Software Glitch Caused Crash of Airbus A400M Military Transport Aircraft

An anonymous reader writes: A software glitch caused the crash of an Airbus A400M military transport aircraft, claims German newspaper Der Spiegel (Google translation). The accident, which happened in Seville on the vehicle's first production test flight on 9 May, killed four crew members. Airbus is investigating the system controlling the aircraft's engines. The early suspicions are that it was an installation problem, rather than a design problem.

Dick, I'm very disappointed.

[Anonymous Coward]

"I'm sure it's only a glitch. A temporary setback."
"You call this a glitch?! We're scheduled to begin construction in 6 months. Your temporary setback could cost us 50 million dollars in interest payments alone!"

TODO comment

[Chris Katko]

ONE_IN_FAILURE_RATE = 50000000; //Ted: reduce by 10 every time management claims they need to increase reliabilty

if(left_engine_running && (rand()%FAILURE_RATE == 0))

//TODO: Ted, MAKE SURE YOU REMOVE THIS BEFORE SOMEONE ACTUALLY FLIES.

Re:

[devilspgd]

They shouldn't have laid off Ted.

Installation Issue - Try telling Comcast that!

[__aaclcg7560]

When my roommate had Comcast for cable and Internet, we always knew we would have trouble whenever a Comcast truck drove through the neighborhood. One day a technician installed something into the box out front. That killed our Internet service. Took a month to convince Comcast that the problem was outside in the box and not inside between the chair and keyboard. When they finally sent a technician out, he discovered that the last technician installed the bypass filter backwards.

Re:

[Gravis Zero]

Took a month to convince Comcast that the problem was outside in the box and not inside between the chair and keyboard. When they finally sent a technician out, he discovered that the last technician installed the bypass filter backwards.

it wasn't backwards, it was Comcastic!

Re:

[cheesybagel]

Let me guess you paid a toll both for the problem report call and probably another fee for the "technician" visiting.

Re:

[ganjadude]

why didnt you just open the box and fix the filter?

Re:

[__aaclcg7560]

Up on the pole with the high voltage lines? I don't think so. Besides, we didn't know what the problem was until the second technician told us.

Re:

[ganjadude]

ahh, got you. by me they are all ground level

Re:

[dave420]

I'm trying to mean this in a nice way - you really should stop assuming people are like you, and that their experiences and situations are like yours. It's leading you to make incredibly incorrect assumptions in every single thread I see your comments in. Seriously. Every single one. I wish the best for everyone, even you (as we seem to have different opinions on many things), so I thought I'd point that out.

Re:

[ganjadude]

you got a point. I think sometimes we all forget not everyone lives a similar life to us.

Re:

[rpstrong]

Not to worry - the high voltage lines are at the top of the pole; phone and cable lines are attached lower down.

That is, they are where ever I've lived.

Re:

[__aaclcg7560]

That might be the case in my Silicon Valley neighborhood. The vast majority of overhead cables are now underground. Utility poles along some major thoroughfares take longer to get rid of.

Re:

[rpstrong]

The vast majority of overhead cables are now underground.

The mind boggles.

Re:

[jmv]

Similar here. One day the connection went out and I called tech support. I told them it was probably related to the technician I had just seen in the neighborhood. They couldn't even track that there was a technician around, so they couldn't help at all. Eventually (with tech support on the phone), I just opened the door and yelled "are you the one that took down my connection?" to the technician outside and he shouted back "yes". Cause identified.

Re:

[__aaclcg7560]

A Comcast technician once knocked on my door, who noticed that I haven't signed up for their wonderful service when I got an apartment without a roommate, and offered to turn on the basic service for $250 in cash. Uh, right.

Re:

[Catbeller]

Too many points of failure. Too complex a system.

Devops

[WinstonWolfIT]

Devops is all the rage these days but I think I'd rethink that if it means going up on a live jet test.

No problem

[nytes]

Just reformat and reinstall.

Where was Chris Roberts?

[Anonymous Coward]

He hacks planes right?

Re:

[JeffOwl]

Isn't an "installation problem" by definition a design problem?

Aren't we passed the days of process not being part of design?

Depends. Did whoever follow the process? The design/process should make it easy, but the world is always inventing better idiots.

