Why not substitute a real-time satellite uplink? This would eliminate the need for expensive and often unsuccessful oceanic search expeditions of the kind we are now hearing about.
There is constant data sent out by most aircraft already. The black box is for when shit goes very wrong, like when a plane is on fire, out of power, with a big hole in it, falling like a rock and spinning like a top.
The black box is sufficiently rugged to survive anything short of a nuclear blast, including fire, crash, and falling to the bottom of the ocean. Real time broadcast telemetry might be the first to go in some instances, black boxes are certainly the last.
Addition: the NTSB is expert at retrieving data from severely damaged black boxes.
Redundancy is good, always. Especially when the cost is negligible compared to the lifetime operating expense of the machine and the costs from any misinformation regarding the last moments of a doomed flight (a Crash that is the Airline's fault mega-screws them in the wallet).
A black box captures human perspective of extreme conditions. Telemetry, flight control, and maintenance data is more than enough to figure out what happened to an aircraft. But, they don't tell why it happened? Data in a black box answers a critical question: "Is it human error?"
Having said that, your question does resonate well with me too. How much data does a black box store that we can't send it over satellite (or even to other aircraft nearby-- think of a distributed storage) in real-time or near real-time? The purpose of such distribution is purely redundancy. I haven't seen any concrete numbers or engineering barriers against this idea, yet.
I still don't see why only a black box should be used for that. As long as a satellite uplink is powered by a separate external power source, none of these factors will stop a transmission.
Satellite transponder space is expensive, and you would need a whole lot of it. Even if you somehow got the capacity, who would pay for it, and who would collect the data? There's also the problem that satellite communication is difficult to get right (to the level of reliability required by FAA regs) with any degree of consistency. It's also worth mentioning that when a plane is in a state that you'd want the uplink to work, it's generally not flying in a level straight line - it will be experiencing huge turbulence, buffeting winds, and random dives and climbs - which would make keeping an uplink very difficult.
There's also a practicality argument: when a plane is flying along normally, you don't need consistent satellite information - you've got radio communication, radio data-links, and controllers watching. So the usefulness of a satellite uplink only comes when something is not right with the plane.
If we're in that situation - that there's something wrong enough with the plane that you'd want to know about it via the uplink - what makes you think the uplink will still be working? Air planes are designed with huge levels of redundancy and overengineered margins: are you going to take all that, double it, and then put it into a satellite transmitter (which probably won't have that much data to send anyways if the plane is in that state)?
So no, I don't think we need constant satellite uplinks. Black boxes (especially ones of the newer generation) are very well-engineered, and the NTSB guys are masters at getting things off broken ones.
Yep. Commercial airliners already have a number of redundant power sources, located in different parts of the plane, wired in different pathways for maximum operational redundancy. There were even studies to done to find the parts of a jet that are least affected by eddy currents due to electrical storms....yet the black box can operate even when those different redundant systems fail.
From : http://www.eng-tips.com/viewthread.cfm?qid=246491&page=1Again, any single box is not the problem. It's the receiving end. Picture the FAA receiving 8000 planes worth of a minimum of 88 data streams at 50 Hz at 12 bytes each. That would be a minimum of about 4 Gbps data stream, and allowing for collisions and whatnot, you're around 20 Gbps datastream capacity.
Guess where the hackers are going to concentrate their efforts. And given the large number of access points required to make that all happen, guess how often the database will be compromised.
If a plane travels over mainland, it would be no problem to store data only on the black box, as it would be easy to recover in an accident. We would have to enable the satellite uplink only on planes crossing the oceans. I don't think that would generate that much of data.
While crossing the ocean aircraft are generally out of easy contact with ground stations for hours at a time. They're using long-range HF radios or even the data-only CPDLC system.
Some comments I've in other discussions brought up plane-to-plane communications, but other craft aren't commonly close enough to have any relevant weather information to share. (I'd extrapolate to think you'd have similar issues reliably transmitting data.)
Why does each plane have 88 data streams? Why 12 bytes per stream? Why 50 Hz? That's over 8 kilobits per update, 412 kbps.
With 16-bit precision, you can get 528 sensor updates for the same amount of bandwidth. Let's cut that in half (~250 sensors) and reduce the frequency to 30 Hz, then we've gone from 825 kbps to 274.5 kbps. Multiply by 8000 planes, that's 1.8 Gbps aggregate. With stream compression, a lot less.
Challenging? Sure. But I think even my restatement is too much data. Maybe send data less often if everything is within "normal operating parameters." I bet most sensors don't need 16 bits of precision, or to be updated even once per second. Cut my estimate to 10%, that's <30 kbps per plane, <200 Mbps total. Easy!
