Aviation Antipatterns Thread
-
@boomzilla Don't fly high.
-
@Watson said in Aviation Antipatterns Thread:
You might discover it was an arbitrary whim.
Those are the best rules!
Filed under: Cannot fart after 6pm
-
So someone made a writeup on the recent british cockup...
tl;dr:
The software for parsing flight data encountered an error while parsing a file, and instead of sending it for manual control it raised a critical error and brought down the system, and then the backup system tried parsing the same file and encounter the same error and went down too. And the log entry for it was in some less important log file meaning figuring what caused the error took overly long and the system could not be restarted until the offending file was removed from the queue.Other than that, it's a tale of at several levels and an insight in how interesting the design of critical systems are.
-
@Atazhaia said in Aviation Antipatterns Thread:
t
lhigh contrast;dr:Jeez...the white on black is unreadable.
-
@Atazhaia said in Aviation Antipatterns Thread:
The software for parsing flight data encountered an error while parsing a file, and instead of sending it for manual control it raised a critical error and brought down the system, and then the backup system tried parsing the same file and encounter the same error and went down too.
Which points to the primary problem: the programmer of that system did not expect that operation to ever fail. In terms of Java, this is exactly when a checked exception should be used: to indicate a problem that the lower level software can't handle and which should get the higher level parts to invoke some totally different processing path (passing to a queue to show to a human with very high priority). With that in place, the problem would have been with one flight (which would have been flashed before a senior ATC for resolution or totally manual processing) and not everything all at once.
-
-
@dkf said in Aviation Antipatterns Thread:
Which points to the primary problem: the programmer of that system did not expect that operation to ever fail.
If this wasn't a critical software, it would be on the programmer. But in a critical software it is on the architect and the programmer and the tester. Because critical software—critical anything, really—is largely about writing detailed requirements, analysing all the failure cases that they are reasonably handled, and then actually testing that they are.
So there should have been a requirement for handling when a flight plan cannot be imported, and a(n integration) test case for it.
-
@boomzilla Sounds like the fear of terrorist attacks is subsiding. I heard it used to be common, but became nearly impossible to pull off with the terrorist scare of the 2000s.
-
@Bulb said in Aviation Antipatterns Thread:
largely about writing detailed requirements, analysing all the failure cases that they are reasonably handled, and then actually testing that they are.
But, but muh Agile!
-
@HardwareGeek You can be agile. With some constraints on how the scope may be changed, because you still need the risk analysis to work and still need the test coverage. But most of the time you are not.
You know, that which we call a waterfall, by any other word would suck as hard. And that word tends to be SAFe. A nominally agile framework, but the increments orwhataretheycalled almost always end up being rigid.
And, well, budgetary organizations can't order projects under agile methodology anyway, because they need to have the budget approved, and means fixing all of requirements, budget, and deadline (until end of fiscal year). There goes agile.
-
@boomzilla said in Aviation Antipatterns Thread:
Jeez...the white on black is unreadable.
This is why I have the zap colors bookmarklet in my bookmarks bar.
-
@HardwareGeek said in Aviation Antipatterns Thread:
But, but muh Agile!
That's enough about shenanigans in the aircraft toilet!
-
@Atazhaia said in Aviation Antipatterns Thread:
So someone made a writeup on the recent british cockup...
(FPL-TTT123-IS
-C550/L-SDE1E2GHIJ3J5RWZ/SB1D1
-KPWM1225
-N0440F310 SSOXS5 SSOXS DCT BUZRD
DCT SEY DCT HTO J174 ORF J121
CHS EESNT LUNNI1
-KJAX0214 KMCO
-PBN/A1L1B1C1D1O1T1 NAV/Z1 GBAS
DAT/1FANS2PDC SUR/260B RSP180
DOF/220501 REG/N123A SEL/BPAM
CODE/A05ED7)ISWYDT. Named one actual flight number, then threw your cat at the keyboard .
-
- Teletype legacy dies slowly.
Yes, that format is probably around 90 years old. - Once you learn to read it, being short does have its benefits.
- The controller needs to have up to 35 flight plans within his immediate field of view.
- The pilot doesn't have space for a lot of papers around him, so he may need to squeeze it together with a bunch of other stuff on a smallish one.
- It is actually easier to scan for a particular bit of information than fully spelled out text.
- And a lot of those things is just identifiers anyway, so not that much to spell out.
