Call to all coders
Er, guys, can you please stick with mobile phones and leave airplanes alone ?
Software alterations have been fingered as the cause of Airbus A220 airliner problems that led to at least three emergency landings after excessive vibration caused engines to fail, according to reports. Financial newswire Reuters reported that "recent changes in engine software ... may have caused parts that compress air …
Engines are independently tested, twice even. Once in approval of the engine itself, then a second certificate indicating its suitability with a specific aircraft type as part of the aircraft's type approval. The manufacturer also receives certifications of their own indicating that their manufacturing processes are sound, they have appropriate testing facilities, they perform their due diligence in auditing suppliers of components, the employees building the engines have the appropriate certifications of their own, and so on. Parts of the supply chain also need to be certified (Although those certificates are handled by other agencies).
The problem with MAX's is that Boeing was allowed to determine whether they could reuse the type certification from the -700/800/900 model series. This is normally allowed when the proposed modifications do not modify the aircraft's performance and handling characteristics significantly like when the 900ER was rolled out. However the MAX series, which used larger engines that were moved forward, produced significant changes to handling, which are corrected with the MCAS system (Which was approved as a pilot aid, rather than as a critical component to keeping the aircraft properly trimmed). Boeing never should have been allowed to make that determination.
The new type certificate would have required much more rigorous testing that would've likely caught the problem and redundancy would have been mandatory, or the FAA could've reached the conclusion that the aircraft is unsafe by design and denied Boeing approval until they redesigned the system so that the aircraft can perform properly without no matter what failure mode the MCAS system experienced. This would have also required that pilots operating the MAX series to have received a new round of training that would have included awareness of the MCAS system and troubleshooting issues with it.
In my opinion, any aircraft that requires electronic system making calculations to maintain stability is an aircraft that needs to stay on the ground until it it gets recycled. I'm okay with fly-by-wire systems since they are designed to fail-safe so that the controls directly modify the position of the control surfaces instead of being put through a computer that prevents moving the control surfaces to unsafe positions.
The problem with MAX's is that Boeing was allowed to determine whether they could reuse the type certification from the -700/800/900 model series.
The job is with the FAA. Unfortunately, a lot of FAA "staff" are not really FAA staff. A lot of Boeing certification are made by Boeing staff seconded to work at FAA. So the FAA certification are handled by Boeing staff. It is not really "ideal" but trying to maintain talent is getting more and more difficult with an always-shrinking budget.
The issue with the Boeing MAX was that Boeing knowing & deliberately kept key documents away from the FAA so the MAX can be re-certified quicker (two- to three years faster). FAA was keen to "rubber stamp" the MAX.
This would have also required that pilots operating the MAX series to have received a new round of training that would have included awareness of the MCAS system and troubleshooting issues with it.
Read this: Boeing Was ‘Go, Go, Go’ to Beat Airbus With the 737 Max. This explains why Boeing did what they did: Boeing needed to bring MAX out NOW (and not 3- or 4 years later) in order to compete with the NEO. This means Boeing had to cut a lot of corners (which resulted in death).
But y'know what is sad about this? No one goes to jail.
So much for America's much vaunted "do the crime, do the time".
Really, had the pilots involved ever learned how to use the trim button instead of trying to muscle the plane's controls it would have been a big annoyance, as occurred in the first incident, rather than the deadly disasters of the second and third incidents. Even the second incident was ok until the captain handed off control to the first officer to flip through the operations book rather than, wait for it, just flying the plane. Declare a mayday and radio to company headquarters for the chief pilot to dig though the book. Or ask any other pilots for help while concentrating on keeping the plane above the ground.
Fortunately, MCAS will be fixed, even if pilot attitude and training never will be.
had the pilots involved ever learned how to use the trim button instead of trying to muscle the plane's controls
Remembering always that MCAS was introduced “on the quiet” and that its purpose was to change trim behind the the pilots’ backs
"Really, had the pilots involved ever learned how to use the trim button instead of trying to muscle the plane's controls it would have been a big annoyance, as occurred in the first incident, rather than the deadly disasters of the second and third incidents."
