back to article Boeing 787 fleet grounded indefinitely as investigators stumped

Boeing's flagship fleet of 787 Dreamliner aircraft will be grounded for the foreseeable future after a preliminary report from the National Transportation Safety Board (NTSB) said the cause of two battery fires had yet to be found, and that Japanese investigators are similarly baffled. "We have not ruled anything out as a …

COMMENTS

This topic is closed for new posts.

Page:

control and actuation are different things...

@AC

No. You're confusing control with actuation. Electronics cannot do what hydraulics does. And most car breaking systems these days are controlled by electronic detection of a loss of traction - a skid.

If this problem is the battery, then it should be relatively easy to solve, although the logic of using a battery capable of sustaining its own combustion is very questionable.

If, as seems more likely, it's the charge and management electronics, then it could be total nightmare.

I genuinely wish you Good Luck, guys.

5
3
Meh

@bazza

Agreed, fly by wire has been around since the first Airbus, it is a mature technology.

My car has electric steering, the connection between the steering wheel and steering rack is by wire not by by a mechanical or hydraulic connection. In 6 years never a murmur.

However, the carbon fibre technology is untested, the fuselage or wings might not readily show strike damage, whereas with a normal aluminium construction there would be the warning sign of rippling.

The first of its kind, cars,, aircraft, engines etc usually have teething problems and over the years these get iron out. Unfortunately there usually has to be a disaster before the faults are found.

2
5

Re: @bazza

I've never heard of a mainstream car with purely electric steering. However, there are many with electric power assisted steering. (There are some specialist vehicles with pure fly-by-wire electric steering, but I can't find any cars of that sort - and it strikes me as unwise).

13
1
Silver badge

Re: @bazza /Carbon technology

Carbon technology per se is very well tested. Its been around for a good while now, but for obvious reasons large civil aircraft are not generally early adopters.

2
0
Silver badge

@Steven Jones

"I've never heard of a mainstream car with purely electric steering."

Me neither. Electrical servo assisted steering, yes, but never pure electric.

Mercedes Benz do a braking system where there is no direct mechanical / hydraulic link between your foot and the pads (it was used on the McLaren / Mercedes SLR, maybe others too). There was some electronics in the way. Apparently it is very 'odd' to drive, but the car did have tremendous stopping power...

4
2

Re: @bazza

To add to this, after a bit of research I find that Nissan are to release the first ever production "steer-by-wire" car some time in 2013.

http://www.worldcarfans.com/112101749508/nissan-announces-fly-by-wire-steering-technology-for-infiniti

0
1
Silver badge

Re: @bazza

Crikey! I'm not sure I like the idea myself...

Ever looked at how the car industry does 'safety critical' software? Thus far they've sort of dodged the issue. There's the MISRA rule set which enforces sensible source coding standards. But they don't do the whole triplicate systems + trusted voter like an aircraft does.

This approach has mixed blessings. It's cheap - no triplication. It's reasonable - software systems on a car aren't actually doing a job that's massively safety critical. The brakes are primarily hydro-mechanical, electronically modulated but it's still your foot pushing the pads to the disc. The steering has a mechanical linkage, assisted but not controlled by a servo. And so on.

However I've noticed big problems in at least one highly regarded embedded tool chain which has a MISRA check box in the IDE. The library source code is atrocious, very non-MISRA and buggy. Not a very good basis for a safety critical system.

As soon as the car industry starts replacing the primacy of mechanical and hydraulic components with software one has to question whether MISRA alone is enough. Take that Nissan for example; the question of 'did the driver steer the car that way?' now becomes very important indeed. Is there a black box recorder for it? Who is responsible if it goes wrong? Would the driver have to prove the existence of a fault to avoid blame, or would the legal working assumption be that Nissan would have to prove that their system operated correctly?

The legal precedents we have at the moment are based on the assumption that a car doesn't have a mind of its own. That's fair enough if the car is primarily controlled through hydraulic and mechanical systems. But with a drive-by-wire system the car does have a mind of its own; I doubt the legal world will be quick to adjust their assumptions to match.

12
0

> "It's much too complex and risky a design, in their rush to produce more efficient lighter planes they've thrown away too many tried and tested things."

> Not really. Most of the aircraft is fine, the only big issue seems to be the battery. That *could* be fixed by switching battery chemistry (albeit at the expense of some weight and some space).

