It's hard to imagine how safe US passenger airlines have become. From the start of 2002 to now, there have been only 115 airliner fatalities in the US. That's 8.7 deaths per year. That's one death per 68,965,517,241 airline passenger miles flown.
It's an incredible human achievement.
I make a hobby of reading through NTSB avaition an maritime accident reports. It's a fascinating look at how to create almost failure free systems out of mechanical things that break and humans that do stupid things.
Since few accidents happen in the cruise the more useful measure is fatal accidents/1m departures rather than hours or miles. In 2013 it was 0.16/1m departures for jet airliners[1]. If you took two flights a day it would be, on average, 8,200 years before you were involved in a fatal accident and you would have a 80+% chance of surviving that.
A fatal aircraft accident is one with a death. But most "fatal" airline crashes have only a few deaths. Take the recent AsianAir crash in San Franciso. It was a "fatal" crash, but only four of the three hundred some people on the aircraft died.
It's a fascinating look at how to create almost failure free systems out of mechanical things that break and humans that do stupid things.
Normal Accidents by Charles Perrow is a great book on the topic of how to put together complex systems that are forgiving of user error: http://en.wikipedia.org/wiki/Normal_Accidents
An interesting facet of this is that even though the death rate is extremely low, the authorities still want to get it to zero. And it's becoming really hard, because failures are no longer happening often enough to be able to analyze them properly.
I'm sure it is more difficult, but you should be able to measure significant non-fatal events.
For instance hospitals (and some industries) measure sentinel events [1][2]. Sentinel events cause death or serious permanent injury, or events that could cause death or serious permanent injury.
The US instituted what's called the 'Aviation Safety Reporting System' in the mid-1970s, which is a program administered by NASA. Any airline employee can file confidential reports about near-misses or other safety issues to an independent party, which then analyzes and aggregates the info to make safety changes.
I think it's a large part of why the US airline industry has become so much safer over time. Having a lower-bound number for altitude overshoots or communication problems is immensely useful for policy.
The general ASRS reporting form can be filled out by almost anyone, not just an airline employee. Most typically it's pilots, including general aviation pilots.
Exponentially harder it would seem and with less and less feedback, my guess is that the numbers will oscillate around some local minimum until there is a paradigm shift in travel technology.
Rational decisions are made when you weigh costs against benefits.
This sounds like focusing only on benefits and ignoring costs. That rarely leads to good overall outcomes.
This is a very useful mental error to be able to spot. A very common argument is "X has a clear benefit, so we should do it!". The benefit is absolutely real, but you also need to look at the costs to make a good decision.
Another failure mode is risk aversion. If the FDA approves something that turns out to kill 1000 people, they get in much worse media and political trouble than if they don't approve something that would have saved 1,000,000 lives. So they focus hard on costs and less on benefits.
You cannot state that without saying how much is spent per passenger or per mile traveled and the marginal cost in lives of a dollar saved there.
A similar line of reasoning would be “In this developed country that I live in, no one dies from being poisoned by tap water. I oppose this massive overspend on making tap water potable! The resources used to reach this absolute would certainly save more lives per dollar elsewhere”.
How much would we save my making tap water less potable? What would be the consequences if we did?
Sometimes, absolute safety or near-absolute-safety is within reach and is the sweet spot for smart engineering.
Isn't that a bit like auto accidents vs motorcycle accidents? Although closely related, one mode of transport is inherently more dangerous. And that more dangerous mode is only used by a small subset of the population.
Yeah it's absolutely amazing. Because there's so few accidents now, and so few that need serious professional NTSB analysis on, I've heard the FAA is trying to turn to self-reporting on accidents to help build out the picture of aircraft failure modes. They've apparently established a complex system of self-reporting combined with deidentification in order to encourage people to provide data.
I think this is a bit of an unfair comparison. Sullenberger had 3000 feet at time of engine loss and Transasia had a max altitude of 1050 feet, and lost the first engine at around 3-500 feet. Yes it was their own fault but no engines at 1000 feet is a different story than 3000, and you could even argue that single engine failure just after takeoff requires more taxing immediate action - possibly especially in a turboprop where I think you have to feather.
Also, as the article mentions, the river is much less suitable for ditching than the Hudson.
*edit apart from the comparison, I think it's a pretty good article.
