Kuro5hin.org: technology and culture, from the trenches
create account | help/FAQ | contact | links | search | IRC | site news
[ Everything | Diaries | Technology | Science | Culture | Politics | Media | News | Internet | Op-Ed | Fiction | Meta | MLP ]
We need your support: buy an ad | premium membership

[P]
How To Avoid A Collision

By Renegade Lisp in News
Tue Jul 09, 2002 at 11:09:12 AM EST
Tags: Technology (all tags)
Technology

There are now preliminary results from the flight data and cockpit voice recorders of last week's plane crash over Lake Constance in Germany.

Contrary to previous speculation, both planes did have the automatic collision-avoidance system (TCAS) installed. And not only that, it also worked perfectly in this situation.

Why did the planes crash, then?

This story makes for a tragic and scary lesson in human computer interaction.


According to German and British news reports, this is what happened: About one minute before the crash, the Traffic Collision Avoidance System (TCAS) in both planes warned the pilots of the impending collision. 45 seconds before the crash, TCAS instructed the DHL pilot to descend, and the Russian pilot to climb. (The two TCAS systems automatically make contact with each other and decide who should go up, and who should go down.) However, one second later, 44 seconds before the crash, the air traffic controller in Zurich told the Russian pilot to descend instead. About fourteen seconds later, 30 seconds before the crash, the controller repeated this instruction. The Russian pilot then complied, resulting in the collision which killed 71 people.

A spokesman of the German pilots' association ("Cockpit") commented that the Russian pilot should have obeyed the TCAS system, not the air traffic controller. Controllers only give "instructions with an advisory character," he said.

To me, this is scary. I'd like to comment on two points. (I should point out that I am not a pilot, only an interested outsider.)

First, why did the controller order the descent? I am only speculating here, but it seems plausible that he was "just a bit late" in separating the planes. Normally, he should have taken action at least 90 seconds ahead, and usually it's done even earlier than that. Maybe he just hadn't noticed the problem any earlier, which may have been due to the fact that the ground-based automatic collision-warning system had been switched off that night for maintenance. But this late reaction of the controller would, by itself, not have been a problem. However, the controller wasn't aware that he was in fact so late that TCAS on board of the planes had already kicked in.

However, even if he had been aware of TCAS, what should he have done? Nothing? This brings me to my second point.

A while back, I heard an expert in the field comment that the TCAS design is seriously flawed. In its initial design, it was only meant to warn the pilots of an impending collision, and let them sort it out by themselves ("Look, we're on a collision course, you go up, I go down"). However, the TCAS designers then went further and made the computers decide on the avoidance maneuver as well, and use a voice in the cockpit to tell the pilot what to do. This, the expert commented, was a clear case of over-automation, and a violation of the "keep it simple" philosophy.

Personally, I must say that the concept of an automatic decision that should always take precedence over whatever human operators say, sounds very scary to me.

Sponsors

Voxel dot net
o Managed Hosting
o VoxCAST Content Delivery
o Raw Infrastructure

Login

Poll
Who is responsible for the crash?
o The Controller, because he was late 23%
o The Controller, because he ordered the descent 38%
o The Russian pilot, because he obeyed the controller 22%
o The design of the TCAS system 2%
o Nobody, this was just bad luck 13%

Votes: 113
Results | Other Polls

Related Links
o plane crash
o German
o British
o Also by Renegade Lisp


Display: Sort:
How To Avoid A Collision | 96 comments (82 topical, 14 editorial, 0 hidden)
Some other information (4.91 / 12) (#2)
by Herring on Tue Jul 09, 2002 at 04:11:00 AM EST

Browsing PPRuNe it appears that one of the reasons the ATC guy didn't advise the Russians until about 50 seconds before "loss of separation" (as they call it) was because he was struggling with a dodgy phone connection to a neighbouring ATC instead of watching the screens.

That said, the Russian pilot was definitely in error obeying ATC instead of the TCAS RA.

TCAS should be a last resort thing - if ATC are doing their job, then it should never go off at all. I think that every time TCAS goes off, the pilots have to make some sort of report - even if it's just a warning (there are two levels - a warning then a "CLIMB NOW YOU BASTARD").

In summary, pilots should always do what TCAS says, but TCAS shouldn't ever go off. There was an incident last year (I think) with two JAL planes where a pilot tried to outguess TCAS. As a result, they passed within 15ft off each other, head-on, at over 500MPH. Time for a change of underwear.


Say lol what again motherfucker, say lol what again, I dare you, no I double dare you
JAL near miss link (5.00 / 2) (#74)
by intmainvoid on Wed Jul 10, 2002 at 12:54:48 AM EST

http://www.fsv2000.at/woche/2001_05/jal_near.htm

[ Parent ]
That's all well and good (4.42 / 7) (#3)
by Rhino in Rehab on Tue Jul 09, 2002 at 04:15:34 AM EST

The problem with your argument is that, while in hindsight it may have been better to design it differently, in the above situation, the ATC screwed up. What I'm saying is, if the system s designed to communicate between the planes and tell them who goes where, why would some ATC open his trap without trying to find out what the computer has already ordered?

If the situation happened as you say, it's clearly the controller's fault. First off, according to this account, he was only directing one of the planes. Mistake number one. If you're going to tell one plan to go down, you'd better make for damn sure you're telling the other plane to go up. Secondly, what the heck happened to confirmation? If he had enough time to order the plane's direction, wait 30 seconds and order it again, he had enough time to find out from both pilots in what direction they were already heading/told to head.

I'm not sure if i'd trust a computer over an actual controller in a situation like this, but my point is, if you've chosen one, stick with it.


But the message Elmo seems to send out is that it is OK to never grow up, to always act like a screaming, annoying baby with a speach impediment. Hrm. - Grover

not really (4.60 / 5) (#21)
by chia on Tue Jul 09, 2002 at 07:11:25 AM EST

The ATC was in control of one plane, he didnt know that the TACS had kicked in and given an order to the pilots so as far as he was aware the plane that he was instructing could safely ascend or descend provided the other plane held its altitude.

On the other hand the pilot was aware of both situations, the ATC order and the TACS order. He should have followed the TACS order and ignored the ATC and the crash would not have happened.

So if blame needs to be apportioned it must lie at the pilots doorstep, he was the only one aware of the complete situation. the ATC/someone else was undoubatly at fault for allowing the sitaution to develop as far as it did.


Most people are other people. Their thoughts are someone else's opinions, their lives a mimicry, their passions a quotation. O Wilde
[ Parent ]
But what if... (4.50 / 2) (#55)
by pyra on Tue Jul 09, 2002 at 03:36:12 PM EST

The TACS had been malfunctioning, and the pilot (unaware of this) had ignored ATC resulting in a crash that killed 71 people.

Would the pilot have been at fault for not listening to the ATC then?




--
"It was half way to Rivendell when the drugs began to take hold" - Hunter S. Tolkien "Fear and Loathing in Barad Dur"
[ Parent ]
no (none / 0) (#67)
by Rhino in Rehab on Tue Jul 09, 2002 at 08:01:01 PM EST

I wouldn't blame the pilot for that.

If you set up a standardized system of rules to be followed, it is unreasonable to go against these rules whenever you feel it's "for the greater good." If this were to happen, there would be no point in having warning systems at all.

This is the fundamental argument for the creation of laws.


