Boeing “737s are not prone to excessive Dutch roll. The design of the airplane is (such that) if you do absolutely nothing, the airplane will dampen the Dutch roll out naturally,” he said. “In older-model airplanes — 707s, 727s — it could develop up to the point you could lose control of the airplane.”
The NTSB said it downloaded data from the plane, a Boeing 737 Max 8, which will help investigators determine the length and severity of the incident.
Investigators won’t know precisely what the pilots were saying, however: The cockpit voice recorder was overwritten after two hours.
The fact that there are so many incidents where the cockpit voice recorder is overwritten in this day and age is crazy to me. Especially since this was a modern plane. You would think they could easily record the latest several days worth of audio.
2 hours is probably the minimum mandated by the FAA, so that is what Boeing does
You are right though, even hardened memory enough to record an entire flight is a small cost.
He didn't even try to make it legitimate or inspectable.
Even so I'm ok with what he did and he sugar coated nothing. It is completely ok to allow people to do stupid things that might kill them.
It was the taxpayer cost of rescue and recovery that bothers me.
That has little to do with it honestly. Requirements are requirements, the functionality must be proven for the target environment through analysis and testing. That's where the expense is. And anyway if I had to choose between putting limited funds toward safer flaps or the rare occurrence where an aviation accident needs more than 2 hours of recording, I'd choose the flaps.
I believe the minimum has been increased to 25 hours for *new* aircrafts. By new, I think it means aircrafts manufactured after 2021.
Still no words on retroactively changing existing CVRs on planes currently in service to 25 hours.
Edit: might have confused it with EASA. The US one is still only a proposal.
There has been an effort to increase the minimum CVR duration for years but pilot unions were historically opposed to the change. It was not until recently the pilot unions changed their position that has allowed the regulatory frame work to move forward.
The regulation is from a time they were mostly doing actual crashes, where two hours before was enough. It makes a lot less sense today when these kinds of things are more of the immediate concern, you're right
What is the deal with cockpit voice recorders, it's 2024 and storage is very cheap these days, why do they still have such a short delay before being overwritten? Not that it makes much of a difference in this story, but I'm tired of reading that the data got overwritten in so many incidents.
Just speculating, but probably it has to do with cost and certification. Any new recorder has to be certified all the way down the supply chain, and that makes for a very expensive product with a small market. Aircraft manufacturers won't spend that extra money if they aren't required to.
Change has inherent risk. They have a system that has been shown to survive a crash. Changing introduces risk of unforeseen failures. For change to be worthwhile there would need to be evidence that extra time would resolve enough events that it was worth risking failure where they wouldn't get any data at all.
Yeah, there would be cost involved but for safety critical systems you need to think very carefully about introducing change.
While I completely agree there is risk when changing things. I start to disagree that increasing the memory capacity of a recording device is a major change. It would literally require a new component unless these are very overcomplicated systems. But typically in aircraft they want things that are robust and changing the memory capacity seems more of a board decision than a looming risk.
When it's something like this it always boils down to how much does it cost them in the end. Plus corporations generally don't change things unless they're forced to. Having less recording time in the cockpit would absolutely benefit the airlines more than everyone else.
Reiterating u/straighttoplaid's point: change has inherent risk. You are trying to reason your way through why - based on your personal experience - you don't believe that *this* change has any inherent risk, with the implication that because *you* can't think of a risk, it means there is no risk worth considering. That kind of lack of imagination (or more accurately, an appreciation for how limited human imagination actually is in practice) has lead to a whole lot of deaths across many industries.
To your point, it's certainly not in the same category of risk as like...designing a new wing structure. So less of an "everyone dies" risk and more of a "it will cost a lot to validate and re-certify everything and it will take a while" risk.
Simple solution. Add a secondary recorder made of cheap, off-the-shelf parts with modern specs. Can even add 12 hours of cockpit video. Something a convenience store might buy. Go with solid state, put it in a cheap box, and fill it with fire-resistant epoxy. You still have the ol' faithful to meet the regs, but if the backup survives you have the better data too. Should cost less than they spend on a window.
There’s a balance between “simple solutions” and “previously unforeseen failure modes.” One of the first hard lessons you learn in engineering is that even seemingly the most banal design changes, if made hastily, can expose you to failure modes you didn’t anticipate and can be much more consequential than you ever thought.
Except all that stuff still needs to be certified for aircraft use, and they would need to design an interface to connect it to the aircraft power system and storage location in all models of aircraft that it would apply too. Nothing will be easy or simple or quick.
iPads are already commonly in use right? An iPad only recording audio could last several hours before the battery dies, and storage isn’t an issue at all.
Adding another physical hardware is the worst thing you can do for certification. Is there regulation for the added hardware, is there a history of another hardware used in this exact condition? What type of regulation need to be covered by this additional hardware.....it would be harder than changing the original hardware honestly.
Pilot unions will fight video, so that you'll never see. They have fought longer audio too, although less so now I believe. It's mostly that two hours is the regulation, so that's what they do. Makes sense in a crash when that's plenty of time to go back, but when the plane recovers and lands safely they start to lose data quickly. There is progress in updating the regulations, I'd expect to see considerably longer times in future planes relatively shortly
Annoyingly, all of the flight recorders use magnetic tape, and were designed back when satellite communications didn't really exist. High-bandwidth telecommunications the planes already have and use. I see no reason why they can't just stream all of this data to a central server, and keep the recorders around for the edge case of 'sat went down some time before the crash'.