It is an unfair comparison but not in the way you suggest. Sullenberger was going to have some sort of plane crash, he didn't have any good options, he was over Manhattan without the ability to reach a runway by glide and no engine power.
By contrast the Taipei flight has a perfectly good working engine and should have had no problem reaching a runway and landing with minor drama at worst.
There is no question that losing an engine in a twin prop plane on takeoff is among the more gnarly problems you can have but there is absolutely no reason the plane had to depart from controlled flight.
It is pilot error that caused the deaths of dozens of passengers, period. Without said error that plane would have been able to land at an airport and taxi back to a gate.
Although it happened on takeoff, they were at about 1000ft, so it's not an immediate "do or die" moment. They should have been trained to calmly identify the failed engine before feathering it. Many high-time pilots say that the first thing you should do when an engine fails in cruise flight is absolutely nothing. You need to relax and calmly assess the situation. Although they weren't in cruise, they certainly had enough altitude to be able to take 10 seconds to calm down and properly identify the problem.
Gnarly single-engine loss in commuter turboprops is fairly common (for a rare failure). They often happen in climb outs but thankfully there's usually more altitude.
Air Canada Jazz had 6 engine failures (plus 2 more problems) in the last 12 months across their DHC8 fleet (I fly with them once a month on average and never had a blip, thankfully.)
> What’s the difference between Sullenberger, who was able to innovate solutions in the face of imminent death, and Liao, who apparently panicked and shut down the wrong engine?
They mentioned Sullenberger's experience, but he also had more than twice the altitude when he lost engine power. Still an emergency, but he had a bit more time to think about it.
That's just the thing, though: Liao had all the time in the world to think about it. There was no imminent danger, until he created it. Losing an engine on takeoff is a bona fide emergency, but the only immediate actions you need to take are to keep the airplane straight and keep your speed up. For everything else, you can take your time and analyze.
Sully, on the other hand, had a minute or two before he was going to run out of altitude, no matter what he did. Every moment counted there, in a way that it definitely didn't count in the Taipei crash (until the pilot made it that way).
That was my observation as well, the two incidents were completely different, loss of one engine at take off, and loss of both engines a little further into flight. IMO the author commits a disservice to the Asian pilot for not making this explicit.
This video [0] of a bird strike on a 757 always makes my heart beat faster.
For the first time, I just counted the timing. Bird strike is at ~10 seconds. Pilot waits until ~20 seconds to call "Mayday". Only at ~32 seconds does he shut down the damaged engine.
If the Taipei pilot had taken the same time to get his bearings before acting, everyone might have survived.
In terms of the value of training, I love how cooly the air traffic controller responds to the Mayday.
It is indeed, but according to the article, the Taipei pilot had five thousand hours of flight experience. If five thousand hours of experience is not sufficient answer, it's time to reevaluate the question.
There's more to experience than just time. Variety counts for a lot as well. Sully, for example, had glider experience, which was certainly helpful when his Airbus suddenly became a glider.
There's a saying in aviation that one pilot may have a thousand hours of experience, while another pilot may merely have a hundred hours of experience repeated ten times.
Capt. Sully is known for being involved in aviation safety before Flight 1549 put him on the front page. It was like decades of training and experience, was leading up to that one day in January 2009 when Flight 1549 was able to land safely in the Hudson.
Some career pilots have very little stick-and-rudder (& thrust lever) experience, and fly on autopilot for thousands of hours. Shutting down the wrong engine is either very poor piloting, or a systemic training issue.
I'm not sure about it being poor piloting or bad training to shut down the wrong engine. My kind of flying involves no engines at all (I'm a glider pilot), but my understanding is that shutting down the wrong engine after an engine failure in a multi-engine airplane is a somewhat common mistake. Experienced pilots do make basic mistakes, sometimes even more often than inexperienced pilots, because they let their guard down.
I believe the true failure here wasn't shutting down the wrong engine, but trying to shut down the bad engine at all while still so low. Shutting down a failed engine is not a priority. It can windmill and tear itself to shreds for a little bit while you keep the airplane flying, get to a safe altitude, and figure out what to do. Multi-engine pilots I've talked to about this have said that it's standard procedure not to shut down a bad engine below a certain altitude, precisely so you're not screwed if you go for the wrong one by accident.