More than once per second (in fact, more than many times per second) means the difference between FOD ingress failure mode and, say, a spontaneous single blade failure in a turbine, between a synchro follower field inversion (think of a compass needle flipping around in an electromagnetic coil forcing the table it sits on to try to re-orient itself to the new reality) and a hard manual input, between externally-induced overtemp and a fire starting in the monitored system, not to mention vibration-induced momentary shorts playing all kinds of hell on both digital and analog control systems.
People really ought to try to grasp how quickly things can go wrong in the real world, and how difficult it can be to tell what made the nice shiny silver bird look like the crumpled foil discard of a cigarette pack smeared with a poorly-preserved meat jelly. You only have to see one used-to-be jet (complete with used-to-be pilot) before you start wondering how anyone could make sense of it -- and that's with the physical evidence in hand.
There certainly are cases with well-understood causes (e.g. birds flew into both engines to make them stop), but I guess there are cases that originally caused from combination of previously-unknown failure pattern; since the failure pattern understood enough to write a software to detect, it may likely be backed up by some fail-safe mechanism.
I don't know much about aircraft controlling software, so this is only a guess from my experience of general system software crash recovery; usually the hardest case is caused by something I've never imagined to happen.
You have to re-construct the flight before things go wrong to know when things went wrong. Maybe something you thought was right turned out to be an error given a different parameter. Kinda like debugging I guess.
When a plane is flying and not transmitting anything, is the reason that nothing's wrong, or that the system that sends updates when something goes wrong (possibly among others) is broken?
No. Part of failure analysis is understanding what led to the failure in the first place. If you only transmit when something goes wrong, you may end up knowing what went wrong, but not why And why is usually just as important.
The new planes like this Airbus do actually transmit real-time maintenance data. So, there were something like 10 transmissions from the plane that apparently include large amounts of data regarding the systems that were failing and when.
Consider the fact that aircraft/control tower conversations are done over AM radio, a very ancient technology as these things go. Why so old, you might ask, in the vein of your question. First, there is an infrastructure cost--towers everywhere, airplanes everywhere have AM transmitters and receivers already.
Probably the only viable alternative that is still reliable would be single sideband (SSB), but that would be a infrastructure change as well.
If you consider what is required to do a digital encoding including handshaking, synchronization and the like, you are less likely to have a less reliable system. If in the midst of an AM transmission you get a static crash, it likely deletes one word. In a digital system, you might well have to resync, like a modem.
So some of these systems need to be very reliable under all sorts of harsh conditions. The questions I would ask, is 1) do the satellites already exist 2) how many of them and 3) are they visible everywhere there are airflights? and finally 4) how expensive is this network to maintain?
My guess is that the cost of such a network is a lot greater than a few black-box searches. Additionally, for really difficult crashes, they retrieve every possible piece of the airplane, at an expense that makes finding the black box seem small: http://en.wikipedia.org/wiki/TWA_Flight_800
I was wondering the same thing myself today. My first argument would be that if data is getting into a black box, there's no reason it couldn't also get into a satellite transmitter and out into space in the same amount of time and with the same reliability. As for available bandwidth, how unrealistic is that bandwidth availability? How much data is being fed into a black box during a flight?
The idea of a distributed network among commercial aircraft and ground stations as a method of transmitting the data also seems like an exciting prospect, and perhaps less expensive than relying on satellite communications, though I know nothing of the range or viability of such a platform.
In any case, a system to complement a black box would require large expenditures by governments and airlines. But, how valuable is that data? Pretty valuable, I think.
Sure it could get "out into space", but in order to be useful, it has to get "out into space AND pointed at a satellite" which is a substantially harder problem especially in any upset or unusual attitude.
I suspect that a floating object increase the range over which you have to search. If you object sinks to the bottom, at least you know about where it ended up.
Surface shipping already uses something similar, mounting buoyant distress/telemetry beacons which automatically deploy in an emergency (I don't know the exact mechanism, but I'd assume it's triggered by water pressure or something similar).
Some modern recorders on board aircraft can apparently do similar tricks, but I'd imagine it's more difficult to make it work reliably; the stresses involved in a plane crash are likely far greater, and I'd suspect the number of places from which a device could both survive and get free to deploy is much smaller.
