[bumby]

I think part of the point of the article is that it also makes edge-cases more dangerous and catastrophic than if there was no autopilot at all. From the article:

>The argument for automation is that it frees up cognitive bandwidth. Fewer routine decisions means more headroom to think carefully about the ones that matter.

So if the expectation is that the human pilot is expected to pay attention to mitigate the dangerous edge cases "that matter", there is a contradiction: the tool that promises to free up the bandwidth for that attention creates a complacency that prevents that attention from being applied.

In other words, it makes the normal situations safer but the abnormal situations more dangerous.

[_DeadFred_]

I remember reading an internal memo something to the effect that with the assist systems off there were large groups of pilots that couldn't physically control the aircraft to the point of landing, they just didn't have the strength for it because the physicality had stopped being a day to day aspect of the job.

[adampunk]

Landing is an abnormal situation for an aircraft which we make SUBSTANTIALLY less dangerous through intense automation. Do you want to rip out automated landing systems?

[gbacon]

The FAA describes taxi, takeoff, landing, and operations other than cruise flight below 10,000 MSL as critical phases of flight because of increased risk. The aircraft is closer to the ground, other aircraft, and hazards such that prompt, correct responses are essential to the safe outcome of the flight.

Any equipment on the aircraft can and will fail. Becoming dependent on autoland — not a worry on most general aviation aircraft — is terrible risk management. Every pilot must maintain hand flying skills. Automation is nice and reduces workload, but the pilot must actively manage it.

[filleduchaos]

Not only is landing not an "abnormal situation", contrary to armchair internet wisdom pilots of airliners in fact do not use autoland all the time and don't even always fly a precision approach at all.

Not to mention that they get mandated regular reviews of their ability to fly manually. And even with that, there's still a reason why "children of the magenta line" (i.e. pilots who passively follow automated systems into danger and/or have seriously degraded stick-and-rudder skills) has become a term.

[adampunk]

2 things. First, landing a plane is abnormal! You're shedding a huge amount of energy and you're transitioning from a state where you can keep flying due to your speed to one where flight is impossible as you lower speed. That's an abnormal state to put an aircraft in, regardless of how often it happens. Second, what exactly is the level of automation you're saying is not necessary? Should we rip out radar systems that mark glide paths?

[bluefirebrand]

> That's an abnormal state to put an aircraft in, regardless of how often it happens

Taking off, flying, and landing are all absolutely required in the normal operation of a plane. If your plane is not engineered in such a way that landing is normal, it won't last long

[voidUpdate]

You land a plane as part of most flights, I'd say that's not particularly abnormal as an event...

[toast0]

Very few flights end without a landing.

[filleduchaos]

This is about as silly as feverishly claiming that e.g. deploying a web app to production is an "abnormal situation".

On top of that I'm sorry but you seem to have skimmed over both the article and what I said in favour of clutching pearls at some nebulous entity apparently claiming that "automation should be ripped out" when what is actually being explained to you is that without actual, manual, hands-on, current experience the "human in the loop" loses the ability to properly control or take over from an automated system - and worse, the ability to even understand when it is doing something nonsensical and/or dangerous.

As an aside, I assume that by "radar systems" you are referring to radio navigation aids. Like I've already mentioned (though in fairness not everyone knows what a non-precision approach means), pilots of airliners are still trained to fly without them, are expected to know how to fly without them, and shockingly enough DO fly without them in the real world where equipment fails or cannot even be installed at all. I know most of the software that people write here is insulated by several layers of abstraction from the hardware, but surely we haven't already lost the understanding that automated systems are not in fact magic - that they depend on real world hardware with real world physical constraints?

[bumby]

You seem to confuse "high consequence" with "abnormal".

[adampunk]

I mean you confused the 737-max problems with the general notion of automation, so...

[bumby]

First, snark goes against HN guidelines so you might want familiarize yourself with them.

Secondly, MCAS autonomously adjusts trim based on sensor inputs to avoid a hazard. It is not advisory and directly controls flight surfaces. This would make it automation according to how organizations like NASA categorize flight software taxonomy.

[bumby]

If you expect every aircraft to land, it seems to meet the very definition of "normal" operation.

An abnormal landing would be something like trying to land with a broken elevator surface.

[gbacon]

The circumstance doesn’t have to be that dramatic to be abnormal.

Landing after a merely unstable approach, too many significant changes too close to landing, increases risk.

Landing too fast may result in overrunning the end of the runway, pilot induced oscillation, or loss of control. Energy being proportional to the square of velocity means the margin doesn’t have to be huge to pose significant danger. Landing too slow risks an aerodynamic stall or worse a spin, which at low altitude is nearly certain to be fatal.

Landing safely with a crosswind requires technique changes. Too much crosswind or “running out of rudder” is extremely dangerous.

Landing after accumulating airframe icing is triply bad because the ice reduces the control surfaces’ aerodynamic effectiveness, makes the airplane heavier, and requires a faster landing.

[adampunk]

And you contend that autopilot makes that situation more dangerous? Do you have any support for this?

[bumby]

As the article already states, there is a well known phenomenon in aviation called automation-induced complacency. So, yes, if you automate landing to the extent that human pilots no longer pay attention to abnormal signals that indicate something is wrong, or no longer feel the need to train or stay vigilant, it can make things more dangerous. There is plenty of research on this, but here's the first that came up in a cursory search:

https://ntrs.nasa.gov/api/citations/20020021642/downloads/20...

A more recent example is the Boeing 737-Max where there was a focus on automating trim control. In that case, the automation made the system more complex, to the detriment of a pilot understanding and reacting to an abnormal operation.

We should also be careful that we don't create a false dichotomy between "all automated or no automation", or an expectation that more automation is always better. The goal should be the right balance that increases reliability/safety.

[filleduchaos]

> A more recent example is the Boeing 737-Max where there was a focus on automating trim control. In that case, the automation made the system more complex, to the detriment of a pilot understanding and reacting to an abnormal operation

To be fair this is not entirely accurate: a focus was made on stall prevention in a very specific mode of flight given the variant's increased susceptibility to the pitch-power couple. It did not make the system any more complex per se than other airliners - see e.g. Airbus aircraft which do actually have autotrim in normal flight. The actual kicker was that the existence of MCAS was hidden to avoid the need for lengthy re-training of pilots if the 737 MAX was deemed sufficiently different from its predecessor variants (on top of MCAS being rather poorly implemented in its first iteration).

[bumby]

Fair enough. The “hidden” aspect is what I was alluding to…ie, control that exists but isn’t apparent to the pilots (and worse, intermittent). In the human factors world, it was more complex than the pilots assumed, but you’re right that it’s probably not the best description.

(As an aside, the hazard being mitigated, ie stall, has little bearing on whether or not it’s autonomous or complex, although it does impact whether its safety critical)

[filleduchaos]

The fact that the autopilot will loudly disengage if there is a serious enough control surface failure to cause an upset is more than enough support IMO.