Also avionics aren't that underpowered these days. They have full touchscreen displays and multicore CPUs.
Awesome to see stuff like this. Light sport aircraft have parachutes. Cool to see safety being incorporated into the avionics and not just flying it, but getting her down safely.
Instead, the FAA is probably going backwards on this issue and doubling down on the regulatory framework that gave us the MAX-8 situation while narrowing any avenue for smaller firms to innovate [0]
Not sure why the downvotes when all I want is for someone to live. I understand it’s harder for larger aircraft but anything 8 passenger or less, this should be considered.
My wish is that one day aircraft will operate off batteries that are charged via the fuselage solar panels and that the airframe will be light enough to support “rapid deceleration pods” or other parachute like devices to bring the aircraft to the ground. Larger commercial aircraft can recharge at the gates.
Eliminating the combustible fuel in the wings is another huge win.
I have a Garmin "smart" watch (with every app notification etc disabled) and I love the fact that I can do almost two weeks of exercises (ride, walk, gym) without needing to charge it. The bike computers are also solid. But sadly the UX of the software on these leaves a bunch to be desired, and I've been bitten by many software and firmware bugs in the last years... Including months for which HRM would randomly and persistently drop it's value from say whatever the real value (say 145 for argument sake) to 80.
It’s annoying but a proper HR strap fixes all the issues associated with wrist based optical readers.
This was a near the top end model at the time, and after complaining Garmin support owned up that this was a firmware bug impact all sensors of that generation and it would take 2+ months to fix (took like 5).
But they did send me a HRM for free and I've been using that. So I am grateful that and using it since. But for short rides (like 90 min or less) I don't always remember to think to bring the HRM.
Prior to that I had two lower end Garmin watches, and despite having theoretically lower end HR sensors they did not experience such bugs or drop outs (an unexpected blip every once in a while).
But I think the main point still stands, their software/firmware/UX has not moved in relation with the hardware. Next time I'm in the market I will be consider all the options. Feels like Coros and others have come a long way.
Prob the biggest thing keeping me in their ecosystem is multi sport (variations of bike riding types -- I do all), hiking, strength training, erg, winter sports. But even there the list of strength exercises has not been updated in like a decade.
There’s also a mode where you can extend the display from your watch to a bike computer, for instances where you’re doing a multisport activity (or just want to record on a single device).
https://www.dcrainmaker.com/2019/06/garmins-triathlon-extend...
To answer your question though, LVL has been around for close to two decades now. IIRC there was a Cirrus/Garmin partnership that added it to the latter's G1000/GFC 700 and it's since trickled out to other consumer-grade autopilots.
If the captain could figure it out, so could the computer.
I recall another crash, not so long ago, of a commuter plane where the wings iced up a bit and the airplane stalled. The crew kept trying to pull the nose up, all the way to the ground. They could have recovered if they pushed the stick forward - failing basic stall recovery training.
There are many others - I've watched every episode of Aviation Disasters. Crew getting spatially disoriented is a common cause of crashes.
There’s probably a lot that match, but sounds like Colgan Air 3407 in 2009 (the last major commercial airline crash in the US before the mid-air collision earlier this year in DC)
> "If the captain could figure it out, so could the computer."
The aircraft system entered ALT2 mode, where bank-angle protection is lost. Protection for angle-of-attack is also lost when 2 or more input references are lost.
You might describe these circumstances as the computer saying "I don't know what the heck's going on, you humans figure it out please".
Having 3 pitot tubes iced over means they read 0 velocity. It is reasonable for the computer to be designed to recognize that if all three pitot tubes read 0, then the pitot tubes are the problem. With the altimeter unwinding, it should be able to recognize a stall. With the turn and bank indicator, and the AOA indicator, it should be able to return to straight and level.
Recall that the captain figured it out at a glance and knew exactly what to do.
The pitot tubes had differential icing, and didn't all read 0kts – they reported different velocity against each tube, such as 40kts or 60kts (against an expected baseline of ~ 275kts). The computer correctly recognised the data was invalid and rejected it.
It's a common narrative that the captain immediately figured out the issue. The report and transcript of the cockpit recording[2] notes that the captain's interventions showed that he had not identified the stall, nor had the copilots.
~ cockpit recording ~
0:00 autopilot disconnects
0:01 [copilot right] "I have the controls"
0:11 [copilot right] "We haven't got a good display of speeds"
1:26 captain enters cockpit
1:30 [copilot right] "I don’t have control of the airplane at all"
1:38 [captain] "Er what are you doing?"
