[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: REFLECTOR: EFIS

To: "'reflector@awpi.com'" <reflector@awpi.com>, "'Douglas O Hayes'" <dohayes@juno.com>
Subject: RE: REFLECTOR: EFIS
From: Joe Stack <joestack@technologist.com>
Date: Thu, 15 Apr 1999 08:48:44 -0700
Organization: 3SC
Reply-To: reflector@awpi.com, Joe Stack <joestack@technologist.com>
Sender: owner-reflector@awpi.com

Doug,

You pretty much hit the nail on the head with the problems related to 
designing a system that allows you to survive a failure.  My approach is to 
provide a primary "glass" system that gives me all of the information I 
need for normal operations and provide the old-fashioned cluster (electric 
miniatures) for the emergency and cross checking in an out-of-the-way 
location on the panel.  Rather than going with something like the Sierra 
dual redundant configuration which is prone to two failures of the same 
kind.

Sidebar on failures:
   I've worked in software engineering for over 20 years, with more than 5 
of that
   doing GPS systems and commercial avionics.  There have been many times
   when I've seen redundant systems, e.g., the high-end configurations of 
Archangel
   or Sierra packages, crash on both sides because an input anomaly causes 
the
   same software failure twice.  This is why NASA prefers for their mission 
critical
   systems (and the Navy mandates for its nuclear control systems) that two 
different
   software houses develop the code on important redundant installations.

   As for the attitude indicator failure in IMC, I too have been there, 
done that.  It
   was a dramatic event, the gyro tumbled violently (and, as near as I can 
tell I
   survived).  For the record, the problem with vacuum driven instruments 
is not the
   gyros; rather it is the vacuum pumps.  I have also seen the insidious 
method of
   pump failure; it happens so slowly that a busy or inattentive IFR pilot 
could easily fly
   into an unrecoverable unusual attitude by following it. (John Deacon 
published an
   excellent article on this very subject a few years back on AVWEB).

In any event, I got the same impression in my discussions with the 
Archangel people when talking about the capabilities of the product and how 
to design it into my system.  Unless you call up and tell them you are from 
Cessna, they seem to be reluctant to provide the appropriate engineering 
and technical information (like your $30,000 doesn't rate that kind of 
consideration).

As Brian Michalk will discover (and he probably has already) the whole 
glass cockpit concept is about its software.  The Archangel folks puff 
themselves up like its something special to have an FAA TSO for their box. 
 The FAA, as an organization, is totally clueless when it comes to this 
kind of "black magic" (yes, I've also seen first hand one of the commercial 
vendors I've work with bullshit the FAA into issuing their box a TSO).  It 
seems they should be LOWERING the price by $15K on a TSO'd box instead of 
raising it.

Anyway, the point of all this dribble is that I think it's a bad idea to 
expect the Archangels or Sierras to provide redundancy (without a full 
disclosure of what is in their system).  And it is naive or even stupid to 
expect that the FAA TSO certification means anything.  So we mix & match 
the promising new with the tried-&-true.

Regards,

Joe Stack
983SC/XLRG

Prev by Date: Re: REFLECTOR: EFIS
Next by Date: REFLECTOR: Re: Coating the strake
Prev by thread: Re: REFLECTOR: EFIS
Next by thread: RE: REFLECTOR: EFIS
Index(es):
- Date
- Thread