But the message Elmo seems to send out is that it is OK to never grow up, to always act like a screaming, annoying baby with a speach impediment. Hrm. - Grover
[ Parent ]

re (none / 0) (#76)
by chia on Wed Jul 10, 2002 at 04:34:40 AM EST

no the TACS programmer would have been at fault then.


Most people are other people. Their thoughts are someone else's opinions, their lives a mimicry, their passions a quotation. O Wilde
[ Parent ]
I don't understand your conclusion (4.66 / 12) (#6)
by mortisimo on Tue Jul 09, 2002 at 04:39:01 AM EST


The TCAS worked flawlessly and human error was to blame for the crash. Why then is it scary to trust a computer above a human?

Concerning your hypothetical question asking "... even if he had been aware of TCAS, what should he have done? Nothing?"

Of course he should have done nothing. The system is there for just this situation in the first place.

The keeping it simple argument seems flawed too. What could be more simple than a computer with correct information, working over a predefined set of rules and communications protocols, judging the situation in milliseconds and then agreeing too and issuing a localized command on what to do? As long as the equipment is tested and maintained I don't see how this could possibly be worse than the untested meeting of two pilots, who may or may not share a common language, trying to negotiate a course of action while hurtling through the sky at excessive speeds.

I am not trying to be snide, but I cannot make the logical jump to your conclusion from the information you yourself presented in the article.


Automated Decision-Making (4.00 / 1) (#14)
by Renegade Lisp on Tue Jul 09, 2002 at 06:24:34 AM EST

The TCAS worked flawlessly and human error was to blame for the crash. Why then is it scary to trust a computer above a human?
I'm saying that it's bad to let a computer take a decision automatically, and tell everybody to obey it no matter what. If the situation at hand had happened with an older TCAS system, which only alerted the pilots and ATC to the situation without telling them how to avoid it, then the situation would most likely have been resolved without problems.

Unlike many others, I think the main cause of this accident is that an additional, automated "decision maker" has been introduced by the way TCAS is designed.

[ Parent ]

TCAS is pilot-only (4.33 / 3) (#16)
by beak on Tue Jul 09, 2002 at 06:51:25 AM EST

TCAS type I (alert only) and TCAS type II (alert and automatic avoidance recommendation) are pilot-only information devices. They do not automatically communicate to the other plane, nor ATC.

ATC systems have their own independent conflict alert devices, which would normally indicate a potential conflict significantly earlier than TCAS, allowing the controller to spend time analysing the best avoidance tactic and communicating this to both aircraft.

TCAS is only intended as a last-minute system for when all else has failed, in which case, speed through automation is more important.

[ Parent ]

Is It Really Pilot Only? (4.00 / 1) (#48)
by icastel on Tue Jul 09, 2002 at 01:04:42 PM EST

TCAS type I (alert only) and TCAS type II (alert and automatic avoidance recommendation) are pilot-only information devices. They do not automatically communicate to the other plane, nor ATC.

If it's pilot-only as you state, then how does it determine which plane should go down and which up? Plane-to-plane (TCAS-to-TCAS) communication is essential in this scenario.


-- I like my land flat --
[ Parent ]

Based on direction (5.00 / 1) (#58)
by Wateshay on Tue Jul 09, 2002 at 04:01:38 PM EST

The direction that the pilots are told to go by the TCAS is based on the direction that the planes are flying, thus requiring no communication between two TCAS systems.

"If English was good enough for Jesus, it's good enough for everyone else."


[ Parent ]
Absurd (3.66 / 3) (#39)
by Renegade Lisp on Tue Jul 09, 2002 at 10:06:26 AM EST

Concerning your hypothetical question asking "... even if he had been aware of TCAS, what should he have done? Nothing?"

Of course he should have done nothing. The system is there for just this situation in the first place.

Can you spell out the consequences? Imagine you are this controller. You haven't been looking at these two airplanes for a bit too long, and now you realize that they are actually on a collision course. You do a double-check and realize that they are already within TCAS distance. What do you do? Do you say "Okay, no longer my responsibility" and move on to another aircraft?

To me, that sounds absurd.

Plus: How would the controller find out -- reliably -- that they are within TCAS distance? How does he know that both planes have TCAS, and that it's operational?

I do think there is a fundamental flaw in this system.

[ Parent ]

Interesting (4.00 / 2) (#43)
by Miniluv on Tue Jul 09, 2002 at 10:28:01 AM EST

So, why can't the controller have a little flashy gizmo on his desk labelled TCAS that flashes whenever two planes on his scope are within TCAS range. This flashy gizmo can be triggered by the TCAS system on both planes, and it can even pop information up on his scope about which plane is to go which way (i.e. up or down) which he can then confirm on the radio that they are both following.

Or there's your system, in which fucktard controller can disregard his job, the scopes, until the last moment at which point he issues commands to the pilots without fully determining the system and now gets to know he killed 71 people all by his lonesome.

Yeah, trusting the computer still sounds pretty scary.

"Too much wasabi and you'll be crying like you did at the last ten minutes of The Terminator" - Alton Brown
[ Parent ]

They had such a system. (none / 0) (#91)
by vectro on Thu Jul 11, 2002 at 02:37:30 AM EST

They turned it off.

“The problem with that definition is just that it's bullshit.” -- localroger
[ Parent ]
Well, not nothing... (4.50 / 2) (#47)
by Khedak on Tue Jul 09, 2002 at 12:39:57 PM EST

Can you spell out the consequences? Imagine you are this controller. You haven't been looking at these two airplanes for a bit too long, and now you realize that they are actually on a collision course. You do a double-check and realize that they are already within TCAS distance. What do you do? Do you say "Okay, no longer my responsibility" and move on to another aircraft?

Well, maybe he could've done something, but if it's too late for him to know what to do. He should not issue an instruction knowing that the pilots definitely have TCAS systems that have already given instructions. Perhaps he should have said "You're headed for collision! Obey TCAS!", but without having a grasp of the sitution, and with no time for mistakes, any order is as good as "Head towards the other plane," since as it turns out he was saying exactly that.

I think this exposes a flaw in the technology: The ground-based situation warning should eiter never be turned off, or should be redundant with some kind of radio link to TCAS systems on the aircraft. So maybe the controller could look at the display at the last minute and realize which plane has been given which orders, and he could reinforce those orders rater than conflict with them. But if technology is to have the last word, as apparently it must for these kinds of situations, it should be made robust enough to do the job without interference.

[ Parent ]
Different understanding of the situation (none / 0) (#96)
by jgp on Mon Jul 29, 2002 at 06:45:15 AM EST

"What do you do? Do you say "Okay, no longer my responsibility" and move on to another aircraft?"
Sounds like a hole in the protocol. If the controller sees the planes within TCAS range, the controller must take into account the fact that the pilots could be about to receive independant advice from their respective computers. The controller needed to be told, either automatically via the imaginary TCAS III system or by the pilots themselves - 'Dear control, in the absense of better advice, I'm following the advice of my computer and going DOWN.' In the case of TCAS failure, as remote as it is, when TCAS gives the same direction to both pilots, then and only then should the controller's belated advice be followed, and all the while the intent of each pilot needs to be communicated to the concerned parties.



[ Parent ]
Risks (4.70 / 10) (#7)
by sigwinch on Tue Jul 09, 2002 at 04:44:51 AM EST

In its initial design, it was only meant to warn the pilots of an impending collision, and let them sort it out by themselves ("Look, we're on a collision course, you go up, I go down"). However, the TCAS designers then went further and made the computers decide on the avoidance maneuver as well, and use a voice in the cockpit to tell the pilot what to do. This, the expert commented, was a clear case of over-automation, and a violation of the "keep it simple" philosophy.
First, it *is* simple. If the radars detect an extreme hazard, they produce an instant, unmistakeable recommendation. When you're closing distance at 500 miles an hour, doing something a little smart *right now* can easily be better than doing something brilliant in 30 seconds.

