back to article Military helicopter crash blamed on failure to apply software patch

An Australian military helicopter crash was reportedly caused by failure to apply a software patch, with a hefty side serving of pilot error. The helicopter in question is an MRH-90 Taipan operated by the Australian Army and was engaged in what’s been described as “a routine counter-terrorism training activity” on March 23 …

  1. Chris Gray 1

    Hmmm

    Was the copter unreliable because of a long history of software patches not installed, or were the patches not installed because of a long history of unreliability leading to no interest in maintaining them?

    Perhaps just a vicious circle of at least those two.

    1. Anonymous Coward
      Anonymous Coward

      Re: Hmmm

      At least it's not like Windows updates that are forced out and are enforced on a schedule......

      1. david 12 Silver badge

        Re: Hmmm

        Windows updates aren't enforced on a schedule. That's just the default setting.

        1. Anonymous Coward
          Anonymous Coward

          Re: Hmmm

          Not where I work they're not

    2. Anonymous Coward
      Anonymous Coward

      Re: Hmmm

      I can't believe no one has commented about it being

      A patchy Helicopter

      yet

      1. EricB123 Silver badge

        Re: Hmmm

        Please, please shoot me.

        1. Stuart Castle Silver badge

          Re: Hmmm

          Re: "Please, please shoot me."

          Well, you could go to Australia and have someone drop a helicopter on you.

    3. Alan W. Rateliff, II

      Re: Hmmm

      Was the copter unreliable because of a long history of software patches not installed, or were the patches not installed because of a long history of unreliability leading to no interest in maintaining them?

      They ran out of 5.25" disks for the updates.

  2. jgarbo
    Facepalm

    Stillborn

    "Well, sir, it's unreliable, badly designed and expensive to fly."

    "OK, mate, we'll take 46."

    Another Australian winner.

    1. ZaphodHarkonnen

      Re: Stillborn

      Don't worry. NZ will buy all yours and suddenly they'll behave as expected. Just as we did with the Seasprites.

      Turns out going custom on half the design makes things messy. Instead of just adapting your processes to how the system was actually designed to work.

  3. Anonymous Coward
    Anonymous Coward

    Patch of beach

    Don’t swim there mate, there’s a nasty rip.

  4. AbnormalChunks

    NH90 = Norwegian Blue

    Not mentioned in the article but the Norwegian military have unceremoniously dumped their fleet of these choppers. They're also suing Airbus Helicopters because the reliability was so poor and the costs so high. Norway has now bought Seahawks, the naval version of the Blackhawk. In a rare move, the UK wasn't involved in this program!

  5. Anonymous Coward
    Anonymous Coward

    The one time "Have you tried turning it off and on again" didn't work?

  6. Potemkine! Silver badge

    Many users complain about this helicopter, and not only Australia and Norway. Belgium also plans to decommission this model, and in France as the Navy as the Army are not happy. What is weird is that other nations seem to have high availability rates

    I wonder if they are still operated to find a way to subsidize Airbus Helicopters.

  7. Steve Kerr
    Joke

    Possibly "Windows for helicopters" wasn't such a good idea.

    Windows: Your update has been installed and restart has been issued, please do not turn off your helicopter during this process.

  8. lglethal Silver badge
    WTF?

    What is it with Australia and modern Military helicopters? Apart from the Tiger's, do any of them run properly?

    1. Yet Another Anonymous coward Silver badge

      Helicopters don't work well upside down

      1. lglethal Silver badge
        Trollface

        Ah that explains it. The Tiger can fly upside down, so that's why it works fine in Aus.

        Thanks for clearing that up.

      2. This post has been deleted by its author

  9. Mr F&*king Grumpy
    Headmaster

    "While the ditching of the copter in March was embarrassing, Australia ditched the type"

    So was it embarrassing, or was the pilot just obeying orders?

    1. Steve 53

      We know from oh so many crash investigations that "normal procedure" can deviate from "documented procedure" over time.

