I would suggest to never use unsigned int for values that will involve any sort of calculations on them (health, damage, speed). This is considered bad practice due to overflow and should be avoided, with the exception of values that are used for UIDs, indexes, bitfields, mask and flags.
My suggestion is straight from the C++ guidelines by Bjarne Stroustrup and Herb Sutter (ES.102: Use signed types for arithmetic), for reasons that you don't seem to grasp.
I don't want to minimize pilot errors but I can't stop thinking this dual inputs system easily ranks in the top 5 of the worst design ideas in history.
I always hate findings of "pilot error." Like you, I don't want to minimise it, but it never feels like it gets to the root cause. It often feels a bit like scapegoating. Why did highly trained, presumably competent pilots make the error? How can it be avoided in the future?
As you say, UI design choices can make errors more or less likely. Absolutely everyone makes mistakes. We need to design to reduce the likelihood of mistakes and to minimise the impact of mistakes when they do happen.
To be clear, I think everyone in the industry understands this, but when reported in the media, the average public just hears, "Pilots f'ed up," which is almost never a complete picture.
Aircraft investigations don't really work like pointy-haired-bosses who want a single simple answer for every problem. They do have nuance and list everything that contributed to the problem. Humans err frequently, and this is definitely a case where humans contributed. Dual input is a very fundamental violation of basic pilot training. While there may be systematic changes that could be made to improve it, pilot error absolutely should be on the list as well.
> when reported in the media, the average public just hears, "Pilots f'ed up,"
Unfortunately, for a mass media audience, this is unavoidable. People are always looking for "the answer". To understand nuance in a specialized field, most people will need an overview of the problem set to grasp the topic. Really you'd need more of a 60 Minutes type exposé to explain that; it's too much for a typical news report.
Sometimes it's really just pilots being incompetent or drunk - cf. Aeroflot Flight 821 and Aeroflot Flight 593 as good examples (not exclusively a Russian/Aeroflot thing, but they have particularly egregious examples.)
And how is it that incompetent or drunk people are allowed to fly airplanes? That is still only a proximal cause of the failure; there are systemic issues if this is something that happens with any kind of frequency at all.
The system has humans and computers (the airline is a cyborg!) so human incompetence is definitely up there as a failure mode.
The pilot should not be drunk.
The pilot’s boss should not have let him onto the airplane while drunk.
That guy’s boss should have ensured that they breathalyze every pilot. And so on up the chain to the owners of the airline, who should appoint a CEO who can get the job done.
Breathalyze every pilot? Really? That sounds like a depressing, degrading work environment, which, when combined with the taboo against seeking mental health treatment as a pilot, might contribute to an increase in on-the-job suicide attempts.
In aviation, every knob you turn has at least two effects.
There was an IBM article a while back advocating for '5 Hows' as a replacement for '5 Whys' with this logic. How was it possible for this to happen and that should be the root question that drives improvements. Pilot error should effectively be a non-option for root cause.
Also important is that there is no single root cause for any event. Therefore there is no single 'error' that could be attributed to any one root anyway (in particular the pilot).
Just to point out, but aviation accident investigations do not use '5 Whys' or any dumbed-down framework like that.
They go and list everything that went wrong, without even a lot of concern for causality. They also list all reasonable points of improvement, regardless if they were important for this one incident or not.
Human error is always there, of course. But the idea that they are blaming this on the human is wrong. They are not blaming anything on anything.
Sometimes it really does come down to sheer stupidity or incompetence.
Taking the recent incident at HND earlier this month between a JAL A350 and JCG DHC-8, the investigation (currently still ongoing) is pointing to the JCG Captain astronomically fucking up:
* ATC ordered the JCG DHC-8 to hold short of the runway and informed them they were #1 in the take off queue. Take off clearance was never given.
* The First Officer of the JCG DHC-8 read back the order to hold short and their position in the queue.
* JAL A350 had clearance to land and (along with other aircraft) listened in to the above conversation, routine stuff to help maintain situational awareness.
* The Captain of the JCG DHC-8 entered the runway, violating order to hold short, and sat there for approximately 40 seconds until they were struck by the JAL A350.
