Air India Crash

Blackjack Davy said:
At the very least it ought to have a visual/audio warning if they're turned off for whatever reason "fuel turned off, fuel turned off" etc. Probably one of those things that no-one ever implemented because no-one ever thought it might happen...
Click to expand...

The sound and vibration frequency of the jet engines spooling down due to no fuel is usually a big clue, they are not exactly quiet, lol!
 
Last edited:
mattyfez said:
The sound and vibration frequency of the jet engines spooling down due to no fuel is usually a big clue, they are not exactly quiet, lol!
Click to expand...
Yup

I've heard a few pilots describe how they've known there was an issue with an engine before any instrument because of the noise changing (the instruments picking up very specific things, the human ear picking up "that's different").


SupraWez said:
Why do they even get a say, just add it.
Click to expand...
Because it's a potential invasion of their privacy, and more importantly there is history of Airlines trying to use private conversations in the cockpit that did not break any law to sack staff.
IIRC the relatively limited retention time on the voice recorders (given what they could do now) is for much the same reason, Pilots, especially in America where some of the big companies have repeatedly tried to screw them have a long memory and (rightly) don't always trust their employers much given the employment laws, and past behaviour towards them.

There is also the whole thing where you're adding additional complexity, chances of failure (both normally and catastrophically) to the system for something that to date might have helped in maybe 2 incidents, it wouldn't just be one camera you'd need enough to catch everything in the cockpit from multiple angles to allow for the fact that the pilots might block the view from one or two angles of what exactly they're doing just in normal use.
 
Last edited:
Well this has answered why the engines failed, but really opened up a new one as to why the fuel was cut.

I would expect the investigation to work out if both switches had failed in a very similar way - seems very unlikely.

I wonder if whoever pulled the switches just got distracted and did the wrong step at most inopportune moment with fatal results and genuinely didn't know he had done it. Could be a deliberate act though - I don't think we will ever know.
 
Well, let's be honest.. In terms of probability, given what we know, the chances of a mechanical switch failure is statistically irrelevant, never mind both failing at exactly the same time...
It's just not going to happen, but it can't be mathematically ruled out 100%. only about 99.9999% ruled out.

Back in the real world.. Someone in the cockpit did this.

Who it was, or why they did it, is currently unknown.
 
Last edited:
Firestar_3x said:
Seems like a massive fault in the systems logic to me.
Click to expand...
System logic yes, advertisement logic no.

Basically, many years ago there was an incident where an Airbus crew were doing a low speed low level pass of an air show and failed to scout their route ahead of time (relying instead on maps) they then flew into some trees they didn't expect to be there and crashed. It kicked up quite the kerfuffle at the time because the pilots were adamant that they could have avoided the trees if the plane's alpha protection had not overruled their attempt to pitch up and flown the aircraft into the trees (all of the data showed that their attempt to pull up would have stalled the aircraft and crashed it even worse).

After the incident Boeing put a lot of PR into the fact that they are the "pilots manufacturer" and their planes give ultimate control to the pilots not the computers and that a Boeing wouldn't crash itself against the pilots command (I guess the 737 MAX designers never got this memo). Even to this day they still have a lot of systems built around this design philosophy of giving the pilots ultimate control regardless of whether that control is actually beneficial (or in some cases despite the fact it is detrimental).
 
The bigger issue with someone suggesting that the fuel cutoff switches become "virtual" switches means making the main fuel control of the aircraft software controlled... software is not infallible (I know mechanical switches aren't either), just look at the original issue where the plane shuts the engines down if some of the computers have been on too long. I work in IT as a career, and making those fuel cutoff switches into software switches seems like the most awful idea.
 
Last edited:
squerble said:
The bigger issue with someone suggesting that the fuel cutoff switches become "virtual" switches means making the main fuel control of the aircraft software controlled... software is not infallible (I know mechanical switches aren't either), just look at the original issue where the plane shuts the engines down if some of the computers have been on too long. I work in IT as a career, and making those fuel cutoff switches into software switches seems like the most awful idea.
Click to expand...

It's a double edged blade... of course software can fail, and it does.

But so can mechanical switches attached to rods and hydraulics -you could argue there are more 'single points of failure' to use an IT risk management term, in a purely mechanical system due to all the moving parts.

Also there will always be 2 separate fuel systems, one for each engine, in either case, for redundancy, incase one system fails for whatever reason, you'll still have one engine running whilst you figure out what's wrong with the one that's lost power.
 
ubersonic said:
System logic yes, advertisement logic no.

Basically, many years ago there was an incident where an Airbus crew were doing a low speed low level pass of an air show and failed to scout their route ahead of time (relying instead on maps) they then flew into some trees they didn't expect to be there and crashed. It kicked up quite the kerfuffle at the time because the pilots were adamant that they could have avoided the trees if the plane's alpha protection had not overruled their attempt to pitch up and flown the aircraft into the trees (all of the data showed that their attempt to pull up would have stalled the aircraft and crashed it even worse).

After the incident Boeing put a lot of PR into the fact that they are the "pilots manufacturer" and their planes give ultimate control to the pilots not the computers and that a Boeing wouldn't crash itself against the pilots command (I guess the 737 MAX designers never got this memo). Even to this day they still have a lot of systems built around this design philosophy of giving the pilots ultimate control regardless of whether that control is actually beneficial (or in some cases despite the fact it is detrimental).
Click to expand...
Yup I was remembering the Airbus crash, you never want a situation where the Pilot can't control something quickly,.

Ironically, and sadly Boeing totally ignored that when they their 737 max and didn't tell the pilots that the system could overrule them repeatedly with little or no indication.

squerble said:
The bigger issue with someone suggesting that the fuel cutoff switches become "virtual" switches means making the main fuel control of the aircraft software controlled... software is not infallible (I know mechanical switches aren't either), just look at the original issue where the plane shuts the engines down if some of the computers have been on too long. I work in IT as a career, and making those fuel cutoff switches into software switches seems like the most awful idea.
Click to expand...
Yup
Physical switches have a very important thing in that you can quickly, easily and without question tell what position they are in and short of a physical fault with either the switch or the wiring you know what it is doing.
I remember that issue with the engines, IIRC it was a 64bit value being used for storing data in memory about the engines or something, so the fix was to turn the entire plane off (full power disconnection) every so many days.
 
Firestar_3x said:
So under what emergency circumstance would it be more desirable to kill fuel to both engines at an unsafe altitude and 100% crash vs killing fuel to one engine and trying to fly on the second.

Seems like a massive fault in the systems logic to me.
Click to expand...

Not entirely, and I can only speak from authority regarding the B737, but in the event of the loss of thrust of both engines (say for example due to water ingestion if you fly through a particularly bad thunderstorm, or volcanic ash), the checklist for this requires you to kill the fuel supply to both engines before re-introducing it back again. I.e turning closing and opening the fuel cutoff switches both at the same time.. I suspect there is a similar procedure for the 787.

And regarding a 'safe' altitude - well, it would be hard to define what that is if trying to restart both engines is the only thing you can do.

Jokester said:
Google PLC scan time, the AI generated text gives a decent description of why two inputs changing state at the same time can be recorded at completely different times.

In O&G controllers 5s scans are common for low priority signals, 1s is common for safety stuff.
Click to expand...

I would assume the AAIB understand polling times on the FDRs and if they say 1 second apart that is probably correct.
 
esmozz said:
I would assume the AAIB understand polling times on the FDRs and if they say 1 second apart that is probably correct.
Click to expand...
At a high level maybe, but there is limits to the scan which seems to be 1s for FDR based on this (table 1 seems to be based on the ATSB, but would likely be the international standard)

1second is typical in my industry in safety functions, so as Feek pointed out in reality the difference in time of the switches being selected appears to be 1s +/- 1s. There's margins of error on everything they're measuring, but I don't think they ever report what that is in general reporting (like speed seems to be +/-5%).
 
esmozz said:
And regarding a 'safe' altitude - well, it would be hard to define what that is if trying to restart both engines is the only thing you can do.
Click to expand...


Higher than during take-off I imagine, lol!

Once those engines get up to a certain speed, you're taking off anyway, whether you like it or not, as your past the point where you could abort a take-off. You sure as hell don't cut the fuel then, as the only thing that guarantees, is your gonna crash and burn.
 
mattyfez said:
Higher than during take-off I imagine, lol!

Once those engines get up to a certain speed, you're taking off anyway, whether you like it or not, as your past the point where you could abort a take-off. You sure as hell don't cut the fuel then, as the only thing that guarantees, is your gonna crash and burn.
Click to expand...

Okay, what height then? 400 feet. 500?
 
esmozz said:
Okay, what height then? 400 feet. 500?
Click to expand...

I'd suggest both are a bit low for an engine restart, lol!

They could have potentially got away with it, if it didn't take them 10 seconds to realise the fuel was cut. After they turned the fuel back on both engines, both engines fired up as expected, but the time it took for them to spin up enough to generate enough thrust was too short.

Turning the fuel back on sooner, or being a few hundred feet higher, 'might' have given them time to recover, but I wouldn't like to hazard a guess. it was too late and they didn't have enough altitude to play with before they hit the deck.
 
mattyfez said:
They could have potentially got away with it, if it didn't take them 10 seconds to realise the fuel was cut. After they turned the fuel back on both engines, both engines fired up as expected, but the time it took for them to spin up enough to generate enough thrust was too short.
Click to expand...
No - both engines showed a rise in EGT but only one fired up enough to start accelerating (accelerating engine speed, not accelerating the aircraft). The other wasn't spinning fast enough to get a proper relight.
 
squerble said:
only one fired up enough to start accelerating (accelerating engine speed, not accelerating the aircraft). The other wasn't spinning fast enough to get a proper relight.
Click to expand...

That's kinda what I'm saying, maybe my poor choice of words but both engines were back online, the one that was 'turned back on' last, didn't have time to fire up properly, as it was still in the process of starting up.

But then, the engine that was 'ahead' didn't really have time either, it just happened to be turned back on before the other one, so was producing 'some thrust' but not nearly enough to climb, or even maintain altitude.
 
Last edited:
mattyfez said:
That's kinda what I'm saying, maybe my poor choice of words but both engines were back online, the one that was 'turned back on' last, didn't have time to fire up properly, but then the engine that was 'ahead' didn't really have time either, it just happened to be turned back on before the other one, so was producing 'some thrust' but not nearly enough to climb, or even maintain altitude.
Click to expand...
The quote:

"The EGT was observed to be rising for both engines indicating relight. Engine 1’s core
deceleration stopped, reversed and started to progress to recovery. Engine 2 was able to
relight but could not arrest core speed deceleration and re-introduced fuel repeatedly to
increase core speed acceleration and recovery."

The second engine had slowed down too much, it wasn't just behind. There's a chance it wouldn't have recovered properly, and would have needed higher airspeed (or the other engine's generators back online to produce enough voltage/current for a proper start). Anyway, I think we'll end up going around in circles here. While there could be some merit in the fuel cutoffs being ignored for the first 1000ft of a climb incase of a pilot deciding on a murder/suicide, it still seems like a naff idea to make the fuel cutoff a software switch.
 
You must log in or register to reply here.
Back
Top Bottom