Hacker News new | comments | show | ask | jobs | submit login
Malaysia Airlines flight MH370 makes it clear: we need to rethink black boxes (theguardian.com)
166 points by timw6n on Mar 9, 2014 | hide | past | web | favorite | 165 comments



I'm seeing a lot of armchair criticism aimed at the air travel industry about how these aircraft should be able to be tracked more effectively given "modern technology" and they reference things like broadband in cars, WiFi on flights, etc.

What they seem to ignore is that many of these things only work effectively on land in populated areas. Drive your car out to the South China Sea and let me know how well the in-car broadband works and if you are able to send and receive an SMS using your phone.

There was an article on reddit questioning why we can track a rover on Mars but not a commercial airliner on Earth. Our ability to track something is a lot easier when things are going right. When something catastrophic happens, whether to a 777 out over the ocean or a rover on Mars, suddenly tracking the objects becomes a lot more difficult.

That said, perhaps there are technological innovations that could allow us to more easily pinpoint and track black boxes from downed airliners. I'm just not sure what they are. Any ideas?


In both Air France 447 and Malay Air MH370, local authorities found traces of crash / wreckage within 1-2 days.

People don't fully appreciate how difficult it is to find anything in the middle of ocean when there's no visual trace.

Even if you can narrow down the point of impact within a few square miles, you won't know for sure until you get underwater equipment. When you're dealing with deep underwater recovery, all bets are off.

I think low-tech solution would be effective. Perhaps install a few dozen chemically activated florescent devices throughout the plane that would float.


It's difficult even on land. I recall an accident that involved a twin engine light aircraft that vanished in the middle of the night in Alaska perhaps 20 years ago.

Search parties searched for quite some time, but gave up. Five years later, the plane was found in the woods some 100 meters away from a fairly frequently traveled two-lane road.


Forget Alaska, there are crashes in Nevada which haven't been found after decades.

A large airliner would be easier to find on land though - just look for the glow.


Aside from Alaska (which has some radar limitations due to the terrain) I'm pretty sure none of those accidents occurred after coast-to-coast radar coverage came in to force in the continental US.

Believe it or not until 1973! there were massive land-based lighthouses all across the United States that would illuminate the aerial pathways that aircraft would use to get across the United States.

http://en.wikipedia.org/wiki/Airway_beacon


Steve Fossett died in 2007, flying just outside NV. http://en.wikipedia.org/wiki/Steve_Fossett#Death


"By September 10, search crews had found eight previously uncharted crash sites,[54][55] some of which are decades old,[56] but none related to Fossett's disappearance."

Wow.


He was found a year later not decades later.

To be clear though: I was talking commercial operations which generally operate above the radar plane. I'm not even sure how/if Fosset's plane would appear on radar as he had no ADS and he didn't file a flight plan which means he was in class G or possibly E airspace on a VFR mission (very low altitude).


Yes. It took two years and multiple teams (including submarine) until Titanic team came and found the blackbox and the remains of the aircraft deep on the seabed.


local authorities found traces of crash / wreckage within 1-2 days.

Yeah, but our attention spans only last about 12 hours! You expect us to wait that long!?


Aren't satellites an obvious choice for this sort of thing? The link doesn't need to have the kind of low ping you expect for online games, and for low-latency communication they can use radio/radar - but that seems like it would have enough bandwidth for black-box style data, wouldn't it? Or does satellite communication generally suffer from problems with cloud cover, etc, even at the altitudes commercial airliners fly at?

Though, once the black box is in the ocean with the rest of a plane's wreckage, I can't imagine satellites would help :)


I pointed this out somewhere else, but satellites aren't particularly helpful because you won't be able to transmit to them when you most need it, which is when there are problems with the plane. It's still highly likely that you're still going to end up with planes going 'off the grid' so to speak.

You could lose power, stopping you from transmitting telemetric data. Or there could be a cabin depressurization or breach that cuts off the antennas (or destroys them entirely). I'm not denying there are benefits to streaming telemetric and flight data continuously for non-major mechanical failures and general analysis - but when we're talking about a catastrophic event that brings down a plane?

In such an event you're going to be sending people to look for the wreckage anyway. Whatever data you're streaming isn't going to tell you the whole story - it'll end up looking exactly like the data does today: perfectly normal, and then nothing. I can see that in a 24 hour news cycle people want to know what happened when it happened. It perhaps understandably freaks people out to learn planes can just 'disappear' without explanation. But streaming telemetric data isn't going to help with that, because the only way we can stream such data over oceans (which make up most of the world's surface area) is with satellites, and they're simply not reliable enough for it to be worth anything.


> because the only way we can stream such data over oceans (which make up most of the world's surface area)

I think this hits an important point that's lost in the media scuffle that inevitably ensues.

Because modern travel has made the world so much smaller, most people have a difficult time trying to fathom precisely how vast the oceans are and that we base our notion of coverage on what familiarities surround us--that is to say: land.


Real time telemetry via satellite could definitely be useful in some situations. The Air France crash could have been prevented if somebody on the ground had taken a look at the data from the plane, realised that the junior pilot has been pulling up the whole time, and made the crew aware of it. That was one of the worst crashes in history and there was never even a problem with the plane. All they needed to save the flight was for somebody to point out that the plane was stalling due to a bad control input by one of the pilots.

There are certainly cases where the telemetry link would fail as the aircraft ran into trouble, rendering it useless, but there are undeniably cases where it could save hundreds of lives


That's demanding rather a lot from a human on the ground.

The Boeing (and I'm sure others) design philosophy is "unsynchronized joysticks ARE A TERRIBLE IDEA", and if Airbus and Air France had use the normal synchronized yokes, the problem of the brain wedged junior pilot would have been quickly apparent.

Can you think of other examples?

BTW, it's guessed that iced up pitot tubes caused the autopilot to disengage.

You're also assuming the pilots would listen to a kibitzer from afar while struggling to fix their plane. Plus a hell of a lot of expensive technology to support all that. And expensive kibitzers looking over the pilot's shoulders, which the latter wouldn't like.


I agree that a better fix would have been to have synchronised joy sticks, but that doesn't negate the usefulness of telemetry

I'm aware that the pitot tubes iced over, but they de-iced long before the point of no return

And I bet the pilots would have listened to a 'kibitzer'. The senior pilot actually told the junior one to stop pulling up, knowing it would cause problems, and would presumably have taken control more forcefully if he'd been aware that the junior pilot had resumed pulling up after bein asked to stop. He just didn't know. Better communication, syncd joysticks or telemetry could all have helped make him aware of that.


Presumably you've read the story of what went on in the AF 447 cockpit - do you suppose adding one more voice to the cacophony of warnings would really have helped? Two seasoned pilots that were in the cockpit didn't fully realize what was happening - there's no guarantee a remote overseer dealing with incomplete and inconsistent data would have either.


> That was one of the worst crashes in history and there was never even a problem with the plane.

There were many problems with the plane, including the physical one of the pitot tubes freezing up (despite heating elements installed to prevent that), and the software and design problems relating to silent disengagement of parts of the auto-pilot, silent transfer to different flight modalities by the auto-pilot, and poor affordances in the physical user interface itself.

Certainly the subsequent pilot error did not help, as the flight would have been recoverable if proper action had been taken, but it wasn't just the pilots either.

Either way if you think some random shore sider would have been able to identify the exact pilot fault and clue them in within time parameters even with the inherent latency of satellite comms you more faith than I do.


