Later in the video at 4:48 approx he demonstrates the nav computer GUI in the cockpit and I cringed when he used the touchscreen and there was a lag of about 2-5 (!) seconds after every interaction. My... god.... I kind of almost heard the mechanical drive seeking and reading and searching the heavily fragmented map data...
https://en.m.wikipedia.org/wiki/DO-178C is a good starting point to understand certification requirements, and Wind River has a lot of documentation around VxWorks, which is actually quite modern supporting Rust etc.
The issue is that even a slight overlap with other cockpit functions puts you in a much stricter regime, and thus a simple modern map rendering framework doesn’t work, because its components and dependencies have never been sufficiently dissected - you rather have a 5 second lag, terrible as it sounds from a pragmatic safety perspective, than having anything, especially your own position, misplaced only once in a billion map redraws.
The practical solution is that most airlines by now fly with iPads, Jeppesen Flight Deck Pro but even GA stuff like ForeFlight, which is also owned by Boeing, is popular for quick lookups like taxi instructions etc.
On a flight once I saw the person next to me was looking at topo maps on an ipad and we started a conversation. They were a pilot for United and said all the training and much of the data is on ipads, if one breaks you just get handed a new preloaded one, and it's not used for anything flight critical.
Non-airline pilot and generally curious, plus work on viability of new ground up stack for vehicle vs Garmin or Honeywell.
Rules for my own small GA plane flights if it’s in one without glass cockpit are: two fully charged devices with latest data on both (iPad and phone), flight plan on both (ForeFlight syncs automatically), plus two means of charging (larger Anker pack, and dashboard USB or 12V outlet).
Thanks. Have you ever had a failure of your devices? Do you know anyone who has?
I could see tablets as being far more efficient and thus effective in a crisis - no searching through thousands of pages, no juggling large volumes, just hold a tablet and search or click a bookmark. I'm just trying to get the full picture.
Sure: no failures myself yet, although battery is an issue on 4 hour+ flights, and tapping into a layer of redundancy by charging always feels a bit odd.
The iPad is actually mounted on the yoke right in front of you, some people mount it to the side with suction cups against the window, and starting to fiddle with the backup phone is already a distraction if the main hands free one goes down. Issues friends had were heat shutdowns in summer, plus one already cracked screen where the backlight then suddenly failed.
You rarely use the iPad in critical flight stages anyway, it’s more a navigation aid and displaying other traffic, and good practice to (see battery point above) keep the screen switched off for longer to stay proficient in the traditional approaches anyway.
The arguably number one case were an iPad with the fast updating screen is helpful in a crisis is an engine failure or similar emergency where you need to find a place to land fast, and as it knows the airplane you’re flying in, terrain underneath, winds etc it literally draws and uneven (different terrain) circle around your current position and shows you what is probably realistic. Another one is as potential fallback if one of the actual instruments fails, once had a stuck compass for example.
Yes, and the correct response is: of all the flights that have crashed and killed people in the last 10 years: was the slowness of the UI for flight operations the root cause?
The answer to that is: "almost certainly a very tiny one". Aviation computing, while externally quite boring, is exciting in the sense that tremendous effort is put into making a computing system that ensures a flight makes it from its source to its destination without killing people.
It's amazing how just a few accidents in the 50s, 60s, and 70s led to an unbelievable improvement in safety, consider that the IT systems are really constrained. Makes you wonder what you could do with a modern PC if you really tried.
A few accidents? There are 20 seasons of Air Crash Investigation, and 20 episodes each. Total 400+ accidents (probably a quarter of which with the DC-10).
There are only 480 submarines in the world, and the 400 episodes exclude General Aviation accidents (non-planned routes) so there are definitely more planes than submarines which dived into water…
Youtube interrupted the video with an ad for me exactly at that timestamp, airplanes still need to catch up. So much monetization left on the table. Pilots must be among the most valuable target audience.
Where's the commercial benefit though? The cost of certification is huge so upgrades after initial certification don't happen unless the tech has big cost benefit (or safety, which is also cost at second order).