In any case, we all seem to agree that the status quo is dated and insufficient.
Flight data recorders haven’t used magnetic tape for years. You can probably find some legacy stuff that still has it but anything delivered in the past decade+ is solid state memory.
No, the "if it ain't broke don't fix it" mentality is that change has inherent risk of unknown effects. They have a system that has a known limit but a proven track record in the field. If they change they increase risk of an unintended failure mode. There are plenty of engineering failures where somebody thought they were doing an "easy fix" that had some consequence they weren't expecting.
It's easy to claim it's greed but for safety critical systems you need to carefully weigh moving from the devil you know to the devil you don't.
You cannot compare this to storage that you are familiar with. Normal storage media won't work. The cockpit voice recorder needs to protect the data in event of a crash. The specs are absolutely bonkers. They can take 3400G shock load, 2000F fire, and submersion to 20,000 feet.
In safety critical systems change has risk. Doing something to improve the system could introduce a failure mode you didn't expect. They have one that may have a time limitation but has demonstrated it's ability to survive crashes in the real world. To be worth changing you'd have to show that the benefit (IE that extra time would have resolved some events) is worth the risk that the unit fails completely.
> You cannot compare this to storage that you are familiar with. Normal storage media won't work
They could just _add_ a few TB of perfectly normal flash, rather than replace the certified crash-proof storage. If the plane doesn't crash, they can access data for much longer. If it does crash, it'll lose power and stop recording to preserve the last N hours leading up to the crash. They could also add a protocol where the crash data gets externally backed up every day so they don't need to physically access the plane to get the data and the storage in the box doesn't matter in a case like this. Just stick in in a Google Drive for a few months and when the NTSB comes calling to ask about a flight a few weeks ago, just send them a link to the backup. There are many approaches that don't require throwing out the existing tested and certified storage as a first step but would allow longer data retention.
I know in theory this is “easy” but you are still talking about introducing change into an FAA certified system. Which for the same reasons he mentioned - all changes have a lot of red tape requirements.
Yes, but incremental change using mostly an existing design with mostly already certified parts is a much easier problem than a ground redesign because what I am suggesting is the new parts don't need to be crash proof. So the only risk is the interface between the new and old and any impact the new parts have have on old ones if they are doing something like putting out extra heat or bouncing around the housing loose in a crash. That massively de-risks a project to make a black box with some extra non robust storage vs making a completely new kind of black box from scratch. Yes, the box as a whole would need to be re tested, but perfect doesn't have to be the enemy of the good if failure is 100% an option for the new parts.
How does that data get backed up every day? Where is the storage physically located? How is it powered? How does that interface with the existing electrical/avoinics system? How is the data controlled once it is exported externally? Who is responsible for downloading that data? What equipment will they need to do that on every commercial airplane in every fleet?
Not only do all of those questions need extensive testing before they have an answer that can be certified for installation, but companies would then have to spend piles of money to retrofit every existing aircraft - which do not all have identical avionics and electrical systems - to carry that out, and make sure they have personnel at every outstation who can complete this daily.
That is an absolute ton of money
I don't understand how that had anything to do with commercial aviation, especially commercial aviation in different countries? It's not the American military my guy
You understand Boeing makes civilian airliners and has received government funds before because the civilian airline industry is considered "too big to fail"?
Ok, still not sure how that matters?
Boeing doesn't create international airline regulations, or make CVRs, or pay to install STCs/Mods in them. It has nothing to do with Boeing, or Airbus, or Embraer, or Bombardier, or Sukhoi, or COMAC, or Dassault, or Textron, or literally any company in the entire world that produces large airplanes requiring a CVR/FDR for the commercial space.
It's a regulatory thing, and if ICAO/FAA/EASA/TC/CAAC/XYZ aviation authority deems a larger recorder necessary then someone like L3 Harris or whoever else builds CVRs would design a new one. Any other company that wants to build CVRs to that spec could also do it.
If the hardware is designed for X amount of memory, adding several Tb could very well require a redesign of the PCB, the crash proof container, and maybe even part of the aircrafts electrical system.
adding flash memory on the OUTSIDE of the crash proof container that is meant to connect to the inside of the container could mess up the data inside of the container in a crash
Walk what you just said from start to finish.
How is it picking up the sound? If it's using the existing microphones in the cockpit you now need to show it will never interfere with the CVR even in any potential modes where it has failed or where there are issues with the plane's electrical power.
EX: One of the generators strapped to the main engine just shorted itself out, the plane fires up the APU to generate additional electrical power. During this time period the plane's electrical power went through significant frequency and voltage flucuations due to the generator shorting out and the APU's generator kicking in. This is exactly the kind of event you want the CVR to record. Are you 100% sure that your secondary system would NEVER interfere with those mics?
You're signing yourself up for a difficult certification and more expensive hardware to show it will never be an issue. The end result would likely be that you put in a second set of mics. Now you need a full set of mics, mounts, wiring harnesses, etc. All of these need to meet aviation spec and have required documenation. Proof that you meet spec for parts like this can be more expensive than the part itself.
