A400m New strategic and tactical airlifter for the RAF
Discussion
Trexthedinosaur said:
How many millions, if not billions of potential, 'what if' scenarios could be encountered by a military aircraft?
makes zero odds what the aircraft is, this is the FADEC computer, all it cares about is controlling an engine, you could argue this is exactly the same function a car's ECU has, with the same table-based maps, corrections, parameters, etc.now, I am pretty sure if you delete the drive-by-wire table(s) from an OEM ECU, it would simply fail to start and bring up the MIL light and corresponding error codes - and this assumes it would actually pass basic checksums on booting up.
What I don't get is how you can have a system that allows the engine to start, reach take-off power, before it realises a table/file is missing?
from a software/firmware perspective, that's a massive failure.
Bare in mind this is not the flight control computers, with many millions of lines of code, it's a FADEC just to run the engine.
Scuffers said:
Trexthedinosaur said:
How many millions, if not billions of potential, 'what if' scenarios could be encountered by a military aircraft?
makes zero odds what the aircraft is, this is the FADEC computer, all it cares about is controlling an engine, you could argue this is exactly the same function a car's ECU has, with the same table-based maps, corrections, parameters, etc.now, I am pretty sure if you delete the drive-by-wire table(s) from an OEM ECU, it would simply fail to start and bring up the MIL light and corresponding error codes - and this assumes it would actually pass basic checksums on booting up.
What I don't get is how you can have a system that allows the engine to start, reach take-off power, before it realises a table/file is missing?
from a software/firmware perspective, that's a massive failure.
Added to the other massive failure (admitted by AB) that the software was corrupted at upload during construction - with no apparent checks that it is what it should be at any subsequent stage.
That's no different to the crash being caused by the wings falling off because no one installed the spar bolts on the line and no one ever checked......
aeropilot said:
Indeed.
Added to the other massive failure (admitted by AB) that the software was corrupted at upload during construction - with no apparent checks that it is what it should be at any subsequent stage.
That's no different to the crash being caused by the wings falling off because no one installed the spar bolts on the line and no one ever checked......
But it was checked on start up and passed? Added to the other massive failure (admitted by AB) that the software was corrupted at upload during construction - with no apparent checks that it is what it should be at any subsequent stage.
That's no different to the crash being caused by the wings falling off because no one installed the spar bolts on the line and no one ever checked......
You must remember Airbus manufacture(read assemble) A/C, they do not design nor build every single component on the A400M, most equipment and systems supplier are given a spec of what Airbus require and have their own authority to design and build said component to the Airbus specification.
Trexthedinosaur said:
But it was checked on start up and passed?
You must remember Airbus manufacture(read assemble) A/C, they do not design nor build every single component on the A400M, most equipment and systems supplier are given a spec of what Airbus require and have their own authority to design and build said component to the Airbus specification.
and therein lies the problem, it's a QC issue as much as a design failure.You must remember Airbus manufacture(read assemble) A/C, they do not design nor build every single component on the A400M, most equipment and systems supplier are given a spec of what Airbus require and have their own authority to design and build said component to the Airbus specification.
reading between the lines of the reports, it looks like the SW loaded was the 'test' version from the engine manufacturer, ie, what was used to 'bench' run the engines pre-delivery to AB.
for whatever reason, this never got properly replaced on delivery or installation and then not picked up by any QC process, startup checks, etc etc.
this is not some single failure, but the result of a whole chain of poor decisions in design though to poor quality control for all involved.
This is an ever increasing problem with projects that get very large and include a lot of different companies/departments/etc. where loss of oversight at the top into the detail below leave holes that although individually are small and relatively innocuous, when they suddenly all line up, turn into something catastrophic.
Scuffers said:
and therein lies the problem, it's a QC issue as much as a design failure.
reading between the lines of the reports, it looks like the SW loaded was the 'test' version from the engine manufacturer, ie, what was used to 'bench' run the engines pre-delivery to AB.
for whatever reason, this never got properly replaced on delivery or installation and then not picked up by any QC process, startup checks, etc etc.
this is not some single failure, but the result of a whole chain of poor decisions in design though to poor quality control for all involved.