- And yes, it is basically what the people read and type.
- Teletype legacy dies slowly.
-
@Applied-Mediocrity said in Aviation Antipatterns Thread:
threw your cat at the keyboard
.... I've been watching too much flight sim youtube videos, half of that is vaguely understandable to me!
-
Please do not throw your
catbitch at the keyboard, you might hurt her. And the keyboard, as well.
-
@Bulb said in Aviation Antipatterns Thread:
It is actually easier to scan for a particular bit of information than fully spelled out text.
We found that out years ago when a set of table name suffixes had to change from full words to two-letter codes.
-
@Zerosquare said in Aviation Antipatterns Thread:
Please do not throw your
catbitch at the keyboard, you might hurt her. And the keyboard, as well.The bitch ain't being thrown anywhere. But, there may be key smashing regardless.
-
(I don't follow this thread, so apologies if it's been posted already. This sounds like it would be a classic)
You may have heard the story. The one about the guy who crashed his airplane seven times in seven days. And you probably figured, yeah, right. It must be some sort of made-up internet thing. You figured that there was no way that it could be true, and you were right. There was no seven crashes in seven days.
It was seven crashes in nine days.
This (below) is supposed to be an interview with the pilot telling the story first-hand, but I'm getting an actual "451 Unavailable due to legal reasons" / "You're in the EU? GDPR? " and I can't be arsed to circumvent it:
-
Meanwhile, when software crashes seven times in seven days, it's considered "good enough to ship".
-
@Zerosquare
Only one crash per day? Sounds like a stable build!
-
@Luhmann it turns out that predictable failure is more desirable than less predictable stability.
-
what aircraft accident investigators call the "Swiss Cheese Model": Every airplane mishap puts a hole in the slice until the plane is more holes than cheese.
That's not the Swiss cheese model. The Swiss cheese model refers to the multilayered safety systems on an aircraft. One system is intended to prevent an accident, but a situation occurred that was beyond its design parameters. Another system would have prevented it, but its warning light was burned out. Another system could have ... , but .... The pilot could have prevented the accident with better decision making. I know the plane has problems, but I really need to get to $destination. It'll be fine.
Any one of these would have prevented one of the sequence of events that led to an accident, but each had a deficiency of some sort. When all these deficiencies align like the holes in slices of Swiss cheese, accidents happen.
-
@HardwareGeek There would seem to be some possible links to random matrix theory too.
-
@HardwareGeek said in Aviation Antipatterns Thread:
what aircraft accident investigators call the "Swiss Cheese Model": Every airplane mishap puts a hole in the slice until the plane is more holes than cheese.
That's not the Swiss cheese model. The Swiss cheese model refers to the multilayered safety systems on an aircraft. One system is intended to prevent an accident, but a situation occurred that was beyond its design parameters. Another system would have prevented it, but its warning light was burned out. Another system could have ... , but .... The pilot could have prevented the accident with better decision making. I know the plane has problems, but I really need to get to $destination. It'll be fine.
Any one of these would have prevented one of the sequence of events that led to an accident, but each had a deficiency of some sort. When all these deficiencies align like the holes in slices of Swiss cheese, accidents happen.
I'm not seeing the difference between what they're saying and what you're saying except the way they're being explained.
-
@boomzilla What they are saying is completely different (and wrong).
The Swiss cheese model applies to a single mishap, so it applies to each of them separately (though not independently) here. The pre-buy inspection is the main slice of cheese, and failure to do it is the hole in it. Then the next would be familiarizing with the aircraft systems, which was also not done or not done very thoroughly, and the shortage of caution planning and executing the test flight, as he probably shouldn't even have been retracting the gear for the first pattern. And of course lack of discipline doing checklists. That's the first accident. Then the next one has its own holes, though the first one, failure to do pre-buy inspection, should be carried over.
But they say each of the mishaps is one hole. Which is something completely different, and not what the Swiss cheese model normally means.
-
@Bulb said in Aviation Antipatterns Thread:
@boomzilla What they are saying is completely different (and wrong).
The Swiss cheese model applies to a single mishap, so it applies to each of them separately (though not independently) here. The pre-buy inspection is the main slice of cheese, and failure to do it is the hole in it. Then the next would be familiarizing with the aircraft systems, which was also not done or not done very thoroughly, and the shortage of caution planning and executing the test flight, as he probably shouldn't even have been retracting the gear for the first pattern. And of course lack of discipline doing checklists. That's the first accident. Then the next one has its own holes, though the first one, failure to do pre-buy inspection, should be carried over.
