[HN Gopher] Alaska 737 cockpit voice recorder data erasure renew...
___________________________________________________________________
Alaska 737 cockpit voice recorder data erasure renews safety debate
Author : 8organicbits
Score : 186 points
Date : 2024-01-08 15:22 UTC (7 hours ago)
(HTM) web link (www.reuters.com)
(TXT) w3m dump (www.reuters.com)
| 8organicbits wrote:
| https://archive.is/C66NT
| belltaco wrote:
| Maybe they can use a service like Starlink to stream voice,
| location and blackbox data to a secure location on land, that way
| even if the flight is lost or destroyed we would know what
| happened, or even where the heck it is(looking at you MH370).
| throwaway5959 wrote:
| Why not just record more than 2 hours? Maybe two days worth of
| audio instead?
| cptcobalt wrote:
| Indeed, the proposal is for 25 hours, and its not like
| recording 25 hours of audio is fundamentally more complex
| than 2 hours these days.
| belltaco wrote:
| Because onboard recordings are prone to loss or destruction,
| intentional or otherwise.
| __m wrote:
| The captain would likely also have disabled starlink and pulled
| the circuit breaker in the case of MH370, I wouldn't be
| surprised if the VCR and FDR reveal nothing once we find them.
| belltaco wrote:
| Maybe, but the recordings until that point would still be
| available, so we would atleast hear what happened to the
| copilot and what did they say etc.
|
| How is that worse compared to now where we don't even know
| where the plane is? Just the underwater search cost $200M,
| with no results. Would've costed more if they didn't give up
| so easily.
| cm2187 wrote:
| MH370 is maybe not a good example, but AF447 is a good one.
| BobaFloutist wrote:
| Yeah, they can use Starlink to stream it across X, then store
| it (distributed, hashed, salted, and encrypted) in Tesla on-
| board storage. Only gold verified X users would get to access
| it without FAA permission.
| panick21_ wrote:
| I'm serious when Musk is in play people actually throw out
| their brains just get some virtual upvotes. Or just make
| incredibly stupid jokes.
|
| SpaceX is US military contractor with very high security
| clearance. Starlink is literally used in war against nation
| state attackers.
| TMWNN wrote:
| It's not Musk, per se; it's that Musk is conflicting with
| The Narrative(TM), thus is a target. At least HN is better
| than Reddit, which is jam-packed with human NPCs, who react
| in similarly predictable ways without intelligence.
|
| A recent Reddit post discussed something positive about
| Texas. The replies? Hundreds, maybe thousands, of comments
| by Redditors, _all_ with no more content than some sneering
| variant of "Fix your electrical grid first", referring to
| the harsh winter storm of 2021 that knocked out power to
| much of the state. It was something to see.
|
| If we can dismiss GPT as "just autocomplete", I can dismiss
| all those Redditors in the same way; as NPCs. At least GPT
| AI can produce useful and interesting output.
| BobaFloutist wrote:
| I actually think Starlink is a super cool project, even if
| I wish someone else was in charge of it. I'm grateful that
| Musk managed to make electric cars "cool", and that his
| personality will make them more acceptable to conservatives
| that might otherwise have a knee-jerk resistance, and I
| think that Tesla actually did a lot to push the technology
| and the economy of electric cars. I think it's wonderful
| that we're investing more into space, even if, again, I
| would prefer someone else to be in the drivers' seat.
|
| I absolutely recognize Musk's contribution to things that I
| value and respect.
|
| I also think it's a little absurd how often he's brought up
| in completely unrelated discussions. It's a little like how
| whenever someone mentions that at-home electricity storage
| is a bit of an open question, people bring up flywheels,
| even though Powerwalls are a much more reasonable approach,
| just because they think flywheels are rad. The amount of
| times people try to shoehorn a Musk-related technology, (or
| even say "Hey let's get Elon on this, I bet his infinite
| money and brains could solve e.g. food distribution with um
| drones and Starlink and Boring Company I don't know he'll
| figure it out) makes it a little hard to take his biggest
| proponents seriously.
| dgrin91 wrote:
| (1) Starlink for airplanes is very expensive. Multiply that by
| many many thousands of planes and its $$$$$$$$.
|
| (2) With that many planes you start to get into Starlink
| bandwidth issues. Cant it support that many? I honestly don't
| know
|
| (3) Its a new complicated piece of equipment that may fail.
| What if the transmitter is broken? Blackbox systems are much
| simpler
|
| (4) A lot of this data is already transmitted (speed, altitude,
| position, etc, just not voice), so no need to build a system
| for it.
| panick21_ wrote:
| There are many other system other then Starlink you could
| also use. And most airlines already have these installed
| anyway. And if a new plane costs minimum 25 million $, and
| most cost 50 million $ or more, a few 1000s to safely record
| data seems reasonable.
|
| Bandwidth issue for a bunch of audio files? I think we can
| figure that out.
|
| > (3)
|
| I don't think a single person would suggest we replace the
| Blackbox. This would be in addition, not instead.
|
| > (4)
|
| I'm sue the plane produces lots of data that isn't
| transmitted. It would generally be smart to transmit far more
| data then we currently do and I'm not sure those methods are
| up to large increases.
|
| But if they are, then yes that would be good.
| dgrin91 wrote:
| For the cost - you are talking about the capex. Starlink
| would go under opex, and thats where the margins lie. You
| can probably make the numbers work, but no one wants to
| touch this.
|
| For bandwidth - there are typically around 10k planes in
| the sky at any time, and that number typically grows. Thats
| 10k audio files streaming at a time, all day, every day.
| Add to that the nominal Starlink traffic that already
| causes bandwidth issues and you end up with probably non-
| trivial bandwidth issues until there is larger scaleup
| axus wrote:
| Passengers can get a decent network connection on planes
| these days, no need to make a totally new system. But it's
| best effort; I'd still want a local copy that's a separate
| system from the uploaded audio.
| gumby wrote:
| Why starlink? Planes typically use Inmarsat which provides
| better coverage.
|
| Various aircraft data are already uploaded in flight ("stream"
| would be an exaggeration though) as you can see from the MH370
| example you cited. The data uploaded are increasing as
| companies like Rolls-Royce become more of a data company.
|
| The black boxes are pretty robust (assuming you can find them!)
| and uploading the voice data is probably not worth the cost.
| dylan604 wrote:
| > Planes typically use Inmarsat which provides better
| coverage.
|
| Ask the families of MH370 how well Inmarsat works.
| hef19898 wrote:
| If the pilot can disconnect Inmarsat, he can disconnect
| Starlink. He might even be able to disconnect Twitter and
| in-flight entertainment.
| belltaco wrote:
| But we would have the communications and real time
| location till the disconnect happened. In case of MH370
| and Alaska 737 those are lost. That would give us clues
| as to what happened.
| cccbbbaaa wrote:
| We know where MH370 disappeared thanks to ADS-B, and
| after it was disconnected, it was still seen by primary
| radars.
| meindnoch wrote:
| Only if it's on a blockchain. _*checks calendar_ * oh sorry,
| it's not 2021.
| benhurmarcel wrote:
| Currently it's fairly common that a lot of flight data is
| logged during the flight, and transmitted to a server via 4G
| when on ground.
|
| It doesn't help when the aircraft gets destroyed, but it does
| create fairly big databases for analysis and preventive
| maintenance.
| cptcobalt wrote:
| This is a proposal from the NTSB to the FAA to raise the CVR
| recording time from 2 hours to 25 hours, in line with ICAO. This
| is very likable scenario for everyone except pilots unions.
|
| > The NTSB has conducted 10 investigations since 2018 where the
| CVR was overwritten, including four runway incursions, Homendy
| said.
|
| I tuned into the NTSB press brief last night, and they emphasized
| understanding communication is important for the best accident
| analysis. Homendy stated that they now do not have any record of
| communication between the flight deck and cabin.
| wolverine876 wrote:
| Why stop at 25? Record all of every flight and archive it.
|
| Develop a standardized structure to make it searchable by
| different factors or combinations of factors (e.g., 777 model
| later than Z & decending & outside temp < X & throttle is > Y &
| etc.) When there's an accident, you could review similar
| circumstances.
|
| From my ignorant perspective on air safety, it would seem to be
| a gold mine.
| H8crilA wrote:
| This industry is ridiculously slow compared to IT. Air
| traffic comms (both voice AM and text ACARS/VDL) are not only
| not encrypted, but also crucially not even authenticated. So
| you can send text messages and speak to any aircraft at any
| privilege level (just say you're ATC) with a simple SDR. Or
| you can spoof a faulty engine message on the downlink
| channel.
| teovall wrote:
| The antiquated AM mode and the lack of encryption or even
| digital encoding is a safety feature for air traffic voice
| communications. Very weak signals still have a chance of
| being intelligible and if two signals are transmitted at
| once on the same frequency, both can still be heard.
| H8crilA wrote:
| Yeah but it's terrible for security. Also digital modes
| work just fine at the same range - I have no problem
| hearing ADS-B messages from up to 200mi away from my
| ground level antenna, where the max range is only limited
| by the curvature of the planet.
|
| And note that the real problem is with authentication
| (MACs, or digital signatures), not encryption. Public
| availability of those records is actually probably
| beneficial. It's a common misconception to think that you
| need to encrypt while in reality you perhaps need to
| encrypt, but first you absolutely must authenticate.
| ryandrake wrote:
| Is this an actual problem that is happening in practice,
| though? How many instances of "unauthenticated" airband
| communication have caused an accident? I don't know. Even
| if the answer is nonzero, I'd be willing to bet it's less
| than ten in decades.
| H8crilA wrote:
| There was a guy in Berlin who was issuing fake landing
| clearances recently: https://aviation.direct/en/berlin-
| falscher-fluglotse-narrte-...
|
| It took 6 months to find him, and mind you that that guy
| was the opposite of clever (he was talking from his
| bathtub, from what I remember, and he started out not
| even knowing the ATC language).
|
| Also, it really makes sense to think ahead just a bit,
| you know. Not everything has to be triggered with an
| accident, and in this case we're likely talking about
| terrorism, since no one would do this without realising
| just how bad the legal consequences are.
| tjohns wrote:
| You don't really need more security, because if a pilot
| gets an ATC instruction that doesn't make sense, they're
| going to question it. Pilots aren't following
| instructions blindly, everything is mentally cross-
| checked against what we expect should be happening for
| situational awareness. (And ATC would also hear the
| interloper and immediately speak up.)
|
| On top of that, almost everyone in the US also has some
| form of collision avoidance technology now, as well
| (either TCAS or ADS-B).
|
| And there's plenty of times where the only time I could
| hear ATC was with the squelch full open, trying to pick a
| faint signal out through the static. Digital modes are
| terrible for this.
| H8crilA wrote:
| Eh, I get a lot of pushback in this thread. But I'll
| reply.