> There were many problems with the plane, including the physical one of the pitot tubes freezing up

Not many, a single problem actually. Plus, the plane was not crashing after the issue occurred and the autopilot was off. The crew misinterpreted the signals and did not pay attention the Stall alarms repeatedly. The plane was flying fine even without the autopilot, it's a case where the crew actually crashed the plane by themselves.


a) Nobody on the ground knew AF447 was in trouble. The aircraft never broadcast a declaration of an emergency.

b) Even if there was telemetry that sent the aircraft control inputs and instrumentation to the ground, with thousands of aircraft in the air, nobody would have been watching AF447's telemetry, waiting for Something Bad to happen.

c) It was about four minutes between when the aircraft got in trouble and when it impacted the ocean. Even if the aircraft declared an emergency and someone was able to pull up the telemetry for that flight, it is highly unlikely they would have been able to identify the cause before the aircraft impacted.

Ref: http://visual.ly/air-france-flight-447-crash-timeline


So ask yourself why it never broadcast a declaration of emergency - the autopilot had disengaged due to an instrument malfunction, which should have generated an automated broadcast on the spot. Then somebody could start monitoring the telemetry from the the one (or five, or some other low number of planes) that were in trouble of some sort.

It would also be quite simple to be running a bunch of automated tests on the telemetry from every plane in the sky and flagging anything out of spec. AF447 fell into the ocean. It's pretty fucking simple for a computer to monitor the altitude of a plane and say "one of your planes has significantly deviated from it's target altitude".

And "highly unlikely they would have been able to identify the cause" seems highly unlikely. The plane was stalled, and somebody was pulling up as much as possible. Is it really hard to imagine a pilot on the ground being unable to spot what was going on?

Even the captain on board figured it out quickly once he was summoned - the problem was flagging the issue/asking for help was done solely at the pilots discretion and they chose not to tell any body what was going on until it was too late


> It's pretty fucking simple for a computer to monitor the altitude of a plane and say "one of your planes has significantly deviated from it's target altitude".

Look, read the AF447 case again and the reports of what happened in the cockpit! The pilots were not EVEN listening to the different alarms being triggered in the cockpit and did not realize that they were in danger no matter how many instruments they had indicating major issues in front of them. In such situations what would make you think they would give a shit at what an automated message coming from a land operation would tell them ?


If a pilot on the ground had checked the telemetry and seen that a) the plane was stalled and b) the elevator was at max deflection, he would have asked why that was the case and the pilot who wasn't in control would have realised what was going on. We aren't talking about giving the flight crew another automated message or bombarding them with unwanted input, just allowing somebody in a more sterile/low stress environment to monitor the telemetry for obvious problems

Sometimes a fresh opinion, or some input from somebody who is removed from the situation, is all that you need to set you on the right track or break an assumption that you were incorrectly holding.


The accident occured in minutes, there was no time for a potential operator to do anything about it anyway. Too many "if" in your scenario to make it sound plausible.


> The Air France crash could have been prevented if somebody on the ground had taken a look at the data from the plane, realised that the junior pilot has been pulling up the whole time, and made the crew aware of it

There are something like 10k commercial flights in the air at a given time around the world. How would that somebody on the ground know to look at that particular plane's telemetry?


This is the least difficult part of the whole scheme. A program looking at all incoming data and picking out extraordinary data (in AF 447's case, for instance the stall warnings) to flag for a human operator to inspect would help greatly. There'd be a lot of false alarms but still vastly less work than looking at telemetry of every plane ever. (And even if - 10k is around the number of employees of one mid-size airport - hardly undoable if you wanted.)


> A program looking at all incoming data and picking out extraordinary data (in AF 447's case, for instance the stall warnings) to flag for a human operator to inspect would help greatly.

Look at what happened in flight AF447. Everything occurred in a matter of minutes. Even if what you mentioned were to be in place, there would be virtually no time for an operator to do anything about it. And probably such operators would have to go through textbook questions because such regulations would be imposed on them by the FAA.

That's why we have several pilots in every aircraft, to mitigate the risk of human failure. Having more operators outside of the plane are not going to help much. If you want to put more engineering power, it's more software in the plane that is the right way to go for safety, as demonstrated so many times before.


There are millions of web page changes on the Internet every day. How would a Google engineer know to look at one particular page to update the index?


By constantly comparing incoming data to known-good historical flight data and flagging instances that fall outside the norm?


But if you were broadcasting location and velocity at all times, even if an aircraft lost power, you could project where the "unplanned water landing" would occur. That seems helpful.

I wonder if Google's Project Loon [1] would be of any use here.

[1] http://www.google.com/loon/how/


The problem is that accident events (or events leading to an accident) happen in real time, and the flight recorders record a lot of data from the flight controls and instruments. As others have pointed out in the comments for another story, what happens if their aircraft's orientation occludes the antenna or something breaks off? From what I've read of most accidents, the recorders work quite well and often continue working until cables are severed (in which case satellite communications wouldn't work either), in-flight fires consume the aircraft, etc.

Technology will unlikely replace flight records, which have a proven track record (provided they can be found... but not as many have gone missing as you might think), but it can certainly augment it. I still don't think it's as good a solution to the "real time" problem as having the recorder on board the accident aircraft itself.

Edit: Sibling comment from objclxt incidentally is the same user who illustrated the problems with satellite communications I alluded to. See objclxt's comment history for details.


Iridium?

http://en.wikipedia.org/wiki/Iridium_satellite_constellation

Beam up some coordinates every minute from an Iridium phone strapped to the roof. Pair it to an iPad to get those coordinates.

Maybe have a second phone/ipad strapped onto the underside too just in case the plane ends up flying upside down.


Flightradar24 has a fantastic primer on what tech is used to track aircraft, and what it's limitations are: http://www.flightradar24.com/how-it-works


We can and do track aircraft through several systems: ACARS, ADS-B reading position info through GPS (and others)

Wifi and cell-phone have speed limitations (receiver transmitter), also, they are not adequate for something flying 500knots at 35kfeet

However, it is true that systems could be upgraded and offer a bigger bandwidth (within a certain limit)


> There was an article on reddit questioning why we can track a rover on Mars but not a commercial airliner on Earth.

We have billions of dollars of equipment focused on tracking that rover, and we still lose contact with it sometimes.


we lose contact with the Mars Rover by design. There's a 3 hour window of communication each day. Outside of that window, the rover is on its own.


Billions, really? Excluding the equipment used to send the rover to Mars?



as i mentioned below, some engines already send flight data to satellites. ironically some of these newer engines also have much higher failure rates.

http://www.independent.co.uk/news/business/news/airbus-engin...

http://atwonline.com/engines/final-qantas-a380-engine-failur...

http://www.rolls-royce.com/about/technology/systems_tech/mon...


The planes are traveling 8 or 9 miles a minute. If it goes down mostly intact (i.e. not a lot of debris), there's a lot of ocean that you'll need to search. Personally, I'd feel better if the plane simply pinged its location every few seconds to a satellite so rescue teams know immediately where to look. Btw, what's the transmission range of a black box? If it's 10,000 ft down, how close do you have to be to hear it?


> Btw, what's the transmission range of a black box? If it's 10,000 ft down, how close do you have to be to hear it?

Apparently 2-3 kilometers according to [1], which I found in the comments from here [2].

[1] http://www.hydro-international.com/issues/articles/id1098-Ai...

[2] http://www.aticourses.com/blog/index.php/tag/side-scan-sonar...


So, if the plane is traveling at 13 km a minutes and you have a 20 minute window, it's going to take a long time to find it.

Doesn't the technology exist to detect low power signals from a much greater distance? The US military must be able to do it?


The black box pinger isn't really designed to locate a crash site, IIRC, it's to locate the black box within a crash site that could cover several square kilometers.


I'm more surprised that there isn't a single (imagery-related) satellite that would, over the last 24 hours or so, have taken imagery (or been able to be re-assigned to do so) of the area(s) of interest.

If for nothing else than to rule out some areas / possible outcomes... But yeah, very far out of my realm of expertise, though I do hope to finish my PPL fairly soon & am an avid AVHerald & LiveATC follower! :-)

http://www.liveatc.net/forums/

http://www.avherald.com/


You can look at Landsat imagery for some of the search area http://www.geosage.com/Special/Landsat8_Flight370.pdf


> Doesn't the technology exist to detect low power signals from a much greater distance?

