Thread: NW_Pilot's Trans-Atlantic Flight -- All the scary details...
View Single Post
  #4  
Old October 2nd 06, 08:36 AM posted to rec.aviation.piloting
[email protected]
external usenet poster
  
Posts: 195
Default NW_Pilot's Trans-Atlantic Flight -- All the scary details...
Ron A. wrote:
A more experienced pilot who had studied the aux tank system may have
been able to mentally diagnose the cause of the fuel venting. But
Garmin's role in this incident is unforgivable.

Garmin needs to wake up! To have out-of-bounds sensor inputs reboot the
system continuously, especially something as unreliable as fuel sensors,
is horrible system design.

I agree that continuous rebooting is a bad idea. Rebooting _once_ might
help, but the screen and/or manual should present it along the lines of:

"One of my inputs is flaky. I can ignore that input and keep going with
reduced capabilities, OR I can try rebooting to see if that clears up
the problem. There is no guarantee that rebooting will help, and there
is no guarantee that I will be able to keep going with reduced
capabilities after the reboot. What do you want to do?"

The idea of rebooting to fix an embedded safety system is not that great -
it shouldn't get into that state in the first place. But I think the
option should be there. If you want to work under the assumption that
you might get into an odd state, probably a better plan is to somehow
announce "I'm confused, but I'll keep going" and give the pilot the
option of rebooting by cycling power, rather than going into a reboot
loop on your own.

At work, I sometimes help engineering students who are trying to design
a (road) vehicle control system. If they are new to the subject, they
tend to want lots of lockouts and "clearly, this is always an illegal
condition" cases. I have had to give examples like "so, what if the
computer control of the 5-speed transmission decides it knows best and
cuts your thrust, right when all you can see in the rear-view mirror is
a huge chrome RENILTHGIERF"? The idea I try to get across is that a
large percentage of the time, the driver will have more information
about the situation than the computer will. Whether the driver acts
appropriately based on this extra information is a whole other
discussion, but at least the possiblity of doing the right thing is
there.

Sometime before early 1989, one Cal Keegan summed this up quite
succinctly: "It's not just a computer -- it's your ass."

Even Microsoft has awakened to this. They now have fewer browser bugs
per year than Firefox.

Hooray! Let's run airplane computers on Internet Explorer.

Matt Roberds