Please read the incident reports again before spouting non-sense. The pilots (correctly) diagnosed a trim issue and set the trim cut-outs to OFF. Which means the electric trim switches on the yoke don't do anything anymore either. Due to the heavy down trim already applied however (and the huge control forces thus required) the manual trim was also jammed pretty much solid at that point. The pilots then (incorrectly) decided to try re-engaging the trim cut-outs at which point another MCAS cycle occured and put them into the ground.
Handing off control to the FO is normal crew resource management and entirely according to training. Either pilot should be competent in flying the plane. There is/was no reason to assume the hand-off from Captain to FO had any influence on the outcome of the flight.
As to contacting someone else, Aviate, Navigate, Communicate. They had their hands full with the first bit, why would they complicate that further by trying to communicate the problems to someone far away unfamiliar with the problems encountered?
The problem with the MAX is that MCAS is a 'bolt-on' to an otherwise manual control aircraft and not a fully tested and designed flight control system (the first Boeing civil aircraft to get that was the 777 IIRC). MCAS is necessary to meet Part 25 rules for certification (without it, the aircraft violates a rule that a given stick force results in a linear change in AoA at all points in the flight envelope).
As such, it was not properly evaluated or DAL rated (it can move flying control surfaces to the point the pilot has insufficient control authority to override it - it should be DAL A) although it would not pass the sniff test for any competent (and independent) safety authority (regulatory capture is a real problem).
Modern military aircraft are indeed unstable and require flight control computers (the B2 has no vertical stabiliser, for instance and the Typhoon is controlled by canards) but that instability has other advantages (in the case of the B2 it removes an entire potentially radar reflective surface).
The engineering failures with MCAS are astounding and disturbing but ultimately it seems that getting the aircraft out for sale trumped any safety issues.
Of course they are independently tested! How do you think are they built? You don't expect Rolls-Royce, CFM, GE or Pratt & Whitney to own one model of each jet that their engines are mounted to, do you?
And yes, the engines are also tested as part of the first flight for each airframe. Yes, *every* plane gets flown at least twice (once by manufacturer crew, once before acceptance by the client crew) before it gets handed over.
"Which federal agency supervises the testing of US built aircraft engines?"
I'm guessing Boeing.
Forkner said in one text message, “I basically lied to the regulators (unknowingly).” The other employee responded that “it wasn’t a lie, no one told us that was the case” of an issue with MCAS.
I was wondering the same thing. But in a world of unrestricted free market capitalism there is less or no governmental oversight. People will say to this that the market will sort itself out, but when there are only a few big players and they are all doing the same thing then there is little chance of change because there are no alternatives.
"Free market" is just the cover story for what is now fully crony capitalism. I'm just trying to figure out if companies capturing the government is the same as government controlling all the companies.
Seems like what you wind up with is communism or fascism either way, Total control by the few, whatever you call it.
Name a law or regulation in the past few decades that wasn't easy for a big corp to comply with using only their pocket change, but which costs enough to ban upstart little guys. I doubt you can.
Anyone, can, for example, do the same tax dodges the big tech (and other) outfits do - that stuff is legal at present. But to be legal, you have an office in the various countries involved in doing the shuffle. Which is far past the means of most taxpayers.
Actually, it's a very long list.
Assuming both FADECs are on different software versions, but I wouldn't be surprised if both have had the same modifications made to prevent a thrust mismatch between engines.
Given that the PW1000 engine series is a geared-turbofan design, I'm assuming the software change is to expand the range where the lower gear ratios are used, but accidentally deviating outside of the safe range for air stream densities entering the compressor stage and causing an over-pressure situation causing cavitation on the compressor blades. Or maybe a back-pressure situation causing the fan's vanes to cavitate.
But thats the problem with squeezing your margins for efficiency, sometimes you end up with your performance curves crossing to points outside of your new margins...
" I'm assuming the software change is to expand the range where the lower gear ratios are used"
And I'm assuming that it doesn't work like that. But ICBW, citation welcome.
Afaik the gear ratio is fixed at design time. The geared turbofan has no equivalent to "changing down" (or up) like there is in road vehicles.
Its less a gear change like a transmission and more of a governor like you'd see in modern turboprops. I too may mistaken, I am going off of what engineers have explained to me by some GE's turbine engine R+D engineers that had worked on the LEAP (We are members of the same EAA chapter). I tend to trust them as they hold zero loyalty to their employer and instead equip their craft with engines from multiple different manufacturers even though a GE engine would suffice.
