A400m New strategic and tactical airlifter for the RAF

Number three now delivered.

that's like saying playing russian roulette with a 6-shooter and 1 bullet will not kill you 5/6 times....

a "catastrophic design flaw" is one where it's possible for human error to make the plane fall out of the sky.

As has been said before, accidents like this are never the result of a single failure, they usually are the result of a series of poor decisions/design all lining up.

Back to this one, it's a "catastrophic design flaw" that the engines could be started and the plane take off with the FADEC(s) loaded with a non-valid firmware etc.

ie, "catastrophic design flaw" in the lack of verification/false verification.

how hard does this have to be?

Aside this, we then get the SW design that once the engines were cut back to idle, they then locked out in idle, whilst the plane is in the air!

If you map out the logic of all this, it's a disaster waiting to happen, and surprise surprise, that's what happened.

yes, by design - ie, the flight control software clearly does not have enough firmware/software verification checking before engine start.

that's a design issue, one that you're only ever going to spot when something like this happens, it, in itself, did not cause the crash, BUT would have prevented it.

Output of the engine? yes, 8,250 kW (according to Wiki), although how that's at all relevant to this you're going to have to explain?

Personally I like to control what my engine is doing. If I want Flight Idle I'll tell it, you know by retarding the throttle. I don't want some IT dweeb deciding what's best for me - especially when they are safe sitting on the ground!

yes and no..

for the IT dweebs to write software/firmware that allows an engine to be started, taxied, brought up to take-off power all without a 'vital' torque table, and only realise this when the pilots are unable to throttle the engines back, select flight idle, then have the engines lock-out in flight idle is nothing short of catastrophic logic failure in the design.

Put simply, the engines should never have been able to start in the first place.

Having started and got the plane in the air, to then have a condition where they lock into flight idle is also catastrophically stupid, at the very least they should be able to default to a 'working' set of parameters, even if the engine performance is degraded (to keep the engine away from any perceived limits).

using the logic that it's a 4 engined plane so losing one is not a problem is a bit of a stupid philosophy when the same fault can affect all 4.

I simple cannot believe that this situation could have come about, seriously, what the hell were they thinking when they spec'ed all this? did nobody do the 'what if?' scenarios?

There is a happy medium in there somewhere I'm sure!

It got really, really boring doing countless over torque checks on the C130K where the crew couldn't manage between three of them to keep it below 19,600! I'm sure as aircrew you appreciate engine developments that allow slam accelerations/ deceleration a etc, auto throttle that allows more time to concentrate at low level etc, or auto feather when slow & low meaning you don't need the reactions of a cat to prevent the huge drag of a dead donk putting you uncomfortably close or below Vmca, or ending up massively assemetric.

I do agree however that there should be a fast & easy override for situations like Seville.... Airbus seem to like pilots fighting the technology rather than working with them!

Aren't there quite a few cases where the working engine has been shut down by the crew though?

Uncommanded deployment of reverse thrust in the air, particularly of an outboard engine?

How would that happen on a Turboprop?