3:37 [captain] "No no don't climb"
4:00 [captain] "Watch out you’re pitching up there"
4:02 [copilot right] "Well we need to we are at four thousand feet"
4:23 ~ recording stops ~
[1] https://www.faa.gov/sites/faa.gov/files/AirFrance447_BEA.pdf
[2] https://bea.aero/uploads/tx_elyextendttnews/annexe.01.en.pdfThank you. I had not seen the transcript before.
Is it possible that 40/60 kts indicates a stall? Nevertheless, the drop in altitude while the nose was up should also indicate a stall.
I know that designing avionics, and accounting for all possible scenarios is a difficult job, and we learn from the failures. But I don't buy that it was impossible/impractical for the avionics to figure out what was going on based what the other instruments were saying.
1. 40/60 kts on pitot tubes - could that be showing a flat spin?
2. rotating compass - flat spin?
3. altitude drop - stall
4. attitude - level, no bank
5. engines - operating normally
6. GPS - no forward progress
Does that add up to a stall?
The flight system could identify a stall and prominently alert the pilots. That's one of the recommendations from the report: to implement a dedicated stall warning. The stall warning was actually active, but disregarded/unrecognised by the pilots because of the number of other simultaneous alarms and extraneous information, including an intermittent recommendation from the Flight Director system to pitch up at 12°.
In general, Airbus aircraft don't have a dedicated AOA indicator visible to the pilots; instead AOA is visualised to the pilots by proxy via the airpeed indicator.
For AF447 the flight avionics probably had enough information to bring the aircraft back to straight and level flight without pilot input.
On the other hand the 737 Max crashes were attributed to MCAS overriding the pilot input and lowering the nose, in response to incorrect/faulty AOA sensor data.
Both were extreme examples, and the recommendations probably coalesce somewhere in the middle: better information (and alert prioritisation) for pilots and redundancy in sensors and logic.
Air Astana Flight 1388 also comes to mind. I'm not sure how a flight control system would deduct cross-connected aileron controls and adapt accordingly (without introducing other risks or failure modes). Given the glacial pace of change and approval in aviation, we're probably 20–50 years away from that level of autonomy.
What exactly was a computer at the time supposed to figure out with unreliable data, especially after a stall had first developed?
Also in fairness I was a bit too opaque with my point, which is that 1) LVL requires the pilot to actually press it, which they are unlikely to do if like you yourself have mentioned they are clueless about what situation they're actually in, and 2) LVL is not appropriate stall recovery so I don't really see how it is relevant to a case of an aerodynamic stall.
Yep, the real design problem here is the idiocy of allowing dual input.
There is no engineering fix to AF447. You cannot protect a plane from what is essentially a rogue pilot who is not restrained.
It would have happened exactly the same in a Boeing. The problem was a supposedly trained and tested pilot responding to a somewhat normal event (loss of awareness and disorientation) by freaking the fuck out and throwing a plane into the ocean from 30k feet. The copilot knew what was going on with 3 minutes left until impact, and was trying to fix things, and was using the feature to override dual input, and was still being hampered by a pilot who was refusing to do the only safe thing he should have: Sit back and shut the fuck up.
The actual solution is regular testing of pilots in stressful simulations to ensure they react predictably in bad situations. That can never be perfect though.
P.S. my lead engineer at Boeing told me they can fix everything but the "nut behind the wheel".
As I mentioned before, my dad taught instrument flying. What he'd do is go through all the maneuvers where your body gets tricked, and the student (under a blackout hood so they could only see the instruments) must recover. And they'd do it over and over, until the student stopped believing his screaming senses and trusted the instruments.
I don't know all that can be simulated in a simulator. I don't know if modern flight training is sufficient.
BTW, experiments were done with birds to see how they flew "in the soup" (zero visibility). The birds would just fold their wings and drop out of it. It seems that evolution hasn't evolved a method for navigating blind.
Of course. I did say it was a button to press!
> LVL is not appropriate stall recovery
It should be. I don't see how it couldn't be designed to do stall recovery. After all, the avionics do recognize a stall (as it activates the "pull up" stick shaker).
BTW, my dad taught instrument flying in the AF. He said it was simple - look at the instruments. Bring the wings level, then the pitch level. Although simple, your body screams at you that it's wrong.
