That is beyond scary; how anyone can defend having critical aircraft control systems rely on an input which may be turned off at will is beyond me.
Let us at least hope the system fails gracefully and notifies the pilot that something odd just happened and you will have to do your own flying from this point on, rather than just going titsup and be done with it.
Also, i'm not so sure about the graceful failure. Hypothetically, the human takes over. But if the human hasn't actually flown in months or years the'll likely be kind of rusty. Now you're throwing them into a complex situation - the autopilot can handle the simple stuff. Coupling weak skills with difficult situations seems like a bad idea.
I kinda think autopilots and self driving cars should give a limited clock. Every, say hour you do it manually buys you a few hours of autopilot. Just to keep skills relatively fresh.
"The Air France story is a story about a failed handoff, where the automation onboard an airplane found a relatively minor fault and handed control of the plane back to the human pilots, too suddenly and ungracefully surprised them. And they had lost some of their skills flying too much with the automated systems and lost control of the airplane. Which actually was a perfectly good airplane about a minute into the crisis. And so they went from tens of thousands of feet flying through the sky and ended up spiraling into the ocean, tragically losing all aboard."
A configuration management system that incorporated spaced repetition would be cool. Every once in a while, go into an incremental mode where you actually type in the commands. It has the added bonus of getting new people aware of the system. Sure, you can always just go read the source and figure it out. Having the system force some human awareness from time to time would be handy.
Have them both handling control at the same time, reconcile the inputs in a sane manner (or have a master/slave where one is providing phantom inputs). Added benefit of being able to error check each other.
(Supposedly the plane is supposed to loudly complain if the inputs diverge. I'm not sure if this happened.)
In flight testing, whenever we encounter situations like this (the aircraft does not react as the pilot expects for a given input), we don't necessarily blame the pilot. Especially if multiple pilots get into the same mess. Then we know it's time to change how the aircraft behaves and bring it in line with what the pilots expect.
In fact by the time it arose, the aircraft may already have been in an unrecoverable dive (or whatever the word is for rapid descent while stalled), I don't remember. So it's not a primary cause of the accident.
There's no substitute for physical feedback. It's instantaneous and impossible to miss. It's completely beyond my comprehension that Airbus eliminated it.
As I recall, the one pilot held full back stick all the way down, while the other pilot tried and failed to recover. Releasing the back stick and executing a normal stall recovery would have saved the airplane at just about any time.
As for your last point, I'm not an expert, and I'm not as incredulous about this scenario as you seem to be. (As a teenager I did fly a lot in PC flight simulators, though.)
The non-technical Vanity Fair article I referred to claims that the accident investigators estimated the last point at which the aircraft could have recovered from the dive was around the time it passed 13,000 feet:
"Though precise modeling was never pursued, the investigators later estimated that this was the last moment, as the airplane dropped through 13,000 feet, when a recovery would theoretically have been possible. The maneuver would have required a perfect pilot to lower the nose at least 30 degrees below the horizon and dive into the descent, accepting a huge altitude loss in order to accelerate to a flying angle of attack, and then rounding out of the dive just above the waves, pulling up with sufficient vigor to keep from exceeding the airplane’s speed limit, yet not so violently as to cause a structural failure. There are perhaps a handful of pilots in the world who might have succeeded, but this Air France crew was not among them. There is an old truth in aviation that the reasons you get into trouble become the reasons you don’t get out of it."
When trying to get the plane onto the center of the runway, both pilots' actions are probably pretty correlated, and averaging could remove any noise (e.g., twitches).
But in many other circumstances, it seems like it would be downright dangerous. Something's in front of the plane. One pilot goes to the left, the other pulls to the right, and the system averages the commands and smashes straight into it.
The benefits of a marginally straighter landing don't seem like they would outweigh the potential of a massive catastrophe.
Reviewing changes by hand every few months keeps you aware of what needs to happen. Automation doesn't get brittle, people forget how systems are flexible and inflexible. Spaced repetition would give people a chance to keep up with the current design, so when that crazy security vulnerability happens, you can jump in and change stuff knowing how it works, rather than having to figure it out on the fly.
I don't think it would take much. Configure a box today, tomorrow, next week, next month, 3 months, then perhaps every 6 months.
There are very smart people that sort of intuitively keep up with those kinds of changes. But those people change jobs. How do you get a mere mortal up to speed on 20-30 machine configurations? config management can configure hundreds of machines a day, no problem. but it's easy to forget what's really going into each of those boxes.