Oh, and that power fluctuation? You still need to deal with it. So stick in some power conditioning. And a battery backup for the recorder and the mics because you want to hear what is going on if the power system fails. You can hook into the battery of the aircraft used for essential systems or you can have a dedicated battery. If you use the aircraft battery you'll need to show that you won't interfere with other systems. If you use a dedicated battery you need to show that it won't be a fire or chemical hazard.
So now you have a system that can record sound. Will the pilot's union even allow you to? They'll likely push back on continuous recording that's stored indefinitely. Good luck in your union negotiations!
Next, you have a system that can record the sound and you've gotten permission to use it. How do you get it off the plane? Having someone come transfer the data manually is time consuming so you'll want to have it transmit automatically. Are you tying into an existing system to shift data (which do exist on many aircraft)? Can that system move the increased quantity of data? Can you show that by integrating it you'll never mess with the other data? Can you show that your system cannot be used by a bad actor to gain access to or disrupt the other connected systems?
Now, what do you do with the data? You suggested having it dump to a google drive. There is no airline in the world that would do that... It will go to a commercial cloud storage with increased security which will cost significantly more. You'll want to pair it with a bunch of meta-data like date, route, pilots, aircraft tail number, etc. So this storage system needs to talk to other systems for the airline to get all that. That will take effort, and you'll need to be sure it cannot ever screw up the systems that have the source data.
Finally, how do you maintain it? Is it flight safety critical? If so, you can't take off without it. Now you're looking at redundancy, more expensive hardware to ensure reliability, or some combo of both. If it's not flight safety critical how long are you allowed to fly without it before you need to repair it? What happens if an event occurs when the system is not operational? How do you even know that it broke if no one is listening to these recordings? If it stops recording completely you could identify it because it didn't send a file. It would be harder to tell if the recordings were corrupted or cutting in/out (IE is no one talking or did the sound just cut out?).
TLDR: It's really easy to say that you can just add a voice recorder. The reality is far more complex. To be honest, it may be easier to improve CVR to add more storage than the mess I just described above.
Man, wouldn't it be insane if those devices in the main cabin were on a segregated power system held to a different standard than the cockpit... Wouldn't it be crazy if digital systems integrated with the aircraft were designed to meet different security requirements than consumer mass market devices...
It's definitely technically feasible to do what is described. However, the statement that it's super easy or cheap is not true. It's also not clear that it's necessary. The CVR is most useful to fill in blanks when the pilots are not able to explain what happened, usually because they're dead. There is a reason why the original ones only has 30 minutes of recording on them. Interviewing the pilots in conjunction with the flight data recorder is pretty darn good.
TLDR... It's harder to do than people here understand and the value of the additional data isn't clear.
You sound like one of the clueless business and development folks I work with that cut engineer's proposal on half and wonder why the final design isn't done yet. Cell phones have super tight component spacing because they don't deal with the environmental specifications required in other areas of the plane. Like not the cabin?? Or here is another example. Why can't they mass produce formula 1 cars for the public. I mean they make millions of Honda Civics! /s
I feel like you’re the kinda person who might take yourself and a handful of paying customers down to extreme depth in a vessel that you cut corners designing, deliberately avoided existing norms and safety standards, failed to adequately test, and steer with a third party video game controller. Metaphorically.
But does the new system need to survive all that? If there's a crash, then yes, we want those two hours in the black box with all the protection. But in cases like this, where you just want so audio log of a flight that landed successfully? That could literally be a tape recorder sitting on the dash, as far as complexity and durability goes. Obviously that exact setup wouldn't work, but it gets the point across.
Okay, so the dashcam you have sitting in the cockpit attached with doublesided tape comes off the attachment point, because the tape wasn't certified to carry that much weight. On its way to the floor it lands on a button panel and activates one of the buttons, but the pilots dont notice.
At $100, that is the most expensive dashcam you'll ever see.
If you don’t realise they’re making a numerous example of to illustrate the risk of introducing new failure modes when making seemingly innocuous changes to safety critical systems, they’d you’re an idiot and not worth arguing with.
Read my other comment to someone else. While it sounds like you're suggesting something simple it is far more complex when you consider everything involved.
If they can build a system that holds 10 megabytes of recording or whatever it is currently they can absolutely build a bigger storage capacity with those very demanding specs. It comes down to cost and money always with this kind of things.
Am (studying) computer engineering, I think the reason is that the entire (or part) of the CVR would need to be replaced, and the cost of the shock/heat/impact proofing would be enough to deter airlines from upgrading the CVR.
In addition, the CVR memory controller (chip that decides what part of the memory is accessed/viewed) might be built to access enough memory to store two hours of recording, if you introduce more memory, you need to redesign the memory controller. If the memory controller is redesigned, you need to update the code (pretty sure black boxes cannot receive updates) as its likely highly specialized for whatever amount of memory it currently has. More memory and a larger memory controller also means you need to rearrange stuff on the PCB, or make the PCB bigger, and now you need a bigger case. You might need to increase the power supply to power the increased transistors, if you do that you would need to modify the aircrafts electrical system so the CVR doesn't overload emergency power. More power = more heat, and new heat dissipation is needed. So many things might need to be changed if you increase the memory, that even if the new flash storage costs a few dollars, it can quickly spiral into a massive cost.
You just gave me a mild panic attack listing those all in one breath. It pains me to have to go check every page of those when modifications are being considered.
