flight computers and inputs available it will be at normal mode, if you begin loosing computers or inputs (like speed) it no longer has the capability to have that protections active so it downgrades itself, if there is a recovery of some sort (computer reset or working again pitot) it will upgrade the mode to normal by itself. The only action that can be taken is resetting computers or trying to recover a system. In fact when we want to practice alternate or direct law in the simulators, we just disconnect some flight computers. It is not that different flying in alternate or direct law than it is flying normal mode (just a bit more dizzy), unless you try something like pulling the control all the way back for 3 minutes.
As it's completely meaningless to have the autopilot operate out of normal law (why would the computer operate the plane outside of the envelope the computer considers safe?), isn't it safe to assume that re-engaging the autopilot would have put the plane back in normal law?
- Pilots wouldn't be trained with marketing speak so they believe the Aircraft is uncrashable, and ignore 75 repeats of the STALL warning alarm.
- The change of modes between "can't crash" and "can crash" laws normally never happens, so when it does it deserves a huge and explicit attention grabbing ongoing alert of its own.
- The plane would never, ever, detect that it was barely moving forwards, nose pointing up, falling at hundreds of feet per second, and then switch the STALL alarm off.
- The plane designers would make it so one pilot has no clue what the other is doing with the controls, and if both offer conflicting instructions, the plane will not alert them, but just average the instructions.
- The "about to hit the ground" warning would be built to sound early enough that they could use it to avoid hitting the ground.
- The pilots would be trained so that if something goes wrong, seems weird, panic is setting in, they must stop what they are doing and cooperatively restate their assumptions and reassess the situation.
These are excellent points. I was amazed at the behavior of the dual input sticks; in what world would this be a useful feature of the airplane (other than, perhaps, a training scenario?) How is the switch to alternate mode not made painfully obvious to the pilots?
I'm not an Airbus engineer and I'm not privy to their research (undoubtedly many thousands hours involving scenarios we can't even imagine) and the reasoning behind this design. This catastrophe is rooted in human-machine interface and we should wait for the official investigation report, which will come very shortly and will include recommendations to aircraft designers (including UI aspects), training procedures and crew management procedures, to mention just a few.
My layman view is that the first step in principle "fly-navigate-communicate" could be accomplished by placing the aircraft into the "pitch an power" configuration: 5 degrees nose up + TOGA. This didn't happen. But this is my layman view: I'm down here in a comfy chair with a cup of tea, and they were up there, in a thunderstorm with flashing warning lights, frozen pitot tubes and 228 souls behind their back. We shouldn't judge them: we should only learn.
A core concept they drill into your head in flight training is the following axiom:
Aviate, Navigate, Communicate
(in that order)
First and foremost, keep the plane in the air. Then you can worry about where you're going (e.g. don't fly into terrain, start heading towards an airport). Finally, coordinate with others (e.g. controllers) to let them know what you're doing and seek guidance.
This axiom can be applied to lots of other areas, too, including startups. For instance, it explains why I don't blog: I'm concentrating on execution and strategy.
It's one of the reasons I wonder if the many prolific startup bloggers have their priorities straight.
The pilots were not making an 'absurd error'. They did not forget to fly the plane.
It is that what they thought they were doing was not what they were actually doing. Their mental model broke away from the reality. (They thought the plane was in 'normal mode' when it was actually in 'abnormal mode' -- an expression of which: one them declaring "this cannot be happening!")
Telling them just fly the airplane is not (quite) the solution -- they thought they were flying it.
But the remedy is sort-of basically correct. It just seems better expressed as: when nothing makes sense (your mental model has suddenly utterly failed), fall back to a more basic backup mental model and system -- like primitive manual override.
(How clear can such separation of a basic mode be? How practical would it be? How reliable? It leads to a set of engineering/UI questions . . . were they well designed in this particular case?)
I'm not so sure. They weren't flying the airplane, but rather were letting the computer fly it for them. (The control movements made by the one pilot who was horribly in error were not something that one would ever make if the controls were directly connected to the control surfaces.) Meanwhile, the computer was letting the humans fly. If the pilot in error had flown the airplane instead of driving the computer, everything would have come out fine. (And, while I'm not completely familiar with the Airbus's fly-by-wire system, I'm pretty sure that doing this still would have been safe in the event that the computer hadn't given up, either.)
