I once flew from Weston-on-the-Green as a guest on a sky diving flight, a couple of years after this accident. We went right up to 12,000 feet which I was told was the natural ceiling for this sort of activity.
It amazed me that everyone on board could think straight at that altitude — it really affected me dropping to two thirds atmospheric pressure so suddenly. As I recall we didn’t spend long at altitude: the aircraft and the sky divers went pretty much straight up then straight down again with surprisingly little difference in time spent in the air between them and us. You’d want to have your wits about you anyway when jumping out of a plane, let alone one where the landing site is next to two busy roads (the newly built M40 near the Oxford/Bicester A34 junction.)
(And yes, if you’d told me in the early 90s that you were going to take a flight in a second hand soviet turboprop I’d say take a parachute because you must have a screw loose. Turns out both were the case.)
The highest I jumped without oxygen was 17.7k ft (couldn't quite get that extra 300 feet), and I was quite hypoxic. The odd thing is, I had no awareness of my impaired cognitive ability and I basically staggered out of the aircraft. I wasn't thinking straight for half of the jump. I now think i'd be much more aware of the effects and impact of hypoxia, because i've experienced it.
I've also done the opposite by scuba diving to 30m and begun to get nitrogen narcosis, which is very similar. To understand it better, I've done a "dry dive" in a controlled environment in a hyperbaric chamber where they can simulate a 40m dive, and measure your cognitive ability throughout. This is excellent awareness training, and I now think i'd identify the early signs of it sooner.
> 10-12,000ft is generally accepted as negligible impact on cognitive function
That is just a guideline.
Each person responds to hypoxia differently and starts becoming hypoxic at different altitudes. One person might start having symptoms at 8,000 while another can function without oxygen at 14,000 for hours. It depends on your health and acclimation. All else equal if you live in Denver your tolerance to altitude will be greater.
This also applies to carbon monoxide exposure. For either condition you may not get headaches at all. Or you may get loss of color vision first. Or maybe your fingers tingle first. It is highly variable from person to person. Many people in those situations report they excluded hypoxia or carbon monoxide as a possibility because their symptoms didn't line up with the published lists, unaware that those lists are merely guidelines.
The one constant is that by the time you realize you are hypoxic or have CO poisoning you will either not care or be unable to fix the problem. This seems to be nearly 100% universal. Even when briefed ahead of time in a test scenario almost everyone will fail to take any action to rectify their situation on their own. Sometimes they can be coached into taking action (like descending or putting on an oxygen mask). For that reason a number of GA pilots use a pulse oximeter when flying above 8-10k to detect the signs early, while they are still aware enough to take action.
Also be aware that perversely CO causes your pulse oximeter reading to increase. Those chemical dots are useless, you need an actual detector and the sensor inside them is good for 10 years. Once bound to hemoglobin CO takes a long time (12-24 hours) to be removed and breathing oxygen only speeds that up by half. This is very unlike hypoxia which disappears in seconds once you start on oxygen. For aviation don't use household detectors - they have relatively high thresholds. On a long cross-country or multi-day flight you can accumulate exposure at levels low enough not to trigger a household alarm but cumulatively become very impaired due to the long half-life of CO in the body.
As someone with thousands of jumps from this altitude, I disagree. The VAST majority of 'first timers' I've taken on tandems don't feel much, if any, difference either going up.
Fair enough, I haven't jumped out of a plane, I was basing it on my climbing experience, which I realise now is not a valid comparison, I suspect that it's more noticeable in that context because of the high rate of respiration you tend to get when slogging it up big hills.
> If the blades are still angled to produce thrust, then instead of the blades taking a bite out of the air, the oncoming air will start to take a bite out of the blades, so to speak, driving the propeller, and thus the turbine, in reverse.
Minor correction for the author, a unfeathered prop continues to rotate in the correct direction. The flow of torque is reversed, not the actual rotation of the prop.
Indeed under certain circumstances the prop can end up speeding past its design RPM to the point that the prop tips become supersonic creating a whole world of other problems and dangers.
It's one of numerous errors in the article that demonstrate Dempsy has fundamental misunderstandings about the stuff she is writing about, which is hilarious given she is routinely and extensively complemented (by people who know nothing about aviation) for her "excellent analysis".
She never even mentions the ultimate cause of the crash: Antonov's design required dual grounds, but the factory in Poland modified the design to group the grounds together, without realizing or caring about the implications.
It's right in the UK DoT crash report - page 30 - and on the summary of the crash on the BAAA's website, which is in the first 6 google results for the crash. It would probably be higher except her article and copies of it on reddit are taking up the first couple of hits now.
