Page Links: First Previous 1 2 Last Index Page
Someone Somewhere
July 01, 2025, 10:19:00 GMT permalink Post: 11914164 |
Not really relevant to what you quoted though, as the scenario in question requires:
I also don't see any evidence that engine driven fuel pumps alone must be able to handle this scenario: provide enough fuel flow for takeoff and climb, even while the pitch is rotating, even in a hot environment with significant weight, even while the gear is stuck down.
I know that the engine driven pumps have documented limitations and that the regulations allow for some limitations. I know that at least one of these limitation is high altitude and I _suspect_ that the design intends for this unlikely scenario (engine driven fuel pumps alone with no AC pumps) to guarantee enough fuel flow to get to an airport and land. I also suspect that the APU is expected to solve loss of all AC generators - and as we know, there wasn't enough time for it to start in this scenario. The limitations at high altitude are primarily air/volatiles degassing out of the fuel. That's not going to be much of an issue at sea level, even if the engines are a bit higher up during rotation. APU is a nice-to-have; it's on the MEL. If you lose all four generators, it's because of some major carnage in the electrical software/hardware and chances of putting the APU on line even if it's operating are very slim. |
adfad
July 01, 2025, 12:55:00 GMT permalink Post: 11914255 |
I believe that particular bug is fixed, though it's always possible there's other issues causing a total AC loss.
Not really relevant to what you quoted though, as the scenario in question requires:
The aircraft has two engines and should be able to climb out on one, plus it dropped like a rock . 'Significantly degraded' thrust isn't really compatible with what we saw. You'd also expect the engines to recover pretty quickly as it leveled off. The limitations at high altitude are primarily air/volatiles degassing out of the fuel. That's not going to be much of an issue at sea level, even if the engines are a bit higher up during rotation. APU is a nice-to-have; it's on the MEL. If you lose all four generators, it's because of some major carnage in the electrical software/hardware and chances of putting the APU on line even if it's operating are very slim.
I do agree that the engine driven pumps should be able to provide fuel alone, the whole point of these pumps is to keep the plane flying within some limitations, high altitude is one of those limitations, I propose that there may be others based on the following:
|
TURIN
July 13, 2025, 17:02:00 GMT permalink Post: 11921451 |
If the guards to the stab trim switches were left open by maintenance, I could see a situation in which muscle memory might lead to closing the adjacent fuel control switches. This would also explain the "I didn't do it response", as he believed he was merely closing the guards instead.
When trouble shooting, it normally resets through a BITE test. I don't remember ever having to touch the stab cut off switches as part of line trouble shooting. The aircraft is on a turnaround, if the test doesn't clear the message further trouble shooting may be lengthy, most airlines would want the aircraft dispatched in accordance with the MEL. Deactivating the relevant transducer involves entering the stab bay, disconnecting a plug and writing up the deferral. If it's true, as someone above suggested, that the aircraft was signed off an hour before departure, that is not last minute by the way, then I would guess that the BITE test cleared the message. |
nrunning24
July 14, 2025, 19:59:00 GMT permalink Post: 11922466 |
If you think everything is said...
Breaking News: On Jul 14th 2025 India's DGCA instructed airlines to check the fuel switches on the Boeing 787 and Boeing 737 aircraft as used by Air India Group, Indigo and Spicejet for possible disengagement of the fuel control switch locking feature according to the SAIB released by the FAA on Dec 17th 2018. The checks have to be completed by Jul 21st 2025. Source: Avherald.com Realize this is a pilots forum, and its always easier to blame the engineers (me), but I'm surprised at the amount of people grasping at (at least what I think) straws to try and make this not a case of pilot error (either intentional or unintentional). I get lots of parts frequently break and pilots do frequently see things on MEL etc. I know our partner airline engineering teams would love to see increased reliability of certain components, but the certification scrutiny of flight critical items is very intense including isolation from each other. The likelihood of two flight critical components which are isolated from each other failing instantaneously is so small its basically impossible. Especially when you consider they also turn back on 10 secs later. Last edited by T28B; 14th July 2025 at 20:57 . Reason: pulled out the bottom line with formatting |
D Bru
July 15, 2025, 17:41:00 GMT permalink Post: 11923115 |
Hamster wheel diversification (at least an attempt): 787 core system hacking
Inspired by the mention in the
PR
about a MEL on the \x91core network\x92, I came across the polemics between Boeing and IOActive a few years ago about the alleged vulnerability of 787 core systems to outside interference (hacker attack from within a/c and/or ground), including the highly sensitive CDN module, from where also the fuel cut-off module can be accessed. It\x92s definitely not my specialty, but I thought to flag it in case someone has more informed ideas about this. To my mind it could potentially \x93outshine\x94 intentional crew action. Boeing at the time denied such options, of course. Obviously also in good faith, moreover it seems to be Honeywell &GE code anyhow, but who knows where we are 6 years on.