|
| We're talking about something like a landing clearance.
| It doesn't have to be completely off the chart. And yes
| you can inject a message like that successfully, without
| the ATC ever knowing.
|
| TCAS is equally broken - doesn't have authentication
| codes / signatures. It's actually more vulnerable since
| it has higher priority than ATC.
|
| Digital modes can encode speech more efficiently than
| analog modes, thus reaching further on the same link
| budget. For example ADS-B is "audible" as far as the
| curvature of the planet allows - my own antenna can hear
| messages from up to 200mi away.
|
| It really is a serious problem.
| tjohns wrote:
| At least in the ham radio community, experience is that
| digital radio sounds better further, but at the extreme
| ends of signal reception the digital signal becomes
| completely unusable before an analog signal becomes
| unintelligible.
|
| See: https://en.m.wikipedia.org/wiki/Cliff_effect
|
| https://www.selby.com.au/blog/what-is-the-digital-cliff-2
|
| Up in the air, I can also hear AM analog voice
| transmissions from 200 miles away, so that's not really a
| good measure of performance. Both modes already do that.
| Benefit of having an unobstructed line of sight from
| several miles of altitude. :)
| H8crilA wrote:
| I mean, to put it simply it would just work with a
| digital mode. But that's not the point, the main point is
| that there is no authentication mechanism. Such systems
| are indeed being abused, for example trains were recently
| halted in Poland. This happened because they have an un-
| authenticated channel of communication that allows anyone
| to do that:
|
| https://cybernews.com/news/century-old-technology-hack-
| broug...
|
| It's only a matter of time before this happens in
| aviation, but unlike in the trains case it doesn't have
| to be just an availability problem (all trains stopped
| safely), it can be a "remote code execution" problem.
| psunavy03 wrote:
| This is an annoyance, not a safety issue. No aircrew is
| just going to blindly follow instructions routing them off
| to east Jesus after they already understand where they're
| going and how they're cleared to get there. What's more, on
| any given freq, you're talking to one controller.
|
| And if another voice comes over the freq giving you
| instructions that don't make sense, the response is going
| to be a polite version of "WTF?"
| H8crilA wrote:
| Why do you think the ATC will hear it? You can use a high
| gain antenna. Also, you can play some really nasty tricks
| with things that override the ATC, such as TCAS. Or
| things that are independent of the ATC, like that faulty
| engine readings sent over ACARS that I mentioned earlier.
|
| There really is no way to do it safe without
| authentication codes or digital signatures.
|
| PS. And the readback can be just jammed.
| seabass-labrax wrote:
| You're absouletly right. Here's a pretty good article
| covering some of the attacks that could be done against
| radio navigation systems:
|
| https://arstechnica.com/information-
| technology/2019/05/the-r...
|
| On a foggy day when the visibility is right at minimums,
| I can imagine a huge risk of aircraft being sent off-
| course right before landing. Hopefully the pilots would
| still be able to recover the situation - the TOGA button
| is right there on the thrust levers on most aircraft -
| but nobody is infallible.
|
| I would imagine that some military transport aircraft
| have backup, INS-based navigation systems that create a
| synthetic glidepath without external radio signals.
| Airbus have been trying to introduce such systems on
| commercial airliners for quite a while, although that is
| intended to allow landing on more remote runways rather
| than specifically to improve security against malicious
| interference.
|
| All that is to say that the lack of fatal aviation
| accidents that we know were caused by malicious radio
| interference doesn't in any way make the attack less
| feasible.
|
| Digital signatures, even with conventional X509
| certificates straight out of the OpenSSL library, would
| go a long way to mitigate this risk. What about the risk
| of the signatures failing? The worst-case scenario is
| that the pilots get a warning on their ECAM display:
| "Comms not secure". That should at least alert them to
| the possibility of false readings even if it can't
| correct them.
| psunavy03 wrote:
| I don't think you have a very good grasp of how aircraft
| operate under instrument flight rules. Lots of what
| you're describing is along the same lines as saying "if
| whole bunches of people decided to start crashing into
| things or firing sniper rifles from overpasses, it'd
| create major havoc on the roads, and therefore our roads
| are insecure." Well, duh. But until there's a credible
| threat of that occurring, it's not worth worrying about.
| H8crilA wrote:
| It takes just 1 person who knows a bit about radio and
| aviation and maybe $1000-$2000 worth of hardware to pull
| off such an attack. And we know that terror organisations
| go to much further lengths to make it to the press
| headlines.
| psunavy03 wrote:
| If a terror organization wanted to do that, they'd
| probably end up using rifles or missiles.
|
| https://xkcd.com/538/
| H8crilA wrote:
| Rifles do not reach airplanes, and SAM systems are quite
| tightly controlled. For example Hamas is unable to take
| out even any of the slow piston engine Israeli
| surveillance drones. They have a name for them in Arabic,
| you can hear the sound of the drone in almost any footage
| from Gaza.
| burnerthrow008 wrote:
| Exactly!
|
| And while we're at it, why stop with CVRs? Software is a key
| component of all engineering domains today, and thus a
| critical safety factor.
|
| All MacBooks (the most popular developer machine today) have
| built-in microphones. We should using them to record all dev
| conversations (after all, there's zero incremental hardware
| cost to doing so), as well as all keystrokes of anyone who
| writes software, 24/7, so that we can retrospectively analyze
| why they failed to avoid writing buggy code and the decisions
| that led to it.
|
| Everyone who has had their PII leaked will rejoice, knowing
| that we can finally "get" those nasty open- and closed-source
| developers who created CVEs.
|
| "B-b-but, that's different!"
| cheschire wrote:
| But it _is_ different. Your message could 've had an
| entirely different tone that would have provided a
| thoughtful yet tangential analogy. Instead you've chosen a
| specious strawman approach for some reason.
|
| There's a clear and obvious difference between a self-
| important person who writes software and a person who
| pilots hundreds of folks over top of thousands of other
| folks in a slow and only mildly explosive missile.
| abadpoli wrote:
| That mildly-explosive missile has software running on it
| too. So do a lot of actual missiles, for that matter.
|
| If we record every action of the pilot of a plane, why
| wouldn't we also record every action of the developers
| who wrote the autopilot software, or the fly-by-wire
| software?
| mvdtnz wrote:
| Because the developers don't need to make snap decisions
| under stressful conditions with lives at stake. If you
| can't see the difference, sorry, that's on you.
| abadpoli wrote:
| Making snap decisions under stressful conditions has
| nothing to do with recording actions for later root cause
| analysis. If you can't see the difference, sorry, that's
| on you.
| cheschire wrote:
| Recording every action of a pilot in the performance of
| their job, vice recording every action of a pilot in
| their daily goings on. These are two different things.
|
| As a developer, every final action is also recorded in
| the performance of their job. That's what Git is for, and
| that history lasts for quite a lot longer than 2 hours.
| abadpoli wrote:
| You're not seeing the parallels.
|
| The original comment suggested recording every action
| from the cockpit and using it for analytical data. The
| final action isn't the goal. The steps and discussion
| that got them to the final action is. Hence recording
| every step the pilot takes, and the equivalent would be
| also recording every discussion that the software
| developer made that influenced them to write the code the
| way they did.
|
| Saying "the git commit is there, that should be good
| enough to know the result" is like saying "the pilot
| landed the plane, that should be good enough to know the
| result". Why do we even need CVRs at all? The final
| action is right there, right?
|
| So again, why record everything the pilot says but not
| everything the developer that wrote the autopilot says?
| oarsinsync wrote:
| I think we already record the git-equivalent of pilot
| data: telemetry from the plane (the inputs, the actions)
| are already logged.
|
| If 'directly responsible for lives' is the rationale for
| voice recording pilots in the course of their jobs, and
| not developers, since developers are not directly
| responsible, but indirectly responsible, can we also
| expand the list of professions to include _always_
| recording police, firemen, and all medical professionals
| all the time.
|
| I suspect making sure that surgeons know that anything
| they say during the course of their job, can and will be
| held against them in a court of law, will not serve to
| improve the quality of the work they do.
| deelowe wrote:
| It is. 100s of people don't fall from the sky if your
| laptop experiences a critical error.
| abadpoli wrote:
| Sure they do:
| https://en.wikipedia.org/wiki/List_of_software_bugs
| green-eclipse wrote:
| This is a wildly unserious argument.
| robertoandred wrote:
| As if all email/Slack convos aren't already saved and
| archived...
| purpleblue wrote:
| Have multiple cameras on every airplane and record absolutely
| everything so that pilots and passengers both have skin in
| the game. We are relying on individual phone cams to record
| events which is stupid. We are in an age where this kind of
| information is already pushed on police officers and the
| public in general. The amount of safety information we can
| get will be extremely invaluable, especially with something
| like a catastrophic failure like this 737 MAX failure.
| t0mas88 wrote:
| Voice recording is a big privacy concern for the crew. This
| is our workplace, so you would be recording every
| conversation, also any idle chat of which there is quite a
| lot in cruise flight. The current voice recording is only
| accepted by the crew with the agreement that it is not
| stored, and can only be pulled after a serious incident in
| which case there will be a no-blame investigation.
|
| But what you're trying to solve, already exists without the
| voice recording part. It's called FOQA or Flight Operations
| Quality Assurance. Mandatory for airlines in Europe, not yet
| mandatory in the US but may be in the future.
|
| It records hundreds of parameters from engine indications to
| touchdown speed, G-loading, control inputs etc. Automatically
| uploaded to the operator and tracked for the whole fleet.
| That data is de-identified and used for safety analysis and
| improvement.
| mvdtnz wrote:
| Respectfully, it is your workplace in which you're
| responsible for the lives of thousands of people each week.
| I don't think it's unreasonable to keep proper tabs.
| eitland wrote:
| Respectfully: the pilots have been doing an absolutely
| excellent job with it for decades without us having to
| destroy their privacy.
|
| An argument can easily be made that this extra stress
| will make flying less safe.
|
| Edit: my next car will probably have mandatory spyware
| and unlike pilots there won't be a guaranteed no blame
| process if something happens. It is pretty easy to see
| how this will be abused by insurance companies and data
| harvesters.
|
| I think I kind of understand the processes that lead to
| this. But I seriously wish tech people wouldn't be
| accepting it and even argue for it.
| lotsofpulp wrote:
| > Edit: my next car will probably have mandatory spyware
| and unlike pilots there won't be a guaranteed no blame
| process if something happens. It is pretty easy to see
| how this will be abused by insurance companies and data
| harvesters.
|
| If anything, the proliferation of dash cams will (and
| have) lead to bad drivers being appropriately charged
| more for insurance than good drivers. Previously, if you
| were cut off and collided with someone, you were always
| assumed to be at fault if you were behind the other
| driver.
