I would imagine that if the descent were to reach the point that pieces were flying off à la Silk Air 185, then it would be too late to meaningfully pull out of the dive.
As for the Avionics Handbook, I'm not sure what you're referring to...
The ACEs and PFCs communicate with each other, as well as with all other systems on the airplane, via triplex, bi-directional ARINC 629 Flight Controls data busses, referred to as L, C, and R. The connection from these electronic units to each of the data busses is via a stub cable and an ARINC 629 coupler. Each coupler may be removed and replaced without disturbing the integrity of the data bus itself.
and the System Operating Modes, Secondary and Direct:
Secondary - n the ‘‘Secondary” mode, the PFCs supply actuator position commands to the ACEs, just as in the ‘‘Normal” mode. However, functionality of the system is reduced. For example, the envelope protection functions are not active in the “Secondary” mode. The PFCs enter this mode automatically from the ‘‘Normal” mode when there are sufficient failures in the system or interfacing systems such that the ‘‘Normal” mode is no longer supported. An example of a set of failures that will automatically drop the system into the ‘‘Secondary” mode is total loss of airplane air data from the ADIRU and SAARU. The airplane is quite capable of being flown for a long period of time in the ‘‘Secondary” mode. It cannot, however, be dispatched in this condition.
Direct - In the ‘‘Direct” mode, the ACEs do not process commands from the PFCs. Instead, each ACE decodes pilot commands directly from the pilot controller transducers and uses them for the closed loop servo control of the actuators. This mode will automatically be entered due to total failure of all three PFCs, failures internal to the ACEs, loss of the flight controls ARINC 629 data busses, or some combination of these failures. It may also be selected manually via the PFC disconnect switch on the overhead panel in the flight deck. The airplane handling characteristics in the “Direct” mode closely match those of the ‘‘Secondary” mode.
Doesn't this prove that you can interrupt the system briefly by performing a software update, making the plane 'go dark', cut communications and fly in Secondary or Direct mode?
You wrote, "Doesn't this prove that you can interrupt the system briefly by performing a software update, making the plane 'go dark', cut communications and fly in Secondary or Direct mode?" That's the million dollar question -- it sure seems possible, especially in the context of the MSAG paper, but I'd really love to talk to someone who's an expert in both cybersecurity and the ARINC 629 bus specifically
Regarding satellites and SilkAir flight 185, could that descent have been recorded somehow? Just read about "replay of recorded authentic communications traffic" in this Security Threats Against Space Missions paper: https://public.ccsds.org/Pubs/350x1g3.pdf
Jeff's producing Season 2 on his YouTube Channel, @Jeff_Wise. It's now called Finding MH370 (Season 2 of Deep Dive:MH370) or just Finding MH370 if that helps find it in a search. You can find the show "Finding MH370" on Apple Podcasts but I don't know about other sites. There are four episodes waiting for you :)
I am hoping for clarity. If the data is innocent then the trip ended with a nosedive, but if the data is spoofed why does lead to Kazakhstan? If the data is false, couldn't the plane have flown really anywhere that the fuel would take it?
Great question, people ask it a lot. The answer is that while the BFO data is fairly straightforward to spoof, we don't know of a way to spoof the BTO data, because it's created through a much simpler process. It's the BTO data that allowed researchers to generate two fairly narrow patchs, one to the north and one to the south, along which the plane almost certainly flew.
There's an appendix to Australia's final report in which they analyzed the paint on several pieces of debris and found that it matched that used for the MH370 aircraft.
Interesting. thx! So how do you bring together this terminal dive and its widely discussed data with a landing somewhere around russia, eg baikonour or kambala airfield? do the data fit with it?
Great question. I should have specified that this is the interpretation of the BFO data if you assume that it was producted "innocently," by a normally working SDU, and hadn't been tampered with post the second reboot at 18:25. If that spoof attack did happen, and the plane went to Kazakhstan, then the BFO values of the 7th ping are simply spurious.
Hmm, regarding the steep descent - MH370 would have had parts fall off, so how would a controlled glide and safe ditching/landing have been possible?
Have you seen The Avionics Handbook produced in 2001?
I would imagine that if the descent were to reach the point that pieces were flying off à la Silk Air 185, then it would be too late to meaningfully pull out of the dive.
