[akiselev]

I totally agree with making black boxes more advanced to phone home and such, but this line annoyed me:

"Your iPhone is more powerful than the evidence-collecting computers in the cockpit. Simple changes could mean faster answers for plane crashes"

You're talking about the black box for a airline jet. This thing is supposed to survive plane crashes; not just being dropped a meter off the floor, but smashing into the ground going 100's of meters per second. The design constraints in those conditions include, assuming the plane is now a ballistic fire ball smashing into the ocean: operating temperature well above even industrial components to survive the fire, mechanical strength to withstand hundreds if not thousands of g's during impact (at this speed the ocean is the same as solid rock), and then float in the freezing ocean for days if not weeks until it is recovered. I'm not sure if black boxes are guaranteed to float or not, but if they are designed to sink, they must then withstand tens of atmospheres extra pressure for a sustained period of time.

The secret is that smartphone processors have been more powerful than safety critical processors since their inception with the IBM Simon [1]. The RAD750 [2], NASA's only "current generation" processor, began to fly in 2005 with a whopping single core with a 110Mhz core clock and an older manufacturing process than that of processors used for early 2000's era smart phones. When technology is moving so fast that Intel is building a new multi-billion dollar factory every few years, safety critical device designers don't give a shit about how fast they are. They care that they can get a level of confidence in the stability and reliability of the processor, that it has years of data on life time, and then that it can be manufactured by an array of suppliers. That cannot be guaranteed by cutting edge technology, no matter how many bits or fancy virtualization features you throw at it. For the black box, this means every component in the design must survive and operate (an IC can survive the hundreds of deg C in a reflow oven but it sure as hell won't work if you send current through it) at or close to those conditions.

[1] http://en.wikipedia.org/wiki/IBM_Simon

[2] http://en.wikipedia.org/wiki/RAD750

[JumpCrisscross]

Replacing black boxes is not a good idea. Black boxes work when everything else has broken. We trust them to report when unimaginable edge conditions are breached.

We should instead supplement our sturdy but silent black boxes with a chattier partner. The new device would not survive a catastrophic breakup. Nor would it receive the omniscient breadth of data trusted to a black box. Instead, it would (1) receive a subset of flight data (e.g. location, alerts, and pilot inputs) and (2) immediately send them to a ground-based datacentre. These data would back up air traffic controllers' radars in real time. They would also assist in locating fallen planes and their more comprehensive black boxes.

[lgeek]

> We should instead supplement our sturdy but silent black boxes with a chattier partner. The new device would not survive a catastrophic breakup. Nor would it receive the omniscient breadth of data trusted to a black box. Instead, it would (1) receive a subset of flight data (e.g. location, alerts, and pilot inputs) and (2) immediately send them to a ground-based datacentre. These data would back up air traffic controllers' radars in real time.

It seems to me you've described ADS-B[0], which this plane had and which will become a requirement in US and EU soon. Looking at sites like flightradar24.com, which use ADS-B data, it would seem most airliners already use it. The only difference from your requirements is that ADS-B doesn't broadcast any information about pilot inputs.

According to records from one of the sites which use ADS-B, the signal from this plane just stopped [1]. This could have happened because of a severe failure in flight, or maybe because the plane descended below cruising altitude which happened to take it out of receiver range. In either case, it shows that the proposed scheme would be of limited use and it might not have helped in this particular case.

[0] http://en.wikipedia.org/wiki/Automatic_dependent_surveillanc...

[1] I'll search for the source when I get back to my computer. It was discussed in /r/aviation.

[masklinn]

What he's describing is closer to ACARS, which already exists but has very low bandwidth.

[masklinn]

> You're talking about the black box for a airline jet. This thing is supposed to survive plane crashes; not just being dropped a meter off the floor, but smashing into the ground going 100's of meters per second.

Just so everybody understands, here are the specs advertised by Honeywell Aerospace for the type of box on e.g. AF447 (the Air France flight which crashed in 2009):

    Advanced Recorder (AR):
        available as
            Cockpit Voice Recorder only (AR-CVR)
            Flight Data Recorder only (AR-FDR)
            Combined Digital Voice and Data Recorder (AR-DVDR)
        - Underwater Locator Beacon (ULB).
        - voice recording duration: 30, 60, 120 minutes.
        - data recording: 10, 25 hours.
        - Height – 6.1 inch; Width – 4.8 inch; Length – 9.49 inch;
        - weight: 8.8 pounds.
        - designed for data recovery even if subjected to
            * Impact Shock – 3400 G, 6.5 milliseconds
            * Penetration Resistance – 500 lb weight drop from 10 feet
            * Static Crush – 5000 lbs, 5 minutes
            * High Temperature Fire – 1100°C, 60 minutes
            * Low Temperature Fire: 260°C, 10 hours
            * Deep Sea Pressure and Sea Water/Fluids Immersion: 20,000 feet, 30 days

[Already__Taken]

How can something only survive under 20,000 feet for 30 days and not 60, or a year. 30 days is a long time.

