[ipython]

The difference is that the mh370 pilot deliberately took actions to avoid tracking. At some point if you can’t trust the captain of your vessel, that person can disrupt or disable most any system put in place.

If the captain of the titanic intended on sinking the ship without a trace, he most certainly would have succeeded as well.

A more apt comparison would be AF447, which took a few days before the wreckage was found. https://en.m.wikipedia.org/wiki/Air_France_Flight_447

[ozr]

Physical access can generally circumvent any security precautions, but it seems like there are some fairly simple schemes that would work well to prevent a disturbed captain.

E.g.: disabling the tracking system could require accessing a section of the plane inaccessible while it's in flight. Combine that with a hardware interlock system that would prevent the plane from taking off when it's disabled, and that should be sufficient in the vast majority of cases to prevent 'lost' planes.

Is there ever a valid reason to disable the recorder/tracking systems in flight?

[SoftTalker]

Captain needs to be able to pull a circuit breaker for virtually anything, in case of electrical fault, fire, misbehavior, needing to hard-reset some bit of avionics, etc.

Commercial passenger aircraft have redundant systems and you can disable almost anything as needed and still fly (up to a point of course) in case of emergency.

[ozr]

I can understand needing to have that option for most things, but a blackbox flight recorder ought to, by it's basic design, be read-only and have little to no dependencies with the rest of the aircraft. E.g.: a failed APU should not disable the blackbox, since you want to be able to record that the APU failed.

[samtho]

First off, there are two recorders: the cockpit voice recorder and the flight data recorded.

The voice recorder needs power which is provide by the aircraft and is a rolling 2-hour recording. If there is an incident, the captain will pull the breaker to this system to prevent the recording from being overwritten after on the ground, or, in the worst case, aircraft destruction will cause the severance of power to the device for a similar effect.

The flight data recorder a very dependent on all the systems of the aircraft, it listens on all electrical buses, senses the position of controls, and records datapoints at a defined rate for a rolling two hours of flight time. It has a small battery system to capture what it can, but if you lose engine generation and your APU, you either gliding to a crash landing in the best case or you are just hosed and it will be literally seconds before you’ve reached the ground.

Both of these things are not read only, they continually rewrite their memory because it’s usually the last bit of flight data that matters. There are pushes to make a system that can allow for 18-20 hours of flight data, but everything moves slowly in avionics.

[GeorgeTirebiter]

This seems nuts to me. You want ALL the data transmitted off the vehicle to ground stations, once a second or something like that. Sure, keep on-vehicle for backup, but only for backup. You get a continuous data stream to the ground for every plane. I mean, how much data are we talking about here? A few 10s of kb/sec for voice, maybe the same for compressed sensor data? Here we are in 2023 and we can't get a 50 kb/s stream from each airplane to the ground? Really?

[adgjlsfhk1]

part of the problem is that it has to go to satellites since the Pacific exists. the other thing is that they aren't made to survive adversarial attacks by pilots. if the pilot wants to bring a plane down, they will, and a better blackbox won't tell you anything other than that you shouldn't have let them in the cockpit.

[samtho]

The advantage of a local storage is a ruggedized recorder will not need to maintain any sort of wireless com link, as it’s stored on the physical unit. If you introduce any number of factors such as in-air separation of the aircraft, trauma to any sort of connection, or just random stuff that will occur during a crash, the antenna (which will need to be mounted outside the aircraft) is very likely break or become disconnected.

[ozr]

To be clear, I meant read-only in the sense that a fault in in either recorder should not be capable of interfering with the rest of the plane.

[HWR_14]

Something physically attached (especially to the electrical system) can always theoretically interfere with the rest of the plane. If there is a fire, is the pilot just supposed to shrug as the plane goes up because he cannot interfere with the black box?

[SoftTalker]

Yeah I'm sort of speculating and agree for the most part but obviously the data recorder is communicating with every other system on the aircraft for which it records data. If the data recorder had some kind of fault that was creating interference with these systems, maybe there's a scenario where you have to be able to shut it down.

If I'm thousands of feet above the ground and the system keeping me in the air has some kind of fault, when I say "Hal, shut down that faulty system" I don't wan't the answer to be "I'm sorry Dave, I cannot do that."

[refurb]

Electrical wiring fault starts a fire. Not sure we don’t want a pilot to be able to pull circuit breakers for everything on board.

[antonjs]

You could always have some breakers that could only be pulled by the chief flight attendant, or at least signal to someone in the cabin they were being pulled.

[samtho]

> You could always have some breakers that could only be pulled by the chief flight attendant

This would be a very bad idea.