He carried with him a steel pipe, so he could beat a student unconscious who panicked and would not let go of the controls. This was against regulation, but he wasn't going to let a student pilot kill him.
When JFKjr's crash was on the evening news, he said two words - "spacial disorientation". Months later, that was the official cause.
Most flight instructors just keep a spare pen in their pocket to jab an uncooperative student in thigh with. (Thankfully almost never used.)
- https://www.garmin.com/en-US/blog/aviation/blue-button-helpi...
- https://pilotsupport.avidyne.com/kb/article/50-dfc90-wings-l...
I second that. Hearing in the VASAviation video (linked by someone else in a nearby thread) the robotic voice announcing what it's doing, while it does a completely autonomous landing in an airport it autonomously decided on, with no possibility of fallback to or help from a human pilot, is one of these moments when we feel like we're living in the future promised by the so many sci-fi stories we've read as children.
High integrity computing is full of pain staking processes, exactly because no one trusts C developers to do the right thing.
I work on medical devices that improve and save lives but the work actually kind of sucks. You spend most of your time on documentation and develop with outdated tools. It’s important work but I would much prefer “move fast and break things”. So much more interesting.
Personally, you couldn't pay me enough to do the latter and I'd be more than happy to do the former (but I'm not exactly looking for a job).
I suspect you may have just been unlucky with where you ended up. I'm getting closer to retirement myself but I no longer have to work for 'the man' so in that sense I got really lucky. But I really sympathize with how you feel. So, count the days, and look forward to something nicer. Best!
So it is definitely possible. But it isn't common, that's definitely true.
On the other hand, it sounds like the company you mentioned is worth imitating where possible. They sound awesome. Are you allowed to name them? Is there any writeup on how they balanced velocity and regukatory approval?
Unfortunately not. But the devices they make are absolute life savers and I found it one of the most interesting jobs I did in the last couple of years because I think I learned more from them than they learned from me. I was just focusing on a handful of details, they had to keep the broader picture in mind all the time and educate me to the point that my knowledge became useful to them.
You are probably right that they are uncommon, but the fact that the company was led by a scientist who was very much involved in the process and the mission and offloaded as much of the non-essentials of the CEO job to others made me feel I had gone back in time to be near HP when they were just founded. In the longer term I expect them to dominate the space.
Other times it's just because there are lots of other teams involved in validation, architecture, requirements and document management and for everyone except the developers, changing anything about your process is extra work for no benefit.
At one time I worked on a project with two compiler suites, two build systems, two source control systems and two CI systems all operating in parallel. In each case there was "officially approved safe system" and the "system we can actually get something done with".
We eventually got rid of the duplicate source control, but only because the central IT who hosted it declared it EOL and thus the non-development were forced, kicking and screaming to accept the the system the developers had been using unofficially for years.
I find the risk here that the requirements are the average of all requirements, so the exceptional things don't really get highlighted.
Because you now get this giant amount of text shoved in your face, you switch from thinking to validating. Is what's there correct, vs starting from a blank canvas. The doc already curtails your thoughts.
Kinda like all cars are starting to look the same. No one takes risks anymore.
No-one wants to / feels empowered to / has the knowledge to ask the really difficult questions.
I often wonder if we have created the correct balance here. How many quality of life years have been lost due to the decades lost by being conservative? And how much of the conservative pace is done for the “right” reasons vs personal or corporate CYA?
For safety regulators, the incentives are all on the side of limiting acute downside (e.g. a plane crashing), not maximizing potential aggregate upside (e.g. millions of tons of fuel saved per year and millions of tons of C02 not in the atmosphere).
Society punishes regulators that approve products that kill people, so regulators adapt to this and as a result tend to be very conservative.
Regulators don't capture any of the upside (reputational or otherwise) when a new product enters the market and cures disease, makes cars more efficient, helps planes land on their own in an emergency, etc.
I don't know what "right" should be here, but you've hit on a good point. It's complicated.
(please don't)
I suspect a lot of aviation is the same.
Many private planes use outdated tech, carbeurated piston powered engines driving propellers.
Maintenance heavy, but all of it is well known and stable.
https://vansairforce.net/threads/garmin-emergency-autoland-i...
To always auto land it needs to be as good as a fully trained and competent pilot, a much higher standard.
We have a couple of nuclear-powered self-driving cars on Mars.
Tesla isn’t that. Nor Ford. Nor GM. Nor anyone else. Waymo is closest, but they limit the domain and clearly still have issues. Stick a Waymo in snow on rural roads is it good to go? Doubt it.