Re:

[rahvin112]

We aren't inventing better idiots. Designers continually fail by underestimating the ingenuity of idiots.

Don't think anyone would be stupid enough to plug it in backwards and pound it in with a hammer? You've just underestimated the idiot.

Designers and engineers are generally too logical to see all the failure paths that someone could take because they don't make the assumption that it will be installed upside down or with a hammer. It's the simple illogical design processes that prevent these extreme event

Re:

[sexconker]

Seriously.
If your shit can be installed wrong and lives depend on it being installed correctly, it's designed wrong.

Re:

[Anonymous Coward]

Your assumptions are somewhat naive - +1 for the slashdot-populist-anger though.

Aircraft are not plug-and-play systems, like your home computer or tablet. They consist of miles of wiring and cabling, as well as hundreds of sensors, on board electronic computers and mechanical fail-safes from many different suppliers all over the world. For these reasons (as well as technological and environmental issues) not every single computer from every single company talks on the same hardware interface, or uses the sa

Re:

[sexconker]

It does mean it's designed wrong.
If each critical component isn't checking and reporting its own status, and if there isn't a way for the operator to see the status of all components, and if the plane lets you fucking fly it with bad or unknown component status, then you've fucking fucked up your fucking design.

Nothing's foolproof, but that doesn't excuse basic sanity checks for critical components. This fuck up worse than NASA/Lockheed losing the Mars orbiter in 1999 due to metric/imperial units.

Re:

[delt0r]

Your an idiot. You can put fuel in any aircraft that may have small amounts of water and it would potentially cause a fatal crash. In fact it has done so. You can install breaks wrong, but just forgetting to install them at all, you can get tire pressure wrong, ..etc. You cannot make a thing that is impossible to somehow use, install incorrectly or otherwise break.

Re:

[Coren22]

Your an idiot.

"Your" should be "you're"

You can install breaks wrong, but just forgetting to install them at all,

brakes
but should be maybe by?

Don't call someone else an idiot, then make basic errors in grammar, it is very rude, and makes you look like more of an idiot.

Re:

[delt0r]

And your a gramma Nazi.

Re:

[Coren22]

I'm not the one calling people idiots while not being able to spell basic words.

Re:

[sexconker]

Your an idiot. You can put fuel in any aircraft that may have small amounts of water and it would potentially cause a fatal crash. In fact it has done so. You can install breaks wrong, but just forgetting to install them at all, you can get tire pressure wrong, ..etc. You cannot make a thing that is impossible to somehow use, install incorrectly or otherwise break.

You're an idiot. Just because you can fuck something up doesn't mean that things should be designed to allow it, allow it silently, and allow it while allowing the thing to run as if it were done correctly.

Life-critical systems should be as resistant to user error as possible.
Life-critical systems should prevent improper installation, warn/alert/make lots of noise when installed improperly, and avoid catastrophic failure at all costs.

In this case, they shouldn't have been able to install shit incorrectly,

Re:

[drinkypoo]

This is someone's cue, apparently mine, to mention Murphy's Law, since this is to what it originally applied. The term was coined after Murphy incorrectly connected a wiring harness. Since the same connectors were used and in the same genders in two places on the harness, it was possible to connect it wrong, and therefore he did. The rest is history.

If it can be installed wrong, then the installer sucks (software) or the hardware design sucks (hardware).

Re:

[PPH]

You would think so. But the areospace industry is a major practitioner of keeping design and manufacturing processes seperate. And that has been getting worse in the last few decades.

a new software release, not a sw install problem

[slew]

Some thing appear to have been lost in translation.

According to most other English language sources, apparently this A400 had a new software release that enabled it to control the fuel tank trim during some new types of maneuvers. It appears that some bug in this software triggered a situation where fuel was actually cut-off from the engines or perhaps the engines shut-off leading to a temporary engine stall (which proved to be unrecoverable). It's not clear exactly what happened yet, but I think they are close to ruling out a defect in the installed ECU (electronic control unit) itself, but not the software running on it.

Re:

[Catbeller]

Dead is dead.

Can someone tell me,

[jenningsthecat]

how a "problem with installation, or other defect" can manage to "spread to other aircraft"? Seems like pretty odd wording for a problem that seems not to have been caused by a virus or worm...

