What happened to Qantas flight QF32, or: How to fly an A380 with three engines and a balky computer
December 12, 2010 11:23 AM   Subscribe

just as an addendum: the definitive source for all commercial aviation incidents is the aviation herald. their article on the uncontained engine failure of Qantas A388 VH-OQA near Singapore on Nov 4th 2010 is constantly updated.
posted by krautland at 11:37 AM on December 12, 2010 [1 favorite]

Impressive. Thanks for that.
posted by rodgerd at 11:43 AM on December 12, 2010

The first rule of flying (much as I wish it was love) is "Aviate. Navigate. Communicate. And in that order". The crew knew that they had a catastrophic failure, but they also knew that the plane was still flyable. If the plane is still flyable, you can move beyond the big three and start working the problem so as an urgent desire to get on the ground doesn't mean you miss that one warning light which tells you something that would affect the landing. It means you have time to make a visual inspection of the damage (by way of reference, consider El Al Flight 1862. Had they known the full extent of the damage, they would have known that slowing the aircraft for a landing would have rolled them over, and would have continued the landing at a higher speed where the plane was still controllable to a degree), speak to maintenance etc. If you have the time, you use it in order to maximise your chances of landing safely and everyone walking off the plane.
posted by dougrayrankin at 11:53 AM on December 12, 2010 [6 favorites]

People are interpreting this story in a far more OMG PLANES SCARY way than they really should be. I don't have time to go through all of the "issues" that people unfamiliar with the operation of commercial aircraft are raising, but I can take pot-shots at the easy ones.

The plane was not able to compute the exact target landing speed, not the landing "probability". That's because the aircraft was operating in a very non-normal situation, with three engines, leading edge slats disabled, spoilers disabled, limited aileron travel, two degraded engines, a potential center of gravity issue, etc. Thing is, without a computer, you would never be able to calculate the landing speed under this combination of circumstances either, since you would have to compute a different landing speed graph for every permutation of system failures. Did this matter? No. You use the most reasonable landing speed you can come up with, and err on the side of being a little too fast. We're talking a few knots difference.

That engine running for five hours. Guess what, that was a safety feature. The engine is designed to keep running in the event that it looses communication with the cockpit, because in almost every situation you could encounter in an aircraft, you'd rather have that engine running than not. In this case it was the left outboard engine, and it had its control lines severed by debris from the engine failure. If it had shut down, you would have had a much worse accident.

Evacuation through a single set of stairs? Nope, that's not an evacuation, that's an orderly deplaning. If an evacuation had been ordered, that plane would be empty in under two minutes. Maybe an extra minute or two if they avoided the left side of the aircraft. This is tested as part of certifying the aircraft for flight; it was evacuated in 78 seconds when the test was performed.

Et cetera, et cetera. According to the preliminary report, it only took 50 minutes to go through the checklists associated with the ECAM messages. The #1 engine was shut down 127 minutes after landing, not five hours. The problem with engine #1 did not delay the deplaning; the first passengers were let off the plane 55 minutes after landing and all passengers were off an hour later. The plane landed 109 minutes after departure. That's a little longer than normal for engine failures on takeoff, but most of the time it takes about an hour.

There are issues that have been raised by this incident, but they are almost all related to the uncontained engine failure itself, not the recovery from that failure. There is no computer issue.
posted by kiltedtaco at 12:00 PM on December 12, 2010 [45 favorites]

I am in awe of the ability of this crew to not freak out, calmly assess the situation, and bring that thing back down safely.
posted by egypturnash at 12:05 PM on December 12, 2010 [1 favorite]

Mods, fix the “probability” error in my post, please.
posted by joeclark at 12:05 PM on December 12, 2010

Impressive. Thanks for that.
posted by rodgerd at 11:43 AM

After my third decade of international flying, I began to develop a [don't wanna go there in my mind] low level anxiety that now, after 40 straight years of constant flights, finally, I'm playing the odds. I have flown on the Kanishka, a week before, when during its landing in Bombay Sahar, it rolled forward to hit the fence and bounce back. I have flown on the JAL flight about a month before. I firmly hold on to the belief that my time has not yet come, when I land with every flight.

We simultaneously do not honour the skill of those that are responsible for these machines and yet take these complex machines for granted. "Balky computer", remember that.
posted by The Lady is a designer at 12:07 PM on December 12, 2010 [1 favorite]

Really interesting article....I actually found it quite comforting to see just how many emergency/backup systems there are, and their sequence of activation in this incident.

