Cirrus Death Trap?

Recently, Mxsmanic posted:

Nothing prevents you from flying with such equipment, if you choose
not to believe me (or if you enjoy taking risks). But I would suggest
that you limit your flights to VMC if you are using glass instruments,
and not fly anything that gives glass avionics control over the
aircraft unless you have a positive way of disconnecting that control.

And, your basis for this "suggestion" is...?

Just because the computers you borrow from others are unreliable does not
impact the reliability of aviation electronics. Perhaps you should read up
on the reliability of traditional gauges before making such absurd and
ill-informed "suggestions".

Neil

Neil Gould writes:

And, your basis for this "suggestion" is...?

My experience with computers.

Just because the computers you borrow from others are unreliable does not
impact the reliability of aviation electronics. Perhaps you should read up
on the reliability of traditional gauges before making such absurd and
ill-informed "suggestions".

I know a great deal about computers, but I don't tell other people
that they are absurd and ill-informed just because they know less.
Ponder on that.

--
Transpose mxsmanic and gmail to reach me by e-mail.

"Mxsmanic"
Neil Gould writes:

And, your basis for this "suggestion" is...?

My experience with computers.

Just because the computers you borrow from others are unreliable does not
impact the reliability of aviation electronics. Perhaps you should read
up
on the reliability of traditional gauges before making such absurd and
ill-informed "suggestions".

I know a great deal about computers, but I don't tell other people
that they are absurd and ill-informed just because they know less.
Ponder on that.

I have. So identify some "computers" that you have concluded are acceptably
trustworthy in similarly critical situations. I won't bother to ask you to
explain the reasoning behind your answer. Just want to see you hoist
yourself even further.

m

Happy Dog writes:

I have. So identify some "computers" that you have concluded are acceptably
trustworthy in similarly critical situations.

The ones NASA put in Apollo spacecraft are acceptably trustworthy, as
are some others used on certain other craft (such as some Space
Shuttle computers), based on what I've heard of their development
process. Some avionics software is trustworthy, but less and less of
it.

--
Transpose mxsmanic and gmail to reach me by e-mail.

Recently, Mxsmanic posted:

Neil Gould writes:

And, your basis for this "suggestion" is...?

My experience with computers.

Just because the computers you borrow from others are unreliable
does not impact the reliability of aviation electronics. Perhaps you
should read up on the reliability of traditional gauges before
making such absurd and ill-informed "suggestions".

I know a great deal about computers, but I don't tell other people
that they are absurd and ill-informed just because they know less.

And, of course, you've missed the point entirely. Things fail in aircraft.
Traditional gauges rely on mechanics that have more than one failure mode,
and at some point *will* fail. Pilots train from early in basic flying
lessons on how to recognize and deal with these failures so that they
don't become catastrophic events. Pilots train to deal with glass panel
failure, just as with traditional gauges, and there is no reason to think
that the loss of a glass panel will be any more dangerous than the loss of
electrical power or a vacuum pump in a plane with traditional gauges. If
anything, glass panel failure is likely to be *less* dangerous, because
certification of aircraft requires backups of critical functions with
traditional gauges, something not required in other aircraft. Therefore,
your "suggestion" has no valid basis, and only adds to the FUD factor that
many of your posts reflect.

Finally, you should be able to tell the difference between someone calling
you "absurd and ill-informed" and calling your suggestion "absurd and
ill-informed". In case you can't; my comment was NOT an ad-hominem attack
on you personally.

Neil

Neil Gould writes:

And, of course, you've missed the point entirely. Things fail in aircraft.

That is not the point.

The point is that glass cockpits are orders of magnitude more complex
than traditional cockpits. They cannot be fully tested and still be
kept affordable. They depend on computers rather than mechanical
parts, and are thus prone to have undiscovered and catastrophic
failure modes.

Traditional gauges rely on mechanics that have more than one failure mode,
and at some point *will* fail.

All mechanical devices are constrained in their failure modes by the
natural physical laws affecting their components. Computerized
devices have no such constraints, and can (and do) fail
catastrophically in many cases.

It is impossible for a physical throttle control to move
instantaneously from full throttle to idle, but a digital throttle
setting in a FADEC can easily move from 99 (full throttle) to 00
(idle) with a single incrementation, by rolling over. This is a
typical type of catastrophic failure mode.

Pilots train from early in basic flying
lessons on how to recognize and deal with these failures so that they
don't become catastrophic events.

Their training includes nothing at all concerning computer failure
modes. Even if it did, they would not necessarily be able to deal
with the type of catastrophic failures that computer systems can
experience.