The pingers are sonar (well, sonic, but detected with sonar), with all the limitations that implies.


I'm not convinced by your argument. I'm not sure what you mean by 'something catastrophic happens'. 'Something catastrophic' is the result of a certain chain of events. Telemetry data about those events can be sent before they lead to 'something catastrophic' that makes it impossible to send anything further. It is not as if the plane hits a meteor in mid flight and everything suddenly explodes with no prior indication of anything going wrong. And even if that's the case (as being accidentally hit by a missile during training - this happened before) - the lack of telemetry will also tell us something.


I'm not thinking of meteors when I describe a "catastrophic" event. I'm thinking of a fuel tank explosion like TWA Flight 800 or a missile hitting the plane or a bomb in the cargo hold going off or a stress fracture on the fuselage causing an inflight breakup. None of which have been ruled out on the Malaysian flight, I should add.


Those "catastrophic" events represent a tiny percentage of flight crashes, and a black-box wouldn't help to properly diagnose them either. Your argument still doesn't make sense.


There was another snippet from the article which was interesting.

> A recent patent application filed by Boeing describes such a system, which specifies a limited data set including the precise location of the aircraft and the flight control inputs by the pilot or the automation system.

Clearly, Boeing themselves are thinking towards continuous tracking of a flight.


> There was an article on reddit questioning why we can track a rover on Mars but not a commercial airliner on Earth.

We can track any commercial airliner on earth, but not under 5 Km of water.


I totally agree with making black boxes more advanced to phone home and such, but this line annoyed me:

"Your iPhone is more powerful than the evidence-collecting computers in the cockpit. Simple changes could mean faster answers for plane crashes"

You're talking about the black box for a airline jet. This thing is supposed to survive plane crashes; not just being dropped a meter off the floor, but smashing into the ground going 100's of meters per second. The design constraints in those conditions include, assuming the plane is now a ballistic fire ball smashing into the ocean: operating temperature well above even industrial components to survive the fire, mechanical strength to withstand hundreds if not thousands of g's during impact (at this speed the ocean is the same as solid rock), and then float in the freezing ocean for days if not weeks until it is recovered. I'm not sure if black boxes are guaranteed to float or not, but if they are designed to sink, they must then withstand tens of atmospheres extra pressure for a sustained period of time.

The secret is that smartphone processors have been more powerful than safety critical processors since their inception with the IBM Simon [1]. The RAD750 [2], NASA's only "current generation" processor, began to fly in 2005 with a whopping single core with a 110Mhz core clock and an older manufacturing process than that of processors used for early 2000's era smart phones. When technology is moving so fast that Intel is building a new multi-billion dollar factory every few years, safety critical device designers don't give a shit about how fast they are. They care that they can get a level of confidence in the stability and reliability of the processor, that it has years of data on life time, and then that it can be manufactured by an array of suppliers. That cannot be guaranteed by cutting edge technology, no matter how many bits or fancy virtualization features you throw at it. For the black box, this means every component in the design must survive and operate (an IC can survive the hundreds of deg C in a reflow oven but it sure as hell won't work if you send current through it) at or close to those conditions.

[1] http://en.wikipedia.org/wiki/IBM_Simon

[2] http://en.wikipedia.org/wiki/RAD750


Replacing black boxes is not a good idea. Black boxes work when everything else has broken. We trust them to report when unimaginable edge conditions are breached.

We should instead supplement our sturdy but silent black boxes with a chattier partner. The new device would not survive a catastrophic breakup. Nor would it receive the omniscient breadth of data trusted to a black box. Instead, it would (1) receive a subset of flight data (e.g. location, alerts, and pilot inputs) and (2) immediately send them to a ground-based datacentre. These data would back up air traffic controllers' radars in real time. They would also assist in locating fallen planes and their more comprehensive black boxes.


> We should instead supplement our sturdy but silent black boxes with a chattier partner. The new device would not survive a catastrophic breakup. Nor would it receive the omniscient breadth of data trusted to a black box. Instead, it would (1) receive a subset of flight data (e.g. location, alerts, and pilot inputs) and (2) immediately send them to a ground-based datacentre. These data would back up air traffic controllers' radars in real time.

It seems to me you've described ADS-B[0], which this plane had and which will become a requirement in US and EU soon. Looking at sites like flightradar24.com, which use ADS-B data, it would seem most airliners already use it. The only difference from your requirements is that ADS-B doesn't broadcast any information about pilot inputs.

According to records from one of the sites which use ADS-B, the signal from this plane just stopped [1]. This could have happened because of a severe failure in flight, or maybe because the plane descended below cruising altitude which happened to take it out of receiver range. In either case, it shows that the proposed scheme would be of limited use and it might not have helped in this particular case.

[0] http://en.wikipedia.org/wiki/Automatic_dependent_surveillanc...

[1] I'll search for the source when I get back to my computer. It was discussed in /r/aviation.


What he's describing is closer to ACARS, which already exists but has very low bandwidth.


> You're talking about the black box for a airline jet. This thing is supposed to survive plane crashes; not just being dropped a meter off the floor, but smashing into the ground going 100's of meters per second.

Just so everybody understands, here are the specs advertised by Honeywell Aerospace for the type of box on e.g. AF447 (the Air France flight which crashed in 2009):

    Advanced Recorder (AR):
        available as
            Cockpit Voice Recorder only (AR-CVR)
            Flight Data Recorder only (AR-FDR)
            Combined Digital Voice and Data Recorder (AR-DVDR)
        - Underwater Locator Beacon (ULB).
        - voice recording duration: 30, 60, 120 minutes.
        - data recording: 10, 25 hours.
        - Height – 6.1 inch; Width – 4.8 inch; Length – 9.49 inch;
        - weight: 8.8 pounds.
        - designed for data recovery even if subjected to
            * Impact Shock – 3400 G, 6.5 milliseconds
            * Penetration Resistance – 500 lb weight drop from 10 feet
            * Static Crush – 5000 lbs, 5 minutes
            * High Temperature Fire – 1100°C, 60 minutes
            * Low Temperature Fire: 260°C, 10 hours
            * Deep Sea Pressure and Sea Water/Fluids Immersion: 20,000 feet, 30 days


How can something only survive under 20,000 feet for 30 days and not 60, or a year. 30 days is a long time.


It can and most likely will (the AF447 black box was retrieved after almost 2 years at ~12500ft). That's just the speccing, the warranty if you will.


All this is true, but perhaps we should also be exploiting cheap and redundant systems that leverage more up-to-date technology, eg multiple lightweight pods that are designed to eject automatically under certain circumstances and consist of a battery, the same sort of technology you'd find in a typical satellite smartphone, and a small parachute - something you could build with a unit cost under $5k, which you could easily make back without a drastic impact on ticket prices. If you deployed, say, 20 of them automatically during a catastrophe, odds are that a few of them would survive.

I'm not disputing anything you wrote above, but right now all our eggs are in two very expensive baskets (FDR/CVR). When a plane goes mssing you want to pinpoint the location of the crash ASAP and get some telemetry as a second priority. The existing systems are great but could we not also benefit from some cheaper and simpler systems that didn't rely on being bulletproof?


> "eg multiple lightweight pods that are designed to eject automatically under certain circumstances and consist of a battery, the same sort of technology you'd find in a typical satellite smartphone, and a small parachute"

So you've replaced a single point of failure (failure of the recording device) with 4: failure of the ejection trigger, failure of the ejection mechanism, failure of the parachute, and failure of the (significantly weaker) recording device.

The point of a black box is that it's an when all else has failed device - there are extremely few assumptions you can make about such a situation, so the correct move is to design as conservatively as possible. The plane could be gliding. It could be a raging fireball. It could be missing a wing. It could be about to crash but all the sensors still think everything is just great.