      No doubt the other chopper pilots are actually following the proper procedure now, and everybody is reminded regularly "Do this, and you might end up swimming", but it takes somebody experiencing the consequences to avoid little shortcuts. Hence the software patch was the best option, can't follow sloppy procedure if the system doesn't allow it

      1. This post has been deleted by its author

  10. Hans Neeson-Bumpsadese Silver badge

    This makes the usual advice of "try switching it off and back on again" sound a lot more risky

  11. Atomic Duetto

    It’s no longer a wallowing Helo.. it was fished out of the Capitals very lovely Jervis Bay early on the 24th March.

    As an aside, I learned how to scuba dive there.. magnificent rays and other assorted delicious marine things.

    No doubt as the nuclear power plant was never finished.

    1. Michael Hoffmann Silver badge

      The Capital?

      Jervis Bay is near Canberra?

      I mean, yeah, when we first moved to Australia, they told us the old joke about "Canberra is the capital, Melbourne used to be, Sydney thinks it is (*)"

      (*) and Brisbane is the capital of a wholly different country named Queensland

      1. lglethal Silver badge

        Re: The Capital?

        Because the Australian Capital Territory needed to have a coast line (for some reason), Jervis Bay is officialy part of the ACT. The fact that its 120km (as the crow flies) from the nearest part of the ACT doesnt matter to the politicians obviously...

        1. Atomic Duetto

          Re: The Capital?

          The reasons why Canberra was chosen to lay nestled in the bosoms of Mt Ainsle and Black Mountain are even more Pythonesque

        2. Michael Hoffmann Silver badge
          Thumb Up

          Re: The Capital?

          Thanks for that! TIL!

          Guess if you went to school here, you'd learn that. Immigrants don't - though that sounds like one of those citizenship exam questions.

        3. eldakka

          Re: The Capital?

          > Because the Australian Capital Territory needed to have a coast line (for some reason)

          The 'some reason' was for a port. Don't forget this was 1915, when airplanes were still mostly a curiosity, and well before they became a significant civilian transport option. In those days, shipping still ruled inter-continental passenger transport. Therefore it was important that the capital territory had access to its own seaport, at least in the eyes of people at the time. Things have changed since then of course, as most passenger travel is via airplane, and as Canberra never developed into an industrial hub it's not like it needed large amounts of its own shipping capability, what was necessary was easier provided through existing terminals in Melbourne and Sydney, especially after road transport became a thing and decent highways were built inland.

      2. Mayday
        Childcatcher

        Re: The Capital?

        It’s not near Canberra, but is administered as if it’s part of the ACT. By definition it’s the the Jervis Bay Territory. AFP are the cops and cars have ACT rego. Politics provided by ACT senators and are a part of one of the ACT’s lower house seats.

  12. Doctor Syntax Silver badge

    Why turn off a helicopter engine in mid-flight, even if intending to restart it? It sounds like the last thing you'd want to do - in fact the last thing your would do>

    1. Anonymous Coward
      Anonymous Coward

      Why turn off a helicopter engine in mid-flight, even if intending to restart it?

      I doubt that was what happened, you'd have to be extremely tired of life to risk that manoeuvre.

      I'm assuming that pilots have been doing hot starts on the ground during day to day operations, and as the engine isn't designed to cope with this, it's caused issues (such as lubrication failure, overheating etc.) leading up to the aircrew's involuntary swim.

      1. Anonymous Coward
        Anonymous Coward

        Also, also

        Another one of the issues you can get with hot starts is "rotor bow". As the engine cools, it does so unevenly, which results in bending of the shafts. This settles after a while, and the rotor returns to being straight, but if it's restarted in the bent condition, it can result in contact between the compressor blades and housing, or result in bearing wear. As such, you are often required to wait several hours between engine starts on some engines.

      2. EvilDrSmith Silver badge

        I think I have seen reference to this in the dim-and-distant past: With gas turbine powered engines, if a helicopter needs to wait on the ground for any length of time, they don't routinely shut down to save fuel, because restarting takes life off the engine (though I thought it was more that the engine life was measured in number of start-ups as well as pure running hours).

