In my opinion, the recruitment in aviation sector shall have better background check from now on. At least three agency inputs ( including the external agency).
Air India Ahmedabad-London flight crash
- Thread starter Ashwin
- Start date
In my opinion, the recruitment in aviation sector shall have better background check from now on. At least three agency inputs ( including the external agency).
Air India crash: Black box heavily damaged, India to send it to US to recover data
Indian authorities will be sending the damaged black box of the doomed Boeing 787 Dreamliner to the US National Safety Transport Board (NTSB) for further investigation into the Air India plane crash
As the probe into the Air India plane crash continues, India will be sending the black box of the doomed Air India Boeing 787 Dreamliner aircraft to the United States for analysis. The recorder, which was found two days after the crash, sustained heavy external damage, making it impossible to extract data in India, a source close to the matter told The Economic Times.
Nice video. I also saw it this morning in my YT feed.
Gaurav Taneja a.k.a. "Flying Beast", ex-Air Asia pilot, whistle blower of many things incl. high flaps/speed landing.
He covered many theories.
They simulated the crash in actual hard simulator & they got stunned & froze. But real life scenario is different.
There are many other videos also including air crash investigations where, although at high altitude, pilots with dual engine failure had far more chance of recovery & did recover by restarting engines (fuel switch behind throttle & engine start switch on overhead panel) after checking conditions of fire, electricity, hydraullics, etc.
But in this case, even in 1st half of trajectory (16 seconds), pilots must have checked all faults on MFDs & suppose even if they tried restarting engines with battery + RAT, remaining 16 seconds may not be enough to achieve thrust to level & pull up. In my limited knowledge i guess the throttle cannot be pushed full too fast immediately. And the city dwellings also didn't give much chance, the open areas & roads probably obscured by trees.
Air India crash: Black box heavily damaged, India to send it to US to recover data
Indian authorities will be sending the damaged black box of the doomed Boeing 787 Dreamliner to the US National Safety Transport Board (NTSB) for further investigation into the Air India plane crashwww.firstpost.com
As the probe into the Air India plane crash continues, India will be sending the black box of the doomed Air India Boeing 787 Dreamliner aircraft to the United States for analysis. The recorder, which was found two days after the crash, sustained heavy external damage, making it impossible to extract data in India, a source close to the matter told The Economic Times.
Some News channel reported Black-box analysis center opened in New Delhi.
I can't find that video, the title is not like that.
The analysis should be done in front of Indian team member.
Constant video surevellance should be there accessible to Indian team.
Same precautions with engines too.
AI 171 crash: An upgrade for India’s own ‘Black Box Lab’ - BusinessToday
Air India crash probe: Govt dismisses claims of sending AI-171 black boxes abroad
Most probably after backlash from people. They think people are fools. Now days, there are more aware and talented people outside govt than in govt. They can't fool anybody now.
Air India crash probe: Govt dismisses claims of sending AI-171 black boxes abroad
Most probably after backlash from people. They think people are fools. Now days, there are more aware and talented people outside govt than in govt. They can't fool anybody now.
Ahmedabad plane crash: The initial investigation into the cause of the Air India plane crash, which is said to be one of the world’s worst in aviation history, has offered early clues into what may have gone wrong. According to a report by The Wall Street Journal citing investigators, the aircraft’s emergency power system, known as Ram Air Turbine (RAT), was activated shortly before the crash. This raises serious questions about whether the engines were functioning properly during take-off.
Since the emergency power system was activated on Air India flight AI171, which claimed the lives of all but one passenger on board, it indicates either a loss of engine power or complete electrical failure
Investigators near cause of AI 171 crash
Since the emergency power system was activated on Air India flight AI171, which claimed the lives of all but one passenger on board, it indicates either a loss of engine power or complete electrical failure
This video highlights another user, probably into aircraft maintenance, telling that -
- There are known cases of 787 & 777 of total electrical failure.
