Enter experimenters who can change things for the better at little cost and some unknown risk. I think there is a level where the experimenter's box with the latest fix may be a better odds choice than a 20-year certified unit that cannot be upgraded because of the costs involved. We see this every day as people ask why can't I put [uncertified box] into my [certificated panel].
Let's examine a few devices I'm familiar with (just for fun):
1) the old apollo/ups 20 MFD unit was a great unit but never changed with faster processors, better screens or more capabilities until Garmin bought it. UPS even said that the cost to change the [i386?] was prohibitive. Dynon and the others can make those changes much more easily, quickly and can use the latest technology. So, they may not be tested for lightning but I'll never see artificial terrain mapping on my Honeywell EFIS-40 box in my lifetime so which is "safer"?
2) P&WC had bad blades on a whack of our PT6-64 engines and even admitted that failures would occur before TBO (unreal, right?) but refused to fix them. That should not be part of a ongoing certified engine, right? Until owners hired lawyers and one TBM deadsticked from the failure and it became public knowledge, the company chose to live with the cost of litigation versus implementation. That was a certified engine that was predicted to fail before TBO in a 200-plane fleet. Airlines required all their Beech 1800s to be fixed but GA was unable (without a fight) to overcome Pratt's decision to live with a known defect. Is that engine any "safer" than an uncertified design or do the manufacturers have the ability to stretch what "certification" means?
3) My Avidynes are certified and tested with stickers all over. Yet, they have failed in flight, on the ground, not in motion and about a dozen times, yielding a non-flying screen many times. That simply tells me the process for testing cannot take into account manufacturer's ability to "work the system". There can be no other reason unless I am the 1:1000000 failure--multiple times.
4) A TBM crashed in Mobile when a freight pilot found his throttle linkage stuck at full power. It was a manageable flight yet he died and now we train for that occurrence in the sim but never trained for that occurrence before the accident. That's because we don't train in preparation for an A&P to make an error on assembling a throttle assembly. We probably have not found all the possible mistakes that can be made in all the aircraft so certification and testing does not mean you're safer from these types of errors.
5) Two recent TBMs crashed and the scuttlebutt is that the software on the G1000 allegedly incorrectly shows the bad fuel information leading pilots to swap to the low tank and bypass the automatic safety features. One deadsticked on I-95 in Lauderdale and the other crashed in Wisconsin. We can't train for that nor can we anticipate in a short flight how to deal with this type of hidden failure. Certification probably means fewer mistakes but also leads us to take steps that can lead to a crash--if thats what the screens tell you to do.
6) We have certified and tested Honeywell KFC-325 autopilots that are top of the line units that will climb you into a stall and kill you. That is built into the software and may be a factor in the TBM that climbed through ice then fell onto the highway from 17000 feet recently. Nobody will change that software in the certified box--ever even though the chip and revision probably exist and could be done quite cheaply. But, Trutrak will not kill you because they have the ability to outsmart Honeywell and prevent a commanded climb from going into a stall. Thanks TruTrak for seeing a problem and simply fixing it. But, certified systems will probably never get fixed or modified to handle these unsafe situations as they become known because the installed base is huge, the liability admission is huge and the cost of anything Honeywell is...well...high.
7) Jeff's Eclipse example is interesting because I believe the fleet was at times VFR only, grounded, under close scrutiny and had restrictions on autopilot use and other limitations in operation. How do any of those factors relate to the zero accident rate? Perhaps if all Lancairs were VFR only, could not climb above [xxxx] feet, had to remain on airways and had intense inspection for a few years then the fleet accident rate might be improved?
So, my two points on safety are:
A) testing and certification means very little to me except to launch a product. If testing and certification came with a requirement to require mandatory upgrades to keep the technology and software updated then I might see the long term value. But as long as companies have the ability to prevent fixes post-certification then the process is incomplete. If there was a requirement to fix things that got reported it could work. Cars have a higher Federal response to reported problems than aircraft IMO.
B) There is a difference in testing for safety between things we can touch such as fatigue testing airframes and software that we can't examine. We are lucky to have folks on here who live and work in those realms so they can provide input as to what is safe. But, more of our devices are becoming fully controlled by software versus discreet components. Whereas we might be able to review a circuit for an autopilot pitch board on an old Cessna, now we are very unlikely to understand the logic or even review the logic in a G1000 device. It may be good for the manufacturer to hide a process but filling an airplane with expensive proprietary boxes that can never be decoded or field repaired will eventually backfire IMO.
Paul M
Spruce Creek
[patiently waiting for safe PMA'd starter adapter parts]
On 2012-01-18, at 10:34 AM, Colyn Case wrote:
Is the bulk of the safety difference explained by better training? e.g. sim training?
one is being installed in an Evo
-----Original Message-----
From: William Miller <
cwfmd@yahoo.com>
To: lml <
lml@lancaironline.net>
Sent: Tue, Jan 17, 2012 10:57 am
Subject: [LML] aopa turbine numbers: $ vs safety
|
Catching up on some reading, I noticed the survey of turbine aircraft in the AOPA Pilot June, 2011. I certainly is a lot of fun to compare my fuel flow, cost per hour, maintenance, range, fixed costs, and payload to their numbers. Some manufacturers don't even publish their fuel flow with the cruise data. I wonder what that could mean?
Now, if we can just organize ourselves to match their safety record.... my airplane is missing a few of the certified(or USNmilspec) requirements, including egress and escape redundancy, fire detection/suppression/prevention, and "more successful" complete engine failure procedures.(multi-,BRS,eject, bail)
I know of one installation of the BRS chute in an ES. Has anyone else installed one?
Bill Miller
IV-P's 450 +45
|