[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: REFLECTOR: [canard-aviators] Re:Glass Cockpits/Computers



Hmmm... interesting food for thought.

First, having seen it first hand working in the industry, what
the FAA knows about software could pretty much fill the head
of a pin.  The fact that the FAA has certified software (i.e., 
firmware) for King, Trimble, Honeywell, or any of dozens of
other TSOd devices only means that these companies have
paid the price to buy a government stamp; not that they know
or practice anything related to controlled software development,
software quality assurance, or even intelligent user interface
design.

Second, anybody who needed the FAA to tell them Windows in the
cockpit is a bad idea has no business NEAR an airplane; or sharp
objects for that matter (I don't like things that crash all the time
around my airplane anyway...it's poor form).

Finally; indeed, redundant systems are the only protection against a
failure (with a good mix of electric and vacuum)... but then, I'm
sure most builders already know that.

Tx. Peter, good one

JS

----------
From: 	Peter Beaty[SMTP:PETER.J.BEATY@usa.dupont.com]
Sent: 	Tuesday, October 13, 1998 1:59 PM
To: 	reflector
Subject: 	REFLECTOR: [canard-aviators] Re:Glass Cockpits/Computers

Folks,  I thought this "safety-related" item was worth sharing on Reflector.


>Date: Thu, 8 Oct 1998 23:24:41 -0400
>X-Authentication-Warning: twc2.betaweb.com: majordomo set sender to
owner-canard-aviators@betaweb.com using -f
>From: TEAMEZ@aol.com
>To: timemach@telusplanet.net,
>    owner-canard-aviators@betaweb.com,
>    canard-aviators@canard.com
>Subject: [canard-aviators] Re:Glass Cockpits/Computers
>Sender: owner-canard-aviators@betaweb.com
>
>[The Canard Aviators's Mailing list]
>
>THink long and hard before you tear out those instruments...
>
>The FAA has made it very clear that they will NEVER certify any primary
>flight instrument that uses a Windows operating system. There are
>several reasons, but, believe it or not, the primary one is not the
>system's propensity to fail when you need it most. Actually, the biggest
>problem has to do with the accuracy of the software code.
>
>When we in the avionics industry write code for any device, but
>especially cockpit displays, we conduct validation and verification. The
>purpose is to ensure that every line of code performs its intended
>function, that there is no potential miscalculation, and that there are
>no "extra" lines of code.
>
>An example of what happens if this were not true is the rocket that blew
>up recently when an "extra" line of code was accidentally left in its
>software.
>
>Additionally, certified displays incorporate what we call "watchdog
>timers" that continually track how long it takes to perform functions
>and update the display. Should a function get stuck in an endless loop,
>the timer send the display back to a reset mode. No laptop-based system
>has ever incorporated this function, and, given current operating
>systems, they can't with the kind of processing power currently out
>there.
>
>Given some of the brightest engineers and the most detailed series of
>cross-checks, errors still occur. For instance, about a year ago, an
>airliner accidentally stalled in flight. As it pitched and rolled, the
>flat-panel displays sensed what they thought was a failure (excessive
>roll rates beyond the design capability of the aircraft) so they went
>into their reset mode...just when the pilots needed their artificial
>horizon the most. No display is infallible.
>
>Another thing to consider: the weakest point in most computers and
>display systems are the backlights. Your computer can work just fine,
>but when the backlight fails, the laptop becomes 3 pounds you could have
>used for fuel.  Backlights in laptops are not designed to handle the
>constant vibration of a small piston airplane. Even the backlights that
>are designed to do so fail somewhere between 5 and 15,000 hours, which
>means if 100 of you had laptop-powered instrument panels, I would expect
>at least one of you per year to have an in-flight failure of your
>display. One company manufactures 95% of the world's aviation
>backlights, and even they won't guarantee their backlights much beyond
>5,000 hours in aviation applications.
>
>Additionally, the large planes that do fly with EFIS (Electronic Flight
>Instrument System) displays ALWAYS have a redundant, stand-alone backup
>for essential information, and we just don't have that kind of room if
>you use a laptop.
>
>The moral of this story: As Director of Cockpit displays for
>AlliedSignal Air Transport Avionics, I went to a lot of trouble and
>expense to install a vacuum-powered artificial horizon in my Long-EZ to
>replace a functioning electrical one. Sure, the vacuum pump has a low
>mean time between failures, but its failure will not likely be
>coincident with a total electrical failure.
>
>Single-point failures (total electrical failure) or software-induced
>display failures are just too risky for a small plane like an EZ. 
>
>Fly safely. Please.
>
>Tom Staggs
>Long-EZ N13YV
>
>                                                  \
>->>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>-|-
>                                                  /
>For details on sponsors of this list, copyrights, and how to remove
>yourself from this list, please visit:
>
>http://www.canard.com/ca-ending.html
>
>(c) 1997,1998 Canard Aviators.     support@canard.com
>        /
>   -|-<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
>        \
>

application/ms-tnef