[404mm]

Is this the crash where the pilot failed to recognize the airspeed sensors had frozen up and he stalled the plane? I could see how this was an Air France fault since the pilot was not properly trained or experienced to fly this plane in these conditions. Not sure why Airbus is responsible.

[NooneAtAll3]

it's the crash where pushing nose of the plane down (correct enough-altitude stall response) caused alarms to activate, while pulling nose up caused alarms to silence

no wonder airbus was found guilty

[bombcar]

Airbus kind of embodies the "trust the computer" mentality; and if you're going to do that the computer damn hell better be right all the time - it must not have "backwards" failure modes.

Boeing, in similar situations "in the past" would just sound a "computer is giving the fuck up, fly this pig dog" bell and leave it to the pilots to figure it out.

[steveBK123]

As a computer person the airbus approach (and Boeing adopting some aspects of this in the max8) is terrifying

[tavavex]

Comparing Boeing's compliance hack and Airbus' system that's pushing 40 years now is very questionable. Airbus planes don't get in the way of flying, and there's extensive procedures and redundancies for everything that could go wrong. It's a proven system, and events like these are the exception proving the rule, especially since there was also a human factor here.

As another computer person, I'd trust aviation more than any other field, especially when it doesn't involve the modern US. Computers can't be perfect, but they can be almost always good at integrating and helping humans that remain in control. Advocates against including any fly-by-wire or computerization in aircraft at all fail to consider all the accidents that said computerization has helped avoid. Putting a billion steam gauges and blinking lights in front of pilots and asking them to correlate and understand everything themselves is actually not simpler, easier or safer.

[steveBK123]

The fly by wire as implemented by Airbus results in illogical states that are impossible in mechanically linked systems.

The most jaw dropping one is the stick input averaging.

https://www.reddit.com/r/NoStupidQuestions/comments/10w54e4/...

[cccbbbaaa]

The same thing happens on the 777 and 787: if too much opposite force is applied on both yokes, they lose their linkage and are averaged. There is no warning or priority button, unlike on Airbus planes.

Older Boeing planes also have a mechanism to unlink the controls if too much opposite force is applied. The left yoke would control the left side of the plane, the right yoke would control the right side.

Interestingly, the dual-input rate is roughly the same on Airbus and Boeing planes: 0.44 per 1000 flights and 0.4 per 1000 flights, respectively: https://bea.aero/fileadmin/user_upload/F-GSQJ_finalreport_EN... pages 45 and 47.

[tavavex]

I don't really understand what's so jaw dropping about input averaging. Let's be clear - this is a fallback state that handles a situation that should never come up. Pilots aren't supposed to try to control the aircraft from both seats at the same time, both fly-by-wire and not. What we're talking about isn't a deficiency that can sporadically cause a dangerous situation, like the MAX, but a situation where the pilots have already made a massive mistake and the automation didn't bail them out. It's not like there's no workaround, either. Making conflicting commands results in the plane blaring a 'dual input' warning at you, and if one of the pilots desires exclusive control, they can press the side stick priority button. A further improvement of the system would be to add force feedback to the side sticks, to simulate the linked yokes of a non-fly-by-wire aircraft, but even without it, I feel like this issue is given way more publicity, and it's used as the scapegoat for the ultimate cause, pilot error. All incidents that involved this were ruled as being caused by pilot error - in the crash this article is about, the PF was literally holding his side stick full back until almost the very end. A force feedback system might've helped them realize it sooner, or it might not have - there's plenty of historical incidents where pilots managed to stall conventional aircraft out of nowhere in a similar fashion, but those were ruled to be their mistake only.

[actionfromafar]

You made me laugh out loud! Very well put.

[refurb]

While true, pilots aren’t trained to just “respond to the alarm” they are trained to fly the plane.

Once there were multiple alarms that made no sense at all (petty early in the event), the pilots should have ignored them as per the checklist.

But the most damning thing is the one pilot pulling the stick back and holding it back for almost the entire event. There aren’t any flying conditions where that’s an appropriate input. Not to mention being told to give up control and ignoring that request.

I agree Airbus has some blame in terms of the computer system not adequately communicating when it drops out of normal mode.

[PearlRiver]

Yeah the computer is never flying the plane it is always the pilots who have final decision. Which is ofcourse also why the computer will let you fly into a mountain if you want.