They spent all this time trying to figure out what was wrong with the plane when their immediate concern should have been to get the nose down and get their airspeed up. Figuring out the underlying problem can wait. That's what "fly the airplane" is all about. Even if stuff is on fire, the first priority is to keep your speed up and don't run into anything hard.
The problem is they did not know there airspeed and they did not understand they where stalling. The airspeed issue related to simple icing. Stalling was a little more complex than that. They had plenty of indications that they where stalling one of the pilots simply did not believe them.
Aside: Using the word "simply" glosses over the interesting bits.
Why did a pilot, a 32 year old, with Air France for 4-5 years, qualified to fly the A330 (for 2 months), with "under 3,000 hours of experience" [NYTimes] (so, a couple of thousand hours) not believe the stall warning? And what can humans do to guard against that?
That's an interesting question, "simply" doesn't do it justice.
Doesn't matter. You're descending at 10,000fpm. Your nose is up. This is wrong, no matter what else is going on. First order of business: point the nose in the same direction that the airplane is actually flying. Everything else can wait.
I fully support this message; having performed an instrument rating renewal check just yesterday in sub-optimal weather I experienced a frozen pitot-tube (the thingie that measures dynamic pressure; or a component of the airspeed). Having no speed indication is scary in instrument conditions (i.e. no visibility) but continuing flying is the best decision you can make (that and turning on pitot-heat). But please apply this 'motto' to other fields as well. No matter how bad the situation is; do the thing you're supposed to do: Fly the damn airplane, Talk to your customer, Keep your hands on the steering wheel and: keep breathing.
The article was clearly not limited to literal flying, it ends:
So, the next time you’re in a crushing situation, remember how irrational humans are under stress and remember to FLY THE AIRPLANE.
After observing that people today tend need their brains much more now during moments of extreme stress, since it often involves interacting with machines, as opposed to just running away or putting up a (physical) fight.
In that context, communicate is scoped to flight crew outside, not within the cockpit crew.
Surely, the notion that if you have a departure from controlled flight, or are lost, that each crew member must refrain from speaking to each other is silly.
That guidance is instead intended to say "ATC's questions and needs can wait; tell them 'Standby' and fly the airplane."
According to the articke they didn't speak to each other to resolve the problems. Asking them to refrain from talking would be silly, but an explicit instruction to communicate might help.
Beg to differ, but he wasn't flying the plane. He knew he was on manual control, but he apparently did not understand or did not appreciate the implications of the fact that the plane was flying on "alternate law".
With the normal flight laws, the pilot cannot stall the airplane because the flight laws prevent it. On "alternate law", that protection is removed and the aircraft can be stalled. When flying "normal law", pulling full back on the stick is arguably a reasonable approach to stabilize the flight of the aircraft because the flight control system will fly the plane in a stable, just above stall, attitude and speed.[1]
On "alternate law", pulling full back on the stick resulted in the plane no longer flying, but stalling and falling. I would contend the copilot was not flying the plane, he was relying on the flight control computer to key off his "nonsensical" input and take over flying the plane.
Trivia: the report indicates the flight speed sensors de-iced and the flight system recovered full correct data input quite soon after the incident started. I'm rather surprised that the flight control system did not go back to "normal law" mode, but rather stayed in "alternate law" mode. I don't know what it takes to revert the flight mode - if it is a manual reversion or if the plane simply has to get back into normal flight, which never occurred for AF447.
[1] AF296 crashed at an airshow while the pilot was flying with full aft stick. It crashed not because it stalled, but because the pilot ran out of energy (altitude) and the engines could not spool up fast enough to stop the plane's descent before it hit the ground. http://en.wikipedia.org/wiki/Air_France_Flight_296
Reset from alternate law to normal law is - afaik - a pilot induced operation. The airbus computers will never initiate such a change by themselves. I.e.: They will drop down into a lower mode automatically; but they will not up the amount of support 'by themselves'.
This is the heart of the problem. He wasn't actually 'flying the plane' (properly), but from what we can see, he believed he was, and the plane wasn't responding (properly).
So a checklist entry which might help needs the property "changes his view on the world".
I suggest "fly the plane" will make him reply "I AM!", and continue behaving the same, whereas "everyone in the cockpit states aloud the major sensor readings, and what the next control change should be and why until majority agreement" sidesteps the semantics of whether they are or aren't "flying" and might help.