Re:

[Antique Geekmeister]

Until they know what the problem was, they're all at risk. If it's a maintenance mistake or bad series of parts, it could wind up applied to other aircraft and the failure only waiting to happen there, as well.

Alert Operator Transmission (AOT) to all operators

[nickweller]

"Airbus Defence and Space has today (Tuesday 19 May) sent an Alert Operator Transmission (AOT) to all operators of the A400M informing them about specific checks to be performed on the fleet.

To avoid potential risks in any future flights, Airbus Defence and Space has informed the operators about necessary actions to take. In addition, these results have immediately been shared with the official investigation team."

What exactly was the contents of the (AOT). What specific checks were required. Is this

Installation problem?

[dacut]

Since it was the first flight, the EULA popped up, and the crew made the mistake of hitting "decline" instead of "accept"?

Re:

[cant_get_a_good_nick]

Or it was an iTunes EULA and it took them an hour to click through 132 Next Page buttons...

Run As...

[Lyttek]

When installing the software, they just ran the install as a regular user, rather than "Run As Administrator".

Just a training problem.

[uncqual]

This will be easily resolved -- they just need to train folks in the assembly process to uncheck the box next to "Install SafeSecuritySuite" during the install.

What they are saying over at YCombinator

[Required Snark]

The discussion at YCominator [ycombinator.com] has some very interesting comments.

According to an article in Spiegel Online three of the engines shut down during takeoff [github.com].

The fatal crash of a brand new A400M military transporter was found to be caused by technical issues. According to information from SPIEGEL ONLINE, three of the aircraft's engines were shut down due to software problems, directly after takeoff.

The cause of the crash of a brand new type A400M military transport aircraft appears to have been identified. According to information from SPIEGEL ONLINE, the engineers from Airbus Military discovered a software problem in engine control unit, that supposedly caused the simultaneous shutdown of three engines.

The investigation produced a clear result: Shortly after the test aircraft took off, the three engines had received conflicting commands and subsequently cut all power.

The pilots, who were testing the A400M, could not have done anything, according to Airbus sources. They still attempted to steer the 45m long plane back to the airport in Seville, but could not control it any more. The aircraft struck a power pole, slammed into a field and burnt completely.

There were also claims that much of the software was written by underpaid inexperienced developers and there was high turn over due to a high pressure environment.

It was Chris Roberts!

[Dr. Zim]

...or something like that.

Too much automation in the wrong places

[Catbeller]

Hyper-complex software, sensor arrays, and mechanical systems will fail. They will always fail; humans cannot anticipate all errors, all possible combinations of factors that can cause death and destruction. Humans can't build autonomous complex systems (no, really, they can't. We've barely started making such things) that can't fail. In this case, can't say that a human pilot or a mechanical backup would have made a dfference, but as the world goes forward, gleefully firing truck drivers and converting ca

sounds like

[servant]

... Sounds like it is the design equivalence of the 'pilot error' excuse. Not that pilots or mechanics don't make mistakes. I think they are less than we seen blame placed on the laps (in the case of pilots, normally deceased pilots)

Re:

[ganjadude]

FTFS

The accident, which happened in Seville on the vehicle's first production test flight on 9 May,

They WERE testing the plane. cant know about the bugs until the real world tests

Re:

[Alien1024]

The wording is somewhat ambiguous. It was the first flight *of that specific aircraft*, not the first flight of an aircraft of that kind.

Re:Irresponsible.

[iMadeGhostzilla]

Scott Adams' Falacy #24: IGNORING ALL ANECDOTAL EVIDENCE
Example: I always get hives immediately after eating strawberries. But without a scientifically controlled experiment, it’s not reliable data. So I continue to eat strawberries every day, since I can’t tell if they cause hives.

Re:

[Lew-the-nerd]

Scott Adams' Falacy #24: IGNORING ALL ANECDOTAL EVIDENCE
Example: I always get hives immediately after eating strawberries. But without a scientifically controlled experiment, it’s not reliable data. So I continue to eat strawberries every day, since I can’t tell if they cause hives.

