[cdot2]

"Chesley "Sully" Sullenberger, Captain of US Airways Flight 1549 that ditched in the Hudson River on January 15, 2009, said in a Google talk that the landing could have been less violent had the anti-phugoid software installed on the Airbus A320-214 not prevented him from manually getting maximum lift during the four seconds before water impact."

That's pretty interesting. Should pilots be able to disable all control-limiting software manually?

[avianlyric]

It’s a fundamental difference between how Airbus and Boeing approach flight controls. Airbus take the view that pilots should never be able to command an action the aircraft thinks is dangerous. Where as Boeing believe that pilots have ultimate authority to command the aircraft to do anything, regardless of if aircraft thinks it’s dangerous (obviously the aircraft provides warning etc, but they can ultimately be overridden and ignored).

In a little more detail, Airbus systems take pilot inputs, interprets what the pilot wants to achieve, then commands control surfaces to produce that outcome. Applying limits etc to ensure that flight limits aren’t exceeded. The end result is that pilot inputs are somewhat loosely correlated to control surface outputs, compared to traditional fully mechanical system.

Boeing on the other hand tries to as tightly a possible map pilot inputs to control surface outputs, mimicking a pure mechanical system (despite being fly-by-wire, like Airbus). But provides force feedback to the pilot via input controls to indicate, but not completely prevent, that the pilot is approaching or about to exceed flight control limits.

https://en.m.wikipedia.org/wiki/Flight_control_modes

[mannykannot]

> Boeing on the other hand tries to as tightly a possible map pilot inputs to control surface outputs, mimicking a pure mechanical system (despite being fly-by-wire, like Airbus). But provides force feedback to the pilot via input controls to indicate, but not completely prevent, that the pilot is approaching or about to exceed flight control limits.

Regardless of whether that was ever true, it was no longer so once we had Boeing using an aggressive MCAS to get the 737 MAXes certified.

This alleged dichotomy between manufacturers was addressed in a comment to an Aviation Stack Exchange question [1]: "Airbus philosophy is not that if computers cannot save the aircraft, pilots cannot either. That is nonsense, and internet fodder. Control laws can be changed/downgraded even w/out pulling circuit breakers, though procedure is indeed complicated and involves pushing two buttons. Airbus recommends using appropriate amount of automation and taking control when things don’t go as expected" [Radu094] (unfortunately, the subsequent discussion is no longer available, at least on this site.)

There was a concern that pilots had not been made aware, through their training, that the system might constrain their actions in this situation, leading to the NTSB issuing this recommenation:

Require Airbus operators to expand the angle-of-attack-protection envelope limitations ground-school training to inform pilots about alpha-protection mode features while in normal law that can affect the pitch response of the airplane. [2]

[1] https://aviation.stackexchange.com/questions/52147/why-cant-...

[2] https://www.ntsb.gov/investigations/AccidentReports/Reports/... Page 124

[avianlyric]

> Regardless of whether that was ever true, it was no longer so once we had Boeing using an aggressive MCAS to get the 737 MAXes certified.

Not quite true. The MCAS system operated by adjusting the trim of the horizontal stabilisers, but the adjustment was reflected by the cockpit controls (the trim wheels would spin). Pilots could reset the trim by adjusting the trim wheels, but the MCAS system would then adjust them back again. But there’s still a tight coupling between the input control and the control surfaces. It’s just that MCAS behaved like an unhelpful third pilot making uncommanded trim adjustments.

Yes even in an Airbus a pilot can change the control law in effect, and choose control laws that disable automations, and even choose a control law where inputs are directly mapped to control surfaces. But under normal conditions Airbus planes introduce a lot of various forms of automation between the pilot and plane, which interpret pilot intent from inputs, and then meet that intent by making many adjustments to multiple control surfaces, even though many of adjustments weren’t directly commanded. Unlike Boeing, where under normal conditions input controls behave as close as possible to traditional mechanical controls.

Ultimately it’s all much-of-muchness. Modern aircraft are so complex that flying them smoothly and efficiently is beyond the capabilities of a human. There’s just too many things to be monitored and adjusted. But there important distinction between being able to flight a plane safely vs efficiently, obviously all modern jet liners are designed to be possible to fly safely with zero automations, and direct pilot control of the aircraft. But simple safe flights aren’t enough anymore, we also demand smooth and highly efficient flights, which is where the automation becomes a necessity.

