Text from preliminary AI171 crash report within citation marks:
“The aircraft achieved the maximum recorded airspeed of 180 Knots IAS at about 08:08:42 UTC and immediately thereafter, the Engine 1 and Engine 2 fuel cutoff switches transitioned from RUN to CUTOFF position one after another with a time gap of 01 sec. The Engine N1 and N2 began to decrease from their take-off values as the fuel supply to the engines was cut off.”
Then later:
“As per the EAFR, the Engine 1 fuel cutoff switch transitioned from CUTOFF to RUN at about 08:08:52 UTC. The APU Inlet Door began opening at about 08:08:54 UTC, consistent with the APU Auto Start logic. Thereafter at 08:08:56 UTC the Engine 2 fuel cutoff switch also transitions from CUTOFF to RUN.”
So for the transition back from cut-off to run we have two specific timestamps mentioned: 08:08:52 UTC and 08:08:56 UTC, i.e. a 4 sec gap between these actions.
But for the initial transition from run to cut-off there is only one time stamp 08:08:42 UTC and the dubious statement that this transition was done “immediately after” for both engines and that the gap was “01 sec”.
Why no exact timestamp in this case and what does “01” mean? Why not just say 08:08:4X and 08:08:4Y? where Y-X=1 sec if this was the case? Why complicate the text like this?
When exact timestamps were used for the cutoff to run move, why add the “immediate”? Because if as most seem to assume there was a 1 sec delay between the move to cut-off why not write these time stamps. Why the inconsistency?
And why write “01 sec" and not “1 sec” or even better “one second"? As it’s written now, does the 01 sec really mean 1 sec or does it means one-tenth of a sec? Because if the latter, then this would indicate that the fuel cut-off switches were of the unprotected type (flippable without lifting) and if they were both toggled within 1/10 of a sec then they may well have been flipped inadvertently.
Maybe this is reading too much into the report, and maybe it’s just bad grammar, but if they had been consistent in how they wrote this it would have left no doubts. But as it is now I think the wording in the report is unclear about the exact timing and sequence when the switches were actually flipped from run to cut-off.
Another thing is the statement in the report that one pilot asks the other why he did the cutoff: When was this said? The report does not say. Was it immediately after the switches were flipped? Or in conjunction with or just after the switches had been flipped back? Because there was 10 s delay between these actions and why was that? Was the initial flip accidental and both pilots struggled to identify the reason for the loss of thrust for 10 s before they finally identified the cause? Or had one pilot flipped the switches and it took the other 10 before he noticed? And if one pilot really had done this on purpose initially why did he not attempt to flip it back to cut-off again in the intervening to 9 to 11 sec before the MAYDAY call was sent at 08:09:05?
I wonder who doesn't wan't know real verifiable root cause of death of their loved ones.
> Although there is no measure of interest, but it is rebound result of education, globalization, internet, etc which nobody can puppet like i said. Today, even CEOs, scientists are surplus & expendable, bcoz of how global society has evolved. And that's evidence that gradually over time, info deniers have lost & seekers have won.
> In private domain, things can be restricted more. But when public is involved & their lives are lost then there has to be fair trial, verification, accountability on the quality of services.
> Aircraft is just another mode of transportation. If people get killed in ship, car, bus, bike, etc then also same situation arises.
> Moreover, all types of crime & corruption are everywhere & we see that Boeing has been caught red-handed lying, so mechanism for fair justice has to be secured somehow.
> There is a line b/w confidentiality, privacy & then having too much monopoly means autocracy, totalitarian rule, no challengers, breeding ground for potential corruption, manipulation.
BTW, forums like this show outstanding amount of data/(prurient) interest.
It is precisely the word I intended to use. "The word can also be used to describe any kind of perverse interest, like onlookers who have a prurient curiosity about the details of a particularly gory crime scene."
It is precisely the word I intended to use. "The word can also be used to describe any kind of perverse interest, like onlookers who have a prurient curiosity about the details of a particularly gory crime scene."