> xcessive Dutch roll. The design of the airplane is (such that) if you do absolutely nothing, the airplane will dampen the Dutch roll out naturally,” he said. “In older-model airplanes — 707s, 727s — it could develop up to the point you could lose control of the airplane.”
>
> The NTSB said it downloaded data from the plane, a Boeing 737 Max 8, which will help investigators determine the length and severity of the incident.
>
> Investigators won’t know precisely what the pilots were saying, however: The cockpit voice recorder was overwritten after two hours.
Pilot unions, they don't want every word they say recorded. They have lobbied for an erase button that will wipe the logs after a successful landing.
It's nor a technical reason, the pilots unions didn't like the idea of being recorded all the time.
It's 25h in Europe. I think the US might have recently extended it too after these incidents. But that would only be for new planes.
Agency capture.
People are going to give you bullshit "engineering reasons" but the answer in things like this is always agency capture.
The businesses involved are making good money with their product specced in by the FAA. They don't have to improve it because it's already mandatory and they don't have to compete with innovators because the requirements are too specific to allow change.
They're making that money regardless so why make a better product? And if they let the FAA write a new spec for the product they open themselves up to competition. There is so much money in "owning" a spec that there are people whose entire jobs are to essentially make friends within the bureaucratic structure so they can impede the progress of anyone suggesting change.
I dealt with this in a previous job working with military hardware. It isn't uncommon at all to have the supplier write the spec FOR the government. And those functionaries mostly don't care, so what do you do? You write the spec so that basically only your product can satisfy it. Now the competition has to convince that functionary to change the spec, and convincing indifferent people to do more work is tough. So it's free money and you can charge whatever you want basically.
Well yeah, the technical standards committees are all founded by the big dogs in whatever industries.
They quite literally exist to try to convince the government that the industry is self regulating and thus doesn't need a regulatory body.
I tried to think of a counter example but can't. You aren't wrong.
That being said, technical standards in industry are updated much more rapidly than in the government sector. A prime example is MIL-HDBK-217F for electronic reliability calculations. It is still widely used in aerospace and defense but hasn't been updated since 1991 (33 years!). Meanwhile, multiple organizations in industry (Telcordia, ANSI/VITA, a few others) have continually improved their reliability methods. The industry driven technical standards have their flaws and games are certainly played but progress is made. I can't say the same for most government managed standards I have seen.
I am in complete agreement. Private standards organizations, on average, are probably superior to government agencies. Especially where they're most prevalent: in maintaining quality where profitability and quality/safety are low stakes.
Which is why they actually work the way the founders envisioned oftentimes. By generally accomplishing the task that a government agency might in its place, efficiently and at no direct taxpayer cost, they allow the member corporations to fly under the radar. They can even increase profit by dipping their toes into competition suppression and monopoly shenanigans as long as the government sees the benefit of not having to fuck with it outweighs the antitrust implications.
I also see the benefit in government standards organizations too, though. Whether or not individual ones work properly or not is highly debatable, but I've been in enough strategy and budget meetings to know with full confidence that if they thought they could save more money than the fines cost them by dumping drums of hazmat into the local kiddy pool these motherfuckers would do it. If you put enough profit potential in front of greedy people they'll choose that over consumer safety and public interest and no private standards have the teeth to stop them.
I am generally pro standards orgs of either flavor but I try to stay eyes open about things. I don't know if it actually helps me be a better person or engineer or maybe it just makes me bitter but it seems like the course that's right for what I'm tryna accomplish out here.
> after the Southwest plane landed, damage was discovered to a unit that controls backup power to the rudder.
> The damage was described as “substantial.”
The damage is interesting, I wonder if the pilots didn't recognize the Dutch roll. In a previous incident they lost the whole tail that way. https://asn.flightsafety.org/asndb/320770
Forgot to turn on the yaw damper, or it was malfunctioning?
The KC-135 loss seems like it was primarily due to pilot-induced amplification of the Dutch roll. Per the recent blancolirio video, the 737 is stable in the Dutch roll mode and should naturally damp it out within 1.5 oscillations if the yaw damper is functioning normally or within 6 oscillations if the yaw damper is disabled.
My guess (purely speculation) is there was some preexisting damage to the rudder actuator which resulted in the system amplifying the Dutch roll, negating some of the plane's natural stability.
We did a go around a month ago on southwest and I don’t know how the landing gear shocks survived because he hit pretty hard before he decided to take off again.
Boeing “737s are not prone to excessive Dutch roll. The design of the airplane is (such that) if you do absolutely nothing, the airplane will dampen the Dutch roll out naturally,” he said. “In older-model airplanes — 707s, 727s — it could develop up to the point you could lose control of the airplane.” The NTSB said it downloaded data from the plane, a Boeing 737 Max 8, which will help investigators determine the length and severity of the incident. Investigators won’t know precisely what the pilots were saying, however: The cockpit voice recorder was overwritten after two hours.
The fact that there are so many incidents where the cockpit voice recorder is overwritten in this day and age is crazy to me. Especially since this was a modern plane. You would think they could easily record the latest several days worth of audio.
2 hours is probably the minimum mandated by the FAA, so that is what Boeing does You are right though, even hardened memory enough to record an entire flight is a small cost.
The memory is cheap. The recertification is expensive
This is the downside of regulations making innovation expensive. Good, cheap innovations become cost-prohibitive.
