← Back to context

Comment by cosmicgadget

3 days ago

I think engine fires are still more common than suicidal pilots and inadvertant fuel shutoff activations.

8 comments

cosmicgadget

Reply
bombcar  3 days ago

The idea would be something that is ONLY operational after V₁ and until some safe height.

Or maybe a design that prevents both switches being off (flip flop?) for X minutes after wheel weight is removed?

Again, it’s probably pointless but it’s an interesting thought exercise.

Suicidal pilots are apparently more common than we’d want.

  • stephen_g  3 days ago

    It’s a pointless exercise though - if one of the pilots wants to crash the plane, there’s almost nothing that can possibly be done. Only if someone can physically restrain them and remove them from the controls.

    There’s always going to be many ways they could crash the plane, such a feature wouldn’t help. The pilots are the only people you can’t avoid fully trusting on the plane.

    • toast0  2 days ago

      It's only pointless if we assume crashing was the intended result of the pilot. If the switches failed, or the pilot activated the switches by mistake, it's worth considering options for handling the inputs.

      There's a balance of accidents to be found, I think. There are likely cases where fuel does need to be cut off to both engines, and preventing that would lead to accidents that might have been recoverable. This case shows that cutting off fuel to both engines during takeoff is likely unrecoverable. There have been cases where fuel is cutoff to the wrong engine, leading to accidents. Status quo might be the right answer, too.

    • winter_blue  2 days ago

      So basically we need software that can 100% autonomously fly a plane. Software that is extremely reliable and trustworthy, basically. Software with multiple fallback options. Multiple AI agents verifying every action this software takes. Plus, ground-based teams monitoring the agents and the autonomous flight software.

      1 reply →

  • dxdm  2 days ago

    > Again, it’s probably pointless but it’s an interesting thought exercise.

    Coming up with ad-hoc solutions is easy, especially the less you know about a complex system and its constraints. I'd say it's not an interesting exercise unless you consider why a solution might not exist already, and what its trade-offs and failure modes are. Otherwise, all you're doing is throwing pudding against a wall, which can of course be fun.

    • bombcar  2 days ago

      That’s the whole fun part - come up with an “obvious” solution and the try to figure out the problems or risks it would cause.

      For example, an obvious solution is that the switch can't be changed from "RUN" to "CUTOFF" when the throttle isn't at idle - this could be done with a mechanical detent because they're right next to each other. Simple!

      But now you've introduced additional failure modes - throttle sticks wide open and the engine is vibrating and needs to be shut down - so maybe you make it that the shutdown switch can work for ONE engine at any throttle position, but if TWO get turned off, both throttles have to be off, but that introduces ...

  • cosmicgadget  3 days ago

    The flip flop thing is a neat idea since a single engine can typically maintain level flight and two burning engines is rare.