FAA Pushes Air Traffic Control Systems Into Service 341
An anonymous reader points us to this AP story about the FAA forcing new air traffic control systems into service, over the objections of technicians and air traffic controllers. The Transportation Department's Inspector General notes that many critical bugs remain unfixed. We reviewed a book that discussed the lessons to be learned from software engineering projects; and we had a recent story about Great Britain having all sorts of problems with their new air traffic control software.
Do what Microsoft does (Score:3, Funny)
Re:Do what Microsoft does (Score:2)
Re:Do what Microsoft does (Score:3)
Re:Do what Microsoft does (Score:2)
--Pilot, SWA flt 1499, dep MDW 11:25, arr 4:10 ELP
Re:Do what Microsoft does (Score:2)
Re:Do what Microsoft does (Score:2)
Maybe there is an emergency situation and they need to do some aerodynamic calculations. For that they will need the density of the air.
density = pressure / (accel due to gravity * height)
Where height is derived the altitute (it's not the distance between the plane and the ground.) Also, there are probably a bunch of other relevant calculations where you multiply or divide by altitute and this there would be a zero floating around in your calculations.
Re:Do what Microsoft does (Score:2, Interesting)
this has the potential to be _MUCH_ worse.
bad FAA, no cookie!
Re:Do what Microsoft does (Score:2)
If the system goes down, the controllers will revert to manual. Of course the capacity of the system is greatly reduced, and there will be delays. Lots of pissed of passengers, but no dead ones.
Re:Do what Microsoft does (Score:2)
Hummm ... on that note .. (Score:3, Funny)
Amtrak [amtrack.com]
Greyhound [greyhound.com]
Hertz [hertz.com]
Re:Do what Microsoft does (Score:2)
Have you been reading his sex tips for geeks again?
uhh... (Score:2, Insightful)
New traffic control system (Score:3, Funny)
Bugs and air-traffic control.. (Score:4, Informative)
This is not a pretty sight. Each ATC can have 30+ planes on their screen, and when the computer goes down, they screen drops horizontal, the ATC whips out little flags with numbers on them and keeps them on top of the now anonymous dots.
So I think ANY improvement is a good thing.
On the blacker side: The bugs themselves could be a good thing. Maybe one of these "bugs" will misreport the location of things like the Sears Tower, or the Capitol Building and a hijacked plane will slam into "Al's Meats and More" instead of the intended target.... (yes, I'm still REALLY angry about the Pentagon/WTC/Penn. terrorist attacks)
Re:Bugs and air-traffic control.. (Score:3, Insightful)
-Sou|cuttr
Re:Bugs and air-traffic control.. (Score:2)
yeah, I was just gonna say I'm pretty sure terrorists are cleared for VFR.
Re:Bugs and air-traffic control.. (Score:2)
Re:Bugs and air-traffic control.. (Score:4, Funny)
Re:Bugs and air-traffic control.. (Score:2)
Seriously though, known bugs can be better to deal with then a whole set of new bugs. Espcially if the new bugs miss-report altitudes.
Re:Bugs and air-traffic control.. (Score:2)
I'm not sure I agree with you. From your description, it sounds like they have it pretty bad, but after reading the letter that was linked to by the original post, I think what they're getting may be even worse. Recovery times when the computer goes down are between 90 minutes and 3 hours! They're not supposed to use their existing system as an emergency backup. The FAA technicians were FORCED (by a clause in their contract) to give the system (in Syracuse) their stamp of approval, even though they don't feel it's safe for real world use. And the folks on the project can't even get close to agreeing on the number of CRITICAL trouble reports that are still outstanding. In my mind, anything marked as CRITICAL is a safety hazard.
Bad joke (Score:2)
Re:Bugs and air-traffic control.. (Score:2)
Re:Um, no (Score:2)
This system simply provides location and identification information to airplanes operating under ATC. The system tells the controller where the aircraft is, the aircraft transponder tells the controller who the aircraft is, and the controller then issues instructions to the pilot, who is then responsible for executing those instructions. The hijackers of september 11 flew those planes into the towers and Pentagon by visual navigation (at least for the last few miles...they may have used the GPS system to navigate to NYC or DC).
In short, the ATC system had nothing to do with those airplanes flying into buildings. The only way your blacker side situation would work would be to have a malicious person operating as the controller, and IFR conditions so a non-hijacker pilot couldn't see where he's going.
Re:Um, no (Score:2)
Exit, stage left..
Re:Um, no (Score:2)
Well, a VFR ticket is more than I have at the moment. I can understand saying or doing things in the heat of the moment...as long as you don't do it in the cockpit, we'll all be fine ;-)
Ultimately, I think this system is going to make pilots more vigilant. I've heard so many anecdotes about controllers causing near-misses (my uncle almost got creamed by a commuter plane while flying his warrior) that I think this may be a good thing.
Re:Bugs and air-traffic control.. (Score:2)
Even while on "radar vectors" (means the controller has identified your blip on the scope and gives you headings to fly) a pilot will always know where he is at all times. (The pilots who don't might not see old age.)
Re:Bugs and air-traffic control.. (Score:2)
ATC only gives hints at where the planes are supposed to be going except in the landing enviroment.