They also seem to have permission to grab whatever they want from the GE Boneyard, one of them has a Velocity V-Twin with a Rockwell-Collins ProFlight flight deck that came off a King Air).
LEAP works differently to the PW geared TF. The PW uses a planetary gear box to reduce the rotational speed for the fan compared to the low-pressure turbine that drives it (and the LP compressor right behind it for the core).
RR did the right thing when they developed the RB211 (from which all modern Trent engines are derived). That was the first commercial three-spool design (and three shafts within each other), so that the HP turbine drives HP compressor, IP turbine drives the LP compressor and LP turbine drives the fan with *no* gearing needed. They patented that if I remember correctly.
PW is trying to do the same thing with two spools... it's a design that's been described as too complex and too heavy, and now too problematic, but hey...
"causing an over-pressure situation causing cavitation on the compressor blades. Or maybe a back-pressure situation causing the fan's vanes to cavitate."
Err, wtf are you talking about? How exactly do you get cavitation in a gas? Cavitation is specifically a liquid rapidly turning into a vapour/gas due to sudden pressure loss so unless the blades are bathed in neat JA1 I fail to see how this can be occuring.
"FADEC rules should mean that both engines control systems are independently developed of each other so would be interesting to understand if both engines where impacted the same"
Can you imagine how much that would cost? Look at the MCAS saga for how cost-sensitive Boeing think their customers are.
Can anyone find readers somewhere in DO254, DO178, etc that mandates dissimilar redundancy?
My understanding is that the engines have dual control channels so if one fails you can swap to the alternate one. These control channels may be developed independently, but each engine has both.
This is all based off the engines in the type I work with so may be completely irrelevant in this case.
There are also papers (can't find a reference at the moment) that argue N-diversity development may not be as much help as was once thought.
In the past, projects where this has been done have all started from the same set of requirements, meaning that up-front design issues are faithfully reproduced in all implementations. Writing the software is the "easy" part - getting the requirements correct isn't!
N-diversity may help reduce the risk of an implementation defect causing a failure, but those sort of defects are generally caught during testing - especially when behavioural differences between implementations are observed.
>>>this would mean running at hotter temperatures, thus increasing maintenance costs<<<
This almost certainly involves burning extra fuel, with extra maintenance why would airlines even consider that? This is a modern airliner and hardly has to drag itself into the sky.
P&W are risking their reputation messing with the engine like this so early in its development, the FAA has already reduced the hub life limit on these engines after corrosion was found. Airbus could easily switch to another engine like the latest CFM56 used on B737max & A320neo types.
is nigh on impossible for Aircraft that are already out there flying.
Some Airlines prefer to stick with on engine supplier so the maker has to soak up the cost of putting that engine onto their airframe and modifying all the associated control systems. That's why 'launch engine' is such a kudos point for an engine maker. They'll work closely with the airframe maker to get it right but sometimes... things go a bit wrong.
The R-R Trent engines on the Quantas A-380 is a good example. Only after the aircraft had seen a good number of operational hours did problems develop. A lot of midnight oil was burned in Derby fixing that problem.
Then there is the whole other elephant in the room and that is spare parts. It is so, so easy to buy spares that are later found to be fakes. These can and do cause crashes. Authenticity of supply is a real problem in the Commercial Aviation world where Airlines are always looking to save a few £££/$$$ etc.
I was thinking of the 500ish outstanding A220 orders that could possibly be switched to the newest CFM engines, that engine is on other current Airbus models and I don't think it'll cause positioning problems here like it did with the 737max.
Either way PW is on the hook for a large wedge of cash to get these engines fixed.
Aviation companies hate heterogenous fleets.
It's a nightmare for their maintenance operations. Some however *have* done this... Qatar Airways was one who told PW to take a running jump after the 'unacceptable' 6 minute shutdown/startup delay requirement for the PW engines on the A320neo.
If an operator already has a CFM fleet, it's easier to switch to that than if they didn't...
A lot are effectively sold "as a service", with telematics continuously streaming engine performance data "back home" so that maintenance issues can be identified before they lead to in-service failures.
The manufacturer is responsible for all the maintenance costs (and repairs), with the intent being that the "rental" income is greater on average over the deployed fleet.
Biting the hand that feeds IT © 1998–2019