- FSOV (Fuel Shut Off Valve) are spring-loaded & not powered by engine's PMA (Permanent magnet Alternator) but by aircrafts DC system.
- Aircraft loses electricity, FSOV shuts off.
- FSOV designed to protect airframe, not engines.
- Boeing thinks it is safer to shut down engine than to keep feeding fuel into a potential fire.
- BUT, for both FSOVs to close, A/c should lose both AC buses, DC buses & Battery backup.
- RAT would take 2 seconds to deploy & start giving electrical power
- when switching power sources, system can behave unpredictably - especially if one source is competing with RAT or is unstable, causing delays & closing FSOVs.
Well, we do notice in homes, offices, when voltage fluctuates then switching from main power to UPS/Invertor can be some times like ping-pong. But a S/w controlled switching can keep the power to backup/secondary only.
- So in 787 the FSOVs power is from DC but not with DIRECT battery backup, like in A320 for example. It is INDIRECT, the batteries support DC but FMC prioritizes flight critical systems 1st. If power limted or unstable then less critical FSOV can be deprioritized.
- From 2015-2020, 3 ADs (Air-worthyness Directive) were issued.
- 787 continiously powered for 248 days can lose all AC power due to GCUs (Generator Control Unit) going into fail-safe mode, the S/w counter is local to GCU.
- On ground, power cycling or reboot of main electrical power &/or to Contol Modules required.
- All 3 Control Modules might reset together if powered for 22 days.
- Stale data monitoring function of Common Core system (CCS) may be lost if powered for 51 days, leading to loss of Common Data N/w (CDN) message age validation, combined with CDN switch failure. IDK what is this.
- Google search on FSOV, in the video show that FSOV will close when -
- Inlet or outlet temp. beyond limit.
- Bleed air pressure is lost, probably due to compressor stall, fire, etc.
- electricity to FSIV lost.
- ANA 787 incident where Over-thust protection by TCMA or Thrust Control Malfunction Accommodation system. I mentioned this already.QUESTIONs:
- In those known cases, what caused a massive electrical failure taking out 3 redundant supplies - AC, DC, batteries?
- Why EEC & its PMA doesn't have at least secondary control over FSOV?
- Why the electrical switching in such critical machine is not instantanious?
- How can FSOV be deprioritized when A/c needs fuel to fly?
- Does the FMC check the GCU counter & Control Modules before flight, detect interception with flight, display caution on MFD?
- Is GCU connected to EEC or no need?
- What powers GCU - A/c's AC or DC, EEC's PMA?
- We now that battery can be shut down by cockpit overhead panel. Perhaps after 1 day of duty the A/c might be given few hours of rest, IDK. So, does the maintenance crew power cyce the main power or the sub-systems?
- Did the ground crew address th CDn issue.
- All types of planes fly in MEA region (Middle-Eastm Africa) with hotter climate. So what about inlets & outlet temp limits there?
So the "black box being decoded in USA because AAIB doesn't have the equipments to do so" was a lie?
OBSERVATIONs in video-
- Each engine has 2x generators giving total 2x235 KV power, connected via gear box to spool.
- Generators are oil cooled.
- Generators have extra PMG (Permanent Magnet Generator) powering the GCU. PMG is not PMA. so the Generators power their own brain (GCU).
- EEC is dual channel redundant.
- As i said earlier, EEC gets powered from its PMA.
- If PMA fails the A/c's 115 AC bus kicks in.
- If 6 fuel pumps (2Left + 2 center + 2 right) pushing fuel fail, then engines have their own suction pump.
- If fuel filters are clogged then bypass will happen (warning displayed on MFD).
- Fuel tanks have water scavenge pumps, water being heavier sits down.
- Engines would stutter with smoke if fuel contaminated.
- Gear handle in cockpit tells gear to tilt forward, door open, then retract.
- 787-8/9/10 have different sequences of gear retraction.