Pilots train to deal with glass panel
failure, just as with traditional gauges, and there is no reason to think
that the loss of a glass panel will be any more dangerous than the loss of
electrical power or a vacuum pump in a plane with traditional gauges.

Anything driven by a computer is potentially more dangerous because
there is no connection between the computerized representation of the
physical world and the actual physical world. Thus, there are no
constraints on failure modes, and computers lack the tendency to fail
safe that mechanical systems have.

If anything, glass panel failure is likely to be *less* dangerous, because
certification of aircraft requires backups of critical functions with
traditional gauges, something not required in other aircraft.

Glass panel failures are dangerous because pilots don't realize how
glass panels can fail, and because glass panels may be given full
authority over certain functions without any possibility of a
mechanical pilot override.

I've been interested in this domain for the past quarter-century or
so, and I've learned much about it. What I know worries me,
especially when I see wholesale adoption of untested, unverified
computer systems in life-critical applications.

--
Transpose mxsmanic and gmail to reach me by e-mail.

Recently, Mxsmanic posted:

Neil Gould writes:

And, of course, you've missed the point entirely. Things fail in
aircraft.

That is not the point.

The point is that glass cockpits are orders of magnitude more complex
than traditional cockpits. They cannot be fully tested and still be
kept affordable.

The main difference between glass panels and mechanical gauges is the
method of feeding sensor information to the pilot. That doesn't require
any complex software that can't be thoroughly tested. In fact, it doesn't
require software at all; control of display information can be done in
firmware that has been thoroughly tested, and many avionics do exactly
that. Complex PFDs are an integration of mulitple subsystems into a single
display presentation, and can be just as reliable -- or unreliable,
depending on one's point of view -- as traditional cockpits.

They depend on computers rather than mechanical
parts, and are thus prone to have undiscovered and catastrophic
failure modes.

Regardless of how many "catastrophic failure modes" might exist in a glass
panel, they will present the same level of risk to the pilot of GA
aircraft.

Traditional gauges rely on mechanics that have more than one failure
mode, and at some point *will* fail.

All mechanical devices are constrained in their failure modes by the
natural physical laws affecting their components.

That doesn't make one bit of difference, given that the failure modes are
numerous and can present a serious problem in and of themselves. Having
experienced a vacuum pump failure early in my training, I can tell you
that I'm glad I wasn't in IMC at the time. Yet, pilots with IFR ratings
can and do survive vacuum system failures in IMC.

Computerized
devices have no such constraints, and can (and do) fail
catastrophically in many cases.

It really doesn't matter, but then, as you've had no training whatsoever,
you wouldn't know that.

It is impossible for a physical throttle control to move
instantaneously from full throttle to idle,

Oh? What happens if the throttle cable breaks? All mechanical functions
have their failure modes, and to think that there are none for such things
as throttles is pretty risky. It's that attitude thing I've been talking
about lately.

Pilots train from early in basic flying
lessons on how to recognize and deal with these failures so that they
don't become catastrophic events.

Their training includes nothing at all concerning computer failure
modes. Even if it did, they would not necessarily be able to deal
with the type of catastrophic failures that computer systems can
experience.

The most serious failure of a glass panel would be that it shuts down
completely. That should not result in a catastrophic event, given that
critical functions are duplicated by mechanical gauges. It seems like a
big problem to you because your entire perspective revolves around a
computer, but flying real airplanes involves a lot more than that, as you
have been told numerous times, now.

Pilots train to deal with glass panel
failure, just as with traditional gauges, and there is no reason to
think that the loss of a glass panel will be any more dangerous than
the loss of electrical power or a vacuum pump in a plane with
traditional gauges.

Anything driven by a computer is potentially more dangerous because
there is no connection between the computerized representation of the
physical world and the actual physical world. Thus, there are no
constraints on failure modes, and computers lack the tendency to fail
safe that mechanical systems have.

What "fail safe" did you have in mind w/r/t mechanical systems?
Apparently, you are completely unaware of the possible failure modes of
traditional cockpits. The only "fail safe" that I'm aware of is the
training of the pilot and their ability to arrive at viable alternatives
when something breaks.

If anything, glass panel failure is likely to be *less* dangerous,
because certification of aircraft requires backups of critical
functions with traditional gauges, something not required in other
aircraft.

Glass panel failures are dangerous because pilots don't realize how
glass panels can fail, and because glass panels may be given full
authority over certain functions without any possibility of a
mechanical pilot override.

Once again, you've missed the point entirely. Ultimately, it doesn't
matter why the panel fails, and nobody in their right mind is going to
worry about why it failed while they're flying the plane. All that is
necessary is that the failure is recognized, which pilots are trained to
do, just as they are with mechanical gauges.

