Posts about: "EDML" [Posts: 31 Pages: 2]

Take a look at the video from the rear.

Engines generally deliver hydraulics while running down, as they operate down to a much lower speed than the generators do. Useful flight control power might be available from windmilling alone (hence why the 747 didn't have a RAT until the -8). That's subject to similar speed issues to the RAT but the engines have much more inertia. The Virgin Atlantic 024 report (A340 partial-gear-up landing at Heathrow) notes an expected 25-30 seconds of useful hydraulics after engine shutdown.

This doesn't apply if the pumps are depressurised by a fire handle, or to allow easier engine relight.

Very subjective, and I agree it it could look like a slotted gap between the wing and flaps, except the shadow is confined to exactly where that spoiler pair is located. You don't see it where the rest of the flap is. It would be good to hear other opinions about what we are seeing here . Is it wing, flap, gap or spoilers?


I don't understand your point here. The RAT hydraulic powers very specific flight controls like the stab, rudder, outboard ailerons and one specific pair of spoilers - the inboard most spoilers. Have a look at this schematic (at 3:55) youtu.be/DFbOLNduutI?si=siPnQ9oHMbLgp64K&t=235 (not publishing link as it fills the frame). The spoiler pair I mentioned above (visible in the video) are only powered by L hydraulics and electrical. Assuming L hydraulics was lost by dual engine failure, then this spoiler pair can only have been electrically powered...hence the conclusion it's either powered electrically by the Battery or electrically powered by the RAT. That spoiler pair is not connected to the RAT hydraulics.

With such high redundancies and a large degree of isolation between the engines, if it was indeed a simultaneous dual-engine shutdown, we don\x92t know of a single hardware component that could have worn out and caused it (as far as I know)

Before this accident occurred, Boeing whistleblowers were in fact reporting that planes were leaving the line, entering service with defects (including swarf) that would cause accidents many years later.

The TWA 800 airframe was 25 years old at the time of the accident, where arced wiring was implicated in that crash. In the aftermath, industry-wide sampling of aircraft found cracked insulation on wiring, non-factory swarf added by follow-on maintenance, instances where wiring had been re-routed or manipulated in a manner that placed increased strain on looms, etc. Of course the problem with wiring-related problems is that they can produce faults that no engineer could have foreseen or have developed countermeasures for.

Not to be an alarmist, but much has been written about wiring issues on the aging fleet. I tend to believe that maintenance people in earlier generations were more conscientious about their work, where now more than ever corners are cut (beginning at the factory).

The centre tank would have been used up first, so the tank would have been down to undrainables plus whatever is left when switched over. A check of the weather at each previous sector's descent would be worthwhile to see how much water, in all its forms, could have been taken in the centre tank vent. The ejector pump should have emulsified this water it it was doing its job properly.

Just for me to understand: How would you shut off the engine driven pumps if there is no electrical connection whatsoever? If there is a "powered" valve, wouldn't this (also) cut fuel suppy in case of a complete electrical failure?

Multiple sources, including BBC, have quoted Amit Shah, Home Affairs Minister, as saying the plane had 100 tonnes of fuel on board. This seems to stem from a direct quote from Shah, in which it is reported he said:

Using a rough approximation of 0.8kg = 1l leads to the 100t figure. Plenty of other sources for that 1.25 lakh litres fuel quote, including Times of India: https://timesofindia.indiatimes.com/.../121815339.cms

I have no idea if he actually knew how much fuel was on board, or whether he'd simply been told it was "full" and somebody had looked up the capacity (126k litres) and he then quoted that "full" number. Or whether, in fact, there was an excess of fuel. But since that seems so far the only public statement on fuel load, it shouldn't just be dismissed out of hand.

Sadly I'm unable to post links or I would have done so in my original post.

First off I should note that what I wrote is a massive oversimplification. I'd expect that neat metal box with the nice rugged connectors that Safran shows on their homepage to contain an ungodly mess of microcontrollers, ICs for signal conditioning, the FPGAs I mentioned and components that are well beyond my understanding of electronics. But from personal experience with a certain aircraft related company operating in Munich I can tell you that marketing level slides like you showed are so far removed from the technical reality that they might as well be fan-fic.