        A quick look on the internet found this:

        https://www.powerengineeringint.com/coal-fired/equipment-coal-fired/turbine-trauma-the-risk-of-the-start-stop-cycle/

        So it seems to be a thing for gas turbine engines used for electricity supply, too.

        1. Doctor Syntax Silver badge

          Thanks for the enlightenment folks.

          The frightening thing about idling on the ground is that the rotors keep going. I remember sitting in on a coroner's inquest about a squaddie who walked into the tail rotor - and being a bit unnerved getting out of a Lynx on sloping ground.

        2. The commentard formerly known as Mister_C Silver badge

          Not just Gas Turbines

          Steam Turbines are also susceptible to "hogging" - where the shaft bends like a hog's back - if they aren't idled occasionally whilst cooling down after use.

          Remembering that I know that makes me feel oh-so-very old.

      3. Spazturtle Silver badge

        Operating complex equipment out of spec can cause strange malfunctions.

        There was a (non fatal) crash of a A320 that was being used for training a few years back (Flight 9001), there were doing touch and goes, normally when the wheels contact the runway a pressure sensor tells the computers to enter landing mode.

        But this is undesirable during touch and goes so pilots use the manual controls to override the computer, when the manual controls are being used a rod presses down a microswitch to tell the computer that is is being overridden.

        What the pilots didn't know is that the wrong lubricate had been used on this rod, so it was not making contact with the microswitch, this meant the ELAC flight computer that controls the elevators thought that it was having a malfunction and shut down lettings it's redundant twin take over.

        A single ELAC failure is not considered urgent so the warning will not show during takeoff or landing in order to not distract the pilot.

        On the next touch and go the other computer also thought it was malfunctioning and also shut down, when both elevator control computers are offline control of the elevators is handed over to a different set of flight computers called the SEC.

        But exactly as this happened the plane bounced off the runway, the two SEC computers poll the landing gear sensors every 120 miliseconds to check if the plane is on the ground, but they are not synchronised, one polled the sensors and decided that the plane was on the ground and the other detected that the plane was in the air both imminently detected that discrepancy and declared a fault and both shut off.

        This left the plane in the air with no running flight computers capable of controlling the elevators or horizontal stabilisers, a warning sounded that use manual pitch trim only, the plane hit the runway hard with both engines striking the runway before the plane went airborne again, the impact caused the flaps to malfunction and both engines to catch fire. The safety pilot observing eventually figured out what was going on and took over pulled out of a 2.4G dive and managed to land the plane after doing a go around.

        A tiny deviation from spec can cause massive faults, modern aircraft are only as safe as they are during to the maintenance standards and tight specifications and protocols.

        1. Cris E

          "Yes, but what happens when all four of the flight computers shut themselves off?"

          "Oh come on, you're just being an ass at this point."

          "I don't know, things happen..."

        2. An_Old_Dog Silver badge

          Tiny Deviations

          So, modern aircraft are safe as long as fallible humans do everything they are supposed to do, and do it all perfectly?

          I'd like to restrict my flying to older aircraft which aren't computerized (even at the expense of extra fuel), but aircraft that old probably have exceeded their airframe's design lifetime ...

          1. LogicGate Silver badge

            Re: Tiny Deviations

            ..and older aircraft which weren't computerized tended to fall out odf the sky at a rate which today would be viewed as alarming.

            The complexity is there for a reason, and the reason often has to do with safety.

      4. david 12 Silver badge

        Reminds me:

        When Dick Smith made his (historic) round-the-world flight-by-helicopter, he'd land and be greeted by local politicians / royalty.

        Who would stand waiting while the pilot (Dick Smith) sat in the helicopter, with the engine turning for the required cool-down period. (Bell Jetranger).

        But the other thing that happens is that full power is normally applied at start-up, and start up normally happens on the ground, where it is hotter and there is no wind. If some part of the system (engine, electronics or hydraulics) is already hot, it can overheat during start-up.

        1. Unoriginal Handle

          Some slight clarifications...