- Flaps handle well separated from gear handle.
- All controls are made with different size, texture, shape so that if cockpit has smoke then pilots can still operate them well.
- The flaps positions have notches & detent to prevent accidental flaps decrease. Such pilot error is already being debunked in AI-171 case.
- Auto-gap function, keeps the slats deployed for lift, no manual control needed. Even if flaps retracted the slats might stay deployed for some time until sufficient speed. Also depends on AoA.
- Pre-gap function when below 225 knots. Operates same like auto-gap but operates when there is some kind of failure.
- Load relief function - auto retracts flaps when speed increases & flaps cause excess drag.
- RAT auto-deploys in following conditions -
- loss of all engines
- both engines are less than idle rpm
- loss of all hydraullic power
- loss of all electrical power
- loss of BPCU (Bus Power Control Unit), which detects lost power of C1 & c2 TRU (Transformer Rectifier Unit).
- On approach - loss of all 4 EM (Electric Motor Pumps), hydraullic pressure & loss of either left/right Flight Control ACE (Actuator Control electronics)
- Rotor burst on take-off causing loss of both PECS (Power Electronics Cooling Systems)
RAT can be manually deployed by button on overhead Hydraullic panel.
DERIVATIONS (not conclusion) from OBSERVATIONS -
- As RAT can auto-deploy when engines below idle RPM, an EEC glitch detecting high EGT for long could reduce thrust by reducing fuel flow. Although such glitch is very difficult to imagine.
- EEC is dual channel, has PMA. So if 4x generators lost, the PMA keeps EEC powered & connected to FMC.
- 4x GCUs have their PMG so 1 GU fail on each side is also tough to imagne. So all 4x generators can't be lost together.
- Due to water scavenge pumps, fuel contamination with water should stutter the engine with smoke, perhaps while taxi itself, but not stall the engines towards crash.
- Flaps can be auto-retracted by FMC by load relief' function. I wonder if a glitch can occur here or in auto-gap, pre-gap functions. But this doesn't sem to be case in AI-171 case.
Officials aware of the development said a threat review by intelligence agencies highlighted the threats and the need for cover for AAIB chief
The Centre has provided Central Reserve Police Force (CRPF)’s X category security cover to Aircraft Accident Investigation Bureau (AAIB)’s director general (DG), GVG Yugandhar, who is leading the probe into the Ahmedabad plane crash after a threat review by intelligence agencies highlighted the need for it, officials aware of the matter said on Saturday.
These videos mentioned possibility of toilets & galleys leaking various liquids down into equipment & avionics bays & causing catastrophic short circuit.
An article from NDTV:
The Aircraft Accident Investigation Bureau (AAIB) is probing from all angles, including sabotage, the Air India plane crash in Ahmedabad that killed 274 people on board and on the ground last month, Minister of State (MoS) For Civil Aviation Murlidhar Mohol said.
Mr Mohol also said the black box of the Air India flight AI 171 that has been recovered is in AAIB's custody and will not be outside the country for a thorough assessment.
www.ndtv.com
The Aircraft Accident Investigation Bureau (AAIB) is probing from all angles, including sabotage, the Air India plane crash in Ahmedabad that killed 274 people on board and on the ground last month, Minister of State (MoS) For Civil Aviation Murlidhar Mohol said.
Mr Mohol also said the black box of the Air India flight AI 171 that has been recovered is in AAIB's custody and will not be outside the country for a thorough assessment.
Sabotage Angle Also Being Probed In Air India Crash Case: Union Minister
The Aircraft Accident Investigation Bureau is probing from all angles, including sabotage, the Air India plane crash in Ahmedabad that killed 274 people on board and on the ground last month, Minister of State For Civil Aviation Murlidhar Mohol said.
www.ndtv.com
So, some kind of S/w glitches with every aircraft exist, hence upgrade is needed.
In 787 also they are there.