Spoiler for people who don't want to read a VERY long article- the electrical circuits in the plane did not follow the plans. A screw that was providing grounding (to the plane body) for the flap system had wiggled loose- causing the electricity to take a different path, through the a circuit that controlled the angle of the propellors. So pressing the flap button cause the propellor to stop spinning.
The problem isn't that they didn't follow the plans, they did, the problem is they didn't include industry standards for safety critical systems like preventing reverse current with diodes and/or independent grounding.
The design was changed slightly shortly before going into production, from two grounding screws to one. It's a minor difference though as there would be no way to detect thata single grounding screw had failed and then the failure of the second screw would cause the same problem. And if one screw is backing out/aging, there's a good chance the other one is too.
> It's a minor difference though as there would be no way to detect thata single grounding screw had failed and then the failure of the second screw would cause the same problem.
Actually, having two grounding screws would have avoided this problem - the flap switch would never have been connected to the ground via the feathering mechanism (unless both screws got loose and somehow entangled). In that case, either the flap mechanism would have failed, which would have been obvious, or the second terminal of the feathering switch would cease to be grounded, which could lead to sudden feathering with sufficient EMI. While still not great, a dual ground-screw setup would have been much better.
Two circuits sharing a common ground path causes electronic noobs no end of confusing grief. Because the two circuits are coupled via the ground inductance and resistance.
And a circuit that forms with it's ground a large loop is another source of confusing grief. A big loop is an inductor. And will pickup magnetic energy passing through it.
The diagram in the article described the alternate design. Both wires connected to the same terminal block. It was redundant ground screws for the terminal block that was still shared between the two systems.
Surely any design should also include plans for periodic inspection, like "pull on each screw and make sure it's not loose or wiggly"? Else you eventually get into situations like doors falling out midflight as happened recently. Diodes can also fail and inspection of their current reliability got to be harder than inspection of screws. If you are working with Soviet levels of quality and service, opting for simpler components might be a better bet.
Sounds like the electrical faults in some older cars. Poor grounding or corroded wires lead to the current flowing in an unexpected different path, causing all kinds of bizarre effects.
Yep, that brings up good memories. I spend some time fixing electrical faults in my first two cars when I was 22 and knew nothing about electrical engineering (I did know math and programming though).
That feeling when I understood why taillights are flashing dimly in unison with the left turning light I won't forget, along with a few other eureka moments.
I just bought a new car with poor grounding. Apparently the factory had painted over the terminal where the automatic transmission grounding cable attached. This caused a variety of intermittent faults until the dealership technician figured out the root cause and sanded off the excess paint.
It didn't cause them to stop spinning. It caused them to feather, which meant torque dropped enormously, and there was suddenly a huge disparity between commanded torque / fuel flow and observed torque so the engine control system figured something catastrophic happened (such as a gearbox failure or prop/feathering system failure), and cut fuel flow to keep the engine from overspeeding...and then that in turn triggered automatic deployment of both spoilers, turning the plane into a space shuttle simulator.
Welcome to Dempsey's style: google a plane crash, read a bunch, slap it all together and take multiple paragraphs to say something that only needs one sentence or adding drama...get a bunch of things wrong, and call it "in depth analysis."
She doesn't do the slightest bit of "analysis", she has no training or education in aeronautics or any other relevant field, and despite having spent years reading and writing about this stuff, she routinely gets things wrong. What's hilarious is that a reporter claimed she "extensively fact-checks". What? You can't/shouldn't fact check your own work. A colleague, editor, or expert in the field does.
She missed one critical fact despite those five pages and numerous diagrams and photos, which was the entire reason for the crash: the Antonov design required separate grounding points for the two systems, but the factory modified the design.
Let me go over the numerous ways Dempsey demonstrates she doesn't understand basic physics and aeronautics despite years of "researching" plane crashes.
Dempsey says: "Furthermore, because a failed engine on the An-28 tends to produce a large and sudden yawing moment, the system also automatically deploys the outboard wing spoiler on the opposite side from the engine failure, in order to ensure that drag on both sides is as close to equal as possible."
First off, engine failure on any non-inline-twin will cause this, it's not specific to the An-28, but I'll chalk that up to just shitty writing skills which an editor would have fixed. Second, it's not about "ensuring drag on both sides is as equal as possible" - the yaw happens because the vector of thrust shifts several feet to one side from the centerline of the aircraft - or as it's properly referred to, asymmetrical thrust.
Third, she said spoilers "induce drag" - they aren't designed to cause drag. They're designed to disrupt airflow over the top of the wing - it detaches from the surface and becomes turbulent. They spoil the flow of air - literally in the fucking name, and she doesn't understand what they do.
