I think the auto shutdown of engines in flight, in case it senses reverse thrust, is a great design.
The 787 is a replacement for my 767 (currently a pilot on the aircraft) and in 1991 a Lauda Air 767 suffered a failure in one of its thrust reverser and it became activated during cruise. The aircraft was destroyed in flight.
The thrust reversers should not activate during flight (a air/ground sensors prevents that) but as it is a catastrophic failure, having the engine shut down automatically seems like a great fail safe device.
In this case it seems that the 787 engines were reversed before the air/ground sensor had sensed ground and it is a potential problem.
As long at it is well documented and part of the training, and also ideally the system should indicate to the pilot why it is shutting down the engine(s), to avoid something like this:
"The safety system automatically cut the power to the engine suffering the thrust reverser malfunction. There was no alarm in the cockpit to indicate that a thrust reverser had been accidentally deployed. The crew had no way of knowing what the true problem was. The copilot, seeing the right engine power lever automatically move to the closed position, thought that the lever had slipped back and pushed it back to the full power position alongside the left engine throttle lever. Once again, the automatic safety system closed the right engine throttle and the captain, who was conducting the takeoff, called for the autothrottle system to be switched off. After switching off the system, the copilot again pushed the right engine power lever fully forward and forcefully held it there."
there's a really interesting story around Lauda Air flight 004 where Boeing attempted to write it off as pilot error but Niki Lauda basically threatened to go fly one himself and recreate the conditions as proof it was not. Eventually Boeing conceded and he didn't have to actually risk himself or another of his planes, but still an interesting anecdote.
He was severely burned in a Formula 1 race at the Nurburgring, and despite still suffering badly scarred lungs and weeping wounds he was back in the seat before the end of the season and only lost the championship that year because he refused to go out in the pouring rain to race the Japanese Grand Prix as he decided it would have been foolhardy.
TCMA, the system the article refers to, doesn't actually shut down the engines in flight. In fact, one of the explicit conditions for its activation is the aircraft being on the ground:
> The EEC commands shutdown of the affected engine when the:
> • airplane is on the ground, and
> • thrust lever is at idle, and
> • engine is above idle speed and not decelerating normally
> The EICAS caution message ENG FAIL (L or R) is displayed with an aural beeper once the engine falls below idle speed.
Fyi, military pilot here, there are a handful of mil aircraft that can reverse thrust in flight. A great too for dropping down fast to avoid low/slow flight over hostile areas. There might be a relationship between that ability and this problem.
> In this case it seems that the 787 engines were reversed before the air/ground sensor had sensed ground and it is a potential problem.
What I don't understand is why does the reverse thrust input from the cockpit even influence the engine control when the air/ground sensor doesn't sense ground? It seems like an obvious lockout mechanism to have in place, if the result is shutting down the engines when the combination occurs.
Then just have a manual air/ground sensor override should that thing fail and you know you're on the ground and require reverse thrust.
I am very scared of flying (although I still do it, although it's not fun). Any advice/rationalism you can convey? I am a person that became sweaty and anxious reading your post.
My advice is to look at the statistics. Commercial flying is much, much safer than any other mode of transport.
Do you get scared when you drive to work? Or take a train? Both are more risky. (Driving significantly so.)
More specifically... The pilots have extensive training, modern airliners have fail safes everywhere, and the amount of research and engineering spent on aviation safety is mind boggling.
An accident during flight is pretty much a binary event when it comes down to whether you live or not, but with cars there is a whole slew of different types of accidents and vast majority of them don't cause instant death preceded by 45 seconds of absolute terror. Before you downvote what I said in no way discounts the statistics. It is much safer to fly of course than to drive, but when we think of accidents which is an inevitable fact of any mode of travel one mode is binary you live or die and another not. To our mammalian brains the statistics is a very hard sell.
Aircraft accidents aren't binary at all. Many crashes have few or some casualties, e.g. landing gear failure, running off the runway or hitting another aircraft on the ground. Ditto with in-flight failures that don't impact the flight (there's only one major thing that fails, picked up by the redundancies), engine failures that lead to emergency landings, extreme unexpected turbulence or ditchings etc. that might cause injuries and in some cases deaths. It's only the worst crashes (termed "air disasters" or similar) that lead to everybody on board dying. Of course, these get the most attention. I blame the news.