| zarzavat wrote:
| People have a reasonable expectation of privacy in their
| workplace. But expecting safety measures that could
| potentially prevent hundreds of deaths to be limited to
| preserve employee privacy is not reasonable.
| KolmogorovComp wrote:
| Couldn't you say about population mass surveillance too?
| eitland wrote:
| As I argue above pilots already have an excellent safety
| record.
|
| Have you considered what the extra stress of considering
| ones every word during a long and stressful day can do to
| someones concentration?
|
| I mean many, the thoughts about what they said earlier
| this morning is bad enough even if it wasn't recorded.
|
| We already record a couple of hours or so. If you want to
| record more, it is up to you to come up with data for how
| many more air traffic accidents we can solve and also to
| explain how we can know that it won't make air traffic
| more dangerous.
| mcculley wrote:
| It is reasonable that passengers know that the desires
| for the crew to have "idle chat" are less important than
| safety. But t0mas88 made clear that what is reasonable is
| less important than what is "accepted by the crew". The
| crew apparently makes the decisions on safety matters.
| t0mas88 wrote:
| The crew makes a lot of decisions on safety matters,
| that's basically the most important part of the job :-)
|
| But joking aside, in most places there are checks and
| balances between privacy impact and benefit. We all
| accept that some government agencies know some of our
| data, because the net benefit to society is bigger than
| the loss of privacy. And you would normally try to do
| such things in the least invasive way possible while
| achieving the benefit.
|
| Where you go wrong in your passenger rant, is in assuming
| there is a big safety benefit in more recording of
| pilots. There were a total of 2 fatalities on US airlines
| in the last 10 years [1], while billions of passengers
| were transported. The safety record of airline transport
| is stellar, without more recording. So yes, I believe it
| is very reasonable to consider what is and isn't
| acceptable to the crew being recorded.
|
| [1] https://www.airlines.org/dataset/safety-record-of-u-
| s-air-ca...
| mcculley wrote:
| Passenger rant?
|
| If ICAO can require keeping 25 hours why should a crew
| get to choose 2?
| CaptainZapp wrote:
| I mostly agree with your take. Alas, I think it's
| ridiculous to fight a 25 hour recording requirement with
| the privacy argument.
|
| The recording should anyway only be retrieved under
| specific conditions and in a controlled environment.
|
| In this specific case the longer recording duration may
| have actually aided the investigation and thus further
| improve airline safety.
| t0mas88 wrote:
| Agree. My comment was responding to someone saying "Why
| stop at 25? Record all of every flight and archive it."
|
| There is also more nuance to the debate around the 25
| hours change. Like you say it should only be used under
| specific conditions and in a controlled environment, but
| in the US unfortunately recordings have been leaked and
| have been used for disciplinary purposes instead of a
| blame-less investigation for safety.
|
| Europe has had rules for 25 hour recording since 2021, as
| far as I know without any opposition. But European
| recordings have also not been misused before.
| volkl48 wrote:
| "Idle chat" is important for safety.
|
| - They need to work well together, and the better rapport
| they have with each other the better they're likely to
| perform in an actual incident. Regular interaction on the
| job is a part of that.
|
| - They work a job that is often remarkably boring for
| much of the time. Drowsiness setting in is a real concern
| - a degree of social interaction is good at both keeping
| people engaged, and at helping them gauge how alert the
| other crew members are.
| mcculley wrote:
| I operate tug boats. It is also remarkably boring for
| much of the time. The crew knows that they have no
| privacy when in the wheelhouse operating hundreds of tons
| of steel. They do have privacy when not on watch.
| Regardless, decisions around safety are not made by what
| is "accepted by the crew".
| mcculley wrote:
| > "Idle chat" is important for safety.
|
| https://en.wikipedia.org/wiki/Sterile_flight_deck_rule
|
| I agree that the crew should feel free to chat. And when
| there is an accident, they should expect that the
| recordings are kept.
| notpushkin wrote:
| > during critical phases of flight
| consumer451 wrote:
| > Respectfully, it is your workplace in which you're
| responsible for the lives of thousands of people each
| week. I don't think it's unreasonable to keep proper
| tabs.
|
| Should all medical device software developers have the
| entirety of their working lives be archived in a similar
| manner?
| saalweachter wrote:
| Eh, as a software engineer, every piece of text I produce
| -- from chat to email to memes -- is sitting around,
| archived and backed up, for years if not longer, waiting
| to be combed through and potentially taken out of
| context. A great deal of that is social, idle chat, or
| complaining about my employer, or outright gossip.
|
| First they came for, etc, but they came for me a long
| time ago.
| AnimalMuppet wrote:
| But they're not archiving your chit-chat with your
| coworkers over the water cooler. For pilots, they are (in
| the cockpit). So I can halfway see the pilots' point.
|
| [Edit: I mean, _voice_ chit-chat. Just talking to each
| other. That gets recorded for pilots, and not for
| software engineers, no matter how long they keep our
| (text) chats for. Stuff gets said in person, by voice,
| that would never get typed out in a chat.]
| 0cf8612b2e1e wrote:
| I would be shocked if most companies are not maintaining
| long duration archives of employee emails, Slack, Teams,
| whatever medium.
|
| Chat logs are tiny.
| mulmen wrote:
| I'd be shocked if most companies are retaining these logs
| longer than the legally mandated minimum. This kind of
| information is radioactive from a legal perspective.
| Slack and Teams even advertise automated deletion as a
| feature.
| volkl48 wrote:
| Long-duration archives can be used against the company in
| a lawsuit - whoever's suing you would _love_ to get
| decades of material to look through to help make their
| case.
|
| As such, it's a large liability, and most companies
| retain those sorts of records for the minimum amount of
| time acceptable by law/regulation/customary expectations.
| consumer451 wrote:
| The equivalent of what you described is archiving your
| outputs. In flight, that would be a pilot's flight
| control inputs. That seems entirely uninvasive.
|
| The equivalent of an always-on cockpit voice recorder
| would be... screen recording all of your digital devices
| during working hours? And, turn a mic on just to be safe?
| saalweachter wrote:
| It's not just my work output, though.
|
| I'm a _programmer_ on a team with _other programmers_ ,
| many of us _remote_.
|
| We're not standing around a water-cooler talking. We're
| on team chats. We're reply-all'ing to email-chains. We're
| sharing memes. Half the time we talk across chat when
| we're sitting in the same room.
|
| These aren't formal design docs or code output [the
| analogy to flight controls], this _is_ our water-cooler
| talk, and it can all be subpoenaed in a variety of
| situations, to be read into court record and taken out of
| context for the rest of time.
| consumer451 wrote:
| That sounds like a fair point.
|
| But are all zoom calls required to be archived,
| specifically in the medical device industry?
|
| Certainly you have the option to make a phone call to a
| teammate, or walk over to someone if not remote, and say
| something without any record. Don't you?
| ghaff wrote:
| Which, if a company has a policy of recording all work
| communications, sounds a bit like you're bypassing the
| monitoring systems in place.
|
| Mind you, that is how people mostly work anyway. Even if
| I generally trust an employer to not be intrusively
| monitoring my communications, for anything sensitive I'm
| ideally going to talk in person or failing that, at least
| go with a personal cell call.
| saalweachter wrote:
| I mean, a pilot subject to constant audio recording could
| learn ASL, or scribble notes on a piece of paper, or
| whisper in someone's ear.
|
| But we aren't talking about how to circumvent monitoring.
| We're talking about working when your idle socializing
| (while working) is monitored and logged.
| theultdev wrote:
| Yes, and talks between air traffic control and pilots are
| recorded.
|
| Would you be okay with a recorder being beside your desk
| at all times? Catching every conversation, even personal
| ones?
|
| Currently it's your choice to participate in sending
| memes over email. You also have the choice to walk over
| and have a private conversation.
| mulmen wrote:
| > Eh, as a software engineer, every piece of text I
| produce -- from chat to email to memes -- is sitting
| around, archived and backed up, for years if not longer,
| waiting to be combed through and potentially taken out of
| context.
|
| If this is true your legal team is committing
| malpractice.
| pc86 wrote:
| You have no way of knowing this is the case unless you
| know where they work, the industry they operate in, the
| country they live in, the country their employer is
| domiciled in, and what agreements they've signed prior to
| and during employment.
| mulmen wrote:
| True I made an assumption and skipped the qualifiers.
| That's how I keep my comment word count below 450,000.
| dzhiurgis wrote:
| More akin to doctors and nurse rooms to be monitored
| which sounds fair.
| consumer451 wrote:
| Sounds like you will be a big fan of Neuralink
| Archive(r)!
|
| But seriously, why did you skip over the software devs?
| Their errors could kill many more people than a bad
| doctor.
| dzhiurgis wrote:
| Because software dev work is certified and doctors/nurses
| are allowed to do whatever they want - starting with
| patient abuse and ending with drug and alcohol abuse.
|
| Right now tons of public activity is monitored already
| but almost in all cases it's to catch customer abuse and
| never for business abuse. Monitoring everything 100% will
| become one of the greatest equalisers. Only people
| rejecting this are people in abusive power.
| streb-lo wrote:
| Social media has a way higher impact on human well being
| than aviation safety; maybe we should record all idle
| chatter and boardroom meetings of people working at these
| companies to ascertain liability when we finally realize
| they're akin to tobacco companies.
| t0mas88 wrote:
| Why do you think it's needed to record all conversations
| to "keep proper tabs"? That's purely a gut feeling based
| on no data at all.
|
| Aviation is by far the safest form of transportation. In
| the last 10 years of data (2012-2021) there were a total
| of 2 passenger fatalities on US airlines across several
| billion passengers for that time period [1].
|
| If you want to start recording workplaces to improve
| safety, there are a lot of industries to look at before
| aviation.
|
| [1]. https://www.airlines.org/dataset/safety-record-of-u-
| s-air-ca...
| lotsofpulp wrote:
| > If you want to start recording workplaces to improve
| safety, there are a lot of industries to look at before
| aviation.
|
| This is irrelevant to the discussion about recording
| pilots.
| lttlrck wrote:
| We already looked at policing. Police unions have a
| similar stance about body-cams? They are more invasive
| because they follow officers to the bathroom, and I am
| sure they're are safety/effectivenes stats that argue
| those are unnecessary.
|
| Most civilians don't seem to have much sympathy.
| t0mas88 wrote:
| Police unions indeed have similar objections. That's why
| police officers can turn their cameras on and off
| themselves, so they are not recorded when talking to a
| colleague or going to the bathroom:
| https://www.engadget.com/police-reform-bill-body-
| cameras-215...
| queuebert wrote:
| I've often thought we should record all surgeries so that
| the patient can view them later. Wouldn't you want to
| know what is done to your body while you're under
| anesthesia? Of course surgeons will fight this, but
| aren't we entitled to know what happens to our bodies?