That only one thing didn't work doesn't refute the grandparent comment's point. They pushed the boundaries in lots of areas and of course most succeeded, this was a commercial project not a research one but at some point lots of small risks add up. A 1% risk of a battery problem sounds manageable but if there is also a 1% risk of an engine fan blade issue, a wing strength issue and dozens, hundrends or even thousands of other issues then sooner or later you might be talking real possibilities or even probabilities of something going wrong although you don't know which.

You take small risks in 100 different areas of design and lets say 99% succeed, the one that doesn't happens to be the batteries but it could have been something else. The cost will depend on the time to get an airworthy approved solution, lost sales and any damages to the grounded airlines (I've no idea what sort of warranty or SLA a new passenger jet comes with). Until that is known and the aircraft is in service long enough to shake out any other issues including major component lifespans we won't know if the post you responded to was correct that it was "much too complex and risky a design".

4
0
Silver badge

Re: @bazza

@Steven Jones - in the UK (and I would assume by extension, the EU) steering systems are one of the last in-car systems *required* to have a mechanical link to the driver.

I'm not sure I'd get into a car which did not have that link, in the same way I'm not sure I'd get into a car (or plane) in which robotics replaced the driver... irrespective of whether the electronics can do a better job of controlling it.

3
1

Re: @bazza

Curious, I was under the impression that UK law dictates that a car should have a mechanical redundant system for steering and breaks. That has perhaps changed in the last 17 years but im sure there was something which prohibited the use of ONLY drive by wire.

3
1
Silver badge

@Joseph Lord

"That only one thing didn't work doesn't refute the grandparent comment's point. They pushed the boundaries in lots of areas and of course most succeeded..."

It does. The risk was purely commercial, not technical. The commercial risk was that they'd have to do too much redevelopment to get the aircraft certified and flying and run out of money. By and large the design is OK (apart from the battery), flies, and has the required performance. Once the snagging list has been dealt with it looks like it will be a fine aircraft. In that sense it turns out that it wasn't risky at all.

"A 1% risk of a battery problem sounds manageable but if there is also a 1% risk of an engine fan blade issue, a wing strength issue and dozens, hundreds or even thousands of other issues then sooner or later you might be talking real possibilities or even probabilities of something going wrong although you don't know which."

Only if you ignore them. The point of development testing is to establish that all of those components do indeed meet their specification and are not in fact a risk to the project. You deal with risk in a project by identifying areas of concern and work on them early on. That way you either kill the project before you've wasted a lot of money, change the design or find that the risk didn't materialise. Flight testing is there to make sure that the specifications themselves are correct. Certification testing and inspection is there to make sure that the rules have been followed and that no detrimental technical risks remain.

In the case of the 787's battery it is highly unlikely that any of the companies have taken short cuts in manufacturing or testing (the reputational damage would be immense, and could potentially attract jail time if there were a bad accident). Thus far the NTSB, FAA and everyone else seems baffled as to why the batteries are failing, which suggests that the rules and specs have indeed been followed.

This in turn may suggest that the behaviour of Li-ion cells isn't understood well enough to be able to write a correct specification in the first place. That's no one's fault; the writing of the specification for the battery is something that has rightly involved the companies and also the FAA, EASA, etc. What more could be done?

If the ultimate conclusion of the inquiry is that the spec is wrong then Boeing will have to change battery chemistries, or back off on the specification somewhat (larger, lower power density, greater margins all round). If I were in charge I'd be sorely tempted at this point to change chemistries and accept the weight penalty.

2
2
Bronze badge

Re: @bazza

"I've never heard of a mainstream car with purely electric steering. However, there are many with electric power assisted steering. (There are some specialist vehicles with pure fly-by-wire electric steering, but I can't find any cars of that sort - and it strikes me as unwise)."

Unwise, definitely; but SAAB did produce a car with purely electric steering. Can't remember it's name but it was a resolute failure in any case.

http://www.saabsunited.com/upload/images2009/11/the_saab_9000_drive-by-wire_joystick_project/SaabJoystick1.jpg

1
0

@bazza

"Fortunately Citroen aren't in the aviation business."