Second, risk analysis is *hard*. There are many different factors to consider -- --false alarm rate, pilot error rates, ATC error rates, common-mode human errors, loss of pilot consciousness in one plane, erroneous TCAS recommendation rate, crash rate upon erroneous recommendation, etc. -- and you have to analyze all the permutations to get a result. And it's going to be a tradeoff: the optimal design will knowingly kill people in some situations to save (hopefully more) people in other situations. Safety engineering is a bitch and a half.

I'd expect that a well-design TCAS would be an overall win: (1) It's easy to design reliable radars, and (2) by the time you need it, two pilots and the ATC have lost contact with reality.

--
I don't want the world, I just want your half.

Computer synth voice is good... (3.40 / 5) (#9)
by irwoodhouse on Tue Jul 09, 2002 at 05:14:43 AM EST

...because you can't actually guarentee that the pilots can speak each other's language.

Alright, I'd expect most pilots have one or more of English, French or Spanish, but a terse message ("climb"/"dive") in their own tongue is much better - and can be tuned to the pilot in each aircraft. This is much more quickly understood, thus theoretically lowering response time.

Speed and Redundancy: Automated systems, as others have mentioned, are significantly faster than human monitoring. They can also have multiple safeguards. For example, various car manufacturers are looking towards "brake by wire", with multiple paths to the brake control unit next to the calipers. Each (electical) path can be tested before it is used to determine integrity. This is actually much simpler than, for example, dual brake lines (i.e. to each caliper) and a hydraulic pressure guage, etc. For air avoidance, a three-computer system, with voting and shutdown-on-fault (as in the Space Shuttle and newer military aircraft) would be a good safeguard against mistakes.

Pilot English (4.66 / 3) (#10)
by arheal on Tue Jul 09, 2002 at 05:18:13 AM EST

According to ICAO (The international civil aviation organization) all international pilots MUST be able to speak english. And they do. Quality differs remarkably though....
There can be only one!
[ Parent ]
Pilot "engrish" (4.00 / 2) (#24)
by dorsai on Tue Jul 09, 2002 at 07:49:10 AM EST

Yes, but international pilots often speak only phrasebook english... I know pilots that are perfectly articulate in "radio engrish" that would have difficulty ordering a glass of water in a restaurant

That said, "Climb" and "Dive" are absolutely members of that subset, along with numbers, navigation indicators et cetera


Dorsai the sigless


[ Parent ]
Responsibility (3.33 / 3) (#11)
by Bad Harmony on Tue Jul 09, 2002 at 05:53:24 AM EST

The pilot has the final responsibility for the safe operation of the aircraft. That is why the ATC instructions are described as advisory. Of course, in the real world, pilots are under pressure to make schedules, save fuel, fly/land in questionable weather conditions, and blindly follow ATC instructions.

5440' or Fight!

The real world (none / 0) (#80)
by cameldrv on Wed Jul 10, 2002 at 05:13:39 AM EST

Yes, "The pilot has the responsibility for the safe completion of the flight." However, in the real world, a pilot is dependent on many other people to not screw up. Especially if you're flying big iron, the preflight is not going to catch many potential problems. You are reliant on maintenence personel to make sure that many of the systems are in proper order. In IFR conditions, you are relying on the controllers and the big sky theory to keep you from hitting something up there. Even in visual conditions, visibility from airliners is not exactly panoramic. I believe that the FAA does not specify whether one should obey the controller or the TCAS in the event of a conflict. I don't think that you can really blame the Russian pilot for following the advice of the controller. You can certainly blame the controllers for getting two planes on a collision course. If a controller is yelling emergency collision avoidance instructions into the radio, he has already screwed up even if the instructions are correct.

[ Parent ]
Manual TCAS even worse (4.90 / 11) (#15)
by beak on Tue Jul 09, 2002 at 06:39:53 AM EST

Imagine you meet someone in a corridor. You move left, so does he, you move right, so does he. You say 'You go first' at the same time as him.... You either both go first and bump into each other, or you both stay still looking like idiots until you restart again.

Now imagine the 'stay still' option is not there, you cannot see each other, you may not even be able to talk to each other, you are both travelling toward the doorway at high speed and have only a few seconds to make a decision on the reaction, and once decided, changing your mind is not really an option.

Consider also that both collision alert systems will activate simultaneously, and that 2 people cannot transmit on the radio at the same time. So you will have to fight to decide who speaks first even to be able to start discussing who goes up and who goes down. This is all wasting valuable seconds before the impending collision.

In this case, we have an automated system that looks at what the 2 'planes are doing and issues an automatic recommendation to avoid the conflict - using various rules to ensure that the 2 planes do not make an manoeuvre that continues the conflict (eg both dive). All of this occurring within a few milliseconds. The longest part of the sequence would be the time taken for the system to 'speak' the alert!

In my opinion, the TCAS system of deciding on the avoidance manoeuvre is far better than any manual system -- including the ground-based controller.

Scary? About as scary as relying on a green traffic light...

http://www.caasd.org/proj/tcas/

Not a recommendation (4.33 / 3) (#20)
by Renegade Lisp on Tue Jul 09, 2002 at 07:10:43 AM EST

In this case, we have an automated system that looks at what the 2 'planes are doing and issues an automatic recommendation to avoid the conflict
No, that's not the case and that's the reason why I'm criticizing it. TCAS does not give a recommendation but, as this case showed, instructs the pilots to do something that they are supposed to obey no matter what.

As to the practical difficulties of the manual resolution, I'm sure that this could be alleviated by careful pilot training, establishing fixed procedures for how to resolve such a conflict.

For example, there could be a special TCAS radio frequency on which one of the pilots automatically gets the right to speak first, and he is supposed to make the decision and tell the other pilot what to do. If the other pilot doesn't respond within x seconds, begin descent and inform air traffic control. I'm just making this up as I write this; I'm sure with careful thought one could create a system that relies on human rather than automatic decisions, and is actually safer than what we have now.

[ Parent ]

no, a recommendation. (5.00 / 2) (#25)
by beak on Tue Jul 09, 2002 at 08:20:24 AM EST

From my link:
    TCAS II then issues an RA [resolution advisory] advising the pilots to execute the type of evasive maneuver necessary to avoid the other aircraft

The Pilot always has the last word on what his aircraft does. This collision occurred because the pilot overruled TCAS' advisory and obeyed the ATC.

Automatic collision avoidance systems have been in development since 1956.
TCAS-type systems have been developed since 1974, and in service since late '80s/early '90s
This development has been made by people who know far more about flight safety than you or I. If you think you can design a better system, join the FAA CAA or ICAO and good luck to you.

See also: Case study on TCAS by an experienced aviation pilot


[ Parent ]

When a recommendation is not a recommendation (4.00 / 2) (#27)
by Renegade Lisp on Tue Jul 09, 2002 at 08:42:08 AM EST

The Pilot always has the last word on what his aircraft does. This collision occurred because the pilot overruled TCAS' advisory and obeyed the ATC.
The question is what he is supposed to do. If you're driving in your car and the police tells you to pull over, that is not a "recommendation" although they don't actually take control of your car, which is always left to you.