No. I want to keep the existing systems and add another system that's sufficiently cheap that it it can have a 95% failure rate and still be economical.

I mean, here we are after 3 days and none of the surface vessels can find the possibly-debris stuff seen from the air earlier today. I don't have a design for a foolproof system and am under no illusions that the existing 'black boxes' could be easily replaced, but the existence of commodity-cheap sensors, processing, and communications technology mean we can afford massive redundancy.


Isn't anigbrowl suggesting supplementing the black boxes rather than replacing them?


Don't be dense. That's not what at all he said & your math is all wrong.

The existing black box is not a single point of failure. The big question is finding it ... that's what this whole concern has been over (and, since you missed it, why I joshingly call you dense).

Anig also clearly stated that there would be 20 of these, operating in parallel. Your math is wrong because you ignore his central argument.


Totally agree. This article smelled ignorance in every single line, and saying Your iPhone is more powerful than the evidence-collecting computers in the cockpit. Simple changes could mean faster answers for plane crashes is akin to complaining that my TI Calculator in the 80s was more powerful that the Voyager's probe processor. Different purposes, different specs, different constraints. The person who wrote this piece is definitely not an engineer and has no scientific background whatsoever, as far as I can tell.


Fun fact, Voyager launched before the first RAD hardened CPU [1] processor was available and the Voyager electronics are more akin to a ton of expensive FPGAs and ASICs that have a bunch of error correction and redundancy.

[1] http://en.wikipedia.org/wiki/RCA_1802


Exactly. Safety-critical applications by nature have to be risk-averse, and that means anything new, anything that hasn't been thoroughly tested and backed by years of experience, is an unacceptable risk.

Older processors constructed on older large-size processes and often operating at higher voltages and slower clocks are more robust because they have a smaller number of transistors, which means a simpler more predictable model of error propagation; larger features mean lower current densities, increasing resistance to electromigration and decreasing the chances of defects from natural process variation; higher supply voltages reduce the effects of noise; slower clock rates allow more time for noise-induced glitches to settle instead of propagating.

One of my favourite examples of this is the CDP1802 - an 8-bit CPU from the mid 70s, which is still in production and use today in aerospace applications.


Someone replied quoting the "curse of knowledge" wiki article and deleted their reply.

With regards to why video recording FDRs aren't in place, look no further than the FAA [1]. The original request from the National Transportation Safety Board (in pdf) from 2000 is also available [2] although I'm sure the issue has come up since then. However, the FAA doesn't govern Malaysian aircraft except when they fly to the US (I'm guessing 777s were up to code though)

[1] http://www.ntsb.gov/safetyrecs/private/history.aspx?rec=A-00...

[2] http://www.ntsb.gov/doclib/recletters/2000/A00_30_31.pdf


But do they really need to "operate" under these harsh conditions? They need to preserve the recorded data (which AFAIK with a suitable magnetic storage requires no processing power and no energy, just ability to stay mechanically together) and to do something to be found - like send GPS coordinates out on exceptional event and/or a loud radio ping that can be located by search teams after the crash. That shouldn't be that hard to do? Or am I missing something here?


A plane can be on fire and in flight simultaneously. If the compartment the blackbox is kept in is on fire or near the hotspot you don't want it cutting out too soon.

Blackboxes are equipped with a sonic and radio location beacon. Because of the remote locations they have to work in battery life is measured in days and hours since they have to send out a fairly powerful signal using the weakest antenna configuration.

GPS is out of the question for the moment. It requires a power hungry DSP and signal amplifier. Even now, most smart phones use the GPS occasionally then supplement that information with the accelerometer (ie, dead reckoning for smartphones).


>>> battery life is measured in days and hours since they have to send out a fairly powerful signal using the weakest antenna configuration.

They don't need to send it continuously, so I wonder why it is only hours. Sending a loud short ping once an hour shouldn't consume too much energy. Of course, I don't know enough about radio physics to know if it'd be enough, say, if it is 1km underwater - that may be a problem. Maybe supplement it with acoustic ping too?

GPS is not needed continuously too - it can record last reading, say, before high-g acceleration event and then let the GPS unit be destroyed, burned, starved of power or whatever happens to it. I.e. continuous GPS is needed only when everything is OK and the device is connected to the plane's powerplant - once it is disconnected, record last known GPS and shut down everything - we're in trouble, so the only task for it now is to scream loudly until it is found.


The "old manufacturing process" is mostly related to space radiation hardening - the smaller the structure size, the easier it is for the background radiation to cause bit flips.


> You're talking about the black box for a airline jet.

No he's not. He's talking about the "evidence-collecting computers in the cockpit" that send the data to the black box.


> He's talking about the "evidence-collecting computers in the cockpit" that send the data to the black box.

No, he's saying that collecting the black box is a pain in the ass so there should be a permanent data link to ground.

Plus his whole premise is wrong, as there already is one: http://en.wikipedia.org/wiki/Aircraft_Communications_Address... there just isn't enough bandwidth to send much more than basic systems failure data. Certainly not enough to send the kind of information stored in the black box, and not until the final moments of the plane either.


No, he's talking about "evidence-collecting computers in the cockpit". I know that because that's a quote from the article. You can tell that because I used "quote marks".

He also says that there should be a permanent data link to ground. At which point you say (paraphrased), "there is one, except there isn't".


> No, he's talking about "evidence-collecting computers in the cockpit"

No, he's mentioning them. He's not talking about them. You could know by having read the article and noted he says nothing about them outside of the subtitle.

> At which point you say (paraphrased), "there is one, except there isn't".

The actual paraphrase would be "there is one except physics". There is a link, it can't magick reliability which does not exist when the computer is a flaming ball of debris in a storm. His proposition boils down to "magick up a reliable connection and send a subset of the blackbox data over it" (note the part where changing anything to "evidence-collecting computers" figures nowhere in the proposal?)


> No, he's mentioning them. He's not talking about them.

Yes he is, in the part I quoted. That's the part I'm talking about, which is why it's the part I quoted. Learn what the word "context" means. It's the part that the comment I was replying to quoted. Try and keep up.

> The actual paraphrase would be "there is one except physics".

Use the existing wifi connection to send additional information that at least would give you the location of the plane to the nearest kilometer. There are no laws of physics that prevent this.


> Yes he is, in the part I quoted.

No, he's not talking about these systems.

> Use the existing wifi connection

The fuck are you talking about, planes don't have wifi connections. Do you think they've got a a wifi antenna outside connecting to an AP on land?

> to send additional information that at least would give you the location of the plane to the nearest kilometer.

That already trivially fits in the ACARS, and is completely useless since it's available from radars in the first place, until radar and data links become unavailable.


> The fuck are you talking about, planes don't have wifi connections.

Yes they do. I'm talking about the connection that is used to provide wifi to passengers on the plane. It's a satellite connection.

If the location is available, how did they lose the plane?


I love how the article compares a black box to an iPhone.

A flight data recorder is one of the worlds most indestructible pieces of technology, whose main function still works having been smashed into the land, undergone a fireball, or dropped to the bottom of the sea.

An iPhone breaks when you drop it from three feet and becomes little more than an expensive piece of junk (as do all modern, touchscreen smartphones).

Good luck getting a satellite or cell signal a few fathoms under the sea, near no cell towers.


I agree. The fact that they pulled a black box up from the bottom of the Atlantic after sitting on the bottom of the ocean for two years show how durable those things are.


This plane, like most other commercial jets, already had ADS-B onboard which transmits quite a bit of flight data. This is where most of the data on flightradar24.com comes from. In the case of the Air France flight it was way out in the ocean away from ADS-B receivers. There is already a plan to include ADS-B receivers on more satellites to help the ocean coverage problem.

None of this solves the issue of sorting out what happened during a catastrophic failure. It's likely any transmission based system will fail is such situations. The only reliable way to have real time information is to use external sources, e.g. high resolution radar covering every point on Earth, that isn't cheap nor politically easy.