Wrong, the only population you are concerned with is you, and every test of that population shows 100% response to the stimulus.

Stop eating strawberries.

Re:

[iMadeGhostzilla]

Example is Scott Adams' example of the faulty reasoning, I should have added quotes.

Re:

[Catbeller]

An anecdote can be defined as "evidence we don't want to hear about."

Re:Irresponsible.

[Xolotl]

The Bell Boeing V-22 Osprey crashed 4 times during testing killing 30 crew members. The previous Airbus crash in testing was in 1994, if you want to go that far back there was a fatal Antonov An-70 crash in 2001, also due to engine problems. New aircraft sometimes crash as the bugs are worked out, the 787 was just lucky that none of the incidents were fatal.

All modern planes except light GA aircraft have engines have fully computer-controlled engines, it's called FADEC [wikipedia.org] and it's what makes them efficient, reliable and much safer (in general). Sometimes these have bugs, particularly on new engine designs.

Re:

[sribe]

The Bell Boeing V-22 Osprey crashed 4 times during testing killing 30 crew members.

You got me; I'd totally forgotten about the V-22 Albatross ;-)

All modern planes except light GA aircraft have engines have fully computer-controlled engines, it's called FADEC...

Of course they are. I wasn't taking a cheap shot a software-controlled planes in general, I was taking a cheap shot at French software engineering--sorry I wasn't more clear about that...

Re:

[jfdavis668]

Those V-22s are doing well helping out in Nepal after the earthquake. The seem to have the bugs worked out.

Re:

[ScentCone]

Those V-22s are doing well helping out in Nepal after the earthquake. The seem to have the bugs worked out.

They also used them in the recent Delta Force raid in Syria that. They seem to have performed very well.

Re:

[fnj]

Parent and grandparent - tell that to the Marines. An Osprey had a "hard landing" (hah!) in Hawaii May 18. One Marine was killed and 21 hospitalized. There was a pall of black smoke rising from the "hard landing".

Re:

[ScentCone]

Parent and grandparent - tell that to the Marines. An Osprey had a "hard landing" (hah!) in Hawaii May 18. One Marine was killed and 21 hospitalized. There was a pall of black smoke rising from the "hard landing".

Should also tell that to the service members who are killed or injured in (by comparison) quite frequent helicopter mis-haps? We're talking about crashes and hard landings in aircraft that have long, long histories of service. Shit happens when you're trying to land a big heavy machine with spinning rotors - happens with fixed-wing aircraft, too.

Re:

[jfdavis668]

The V-22s in Nepal are working well. It was the old reliable UH-1 that crashed.

Re:Irresponsible.

[Anonymous Coward]

Ironically, no FADEC software is French. However, I presume you masturbate to Boeing planes without until now knowing that they're designed exclusively on French software (CATIA by Dassault Systems).

Re:

[Plammox]

Yes, that was a cheap shot. I deal with French engineers on a daily basis and I am not under the impression that they should perform worse than their American equivalents.

In fact, our subcon has a French FAE working very hard to fix all the regressions and firmware bugs produced by H1B workers in Silicon Valley.

Re:

[rezme]

"I am not under the impression that they should perform worse than their American equivalents"

"a French FAE working very hard to fix all the regressions and firmware bugs produced by H1B workers in Silicon Valley"

"American equivalents" you say?

Re:

[Anonymous Coward]

They are both turbo-props.

Re:

[DamnOregonian]

They are both heavier-than-air flying machines. Well done, Captain.

Re:

[Xolotl]

As the other AC pointed out, the V-22 and the A400M engines work on the same principle - a turbine engine (basically a jet) drives a shaft which turns a rotor (V-22) or a propeller (A400M). In other words it's as much of a jet as the A400M.

The V-22 also not the first of it's kind, although it is the first to have been built in large numbers. It's direct ancestors were the Bell XV-3 and XV-15 (two of each built), and it has a civilian cousin, the Bell/Agusta/AgustaWestland BA609. There have been a number of

Re:

[Catbeller]

Other malfunctions have happened in other plane systems, one resulting in the plane shaking the passengers around like dice. All three computers received the same input and made the same mistake. The question is: can we understand that we've overcomplexified systems to the point that they are too unstable to use? We made the same mistake with cars and roadways in the past century once; we kept doubling down on the system's complexity as the carnage mounted, and to this day, we think the answer is better car

Re:

[rezme]

We've regularly ignored the KISS principle [slashdot.org] for decades now...