In recent news reports, it says that the investigators are now trying to find out whether the pilot actually had to follow the TCAS "recommendation" no matter what, according to the regulations under which he was working.

As to the argument by authority (do you honestly think you can design a better system than the FAA, CAA or whatever), I don't buy this. I'm a professional computer programmer who might well some day have to design a system where similar factors come into play. Any engineer should definitely be qualified to discuss engineering matters and make sensible contributions about them. I'm not saying that I'm an expert on aviation, but when it comes to whether a computer or a human has the final say about something, I think it is my professional duty to have an informed opinion.

[ Parent ]

Furthermore (none / 0) (#63)
by zocky on Tue Jul 09, 2002 at 07:05:38 PM EST

Any engineer should definitely be qualified to discuss engineering matters and make sensible contributions about them.

ANYBODY is qualified to discuss public policy, regardless of their education, profession, etc. Whether pilots should be obeying their instruments or ATC is a matter of public policy.

---
I mean, if coal can be converted to energy, then couldn't diamonds?
[ Parent ]

Refactoring your argument. (5.00 / 1) (#84)
by Kugyou on Wed Jul 10, 2002 at 10:40:49 AM EST

In this case, the TCAS was acting not as a policeman, but as a passenger. When the person in the passenger seat of your car tells you to shift lanes, you have the ability to decide to stay right the hell where you are or to go the other way. The ATC was acting as a policeman, issuing demands with some small force of authority. This just happens to be one of those times when the passenger was right and the cop was not.
-----------------------------------------
Dust in the wind bores holes in mountains
[ Parent ]
The bigger question, though. (3.50 / 2) (#28)
by delmoi on Tue Jul 09, 2002 at 09:21:07 AM EST

Why would you expect human decisions to be better then automated ones? If the people in this situation had gone with the computer recommendations nothing bad would have happened?

If a computer is programmed correctly, it will not screw up. A computer program can be proven mathematically. In that situation, a computer program cannot screw up any more then 1+1 can = 72,004.

Humans, on the other hand, can and do fuck things up all the time.
--
"'argumentation' is not a word, idiot." -- thelizman
[ Parent ]
Yes, but (4.00 / 2) (#33)
by Renegade Lisp on Tue Jul 09, 2002 at 09:34:45 AM EST

Why would you expect human decisions to be better then automated ones? If the people in this situation had gone with the computer recommendations nothing bad would have happened?
Yes, but the opposite is also true: If there hadn't been an automated system that people were supposed to rely on, the problem would likely also have been resolved. The warning by the Swiss controller was late, but it wasn't too late. Only he wasn't aware that an automatic system had also begun to do something about it.
If a computer is programmed correctly, it will not screw up. A computer program can be proven mathematically. In that situation, a computer program cannot screw up any more then 1+1 can = 72,004.
Only very simple programs can be proven mathematically. I seriously doubt that the TCAS software is proven to be correct. But even if it were, a mathematically correct program can screw up very badly when interacting with the real world.
Humans, on the other hand, can and do fuck things up all the time.
Yes they do. But they also do a remarkable job of adapting to unforeseen circumstances, much better than any automated system that has yet been built.

[ Parent ]
Balls (1.50 / 2) (#53)
by codemonkey_uk on Tue Jul 09, 2002 at 02:13:22 PM EST

Automated aircraft landing software can land even a damaged aircraft more safely than the most experienced human. The only reason we are stuck with error prone human pilots at all is because of paranoid luddite nuts like you.
---
Thad
"The most savage controversies are those about matters as to which there is no good evidence either way." - Bertrand Russell
[ Parent ]
I don't agree (4.00 / 1) (#61)
by dipierro on Tue Jul 09, 2002 at 05:15:34 PM EST

Only very simple programs can be proven mathematically. I seriously doubt that the TCAS software is proven to be correct.

I don't know about correct, but it's not that difficult to prove that it is fail-safe. In other words if the system tells one pilot which way to go, it has not told the other pilot to go the same way.

Further, the ATC is commonly relying on computers just as much as the pilot is. So the question is not whether to believe a computer or a human, the question is whether to believe a computer relayed through a human, or a computer directly.

In a situation which is time critical, you can't assure that both pilots have heard and acknowledged the instructions before acting on them. That would requie far too many steps (ATC gives pending instructions to pilot 1, pilot 1 acknowledges, ATC gives instructions to pilot 2, pilot 2 acknowledges and acts, ATC informs pilot 1 to act).

If you have time, by all means, give the ATC a means to override the computer instructions. But in the event of a mere conflict in which the ATC is not explicitly overriding the automated system, it seems to make more sense to go with the automated system.



[ Parent ]
Grammar (3.75 / 4) (#44)
by ubu on Tue Jul 09, 2002 at 11:25:30 AM EST

Why would you expect human decisions to be better then automated ones?

Better than. BETTER THAN.

Ubu


--
As good old software hats say - "You are in very safe hands, if you are using CVS !!!"
[ Parent ]
Actually, (4.60 / 5) (#23)
by Ward57 on Tue Jul 09, 2002 at 07:40:09 AM EST

if the two planes were approaching each other in opposite directions, and the both went to their left, then they'd miss each other. This is standard proceedure for light aircraft, and you have to know it if you learn to fly (in UK, that is, I can't speak for anywhere else).

Tim

[ Parent ]

yep (3.50 / 2) (#26)
by beak on Tue Jul 09, 2002 at 08:39:02 AM EST

I believe it originates from Naval law, but I thought the naval rule was "Pass port to port" -- ie alter course to starboard (right) to avoid a conflict.

However, I was just trying to describe the 'corridor dance' where you both move in the same direction (from an independent observer's viewpoint) in a doomed attempt to avoid each other.

[ Parent ]

great for small planes (4.00 / 3) (#46)
by Shpongle Spore on Tue Jul 09, 2002 at 11:57:27 AM EST

I don't know enough specifics to be sure, but perhaps large planes can't turn fast enough for this to work, but they can climb or dive fast enough. This at least makes sense based on my experiences with flight simulators.
__
I wish I was in Austin, at the Chili Parlor bar,
drinking 'Mad Dog' margaritas and not caring where you are
[ Parent ]
Approach (none / 0) (#79)
by Herring on Wed Jul 10, 2002 at 04:58:07 AM EST

The two planes hit at almost right angles, not head-on. This was another problem - I think there's some sort of system whereby planes going south are on "even" flight levels and those going north, on odd so if they had been closing head on, the DHL plane would've been on FL350 or FL370 rather than them being both on FL360 (FLn == n * 100 feet).

TCAS only gives vertical advice (for now - they are working on a system which will do lateral displacements as well) because it's easier than working out the closure angles. In this instance, if they'd both gone left (?) they could still have hit.



Say lol what again motherfucker, say lol what again, I dare you, no I double dare you
[ Parent ]
I hate it when that happens. (2.66 / 3) (#49)
by DavidTC on Tue Jul 09, 2002 at 01:26:51 PM EST

The corridor thing, that is. You walk on the right side of the hall, everyone knows that, and you pass on the right when you run into someone going the other way.

It's hard, but I've manage to train myself, when confronted with someone doing this, to step to the right and stand there. If everyone did this we'd have a lot less silly dodging.

-David T. C.
Yes, my email address is real.
[ Parent ]

Hmmm (3.00 / 1) (#52)
by synaesthesia on Tue Jul 09, 2002 at 02:06:23 PM EST

If you ever visit the UK / Japan / Australia etc., will you stand waiting on the left side of the corridor?