We won't get into what happens when I drive on a rural road covered with snow and ice... no, really, let's not go there. Moving right along...
I've never seen any clear info about that.
It would need to understand how to visually look for traffic with a camera, and understand what intentions other pilots are communicating on the radio.
I don't know that they could actually fly the plane - is latency too high for landing? - but they could make all the decisions and communicate with air traffic control, other planes, and the passengers.
Militaries have been flying UAVs for awhile now, which must have the same challenges.
It's mostly GPS driven, plus a radar altimeter for landing.
The system can be triggered by a button in the cockpit, a button in the passenger area, and a system that detects the pilot isn't making any inputs for a long period or the aircraft is unstable and the pilot isn't trying to stabilize it. The pilot can take control back, but if they don't, the airplane will be automatically landed.
I wouldn't expect a whole lot more detail, as that airport is often used by defense contractors like Ball Aerospace, who have a large office nearby.
The chances of colliding with anything else would be tiny. In case of other commercial jets zero, thanks to TCAS at the least.
TCAS = traffic alert and collision avoidance system
> Safe Return is an emergency system designed to be deployed by passengers in case of pilot incapacitation. But Safe Return also is programmed to activate itself when it senses the pilot has become unresponsive or succumbed to hypoxia.
Source: https://www.aopa.org/news-and-media/all-news/2025/june/pilot...
[1] https://avweb.com/aviation-news/garmin-autoland-activation-c...
[2] https://www.cbsnews.com/colorado/news/plane-emergency-landin...
My uncle was a pilot, and I asked him 15 years or so ago about the job. He was going on and on about computers and autopilot, claiming that pilots were only really needed anymore for takeoffs and landings, and they could sleep during the rest. Probably realizing the liability in what he said, he was quick to clarify that he didn't, of course.
In that short time span we now have a system that can land a plane by itself. Nothing less than magic, and huge congratulations and thanks to everyone at Garmin who made this happen.
https://www.lockheedmartin.com/en-us/news/features/history/l...
It's probably a possibility in some bizarre & unlikely set of circumstances with perfect timing, but even then it's still a better outcome than flying into the ground uncontrolled. See the Gimli Glider where a 767 flown by humans was forced to make an emergency landing at a runway that was actively being used as a dragstrip during the landing—everyone survived.
"Garmin Autoland Activation Was Crew Decision" - https://avweb.com/aviation-news/garmin-autoland-activation-c...
aftbit•1mo ago
I think the radio call could be improved a bit though. It spends sooo much time on the letters and so little on the "emergency" part. It almost runs that sentence together "Emergencyautolandinfourminutesonrunway. three. zero. at. kilo. bravo. juliet. charlie."
>Aircraft November 4.7. Niner. Bravo. Romeo. Pilot incapacitation. Six miles southeast of Kilo. Bravo. Juliet. Charlie. Emergency auto land in four minutes on runway three zero right at Kilo. Bravo. Juliet. Charlie.
It would be nice to hear something more like:
Aircraft November-Four-Seven-Niner-Bravo-Romeo. Mayday mayday mayday, pilot incapacitation. Six miles southeast of the field. Emergency autoland in four minutes on runway three zero right at Bravo-Juliet-Charlie.
Still amazing, and successful clear communication ... but it could use some more work :)
rogerrogerr•1mo ago
johng•1mo ago
t0mas88•1mo ago
It uses the navigation database (onboard) and weather data via datalink (ADS-B in the US, satellite in other places) to select an airport/runway. It looks for a long enough runway with a full LPV (GPS) approach available and favorable wind.
dataflow•1mo ago
crooked-v•1mo ago
ultrarunner•1mo ago
Aloha•1mo ago
HNisCIS•1mo ago
Aloha•1mo ago
HNisCIS•1mo ago
addaon•1mo ago
Aloha•1mo ago
dpifke•1mo ago
Aloha•1mo ago
Centigonal•1mo ago
So, "Columbia traffic, Cessna november one two three alfa bravo [N123AB], three mile final, full stop, runway one eight, Columbia traffic"
At a towered airport, you'd say "Columbia tower" instead, and you don't have to repeat it at the end of your message.
ultrarunner•1mo ago
Frankly, it should know (like I have to) if it's going to auto land at a towered field or uncontrolled, and adjust as necessary to those circumstances.
addaon•1mo ago