ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
Bei Mir ist es nicht schoen Re: Network follies Bitnet FTP-ing of back issues Risk is in the eye of the beholder? Re: The A320's attacks of nerves Re: Article on A320 A320 - The Attacks Continue Re: Private mail on BBSes...(and the A320?) Info on RISKS (comp.risks)
Bei Mir ist es nicht schoenSorry for the GermanoRussian pun, but the two Soviet cosmonauts aboard the space station Mir (= peace) for the past three months have been waiting for supplies to be brought up by the module Kristall, launched on 31 May, so that they may attempt to stay in space to attempt repairs of their Soyuz spacecraft (whose insulation was damaged on launch on 11 February). The conputer controlling the docking of Kristall with Mir shut down the docking operation two hours ahead of schedule yesterday. A Tass report speculates that the computer system might have detected a malfunction in one of the Kristall's orientation system engines. Keep an eye out for further details. [Source: San Francisco Chronicle, 7 June 1990, p. A20]
Re: Network follies (Shimeall, RISKS-10.05)
I'm sure someone must have already replied to you about this, but what they
probably were doing were reconfiguring to deal with the fact that the Arpanet
was decommissioned on June 1. There is no more Arpanet. You were probably
rerouted to your local regional net, which in turn is gatewayed to other
networks, thereby making it apparent that the Arpanet is "back". But rest
assured, the Arpanet is dead.
Carl
[THE ARPANET IS DEAD. LONG LIVE THE ARPANET. PGN]
Bitnet FTP-ing of back issues
At last I have discovered a way to get back issues of RISKS-Forum via
BITNET. I think it could be interesting for you: BITFTP at PUCC is the
e-mail address to get FTP-BITNET redirection. You shuld send a message
like this to BITFTP:
ftp CRVAX.sri.com
login anonymous
cd sys$user2:[risks]
get risks-i.j [for some legitimate values of i and j, obviously]
quit
Please note that connection to CRVAX.sri.com is allowed only after 7 PM. After
a while, BITFTP replies with a session log and, if the file has been
succesfully retrieved, will send the file itself.
P.
Paolo Mattiangeli, Universit{ di Roma "La Sapienza", Dipartimento di Fisica
N.E., P.le Aldo Moro, 4 - 00185 Roma Italy
Risk is in the eye of the beholder?
At a briefing today, we were given information about the ATF (advanced
tactical fighter) reported to be "tip-top secret."
(ATF is a highly automated plane that will eventually -- one is told --
house the Pilot's Assistant, an AI package that can fly, land, and fight
the plane under every circumstance. Right. Anyway...)
The ATF has two cockpits. In the front one is a man. In the
back one is a dog. The responsibility of the man is to turn
around periodically and feed the dog. The responsibility of the
dog is to bite the man if he ever tries to touch any of the
controls.
Well, it seemed funny at the time.
--Dick Wexelblat
[We seem to be specializing in old shaggy dog stories. PGN]
Re: The A320's attacks of nerves (RISKS-10.02)
> Mr. Bertrand Bonneau (the translator to English)
Actually, Mr. Mellor did the translation.
[Yes, that's what he said in RISKS-10.02. PGN]
>For example, I was very surprised by the total absence of any reference
>to the B7[5]7/B767 with their glass cockpits and computers.
The B757/767 and A320 are two different generations of aircraft. And nobody's
crashed a 757/767 yet. The airplanes could certainly come in for criticism
(for the way Boeing's addressed the general man-machine problems of glass
cockpits), but the *critical* issue of the day is the A320.
Looks like it's time for some refresher background:
757, 767, and A310: introduced in '82 and '83: characterized by *conventional*
flight controls, glass artificial horizons and nav displays (EFIS), and
performance management systems (PMS). These airplanes are referred to as
"classical glass" by at least one magazine (Flight International).
The 757 and 767 have identical cockpits. They have conventional (analog
dial) airspeed, altitude, vertical speed, and VOR/ADF indicators. These
surround the two glass EFIS CRT's to form the "classic T." Engine monitoring
is accomplished through an Engine Indication Control Advisory (EICAS) system,
which is comprised of a primary flight instrumentation display (engine
power, temperature, etc) and a secondary advisory display (checklists, hints,
systems info, etc. pop up). These are stacked on top of each other on the
center console. Boeing's operational cockpit philosophy, since the early
1970's, has been "need to know." The 757/767 represent the most extreme
manifestation of this philosophy, by any manufacturer, to date. The im-
plementation has resulted in the *necessity* of pilots having to work around
system obstacles, by pulling circuit breakers (one source claims that on a
typical 767 flight, sixty CB's are set and reset). Data from an
(unpublished?) survey by Earl Wiener indicates that pilots are neatly
divided in their opinions of the 757/767 cockpit.
The A310 is similar, except it packs more info into the EFIS displays, and
it has conventional dial engine instruments. However, it also has two EICAS
displays, to handle a multitude of system and advisory information. Airbus's
philosophy (on the A310) was "nice to know." The cockpit is not, however,
popular with pilots, because of a variety of environmental factors (too
cold, for one). There is a retrofit which gives the A300-600 more or less
the A310's cockpit. The A320 design leans more in the 757/767 direction.
Next generation: the A320 (introduced in 1988).