[masklinn]

It can and most likely will (the AF447 black box was retrieved after almost 2 years at ~12500ft). That's just the speccing, the warranty if you will.

[anigbrowl]

All this is true, but perhaps we should also be exploiting cheap and redundant systems that leverage more up-to-date technology, eg multiple lightweight pods that are designed to eject automatically under certain circumstances and consist of a battery, the same sort of technology you'd find in a typical satellite smartphone, and a small parachute - something you could build with a unit cost under $5k, which you could easily make back without a drastic impact on ticket prices. If you deployed, say, 20 of them automatically during a catastrophe, odds are that a few of them would survive.

I'm not disputing anything you wrote above, but right now all our eggs are in two very expensive baskets (FDR/CVR). When a plane goes mssing you want to pinpoint the location of the crash ASAP and get some telemetry as a second priority. The existing systems are great but could we not also benefit from some cheaper and simpler systems that didn't rely on being bulletproof?

[potatolicious]

> "eg multiple lightweight pods that are designed to eject automatically under certain circumstances and consist of a battery, the same sort of technology you'd find in a typical satellite smartphone, and a small parachute"

So you've replaced a single point of failure (failure of the recording device) with 4: failure of the ejection trigger, failure of the ejection mechanism, failure of the parachute, and failure of the (significantly weaker) recording device.

The point of a black box is that it's an when all else has failed device - there are extremely few assumptions you can make about such a situation, so the correct move is to design as conservatively as possible. The plane could be gliding. It could be a raging fireball. It could be missing a wing. It could be about to crash but all the sensors still think everything is just great.

[anigbrowl]

No. I want to keep the existing systems and add another system that's sufficiently cheap that it it can have a 95% failure rate and still be economical.

I mean, here we are after 3 days and none of the surface vessels can find the possibly-debris stuff seen from the air earlier today. I don't have a design for a foolproof system and am under no illusions that the existing 'black boxes' could be easily replaced, but the existence of commodity-cheap sensors, processing, and communications technology mean we can afford massive redundancy.

[aptwebapps]

Isn't anigbrowl suggesting supplementing the black boxes rather than replacing them?

[morcheeba]

Don't be dense. That's not what at all he said & your math is all wrong.

The existing black box is not a single point of failure. The big question is finding it ... that's what this whole concern has been over (and, since you missed it, why I joshingly call you dense).

Anig also clearly stated that there would be 20 of these, operating in parallel. Your math is wrong because you ignore his central argument.

[ekianjo]

Totally agree. This article smelled ignorance in every single line, and saying Your iPhone is more powerful than the evidence-collecting computers in the cockpit. Simple changes could mean faster answers for plane crashes is akin to complaining that my TI Calculator in the 80s was more powerful that the Voyager's probe processor. Different purposes, different specs, different constraints. The person who wrote this piece is definitely not an engineer and has no scientific background whatsoever, as far as I can tell.

[akiselev]

Fun fact, Voyager launched before the first RAD hardened CPU [1] processor was available and the Voyager electronics are more akin to a ton of expensive FPGAs and ASICs that have a bunch of error correction and redundancy.

[1] http://en.wikipedia.org/wiki/RCA_1802

[userbinator]

Exactly. Safety-critical applications by nature have to be risk-averse, and that means anything new, anything that hasn't been thoroughly tested and backed by years of experience, is an unacceptable risk.

Older processors constructed on older large-size processes and often operating at higher voltages and slower clocks are more robust because they have a smaller number of transistors, which means a simpler more predictable model of error propagation; larger features mean lower current densities, increasing resistance to electromigration and decreasing the chances of defects from natural process variation; higher supply voltages reduce the effects of noise; slower clock rates allow more time for noise-induced glitches to settle instead of propagating.

One of my favourite examples of this is the CDP1802 - an 8-bit CPU from the mid 70s, which is still in production and use today in aerospace applications.

[akiselev]

Someone replied quoting the "curse of knowledge" wiki article and deleted their reply.