Can anyone explain what a check captain is? I did some googling but what I was finding was not enlightening for some reason.
posted by advil at 12:13 PM on December 12, 2010

Qantas has had a hell of a lot of mid air incidences in the last decade, including a terrifying, as yet unexplained, plunge over Western Australia, not far from a US communications base. Hmmm.

Saved every one of 'em.

And be sure, us Aussies know. Qantas is a favourite whipping boy of the MSN for some reason, and they keep us up to date with every single minor hiccup.

/my mum and dad were on a Qantas flight that had an engine blowout just after takeoff, about 8 years ago I reckon
posted by uncanny hengeman at 12:15 PM on December 12, 2010 [1 favorite]

Now Charlie's NEVER going to get Raymond on a plane!
posted by briank at 12:28 PM on December 12, 2010 [2 favorites]

Can anyone explain what a check captain is? I did some googling but what I was finding was not enlightening for some reason.

Check captains (also known as check airmen) are like on-the-job supervisors. Its also known as a line check. They sit in the cockpit and observe a flight to make sure you're following all the proper rules and procedures.
posted by SirOmega at 12:32 PM on December 12, 2010

As someone who does technical support on a reasonably non-trivial software product, and who knows just how tricky it can be to track down and diagnose strange computer problems, I was fascinated and amazed by the incredible complexity of not just each of the plane's systems but also the interconnectedness between them. That's a pretty damn amazing on-board computer that could even begin to cope with a set of circumstances like QF32's, and some pretty damn amazing additional analysis of the problem by the flight crew when the computer couldn't cope.

The whole thing makes me, somehow, simultaneously more frightened AND more reassured about being a plane passenger in the future....
posted by Greg_Ace at 12:38 PM on December 12, 2010

In the Airbus and the A380 we don’t carry performance and landing charts, we have a performance application. Putting in the ten items affecting landing performance on the initial pass, the computation failed. It gave a message saying it was unable to calculate that many failures.

Awesome. So there you are trying to land an overweight aircraft with no landing charts. I'm all for computerising stuff, but disabling the pilots so they can't do the job they trained to do using the materials they trained with seems a little shortsighted.

I realise that flying and diving are not the same thing, but in a day and age where pretty much everyone who seriously dives does so with a dive computer that caluculates decompression stops for you, divers still train, certify and dive with manual charts. If the computer fails, you have to be able to calculate the return trip, and you need the charts to do that.
posted by DarlingBri at 12:55 PM on December 12, 2010

Check captains (also known as check airmen) are like on-the-job supervisors. Its also known as a line check. They sit in the cockpit and observe a flight to make sure you're following all the proper rules and procedures.

Roger, over.
posted by uncanny hengeman at 1:04 PM on December 12, 2010

Huh?
posted by uncanny hengeman at 1:04 PM on December 12, 2010 [1 favorite]

Yeah, I'm seeing the take home message here as being "And it still landed safely"
I mean, when your hit with that much drek and still manage to get everyone home safely then you have to be doing something right.
posted by Canageek at 1:40 PM on December 12, 2010 [1 favorite]

If we were interested solely in take-home messages, nobody would ever investigate anything that ended “well” in the opinion of any commentator. In particular we would not investigate how and why it ended well.
posted by joeclark at 1:41 PM on December 12, 2010 [1 favorite]

BTW, it's true as stated in the movie Rain Man that a Qantas flight has never crashed, but there have been some accidents and fatalities over the years.
posted by Ike_Arumba at 1:42 PM on December 12, 2010

And be sure, us Aussies know. Qantas is a favourite whipping boy of the MSN for some reason, and they keep us up to date with every single minor hiccup.

And it's that idea about how "A Qantas Flight Has Never Crashed" that keeps the media hoping for some schadenfreude.
posted by Jimbob at 2:13 PM on December 12, 2010

kiltedtaco wrote: "The plane was not able to compute the exact target landing speed, not the landing "probability"."

You seem to be missing the fact that this particular plane was equipped with the experimental infinite improbability drive. Obviously, being unable to calculate probabilities caused said drive to become inoperational.
posted by wierdo at 2:54 PM on December 12, 2010

It gave a message saying it was unable to calculate that many failures.

Awesome. So there you are trying to land an overweight aircraft with no landing charts. I'm all for computerising stuff, but disabling the pilots so they can't do the job they trained to do using the materials they trained with seems a little shortsighted.

The error is likely on purpose to sort of "poke" the pilot to reassess, re-prioritize and simplify the situation. Figure out what the airspeed needs to be at landing time, and then figure out how to get there.