Sausages or cheese?
[ Parent ]
say what? (1.00 / 1) (#59)
by dipierro on Tue Jul 09, 2002 at 04:11:37 PM EST

It's hard, but I've manage to train myself, when confronted with someone doing this, to step to the right and stand there. If everyone did this we'd have a lot less silly dodging.

If everyone stepped to the right and stood there we'd never move.



[ Parent ]
Doesn't work (none / 0) (#60)
by Cro Magnon on Tue Jul 09, 2002 at 04:19:31 PM EST

if the other guy has trained himself to go to the LEFT!
Information wants to be beer.
[ Parent ]
Well, he's an idiot. ;) (none / 0) (#86)
by DavidTC on Wed Jul 10, 2002 at 03:30:09 PM EST

No, seriously, here in the US you walk on the right side when walking down halls. Ergo, that is the correct side to pass on.

-David T. C.
Yes, my email address is real.
[ Parent ]
Wow dude (1.00 / 1) (#89)
by dipierro on Wed Jul 10, 2002 at 10:18:45 PM EST

You don't have many friends, do you?

[ Parent ]
How TCAS decides. (4.00 / 7) (#19)
by gordonjcp on Tue Jul 09, 2002 at 07:06:10 AM EST

First, a quick explanation of terms. Aircraft measure height above ground using air pressure. The lower the static air pressure, the higher the aircraft is. This immediately presents us with an obvious problem - changing air pressure due to weather conditions. We get round this by setting the altimeter to the known air pressure on the ground at the airfield (QFE). Flying in airways though, the altimeter is set to QNE - the standard mean atmospheric pressure, or 1013.2 millibars. This ensures that two aircraft at the same physical height, in controlled airspace, will be showing the same altitude on the instruments, and more importantly on the transponder that sends signals back to Air Traffic Control.

Now, what TCAS does is this. In controlled airspace, you fly in certain "bands" of heights depending on your direction. This ensures that two aircraft ought not to ever be flying straight at each other, at the same height. TCAS decides if you are close to another aircraft, and, based on your heading, decides whether you should climb or descend to a safe height, in the appropriate "band".

Give a man a fish, and he'll eat for a day. Teach a man to fish, and he'll bore you rigid with fishing stories for the rest of your life.


Why is GPS not used? (3.00 / 2) (#29)
by jabber on Tue Jul 09, 2002 at 09:23:06 AM EST

I'm surprised to know that air pressure is used for height determination. I would think that "professional grade" GPS units would give more accurate and reliable measure. Any idea why these are not used?

[TINK5C] |"Is K5 my kapusta intellectual teddy bear?"| "Yes"
[ Parent ]

I say use radar. (3.50 / 2) (#32)
by delmoi on Tue Jul 09, 2002 at 09:33:23 AM EST

Put radars in both planes and they should be able to 'see' eachother's relative position down to the wavelength of the beam.
--
"'argumentation' is not a word, idiot." -- thelizman
[ Parent ]
Thats what TCAS is (4.66 / 3) (#36)
by beak on Tue Jul 09, 2002 at 09:53:00 AM EST

TCAS is a short-range on board secondary radar system, with built in collision detection and avoidance recommendation.

Secondary radar is when aircraft's transponder queries are used to indicate range, bearing and altitude.

Primary radar (the traditional - blast out microwaves and wait for any to bounce back - type) is hardly ever used for civilian ATC, apart from at airports.

[ Parent ]

A bunch of reasons (4.66 / 3) (#34)
by edremy on Tue Jul 09, 2002 at 09:40:10 AM EST

  1. Air pressure works and is well understood, even though it has some problems. (All pilots repeat after me: "High to low, look out below.")
  2. Air pressure instruments are dead simple: they don't need electrical power.
  3. High quality GPS simply hasn't been around all that long: it takes serious time to retrofit a plane with a new cockpit panel, all of the software, etc.
  4. Remember that GPS is an American military system. Why would a Russian plane want to rely on it?

It's going to be a long time before these types of things are gone from all planes, and I'm not sure getting rid of simple altitude and airspeed indicators based on pressure entirely is such a good idea.

[ Parent ]

not possible (4.66 / 3) (#35)
by beak on Tue Jul 09, 2002 at 09:45:24 AM EST

Everything[1] in aviation is based on the 1013.2 hPa QNE altitide, which, quite simply is impossible to determine using GPS[2]

GPS is actually less accurate and reliable than a good old fashioned barometer/altimeter, and the latter is more resistant to things like an asteroid, or the US military deciding to turn the GPS system off.

[1] -- except takeoff and landing, where altitude above ground level is slightly important!
[2] -- because it is an altitude without a fixed reference point - the reference point varies according to the real barometric pressure at sea level.

[ Parent ]

It wouldn't work very well. (4.00 / 4) (#40)
by gordonjcp on Tue Jul 09, 2002 at 10:11:41 AM EST

It's woefully inaccurate, especially in altitude. If you get a chance, compare even a good quality GPS with the altimeter. Bear in mind that only the US military have the full accuracy of GPS.

Also, being that reliant on complex electronic equipment is a very, very bad idea in aircraft. All "glass cockpit" aircraft have pneumatic gauges as a backup, and for a good reason...

Give a man a fish, and he'll eat for a day. Teach a man to fish, and he'll bore you rigid with fishing stories for the rest of your life.


[ Parent ]
Military field GPS instruments are crap as well (5.00 / 1) (#78)
by annenk38 on Wed Jul 10, 2002 at 04:37:09 AM EST

At least they were 90-94. Whenever we had to determine our mortar unit position, we rarely got better than 100-meter surface accuracy. Altitude determination was outright impossible, regardless of the number of satellites available.

And if my left hand causes me to stumble as well -- what do I cut it off with? -- Harry, Prince of Wales (The Blackadder)
[ Parent ]
Didn't know that... (none / 0) (#81)
by gordonjcp on Wed Jul 10, 2002 at 07:10:25 AM EST

I always thought that they sent the signal with an encrypted "error value" that only special receivers could decode. Perhaps yours didn't have it, who knows...?

Differential GPS, which can give you accurate positions down to centimetres, relies on *all* receivers getting a signal that's out by the same amount. You have two receivers in roughly the same place, one of which is fixed at a known position (you can find its position accurately by averaging the readings over a long period of time). This transmits the difference between its known position and its received position, which is used to correct the "moving" GPS.

Give a man a fish, and he'll eat for a day. Teach a man to fish, and he'll bore you rigid with fishing stories for the rest of your life.


[ Parent ]
About GPS and altitude (none / 0) (#94)
by Go5 on Fri Jul 12, 2002 at 06:09:51 AM EST

GPS receivers are pretty crummy at reporting altitude, and this applies to military, consumer and professional models.

The main reason lies in geometry. Basically, a receiver uses timing differences from satellites to resolve a position. The position of the receiver on (or above) the earth and the position of the satellites around the earth constantly changes. Many, occasionally all, of the satellites are above the receiver. To determine the most accurate fix, a receiver should get signals from satellites spaced three-dimensionally around it, but the arrangement of satellites orbiting a globe doesn't really allow for this.

Placing the receiver up in the air (in a plane) can improve signal geometry, but not necessarily. Signals from satellites that are low on the horizon (assuming the horizon isn't blocked by terrain) are subject to increased attenuation and interference.

