I must admit that I find it hard to believe that, with all of the technology available to us today, we can completely lose track of a 777 airliner for goodness sake!
I think one problem is that a lot of the systems we engineers designed originally were not created with the thought of malfeasance in mind. Having said that, since the 9/11 infamy, I would have thought it would be mandatory to equip aircraft with something that kept on transmitting its GPS coordinates every minute or so and that could not be disabled from within the plane itself.
I'm actually not so surprised, in cases where the plane is flying over an ocean. The only long range link that works in cases like that would be satcom, but there's no guarantee that the entire oceans are continuously covered. Over land, and even on crossings between North America and Europe, airliners should almost always be within range of some ground control. But the southern hemisphere has gymongous expanses of ocean.
@Max: As I have learned from the recent discussions, ACARS (Aircraft Communications Addressing and Reporting System) does the same kind of communication that you have mentioned. But I am not sure, when that system was last modernized. I understand in the aviation industry technology progresses at a slower pace as the "proven-in-use" technologies are adopted and newer stuffs goes through a lots of certification process to analysis unless the failure-modes are well defined and proper preventive & protective measures are taken. But this kinds of incidents drive us to re-think: could we improve anything?
There was a discussion going on this subject on the news channels yesterday eveing and one of the panelist told that no one will ever come to know about what happened to this airline. He was saying since 1948 there are 82 planes that went missing and there is no data found on what happened to them and this is going to be the same case.
People are notoriously bad at assessing personal risk, letting what they hear color their perceptions. To worry about the 82 planes and not the thousands of people who went missing in the same 65 years for other causes is a typical case in point. Ask a life insurance actuary: disappearing on a phantom airplane isn't even in the top 10. Given that 99.7% of Americans die in bed, maybe we should all give up sleeping. ;)
Leading causes of death in the US -- Cancer, Heart Disease, RX Drugs -- all very likely to to die in bed in these scenarios -- maybe a hospital bed, but a bed.
Airliner's are all about managing a large number of risks for a few short hours at a time --we can't even breathe at those altitudes, but given this there are many other risks in building and operating an aircraft. Worker's involved in making parts for the aircraft face many risks that make them more likely to die of cancer -- rare and exotic metals, and materials must be alloyed, forged, and machined and cut -- all of which can cause toxic symptoms in the people doing the work. Automation and technology is helping reduce these very real risks that are a part of every flight's success or failure. These worker's may die in bed after 20-40 years on the job -- basically due to lack of sufficient technology to minimize the myriad of manufacturing and maintenance related risks -- this seldom makes the news, but is a very real risk -- maybe even for those of you living in the same community as manufacturers of high tech aerospace parts -- waste products can find their way into the air, water, and soil and impact everyone in the community.
ACARs was upgraded from something like 2400/4800 baud to 33K-baud in the late 1990's -- to about 2005 -- it only works within about 120-180mi of the land based ground station - after this depending on what the airline has paid for and what unit's are powered on in the aircraft the data is re-routed via SATCOM -- as this airliner normally only flew shorter distances over water, and the airline was under-water financially it might not be that un-common for the SATCOM routing to be turned off in the aircraft configureation. As more than one ACARS transciever is normally carried, and the data stopped all at once it might be the case they were switched off.
Max, admittedly there is a GREAT deal of inertia in the "design requirements" portion of avionics for commercial flight, but don't forget that most of the time the "mindset" of the designers of this equipment has served the commercial airline industry, the flying public AND the equipment manufacturers fairly well. But yes it IS slow - I had the privilege of working on a clean-sheet "engine control" (they call it a FADEC) for a brand-new small jet engine design (well actually there were two, but the hardware was pretty similar) and the overall effort ran about FIVE YEARS on the calendar before final signoff (and NONE of the participants felt like they were "dragging their feet")! I think you'd have to look on it more like the "old days" at Western Electric designing equipment for the phone company, in that situation the premise was you wanted to be capable of amortizing any particular piece of equipment over 40 years, the aircarft industry may not look QUITE that far out but it is definitely more of a "long term" view. One of the reasons is in this field neither the hardware nor the software engineers actually "conceives the box", they simply implement the requirements of the RTCA specification for that avionic function, they DO get to pick out the chips and connector pinouts and so forth (subject to a lot of preconditions) but many of the signal definitions and flows and such that will interface with the rest of the aircraft are fairly "cast in concrete". So for example the focus in the wireless protocols tends to be towards narrowband AM because its characteristics are widely known and studied, and also because it uses bandwidth sparingly under high-traffic conditions where we still don't want safety to be compromised.