> "pulling back rudder to gain altitude and avoid storm"
This action is a case of things not doing what you think they should do. When I did flight training, I had it drilled into my head that the yoke isn't for controlling altitude and the throttle isn't for controlling speed; they're switched. They can each be used for that, but not very effectively and only temporarily.
I think that this can be a good order of priorities for different disciplines too. In fact I recently came out of a major project that ended up with multiple issues that surfaced and threw us off. As a result, I spent three years "flying the plane" if you will rather than trying to figure out how to get my own business going in the direction it needed to go. The result was a hard transition after, but not as bad as I might have feared.
When I have seen projects "crash and burn" it has always been due to someone not "flying the plane." One thing one can do also is see where customers are in this process and if they are not flying their planes, avoid taking them on.
But beyond this, process breakdown is a real thing. Once someone loses confidence in a system compensating measures can often cause more harm than good. Once you don't know what's happening, you can lose control very quickly. One of the roles of a consultant is to get people back up to safe processes while you get everything back up to speed. But this can be a big task.....
I followed through the entire essay in complete agreement, but I wished the following paragraph had at least a reference pointing to its claim:
The human body’s physical “fight or flight” response evolved to help it evade a dangerous situation, which historically involved extreme physical exertion. The rush of steroids into the bloodstream essentially turns off unnecessary systems, including some higher thinking processes, to aid in escape.
When we make statements like this proclaiming we understand the complex workings of things like human physiology I always have to shake my head. We may be smart, us programmers and designers, but let's not pretend to understand the order and meaning of everything. And if you do understand and you have the means, provide some kind of reference to where the claim originates from so we can all learn more.
* edited because I sounded like a jerk and wanted to make my point clearer
It has in fact been shown in countless studies that corticosteroids (stress hormones that are released in situations like the ones I described in the article) cause cognitive deficits in humans and other animals. Here is one slightly strange example:
The present study investigated the acute effects of cortisol administration in normal healthy male volunteers on immediate free recall and recognition of pleasant, unpleasant, and neutral nouns using a between-subjects double-blind design. Two hours after cortisol (10 mg) or placebo administration, impaired recall and recognition of neutral and pleasant words was found in the treatment group, whereas recall and recognition of unpleasant words was similar in both groups.
Your essay is well written, I agree with the premise of it and you clearly know a bit about biology. But I still think it's important that when we make these general claims of scientific fact we point to the giants whose shoulders we're standing on. Maybe it's just the ex-scientist in me, and if so, apologies. I appreciate you found a cortisol related article to prove your point, and I agree it's an odd choice as the abstract, which I'm assuming is what you read as well, seems to state little other than pleasantries are forgotten when under a chemically induced stress response.
The flight or fight response has been investigated for a long time. It's complex enough that you need to read a lot of relevant studies most of which are old before you can understand it. Which makes finding a single source hard.
If you want basic research start with Walter Bradford around 1915 Bodily Changes in Pain, Hunger, Fear and Rage: An Account of Recent Researches into the Function of Emotional Excitement. http://en.wikipedia.org/wiki/Walter_Bradford_Cannon
How can the study be double blind when it involves drugs which have such noticeable effects? People can notice things like impaired recall and figure out which group they are in, so it's not really double blind.
This is a fairly straightforward matter of whether his statement is right or wrong, I don't think it's fair or helpful to describe it as "particularly arrogant".
I agree that in general, people's understanding of human physiology tends to be simplistic and wrong.
But Dustin's description here aligns with what is generally known and accepted, and he doesn't venture details beyond what anyone with with a sound understanding of physiology could reasonably claim to know.
If he's wrong, that would be easy to prove, in which cas you should do so, so he can amend his post.
The Professional Pilots Rumor Networks has a bunch of excellent discussions about AF447 (and other incidents). It's nice to get the perspective of people who fly for a living:
There's a subtle shoutout to The Checklist Manifesto - that book is amazing. I thought it was another GTD-style productivity book but it's not, it's a lot more than that. It studies several seemingly unrelated fields like medicine and construction to bring together unique insights into group collaboration and workflow on complex projects with lots of stakeholders. The chapter about venture capital has a bit of a Moneyball vibe to it.
+1000. I'm a PPSEL of the Cessna-exclusively-outside-the-soup variety, and these kinds of transcripts often bring me to tears. I understand the fascination with (and importance of understanding) accidents and human-error events especially, but the pilot in question was just about my age, and I can't begin to put myself in his shoes in the first moments of this tragedy without crushing pressure entering my guts.