Some sound very specific & technical, difficult to understand even for techies in 1st glance. For example the last one above -
"Stale data monitoring function of Common Core system (CCS) may be lost if powered for 51 days, leading to loss of Common Data N/w (CDN) message age validation, combined with CDN switch failure."
I discussed in other forums that what has this to do with dual engine failure at same time & the response/outcome so far is that POTENTIALLY these stale/delayed control signals from sensors through network to FMC & then to MFDs can display data late which might induce psuedo-pilot error.
The stale data to engine EEC can also impact it.
But such a delay would be in 100s of mili-seconds & then corrected.
The error potential ASSUMES SWITCH FAILURE ALSO, when H/w & S/w redundancies are expected.
An analysis by someone was shared -
(A Reverse Engineer’s Perspective on the Boeing 787 ‘51 days’ Airworthiness Directive)
I would divide this into 4 areas-
- H/w
- S/w
- communication
- clock & n/w nodes sync.
I'll mention some points for generic global audience & non-IT techies.
People with knowledge of OSI stack, N/w protocols, resource virtualization & partitioning, can understand these things more easily.
H/w -
- In general, a critical switch needs to be modular with at least 2 contoller modules & multiple port modules each with at laest 2 ports connected to both N/w A & B.
- Such switch also has temp sensors, smoke detectors.
- Cooling fan modular also redundant. If 1 fail, others spin faster, with alert.
- And if 1 entire switch fils then other N/w switch is supposed to route the data.
- So there is protection against -
- port/cable failure,
- module failure,
- controller failure
- cooling fan failure
- entire switch failure
+ power redundancies i said earlier.
S/w ( messages, data-structure)-
In switches, routers in datacenter for example -
- There are multiple modules needing multiple types of logs & look-up tables like MAC/CAM table, ARP table (Address Reolution Protocol) with IP address - MAC address mapping, then routing protocols like OSPF, EIGRP, etc have their routing tables & n/w topology table, etc, then link state table, etc.
- Some tables like topology are distributed across n/w whenever there is link state change.
- All these entries in tables have their own default age which can be tweaked if required.
- After age timer is zero the entries are deleted & when new PDU arrives the entries are again put in tables. But this doesn't affect working of device & display to admin team.
- The switch/router does malfunction due to numerous H/w & S/w issues & for certain issues there are reboots done 1st at smallest modular level, if didn't work then intermediate section level, still didn't work then entire switch/router reboot. But AFAIK, a S/w bug usually relates to OS, memory, not timestamps.
- If entire switch/router malfunctions, rarely, then link state changes, n/w topology changes, new master node might be needed by automatic election by exchanging some info. This can take few seconds, HOWEVER, some latest protocols either have an 'active-active' mirrored system of distributing work among 2 modules or 2 nodes, OR a deputy node is selected proactively to take over instantly to minimize re-direction delay.
- L3 Routers provide redundancy by protocols like VRRP (Virtual Router Redundancy Protocol), GLBP (Gateway Load Balancing Protocol), HSRP (Hot Standby Routing Protocol), VPC (Virtual Port Channel), etc.
- L2 Ethernet switch provide redundancy by PRP (Parallel Redundancy Protocol), Port Channel, VPC, Cisco has CEF, etc.
Communication -
- There are 2 types of communications - Data & Control Signals.
- Data received by FMC would be from sensors, components & about control surface positions.
- Data sent by FMC would be instructions & new values to operate all moving components & to displays, logs.
- There is choice to send Control Signals in dedictaed N/w separate from data channels, like CAN (Controller - Area Network) used by RDCs here in 787, this is called "Out of Band communication".
- If Data & Control Signals are sent in same channel then it is called "In Band Communication".
- Communication is made redundant with at least 2 channels/sub-networks.
- So the H/w redundancies mentioned above at port & module level facilitate the redundancies.