| lotsofpulp wrote:
| Even just regular doctor appointments. People are paying
| hundreds of dollars for 5 minutes of a doctors' time, and
| they have no way to have someone double check if a doctor
| did or did not check something they should have.
|
| I have looked at my kids' pediatrician visit summaries,
| and they will state "doctor did this and that", when I
| know for a fact the doctor did not. So I have to send a
| mychart message to document that the doctor did not do
| those things.
|
| Now, I understand that excessive liability is probably
| driving doctors to do unnecessary things and so 95% of
| the time, there is no ill intent, but rather shrewd
| judgment of not wasting time, however writing (or copy
| pasting) a false visit summary is not the answer.
| mulmen wrote:
| I have never tried recording a doctor visit. Is that
| something a doctor would would resist?
| mulmen wrote:
| This is already a thing. My grandfather got a video of
| his cataract surgery. A friend of mine got a video of his
| arthroscopic knee repair.
| vimax wrote:
| And what are your thoughts on police body cams?
| skinkestek wrote:
| Not th0mas88, but my thoughts: police body cams are a
| whole different story.
|
| For one police officers are often able to turn on and off
| recording themselves, so it becomes as much of a
| protection for them as for everyone else. That is: if
| they are good police officers.
|
| Secondly, unlike pilots, the police force in many
| countries _does not have a stellar track record_.
|
| Edit: I do have some concerns. Yes, police brutality
| absolutely exists. But there also seems to exist a subset
| of the population - also represented here - who think
| police can be like superman and whenever they aren't
| that's because they are evil and enjoy harming innocents.
| t0mas88 wrote:
| Police body cams are not "always on", the officer turns
| the camera on when they're interacting with the public
| and turn it off when they're in their car talking to a
| colleague: https://www.engadget.com/police-reform-bill-
| body-cameras-215...
|
| So I guess they had similar objections to being recorded
| 24x7 and that was accommodated in the rules around body
| cams.
| Dah00n wrote:
| I can't follow the logic of how a recording is not
| stressful in the two hours it is stored, but then suddenly
| becomes stressful when it has been stored for 2+ hours?
| mulmen wrote:
| Then you lack imagination. Perpetual recording has a
| chilling effect on communication.
| ghaff wrote:
| Imagine you knew every on-the-clock interaction you had
| with a colleague was being stored away someplace that an
| unspecified number of people had access to as "needed."
| I'm pretty sure most developers here would object pretty
| strongly to such an arrangement (and would probably get
| onto ways to circumvent it).
| robertoandred wrote:
| Does anyone have privacy at work outside the restrooms?
| ghaff wrote:
| Assuming you're talking about a physical workplace?
| Yes... most places.
|
| When I go into the office to meet with customers or
| whatever, there aren't cameras and microphones
| everywhere. I can use a personal cell phone (which is all
| I have these days anyway). And, honestly, for something
| personal but not in any way getting into legal issues, I
| have no problem communicating over chat or a video call.
| thomastjeffery wrote:
| If the concern is privacy, then access should be the focus,
| not time.
|
| So long as the recording is properly encrypted, and the
| access is properly managed, privacy will be preserved.
|
| If those things aren't true, then there is a privacy
| violation, regardless of the 2 hour time constraint.
| benhurmarcel wrote:
| This already exists for aircraft parameters. Not audio.
| DrNosferatu wrote:
| [read me elsewhere]
| garciasn wrote:
| In this case it would be the airline pilot and/or flight
| attendant unions.
| spuz wrote:
| I can't find it now, but there was a Reddit thread from a US
| flight instructor at the time of the China Eastern Airlines
| crash of 2022 who had previously trained pilots in China. He
| claimed the airline policy was to record cockpit audio of
| every single flight and have multiple people review that
| flight for anomalies. Any deviation from the standard
| procedure was logged and marked against the offending pilot.
| The pilots were extremely reluctant to act outside the
| guidelines of their training in a way that this person
| thought put safety at risk.
|
| As you can imagine, this is not a situation that US pilots
| want to be subject to and they are probably right that safety
| would actually be made worse.
| meepmorp wrote:
| > Pilots have also opposed the move [to add 25 hr recording],
| with the union representing pilots for air-freight company Atlas
| Air telling the FAA the longer recordings would be an invasion of
| worker privacy.
|
| > "(It) would significantly infringe upon the privacy rights of
| pilots and other flight crew members, as well as drastically
| increase the likelihood that CVR recordings will be misused or
| disseminated without authorization," the union said in a Dec. 28
| response to the FAA's 25-hour proposal.
|
| I'm not sure I agree that flight crews of passenger aircraft
| should have an expectation of privacy while flying planes. It
| seems like one of those kinds of jobs where the risks involved
| and need to gather forensic data in the event of an accident
| should outweigh the pilots' privacy concerns. Maybe add some
| regulation w.r.t. disseminating the recordings outside of
| releases by the NTSB as part of accident investigations.
| JohnBooty wrote:
| It seems like one of those kinds of jobs where the
| risks involved and need to gather forensic data in the
| event of an accident should outweigh the pilots'
| privacy concerns
|
| Reading between the lines, I think the concern is that pretty
| much any flight might contain minute violations of things like
| the "sterile flight deck rule"[1] and it would probably be easy
| to find a reason to fire any given pilot if airlines could just
| comb through endless amounts of recordings.
|
| [1] https://en.wikipedia.org/wiki/Sterile_flight_deck_rule
| dylan604 wrote:
| If you're chitchatting in the cockpit and that causes things to
| get missed, that's very pertinent to the investigation. I don't
| care if that chitchat is about some sportsball banter, some
| personal info about relationships/work/etc, or anything. If you
| can't focus on the job while you're on the job, that's
| something that needs to be understood. So I'm very much in
| agreement that this privacy claim is nonsense when these
| "private" conversations directly affect the lives of 150+
| passengers/crew. It's not like a couple of coders chatting
| away. Lives are not on the line.
| wkat4242 wrote:
| Not chitchatting during takeoff, approach and landing is
| actually a requirement. It's called the sterile cockpit rule.
|
| https://en.wikipedia.org/wiki/Sterile_flight_deck_rule
| KolmogorovComp wrote:
| Could it be encrypted with a key only the NTSB has?
| badwolf wrote:
| Weird how the "privacy heavy" EU manages to have 25 hr
| recording requirements...
| burnerthrow008 wrote:
| Yea, weird how CVR recordings don't leak over there.
|
| You could probably overcome the pilot objections if there
| were real penalties for misappropriating the recordings, like
| they have in the "privacy heavy EU". As it stands _today,_
| the pilot objections aren 't really unreasonable.
| ginko wrote:
| How much data can 25h of voice and instrument recordings be? Even
| with multiple channels and uncompressed it can barely be more
| than a couple gigabytes.
| frakt0x90 wrote:
| Idk how the devices work but if you have to replace them to get
| the extra capacity, it would still cost the airlines money, and
| the FAA has historically been very friendly with airlines.
| peterleiser wrote:
| It's not about cost or technology. The pilot's union is
| against longer recordings.
| hef19898 wrote:
| And cost, according to a FAA quote in the linked article.
| Ekaros wrote:
| Retrofit would cost money. But mandating years ago that
| new planes and anything going throw certain levels of
| maintenance would have update would not be that
| expensive.
| FirmwareBurner wrote:
| Why is that?
| don_neufeld wrote:
| You're applying a technical standard to a people problem.
|
| The issue here is likely legal liability, as evidenced by the
| pilot's union opposition to longer recordings.
| polpo wrote:
| Given that Boeing currently has to ship planes to Europe with
| 25 hours of recording capacity, and that this plane is only a
| few months old, I'd guess it already has 25 hours of capacity
| and it's artificially limited to 2 because it was shipped to
| the US, due to the opposition from pilot's unions.
| hef19898 wrote:
| Not necessarily, could very well be that US planes are
| shipped without 25 hours of recording capacity.
| sleepybrett wrote:
| Don't be so dense. Even if that is the case, it it probably
| is not, there exists a certified flight recorder module
| with 25h capacity. They should not have to go through any
| 'soup to nuts' certification process for a new module with
| this capacity. They could simply take the current module
| they use in europe, give it a quick once over ( assuming
| european standards are at least as strict as american
| standards.. which i'm sure they are ) and say 'yup, buy and
| install those in all new craft'.
| hef19898 wrote:
| Aircraft certification is, well, peculiar. And believe
| me, modifying a delivered aircraft is nowhere near as
| easy as "install that certified box", because said box
| has to be compatible with the aircraft you want to
| install it on.
|
| And as I said, no idea how US-only aircraft differ,
| hardware and software wise, from their European airspace
| brethren. Do no, it is propably not as easy as going into
| maintenance mode and set a toghle from 2 to 25 hours on
| the voice recorder firmware.
| appplication wrote:
| Yeah, this is an inane, self-inflicted, and completely trivially
| solvable problem.
|
| The voice recorder overwrites itself on a two-hour loop. Two
| hours of voice data takes about a gigabyte of space at most.
| There is no technical barrier to right sizing this, and there is
| nothing special about the aerospace use case that prevents it.
|
| Why would anyone think a two-hour buffer for something so
| critical would be appropriate? And why would it continue to
| overwrite itself after it's grounded? Why is there no backup? Has
| it never been thought relevant to gather, say, an entire flights
| worth of data instead?
|
| This highlights a complete failure on multiple levels and an
| inability to critically think about the problem space. How much
| time was spent implementing a system that under most
| circumstances where it would be needed would render itself
| entirely useless?
| hattmall wrote:
| >most circumstances where it would be needed
|
| I think if the plane is still operational for 2 hours then the
| data is a lot less important than the alternative scenarios.
| mattmaroon wrote:
| In this particular case it doesn't seem very useful at all.
| The pilots had no idea why the door plug ejected. They landed
| the plane as per normal. They are still alive to tell us what
| they did know, which is probably nothing relevant.
| willcipriano wrote:
| > Why would anyone think a two-hour buffer for something so
| critical would be appropriate?
|
| Probably people in the 70s who thought having a recording at
| all is star trek stuff.
| pavlov wrote:
| That would be the same 1970s when the American president was
| forced to resign because of the extensive voice recordings he
| made.
|
| This wasn't sci-fi stuff even back then.
| washadjeffmad wrote:
| Tape recorders are a century old, and tape loops were how
| answering machines, toys, instruments like the Melotron, and
| many other devices worked until the digital era.
|
| There a lot of things today that are less human-usable than
| they were a half-century ago, but also much more flexible and
| less expensive. We're still in a weird transitional phase
| post-transistor.
| gruez wrote:
| From the article:
|
| >Debate about whether to adopt the longer recording standard
| weighs considerations about cost and privacy implications
| against safety.
|
| >The U.S. FAA has previously rejected the NTSB's call for
| mandating the retrofitting aircraft with new cockpit voice
| recorders, saying the costs would be significant at $741
| million versus $196 million under incremental upgrades it
| proposed.