The A320 did away with most dials (except for backup instrumentation)
and combined airspeed and altitude information into the primary flight
display. These bracket (left and right, respectively) the artificial
horizon display. The display is quite small (7.25") , and, in my opinion,
poorly designed (this was recently discussed ad nauseum on RISKS and
sci.aeronautics). The nav display (beneath it) is more or less a typical
nav display. Nothing revolutionary there.
The flight controls on the A320 are non-standard. The aircraft is controlled
through sidesticks, which map pilot commands into aircraft action. There
are a multitude of control modes available (for instance, "direct" mode, in
which the sidestick deflections map to surface deflections), "autopilot" (in
which the sidestick controls the autopilot), "C*" (which provides an
unconventional method of flight guidance), etc. There are also many
"protections" built into the various modes, such as automatic engine spool-
up if the angle of attack gets too high (alpha floor--but it doesn't work
under 100' radio altitude, hence the Habsheim crash), preventing excessive
bank or pitch, etc. The two sidesticks do not provide "active" artificial
feel (although they do have a spring to prevent excessive deflection), and
are not interconnected.
There are manual backups to the flight control system, but they're not
intended for normal use. The "manual" backups amount to electric trim, a
manual rudder, and, according to at least one source, a manually settable
horizontal stabilizer. At least one source has claimed that Airbus isn't
advocating training for the "manual" flight mode, despite it being the
only way that a test flight (which Bev Littlewood recently mentioned) could
have been landed.
Latest generation: MD-11/747-400.
The MD-11 (1990) and 747-400 (1989) feature six large color CRT displays,
and provide data in a manner similar to that of the A320 and 757/767.
The MD-11 features a "fly-by-wire" system (without any changes in control
laws and no protections), with a fully "manual" hydraulic backup. The
747-400 features a standard hydraulic-based control system. Both airplanes
are two-man ships, though, and include significantly reworked electrical and
systems design.
Note, though, that both Boeing and McDonnell-Douglas have opted for
*conventional* flight laws. Boeing is reportedly continuing the trend
with the 767-X (777), which, if launched, will have fiber-optic "fly-by-
light" systems.
In essence, these airplanes share (a) similar nav displays, (b) similar
PMS/FMCS systems, (c) similar (unknown) problems relating to the consequences
of using digital electronics for flight-critical systems (these range from
static problems to temperature to solar radiation), (d) the unknown effects of
"hiding" a lot of information in two little CRT's, and (e) a propensity to
encourage "heads-down" behavior. Only the A320, however, has a fly-by-wire
system with "unconventional" control laws, and only the A320 has been sold
on the basis of preventing the pilot from making fatal errors.
As you note, though,
>The main point of this article is that the procedures were bad,
which brings us back to ERGONOMICS. The point of the article was to draw
attention to the questionable workmanship of the aircraft, and the poor
man-machine interface. In my opinion, the A320 is the real loser in the
crop of digital airplanes, with the 747-400/MD-11 coming a distant second (for
the idiotic decision to introduce long-range aircraft with only two pilots).
>the French FAA was conducting the investigation rather than the French
>Department of Justice.
Actually, both the DGCA and a local magistrate were conducting an
investigation. The DGCA has released its report, which white-washed the
aircraft and systems. The magistrate's report is still to be released (?).
>Even if the French judges are only ten times
>technically-smarter than ours and if the French-FAA is only ten times
>more corrupted than ours, I'd still rather see their FAA, not their DoJ
>conduct the investigation.
But there's an explicit conflict of interest there: Airbus Industrie is
essentially a public-works project for the aerospace sector in Europe. It
is HEAVILY financed by the French government, and is a major employer in
France. French prestige is on the line, and we all know how "weird" the
French government can get, when protecting its interests (remember
the Rainbow Warrior? :-)). The behavior of both the French government after
Habsheim, and Airbus Industrie after Bangalore, are certainly bases for
skepticism.
>Well, in the US the NTSB (and the FAA)
>typically have "probable cause" within a day, even though investigations
>take many months or even years. Is it suspect, too?
There are numerous cases when the NTSB has not been able to issue a probable
cause, and numerous more where the probable cause has turned out to be in-
correct. What the French government did, however, was state--in a definitive
manner--that the Habsheim crash was a result of pilot error. The FORM their
statement took would certainly not be acceptable coming from the NTSB. It
must be very awkward to have a supposedly objective government agency im-
mediately *defending* an airplane of which many hard questions can be asked.
It's my impression that what irked many people was this very sight of their
government playing the role of apologist.
To the best of my knowledge, the FAA does not issue probable-cause statements.
Its options are limited to emergency regulatory action, based upon preliminary
crash assessments from the NTSB (cf. the AAL DC-10 at O'Hare). It, too,
has been known to reverse its decisions.
>To sum it up: opinionated reporting may leave something to be desired.
The style of the article was somewhat clumsy, but it has a number of good
points. It is not appropriate to discount it sorely because of its
feeble attempts at rhetoric. A number of people seem to have been thrown
off by the assumption that it represents the epitome of the debate in France.
It doesn't, as Pete Mellor has noted. But it certainly contains enough
(apocryphal) anecdotes to stimulate serious discussion.
Robert Dorsett Moderator,
Internet: rdd@rascal.ics.utexas.edu Aeronautics Digest
UUCP: ...cs.utexas.edu!rascal.ics.utexas.edu!rdd
Re: The A320's attacks of nerves (Cohen, RISKS-10.05)