The way the old system works is simple, you say I want to fly from point A to point B and if I can't land at point B, I'll go to point C. My plane goes this fast and I would like to go at an altitude of about somany feet. ATC then says you can take off from point A (within 30 min or so) and fly on airway V-whatever to some vor at a specifc altitude. You get assinged chuncks of airspace and you get exclusive use of that. The assumption of the old system is that the radio is going to break and since the pilot has all the details before they leave the ground, its all safe.
This works nothing like what you read in your OOD programming book.
Not a very good article (Score:4, Insightful)
Re:Not a very good article (Score:3, Informative)
Does it matter? I know I wouldn't care why the system crashed if I was in the plane. I'd just want to get home alive. If the system crashes because of user error, then that is a serious flaw.
Re:Not a very good article (Score:3, Interesting)
I'd say it matters a great deal. If the problems are user errors then the solution is training, not software fixes - or at least UI programming changes, not changes to the core software. My point is that the nature of the problems tells us what to fix.
More to the point, because the original article doesn't give a single example of the sort of problems being reported it is very hard to evaluate the competing claims that the system is "seriously flawed" or "okay". Is this a union worried for its members' jobs crying wolf? Or is this a management team riding roughshod over the legitimate safety concerns of the people who know?
We can't tell from an article that merely rehashes the claims of both sides without presenting any supporting evidence.
Re:Not a very good article (Score:2)
Someone was able to bring the ship to a complete halt because of user error. Do we really want the same sort of thing to happen in ATC?
Re:Not a very good article (Score:2)
Re:Not a very good article (Score:2)
Clearly, conservative is good when you're talking about people's lives. Also clearly, it is possible to be too conservative.
Re:Not a very good article (Score:4, Interesting)
I am aware of the high-tech world's hated for anything that smacks of unionization. However, everything I have heard from the pilot's side (particularly GA pilots) is that the FAA is, well, not doing too well these days. And that the front-line controllers are probably more right on these issues than their bosses.
sPh
Every pilot, read this! (Score:3, Informative)
The AvWeb article cited above (which is written by Don Brown, Facility Safety Representative at ZTL) also talks about FAA wanting to do away with primary radar altogether. Fucking morons. There are still plenty of airplanes flying around with no electrical systems, which means no transponders.
Wonderful (Score:4, Insightful)
Except when by web browser crashes, it doesn't slam me into the ground in a firey mass of twisted, molten metal.
Seriously, I thought design philosophies such as the CMM [cmu.edu] level 5 (used on the space shuttle design), should prevent things like this from happening. I'm sure it's safe to fly, but stories like this don't inspire me to full confidence.
Reality Check - from a student pilot. (Score:5, Informative)
The ATC / Control Tower is never responsible for controlling the aircraft, nor actually guiding aircraft between hills/etc. Even in a busy place like the San Francisco Bay, the ATC advises of traffic and coordinates inbound and outbound traffic lanes to keep traffic well spaced. ATC typical instructions, even with hills very nearby (1nm) usually consist of a destination landmark or vector, and an altitude.
Not to rant or anything, but from what I understand, the current system is incredibly out of date. It is important, not only to update the ATC gear, but that the FAA institude a complete overhaul of avionics. It is now possible with less than $1000 of gear to have in-flight collision detectors based on GPS, but this is uncommon on private aircraft costing $100k+.
Just my 2 cents.
Re:Reality Check - from a student pilot. (Score:2)
Uh, not quite.
What you say is true for aircraft operating under VFR (Visual Flight Rules), but not for aircraft operating under IFR (Instrument Flight Rules). When you're operating IFR, if the controller gives you a vector, you follow the vector.
Now, that said, it's still the pilot's responsibility to clear terrain, but without GPS-based terrain avoidance it's damned near impossible to guarantee terrain avoidance when you're IFR, in the soup, and on vectors unless you're intimately familiar with the terrain and your own location.
The bummer of it is that it's when you're relatively low (thus closer to terrain), in relatively busy airspace (you're talking to approach control, who's usually talking to a bunch of different airplanes, and it's a party line so you have to continuously monitor the ATC frequency listening for your callsign), and are having to do a lot of different things (like listen to the ATIS [Automated Terminal Information Service] at the destination airport to get weather, runway info, etc., brief the approach you'll be making into the destination airport, set up the radios and the navigation instruments for the approach, etc., all while listening to the ATC party line frequency for instructions) that it's most likely that you'll be receiving vectors from ATC. That means that if you're in the soup, you have very little time to handle terrain avoidance, which is why GPS-based terrain avoidance gear is such good stuff to have.
Bottom line is that ATC can vector planes into terrain, and it actually has done so occasionally. It doesn't happen often. But it happens. And that's with all the equipment working, at that.
Yeah, it could be a lot better. But the FAA governs aviation with an iron fist, so you're only allowed to use technology that it deems suitable. And the FAA moves at a glacial pace when it comes to allowing new technology in airplanes. It's why modern general aviation airplanes are still using aircooled piston engines that were literally designed back in the 1940's, and why everyone is still using AM radios for communications.