Hmm, the context & focus of forums like this - fighter jets, bombers, tanks, nukes, subs, WMDs, guns, rockets, etc TO ACTIVELY KILL PEOPLE are much much more GORY.
Imagine the people who participate in manufacturing these things, but we can't say that they have perverse interest, or the news channels, documentary makers since decades, the pilots, journalists talking about any type of disaster, accident.
Action movies doing huge global business depict gory scenes.
When a doctor tries to save a patient in operating room, the scene is very gory. Many medical students vomit or faint in college while disecting a body.
Similarly, techies want to understand the tech malfunctions. Aeronautical engineering is unique combo of many elementary disciplines of mechanical, electrical, electronic, computer engineering & many people would like to expand their technical knowledge.
But still if you feel emotionally compromised then i sympathise with you. You can try telling the forum owners to delete this thread.
Or you can take break from Defence forums like this & focus on relatively peaceful forums like Airline Pilot Central, The Airline Pilots Forum & Resource, etc. But there also accident threads are there.
Now please excuse me, i'm looking at some videos of 787 fuel system, engines, etc as fuel switches are being probed.
There's a difference between "considering crew factors" and a situation in which people with medical conditions and disabilities are reluctant, or scared, to reveal them because of the fear of punitive action regardless of whether their condition is a safety of flight issue. This leads to people concealing medical conditions and avoiding appropriate treatment.
The FAA has been looking at this for several years because they realise the current system is actually part of the problem.
How does the FDR know the position(s) of the switches? Is it monitoring where the electrons are moving, or does it monitor physical switch position? Monitoring physical position would require many more wires in the design, or implementation of something akin to a CAN bus.
I'm asking because if it's getting switch position from where the electrons are moving (or not moving), a bad connection could cause inadvertent shutting of the fuel shutoff valves. Solenoid valves require constant electrical power to stay open (in this case), so losing that constant power would cause the FSOVs to shut. A short time later that bad connection reconnects and the FSOVs open back up.
Intermittent electrical faults are an [3.2TB expletives-filled rant deleted] to track down.
Yes, I am looking for ways for this to not involve a pilot action.
Edit: This came to mind when I remembered Three Mile Island's issue about displaying commanded versus actual valve position. At TMI, the valve position display board showed commanded valve position, when in actuality the power-actuation for certain valves had been disabled. This completely confused night shift about what the real condition of the plant was.
If the FDR is reporting valve position based on electrical flow, there could have been no cockpit command to shut the FSOVs.
There's a difference between "considering crew factors" and a situation in which people with medical conditions and disabilities are reluctant, or scared, to reveal them because of the fear of punitive action regardless of whether their condition is a safety of flight issue. This leads to people concealing medical conditions and avoiding appropriate treatment.
The FAA has been looking at this for several years because they realise the current system is actually part of the problem.
The FAA can look at the problem all it wants, but different nations and cultures handle this differently - some of them very badly - and the FAA has no legal jurisdiction over that.
The pilots are dead, and the background of their performance and mental state leading up to the crash has to be examined from a forensic viewpoint to determine if it was a contributor. "Protect the reputation of the pilots at all costs" is not a game that should ever be played in post-crash analysis.
How does the FDR know the position(s) of the switches? Is it monitoring where the electrons are moving, or does it monitor physical switch position? Monitoring physical position would require many more wires in the design, or implementation of something akin to a CAN bus.
I'm asking because if it's getting switch position from where the electrons are moving (or not moving), a bad connection could cause inadvertent shutting of the fuel shutoff valves. Solenoid valves require constant electrical power to stay open (in this case), so losing that constant power would cause the FSOVs to shut. A short time later that bad connection reconnects and the FSOVs open back up.
Intermittent electrical faults are an [3.2TB expletives-filled rant deleted] to track down.
Yes, I am looking for ways for this to not involve a pilot action.
