Mayday Mark 2

Transcript

1. Mayday Mark 2! More Software Lessons from Aviation Disasters Adele

   Carpenter @iam_carpenter
2. None

3. Source: PlaneCrashinfo.com

4. Source: PlaneCrashinfo.com

5. Source: PlaneCrashinfo.com

6. Source: PlaneCrashinfo.com

7. TOTAL

8. TOTAL

9. None

10. TOTAL

11. TOTAL

12. Improvements in Aviation Safety • 1980s • Crew Resource Management

    after UA173 in 1978 • Trained to use all available resources to improve safety • 1900s and 2000s • CRM rolled out to emerging markets • Fly-by-wire • Better data, warning systems, and training

13. Fly-by-wire • First deployed on the F-16 in 1974 •

    No mechanical connection between controls and flight surfaces Photo by Chandler Cruttenden on Unsplash • Computer acts as middleman for pilot’s instructions • Computer-interpreted instructions delivered “by wire”

14. Courtesy of wikipedia commons Fly-by-wire • Entered commercial aviation with

    the Airbus A320 in 1988

15. Approaches to Automation • Airbus • Use safe flight envelope

    to fullest extent • Normal, Alternate and Direct Law • Pilot can’t choose the law • Computer-centric approach • Boeing • Pilot-centric approach • Mix of fly-by-wire (777,787) and mechanical controls (737)

16. Case Study • AirFrance 447 • Crashed June 1st, 2009

17. Photo by Andrés Dallimonti on Unsplash

18. Photo by Andrés Dallimonti on Unsplash

19. Photo by Andrés Dallimonti on Unsplash I have the controls!

20. Photo by Andrés Dallimonti on Unsplash We haven’t got a

    good indication on speed Alternate Law, protections low

21. Photo by Andrés Dallimonti on Unsplash OK, OK, I’m going

    back down Watch your speed, watch your speed! According to all three you’re going up, so go back down

22. Photo by Andrés Dallimonti on Unsplash I’m in TOGA, right?

    Damn it! Where is he?!

23. Photo by Andrés Dallimonti on Unsplash I don’t have control

    of the aeroplane anymore now! Controls to the left!

24. Photo by Andrés Dallimonti on Unsplash We’re losing control of

    the aeroplane What’s happening, I don’t know what’s happening

25. Photo by Andrés Dallimonti on Unsplash …but I have been

    nose up for a while Climb climb climb climb

26. Photo by Andrés Dallimonti on Unsplash Go ahead, you have

    the controls, we are still in TOGA, yeah Give the controls to me, give the controls to me!

27. Photo by Andrés Dallimonti on Unsplash We are going to

    crash, this can’t be true!

28. Photo by Força Aérea Brasileira on Flickr.com

29. https://www.standard.co.uk/news/world/air-france-airbus-cleared-manslaughter-flight-af447-rio-paris-atlantic-crash-b1074618.html

30. Redundancy more is always better?

31. Longest 8 minutes

32. None
33. None
34. None

35. Redundancies in play • Redundancy of data • Static redundancy

    • Two systems can outvote the other • External redundancy • External system integrates data from multiple sources

36. AirFrance 447 Series of unfortunate events • Loss of reliable

    airspeed • Autopilot disconnects, Captain absent • Abundance of alerts about consequence rather than origin of the problem • Failed to diagnose the situation and apply appropriate checklist

37. AirFrance 447 Series of unfortunate events • Startle effect, pilot

    irrationally pushed nose up • No anti-stall protection • Pilots cannot see each other’s controls/inputs • Conflicting inputs cancelled each other out

38. How do we design more human- centric systems in a

    digital world?

39. Features of Humanity • We have a limited working memory

    • 5-9 chunks of novel information • 2-4 can be worked on at once • Long term memory items are on top of this Bugs

40. Copa Airlines Flight 201 12df - Copa Airlines Boeing 737-200;

    HP-1297CMP by Aero Icarus, used under CC BY 2.0 license https://www.flickr.com/photos/aero_icarus/5157052345

41. Copa Airlines Flight 201 Photo via wikimedia commons

42. Gyroscope icons created by Freepik

43. Gyroscope icons created by Freepik

44. ADI: Attitude Director Indicator Photos courtesy of BITS Consultancy Both

    on (bad) data from Captain’s gyro Give captain auxiliary (good) data

45. Features of Humanity • We have a limited working memory

    • We have a blind spot for our assumptions Bugs

46. Photo via wikimedia commons

47. Features of Humanity • We have a limited working memory

    • We have a blind spot for our assumptions • We do irrational things Bugs

48. Photo via Air Accidents Investigation Branch

49. Photo via Her Majesty's Stationery Office

50. Features of Humanity • We have a limited working memory

    • We have a blind spot for our assumptions • We do irrational things • We get used to things Bugs

51. Photo by Mark Ijsseldijk

52. Photo via wikimedia commons De Havilland Comet 1

53. • Users is a wider definition than you think Take-aways

    • The human element increases as a technology matures Weigh extra safety against the cognitive load put on users Shift from making technology better to understanding users better Start thinking of yourself as a user of the systems you build • We have significant shortcomings Simply because we are human. Work with it, not against it! But it’s the way we approach these problems that matters • Rapid adoption = problems • More redundancy is not always better

54. Thank you! Adele Carpenter @iam_carpenter