A common cause of aviation accidents is a pilot responding to an emergency by making it worse. A safety class I went through recently presented a case where a pilot thought he was low on fuel, decided to land at a nearby airport, botched the landing by coming in high, fast, and downwind, and crashed off the end of the runway. Turned out the fuel gauge was faulty. There's a famous C-5 crash that's similar to this Taipei crash, in which an engine failed, the pilot shut down the opposite engine by mistake, and then botched the landing because he flew as if he still had three engines instead of two. A semi-frequent cause of glider crashes is a pilot failing to lock their canopy which then comes open in flight, and the pilot tries to fix it instead of flying the airplane. They key isn't to ensure you do the right thing fast, but to make sure you prioritize and don't do anything fast that isn't immediately necessary. Engines fail? Find a spot to land, right now. One engine fails? Keep climbing and breathe, then take your time to decide what to do next.
For turboprop aircraft, if the engine is producing power (eg. oil leak) then keep it running until at a safe altitude. If the engine isn't producing power, then the prop may need to be feathered to keep the aircraft climbing.
Certified passenger turboprop aircraft (ATR-72 included) should be able to maintain altitude, without feathering the failed engine.
I was thinking of British Midlands flight 92, where an experienced crew that were new to the 737-400 misread the vibration instruments, and shut down the wrong engine, at altitude. Poor training on the -400 differences was a major factor.
Experienced pilots do screw up occasionally, but good CRM usually avoids a mistake snowballing into a fatal crash.
In a Cessna 150, I had the window come open on takeoff. Same aircraft, same instructor, same thing happened to my dad years before. He told my dad to "Fly the plane".. I knew not to close the window until at a safe altitude. He just smirked a little.
>where an experienced crew that were new to the 737-400 misread the vibration instruments,
That's not quite what happened. The vibration instruments on earlier models were known to be unreliable, so the pilot tried to figure out which engine had failed using other indications (I forget which).
When building reliable systems, you expose them to simulations of as many failures as is economical. It's not clear how many failures the pilot dealt with in those 5000 hours. Proper simulation teases out faults in handling failures with a high success rate in many situations. Maybe it will become clear that the training regime could be improved for this airline.
I have thousands of hours experience behind the wheel of a car. But in an emergency, I'm still likely to do the wrong thing because I have very little experience with driving emergencies or driving at the edge of performance.
FWIW - most car clubs offer "precision driving" or "autocross" events where you can explore the limits of your car. You may want to look into it. It's actually a ton of fun.
I've done that, and you're right, it's loads of fun. A few hours of instruction, however, will not make you competent at handling a car at its limits. One thing I did learn from those classes is how poor a driver I (and nearly everyone else) am.
There is - experience in critical situations of similar nature. Experience makes it less severe and more manageable. Couple personal examples.
I did teakwondo and kickboxing. When I was starting Teakwondo (~16 year old) first sparrings were dominated by fear and anxiety. I didnt know how to act, what to expect, I was physically shaking. Fast forward few months and I was in control, anxiety turned into excitement, fear into caution. My body and mind learned to use that sudden adrenaline injection to my advantage. Two years later I moved to kickboxing. Its very different sport, more violent, faster and can be significantly more painful in the ring, nonetheless my experience from teakwondo translated perfectly. Since then I had couple of dangerous situations on the street (drunk idiots, football fans etc) and again I was in control of my body and reactions, my previous experience of being punched repeatedly in the face inside the ring helped me stay calm :)
Second example is virtual. Eve Online is a space themed MMO. Everything you own in the game has to be earned or paid for with real money, and all losses are persistent and final. Someone kills your ship worth two months of heavy missioning? its GONE forever. This design choice makes Eve Online the only computer game inducing real fight-or-flight reaction that I know of(outside tournaments/leagues). Losses can be as small as 10 minutes of your time (couple of cents), and as severe as $1000 blink mission ship you spend whole last year to build. First PVP fights in Eve were exactly the same as my first sparring 10 years before :) heart pounding, hands shaking, sphincter gripped tight etc :) and mistakes ending in expensive wrecks. It took some time and experience to fully take control of the situation.
Can write something about bike riding(crashing), but it will be the same story again :)
I wonder if pilots with military background, trained in battle sims in high pressure situations, are significantly better at handling emergency. My own experience makes me think definitely yes.