https://www.wired.com/story/boeing-7...ecurity-flaws/ Last edited by D Bru; 15th July 2025 at 18:10 . |
Engineless
July 15, 2025, 17:56:00 GMT permalink Post: 11923129 |
Googling, inspired by the mention in the
PR
about a MEL on the \x91core network\x92, I came across the polemics between Boeing and IOActive a few years ago about the vulnerability of 787 core systems to outside interference (hacker attack), including the FCO module. It\x92s definitely not my specialty, but I thought to flag it in case someone has more informed ideas about this. To my mind it could potentially \x93outshine\x94 intentional crew action. Boeing at the time denied such options, of course. Obviously also in good faith, but who knows where we are 6 years on.
https://www.wired.com/story/boeing-7...ecurity-flaws/ From the article:
Now, nearly a year later, Santamarta claims that leaked code has led him to something unprecedented: security flaws in one of the 787 Dreamliner's components, deep in the plane's multi-tiered network. He suggests that for a hacker, exploiting those bugs could represent one step in a multi!stage attack that starts in the plane\x92s in-flight entertainment system and extends to highly protected, safety-critical systems like flight controls and sensors.
|
EXDAC
July 15, 2025, 18:07:00 GMT permalink Post: 11923145 |
Inspired by the mention in the
PR
about a MEL on the \x91core network\x92, I came across the polemics between Boeing and IOActive a few years ago about the alleged vulnerability of 787 core systems to outside interference (hacker attack from within a/c and/or ground), including the highly sensitive CDN module, from where also the fuel cut-off module can be accessed. It\x92s definitely not my specialty, but I thought to flag it in case someone has more informed ideas about this. To my mind it could potentially \x93outshine\x94 intentional crew action. Boeing at the time denied such options, of course. Obviously also in good faith, but who knows where we are 6 years on.
https://www.wired.com/story/boeing-7...ecurity-flaws/ |
TURIN
July 15, 2025, 19:54:00 GMT permalink Post: 11923218 |
SLF here, but I did read all 3 threads. To me, this doesn't seem likely. But it got me thinking, what about the fuel switches being partially cross-connected left to right and right to left? If each of the 8 channels (4 for each switch) has its own connector, it could be possible. From what I understood from earlier posts, from the 4 channels of each switch, there are 2 can shut down an engine. If that's the case, assuming some cross-connection, a single switch movement might be able to affect both engines.
But, even if this were possible, there are problems with this hypothesis too. The problem would most likely be discovered during engine startup, if the engines are started one by one, not at the same time, as they probably wouldn't start unless both switches are set to RUN. And not sure how this would fit the various delays recorded on the FDR. And you still need something/somebody to move at least one of the switches after rotation to trigger the issue. Both switches being moved by the pilots still seems much more likely to me than some technical issue. "Software faults" do not usually come out of the blue, for no particular reason. Just because it's recorded by software it doesn't mean that it's not something hardware related that triggers it. In a previous reply, not sure if in this thread, it was mentioned that the message meant that there was implausible data coming from those STAB cutoff switches, if I remember correctly. Something like a channel showing both on and off at the same time, or the other way around, or some other inconsistency. That could have been an intermittent issue, that might indeed not be reproducible with a BITE test, and just be cleared. But if the STAB cutoff switches did indeed have a problem, or one was suspected due to recurring reports, is it really so unlikely that they might try to look for some hardware issues, such as a loose connector? For the Lion Air accident involving MCAS, after repeated issues during previous flights, they did exactly that: disconnected and reconnected some connectors to check for issues, among other things. EG. GPS faults are common among aircraft that fly around Turkey and other troublesome areas of the world due to GPS 'spoofing' or jamming. The problem is known and a procedure to reset the fault and verify that there is no 'hard' fault hidden in the hardware is used every day. As I posted earlier in this thread, the Stab Trim (Posn) XDCR status message can be deferred under the MEL with a maintenance procedure that does not involve touching those switches. Last edited by TURIN; 17th July 2025 at 11:59 . |
EDML
July 15, 2025, 22:08:00 GMT permalink Post: 11923307 |
After all the analysis on PPRuNE, fuel switch failure (well, dual switch failure, at practically the same time) seems so unlikely it's no longer worthy of consideration. However, I'm still open to the idea of a failure elsewhere that may have signalled the fuel switches had transistioned from Run to Cutoff wthout physical movement of either switch. Why? Firstly, because of this (taken from the preliminary report)
Inspired by the mention in the
PR
about a MEL on the ‘core network’, I came across the polemics between Boeing and IOActive a few years ago about the alleged vulnerability of 787 core systems to outside interference (hacker attack from within a/c and/or ground), including the highly sensitive CDN module, from where also the fuel cut-off module can be accessed. It’s definitely not my specialty, but I thought to flag it in case someone has more informed ideas about this. To my mind it could potentially “outshine” intentional crew action. Boeing at the time denied such options, of course. Obviously also in good faith, moreover it seems to be Honeywell &GE code anyhow, but who knows where we are 6 years on.
https://www.wired.com/story/boeing-7...ecurity-flaws/ |