This is more about preserving organizational awareness, not so much robustness of a running system.
THE MACHINE STOPS
US military systems pervasively use inertial navigation (INS), many of which can accept micro-corrections from the GPS system. However, they only accept corrections within the intrinsic error bound of INS, which is quite small. Spoofing GPS can buy you a deflection of meters at most, not kilometers.
The US military is developing new types of inertial navigation systems that are so accurate that it obviates the use of GPS altogether. (And the media will probably still call those systems "GPS-guided".)
The INS system you mention has small errors, which aggregate/accumulate over time, this time being in minutes and tens of minutes.
These errors cannot be rectified inside the INS, from what I understand. They require external fixes, like GPS.
I am willing to be wrong however.
There are a couple things that people forget about US military INS:
US military INS actually operates as a giant swarm of INS computers with other sensor inputs that compare notes -- wisdom of crowds -- to correct accuracy. If one INS computer drifts too much, the other INS computers will notice and correct it. Even without the swarm, many larger military systems will have multiple INS computers distributed throughout the platform that can compare notes.
The US military has been at the forefront of inventing exotic INS technology since the 1960s, and the details of their INS capabilities are a closely guarded secret. It is used ubiquitously in almost every combat system they produce. What is known is that even in the 1990s the accuracy of INS significantly exceeded design requirements, and there are current military research programs that suggest they know how to build INS that exceeds current GPS accuracy over long temporal baselines.
Given that they already have a GPS constellation that they use for a wide variety of other cases, GPS-corrected INS guidance is a very cheap way to squeeze some additional precision out of weapons that were already pretty precise in the first place. It allows them to build a dirt cheap and reliable guidance package that is also highly precise in environments where GPS spoofing is not a credible problem. Remember, these particular guidance packages tend to be modular and swappable: use the cheap stuff that leans on GPS more for low tech enemies, use more sophisticated and expensive INS for the high tech enemies.
Certain systems do indeed operate as you say, with INS as the primary guidance/navigation mechanism. Submarines for instance, cannot rely on a GPS fix. Strategic missiles as well.
But ground forces do indeed use GPS systems. INS systems are very costly to build and maintain, go GPS is a go-to for missions and requirements where it's a good fit. You simply cannot outfit every ground-pounder with an INS system and then keep it properly operational in their task envelope.
Also, parts of the GPS system are quite jam-resistant. Not entirely, but when it was first developed, GPS was pretty secure for it's time, using a cryptographically derived spreading code for the carrier.
Here is an example of a system in use today:
Some of you might be interested in an article I wrote on the subject:
Along the same lines:
I work in manufacturing, and design systems to automate processes. "What is the current, manual process?" is the first thing I ask for when beginning a new project. I then try to design the automated system, so that the manual process can be used as a fallback should any part of the automated system fail. What happens when we have a network outage or something similar? The people involved suddenly forget the manual processes that they had used for years, and sit around twiddling their thumbs and calling IT every 5 minutes asking when the system will be back up.
What Iran did probably simple jamming that caused drone to either crash or emergency land.
"... Iranian engineer's assertion that the drone was captured by jamming both satellite and land-originated control signals to the UAV, followed up by a GPS spoofing attack that fed the UAV false GPS data to make it land in Iran ..."
Wikipedia has more of the story https://en.wikipedia.org/wiki/Iran%E2%80%93U.S._RQ-170_incid...
That was disputed "... GPS is not the primary navigation sensor for the RQ-170..."
In recent years GPS modernization means satellites have been using new codes on L2 (L2C) which are un-encrypted. Only about 18 of the satellites carry that capability at this time.
Cruising at altitude is not that hard. I'd be far more concerned if they were interfering with the various Instrument Landing Systems during inclement weather.
> Every, say hour you do it manually buys you a few hours of autopilot.
Most pilots already hand-fly in clear weather during landing and takeoff by default; somewhat for the reasons you suggest, but it's also the safer as it actively maintains pilot situational awareness.
You're generally only going to use the A/P during cruise, departure and approach or during instrument flight conditions.
Not in RVSM airspace above FL290 (29,000 ft). In RVSM  airspace its required to have a functioning autopilot coupled to an altimeter of a certified accuracy (+- 65 feet)
Most pilots couldn't fly the required accuracy, that high up, for any length of time, with manual hand-flying. Even in a FBW airliner, it would be hard.
