Comment by aerospace83
7 months ago
> That said Boeing could take a page out of the Garmin GI275
This is not "reasoning from first principles". In fact, I don't think there is any reasoning in the comment.
There is an implication that an obvious solution exists, and then a brief description of said solution.
I am all for speculation and reasoning outside of one's domain, but not low quality commentary like "ugh can't you just do what garmin did".
This is not a throwaway, I'm a lurker, but was compelled to comment. IMHO HN is not the place for "throwaway" ad hominems.
First I am a pilot. Not commercial or jet rated but I like to think I have a tiny bit more insight than average.
The point of what GI275 does is as a backup instrument you are much more likely to need it when the electrical system fails or is turned off due to fire. Yet if it just remains on until shutdown pilots would frequently forget to turn it off on the ground, resulting in its battery being worn out. Because it is considered critical it delays its own shutdown. Long enough for you to notice in flight but not so long it wears out the battery (which might result in only a few minutes of power in a real emergency).
My entire point was that engine restarts take some time. If both engines eat a blade or catch fire you are screwed anyway so whether or not the fuel cutoff switch does anything at 1500ft is irrelevant. But that is so rare I don't think we have any events on record. So it might be worth inserting a delay - enough to account for standard climb rates to achieve enough altitude to make restart likely or at least possible. The delay would only be for the second engine shutdown and only for time T after going into air mode. And if the system gets it wrong, thinking the other engine is shutdown when it is not pulling the fire handle would override any delay - and pulling the fire handle is part of any engine failure or departed aircraft procedure I know of. In other words you wouldn't even need to change the QRH or emergency checklists in most cases.
I noted that engineering for aviation is complex and everything has failure modes to consider. Privately I went through several iterations of this idea and discarded them for problems with failure modes and complexity. What I proposed is boiled down to the minimal thing that would have saved this flight.
The other thing I'll say is there is a reason the computer will auto-extend some flaps/slats at slow speed even if you put the handle to zero. And there's a reason auto-throttle provides protection. And with the exception of the 737 the computer auto-starts the APU on dual engine failure. And any attempt to deploy thrust reversers in the air is ignored. And stick pushers exist for good reason.
We put in all kinds of measures to override human decisions to prevent mistakes and errors.
> This is not "reasoning from first principles".
It literally is. Accidental/malicious activation can be catastrophic, therefore it must be guarded against. First principles.
The shutoff timer screen given as an example is a valid way of accomplishing it. Not directly applicable to aircraft, but that's not the point.
> "ugh can't you just do what garmin did"
That's your dishonest interpretation of a post that offers reasonable, relevant suggestions. Don't tell me I need to start quoting that post to prove so. It's right there.