This is an ever increasing problem with projects that get very large and include a lot of different companies/departments/etc. where loss of oversight at the top into the detail below leave holes that although individually are small and relatively innocuous, when they suddenly all line up, turn into something catastrophic.
But it did pass all the above tests, I wouldn't say its poor decisions or poor design its a mis-alignment because of the sheer size and complexity, I believe each individual aspect becomes a 'silo' and as such the cross communication between multiple teams, in multiples companies across multiple countries becomes quite an uphill struggle (which I am familiar with!).reading between the lines of the reports, it looks like the SW loaded was the 'test' version from the engine manufacturer, ie, what was used to 'bench' run the engines pre-delivery to AB.
for whatever reason, this never got properly replaced on delivery or installation and then not picked up by any QC process, startup checks, etc etc.
this is not some single failure, but the result of a whole chain of poor decisions in design though to poor quality control for all involved.
This is an ever increasing problem with projects that get very large and include a lot of different companies/departments/etc. where loss of oversight at the top into the detail below leave holes that although individually are small and relatively innocuous, when they suddenly all line up, turn into something catastrophic.
If it was up to me then I would bring as much as possible back in house, which whilst not the smartest business wise gives you a much greater control over QC, process control and removes the 'us vS them' conflict between two companies as you would be all one big company.
If you break down the Supply Chain of just one Systems / Equipment its astonishing how many tiers of Sub Tiers across how many countries / cultures / time zones etc.
Trexthedinosaur said:
But it did pass all the above tests, I wouldn't say its poor decisions or poor design its a mis-alignment because of the sheer size and complexity, I believe each individual aspect becomes a 'silo' and as such the cross communication between multiple teams, in multiples companies across multiple countries becomes quite an uphill struggle (which I am familiar with!).
If it was up to me then I would bring as much as possible back in house, which whilst not the smartest business wise gives you a much greater control over QC, process control and removes the 'us vS them' conflict between two companies as you would be all one big company.
If you break down the Supply Chain of just one Systems / Equipment its astonishing how many tiers of Sub Tiers across how many countries / cultures / time zones etc.
if it passed the tests, then the tests are deficient, simple as that.If it was up to me then I would bring as much as possible back in house, which whilst not the smartest business wise gives you a much greater control over QC, process control and removes the 'us vS them' conflict between two companies as you would be all one big company.
If you break down the Supply Chain of just one Systems / Equipment its astonishing how many tiers of Sub Tiers across how many countries / cultures / time zones etc.
I understand your point about bringing it all in-house, but that's simply not practical, and even if it was, you will get the same inter-division communication problems, just in-house ones.
at the end of the day, this is a project management failure, the processes/checks/signoffs clearly left holes, and once said holes lined up, they lose a plane and 4 people.
there is no excuse for this, it's not like the Comet moment (of a new phenonium coming and biting you), it's one of poor design, QC systems, and management, it was not a technical failure per say.
Saying its a supply chain issue is just a way of fobbing away the problem
As soon as someone decided that in condition X the engine was going to be cut back to position Y that same someone should have asked are there any conditions Z where this may need to be overidden.
Wouldnt a pilot want a lumpy engine that worse case he can use, than no engine at all ?
Just in case thinking
Switch SCE to AUX
https://en.wikipedia.org/wiki/John_Aaron
As soon as someone decided that in condition X the engine was going to be cut back to position Y that same someone should have asked are there any conditions Z where this may need to be overidden.
Wouldnt a pilot want a lumpy engine that worse case he can use, than no engine at all ?
Just in case thinking
Switch SCE to AUX
https://en.wikipedia.org/wiki/John_Aaron
saaby93 said:
Saying its a supply chain issue is just a way of fobbing away the problem
exactlyISO9001 is a classic example of this problem, it's supposed to be a hallmark for quality, the problem is that it's nothing of the sort, it's just a stamp to say you do whatever you have written into your quality manual(s) etc, the fact what you have written could have more holes in it than swiss cheese is irrelevant.
But because every company these days has the ISO9001 logo, we suddenly think it's all good, this is the modern day obsession with bits of paper over everything else.