[cccbbbaaa]

> There aren’t any flying conditions where that’s an appropriate input.

It's the procedure for various GPWS cautions and warnings on Airbus planes, and can also be done in a windshear.

[refurb]

I stand corrected. But suffice to say it’s not an appropriate input when you lose airspeed at 35,000 ft.

I read the Admiral Cloudberg article again and saw that it was procedure for other scenarios as well.

It seem like the normal mode (protected flight envelope) is just encouraging bad habits? “Just go full stick back and hold it, don’t worry the computer won’t let you stall the plane…most of the time”

[cccbbbaaa]

> It seem like the normal mode (protected flight envelope) is just encouraging bad habits?

Maybe, but at the same time it helps avoiding crashes like Sriwijaya 182 or Flydubai 981. Airbus has shown that planes with fly-by-wire and any kind of flight envelope protection (A320 and newer, A220, B777 and 787, etc.) experience less fatal accidents and less hull losses than planes with traditional controls (A300, A310, B737, etc.), even today: https://accidentstats.airbus.com/fatal-accidents/

Unfortunately, these safety improvements mean that we only hear about cases where automation fail to help, like in the case of AF447, but not cases where it prevented an accident.

[exidy]

The behaviour you describe above only occurred after the pilot flying stalled the plane. There was a procedure for unreliable airspeed indication. Had the pilot flying performed it, the situation would have been resolved without incident.

AF could perhaps be held liable for insufficient training on high-altitude stalls or recognising and responding to reversions to alternate law. But it's hard to see how Airbus can be responsible for a pilot ignoring the most basic first response.

[fweimer]

The article from this subthread contradicts this, though. Regarding recoverability of the situation, it says this:

> By now the airspeed indications had returned to normal, but the pilots had already set in motion a sequence of events which could not be undone.

That was before the prolonged stall warnings. But maybe this phrasing is just an embellishment?

But further down, the article is pretty clear that the training was inadequate for this type of unreliable airspeed indication:

> Although procedures for other phases of flight could be found in the manual, the training conditioned pilots to expect unreliable airspeed events during climb, to which they would respond with a steady nose-up pitch and high power setting that would ensure a shallow ascent. Such a response would be completely inappropriate in cruise.

[exidy]

Once the aircraft was stalled there was a narrow window to recover from it, which obviously did not occur. But the stall was entirely caused by pilot input of full nose up! The procedure for unreliable airspeed (which was in both the QRH and the FCOM) was simply to fly a known safe power / pitch from the tables provided in the QRH.

At no time was any of the pilot's Attitude Indicators (Artificial Horizons) inoperative -- all they had to do was maintain straight and level flight at a known power setting and everyone would have come home safely.

[fweimer]

I see. I assumed that given they were flying at 37,000ft, they would have more time to react. But the BEA report says that after autopilot disconnection, only two minutes passed until they reached this situation:

> Only an extremely purposeful crew with a good comprehension of the situation could have carried out a manoeuvre that would have made it possible to perhaps recover control of the aeroplane. In fact, the crew had almost completely lost control of the situation.

I had no idea that things could go wrong so quickly, even at that altitude.

[exidy]

You are absolutely correct that things can go wrong very quickly, especially at altitude. Modern planes fly very high for reasons of efficiency, but as the air thins, the window between stall speed and overspeed becomes narrower[0]. That's why piloting always emphasises the need to be thinking ahead of what the plane is doing and not following it.

For this incident, they were flying at FL350 (35,000 feet) and had a service ceiling of FL370 at their current weight -- that's a difference of only 2,000 feet. Within 30 seconds of the autopilot disconnecting, Bonin put the aircraft into a 7,000 feet/minute climb! So that margin was eaten up very very quickly.

If you're interested in aircraft incidents and accidents I recommend Petter Hörnfeldt's excellent YouTube channel Mentour Pilot[1]. He goes into deep technical detail and has covered not just AF447 but many other incidents where the pilot lost situational awareness and put a perfectly working plane into the ground.

[0] https://www.boldmethod.com/learn-to-fly/aerodynamics/coffin-...

[1] https://www.youtube.com/@MentourPilot

[anonymars]

Thank you, this accident reminds me a bit of the McDonald's coffee lawsuit, where the popular narrative of "be less of a dummy" is not really fair

Edit -- to wit: https://news.ycombinator.com/item?id=48253931