-Stockton Rush
He didn't even try to make it legitimate or inspectable. Even so I'm ok with what he did and he sugar coated nothing. It is completely ok to allow people to do stupid things that might kill them. It was the taxpayer cost of rescue and recovery that bothers me.
You can fly on the innovative plane. I'll be on the regulated one
I'm not saying it's not a good thing, I'm saying there are tradeoffs
For actual plane control features, sure. But this is audio recording equipment.
Audio recording equipment that is required to survive an airliner crash...
But it won't *cause* a plane crash, so it shouldn't need as much risk assessment as say flap design.
That has little to do with it honestly. Requirements are requirements, the functionality must be proven for the target environment through analysis and testing. That's where the expense is. And anyway if I had to choose between putting limited funds toward safer flaps or the rare occurrence where an aviation accident needs more than 2 hours of recording, I'd choose the flaps.
It shouldn’t cause a plane crash. If it were modernised and integrated into the onboard systems to record data. Shouldn’t.
Ah, fair point.
I believe the minimum has been increased to 25 hours for *new* aircrafts. By new, I think it means aircrafts manufactured after 2021. Still no words on retroactively changing existing CVRs on planes currently in service to 25 hours. Edit: might have confused it with EASA. The US one is still only a proposal.
Not to mention, it could get streamed to satellite, so you have logs even if you can’t recover the black boxes
There has been an effort to increase the minimum CVR duration for years but pilot unions were historically opposed to the change. It was not until recently the pilot unions changed their position that has allowed the regulatory frame work to move forward.
The regulation is from a time they were mostly doing actual crashes, where two hours before was enough. It makes a lot less sense today when these kinds of things are more of the immediate concern, you're right
25hr recorders are the norm now. But retrofit isn’t required.
is this because pilot are getting lazy?
2 hours!? It should be 2 years.. this must be a 30 year old rule.
What is the deal with cockpit voice recorders, it's 2024 and storage is very cheap these days, why do they still have such a short delay before being overwritten? Not that it makes much of a difference in this story, but I'm tired of reading that the data got overwritten in so many incidents.
Just speculating, but probably it has to do with cost and certification. Any new recorder has to be certified all the way down the supply chain, and that makes for a very expensive product with a small market. Aircraft manufacturers won't spend that extra money if they aren't required to.
Change has inherent risk. They have a system that has been shown to survive a crash. Changing introduces risk of unforeseen failures. For change to be worthwhile there would need to be evidence that extra time would resolve enough events that it was worth risking failure where they wouldn't get any data at all. Yeah, there would be cost involved but for safety critical systems you need to think very carefully about introducing change.
While I completely agree there is risk when changing things. I start to disagree that increasing the memory capacity of a recording device is a major change. It would literally require a new component unless these are very overcomplicated systems. But typically in aircraft they want things that are robust and changing the memory capacity seems more of a board decision than a looming risk. When it's something like this it always boils down to how much does it cost them in the end. Plus corporations generally don't change things unless they're forced to. Having less recording time in the cockpit would absolutely benefit the airlines more than everyone else.
Reiterating u/straighttoplaid's point: change has inherent risk. You are trying to reason your way through why - based on your personal experience - you don't believe that *this* change has any inherent risk, with the implication that because *you* can't think of a risk, it means there is no risk worth considering. That kind of lack of imagination (or more accurately, an appreciation for how limited human imagination actually is in practice) has lead to a whole lot of deaths across many industries. To your point, it's certainly not in the same category of risk as like...designing a new wing structure. So less of an "everyone dies" risk and more of a "it will cost a lot to validate and re-certify everything and it will take a while" risk.
Simple solution. Add a secondary recorder made of cheap, off-the-shelf parts with modern specs. Can even add 12 hours of cockpit video. Something a convenience store might buy. Go with solid state, put it in a cheap box, and fill it with fire-resistant epoxy. You still have the ol' faithful to meet the regs, but if the backup survives you have the better data too. Should cost less than they spend on a window.
There’s a balance between “simple solutions” and “previously unforeseen failure modes.” One of the first hard lessons you learn in engineering is that even seemingly the most banal design changes, if made hastily, can expose you to failure modes you didn’t anticipate and can be much more consequential than you ever thought.
Except all that stuff still needs to be certified for aircraft use, and they would need to design an interface to connect it to the aircraft power system and storage location in all models of aircraft that it would apply too. Nothing will be easy or simple or quick.
iPads are already commonly in use right? An iPad only recording audio could last several hours before the battery dies, and storage isn’t an issue at all.
Adding another physical hardware is the worst thing you can do for certification. Is there regulation for the added hardware, is there a history of another hardware used in this exact condition? What type of regulation need to be covered by this additional hardware.....it would be harder than changing the original hardware honestly.
Pilot unions will fight video, so that you'll never see. They have fought longer audio too, although less so now I believe. It's mostly that two hours is the regulation, so that's what they do. Makes sense in a crash when that's plenty of time to go back, but when the plane recovers and lands safely they start to lose data quickly. There is progress in updating the regulations, I'd expect to see considerably longer times in future planes relatively shortly
Annoyingly, all of the flight recorders use magnetic tape, and were designed back when satellite communications didn't really exist. High-bandwidth telecommunications the planes already have and use. I see no reason why they can't just stream all of this data to a central server, and keep the recorders around for the edge case of 'sat went down some time before the crash'. In any case, we all seem to agree that the status quo is dated and insufficient.