Re:

[viperidaenz]

Last year the VSS Enterprise crashed during a test flight, killing the co-pilot Michael Alsbury.

Re:

[dunkelfalke]

Boeing planes crash [gannett-cdn.com] before they have been built *scnr*

Re:

[Catbeller]

Airbus created the first commercial craft that were completely computer controlled. QED: they go boom often, and we hear about them often. It's not the brand, it's the belief that computers are the best and only solution in every system case, voting machines to cars to pacemakers to trucks to planes. Those systems will fail spectacularly because the paradigm is to treat them like PCs, updated frequently to fix endless streams of errors, when they should have been working correctly in the first and only plac

Re: Irresponsible.

[Anonymous Coward]

I used to work for a company that developed equipment and software that was sold to Airbus. I am hoping this was not one of ours. We were always cognizant of the consequences of any software failure in the air. The testing was extensive. We need to see what the final report says. If it was installation problem, that is more like a mechanic using the wrong bolt, than a bolt being faulty.

Re:

[lesincompetent]

It was a pre-delivery flight. That's BAD. Big bugs such as this one that causes the motherfucking engines to motherfucking quit should have been spotted earlier.
Don't mind me... i'm just a cranky old guy against the cramming of more motherfucking computers on these motherfucking planes.
I'd love to have someone point me out an event in which these systems actually saved the day, cause i can't think of one.

Re:

[Anonymous Coward]

It was a pre-delivery flight. That's BAD. Big bugs such as this one that causes the motherfucking engines to motherfucking quit should have been spotted earlier.
Don't mind me... i'm just a cranky old guy against the cramming of more motherfucking computers on these motherfucking planes.

In a previous life, where you black? And where you forced to fly on a plane with snakes on it? Just curious.... ;)

Re:

[dave420]

I understand you're angry, but does it make sense to expend energy on being angry or on learning? If you learned more on this subject you would not only not be angry, but have improved your knowledge. These systems save the day every single day, as without them our modern planes simply couldn't fly, and they stop pilots from making human mistakes frequently. Newspapers and websites won't get any readers if they have a news story for every single flight which didn't end unexpectedly in a mountain, in the

Irresponsible of who??

[Press2ToContinue]

Exactly who is responsible for this kind of software bug?

The coder who wrote the code?
The functional spec writer?
The QA tester who didn't catch it?
The test scenario scripter?
The manager who oversaw the development process?
The QA manager?
The stakeholder who OK'd the move to production?
The project manager who co-ordinated the project?
The CTO of the company who funded the effort?

Or should they all be criminally liable, thus diluting the responsibility of any one person so that no one person is actually liable?

Re:

[louic]

Who cares? People died and everything should be done to prevent a similar accident in the future. If that indeed involves a single person making a mistake, he will probably have learned from it and never make such a mistake again. Blaming someone will not make the problem go away.

Re:

[aaaaaaargh!]

Who cares? People died and everything should be done to prevent a similar accident in the future.

Oh, man, I'm glad you're here to tell us how policy making and risk assessment works. Let's just ground all flights of all planes forever. The least we can do is everything.

Re:

[louic]

Indeed if you take my reaction and that sentence out of its context it sounds stupid. But you can also try to understand the point I am making here. The first post talks about this being an "irresponsible" push of software, and an interesting reply follows about *who* is responsible, and *criminal* liability. So my (logical, I think) reaction is simply to say "who even cares about criminal liability at this stage, let's find the problem and solve it". It is also very well possible that nobody made mistakes

Re:

[tomhath]

There's nothing but wild speculation what happened in that crash, but most of it focuses on the severe weather the plane was passing through. And this is the second time in two days you posted the same comment anonymously; what's your point?

Re:

[Anonymous Coward]

You can't go wrong with Boeing, a far superior product.

Oh yeah the Osprey sure was 100% trouble free.
When it comes to the lowest common denominator, Boeing and Airbus shit all over their customers. Hey it's the price of globalisation no ?