Being near the coffin corner is often desirable for performance reasons, but it sure isn't easy.
Of course, GPS is a rather old system and I'm unclear how you would add encryption in a way that it's not compromised when someone gets access to a decoder but also doesn't endanger "mission success" because a encryption key punch card is missing and the drone refuses to start. It's like the nuclear launch codes being all zeroes.
The keys are rotated periodically, so if somebody stole a decoder, it would only work until the key in memory expires. (Military GPS receivers also have a "zeroize" button to destroy the keys in case of imminent capture.)
Another fancy way to navigate without GPS is to use automated celestial navigation. The SR-71 had one of these in the 1960s, and it's also good for submarine-launched nuclear missiles. The hardware is able to sight stars even in the middle of the day (and not just the Sun, funny guy).
For commercial aviation, the typical backups are radio beacons such as VOR and NDB, inertial navigation systems, and good old dead reckoning plus pilotage (i.e. looking out the window).
Also with the reliance on GPS and its inherent fragility has caused the US Navy to restart training in celestial navigation. In order to reboot the training regimen, the Navy is relying on Coast Guard instructors, since the USCG never stopped.
I recently spoke to old aircrew guys I worked with and apparently they stopped teaching manual celestial nav in the late 90s finally. Automated celestrial nav was, per my understanding, never too common although SR-71 aircrews commonly used its system.
A variation on terrestrial celestial navigation was used to help orient the Apollo spacecraft en route to and from the Moon. To this day, space missions, such as the Mars Exploration Rover use star trackers to determine the attitude of the spacecraft.
> Another fancy way to navigate without GPS is to use automated celestial navigation.
I figured as much. I'm just under-informed in this area, and try not to state things as fact that I don't know as such. I did mention the stars, but it didn't occur to me they are visible during the day with the right equipment. :)
> inertial navigation systems
I'm aware these exist (due to some military fiction I've read), but that's the extent of my knowledge. I'm not aware of how accurate they are.
> good old dead reckoning plus pilotage (i.e. looking out the window).
I was thinking of systems that replace pilots, even if for short whiles, not supplement them, so discounted human correction while in flight.
As far as quantifying that growing error, Wikipedia says it's typically less than 0.6 nautical miles per hour. An airliner after a long oceanic flight could know where it was to within a few miles, good enough to reorient and find the destination airport.
Early efforts in autonomous navigation came out of a strong desire to blow up the Soviet Union, so cruise missiles and ICBMs and such are a good place to look if you're interested in early examples.
Source: Worked on said GPS/INS systems in the military.
They "require" GPS input in the sense that if I handed you an INS that was initialized/calibrated with some precision (Oministar/RTK/P-code GPS/ whatever) reference but had been running in the trunk of my car (or dangling from the collar of a feral cat) for N hours/days, there's no way you'd fly a plane with it without initializing it with some sort of position referene.
(If you came up with "sit it on some previously surveyed datum, and you don't need GPS" on your own, you get an A)
It used to be that the clear channel was less accurate (even beyond the 'selective availability'), but signal theory got us to cm granularity without the computational expense of the military channel.
Just sign the signals with RSA. This depends on keeping the private key out of hostile hands, or allow key revocation and generation. But it's possible in theory.
AHRS = Attitude and Heading Reference System
So basically, it seems it's not a big issue, especially since his aircraft kept the autopilot on. But it might require some attention from the manufacturer
Dutch roll may cause passenger discomfort though
(Note for readers: A "dutch roll" is when the plane rolls (when one wing dips down and the other rises up) and yaws (when the rear of the aircraft moves in one horizontal direction and the front of the aircraft moves in the opposite horizontal direction) at the same time.)
Some people seem to adapt easily to boats, planes and other types of activities that cause motion sickness. I'm not one of them.
+ "should" means that it is technically possible, not that this particular flight control system does
>enabling it to fly fully coupled GPS-only LPV approaches into runways not served by ILS or other ground-based electronic approach aids.
GPS-only only approach is probably the issue here. If the runway its using doesn't have ILS then it only has the GPS fallback. If there's no ILS and no GPS, then I would expect issues.
This last comment in this forum points to GPS interference issues with the GFC700 that sounds significant. Sounds like the GFC700 is susceptible to GPS issues and because this is a corporate jet and may be landing on a privately owned airstrip, it may be the case that there's isn't any ILS or unreliable ILS at those strips. Unreliable/non-existant ILS and a wonky GPS? Yeah, an autoland procedure could be fatal in those circumstances.