I'm a PPSEL also, training for my IR right now. We had some icing on my last flight that caused some pitot/static issues, fairly quickly solved by flipping on the pitot heat and climbing out of the clouds. Very interesting psychological experience; I had to use a good deal of mental energy to shunt the terror out of the way and used what little was left over to fly the airplane.
I've come to the conclusion that dealing with those situations is analogous to lifting weights: when you start out your ability is weak. Experience and training increase your strength but there is an upper limit. You just gotta hope you don't have to press something that's beyond your max. The likelihood can be mitigated against but not completely eliminated.
An even more interesting air disaster is United Airlines Flight 173. Just prior to landing a malfunction caused the indicator for the landing gear being lowered to fail to indicate that it actually was lowered. The plane circled the airport while the crew concentrated on figuring out what was wrong. The plane ran out of fuel and crashed.
It's easy to get side tracked by a problem while losing sight of the big picture. That crash led to a complete rethinking of the way planes are flown.
It was also caused by "cockpit gradient" the flight engineer and FO knew about the problem but were reluctant to point it out to the captain (because it was such a silly little thing)
That is interesting. I'm sure I've read of planes doing a fly-by for the control tower to assess whether the landing gear is actually down or not in situations like this. Were there reasons something like this wasn't attempted in this case?
I've just been reading an autobiography of a WWII aviator (a tailgunner in a B-17). He mentions that for planes with substantial damage, it was standard procedure to bring the plane in on its belly with no landing gear. This was because there was a good chance the landing gear itself was damaged, and if so, having it there would do far more harm than good.
If it's possible to bring in a B-17 on its belly as a preventative measure, surely it's possible to do so with a modern airliner when the alternative is a real crash.
I do not know whether you are right, but I think most successful B-17 belly landings would involve ditching all cargo (i.e. bombs) before landing. AFAIK, doing that with a modern airliner only is possible in Hollywood.
A vivid example of forgetting to fly the plane is the similar case http://en.wikipedia.org/wiki/Eastern_Air_Lines_Flight_401 where the landing gear light bulb was burnt out. While investigating this, the crew didn't notice that they were slowly descending and 101 people died when they hit the ground. Last words: "We're still at 2,000 feet, right?"
One thing this is, in my opinion, missing: panic is a weird state. You might even know that what you're doing is irrational. It doesn't really help, and to make things worse, people telling you what's rational don't actually help (you know that you're not doing the right thing, you feel helpless about it already, last thing you need is people passing judgement on you).
It's a tough problem, because sometimes panic attack strikes completely out of nowhere, even a person who was previously stable, even in situations less stressful than described (there's records of people panicking while crossing a street, to the point where they couldn't move). And it isn't always completely obvious to onlookers, and it might get your co-pilot, your climbing partner, or you.
> Unlike car accidents, which are often blamed on driver (and thus human) error, airplane crashes are considered engineering failures...
Forgive me if I'm misunderstanding something about the way these accidents are investigated and understood, but directly after this the author goes on to cite Air France 447, which many of us have by now read about in Popular Science, among other sources I'm sure, wherein it's made clear that that particular flight fell into the ocean for no other reason than a persistence fault on the part of the copilot who had control of the plane. So how does that qualify as an engineering error and not simply human error? Could the author mean by "engineering" such an abstraction as the engineering of flight training?
I think it means that any crash, even if caused by the pilots fault, is seen as a fixable technical problem, either in automation, equipment, reliability, or pilot training.
We don't send all car drivers back to get their license if somebody crashes his car. We do try to "fix" the pilots if something like this happens.
The cockpit has two switches, right next to each other, on the control panel. They're exactly the same size, shape, and color. They feel the same in your hand.
The only difference between these two switches are the labels. One says "Recover from Stall", the other "Self-Destruct".
After the explosion, is it "pilot error" that you pressed the wrong switch? Or is an engineering failure that those buttons were so indistinguishable to begin with?
He missed a word like "frequently" after "airplane crashes are", and that might confuse a few people (as it confused you). His point is - much like you said yourself - that most airplane crashes are often related to engineering failures (actual mechanical/system failures), but that in this particular case, it was human error.
He's still wrong: human error is a factor in the overwhelming majority of aviation mishaps (I don't have stats handy, but it's something in the neighborhood of 85% IIRC).