Motorcycle riders have the same issue. On a sportbike, if you enter a turn and your radius is not tight enough you will exit pavement before the road/track straightens.
Human instinct is to slow down, but on a bike this will have the effect of widening your turn radius—totally counterproductive. To tighten the turn radius, you need to accelerate and lean in (which you can do unless you're already dragging a knee).
I'm sure there are a million examples but I find snowboarding very similar. If you're going too fast the instinct is to lean back but that makes it extremely hard to turn into the mountain, but if you lean forward you can take the weight off the back foot and whip it over to turn into the mountain and weave some of the speed off.
Or when you're on ice and you really want to turn but just have to keep going straight until you hit a patch where you'll get some grip from the mountain cover.
yeah, I learned this very quickly when I started skiing.. lean back when you feel like you're going too fast and it's out of control time. I overcame that instinct very quickly!
This is kinda exactly what I was NOT meaning. You're talking about ways of handling the "known unknowns" - trainable scenarios. The article already talked about that. I'm talking about taking the whole issue off the board, including the "unknown unknowns", that you can't train for except in the most general way, by shutting the fight-or-flight mechanism down completely.
Oh, stopping chemical reaction somehow? Sure, you can do that today with beta blockers. On the other hand that adrenaline injection is a good thing, imo its better to learn to cope with it than fight it.
I think the explanation that physiology is responsible for this accident is questionable. The Taipei pilot made a mistake in an emergency - a situation where a decision has to be made in a very short time. If a computer algorithm needed 60 seconds to compute a result, but it was needed in 10 seconds, and that result ended up being wrong, what would you blame? Reducing the time to solve a problem will decrease the accuracy of the solution. It's a logical constraint, not a flaw in evolution.
Beta blockers are exactly what you want, but note that they can only provide a moderate level of effect; taking more could do bad this to blood pressure while the anti-panic effect suffers rapidly diminishing returns.
I found this out by accident after being prescribed a beta-blocker for typical blood pressure reasons while I was trying to deal with some panic-attack issues that were serious enough to need a mild benzodiazepine. After starting the beta-blocker, the need for the benzo just went away. While the benzo was effective at blocking part of the recursive/positive-feedback loop of panic, the beta-blocker was much better at preventing the feedback loop from forming at all.
Later on, a friend of mine who attended RISD mentioned that the drug of choice that was sought by all the art students was beta-blockers, so they could present their projects without all the stage fright.
/* obDisclaimer: This is not medical advice. Taking any drug can be dangerous. See a real doctor. etc */
Very interesting - also apparently the drug of choice for many musical performances as well. I've read that it doesn't necessarily calm your nerves, but rather prevents the all consuming fight or flight feeling from manifesting, ultimately curbing something like a panic attack.
Trying to explain aircraft accidents is hampered because the sample size is so small (literally anecdotal they are so infrequent), so making "inferences" about general rules from this is really unlikely to work. However, the psychological and social utility of explaining disasters to create the illusion of control is something which works. Also the investigations by the FAA and other bodies create reforms which improve safety. It somehow makes it easier to deal with if tragedies can be "resolved" by understanding what caused them, I guess it's part of the way that communities deal with tragedy. The ancients explained it by inventing elemental gods. We explain it with "rigorous investigations". I suppose because we're wired to try to learn from things which are dangerous, because that might help us survive.
Also, as tragic and sad as the crash in Taipei is, the swerve of that little yellow car in the dashcam still, and imagining the occupants' reactions as a they swerved to avoid the plane that was crossing in front of them, is quite priceless.
Exactly correct. It does result in safer travel, and worship of idols probably does not result in this! So there's a mix of tangible and intangible utility. :)
The entire public discourse of investigation, of which the actual result producing investigation is just a part, serves a narrative purpose akin to the ancients' gods. To some extent there's a spectacle of rigorous investigation and explanation in public discourse, and to that extent it's like worship for harvest. It makes us feel things are getting better when perhaps there are areas where we have little control. So there's a social utility and an engineering utility. That's the thesis anyway! Maybe it's all social or all engineering, tho I think each of those less likely than providing both.
