[Info-vax] OT: Aircraft pitot tubes and clustering.

[JF Mezei]

glen herrmannsfeldt wrote:

> But say two filled with ice at about the same rate, while the
> other didn't.  (I think I remembered ice being part of the problem.)
> It is a problem of statisical independence.  If there are things
> that statistically could happen to both at the same time, then the
> test doesn't work.

Which is why there should be sources of speed which are independent from
air pressure. The problem is that other sources of speed (GPS which
gives ground speed, and inertial systems which calculate speed based on
acceleration) do not give "air speed".

Air speed is critical to determine if you are flying of falling out of
the sky.

If you go at 1000km/h ground speed and you have a 1000km/h tailwind,
your air speed is 0, and the aircraft will fall out of the sky since the
wings don't provide any lift.

However, groundspeed indicators would provide some sanity checks. If
your airspeed drops, but your ground speed remains constant, fingers
would point to faulty airspeed sensor.

(In a case where the wind shifts suddently and you have a strong tail
wind, your airspeed may drop at that time, but both airspeed and
groundspeed would befgin to increase as the engines accelerate the
aircraft to regain the airspeed it used to have (relative to wind).

If engines are able to give 500km/h airspeed, and you have 500km/h
tailwind, you will travel at 1000km/h ground speed.

Another example of a "bug": Airbus had added many "safety" features to
prevent deployment of thrust reversers in flight. (that had caused a
couple of crashes in the past). So, not only did they check for weight
being applied to the front landing gear, but also checked for wheel to
spin, just in case the weight switch was faulty).

BUT, there was an incident when the plane landed on a very wet runway
and pilot was unable to deploy thrust reversers right away. Why ? The
front wheel was hydroplaning and not spinning.  Airbus changed the logic
after that.

Predicting all possible failure modes is an art. And often, you learn
from such incidents.

Had an incident once where the production node in a cluster lost its
ethernet completely. From the user's point of view, the node was down.
So they switched the backup node into production mode. But when try
tried to connect to SWIFT, they got the "you're already logged in". error.

Turns out that the original production node had quorum, so it continued
to merrily accept traffic from SWIFT on a decicated synchronous card
(independnet from ethernet).

That was a failure more that had not been contemplated in the past.

And in the case of the wet runway, the Airbus engineers saw a possible
failure more with the weight switch, so they added an additional check,
but in doing so, they introduced a new failure mode !