But they say each of the mishaps is one hole. Which is something completely different, and not what the Swiss cheese model normally means.
Yes, single incident, but stuff had to go wrong in a bunch of different layers of systems / protocols / etc. It's talking about each of those things that went wrong at different points as the mishaps.
-
@Bulb The poor decision making is common to all of them, too. Knowing the plane has serious problems. The decision to fly anyway. Quickly patching the plane up after each incident, rather than getting a qualified mechanic to repair it properly. The urge to get home, even though the plane may get him killed instead of home.
-
@HardwareGeek said in Aviation Antipatterns Thread:
The decision to flay anyway.
Steady on there, Mr Skinner!
-
@dkf Fixed
-
Oh, man, I used to work in this industry. We had a license to manufacture spare parts for Douglas / Boeing, mostly for planes they weren't producing any more.
We regarded AOG Technics as sketchy brokers and rarely sold much to them. Usually airlines and repair facilities would get the quote from them (marked up, of course) and then buy directly from us.
-
@boomzilla Sounds like there could be criminal charges in the future for those who falsified the paperwork and/or made the scheme to do so.
-
Take care on airports. Especially when your airplane is still quite new.
At Frankfurt airport. a highloader (used for loading cargo into airplanes) crashed into a 25 days old Airbus A330 Neo. Exactly at a position where some sensors are located.
Article in german, but you may enjoy the pictures without reading moon language:
-
@BernieTheBernie said in Aviation Antipatterns Thread:
but you may enjoy the pictures without reading moon language:
Except for the moon language dialog blocking things. Looks like a paywall.
-
-
@dcon Not paywalled (yet - but that may happen later on when an article is too popular). Perhaps the cookie banner, or some advertisments agreement .
Let me try to add some pics:
-
-
@Zerosquare said in Aviation Antipatterns Thread:
Here's the picture:
Nothing that can't be fixed with duct tape!
-
@nerd4sale But for Security reasons, you need FAA Approved Duct Tape .
-
@BernieTheBernie said in Aviation Antipatterns Thread:
@nerd4sale But for Security reasons, you need FAA Approved Duct Tape .
I know you're joking, but you do realize that exists?
-
@dcon I live in bureaucrazy - I cannot imagine that an FAA Approved Duct Tape would not exist.
-
@BernieTheBernie said in Aviation Antipatterns Thread:
@dcon I live in bureaucrazy - I cannot imagine that an FAA Approved Duct Tape would not exist.
-
-
-
-
-
@boomzilla It's been analysed by the usual and not so usual pundits already back when it happened. The controller messed up, but it's a bit tricky – clearing a plane for immediate take-off when another is on 3 mile final is OK with good visibility. The plane taking off needs to roll a mile or a little bit more, and because it is accelerating, the approaching plane will cover around twice the distance in that time, so 2 to 2½ miles. If the pilot of the landing plane see the plane in front of him, waiting until ½ mile (~150 ft above ground level) before the final decision to land or go around is neither rushed nor risky. But low visibility changes this in two ways:
- The take off will take longer, because the turn to line up has to be done more carefully and therefore slower.
- Since the ILS is affected by presence of objects on and near the runway, when the low visibility procedures are in effect (they were in this incident), there shouldn't be anything in the runway area when the plane is 2 miles out.
That means in low visibility, the controller shouldn't have cleared anybody on the runway with a plane at 3 mile final. But it also means the FedEx crew was quite late reacting to the situation – they would have been perfectly correct if they went around at the 2 mile mark and called out a “possible controller deviation”. Note that the planes taking the same runway are always on the same radio frequency, so they do hear each other's clearances.
Anyway, the incident, and a lot others, have already been analysed much better elsewhere, but it's good that mainstream media are picking this up, because only then there is a chance that FAA will get their act together and do something about the staffing of towers, training of controllers and tower procedures – some say that there may actually be quite a lot of distractions, which is not a good thing with a lot of new controllers around.
-
-
@TimeBandit So he was "off duty". I guess he was catching a free ride in the jump seat. Why else would an off duty pilot who isn't legal to fly be in the cockpit?
-
Yes, that's the part that made me as well.