Not now, but they did make a helicopter: http://ranwhenparked.net/2012/08/13/a-look-at-the-citroen-re-2-a-wankel-powered-helicopter-video/

Leaks can be a bit of a nuisance with the hydraulic systems; I had a somewhat startling moment in my CX GTi Turbo, when I realised the steering was a bit heavy (ie, barely functional; a Diravi with no hydraulic assist is hard to shift). So I applied the brakes, only to realise that they weren't working either, and all I could do was use the gears and the handbrake to slow down and hope that I coasted to a stop before I hit anything.

Fortunately, I stopped a few feet short of a parked van.

On a hydraulic Citroen (certainly CX and DS, which I stilll have), there is no mechanical link to the brakes; if the hydraulics fail, you need to hope for the best.

0
0

Re: @bazza

Nissan have one in the works. And I think there was one pickup with it.

http://blog.caranddriver.com/nissan-develops-fully-electric-steer-by-wire-system-will-go-on-sale-next-year/

But I would not be buying one I think (my Honda has electric power assist).

0
0

Re: @Steven Jones

Mercedes Benz do a braking system where there is no direct mechanical / hydraulic link between your foot and the pads (it was used on the McLaren / Mercedes SLR, maybe others too). There was some electronics in the way. Apparently it is very 'odd' to drive, but the car did have tremendous stopping power...

Power assisted brakes are more or less ubiquitous - far more so than power steering or even ABS - but AFAIK all current road cars use some form of mechanical linkage for both brakes and steering. The power assistance only works when the ignition is on - it would rapidly deplete the battery if used outside of that - which means among other things you wouldn't be able o tow a car without the linkage.

This is well understood by the sports car manufacturers in particular who could greatly improve handling by trading camber angle for caster angle in the front suspension geometry. They resist that temptation to a certain exist since increased caster increases the steering wheel resistance - too much and it gets very difficult to drive without the power steering.

2
2

Re: @Joseph Lord

"You deal with risk in a project by identifying areas of concern and work on them early on."

Except when the number of innovations is above a certain level, then the number of possibilities and combinations thereof becomes unmanageable and you respond by identifying 'areas you think might be a concern' and you just don't think about everything else.

If Boeing had done all the design work in house I would be more sanguine but that they outsourced the design work as well seems to have already bitten them in terms of the delays. Who is to say that this is the only way it will bite them post production? Having recently flown long haul on a Dreamliner I feel lucky, I'm not sure I want to feel lucky again.

2
0
Stop

Re: @Steven Jones

Actually the assistance is mechanical/hydraulic too, not electronic. It works from the vacuum of the inlet manifold of the engine, which operates a servo to assist the pedal going down. It does not work "when the ignition is on", only when the engine is running, and has nothing to do with electronics. The reason brakes still work when the engine is off is because the brake pedal is hydraulically attached to the brake calliper, and the servo only assists, it does not actually control the brake calliper as an electronic system does. The same with ABS, it just temporarily overrides the hydraulics but never disconnects the pedal from the brakes.

It used to be the case (not sure if it still is) that the main brakes and the handbrake had to use a different technology to work each. I.e, you couldn't have hydraulic main brakes and hydraulic handbrake. You couldn't have electronic main brakes and electronic handbrake. I'm not sure if there are any secondary/mechanical backups for the controls in a aircraft, but I would sure hope so. Software bugs are a bitch.

4
0
Devil

Re: @bazza

Fills me with the dear of death....

"My car has electric steering, the connection between the steering wheel and steering rack is by wire not by by a mechanical or hydraulic connection."

So how does the removal of fundamental links like rods and bars and gears and pinions, make it safer.

I mean that electronics are good, but they are not that good....

Me thinks get away from the magic burning batteries and put in "totally reliable" shitty lead acid ones with regenerative caps and vents to the atmosphere..

Personally while there are some benefits to magic batteries, magic wands, velvet gloves and catching fire is not one of them.

Satan - "Arrrrrrrhhhhhh Ha Ha Ha - Electrickery is the Work of the Devil!"

0
0
Thumb Up

@Rawr.

Correct Sir. Certainly for your first paragraph.

I know that old Land Rovers had handbrakes that worked on the rear drive shaft, so if it was in 4WD it was a 4 wheel handbrake...

2
0
Silver badge
Headmaster

Re: control and actuation are different things...