Neil

Yeech.

In the interest of educating the people reading this thread about how
embedded electronics are designed - and in doing so increase the signal
to noise ratio - I am going to spout off about how electronics like
this are designed. While I do not have specific information about how
a/c electronics are designed, I have enough designs under my belt to
speak about these systems in general.

I fully expect MX to reply to this with more "correct sounding"
misinformation - don't believe it.

While it is true that "computers" are notoriously unreliable (and I
put quotes around computers to denote commodity computer hardware that
you can buy at your local computer store) embedded hardware is designed
to be extrodinarily robust. Most embedded hardware is at least
partially redundant. (Modern aviaonics qualifies as an embedded
system)

Embedded systems that are designed when human lives are on the line
ALWAYS fail safe and almost always have completely separate redundant
systems. Embedded hardware that runs software always has multiple
forms of backups. Software has internal, low-level status monitors
verifying the software's operation. Microprocessors have internal and
external "watchdogs" to make sure that the software is performing
correctly. When a fault is detected in the processor, there can be an
analog backup to the microprocessor that gives limited but core
functionality. Multiple sensors are combined to verify that one errant
sensor will not take down the system or give incorrect information.
Novel checking techniques are used to verify the health and wiring of
the unit to the sensors.

To give a real life example, a fire alarm panel that is in charge of
evacuating a building has a microprocessor and runs software. If the
software fails, the hardware has the ability to reset the software to
get the software to work again. If this fails, there is analog
circuitry that can function without the microprocessor. (You lose some
functionality, but you still get people out of the building in case of
a fire). There are battery backups that can power all of the
annunciators in case of a power outage. The panel can detect the
health of the wiring to the detectors and annunciators and indicate
failures in both. There are even techniques where the panel will not
evacuate unless it gets confirmation of a fire from its "nearest
neighbor" detector to prevent false alarms. As a final piece, it must
be tested to ensure that the fire panel cannot cause a fire on its own.

Bottom line is this: just because "computers" are unreliable doesn't
mean electronics and other types of hardware equipment are unreliable
as well. To prove my point, if anyone has a G1000 they would be
willing to have an engineer tear down and show these types of
redundancies, I'll give you my address. ;-)

Mark

As an aside, I didn't understand how anyone could get so fired up about
MX's misinformation - until he started spouting misinformation about
stuff I do. The more I live, the more learn to try to walk in other
people's shoes...

girmann writes:

While it is true that "computers" are notoriously unreliable (and I
put quotes around computers to denote commodity computer hardware that
you can buy at your local computer store) embedded hardware is designed
to be extrodinarily robust. Most embedded hardware is at least
partially redundant. (Modern aviaonics qualifies as an embedded
system)

The failures in glass cockpits are most likely to be software
failures, not hardware failures.

Embedded systems that are designed when human lives are on the line
ALWAYS fail safe and almost always have completely separate redundant
systems.

Not true, unfortunately. Think Therac-25.

To give a real life example, a fire alarm panel that is in charge of
evacuating a building has a microprocessor and runs software. If the
software fails, the hardware has the ability to reset the software to
get the software to work again.

If the software fails, the system is already defective.

Bottom line is this: just because "computers" are unreliable doesn't
mean electronics and other types of hardware equipment are unreliable
as well.

True. Unfortunately, when the overall safety of the system depends to
any degree upon software, the reliability of the electronics and
hardware do not suffice.

To prove my point, if anyone has a G1000 they would be
willing to have an engineer tear down and show these types of
redundancies, I'll give you my address. ;-)

You need to look at the code, not the hardware.

--
Transpose mxsmanic and gmail to reach me by e-mail.

Did you read the thread about NW Pilot having his G1000 Garmin go
bonkers at night over the Atlantic in IMC during a ferry flight to
Lebanon? It was caused by the fuel senders, definately a software
glitch. The darn thing kept rebooting every minute or so. He had to
rely on his handheld GPS, HF radio, and steam gyros to make it back to
Greenland.

Bud

Neil Gould wrote:
Recently, Mxsmanic posted:

Nothing prevents you from flying with such equipment, if you choose
not to believe me (or if you enjoy taking risks). But I would suggest
that you limit your flights to VMC if you are using glass instruments,
and not fly anything that gives glass avionics control over the
aircraft unless you have a positive way of disconnecting that control.

And, your basis for this "suggestion" is...?

Just because the computers you borrow from others are unreliable does not
impact the reliability of aviation electronics. Perhaps you should read up
on the reliability of traditional gauges before making such absurd and
ill-informed "suggestions".

Neil