Dropped iPad implicated in fatal Rotak Chinook helicopter crash(verticalmag.com) |
Dropped iPad implicated in fatal Rotak Chinook helicopter crash(verticalmag.com) |
Military aircraft cockpits sometimes don't have a great concept of "inside" and "outside", the way a cell, waterproof device, the aircraft's pressure seal etc do. If you drop something (FOD), there may not be a clearly defined boundary to where it can end up, or it may not be possible to see or get to it while strapped in etc. Rudder pedals, or the various mechanical and electrical connections around them, as indicated in the article, are a great example of this. If you can't find it, the AC may have to be grounded and thoroughly searched/panels removed etc.
Military avionics may be missing basic things that an EFB can help with, including maps, nav point and airport databases, weather info, ADSB info etc. EFBs are (IMO) a poor substitute due to the FOD concern here, the clunky touch screen interface (which you probably have to take gloves off for), the risk of getting locked out of important things like checklist and plates by BlackBerry, Foreflight licenses, passcode timers or other security layer etc.
You might have a jet that's 30 years old, just got retrofitted with a really nice radar etc, but the funding didn't make it through for a database, better displays/UI etc that would be better integrated with a jet, so you lean on the EFBs.
There are sometimes EFB mounts that can attach to a canopy via suction cup, clip onto various surfaces etc.
And this one in Ireland due to a rag: https://www.irishtimes.com/news/helicopter-crash-caused-by-c...
20 years ago, I was an avionics technician on F-16 fighter jets in the USAF. We had 'FOD Walks' daily, which involved slowly walking down the flightline while staring at the ground, and picking up any loose objects
Even a tiny object, when ingested into a jet engine, can cause catastrophic damage. And F-16s have intakes very low to the ground, making them a much higher FOD risk.
The worst FOD events were when something broke. We used bit drivers to remove aircraft panels, and the bits were fairly standard screwdriver bits. Sometimes, one of those bits would shatter when applying force to remove a stubborn fastener. If that happens, you have to retrieve every single piece of metal. If you return your toolbox at the end of the day and it is missing anything that can't be accounted for, the entire flightline could be shut down while a search is carried out.
Dropping things in the cockpit could sometimes be much worse. If it drops down into a void left by removing a control panel, then it could potentially fall to the 'bottom' of the aircraft. If that happens, you'll be taking off all the panels in that vicinity, you'll have multiple people looking with flashlights, borescopes, etc.
If something is dropped but can't be found, that's probably a multi-day event that will involve some fairly high ranking people.
FOD was considered a serious threat, and a tiny piece of metal broken off of a tool could hinder operations for days at a time
EFB = Electronic Flight ~Book~ Bag
edit: https://en.wikipedia.org/wiki/Electronic_flight_bag
It's bag, not book.
FOD = foreign object debris... basically anything loose that can end up somewhere it doesn't and cause Foreign Object Damage - https://en.wikipedia.org/wiki/Foreign_object_damage
EFB = electronic flight bag ... basically using screens/displays (and more recently, the likes of iPads issued to Students / Flight Officers/ Pilots) which carry things like aircraft manuals, checklists, airport procedures, airport and aerodrome diagrams, etc. -- so called because they're designed to replace the "flight bag" that could be filled with over half a dozen (or more)heavy, chunky-as-heck books and binders containing the same information in paper form.
This becomes especially relevant when commercial aviation requires flight deck personnel to carry significant amounts of information like that with them, like train drivers can also have to do (rule books, locomotive / rolling stock manuals, track/depot diagrams, etc.)
Again, not remotely limited to the US military, or to the US or military in general -- these terms are common for those in aviation :)
EFB is actually defined in the article
Electronic Flight Book
This is basically just wrong. EFBs like ForeFlight are an incredibly rich and indispensable suite of tools from approach plates to a huge range of charts to log books to synthetic vision to adsb-in and much more. And operationally they’re very reliable and robust. I’m instrument rated, fly with a primary and backup iPad and have mine clamped to the yoke and it ain’t going anywhere.
ForeFlight licenses? What are you even talking about? In North America FF is almost a standard among GA pilots.
_Why_ is this? Weight reduction or something? On the face of it it sounds like a design flaw.
In writing this answer it struck me you might be reading AC as Air Conditioning, instead of AirCraft, which I suppose could have lead to your question asking about weight reduction.