Re:Reality Check - from a student pilot. (Score:2)
Sadly, a couple of years ago two pilots in the area flew a vector into a hill. They thought they were IFR, the controller thought they were VFR; he gave them a vector and then as his workload increased, he forgot about them. The lesson is: fly every ATC instruction as though he's trying to kill you. Sure, it's his responsibility, but it's your life.
Not so fast!!! The airplanes I like to fly (tube-and-fabric taildraggers, sailplanes, aerobatics) cost $20,000. TCAD-like [collision avoidance] devices are around $20,000 installed. See the problem?Re:Wonderful (Score:2)
The problem with Level 5 is the same as the benefit. So much time is spent on QC that govt. contractors, working for the lowest bidder, and Fed programmers, can't afford to work to that level of quality.
C'est la vie.
LV
Re:Wonderful (Score:2)
CMM does not eliminate bugs, but it does aim to improve processes such that bugs could be far lessened.
In any case, CMM (at any level) did not exist when the Space Shuttle software was implemented. As far as I can tell, the CMM [cmu.edu] first came into being around 1987. There were no CMM level 5 shops existing for years after that. Note also from this link that the study referenced on page 11 does show that defects (aka bugs) do get shipped on software system developed with CMM level 5, although they are much decreased.
I believe the basic Space Shuttle software was implemented in the late 70s, independently, by groups at IBM and Rockwell. You might be referring to new software they now field for use with the Space Shuttle. I don't know.
The new system rocks! (Score:5, Interesting)
On a side note, I talked with someone from the FAA about the old system and the hackability of it. I was told that they deemed the US ATC system virtually hack-proof for the simple fact that the hardware was so antiquated that anyone wanting to do malicious damage either wouldn't know how, or it would be such an arduous and tedious task that they'd eventually give up!
Re:The new system rocks! (Score:2)
Why would someone want to hack into it, it does such a good job of going down all by itself.
Actually, this is kinda sad + interesting. If someone did hack the old system and brought it down, the atc'ers wouldn't be phased a bit, to them, just another atc system glitch.
Unfortunately, it looks like the new system will follow in the old systems footsteps.
Re:The new system rocks! (Score:2)
Re:The new system rocks! (Score:2)
Yes, I was aware of that, just being a smart *ss. Plus, what are the odds of the system staying up long enough for anyone to do any type of decent hack anyway?
Re:The new system rocks! (Score:2)
Are you an air traffic controller? The salient question is not whether the Raytheon system looks better, but whether it works better. According to some of the people who actually have to work with the system in the real world on a daily basis, it doesn't work better.
The old system wasn't pretty, or even the most reliable, but at least its most common failure mode leaves radar data on the screen, albeit without flight or transponder information. The STARS system, according to the DOT memo linked at the top, sometimes fails to display some planes AT ALL which seems a much, much more serious failure mode. I also wonder if STARS can suffer a computer outage and still display unadorned radar data (as the existing system typically can), or if it's entirely and totally computer dependent.
-Isaac
Re:The new system rocks! (Score:2)
So far Australia, UK and Tahiti all have had new systems that have crashed in the last year. It takes days to reroute and fix up the messes when London goes down. Australia has about as many planes in the air as the state of Missouri so they don't count as a busy airspace (but their rules and airspace plans make it look that way). Tahiti has some good controllers that can work around issues but because the new computer allows them to break the old rules (east is odd, west is even altitudes), there were two 747's flying at the same altittude and using GPS linked autopilots. In still air (like a calm night in the tropics), the GPS autopilot can get a 747 with in about 100 meters of the centerline between LAX and PPT VORs and the air pressure altimeter will keep the planes within 20 ft of their assigned altitudes. The new rules (only allowed by the new computer system) two planes were assigned to a collision course. Fortunately both planes had radar and they had options that didn't mess with other trafic but what happens when this same situation happens between Dulles and LaGuardia or between London and Hannover? In thouse cases if you change your course, you will go into areas that have been assigned to parallel flights.
I've been making money coding for over 20 years and I can say that in some applications computers are evil. I think this is one of them.
Re:The new system rocks! (Score:2)
It isn't connected to the internet.
actually, I've heard it SUCKS rocks... (Score:2)
And I've heard that STARS has bugs that Raytheon says they cannot fix, and yet they want more money to "fix bugs"?
Fat chance they'll win ERAM.
Re:The new system rocks! (Score:2, Interesting)
Hrm.... subscription to Risks Digest required? (Score:3, Insightful)
You Have Been Warned.
Can the courts get involved? (Score:3, Interesting)
Re:Can the courts get involved? (Score:2)
Why sue? The technicians themselves could have shown some backbone and refused to install the buggy system. (Ensuring that scabs don't install
it anyway is a bit problematic, but it would instantly be bigger news).
The public has all the power in the world, but absolutely NO consciousness of this. They could refuse to travel. One day would probably end the industry...
It's not buggy enough to get the pilots' attention. If it was, not one single plane would take off. Scab pilot or no scab pilot.
Well, the pilots with a deathwish would fly, but that's about it.
Unfortunately, we as a society tend not to really want to change things or reduce the authority of bureaucracies, do we?
