hckrnws

In this incident, as with Air France flight 447, pilot and co-pilot were holding the controls in opposite directions, and the software averages the input. In this case the warning that the controls were mismatched was not of sufficiently high priority to be issued (other warnings were taking precedence: You're about to crash). This user interface just continues to appall me.

With mechanically joined controls, it is impossible to have this happen. I think if I were designing a modern aircraft, I might retain physical linkage for just the reason.

I always wondered who even decided that averaging the input is a good idea.

It sounds like it makes sense at first glance, but if you think about it a little bit more it actually doesn't make any sense.

The average of two inputs is basically garbage, it doesn't do what either of the pilots want to do and it breaks feedback for both of the pilots.

After watching tons of Mentour Pilot videos (who, by the way, covered [0] this incident) I am convinced that this feature shouldn't exist at all.

And no, I don't think that I'm smarter than people who originally designed this system. I just think that this particular feature was not designed at all. It seems like an afterthought. Like, "hey, there is this corner case that we haven't thought about, what should we do if both pilots input something on the controls? - well, let's just average it, kinda makes sense, right?"

[0] https://www.youtube.com/watch?v=6tIVu0Dpc2o

> After watching tons of Mentour Pilot videos (who, by the way, covered [0] this incident) I am convinced that this feature shouldn't exist at all.

There is some selection bias at play here. We don't know how many situations happened where averaging the input was the right thing to do and avoided an accident, as Mentour Pilot does not make videos about those.

I'm not saying averaging is good. I have no idea. But a number of videos about crashes (which I watch and think are awesome) are not a good reason to form beliefs.

> I don't think that I'm smarter than people who originally designed this system.

This sentence says one thing, the other sentences in your comment say the opposite. It certainly reads like you think you're smarter than those people. Which as far as I know could be true, no idea. My point is a disclaimer does nothing if you actually do the mistake you know you should avoid.

> The average of two inputs is basically garbage, it doesn't do what either of the pilots want to do and it breaks feedback for both of the pilots.

I think it's done in case one of the sticks has a bit of drift. If there was an alarm for dual input it would constantly be going off in that case.

There is an alarm on dual inputs.

Except when there's not ... In this case, it was superseded by "more pressing" alarms, namely "pull up"/"you're too low".

Yeah, that's a good point though, of course in most situations it is more urgent so this choice makes sense. BUT in this case not being aware of the dual input made the GPWS worse. So in this paricular case it was not.

Personally I would do a different type of alarm for dual input, like a big red light somewhere. Or just not allowing dual input somehow (always requiring the use of the takeover button).

I mean, what choice, besides averaging, would make sense? Completely disregarding one pilots input seems worse, and averaging is what happens in a mechanically connected system. The crucial difference is that in that case the pilots can feel that this is happening. I don't know what sort of force feedback the Airbus sidesticks provide, but this lack of feedback seems to me to be the real root of the problem, not the averaging itself.

Disregarding one pilot input seems better: one pilot can correctly fly the plane while the other does nothing vs two pilots getting confused and flying planes into the ground. Even better would be a system that somehow follows the "I have the stick" procedure, although I don't know if that is possible.

You are right though that either way force feedback make sense. You could even just do a buzzing if there's dual inputs, like when you take your hand off a lane-controlled vehicle.

Say one of the pilots is suicidal, or had a heart attack and is unconsciously while holding the stick in the wrong direction, how does the airplane know which input to ignore?

> I don't know what sort of force feedback the Airbus sidesticks provide,

None.

Mechanically joined flight controls typically have a linkage designed to break when sufficient force is applied. This can cause equally disastrous results when the two pilots are putting in different control inputs.

https://www.aopa.org/news-and-media/all-news/2000/february/p...

My dad taught instrument flying in fighter jets. He'd ride in the back seat, with the student in the front. The controls were linked together.

Against regulations, he carried with him a length of steel pipe. The problem was sometimes a student would freeze and hang onto the controls with all his might. The pipe was so my dad could beat him on the head until he let go, and save both their lives.

Fortunately, he was never forced to do this. But he said "I'll be damned if I let any student kill me!"

P.S. the thing about instrument flying is your senses lie to you, and you need to rely on the instruments. A green student is at risk of panicking and believing the lies his inner ear is telling him (spacial disorientation). When JFK jr crashed in the mist at sunset, my dad passed by the TV when they reported it, and said "spacial disorientation". It's killed a lot of pilots.