The Global Positioning System was essentially designed for two-dimensional navigation. Some GPS receivers even have a built-in barometric altimeter.

From the manual of an aviation-specific receiver:

WARNING: The altitude calculated... is geometric height above mean sea level and could vary significantly from altitude displayed by pressure altimeters in aircraft... Never use GPS altitude for vertical navigation.


[ Parent ]
Its always Russian (1.00 / 11) (#41)
by FredBloggs on Tue Jul 09, 2002 at 10:20:50 AM EST

planes that crash, whether its at an airshow, or just cruising along. Perhaps if they were banned from non-Russian airspace until they`ve figured out WTF they are doing?

Except when it's not (none / 0) (#88)
by Rhodes on Wed Jul 10, 2002 at 09:18:08 PM EST

Good to know bigots can still thrive.

[ Parent ]
They are low (none / 0) (#93)
by FredBloggs on Thu Jul 11, 2002 at 08:17:20 AM EST

quality planes. Its as simple as that. Its not bigotted if its true. Come to think of it, their submarines are pretty amusing too.


[ Parent ]
Automated decision-making (5.00 / 13) (#42)
by jabber on Tue Jul 09, 2002 at 10:27:16 AM EST

I completely disagree with your conclusion that automated reflex is a bad thing. In fact, I feel that it it is a very Good Thing. Everything from nuclear plant SCRAM systems through computer driven buy-sell reflex in the stock market, to the simple logic that runs traffic lights in response to traffic conditions, serves to buffer erratic human activity.

You see, it takes a great deal of training to prepare a human to take predictable, logical and safe action in a crisis situation. Even with years of training, a human is still likely to get confused or frightened, to lose bearings, to pass out, to be overcome by a zealot with a box-cutter... The number of variables, especially in an ambiguous, crisis situation, is too often too much for a human to handle.

Automated systems cut through the ambiguity, and react predictably to criteria which were considered and reconsidered by numerous (expert) people in parallel, without the distraction of being in imminent, mortal danger.

The machines simply do what the human at the controls OUGHT to do, were (s)he not right there in the middle of fighting for their life.

In this case, the Russian pilot and the Swiss controller made the ultimate human mistake of second-guessing the protocol set in place by cooler heads, and enacted by silicon. The controller got spooked by noticing the danger late, and issued a "descend" instruction to try and regain control of a situation that he was not prepared to handle in that very instant. The controller must not have been fully aware of the situation, a typical problem humans have in stressful moments that require a decision. The pilot got confused and frightened by the impending collision, and trusted a live human instead of the prerecorded one which was leading him to safety. Also, a typical human reaction.

The programmed reflex of automatic safety systems is for from arbitrary. It is the result of considerable research, and in a great many ambiguous situations which tend to render human judgment useless and erratic, it is capable to doing instantaneous threat assessment, of prioritizing information, and of recommending, or outright taking, proper corrective action.

Yes, certainly, there are situations in which human ingenuity is by far superior to programmed reflex. Anything requiring creativity, for example, or improvisation in a completely new situation, is not something that can be programmed.

Aircraft collision avoidance is not something that takes creativity or improvisation. It takes nerves of steel, and until humans have these, they have to learn to trust nerves of copper, and brains of silicon.

We built these machines to serve and protect us in exactly these sorts of situations. To second guess them at precisely the moment and situation for which they were created is to deny their existence entirely. You might as well rip them out of the console altogether. Ignoring the AI reflex is like laying aside your hammer, and trying to drive nails with your fist. We make these tools to improve our lives, not as useless artifacts.

[TINK5C] |"Is K5 my kapusta intellectual teddy bear?"| "Yes"

One thing you've overlooked (2.00 / 2) (#64)
by smallstepforman on Tue Jul 09, 2002 at 07:10:14 PM EST

Ever hear of computer bugs? Humans must be the final decision makers.

[ Parent ]
Counterpoint (5.00 / 1) (#66)
by Keepiru on Tue Jul 09, 2002 at 07:47:18 PM EST

Actually, that's not entirely true.  There may be times when you *don't* want a human to be able to make a decision.  It's rare, but possible.

That's beside the point, though.  In this case, clearly the pilot should have the last word.  The point in question is what that pilot should be basing his decision ON.  In this case, he was basing his decision on the recommendation of someone with less information he had.

Better communication would have helped.  Simply asking "Are you sure? The computer says to climb." would have fixed this.

--Kai
--slashsuckATvegaDOTfurDOTcom


[ Parent ]

Counterpoint (5.00 / 3) (#69)
by jabber on Tue Jul 09, 2002 at 08:28:25 PM EST

First off, bugs are nothing but human error with a time delay. They are a combination of two or three factors: Poor design, poor implementation and poor testing. They're not moths stuck in relays. The sooner coders start taking some responsibility, and the sooner management lets coders have the time they need to do it right, the sooner we'll see better code. Fortunately, proper resources and motivations are already in place for most of the safety critical stuff.

Second, I will bet you dollars to donuts that a single human decision-maker is infinitely more fallible than a system designed by a cadre of professionals. This goes quadruple for certified safety systems that have gone through rigorous Validation and Verification protocols. Claiming that "bugs" make safety systems less reliable than the judgment of a single human only shows a lack of appreciation for the effort needed to get a safety-critical system to pass muster.

Please take all this with a grain of salt due to someone who has written nuclear plant monitoring system software - my code is currently running in 4 plants in South Korea.

[TINK5C] |"Is K5 my kapusta intellectual teddy bear?"| "Yes"
[ Parent ]

Pilot should have obeyed TCAS (4.88 / 9) (#45)
by Stereo on Tue Jul 09, 2002 at 11:37:24 AM EST

Pilots are instructed to obey TCAS immediately. If TCAS tells you you're going to hit something in a minute and shouts "CLIMB CLIMB CLIMB", you're supposed to ignore the air controller if you get conflicting directions from the tower.

This is a clear example of why pilots are doing this. Serious safety flaws in the swiss air traffic control system Skyguide have emerged. One air controller was on as unauthorized break and Skyguide have admitted their STCA (Short Term Conflict Alert) was down for maintenance at the time of the crash.

The STCA usually alerts controllers about 90 seconds before collisions. Controllers "see" planes as a pixel on their screens, surrounded by data such as altitude, flight number etc.. When the STCA detects a dangerous situation, the planes flash and a line appears between the two planes. When it is switched off, at least two controllers must be in the tower. As I said, the idiot who's now facing disciplinary sanctions had taken a break. The guy who was alone inside the tower couldn't deal with the situation.

TCAS isn't perfect. though. It nearly caused two 747 to collide in China in 1999. It turned out that TCAS miscalculated the aurcraft's attitude and the software watchdog that should shut TCAS down in these cases failed do so. But the Russian pilot not obeying TCAS while the DHL pilot did is apparently responsible for this crash


kuro5hin - Artes technicae et humaniores, a fossis


Methods of operation (none / 0) (#82)
by thebrix on Wed Jul 10, 2002 at 07:28:33 AM EST

But the Russian pilot not obeying TCAS while the DHL pilot did is apparently responsible for this crash

This may not be correct, depending on what both pilots were trained to do in the circumstances ('methods of operation'). If one was trained that TCAS overrides ATC instructions, and the other that ATC instructions override TCAS, there's a problem. Add what Swiss ATC was trained to expect from the pilots, and there may be a bigger problem.

I don't know what degree of standardisation of MOPs there is between airlines and ATC centres (there must be some), but there could well be confusion.