Another way of looking at this question of automation vs direct control, is to look at modern fighter planes. They’re deliberately designed to be aerodynamically unstable, and are effectively unflyable by direct control. That instability makes them unbelievably manoeuvrable, useful in a dog fight, but also requires that all pilot inputs have to be interpreted by a computer, which then does its best to produce the desired output by manipulating whatever control surfaces are needed, regardless of if the input would traditionally result those surfaces being manipulated in a mechanical system.

[mannykannot]

I take your point about the trim wheels moving, though that is not a case of force feedback. More generally, it might be argued that Boeing's original intent with MCAS was indeed to provide force feedback to the pilot via input controls to indicate, but not completely prevent, that the pilot is approaching or about to exceed flight control limits, but it did so by diverging from mapping pilot inputs to control surface outputs - so it hits both sides of your dichotomy.

Furthermore, Boeing diverged further from mapping pilot inputs to control surface outputs once initial flight testing showed that the original version of MCAS was insufficiently effective to satisfy its purpose. In a fateful decision, Boeing chose to increase the power of MCAS to the point where it effectively became a stick-pusher at either high AofA or in the event of a single AofA sensor fault, while contriving to hide this from the FAA, pilots, and those who train pilots. This took any consideration of differences in design philosophy in a whole new (and much darker) direction.

Most of the rest of what you say is broadly in agreement with what Radu094 wrote.

[avianlyric]

> This took any consideration of differences in design philosophy in a whole new (and much darker) direction.

Personally I consider the whole MCAS debacle a symptom of Boeings failure as an engineering organisation, and the prioritisation of commercial concerns above engineering concerns, rather than a change in philosophy. I still have the view that Boeing philosophy still deliberately leans towards putting the pilot in as close a link with physical plane as possible.

Ultimately I don’t really have a view on which approach is “better”, but I do think Airbus and Boeing have very different philosophies regarding aircraft controls. Even if Boeing has become incapable of expressing its engineering philosophies competently. I think it’s still useful to compare and contrast the two approaches, and there’s still things to be learned from how each approach succeeds and fails in different scenarios.

[mannykannot]

> I think it’s still useful to compare and contrast the two approaches, and there’s still things to be learned from how each approach succeeds and fails in different scenarios.

That's a sound approach, though one should be wary of selectively dismissing evidence on the grounds that it does not fit with either one's own or commonly-held preconceived notions.

[mannykannot]

From the NTSB report:

2.3.3 Descent and Ditching Airspeed

As noted, the flight crew was not able to initiate part 2 of the Engine Dual Failure checklist, which contained airspeed guidance for pilots to follow if an engine restart is considered impossible and a ditching is anticipated. The checklist states that, when an engine restart is considered impossible, the optimum airspeed at which to fly is the green dot speed.

Despite not reaching this portion of the Engine Dual Failure checklist, the captain stated during postaccident interviews that he thought that he had obtained green dot speed immediately after the bird strike, maintained that speed until the airplane was configured for landing, and, after deploying the flaps, maintained a speed “safely above Vls,” which is the lowest selectable airspeed providing an appropriate margin to the stall speed. However, FDR data indicated that the airplane was below green dot speed and at Vls or slightly less for most of the descent, and about 15 to 19 knots below Vls during the last 200 feet.

The NTSB concludes that the captain’s difficulty maintaining his intended airspeed during the final approach resulted in high AOAs, which contributed to the difficulties in flaring the airplane, the high descent rate at touchdown, and the fuselage damage. (See additional discussion in section 2.7.1.)

https://www.ntsb.gov/investigations/AccidentReports/Reports/...

[imoverclocked]

This is a seemingly simple yes/no question but you have actually entered a forest.

Most things can be disabled by a pilot. Airliners are marvels of engineering and often contain a data center to maintain control of the aircraft [1]. There is only so much flexibility you want to create for your customers… and the goal is to simplify operations with safety in mind.

[1] https://youtu.be/AAf1SePrKLc

[magic_smoke_ee]

Airbus' direct law should've allowed this.

[loloquwowndueo]

How quick / easy is it to switch laws / control modes while in an emergency situation?

[imoverclocked]

We are talking seconds for a trained pilot. However, going through checklists first might delay that action by minutes and going into direct law probably wasn't on any of the checklists they had to run. Things happen really fast in aviation; You don't have much time, if any, to think in an emergency like the Hudson ditching. Captain Sully already had a lot of other decisions to make in a short amount of time.

NB: Going into direct law would have more than just that one side-effect. I'm not an expert on Airbus (or any airliner) but everything you do in aviation is a tradeoff. If the pilot has most of their time in non-direct law, it might be that going into direct-law just to get rid of a single limit is the lesser choice.

IMHO, Sully's comment is extremely valuable for training consideration and anyone else going through the same or similar scenario in the future.