How many of the seriously injured were wearing their lap belts? It's an honest enquiry - one imagines that the "keeping them fastened while seated" policy is designed to reduce the harm from these sorts of incidents, but it's fairly rare that one has the chance to test that theory...

Something I always do when I fly. HOWEVER statements like this do nothing to build confidence in fly-by-wire, this soundbite is basically suggesting that we should all belt up just in case there are any software bugs left in the fly by wire computers.

I would hope that the manufacturers of FBW software have 100% test coverage - meaningful tests including corner cases - and that these sorts of 'adverse events' would therefore not occur. Chinhook springs to mind, the engine management system was bug-riddled and clearly insufficiently tested.

Funny really because I'm currently ensuring test coverage on a software project I'm contributing to. But nobody will die if I don't get my coverage up to 100%...

It's not PAN PAN -- It's Panne Panne. You sound like these hollywood actors that mispronounce mayday (The ay should be flat, not a diphtongue)

The reason is that all these words come from the early French aviation! While the Wright brothers were busy sueing wannabe aircraft manufacturers in the early 1900, effectively paralyzing the nascent US aircraft industry, the French were putting early crates in the air.

The pre-WWII international aeronautical institutions were therefore very influenced by the Gallic terminology craftyness. And what emergency messages did they standardize on? Well, they chose "M'aider" (Help me, imperative form), and "Panne Panne Panne" (Breakdown, repeating three times). To avoid hearing mispronounced abominations, they gave Yanks a cheat sheet with the phonetic spelling of these terms. Little did they know that the French empire -- and its language -- would soon be a distant memory.

So please do not write the grotesque "pan pan", which sounds like a disturbing mating call for frying implements. Write "Panne panne", which is the manly, blood-chilling distress call that echoed through early wireless transmissions, back when Aeropostale was crossing oceans with engines that had an MTBF measured in single-digit hours.

When I worked for Rockwell Collins in the later 90's I discovered a bug in the digital phase lock loop circuit that caused it to fail to retune 1/20000 times. I warned the management that such a bug would cause the instrument landing system(ILS) glide path determination to remain locked on the previous ILS frequency. I was reprimanded and told to never write another e-mail on the issue and within a week two aircraft experienced the exact same impact conditions, one landed in the jungle in Guam and the second landed short of the runway in New York. I was one of the first people cut at the end of the contract as my reward. The real trouble with these types of bugs is that the system looses power on crashing and the pilot gets blamed for the crash! Also, when I checked a couple of years later the company was still denying the bug and shipping units!

I always have my lap-belt on, and make sure my kids have them on, too. It's no hassle and could save some serious injury.

After finally making a safe landing, one wonders what the reaction of the injured passengers were when they were told they'd have to get in another plane to go to hospital...

You know what it's like...the minute that seat-belt sign goes off, everyone takes them off...advice from the inside...loosen, don't remove.....

You'll find that many aviation sites (which are frequented by aviation experts, pilots, cabin crew, ground crew and the like) DO refer to such calls as PAN and MAYDAY calls.

So stop having a strop. Get over it. The airline industry refers to such emergencies as PAN and MAYDAY, not PANNE and M'AIDER. Thanks for the lovely history lesson though.

Actually it is currently PAN PAN.

Apparently it was updated when you weren't paying attention.

Shouldn't this have been an RoTM tagged story?

Interesting stuff: you can be on my pub quiz team. But your ire should be directed at atsb.gov.au rather than the reporter, who simply copied "PAN PAN" from their media realease.

Yes, yes, youre very clever, and correct about about the etymological derivation of the radio calling laguage.

However, its written PAN PAN and MAYDAY these days. Its an international standard.

Like 'silence' is written 'Seelonce'

The reason being that someone who doesnt knopw how to work a radio can read it from a set of instuctions and unambigously pronounce it correctly.

So get of your high horse and .........

shit, just noticed your flame icon...

bye....

Its the one with troll food in the pockets.

K, i really dont think im ever gonna fly again!

"HOWEVER statements like this do nothing to build confidence in fly-by-wire"

and just how many passengers know or even give a flying fuck if the airliner is FBW?

Keep seatblets on is a precaution against sudden turbulence, or is that a new thing as well?

If you can get a 100% coverage with Logical Jump and Sequence paths in testing then then the software would be too simple to fly a plane anyway!

In most sizable software it is impossible to have 100% test coverage!

"It's not PAN PAN -- It's Panne Panne."