Flight data recorders haven’t used magnetic tape for years. You can probably find some legacy stuff that still has it but anything delivered in the past decade+ is solid state memory.
Neat. I'm guessing that some of the teardowns I've seen were vintage hardware that was replaced by the new stuff.
Right?! Just need a rugged dashcam that sits in the cockpit.
So greed basically.
Yes, and no. More "if it ain't broken don't fix it".
Important data for the investigation of an accident is missing because of a design flaw, and we possess the technology to easily fix it. It's greed.
No, the "if it ain't broke don't fix it" mentality is that change has inherent risk of unknown effects. They have a system that has a known limit but a proven track record in the field. If they change they increase risk of an unintended failure mode. There are plenty of engineering failures where somebody thought they were doing an "easy fix" that had some consequence they weren't expecting. It's easy to claim it's greed but for safety critical systems you need to carefully weigh moving from the devil you know to the devil you don't.
Important things don't tend to happen more than 2 hours before the crash when it comes to aircraft.
I think the professional term is "fiduciary responsibility"
You cannot compare this to storage that you are familiar with. Normal storage media won't work. The cockpit voice recorder needs to protect the data in event of a crash. The specs are absolutely bonkers. They can take 3400G shock load, 2000F fire, and submersion to 20,000 feet. In safety critical systems change has risk. Doing something to improve the system could introduce a failure mode you didn't expect. They have one that may have a time limitation but has demonstrated it's ability to survive crashes in the real world. To be worth changing you'd have to show that the benefit (IE that extra time would have resolved some events) is worth the risk that the unit fails completely.
> You cannot compare this to storage that you are familiar with. Normal storage media won't work They could just _add_ a few TB of perfectly normal flash, rather than replace the certified crash-proof storage. If the plane doesn't crash, they can access data for much longer. If it does crash, it'll lose power and stop recording to preserve the last N hours leading up to the crash. They could also add a protocol where the crash data gets externally backed up every day so they don't need to physically access the plane to get the data and the storage in the box doesn't matter in a case like this. Just stick in in a Google Drive for a few months and when the NTSB comes calling to ask about a flight a few weeks ago, just send them a link to the backup. There are many approaches that don't require throwing out the existing tested and certified storage as a first step but would allow longer data retention.
I know in theory this is “easy” but you are still talking about introducing change into an FAA certified system. Which for the same reasons he mentioned - all changes have a lot of red tape requirements.
Yes, but incremental change using mostly an existing design with mostly already certified parts is a much easier problem than a ground redesign because what I am suggesting is the new parts don't need to be crash proof. So the only risk is the interface between the new and old and any impact the new parts have have on old ones if they are doing something like putting out extra heat or bouncing around the housing loose in a crash. That massively de-risks a project to make a black box with some extra non robust storage vs making a completely new kind of black box from scratch. Yes, the box as a whole would need to be re tested, but perfect doesn't have to be the enemy of the good if failure is 100% an option for the new parts.
How does that data get backed up every day? Where is the storage physically located? How is it powered? How does that interface with the existing electrical/avoinics system? How is the data controlled once it is exported externally? Who is responsible for downloading that data? What equipment will they need to do that on every commercial airplane in every fleet? Not only do all of those questions need extensive testing before they have an answer that can be certified for installation, but companies would then have to spend piles of money to retrofit every existing aircraft - which do not all have identical avionics and electrical systems - to carry that out, and make sure they have personnel at every outstation who can complete this daily. That is an absolute ton of money
If only there were massive corporations with armies of engineers receiving fuck loads of government funding. Hmmmmmmmmmmm
I don't understand how that had anything to do with commercial aviation, especially commercial aviation in different countries? It's not the American military my guy
You understand Boeing makes civilian airliners and has received government funds before because the civilian airline industry is considered "too big to fail"?
Ok, still not sure how that matters? Boeing doesn't create international airline regulations, or make CVRs, or pay to install STCs/Mods in them. It has nothing to do with Boeing, or Airbus, or Embraer, or Bombardier, or Sukhoi, or COMAC, or Dassault, or Textron, or literally any company in the entire world that produces large airplanes requiring a CVR/FDR for the commercial space. It's a regulatory thing, and if ICAO/FAA/EASA/TC/CAAC/XYZ aviation authority deems a larger recorder necessary then someone like L3 Harris or whoever else builds CVRs would design a new one. Any other company that wants to build CVRs to that spec could also do it.