How can you argue against what I said, it takes profound willingness to ignore precise words to accomplish that. I did not say all accidents I said majority are. If you consider a mosquito hitting the windshield of an airplane when it's parked on the ground and no passenger in it an accident that's your problem. Of course I meant an accident that happens during flight as that's the vast majority of the time that people are in an airplane and when they're worrying about dying.
I don't think that's a super fair assessment of my comment. If we're just disagreeing on the definition of an in-flight accident, or what percentage between 30% and 90% of accidents constitute a vast majority, we should probably leave it at that, because that's not really disagreement :)
My point is, there's plenty of accidents caused by things that happened while the plane was in the air, that has many survivors or just some injuries. The news article at [0] has some examples, and it's possible to search for more. Granted, if you exclude the cases where the injuries or casualties were caused during an attempted landing or a forced landing due to malfunction, the picture would probably look much more bleak, but then you would also have ruled out a large portion of the accidents that happened.
It's thankfully _extremely_ rare that it's been impossible to make an honest attempt at a controlled landing or ditching during an accident, and in a large part of the cases where this was possible, things turned out okay for most passengers.
I agree with what you say, but I think it has more to do with (perceptions of) control than the failure modes.
When you’re in an automobile, you could choose to drive faster or slower, safer or more aggressively. You can tell yourself that you are more alert or a better driver to the people who die in fatal car accidents. You can tell yourself that you have a superior ability to avoid that drunk driver who might suddenly veer into your lane from oncoming traffic. And once your car comes to a stop, if you’re not seriously injured, you can just get up and walk away.
In an airplane there’s none of that. You can make vanishingly few choices to affect the safety of your flight. And you’re stuck in that tin can until it’s on the ground and you’re either alive or dead.
I was very scared of flying for a long time. I fixed it by booking a flight a week for 12 weeks, starting the first week heavily medicated, and following the advice of a book on agoraphobia (Freedom from Anxious Energy). Then cut down the drugs progressively each week until it was none. Worked a charm
Airliners are incredibly durable machines. This article about about how much stress the wings can take is what I think about anytime I see the wings bouncing in turbulence.
It is perfectly rational to be scared of flying. Hell, you're sitting in a pressurized cylinder at 30'000 ft flying at 700 mph. But you have to realize that the crew would not do this job if they weren't sure to come home to their families and dogs every night. Most pilots I know aren't thrill seekers but their love of flying are more a drive due to interest in travel and technology.
I advise you to forget statistics. They are very hard to relate to (we're not good visualizing large numbers anyway). Instead, think of the pilots who know these things inside and out and still choose to happily board each and every day. They raise families and eventually retire uneventfully. If they know the risks and still choose to go to work, surely you can board a flight.
I feel for you. I was the same way. I just internalized the stats and remind myself of them every time I fly. As a numbers guy, I simply cannot justify my abject fear compared to being a pedestrian or auto driver.
Another thing I do is to remember the physics when I'm on a bumpy. Thanks to momentum, planes don't just fall out of the sky, and even bad turbulence is not likely to result in deaths.
I have been there. If you think this anxiety has been on the rise (think carefully about if some time ago you had such strong emotions reading about accidents, etc), consider going to a doctor and treat your anxiety. Medication solves it, I can assure you. Rationalizing does not go very far.
I was not scared of flying until one day while taking off from O’Hare lightning stroke to the tip of the left wing of my plane. I was sitting just on that row aisle side though. For a split second it felt like we stoped mid air. Kind of like when you drive over a bump with your car. After that for quite a while I was scared shitless of flying. But that didnt stop me I probably flew a hundred times since then and now when I do I dont even think about whether I am on a plane or train ( well my be for a bit). Airplanes are incredibly robust machines so my advice is just stop thinking about it and keep flying.
Summarized, I understand that you mean that a malfunction in the "reverse-thrust-detector" (which switches off automatically the involved engine(s) when the reverse-thrust is not operating within its envelope => referenced as "feature" below) is more desirable than not to have it?
(because if, when having a mulfunction of the detector's "feature" in mid-air the engines switch off you still have some time to fix/override it, but on the other hand when not having it if your reverse-thrust engages you're screwed immediately - and even if the feature fails nearby the ground you're still be slow & low enough for at least some passengers to have some chance to survive)
> it's a great fail safe but not if you lose your engines in flight and can't relight them like in the article.