One major issue with EFBs is many pilots extensive reliance on them for navigation and traffic avoidance, and their failure in flight since they are commercial off the shelf products. A very common issue during the summer months is for an iPad to very easily overheat and just shut down. Another is battery life. iPads are consumer electronic devices and aren't held to even a semblance of tolerances that aircraft avionics are held to, but they are relied upon as critial tools in flight now.
I've directly seen instances of aircraft that have violated airspace, gotten lost, and other issues that contribute just one more hole to the "swiss cheese" model of a catastrophic loss.
It focuses on air crash investigations. But it's very useful to tech people in understanding the right way to approach incident investigations. It can be very easy to blame individuals ("stupid pilot shouldn't have dropped his iPad", etc), but that focus prevents improving safety over the long term. Dekker's book is a great argument for, as here, thinking about what actually happened and why as a systemic thing. Which provides much more fertile ground for making sure it doesn't happen again.
https://www.amazon.com/Accidents-North-American-Climbing-202...
I wonder what other fatal accidents have been caused by dropped electronics such as iPads and iPhones getting stuck under accelerators and brake pedals in cars and long haul trucks as an example.
There’s obviously distracted driving as well which is a major problem.
There’s an answer [0] on Quora that describes helicopter instructors having to deal with students frozen out of fear and wrestling for control of the inputs. Nightmare.
[0]: https://www.quora.com/What-happens-if-the-pilot-and-copilot-...
Not at all, for example Airbus aircraft "helpfully" average out the inputs. There's a dual input warning, but warnings are weak at preventing accidents.
Some instances where the awful UX around the handling of dual input by aircraft contributed to incidents:
- https://youtu.be/6tIVu0Dpc2o?t=1754
- https://youtu.be/V2mMs-h4qGE?t=949
- https://youtu.be/Dl-Fl66Jfao?t=977
- https://youtu.be/tXGET4-N9FA?t=983
- https://youtu.be/e5AGHEUxLME?t=2259 & https://youtu.be/e5AGHEUxLME?t=2876
IMO, this is a critical design flaw with all current aircraft that should be addressed ASAP but what do I know :)
There really isn't. A helicopter is a coupled collection of parts and power that is working in concert to not immediately return to the ground in a violent manner. And a helicopter's power profile is also working in more dimensions than a car.
Each of the flight controls are critical components that work together. You take one out of the equation and things exponentially get more complex.
There is a concept of disconnecting the engine from the rotors, but it’s not the kind of thing that happens accidentally.
It's very sad to see a tragedy like this caused by something so simple :(
When I took driving lesson, my instructor painted a vivid picture of the consequence of a crash while transporting heavy unsecured objects behind me - that lesson has stayed with me for over 30 years.
Can't imagine how mortifying it must have been to have any of the controls jammed up like that. These things require constant corrective inputs to remain airborne in anything resembling stable flight. And close to the ground loading water from a stream, with all that turbulence? Nightmare fuel.
https://www.diblasi.com/aviation.htm
Stuff gets dropped. Suction cup mounts have the habit of coming loose at inopportune times.
Those regs are well established. Whether these guys were following them remains to be determined.
I’d be pushing for something more robust like a clamp-on/bolt-on RAM mount or something. We put RAM mounts on forklifts for iPads and barcode scanners, and they’re nigh indestructible.
The item didn't get knocked loose, it was the plane automation that saved the flight. The auto-pilot self-corrected and levelled off when it detected prolonged dangerous pitch down input[1].
[0] https://www.gov.uk/government/publications/service-inquiry-i... [1] Page 37 of https://assets.publishing.service.gov.uk/government/uploads/...
this makes Airbus the opposite of Boeing
>Apple iPads and other so-called electronic flight bags (EFBs) have become common equipment in aircraft cockpits, used for flight planning, as a supplemental navigation aid, and to replace paper documents, among other purposes.
I wonder what it means that despite the risks involved these products continue to make it into mission critical workflows at sea and air.
But highlighting the gamepad on the Titan seems like more of a "gotcha" that journalists have latched onto than a legitimate concern. It almost certainly didn't fail because of consumer grade hardware - it failed because of poor engineering of its hull.
> Carbon fiber’s compression strength is poor. Its shear strength is low. It doesn’t dent; it either splinters or returns to shape and hides severe damage in the laminate.