Hence A320 still running on Motorola 68000 of Sega Genesis etc fame.
Ah you were saying serve ads on the flightdeck displays! Ok that's innovative- I'd recommend featuring big watches, mirrored sunglasses and divorce lawyers.
Honeywell FMS systems use AMD29000 to this day, including in new designs, and Honeywell even bought the licenses to operate as fabless manufacturer for it.
The reason is simple - they need stability of parts supply with minimal recertification costs, and in this case it means that by having an already certified cpu (AMD 29k) and full manufacturing line capability for it, they don't have to face issues with vendor deciding to scrap a line (like another popular design, i860, had to deal with) or having to constantly recertify and update for newer parts.
And quite often the computing requirements didn't really grow
Probably because it is 10 year old older hardware but thoroughly tested.
Using Chrome/JS/CSS on the latest Ryzen might be neat but when you need to transport 300 passengers daily around there is other sort of concerns then taking up 3 folks to the ISS every 6 months.
Since we don't know anything about the internals, it's safe to say the goal was "good enough and certified" vs. "snappy but no guarantees it works correctly 100% of the time".
This is an airplane after all, not a consumer-grade gadget.
They might have different standards and I'm not a pilot, but in my opinion having multiple seconds of UI lag in vitally important interfaces is not good enough nor deserves certification.
The safety record for commercial airlines is extremely good per mile traveled as compared to pretty much any other form of powered transportation. At some level I share your concerns about UI lag, but it would seem not to negatively affect safety of flights in any detectable way.
Some of that may be due to redundant devices. You're waiting for at least 2 devices to return a reading, and probably a third thing that handles reconciling the results.
The speed of this thing doesn't seem particularly vital either. Everything of interest in a split second scenario is already on-screen; just looking at their speed, it would you a comparatively long time to get off the edge of the map. If you have time to get off the edge of the map, you have time to wait a couple seconds for the page to load. If you don't have time to get off the edge of the map, there's not really a reason to fidget with it.
I agree, it seems annoying, but it doesn't ultimately seem dangerous. I can't think of a situation where you a) need to change the screen, and b) don't have time to wait for the UI to update. And I would much rather have 2 seconds of UI lag to get a known correct response than milli/nano seconds of lag to get a probably correct response. Most of us exist in a world where the response time is more important than absolute correctness.
Agree. I supported a DOS based touchscreen Point of Sale (POS) with technology from decades ago and it was fast AF. You only got 256 colors and the fonts didn't look that great. But it was a speed demon.
In an emergency situation, an unresponsive and unintuitive GUI may be very dangerous. Especially if pilots forget how to use it because they're using the iPad day to day but right now it's rebooting to install an update.
Like, I get the argument for certification but maybe the requirements should have a minimum level of performance. If that's not possible maybe we should find a different equilibrium.
There are requirements for performance - appropriate to the function.
The electronic flight bag interface is not used in emergencies, one of its main uses is in planning and submitting flight plans before takeoff, and it's generally not used for actively flying the plane.
Exactly. In an emergency the last thing the pilot wants to do is navigate a map interface for anything. Better to just select the alternate flight plan that was setup hours ago during flight planning.
That assumes that deep navigation of a UI is necessary or desirable in an emergency. I think most of the important stuff is done with the main controls, dedicated switches, and screens/dials that are always on and ready.
Ironic, because responsiveness might inherently make it undependable because if you really needed to know where you are right now, that multiple-second delay isn't going to help.
And the map isn't even part of the primary navigation method, plus with multi pilot crew usually you can offload slower, less time critical tasks to copilot.
SpaceX's crewed capsule is 5-10 years newer than the A350.
I imagine SpaceX has a different set of certification requirements (ie Airbus has stronger financial incentives to use existing, approved designs for components).
Didn’ someone later confirm that there is in fact physical buttons below the touch screen, because you can’t actually use the touch screen with cloves on anyway.
As you can see in other videos, it's not usually that terrible. Apparently it's a screen showing the laptop's view (electronic flight bag), so it depends on the laptop and application.
