I am not sure why you think the part you copied from the transcript contradicts what I said. The stall warnings sounded multiple times, whenever airspeed got high enough (i.e. the pilot was doing the right thing) to make the system believe the readings.

The pitot tubes were working correctly for the majority of the accident, precisely because there was no ice on them for the majority of the accident. Yet the computer system stuck in alternate law, encouraging the pilot to do the entirely wrong thing.

It was programmed to panic. How else would it do it? It is not sentient.

It is a classic case of throwing the error at the operator. Computer systems used to do that all the time, but today we do better.

Read the cockpit transcript. The stall warnings stopped whenever the crew member pulled the stick back and made the stall worse. (They stopped because the computer was programmed to treat the ridiculously low airspeed indications as instrument failures and disregard them).

It has 2 pitot tubes and 1 failed. Apart from that the aircraft was in perfect condition. The failing pitot tube recovered during the fall, so all equipment worked correctly.

The autopilot shut off and the computer put the plane into alternate law, where pilots are allowed to do stupid things like stall the plane. The computer had one perfectly working airspeed indicator to rely on, but instead it panicked.

The autopilot should not be unable to make sense of the information it gets because of a single faulty sensor. This is the 21st century, computers can do better than that.

All the bad human interface design decisions have reasonable technical explanations. That does not make them good design decisions.

If that stall warning had kept working, AF447 would likely not have crashed. If the autopilot had not panicked and disabled the normal computer control because of a single faulty sensor, AF447 would likely not have crashed. If the plane had synchronized sticks, the other pilot would likely have taken control and AF447 would likely not have crashed.

Yet all the blame is put on the crew.

Indeed, AF447 is one of many clear cases of blaming human pilots for being human. Humans are prone to make unfounded assumptions without checking them, and no amount of check lists or training will ever stop that. Another example was that the stall warning system blared loudly in the cockpit as soon as the pilot did the right thing and tried to fix the stall, whereas it was silent as long as the plane was deeply stalled.

Either way, an emergency on a plane which is flying on autopilot is a bit like unpausing a racing game. It is a small miracle if pilots manage more than the most basic troubleshooting. Planes are in need of better user interfaces and autopilots which do not just give up and throw the problems at the humans.

Be VERY careful with that one. If you miss the outbound flight, you run the risk of having the return flight cancelled. Do it the other way around, and don't use the return flight.

You just said bollocks and repeated my point: it was not a shoulder fired missile that any guerilla soldier can get, it was a SAM system previously only available to nation states.

Conflict zones are not out of bound of civilian traffic in general; have a look at a map and see how that would make a lot of routes impossible.

He was authorized to be flying there. Planes fly over conflict zones all the time, because non-idiots know the difference between civilian airliners and military planes, and no-one gives SAMs worth millions of dollars to imbeciles, and the cheap ones cannot fly 10km.

As it turns out, that was no-one except Vladimir Putin, so now the game has changed.

You misunderstand. The bus is ethernet. You can plug anything you want into the ethernet plug without giving it unlimited access to your system memory. Just like you can plug anything into a (mythical) properly implemented USB bus without any risk, but UNLIKE Firewire and Thunderbolt.

40Gbps ethernet cards use DMA securely and offer sustained data rates that USB can only dream of.

Ethernet controllers work by DMA, yet they do not offer random access to anyone who plugs anything into the bus. There is no inherent reason why DMA means full access.

Thunderbolt and Firewire are different, in that they are "controllerless". They are simply PCI bridges.

That is pretty much how industry works. There is a right way to shut down a plant, and it involves a lot of things done in the right order. You can do an emergency shut down, and that will not kill anyone, but you will at minimum have to throw a lot of the stuff away that was going through the plant at the time.

Steel works are about a worst-case example of this. Lose power at the wrong time and you have no-longer-melted steel stuck in all the wrong places with no way to remove it. Removing this risk is impossible.

It is difficult to think of something LESS secure than plugging USB sticks into production equipment. I will take ethernet over that any time. At least the ethernet controller and driver is likely to be fairly secure, unlike the USB host and driver.

Systems which are insulated from the Internet rarely get security updates and security reviews often miss them. Yet all it takes is a compromised laptop on the wrong network or a USB stick inserted into the wrong machine, and suddenly the whole "secure" network is up for the taking.

Critical systems should be designed to function despite FSB, Mossad, and the NSA all have having direct access to every LAN. Alas, that is practically impossible to achieve today, industrial systems and management functions do not have the necessary security features to work in such an environment.

I know it is cheating, but you can fairly easily do 1000 miles per tank in a modern diesel, as long as you stay below 60mph or so and avoid cities. I did around 40l for around 1200km over a couple of weeks in a rented BMW.