[ Parent ]

What?! (4.20 / 5) (#50)
by aluminumaloi on Tue Jul 09, 2002 at 01:41:15 PM EST

"Computer does its job perfectly. Human ignores computer, does own thing. Loss of human life. Therefore, computer is flawed."

What the hell kind of conclusion is that?

Isn't it obvious? (none / 0) (#71)
by fluffy grue on Tue Jul 09, 2002 at 09:02:24 PM EST

The computer gave the correct guidance, knowing full well that the distrustful humans would do the exact opposite, thus causing loss of life and the eventual overthrow of the pitiful fleshbags. Haven't you ever seen a techno-dystopian sci-fi movie?
--
I am a calm and tranquil flower.

Try the new Aborted Fœtus McFlurry! Cool and refreshing!
[ Hug Your Trikuare[ Parent ]

So... (3.60 / 5) (#51)
by trhurler on Tue Jul 09, 2002 at 01:41:19 PM EST

Does reality impinge upon your little world? Ever? The computer MADE THE RIGHT CHOICE. The ATC guy screwed up, but his error is forgivable. The real mistake is on the part of the pilot, who SHOULD HAVE DONE WHAT THE COMPUTER TOLD HIM TO DO.

This isn't hard. It isn't hard for pilots to do the right thing with one of these systems, and it isn't hard for you or me to understand how it is that the computer was right. The problem is not too many decision makers. The problem is that the pilot, who is the final decision maker, made the wrong choice in a simple case that is drilled into pilots' heads time and again and which they should NEVER get wrong.

A lot of people seem to want to blame automation, even when humans screw up and the automation gets it right. This smells and awful lot like idiocy and/or luddism(how conveniently redundant,) to me.

--
'God dammit, your posts make me hard.' --LilDebbie

Error (none / 0) (#62)
by Lord of the Wasteland on Tue Jul 09, 2002 at 05:35:10 PM EST

I agree that it seems silly to worry about the automatic collision avoidance system because it would have avoided the crash if the pilot had listened to it.

However, I disagree that the ATC made a "forgivable" error. He warned the pilot 44 seconds before collision, after the automatic system had already kicked in. The warning should have come earlier. He didn't inform the pilot of the cargo jet of anything. He repeated his warning without noticing that the cargo jet was already on a descending course. He let his co-worker leave his post even though the ATC collision detection system was offline.

It was the Russian pilot who made the forgivable error. ATC should have had a better picture of the overall situation than the pilot or his automatic system. The ATC directives came later, after the automatic ones, making them seem like the overrode the previous directives.

I think there is a case for questioning the level of automation, however. If the automatic collision avoidance system really should always be obeyed, why does the pilot have to make the manuver? Leaving that up to the pilot implies that there are times when the pilot should make a different choice.

[ Parent ]

Two things (none / 0) (#65)
by trhurler on Tue Jul 09, 2002 at 07:13:12 PM EST

First, the ATC man probably didn't have a choice about his co-worker. If you and I are keeping plates of explosives spinning on poles and I walk away, you can't exactly do anything about it, unless you want to get blown up. He was overworked, understaffed, and without proper equipment, and he almost certainly did the best he could. His slacker coworker ought to lose his job, but that's not the diligent employee's fault. I maintain that as far as we know, he did the best job he could in bad circumstances; his equipment was not sufficient and he was massively outnumbered.

Second, the Russian pilot went against flight rules. That's never a forgivable error. Even if nothing bad happens, that's still wrong, and when people die, it is even worse.

As an aside, the level of automation makes perfect sense. The airplane already has a perfectly good control system involving a pilot, some controls, some backups, and the control surfaces and throttle. Adding complexity to that just so a pilot doesn't have to respond to a climb or dive order is not reasonable; it increases the chances of critical malfunction drastically, whereas a competent pilot(and no others should be flying,) can easily remember to follow that system's orders. Order of precedence with only two or three options is something a human can do easily, and should NEVER get wrong if properly trained, whereas every moving part and line of code you add to a mechanical system is something else that can fail.

--
'God dammit, your posts make me hard.' --LilDebbie

[ Parent ]
Some good points (none / 0) (#75)
by Lord of the Wasteland on Wed Jul 10, 2002 at 02:09:57 AM EST

First, the ATC man probably didn't have a choice about his co-worker.

You could very well be right about this, and I shouldn't jump to conclusions before all the facts are in. Certainly he knew his co-worker had left (various reports say he was communicating on both frequencies) but not whether he tried to do anything/knew that it was not an appropriate time to take a break.

Second, the Russian pilot went against flight rules

Do you have a good basis for this? The only relevant quote I've heard is from a German pilot--I'm not sure the flight training is the same, and I'm not sure if there is a set "rule" about who to listen to.

BTW, the tile of my last post should have been "Human/Machine Error", I didn't mean to imply there was an error in your post.

[ Parent ]

training (none / 0) (#85)
by trhurler on Wed Jul 10, 2002 at 01:45:34 PM EST

I'm not absolutely certain, as I only know what I was told by another(US) pilot, and he might not know everything about foriegn pilot training either, but the impression I have is that commercial pilots are always supposed to obey that system if it is present, and are trained to do so. Really though, what seems odd to me is that there is no system for the onboard device to send notice of its instructions to relevant ATC people, seeing as that's info they might actually have a use for...

--
'God dammit, your posts make me hard.' --LilDebbie

[ Parent ]
Massively outnumbered? (none / 0) (#92)
by Aquablue on Thu Jul 11, 2002 at 05:04:55 AM EST

[The ATC] was massively outnumbered.

What is the basis for this assertion?
First, the number of planes in their airspace had just recently been reduced by 10%. Second, there were, apparently, only 5 planes in their aispace at the time of the accident, while the usual workload for a Skyguard ATC is anywhere from 20 to 40 planes.

Now how do you get from there to : ...massively outnumbered?


--- Aquablue

[ Parent ]
It strikes me that.. (4.50 / 2) (#56)
by csmiller on Tue Jul 09, 2002 at 03:48:44 PM EST

TCAS should automatically transmit to any ATC near by what instructions it has given, and this should be clearly indicated on the ATC's display. This would give a visual clue to the controller what TCAS is recommending, and will help prevent ATC coundermanding TCAS, as there is very little time left to avoid a collison. If the pilot has to press a button to acknowlage to TCAS that (s)he has understood and is obeying the instructions (or TCAS can snoop on the controls to tell for itself), then this should also be transmitted to the other plane, and to ATC.

Secondly, the Russian pilot, as soon as ATC told him to dive, should have responed ' Control, my T-CAS has advised me to climb, please confirm dive instruction', instead of, as it appears to have happened, ignoring the ATC. Perhaps he was to busy to respond the first time, but if he thought ATC was being stupid, then he should have said something. Since, IIRC, both cockpit vocie recorders were too badly damanged, we may never know what he thought.

The first will (hopefully) stop errors like this happening again, the second may have stopped this this one

Ever listen to ATC onboard a flight? (4.50 / 2) (#57)
by GGardner on Tue Jul 09, 2002 at 03:54:48 PM EST

I did this on a recent trans-Atlantic flight, and boy was I scared!  At least ten times, there was miscommunications between the ground controller and a pilot.  A typical example:

ATC:  United 432 please climb to flight level 350.
<no response>
ATC:  Repeat, UA 432 please climb to FL 350.
<no response>
Pilot: Um, this is UA 423, was that meant for us?
ATC: Ooops, right, UA 423 please climb to FL 350.

and other similar examples.  Makes me wish for _more_ automation, and less humans in the loop!