Aircraft have floating, jettisonable radio beacons (Emergency Locator Transmitters) that transmit on the international guard frequency 121.5MHz (with intentional harmonic distortion that allow reception on the military guard frequency of 243MHz). That frequency is monitored by SARSAT (Search and Rescue Satellite) in North America -- the middle of the South Atlantic may not be monitored, since the automated search notifications would not necessarily reach anyone able to do much about it. Local air control stations will attempt to determine the position, but ultimately it's usually someone with a portable directional receiver that pinpoints the actual source of the signal. (Occasionally a unit will begin transmission due to mishandling or malfunction, and I spent far too much of my time in the air force trying to sort through ejection seat packs and spare ELTs to find an overambitious backup gone wrong.) ELTs are also normally located on any floatation rafts the aircraft may be carrying.
The aircraft itself will also carry an underwater acoustic beacon (pinging at about 40KHz) or two so that underwater wreckage can be located once the general area has been established by the ELT that should have been jettisoned on impact. Both items (the ELT and the UAB) have limited battery life -- they pump out huge signals relative to their size. By convention, the UAB is located in the same general area as the FDR and CVR longitudinally.
In the case of the Air France flight incident, it would seem that the ELT did not work or was at a significant distance from the crash site by the time the search reached the position. That the black boxes (the FDR and CVR) are expected to be recoverable at this point seems to indicate that the UAB did work (it would have been detected by a sonobuoy dropped by the search airplane, which looked to me like it was equipped with anti-submarine warfare equipment, judging by the MAD boom on the tail).
Radio doesn't work underwater. At 20 meters depth, a submarine can receive a 35 byte-per-second message using a long antenna, but it cannot transmit. [ http://en.wikipedia.org/wiki/VLF ]
Sending a signal makes it easier to find - that's not stupid whether or not it sinks.
Sinking means that it doesn't move much. However, since it's attached to the plane, it's likely to go down with the airplane whether or it it would sink on its own, whether or not it sinks on its own is irrelevant.
Or even better, you could have them produce a sonar ping that search and rescue could listen for... which is what they already do. :-) [ http://trueslant.com/milesobrien/ ]
Flight recorders, along with being incredibly durable, are also incredibly heavy. It would be difficult to provide a remotely reliable method of having the device float.
No, no radio beacons. If they are on land, an exhaustive search finds them. For underwater search, they have battery powered "pinger" beacons. That is the cylindrical item in the picture on the Wikipedia page.
The aircraft itself has a radio beacon that self-activates on a crash. Having one on the black box would be redundant and very likely ineffective since the black box is buried in the guts of the aircraft (e.g. if it separates enough to have a clear field of view for transmitting, it is probably going to be too damaged to transmit).
The ELT is to locate the debris field. (OK, it is officially to locate the survivors, but they tend to be in the debris field.) If the crash is on land, another radio to locate the black box is unnecessary. If it is in the water, a radio transmitter is useless, but a pinger is very useful (see other debate threads why floating black boxes aren't a good idea, and impractical to boot - the armor is very heavy).
Keep the present system and add a second automatically jettisoned flash memory copy of all data that is designed to float if at sea. It would also transmit a signal that would include its GPS location if possible.
Jettisoning could be set to occur at a given altitude, a given set of data values or a given acceleration/deceleration values.
Well one reason is that black boxes are probably more reliable than a satellite link, and can operate when the plane splits in half. Also, the previously mentioned issue with the large amount of data that would be generated by all of the airplanes.
The percentage of actual crashes in which a parachute would do anyone any good is likely vanishingly small.
You can't use them when too high up (not enough O2) or too low (not enough time to deploy). Most crashes take place on takeoff or landing.
Of the problems that do happen that would take you through a "jumpable" altitude, you can only make the jump if you 1) have time, 2) have enough airplane left to jump out of. If a big whole ripped in the plane while in flight at 30k feet, you are very likely already unconscious or dead.
There are other issues related to the fact that commercial airliners are not made to be jumped out of at speed. Its difficult or impossible to open their doors during flight (with good reason). Even if you could get them open, there may not be a jump trajectory from some doors that doesn't provide a personal introduction to wing or engine part.
Also, you cannot jump and live from a plane going 300 knots. The plane would have to decelerate to near stall to make it safe and if its already crashing, maneuvering at the edge of performance is not likely.
Also, consider that professional and military jumpers are highly trained, in top physical shape, and the landing sites are carefully chosen to avoid injury. As a fun thought experiment, take Rosanne Bar, put her in a small canopy "emergency chute", and drop her, at random, over the Arizona desert. (She was on her way to Vegas, baby). Calculate survivability.
