Justin Stringer is the DPA I remember.
So what questions should have been asked about the software?
I was not referring to management. I am sure the bean counters have infiltrated their dafety departments too.
I was referring to the mishap investigation and rules for hours and such.
The investigation always turns up the same issues and the NTSB always offers the same recommendations. The FAA always ignores them for all the same reasons the CG ignores them.
Old but still relevant …
https://www.martindale.com/transportation-law/article_Holland-Knight-LLP_484998.htm
The bean counters have been part of the safety department from the beginning. The CFO, chief financial officer, reports to the chief executive officer who oversees and is responsible for all corporate functions. Everyone else is an employee whose job demands they keep the CEO happy. NO company will make safety a priority if doing so cost them, whether it is more money for training different equipment etc. The only thing that CEOs recognize is an expense or profit which will effect the company profit and their bonus. That is capitalism 101. To keep things from getting out of hand governments recognized many years ago that regulations were needed to protect the citizens of their countries from abusing workers, becoming all powerful monopolies that could control a country and the citizens. The idea was that the regulators paid by the citizens would protect the public as it was well understood that greed would triumph if not regulated[civics 101]. But now the regulators have been captured by those they purport to regulate. They impose minimal fines and no jail sentences for violators. Antitrust enforcement has been abandoned. The system is corrupt and the people voted for all the politicians that support this system over a period of many years so this must be what the citizens want. Hopefully the corruption will evolve further down the food chain so that I can go 130 mph on I-95 and get a $10 ticket 
Only between the hours of 0200 and 0400, the rest of the time you would be lucky to reach 30mph before having to slow down again.
Unless you are riding a crotch rocket of course …
WTF !!! The USCG required engineers to take “GAP " classes that included ERRM or engine room resource management. Which is basically a BRM class. In that class, a few take aways …
For instance when the “customer” desires their cargo “FAST” they in turn put pressure on the Company. The company in turn puts pressure on the Captain, basically stating get the ship to point b faster or we will find someone who can…Then when something happens those in the office say " What did we do?” The office attempts to separate themselves from any blame. The office basically strips the masters authority from the captain, and then metaphorically throws the captain and crew of a vessel under the bus.Older captains possibly have a retirement and a huge nest egg saved away in their 401k’s to fall back on. So older captains don’t fear the push back from the office. Contrary younger captains, don’t have the retirements and huge savings to fall back on so they are prey for bullish office profits over people. The USCG, canters to maritime companies to the extent that the USCG will not intervene in support of maritime crews. ie Should a captain get fired for not doing what the office says, the USCG does not intervene. However if a captain disobeys the office in exercise of their masters authority to the benefit of the safety of the vessel and crew. The USCG should absolutely intervene as there was an absolute wrongful termination. Think of it like this ; The crew of a vessel, are on the vessel they see the weather happening, they maintain the vessel and get a “feel” for the vessels mechanical condition. The crew also feels the affects of the conditions on the vessel. The crew have credentials, that hold them accountable. The puppet masters on the beach, do not have to face the accountability of their decisions. So they make poor decisions and force their will upon the vessel in a bullish way. Then when all else fails, pays a NTSB to report findings in their favor. Until we address those issues, ships are going to continue to crash and incidents are going to happen at a much greater rate than if those on the beach let those on the vessel run their vessels. The it should work, is those on the vessel, direct those on the beach. ie We need these supplies, the office gets those supplies. The vessel informs those on the beach we need these repairs. When the vessel calls on a port - the needed repairs get done. If outside help is needed for those repairs then outside help arrives at the stated port. Navigational decisions are primarily made by those on the ship. Communication is maintained with the office. But if a change to navigation happens because those on the vessel, feel it is safer to take a different route then…
Hoo boy. Long list. Rough outline:
What are the consequences of software giving the wrong result? What are possible sources of a wrong result? How easy is it for an operator/user to detect a wrong result?
The results of this exercise gives you your task list. Then you sign a bunch of non-disclosure agreements and dive into the code. Reverse engineer and stress test the high-consequence/hard to detect cases.
In parallel you sit down with the worker bees and review their process, particularly configuration management, testing, and how the software gets delivered/updated.
Finally, and only after you’ve done all this homework, do you sit down with management and ask them how they think their operation runs.
Anything less is just handwaving.
Cheers,
Earl
If anyone wants to read through this, here is the final NTSB report on the fatal crash of the B-17 “909” with paying passengers aboard.
https://go.usa.gov/xHbMw.
Long story short is many safety rules, processes, and procedures were ignored and having paying passengers aboard WW II airplanes was in itself an end-around of the usual regulations.
The board concluded in its summary of the report, “We have seen instances where operators may have voluntarily implemented an SMS, but its components are not actively functioning as an integrated system.”
An interesting note - the pilot in that B17 accident was also the (paid) Director of Maintenance for the Foundation that owned & operated the aircraft. He was a volunteer pilot, so clearly he had an interest in flying the aircraft despite maintenance & inspection issues - that he himself was responsible for. And that maintenance (and especially inspection) was NOT being performed properly.
A clear conflict of interest here - similar to the conflict between safety and commercial performance that pervades the shipping industry (and many others).
are you talking about pleasureboat systems that all boot up and say ’ not for navigation.’ or commercial ECDIS?
I think the issue is called something like “normalization” where you do something unsafe so many times it doesn’t register anymore. Sure the engine has 2 magnetos, so if one is wonky the other one gets you home. If you keep flying it that way, you eventually forget your life hangs on the other magneto that may not be far behind in going bad.
“Normalization of Deviance,” first coined by Prof. Diane Vaughan in her analysis of the Challenger loss.
Earl
Also the “Swiss cheese” model where the holes all line up one day.
One bad mag
Other mag goes bad
Other engine has bad spark plugs
Pilot flies too slow
Pilot puts gear down too soon
Right. But event-chain models (Swiss Cheese, Bowtie, etc.) typically tell you what happened and maybe even what could have prevented it from happening. They typically don’t tell you why it happened.
Cheers,
Earl
I think in this case WHY is giving too many jobs to one person. The pilot, at least in this case, seemed too invested in making his flights no matter what to be the right person to supervise himself. See the Bounty for another one of those.
I have never seen “Not for Navigation”, but I will fire it up today and see, maybe I missed that.
Right. A common “why” is lack of redundancy, both technically and organizationally. And for influential organizations like the Stanford Business School and McKinsey and Co., lack of redundancy is a feature, not a bug.
Earl
Truer words are rarely spoken.
Not to mention lack of backup … the pilot not flying should have been making loud noises about low airspeed and the insanity of dropping the gear on downwind with the aircraft already pushing up against minimum control speed and very close to stall speed.