Autothrottle problems suspected in Heathrow 777 crash

This press release is brought to you by the "no sh1t sherlock" department

Riiiight...

"...ruled out bird strike and fuel starvation as factors in the accident..."

That was a 5 second glance then? "Is there bits of bird in the engine?" "No". "Is there fuel in the line up to the engine?" "Yes".

Of course the engine(s) were potentially still turning. They didn't turn "off" as the papers would have you believe, and even if they did, the air flow would keep them turning.

Ah... rant over, asbestos suit on. It's amazing what you can learn from MS Flight Sim... ;-)

YOUR HEADLINE IS MISLEADING

(caps deliberate)

If you turn the driver's steering wheel on a car, and the real wheels don't turn to follow, is that a "steering wheel problem"?

The autothrottle did exactly what it was supposed to, requested increased thrust (fwiw iirc on a 777 it does it by asking a motor to move the real pilot's lever forward).

The engine didn't respond accordingly.

There are a number of reasons why the engine may not have responded.

But there are no "autothrottle problems" in this picture.

what would Raymond do

and that's why i only fly Qantas.....

Die-by-wire?

Many moons ago I did a training course and the guy teaching said he'd worked on the software that controlled the wing flaps on the (then new) Airbus. The alarming part was that he resolutely refused ever to fly on one, "because of the caliber of the tw4ts who were programming other parts of the systems".

Another thought to comfort those of you about to fly......

It's all well and good that fly-by-wire planes are physically able to loop the loop and fly upside down, but did anyone ever tell the programmers that it's really not a good idea?

What OS?

I have had enough crashes on my computer to want to know what they are running. I don't think it's Windows, somehow.

Cherchez le PM

I still think it was shot down by spooks jamming the airwaves for GB's motorcade. Not that we would ever be told...

Both engines failed

does not necessarily point to an issue that could be designed out.

It could, at least in principle, be a different common-mode problem such as contaminated fuel. I realise there may be other factors in this particular picture which say *not* fuel problem, but there is, as yet, nothing which definitively says design problem.

Stay tuned (patiently).

If memory serves

Planes have to be able to fly for 2 hours on one engine. So a plane cannot be more than two hours away from an airport that can handle it. (that is why you can't fly direct across the atlantic, and go up towards greenland etc, or down passed the azores to get to the states. In times gone by it used to be an hour and certain places couldn't be reached but it has increased steadily over the years.

Also all engines are built to be overpowered by upto 60% (depends on model) and never really run at full power for that eventuality, so for the plane to lose height it would need both engines to fail at the same time, whether throttle for power or fuel.

It is unlikely one engine cut out and then 8 seconds later the second engine cut out and brought it down without something, somewhere raising alarms. At that speed and on autopilot with ILS knowing it is in final approach it should have raised alarms before stall speed was reached. Makes me fear computers running everything all the more, basic code not working.

If speed of plane <= stall_speed Then

Run pilot_alarm

Run speed_of_plane = speed_of_plane + 50

Endif.

Not rocket science, is it. I am not a programmer and I understand basic logic.

Lucky the pilot was still on board and awake.

So that explanation I think is more to please the media and is not really linked to the investigation.

well if it's..

well if it's something sinister....say the spooks jamming signal, or perhaps a serious software or design flaw, maybe even a software virus/hacking, do you honestly think they'll ever tell us? and risk the collapse of the aviation industry? No, course not, they'll drum up the same old bullshit, and as long as the problem is within the scope of acceptable losses/collateral damage (about 1000 lives per year isn't it) then everything will be back to normal and our collective conscious will just forget it ever happened.

@ AnonCoward...

Re: "If you were sitting in a plane on the runway and found out that your company had written the plane's software..."

You Bar Steward.

I used to be a C/Pro*C/Oracle coder in Accenture's Manchester & Dublin Offices.

I'm in China at the moment and am due for a trip home.

Do you have any idea how long the Trans Mongolian "Express" (an off-shoot of the Trans-Siberian) takes to run the full route? Lets just say that if you leave in late November you'll need two calendars to find your arrival date....

I'll never sit still on a flight again.

Thust vs stall

Stall speed is a bit more complicated than just mentioned.... it is a while since I did the theory, but stall speed increases as a function of speed, and, a function of the square of the angle of bank and angle of attack.