Try tapping on Belfast Muni airport (KBST in ICAO) in Maine in ForeFlight, and the dataset consolidation will pull Bost airbase (BST in IATA) in Afghanistan. While it’s fairly obvious that you’re not going to Central Asia in your Piper, imagine pulling the 3x longer runway into your FMS and have it compute landing settings or add it as emergency alternate for your A350 into Boston.
It’s still completely different levels of reliability.
You would imagine the software and hardware should be several levels above what we would expect to get from even premium brands such as Apple M1 etc. Because it's hard to imagine the pilot trying to restart a piece of equipment in an emergency and getting a blank white screen and a "do you want to send an error report" message coming up.
Even assuming quadruple redundancy, seven nines uptime and resilience to extreme conditions and cosmic rays, this looks way way bigger than it should be.
One explanation could be that the certification process for anything aviation related is so expensive and slow that we're actually looking at tech from 15+ years ago.
If you mean physically bigger than it is certainly true that avionics, like automative, uses larger components with higher ratings and avoids a lot of high pitch integrated circuits. This makes things easier test and likely to be more reliable. It also means you might have a single euro-card just to handle the input from a single airplane sensor even though in the non safety-critical world, we would easily mux them onto a single interface.
Like in medical gear, avionics also has a lot of redundancy and "useless" circuitry to allow for assurances. I've opened some hardware designed for unsafe environments that was absolutely packed with fuses, for seemingly no purpose other than to assert that limits were being followed in the design. I don't imagine avionics is any different, but I've only seen the inside of 60s-70s aircraft gear.
Seven 9s for system failure would be horrific. There are ~30-40 million flights worldwide yearly [1], so that would result in 3-4 system failures of life-critical avionics yearly. As far as I am aware, malfunctioning software has not been implicated in any commercial airline fatality in nearly 30 years since the modern standards were adopted, and correctly functioning, though unsafe, software has only been implicated in the 737-MAX crashes. By that standard we have reasonable empirical evidence to conclude that the prevailing rate of system failure is at least 100x better at nine 9s.
Big replaceable components that can be serviced easily without special tools so long as no board-level fixes are necessary - and enough customization done at low enough numbers you don't build single board stuff for it, you build bigger reusable modules connected by common buses.
I work in telecommunications, back in the 90's fibre optic transport for plain old telephone service. Think back to how reliable your phone was before VOIP.
Then we hired a guy from an Aerospace company and he thought we were a bunch of reckless cowboys who didn't care a thing about quality.
The first time we had a VOIP system going into a new building in the mid 2000's I went into one of the closets and just disconnected one of the pairs of a fiber pair.
The IP redundancy didn't work :p I forget what the excuse was; my position is stuff happens and when I break random connections in redundant PBX systems they still work. Ugh.
I worked on the software for one of these A350 server blades nearly a decade ago, and I held the same belief at the time. There's some adage that system complexity grows to fill the organizational bureaucracy overseeing it, and that is my best explanation for the bloat. My employer (a contractor of Airbus) had offices in France, India, and the United States. Naturally, each office had to be in charge of their own separate blade(s), even if it was probably not optimal in terms of the overall system design to partition it that way.
Could be wrong but I think there's a lot of equipment for things like radios, radar, sensors, etc. that makes it look like there are more servers than there actually are.
Not surprising. You need a lot of server power to run X-Plane 11 with top notch graphics. Still, kudos to this guy ~ very impressive home-built cockpit simulator for X-Plane 11! /s
No, it really sounds like a server room down there. You don't hear much of the APU, which is at the very back of the aircraft, ~60m away, with the exhaust pointed away.
I’m almost certain it’s the APU. Notice how the sound and volume hardly change when he opens the door from the server room into the cargo area. 60m away isn’t all that far for a big turbine engine. Those things are deafening at idle speed.
In related news (same aicraft type involved), Airbus is working with their existing A350 customer Cathay Pacific to explore single pilot operations while in high altitude cruise.
Wonderful. A number of airlines have a two person in the cockpit rule so one of the pilots can’t deliberately crash the plane because they are suicidal. Which has happened a non-trivial amount of times.