Re:Can the courts get involved? (Score:2)
Re:Can the courts get involved? (Score:2)
Tragedy waiting to happen? (Score:3, Insightful)
They aren't serious enough to (a.) refuse to follow the order to install it, or (b.) refuse to report to work if it is installed. So, if there's ever a disaster directly caused by the known flaws in this system, they're part of the same conspiracy. Whoever made this decision should have done so with the understanding that if they're wrong, they might be held accountable for more than just negligence.
But, people want that paycheck more than they want to protect human lives. So pilots won't be refusing to fly, ATC's won't be halting takeoffs, and FAA managers won't be yelling fire.
If these people really cared, we'd be seeing empty skies like Sept 12th.
So either the systems aren't all that bad, or the people who have the power to stop the madness immediately are chickenshits.
Let's start in Syracuse. Why didn't these "FAA technicians" put their money where their mouth is, and throw their wooden shoes into the machinery? Because they didn't, they should be the first people to answer for any accident that comes from this flawed system. They capitualted, didn't they?
Re:Tragedy waiting to happen? (Score:2)
Re:Tragedy waiting to happen? (Score:2)
>would probably constitute a federal crime,
>however, so Im sure the techs weren't too keen
>on going to jail.
Then they didn't care enough... This is the essence of civil disobediance. Not defying authority in secret, hoping the status quo changes, but openly defying it, knowing that you do the noble thing by facing the consequences.
No I honestly don't expect the FAA techs to give up their jobs and get arrested for what they believe in, any more than I expect everyone who smokes pot to speak up (or even to vote).
But the bottom line is, they really don't think it's that dangerous, do they? If there was some *certainty* that the flaws in this system are dangerous enough to routinely cause air disasters,
I bet you'd be seeing clear skies. Federal crime or no federal crime.
Remember, you don't "just go to jail", you do get a hearing where you get to state your case. If *everyone* involved in this system had refused to take part in it, I think the FAA would be more interested in keeping the story OUT of the press and OUT of a courtroom.
As it happens, it's just a sidebar story in the travel section. The system may nor be ready for production, but it's not bad enough for the whole industry to walk off, ask for the head of the person responsible, and march on the capitol steps either, now is it?
Wake me up when it's front page news.
Re:Tragedy waiting to happen? (Score:2)
Cheerios, - JP
Re:Tragedy waiting to happen? (Score:2)
It's not a question if it has bugs... (Score:3, Insightful)
It's: "Is there a net decrease in aircraft safety during movements?"
If not, then it's not necessarily an issue.
Re:It's not a question if it has bugs... (Score:2)
Sure, the likelihood of accident increases when the air traffic controller is sitting on the toilet instead of in front of the radar screens, but that's true of EVERY traffic control system.
Article I read a while ago... (Score:4, Interesting)
Two systems had been developed, one by some guy who worked at such a smaller airport, and one was developed by someone like Raytheon Co.
The system was basically this: The smaller airport would be fed the radar system from a nearby large airport. So if you were flying into Bowman Field, in Louisville, KY, they would be getting fed the signal from Louisville International Airport (SDF). It allowed smaller airports to have the technology of larger airports without having to expend as much money to get it.
The gentlemen who had developed his sytem basically used existing wiring coming from the larger airport and simply sent the signal across that. He hooked up a screen, and had a perfectly good signal. The FAA went on to ask him (he was an FAA employee already) to develop the technology for wide-spread deployment, which he did.
Along comes Raytheon Co. (or whomever the company was) and decides that is a lucritive contract to get. The company comes up with a system costing about ten times as much and about 80% as effective.
Who does the FAA end up going with? Let me answer the question this way: The FAA emplyee did not contribute to any campaigns.
Close.... (Score:2, Informative)
As for the new ATC system, I think any kind of mission critical system should be Unix based. As much as I like Linux, I'd still feel better with a QNX type system that goes down perhaps once a year or so. You have to wonder what the procurement people are thinking sometimes.....
Re:Article I read a while ago... (Score:2)
This has some operational advantages (the biggest being that there's a radar display of local traffic, obviously), but has some glaring deficiencies. Basically it's used in areas where traffic loads don't justify the upkeep and maintenance of a radar installation. Contrary to popular belief, most smaller airports don't have any radar coverage. Airplanes can still operate safely in a non-radar environment, even while "in the clouds" (or IMC as it's called), there's just a different set of rules to follow.
TARDIS (Score:2)
To put things in perspective, Westheimer is the third busiest public-use airport in Oklahoma, losing only to OKC-Will Rogers and Tulsa World. There is high-density student training at Westheimer, and operations often exceed 1000/day. Traffic ranges from Cessna 150's to Beech Barons to Citation X's to T-38's, with a smattering of helicopters thrown in the keep things interesting. The airport is served by several instrument approaches, including a localizer, and is scheduled to get an ILS in a couple of years; an ILS allows traffic to descend to 200' above ground before breaking out of the clouds. In spite of this, Westheimer does not warrant radar.
Short answer here is that yes, Joe Blow's system may be cheaper, and may work well enough for a VFR tower like Bowman or Westheimer, but you need a lot more for any environment that actually needs radar.
--Dave Buckles, CP-ASMEL, Instrument Airplane, CFI (double-I checkride on Monday! Woo-hoo!)