I wonder why it wasn't possible to restart the mistakenly shut down engine. The article states that in first seconds after the shutdown, the pilots were unaware of their mistake. They then noticed the plane stopped climbing and actually went down even when pulling up the nose (which is counterproductive in that situation).
How long would it take to restart an engine and gain speed again?
You can't always restart a turboprop in flight. You need enough air moving over the blades (e.g. you have to be moving fast enough). How much airflow depends on the engine; every one is different. If you've got the airflow, it doesn't usually take very long but spooling up turboprops to the point where you're generating lift isn't instantaneous. More importantly you have to identify the issue, figure a remediation plan, and execute before you hit the ground. It's how much time you have before you hit the ground that's generally the limiting factor.
Proof, yet again, that computers should be flying planes.
Humans are absolutely terrible at two kinds of tasks: 1) boring, rote tasks that require continuous attention for long periods of time and 2) high-stress, quick decision bursts.
As a pilot myself I can tell you that in EP there are really only a handful of criteria you look for when determining a place to land:
1. Minimize risk of ground personnel
2. Minimize obstructions between air and ground (ie. poles, trees and wires are bad)
3. Maximize straight and flat ground
4. Maximize featureless ground
etc...
Given where Newark is, and Sully's flight condition, there was really only one place that would show maximum differentiation in human density and allow for landing: Hudson. The trick is knowing how to land on water with *a passenger jet - something remarkably simple to compute given environmental parameters (CG, load, wind, etc...) and a few simulations.
As was rightly pointed out, the key to success here was calm - something Sully learned starting at the USAF Academy (I'm a fellow grad as well, shout out where you can take it!) and was what let him do computer level calculations so quickly.
Well it did. One of the (probably lifesaving) actions that Sullenberger did was to deploy the RAT which meant electrical power was maintained. This was not a checklist item, merely something he though useful. This meant the computers were still firmly in control when the aircraft ditched and the stall protection they gave certainly helped the ditching.
Interestingly after the accident the NTSB and Airbus made a number of ditching simulations and it showed just how hard it was for pilots to achieve the correct entry mandated by the ditching certification (minimum speed, -1 degree approach). However one pilot, an Airbus test pilot, managed to do much better than this by levelling out at high speed and very low using the radar altimeter. He the allowed the speed to decay until the aircraft touched the 'water'. This unusual proceedure probably couldn't be done by many pilots but it could be done by a computer.
I think the RAT deploys automatically. The flight computers most likely run on a backup battery for a good while, but without the RAT there'd be no way to even move the control surfaces.
For the Hudson, interesting question. Probably you need humans in that loop. However, you can probably preprogram the scenario (I recall that Sullenberger actually did practice it).
For TransAsia, the point is that a computer wouldn't have needed to land. It still had engine power and could have moved the plane to a stable situation.
The problem is that the TransAsia-type pilots and situations far outnumber the Sullenberger's.
Capt. Sully actually did practice glide landings in the simulator after a dual engine failure after takeoff. He had expressed concerns about bird strikes before. It was thought that the chance of both engines being destroyed (engine core failure) was minimal. There are plenty of cases where an engine with a damaged fan blades keeps producing some thrust until shut down.
One thing that most people don't realize is that if Capt. Sully had lost one engine, and turned hard into the dead engine to return to LaGuardia, chances are he would have crashed. He made the right call to confirm (dual) engine failure.
Its also well known that a controlled crash landing is better than trying to stretch the glidepath, and loosing control.
I suspect that "automated" airliners will be programmed with crash landing areas for the 0.00001% its actually needed. There was a mishap when a F/A-18D crashed on final, both engines out, and its theorized that if the pilot had flown the pattern higher the jet would crashed away from the houses. A lot of factors lead to the crash, and 4 people in the houses died.
Of course, flying dead-stick instrument approach with low clouds is almost unheard of.
> The problem is that the TransAsia-type pilots and situations far outnumber the Sullenberger's.
That is a huge problem. A lot of training programs are very scripted, regimented, and do not encourage pilots to make decisions like intentionally putting a jet into the water.
NASA trained the shuttle crews for unrecoverable situations (that don't result in an emergency landing) so the crew would still keep functioning and hopefully bailout.
If there were an infallible procedure for a computer to detect which engine is malfunctioning, the fly-by-wire system could already refuse to switch off the wrong engine.