The cabin electronics weren't essential to its safety. The hull might have been, though. Hard to say.
None of the passengers were able to cut the restraint to free themselves, and all five drowned.
It's not really the same as dropped electronics but it's an example of a safety system gone awry.
1. https://en.wikipedia.org/wiki/2018_New_York_City_helicopter_...
I think everyone understands that asking people who have never drilled a helicopter water escape to take special actions in an emergency, let alone reach behind them and cut a tether, is just never going to work, certainly not in the few seconds they had. If the floats had functioned as designed, according to the investigation, everyone would have survived. Instead, either because the pilot did not fully activate them, or due to some malfunction, the right float did not inflate, causing the helicopter to capsize.
It's not completely clear to me, but I don't think they ever completely identified the malfunction that resulted in this, but as far as I'm concerned, it's a malfunction in a safety-critical system that caused deaths, and I'm surprised it's not the primary highlight of this accident.
ugh, so short sighted!
One point that repeatedly gets lost in considerations of risk and security is that more complex systems intended to compensate for other risks will themselves become part of the risk and/or threat profile.
I've both read of this many times in the case of incidents which occur elsewhere, and have seen it firsthand myself where some system or method itself intended to compensate for a risk turns out to be the cause of an incident.
Power backup systems, fire suppression systems, failover / load-balancer devices, and many cases of safety or audit code, just off the top of my head.
Toyota recalled 38m cars because of potential for mats stuck under gas pedals. With at least one fatal incident:
https://www.npr.org/sections/thetwo-way/2009/09/toyota_recal...
Apparently, people have dropped their phone then while trying to retrieve it, moved the seat and bent the phone, puncturing the battery.
I had to move to another seat when I wanted to recline it for sleeping, because the crew (quite rightly) didn’t want my iPhone getting chewed up in the mechanism.
Despite me using my Apple Watch to make the “find me!” ping sound, nobody could find it during the flight, so they had to partly dismantle the seat when we landed. It was all very embarrassing, I had to stand there for 20 minutes watching ground crew take it apart.
I didn’t dare tell anyone that I didn’t turn it onto airplane mode before I dropped it.
I was lucky, would this have happen while riding at 250 km/h or knee down in a curve... no, i don't want to think about...
Finding the helmet afterwards was interesting enough...
https://en.m.wikipedia.org/wiki/Eastern_Air_Lines_Flight_401
Of course there's always something else that can go wrong, but a big part of why flying is so safe today is that they've gone through a lot of trouble to enumerate and mitigate everything that has gone wrong in the past
Of course as we've seen in the past that can introduce its own issues, for instance during the AF447 crash: https://en.wikipedia.org/wiki/Air_France_Flight_447
>Confused, Bonin exclaimed, "I don't have control of the airplane any more now", and two seconds later, "I don't have control of the airplane at all!" Robert responded to this by saying, "controls to the left", and took over control of the aircraft. He pushed his side-stick forward to lower the nose and recover from the stall; however, Bonin was still pulling his side-stick back. The inputs cancelled each other out and triggered an audible "dual input" warning.
Here's the dual-input moment of this crash: https://youtu.be/e5AGHEUxLME?t=2876
> “Hopefully this accident will prompt operators to have a long hard look at all possible loose articles in cockpits and robustly securing valuable tools and sources of situational awareness like EFBs,” he told Vertical by email.
My understanding is that iPads are super popular for pilots, especially of non-commercial jets, because at the price point, plus buying a few apps, the experience and utility is pretty unmached. Aviation-grade equipment is super expensive because it goes through many regulatory hurdles which are, unfortunately, written in blood as this one might be. But I would hope to see regulators, if they do something, take a pragmatic and balanced approach given the benefits of accessible electronics.
[1]https://www.engadget.com/2013-06-24-ipad-now-being-used-in-e...
> take a pragmatic and balanced approach given the benefits of accessible electronics
A very solid ProClipUSA mount for an iPad can be had for under $200, so assuming a 3x multiplier for regulatory certification, I don't think that requirement would make anything less accessible. I hope that devices flopping about the cockpit like this is a practice that will be phased out.
its all relative, if the vehicle shifts place in the air relative to momentum, loose things get tossed around in the cabin/the cabin gets tossed around against loose items.
this was exacerbated by the tight cabinspace, and probably about a half second to get the obstruction out. i used to see a lot of something like, a beverage bottle, or a coffee mug, roll up under the pedals of a vehicle, after falling out of the beverage holder.
