[l33tman]

Later in the video at 4:48 approx he demonstrates the nav computer GUI in the cockpit and I cringed when he used the touchscreen and there was a lag of about 2-5 (!) seconds after every interaction. My... god.... I kind of almost heard the mechanical drive seeking and reading and searching the heavily fragmented map data...

[brunooo]

https://en.m.wikipedia.org/wiki/DO-178C is a good starting point to understand certification requirements, and Wind River has a lot of documentation around VxWorks, which is actually quite modern supporting Rust etc.

The issue is that even a slight overlap with other cockpit functions puts you in a much stricter regime, and thus a simple modern map rendering framework doesn’t work, because its components and dependencies have never been sufficiently dissected - you rather have a 5 second lag, terrible as it sounds from a pragmatic safety perspective, than having anything, especially your own position, misplaced only once in a billion map redraws.

The practical solution is that most airlines by now fly with iPads, Jeppesen Flight Deck Pro but even GA stuff like ForeFlight, which is also owned by Boeing, is popular for quick lookups like taxi instructions etc.

[fatnoah]

>Wind River has a lot of documentation around VxWorks, which is actually quite modern supporting Rust etc.

Wow. I remember spending 3 weeks in Alameda CA to get trained and certified on VxWorks for a project...in 1999!

[wolverine876]

The use of iPads always surprises me. What happens if they run out of power? Do they bring a redundant iPad?

BTW, are you a pilot or in the airline industry?

> https://en.m.wikipedia.org/wiki/DO-178C is a good starting point to understand certification requirements

OT: People's faith in Wikipedia seems to be increasing on HN, which is odd for a sophisticated audience in the era of misinformation.

[dekhn]

On a flight once I saw the person next to me was looking at topo maps on an ipad and we started a conversation. They were a pilot for United and said all the training and much of the data is on ipads, if one breaks you just get handed a new preloaded one, and it's not used for anything flight critical.

[brunooo]

Non-airline pilot and generally curious, plus work on viability of new ground up stack for vehicle vs Garmin or Honeywell.

Rules for my own small GA plane flights if it’s in one without glass cockpit are: two fully charged devices with latest data on both (iPad and phone), flight plan on both (ForeFlight syncs automatically), plus two means of charging (larger Anker pack, and dashboard USB or 12V outlet).

[wolverine876]

Thanks. Have you ever had a failure of your devices? Do you know anyone who has?

I could see tablets as being far more efficient and thus effective in a crisis - no searching through thousands of pages, no juggling large volumes, just hold a tablet and search or click a bookmark. I'm just trying to get the full picture.

[brunooo]

Sure: no failures myself yet, although battery is an issue on 4 hour+ flights, and tapping into a layer of redundancy by charging always feels a bit odd.

The iPad is actually mounted on the yoke right in front of you, some people mount it to the side with suction cups against the window, and starting to fiddle with the backup phone is already a distraction if the main hands free one goes down. Issues friends had were heat shutdowns in summer, plus one already cracked screen where the backlight then suddenly failed.

You rarely use the iPad in critical flight stages anyway, it’s more a navigation aid and displaying other traffic, and good practice to (see battery point above) keep the screen switched off for longer to stay proficient in the traditional approaches anyway.

The arguably number one case were an iPad with the fast updating screen is helpful in a crisis is an engine failure or similar emergency where you need to find a place to land fast, and as it knows the airplane you’re flying in, terrain underneath, winds etc it literally draws and uneven (different terrain) circle around your current position and shows you what is probably realistic. Another one is as potential fallback if one of the actual instruments fails, once had a stuck compass for example.

[dekhn]

Yes, and the correct response is: of all the flights that have crashed and killed people in the last 10 years: was the slowness of the UI for flight operations the root cause?

The answer to that is: "almost certainly a very tiny one". Aviation computing, while externally quite boring, is exciting in the sense that tremendous effort is put into making a computing system that ensures a flight makes it from its source to its destination without killing people.

It's amazing how just a few accidents in the 50s, 60s, and 70s led to an unbelievable improvement in safety, consider that the IT systems are really constrained. Makes you wonder what you could do with a modern PC if you really tried.

[laurent92]

A few accidents? There are 20 seasons of Air Crash Investigation, and 20 episodes each. Total 400+ accidents (probably a quarter of which with the DC-10).