This must be understood in the context that while it is almost always a factor, it is rarely the only factor. Aviation mishaps typically occur when three or more factors combine. For example, if you're just low on gas, or just in bad weather, or just a little bit tired, you probably won't have a mishap, but put all three together and things can rapidly get out of hand. In the case of AF 447, they were in bad weather (which caused a malfunction in the FCS), they had CRM problems (Captain was not in the cockpit, and the two pilots who were in the cockpit did not coordinate well), there were serious flaws in the HMI design (the most egregious example, in my mind, being the averaging of the stick inputs), and the crew was not sufficiently trained on how to respond to FCS failures.
>> The rush of steroids into the bloodstream essentially turns off unnecessary systems, including some higher thinking processes, to aid in escape.
>> So, the next time you’re in a crushing situation, remember how irrational humans are under stress and remember to FLY THE AIRPLANE.
The advice is good, but irrelevant as the article itself states it.
Maybe the first step in the checklist manifest should be to take a steroid inhibitor pill, or even better, always take some pill that only kicks in when steroids are above normal levels (if that could even be acomplished).
the co-pilot did fly the plane, incorrectly, for 4 min & 23 seconds. he was pulling back on the stick to climb because he didn't have all of his instruments (due to the icing of the sensor) or understand why the plane was not climbing. the reason the plane crashed was because he flew the plane wrong, not lack of flying the plane.
Flying the plane wrong is not flying. The point of the saying is to not get distracted by what's happening to the point that you fail to fly the airplane. And that's exactly what happened here.
I found the Popular mechanics article linked to in the OP well written and far more interesting. One of my family is a retired pilot so I'm gonna show him that article. The sad thing is, if they had gotten the captain into the cockpit a couple of minutes sooner, this may never have happened.
1: Panic. His brain's "we're falling out of the sky" alarm was louder than the plane's stall alarm. (The correct reaction to the first is the opposite of the correct reaction to the second.)
2: Mental error caused by UI confusion. "Stall speed" is shown on the airspeed indicator, and he knew his airspeed sensors had failed. Therefore, he concluded that the stall warning was wrong. (But, stall is not detected by the pitot system, it's detected by angle-of-attack sensors which were working just fine.)
3: Training. Pilots are casually taught "you can't stall this plane" because under "normal law", that's true. No matter what input you apply, the computer will not let you stall the airplane. Unfortunately, the plane was not in "normal law" at the time, because of the failed systems. (This is indicated somewhere, the information that the plane's not in normal law is available to the pilots.) I'm guessing that no instructor ever mentions those exact words in bullet-point form, but I'm guessing that someone has said, "just pull back as hard as you can, you can't stall this thing" when practicing, say, engine-out-on-departure procedures. And statements like that stick.
This has been mentioned in other articles about the crash, including ones that have been posted in HN.
Under normal conditions, when the flight computer is receiving airspeed and other telemetry normally, the fly-by-wire Airbus operates under "normal law", a mode where the pilot controls the aircraft but the flight computer prevents stalling and other dangerous situations. In this case, the pitot tube was frozen and the flight computer didn't receive proper airspeed data and went into "alternate law" mode, where the pilot controls the craft and there are no computer enforced limits. The co-pilot with the controls had probably not flown the aircraft under alternate law or incorrectly believed that he was operating under normal law, and had never heard the stall warning before. So either he thought that the stall warning was false and just another instrument malfunction or he just didn't understand it's meaning in the confusion.
The flight mode is important but not the reason why they crashed the plane (IMHO). The reason they didn´t do anything else but pull the sidestick and apply TOGA was that they thought it was the solution to the problem.
The problem to them was thunderstorm + fast speed variation (unreliable speed indication or no indication at all)+ autopilot disconnected.
So they applied one of the most practiced maneuvers in commercial airplanes simulators the wind shear which is one of the most dangerous situations an airliner could face, and therefore one of the most practiced maneuvers(due to economical reasons refresh simulators are more and more condensed and reduced, almost no time for "basic" maneuvers like real stalls, regular manual flying, etc...).
Usually severe wind shear takes place in the presence of thunderstorms (they were flying inside one ), then there is a severe change in speed indication and wind speed(also present at the AF flight) How do you fight a windshear?. First there is a loud alarm ringing(in modern planes like the A330) + visual alarms (that wasn´t present at the AF, at least not this particular one), then you apply TOGA and pull the stick full backwards (check this video, is very well explained, also the part of the plane taking care of the stall in normal mode http://es-la.facebook.com/video/video.php?v=1015017491047010... ). The plane will flight just above the stall speed (in normal mode) and that way you´ll be able to avoid ground obstacles, as the windshear is only dangerous when flying close to the ground (take off, approach, and landing). If you have altitude enough you are able to change altitude for speed and recover the control without further problems.