- No matter which protocol is used - Ethernet, Fiber Channel, PPP, etc, these are reliable, connection-oriented protocols with CRC & other checks, ackowledgement of each transmitted PDU (Protocol Data Unit). The sequencing & flow control are inbuilt.
Clocking, Synchronization -
- All the functions & data structures are independent & synchronized from battery powered clock in a network or computing node.
- For all network nodes to sync together, every transmission protocol has 1st section called "preamble", etc, of its PDU (Protocol Data Unit) for sync, a pattern of 0/1 bits. Ethernet has 7 bytes preamble.
- After initial sync, there will periodic sync too.
- The log messages are oriented to GMT from which the display/analysis tools can calculate local time.
- How do 2 devices in 2 different time zones, or across the world interact through internet? Do they consider eachother's local time? NO. They use things like NTP (N/w Time Protocol).
- There can be secondary server setting also if primary fails.
- If all NTP servers fail or link with them fail, then it doesn't destroy communications b/w nodes/devices.
- The 787 aircraft has local Time Manager like NTP server.
Hence as per my low IQ the actual transmit timestamp could be issue if used wrongly in programming.
Every node has its own battery powered local clock, so after their max value, it is expected to reset.
If sender's clock reset 1st then receiver's & timestamp recieved is lower than receiver's then a well-programmed logic can check last 1 or 2 values & confirm that this resetting is expected.
So whether the root cause is H/w malfunction or S/w bug, there is redundancy in network.
Same goes with a critical computer.
So at this point itself i would reject CDN switch failure unless a bad switch design/product for real-time application.
Now let's look at Boeing 787 H/w & S/w features:
The 787's CCS (Common Core System) diagram, there seems to be at least 6 CDN switches.
Bcoz this is small N/w so L3 router with IP not used, just L2 Ethernet will suffice.
We can see 2 parallel blue lines denoting 2 channels/sub-networks.
The avionics FMC H/w seems to be modular & redundant:
The 'End System' modules are connected via PCI bus in backplane & each ES LRU (Line replacable Unit) has -
- 1x ASIC (i hope multi-core)
- 2x transcievers
- 1x config memory
- 1x RAM
21 RDCs (Remote Data Concentrators) interface with components with other protocols, analog things, sensors, valves, pumps, etc.
They are connected to 2 networks via CDN switches.
I don't have exact pic of 787 CDN switch. something like following -
So we see that there are multiple ports, probably logically bundled in Ether-Channel port group giving redundancy, load balancing, high availability.
There are batteries + RAT for backup.
Now few points about this avionics S/w, communication -
- ARNIC 664 is Airbus version based on Ethernet, ATM (Async Transfer Mode), so it'll provide redundancy, speed, full-duplex, data integrity (CRC), etc.
- It seems to use Virtual Link ID instead of MAC address, hence a VL table instead of MAC/CAM table, can reject any erroneous data transmission.
- Reading further, IP address is also used, but not in routing as this is small n/w.
- CCS is an asynchronous system, decoupling this operation from the network interface.
- Data is transmitted on 2 channels/networks. At recieving end there is integity checking & redundancy management using '1st validation wins' policy.
- But it seem to use UDP primarily, not TCP. UDP is used where some data loss like in video, audio is acceptable, while TCP has 'sequences' & 'acknowledgement' for ordered delivery, not UDP. Hence the ES (End System) has to add 1 byte in data for Sequence # (0-255) at physical link level.
- But still again Boeing, at virtual link level, adds extra EDE protocol with 1 more sequence #, on top that the actual time stamp & 2 CRCs. May be extra sequence is required to differentiate virtual link frames, but exact time stamp IDK why, may be for logs. But more encapsulation, decapsulation, calculation means more complexity & delays.
- Timestamp is of transmit time & uses local clock.
- As all nodes use their own local clock, CCS needs to centralize all local time for age validation, done by the Time Management function, which maintains table of relative offsets with each ES in CDN. Time Agent of each ES is periodically questioned by the Time Managers.