It is perfectly possible to stall wings with a 0 angle of bank (wings level) and a very high speed... just pull very hard.

One would assume that this guy was coming in wings level, but, my point is, the software isn't as simple as you mentioned. Add to that gusts of wind unexpected variations in thrust & control input (commanded and uncommanded) etc, and things start to get quite tricky indeed.

I've never heard of your 2 hours on one engine rule, but that isn't to say it isn't true, but the implication that an 'over-powerable' single engine gets you out of trouble all the time is a bit off the mark.

Conventional aviation logic dictates that a landing approach is something that will only turn into a landing if all goes well - if the correct conditions fail to transpire a go round will be initiated. If an engine fails at the beginning of go round (or just before takeoff), it is quite possible that the aircraft will not have the performance to clear requisite obstacles etc (although this threat may be eliminated by safety regs in commercial arenas).

Where I trained, most of the instructors said that if you lose an engine on takeoff at this airport, pull both throttles and roll through the fence and across the main road outside.

Basic error surely?

I thought every sysadmin knew it was dangerous to designate anything 777.

The Kevlar-lined hoodie, please...

Choke

My Mk1 Ford Escort had the same problem - always cutting out unless I used the choke as I was coming up to traffic lights and such. I imagine they must have based their engines on the same tech, and a class act too if you ask me.

I'll post them the fluffy dice, Chaz and Shaz window sunscreen sticker and a cosy faux fur steering wheel cover immediately. :)

spooks jamming the airwaves for GB's motorcade

Lets see.

1 The technology exists.

2 The technology is known to be in use in GW motorcade.

3 The US & UK spooks share everything, especially misinformation about WMD

4 The civil service can't even be trusted to look after laptops let alone operate classified anti terrorist electronic weapons in a safe and responsible way.

Sound plausible to me...

The real question is can a head of state be guilty of terrorism?

2 hour rule

"a plane cannot be more than two hours away from an airport that can handle it. (that is why you can't fly direct across the atlantic, and go up towards greenland etc, or down passed the azores to get to the states"

Going across the south pacific or the south atlantic must be a bit of a chore then...

It's more to do with the fact that the middle of an ocean is not in anyone's airspace or on radar - so they travel on predetermined airways at differing heights within someone's juristiction. This ensure that they are covered by a Flight Information Region.

Just reboot the engine computer

Flying out of Heathrow on Tuesday and the plane has a "technical fault" with the engine as we push back off stand. Return to stand and engineers come up and do their stuff and fix it.

As we go again, the captain comes on an explains, "As many of you who have computers know, sometimes they have glitches and the best thing to do is to switch them off and on again. We did that with the engine computers and everything is fine now."

Now I appreciate that they don't run Windows etc. and the analogy was probably for the benefit of others, but it did make me smile and then perhaps grimace to think I was on a Boeing plane.....!

hmmm,

hmmm , I wonder if they used those cheaper non linear sony dac's and adc's , like in their crappy expensive SADC players of old ?

Software issue, but not autothrottles.

It's important to understand how the current generation of electronic aircraft systems work in order to understand how this could happen:

The engines on modern airliners use FADEC (Full Authority Digital Engine Control), in other words: throttle-by-wire. On FADEC engines the throttle levers do not typically move with inputs from the autopilot, they rest in a detent for the desired flight mode and there they stay. On take off you push them up to the forward stop and the engine computers do the rest, shortly after takeoff you pull them into the "Climb" detent and again the computers do the rest, however unlike older mechanical systems the thrust levers do not move in response to changes in engine power within a given mode.

Therefore, if the autopilot commands more or less thrust there is no physical indication to the flight crew, only the change shown by the engine instruments. The reverse is also true, if a pilot takes over manual control, physical motion of the levers is nothing more than an input to the computer. If the computer does not process this request appropriately then you won't get the desired result. Yes, the /autocontrol system/ can be overridden "In all instances", however that only removes it's inputs to the system, it does not take the computer out of the loop (it can't since the only link to the engines is through the computer). I agree that it is not likely a problem with the autothrottle system but rather the FADEC.

I too loathe the Airbus philosophy that the computer is smarter than the pilot (one reason I don't own a General Motors car), however this issue may well demonstrate that allowing the pilot "override" authority doesn't guarantee that full control will be obtained or maintained.