I'm afraid that actually, it is: http://www.faa.gov/airports_airtraffic/air_traffic/publications/atpubs/PCG/index.htm

While your history and terminology is accurate (as I would say is your right to be annoyed), all contemporary aviation publications from the ICAO to the USA FAA's Pilot/Controller Glossary (link above) spell the terms you mention as "MAYDAY" and "PAN PAN" respectively. You may feel free to correct our pronunciation, however the now-official spelling is as printed.

It's definitely spelt Pan in the CAA guide to how to speak proper on the radio. It may be a French word but the international language of aviation is English and I've never heard anyone pronounce it the French way. Even the French bloke I was in the simulator with.

PAN PAN is the approved way of writing the Urgency call. If you take a look at the Civil Aviation Authority (that's the UK one) document CAP 413, "Radiotelephony Manual" chapter 8 states:

1.2.2 The pilot should make the appropriate emergency call as follows:

a) Distress 'MAYDAY, MAYDAY, MAYDAY'

b) Urgency 'PAN PAN , PAN PAN, PAN PAN'

Yes, it's based on the French (apparently) but not spelled that way in the official blurb.

Most FBW systems in modern aircraft have software written multiple times (3 usually, I believe) by different development teams - sometimes different companies - all working out the answer to the same question, given the same inputs. There is then some "voting logic" which takes the majority decision and applies that to the actuators. But even then, you can take 3 independent teams of genius programmers, and they'll still miss something. Failsafe programming is very very difficult...

It obviously belongs in RoTM.

Placing the blame on an autopilot going down will never wash. You may be able to get an autopilot to perform an controlled descent ... but get one to go down?

That's now my nomination for sub-heading of the year so far.

but i actually laughed out load when i read the "computer goes weeee!" after reading the article

The correct spelling of the phrase is "PAN PAN" and "MAYDAY" as defined by the ICAO (international Civil Aviation Organisation). Search their site and you will find the official documents defining the phrases and their uses.

Ohmygodtherewasthiscloudandlikeitwasreallyfluffyandwhiteaaaaaaand...

don't PANick, don't PANick

Hey SysKoll, you also realise that PAN is often thought of as an acronym (Possible Assistance Needed)? And since French is plagiarised Latin perhaps we all should speak the holy language just to be sure....

Paris, she can PAN my Panne

@ Gulfie "HOWEVER statements like this do nothing to build confidence in fly-by-wire, this soundbite is basically suggesting that we should all belt up just in case there are any software bugs left in the fly by wire computers."

No, I believe it's always been advised to keep the belt on all the time (which I do) as there are other events (also thankfully rare) where they will avoid you leaving your seat. For example :

- Explosive decompression - there was the one where a plane landed with a top section of the fuselage missing, the only person lost was (IIRC) a member of cabin crew that wasn't strapped in.

- CAT (Clear Air Turbulence), which I believe has not yet been explained, which can cause the aircraft to drop quite dramatically as though it's suddenly lost all lift for a few moments.

- General turbulence, though that's more of an issue in small aircraft.

- Sudden avoidance maneuvers.

All thankfully rare, but then so are landing and taking off incidents - but we still wear belts for that without arguing.

... but anyone remember the scene in "Airplane" when the autopilot started to deflate and the stewardess had to reinflate it?

So where again in the press release does it actually blame the autopilot or any of the software systems for that matter?

It is entirely possible a mechanical control failure occurred causing the ascent and sudden descent. That the software gave warning when something was wrong suggests it may have been doing its job.

Aloha Airlines flight 243 (April 28, 1988) Kahului, Hawaii.

http://en.wikipedia.org/wiki/Aloha_Airlines_Flight_243

that Airbus were using Windows in their autopilot systems. Seems a bit foolish now, eh?

Just asking. Or is that black box only?

BTW, the pronunciation of the above is rather well defined. Just go to YouTube and find "The letter" by Stephen Fry. It's the best expressed "Oh sh*t" ever - it has IMHO never been bettered since :-)

Sounds like two channels of the three decided the aircraft need to ascend, the monitor function warned the pilot that one of the channels was giving a different result and while the pilots were investigating, the two channels that had commanded the ascent decided that they were wrong and so the aircraft was commanded to descend back to the set height...

or else the pilots turned the wrong channels off and didn't realise the channel left in command was trying to get back to the right height and had a large control demand just waiting to be fed through to the elevators...

I have 18 hours worth of flight coming up in 10 days time!! Am I allowed to take empty 3 litre bottles to pee into?? I don't want to take my seatbelt off at all!!!!

Mine the one with the colostomy bag hidden inside

Airbus believe that the computer should have the final say as far as control of their aircraft is concerned. As such a pilot's actions can be overruled. This is opposite to the philosophy of Boeing where the ultimate authority rests with the pilots.