- Offset table is broadcasted to each ES to perform age verification of PDUs from another ES.
Ultimately the consistency of broadcasted offset tables is being questioned in the analysis.
Possible reasons given -
- ES didn't get off settable. [This is not possible in redundant n/w, active-active or active-passive]
- Age in table > max config age, so discarded, or age is inconsistent. [This means corrupt data but with CRC X + CRC Y + FCS + 2 channels + redundancy manager, how is this possible?]
To this response was that cosmic rays can corrupt data after all error checks.
Then every phase is at risk - transmission source, transit carrier, destination.
And every electronic system, small/big, consumer goods or industrial, civil or military is at risk, especially space objects like satellites, ISS, etc.
(Cosmic ray - Wikipedia)
But there are radiation hardening methods also, physical & logical (electronic), when we have high altitude & space machines since decades now.
(Radiation hardening - Wikipedia)
Also, our lovely atmosphere filters most radiation. The remaining effects reduce towards surface.
I leave upon audience to share their knowledge if they know of 100% shielding or space solution used in jets, etc.
Last edited:
These veteran defence journalists talking about fuel switches pointed to the engine fire handles on international level news.
These people are part of top big media houses, with good salary.
The media houses gave big fee for their ride in jet fighters.
Still they can't do simple google & YT search also. In schools there is Internet search competition.
This is the quality of reporting we have.
These people are part of top big media houses, with good salary.
The media houses gave big fee for their ride in jet fighters.
Still they can't do simple google & YT search also. In schools there is Internet search competition.
This is the quality of reporting we have.
Though we want to laugh along with you!These veteran defence journalists talking about fuel switches pointed to the engine fire handles on international level news.
These people are part of top big media houses, with good salary.
The media houses gave big fee for their ride in jet fighters.
Still they can't do simple google & YT search also. In schools there is Internet search competition.
This is the quality of reporting we have.
View attachment 44958
What switches are highlighted? And which are the switches for the fuel cut-off?
I already mentioned that they highlighted the engine fire handles.
The fuel switches are just ahead the fire handles behind throttles.
A simple 5-10mins search on Google & YouTube can prevent such blunders.
But when some media channels report possibility of pilot pulling flaps lever instead of gear very quickly w/o homework or consultation, just to increase their TRP, then these kind of blunder mistakes obviously continue & they never correct it.
Well, i did go through this specific report - only mistake I could see is highlighted location - the rest is a What If? Scenario
> Many impulsive mistakes done recently by them in defence & aviation reporting, no corrections.
> 1 person in team makes mistakes w/o homework, scrutiny, entire team or media house might loose competition on quality to others.
> Wrong visuals, especially for non-tech citizens, is a BIG mistake for a disaster investigation, it can change narrative & belief.
> And as sabotage angle is also considered, these guys came up with some funny ways of sabotaging like ground crew locking the gear not to retract, etc.
when multiple ground crew & pilots also do a walk-around before every flight.> "What if" can be anything. When so many pilot errors are suspected then someone would say - What if pilot(s) wanted to commit suicide?
> But if we consider this wild theory of fuel switches also, why/how would a pilot wrongly close BOTH fuel switches????
Or it sounds like a "Final Destination" movie script that some object like a diary, logbook, iPad, handbag, coffee mug, etc dropped on both the fuel switches???
IMO such critical switches should have a guard cap, however, the pilots would immediately switch them on back, re-opening the fuel valves & arming the ignitors which EEC would ignite. That's exacty what historically pilots did in other mid-air incidents globally at higher altitudes.
> Historically, proving error of defenceless dead pilots benfits the airframe & engine makers, airline operator. Many engineers & lawyers globally have pointed this possible corruption.
> Tomorrow these guys might say that the pilot accidentally pressed fuel pumps buttons or the hydraullic buttons!!!