A major part of learning to fly instrument is to learn to ignore your body screaming at you that you're flying upside down.

And the reason they have this, is so that pilots can overcome a jam by breaking that linkage. Only half the plane will then be responding to the controls, but that's much better than none.

The rationale for this (I did some work on this system at Boeing) was that the pilots would not be fighting each other for control, they would be fighting a jam.

Flight controls at the time were not designed for dealing with a crazy or malicious pilot.

A stick to the head is the classic solution for a pilot going crazy on controls for whatever reasons. Sometimes the stick is not metaphorical.

Interestingly, when this happens on the 777 (and I guess the 787), the inputs are averaged, like on an Airbus.

More concretely, the warning that took precedence was the GPWS telling them to PULL UP. If this didn't convince the captain that flying towards the sea was a bad idea and he should in fact pull up, I'm not sure any other technical measures would have?

The mechanical force from the other pilot pulling up (as if his life depended on it) might very well have “convinced” him.

In this case the pilot attempting to start flying failed to yell "I have control!". They should have only grabbed the stick after the pilot currently flying said "You have control!". It is quite obvious that the pilot that grabbed the stick simply panicked. If the controls had been linked the two pilots would have fought each other and would likely of produced an equally bad result.

In the AF 447 case the pilot not flying did the request, but did not wait for a response before fighting on the controls. The pilot not flying eventually got control, but the pilot initially flying panicked and started fighting on the controls.

Failure to properly request/acknowledge control handover will often create the opposite situation where each pilot thinks the other is flying. The results of that situation will be the same regardless of any mechanical control linkage.

> The results of that situation will be the same regardless of any mechanical control linkage.

I highly doubt that. In a fly-by-wire plane with mechanically linked controls the only possible source of force feedback on the controls is input from the other pilot. We humans have a very long evolutionary history of wrestling for control of the same stick. We can recognize that situation on a very deep instinctual level. We can also instinctively realize “that other guy is really pulling hard… am I in the wrong here?” If you remove the force feedback and just average the input then all this is lost.

If the pilots can't resolve their difference of opinion verbally, things will not go better when they try to physically overpower the other. There are many accidents in the Admiral Cloudberg corpus that involved pilots fighting each other on mechanically linked controls.

> If the pilots can't resolve their difference of opinion verbally, things will not go better when they try to physically overpower the other.

The primary problem is not that the pilots can’t resolve their difference of opinion, it’s that they are not aware that they have one.

> There are many accidents in the Admiral Cloudberg corpus that involved pilots fighting each other on mechanically linked controls.

How many of those accidents were in fly-by-wire planes? Again, the primary issue here is lack of feedback / ambiguity. If the plane is not fly-by-wire then it’s very hard for the pilots to understand that they are fighting each other, and not the plane.

Apparently, Airbus is working on force-feedback sidesticks now.

But yeah, they should have added something like a stick shaker to indicate the dual input.

I like this analysis because it highlights that airliners and their working cultures are the primary cause of these crashes. Quite often, unfortunately, the presenters only point at violations and waive their hands: "why on Earth?" But in reality, personell often skips procedures under the pressure of the management, and this works without consequences. In this Armavia case, the crew had an option to not fly at all, but I suspect, hesitated to delay, expecting being reprimanded (even if unjustly).

I feel like that's a mis-reading of the situation here. Yes, there was cultural friction (Russian ATC vs International norms). Yes, these guys were pushing the envelope of operating conditions. That all influenced the creation of this situation. But when push came to shove none of that actually made them crash. Blindly going around is something any IFR pilot can do and they had two pilots. If either one person had just flown the damn plane they wouldn't have wound up in the drink. Trying to incessantly push buttons and turn knobs to make the plane track some imaginary line thorough the sky that procedure said they should follow is what killed them. They didn't run out of flying talent. They ran out of button pushing talent.

Or, of course they could have fully committed to procedure and a) gone home b) gone to their alt airport. But that's kind of uninteresting because if they didn't crash the next guys flying an A320 in on a foggy early morning could have repeated the same mistakes.

Putting blame on two individuals that "just" could not push the buttons right, you ignore the whole text around that.