"And most car breaking systems these days "

I thought that was the loose nut behind he wheel?

1
0
Silver badge
Pint

Re: @bazza

The failure of power steering and brakes on most modern cars is something that, at the very best, will allow you to stop safely.

I've had both, and trust me, it was almost impossible to stop or steer the car. The steering reduction simply isn't designed to allow anything short of a human gorilla to actually drive it, nor are the pedal travels on the brakes.

0
0
Silver badge

Re: Re: @Steven Jones

Not many systems these days run brakes and steering off vacuum. Most use a hydraulic pump driven by the engine. its a bit tricky to tap manifold vacuum with a turbocharger strapped on the front..

1
0
MNB

Re: @bazza

Indeed I thought the main reason the brakes and the steering on cars are only ever "electronically assisted" was the very simple design regulation of "fail safe", i.e. if your alternator fails (can happen) and the battery subsequently *completely* discharges (running the cars electronics, head lights, stereo etc) you can still steer and stop because the controls are mechanically linked to the actuators at the wheels (by cable, hydraulics, rack & pinion, whatever).

[the throttle on the other hand these days is often entirely electric, the pedal is just connected to a rheostat or similar]

The reason fly-by-wire is acceptable in aviation and not domestic automobiles is the regulation of maintenance of the vehicles, i.e. cars are maintained by the cheapest grease monkey you can find or not at all.

1
0
Anonymous Coward

Re: @bazza

I've braked and steered with the ignition turned off- the brakes and steering do work, but require more force.

(I was in the outside lane of a motorway, overtaking a lorry. Suddenly the side on nose of a care appeared in front of me; evidently he had joined the motorway and not checked his blindspot, and as a result was being pushed sideways down the motorway- the lorry couldn't avoid it because of me. I had the lorry on my left, the central reservation on my right, and the side-on nose of the car in front of me. Eek.

I had only been driving for a month, and my first thought after [Rising panic] [Brake] was an unfounded "I must draw attention to my car for the benefit of people behind me! [hazard lights]" and must have turned off my ignition whilst fumbling for them.

The brakes and steering felt heavy, which my heightened mind wrongly ascribed to tyre damage- obviously the smoke I saw had come from the pushed car's tyres. I came to a stop on the hard shoulder, 30 yards in front of the lorry and car- nobody was hurt, everyone was in a state of mild shock- after the fire engine turned up I continued my original destination - a pub. )

1
0

Re: @bazza

For aircraft, it's RTCA/DO-178 for software verification and DO-254 for hardware.

DO-160 details actual tests for equipment. There are EU standards with identical wording.

0
0
Boffin

Citroën Hydraulics

At least on the Citroëns I drove with hydraulics, there was a separate 'high pressure reservoir' for the brakes.

This meant that you still had braking power enough to stop if something happened to the pump.

I've never heard of a system failure that takes out he brakes at the same time as the rest, unless it was the braking system itself that was faulty.

(I've had a few faults; height adjuster on the GS, rotten squid on the CX and BX, worn out column on the BX. Old cars and lots of mileage. Nothing that caused any danger. )

Most Citroëns with Hydraulics have the handbrake working on the front wheels, and it's STRONG!

This is a quote from 'Autocar' in 1978 about the handbrake on the CX

---

The remarkably effective handbrake operates on the front wheels. It managed an almost unbeatable 0.42g deceleration and easily held the CX Pallas C-Matic on a 1 in 3 slope, from which a restart could be made with contemptuous ease.

---

I can attest to the GS not being a slouch, either.

In fact, even with a full hydraulics failure, it's possible to DRIVE(slowly) these cars to the workshop for repairs.

(Assuming that you can turn the wheel and the road's not too bumpy)

2
0

Re: @bazza

I remember hearing about John Glenn using fly by wire in his Mercury capsule. I wondered why the air didn't leak out round the wires (I was only about 12 at the time).

0
0
Silver badge
Go

Re: Citroën Hydraulics

good old XM. Fearing the the "needs new globes" from the garage. I dont know of any steer by wire cars outside of fork lift trucks though. There are a few that might sound like they do such as ford electro hydraulic steering (which is just PAS with an electric pump in case you stall).

I suppose if you sell a car in multiple markets you could design one for an almost universal cockpit approach if you had drive by wire for ALL the components. Cant say i'd like version 1 though, like most things i'd wait for the service pack....