I always worry around this type of mess-of-wires setups, especially if it's in cramped space where an errant elbow can dislodge something. Shouldn't there be covers on these things?
First of all this place isn't meant to be occupied by people on a regular basis. Other than for safety inspections, maintenance and repairs, no one is supposed to be in there, especially not during flight.
Secondly, covers would introduce a lot of problems: additional weight, additional points of failure (e.g. damaging wires if broken/loose somehow), the need to be fireproof and not emitting toxic smoke if getting hot, accessibility issues (covers need to be fixed and removeable), longer inspection times (need to remove covers before inspecting cables), etc.
In this particular environment, covers are unnecessary and introduce more problems than they solve; as mentioned above, no one is supposed to be in there during regular operation.
Third: If something gets disconnected than the computer knows about it, and reports it.
Forth: It's probably not that easy to dislodge anything because in flight it has to survive more than an elbow.
Fifth: there are covers on the devices and cabels where they think it's necessary because of human movement, you can see it in the video here: https://youtu.be/241-5DZyons?t=152
I always wondered: what would it take me to fly in the cockpit? I'm not a pilot, but I'm willing to be subjected to any amount of security/background check that'll let me witness the machine in action, end-to-end.
I spent a good chunk of my early 20s commuting across the Atlantic. Before 9/11, all you had to do was ask a flight attendant and they'd go check with the pilots and bring you up a short while later. I used to do it most flights overnight from New York, it broke up the journey which was otherwise pretty miserable in coach. I remember the pilots being delighted to have me up there, really for them it's as boring as it is for us in the back I was someone new to talk to for a bit. I remember one time some Virgin Atlantic pilots were more excited about my colorful socks than I was about their new glass cockpit 747-400.
I was never turned down and always felt very welcome. At most I had to wait a bit until some turbulence passed.
It's sad that has gone and won't ever come back. I have kids now and they'd get a _huge_ kick out of an experience like that.
EDIT: you can however still pay for some hours in an airline training simulator. It's astonishingly close to the real thing and might scratch that itch for you. Some airlines offer it, other training companies do.
I only flew once before 9/11, I think I was already 12 or 13, and I don't think my mother even asked for me to go check out the cockpit – the crew asked if I wanted to see it before she had the chance. It was pretty neat.
These days, the scenes in Airplane! where passengers walk in and out of the cockpit are almost part of the joke.
Applies to the US (and maybe other countries, I don’t know) but I can’t overemphasize how much flight capacity the us military has.
We got incredible access to military jets in USAF ROTC (Air Force officer training in college) even before we got our commissions or had a security clearance. To get on base and the airfield there was a mild background check, but we were essentially civilians in fatigues that had been vouched for by our detachment’s Lt Col. Getting to literally run around the empty deck of a KC135 then pop into the cockpit and (under extremely careful supervision) operate some of the plane’s controls was a surreal experience. I didn’t make pilot and so did’t ever have the chance to fly in the training slot of the two-seater F15 (my dream), but I did get the opportunity to at least put my hands on the controls of several other USAF planes in-fight including a few jets.
You don’t have to be in ROTC. Getting a ride-along in a military jet as a civilian is not as easy as showing up and asking for a rode, but also not impossible. The military has the cash to put up planes for non commercial reasons and they consider these publicity flights a powerful public relations tool.
Every Air Force base has a PR department that is always looking for positive stories. If you can come up with something that would lead to positive PR for the Air Force, they will totally let you ride along on a training run. I met a guy on a C-130 who was doing a ride along because his IT firm had a program where Air Force vets got some special consideration when they applied.
It’ll never happen on an airliner. Even most private jet charters no longer allow pax up front after a business jet crashed in Colorado. Turned out the customer was running late and rushed the pilots in poor weather conditions.
If you want to see the cockpit, I’ve gotten permission to enter twice while the pilots were on the ground waiting for passengers to board. Beyond that you can also take an intro flight lesson at your local school.