Obviously the wind shear maneuver is not designed to be flown at cruise altitude, as the engines don´t have enough thrust to take the plane of the stall and keep climbing, also the plane is already very close to the coffin corner (over speed and stall aerodynamic limits are just a few knots apart), so any "extreme" maneuver (banking more than 20º or pulling or pushing hard in the controls) will simply put you outside of the flight envelope creating a control loss (usually you lose 2000´to 5000´ being unable to stop the descend), this happens also to planes entering sudden warmer zones like the ones you encounter in the tropic(due to the loss of air density).
There is a point when you simply disconnect from the alarms (no matter how many times stall or alternate law where sounding), you don´t hear them anymore (this was discovered or more studied with the Vietnam war pilots, who had very complex environments full of radio communications and SAM alerts), you only keep trying what you think will work, may it be the correct procedure, the incorrect one or just touching buttons because that damned computer is not behaving the way you want to.
Is difficult to know exactly how they suffered the problem and is also extremely difficult to judge it from a computer chair(even in simulator is well known the fact that the instructor can see obvious mistakes from the instructor chair, which the pilots are unable to recognize or detect for several minutes, once he sits in the pilot seat it is very provable that he will make similar mistakes).
What initially seem the correct actions(to the autopilot disconnection and lost of speed indication)are: to use the unreliable speed procedure(keep the throttle position and a pitch position) and then try to recover at least one of the speed indications (or at least checking which one was correct). But setting TOGA and then pulling the sidestick, this is (in my opinion) the automatic reaction to thinking they were suffering a wind shear(incorrectly), and so they keep fighting that imaginary wind shear for the long, long remaining 4 minutes till they crashed. No amount of other information or alarms took them away of that mental procedure (unfortunately), not because they where lost in they assumptions (they were), but because they thought almost all of the time (till it was too late) that they were performing the correct actions.
I must say that almost none of the pilots I know have the same opinion as me.(I am A320 pilot with B737 and MD80 experience).
One obvious improvement would be to replace the warning "Stall!" with "Stall! Stall protection disengaged!" when flying in alternative mode. Even better might be "Stall! Push stick forward!" when a stall is detected and the pilot is simultaneously pulling back on the stick.
I don't think more complex aural warnings would have accomplished anything [1]. (Edit) This guy basically had his brain disengaged due to panic and was useless at that point. The tragedy is that the other pilots couldn't prevent it.
The plane also warned them aurally that they were giving conflicting inputs. None of them "understood" it, in the sense that they thought about what that must have meant.
[1] Though, having the stall alarm go off when the stall was too deep is very, very weird and may have contributed to the issue.
(Edit: I initially said that pilots are deeply trained to use stick down to recover from a stall - but apparently this isn't really true for commercial pilots who are trained to avoid height loss when near a stall.)
The crash report says that the second pilot and pilot (when he arrived) were both unaware that the other copilot was pulling back on his stick. E.g. at one point the other copilot had his stick forward (causing an averaging of the two inputs resulting in nose still up) and right before the crash when the copilot replies "But I've had my stick back all the time!" the other two get a shock. The warning "Stall! Push stick forward!" would therefore have saved the day, even if the copilot pulling back ignored it (and it seems he thought he was doing the right thing by pulling back, so the explicit advice "Push stick forward!" might have helped in his mental state), the other two would realise he was contravening normal response.
The warning "Stall! Push stick forward!" would therefore have saved the day...the other two would realise he was contravening normal response.
They already got this warning through a "DUAL INPUT" alarm, among all the other alarms that went off. When the pilots panic, adding warning after warning is useless, they won't hear them anyway, let alone the nuance in the stall warning. See for example:
http://msquair.wordpress.com/2011/09/16/pilots-in-the-loop-a...
"it turns out that in the circumstances identified as triggering instinctive responses the value of such alerts is degraded due to the inevitable attentional tunnelling that operators experience in high stress situations."
Hell, to put it in a software perspective: popping up warning dialogs for your users is pointless, as they click them away anyway without reading.
Tactile feedback, such as the stick itself moving or resisting input, is not possible to ignore, so it's not surprising the pilots would have preferred this.