0
0
Holmes

Re: @itzman

"its a bit tricky to tap manifold vacuum with a turbocharger"

Take the vacuum before the compressor then?

0
1

Re: @bazza

The emergency/parking/hand brake has to be a separate system, AFAIK

0
0

Re: @bazza

I beleive a mechanical link is mandated by law on standard road veichles.

1
0

ABS and EBD

ABS and EBD control modules assist with only heavy or emergency braking. EBD only works when ESD is turned on. in the event that the ABS control module or sensors fail, you are still able to use the traditional hydraulic braking system. While it is convenient, it is not in complete control of your brakes (IE if the control module board fries you are left floating in a death trap). electronic boards have stricter conditions it needs to operate; temperature, shock, and humidity than hydraulic systems do. this is why they appear more reliable and in most cases are.

as for them being a pain in the arse, i completely agree. but as for them being more reliable and in control of braking in cars i disagree.

0
0
Anonymous Coward

Re: @bazza

Brakes! Please get a better spelling checker.

0
0
Anonymous Coward

Re: @Steven Jones

Handbrakes may have a mechanical linkage - Bowden cable - but even my mother's Morris Minor had hydraulic main brakes. I know, I renewed the system.

0
0
Vic
Silver badge

> Xantia's or XMs were a nightmare.

I don't know about Xantias, but I've had many XMs[1]. They only "nightmare" about them was the dealers...

Many people are scared of working on Citroens, but they're actually pretty easy. The earth connections need redoing on the XM - bloody cheapskates - but that's really not a big deal.

Vic.

[1] I used to buy old, high-mileage cars for a song and drive them into the ground. It worked out very much cheaper than trying to keep something serviced...

0
0
Vic
Silver badge

Re: @bazza

On a hydraulic Citroen (certainly CX and DS, which I stilll have), there is no mechanical link to the brakes; if the hydraulics fail, you need to hope for the best.

The XM has the fourth pedal. Kinda useful when the belt driving the hydraulic pump shreds on the M3...

Vic.

0
0
Vic
Silver badge

Re: @Steven Jones

> AFAIK all current road cars use some form of mechanical linkage for both brakes and steering

The big hydraulic Citroens don't - there's no master cylinder. You've got a valve off the pressure reservoir to the calipers. It makes for loads of power assist, and some excellent self-balancing and anti-dive characteristics, but you have to cope with a rather "nervy" pedal...

Vic.

0
0

crap batteries

well thats a bit shit then. didnt anyone test the batteries before putting them in the plane. did they just design it out of pure fantasy and speculation then hope it would work... guess so

2
7
Silver badge

Re: crap batteries

It certainly is a bit shit.

Boeing would have written a specification for the battery. The manufacturer (Yuasa?) and Boeing would have agreed a test schedule to demonstrate conformance to that spec. The questions will be

  • Is the spec correct?
  • Are the tests exhaustive enough to prove the spec has been met?
  • Was the test schedule followed to the letter?
I'm guessing that the answers are probably no, maybe and yes.

9
0
Silver badge
Thumb Up

Good news

Not for Boeing but for all of us. National Geographic had a very interesting program of airplane accidents years ago. As far as I remember the FAA was often accused of being to slack when dealing with accidents and requests to do something about it. The most reluctant where those building the planes and they where also prepared to cheat about it like also those using them.

Hundreds of people lost their life due to this.

If the demands on those who build the planes have increased then that is fine with me. The really ugly problems come later, anyway.

4
1
Silver badge

Re: Good news

It's a very good sign of the FAA attitude.

The NTSB was created because the FAA used to be in charge of investigating air accidents AND promoting air travel - which led to all their accident reports concluding it was a one-in-a-million act of god that could never happen again.

More recently the FAA have got into trouble for giving US airlines an easy ride on safety violations because it would cost American jobs. Then there was the statement by some US politician that anyone criticising a company as vital to US defense as Boeing was at least a traitor and probably a terrorist.

6
0
Anonymous Coward

Re: Good news

A fun question to ask:

Who did the inspectors who qualified the 787 work for?

Is it:

A: The Federal Aviation Authority

B: The National Transportation Safety Board

C: The US Department of Commerce

D: The Boeing Company.