You need to work for an airline and have an airside pass. Generally only other pilots (on or off duty) or cabin crew (on duty) are allowed onto the flight deck. They generally don't want strangers on the flight deck because of security and they would not be trained in the emergency procedures.
Even people flying jump are usually outside the flightdeck sitting in the uncomfortable seats in the galley.
In the 70s if you were under 10 and crossing the Atlantic, the co-pilot would proactively invite you to the cockpit, show you everything, then give you a model toy plane and a lapel pin.
You need very good contacts inside an airline. Personal contacts with captain and the like. Sometimes you still can get jump seat flights (a rather uncomfortable seat used for ferrying extra crew) in the cockpit.
Pre-2001, it wasn't unusual for children to be shown into the cockpit during the flight. (Although, prices were higher back then, so it was less common for children to fly anyway.)
I saw the cockpit of an American Airlines plane when I was about 11 years old, and disappointed the captain when I was confused by his American humour.
It's still allowed, the passenger gets a temporary airline ID to wear around their neck so passengers don't get confused. And typically you close the forward galley curtain before opening the door, same as for crew entering and leaving the cockpit for in flight rest etc.
Edit: I'm in Europe, not sure how American airlines handle it.
Not in flight, but you can ask to come in after. Depending on airline you get to seat the captain chair (Air NZ pilot suggested themselves, Air India pilot had a mortified face when I asked).
But yeah you won’t get a real experience… i always wondered why they don’t put front windows in double decker first class cabin.
Damn, having that sort of view like at timestamp 3:52 [1] from your workplace makes me jealous...
Here's another jealousy-enducing video of pilots looking outside (from 4:23 onwards)[2], it says "Middle East" but they were flying over the East of China and the Aral sea...
The avionics bay is for maintenance, pilots don't get to touch any of it ever.
And pilot training covers the systems not in a physical sense but in a logical "power is supplied to this system via the secondary avionics bus which is fed via this breaker from the generator on the left engine or via another breaker from the main avionics bus" so you can debug and understand what it means when some bus fails or you loose a generator. But we really don't know where the actual wire is or even whether the schematic we learn about different buses is really wired that way or only behaves that way.
Just seems weird to brit have had just a basic tour of every part of the plane so if smoke starts pouring out of the hatch they know what it looks like down there.
It is part of type rating training to learn on paper (well, usually ipad/computer based training) what is where on the aircraft. But that doesn't mean pilots ever really go there in the real plane.
sure there’s no reason To go in normal cases, but I’d think a pilot should know every inch of the plane. I’d expect a captain of a ship to have been in the galley for example even if they normally don’t need to go.
He might mean that what happens if you trespass won't be shown! There might be a gas release system that would neutralise an attacker or perhaps just open the door to the hold so they freeze!
I doubt there’s actually a defense system. The only way inside from within the plane is from the cockpit and if there’s an intruder in the cockpit they can already do more damage without needing to go below.
There's a door from the cargo area into the server/electronics area. Not sure if there's a handle on the cargo-side, but the pilot uses the door in the video (opened it from electronics side). It appeared this cargo area is pressurized (door into electronics area didn't appear pressurized, nor did the hatch into the cockpit).
Replaceable, modular designs, space for modifications, etc.
Also some sensors are pretty big (laser gyroscopes, for example which are part of ADIRU - air & intertial reference system.
Then you have the central computer clusters which might be separated physically (several computers running in a setup somewhat similar to statically assigned kubernetes) which run all kinds of software from lights management through navigation to brake control.
You also have a bunch of non-computer parts like power distribution units and such, which in a DC might be hidden elsewhere and you wouldn't notice it if you just looked at typical colocation cage.
Well, which explanation would you prefer then? JES3, which is the closest extant example of such tech?
I'm comparing it to statically assigned k8s not because it's manually assigned applications, but because it's a cluster system where the equivalent of k8s scheduler was run offline to resolve various performance and deadline constraints, both between specific application threads on the cluster, and between devices on the AFDX (modified ethernet) network that are managed from said cluster.
