Interesting story. Raises one question for me: By what process is the integrity of the software used for all the functions of a fly-by-wire plane insured? I mean, at each update, you install a new version, and I have to believe that's a pretty secure process. But is it technically possible to alter what is there in some way without detection?

All new versions of software should be subjected to extensive functional testing before deploying into the field. It is possible that a new feature could affect functionality that worked 100% in the previous version. Testing could never have 100% coverage, so it is possible that a specific scenario was not tested, or tested insufficiently.

I can't really see how the data could be corrupted - correct me if I'm wrong here Verbal, but the Boeing guys use a second hand thumbdrive (geez they are cheap on ebay), or if they have run out they'll borrow a camera memory card from a photographer/spotter that often wait outside the plant for some shots of one of the latest models. Mind you if they are going to borrow an SD card, they make sure its an SDHC and only a quality brand. They will delete just enough space to fit the latest software upgrade on it, then Mabel in the mailroom (is she still there Verbal?) will pop it in an envelope and send it by standard mail - usually to the catering section that services that airline in that city. The logic here is it's much more convenient that when the guys are delivering a fresh batch of meals to a flight that the bloke unloading the carts can pop the thumbdrive or SD card directly into the flight control computers for the download. Done this way, it saves the pilots and airline engineers from having to interrupt their day - an additional bonus is that it can help break the bordom on a long flight if the flight crew suddenly get a surprise because the upload that they knew nothing about had a few bits of malware loaded too from the thumbdrive.

So, yeah, I'd say pretty foolproof.

Re. transferring an update thru manufacturing, distribution, airlines, and installing it into an airplane ... well that's infinitely secure.

They encrypt the software update, digitally sign it, and through the use of approved equipment they can guarantee the software is properly installed on the plane.

Even if one uses an off the shelf broken (or not) flash memory card the protection software in the plane would check the integrity of the file and if at least one bit is altered or in the wrong place then the plane's computer would not accept it at all !!!

There is a way of installing tampered software but it would require hundreds of computers running for hundreds of years to get the correct cross checking digital signatures. It's like figuring out Obama's password to launch a nuke.
.

you are on a roll!

I am not trying to be antagonistic here but how is this a near crash? The plane never dropped below 35,000. Also, is there any official reports about this incident? I couldn't seem to find any.

Voila,

http://www.atsb.gov.au/publications/...503722_001.pdf

http://en.wikipedia.org/wiki/Air_Dat...Reference_Unit
.

Well, if nothing else, this makes me a supporter of the Boeing philosophy that says let the humans sort out what human (programmers) mess up. Excessive faith in computing machinery that is obviously out of its depth or simply flying beyond the scope of the testing sounds doctrinaire to me. "To err is human. To completely screw things up takes a computer." Computers are my life (at least since 1973), so I don't see them in the golden glow that people in other specialties see them in. The biggest part of my job is to call the people who wrote something that just blew up so they can coax the results out of it. We do have one manager who loves the word "automation", but he never follows through on it because the computers aren't playing ball.

That being said, we'd live in a totally different world without process automation. So there's no going back. But I like Boeing's pragmatic approach. Let the computers do their max, with the humans being there ready to take on anything beyond.

Of course, that does presume you TRAIN the humans to work in environment you've created. I'd think this was a "duh" thing if I hadn't read a bunch of things since AF447 went down that make me suspicious that the training wasn't up to snuff.

I sincerely hope that the pilots that fly e.g. A380 etc. started off their flying careers on GA, such as C172? That way, at least when computers crash around them, they'd be able to fall back on their "feel" for hand-flying the bigger machine!

I suspect when those computers "crash" so completely in the way that's being suggested, and the pilots then attempt to deflect Ailerons, Rudder and Elevators the size of a family car in 500mph windspeeds on their Boeing 777 without anything more than their mechanical linkages, it won't much matter whether that plane was made in France, Florida, Belgium or the Moon or what design ethos it used.

Which probably goes to show that the new generation airliners are unflyable without the computers, right?

That last statement impels me to offer a clarification. In corporate computing, there is as much automation as the processes can handle. And I gather in all planes of any size, there is fly-by-wire of some degree or other. So there is no "manual option" as once existed. The pilot has to make the decisions and input the "data" that flies the plane. That is consistent with my experience on digital computers. When our automation fails, we don't pull out calculators. We don't even start running programs. Predominantly, we resolve the source of abended processes and either restart jobs at the step where it errored out. Or manually do what the automated process was accomplishing (such as a network back terminated by connectivity loss, execute the backup command once the connectivity is restored) and then manually mark the job as successfully completed.

I would expect something comparable flying a plane. Determine from instruments what thrust, attitude, or whatever is needed and move the controls to achieve that result. Doesn't necessarily mean skirting around the automation, which may be impossible, just making human decisions in place of the computer's decisions. I mean, if the computer automatically turns off autopilot, it seems to me that is what it is trying to say to the pilot: "Something doesn't compute. Clear it up and then resume autopilot when you think it is safe". That equates to a lot of error messages I see frequently. It's reverting to a lower level of automation. I can tell you that this is absolutely necessary. If the developers don't include that in their code, automated processes become very dangerous.

Not sure how accurate the YouTube thing tells the story, but what makes me think ...
> ADIRU failure is detected and Autopilot and Autothrust is not automatically disconnected?
> the pilot needs a damn minute to figure that Autothrust is pulling back the levers, then he finally disconnects Autothrust.

OK, read the report. At least a bit. One IRU failed back in 2001 (no one recognized it??), when the second failed there was no chance to figure out which was right and which was wrong.

Crew performance pitiful again. When UNRELIABLE AIRSPEED oder ADIRU FAULT is sensed, immediately switch off all automation, select a "good" N1 and fly the aircraft manually. One guy flies and does nothing else. Then start trouble shooting by clearing airspeed indicators and ADIRUs. I don't know what they did, but apparently they relied on help from above (or from below, as they are sitting over the avionics compartment).

In this case no big difference between Airbus and Boeing. The Airbus flight control laws are normally pretty sensible and kill themself when detecing issues with either airspeed or inertial reference. The pilot must be able to manually fly the aircraft, and he must know what to do and take clear action and not try to fly "half-automated".
Basic flying skills are getting increasingly lost.





Oops, Boeing names it Autothrottle. Pudden me.

Well the "accuracy" of the uTube "thing" is based on the mute animation provided by the ATSB based on FDR data (just turn off volume).
.