Fourth, the reason the spoilers are deployed is not to even out drag. It's to cancel the effects from the yaw, which causes the plane to start slipping/crabbing - its yaw angle doesn't match the plane's path through the air. One wing is thrust into the wind and the other retreats, causing a difference in lift...and there's also a difference in lift because the failed engine is no longer pushing air over the wing behind it, and (until feathered) in fact is blocking, and causing enormous turbulence in, air that should be going over the wing generating lift.
She said "The landing gear swiftly collapsed, causing both wings to fold downward and strike the ground." If the landing gear hadn't collapsed, the wings still would have been ripped off the plane, and further, everyone aboard likely would have been more seriously injured because the plane's fuselage (and thus passengers, not in seats) would have had a much stronger vertical acceleration when it hit the ground. The wings folded downward because the heavy engines had high momentum, the airframe's vertical speed was reduced to zero almost instantly. As the airframe's vertical speed went to zero, it exerted a force on the wings that the plane could never be designed to handle.
She said: "If the blades are still angled to produce thrust, then instead of the blades taking a bite out of the air, the oncoming air will start to take a bite out of the blades, so to speak, driving the propeller, and thus the turbine, in reverse."
Fucking what? Propeller blades are airfoils and when the engine fails, the blades stall because the angle of attack of the blade changes enormously. There will be some windmilling - at a tiny fraction of the engine's power (in piston aircraft, around or less torque than even the starter motor) but it's in the same direction the engine normally turns - they don't fucking spin backward because air is still flowing in the same direction. The bigger problem is that the propeller is presenting what is effectively a flat face to oncoming air, and inducing turbulence in air that should be flowing past it and smoothly over/under the wing, generating lift.
Kyra Dempsey writes about shit she doesn't fully understand, doesn't seem interested in or capable of educating herself in basic physics and aeronautical concepts, and as evidenced by the writeup of this crash - gets basic facts wrong because she doesn't throughly research them enough. How she still gets this stuff wrong after years of doing it is bewildering.
I don't understand reddit's obsession with her, or why people keep linking to her articles here. If she was as good as everyone claimed, why is she basically unemployed?
If you want to read actual informed analysis of plane crashes, read aviation news outlets. AOPA, for example, does a lot of extensive writeups about crashes in general aviation, and it's written (and reviewed by) people who are experienced, knowledgeable pilots (and often, instructors.)
The doesn't say whether the C-145As built in Poland for the US Air Force still had the fault, or the SkyTrucks built until 2019. We might guess that since the fault wasn't in the plans, they would not get it, but that might depend on whether they were built in the same factory as HA-LAJ, with the same practices.
It seems as if were both engines to fail, either one prop would be feathered and the lift spoiler on that side extended, or neither prop would be feathered. Presumably the pilot could feather the props himself. It is not apparent whether this would extend both lift spoilers too, or if those were controlled separately.
The design drawings did not have the fault, but the engineering drawings used for building may have. They were done by different teams in different organisations at different times.
I doubt they have the same fault. It's common practice in NATO air forces to use lock wire or another type of anti-backoff mechanism on screws and bolts subject to vibration.
If the original design lacks this it would likely have been embodied as a fleet wide modification/design change.
It would be also quite normal for design plans to just specify that it should be "screwed here", depending on standard practices to use the standard screw locking.
The original design supposedly had two screws, but was manufactured with one. When you have two fasteners (typically nuts, as opposed to screws...) they can be mutually secured with lock wire. That is very common.
It is decidedly not common to lock wire electrical terminal fasteners in aircraft, or anywhere else for that matter. Typically lock washers and self-locking nuts are used. I'm not a certified aircraft electrical system designer, so I can't say definitively, but there are some pretty obvious reasons: First, these are typically small fasteners: lock wiring is hard enough on large fasteners. Lock wiring tiny little nuts with small gauge wire approaches the unreasonable. Second, lock wire is not insulated, so you would end up with a rats nest of exposed conductors leading to your terminals. Clearly unworkable. I suppose someone, somewhere has done something that involved insulated lock wire, but I've never seen it, wouldn't know where to buy it, and can't imagine how you'd employ it without abrading the insulation.
The problem here is the shared ground terminal. Stacking wires on ground terminals is common, stupid and a plague on electrical systems. The clamping force on a wire's ring terminal (and, thus, it's contact resistance, mechanical friction, ability to inhibit corrosion, etc.) is distributed among all of the ring terminals stacked on a stud, screw, whatever. Stack just one new terminal with another and you've cut the clamping force on both in half.