On another note, the 2 hour rule exists. The rule only applies to twin-engined aircraft (those with 3 or more are unrestricted) and it can be extended to 3 hours on certain more capable aircraft. The rule involved is called ETOPS (Extended-range Twin-engine OPerations) for those who would like to search on the term. Thus certain twin-engined aircraft can cross the south pacific without having to stop in Hawaii, Midway, Guam, etc., although the route chosen often has more to do with straight-line Great Circle distances than the proximity of alternate landing sites.

More 2 hour rule

"a plane cannot be more than two hours away from an airport that can handle it. (that is why you can't fly direct across the atlantic, and go up towards greenland etc, or down passed the azores to get to the states"

The original poster was referring to ETOPS120 in this case. The 777 is actually capable of being certified as ETOPS180. All this in short means that the engines are well over-designed for dual-engine operations, and there should be plenty of thrust available on just one engine.

And regarding the path that they fly, not only do they stick to known oceanic routes to stay in contact with ATC facilities, it is also to take into account great circle routes. A straight line is the shortest path between two locations, unless you're talking about across a sphere. In this case, the shortest path is actually a slight arc.

777 autothrottle - like motor driven volume control

"It's important to understand how the current generation of electronic aircraft systems work in order to understand how this could happen... The engines on modern airliners use FADEC (Full Authority Digital Engine Control), in other words: throttle-by-wire."

Yes.

"the thrust levers do not move in response to changes in engine power within a "given mode."

No.

The in-the-know folks, over at PPRuNe and elsewhere, quite rightly point out that on a 777 the autothrottle controls a motor which moves *the actual throttle lever*, so the pilot will see it move sometimes. I believe someone here already referred to a "ghostly hand".

It's the same kind of thing as some hi-fis which have a remote volume control which operates via a motor which turns the volume knob. You watch it move.

In both cases (777 and volume), it doesn't matter whether a human moves it or a motor moves it, the effect is the same.

http://www.pprune.org/forums/showthread.php?p=3851426 (may be too busy)

<big snip>

"I agree that it is not likely a problem with the autothrottle system but rather the FADEC."

Everybody (exceot the El Reg headline writers :)) knows its not an autothrottle problem. Very few people outside the AAIB know what the real problem was (or perhaps "is", if it truly is a design fault rather than (say) mechanical failure, contaminated fuel, etc, as per list of previous 777 engine failures). Would it be better if under-informed people didn't speculate too much for now?

@John Freas + some interesting images

With regard to the 777 autothrottle, this does actually physically move the levers. As I understand it the autothrottle provides an indirect control input via the throttle system through a motor drive to the throttle levers, and the throttle levers (and therefore any direct input to them) retain full command authority regardless of what the autothrottle is trying to do.

Also remember that most systems have 'off' buttons, and/or can be overridden via direct control input.

I know where you're coming from though,as what you described is the Airbus way of doing things, where the only autothrottle indicators are on the displays.

As for the AAIB update, I wonder what they're smoking to claim both the engines were maintaining power at above flight idle.

Look at the following images (guess you'll have to do it manually) to see what one engine looked like after it hit the ground while still at near idle speeds:

www.heathrowpictures.com/pictures/images/picturegallery_baw_b772_gymmm3.jpg

You might notice the way the blade tips have sheered as the lower part of the intake was pushed in, and the mud/grass on the blades. Though it doesn't look to have been doing many rpm at the time.

Now explain to me how anyone could see the other one as having been doing anything more than windmilling as it hit the ground:

www.heathrowpictures.com/pictures/images/picturegallery_baw_b772_gymmm20.jpg

The way all the blades are still attached and the right shape, and the lack of mud on the blades at the top sort of gives the game away, if it was still under any sort of power or even running down (as opposed to windmilling) there would have blades shed as the casing got crushed & mud picked up by the blades, as per the other engine.

The explanation of this incident should be interesting when it finally arrives.

(If you're interested, the above are part of a set of 24 images of the 777 on the ground, and give a better idea of the damage it sustained. There's quite a few holes in it!)

overridable autopilots

At the end of the day it comes down to which scenario is more likely, the plane being saved by a pilot overuling a faulty computer, or by a computer overuling a faulty pilot.

Looking at how many "accidents" end up classed as pilot screwup, compared to how many are due to mechanical failures, I think that the odds are on the computer override being statistically safer. Obviously no consolation if you're on the occasional plane where the reverse is true, but..