Deadly aircraft incidents, while exceedingly rare given the number of flight hours that happen every day, often happen within seconds. If there is something that is causing an issue that requires communication to someone (who is likely doing something else) outside of the cockpit, you may not get to it in time. Safety of the passengers and crew is the number one priority, and the captain should not have anything forbidden from his or her usage.

[bornfreddy]

Captain should be able to disable the transmission, but if that happens, satellites should be trained on the piece of the sky where plane was last seen, ground control should be alerted and tracking from the satellites performed. Clouds could be a problem, but planes are probably visible on SAR?

[logifail]

> Physical access can generally circumvent any security precautions, but it seems like there are some fairly simple schemes that would work well to prevent a disturbed captain

I can't be the only one thinking that in the situation where we postulate losing trust in the captain, whether tracking is switched on or not is a relatively minor issue, compared with - say - the captain deliberately flying the aircraft into a mountainside.

[ozr]

You're definitely not wrong. Most civil aviation authorities I'm aware of have some profound issues with their policies around pilots and mental health issues. Fixing that is more likely to prevent the issue in the first place. That's closer to the root cause and something that shouldn't be ignored.

But parallel to that (and unfortunately-but-most-likely in lieu of): we simply shouldn't be losing large aircraft and having no idea what happened.

[bombcar]

The biggest issue with all policies is the same with red flag laws - and even attempted mention of potentially having an issue grounds you and you lose your job; this makes the issue that much worse.

[ipython]

Yes. This is dangerous because pilots are afraid to disclose depression, anxiety and other mental health conditions for fear of losing their livelihood. For example, the FAA automatically considers an ADHD diagnosis disqualifying for airline pilots: https://pilot-protection-services.aopa.org/news/2018/februar....

This results in a “don’t ask don’t tell” situation which can be even worse.

[logifail]

> we simply shouldn't be losing large aircraft and having no idea what happened

Maybe it doesn't nearly happen often enough to make this any kind of a priority?

[ozr]

Why pay for the recorder at all then?

Sub-total loss is presumably much more common and it’s useful there, but the adjustments to prevent it being disabled/make it more durable would be helpful there, too.

[sokoloff]

From the article: All of the preparation is, inarguably, effective: Never has a recovered black box been so badly damaged that it yields no usable data.

That seems to me like they might be at a sufficient level of durability already.

[Tabular-Iceberg]

Presumably because the incidence of pilot murder-suicide falls below the threshold and genuine accidents fall above it.

What’s the ratio like, 1:10000?

[bombcar]

Which has occurred - perhaps if we actually want to try to control for “insane pilots” there has to be some way for someone on or off the plane to force it into autopilot with cat 5 autoland at the nearest airstrip.

[ipython]

… which then extends the critical flight controls security surface area to entities on the ground that have no vested interest in my safety? No thank you, I’ll take my chances with the flight crew which in 99.99999% of cases are also interested in arriving home safely.

[sokoloff]

There are at least 7 commercial passenger flight suicides in history (plus the four on 9/11, though that's arguably a closed vector now, and some others on non-revenue flights). There are around 100K pilots working today in commercial aviation [not all Part 121 (airline)], so perhaps 500K, and surely less than 700K, total over the course of time. If we posit a successful suicidal action rate of 7 in 700K, that's only "five nines" over the course of their shortened career or 99.999%, but could become seven or even eight nines on a per-flight basis.

I'm 100% with you on the desire to not have ground-link control (and, for me, to keep two crew in Part 121 operations); I just figured I'd estimate the math.

[ipython]

I had a feeling someone would try and do this calculation. :) I would calculate it instead based on the number of flights rather than the number of airmen. It doesn’t make any sense if the units for the numerator are “number of successful suicide flights” and the demoninator is “number of airmen”.

I would not count the four flights in 2001, personally. Those are not suicide by flight personnel.

If you look at an average of say 25m flights per year since the year 2000, then you would have about 550mm flights. Even if you include the 4 tragic flights of 9/11 in the numerator, my 7 nines are very conservative.

[WalterBright]

The flight crew always arrives at the scene of the accident first.

I've read that pilots sometimes remark that their focus is on saving their own asses, and if they do that, the passengers will be fine.

[kashunstva]

> force it into autopilot with cat 5 autoland at the nearest airstrip.

I think CAT III C ILS have the lowest (theoretical) minimums at 0/0, although I don’t think that designation is actually used; so let’s just say CAT III in general has the lowest minimums.

[bombcar]

You're right, I should have said CAT 5e (where they run a ethernet cable to the plane).

[ipython]

One could say that about all sorts of capabilities in an aircraft that, in normal operation, seems insane. Is there ever a valid reason to fly a cargo plane inverted? See https://en.m.wikipedia.org/wiki/Federal_Express_Flight_705 for the answer.