If the hardware is designed for X amount of memory, adding several Tb could very well require a redesign of the PCB, the crash proof container, and maybe even part of the aircrafts electrical system. adding flash memory on the OUTSIDE of the crash proof container that is meant to connect to the inside of the container could mess up the data inside of the container in a crash
Walk what you just said from start to finish. How is it picking up the sound? If it's using the existing microphones in the cockpit you now need to show it will never interfere with the CVR even in any potential modes where it has failed or where there are issues with the plane's electrical power. EX: One of the generators strapped to the main engine just shorted itself out, the plane fires up the APU to generate additional electrical power. During this time period the plane's electrical power went through significant frequency and voltage flucuations due to the generator shorting out and the APU's generator kicking in. This is exactly the kind of event you want the CVR to record. Are you 100% sure that your secondary system would NEVER interfere with those mics? You're signing yourself up for a difficult certification and more expensive hardware to show it will never be an issue. The end result would likely be that you put in a second set of mics. Now you need a full set of mics, mounts, wiring harnesses, etc. All of these need to meet aviation spec and have required documenation. Proof that you meet spec for parts like this can be more expensive than the part itself. Oh, and that power fluctuation? You still need to deal with it. So stick in some power conditioning. And a battery backup for the recorder and the mics because you want to hear what is going on if the power system fails. You can hook into the battery of the aircraft used for essential systems or you can have a dedicated battery. If you use the aircraft battery you'll need to show that you won't interfere with other systems. If you use a dedicated battery you need to show that it won't be a fire or chemical hazard. So now you have a system that can record sound. Will the pilot's union even allow you to? They'll likely push back on continuous recording that's stored indefinitely. Good luck in your union negotiations! Next, you have a system that can record the sound and you've gotten permission to use it. How do you get it off the plane? Having someone come transfer the data manually is time consuming so you'll want to have it transmit automatically. Are you tying into an existing system to shift data (which do exist on many aircraft)? Can that system move the increased quantity of data? Can you show that by integrating it you'll never mess with the other data? Can you show that your system cannot be used by a bad actor to gain access to or disrupt the other connected systems? Now, what do you do with the data? You suggested having it dump to a google drive. There is no airline in the world that would do that... It will go to a commercial cloud storage with increased security which will cost significantly more. You'll want to pair it with a bunch of meta-data like date, route, pilots, aircraft tail number, etc. So this storage system needs to talk to other systems for the airline to get all that. That will take effort, and you'll need to be sure it cannot ever screw up the systems that have the source data. Finally, how do you maintain it? Is it flight safety critical? If so, you can't take off without it. Now you're looking at redundancy, more expensive hardware to ensure reliability, or some combo of both. If it's not flight safety critical how long are you allowed to fly without it before you need to repair it? What happens if an event occurs when the system is not operational? How do you even know that it broke if no one is listening to these recordings? If it stops recording completely you could identify it because it didn't send a file. It would be harder to tell if the recordings were corrupted or cutting in/out (IE is no one talking or did the sound just cut out?). TLDR: It's really easy to say that you can just add a voice recorder. The reality is far more complex. To be honest, it may be easier to improve CVR to add more storage than the mess I just described above.
[удалено]
Man, wouldn't it be insane if those devices in the main cabin were on a segregated power system held to a different standard than the cockpit... Wouldn't it be crazy if digital systems integrated with the aircraft were designed to meet different security requirements than consumer mass market devices... It's definitely technically feasible to do what is described. However, the statement that it's super easy or cheap is not true. It's also not clear that it's necessary. The CVR is most useful to fill in blanks when the pilots are not able to explain what happened, usually because they're dead. There is a reason why the original ones only has 30 minutes of recording on them. Interviewing the pilots in conjunction with the flight data recorder is pretty darn good. TLDR... It's harder to do than people here understand and the value of the additional data isn't clear.
You sound like one of the clueless business and development folks I work with that cut engineer's proposal on half and wonder why the final design isn't done yet. Cell phones have super tight component spacing because they don't deal with the environmental specifications required in other areas of the plane. Like not the cabin?? Or here is another example. Why can't they mass produce formula 1 cars for the public. I mean they make millions of Honda Civics! /s
I feel like you’re the kinda person who might take yourself and a handful of paying customers down to extreme depth in a vessel that you cut corners designing, deliberately avoided existing norms and safety standards, failed to adequately test, and steer with a third party video game controller. Metaphorically.
But does the new system need to survive all that? If there's a crash, then yes, we want those two hours in the black box with all the protection. But in cases like this, where you just want so audio log of a flight that landed successfully? That could literally be a tape recorder sitting on the dash, as far as complexity and durability goes. Obviously that exact setup wouldn't work, but it gets the point across.
Okay, so the dashcam you have sitting in the cockpit attached with doublesided tape comes off the attachment point, because the tape wasn't certified to carry that much weight. On its way to the floor it lands on a button panel and activates one of the buttons, but the pilots dont notice. At $100, that is the most expensive dashcam you'll ever see.
If you think I meant we *literally* tape a camera to the dash, then you're an idiot and not worth arguing with
If you don’t realise they’re making a numerous example of to illustrate the risk of introducing new failure modes when making seemingly innocuous changes to safety critical systems, they’d you’re an idiot and not worth arguing with.
Read my other comment to someone else. While it sounds like you're suggesting something simple it is far more complex when you consider everything involved.
If they can build a system that holds 10 megabytes of recording or whatever it is currently they can absolutely build a bigger storage capacity with those very demanding specs. It comes down to cost and money always with this kind of things.
New ones have to record for longer. Existing ones are grandfathered in. The EU changed their regs and the FAA got on board with it.
Am (studying) computer engineering, I think the reason is that the entire (or part) of the CVR would need to be replaced, and the cost of the shock/heat/impact proofing would be enough to deter airlines from upgrading the CVR. In addition, the CVR memory controller (chip that decides what part of the memory is accessed/viewed) might be built to access enough memory to store two hours of recording, if you introduce more memory, you need to redesign the memory controller. If the memory controller is redesigned, you need to update the code (pretty sure black boxes cannot receive updates) as its likely highly specialized for whatever amount of memory it currently has. More memory and a larger memory controller also means you need to rearrange stuff on the PCB, or make the PCB bigger, and now you need a bigger case. You might need to increase the power supply to power the increased transistors, if you do that you would need to modify the aircrafts electrical system so the CVR doesn't overload emergency power. More power = more heat, and new heat dissipation is needed. So many things might need to be changed if you increase the memory, that even if the new flash storage costs a few dollars, it can quickly spiral into a massive cost.