Note that even in alternate law the plane actually attempts to correct the stall by itself, so its hard to see how giving an audible warning would have gotten him to realize he was doing things the wrong way around. He was already actively working against the correction.
http://www.airbusdriver.net/airbus_fltlaws.htm
"System introduces a progressive nose down command which attempts to prevent the speed from decaying further. This command CAN be overridden by sidestick input."
The dual input warning doesn't inform specifically that copilot 1 is pulling back on the stick. It's clear from the report that was the problem, copilot 1 was pulling back the whole time and nobody realised.
I'm not suggesting adding "warning after warning" but an improvement to the existing warning, after all, when the plane is heading for the ground the warning is "Pull Up! Pull Up!" not "Ground!". If you want a software analogy, "Stall" is akin to "Error: Read Failure" and "Stall! Push Stick Forward!" akin to "Read Failure: Insert Disk".
Anyway it's a cheap to implement improvement and could save lives.
The dual input warning doesn't inform specifically that copilot 1 is pulling back on the stick. It's clear from the report that was the problem, copilot 1 was pulling back the whole time and nobody realised.
There is only 1 pilot at a time that is supposed to fly the plane, so the warning in itself indicates that they are in serious conflict and should clarify who is flying and what to do. They payed no attention to it. Again, hard to believe adding more audible warnings would improve that, rather than make it worse.
At some point they are discussing whether they are ascending or descending, while the stall alarm is blaring throughout. I don't think anyone will consider making the stall alarm go "Stall! Losing attitude!".
"Pull Up! Pull Up!" not "Ground!"
Notice how in this case they did get that warning...and it further doomed them, because Bonin started pulling back again.
"At some point they are discussing whether they are ascending or descending, while the stall alarm is blaring throughout. I don't think anyone will consider making the stall alarm go "Stall! Losing attitude!"."
Yep, but your missing the fact that they didn't believe it was actually stalled or about to stall. They thought that was impossible since normally the fly-by-wire protects against it, so that warning can safely be ignored. That is why they ignored it. It's kind of like the boy that cried wolf. Normally, the warning can be ignored and so when it started sounding when it really mattered, they ignored it. Maybe interlacing "Stall! Stall Protection Disengaged!" (when in alt mode) and "Stall! Push Stick Forward!" (when stick back) is the ideal solution.
Reminds me of the Zen story which recommends just focus on doing the next thing, no matter how chaotic or absurd the situation. "Before Enlightenment chop wood carry water, after Enlightenment, chop wood carry water."
The solution is not to average flight stick data. Had it not, then non panicking pilot 2 would say why the bleep are you yanking back on the stick (fleeing the scary bear) when we are losing altitude fast and stalling.
Human panicking error. he thought the 75 stall warnings were due to loss of flight speed indicators.
The OP links to the Popular Mechanics article in the first paragraph. I don't think it was intended as a replacement for the Popular Mechanics article, but as an addition to it.
Yeah, I agree. It's frustrating that you can get hundreds of upvotes by summarizing an article from last week's HN and adding nothing but a trivial, trite suggestion.
Just curious how many purchases popular posts like this drive on Amazon / affiliate sites. For 10k visits, is it like 1% of traffic? Or more like .1% or .01%?
Would be cool to be able to preprocess blog posts through a product search engine that had links to everything (maybe just amazon) mentioned in the blog post-- then let the author affiliate link to those products and profit!
>If the pilots has switched a button to re-enable autopilot, everyone on board would have lived. But they didn’t. One co-pilot made a single, absurd mistake–for twenty full minutes–that brought the plane down.
First factual error: The button they should've switched is not the auto-pilot button (which they operate many times per flight), but the flight mode button (which most pilots never operate in their career). When the plane lost at least two of the three pitot tube readings, it went from the NORMAL "Law" to the ALT "Law", where the airplane doesn't guard itself against many pilot errors. When the pitots de-iced shortly thereafter, the plane did NOT go back to NORMAL "Law": it had to be switched there manually. The pilots did not do that and it seems to be the consensus so far (can't state that for certain before the official report is released) that they did not realize they were flying the plane in ALT and then DIRECT Law.
Second factual error: the "absurd mistake" lasted nowhere near 20 minutes. The first problem appeared at 2:10:03UTC and flying into the ocean occurred at 2:14:28UTC -- 4 minutes 23 seconds in all.