Agreed. And ADS is mandated in commercial aircraft. It's part of the system that prevents aircraft from colliding with each other in the air (TCAS/ACAS).

But as I understand in this situation they were not out of ADS-B range nor were they out of radar range. While ADS-B requires the aircraft to transmit, radar does not.

An example of an in-flight breakup happened in 2002 when China Airlines 611 which broke into 4 pieces about 40km off of an island. Looking at the radar returns they found the aircraft broke into 4 large chunks and they were able to tell where items would be due to the radar tracks.

I'm really not sure what's happened here but my hunch is that the incident happened at the boundary of one or more countries' radar systems. So Malaysia needs Vietnam and/or Thailand and/or Cambodia and/or China to turn over their radar returns so that everything can be lined up correctly.

If it was all within one radar system you would have a location pinpointed within an hour.


I think one of the lessons of Air France 447 is that our existing black boxes not only work, they work extremely well. So it's not so much that we want to replace our current black box technology so much as we want to augment it. A live satellite feed is an obvious choice here, but I'd argue that a secondary backup black-box (presumably 100% solid state these days) located in a part of the airplane that's likely to float would be a good idea.


Is there any part of a plane likely to float with a black box attached to it? I can't find data on Google, but I'd guess they're pretty heavy?


Ejection systems are pretty advanced. A secondary black-box or just transponder that ejects in the event of rapid acceleration or altitude loss could be helpful, although the engineering of getting it into an airliner might be a bit tough.


There were certainly parts of Air France 447 that floated. I think the largest piece may have been a section of tail. I don't know if there are parts that reliably float in the case of an accident over water but I'd guess that tail sections and winglets are good candidates.


I was thinking about the added weight of a black box though. My possibly naive assumption is that they're heavy because they're so robust, so would need serious buoyancy. I can't find a weight for them though so I might be wrong.


That may be true of existing black boxes, but a purpose-designed solid-state black box wouldn't have to be very big. Especially if it was optimized for surviving impact with water rather than, for example, a mountain.

In fact, I was just thinking about how you could probably put a miniature blackbox in every single airline seat. Airline seats are already designed to float, and you'd only need one of them to be recoverable. Such a black box might not be capable of storing everything traditional black boxes do, but if it managed to capture a last moment GPS position it might make it much easier to find the regular black box.


> Especially if it was optimized for surviving impact with water rather than, for example, a mountain.

I think that's a distinction without difference. At 500mph, the water might as well be rock.


I'm not at all certain that's true at the extremes for which black boxes are designed. A difference between thousands of Gs and tens-of-thousands of Gs wouldn't matter for the airplane fuselage, but it might matter for solid-state electronics. I don't know if you'd get that kind of force differential between a water impact and say, slamming into a solid granite wall. But I'm to ready to discount it.

But even if we assume that there really isn't a meaningful difference in the physics of a ground vs. water impact, I think there still might be an advantage to having your conventional black box optimized for maximum survivability and having an auxiliary black box which sacrifices some degree of survivability at the extremes in exchange for improved discoverability after an accident.


This one is 8.8 lbs. Not sure if this is the type used in a 777. http://www.uasc.com/documents/products/CVFDR.pdf

TRW makes them as well, but couldn't find data sheets on theirs.

You might also find this relevant. http://www.ntsb.gov/doclib/manuals/FDR_Handbook.pdf


You could have several bright orange foam blocks containing memory and a radio beacon on the outside of the plane that detach in water. You then send blackbox data to them using em loops inside the fuselage. That would be pretty cheap and would also help in mapping debris on land.


Let's start estimating the technical challenge here (we're supposed to be techies, after all).

Bandwidth: quick googling shows that a flight data recorder records between 64 and 256 12-bit words a second, i.e. 1-3 kbps. Browsing http://en.wikipedia.org/wiki/Bit_rate shows that another 2-8 kbps is needed for voice recording (from one microphone). Let's call it 10 kpbs all together.

Number of simultaneous connections: there are around 20,000 (ballpark) airliners in the air at the peak time each day.

Compare this to the rather old Iridium satellite network: 2400 (uplink) baud rate, 1100 calls simultaneously per satellite (of which there are 68). Not quite enough, since airplanes are not evenly distributed over the Earth or under the satellites, but not outrageously far from our requirements.

Cost: several billion dollars (under 10, I think) have been invested into building the Iridium network, and their operating expenses are around 100 million per year (they are a public company).

Clearly, it would not be unrealistically expensive, in the world of 500 million dollar airliners, to build and maintain a network of satellites to record all black-box voice and data in real time.


How many aircraft are lost that satellite link "crash data" would have been useful? I recall three, MH370 would make four. I imagine there are more, but compared to the number of aircraft that don't crash, the total is a rounding error.

http://en.wikipedia.org/wiki/TWA_Flight_800

http://en.wikipedia.org/wiki/China_Airlines_Flight_611

http://en.wikipedia.org/wiki/Air_France_Flight_447

Of the three, TWA flight 800 is the only one whose cause is controversial, and in-flight data transmission likely would not have helped identify the cause of that crash.

Of all the above accidents, the causes are understood and have not been repeated. In fact, the cause of Air France 447's instrumentation failure was understood before the crash - there was an an active airworthiness directive to fix the pitot icing.

Extraordinary expense with no(?) payback.


Satellite could just be a fallback only used when you're not over ground. This would remove the load of all US/European intra-continental flights (the vast majority).

It looks like ACARS already uses Iridium http://en.wikipedia.org/wiki/Aircraft_Communication_Addressi...


Part of the reason Iridium needs a lot of satellites is because they're in low earth orbit, to reduce latencies (800km instead of 42000km for geostationary orbits means round trip latency of 5ms instead of 280ms).

You might be able to lower costs by tolerating increased latency and using higher orbits. You'd still need something for pole coverage, of course.


Those higher orbits are significantly more expensive to achieve.


Sure, but you wouldn't have so many of them.


Why use satellites? There is plenty of long-range terrestrial radio tech that could do the job. Land-based and or even cargo ship based listening posts would be much cheaper. Aircraft-to-aircraft comms could also potentially do the job.

Granted, aircraft fly high in the air, but there are no line-of-sight problems as with terrestrial radio links, so even high frequency comms are possible.


Keep in mind that over-the-horizon radio communication is subject to the vagaries of the ionosphere and is not totally reliable. Further, there is a day/night difference, and a dependence on latitude. Line of sight at 30000 feet is about 200 miles, so there are huge areas where everything is over your horizon.


But don't most actual aircraft flight paths tend to stay near land? For those flights that must go over that horizon, couldn't they fail over to a lower freq / lower bandwidth channel, when needed; while still keeping near real-time status updates?

Or connect via another aircraft who is further behind them but on a similar flight plan.

Here is probably one of the worst flight paths for this type of potential comms http://flightaware.com/live/flight/UAL888/history/20140310/0...

I had intended to use that to support my notion that aircraft tend to stay near land. I've flown that route several times and each time we flew an arc that kept us near or overland. Like this, but never in Russian airspace. http://flightaware.com/live/flight/CCA985/history/20140309/0...

Man, these guys are all over the place. I may have to reform my ideas about flight paths.


Well, for the ones that travel within sight of land, we don't have much of a problem. And that may be "most". But "most" flights don't end in disaster. It is the ones that spend long hours over the horizon that are of the most concern.

A significant number spend lots of time more than 200 miles from land. And "land" here means some land with a data link endpoint.

With respect to airplanes forming some sort of mesh network, consider the bandwidth requirements throughout this link.


>With respect to airplanes forming some sort of mesh network, consider the bandwidth requirements throughout this link.

Right, but all that is really necessary is groundspeed, altitude, and equipment number. That gets you enough information to find a crash / forced landing site quickly, and to know where to search for wreckage. So, even for those parts of the flight path that are "dark" It still may be potentially superior to low-bandwidth satellite links.