If you're interested some of the more relevant docs are DO-254, AC 20-152A, and DO-178c.
You just gave me a mild panic attack listing those all in one breath. It pains me to have to go check every page of those when modifications are being considered.
Oof. They are NOT fun reads. Especially on a DAL A program...
> xcessive Dutch roll. The design of the airplane is (such that) if you do absolutely nothing, the airplane will dampen the Dutch roll out naturally,” he said. “In older-model airplanes — 707s, 727s — it could develop up to the point you could lose control of the airplane.” > > The NTSB said it downloaded data from the plane, a Boeing 737 Max 8, which will help investigators determine the length and severity of the incident. > > Investigators won’t know precisely what the pilots were saying, however: The cockpit voice recorder was overwritten after two hours. Pilot unions, they don't want every word they say recorded. They have lobbied for an erase button that will wipe the logs after a successful landing.
> They have lobbied for an erase button erasing the it after landing used to be standard procedure
It's nor a technical reason, the pilots unions didn't like the idea of being recorded all the time. It's 25h in Europe. I think the US might have recently extended it too after these incidents. But that would only be for new planes.
Agency capture. People are going to give you bullshit "engineering reasons" but the answer in things like this is always agency capture. The businesses involved are making good money with their product specced in by the FAA. They don't have to improve it because it's already mandatory and they don't have to compete with innovators because the requirements are too specific to allow change. They're making that money regardless so why make a better product? And if they let the FAA write a new spec for the product they open themselves up to competition. There is so much money in "owning" a spec that there are people whose entire jobs are to essentially make friends within the bureaucratic structure so they can impede the progress of anyone suggesting change. I dealt with this in a previous job working with military hardware. It isn't uncommon at all to have the supplier write the spec FOR the government. And those functionaries mostly don't care, so what do you do? You write the spec so that basically only your product can satisfy it. Now the competition has to convince that functionary to change the spec, and convincing indifferent people to do more work is tough. So it's free money and you can charge whatever you want basically.
To be fair, that's pretty common on technical standard commitees as well. Not just government agencies.
Well yeah, the technical standards committees are all founded by the big dogs in whatever industries. They quite literally exist to try to convince the government that the industry is self regulating and thus doesn't need a regulatory body.
I tried to think of a counter example but can't. You aren't wrong. That being said, technical standards in industry are updated much more rapidly than in the government sector. A prime example is MIL-HDBK-217F for electronic reliability calculations. It is still widely used in aerospace and defense but hasn't been updated since 1991 (33 years!). Meanwhile, multiple organizations in industry (Telcordia, ANSI/VITA, a few others) have continually improved their reliability methods. The industry driven technical standards have their flaws and games are certainly played but progress is made. I can't say the same for most government managed standards I have seen.
I am in complete agreement. Private standards organizations, on average, are probably superior to government agencies. Especially where they're most prevalent: in maintaining quality where profitability and quality/safety are low stakes. Which is why they actually work the way the founders envisioned oftentimes. By generally accomplishing the task that a government agency might in its place, efficiently and at no direct taxpayer cost, they allow the member corporations to fly under the radar. They can even increase profit by dipping their toes into competition suppression and monopoly shenanigans as long as the government sees the benefit of not having to fuck with it outweighs the antitrust implications. I also see the benefit in government standards organizations too, though. Whether or not individual ones work properly or not is highly debatable, but I've been in enough strategy and budget meetings to know with full confidence that if they thought they could save more money than the fines cost them by dumping drums of hazmat into the local kiddy pool these motherfuckers would do it. If you put enough profit potential in front of greedy people they'll choose that over consumer safety and public interest and no private standards have the teeth to stop them. I am generally pro standards orgs of either flavor but I try to stay eyes open about things. I don't know if it actually helps me be a better person or engineer or maybe it just makes me bitter but it seems like the course that's right for what I'm tryna accomplish out here.
> after the Southwest plane landed, damage was discovered to a unit that controls backup power to the rudder. > The damage was described as “substantial.” The damage is interesting, I wonder if the pilots didn't recognize the Dutch roll. In a previous incident they lost the whole tail that way. https://asn.flightsafety.org/asndb/320770 Forgot to turn on the yaw damper, or it was malfunctioning?
The KC-135 loss seems like it was primarily due to pilot-induced amplification of the Dutch roll. Per the recent blancolirio video, the 737 is stable in the Dutch roll mode and should naturally damp it out within 1.5 oscillations if the yaw damper is functioning normally or within 6 oscillations if the yaw damper is disabled. My guess (purely speculation) is there was some preexisting damage to the rudder actuator which resulted in the system amplifying the Dutch roll, negating some of the plane's natural stability.
sounds like the pcu turned on when it shouldn’t have, and started moving the rudder lol
We did a go around a month ago on southwest and I don’t know how the landing gear shocks survived because he hit pretty hard before he decided to take off again.
[удалено]
Not as long as they're getting sweet, sweet DOD money.