Oh, I think you can try. It happens every now and again. But examples are few and far between: the second hand parts supplier AOG Technics allegedly faking parts documents; who were raided by the Serious Fraud Office in December 2023; Koito, the Japanese seat supplier caught faking fire test results in 2010 (by Boeing QA, I believe); Boeing and MCAS; Xtra, the Florida MRO caught-up in the Lion Air crash for not having written processes. Spirit is a mix of the system working, problems were being identified and dealt with, but they weren't being pressured to fix the cause - and probably they couldn't fix the cause because that problem was pressure from Boeing forcing them to tighter and tighter margins.
Whoever said anything about faking testing or documentation or fraud? I don’t know if this is you building a strawman or if you really interpreted me as saying that if it’s a SW fault then this was done wantonly? I never said that: What I said was that it MAY be a SW fault not that it HAS to be one. And that IF it was, then this MAY have been due to a number of different reasons, a few example being:
Last I knew, all those checks were still manual, not electronic.
Fuel pressure is too high for vapor lock to be a likely problem. Same reason cars no longer deal with vapor lock. High pressure pumps (~100psi) in the tanks, pushing fuel to the fuel controller, which then really cranks up the fuel pressure (~5000psi or more). Jets more or less use the same mechanical fuel system as a Direct Injection engine.
a) would be a material failure in the fault tree creation. And therefore criminal if it results in a loss of life.
www.bbc.com
Yes, your fuel tanks are at ambient pressure.
Missing a fault branch could/would be negligent.
My response as a person working for the manufacturer would be "We have run testing from the most likely to least likely. But I am not trusting this to fly the people I love most until it's all tested."
That happened when both the manufacturer and certifying authority agreed that the probability of that particular fault mode was low enough for testing with a human onboard. And the certifiers publicly admitted that they were wrong about just how likely it actually was.
My understanding is it was a software/engine mismatch, though I can't find anything authoritative to confirm that.
You're welcome!
My understanding was that it was deliberately doing a series of engine relights at various altitudes, six if I remember correctly. Naturally each one drew the battery voltage down, but insufficient time had been provisioned between tests for it to fully recover. The accumulated effects of each relight caused the final relight to disrupt the battery so leaving the aircraft with zero power. The data concerning the battery performance was available to the flight test team but was missed.
Systems Engineering (cross-domain oversight) fail. That sort of possibility always scared me while working down in the code trenches.
The total electrical failure he's talking about is ANYTHING but "simple".
The relights we’re at the edges of operating envelope… the last one was at a condition where the APU wasn’t cleared for operation.
"I'm not going to speculate" :Rolls Eyes:
I did not say there was malice in the event but, no, it does not sound like good systems engineering and I am not aware I said it was.
Every message on the aircraft's internal comms bus - basically ethernet - has a time stamp. If you're getting out of date messages, they should be ignored. But when the counter assigning time-stamps wraps around after 51 days you'll get a (possibly transient?) situation where all the messages in the system have invalid time-stamps. I'm not certain if it's something that'll clear itself because all the timestamps will then become sequential again, or if it'll cause a longer-lasting failure condition.
There was no electrical failure. There was a transient situation where the conditions for automatic FSOV deployment (
I agree, when I said "entirely appropriate system design" I was referring solely to prioritizing FCS over engines for power distribution.
FSOV is a latch-ditch save the aircraft system. Ensuring that functionality takes priority over everything, especially the minor inconvenience of needing a tow off the runway. If you want to provide a cockpit reset on FSOV that means creating a more complex system, with the possibility of failing when its really needed, whereas what you actually want is the simplest system possible. Accepting higher risk to alleviate a minor inconvenience isn't good design.
Sorry mate, extra crispy knackered this week. Stay well out there.
You too!
I would recommend to not try to get ahead too far of the actual investigation.
That's probably exactly what they thought they had, it's how thrust reversers normally work. But weight-on-wheels, is surprisingly complex to determine because of things like bounce - has the aircraft actually landed, landed and completely left the ground again in a bounce where it will land again, is it beginning a Go Around, or is the WOW sensor just not registering right this moment because it's bounced enough to unload the undercarriage and sensor, but not actually enough to leave the ground. And then you have to combine the data for all three sets of wheels, AND the radalts. It's not actually a binary condition, no matter how much it looks like one.
Because mechanical switches take time to move. I don't believe that the FAA has approved any solid-state automatic bus transfer switches yet.
Because airliners are very good gliders, but do not continue to fly without any flight controls.
That's weird, because I thought that part of normal startup was to turn FSOVs to the ON position. As in, it's a solenoid valve, relying on electrical power to hold it open and a spring to shut it. No latches needed, since the spring is very strong.
We don't have the full system design documentation or the safety analysis. I'm not willing to condemn the Boeing design for not working like the Airbus one because there are major differences in the 787's electrical systems compared with any other aircraft, and, as I noted, some suggestions on PPRUNE (which usually has more airline ops guys than we do here) that the 787's HPSOV may operate differently than to other FSOV designs. Wait for the investigation to determine if there are issues, we don't have the data to tell.
I'm not certain how many more ways I can find to tell you that this is not "a safeguard against the pilots selecting thrust reversal too early". It's a protection against much more serious scenarios, such as a turbine runaway/overspeed, which could result in the engine blisk exploding, fragging the fuselage and starting fires. It just happened to be triggered by the combination of actions on ANA NH-985 producing a similar set of thrust readings.