[WalterBright]

Airliners are simply not designed to fly inverted. In Tex Johnson's famous barrel roll of a 707, he kept positive g on the airframe at all times.

One problem with flying inverted is the bottom of the airplane tends to accumulate junk - nuts, bolts, dropped tools, lunch boxes, dead mice, etc. Turning the airplane over means all that junk falls into the machinery, potentially jamming it.

[ipython]

Right- in the FedEx case it was a last ditch effort to literally knock the suicidal flight crew member off his balance and regain control of the aircraft. If you have a 'nanny' computer telling you that you're unable to do that, those crewmembers may have ended up dead instead.

Point being, in an unforeseen emergency, allowing crews to override the normal safety mechanisms may in fact save lives.

[askvictor]

I guess the question is what's the likelihood of such a situation, vs the likelihood of the situation where a 'nanny' computer prevents the crew doing something dangerous?

[ithinkso]

And then we have 'nanny' computers of 737 MAX that caused crashes (more than one) against the pilots actions to save it

[WalterBright]

The crews can do whatever they need to do to save the airplane.

[HWR_14]

Do we care about preventing a disturbed captain from preventing recording? They can already crash the plane and kill everyone on board. I don't really care about their record keeping in that instance.

[sidlls]

It's necessary to rule out mechanical and other system failures, i.e., to provide evidence that it was a disturbed pilot and not some other cause. Aviation incident investigations are quite thorough--orders of magnitude more rigorous than in the software industry in general.

[pas]

it seems much more important to have a clean and unambiguous record than to start the usual finger pointing

[hungryforcodes]

> The difference is that the mh370 pilot deliberately took actions to avoid tracking.

I'm sorry, when did we decide this? As far as I can tell this is just one of a number of different theories on MH370s disappearance.

[ipython]

It’s obvious that we cannot know for sure since we have not found the wreckage, but no other theory I’m aware of can fit the facts as we know them.

[hungryforcodes]

It's because he's Muslim huh?

I mean there are lots of theories.

https://www.salon.com/2023/03/10/mh370-malaysia-plane-disapp...

My favorite is still the one about the fire caused by the windshield electrical heater. There is precedence on other Boeing 777s for this to have played out. It was a known problem.

If it really was a suicide drop into the ocean...why wait 8 hours...just...do it...

[ipython]

Wow. That escalated quickly. It has nothing to do with the fact he was Muslim and everything to do with the fact that there were no attempts to contact other planes or atc for help. I do not appreciate your false assertion and encourage you to retract your statement.

I am not an expert in the 777 electrical systems but the two minute delta between the last radio transmission - where there were no audial warnings and the pilots were calm - and the transponder ceasing to transmit seems unreasonable for a catastrophic event to take out these systems.

[hungryforcodes]

> The difference is that the mh370 pilot deliberately took actions to avoid tracking.

I'll bother to defend myself here -- we don't know what happened. It could have been hijacked, it could have been a CIA operation, it could have been many different things. That you conclude it was the captain doing a suicide run does smell of something strange, considering the plane was in the air for 8 hours before disappearing from satellite contact.

That's all I will say on this. Downvote me as much as you want.

[tredre3]

> It's because he's Muslim huh?

The backhanded racism would have went: muslim + pilot = crash in building, not disappear in ocean. So clearly you're just trying to have a hot take here.

> If it really was a suicide drop into the ocean...why wait 8 hours...just...do it...

Even though someone might conclude that death is the preferable outcome for their situation, it doesn't mean that they won't experience an insane amount of anxiety and spend a long time reconsidering or even trying to talk themselves out of it just before pulling the trigger so to speak. They're humans until the end, with human reactions, you know?

[hungryforcodes]

OK, but this is just theorizing -- you don't really know. It's a very good question that doesn't have an answer really.

[ipython]

There are several examples of “ghost planes” where the flight crew is unconscious due to the cabin depressurizing. The flight then continues on autopilot until the fuel is exhausted. By the way, one of the initial side effects of hypoxia is euphoria. You can find examples on YouTube and there is a great video by 74gear demonstrating this - see https://youtu.be/nz5d4Q_ykFc.

Depressurizing the cabin to incapacitate the other crew is definitely a possibility and I think the leading theory for what happened. Like you say there is no proof either way - so we may never know with 100% certainty.

[Jyaif]

> A more apt comparison would be AF447, which took a few days before the wreckage was found

it took more than a year to find the wreckage of AF447 and the black box (as per both TFA and your wikipedia link)

[ipython]

Thank you. I can’t edit my post now to correct myself unfortunately.

[mariuolo]

> A more apt comparison would be AF447, which took a few days before the wreckage was found.

Days? I thought it was found after two years.

[tristanb]

We absolutely do not know the captain did anything malicious , and he could have been a hero. So let’s not make statements like that.