I don't see why this is an argument for full automation.
The same way a human does: by assessing all the options, running little simulations to see which is the best one, and then picking that one. When you're over a densely populated area and lose all power, landing on water is kind of a no-brainer actually because all other possibilities lead to certain disaster.
Sorry, I was being a little fast and loose with my terminology. If you really lose all power in a jet you're simply screwed. But that never ever happens, unless you have the kind of catastrophic failure that makes power loss the least of your worries. Losing all power means losing all engine power. You still have many layers of backups that keep the flight control surfaces and avionics working even if all the engines quit.
Nothing fast and loose about it. "Lose all power" is a perfectly normal way to mean all of your engines quit. "Power" in an airplane refers to propulsion by default.
And just to be clear, if you somehow lose all electrical power on a modern airliner you are completely screwed no matter what or who is flying it, because the controls won't work anymore. The pilot, whatever its nature, immediately becomes a passenger.
This is the problem. In an emergency, you need a trained and experienced pilot who can find a way out. If you replace pilots with computers (well, software), even if you have a pilot sitting there, they will have less experience (because they just sit and watch) and they'll have less immediate understanding of a situation when they're called upon to take over the controls.
Computers are terrible in situations they have not been programmed to handle. Many aviation accidents are the result of edge and corner cases, sensor failures, unknown engineering flaws, etc that would be hard to account for in software
An indication but not proof. Bugs and unexpected situations can trip up software and hardware just as easily as people. A New Zealand Air checkout flight crashed because some sensor froze (as in ice) and fooled the computer into thinking the plane was level. The pilots failed as well as they assumed the computer could handle the issue.
Perhaps more appropriately aircraft automation needs to continue to advance. Planes have had the ability to fly through almost every phase of flight on their own for some time now, but there has been relative slow advancement in automating response to failures. In this particular instance, the on-board computers know which engine has malfunctioned and have every piece of knowledge necessary to compensate. Why don't they?
I'm a private pilot and I've always wondered if planes flying could be the first instance of a computer taking direct action to end someones life. What I mean by that, if a plane encounters a bird strike like in 1549 (sullenberger) and the computer evaluates the options of where to ditch if it can not return or find an alternate area. I assume it will try to minimize the total loss of life, both ground and passengers. Would the computer choose a less populated place that had a lower probability of success than one with a higher chance of success but potential larger loss of life if something went wrong? Self preservation is a powerful instinct for humans, and I don't know how I feel about this problem.
To address this case you would have to be able to design a system that could reliably detect a bad engine. This system would have to not cause false positives.
Note that bad engines do not always stop. Often times they are just on fire, or are vibrating, or losing pieces ...
> Proof, yet again, that computers should be flying planes.
If the computer piloting the plane was designed by the same criteria -- economics -- as the plane was, it'd have pretty much the same crash rate per passenger * mile. It has everything to do with managing costs and acceptable risks, and not some inherent insafety of flight. An airplane can be made just about as reliable and reliable against pilot errors as you want. The technology is there, has been for decades, it's only matter of costs and performance.
The crashed plane was a two-engine model, designed so in case of one engine failure it could still fly safely. However, the margin of safety was small enough that once the wrong engine was throttled back, the plane became uncontrollable before the engine regained enough power. Spinning up engines takes certain, well-known, time.
It'd be entirely possible to design and build a plane that would handle such accidental throttling gracefully. All you need is one more engine, or larger wings giving more lift at slow speed and thus allowing it to remain in the air long enough to recover.
The crux is the airlines choose not to go for either option simply to cut costs, accepting lower safety margin.
Now consider fully automatic plane flown by computer -- designing and debugging a robust hardware/software solution is very costly.
Especially when it comes to handling tricky, rarely-occuring cases, like unexpected failures. Throw in both cost of handling of multiple versions of planes -- different engines, different avionics, and handling of flightworthiness reduced by wear and tear. Also attach the risk of mismatched configuration, with no experienced pilot inside to spot the problem.
In the end, the amount of money spent on development, and the level of redundancy of software/hardware autopilot would be dicated by cost-cutting and going for what the airline deems acceptable risks.
The computer pilot would be just as (un-)safe as human pilot, for the reasons of economics. Safety is calculated and kept per passenger * mile, not dictated by current technology.