Half.
You are now the "engineer" and when someone dies as a result of your field engineered electrical system it's your fault.
I don't follow how stacking two terminals cuts the clamping force in half.
If a screw provides 10lbs of clamp force, the equal and opposite reaction is that the thing it is screwed into must resist with 10lbs.
If you put one terminal in between it must transmit all 10lbs through itself or else the forces don't balance out and something must be accelerating.
If you then stack another one in there all the force must be transmitted through it also. So the screw clamps with 10lbs of force and both terminals feel 10lbs of clamp force.
I just can't figure out where you got the idea of "it cuts the clamp force in half" but I'm interested to hear.
The clamping force is distributed over an area: \sigma = F/A. Adding ring terminals increases the total clamped area, reducing the pressure seen at any point on the surface. Since increasing from 1 to 2 doubles A (assuming each has the same contact area) these surfaces see half the distributed force at every point.
It's easy to visualize if you replace the two rings with one enormous ring (and fastener, etc.) while F remains the same: obviously the distributed force at any point will be low.
The distributed force is crucial. Friction in real mechanical systems is non-linear. Conductors made of real materials vary in yield strength. A correctly engineered terminal must account for force, yield strength, area, vibration, dissimilar metals and other factors to prevent back off, gas ingress (thus corrosion,) high resistance etc. Real engineers don't do all the materials science involved here and no one would trust it if they tried: they rely on published standards, authored in blood.
Stacking ring terminals torpedoes all that: what was (relatively) simple with one ring becomes unanalyzed and prone to failure when stacked.
Ah I see. That analysis works if you neglect the free body diagram of the system. I agree with your analysis if one larger terminal were analogous to two smaller ones. But it is not.
When a bolt applies clamp force it does so to every thing in between the bolt head and the anchoring threads. All of the force is transmitted along the bolt shaft from the mating threads to the head of the bolt and then back down whatever is in between the bolt head and the mating threads.
If this were not the case no fasteners would work. The only exception is when you have multiple mating threaded regions, rust, etc.
If you put one washer in between the bolt head and the threads obviously it must feel the full force of the clamping, or else some force went missing.
If you put two washers in between they're both still trapped in this identical clamp force situation.
This can be extended by induction about as far as you'd like. Certainly 2,3,5,10 washers. Even to 100. Eventually gravity and other things start to creep in at much, much larger scales. If you wanted to clamp 1 million washers this simple analysis would fall apart of course.
I wonder whether using a switch that didn't have the third normally-closed terminal might have been another option. It then wouldn't have needed to be grounded at all.
You do want to ground it or EMI can come to bite you. If that long bit of wire is left floating it can act like an antenna. (SPST switches exist but they actively chose not to use one)
I did my first jump course at Weston-on-the-green a couple of years after this incident, and it was interesting hearing people talk about this with no actual detail, except blindly blaming 'Russian' equipment. Sad, because this tainted all An-28's for me for many years. Still, the Dornier 228 that replaced it was a fantastic aircraft which you don't seem to see many other places.
I didn't quite understand how the screw being loose triggered the system, but the screw falling out completely would have been ok. Did I misunderstand that section?
It does not say "screw falling out completely would have been ok." The screw provided a single point of electrical contact for grounding. When it became loose (thus less surface area contact with the chassis and hence increased resistance in that part of the circuit) or fell out completely (zero surface area contact with chassis and hence infinite resistance in that part of the circuit) the current took a completely different path to the ground with catastrophic results.
I think this use of phrase "in fact" in the article is a bit Russian or otherwise Slavic. This usage shouldn't be illegal in English but is less common.
Electricity needs both positive and negative connections made between power source to equipment to work, but some old vehicles only ran the positive(sometimes only the negative) wires, and used the entire vehicle body the negative wire. Idea is that the electrons are gonna find its own way, the body's thick as it gets as a conductor, it's fine if you knew what you're doing, it saves lotta weight.
In this case, one of such connections to the body was secured with a screw, which could loosen from vibration, which `in fact` did. It instantly caused electricity to look for an alternative way, which was through propeller feathering switch and feathering relays, which caused the airplane to needlessly stop flying.
I think using "in fact" there is ok, I didn't have any trouble understanding it. "Actually" might have worked as well? And the part that follows, "with the grounding screw pulled out sufficiently far" probably also includes "the grounding screw missing completely".
Screw is forgotten or snapped: nothing is holding the wires, the resistance of ground connection is too high, switches either don't work or misbehave when you test them before flight. A lot of curse words about servicing the damn thing is heard.