As for the Avionics Handbook, I'm not sure what you're referring to...
https://helitavia.com/avionics/TheAvionicsHandbook_Cap_11.pdf
Boeing B777 Fly-By-Wire Flight Controls
Oh, yes! Quite interesting, not very detailed but a good overview of the architecture. Was there anything in particular that caught your eye?
The architecture, yes, and ...
ARINC 629 Data Bus
The ACEs and PFCs communicate with each other, as well as with all other systems on the airplane, via triplex, bi-directional ARINC 629 Flight Controls data busses, referred to as L, C, and R. The connection from these electronic units to each of the data busses is via a stub cable and an ARINC 629 coupler. Each coupler may be removed and replaced without disturbing the integrity of the data bus itself.
and the System Operating Modes, Secondary and Direct:
Secondary - n the ‘‘Secondary” mode, the PFCs supply actuator position commands to the ACEs, just as in the ‘‘Normal” mode. However, functionality of the system is reduced. For example, the envelope protection functions are not active in the “Secondary” mode. The PFCs enter this mode automatically from the ‘‘Normal” mode when there are sufficient failures in the system or interfacing systems such that the ‘‘Normal” mode is no longer supported. An example of a set of failures that will automatically drop the system into the ‘‘Secondary” mode is total loss of airplane air data from the ADIRU and SAARU. The airplane is quite capable of being flown for a long period of time in the ‘‘Secondary” mode. It cannot, however, be dispatched in this condition.
Direct - In the ‘‘Direct” mode, the ACEs do not process commands from the PFCs. Instead, each ACE decodes pilot commands directly from the pilot controller transducers and uses them for the closed loop servo control of the actuators. This mode will automatically be entered due to total failure of all three PFCs, failures internal to the ACEs, loss of the flight controls ARINC 629 data busses, or some combination of these failures. It may also be selected manually via the PFC disconnect switch on the overhead panel in the flight deck. The airplane handling characteristics in the “Direct” mode closely match those of the ‘‘Secondary” mode.
Doesn't this prove that you can interrupt the system briefly by performing a software update, making the plane 'go dark', cut communications and fly in Secondary or Direct mode?
You wrote, "Doesn't this prove that you can interrupt the system briefly by performing a software update, making the plane 'go dark', cut communications and fly in Secondary or Direct mode?" That's the million dollar question -- it sure seems possible, especially in the context of the MSAG paper, but I'd really love to talk to someone who's an expert in both cybersecurity and the ARINC 629 bus specifically
Regarding satellites and SilkAir flight 185, could that descent have been recorded somehow? Just read about "replay of recorded authentic communications traffic" in this Security Threats Against Space Missions paper: https://public.ccsds.org/Pubs/350x1g3.pdf
Is this podcast no longer available on Spotify or amazon music? Can only see season 1 episodes
Jeff's producing Season 2 on his YouTube Channel, @Jeff_Wise. It's now called Finding MH370 (Season 2 of Deep Dive:MH370) or just Finding MH370 if that helps find it in a search. You can find the show "Finding MH370" on Apple Podcasts but I don't know about other sites. There are four episodes waiting for you :)
Thanks Keelie -- yes, I've unfortunately had to restart the podcast under a different name. You can find it on Spotify here: https://open.spotify.com/show/6JyFlxPVfImPQj3vr4gOAj and on Apple podcasts here: https://podcasts.apple.com/us/podcast/finding-mh370/id1750281366
I am hoping for clarity. If the data is innocent then the trip ended with a nosedive, but if the data is spoofed why does lead to Kazakhstan? If the data is false, couldn't the plane have flown really anywhere that the fuel would take it?
Great question, people ask it a lot. The answer is that while the BFO data is fairly straightforward to spoof, we don't know of a way to spoof the BTO data, because it's created through a much simpler process. It's the BTO data that allowed researchers to generate two fairly narrow patchs, one to the north and one to the south, along which the plane almost certainly flew.
any chemical analysis on the debris? i couldn t find one (;
There's an appendix to Australia's final report in which they analyzed the paint on several pieces of debris and found that it matched that used for the MH370 aircraft.
Interesting. thx! So how do you bring together this terminal dive and its widely discussed data with a landing somewhere around russia, eg baikonour or kambala airfield? do the data fit with it?
Great question. I should have specified that this is the interpretation of the BFO data if you assume that it was producted "innocently," by a normally working SDU, and hadn't been tampered with post the second reboot at 18:25. If that spoof attack did happen, and the plane went to Kazakhstan, then the BFO values of the 7th ping are simply spurious.