One of the aspects that I think has served quite well which MAY not have been "fully thought out" in advance is the vast majority of the architectures that get approved for this type of service (particulary at the higher safety levels) are executing code out of flash (or in the prior generation, EPROM) so AT LEAST we won't have to worry too much about "virus-like" issues (because generally program space contains little or no actual RAM that such a creation could be loaded into)! Remember even GPS was originally designed exclusively for military use but it certainly has "worked its way into" the aircraft via standards like DO-229 (for which I wrote the RTOS for the first successful commercial implementation of the airborne receiver, and the company for whom it was designed went on to power Garmin's successful push into avionics). Now no doubt it will be possible to "retrofit" some new concepts into this general "mindset" (like what was done to reinforce the security of cockpit doors after 9/11) but we need to take "all due diligence" before we start making wholesale short-term-minded changes to these systems that have served us so well for so long.
Just as plausible an explanation is part of the fusalage blew out taking some of the avionics, as well as some of the oxygen system with it over the course of a few minutes -- maybe the pilot can start a turn and descent before blacking out -- after which the plane goes on the new heading out into the middle of the indian ocean and runs out of fuel -- IM apps on phone networks are not really robustly coded, and can leave stale data till the SW timers time out. The other thing to remember is that not as many people in aisa have smart-phones with apps -- due to a variety of reasons -- this may leave fewer bread-crumb trails to follow.
Apparently not a possibility? The BBC was reporting yesterday that ACARS was switched off BEFORE the last message from the airliner, "All right, good night," and that the radar transponder was switched off shortly after that. And there was a third satcom signal that continued to transmit for hours after that. So that's why the catastrophic failure possibility is being discounted.
Depending on the location in the avionics bay there could have been a thermal issue(such as loss of cooling airflow) that caused systems to drop off-line without the pilot knowing it immediately -- another issue that one has to consider is if there was an issue with time-synchronization at the various and scattered ground based sites. Another item to remember is that each of the systems is in a different RF band and due to atmospheric conditions may reach the limits for range imposed by the atmosphere and curvature of the earth at different times (Even a satcom operating in spot beams is affected by this) -- there are many many details like this that do not show up at a first glance -- most things that do cause loss of an aircraft involve multiple things going wrong at the same time -- look at the dehavland comet -- several of these were never found -- it was not until the manufacturer did pressurization fatigue testing to simulate the number of hours and cycles the fleet had reached and the test article failed that they knew they had an issue.
Well, indications available so far seem to suggest catastrophic failure is out of the question. These include the continued satcom signal and the radar tracks (after the transponder went offline).
The real problem is that some of these details were not divulged until this past weekend and yesterday. So all I'm saying is that the theories of what might have happened need to incorprate the new data.
On the catestrophic failure -- unlikely but not impossible -- There have been airliners with 12 foot long chunks blown out of the passenger compartment, and several seat-rows pulled out into the air that continued to fly either to landing or hundreds of miles from the point of failure, as did a 747 with structural failure near the tail -- depending on where a failure or intentional damage occured many possibilities exist -- The 777 is a pretty robust aircraft when it comes to staying in the air, with many critical systems replicated 3, and 4 times in many cases. Given this, normally there is normally only one Transponder, only one radio is normally routed to the ACARS, and the aircraft only carries one SATCOM. If the airline purchased an HF Data-Link system that also should have continued to respond along with the SATCOM out over the ocean, periodically checking in with it's network, so a bit of a mystery there. Also the articles do not say if the ACARS and Transponder were powered down via the controls (sends a final status indicating a controlled disconnect ) or just stopped sending signals due to any one of many reasons, (power interuppted, breaker pulled, RF conditions or others) The NTSB is very experienced here in the US, however there is no international counterpart for these overseas incidents, and a smaller country with limited local aerospace presence may be stretched too thin to capture all the details
There's 2 transponders on all commercial aircraft with a dual control head in the cockpit. Circuit breaker or simply turning the unit off is possible anytime the pilot wishes. The control head allows selecting either system if the other fails. It's also tied into the TCAS system. It would be possible to relocate the breaker and tie the power sw into the air / ground mode system leaving the crew the only option of switching between failed units. They could always physically destroy the control head which could cause it to stop transmitting. Bottom line is the pilots, mechanics are supposed to be cleared and trusted. You can only engineer so much. You have to be able to trust the people in safety sensitive positions. Maybe its time for deeper background checks and reoccurring physiological screening.
There's a big "DUH" here: this was an AIRPLANE, where 1. No cell phones are supposed to even be on, and 2. there isn't any cellphone infrastructure in the middle of an ocean. In a case like this, ALL cellphones and other electronics using that technology are DUMB. I thought you are all engineers, or at least somewhat cinversant with technology!
There are companies selling 3G/4G pico-cells for aircraft use in flight -- just because it is not done here in the US does not mean it is not done elsewhere -- some rely on K-Band links that are also used for In-Flight-Entertainment systems (video, internet -- passenger data only -- non-certified for flight data, others rely on terestrial networks
Still today flight operators insist to switch off the mobile phones while in flight, on the contrary it needs to provide the connectivity while being in flight, there are very nice filtered are available for filter the mobile phone traffic signals from control circuits.