The development of these weapons probably has some influence on the Navy's decision to bring back celestial navigation.
Come to think of it, I don't think I even own a compass.
Aren't there relatively isolated places where this could be tested with much less risk? The middle of the South Pacific? The Australian Outback? Or even Northern Canada?
There are still vastly less-densely populated areas of even the continental US.
If you have an iPhone or (nearly any) Android phone, you have a compass.
If your android compass took a hundred readings a second and gave you a rolling average of the last two seconds, that would probably be better...
(note, just a theory, but one that seems consistent with my observations)
Can't average out your readings unless they have a magnitude...
In that case somebody in the phone's hardware design department must just be dumb.
There are rumors that the 747's sextant port fit a hose pretty well, and could be used as a nice vacuum cleaner while at altitude.
The "vacuum hose on the sextant port" thing sure sounds like an urban legend. On the other hand, it also sounds like the sort of thing some of my old pilot friends would try.
You could have a test setup bringing GPS inside the cage with coax+circulator or radiate a GPS constellation simulator inside to test the jammer.
At least my $50 smartphone has one
The FAA flight advisory provides the coordinates and the nature of the GPS signal disruption, which is centered near China Lake, and has expanding rings of area, each of which rises in altitude. For the pilots out there, imagine the classic upside-down wedding cake shape. Or cone with its point at the ground.
This would seem to indicate some kind of broadcast or interference from a source that is located at the ground, propagating line of sight with larger radii with altitude. Rather than something to do with the satellite itself.
The center of the coordinates are 360822N, 1173846W, which is in a big empty desert area, just south (SSW of Darwin, California), see here: https://www.google.com/maps/place/36%C2%B008'24.0%22N+117%C2...
It could of course be some kind of antenna, or even a flight that is producing this signal. But there's also an interesting long V-shaped two-legged testing(?) facility just to the east of these coordinates, which you can see in the Google Earth image. I might be mistaken about what that facility is, because aeronautical sectional charts also show a mine in that area, but this doesn't look like a mine site. Also there are a bunch of vehicles that look like Humvees on the pad nearby. And there are three antenna looking structures at the north end of the paved line.
Anyway, it's interesting to speculate about.
However, the farther west of the two seems to have a small structure made up of shipping containers or similar portables. This looks more like a setup for explosives testing, which you can see more of to the NNW. I'm not sure what to make of it besides to speculate that it could be for RF shielding.
Like most military ranges of its size, though, China Lake's back lot is full of so much miscellany that it's hard to know what's even from this decade, much less what anything is for. The structure you point out is fairly new, built since 2007, so it's a good bet it's still for something current.
That said I find it very unlikely they would have provided particularly accurate coordinates for the NOTAM. They probably used the geographical center of the range's northern part or something similarly unhelpful but justifiable.
Noob question here: what kind of coordinate system is that? I know the degrees, minutes, seconds one (51°30', 005°09') and the nowadays more common decimal degrees (e.g. 51.5,5.15), but not this big number.
Edit: Also, for those who don't like Google Maps because it's slow or just because it's Google: http://www.openstreetmap.org/search?query=36%C2%B008%2724.0%... or http://binged.it/24xCR6D (I would use the long link but I can't link to satellite imagery -- the only thing bing maps is good at).
As a foursquare/swarm user myself I would be quite pissed off by my OCD if I cannot check in to places I go haha.
If you are on the ground you will presumably be sheltered by intervening obstacles (building, hills, the earth) while a plane in the air (or anyone else significantly above ground level) may have line of sight to the source of whatever is going on.
Useful if you want to avoid disrupting ground travel. It probably gives significant cloaking benefits too if you can limit effective signal source discovery to airborne platforms with all the right equipment -- much more difficult to dig up than something ground-based.
But I'm still confused by your explanation about how GPS jamming can avoid affecting areas below 5000 feet.
I can imagine two ways that the jamming could work:
(1) You're jamming the GPS receiver. An analogy would be shining a laser pointer into a photographer's camera. You're overwhelming the receiver so he can't receive the signal, but you are not actually modifying the original signal. This seems to fit your explanation.
(2) You're blocking or modifying the actual GPS signal. The analogy here would be spreading out a huge curtain in the sky at an altitude of 100,000 feet to block out the sun. Aircraft flying at 50,000 feet won't get any sunlight. But neither will people on the ground. Your explanation does not seem to work in this case. You can't block sunlight at 100,000 feet without also blocking it for people at ground level.