Re:Article I read a while ago... (Score:2, Insightful)
I've been doing ATC coding for a few years so I have a pretty good idea what goes into ATC systems of this size and I'm sorry but its hard enough to nail down requirements with 10 coders with excelent domain knowledge and 10 years experience. Its not something you can just throw your hat in the ring every great once in a while, its a job
High tech not necessarily the best solution... (Score:4, Informative)
Avweb [avweb.com] has also had some interesting articles about England's experiement with new ATC systems.
sPh
Gives a whole new meaning.. (Score:5, Funny)
Re:Gives a whole new meaning.. (Score:2)
Blue Skies of Death, anyone?
Raytheon Canada (Score:4, Informative)
Always having to reinvent the wheel (Score:3, Insightful)
Here's my gripe. The air traffic control system has been sucking the big one since the 80s (or even before that.) Old technology layered with even older technology. Every other year dateline or 60 minutes does a story on how much it all sucks. Alright, so what's the solution?
Well, according to the contracting some new whiz bang solution that is the end all of be all. So where are we, a couple billion down the hole for the a POS.
What needed to happen is not a total whiz bang solution. It needed to start with a system that emulated everything that the current system did using current technology. Something modular (so you could add new features later on) and something that could scale to meet larger needs. Oh, and something that could have been rolled a good ten years ago.
But noooo, that's too simple, and doesn't put a couple billion into the contractors pocket. Of course the ass clowns in congress are just as much to blame as they approved this.
Flight Safety. (Score:3, Insightful)
In the past, I've flown alot for business. I enjoy flying, actually, even in some of the cramped up economy spaces.
Before 9/11, I wasn't overly concerned about our planes running into things. The skyes are awfully big up there, and cities, aside from the obvious ones like NY and LA, are pretty easy to miss or avoid with all the land between them.
And as I think about it, the one thing that takes away my fears about a plane running into something, is that guy in the very front seat of the bus. Y'see, I know several pilots, and none of them are foolish enough to believe the ATC, when they're looking out the front of the plane and see a building comming at them quickly.
These are men and women who have, (proportedly), been highly trained and qualified to get us from point A to point B, safely. And I know most, if hopefully not all of them are smart enough to make good decisions when what they see doesn't match what the ATC is telling them.
In the same vein, there are men and women, who hopefully have good training and good instincts about being ATC's, that when a bug comes up, they're smarter than it is, and will make decisions that avoid the loss of life and property.
Sometimes, alas, you must trust the User to do the right thing. And in this case, we get Trained Users to do the job. Let them do their job.
Re:Flight Safety. (Score:2)
ATC does not separate planes from buildings.
Or even other planes in certain circumstances. That's the pilot's responsibility at all times: see and avoid. Pilots are real good at it. That's why you don't hear about many mid-air collisions anymore, especially on airliners with the high-tech boxes that call out known traffic, and even bark out instructions on how to move out of the way (TCAS.)
FUD (Score:3, Informative)
Of course, the air traffic controller's union is upset about this. Most air traffic controllers have a very short career (burn-out) and don't want to have to learn a new way of doing things.
Looks ok to me...so far... (Score:5, Interesting)
According to the article the FAA invoked their "emergency powers" to force the new system in place in Syracuse against the inspectors and certifiers' recomendations. This sounds like a horrible mess waiting to happen.
--
Well, I work in a building right in line with the SYR main runway. I can tell how lined up a plane is by what section of the parking lot they fly over (we are talking a 20 car lot.) The planes are so close I can see which ones need to be repainted or washed.
So far...I'm still alive, that's a good sign. Also, recently I have seen some planes lining up with the runway much closer than before, I wonder if that means the controllers can handle the traffic better? That would be a good sign for if the system as a whole if it is rolled out in other places.
Anyway, when the system in SYR has problems, I'll be either the first...or last...to notify slashdot.
-Pete
Re:Looks ok to me...so far... (Score:3, Informative)
In busier airports at night (think LAX, DFW, ATL) you can see the planes lined up 2 minutes apart. That's what the controllers do. The pilots are responsible for centering themselves on the runway, and landing without crashing into the ground.
conspiracy theory (Score:2)
I wonder if they're pushing it through because the new software has some nice government supplied code to send the Air Force a fax in the case of a dangerously misdirected plane. If the system does that, then the use of the emergency powers act would be justified because the new system provides "critical homeland security" - not that they'll tell us about it or anything.
One bug later, and your plane is reported as speeding towards the Sears tower and you're shot down by a fighter craft.
My wife works on the Canadian version (Score:5, Informative)
If it ever ships (which I doubt), I sure won't be flying anywhere. I'm considering buying Raytheon stock though...they seem to have several licenses to print money.
Just in case... (Score:2)
Canadian ATC uses Windows... (Score:2)
I'm an American expat living in Canada and pursuing a recreational license here. During the tower tour (which was basically 'Meet your Air Traffic Controllers' so we could appreciate how hard their job is - and it IS hard), I noticed that all the computers in the tower ran Windows.
I'm pretty sure the server is some antique IBM mainframe, and I'd still trust my life to it, compared to a Windows machine that might go down at any time, but if it's a client/server system, they both have to work for it to make any difference.
