[RomP]

Great narrative, but factually wrong on at least two accounts:

>If the pilots has switched a button to re-enable autopilot, everyone on board would have lived. But they didn’t. One co-pilot made a single, absurd mistake–for twenty full minutes–that brought the plane down.

First factual error: The button they should've switched is not the auto-pilot button (which they operate many times per flight), but the flight mode button (which most pilots never operate in their career). When the plane lost at least two of the three pitot tube readings, it went from the NORMAL "Law" to the ALT "Law", where the airplane doesn't guard itself against many pilot errors. When the pitots de-iced shortly thereafter, the plane did NOT go back to NORMAL "Law": it had to be switched there manually. The pilots did not do that and it seems to be the consensus so far (can't state that for certain before the official report is released) that they did not realize they were flying the plane in ALT and then DIRECT Law.

Second factual error: the "absurd mistake" lasted nowhere near 20 minutes. The first problem appeared at 2:10:03UTC and flying into the ocean occurred at 2:14:28UTC -- 4 minutes 23 seconds in all.

[omegant]

You are right about the 4 min, but there is no such a thing as a flight mode button. Normal, alternate and direct law change automatically depending the number of computers or inputs available. There is a big red ALTERNATE LAW at the HSI, also a big red STALL. The problem is not that they where in alternate law, is that they used the wrong maneuver to recover the plane.

[gcp]

From reading the reports, what you say doesn't make sense. As far as I understand, it's not possible to stall the plane in normal law. They crashed the plane because it was stalled for over 4 minutes. This implies that the plane did not go back to normal law.

Given that the plane was fully functional after the initial glitch (all inputs and all computers OK), this means they had to either force it back to normal law either via a kind of switch (the flight mode button), or pilot it into a configuration where normal law applies (essentially, recover from the stall manually). They obviously failed the latter.

An obvious question resulting from this (also asked in another thread here) is: can the autopilot recover the plane when it already is in alternate law?

[omegant]

It´s true it is not possible to stall the plane in normal mode AND stable air conditions, in fact at high altitudes is possible to lose control of the plane even in normal mode, due to sudden changes in air density or extreme turbulence. This is highly improbable but sometimes happens when changing from one mass of air to another or flying into clear air turbulence.(I know some pilots who have suffered this, flying close to the equator due to captains trying to save fuel climbing above the recommended altitude for that day, or the case of a A320 loosing 4000´ while flying above the Pyrenees due to turbulence and once again trying to save fuel going high).

Once you are at stall there is a protection in alternate mode (if I remember properly) that will pitch down the plane to help getting a recover speed (not like normal law that will prevent you from performing stall and over speed maneuvers), BUT that protection can be overridden (unfortunately in this case) by side stick input. I don´t think you could engage the autopilot in such situation even in normal law(I´ll try at my next simulator). Read my comment below about the maneuver I think they were trying to perform.

[gcp]

Once you are at stall there is a protection in alternate mode (if I remember properly) that will pitch down the plane to help getting a recover speed (not like normal law that will prevent you from performing stall and over speed maneuvers), BUT that protection can be overridden (unfortunately in this case) by side stick input.

So ironically, the correct advice is not to "fly the plane", but "DONT fly the plane" and let it fix itself.

(This is what I would have expected from a reasonably designed automated system, anyway)

I don´t think you could engage the autopilot in such situation even in normal law(I´ll try at my next simulator).

Can you clarify whether going from alternate to normal law requires a specific action, or is it automatic?

[omegant]

Well, yes in this case , but if you have obstacles ahead maybe your best option is keeping the plane close to the stall in order to climb, so you need to fly the plane. That is the reason most of this protections must have an override.

The modes are automatic, if you have all the flight computers and inputs available it will be at normal mode, if you begin loosing computers or inputs (like speed) it no longer has the capability to have that protections active so it downgrades itself, if there is a recovery of some sort (computer reset or working again pitot) it will upgrade the mode to normal by itself. The only action that can be taken is resetting computers or trying to recover a system. In fact when we want to practice alternate or direct law in the simulators, we just disconnect some flight computers. It is not that different flying in alternate or direct law than it is flying normal mode (just a bit more dizzy), unless you try something like pulling the control all the way back for 3 minutes.

Here there is a resume of the airbus flight laws:

http://www.airbusdriver.net/airbus_fltlaws.htm

Pd. mechanical backup, THAT is difficult to fly!. edit: typo

[mseebach]

As it's completely meaningless to have the autopilot operate out of normal law (why would the computer operate the plane outside of the envelope the computer considers safe?), isn't it safe to assume that re-engaging the autopilot would have put the plane back in normal law?

[jodrellblank]

Isn't it also safe to assume:

- Pilots wouldn't be trained with marketing speak so they believe the Aircraft is uncrashable, and ignore 75 repeats of the STALL warning alarm.

- The change of modes between "can't crash" and "can crash" laws normally never happens, so when it does it deserves a huge and explicit attention grabbing ongoing alert of its own.

- The plane would never, ever, detect that it was barely moving forwards, nose pointing up, falling at hundreds of feet per second, and then switch the STALL alarm off.

- The plane designers would make it so one pilot has no clue what the other is doing with the controls, and if both offer conflicting instructions, the plane will not alert them, but just average the instructions.

- The "about to hit the ground" warning would be built to sound early enough that they could use it to avoid hitting the ground.

- The pilots would be trained so that if something goes wrong, seems weird, panic is setting in, they must stop what they are doing and cooperatively restate their assumptions and reassess the situation.

[boucher]

These are excellent points. I was amazed at the behavior of the dual input sticks; in what world would this be a useful feature of the airplane (other than, perhaps, a training scenario?) How is the switch to alternate mode not made painfully obvious to the pilots?

[RomP]

I'm not an Airbus engineer and I'm not privy to their research (undoubtedly many thousands hours involving scenarios we can't even imagine) and the reasoning behind this design. This catastrophe is rooted in human-machine interface and we should wait for the official investigation report, which will come very shortly and will include recommendations to aircraft designers (including UI aspects), training procedures and crew management procedures, to mention just a few.

My layman view is that the first step in principle "fly-navigate-communicate" could be accomplished by placing the aircraft into the "pitch an power" configuration: 5 degrees nose up + TOGA. This didn't happen. But this is my layman view: I'm down here in a comfy chair with a cup of tea, and they were up there, in a thunderstorm with flashing warning lights, frozen pitot tubes and 228 souls behind their back. We shouldn't judge them: we should only learn.

[gus_massa]

The fist error was to flight into the storm, and not avoid it like the other planes. (Perhaps it was due to a misconfiguration of the radar.)

[dcurtis]

Oops, thanks. These are fixed.