|
| >Pilots have also opposed the move, with the union representing
| pilots for air-freight company Atlas Air telling the FAA the
| longer recordings would be an invasion of worker privacy.
|
| Whether or not a "technical barrier" exists is a non-sequitur.
| Just because you can get a $10 audio recorder on aliexpress
| that records 200 hours, doesn't mean it takes $10 to implement
| this change per plane.
| amelius wrote:
| > Whether or not a "technical barrier" exists is a non-
| sequitur. Just because you can get a $10 audio recorder on
| aliexpress that records 200 hours, doesn't mean it takes $10
| to implement this change per plane.
|
| I bet many investigators would be very happy with the
| aliexpress implementation ...
| rob74 wrote:
| In _this_ case the aliexpress implementation would have
| worked, but not in cases where the aircraft is literally
| pulverized on impact, like in the 737 MAX crashes of 2018
| and 2019 (https://en.wikipedia.org/wiki/Ethiopian_Airlines_
| Flight_302 - "The aircraft impacted the ground at nearly
| 700 miles per hour (610 kn; 1,100 km/h) [...] Both the
| cockpit voice recorder and the flight data recorder were
| recovered from the crash site on 11 March.")
| freeopinion wrote:
| You've constructed a false dichotomy. You can have the
| current 2-hour system and a cheap 24-hour system at the
| same time.
|
| Then you can gradually harden the new addon. This could
| be a way to make it all even more expensive.
| hef19898 wrote:
| I hope you don't design avionic systems, or any other
| safety critical piece of hard or software...
| striking wrote:
| Hardware is hard. There are so many more things that can
| go wrong.
|
| If your cheap 24-hour system decides to self-immolate, it
| might be the cause of the incident rather than just help
| determine what the cause was.
| LewisVerstappen wrote:
| You can make up 1000 different potential failure modes to
| try and make yourself feel smart.
| mulmen wrote:
| And you can ignore those failure modes and kill hundreds
| of people at a time.
| hef19898 wrote:
| I am fairly certain NTSB flight incident investigators
| understand fully well the safety implication of integrating
| an AliExpress recorder in the avionics suite of an
| aircraft. And wouod hence oppose such an idea quite
| strongly.
| dclowd9901 wrote:
| Counterpoint: what price would it have to cost to make it not
| worth doing? I contend the actual cost will almost invariably
| be less than that.
| peteradio wrote:
| If privacy is the concern then it seems it would need to be
| bound to a certain protocol where in the event of an anomaly
| the transcript continues on for some extremely long time
| effectively unbounded by typical flight scenarios. The
| current situation acts as a backdoor to deletion.
| bpicolo wrote:
| It makes sense that retrofitting is expensive - that's labor
| and plane downtime for 5-7k commercial jets.
|
| This airplane was brand new. It should be using something
| more modern.
| smallmind wrote:
| Cost of retrofitting? This particular Alaska MAX 9 is a plane
| that was just built and delivered late 2023. The 737 MAX
| family only went into service in 2017.
|
| Im starting to wonder if the yet to be certified 777X will
| store for more than 2 hours as it takes 16 hour flights.
| hef19898 wrote:
| 25 hours if sold (operated?) to EASA regulated carriers.
| gen3 wrote:
| It doesn't need to be a cheap aliexpress recorder. Couldn't
| they just drop in whichever 25hr recorder is used in Europe?
| Already tested and probably installed in the same type of
| plane
| glitcher wrote:
| > the longer recordings would be an invasion of worker
| privacy
|
| Workers responsible for multi-million dollar machines and
| sometimes hundreds of human lives. I doubt anyone but the
| pilots care one bit about their on-the-job privacy.
| hef19898 wrote:
| I do. Because pilots being worried about what they say in
| the cockpit can have a negative impact on their reaction
| times, behaviour and crew management. All.of ehich can
| negatively impact flight safety. I want my pilots to feel
| comfortable while flying.
| paranoidrobot wrote:
| The privacy concerns can be mitigated by some rule
| changes.
|
| Mandate the 25hr recording duration.
|
| Mandate that full playback can only be done for accident
| investigation purposes By NTSB, unless requested by the
| crew(s). Some limited duration carve-out to allow
| maintenance crews to listen to last 15 mins to verify
| operation.
| hef19898 wrote:
| Agree. And I assume that in this case unions would oppose
| the 25 hour recordings.
| hef19898 wrote:
| Too latebto edit: I mean Union wpupd _NOT_ oppose 25 hour
| recordings, if privacy and labor concerns would be
| properly adressed.
| t0mas88 wrote:
| Indeed. This is how it works in Europe, with a 25 hour
| recording requirement for aircraft manufactured after
| 2021.
| t0mas88 wrote:
| The problem with your viewpoint is that all major air
| carriers are unionised. So the opinion of the unions on
| privacy is a lot more important than what "anyone but the
| pilots" thinks about it.
| mulmen wrote:
| Is unionization really a problem though? I'm ok with the
| status quo where flight crews have a say in aviation
| safety but random Internet commenters don't.
| t0mas88 wrote:
| No not at all. I meant unions are a good thing here,
| giving flight crews a say in things affecting their
| workplace instead of random internet commenters deciding
| they would like to record everything.
| flandish wrote:
| > privacy
|
| That's silly. And we all know it. Nothing in a cockpit is
| "private" in this regard when it comes to transport of
| hundreds of people.
|
| > cost
|
| There it is. That's all it ever is. If the cost of doing it
| right is higher than the fines of gambling with doing it
| wrong, the wrong way will always be chosen.
|
| This is bog standard corporate life under capitalism.
| SoftTalker wrote:
| This is incorrect. It's not cost, if cost were the concern
| we would not have recorders at all. Cearly the cost of a
| longer recording is inconsequential once you have agreed to
| install a recorder at all.
|
| It is about privacy, it's easy to verify the history of
| pilot's unions concerns and objections.
| flandish wrote:
| > at all
|
| Incorrect. This is a struggle of ratio between regulation
| and lobby..
| purpleblue wrote:
| If pilots have a privacy problem with it, then put the onus
| on pilots to not forget to turn off the recording. If they
| forget, they should be held accountable, ie lose their
| piloting license. Otherwise, they can't have it both ways,
| saying "we need our privacy" and also "it's not our fault we
| forgot to save the recording!"
| t0mas88 wrote:
| Easy to armchair quarterback. But it's quite reasonable for
| the overall workforce to have some objections against 24x7
| recording of everything they say. I'm surprised the Hacker
| News crowd, often quite pro-privacy and anti tracking, does
| not understand that.
|
| And then suggesting to revoke the licenses of a crew that
| at one of the most stressful moments in their career, right
| after a major incident, forgets to pull a circuit breaker
| is ridiculous. Luckily that is not how things in the
| aviation industry are done.
| Ekaros wrote:
| On other hand I don't find 25 hours being recorded
| unreasonable with some of the very long flights we now
| have like 17-19 hours. Something early in flight could be
| critical clue in incident analysis.
| t0mas88 wrote:
| Indeed, the FAA has just proposed to start doing that for
| new aircraft. Same as Europe where this has been put in
| place for aircraft manufactured from 2021 onwards.
|
| The problem in the US is that there has also been more
| disciplinary use of the recordings (by the company, not
| the NTSB). In Europe things are a bit more strictly
| regulated and there wasn't any resistance to the 25 hour
| change.
| stronglikedan wrote:
| unions. necessary, but often given too much leeway to overstep
| hef19898 wrote:
| And costs, so airlines and the pilot unions are fully
| alogned, in the US, on that question so far.
| wolverine876 wrote:
| What about management? Congress? It's an issue of power, not
| of unions.
| cfeduke wrote:
| > Why would anyone think a two-hour buffer for something so
| critical would be appropriate?
|
| This sort of negligence is intentional. My guess would be it
| started as a requirement for analog recording and was carried
| over without change and purposefully left at two hours when
| equipment went digital. The fact that EU has a 25 hour length
| requirement and the FAA refuses to update their rules to extend
| to some reasonable length tells us everything we need to know
| about this situation.
| chasd00 wrote:
| > The fact that EU has a 25 hour length requirement and the
| FAA refuses to update their rules to extend to some
| reasonable length tells us everything we need to know about
| this situation.
|
| i'll bet lunch the actual recorder hardware in the airplanes
| is the same with the only difference being a knob set to EU
| rules or FAA rules.
| frumper wrote:
| It doesn't sound like they're refusing to do it. It's
| currently in the comment period.
|
| https://www.reuters.com/business/aerospace-defense/us-faa-
| wa...
| marsRoverDev wrote:
| Same reason why the car industry encountered chip shortages,
| despite there being plenty of chips. They don't want to have to
| go through the time and expense of re-certifying everything due
| to all of the red tape. As a result, you end up with the system
| "that always worked fine".
| panick21_ wrote:
| Learning more and more about all these air accients, there is
| so much that has improved about plane safety and how good it is
| and so on. But then there are some fucking baffling omission.
|
| Its unbelievable how often the voice recording gets
| overwritten. This has been a problem for literally decades. How
| this is not solved is mind blowing.
|
| This would be trivial to store, and trivial to upload. People
| have wifi in the plane but somehow we can't upload a few voice
| recordings and other flight data. (and before somebody jumps on
| me, yes its not 'trivial' but its a hell of a lot easier then
| about 1000 other things a modern plane does). And private as an
| argument doesn't' really work either.
|
| The amount of valuable data lost is mind blowing. Not just in
| cases where things fail, but also in cases where everything
| goes right.
|
| And then, somehow they don't have cameras that allow pilots to
| see the engines and other vital parts of the plane. Somehow
| passenger can fucking watch movie. But if a captain wants to
| know if the engine fell of the plane they have to send somebody
| from the cabin crew to run around and look out of the window.
| kube-system wrote:
| > Why would anyone think a two-hour buffer for something so
| critical would be appropriate?
|
| For the most severe incidents, recording stops at the end of
| the incident. The current two hours is an increase of the
| previous 30 minutes. The old 30 minute limit made a little more
| sense at the time considering the mechanical nature of the
| recorders at that time.
| phil21 wrote:
| Airline pilot privacy.
|
| CVRs were always highly contentious when introduced, due to
| exactly the situations you see today in the media. The pilot
| unions were concerned that these recordings would be released
| to the public, both out of context and releasing private
| personal data not relevant to the public - especially if
| anything at all salacious could be found.
|
| There were strict protections about CVR data never being
| released, but of course those restrictions more or less no
| longer exist today in reality - leaks abound.
|
| I think those that dismiss this concern entirely are the folks
| who cannot think critically. It highlights a legitimate concern
| for workplace privacy, of which the Overton window has shifted
| _drastically_ into less privacy expectations over my lifetime.