ATC, JAL, and even the JCG First Officer all did things right and yet all it took was apparently one Captain screwing up.
Yes, there were compounding factors like how it was nighttime and all the airport lights flooded out the JCG DHC-8's lights, but pilot error is the only reasonable way of ultimately explaining incidents like this.
So, I would say that pilot error is a primary factor in this case. But, that still leaves open the question of why the error occurred and whether there is anything we can do to reduce the probability of it happening again. I highly doubt the Captain is simply stupid or incompetent given all of his experience. Perhaps, the crew was overly fatigued? People make mistakes, sometimes big ones. The question is how to reduce mistakes and how to limit damage from those mistakes.
> Why did highly trained, presumably competent pilots make the error?
Confirmation bias is really hard to break. When you're in a situation and start telling yourself a story about what's going on, it's really hard for even break that narrative, even when the "you're being an idiot" light turns on.
Dual inputs is there for redundancy in case of a jam in one of them, or in case one set of cables is cut. Everything is dual.
The reason pilots are there is to diagnose problems and take the right corrective action. This also means they can misdiagnose problems and take the wrong action. This is where pilot training comes in.
Say one pilot loses consciousness, the other one has to extract them from their seat before they can fly the airplane. That's no easy task - humans are surprisingly heavy once they pass out.
Airbus has had a Priority Takeover button, from the start, I assume Boeing also has something like that. Its primary use case is exactly what you’re talking about, although it also disables autopilot so it’s a good way to ensure you have manual input in case you need to react quickly.
Airbus has a dual input alert, apparently Boeing doesn’t, and didn’t add it after this incident, blows my mind. Still they’re far from perfect, stress deafness is absolutely a thing.
Active sticks (force feedback) are finally making it into commercial cockpits, they’ve been deployed in business jets, and the Irkut MC-21 was supposed to be the first implementation in an airliner (as it’s french-made, that’s been sunk by the Russian invasion of Ukraine and subsequent economic blockade).
This means hopefully active stick swill make it into big two airframes eventually. I assume there’s some redesign work ongoing as it likely requires additional power and data connection, AFAIK currently the sticks (Airbus’s anyway) are just centered and resisting via springs, I don’t think there’s any data fed back into the sticks.
> Airbus (surprisingly I think) didn’t have any sort of dual input alert
They did (and I think from the start, because unlike on Boeing's controls which are mechanically linked, there's no easy way of knowing the other pilot is inputting). From the wikipedia article of the crash:
> The inputs cancelled each other out and triggered an audible "dual input" warning.
Active sticks have been in development for decades. They’re getting deployed on civilian crafts these days e.g. Gulf Stream’s top of the lines jets (though retrofitting them on existing planes is likely a ways away still).
I would assume the issues are / were around reliability, failure modes, certification and training rather than patents.
The force feedback is applied by the "feel computer". On the 757 it's a hydraulic device designed to apply forces to the control column simulating the forces on the control surfaces.
Three pilots with a voting algo, obviously. Or, maybe, a supreme court of nine pilots all constantly and continuously in search of perfect aerodynamic justice. Ah hell, just let ChatGPT fly the damn plane.
Edit: I've got it! We'll have a single pilot but they'll be based on a Rust rewrite of ChatGPT running on RISC-V.
By "dual input system" I was referring to the fact that both pilots can apply input into their sticks or trim wheels simultaneously resulting into inputs cancelling each other out or de-synchronizing.
Agreed, that seems like a really bad design. At the very least there should be an alert whenever the system detects that both pilots are touching the controls.
There should never be a 'net' input. Only one pilot can fly a plane at a time. This is fundamental training for pilots, they would have learned this in the very first few moments they sat behind the controls.
Once you know roughly how ChatGPT works under the hood (see ChatGPT API), most of these claims on ChatGPT seems to emerge from us humans being easily tricked by our own anthropomorphism.
Carbon or Silicon. What is difference if its a computer neural net, or biological calcium ions and electrical potentials. Once you know how the brain works under the hood, we'll know that we have been tricking ourselves.