You can't just "fail over to a lower freq". Propagation beyond the radio horizon at all is at the whim of the ionosphere, which is the only reason long-distance radio works in the first place (it reflects back down, when the conditions are right)


With full duplex communication you can.


I... what? What does that have to do with radio wave propagation & the ionosphere?


How would that work?


When the aircraft stops receiving signal from the ground on one channel, it searches for a beacon on another channel.


And what I am saying is that in bad HF conditions, it won't hear anything, and thus won't say anything. Putting the likelihood of a missed communication higher.

Duplex doesn't fix no propagation.


Under what conditions in an airplane's flight routine is there no radio propagation on any frequency?


http://en.wikipedia.org/wiki/HF_radio#Propagation_characteri...

I'm no expert in HF, but my general understanding is that while auto band-hopping could be helpful, you are never guaranteed there is a usable band.


From my comment ancestor to this thread:

Keep in mind that over-the-horizon radio communication is subject to the vagaries of the ionosphere and is not totally reliable.

Non-line-of-sight radio communications are short wave (well, also medium wave and long wave, but those modes require significant power). If ionospheric conditions are bad, as they are at many times of day (worse at night for some bands), at many times during the sunspot cycle, and during a solar storm, and sometimes during atmospheric events, then you won't get a radio signal through. One famous example of this was just prior to the Pearl Harbor attack, communications via radio between US and Hawaii were very poor or nonexistent for key parts of the time.

So to put a number to your question "likely better than half the time".


>So to put a number to your question "likely better than half the time".

I'm not sure how you get from 'because communications between arbitrary point A and and arbitrary point B are sometimes impossible on band C' that "likely better than half the time" communication will be impossible on every useful band to any useful place.


Band outages are more often than not correlated.


There is nothing reliable for oceanic flights but shortwave, which doesn't have the bandwidth available for streaming.

At 40,000 ft altitude the horizon is still only ~240 miles, which will still give LOS problems for VHF and above, particularly in bad weather.


Actually there is a large body of people looking to use cubesats as ADS-B receivers: http://mstl.atl.calpoly.edu/~bklofas/Presentations/SummerWor... (PDF Warning)


What's the actual problem here? How many fatal crashes of commercial airliners with black boxes have ultimately not been root-caused? I don't think it's very many. Is the problem that it doesn't happen quickly enough? Is the fear that another plane might crash for the same cause while people are still investigating the first one? I'm not sure this is based on anything rational.


How many fatal crashes of commercial airliners with black boxes have ultimately not been root-caused?

I am not sure what you are trying to say.

The blackbox is like your log file on a server: the flight recorders (flight data recorder and cockpit voice recorder) in aircraft, (wiki). So if you want to know what happened to the aircraft, whether after a fatal crash or after a hijack or after emergency landing, the blackbox is ultimately the best source. Don't forget there is a legal responsibility.

It is totally rational.


I'm saying that if black boxes are sufficient to root-cause the vast majority of commercial airline crashes, what problem are we trying to solve by "rethinking" them? The only one I can think of is speeding up the process, but it's not clear that that's actually a real problem rather than just disappointing to someone in the news industry who wants answers within a few news cycles.


Yes I think you're on to something. The complaint is how long it takes to have a definitive answer. But I'm not sure how significant a problem that is. For relatives and friends it may create a little closure but probably not much given it doesn't change the main issue. It's possible that there could be data collected that, if modified on other planes, would reduce or remove the chance of a similar tragedy. It doesn't seem though like that is the case in any disaster to this point.


I'd also like to see, along with the cockpit voice data recorder, a video recorder of the last n minutes of the cockpit. Much accident investigation revolves around trying to reconstruct what the pilot was doing, looking at, etc. This would make it much simpler and more accurate.


I was hoping you'd chime in on one of these discussions, given your history in the aircraft industry.

What are your thoughts on the rather knee-jerk articles as of late that seem to think that some form of streaming technology is somehow absolutely imperative, and how might that compare to the tried-and-tested flight recorders given what we know from AF447 sharing periodic updates as to its status?


My knowledge of what is and isn't practical with streaming technology isn't much better than that of a layperson.

I do find the aviation industry to be sometimes peculiarly behind the times. For example, a few years ago, I wondered online why airports did not have constant video recording of the runway and taxiways. Such would have been enormously helpful in solving many accidents, such as the SST crash.

But an airline pilot argued with me, saying that such would be cost prohibitive and thoroughly impractical. I was baffled by such statements, given that every 7-11 had constant video surveillance.

I do follow air crashes and the subsequent investigations, the engineer in me just cannot resist. The investigations are so thorough these days that it's pretty rare that the cause and chain of events are not thoroughly understood. The only issue is sometimes it takes years, which can get pretty frustrating for people (including me) who like instant answers. The mitigating factor is accidents are now extremely rare. I don't think that the cost of a live streaming system is clearly worth it.

The black box system has turned out to be probably the biggest single factor in improving safety ever devised. They work great, and the aviation industry is (naturally) very conservative about changing things that work.


A lot of accidents happen on the runway or shortly after. Video will tell a lot of things that telemetry won't - visibility, runway incursions, just where the airplane lifted off, ice on the wings, fire or smoke, any missing parts (!), open doors, working lights, bird strikes, etc. It can also be a backup if the telemetry is lost, such as speed, position of the flaps, problems with the landing gear, etc.


what yakov says isn't fully accurate. there are 4 voice channels that sum up to around 50kbit. and the fdr recording data is specified at around 12kbit. check the bea working group document

ironically part of my master thesis is about blackboxes and satellites. iridium has been working with some company about the topic(i think, i wish i remembered the details, but you can just google them). but generally iridium is slow right now(that might change but when i say slow i mean less than 4kbit slow), and i think the main reason why it's still there is because it covers the poles.

rolls royce actually already deployed a thing that transfers data through satellites, so you can actually get live engine data. this is almost ironic since their engines seem to be so crappy that a significant portion of them requires replacement according to qantas.

inmarsat on the other hand is much faster. you have to consider though, in a lot of regions you have way more planes than you have bandwidth. also inmarsat is already heavily used by ships(which from what i heard have a lot of virus infested windows pc's sending bogus junk). there is no way

the main issue is that we can easily have way more planes than we have bandwidth per spot beam

[] http://www.bea.aero/en/enquetes/flight.af.447/flight.data.re...

[] http://www.telegraph.co.uk/finance/newsbysector/transport/10...

[] http://www.rolls-royce.com/about/technology/systems_tech/mon...

[] http://www.inmarsat.com/about-us/our-satellites/


We really don't. Satellite uplinks don't have enough bandwith for every plane's black box data, and the data we would get wouldn't be useful, since you need the data when things go wrong, and I doubt you'll maintain a connection when everything goes wrong. Furthermore this article illustrates why I try not to read the news at all. The journalist has absolutely no idea what he's talking about - which is the norm for most stories. Film streaming is done from an on plane cache and in air WiFi is more often than not provided by ground cellular networks, falling back to satellite, which is unusable most of the time.


The issue here is a monetary one.

How many planes go down each year? A few. How many planes are never found (black boxes). One per 10-15 years?

An airline, or a company that builds planes would have little to none problem explaining to the judge that benefit-cost analyse make no sense: too much money would be spent for too little benefit (I know lives may be at stake, but that won't convince the judge).

Couple years ago I read an interesting article about the way Boeing builds their wings and the way petrol compartments are organized inside such a wing. It went on to explain that in particular external conditions of air, at particular speeds, with particular climbing angle and with particular temperature of aircraft coat, there is a chance of petrol ignition. The only "problem" is that according to their calculation, the probability of all conditions being right is 1:17,000,000. While re-engineering the wing and then applying changes to each aircraft would go north of a billion dollars. Therefore, they have not upgraded their aircrafts and no authority went after them surely because of tiny chance of an accident occurring.