It is still better to lose all engines than to have thruster reversers deploy in unsafe situations. You may stall without an engine at low altitude in a landing configuration, but you should still be able to glide for some time. Deploy reversers (or even a single reverser) and you fall like a brick very quickly.
This existing system wouldn't likely cause loss of all engines unless the PIC commanded all engines TR in-flight. Also, it doesn't make sense that such a system would go out untested because such a system should try command engines to idle before cutting fuel to what it thinks are runaway engines. Finally, it's still unknown if it's a Boeing software issue or a RR T1K issue... the OP article is purely speculative and guesswork "news" is not how aircraft safety is handled.
A single engine on reverse is enough to mess up the the flight violently enough that it'll break apart before hitting the ground (see the Lauda Air case).
I think there are a few options for a failsafe here.
none where it would deploy the reverse thrusters and probably crash regardless of other inputs to the system(could be one or more of many inputs wheel speed, slats deployed, airspeed, elevation, throttle position, etc.)
turning off the engine (presumably you want this because you are on the ground but your ground sensor is failing so you want to cut engine and apply brakes which is less preferable than the reverse thrusters but manageable normally.)
ignoring the input altogether.
not a failsafe at all and an unexpected failure mode of the system (I think this is probably the case since they couldn't relight the engine on the ground)
the point i was making is that if you have the failsafe turn off the engines under normal operating procedures it should be able to relight when in flight and it's not good if a software glitch turns your heavy into a glider without possibility to relight. (i am not a pilot but it's my understanding that you still have the turbines spinning and all you need to do is give it some fuel and fire up both ignition plugs. might need to use the compressor to spin them up to full speed but i doubt it.)
Have a mechanical latches on reverse cowls that will be operated separately of the code that deploys reverse. Landing without reverse is better than falling like a brick.
Having altitude and being able to glide in is a hell of a lot better than one of your engines reversing and throwing your plane into an irrecoverable spin.
Cutting power to all engines in response to an event that is most likely to happen while the aircraft is operating close to, but not actually on, the ground is not failing safe.
I am not sure there is a perfect solution here. you have competing issues that you need to resolve.
If it gets pulled in normal flight you would lose both engines but that's fine because you can glide and restart the engines. if the altitude sensor/ground sensor was broken and you want to override the reverse thrusters you have a conflicting goal there.
If you accidentally pull it during the approach you lose your engines and probably don't have time to relight before landing. in that case you might be able to still land by backup systems(FAU or just the ancillary tail turbine?) and glide?
I guess it boils down to how much trust you place in the pilots to not do the wrong thing or how much trust you place in the machine to not do the wrong thing/malfunction. It's a difficult question without a perfect solution imo.
Well, I thought that the design was that they would not engage if it gets pulled in normal flight.
If it's on the approach, I'd be worried. I imagine that that, at an airport like ORD, that might result in more risk than anyone really wants of the plane unexpectedly touching down on an interstate highway or something like that.
If it's like what Boeing described in the bulletin, where the engines only get shut down after the wheels are on the ground, that's maybe not super worrisome, but I can still see some room for concern. My reconsidered but still totally uninformed reading on the situation is that it takes some time for all the aircraft's systems to get the memo on whether the plane is on the ground, and that what's really going on here is that the order in which they get the memo isn't quite right. So the question of whether or not to allow a Lauda Air type situation isn't really at play here, but perhaps a related glitch to the one that caused this event could interfere with something like aborting a landing at the last minute.
Interestingly, some airplane types allow the use of thrust-reversal in flight, notably some fighter jets. It's apparently used when you do need to sink quickly..
Hmm. There might need for a sooner transition point for that particular inhibition. Perhaps somewhere between ground effect (well below minimums) and back trucks are turning.
The 787 is a replacement for my 767 (currently a pilot on the aircraft) and in 1991 a Lauda Air 767 suffered a failure in one of its thrust reverser and it became activated during cruise. The aircraft was destroyed in flight.
The thrust reversers should not activate during flight (a air/ground sensors prevents that) but as it is a catastrophic failure, having the engine shut down automatically seems like a great fail safe device.
In this case it seems that the 787 engines were reversed before the air/ground sensor had sensed ground and it is a potential problem.