At least in the US, the flight operator (airline) has no choice. This is a policy set jointly by the FCC and the FAA, It has been that way since BEFORE cellular technology was in place, but then applied mostly to other radio equipment in termas of not being allowed to be on anytime during flight. It has NOTHING to do with technology limits, just erring in favor of in-flight safety, Just because you can think of a way to do it, it would have to be exhaustively tested to be allowed! As a frequent flyer (and an engineer with extensive RF system expeerience), I fully support the current policy (even more so considering the banality of the vast majority of cell phone conversations today; think about trying to sleep on a trans-Pacific flight while the person sitting next to you is nattering away).
From safety and criticality point of view you are absolutely right, I also agree that safety in flights should be the first concern, but at the same time it questions that if other mean of communication was available in Malaysian 777 then they might have been able to communicate with world. On ground these communication networks are co-existing with other critical services, even in smart vehicles they are working with cell phones, again you are right as on the conditions today but testing of co-existence needs to be get started, I think still it will be a very late start.
A single Iridium phone onboard could've provided information on what was happening, provided that its owner was conscious and able to press a few buttons. There is always a satellite within range, even over the remotest parts of the Indian Ocean.
Iridium has pretty good penetration in the BizJet market -- but it never took off in Air Transport, due to the lack of Safety Services by the network -- (Priority, Precidence and Preemption ) (To guarantee a distress call gets netowrk access)
Max, do you think it is a good idea for every plane, all the ones sitting on the ground or in hangars, to keep transmitting their GPS coordinates?
Pilots have the ability to turn the transponder off because they don't want it on (and might be required to turn it off) between the time they land the plane, and hours later when another crew takes the plane wheels-up on a different flight.
About losing a 777 airliner ... to paraphrase Douglas Adams: The ocean is big. Really big. You won't believe how vastly, mindboggingly big it is. It just looks small when it is on your CNN screen.
Most of the planes put in service after 9-11 have a few more systems that provide more data at a higher data-rate -- this system was put in service in the early 1990's and if I could remind everyone in that era GSM with 9600 baud data was the norm for cellular even - a big issue is that airlines around the world are strapped by high fuel costs, and unless the system that provides tracking can also be leveraged to reduce this expense in daily operation, there is no ROI to allow for upgrades.
If it's a piece of electronics FR-4 used for avionics is required to be self-extinguishing after removal of power -- Flamability is a test all items used on an aircraft must pass -- with the one exception being the fuel - even the lubricants / hydraulics are special for this reason -- even had a charred board where the leads were not trimmed properly find it's way back to me in the lab once for root-cause analysis -- the pilot pulling the breaker stopped the smoke and once they landed they knew right away which unit it was from the residue on the cracks in the cover. If the unit is in the cockpit the proceedure is to don a smoke-hood and oxygen and get the power off and get on the ground -- had this happen to an engineer friend who became a test-pilot for a manufacturer.
I know from a friend that sometimes pilots communicate with HAM radio frequencies. Just to kill the time, just for pure fun. It happens -for example- when they flies to Africa. Over long stretches there is no other communication than Satcom or RF radio, that's it. So for the Malaysian 777 you can think of the same scenario: Only Satcom and a beacon frequency, detected and responded by radar. The latter has been switched off.... Scary.... !!
Until fairly recently, HF radio was the norm for all trans-oceanic flights. They had (non-Ham) frequencies which they used to stay in contact with the civilized world when out of VHF contact with ground stations.
Then satellites came into the picture and those HF comms are not used so much anymore. I might be mistaken but I think it is mainly since the 90s that this has happened.
The planes still have HF radios in them, and yes, some pilots who are also licensed ham radio operators, use them to pass the time.
I hear a lot of Air Force jets on HF radio, when approaching the east coast USA.
I think I have the answer. Each plane could have a bouyant transponder that pulses laser light and wireless signal both carrying stream of important data. A laser on the satellite would be useful, too, for communications better image capture, and, it only needs to pulse when commanded or on low dutycylce to save energy.
The bouy would detach and tether with a detachable tether. A good BAttery would would permit a long period of laser pulsing and RF transmission plus solar PV could be added to keep it alive for a long time. This is easy to design and more that one at low cost could be atttached to outside of the plane with tamper alarm. In fact many of the them could be attached to the plane with 3M or Berquist adhesive very qucikly and firmly and the laser would be visible for rmany miles. Something like this could work. Lost s data can be put on to a laser light beam!
I think I should put this on Indiegogo right now. Fedback please.
Problem is the reliability of a beacon is < 100K hrs the reliability of the pilot / co-pilot is > 1 million hours statistically -- you would be putting several circuit boards that over time can flex, delaminate, or otherwise fail -- and sometimes there is smoke when these fail -- boards are better than a bunch of wires, but they still will fail in the aircraft environment of pressure, temperature and vibration
I don't see how this is a problem. he's not suggesting that you replace the pilot with electronics, but rather just have a non-accessible becon in case of hijaking. Makes sense to me. Maintenance on the electronics could be done just like all the rest of the parts of the plane and be expected to have the same life of service.