We are all flying a ticking time bomb to some extent. The chances of something going wrong are comparable to putting a parrot before your keyboard. How much time will it take a parrot to hit a combination of keys writing "parrot". It may be one billion years! Or five minutes...


"I know lives may be at stake"

What lives are at stake? An enhanced black box won't prevent accidents, and, with very few exceptions, it won't help us find out the cause of accidents. I think your take on the "cost-benefit" analysis made the most sense.

Your 1 in 17 million scenario is interesting - how many times per flight is that scenario evaluated, or is that per flight? If per flight, and suppose we have about 20,000 Boeing flights a day, then we would have a Boeing explosion every 3 years. (Adjust the numbers based on how many Boeing flights there are) - I would say it's worthwhile making the change there.


I think the chances that the conditions are right are 1 in 17 million, however the chances the fuel ignites is also extremely low.


"Your iPhone is more powerful than the evidence-collecting computers in the cockpit."

My iPhone 5s is arguably "more powerful" than the Hasselblad 501cm[1] I currently have sitting next to me. The iPhone has a built-in light meter, flash, and GPS. It can take more than 12 photos without reloading.

But, the Hasselblad was designed to satisfy a different set of criteria than the iPhone. And, for those criteria, it's absolutely perfect. If I want to Instagram something I'll use my iPhone[2]. If I want to shoot a photo I can print at sizes measured in feet, I'll use my Hasselblad.

Is it possible that the airplane black box needs a 21st century rethink? Sure. But to dismiss it in the article subhead does a disservice to everyone who reads the article.

[1] not my blog and not my photos, but representative of the camera: http://blog.mingthein.com/2013/07/27/fd-shooting-with-the-le...

[2] Actually, I'm one of those people who only uploads photos taken with a 'real' camera to Instagram, but you get the idea.


Certainly, at least for those planes fitted with satellite Internet uplinks, a status report every two minutes or so would be technically feasible and not terribly expensive?


Air France 447 actually had such a system, although it was not designed to fulfill the same role as the black box.

Here's Wikipedia on the subject (http://en.wikipedia.org/wiki/Air_France_Flight_447#Automated...):

An Air France spokesperson stated on 3 June that "the aircraft sent a series of electronic messages over a three-minute period, which represented about a minute of information. "[32][33][Note 2] These messages, sent from an onboard monitoring system via the Aircraft Communication Addressing and Reporting System (ACARS), were made public on 4 June 2009.[34] The transcripts indicate that between 02:10 UTC and 02:14 UTC, 6 failure reports (FLR) and 19 warnings (WRN) were transmitted.[35] The messages resulted from equipment failure data, captured by a built-in system for testing and reporting, and cockpit warnings also posted to ACARS.[36] The failures and warnings in the 4 minutes of transmission concerned navigation, auto-flight, flight controls and cabin air-conditioning (codes beginning with 34, 22, 27 and 21, respectively).[37]


Interesting. From the linked article, it looks like coordinate data was transmitted as well as telemetry. Given the high speed of airliners, ocean currents, and travel time for rescue ships, even minute-by-minute transmissions wouldn't solve the problem of pinpointing the exact location of wreckage/survivors.


In the case of AF447 the flight control system knew something was wrong. In a situation like that increasing the rate of messaging automatically might be a good idea, and could probably be implemented entirely in software. It probably wouldn't help in the case of catastrophic air frame failure out altitude however.


> a status report every two minutes or so would be technically feasible and not terribly expensive?

...but also not very useful. Two minutes is a long time when you're traveling at 570 MPH - in the event of a catastrophic explosion a plane could be on a perfectly normal flight path one minute and then gone the next, and you still have a vast radius to cover when looking for the wreckage.


Then do the update every 5s. You don't even need to do a full update, just coordinates, heading, altitude and speed. Still technically feasible, still not terribly expensive (seriously, ~80 bytes every 5 seconds) yet potentially very useful since you can pinpoint an aircraft's location to within less than 1/2 mile at any point during its flight.


While the author may me making some technological comparisons that need a bit of vetting the basis premise is good.

Given how much these planes cost it does seem reasonable to have real time telemetry. Yes it is hard. Yes it is expensive. But no where do I read it can't be done. In fact I think a lot of technological innovation has been driven by people saying "Nope...you can't do that.".

Where is the incentive to provide real time telemetry? More crashes? This is one place where I feel the FAA does have quite a bit of responsibility.


Whenever there's a big disaster, people want to find technical solutions. But the real problem is not even plane crashes at all. It's car crashes, heart attacks, suicides, murders, and other preventable disasters that aren't so newsworthy but can still be helped. We all know air travel is much safer than walking or driving and also expensive, partly to pay for that extreme safety. Adding more expense to make such a safe thing even safer is wasting money.


Great discussion. I now understand more about the objections to replacing a black box with satellite streaming data . The two major objections seem to be 1) a catastrophic event could bring external communications to an immediate end and 2) the high data density could make it impractical to link it all to a satellite.

As to the first objection, any catastrophe would be preceded by the cause of the catastrophe. This is what one would hope to capture. I'm not sure if that covers every possible case but I it could be of great value to have instant access to events just prior. As to the second objection, intelligent systems can make useful decisions about which data to transmit and about how long a burst of information should be sent.

Anything that can be done to reduce the time needed to locate passengers who are injured or trying to survive on the ocean or in difficult conditions deserves a look, in my opinon.


> it could be of great value to have instant access to events just prior.

Why is it a significantly larger value than having access at worst two years later? No plane went down due to the same problem while they were looking for the AF 447 black box.

> Anything that can be done to reduce the time needed to locate passengers who are injured or trying to survive on the ocean or in difficult conditions deserves a look, in my opinon.

Passengers might survive reasonably successful ditchings, after which currently-fitted ELTs activate and transmit location as you expect. An event that results in ELTs not activating is generally not survivable in the first place.


Well, for example if it was design issue they could pull all effected aircraft immediately, rate than waiting for the next one to crash over and and getting the blackbox then.


In practice, that's just not an issue these days.

Most crashes are due to human error or complex system problems that often include already known issues rather than a single thing failing catastrophically. Airbus put out a maintenance bulletin about pitot tubes freezing before AF 447 crash, and cockpit/crew management, concentration and problem solving while startled, and computer mode confusion were all known. The most recent example of one solid hardware problem are the 787 batteries and thanks to QA systems we know they are problematic but, fingers crossed, so far they haven't gotten bad enough to kill people. If a 787 goes down you know this will be the first thing looked at even without instant access to logs.

A new airplane entering production with a flaw that will go unnoticed until it suddenly starts crashing planes en masse is just incredibly unlikely. On balance of probabilities, we're better off focusing on existing known problems rather than coming up with super high tech monitoring schemes.


A combination of Enhanced Ground-Proximity Warning System (EGPWS) http://en.wikipedia.org/wiki/Ground_proximity_warning_system and Deployable Flight Incident Recorder Set (DFIRS) http://www.drs.com/Products/c3a/DFIRS.aspx might be an option. The DFIRS deploys when a pilot ejects from a F/A-18 Hornet. Using EGPWS in a civilian aircraft the system only triggers when a crash is imminent.

An alternative would be to eject the DFIRS when subjected to high acceleration like an Airbag in a car. In a large proportion of crashes, the nose of the jet hits first.


The black boxes are fine. ACARS/ADS-B are usually helpful, just not in this case, so far as we know.

There is already a perfectly capable technology in place: the 406 MHz ELT. If it turns out the the (probably two) ELTs did not transmit, we need to think about why.

Things can go bad quickly on a commercial jet. No one has time to manually activate the ELT before a sudden impact.

At least one of the ELTs is required to activate automatically in case of an impact. A hard landing is enough.