Unless it was just a plain old bug, it likely saw that there were "competing failures" and that there simply isn't useful information on how to deal with the situation. One failure might call for not exceeding 180 knots, another might call for not going below 220 knots. You don't want the computer to just say "200 knots, totally cool guys", you want it to say "you can't do that, figure something else out".
posted by gjc at 2:59 PM on December 12, 2010 [4 favorites]

For what it's worth, the flight crews train exhaustively on stuff so bad that it makes this look like the cigarette lighter breaking on your car. One of the reasons the crews are so calm, cool and collected is because of training, training, training. There is a reason that they have to go to recurrent training every six months. In the US, at least - I'm assuming a similar rule for the rest of the world. (Is Qantas under the JAA?)
posted by Thistledown at 3:46 PM on December 12, 2010

After my third decade of international flying, I began to develop a [don't wanna go there in my mind] low level anxiety that now, after 40 straight years of constant flights, finally, I'm playing the odds. I have flown on the Kanishka, a week before, when during its landing in Bombay Sahar, it rolled forward to hit the fence and bounce back. I have flown on the JAL flight about a month before. I firmly hold on to the belief that my time has not yet come, when I land with every flight.

According to Anxieties.com if you "fly every day of your life, probability indicates that it would take you nineteen thousand years before you would succumb to a fatal accident." So you've probably got a little breathing time left.
posted by fairmettle at 4:38 PM on December 12, 2010 [3 favorites]

That's a pretty damn amazing on-board computer that could even begin to cope with a set of circumstances like QF32's

There's some absolutely incredible stuff going on in aerospace software engineering. Airbus validates all its code with ASTRÉE, a static analyzer that can prove that the program won't crash and no variables will overflow. Many new projects are using formal verifiers like SAL to directly prove that software meets design requirements. I'm not sure if the overall software engineering community will adopt these ideas, or if aerospace software engineering will branch off into its own discipline.
posted by miyabo at 4:48 PM on December 12, 2010

(Is Qantas under the JAA?)

No, Qantas is under CASA.
If you want all the nutty, agenda heavy and barely literate analysis of anything aviation, try PPrune. There is a lot of maintenance discussion on there too, not just pilots. I used to work in commercial AC maintenance in Aus, they are a gossipy bunch.
posted by Trivia Newton John at 5:20 PM on December 12, 2010

I was sitting next to a guy on a flight a couple weeks ago who headed an air force flight software team. He had some pretty strong opinions about use of computers to control shit in planes. Wish I could remember what he said.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

One flight attendant and 11 passengers were seriously injured while many others suffered less serious injuries when the flight from Singapore to Perth plunged 154km west of Learmonth last October.

"This is your captain speaking. We've reached a cruising altitude of 510 thousand feet..."
posted by doublehappy at 5:52 PM on December 12, 2010 [3 favorites]

BTW, it's true as stated in the movie Rain Man that a Qantas flight has never crashed...

You mean "Qantas jet has never crashed"? [does that crash landing count?]
posted by uncanny hengeman at 5:57 PM on December 12, 2010

I am in awe of the ability of this crew to not freak out, calmly assess the situation, and bring that thing back down safely.

On the one hand, we keep seeing stories about near-disasters where "hero" pilots save the day (Salon's Patrick Smith does an excellent job debunking this "hero" BS.) On the other, we keep hearing about how pilots are just glorified bus drivers who make too much money.

The fact is, just about all airline crews are just like that, who without freaking out will calmly assess the situation and continue troubleshooting and flying until the end (whether the end is a safe landing or a fiery death). I'm a private pilot; every airline pilot I've ever met has been an inspiration to me. They earn every penny of the high salaries they (used to) get.
posted by phliar at 6:12 PM on December 12, 2010 [1 favorite]

John Travolta, Qantas ambassador at large and all 'round goofball, was recently involved in a major screw up.

3AW reported, following a call to the station's Rumour File, that a plane purporting to be Travolta's private 707 vintage Qantas jet flew as low as 131m on his first approach to Tullamarine about 11.20am last Saturday.

Another caller suggested that Travolta came through the clouds and was 300-400m west of the runway.

"He definitely missed the runway by a long shot,'' the caller said.

Or maybe not, depending on who you believe.

Qantas spokesman Tom Woodward said air traffic control had simply asked Travolta, in Australia for the airline's 90th birthday celebrations, to initiate a procedure known as a go-around as he approached the airport.

"Rather than landing as scheduled, you have to back up, you have to go around and land on the second occasion. It's pretty common in aviation.

"It was not anything to do with the piloting of the aircraft. It was just a request from traffic control.''