| The public will nearly unanimously call for 25 hours here, but
| this was not the case even 40 years ago.
|
| I think the benefit outweighs the concerns in this particular
| case, but you are now seeing the same fight regarding cockpit
| video recorders. I can't say the pilots are wrong given the
| history of CVR data breaches.
|
| If I were a pilot I'd grudgingly support the existence of the
| CVRs, but I can't say I'd really like the idea. I've seen how
| sound bites get taken completely out of context and sound worse
| than they were intended at the time. I've also seen how CVR
| data is absolutely critical in resolving some accidents. It's
| all a tradeoff, but certainly not an immediately obvious one
| unless you value privacy at zero.
|
| Edit: The idea behind the 2 hours thing, was that 2 hours would
| be plenty of time to record anything relevant to an actual
| accident. Either the plane is in pieces and recording has
| stopped, or the recordings get pulled on successful landing
| after declaring emergency. The entire intent was to limit what
| was available to _only_ the accident sequences - not general
| chit chat 5 hours prior to any event while they were waiting
| for taxi clearance. Technical limitations at the time also didn
| 't hurt this argument.
|
| Also I think it's good to point out that relying on the pilots
| to pull the breaker after an incident is not ideal and one of
| those things that the union has absolutely kept in as a
| feature, not a bug. This has obviously been abused.
| panick21_ wrote:
| > I think those that dismiss this concern entirely are the
| folks who cannot think critically.
|
| So if you don't agree, you can't think critically. Got it.
|
| Or maybe, we did think about it critically and simply don't
| agree.
|
| There are various way this can be solved. We have modern
| encryption that could make this far, far safer then it is
| today. We have methods from data leaking. We have process to
| only allow data to be decrypted if required.
|
| This would actually force us to really think critically about
| who has what access when. In planing this the airlines,
| unions, FAA should sit together with some technical experts
| and think of this critically.
|
| This seems less complex to me then a modern high bypass turbo
| engine.
| phil21 wrote:
| > There are various way this can be solved. We have modern
| encryption that could make this far, far safer then it is
| today. We have methods from data leaking. We have process
| to only allow data to be decrypted if required.
|
| There are not. You cannot solve a social problem with a
| technical solution. If the data exists, it can and likely
| will be used.
|
| > This highlights a complete failure on multiple levels and
| an inability to critically think about the problem space.
| How much time was spent implementing a system that under
| most circumstances where it would be needed would render
| itself entirely useless?
|
| I was responding in particular to this. It does not
| highlight an inability to think critically unless you value
| privacy at zero and only look at these recordings as a
| technical problem. Under most circumstances when it's
| needed this system has functioned exactly as designed. You
| read about the failures because they are the exception.
| Believing that CVRs as-designed fail under "most
| circumstances" would be a lack of critical thought to me. I
| was limiting my scope to this statement.
|
| I would actually agree with you in general if for not that
| comment. It simply means we disagree. But it surely does
| not mean no one has thought critically about this subject
| when it was introduced or since.
| panick21_ wrote:
| > There are not. You cannot solve a social problem with a
| technical solution. If the data exists, it can and likely
| will be used.
|
| Except in reality we use often use technical solution to
| solve social problems. Or rather technical capabiltiy
| gives us the means to approach a social problem in a
| different way.
|
| > unless you value privacy at zero
|
| The assumption that privacy is 100% impossible if
| something is recorded and stored is simply categorically
| false.
|
| > only look at these recordings as a technical problem
|
| I didn't do that. I suggested that the FAA, the Unions,
| the Airlines and the manufactures sit together and come
| up with a solution of what the exact data access policies
| are.
|
| > Under most circumstances when it's needed this system
| has functioned exactly as designed.
|
| And yet when going threw the history of air incidents,
| there are lots of cases where this isn't the case. Most
| isn't good enough.
|
| > You read about the failures because they are the
| exception.
|
| Sure and a server crashing is the exception, and yet
| somehow most of use still run 2 server if we want things
| to work continuously.
|
| The argument 'mostly its fine, its just occasionally that
| a couple 100 people die and we don't know why' just
| doesn't work for me. Yes in most cases its not that
| dramatic, but it would still be very useful.
|
| > . Believing that CVRs as-designed fail under "most
| circumstances" would be a lack of critical thought to me.
| I was limiting my scope to this statement.
|
| Fair.
| otterley wrote:
| What privacy? They're recording conversations made in company
| livery while getting paid on the job, with notice of that
| fact in advance. If the recorders were recording them after
| they exited the plane that'd be a cognizable privacy
| violation, but that's not what we're talking about here.
| sokoloff wrote:
| Are we willing to have our cubicle conversations recorded
| while we're on the job to increase the data available in
| the event of a software defect?
| otterley wrote:
| It depends. Are people's lives at stake?
| xethos wrote:
| Are you willing to have a camera pointed at you - not
| other drivers, _you_ - as you drive to and from work
| every day? People 's lives are at stake, driving is
| objectively more dangerous than flying, and it can be
| tied to work by the simple reason that you wouldn't be
| behind the wheel if you weren't heading to or from work.
|
| This smacks of "Privacy for me but not for thee", to say
| nothing of the effect it would have on the perpetual low-
| level pilot shortage due to things like working
| conditions.
| otterley wrote:
| It depends. Am I at work and being paid as a professional
| driver?
|
| > the perpetual low-level pilot shortage due to things
| like working conditions.
|
| There are a lot of pilots "waiting in the wings" at
| smaller carriers, currently being paid peanuts, to get
| nice cushy jobs at major carriers with union protections
| who won't mind having their voice recorded and stored for
| 24 hours while on the job behind the yokes.
| sokoloff wrote:
| The _vast_ majority of pilots at those regional carriers
| are _already_ represented by a union: ALPA.*1
|
| That union opposes cockpit video monitoring and has
| opposed the extension of CVR recordings.*2
|
| *1 - https://www.alpa.org/en/about-alpa/our-pilot-groups
|
| *2 - https://www.flyingmag.com/faa-proposes-extending-
| cockpit-voi...
| xethos wrote:
| Don't forget frequently leaked out of context, for all
| the laymen and public to gawk at, and cast judgement upon
| those involved. "This is normal" say industry experts,
| "and your second quote is missing some _very_ important
| context. None of which most HR departments will hear
| about, leaving me objectively worse off searching for a
| new job. "
|
| Tech-bros will read this and say nobody died due to their
| software, but that's neither true nor the point. Giving
| every supposedly private interaction at work a chance to
| leak only sounds reasonable when it's not you
| Terr_ wrote:
| While I value my privacy at the office, these kinds of
| comparisons need a bit more work to become apples-to-
| apples. Consider:
|
| 1: Are we clicking buttons that could kill hundreds of
| customers without any chance of it being stopped by
| external oversight and review? To underscore the danger,
| is the cubicle secured by an anti-terrorist door which
| was installed after thousands died when terrorists
| attacked a similar cubicle before?
|
| 2. Are the recordings specially sequestered and regularly
| overwritten by default, as opposed to being kept
| indefinitely in a big database for anybody in my
| reporting chain to look at on a whim?
|
| _____
|
| For example, if I was "coding" inside the control room of
| a nuclear power plant and developing scripts to help
| automate the next hour of control-rod movements, I think
| I would be _wayyyy_ more accepting of a 24-hour disaster
| recording loop in a box for the US Department of Energy.
| phil21 wrote:
| This is exactly the Overton window I mentioned.
|
| Your opinion/take on this is relatively new. While
| technically (legally) correct, there was a whole lot of
| social pushback on this statement or idea even in my
| lifetime.
|
| This take on workplace privacy has not been the social
| standard for very long, and is certainly not a universally
| shared opinion.
|
| Edit: To avoid comment spam here on an irrelevant side-
| subject. I didn't say it was a regression or a bad thing. I
| simply am pointing out it has massively shifted in a
| relatively short period of time. There was serious public
| debate about introducing these at all just a generation
| ago. Now it's seen as completely normal to have your entire
| workday recorded with zero expectation of privacy. It's a
| rather drastic shift in society.
| SoftTalker wrote:
| The pilots have a union. A lot of people here seem to like
| the idea of unions. The union negotiates with the airlines
| (and FAA) over working conditions, rules, and terms. The
| pilots have privacy concerns about the voice recordings,
| the union negotiated that, and the compromise was the two-
| hour recording.
| llm_nerd wrote:
| >I think those that dismiss this concern entirely are the
| folks who cannot think critically
|
| I will absolutely, unreservedly dismiss the concern of a
| pilot for privacy in the cockpit _because_ I can think
| critically. The notion that someone deserves privacy in the
| cockpit of commercial aircraft is outrageously silly and
| utterly indefensible. Pilot your own personal aircraft if you
| want that privacy.
|
| And there is absolutely an "Overton window", but it is wrong
| to think that whatever way it moves is a regression or
| worsening (which is the classic "everything is always getting
| worse" melodrama). Sometimes the way things are is not
| rational or optimized, but just _are_.
|
| The 2 hour thing was nothing but a technical limit (a literal
| loop of magnetic tape), and every other justification is
| retconning.
| phil21 wrote:
| > The 2 hour thing was nothing but a technical limit (a
| literal loop of magnetic tape), and every other
| justification is retconning.
|
| The 2 hour thing was 30 minutes when it was magnetic tape.
| It moved to digital a while ago and that's when the unions
| negotiated it to 2 hours after some incidents. The 2 hour
| limit was not based on anything technical that I'm aware
| of.
|
| The privacy stuff is absolutely not reconning. Heck, it was
| pretty much the most talked about topic over the water
| cooler when I was doing some IT contract work for ALPA in
| my teens.
|
| My memory is certainly fuzzy but not quite that fuzzy.
| sokoloff wrote:
| > recordings get pulled on successful landing after declaring
| emergency
|
| Declaring an emergency (standing alone) should not be a
| reason to pull the CVR, IMO. There should be an aviation-
| safety related reason at a minimum. (Declaring an emergency
| to facilitate expedited handling for a passenger medical
| emergency should not trigger a need to preserve the CVR
| recordings, as one concrete example.)
| jonas21 wrote:
| Additionally, this might make pilots more reluctant to
| declare an emergency, which would have a negative impact on
| safety.
| sokoloff wrote:
| Indeed! It's mind-blowing the number of conversations
| I've had online and in-person where pilots say something
| like "I didn't want to declare an emergency, because I
| didn't want to do a lot of paperwork." Invariably,
| someone (sometimes me) asks "for those of us who _have_
| declared an emergency, how much paperwork was involved? "
|
| In ~95% of declared emergencies, there is zero paperwork
| or followup required. In over half of them, the pilot
| _elected to_ (voluntarily but advisedly) fill out a NASA
| ASRS form (which is about a 15 minute task and something
| they probably would have done under the same
| circumstances without the emergency declaration). (
| https://asrs.arc.nasa.gov/docs/ASRS_ProgramBriefing.pdf )
| bombcar wrote:
| The paperwork is often NOT government mandated; there may
| be corporate mandates, too around it.