I guess statistically it might be safer to rely on the computer, but you better be damn sure that the software is free of glitches! In fact, I believe an incident very similar to this one occurred over Paris whereby an A320 went into a sudden, unrequested, computer-initiated dive.

@SysKoll - just checking to make sure you got the comments on PAN and MAYDAY. Actually, having been on the other end of radios receiving same, as well as in an aircraft calling a PAN once, I can assure you they are pronounced in English (the mandated international language of aviation) exactly as written.

FBW - well, where to start with the whole field of Safety Critical Systems. It's too large to cover here, but I have studied and practised. Overall, I'd say many more systems should be categorised as Safety Critical than actually are, and the treatment of such systems should be more robust. For example, if done properly, SCS software should be developed by 'formal methods' that 'prove' correct software function in every conceivable instance rather than simply complete a range of tests that didn't recognise any bugs during the testing period. It adds to cost, though ....

I recently did a refresher course on software standards - now I'm not currently a software designer, and this was just a refresher for me - but I swear of the 12 students and 1 presenter, I knew more about mission critical/safety critical development than anyone in that room ... much more ... which was scary, since they all worked on projects developing such systems. Of course, they could run rings around me in web development or database techniques, but when it comes to high risk/critical systems, there's arisen (IMHO) a pretty big hole in competence that wasn't there before.

Maybe El Reg should do some investigative journalism ... guffaw ... OK, maybe just some poking around ... and write a series of articles on the loss of some skills that we used to take for granted.

If we're bringing Dad's Army catch-phrases up, is there an internationally recognised pronunciation for "we're all doomed - dooOOOOomed!" ?

Given that we don't know the facts it is difficult to work out if the people injured were "legitimately" not wearing their seats belts.

Given that the injuries were mainly at the back of the plane it could be that the incident happened at the end of a meal service. Everyone would have been sitting in their seats waiting for their trays to be cleared away and then jumped up and stood in the queue for the loo. Not sure how many loos there are in a Qantas A330 but assuming there are 5 that is 5 people in the loo, say 10 people standing around queuing and 5 people just stretching their legs. Add in another 5 cabin crew and you have 20 people standing around for good reason.

Then take into account that in clear air turbulence / sudden loss in altitude these people will go up and smash their heads on the ceiling and that what goes up must come down, a number of people may have been injured by various flying bodies landing on them.

Yes, some people wouldn't have had their seatbelts on as they don't listen to instructions (on one of the videos taken from a camera phone when on the ground it definitely looked like someone sitting in the front of the plane went through the roof lining) but not all the injured are necessarily at fault.

"It looks like you want to dive into the ground.. Would you like help?"

Remember some folks need to feel superior by spouting their knowledge of the archaic .

Some folks just love having their nickers twisted.

But my favorite expression that applies here . That boy has got his panties so twisted , you are going to need a crow bad and a j hook to untwisted them.

Of course it is possible to get 100% test coverage. You're not writing your test cases by hand, are you? Use a tool like AgitarOne, and you *can* get 100% coverage on even large and complex code bases. Or near as dammit anyway.

How entertaining that you start your post with "we don't know the facts" and then go on to make a huge range of assumptions. Especially when I made no comment about "legitimacy", or whether lap belts might have been off for "good" or "bad" reasons, or indeed whether any of the injured were "at fault". These are all your inferences, not mine.

I repeat, it would be interesting, and potentially educational, to know how many of the injured were wearing their lap belts, because it could help to justify, reinforce or disprove the usefulness of a policy which rarely has the opportunity to be tested.

"cabin crew and loose objects"

And the difference is?

I'm confused, you say it is possible to have 100% test coverage but then 'near as dammit anyway', which is it, 100% or near as dammit??

I hope you don't work in any aircraft manufacturers software department (if you do, please let me know so I can avoid those aircraft).

So assuming that the passengers are advised to keep there seatbelts fastened (usual practice) and dear old lady gets a flying fat bloke to the head, is there a grounds for legal action against the unrestrained lard? or does the blame lay squarly with the carrier?

So it wasn't caused by an elevator actuator getting stuck then? and the computers telling the pilots there was a problem as the plane ascended due to said stuck elevator, causing the computer/Pilot to keep increasing the hydraulic pressure until about 300ft deviance then... bang... the actuator released, shot to its full extent, plunging the plane into a nose dive?

Sounds way more feasible than the auto pilot malfunctioning.. as pressure variances happen all the time (turbulance) and autopilot corrections are programmed to be smooth transitions...

If you're going to be pedantic, at least be right when doing so.