This makes me very hesitant to fly into any airport in Canada that can't be run manually (Toronto comes to mind... but that's always been a crappy place to fly into anyway).
On the upside, if some crappy Windows Pee Cee can access the ATC radar, then perhaps it would be conceivable to put (read-only) ATC terminals in the cockpits of small planes. THAT would SAVE lives.
Anyone at the FAA or Transport Canada listening?
1.7 Billion dollars? (Score:3, Interesting)
It's a shame really. Yes, this a complex problem, but it's just not a billion dollar problem. The issue is that the government's been asking the wrong people to solve it.
What they should have done is approached some small to midsized software design shops and asked them for initial estimates and designs. Give the top 10 of those $1 million each to flesh out the design and prototype it.
Then take the pick of the litter and run with it. I betcha the end result would work better and cost less than the POS raytheon delivered.
-josh
hehe (Score:2)
Wonder what incidents the security holes in this wonderful flying elephant are...
Re:hehe (Score:2)
will cause...
Should preview, but don't
Total ATC failure==no crashes (Score:3, Informative)
Think of air-traffic control as stop-lights for automobiles; when the stop lights go down, do traffic accidents start happening? No, you just get a little less efficient traffic flow (in some cases it gets more efficent...). Drivers know how to take turns just like they do at stop signs.
Analagously, pilots know how to take turns and fly safe just like they do at 90% of the airports in the world that don't have 24x7 air traffic control.
If the street lights start malfunctioning and giving wacky signals, the hazard of accidents might go up, but would not neccessariy lead to catastrophe.
The ananology for aicraft is even stronger: if an ATC controller went mad and decided to purposefully cause an accident, he probably would not succeed since he would have to fool two pilots who are trained to be wary of ATCs command and to overrride them when they are in error.
Bottom line: airplanes are flown by pilots, not traffic controllers, so breathe easy.
Re:Total ATC failure==no crashes (Score:2, Informative)
- when the stop lights go down, do traffic accidents start happening?
YESThis depends greatly on where you live and what kind of idiots are driving on your streets. It's not very common for traffic lights to lose power, however, every time it has happened in Raleigh NC there have been wrecks.
By law, without the light, that white stripe of paint (the "stop line") becomes your stop sign, but almost no one pays that any attention.
More about the STARS project (Score:2, Informative)
You can view the case study on-line [baselinemag.com], or download the PDF file [baselinemag.com].
I found it to be a very good in-depth article delving into many of the issues surrounding such a massive IT project.
Lousy Journalism (and Sun/Solaris Facet of STARS) (Score:4, Informative)
I've been an Air Traffic Control Radar Tech for the better part of 20 years and, after watching/reading years worth of inaccurate FAA Technology reporting (such as this CNN piece) I'm convinced that aviation journalists are, for the most part, clueless about the technology that they report on. Combine ignorance of that calibre with the natural alarmist tendencies of journalists and editors seeking incresed circulation/viewership and you end up with pieces like this one. Alternatively, and even more unpalatable, it might just be that all journalists are mere dilettantes, and actually have the barest grasp of the issues about which they write. Perhaps, as radar/air traffic control is my field of expertise, I'm only accutely aware of their shortcomings in that field, whereas they may be just as ignorant in many, or all, others. I hope that's not the case, but reporting that's as slipshod as this makes one wonder.... The fourth estate is just as prone to error and exaggeration as the other three.
Obviously, there are problems with STARS, just as the DOT IG report describes. There are problems with ALL new major FAA systems. I've been involved with the ASR-11 program, off and on, for several years now. The ASR-11 is a short range (airport) radar that, like STARS, is a Raytheon product and is currently undergoing a variety of tests to assess it's suitability for inclusion into the Air Traffic Control system. The STARS and ASR-11 sagas have similarites: both have been undergoing testing and some forms of development for years. A portion of the agony involved in equipment acceptance is rooted in the diverging interests of the vendor and the FAA. The vendor claims that the system will perform in such and such a manner, and it's up to the FAA to verify that their claim is accurate. If the claim cannot be verified, then a fix must be proposed, then agreed upon, then implemented, and then verified. Of course, the vendor and the FAA will interpret various aspects of the contract differently, and therefore problem resolution can, and apparently often does, involve disputes about funding: who pays for the resolution? does the FAA cough up more cash or does the vendor eat the cost? I don't use the word 'agony' as hyperbole: it most certaily is agonising for both the vendor and the FAA. However, don't be too quick to blame beuracrats. The FAA is attempting to walk a very fine line: save costs where possible, and therefore give the taxpayer better bang for the buck, while ensuring that the system in question is as safe, and reliable, as possible. Of course, altruism isn't the only motivating factor: I imagine that Congressional oversight certainly helps, particularly when it comes to bang-for-the-buck considerations. However, I genuinely believe that engineering/testing personel, system maintainers, and air traffic controllers are supremely interested in the safety of the flying public, and act accordingly.
Now on to a critique of the CNN piece:
"The only STARS system now in use, in El Paso, Texas, has been plagued with problems, according to.....the Professional Airways Systems Specialists, the union that represents the FAA employees who certify and maintain air traffic control equipment."