Also, if the battery pack were to come loose or the device would loose power in another way, I guess the pilot would rapidly take it off without much regard for where it ends up.
And of course, it would require a specialized version, as the pilot was already wearing a flight helmet.
As for outside the aircraft, FOD can cover anything from loose rubber / screws, etc. on the runway that could end up damaging the tires or being taken through the engines, to in-flight FOD risks like bird strikes and volcanic ash - which obviously are also foreign objects that risk damage to the aircraft.
I'm not surprised that the tether is the focus, though -- it's the reason why the helicopter crashed to begin with and also prevented the passengers from escaping.
But, yeah, either kneeboard[1] or "RAM" mount should at least be standard practice if not required. And removing the EFB from the mount once airborne should not be standard or allowed.
1 - https://www.67d.com/cdn/shop/files/KneeboardwithiPad11Pro-22...
https://en.wikipedia.org/wiki/Autogyro
You mean autorotation, I believe:
I wonder how many lives those supplemental harnesses have saved, versus the 5 they cost here.
If the story were changed and a handful of people accidentally fell out of a helicopter, we'd be asking why they weren't strapped in.
1 - https://www.67d.com/cdn/shop/files/KneeboardwithiPad11Pro-22...
Further reading: https://airfactsjournal.com/2018/10/how-spatial-disorientati...
From a laymans perspective I think of a car, where dropping something small while driving is unlikely to cause problems in the machinery.
The equivalent would be like if you had to pull all of the instruments, electronics, and seats out of your car every 1000 miles, clean them up, replace faulty bits, and then put it all back again. All of the fancy trim, carpeting, etc., just makes that job harder, so you would probably want a car that doesn't have any of that, and is designed to make doing that kind of work easier, better still if you can avoid having to remove everything, and only have to remove the bits individually that need to be maintained. The down side of course, is that without all of the fancy trim and stuff, there would be gaps where things could fall and be hard to reach, and holes where wiring travels to the engine compartment/trunk/etc. Of course, FOD presents way less of a danger in a car than it does an aircraft, so you might not care if you drop something there, but aside from that, I think the analogy holds up.
These aren't necessary characteristics of a fly-by-wire system, but its mere existence opens up the design space for them to exist.
Of course, I'm not arguing for removing the fly-by-wire system altogether ;)
However, whenever such fundamental paradigms are changed, great care must be taken to understand exactly how the new one differs from the old one.
In this case, the old direct input system afforded perfect communication of its state by default, but the new fly-by-wire system didn't. Care should have been taken to fully replicate the old behavior in the new system.
Is there any hope for me to tame these reactions?
The wasp would have been fine.
Makes you wonder how many cause unknown single vehicle crashes where the driver dies are the result of insects.
> didn’t dare tell anyone that I didn’t turn it onto airplane mode before I dropped it.
I try to remember if only to preserve battery life but I'm willing to bet the vast majority of people don't.
(And partly superglued my pants to my leg).
Pressure changes have interesting impacts on “sealed” containers!
While taking off from Charles de Gaulle Airport, the aircraft ran over debris on the runway, causing a tyre to explode and disintegrate. Tyre fragments, launched upwards at great speed by the rapidly spinning wheel, violently struck the underside of the wing, damaging parts of the landing gear – thus preventing its retraction – and causing the integral fuel tank to rupture. Large amounts of fuel leaking from the rupture ignited, causing a loss of thrust in the left-hand-side engines 1 and 2. The aircraft lifted off, but the loss of thrust, high drag from the extended landing gear, and fire damage to the flight controls made it impossible to maintain control. The jet crashed into a hotel in nearby Gonesse two minutes after takeoff. All nine crew and 100 passengers on board were killed, as well as four people in the hotel. Six other people in the hotel were critically injured.
<https://en.wikipedia.org/wiki/Air_France_Flight_4590>
The debris was a metal strip "435 millimetres (17.1 in) long, 29 to 34 millimetres (1.1 to 1.3 in) wide, and 1.4 millimetres (0.055 in) thick", which had detached from a DC-10 which had taken off five minutes prior to the Concorde.