|
| (I've technically declared pan-pan once, there was no
| paperwork.)
| tialaramex wrote:
| This might well be somewhere that you can improve with
| training. It reminds me of the situation for CAPS (the
| Cirrus Airframe Parachute System, a ballistic parachute
| for Cirrus small planes). Once you train pilots to
| specifically _plan_ to use CAPS _when_ things go wrong,
| rather than relying on them realising in time _after_
| something has gone wrong but _before_ fatal injury is
| inevitable that the CAPS can save them, you get
| significant improvements in save rates.
|
| It may be that training pilots specifically to declare
| emergency as soon as there's a problem rather than
| waiting until they're sure they can't solve the problem
| and need outside assistance will improve overall safety
| outcomes.
|
| There's a tragic case I watched a safety video about
| where the private pilot, very low on fuel, asks if he can
| land at a (closed) airbase whose traffic controller he's
| talking to. The base's controller says he cannot land
| unless he's an emergency. That was his last chance to
| survive, all he needs to do is say he's an emergency -
| "I'm on fumes, I need to land right now" she'd turn the
| base's lights on, he puts it down on a strip that's not
| meant for civilians and maybe he spends the evening
| explaining to some MPs how he fucked up - but he's not
| dead. Instead he accepts this as a "No" and flies on for
| a few more miles until he runs out of fuel and crashes.
| sokoloff wrote:
| Indeed the improvements in Cirrus training and
| communications has had a fleet-wide positive effect. I do
| think calling all of the no-life-lost deployments "saves"
| is disingenuous at best and more likely intentional
| shading of the truth. We don't call every airbag
| deployment without loss of life a "save" but we can draw
| database-wide conclusions about how many net lives were
| saved. In CAPS case, I don't believe the most accurate
| estimate of lives saved (vs a counterfactual where the
| airplanes did not have CAPS) is 258 across 126 events, as
| many of those occupants would have also survived the
| event without CAPS.
|
| PS1: I saw what I think is that same ASF video (
| https://youtu.be/fLlWf-Fk_YM?t=10m ). Really frustrating,
| especially how obvious it was an emergency to everyone
| except the two people on the radio (where the bulk of
| blame belongs to the pilot of N4975S.
|
| PS2: One of my instructors was in CAPS Event #59. I
| talked to her afterwards; she was a fan. :)
| grotorea wrote:
| I think the problem is that the CVR is supposed to stop after
| landing but there are many successful landings where this is
| skipped, either because of overwork like here or because the
| pilots discounted the situation.
| sdh9 wrote:
| Every airplane type is a bit different, but typically, if
| the aircraft is powered then the CVR is recording. Even if
| it's at the gate with nobody onboard-- the CVR does not
| know nor care.
|
| The only way to stop the CVR from recording is to depower
| the airplane (which is one of the steps you take prior to
| an emergency evacuation) or to pull the circuit breaker if
| the airplane needs to stay powered.
|
| A pilot would never pull the circuit breaker without
| confirmation from management or safety to do so. It's just
| not done routinely. Depending on the airline, it may not
| even be the pilot's responsibility to do so. Every airline
| has a binder (likely, several binders) full of procedures
| to follow after a NTSB-reportable accident. No one person
| is expected to do the job of many.
| Fatnino wrote:
| Seems like a decent compromise would be to record a 2 hour
| loop but as soon as the words "declaring emergency" or
| similar are detected it stops looping and just records
| everything till the storage is full. Say 25 hours worth. The
| point being that at the end of 25 hours it's no longer
| recording as there is no chance of anything relevant still
| being said at that time.
|
| Could even have some indicator in the cockpit that it's in
| emergency mode for the pilots to turn it back to loop mode in
| case of a false positive.
| mulmen wrote:
| Pilots aren't stupid. You have created a disincentive to
| declare an emergency and added to the crew workload in an
| emergency. Human systems are complicated.
| grotorea wrote:
| This pilot with a popular youtube channel about aviation and
| air disasters has an video on the topic, if you want a pilot's
| perspective on something that as a techie seems obviously
| outdated in 2023: https://www.youtube.com/watch?v=qMWZCuTQpds
|
| At least the voice recorder is 2 hours instead of half an hour
| now. But watching those incident videos I've seen a couple that
| ended up being investigated but the pilots didn't pull the
| circuit breaker and the investigation was based on the flight
| recorder, specially in those cases where things end up fine.
| Sebb767 wrote:
| Would the CVR have helped in this specific situation? I'd assume
| this was a flaw of the plane and the lack of recording is
| probably not that big of an issue.
| wkat4242 wrote:
| No, but it would tell a lot about the response of the pilots,
| and whether they took any actions that might have endangered
| the plane more, even though the outcome was good.
| rogerbinns wrote:
| > Would the CVR have helped in this specific situation?
|
| In the next one, yes. Note the goal is not to do blaming and
| shaming, but to reduce anything similar happening, and to
| increase effectiveness of response. For example did multiple
| alarms go off, so it took longer for the crew to establish what
| the problem was? How quickly and effectively did the crew
| respond to the problem, and did the procedures they followed
| work effectively? How saturated were the crew with things to
| do? How well did training scenarios correspond to the actual
| event? How well did CRM work? [1]
|
| As a result of looking at those, changes like the following
| could be made (and have been done as a result of previous
| investigations):
|
| * Updating how alarms are prioritised and presented
|
| * Updating flight management systems
|
| * Updating the procedures to troubleshoot and respond to this
| kind of event
|
| * Reducing workloads
|
| * Updating training scenarios
|
| * Using the incident as a good example of something being
| handled
|
| [1] https://en.wikipedia.org/wiki/Crew_resource_management
| joot82 wrote:
| Probably not, but with a 25 hour recording window one could
| make sure that the previous crews did not notice any
| irregularities (that they might not have reported) or anything
| else that might have lead up to this incident. That's pretty
| mind boggling that a modern age voice recorder doesn't even
| support storing the timespan of an intercontinental flight.
| yread wrote:
| In this case the decompression blew away the reinforced cockpit
| door and the rushing air took away their checklist (and almost
| a headset) so they had to use the reference handbook (and/or do
| stuff from memory) so it would be interesting to hear how
| exactly it went. Also their communications were a bit confusing
| (no mayday?!) perhaps it was discussed in the cockpit.
| sowbug wrote:
| I'm reminded of the Gell-Mann Amnesia effect when I read the
| comments that express outrage at how technically easy it is to
| have longer recordings from the microphone that your employer has
| installed at your desk that automatically records everything you
| say at work.
| michael_j_x wrote:
| well, they do record my slack messages for 2-3 months, and I am
| ok with that, even though that's my main method of
| communicating with my colleagues, and includes a number of
| personal conversations with them. Now, if my work required me
| to be able to verbally communicate with my colleagues, and the
| consequence of miscommunicating was the loss of 100s of lives
| and millions in property, then I would expect them to record
| every single thing I said, spoken or written, judiciously.
| wkat4242 wrote:
| This two-hour thing also means that if we ever find MH370 we will
| still never know what actually happened at the beginning of the
| flight when it diverted.
|
| It really should have enough to save at least the longest flight
| possible.
| __m wrote:
| Depends on how quickly the captain was able to disable the CVR.
| wkat4242 wrote:
| That assumes the prevailing theory of malicious pilot was
| correct. Indeed if he did manage to turn it off early it
| might have contained something.
|
| However if that theory is indeed true, it's clear that he
| wanted to disappear without a trace. In that case it would
| have made sense to keep it running especially because it only
| keeps the last 2 hours.
|
| But yeah if it had been longer he would have turned it off in
| that scenario. It would be best if the CVR had a backup
| battery (and internal protection is that shorting out). In
| fact I remember reading in several admiral Cloudberg articles
| that the CVR and CDR data was incomplete due to bus power
| loss during accidents.
| jbverschoor wrote:
| well well, what a surprise.
| __m wrote:
| Charlie Victor Romeo https://charlievictorromeo.com/
| bookofjoe wrote:
| This interests me as a former neurosurgical anesthesiologist (38
| years; retired in 2015). If you told me the anesthesia machine
| will have a microphone that will record voice in addition to the
| various physiological parameters recorded by the myriad monitors
| on the machine, I wouldn't have any problem with it.
| DrNosferatu wrote:
| How convenient...
| olliej wrote:
| oh ffs, the fact that it's only 2 hours remains stupid: these
| same aircraft are sold in the eu that apparently requires more
| than that, it's clearly not some hard engineering problem,
| presumably someone doesn't want to pay $50 more per aircraft.
|
| But add to that the requirement that pilots have to remember to
| pull the CVR fuse to stop it overwriting, and then the malicious
| case where pilots have seemingly intentionally pulled the CVR
| fuse prior to illegal actions in order to disguise those actions,
| this is clearly a beyond brain dead system.
|
| The local recording should be more than two hours, but these days
| there's no justification for it not _also_ being continuously
| uploaded.
| DrNosferatu wrote:
| It's technologically trivial, today, to perform an automated
| secondary backup (local or otherwise - but ideally remote) of
| days - months, years - of this telemetry and voice recorder data.
|
| (as well as to keep it private & encrypted, and only accessible
| with a warrant from a judge)
|
| If the FAA does not mandate, _at least_ , this from now on, it
| will just add to the pile of evidence that they are in Boeing's
| pocket.
|
| PS: _Secondary_ backup. No existing system has to change. Just an
| outer layer of backup tapping into the existing data recording
| loop.
| DrNosferatu wrote:
| PPS: Give me USD 15M + 10K per aircraft + 10 cents per
| transported/flown passenger ever protected by this System, and
| I'll design and implement it for you - with quadruplex
| redundancy.
|
| (disclaimer: _Founder_ tier pricing. General pricing may vary -
| up)
| hef19898 wrote:
| This comment is peak HN arrogance, or pretty close to it...
| DrNosferatu wrote:
| Oh, but you haven't seen nothing yet - what about, on top
| of that, even some extra credibility:
|
| Former NASA Engineer, baby B-)
| hef19898 wrote:
| Impressive. Just tell me, when did NASA develop and build
| civilian aerospace components?
| DrNosferatu wrote:
| Not the point - these are just peak HN arrogance
| credentials ;)
| hef19898 wrote:
| Absolutely the point, because none of what you propose is
| easy, let alone trivial... As you would know if you came
| close to civil aerospace development, certification or
| change management.
|
| You also ignore that it is more a policy than a technical
| problem, Europe has 25 hours and not 2 like the US. No
| idea how easy it is to retrofit the 25 hours into US
| certified aircraft with 2 hour recording, which might
| pose another problem.