My experience with the ASR-11 project has convinced me that the Technician's Union, Professional Airways Systems Specialists (PASS), doesn't give much of a shit about truly relevant equipment funtionality issues. I don't doubt that their assessment of STARS suffers from the same self-interested myopia. As I've heard it told, a Union's involvement in an early round of STARS testing turned into a fiasco, and a potentially significant opportunity was squandered. I've also heard that the union has learned a bit from the experience and that, perhaps, future Union involvement in STARS testing will be more productive. I have direct knowledge of some ridiculous Union demands vis-a-vis the ASR-11.
Unions are a more than a mild source of irritation to me, for a variety of reasons the reader could likely care less about. However, there is one aspect of unions that is crucial to this and other stories involving unions: a union, even one which whose membership comprises a fraction of the 'baragining unit' employees (those who could be in the union if they chose to be) is the sole representative of that group of employees and management looks to the union for all things to do with the employees, and seeks union write-off of all employee-related matters. Journalists follow the same pattern: they spout whatever line the union gives them as if the union actually, rather than technically, spoke for all the employees. If you follow aviation reporting you will see this proven true time and time again.
An aside: my opinion of the Union has nothing to do with my opinion of the average FAA technician. Anyone that's been exposed to unions understands that the official union position often bears no resemblance to the employee's position. FAA technicians are highly trained and, generally, highly motivated, and appreciate the serious nature of their profession.
"The old system remained in place as a backup, because "tower managers stated controllers were not comfortable relying solely on STARS,"....
Now this really turns my stomach....the fact that the 'old system' remains in place is somehow condemnation of the new system (STARS). Of course the old system remains in place as a backup: it would be grossly negligent to uneccesarily remove it while testing on the new system continues. What's so stomach-churning is that this hypocritical journalist, who obviously has a minimal grasp of the complexity of FAA equipment and the air traffic control system, would very likely be the among the first to accuse the FAA of negligence if the 'old system' was uneccesarily discarded and a failure of the new system resulted in crashed planes and mangled bodies. Look, the FAA KNOWS that, while the 'old system' is technically, well, OLD, it's tried and true and, therefore, safe. Obviously they're going to want to retain it as a backup, especially considering the birth pangs that STARS is experiencing. Keep in mind that STARS is not merely a new hardware backbone: it's a completely new interface as well, so it's new to both Air Traffic Controllers and Maintenance personel. Air Traffic Controllers take their responsibility to the flying public VERY seriously, and they're almost always, if not always, going to err on the side of caution. Any one that flies should appreciate this fact.
"Union vice president Tom Brantley said the radar doesn't always work, and it may require several minutes before controllers realize the problem. In addition, he said, the system has failed several diagnostic tests."
I don't know what the hell this means: STARS isn't a radar, of course, so I assume that he must be referring to the radar/s that feed the STARS. I have heard that there is an issue with lag under certain unique and rare circumstances. Those issues will most certainy be resolved prior to acceptance, or at least examined for validity. More to the point, this sentance is a perfect example of a cursory treatment of a very complex matter by someone that obviously has no idea what he's talking about (I mean the journalist, not the Union VP). It's confusing and meaningless, rather than informative and clarifying. Sloppy reporting, at best.
Now, back to a subject perhaps more interesting to the average geek: STARS systems are based on Sun/Solaris boxes, and LOTS of them. STARS, and other imminent and existing FAA systems, such as the ASR-11 (an airport/short-range radar), the WSP (Weather System Processor), all use Sun boxes. I believe that, between the Department of Defense (DOD) and the FAA there are going to be hundreds of STARS, and a couple of hundred ASR-11s, and over the next 5 to 15 years many hundreds, if not thousands, of technicians will receive various forms of Unix training. For several years the FAA has offered a three-week instructor-led Unix course and, I believe, requires this course as a prerequisite for those technicians who will be taking the STARS and ASR-11 Maintenance courses, among others. The course is based on Redhat and PCs, rather then Ultra or Sunblade and Solaris, which is a bit of a sore spot with me, as it would obviously be advantageous for the tech to know about OBP abd other Sparc/Solaris-unique issues. However, the FAA has systems that use other flavors of Unix (AIX and/or HP-UX) so it might not be ideal to use Sparc/Solaris alone, but I can't help but think that it would be better than using Redhat/PC. Anyway, perhaps I'll write a bit more about this and try to post it one day, to see what others here think...
Getting back on track, the perceptive reader will have already realized that the training of hundreds/thousands of military and FAA technicians in the ways of Unix will be good for the Unix community. I can use myself as an example: I've been working with the ASR-11 program for three years: my first contact with Unix was three years ago at the Raytheon ASR-11 school. Now I use a laptop running Redhat (previoulsy Solaris x86, but couldn't get the darn NIC to work), an Ultra 5 and a Sparc 5 on my desk/s at work, and at home I've two PCs with two drive-racks per PC, and swap between RedHat, Solaris x86, and XP. The FAA has also been generous enough to spring for a Sunkey memebership for me and I'm going to be doing as much training as possible this year. I'll have a go at the Sun SysAdmin tests later this year and then top it all of with the Sun Network Admin test. I'd then like to move into a part-time job with some local business that uses Sun boxes. I've discussed the possiblity with various classmates in the Sun courses I've taken, and apparently, and understandably, there's little demand for part-time network administrators. however, I'll settle for less: I'd really like the opportunity to hone my skills in the private sector, just to see how far my interest and talents might take me (perhaps out of civil sevice altogether and into the private sector full time? a fantasy perhaps, but one I occasionally indulge in).