Either way, he saved the day.
http://www.heraldsun.com.au/news/qantas-denies-john-travolta-overshot-runway-on-melbourne-airport-approach/story-e6frf7jo-1225955489776
posted by uncanny hengeman at 6:36 PM on December 12, 2010

"Qantas has had a hell of a lot of mid air incidences in the last decade, including a terrifying, as yet unexplained, plunge over Western Australia, not far from a US communications base. Hmmm."

I ran some calculations on that at a previous job, and although little in EMI/EMC is ever 100% certain, it's reasonably safe to say the comms base had nothing to do with it.
posted by markr at 6:49 PM on December 12, 2010

Thanks, markr. I couldn't help myself. Comment and be damned.

/my mum and dad were on a Qantas flight that had an engine blowout just after takeoff, about 8 years ago I reckon

This is it, I think.

"The captain said we've had catastrophic damage in our left engine - fairly serious - a lot of people were crying," [the passenger] said.
posted by uncanny hengeman at 8:27 PM on December 12, 2010

I wish I was a godzillionaire (a godzillion = any number large enough to destroy Tokyo) just so I could hire these guys as my personal pilots and give them a nice long-lasting secure job.
posted by Samizdata at 5:17 AM on December 13, 2010

And it's that idea about how "A Qantas Flight Has Never Crashed" that keeps the media hoping for some schadenfreude.

Outsourcing maintenance a few years back has probably left a few people more attuned to the possibility of problems, too.
posted by rodgerd at 9:53 AM on December 13, 2010

Never looking at airline pilots the same way again.
posted by TrinsicWS at 9:54 AM on December 13, 2010

As someone who does technical support on a reasonably non-trivial software product, and who knows just how tricky it can be to track down and diagnose strange computer problems

Aircraft software isn't like most software. It's designed for reliability first and foremost, whereas most software is "lets get it working, and we can debug any problems that come up at that point." Interestingly the need for security in internet software has increased the quality of software overall lots of bugs have the potential to be security gaps, and so closing them is much more important overall.

But the important thing is to understand is that you can write software that always works, you just have to spend the money -- in a lot of cases, more money then the cost of fixing glitches that pop up every once in a while. But not when you're talking about avionics.

Awesome. So there you are trying to land an overweight aircraft with no landing charts. I'm all for computerising stuff, but disabling the pilots so they can't do the job they trained to do using the materials they trained with seems a little shortsighted.

What makes you think a "landing chart" would ever be printed with that many failures listed? If there are ten things that can go wrong, that's technically 1024 entries. If there were 20 points of failure, the chart would need 1,048,576 and so on.

Now you could certainly put on an inaccurate landing chart, but what good would that do? If the actual landing speed couldn't be calculated by computer, it couldn't be calculated with a chart.
posted by delmoi at 12:38 PM on December 13, 2010

What makes you think a "landing chart" would ever be printed with that many failures listed? If there are ten things that can go wrong, that's technically 1024 entries. If there were 20 points of failure, the chart would need 1,048,576 and so on.

Now you could certainly put on an inaccurate landing chart, but what good would that do? If the actual landing speed couldn't be calculated by computer, it couldn't be calculated with a chart.

Do it the old fashioned way. You know the wing is designed to stall in a particular fashion, ie it stalls progressively so you know it's stalling long before the control surfaces lose authority. Fly it to what speed you'd normally do on a flapless landing when overweight and see how she feels. If she's a bit sluggish, add 10 knots.

Down, test and adjust as they say.
posted by dougrayrankin at 2:45 PM on December 13, 2010

delmoi: "What makes you think a "landing chart" would ever be printed with that many failures listed? If there are ten things that can go wrong, that's technically 1024 entries. If there were 20 points of failure, the chart would need 1,048,576 and so on. "

The fact that landing charts are in fact printed and routinely carried in air craft. They simply are not carried in these aircraft, as the computerised system is more accurate.

In the event of a catastophic system failure, I would like my pilots to have the data that gives them the best chance of landing the aircraft. In this instance, they needed the base target landing speed calculation. I'm fine with them using experience and observation to adjust for nine other factors, but I'd like them to be able to do that much. "My kingdom for a laminated spreadsheet."
posted by DarlingBri at 3:07 PM on December 13, 2010

But the important thing is to understand is that you can write software that always works, you just have to spend the money -- in a lot of cases, more money then the cost of fixing glitches that pop up every once in a while. But not when you're talking about avionics.

That reminds me of my mental answer to Bill Gates famous quote:

"If GM had kept up with technology like the computer industry has, we would all be driving $25 cars that got 1000 MPG."

"No Bill, if they crashed as often as Windows, nobody would."
posted by Skeptic at 3:42 PM on December 13, 2010