|
| Bit hey, use your NASA credentials, apply to YC or any
| other VC, and launch your "trivial" tech solution.
| DrNosferatu wrote:
| Thanks for the venture offer, but I'm busy frying bigger
| fish right now.
| barbazoo wrote:
| I read it more like an annoyed take on the aviation
| industry's change management process.
| mulmen wrote:
| Based on my experiences with modern technology I don't
| want aviation learning anything from tech.
| uticus wrote:
| Actually I found it makes a great point.
|
| > peak HN arrogance
|
| Take peak HN arrogance, balance it against peak
| bureaucratic promises plus peak actual cost, and let me
| know what you come out with.
| DrNosferatu wrote:
| Is it arrogant to wish to survive a common civilian
| airplane flight?
| hef19898 wrote:
| No, but pretty ignorant to propose something that makes
| it easier to investigate crashes and incidents while
| having zero impact on incident prevention.
| mulmen wrote:
| Assuming zero impact is the arrogance. These systems are
| complex and human. You can't make changes without side
| effects. Nothing is free and actions can have unintended
| consequences.
| jacamera wrote:
| I had assumed it was satire so you're absolutely right if
| it was not!
| DrNosferatu wrote:
| How dare they!?
| Grazester wrote:
| Well I think that one flew right over your head. Something
| Boeing couldn't achieve, so clearly the poster must have
| worked for Nasa.
| ofcrpls wrote:
| Err - it is an EASA requirement that Boeing already
| conforms to, I believe.
| selimthegrim wrote:
| I think he was punning about the flying over the head
| being something Boeing couldn't achieve
| fred_is_fred wrote:
| Someone just invented DropBlackBox.
| DrNosferatu wrote:
| I'll make sure you get some royalties for that name
| suggestion ;)
| uticus wrote:
| BBaaS
| jaredwiener wrote:
| Just get an FTP account, mounting it locally with
| curlftpfs, and then using SVN or CVS on the mounted
| filesystem.
|
| /s
| froh wrote:
| rcs. you meant rcs. and uucp.
| oneplane wrote:
| But it needs to be more enterprise-y, X.400 with maybe
| X.25 should do nicely.
| justinkramp wrote:
| ...rsync
| abduhl wrote:
| >> only accessible with a warrant from a judge
|
| What's your technical solution to this aspect? The solution
| must be "technologically trivial" which I take to mean
| implementable today or in the near future with no change to how
| current regulations or laws work or to how current workstreams
| outside of the secondary backup system work (i.e., no change is
| required like having the judiciary start using crypto). We are
| also using the strict definition of "only." It should be
| technologically impossible for any person or entity to access
| the data without a warrant.
| DrNosferatu wrote:
| I mean my System will have a layer of encryption protection.
| And if the FAA, Unions, etc., so wish, it can be made to
| completely preserve privacy and only unlocked when the
| applicable judiciary (or whoever) sees fit.
| abduhl wrote:
| So you don't have a technical solution. Got it.
| DrNosferatu wrote:
| But I absolutely do:
|
| Elective during (and after) the System's procurement, you
| can also option it with a "Board-of-Trustees-as-a-
| Service" to decide when to open the Seal of Privacy and
| disclose the System's Recordings - if ever.
|
| (prices for this option are in Swiss Francs)
| Thrymr wrote:
| Or they could just implement the 25-hour recorder like they
| have in Europe. This was a policy choice, not a technical
| limitation.
| spuz wrote:
| > If the FAA does not mandate, at least, this from now on, it
| will just add to the pile of evidence that they are in Boeing's
| pocket.
|
| I don't see how it's in the interests of Boeing to keep the
| mandate at 2 hours. If it gets extended, it's likely that in
| future incidents they will have more evidence of pilot error
| than they do now since that is the primary cause of accidents
| (even for Boeing), plus I am sure they can print some nice
| invoices for the costs of the upgrades to existing fleets.
| hughesjj wrote:
| Well, could be, but another possibility:
|
| - most pilot errors resulting in an incident occur close to
| the incident and thus the # of times it's their fault will
| drop off with longer recording time
|
| - the longer recording time may allow for some complaints
| about the Boeing aircraft or some clunking noises to be
| identified which could indicate an issue with the aircraft
| DrNosferatu wrote:
| The key concept here is: "clunking noises".
|
| (aka "aircraft defects")
|
| PS: I mean it.
| mulmen wrote:
| Not all clunking noises are defects and not all defects
| make clunking noises.
| DrNosferatu wrote:
| Free hint: "metaphor".
| wnevets wrote:
| why do you think the lack voice recordings protect Boeing
| instead of the people being recorded?
| DrNosferatu wrote:
| There are human lives on the line - thorough records are
| clearly warranted.
|
| (not same as open-access: judge must authorize playback)
| wnevets wrote:
| > There are human lives on the line - thorogh records are
| clearly warranted.
|
| I'm not suggesting otherwise.
|
| > it will just add to the pile of evidence that they are in
| Boeing's pocket.
|
| I don't understand the connection between the lack of voice
| recordings and how that is proof of the FAA protecting
| Boeing rather than the lack of voice recordings as proof of
| the FAA protecting the pilots.
| DrNosferatu wrote:
| FAA has the final word - over manufacturers, unions, etc.
| mulmen wrote:
| Aviation has a healthy blameless culture which has created
| willingness on the part of air crews to self-report deviations.
| If you make a mistake and own up to it you suffer no
| consequences. Keeping recordings forever may disincentivize
| crews from communicating freely if their comments could come
| back to haunt them years later. This may still be a good idea
| but it's not as simple as changing the retention period on
| recordings.
| DrNosferatu wrote:
| Only warrant-issued-by-judge-mandated disclosure.
|
| Full privacy preservation.
| mulmen wrote:
| Aviation is safe because the participants all trust each
| other. Blanket recording for undefined future use
| undermines that trust. This has a chilling effect on
| communication. Crews will be reluctant to communicate with
| each other. The risk of a warrant being issued at all
| creates an adversarial relationship between crews and
| investigators. This is a horrible idea and suggesting it
| betrays a cliche misunderstanding of the domain that is the
| stereotype of modern technologists.
| donmcronald wrote:
| Yes, the blameless culture is a critical safety feature and
| it could be ruined very easily if the failed leadership in
| the industry starts looking for scapegoats.
|
| It's sad too because analyzing every cockpit conversation
| with AI to highlight things that may cause common confusion
| could be invaluable. Instead, the short-sighted leadership in
| today's business world will use it for (job) performance
| analysis and to penalize workers for failing to act like
| robots :-(
| mulmen wrote:
| Possibly. But as a technologist I don't trust AI to
| actually deliver such a result in our generation. The
| system will inevitably be created by modern technologists
| without intimate domain knowledge. It will be motivated by
| short-term deadline chasing and MVP culture. The cockpit of
| an airliner is no place for bleeding edge technological
| innovation. I don't need an Airbus with Siri. Pilots
| already spend hours in training every year. Is reviewing
| the output of this AI system really a better use of their
| time? What problem is it even solving?
| kelseyfrog wrote:
| What would it take to make you trust AI?
| mulmen wrote:
| [delayed]
| paxys wrote:
| > If the FAA does not mandate, at least, this from now on, it
| will just add to the pile of evidence that they are in Boeing's
| pocket.
|
| It's the pilots' union that is opposing this. I doubt Boeing
| cares either way. If anything they'd want the extra data.
| FrustratedMonky wrote:
| LOL "there is no evidence of a conspiracy"
| xenadu02 wrote:
| The argument about privacy is a bit of a red-herring IMHO. The
| audio should be recorded for each flight plan (whether one
| segment or multiple) in its entirety. The system can
| automatically delete all recordings finished N or more hours ago
| on next power up (say 6 hours).
|
| In a crash scenario obviously power will be lost at some point
| and not return so the data is safe.
|
| In a malfunction scenario standard procedure would be to pull the
| box before powerup so even if maintenance doesn't get to the
| plane quickly or the pilot's incident report arrives after a few
| hours the recording related to it is still present and
| maintenance can go back and grab it. Or for scenarios where a
| malfunction beings on the early part of a multi-segment flight
| plan the data would still be available.
|
| But for pilot privacy the recordings are not held forever. During
| normal operations the plane will be powered down, eg while parked
| in-between flights, and when powered up older recordings get
| truncated.
|
| All telemetry should be streamed to a cloud service in real time.
| Absolutely no reason not to do that. No one should ever need to
| "search" for a plane or wonder what happened to it.
| vidanay wrote:
| > In a crash scenario obviously power will be lost at some
| point and not return so the data is safe.
|
| Catastrophic crash scenarios are not the only scenarios where
| data preservation is desirable.
| mulmen wrote:
| The privacy concern is legitimate because these aren't servers,
| they're people. If you change the data retention policies their
| communication patterns will change as well.
| thih9 wrote:
| > no data was available on the cockpit voice recorder because it
| was not retrieved within two hours - when recording restarts,
| erasing previous data
|
| In a post iPod era and with a budget greater than the cost of an
| iPod, this is a non-issue. I wonder what the real issue is.
| pc86 wrote:
| It's not a non-issue when every single staple, bolt, device,
| and piece of cloth needs certification and approval from a
| government agency.
| Night_Thastus wrote:
| The "real issue" is that CVR and FDRs are very complicated and
| specially built devices. They record detailed data and must
| protect it against ANY danger. Massive fires, being stuck at
| the bottom of the ocean, a plane slamming into the ground at a
| 90-degree angle, etc.
|
| They must allow data to be recovered in as many cases as
| possible, prioritizing that over raw data storage amount or
| convenience.
| amatecha wrote:
| > no data was available on the cockpit voice recorder because it
| was not retrieved within two hours - when recording restarts,
| erasing previous data.
|
| > The U.S. requires cockpit voice recorders to log two hours of
| data
|
| So.. what happens when a crash happens at 2:01 into a flight, you
| have just one minute of audio? how is that in line with the
| requirement to keep 2 hours of audio?
|
| > The maintenance team went out to get it, but it was right at
| about the two-hour mark
|
| > The plane's flight data recorder and cockpit voice recorder
| were sent to NTSB labs on Sunday to be read but no voice data was
| available
|
| So as soon as that 2-hour mark is hit, the CVR secure-erases
| everything it recorded and starts anew? (data-recovery was not
| possible???) ... I feel like something is missing here...
| andrewguenther wrote:
| It doesn't clear every two hours, it's a rolling two hour
| recording. Since the plane was still operational, it continued
| recording and it was just over 2 hours before maintenance crews
| disabled the recorder.
| amatecha wrote:
| OK, what you're saying is that the 2 hours of audio leading
| up to the crash were overwritten by the recording having
| continued for another 2 hours after the incident? So, it's
| just poor wording in the article?
___________________________________________________________________
(page generated 2024-01-08 23:01 UTC)