To sum-up: the fallout from the implementation of these new systems will result in an even more widespread interest in Unix, and an enlarged geek contingent.
Re:fortuitous news for Linux? (Score:2)
Sorry, I'm not sure this can be turned into a pro-Linux thing. Of course, with my luck, you might just be trolling playfully.
Re:fortuitous news for Linux? (Score:3, Insightful)
Re:fortuitous news for Linux? (Score:2)
Think about it: the software fails, two planes crash into each other. Who's respsonsible? There is no direct line of accountability.
Re:fortuitous news for Linux? (Score:3)
who is accountable if Windows crashes? no one, thats who.
at least woth OS, you can have developer look at the code, address issues. If your talking about getting an existing operating system and using it, you can begin your testing process sooner, and cheaper.
OTOH you can write the code from scratch, and open it up.
With OS you can have a team, assign resposibilities, and have someone in charge of the OS who will be hel accountable. You can not do that with a 3rd party closed spource product, especially from a company the size of MS.
Re:fortuitous news for Linux? (Score:2)
...anyway, you're confusing open source with anonymous development. Open source simply means that the source is available for modification if necessary. If you keep track of who makes what mods, then you could track a mistake either to the original author or to someone who screwed up some code in their revision of the software.
Re:fortuitous news for Linux? (Score:2)
Nonsense. The FAA can always hire a government contractor, such as IBM or Lockheed, to maintain the system, whether it is open source or not, GPL or not, etc. In the case where two planes crash into each other, the contractor bears responsibility. In the open source case, it doesn't even matter if the contractor doesn't own the code. You can always hire a third party to maintain the project and to be the fall guy.
Re:fortuitous news for Linux? (Score:3, Informative)
Imagine: the buggy (and needless to say proprietary) flight control software is installed. Two months later, plane crashes are at an all time high. The FAA is in an uproar, the media is clamoring for a solution, America is in turmoil.
I'm just not seeing this happen. First of all, the old systems sucked just as bad, and they're keeping them around for backups. Secondly, the biggest danger here is mid-air collisions, and modern aircraft have at least good enough proximity alarms to avoid a problem. I would be more worried about smaller private craft than commercial airliners.
What's that? It's the phone. Who is it? Someone named Linux Torvalds...says he has a solution to our problems.
Wrong. This is serious life or death stuff. Even with real time extensions and a VM that doesn't change every 30 days, Linux is neither designed nor intended to handle high load real time situations. Open source software just simply isn't hardened enough to do anything approaching the complexity of a major air traffic control system.
Don't get me wrong - Linux is a good operating system, and its fun as hell to use and hack on, but a good engineer knows that there is a right tool for every job, and Linux just isn't a legimate choice for a high priority real time system like the ATC.
Re:Release early, release often (Score:3, Funny)
We at the FAA are very sorry for the loss of your husband/wife/child aboard AA/United/whoever flight number 123. Their death, and the deaths of all 206 other passengers and crew was caused by a minor glitch in the software used to keep track of all commercial jets in the air. You will be relieved to know that this glitch has been fixed, and is available as a patch to the local air traffic control center.
Thank you for your continued trust in the airline industry!
Signed,
FAA Bigwig
--------
I'd rather the software WORK before I trust my life with it, thank you very much.
Re:Release early, release often (Score:2)
Dear Sir/Ma'am,
We at the FAA are very sorry for the loss of your husband/wife/child aboard AA/United/whoever flight number 987. The software glitch that caused their death has been identified as a previously occuring error, and a patch has been available for four months, but due to sysadmin laziness, was not installed, despite being easily available from our locked supply cabinet (which we have lost the keys for) at the bottom of a missing stairwell in the third subbasement of FAA headquarters.
Airport EULA (Score:2)
Re:I'm tired of politicians playing with my life!! (Score:4, Insightful)
Traffic flow procedures, and FAR's allow for all kinds of flexibility here. Controllers can stack airplanes up in holding patterns while they sort out priorities. Traffic that the primary airports couldn't handle could be sent to reliever airports. Enroute traffic could be sent to alternate airports, etc. In an emergency, the FARs even allow a pilot to deviate from the regs to the extent necessary to safely complete the flight. In other words, if it was an emergency, the Captain could break his flight plan and head for the nearest suitable runway.
The dangerous time is the time between the failure, and the full blown utilization of alternate methods. Even this, however, is helped by separation standards, standard arrival and departure routes, TCAS, etc.
In other words, they won't just fall out of the sky. If I were an airline Captain, and I found myself in a situation where the destination airport's radar was out, and I felt nervous about the safety of that airport's traffic environment, I'd start by asking for an ammended clearance to some alternate destination. If that didn't work, I might just declare an emergency and divert myself.
Contrary to what you see in Die Hard movies, the system is pretty flexible, and the people who use it are intelligent and capable.
Re:I'll Be Brave and sound like a Luddite =P (Score:2)