Strangely enough, a busy pilot is a calm pilot. Between the training, the
culture, and the crew concept, we just don’t panic in the cockpit. We panic
later that night in the bar. I’ve had things go sideways at work a few times
and we just work through it efficiently. CVR transcripts reveal the same thing:
most guys will fight that problem all the way into the ground, and only panic
in the seconds before impact when they realize they can’t do anything.
This does give rise to the old saw that the second engine on a piston airplane
is there to give you something to do while you’re waiting to die.
Regarding fault recovery procedures:
I used to tell new first officers that a normal procedure is like trying to
find a building a few thousand miles away: we’re looking for a very specific
solution, with very many constraints, far out in the future.
An emergency procedure, on the other hand, is like trying to run out of the
burning building you are in: there are a variety of solutions, very few
constraints, right now.
A good solution does not depend on making decisions that could depend on a
system that has failed.
A great solution does not have many decisions at all. A well-written boldface
procedure/memory item does not have the word “if” in it very often.
From a more engineering perspective:
A fault recovery system implies a failure in a primary system. There is the
strong possibility the same failure could affect the fault recovery system.
Even more humbling: there is the possibility that the primary system failed due
to an oversight in your engineering philosophy - any recovery system you design
will have the exact same failure.
On Feb 8, 2018, at 5:11 PM, Randall Clague
<rclague@xxxxxxxxx<mailto:rclague@xxxxxxxxx>> wrote:
Not to mention, if you're aboard (as I expected to be), and your life is on the
line, panic will not be far away. It's almost impossible to think during a
panic episode. Recall, on the other hand, is not only possible, it keeps the
panic away because you know what to do.
Personal experience: "I'm going to drown. That jerk. I told him I can't swim! I
can't believe this. On vacation, yet! I'm going to drown in front of my family.
How nice for them. Two weddings and a funeral. That jerk! ...Wait a minute. I'm
trained for this." I followed my training, accepted the lifeguard's offer of a
tow back to the boat, coughed up half the lake, and didn't drown.
-R
On Thu, Feb 8, 2018 at 3:29 PM Henry Spencer
<hspencer@xxxxxxxxxxxxx<mailto:hspencer@xxxxxxxxxxxxx>> wrote:
On Thu, 8 Feb 2018, rebel without a job wrote:
The ideal fault recovery system is one that can bring you immediately to
a survivable, but mission sub-optimal, state with as little reference to
the systems that failed as possible. As dumb as possible is good here,
as the goals of a fault recovery system are radically simpler than those
of a primary system.