The best possible outcome from a fatal crash is regulation that will prevent similar accidents in the future. I don't think automatic FOD detection is mandatory (at least, I can't find any evidence of a mandate) - but I assume that it will eventually be mandated, as costs come down.
[1] https://www.faa.gov/documentLibrary/media/Advisory_Circular/...
Compare to usual practice around IT…
Broken IT can in today's world directly or indirectly cause death of people. Some current examples:
https://www.bbc.com/news/world-australia-66130105
https://www.bloomberg.com/news/features/2023-04-20/tiktok-ef...
Still nobody cares!
But to shoehorn it into the actionable and very direct context around aviation safety is a bit disingenuous. When a server crashes, the normal result is that it costs money. When an airliner crashes, hundreds of people die.
It doesn’t seem that they make a good metaphorical pair.
IT security isn't only about "not crashing servers".
> When an airliner crashes, hundreds of people die.
I've just showed examples where likely hundreds of people died because of missing impact evaluation on IT systems.
I think this is related.
As long as people don't see this nothing will change.
So yes, maybe my context switch is a little bit drastic. But this was the intend: To show similarities in outcomes and at the same time the hubris that things aren't taken seriously in the one case where they are taken very very serous in the other case, regardless of identical outcomes.
That’s one way of landing an helicopter on a boat in a rough sea. It works surprisingly well.
I always figured that all of those little gaps/etc. were due to a couple factors:
1.) the aircraft are constantly being upgraded/modified, so even if you designed the aircraft to be gap-free initially, there will inevitably be changes that introduce them. The cockpit itself is basically a frame with racks that hold all of the avionics, seat, etc.
2.) in conjunction with the above, ease of maintenance was somewhat important, so they tried to leave at least a little room to maneuver in the cockpit where possible (though there were plenty of places which were a nightmare to work regardless), but that comes at the cost of introducing areas where things can fall.
3.) some components have to be regularly removed and worked on outside the aircraft, or must be free of obstruction during flight, e.g. the ejection seat. So you end up with plenty of gaps where things can fall.
A general engineering design principle is that things degrade smoothly so that there aren't abrupt changes in performance.
The aircraft controls should be protected such that foreign objects should have a low likelihood of jamming them. That there aren't things preventing someone from clearing any blockages and there aren't places where they could lever themselves in.
My car has a design flaw with respect to the floor mats and the accelerator pedal (its not a Toyota). Between how the lever arm and the pedal surface itself are design and the aftermarket floor mat, if the mat slides forward it can jam the accelerator down. These are the deep groove mats for catching mud and water. The designers didn't think of this, if the pivot point for the pedal was further up the firewall. The pedal also has a hard square edge. Both of those things are in general a design flaw for pedals. The NHTSA (National Highway Transportation Safety Administration) should and maybe they have (my car is old) the design of the pedal linkage and the shape of the pedal to reduce this kind of risk. The hooks for securing floor mats should also be standardized to help keep them in place.
The hard mount points for child seats are a great positive example of this.
"Why would anyone make a dumb rule about X?" can almost always be rephrased as "how many souls wrote this rule?"
Mercaptan-oderised natural gas is one example that stands out to me. The 300 souls of New London School, Texas, authored that one, in 1930.
My objection was more of the “catastrophic IT failure rarely causes direct physical harm, whereas catastrophic failures in aviation almost always results in fatalities” variety.
But yes, data infrastructure integrity is definitely an issue that must be treated as critical, and increasingly, as a life safety issue in some cases.
Although I feel like referencing self harm is not really in good faith here , because if that was a rational connection we should also be talking about treating interpersonal relations and good manners as a life safety issue in the same way that we regulate aviation.
You're comparing child seats built for the greatest common denominator to high tech war machines that were built on the principle of "kill or be killed" for the best funded and most advanced armed forces on Earth. Every kilo of paneling is another kilo that slows down the aircraft, reduces its range, and changes its balance/maneuverability.
Aircraft technicians are just expected not to drop pens and other crap in cockpits and engines on a regular basis. It's a completely different operational context.
Do better is not the solution. And we aren’t talking about aircraft technicians, I am talking about making designs robust against small parts. It could be a pen, a shoe, a piece of glass or a body part.
You make it sound like paneling, which I didn’t mention, some how has the capability to unbalance an aircraft.
We are talking about different things.