So why did at least one of the ELTs not activate? here are some possibilities:

1) It did, and we don't know about it. The media is so ignorant about the details of technological systems that they don't know the questions to ask, cannot understand the relevance of technical details, and would not understand the answers in any case. Welcome to the idiocracy.

2) An ELT activated, but was not picked up. Very unlikely. If an ELT activated aboard MH370, the satellites would almost certainly have received the signal and passed it on.

3) The aircraft hit the water intact, and the ELTs were destroyed before they could activate.

We can't do anything about the stupidity of the media except to educate ourselves, stop consuming media garbage, and hope that, eventually, the human condition will improve.

If option (3) is correct, then we can also do nothing. Any force sufficient to interfere with the safe operation of the aircraft by competent pilots should also have been sufficient to activate an ELT.

If the ELT did not activate, it means that the aircraft was flyable. We cannot adjust the sensitivity of the ELTs to activate on flyable aircraft, because the rate of false activations would be unacceptable.

Apparently, we also cannot eliminate the impact of flyable aircraft with terrain by pilot training; quite the contrary--the phenomenon seems to be increasing.

Improved autopilots are also not the answer. Of necessity, an autopilot must relinquish control to human pilots in many circumstances where anomalous data is received. This is the circumstance in which it is most likely that the human pilot, taking control of a partially disabled aircraft, often at night and over water, will crash a flyable aircraft into terrain. There has been a growing series of such accidents.

So, no, we do not need to rethink "black boxes". They do their job very well. We also do not need to rethink the ELT--it is a very reliable technology except when people crash a flyable aircraft.

We may want to continue to upgrade the packet data rate between the aircraft and its base, but that is already the plan.

We also cannot upgrade the autopilot, because we cannot yet create artificial intelligence that can deal with a chaotic system like a partially disabled aircraft.

We may want to think about giving pilots better ways of seeing an overview of their situation. Mandatory AOA indicators and external-view situation indicators would be a great start.

Probably also rethinking reflexive media coverage of aviation would be good. Our need to know immediately does not trump the well-thought-out engineering of commercial airliners, and pandering to our self-absorbed search for meaning and quick fixes, particularly when none is available, is likely degrade, rather than improve, the human condition.


From what I understand, what makes this (probable) crash unusual is that nothing was received from the plane. Modern airliners send out all sorts of signals over several channels. The data that sites like FlightTracker uses are part of it.

In the case of the Air France crash, telemetry data was sent out in the good 15 minutes it took to go down. With this flight - nothing. One moment it was sending data saying all was well, the next it simply disappeared from the screens. Extremely unusual. If there was a sudden disintegration of the aircraft, there's a good chance an internet-based device would go offline too.

I believe the black box has a signal that will let it be found but it only has a range of 1-2km - less underwater.


I don't know if this is practical or not. Have two or more compartments on a plane filled with dozens of small highly reflective buoys. Each with some sort of radar reflector, either passive or active, that searchers could light up with radar and it would emit back a strong signal. In event of a breakup their container is designed to scatter them everywhere or in a more controlled situation the planes systems could release them. Ofcourse they will drift in the air and in the ocean currents but you could analyse then statistically along with knowledge of wind and ocean currents to at least narrow the search area in a situation like this one.


The topic has been proposed periodically in the past (http://spectrum.ieee.org/aerospace/aviation/beyond-the-black...). There are already systems in the market.

What is perhaps more boggling is that you just need a last seen GPS coordinate or set to help find the boxes and the plane - a GPS packet if you might call it. Similar emergency transmitters are already available for yachts and boats.

The mystery of MH370 may uncover a number of simultaneous problems or deficiencies of procedure.


Even if you know exactly where the airplane broke up, finding debris can be very difficult:

* There often aren't many big pieces left after a breakup at 550 MPH.

* The debris is falling 7 miles, so where it actually lands is pretty random and dependent on the shape / weight of the debris. Lower density debris probably travels further.

* Most debris sinks when it does get to the ocean.

* The lower density debris that floats moves in currents.

* You can't search at night, so the floating debris might move considerably before you can start searching.


Does anyone think this air crash investigation will be anything like the http://en.wikipedia.org/wiki/Aerolinee_Itavia_Flight_870 investigation? It also exploded over sea, pieces were found. First they thought it exploded due to a missile from a military jet. Then some engineers found out that the explosion was a bomb in a rear airplane toilet.


No one know yet. Until they found the aircraft and the blackbox, they can only suspect. There are reports of passengers checked in with stolen passports but the government and the airline think the possibility of terrorism is low. Let's hope we can discover the missing aircraft soon.


TWA 800 is perhaps the more familiar example, at least to anyone in the New York area. Plenty of theories about a missile in that case too, but the actual cause was an electrical fault.


Before you waste time with better data logging, please install an ejection seat, parachute, and a built-in life support system. That's much more useful than sensors that record the demise of the passengers to satisfy the bloodlust of news corps.

Or rationally, don't change a damn thing. Airliners are fine. Any other form of transportation (maybe with the exception of trains) is many times more deadly and we cope with that risk just fine.


> That's much more useful

Not really. The hard part is knowing when to use such a system. In most of the catastrophic crashes I've heard about no one knew they were in danger till they were dead.

> to satisfy the bloodlust of news corps

That's not what it's for, that's horrible thinking. It's for determining what happened so we can prevent it from happening again!

> Any other form of transportation (maybe with the exception of trains) is many times more deadly and we cope with that risk just fine.

Because of those same data recorders you denigrate! And now that we've reached a plateau of sorts, it's time to move to the next level.


The problem here is that the blackbox should continue collecting data to the very last second until it no longer can. So trying to time it to get it out before the "end point" undoubtedly reduces the value of what it's collecting.


As much as the idea of every passenger being able to eject in the case of an emergency amuses me, I don't think that's going to happen. Ejection seats are expensive, can themselves be dangerous (they are basically a rocket-propelled chair), and pilots in aircraft that use them need to be specially trained for their use. That's not even mentioning how you'd be able to sever the whole top off the fuselage quickly enough, and if you could, what if that system malfunctions in normal operation...!


Remember that even escape slides can result in serious injury to around 10% of passengers during an evacuation.

Ejection Seats are deadly/extremely dangerous if the person in them is not properly trained. Body position when the seat fires can make the difference between minor scratches and death.


I'm pretty sure trains are more deadly, especially when you include the numbers from them hitting things like trucks at level crossings.


I presume that the “black box” is located somewhere in the plane that is likely quite inaccessible to the crew and/or terrorists that may wish to disable it. It’s a sealed box, and I would presume that the crew would not have the tools to open it and that it is unlikely to have a simple “on/off” switch with which to turn it off.

But… COULD it have been diaabled? Why have no “pings” been picked up as yet?


I presume that the “black box” is located somewhere in the plane that is likely quite inaccessible to the crew and/or terrorists that may wish to disable it. It’s a sealed box, and I would presume that the crew would not have the tools to open it and that it is unlikely to have a simple “on/off” switch with which to turn it off.


Plane designed to carry more than 20 passengers: Require three modified spot satellite transmitters, self activating on power loss, one on each wingtip and the top of the rudder. They should self release after immersion in 5 feet of water and be buoyant. $1000 to install, $100 a year. Cheap insurance.


You'd think Boingo would have explored this from the start with their Wifi connection.

Even though it's consumer-facing, I'm sure they could have reserved a small subset of bandwidth to experiment with realtime flight data.


It truly is shame that the aviation industry keeps itself at a pace of in ovation once a decade.


The solution is streaming the data at all times. The idea of a black box is an antiquity - something used as a backup to the stream, perhaps.

Hold on while I go patent the shit out of this (yeah right, fuck the USPTO if they approve something so obvious).


i would like to know how NASA received the data from the Space Shuttle Columbia in 2003. Can we use the same technology for commercial aircraft ?


How would you remotely shut one off?




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: