Thursday, August 4, 2016

The Biggest Story That Didn't Make the News

Long time readers will know that I retired in December from a company that I called Major Avionics Corporation - for the same reason I don't use my real name.  I didn't want anyone thinking anything I said was official policy, or opinion of my employer.  Most people are unaware of what avionics is, the dictionary definition is "electronics applied to aviation" and that's a good summary of what we did.  Everything from communications radios, to collision avoidance systems (also radios), weather radars (ditto), navigation radios and more; but also things like the pilot to cockpit intercoms, with their characteristic "bing bong" tones, to inflight entertainment systems (Cable TV on a plane) to, well, anything electronic that got put on an airplane. Given that list, you might see why it was a good place to be a radio designer for 20 years.

That means that for 20 years, I worked in the aviation industry, and I think that like most of us, I'm proud of the industry.  That's why I think this aviation story that didn't make the news much, if at all, needs to be highlighted.  Yesterday, an Emirates Air Boeing 777 apparently landed in Dubai with landing gear problems, or its gear wasn't deployed at all.  The aircraft burst into flames and quickly burned halfway to the ground.
Despite this tremendous mechanical violence, all 300 people aboard escaped with their lives.
Unfortunately, there was one fatality: one of the firefighters dousing the plane was killed.  There were no reports of serious injuries, such as broken limbs or serious burns.  I'll bet that's why this story barely got picked up at all.

So how does an airplane the size of a 777-300, nearly 250' long and probably weighing a half million pounds, carrying 300 people (passengers and crew) essentially crash on the runway, slide hundreds or thousands of feet, dragging one of its huge Rolls-Royce engines behind it, then erupt in a fireball, and not one soul on board dies?  Two words: engineering and training.  Engineering for all the changes made to aircraft design to make crashes more survivable; training for the crews who train relentlessly to get everyone off the plane.
Airplanes must be evacuated within 90 seconds, a feat flight attendants are rigorously trained to achieve. That means passengers have a fighting chance to flee an airplane before fire and smoke can engulf it.  In addition, the Federal Aviation Administration has invested enormous resources into studying emergency airplane “egress,” including an Oklahoma City laboratory specializing in such flight-safety issues.
The placement and size of exits to get everyone off an airplane in under 90 seconds is a subject of engineering effort.  Think of the Airbus monster double decker A380.  During their evacuation test, 853 volunteer "passengers" and 20 crew members left the aircraft within 78 seconds. (No, they can't use trained "evacuation test takers")

The thing is, yeah, this is a remarkable incident with 100% survival, but remember the Asiana flight 591, also a 777, that landed before the runway's landing zone at San Francisco in 2013?  That plane clipped a seawall, flipped and then burned nearly to the ground. Only three of the 291 passengers on that flight died—a 99 percent survival rate—while the jet was destroyed.  I don't want to sound like I'm making light of the terrible tragedy for those families, but when you consider the magnitudes of the forces involved, and the mechanical chaos going on, that's still pretty darned good odds for survivability. 

It's not just the overall strength of the airframe, and designing the attachments of seats to the airframe to take up to 16 G loads.  The seats on aircraft used to release toxic fumes when they burned.  Airplanes built after 1990 must also meet standards on how much heat is released from materials in a fire and the density of smoke the fire produces.

Lastly, the professionalism of the flight crews can not be ignored.  Too often, we think of flight attendants as "waitresses at 35,000 feet".  During quiet times they may be, but they also train hard to be able to get everyone off the plane in under 90 seconds.
Emirates Flight EK521, "after". 

Civil aviation isn't one technology; it's many.  Perhaps the most taken for granted technology there is (Louis CK has a famous comedy bit about this).  People expect to get into their pressurized aluminum tube, fly in an environment that would kill them if they were exposed to it for a brief time, and then get off the plane later without a nanosecond of inconvenience or discomfort.  With incredibly few exceptions, they do.  A flight not ending up where it was supposed to go is so unusual it always makes the news; either a lost plane or a lost pilot landing at the wrong airport.  The system just works, the vast majority of the time.  I'd like to claim the avionics industry added something to surviving this sort of accident, but this is entirely on the airframe makers.  They're the heroes.


  1. Figured you might like this.

  2. People are spoiled.

    I had an old uncle on my Mom's side, and after Apollo 11 landed on the Moon, he told me about how when he was very little, his parents took him to see the Wright brothers fly.

    He said he never thought he'd live to see men walk on the Moon....

  3. I don't fly much (since 1992) now that Uncle Sam doesn't pay for it, but in the last two years I've flown to Florida for little vacations with the wife. I get giddy and amazed like a school boy when I fly. The power, technology, and the skill involved to make flight possible is mind-numbing and incredible (and a little scary) to me, and always has been, and I don' think I could ever consider flying to be routine or mundane. This summer I took my first ride on an Airbus. What a wonderful machine! I loves me some Boeings, but the Airbus is nice.

    Oh...and I would willingly give up a body part to sit in the back seat of a P-51.

    1. They make some nice airplanes, for sure, but there's a philosophical difference between the way Airbus and Boeing design things. Airbus designs their control systems with the idea being that the pilot should never be able to command the aircraft past its "envelope" (the complete range of control settings and conditions that are allowed). Boeing says the Pilot In Command is in command, and will allow the pilot to do whatever he thinks the situation requires. It's a bit subtle, but there are some historical crisis situations that make me think Boeing's approach is better.

      I'm with you on the P-51, but even more that I'd love to ride back seat on an F-18 or F-15. The Blue Angels are known to take reporters up for a backseat ride in one of their F-18s pretty regularly. It becomes a point of honor to make a guy throw up, but they're easier on the women. The way I look at it, I've thrown up before and I'll probably throw up again, but I'll never get another chance to ride in a fighter, so let's do it!

    2. Of course, if you ever DO get that chance, and know about it at least a couple of days in advance, one could always do the sigmoidoscopy prep. Not much left in your system -at EITHER end - to depart...

  4. As one who still works at the "Major Avionics Corporation", the thing I like to remind new people is that you can't design for 100 percent safety. Instead, we design such that the probability of a "Catastrophic" event (most if not all the people die) must not exceed one in a billion. One landing in a billion landings, takeoffs, hours at cruise, and so on.

    You probably have a higher probability of having a stroke while reading this and not making it to the end.

    Good. You made it. Let's go flying!

    1. Being the kind of guys we are, we naturally go one step farther and say the most common estimate for the number of flights in a day is 100,000. With a probability of Catastrophic event of one in a billion, that represents an average rate of one event every 10,000 days. That's once every 27 years.

      Of course, that doesn't mean in 27 years there won't be more than one and it doesn't mean there won't be none at all.

    2. I used to be a compliance tester in an RnD department.
      Since then I have found the concept of Mean Time Between Failure fascinating.
      Moreso because where I work now most of the control systems are twenty years past their end of life date.

    3. - I was never a reliability engineer (some places make you do a few months there as training), but I could do a few pages on it.

      The way I've seen MTBF calculated is based on a methodology from a MilSpec, MIL-HDBK-217. At some point, the failure rates for individual components are pulled out of tables and those numbers folded into a grand total. All of those failure rates are based on random failures under specific operating conditions, but components aren't necessarily used in keeping with those conditions. For example, the life of a transistor can be radically reduced by letting its junction temperature get too high. An inadequate heat sink or a change to the transistor's operating point made without changing the heat sink can happen. Those choices are made by the design guys. Resistors can fail if they get too hot, capacitors can be ruined if they're exposed to too high voltage, or too much AC ripple (if filter caps). The numbers in the MilSpec table don't mean much if the parts aren't running in the recommended conditions.

      In Major Avionics Corp, the designs were divided into functions - using block diagrams - and the failure rates computed for the blocks. The top level MTBF can be changed by different choice of the blocks and what goes in them. I have no idea if the MTBFs you're talking about were calculated this way, but it's not unusual. It could be that those systems are just well designed and the parts are being used in more gentle conditions than the tables assumed.

      Here we see one of the basic theoretical problems with reliability theory, as I see it. All of the predictions are based on random failures, but all of the improvements in reliability come from removing non-random factors.

  5. I would still like to give my "kudo's" to you and the Avionics guys. Airframes are great but there are still things like system redundancy, generators, fuel shut-off valves, communications, lighting (those aisle "guiding lights" on the floor type), and probably many other things that contribute to making for a quick and successful evacuation. The "entire" team deserves recognition. Don't be shy.

  6. What is your opinion of flight 800 and the official investigation?

    1. I just haven't thought about that hardly at all. I suppose my opinion is that I see no reason to doubt the NTSB and the official story. You can rightly conclude that means I haven't really paid much attention to the story. It appears to be a horrific failure, but it's out of my area of expertise.

      In general, airplanes don't just explode, but a one-in-a-million failure, or a cascade of two, is always possible. Improbable things happen all the time. The number of 747s and their flight hours is so low compared to the kind of total flight hour numbers I was talking about above that they may have never gotten to the point of seeing a one in a million or one in ten million failure.

      A point I didn't emphasize in this piece is the saying that the FAA regulations are written in blood. For example, take those seats rated to survive 16G impacts. They're that strong now because analysis of a terrible crash on the ground showed people died because the previous designs weren't strong enough. IIRC, Flight 800 resulted in changes to the fuel system on the 747, and if they made a one in a million accident into a one in a billion accident, it's really hard to know until millions of hours of flights.


    The evidence refutes the fuel tank claim.