(Hint: http://seattletimes.com/html/boeingaerospace/2009700988_webboeingfaa20.html )

9
1

Re: Good news

Wow! That is insane & really stupid of them. Thank you for that link, that's one of the more useful things I've seen on El Reg lately.

2
0
Silver badge

Re: Good news

"Who did the inspectors who qualified the 787 work for?"

Hmm, didn't know that! However I don't see that as a major problem. If Boeing took short cuts and aircraft started falling out of the sky they'd be commercially extinct, and people would probably go to jail. You'd have to be really stupid to run that sort of risk just for a few extra dollars profit, and I'm willing to assume that Boeing aren't that stupid. On the other hand there is a reputation to uphold, and being seen to be rigidly and independently inspected is definitely good for one's reputation. It's worth spending a little on reputation maintenance, just to be sure.

Ben Rich (Kelly Johnson's successor at Lockheed's Skunk Works) wrote in his book about how the air force sent in the inspectors to make sure that things were done properly. He said it was a pain in the arse, but that the end result was well worth it and the F117 was a fine aircraft. A lesson there for all of us?

It'a amazing what happens though. Sometime companies are utterly useless when it comes to assessing risk.

  • TEPCO kept those old reactors at Fukushima running for profit despite being advised / pressed many, many times to close them down. TEPCO are now toast.
  • A lot of banks seem to have had a very poor grasp on risk and the commercial consequences
  • Despite people being executed as a result of the tainted milk scandal in China, another lunatic outfit tried to pull the same trick again last year. How stupid is that??????

0
1
Thumb Up

Re: Good news

wow best comment in a while - cheers ac. This does look like idiocy extreme... I just knew there would be some nugget of info in the comments and here it was .. Cheers again...

0
0

This post has been deleted by its author

Re: Good news

I believe it is common practice that all the major aerospace companies use their own people to gather the Flight test data required for civil cerification. Normally, the civil certification agency does not get involved in flight testing until the manufacturer has found and fixed any development issues and is ready to seek certification. At the end othe day said data is presented for granting of aircraft certification

All those involved have hold licences issued by the controling authority for that country. eg FAA or CAA

Boeing and many others have been given dispensations on certain saftey requiements, citing past reliability data, (The design and certification concept that fuel tank explosions could be prevented solely by precluding all ignition sources that are regarded as causing the loss of TWA flight 800. or the staggered rectification of the rudder actuator on the 737, rather full grounding (this caused rudder to be locked full stbd or port after correcting from severe turblance & causing the aircraft to roll & nose dive in. and many other instances from other manufacturers)

It appears that commercial pressures are powerful in mitigating saftey.

With the real risk to Boeing that the 787 holds, I know of one avionics bay fire occoured in the prototype, that maybe history is repeating it's self.o

1
0

Re: Good news

Yikes!!

When you add the pressure Boeing was under to deliver 787s this is asking for trouble down the line.

Thanks.

1
0
Silver badge

Re: Good news

"Who did the inspectors who qualified the 787 work for?"

It's standard in any safety critical industry - and it' the only way to do it.

If the inspectors from the FAA/CAA were directly inspecting the plane - they would have to know more about the design of aircraft in general and the 787 in detail than the Boeing engineers themselves.

Instead the inspectors are checking Boeing's procedures and methodology - just as our ISO auditors do to us.

They don't read through our code with a deep understanding of our business logic - they look at our history of tests, bugs, resolutions, plans etc - and assume we didn't make it all up.

2
0
Silver badge

RE: Re: Good news????

You said:

You'd have to be really stupid to run that sort of risk just for a few extra dollars profit, and I'm willing to assume that Boeing aren't that stupid.

The fact that Boeing decided to outsource the majority of the work on this plane would cause me to question that statement.

Recently, on this subject (outsourcing the plane's subsystems), I read a commentary that suggested that Boeing outsourced much of the potential profit (on the "Dreamliner") to its subcontractors, while insourcing more of the risk.

With the "Dreamliner", they were now acting as a low value assembler of systems; where previously, they exercised more complete control of aircraft design and construction.

To which I would add: damagement strikes AGAIN!!!!

2
0

Page:

This topic is closed for new posts.

Forums

Biting the hand that feeds IT © 1998–2017