Trexthedinosaur said:
How many millions, if not billions of potential, 'what if' scenarios could be encountered by a military aircraft?
Yes, but if you start from the top there are eventually only relatively few ways to cause an aircraft to crash. Those are the fault trees that need most focus and control, all the way through the system architecture, through to the supply chain and operation QC. One of those relatively few is "insufficient power to maintain controlled flight".griffdude said:
Saw one of these yesterday over Cheltenham, looks like it was practicing procedural approaches into Staverton.
Makes a funny noise (not the usual turboprop noise anyway) & looks almost as big as a C17.
It'd be embarrassing if it also suffered a failure and fell on the wrong building on approach.Makes a funny noise (not the usual turboprop noise anyway) & looks almost as big as a C17.
Scuffers said:
saaby93 said:
Saying its a supply chain issue is just a way of fobbing away the problem
exactlyISO9001 is a classic example of this problem, it's supposed to be a hallmark for quality, the problem is that it's nothing of the sort, it's just a stamp to say you do whatever you have written into your quality manual(s) etc, the fact what you have written could have more holes in it than swiss cheese is irrelevant.
But because every company these days has the ISO9001 logo, we suddenly think it's all good, this is the modern day obsession with bits of paper over everything else.
Not sure where I said it was a SC problem - I said this task is performed in the SC and it quite become quite difficult to control such a complex problem, but its nice to see you all on your high horses, as I said earlier I bet none of you ever made a mistake.
Actually a lot of the technology on this Aircraft is brand new and has all been specifically designed for this particular model.
WRT to size, it is quite surprising just how large it is inside, unfortunately I missed the live exercise but recently the German Army were here lading up different configurations and it can actually fit two Eurocopter Tigers inside!
As a note; you are jumping to the conclusion the A/C crashed because of the engine failure, from memory one engine was functioning and the A/C should be able to operate in a limited capacity with one engine - I referred to this point earlier on. So it may well be that terminal engine failure of three of four engines was factored in from the design phase and it SHOULD be able to operate at a reduced operational level.
Actually a lot of the technology on this Aircraft is brand new and has all been specifically designed for this particular model.
WRT to size, it is quite surprising just how large it is inside, unfortunately I missed the live exercise but recently the German Army were here lading up different configurations and it can actually fit two Eurocopter Tigers inside!
As a note; you are jumping to the conclusion the A/C crashed because of the engine failure, from memory one engine was functioning and the A/C should be able to operate in a limited capacity with one engine - I referred to this point earlier on. So it may well be that terminal engine failure of three of four engines was factored in from the design phase and it SHOULD be able to operate at a reduced operational level.
Trexthedinosaur said:
Not sure where I said it was a SC problem - I said this task is performed in the SC and it quite become quite difficult to control such a complex problem, but its nice to see you all on your high horses, as I said earlier I bet none of you ever made a mistake.
It's not about making a mistake it's how you accept mistakes will happen and learn to trap them.We may have been there before
Imagine youre set the challenge of designing a large carrying trunk.
You can spend hours in committee trying to decide its colour eventually landing on the least controversial shade of grey.
It'll need some of those large flappy handles either side
and four sturdy feet.
A few months later you come back and presented with a curious elephant
Somewhere along the line all the check boxes had been ticked,
but the obvious things are so obvious no-one wrote them down
Scuffers said:
and therein lies the problem, it's a QC issue as much as a design failure.
reading between the lines of the reports, it looks like the SW loaded was the 'test' version from the engine manufacturer, ie, what was used to 'bench' run the engines pre-delivery to AB.
for whatever reason, this never got properly replaced on delivery or installation and then not picked up by any QC process, startup checks, etc etc.
this is not some single failure, but the result of a whole chain of poor decisions in design though to poor quality control for all involved.
This is an ever increasing problem with projects that get very large and include a lot of different companies/departments/etc. where loss of oversight at the top into the detail below leave holes that although individually are small and relatively innocuous, when they suddenly all line up, turn into something catastrophic.