I agree with your observation that current microcontrollers are more than capable enough of dealing with these types of real time computation, but keep in mind that the Boeing 787, and thus its FADEC, had its first flight in 2009. Back then I would be rather more careful with that statement. Mostly because I would have just started my Computer Science Degree at the time XD

But maybe I should explain how I've arrived at the post above. I've basically spent the past few days on and off scavenging anything I could find on the 787 FADEC specifically. It was mentioned in this thread or the old one that the 787 uses the Safran FADEC 3, so my primary jumping off point was the Safran website and the information available on it. That plus a couple of press releases namely by Actel about their flash-based ProASIC3 and ProASICPLUS FPGAs was the evidence I used to arrive at my conclusions above. I can't for the life of me find the quote about the dual signal conditioning FPGAs anymore, but they are in there as far as I can tell.
Overall information on the actual inner workings of these things are so sparse that outside of a few patents (keyword: configurable CPU) I was hard pressed to find anything at all to be honest. This all not being helped by me now finding references to my own post, thus having created my very own Woozle. Hooray.

I have only looked into the Safran FADEC 3 used on the 787 with the GEnx-1B engine. The system was very innovative for its time and uses technology not previously used on FADECs to my knowledge. Even saying that, this could be one of those "technically true" kind of statements. My intention was to highlight that due to the totality of the processes and architectural style of these types of computational device the typical kind of "software error" or "bug" was basically impossible and that we'd be looking at something way further back with implications for the base requirements. I merely want to correct the implied misconceptions about the "software" being used here. As I said, FPGAs are just very different kinds of beasts.

I half agree and half disagree. Obviously I shouldn't have stated an absolute because, yes, it is possible despite multiple layers of engineering coordination that an error occurs at one step or another and is not caught by the multiple layers of checking. My point is that even in normal development FPGAs are well known to be bug resistant due to the way they are programmed. In general we create the logic condition tables using software which then translates our table into an actual FPGA configuration. This process is obviously not immune to faults but highly resistant and most importantly: Can easily be simulated.
Now, in normal "everyday" usecases I'd fully agree with you, but in case of the FADEC we're talking about an FPGA with logic condition tables where every line is likely to have its own separate binder of engineering notes, discussions and recommendations. It is there where any "error" or "bug" is most likely to reside by a considerable margin.

They were, and continue to be, a valid and reliable technology for this type of application especially before the extreme proliferation of consumer microelectronics in the last 20 years. The Safran FADEC 3 was designed at basically the same time as the first iPhone. And boy do I feel old now.

I realize that my post is a massive simplification of the topic, considering the intricate details that are simply unknown to the general public in a system as complex as a FADEC I certainly agree that things can go wrong. What I wanted to point out is the reliability of the last steps versus the design and requirements engineering phase. In general software development bugs will happen at any stage with basically equal likelihood. Given the way the standard processes around FPGA development alone would influence this probability towards the design and requirements engineering stage and then combining it with how it is handled in the Aerospace Sector I felt it was justifiable to state the extreme mismatch in probabilities of error the way I did. With the system being in operation for this length of time I do still feel comfortable with my original statement although I would now decorate it with a little * for the reasons mentioned by you and others.

In the end I hope it was useful for understanding where the reluctance of apportioning blame to these systems originates and ​​​​at the same time talk about some pretty nifty tech that I know few Software Engineers will ever deal with in their entire career. I do still find the idea of a fault (with the understanding above of where that fault originates) in the FADEC a convincing possibility, it's merely the nature and location of that fault that I felt could benefit from some more specifics in regards to the nature of how they were most likely to actually happen. I would love to actually hear more about how the FADEC 3 is structured internally and which components it uses, but I suspect that those who know are under NDA.

Regards,
Justus

It appears that photo is showing one of the very first 787 fuselage sections ever built, back when the manufacturing process was still being developed.

Probably just a transport dolly for moving the tank skin between processes. This looks more like the mould tool in front of the autoclave.