With regards to why video recording FDRs aren't in place, look no further than the FAA [1]. The original request from the National Transportation Safety Board (in pdf) from 2000 is also available [2] although I'm sure the issue has come up since then. However, the FAA doesn't govern Malaysian aircraft except when they fly to the US (I'm guessing 777s were up to code though)

[1] http://www.ntsb.gov/safetyrecs/private/history.aspx?rec=A-00...

[2] http://www.ntsb.gov/doclib/recletters/2000/A00_30_31.pdf

[smsm42]

But do they really need to "operate" under these harsh conditions? They need to preserve the recorded data (which AFAIK with a suitable magnetic storage requires no processing power and no energy, just ability to stay mechanically together) and to do something to be found - like send GPS coordinates out on exceptional event and/or a loud radio ping that can be located by search teams after the crash. That shouldn't be that hard to do? Or am I missing something here?

[yardie]

A plane can be on fire and in flight simultaneously. If the compartment the blackbox is kept in is on fire or near the hotspot you don't want it cutting out too soon.

Blackboxes are equipped with a sonic and radio location beacon. Because of the remote locations they have to work in battery life is measured in days and hours since they have to send out a fairly powerful signal using the weakest antenna configuration.

GPS is out of the question for the moment. It requires a power hungry DSP and signal amplifier. Even now, most smart phones use the GPS occasionally then supplement that information with the accelerometer (ie, dead reckoning for smartphones).

[smsm42]

>>> battery life is measured in days and hours since they have to send out a fairly powerful signal using the weakest antenna configuration.

They don't need to send it continuously, so I wonder why it is only hours. Sending a loud short ping once an hour shouldn't consume too much energy. Of course, I don't know enough about radio physics to know if it'd be enough, say, if it is 1km underwater - that may be a problem. Maybe supplement it with acoustic ping too?

GPS is not needed continuously too - it can record last reading, say, before high-g acceleration event and then let the GPS unit be destroyed, burned, starved of power or whatever happens to it. I.e. continuous GPS is needed only when everything is OK and the device is connected to the plane's powerplant - once it is disconnected, record last known GPS and shut down everything - we're in trouble, so the only task for it now is to scream loudly until it is found.

[mschuster91]

The "old manufacturing process" is mostly related to space radiation hardening - the smaller the structure size, the easier it is for the background radiation to cause bit flips.

[phaemon]

> You're talking about the black box for a airline jet.

No he's not. He's talking about the "evidence-collecting computers in the cockpit" that send the data to the black box.

[masklinn]

> He's talking about the "evidence-collecting computers in the cockpit" that send the data to the black box.

No, he's saying that collecting the black box is a pain in the ass so there should be a permanent data link to ground.

Plus his whole premise is wrong, as there already is one: http://en.wikipedia.org/wiki/Aircraft_Communications_Address... there just isn't enough bandwidth to send much more than basic systems failure data. Certainly not enough to send the kind of information stored in the black box, and not until the final moments of the plane either.

[phaemon]

No, he's talking about "evidence-collecting computers in the cockpit". I know that because that's a quote from the article. You can tell that because I used "quote marks".

He also says that there should be a permanent data link to ground. At which point you say (paraphrased), "there is one, except there isn't".

[masklinn]

> No, he's talking about "evidence-collecting computers in the cockpit"

No, he's mentioning them. He's not talking about them. You could know by having read the article and noted he says nothing about them outside of the subtitle.

> At which point you say (paraphrased), "there is one, except there isn't".

The actual paraphrase would be "there is one except physics". There is a link, it can't magick reliability which does not exist when the computer is a flaming ball of debris in a storm. His proposition boils down to "magick up a reliable connection and send a subset of the blackbox data over it" (note the part where changing anything to "evidence-collecting computers" figures nowhere in the proposal?)

[phaemon]

> No, he's mentioning them. He's not talking about them.

Yes he is, in the part I quoted. That's the part I'm talking about, which is why it's the part I quoted. Learn what the word "context" means. It's the part that the comment I was replying to quoted. Try and keep up.

> The actual paraphrase would be "there is one except physics".

Use the existing wifi connection to send additional information that at least would give you the location of the plane to the nearest kilometer. There are no laws of physics that prevent this.

[masklinn]

> Yes he is, in the part I quoted.

No, he's not talking about these systems.

> Use the existing wifi connection

The fuck are you talking about, planes don't have wifi connections. Do you think they've got a a wifi antenna outside connecting to an AP on land?

> to send additional information that at least would give you the location of the plane to the nearest kilometer.

That already trivially fits in the ACARS, and is completely useless since it's available from radars in the first place, until radar and data links become unavailable.