It would appear to be an all the holes in the cheese lining up moment. ISO9001 doesn't stop a company producing crap, it just makes it well documented crap.reading between the lines of the reports, it looks like the SW loaded was the 'test' version from the engine manufacturer, ie, what was used to 'bench' run the engines pre-delivery to AB.
for whatever reason, this never got properly replaced on delivery or installation and then not picked up by any QC process, startup checks, etc etc.
this is not some single failure, but the result of a whole chain of poor decisions in design though to poor quality control for all involved.
This is an ever increasing problem with projects that get very large and include a lot of different companies/departments/etc. where loss of oversight at the top into the detail below leave holes that although individually are small and relatively innocuous, when they suddenly all line up, turn into something catastrophic.
Trexthedinosaur said:
Not sure where I said it was a SC problem - I said this task is performed in the SC and it quite become quite difficult to control such a complex problem, but its nice to see you all on your high horses, as I said earlier I bet none of you ever made a mistake.
As a note; you are jumping to the conclusion the A/C crashed because of the engine failure, from memory one engine was functioning and the A/C should be able to operate in a limited capacity with one engine - I referred to this point earlier on. So it may well be that terminal engine failure of three of four engines was factored in from the design phase and it SHOULD be able to operate at a reduced operational level.
I don't think anyone jumped to a conclusion that the engine(s) failed. Has that now been suggested as a cause?As a note; you are jumping to the conclusion the A/C crashed because of the engine failure, from memory one engine was functioning and the A/C should be able to operate in a limited capacity with one engine - I referred to this point earlier on. So it may well be that terminal engine failure of three of four engines was factored in from the design phase and it SHOULD be able to operate at a reduced operational level.
The reason people are getting on their high horses is that saying things like
"The system performed as required" and
"level of redundancy, safety systems on board these aircraft are second to none."
is a bit inconsistent with an aircraft which crashed and killed people, and making the comment
"the Aircrafts first flight is designed to identify any errors etc with systems that can then be resolved on the ground pre hand over / transfer of title and finally delivery to customer" implies that the pre-delivery flight is intended to catch problems like this, when clearly that's not the case.
Mave said:
Trexthedinosaur said:
Not sure where I said it was a SC problem - I said this task is performed in the SC and it quite become quite difficult to control such a complex problem, but its nice to see you all on your high horses, as I said earlier I bet none of you ever made a mistake.
As a note; you are jumping to the conclusion the A/C crashed because of the engine failure, from memory one engine was functioning and the A/C should be able to operate in a limited capacity with one engine - I referred to this point earlier on. So it may well be that terminal engine failure of three of four engines was factored in from the design phase and it SHOULD be able to operate at a reduced operational level.
I don't think anyone jumped to a conclusion that the engine(s) failed. Has that now been suggested as a cause?As a note; you are jumping to the conclusion the A/C crashed because of the engine failure, from memory one engine was functioning and the A/C should be able to operate in a limited capacity with one engine - I referred to this point earlier on. So it may well be that terminal engine failure of three of four engines was factored in from the design phase and it SHOULD be able to operate at a reduced operational level.
The reason people are getting on their high horses is that saying things like
"The system performed as required" and
"level of redundancy, safety systems on board these aircraft are second to none."
is a bit inconsistent with an aircraft which crashed and killed people, and making the comment
"the Aircrafts first flight is designed to identify any errors etc with systems that can then be resolved on the ground pre hand over / transfer of title and finally delivery to customer" implies that the pre-delivery flight is intended to catch problems like this, when clearly that's not the case.
eccles said:
The pre delivery flight should be about sorting out little problems, just like you get after any big servicing or build. Finding software flaws should have been picked up during the prototype flight trials, not on a production aircraft.
exactly..in reality, this is not so much a software flaw as a catastrophic design flaw - ie, the one that allows the engines to even start without a basic SW verification/checksum or the like.
Somewhere in the design process, not only did they not design in some kind of self-check in the FADEC, but then decided that locking out the engine at idle was a good idea based on there being 3 others (that could then all do exactly the same!).
It's never one failure that brings a system down, it's always a chain of small ones that suddenly line up.
This one is the result of several design decisions made probably years ago by people you would have hopped would know better.
Gassing Station | Boats, Planes & Trains | Top of Page | What's New | My Stuff