Screw gets more and more loose (alternatively, dirt or rust accumulates): less and less current flows through the contact point, more and more voltage is applied to relays. Generally, it is not enough to switch them, until one day another bump changes the position of wires, and ads some more resistance…
If something fails, it should fail as a whole. It's analogous to aborting the program on unexpected error versus ignoring it and hoping that everything else generally works OK.
When the ground screw came loose the voltage coming out of the flap switch traveled back up the feathering ground, causing the system to think the feathering switch was activated.
When part of an electrical circuit starts to "float" like this - becoming no longer anchored to some global reference voltage (usually chassis ground is considered 0V) - the observed voltages in other parts of the system can take on really byzantine values.
Yes. It never said that the screw falling out would have been ok. The effect would have been the same where the flap ground connection would have found its way home via the feather system. Loose vs completely gone are just two points on a continuum of badness.
It is important to read between the lines. It took 6 years for extension of previous model to turn into production design. Then it was dropped on comrades from a fellow Socialist country in a typical fashion of “intensifying economic development” (i.e. investing in specific industries in exchange for loyalty). Then it took 6 years again for actual planes to come out of factory, and become certified. And it wasn't a Concorde. The project was really low on the list either on the demanding side, or on the supplying side, or on both sides (remember that in “planned” — single big corp — economy, you might be assigned a useless work if it has been decided once, and got into the papers).
Enjoyable article. I love debugging/troubleshooting articles like this (loved the TV series "Air Crash Investigation") and always marvel at how much layers-upon-layers of complexity exists in such systems and yet everything works perfectly well most of the time. It is a testament to the scientific prowess, logical layering, technological realization and overall ingenuity of the people involved in designing and implementing the system.
Putting on my conspiracy tinfoil hat, i don't think it was bad design/error/accidental that the production introduced this single point of grounding failure even though the original designs had explicitly called out for at least two grounding points. Why? Because it is the easiest method to get rid of
"somebody/somebodies" and pass it off as an accident i.e. charter this plane for them, have your assassin loosen the screw before takeoff and let the vibrations in mid-flight do the rest.
That theory fails on 2 points. One is as this crash points out, it's hardly a reliable way of killing someone. The other is that it would be easier to just cut the wire, and it's just as easy to cut 2 wires instead of 1.
Nah; Cutting the wires will not even get this plane off the ground. As for the first objection, this crash was exceptional in that the pilots seemed to have been quite skilled to have managed the landing the way they did. This is a very low probability event and luck seemed to have been on their side which will not always be the case. There is always some indeterminacy involved in faking an accident and that cannot be helped. But you can certainly stack the odds in your favour.
This line of thinking is motivated by what has been going on with Boeing crashes, Boeing whistleblowers dying left and right and of course the most recent chopper crash involving the death of the Iranian President and the consequent swirling theories.
The plane could absolutely get off the ground, especially if the flaps were set before engine start or on the previous landing.
Further to my point, the ground point was in an inaccessible location. Hence why it was able to come loose without being noticed, making it even more unlikely to be tampered with.
In addition, it's not like the Soviet Union needed to engineer convenient accidents to kill undesirable people, they were more then happy to do it openly.
Finally as an aside, as an actual aircraft mechanic I have some suggestions about where you can put your thoughts on my line of thinking.
> The plane could absolutely get off the ground, especially if the flaps were set before engine start or on the previous landing.
Both are i think low probability events.
Also if the electrical path through the grounding screw were already cut and the engine turned on, will the current flow through the erroneous circuit given in the article or not? If so, then the article states the propellers will be held at feathered position and thus generate no thrust, the engine failure detection system will activate and shut off fuel to both engines. If not and there is a different circuit in this case then it is not given.
Second, it is because this is a Soviet Union product that i put on my conspiracy hat and imagined some "what-ifs". They were pretty big in these sorts of sneaky shit.
Finally, i don't understand your last remark; i was merely commenting on the current suspicious environment surrounding the recent aircraft disasters.
It amazed me that everyone on board could think straight at that altitude — it really affected me dropping to two thirds atmospheric pressure so suddenly. As I recall we didn’t spend long at altitude: the aircraft and the sky divers went pretty much straight up then straight down again with surprisingly little difference in time spent in the air between them and us. You’d want to have your wits about you anyway when jumping out of a plane, let alone one where the landing site is next to two busy roads (the newly built M40 near the Oxford/Bicester A34 junction.)
(And yes, if you’d told me in the early 90s that you were going to take a flight in a second hand soviet turboprop I’d say take a parachute because you must have a screw loose. Turns out both were the case.)