Edit: This came to mind when I remembered Three Mile Island's issue about displaying commanded versus actual valve position. At TMI, the valve position display board showed commanded valve position, when in actuality the power-actuation for certain valves had been disabled. This completely confused night shift about what the real condition of the plant was.
If the FDR is reporting valve position based on electrical flow, there could have been no cockpit command to shut the FSOVs.
All switches, buttons, knobs in the A/c are some kind of electronic relays, so the electrical signals are converted by ADC (Analog to Digital Convertor) mechanism & sent to FMC & then formatted & sent to FDR.
Some of the switches, buttons, levers, knobs can be controlled back in motion by the computer/auto-pilot,
For example -
- thrust levers
- engine start knobs
- stabilizer trim wheel (787 doesn't have)
- speed brake lever
...except the ones guarded by notches, brackets, covers, etc. But the computer/auto-pilot can still SOFT operate the functions.
For example-
- Load-relief function for flaps.
- EEC's TCMA shutting down engine(fuel valves) if RPM red line crossed, overspeed occurs, ground idle RPM issues, etc.
- Electrical load shedding causing less priority things to shut down temporarily or indefinitely as per situation & power available, like shut down of some of the fuel pumps, hydraulic pumps, IFES (In Flight Entertainment System), Cabin Utility, etc.
As jets become more S/w oriented with glass cockpit & automatic adjustments, that means the computers have option to relay a signal further or not triggered by a hard switch, unless the proper conditions are met. Such safety mechanisms, S/w driven locks are already there.
So now there are many layers-
- physical, mechanical layer on top.
- electronic layer of transistor circuit.
- wiring layer of connectors, plugs, copper wires, fiber optic wires.
- S/w layer, the ultimate judge, jury, executioner.
Some logic could be hard-wired where too much S/w thinking is not needed.
Each of these layer have their standards w.r.t. manufacturing, maintenance, shelf life, etc, but also gltches associated.
But we've not reached the zenith of any technology, just the beginning actually.
1 glitch at any layer may or may not be corrected at H/w or S/w aspect of other layer, depends on design efficiency, maintenance, flight conditions, operation, etc.
So by "swiss cheese model", if some glitch gets through all layers then problems can arise.
Depending upon all above things, A glitch at electronic, wiring, S/w layers may or may not show hard movement of switch/knob/lever/button, especially in those guarded by notches, bracket, covers, etc, causing confusion to pilots & also to maintenance troubleshooters, investigators.
The FAA can look at the problem all it wants, but different nations and cultures handle this differently - some of them very badly - and the FAA has no legal jurisdiction over that.
No, it doesn't (not an American!). But it is one of the leading civil airworthiness authorities, and if it thinks there is a problem, then all the others should feel compelled to listen.
The pilots are dead, and the background of their performance and mental state leading up to the crash has to be examined from a forensic viewpoint to determine if it was a contributor.
At all costs, no, but it has to be compliant with local law and rights - for instance in the UK and the EU disability is a 'protected characteristic' under GDPR*, with specific privacy obligations. That doesn't stop it being addressed in an investigation, but it shouldn't be publicly released unless essential and it shouldn't be the subject of idle public speculation by those involved with the investigation.
My presumption is it's the status of a discrete, a physical memory location updated whenever that switch operates, and potentially broadcast as a data message on a regular schedule. But that's a hardware detail, therefore part of the dark arts.
I was very surprised to read the report stating N2 had dropped below minimum idle within 5s, I'd have expected windmilling to prevent the rotational speed decaying quite so quickly (Cutoff operated at 08:08:42, both engines N2 values apparently below minimum idle by 08:08:47, but the wording of that sentence* is very unclear and it could just be RAT deployment at 08:08:47, with N2 below minimum idle either earlier (most likely for the wording), or later.
AIUI that's likely a >30% reduction in rotational speed in 5s. But not an engine guy.
* "As per the EAFR data both engines N2 values passed below minimum idle speed, and the RAT hydraulic pump began supplying hydraulic power at about 08:08:47 UTC."