Chutes for everyone would be expensive, heavy and probably only be beneficial in single digit percentages (or even sub single) of all crashes. They would very likely cause more problems than they would solve.
i'm sorry but i just don't buy the 'chutes aren't worth it / wouldn't work' argument. i'm confident that in the next few decades we'll have better safety systems in planes, it will just take a few really smart engineers. people will still die in planes, sure, but in the cases where chutes or whatever will help, there will be huge benefits.
Cirrus, it should be noted has an below average crash rate compared to other aircraft in class. Clearly, the small total of 18 deployments compared to the crash rate leaves a lot of work to be done.
Nobody knows how to make a ballistic parachute that will handle a passenger jet, especially not a widebody A330.
Airplane doors CANNOT be opened in flight unless you depressurize the airplane first. Even then, it would probably be difficult. The only airliner (that I am aware of) that could have the rear stairs opened in flight was the 727, which was "fixed" after D.B. Cooper took that way out. (Odds are pretty good he didn't make it, either.)
For this to be true everyone would have to wear one, and the plane would have to break open in mid-air. Obviously, structural integrity is an asset more often than a disadvantage. You won't be able to engineer this unless everyone sits in mini capsules and the plane like a ballistic missile with MIRV. The costs (in planes accidentally exploding over false positives and spewing out their encapsulated passengers) vastly outweigh the benefits.
Because unless most passengers are actually trained in how to use them, it wouldn't do much good; plus, for most reasonably sized planes, there simply wouldn't be enough time for anyone to jump with a chute.
Probably because the majority of passengers are not trained to operate a parachute, attempting to jump out of a plane at 40,000 ft is likely to be lethal even with a parachute, and that having 200+ people orderly jump out of a plane with parachutes while the plane is crashing out of control is unlikely to work.
A more interesting question is why one is not permitted to bring a parachute on board at one's own expense, and why there are not even token provisions for enabling their use in a situation where they might be helpful.
Air travel phobia seems to be rooted in the lack of control experienced by the passenger - specifically, in the anticipation of utter helplessness in the event of a crash. A parachute would help with that, even if its role is largely ceremonial.
Parachute use at high altitudes means you have to either depressurize the entire cabin, or else create some sort of airlock which allows you to get into an unpressurized space so that you can open a door to the outside; which would add a large amount of weight and take up expensive space.
The reality is, that you are in fact utterly helpless in the event of a crash.
I suspect it's a practical concern if nothing else, having to do with mundane constraints like carry-on sizes. Also, as another practical matter, I highly doubt that the folks with severe air travel phobia would be even remotely trained to use a chute (which requires doing it, more than once!)
Then why not have garlands of frag grenades hanging on the ceiling as part of every bank's security system? Why should we enable bank robbers to escape from the law when hijackers cannot?
I'd prefer to fly on planes which aren't execution chambers for criminal and witness alike. The market refuses to provide me with this option, however.
"Then why not have garlands of frag grenades hanging on the ceiling as part of every bank's security system?"
Because that would have significant side effects. Since parachutes are pretty much useless on airliners anyway, no significant side effects from banning them.
Ah, I re-read your comment. Sorry, I thought you were saying that there was no side effect in allowing them on the plane, to which I was pointing out that space is a serious side effect.
lol, it's pre coffee reading that will do me in everytime.
Assuming that there was a part of the plane that could open to create a viable jump platform (which there isn't in current designs), it would seem that the situations the plane has a problem, but it's stable enough that you and your 2-500 friends can get out your chute, read the instructions, put it on correctly, get to the exit point, and safely jump out and your plane has enough of a problem that you'd want to jump out are mutually exclusive.
Despite military usage of HALO and HAHO high altitude parachute techniques (25-30,000 ft) since the vietnam war, very few civilians have ever made the leap. Assuming you could actually get out of a pressurized cabin, you'd almost certainly blackout from hypoxia before you opened your chute and you'd turn into a popsicle from sub-zero temps.
HALO jumpers breathe pure oxygen onboard and jump with oxygen tanks. A single breathe during the transfer is enough to return your nitrogen levels to normal and cause blackout on egress. Any kind of medical condition, even anxiety or exhaustion can dramatically affect your susceptibility to hypoxia and normal clothes would not save you from frostbite.
By the way, 747's cruise at up to 40k altitude and 565mph. Jumping out is not a good idea.
Aside from the usual reasons given (a plane consisting mostly of steel armor could not get off the ground, etc.) it would make no difference to the passengers. Falling to the ground from altitude will kill you even if you are sitting inside an indestructible box, simply through rapid decceleration.