Um (none / 0) (#68)
by ghjm on Tue Jul 09, 2002 at 08:22:05 PM EST

How did you do this? Smuggle a radio on board and hide it from the stewardess?

[ Parent ]
Re: ATC (5.00 / 1) (#70)
by wierdo on Tue Jul 09, 2002 at 08:31:19 PM EST

United Airlines has the ATC radio on one of the channels of the in flight entertainment system. IIRC, it's Channel 9. Some pilots dislike it, however, and turn it off.

-Nathan



[ Parent ]
No need to smuggle, as I understand (none / 0) (#83)
by marxmarv on Wed Jul 10, 2002 at 10:33:51 AM EST

I have been told by a source of average reliability that flight crews will not give you grief over an approved aviation radio. I haven't carried one onboard myself, so I am interested in whether others' experiences agree with this.

-jhp

[ Parent ]

Why does TCAS do all of that negotiating (3.00 / 1) (#72)
by cs668 on Tue Jul 09, 2002 at 09:44:25 PM EST

I read that if the collision avoidance system is installed in both planes they negotiate with each other to descide what the pilots should do. Why so complicated couldn't you just have a rule that if there is a collision warning everyone just turns as hard as possible to the right? I am not a pilot so I am curious about this - any info would be apreciated.

It's not always head-on (none / 0) (#73)
by xriso on Tue Jul 09, 2002 at 10:21:28 PM EST

Think about all the possible interactions - obviously they have to be at close elevations to collide, but on that plane, there are a variety of initial configurations. Also consider the case where one pilot does not take heed to the warning.
--
*** Quits: xriso:#kuro5hin (Forever)
[ Parent ]
Doesn't always work. (none / 0) (#87)
by awgsilyari on Wed Jul 10, 2002 at 03:35:31 PM EST

Turning hard right is ok, if both planes do it. But not every aircraft has TCAS, so the system has to be able to work without negotiation.

The system is actually quite similar to minimax search. The system makes the assumption that the other plane is actively trying to collide with you, and decides what to do from that basis. Basically it's a matter of "If I do this, then he'll do that, or maybe that, and then I'll do this, and he'll respond like this..." The idea being that if you can avoid a collision with an active opponent, surely you can avoid a collision with a passive craft.

If TCAS always decided to "turn right," as you suggest, then a malicious party could use this to his advantage in trying to collide with the aircraft.

--------
Please direct SPAM to john@neuralnw.com
[ Parent ]

TCAS False Alarms (4.00 / 1) (#77)
by Renegade Lisp on Wed Jul 10, 2002 at 04:34:45 AM EST

Many people have said that it was clearly the Russian pilot's fault because a pilot should never ever disobey what the computer tells him.

Well, on the site of the company who built TCAS, they admit that at least earlier versions of TCAS (in the early 1990s) gave lots of false alarms all the time. TCAS would go off during approach, when airplanes are naturally closer to another, and it would also be triggered by transponders of ships and other devices.

The article continues:

"There was a growing tendency among pilots to ignore the advisory, even when they didn't necessarily have full knowledge of the situation. Everyone was concerned that one day they would ignore one that was necessary."
Presumably, the situation has changed a lot since then, but on the other hand, what would you expect the company who builds it to say?

Maybe there's a pilot around here who could comment on this? Does TCAS sometimes give false alarms? Do pilots have a clear and unmistakable order to always follow the TCAS "advisory"?

TCAS vs. ATC (5.00 / 2) (#90)
by phliar on Thu Jul 11, 2002 at 12:15:51 AM EST

Full disclosure: I am an instrument rated pilot. However I do not fly jets.
A spokesman of the German pilots' association ("Cockpit") commented that the Russian pilot should have obeyed the TCAS system, not the air traffic controller. Controllers only give "instructions with an advisory character," he said.

To me, this is scary.

Why? The pilot is the one flying the plane. The "controller" tells the pilot what she'd like him to do. The priority order is "Skin, Tin, Ticket" i.e. saving people comes first; saving the airplane is second; and following instructions from ATC and other authorities comes in last. Just like "Aviate, Navigate, Communicate." Therefore a TCAS command to the pilot (called an RA, a resolution advisory) takes precedence over ATC. If you get an RA to descend, the pilot should immediately dive, and call "TACAS descend" on the radio, which is supposed to advise other aircraft and ATC.

One of the causes here is that one of the pilots obeyed an ATC instruction instead of the TCAS RA. The other pilot did follow the RA, and seems to even have made the call on the radio.

However ATC giving clearances to pilots that are close enough to result in an RA during cruise is completely unacceptable. The real problem we should be trying to fix is the ATC system that puts airplanes on converging courses at the same altitude. It may be understandable in the terminal environment during a busy push, but apparently there were only five airplanes in the sector that night.

It's very easy to put all the blame on the dead guys. (My being a pilot probably has something to do with why I feel this way.)

why did the controller order the descent?
The controller knew the airplanes were on the same altitude on converging tracks; the plan was that the Bashkirian would descend, the DHL would stay at the same altitude. So another contributing cause is that ATC left this too late.

The real problem we should be trying to fix is the ATC system that puts airplanes on converging courses at the same altitude. It may be understandable in the terminal environment during a busy push, but apparently there were only five airplanes in the sector that night.

It's very easy to put all the blame on the dead guys. (My being a pilot probably has something to do with why I feel this way.)

A while back, I heard an expert in the field comment that the TCAS design is seriously flawed. In its initial design, it was only meant to warn the pilots of an impending collision, and let them sort it out by themselves ("Look, we're on a collision course, you go up, I go down").
It may be (is!) true that TCAS is flawed, but your proposal is, I fear, even worse. The most likely time for airliners to come close to one another is near an airport, at a busy time. Coincidentally that also happens to be when the frequency is busiest. Furthermore, the pilots will have about 30 seconds to negotiate and cooordinate evasive manouevres; and they need to stay away from other airplanes while doing that manouevre. You think two humans can actually do all that when it's hard enough to say anything on the frequency in the normal course of things? Oh, and they're flying the airplanes too.

The collision avoidance problem is very hard. It's not just the two airplanes' TCAS units that need to coordinate, but all units. It's a distributed predictive algorithm. There are ground-based systems that try to solve this problem too (which in my opinion is the right place for this) but it was down for maintenance that night.


Faster, faster, until the thrill of...

Last Seconds (none / 0) (#95)
by martinroell on Fri Jul 19, 2002 at 03:00:50 PM EST

After the analysis of the flight recorders it has now been reconstructed what the last seconds before the crash looked like, as the German News Magazine "Spiegel" reports. It documents the problems that occur when machine-machine, man-machine and man-man communication meet in critical situations very dramatically.

How To Avoid A Collision | 96 comments (82 topical, 14 editorial, 0 hidden)
Display: Sort:

kuro5hin.org

[XML]
All trademarks and copyrights on this page are owned by their respective companies. The Rest 2000 - Present Kuro5hin.org Inc.
See our legalese page for copyright policies. Please also read our Privacy Policy.
Kuro5hin.org is powered by Free Software, including Apache, Perl, and Linux, The Scoop Engine that runs this site is freely available, under the terms of the GPL.
Need some help? Email help@kuro5hin.org.
My heart's the long stairs.

Powered by Scoop create account | help/FAQ | mission | links | search | IRC | YOU choose the stories!