There are only 480 submarines in the world, and the 400 episodes exclude General Aviation accidents (non-planned routes) so there are definitely more planes than submarines which dived into water…

[durnygbur]

Youtube interrupted the video with an ad for me exactly at that timestamp, airplanes still need to catch up. So much monetization left on the table. Pilots must be among the most valuable target audience.

[will_asouka]

Where's the commercial benefit though? The cost of certification is huge so upgrades after initial certification don't happen unless the tech has big cost benefit (or safety, which is also cost at second order).

Hence A320 still running on Motorola 68000 of Sega Genesis etc fame.

And 737max having a top panel from the 60s.

[durnygbur]

I was joking obviously but that would the the answer to the marketing manager.

[will_asouka]

Ah you were saying serve ads on the flightdeck displays! Ok that's innovative- I'd recommend featuring big watches, mirrored sunglasses and divorce lawyers.

[plebianRube]

Why not just promote ads based on their conversations like everyone else?

[cmpb]

Mayday, mayd 'THIS FRIDAY ON "AIR FIRE WATER MOUNTAIN RESCUE: ALASKA": "It sort of just fell from the sky!" - TUNE IN THIS FRIDAY AT 7 EASTERN'

[gumby]

Yeah, gotta monetize that cockpit recorder. Wasted fodder for a crew campaign.

You could even insert ads into the recordings to reach the people who listen to the recordings after an accident!

[mrweasel]

I thought you where joking about the Motorola 68000 in the A320, but nope, it’s part of the flight control system.

[p_l]

Honeywell FMS systems use AMD29000 to this day, including in new designs, and Honeywell even bought the licenses to operate as fabless manufacturer for it.

The reason is simple - they need stability of parts supply with minimal recertification costs, and in this case it means that by having an already certified cpu (AMD 29k) and full manufacturing line capability for it, they don't have to face issues with vendor deciding to scrap a line (like another popular design, i860, had to deal with) or having to constantly recertify and update for newer parts.

And quite often the computing requirements didn't really grow

[notyou2]

This screen (Onboard Information System) is run from from a laptop that is behind the seat, that's not directly part of the aircraft systems

[tibbydudeza]

Probably because it is 10 year old older hardware but thoroughly tested.

Using Chrome/JS/CSS on the latest Ryzen might be neat but when you need to transport 300 passengers daily around there is other sort of concerns then taking up 3 folks to the ISS every 6 months.

[jeltz]

That is no excuse. It was possible to create almost instantly responsive UIs more than 20 years ago.

[qayxc]

Since we don't know anything about the internals, it's safe to say the goal was "good enough and certified" vs. "snappy but no guarantees it works correctly 100% of the time".

This is an airplane after all, not a consumer-grade gadget.

[paavohtl]

They might have different standards and I'm not a pilot, but in my opinion having multiple seconds of UI lag in vitally important interfaces is not good enough nor deserves certification.

[xnyan]

The safety record for commercial airlines is extremely good per mile traveled as compared to pretty much any other form of powered transportation. At some level I share your concerns about UI lag, but it would seem not to negatively affect safety of flights in any detectable way.

[p_l]

it's not considered vitally important interface, that's probably even the reason for the lag - higher priority tasks preempting it.

[justsid]

This. The PFD and ND, the displays showing actually important data like the plane attitude, altitude and also another map responds immediately to changes. But the map shown in the video just isn’t safety critical and simply doesn’t matter in the worst case.

[curryst]

Some of that may be due to redundant devices. You're waiting for at least 2 devices to return a reading, and probably a third thing that handles reconciling the results.

The speed of this thing doesn't seem particularly vital either. Everything of interest in a split second scenario is already on-screen; just looking at their speed, it would you a comparatively long time to get off the edge of the map. If you have time to get off the edge of the map, you have time to wait a couple seconds for the page to load. If you don't have time to get off the edge of the map, there's not really a reason to fidget with it.

I agree, it seems annoying, but it doesn't ultimately seem dangerous. I can't think of a situation where you a) need to change the screen, and b) don't have time to wait for the UI to update. And I would much rather have 2 seconds of UI lag to get a known correct response than milli/nano seconds of lag to get a probably correct response. Most of us exist in a world where the response time is more important than absolute correctness.