Still, I hope they figure this one out before June 23rd, when I'll be on a 10-hour 777 flight.

@dumbasses

The reason aircraft fly across the frozen North on their way from Europe to North America is that it's the *shortest route* - because the earth isn't flat, they follow a great circle. Ships do the same, but are restricted by ice - that's what the Titanic was doing up amongst the icebergs.

I didn't know the throttles on a fly-by-wire aircraft weren't motorised, like the faders on a high-end mixing desk. I guess there's no real reason for them to be.

Even the most hazardous aircraft are much safer than cars, BTW.

...wait a minute...

I get the part about the manual movement of the throttle levers not being a real interactive pilot over-ride of the fly-by-wire system in the 777. What I don't get, is why is there NOT a real manual over-ride? Perhaps via a computer/throttle "kill" switch, or a physical set of throttle controls on an adjacent console? Cost avoidance? Fear of stupid pilots?

Also, all y'all air travelers, remember how OFTEN you've been on flights where those engines rev up before final throttle reduction to idle and set down? Pilots seem to love dropping below the red on the VASI and then dragging the bird in under spooled up power, because it takes too long for those turbines to spool back up after throttle input...(I think they just like to do carrier landings, myself).

RE: spooks jamming the airwaves for GB's motorcade

shall we start a petition on the e-gov site to ask them to rule it out?

I'm not saying I think it happened, but, in the unlikely event that it couldn't be ruled out...

would they ever admit it?

Maybe it was the pilot / co-pilot's fault after all...

Anybody remember the case of the 'plane that crashed near east midlands airport in the UK in 1989? Apparently, a warning light came on indicating a fault in one engine and the pilot shut down the other good one by mistake.

http://news.bbc.co.uk/onthisday/hi/dates/stories/january/8/newsid_2506000/2506665.stm

"As the aircraft began its descent the remaining engine failed too.

Experts said later the chance of suffering such a double engine failure was a hundred million to one. "

"A report by the UK Air Accidents Investigation Branch later found the flight crew had shut down the wrong engine."

As my aerospace lecture liked to joke

The perfect cockpit of the future will have 2 occupants - A Dog and a Pilot. The Pilot's job is to feed the Dog. The Dog's job is to bite the Pilot if he tries to touch anything.

I have no problem with the autothrottle having precedence over a pilot as is the Airbus philosphy as in 99.9% of cases, a crash is caused by a problem on the aircraft being exacerbated by the pilot. The computer has a much better idea of what exactly is happening on the aircraft then the pilot and so it can usually react much faster and better then a pilot, its only in these extremely isolated instances when a problem occurs in the computer that a pilot comes in handy...

ETOPS...

... as the saying goes : "Engines Turn Or Passengers Swim".

@Robert Lee

"its a very complex piece of machinary, to get everything 100% working all the time is almost impossible, so crashes are bound to happen."

I hope you're not a sales executive at Boeing, no wonder sales are plummeting!

All These Experts

Why the hell they bother with a lengthy investigation is totally beyond me.

It's so obvious from all the comments that all they need to do is read this thread on The Reg for the answers!

I mean some here have HUNDREDS of hours in Microsoft Flightsim and have poured down PINTS of beer with the cousin of the mate of the dog whose owner actually once looked into the cockpit of a 777. That clearly makes them experts. Not that they actually *fly* or are at least aeronautical engineers or such minor details.

Typical guvmint inefficiency...

PH icon because she knows as much about aviation as the majority of posters.

Good gods..........

Mike

"the throttle levers retain full command authority " - NOT!

In this picture, the throttle levers DO NOT retain full command authority in the traditional sense.

As John Freas points out, and as others have already mentioned, on any plane with a FADEC (which is pretty much any modern airliner or military aircraft, among others), the "full authority" (FA) is the "digital engine control" (DEC). Hence FADEC. The throttle lever angle is one of a number of inputs to the FADEC computer, and the computer has full control over the fuel flow rate. The aircraft has no reversionary mode which cuts the computer out of the loop. Turn off the computer's power, and lose control. Fortunately they're not your ordinary computer, and, whether you knew it or not, whether you like it or not, they've been in control for at least ten years now. And not a virus or a Windows Update to be seen.