>If the computer piloting the plane was designed by the same criteria -- economics -- as the plane was, it'd have pretty much the same crash rate per passenger * mile.
This is pure absurdity. How can you insist that economics of software development equate to the economics of human labor?
Economics drives everything but one of the main points of software development is the economic advantage it brings in terms of skill and cost.
All things considered, software is cheaper to be skilled, and economically speaking, will always outperform equivalent modern-cost human labor at these tasks. Dollar for dollar at scale, at least.
Software isn't perfect but if it wasn't economically superior to human labor none of us would have a job right now.
You are only looking at the economics of accidents which are very rare. Economics also exerts a powerful influence on operations and with modern airliners with supercritical wing sections they can really only achieve optimum efficiency for hours on end on autopilot.
This is badly misguided. It is true that design is a series of trade offs. At a certain point adding an extra safety check will not be worth the cost, whether that cost is in terms of dollars, complexity of the system, or something else undesirable.
However, there is absolutely no reason to assume that different approaches will arrive at the same trade offs. Of course a software pilot has cost/benefit trade offs, but they could potentially be more favorable trade offs than you get using a human pilot. The entire point of improving technology is that the balance of trade offs gets more favorable.
A "training issue"? So, every pilot needs 30 years of experience and 20,000 hours and be a flight-safety expert and be an avid hang-gliding enthusiast?
Good luck finding pilots. And how do those pilots get that 20,000 hours?
Humans are bad at some tasks. This is an example of one of them.
Some things are hard, if you're moving to fully automated flying, you'll might just end up shifting the "training issue" to the hardware and software engineers, while removing the factor of "human intervention" in case of a fatal failure, and these happen: http://www.flightglobal.com/news/articles/sensor-icing-caugh...
There was a similar issue in November of last year on flight to Barcelona, luckily, the pilots managed to restart the systems just before 150 people would have died.
Sure, but there's the same problem with computer pilots: how do they establish a tremendous track record of safety such that people won't freak out? I don't mean "rationally decide that a computer flying is better than a person" but instead, emotionally accept it's a better idea?
The odds in traditional aviation are pretty good these days; better than driving. But nobody wants to be the first person to be killed by a computer pilot. Acceptance is going to be a tough road.
People have already been killed by computer pilots to various degrees. For example, that Helios flight that flew circles on autopilots after the pilots lost consciousness, then crashed because the computer wasn't programmed to land. Or incidents where airplanes have collided because they were put on the same path at the same altitude in opposite directions, and the autopilot held the course so precisely that they banged into each other, while a human pilot would likely have missed. Or the Air France flight that stalled into the Atlantic because the computer averaged the inputs of the two human pilots, preventing them from knowing that they were contradicting each other.
Like autonomous cars, autonomous airliners have been steadily sneaking up on us for a while, and the first fatalities have already happened. It's a smooth function, not a pure on/off.
I guess what I'm referring to is the idea that there are no people in the cockpit at all, or even that there isn't a cockpit anymore.
We've had tremendously advanced autopilots for a long time, but there have always been people up at the front, supposedly in charge.
It's the difference between getting on a bus with a guy in the drivers seat who has auto-braking so he doesn't accidentally rear-end someone and getting on a bus with no driver at all. People are OK with the first, but less likely to be OK with the second.
I'm not saying it's rationally correct for people to behave this way, but they do behave this way.
I think you're right, but I think the distinction between "killed by a computer flying an airplane" and "killed with no human in the cockpit" is important.
For one thing, I think it means the transition will be easier than most people fear. As we get more and more automated, we'll start making entire flights from gate to gate without human intervention. At some point, somebody will say, "It's been three years since the last time a human airline pilot actually did anything, so clearly you're all comfortable with being flown around by a computer, let's take that final step" in a convincing manner.
That's the dumbest thing I've ever heard. Computers are bad at high-stress, quick decision bursts when they aren't exhaustively accounted for in the programming. If you've ever done any real-time process control you'd know that. High-stress, quick decision bursts are the ones that kill you, not the boring, rote ones.
It's an incredible human achievement.
I make a hobby of reading through NTSB avaition an maritime accident reports. It's a fascinating look at how to create almost failure free systems out of mechanical things that break and humans that do stupid things.