Comparing ARINC-653 partitions to k8s pods and the overall setup of typical IMA cluster with k8s makes for simplest way, IMO, to describe the setup to people who have some experience with servers and cloud, but none with aviation embedded :)
>because it's a cluster system where the equivalent of k8s scheduler was run offline to resolve various performance and deadline constraints, both between specific application threads on the cluster, and between devices on the AFDX (modified ethernet) network that are managed from said cluster.
Oh, I genuinely didn't know that! I assumed you were just talking about something that had been manually hand-optimized by syadmins/developers, like a traditional Unix server room.
Can you share any more information about these static cluster schedulers? It indeed makes perfect conceptual sense to me with your explanation, I just had never heard of this being actually used!
The degree of automation varies - I'm not in avionics industry so I can't give exact data. However if you read through things like AFDX standard (what's published of it) and ARINC-653 and the like, there's enough to get the gist of it.
For example, AFDX ensures no congestion by statically assigned timeslots, effectively using Ethernet in a sort-of TDMA setup, coupled by special switches that effectively implement virtual circuits based on, again precomputed, mapping loaded into them (at least the standard implies there's no MAC-learning supposed to happen). This allows you to develop and do basic test with any random Ethernet switch before needing a proper AFDX one for more thorough testing, as the application-level protocol is essentially UDP over IP. However you need to consider a whole AFDX network segment when assigning the timeslots and virtual channels, and that's where tools come in :)
I think it’s because anyway there is space under the cockpit and that’s structural. So there is no reason nor incentives to make those machines smaller while sacrificing fixability.
It’s either that or seats or kerosene. There is not enough room for seats, and it’s not an acceptable place to store kerosene (too dangerous in case of crash and can cause stability issues as the volume of kerosene decreases while flying).
Why is the hatch hinged in the most awkward way possible? If the hinges were on any other side, it would be so much more accessible, there must be a reason for this?
Pretty much all of it is necessary for flight in the era of integrated modular avionics, even the brakes are partially implemented in that room.
Entertainment might have main content distribution server there, as well as gateway between flight systems and entertainment (how you get current flight info and stuff like plane cameras)
I'm truly mindblown because of such a waste of luggage space, of general space, and of electronics. In recent years airlines have started to charge even for the small handbag fitted under the seat, while packing even more obsolete eletronics into it. I guess the lobbying of copyright, media, and entertainment industries simply prevails everything including reason and safety.
Are there really airlines that have both seatback screens and also charge for a small bag that can go under the seat? At least among US airlines, those two things are generally mutually exclusive.
That's rather my collective experience. Cannot tell if a certain airline is simultanously having headrest entertainment system and charges extra for the little luggage. I'm certain though that easyjet and ryanair tightened spaces between the rows and were putting printed ads on the headrests, 40-50cm in front of almost every passenger's eyeballs.
It's never been proven (as far as I'm aware) that the guy was actually able to send commands to a real plane. It's no surprise that he was able to read data, because the seatback screens have to get the flight data they display from somewhere. But actually sending commands that will reach real systems is a pretty big leap.
Throwaway account to remain anonymous because these aren't nice words.
I worked with Chris Roberts for a period of time. Making things up to scare companies into dumping cash on him is kind of his 'thing'. I never once actually saw him perform any real exploits or produce anything of value except scary/funny looking powerpoints and lots of trash talk. In this case he just stepped a little bit too far with his made up scenario & nothing ever came of it.
You say that, but I'm always astounded when they talk about cyberterrorists being able to get into the power networks and similar bits of national infrastructure which really shouldn't be connected to the public Internet at all.
I don't know a ton about a modern airliner but my guess would be that the door between the server compartment and the cargo bay can't simply be opened from the cargo bay, as it would be way too easy for anyone to enter the cockpit.
Luggage is rolled in with containers and then locked in place (to prevent them rolling around), that's what the rails at the bottom are there for. You would not be able to get out again.
At that point, if they can get in there (or anywhere near the door), they may as well leave a bomb or equivalent explosive/incendiary device (a big enough lithium battery should do the trick). Actually accessing the equipment room isn't really necessary.