What am I missing here?
For a ground-based jammer, if you're at some distance from it then the lower you are the less jamming you'll receive because stuff gets in the way. At some point the strength of the jamming signal isn't enough to prevent you from picking out the real signal.
The jamming sender(s) could be flying as well. If you only send upwards from a flying plane, you obviously won't jam receivers below it.
and/or the areas where you can receive it below 5000ft are inside restricted airspace. There is a lot of that around China Lake, but I don't know if they just can't tell you about issues in there. I'd expect so though, given that they do all kinds of exercises in there that all would need an extra warning otherwise. (EDIT: but the sizes/the angle of the cone don't look as they'd work out for a sender on the ground, unless they added massive safety margins)
Or they are doing something clever with multiple senders, and below 5000 you can't receive the signals overlapping in such a way that actual jamming happens. Not sure if that would work in GPS frequency ranges though.
Why? Can't you put a sender on the base of a plane?
Where did they announce this? The NOTAM linked from the parent article is still on the FAA website and clearly says GPS may not be available between 50 Ft and 40,000 Ft. (NB I am not confusing FL 50 for 50 Ft)
I was reading an article on Gizmodo that originally said 50ft, then they "corrected" it to 5000ft, and then corrected it again to 50ft. Serves me right for relying on Gizmodo rather than reading the official FAA site.
 http://www.govtslaves.info/faa-warns-of-gps-outages-this-mon... [this is someone's capture of the incorrect Gizmodo article where they said 5,000 ft]
(I have no idea how any of this would work.)
As for 50ft and up, I think - mind, think - that NOTAMs are limited in scope to issues not on the ground; hence, 50ft and up is just a way to let pilots know the problem persists at any altitude; you will not see a NOTAM referring to something at sea level.
Again, I /think/ this is why it is worded the way it is, but I am not a pilot.
Last one looks to have been May 22-23 in Louisiana, with another one from June 1-30 in New Mexico.
The Coast Guard is the middleman for the DoD, obtaining FAA approval for the tests and coordinating shut down of the tests in emergencies.
Most consumer units can see both networks these days, however aviation tech is known to lag a lot in such matters.
(Well, "impossible" – the original EU plan was to reuse the same frequencies the US and Russia use for military GPS and GLONASS for GALILEO’s civilian use, but the US threatened some embargo, and so GALILEO isn’t the awesome thing it could have been)
The FAA hasn't approved any IRU for ADS-B backup.
More importantly, ATC can use the Mode-S transponder without GPS to locate the aircraft. Secondary Surveillance Radar won't be phased out in 2020. ADS-B will be required by the FAA in 2020.
I highly doubt that good old-fashioned radar will be shut down. It has to be, anyway, for all the planes either that don't have the equipment for IFR, and the pilots which are not certified for IFR, only for VFR.
Of course, VFR flights can continue flying VFR if GPS shuts down, but IFR flights wouldn't have that option.
Why on earth do data centres need to spend money on duplicative, irrelevant RAID-1 disks?
A lot of weapons testing takes place at China Lake (where the disruption will originate from), including missiles and guided bombs that use combination GPS and inertial guidance systems.
They're probably testing various weapons systems' ability to continue to function in the face of GPS jamming.
No but seriously, the fact that we don't have a backup for when GPS inevitably shits the bed sometime in the future is a fundamental existential threat to mankind. We should probably do something about that.
I'm not sure how you can test such things not in the production environment. The early development was done with the transmitters on airplanes, but i would guess that the jammability can't really be tested that way.
On a more serious note, I'm excited to see what happens to the NTP pools in the area, since GPS is often a timing source for them. It should be a non-event, but it could get interesting.
Oh, and what happens to CDMA cell towers that use GPS to sync? Do they go off-line?
(You really need GPS or some other precision time transfer mechanism for long-term accuracy, though ... there's no getting past that.)
And why southern california? Alaska, the pacific... northern Canada ... there are lots of lower-traffic areas. We aren't getting the full story.
Tests may be repeated on June 7, 9, 21, 23, 28, and 30, between 9:30a-3:30p.
As a best case scenario I'd still file that under "wrecking havoc"
Seriously though, who thought this was a good, or safe, idea?
You can't jam a signal in the air, all you can do is transmit a jamming signal towards where the receiver should be. And if the receiver is on the ground, out of your line of sight, then you can't do anything about it.