[teddyc]

Agree. I supported a DOS based touchscreen Point of Sale (POS) with technology from decades ago and it was fast AF. You only got 256 colors and the fonts didn't look that great. But it was a speed demon.

[mastax]

In an emergency situation, an unresponsive and unintuitive GUI may be very dangerous. Especially if pilots forget how to use it because they're using the iPad day to day but right now it's rebooting to install an update.

Like, I get the argument for certification but maybe the requirements should have a minimum level of performance. If that's not possible maybe we should find a different equilibrium.

[p_l]

There are requirements for performance - appropriate to the function.

The electronic flight bag interface is not used in emergencies, one of its main uses is in planning and submitting flight plans before takeoff, and it's generally not used for actively flying the plane.

[7952]

Exactly. In an emergency the last thing the pilot wants to do is navigate a map interface for anything. Better to just select the alternate flight plan that was setup hours ago during flight planning.

[j16sdiz]

That's why pilot are mandated to do simulation tests every few months

[7952]

That assumes that deep navigation of a UI is necessary or desirable in an emergency. I think most of the important stuff is done with the main controls, dedicated switches, and screens/dials that are always on and ready.

[rbanffy]

It was certified as testes, so the lag has been there for the whole 10 years.

[sslayer]

Dependability and reliability override responsiveness

[netr0ute]

Ironic, because responsiveness might inherently make it undependable because if you really needed to know where you are right now, that multiple-second delay isn't going to help.

[p_l]

Aviate, Navigate, Communicate, in this order.

And the map isn't even part of the primary navigation method, plus with multi pilot crew usually you can offload slower, less time critical tasks to copilot.

[demarq]

spacex already disproved this myth

have a look at the last manned mission they did. Glorious touch screen displays with all the bells and whistles.

[benhurmarcel]

SpaceX doesn't certify to FAA/EASA, and also doesn't have to work for 30 years.

[alistairSH]

SpaceX's crewed capsule is 5-10 years newer than the A350.

I imagine SpaceX has a different set of certification requirements (ie Airbus has stronger financial incentives to use existing, approved designs for components).

[mrweasel]

Didn’ someone later confirm that there is in fact physical buttons below the touch screen, because you can’t actually use the touch screen with cloves on anyway.

[crakenzak]

the touch screens work with gloves they confirmed, the physical buttons are for backup.

[benhurmarcel]

As you can see in other videos, it's not usually that terrible. Apparently it's a screen showing the laptop's view (electronic flight bag), so it depends on the laptop and application.

https://www.youtube.com/watch?v=Xyctm0as-Eg&t=118

[jfrunyon]

The lag looks more to me like waiting for network response with the imagery...

[FearlessNebula]

Seriously, for $329 you can get an iPad with Foreflight that’s 100x smoother.

[durnygbur]

Professional Garmin equipment is already orders of magnitude more expensive though.

[FearlessNebula]

Foreflight on an iPad is fully certified

[brunooo]

As a flight bag / printed material replacement.

Try tapping on Belfast Muni airport (KBST in ICAO) in Maine in ForeFlight, and the dataset consolidation will pull Bost airbase (BST in IATA) in Afghanistan. While it’s fairly obvious that you’re not going to Central Asia in your Piper, imagine pulling the 3x longer runway into your FMS and have it compute landing settings or add it as emergency alternate for your A350 into Boston.

It’s still completely different levels of reliability.

[ericpauley]

Wow, just tried this and can confirm it pulls the wrong airport info. Interestingly searching KBST directly does not have this issue.

[alfalfasprout]

Not for instrument flight it's not. You can view charts on it. You cannot use it as your primary instrument (except in an emergency).

That said... in practice it's a FAR better experience than crappy built-in avionics.

[FridayoLeary]

You would imagine the software and hardware should be several levels above what we would expect to get from even premium brands such as Apple M1 etc. Because it's hard to imagine the pilot trying to restart a piece of equipment in an emergency and getting a blank white screen and a "do you want to send an error report" message coming up.

[sailingparrot]

> You would imagine the software and hardware should be several levels above what we would expect to get from even premium brands such as Apple M1 etc

You would actually expect it to be several levels below, but extremely well tested, just like spacecraft hardware/software.