At all costs, no, but it has to be compliant with local law and rights - for instance in the UK and the EU disability is a 'protected characteristic' under GDPR*, with specific privacy obligations.
My presumption is it's the status of a discrete, a physical memory location updated whenever that switch operates, and potentially broadcast as a data message on a regular schedule. But that's a hardware detail, therefore part of the dark arts.
I was very surprised to read the report stating N2 had dropped below minimum idle within 5s, I'd have expected windmilling to prevent the rotational speed decaying quite so quickly (Cutoff operated at 08:08:42, both engines N2 values apparently below minimum idle by 08:08:47, but the wording of that sentence* is very unclear and it could just be RAT deployment at 08:08:47, with N2 below minimum idle either earlier (most likely for the wording), or later.
AIUI that's likely a >30% reduction in rotational speed in 5s. But not an engine guy.
* "As per the EAFR data both engines N2 values passed below minimum idle speed, and the RAT hydraulic pump began supplying hydraulic power at about 08:08:47 UTC."
Absolutely. At takeoff power, both the fan and compressor rotors are absorbing 50K+ horsepower from the turbines. Take away the power being delivered by the turbines by cutting the fuel, and that power drag from the fan / compressor will rapidly the rotor speed. During a snap deceleration from TOGA power, the fuel control maintains a minimum fuel / air ratio in the combustor to prevent flameout, which slows the deceleration rate and allows a controlled approach to Idle rotor speed. Turning off the fuel supply completely (I.e. flameout) could easily allow the core rotor speed to drop below idle in 5 seconds.
Windmilling at 180 kts might keep the fan rotor turning at 20%, but the core on a high bypass turbofan is likely to continue to decay to zero rotor speed due to accessory loads on the gearbox if a restart isn’t initiated before the core rotor drops minimum spooldown rotor speed. Even on a moderate bypass turbofan like the F100-220 (0.7 BPR), the aircraft needs to achieve 350 kts for a windmill air start without Jet Fuel Starter assist.
In this case, it appears that moving the cutoff switches back to Run was at a high enough speed for the engine FADEC to successfully complete a spooldown restart and start to accelerate above Idle on one engine. It’s unclear if the 2nd engine was able to initiate a successful spooldown restart sequence and just ran out of time before the ground impact, or if it was needing APU or engine cross bleed starter assistance to be able to restart.
Absolutely. At takeoff power, both the fan and compressor rotors are absorbing 50K+ horsepower from the turbines. Take away the power being delivered by the turbines by cutting the fuel, and that power drag from the fan / compressor will rapidly the rotor speed. During a snap deceleration from TOGA power, the fuel control maintains a minimum fuel / air ratio in the combustor to prevent flameout, which slows the deceleration rate and allows a controlled approach to Idle rotor speed. Turning off the fuel supply completely (I.e. flameout) could easily allow the core rotor speed to drop below idle in 5 seconds.
Windmilling at 180 kts might keep the fan rotor turning at 20%, but the core on a high bypass turbofan is likely to continue to decay to zero rotor speed due to accessory loads on the gearbox if a restart isn’t initiated before the core rotor drops minimum spooldown rotor speed. Even on a moderate bypass turbofan like the F100-220 (0.7 BPR), the aircraft needs to achieve 350 kts for a windmill air start without Jet Fuel Starter assist.
In this case, it appears that moving the cutoff switches back to Run was at a high enough speed for the engine FADEC to successfully complete a spooldown restart and start to accelerate above Idle on one engine. It’s unclear if the 2nd engine was able to initiate a successful spooldown restart sequence and just ran out of time before the ground impact, or if it was needing APU or engine cross bleed starter assistance to be able to restart.
According to the preliminary report, the fuel control switches were turned to cutoff more than a second apart. It means they were not switched simultaneously, and the pilots accidentally flipping two different switches and not realizing it is astronomically low. Is there any expiation to this?
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.
www.bbc.com
www.telegraph.co.uk
avweb.com
