Tuesday, October 8, 2013

Why I don't like flying on Airbus

It keeps doing this:
On July 6 of 2013, Asiana Airlines Flight 214 crashed on final approach to San Francisco International Airport, resulting in over 180 injuries, 3 fatalities, and the loss of the aircraft. While the NTSB report on this accident is not yet out, there are several things that seem to be pretty clear:

–The flight crew believed that airspeed was being controlled by the autothrottle system, a device somewhat analogous to the cruise control of an automobile

–In actuality, the airspeed was not being controlled by the autothrottles

–The airspeed fell below the appropriate value, and the airplane dipped below the proper glidepath and mushed into the seawall

It is not yet totally clear why the autothrottle system was not controlling the airspeed when the captain and first officer believed that it was doing so. It is possible that the autothrottle mechanism failed, even that it failed in such a way that its failure was not annunciated. It is possible that an autothrottle disconnect button (one on each power level) was inadvertently pressed and the disconnection not noticed. But what seems likely in the opinion of several knowledgeable observers is that the captain and FO selected a combination of control settings that they believed would cause the autothrottle to take control–but that this setting was in fact not one that would cause autothrottle activation…in other words, that the model of aircraft systems in the minds of the flight crew was different from the actual design model of the autothrottle and its related systems.
There is a long, long history of Airbus flight crews getting confused by the electronic system design.  Each time, the accident report clears Airbus because the "systems were functioning properly".  Each time, there's another next time, and people keep dying.

My take is that the systems are "Working As Designed (WAD)" but are repeatedly confusing the pilots.  The answer to this is not "better training", it's "simplify the damned system".

I'm sure that there are people reading this who will think that I'm being unfair to Airbus.  I'm also quite sure that pilot confusion will kill more Airbus passengers.

9 comments:

Rev. Paul said...

And as our mutual red-headed friend insists, it's best to avoid Airbus planes altogether.
Sounds like good advice to me.

Dave H said...

I don't know about how airlines select aircraft, but I know in most other industries the people who place the orders and sign the checks are NOT the same people who have to use the things.

At a previous job we made battlefield radios and I was appalled at how difficult these things were to use. This was caused by a combination of legacy products whose user interfaces we had to mimic, coupled with a bunch of fresh-faced EE grads who'd never used a radio designing the new UI. (I suspect the legacy UIs were developed by the previous generation's noobs.)

I made several suggestions for improving the UI but they were mostly ignored. It finally dawned on me that nothing would change because nobody using these things in the field ever complained. Probably because they got blowed up.

R.K. Brumbelow said...

Imagine flying on an Airbus with Lufthansa pilots in command...

You would never know if the plane was crashing or if it was just the usual perpendicular to the ground* approach they normally use.

My humourous theory is that Lufthansa pilots do not like to fly so they try and get back to gear on deck ASAP.

The reality is of course simply that due to the geographic conditions of much of Lufthansa' training fields a steeper decent/ ascent is required for safety. They are not really diving for the tarmac, it just feels that way.

Anonymous said...

I'm sure that there are people reading this who will think that I'm being unfair to Airbus.

Well, Airbus pilots continually letting the things drive themselves into the ground is pretty unfair to the passengers, too...

Ross said...

I'm sure I must be missing something obvious, but I can't figure out why you're pointing to a Boeing 777 crash in an Airbus rant.

Jake (formerly Riposte3) said...

I've said it before: The fact that trained and experienced pilots keep crashing these planes because the controls don't react as expected, and always for similar reasons, is a big hint that there's a serious design flaw in the interface.

Wolfman said...

Not being a pilot myself, I must rely on others expertise, but my observation is thus- taken as a group, major airline pilots have a marvelously high safety rate in incredibly complex pieces of equipment. The training, as well as the required experience not only to gain but to keep their certification, is quite stringent. If a system such as the Airbus autocontrol apparatus is regularly confusing these people to the point of fatalities then there is, in my mind, strong evidence to examine and modify that system.

lelnet said...

Unless you've been...well, not necessarily _on_ the inside, but at least really really _near_ the inside, you can't fscking _imagine_ how much training and experience a person is required to have before being handed the stick of a large passenger jet flying for a major airline. These guys are as competent as it's possible for a population their size of human beings to be.

And then, Airbus designs planes with the assumption that the pilots are basically trained circus chimps, but without the "trained" bit.

Contrary to the naive assumptions of both the sort of people who design Airbus airplanes and the sort who buy them, designing a system for a chimp and then giving it to a human is not actually all that much safer than the other way 'round. (An actual chimp probably wouldn't be able to get a Boeing plane to start moving, which means the biggest risk is an accumulation of flung feces in the cockpit. Whereas a human pilot experiences little difficulty in getting an Airbus into the sort of situation where even a small amount of assumption-shear will lead to passengers getting killed.)

Mark Philip Alger said...

Back in my misspent youth, I had occasion once to coin a sort-of halfassed backronym.

This was when I was doing volunteer peer support on CompuServe. I don't recall which company it was, but, in the back room of one forum or another, one of the company's engineers asserted that there was no bug causing what might be termed malicious behavior on the part of their application. (If memory serves, it was deleting files instead of making autobackups.)

The guy claimed it was WAD -- as you say, Working As Designed.

On the spur of the moment, I shot back, "You mean it's BROKEN As Designed -- BAD."

M