It's "M'aidez", not "M'aider", that the French shout, for instance. Several sources (and therefore Wikipedia) says it's short for "Venez m'aider", which means "come help me", whereas a Francophone will tell you it's "M'aidez", which is the imperative form translated as "Help me!"

It's pronounced in whatever accent you like as long as it's understood by the radio operator at the other end. Phonetic differences between a Brummie and a German Pilot, for instance, don't matter as long as the message gets across.

The number of injuries suffered by people without lap belts might be interesting, but I rather suspect that the worst injuries would be caused by people out of their seats, such as the cabin crew.

a) keep my seatbelt fastened throughout any filght whilst

b) welcoming the arrival of our altitude-altering overlords.

"In most sizable software it is impossible to have 100% test coverage!"

Not true. Granted I've not worked on FBW or autopilot systems but I have worked with other complex real-time systems. Achieving 100% unit test coverage is very time consuming and for most applications is not neccesary. But if you are writing the code, then yes, you can write test cases for it. And if you can't write one or more test cases to demonstrate that your algorithm is correct, how do you ship it?

In my 20 years experience in IT systems development, the word 'impossible' can usually be substituted for "too expensive". I've spent the last 10 years working on very large scale enterprise systems development and I've yet to come across a piece of code written by myself or a colleague that I can't write a test for. In real-time and embedded systems you may need a (complex) hardware rig to allow you to create all the corner cases you want to test, but it can be done. Any computer system has inputs, you can define the range of those inputs and test appropriately.

Don't confuse management's refusal to spend money with an inability to fully test. In safety critical systems testing should be beyond comprehensive.

I always love reading the comments for these types of stories but could I make a request to El Reg? Could you please create a new "I am a genuine expert" icon that genuine experts can use so we the readers can tell that they genuinely know their stuff and are not talking bollocks?

By the way, the imperitive form is "m'aidez". "M'aider" as described by SysKoll is the infinitive.

;-)

I'm an expert on everything.

CTG - I agree that it's possible to get pretty good coverage on unit tests, but a modern FBW aircraft is a terrifyingly complex beast - how do you test race conditions between signal inputs, race conditions between the redundant computers, etc, etc. ? Answer is you can't in practice - if you tried it could take hundreds of years. That said, I think the level of testing carried out is patently inadequate - just Google for the story of a BA A340 flying from Japan and landing at Heathrow, and the computer problems which gave the pilots nightmares. The British Air Safety board queried how the aircraft ever got certified given the problems being experienced.

BTW, I started real-time programming in assembler on a dual-processor telex exchange over 30 years ago, and I've done a fair bit since, so I *do* have some experience.

Regards, Rob.

"... may have suffered from computer problems." I wonder what O/S the plane was running ;)

I do have some experience in the fields of aviation and computers (and I do NOT mean just cos I play M$ Flight Simulator!), and thus claim my right to use the "expert" icon...

Anyway, my idea is to forget this idea of having the pilot ask/tell the computer what the pilot wants the aircraft to do, and then letting the computer decide if it will let him or not. Rip out all the silly wires and electro-mechanical actuators and go back to using rigid wires and hydraulic systems to move the control surfaces. No more worries about the computer having an attack of the HALs, mysterious electrical "features" rebooting flight-critical systems or even stray electrons flipping a logic gate and sending a "max down" command to your local elevator(*)actuator...

BTW, most aircraft use a variety of RISC-based control systems since they don't normally need to worry too much about the sort of stuff a 'personal' computer needs to waste time on (remote network access, User and data security, playing music, videos or games etc) so they don't tend to suffer from Windoze-related "features".

(*)And I don't mean the method of vertical personal transport found in American lift shafts. It's the correct term for the bit at the back of the aeroplane that makes it go up and down. And it's vertical stabilizer, not "fin". And mainplane, not "wing". Now excuse me, I need a double Scotch after all that...

Sharp altitude changes may happen in some cases, and actually have happened. I remember that another flight did a sharp roll to the left? right? for 20 seconds while the pilots disengaged the autopilot.

This case may have been caused by a software bug, but the case the autopilot detected *did* deserve a sharp climb: if you're about to hit the ground, a fraction of a second is the difference between "phew!" and "OH SHIT!".

they really can't do anything right at the moment...i wonder if they're showing Rain Man on their flights again...

Does anyone know what language platform these aircraft control system are devloped with? C? C++? Assembler? Maybe ADA?

I always thought FORTH* would be a very good candidate for something like this. It's interactive nature makes unit testing very easy indeed. And it's fast enough.

Just curious...

* Showing my age... :-)

So the sudden erratic plane movement was actually the autopilot spilling toothpicks on the plane to see if anyone could count them all ? M'aider, m'aider - zut alors !