Comment by alephnerd

The timing is really curious.

08:08:35 Vr

08:08:39 Liftoff

08:08:42 Engine 1 cut-off

08:08:42 Engine 2 cut-off

08:08:47 minimum idel speed reached

?? One pilot to other: why cut-off. Other: Did not do it

08:08:52 Engine 1 run

08:08:52 Engine 2 run

1 second to switch them both off and then 4 seconds to switch them both on. No one admitted to switch them off. They are probably going with fine comb over the audio and also the remains of the chared switches.

Looks like the engines react very quickly to cut-off so it is not clear whether the question about the cut-off is prompted by a glance to the switches or the feel of the airplane.

The big question is whether the switches were moved or something made it seem as if the switches were moved.

There's a good photo of them here; https://theaircurrent.com/aviation-safety/ai171-investigatio...

You can do them both with one hand.

If its both engines you're fucked anyway if its shortly after takeoff.

But I'm an advocate of KISS. At a certain point you have to trust the pilot is not going to something extremely stupid/suicidal. Making overly complex systems to try to protect pilots from themselves leads to even worse issues, such as the faulty software in the Boeing 737-MAX.

Was thinking this same thing. A minute feels like a long time to us (using a Garmin as the example said) but a decent number of airplane accidents only take a couple minutes end to end between everything being fine and the crash. Building an insulation layer between the machine and the experts who are supposed to be flying it only makes it less safe by reducing control.

Proposed algorithm: If the flight computer thinks the engine looks "normal", then blare an alarm for x seconds before cutting the fuel.

I wonder if there have been cases where a pilot had to cut fuel before the computer could detect anything abnormal? I do realize that defining "abnormal" is the hardest part of this algorithm.

First, the fire handles would override any delay and cut fuel (and other things) immediately.

Second: the window of time where you don't have enough altitude (aka time) to restart is relatively small. So this could easily be a temporary protection.

It is difficult to find exact data on this but restart to significant thrust seems to be in the 30-60s range. If you run the numbers on climb rate and glide time the possible danger zone is relatively small, a few minutes after takeoff at most.

Is this an extremely rare event? Yes. But most other accident causes are also rare, regardless of whether they are pilot error or mechanical.

For example: you might think no pilot would deploy the thrust reversers in flight but system protection errors and/or mechanical failures have conspired to allow it and a bunch of people paid in blood to learn that reverser deployment in flight at altitude was actually unrecoverable - contrary to conventional wisdom at the time. It turned out everyone was flying around with a "kill everyone now" mechanism. In some cases with a much lower margin of safety than previously believed due to the aforementioned "conventional wisdom" that if it happened it wouldn't be a big deal.

Know what else isn't normally a big deal (relatively speaking)? Accidental shutdown of both engines. Because a single engine shutdown is easily recovered and the aircraft can fly on one engine. And dual engine shutdown is easily recovered with a restart if you have enough altitude. But it turns out there's a small window after takeoff where it is fatal.

Somewhat relatedly shutting down the wrong engine in an engine failure scenario is so common they explicitly train crews to slow down and not immediately shut down an engine after failure because rushing just leads to dual engine loss.

There is a relatively short window where dual engine shutdown is unrecoverable. Once you have a bit of altitude (and these jets climb at 2000-3000fpm) you have time for a restart and as thrust comes back sink rate will decrease even on one engine.

My proposal is during this window if dual engine shutdown is commanded don't do it. Treat it like it is happening - show the EICAS message, give the alert, but don't actually do the shutdown until the window has passed. This gives the pilots 10 seconds of startle factor then a bit of time to flip the switch back on.

Single engine shutdown would still behave as today so sure if one engine eats a fan blade shut it down. Not that it matters, the engine computer is going to cut fuel in that case anyway.

Insert a delay only for shutting down the remaining engine and only for X seconds after transition to air mode. A delay that the fire handle overrides.

Just a tiny bit of insurance. There aren't any emergency scenarios at low altitude where engine shutdown works but pulling the fire handle does not. You are coming right back to land at the airport no matter what.

This makes me wonder. Is there no audible alarm when the fuel is set to cutoff?

Please don't sneer, including at the rest of the community.

https://news.ycombinator.com/newsguidelines.html

This is a place that puts "Hacker" in the name despite the stigma in the mainstream. Given the intended meaning of the term, I would naturally expect this to be a place where people can speculate and reason from first principles, on the information available to them, in search of some kind of insight, without being shamed for it.

You don't have to like that culture and you also don't have to participate in it. Making a throwaway account to complain about it is not eusocial behaviour, however. If you know something to be wrong with someone else's reasoning, the expected response is to highlight the flaw.

Yeah, people shouldn't bat ideas around and read replies from other people about why those ideas wouldn't work. Somebody might learn something, and that would be bad.