RK Henry writes:

Don't underestimate the capabilities of a trained, experienced crew to
cope with equipment failure. Case in point, United flight 232 at Sioux
City, Iowa. Despite complete hydraulic loss and concomitant loss of
flight controls the crew was able to bring the aircraft to what turned
out to be a survivable crash for most of the occupants.

They were also flying an aircraft that did not have fly-by-wire
systems.

Fly-by-wire means that no command bypasses the computer. If the
computer malfunctions, or if it decides to ignore your command, you're
out of luck, and no amount of skill will help you. If flight 232 had
been a fly-by-wire aircraft, everyone aboard would have died.

The problem with fly-by-wire is that digital systems have typically
catastrophic failure modes, which is the dark flip side of their
superlative performance within the envelope. If flight remains within
the envelope foreseen by the developers of the system (and assuming
there are no bugs in the software), FBW aircraft fly better and more
easily than non-FBW aircraft. However, if flight ventures outside the
programmed envelope, failures in the system _will_ occur--and failures
in digital systems are often catastrophic failures, because of the way
digitization separates control from any constraining physical
parameters.

This issue is not limited to FBW aircraft, but it is much more
critical in FBW because the results of a malfunction are usually
fatal.

Everything is different in more conventional aircraft. You might lose
the hydraulic assist on control surfaces, but you can still move them
to some extent, and they won't snap into implausible positions that
exceed the physical limits of the system.

As an example, if you have a purely analog throttle, if you push it
beyond the maximum or below idle, the worst you're likely to get is no
effect at all, i.e., you'll still have full throttle or idle,
respectively. In a poorly-designed FADEC, however, your throttle will
just be providing a number to a computer. If the computer has
throttle settings from 00 to 99, and you push the throttle to a point
that sends the internal computer setting beyond 99, it may roll over
to 00, setting the engines abruptly to idle. Thus, the FBW throttle
has a catastrophic failure mode that is completely absent in the
conventional throttle.

Add to that the fact that many FBW systems are not ergonomically
designed and may have features that were conceived by engineers or
project analysts rather than pilots, and you multiply the chances of
problems.

I think every FBW should have a button that says "do exactly what all
the control inputs tell you to do," but many engineers apparently
disagree, and most people (including some engineers) don't know enough
about computers to realize the danger in this.

--
Transpose mxsmanic and gmail to reach me by e-mail.