Who created many of the stressful conditions (flight at 1 am and crew not had enough rest), put the underskilled captain there, and pushed the pilots to not do delay and overcome weather? Management.

Could they have spoken up? Maybe, but management creates a system that suppresses such individual protests and penalize them.

CRM in aviation (created back in the 1980s) made aviation in the Western countries almost 0-fatalities for over 2 decades now. And what it did was to not to scrutinize the men at the flight stick, that push the wrong buttons, but look at the process and management, and fix them first.

You have it backwards. I'm saying that the standard operating procedures and the normal "computer operator" like way of performing a landing or go-around caused perfectly qualified pilots to botch what should have been a simple go-around that either of them likely could have pulled off drunk and blindfolded.

I think if they had kicked everything off and flown it rawdog from the instant they were told to go around everyone would be alive but they remained too dedicated to doing things "by the book" until it was too late and they had been too confused by the system behavior and didn't have the situational awareness to fly it manually.

Sure, the stress of the situation, the poor communication, etc, aren't ideal and surely contributed to lining up the dominoes here but the final straw was the go-around process.

This is the outcome of almost all of her crash analyses. They're all worth a read IMHO

Sort of. Some are the lessons in blood that made the industry safer. Some are the (sometimes) shitty result of capitalism (like the Alaska Airlines crash).

Almost all are lessons in blood that made the industry safer. Still, almost all have at least part of the blame (and more often than not a BIG part) on the airline, for cutting corners one way or another (maintenance, personnel, training, ...)

Exactly that -- the airline was making the crew fly late at night without rest, not the crew. Also notice they mention the crew was committed to landing and not delaying the flight -- knowing post-soviet authoritarian management style, I suspect they expected a tough talk with the seniors, had they delayed the flight (a 1-2 hour delay of departure would probably exceed crew's working day and need an even bigger delay and a new crew).

Also, it's just the culture. Many Russian planes like Il-76 land on the front wheels. Why? There's an old belief that you need to fly a bit faster than in the operation manual. To avoid stalls, just in case. I guess, it's an old superstition from the military. Until the last decade, it wasn't reviewed, just perpetuated over generations of pilots.

Often, such companies demand soft touchdowns and reprimand for hard touchdowns. Combined with overspeed, this produced 2012 Red Wings crash[1] -- the plane touched down so softly, and was significantly overspeed, that interceptors and reverse thrusters didn't turn on, and the plane kept just touching the surface without braking.

All this can only be fixed by fixing the management. And that's what CRM system focuses on.

[1] https://en.wikipedia.org/wiki/Red_Wings_Airlines_Flight_9268

I didnt understand how they ended up too high and fast earlier on the approach having decended fast earlier and presumably gone through the planned waypoint?

Not relevant to the crash but ...

As I understand, they were busy with the weather reports, also had an unnecessary waypoint in FMGC, which would make them fly close and high, but make a longer turn around before the approach. And they struggled to do switch the autopilot mode.

Ahhh finally another article <3. I think she's a bit overworked lately :) Because the time between them seems to be increasing. But it's not urgent anyway, I just kinda stopped checking where previously I would check on mondays and there'd be a new one. So I'm glad they're mentioned here now.

I'm looking forward to reading it. I used to fly myself and cautionary tales are always useful to build more awareness.

Complex automation nabs another one.

Two competent pilots knowingly flying into a sketchy situation and on full alert and yet the damn thing still crashed because they were half flying an airplane and half managing a software appliance dedicating full attention to neither.

I don't see how this was a result of complex automation or software appliances interfering with the captain and first officer's ability to fly the plane. The investigation concluded the flight was recoverable until just five seconds before impact. The plane was in full manual flight configuration well before impact. The captain failed to keep the first officer inside the control loop by failing to call out what he was doing and as a result the first officer made the situation worse. The captain stopped giving callouts in response to his perceived frustration with the control tower and the commands they gave.

The pilot(s) attempted to basically program the aircraft to go around. By the time they finally committed to flying rawdog too much confusion had been created and too much situational loss. The whole "average input" thing kinda kicked them while they were down and that was it.

Yes, they could have saved it with better communication too but the amount of time they spent trying to "manage the airplane" and respond to it's behaviors and its systems behaviors between being told to go around and crashing clearly detracted from their ability to simply fly the thing.

[flagged]