          Yes it's very likely hotter on the ground than in the air, but there is almost always some wind. A prudent turbine helicopter pilot will leave the helicopter parked into the wind, or where they think the wind will be coming from when they next go to start up. That way, there's a flow of air already into the compressor and thence the combustion chamber reducing the amount of work the engine has to do to get going and reducing the chances of a hot start. And the helicopter manual details time restrictions and temperature limits between last shut down, and what the max temperature is at the time you next go to start it up.

          "Full power is normally applied at start up". Not in my experience, but this may be semantics. In a Jet Ranger the throttle is kept closed until the electric starter motor has wound the thing up to a certain speed (12-15% IIRC) then fuel is introduced by moving the throttle to the idle stop, with the starter button kept depressed until the whole thing is self sustaining. Full power - or at least the power required to get into a hover then transition to forward flight - is only used when you actually want to leave the ground, and just before this stage the throttle has been gently opened to get the rotor blades to flight RPM, then the collective is raised - adds fuel to counteract increased drag and temperatures then go up accordingly.

  13. Fruit and Nutcase Silver badge
    Happy

    Surf Rescue

    Did Chopper Squad come to the rescue in the Jet Ranger?

  14. Mike 137 Silver badge

    Inevitable, given current standards

    "The patch in question prevents pilots of the MRH-90 Taipan from performing a “hot start” of the helo’s engine, a technique that sees the craft’s motor powered down and then restarted. The MRH-90 is not designed to do that, with safe procedure instead being to leave the engine idling"

    Interesting then that a 'patch' was needed. ideally, the machine should not have been released capable of hot starts at all, and this is already by no means a unique kind of error in the field of aeronautics software. As a long in the tooth engineer I've noted that as software has intruded on other domains of engineering their previously established standards of safety and reliability have declined.

    We have to raise software design and development to a genuine engineering discipline to prevent this decline reaching catastrophic proportions. The fundamental need is for proper education in software engineering, based on first principles, attention to detail and acceptance of responsibility for outcomes. I've recently been investigating training in the subject for a UK govt. review of software security and resilience, and I find that even on degree courses professional ethics and defensive programming are hardly mentioned: the latter (if present at all) typically relegated to an optional final year module, and current commercial developer training provides little more than exposure to the knobs and levers of specific languages and proprietary dev environments. The result is an almost complete lack of real professionalism which readily explains cock-ups like this one, but they can unfortunately be lethal nevertheless.

    1. Notas Badoff

      Re: Inevitable, given current standards

      This comes closest to the rather obvious non sequitur: a military helicopter that can't be used flexibly. That spends some of the day unable to respond to emergencies.

      I... I... think I'll shut down now as my brain is overheating... See you tomorrow.

      1. Anonymous Coward
        Anonymous Coward

        Re: Inevitable, given current standards

        Someone once worked on military radios, where they encountered a software-defined radio built by a major US defense contractor. This cubic foot of tech took several minutes to boot up before it could function. It was meant for use in tanks, I believe. So imagine: you're in the middle of a tank battle, your software radio has a glitch and must reboot, and you're out of communication for 5-10 minutes. The mind boggles at how anyone thought such a system was worth paying millions for.

        -- anon for the obvious reasons

    2. SimonL

      Re: Inevitable, given current standards

      "Interesting then that a 'patch' was needed. ideally, the machine should not have been released capable of hot starts at all"

      I came to say something similar. Either "Wow" the engine was released without the safety interlocks inplace to prevent a hot start - OR during development it was not tested enough to discover hot starts were a ..errr... non-starter.

      1. david 12 Silver badge

        Re: Inevitable, given current standards

        That's harder than you might think. The helicopter doesn't have temperature sensors on every possible part of every possible part, and it doesn't have timers on every possible action.

        How do you know if the engine is "hot"? Which part of the flight sequence starts the timer? If it's all so smart, why does it even need a pilot?

  15. Ideasource Bronze badge

    This is pilot error.

    The software patch is a plan b.

    Plan A is competent pilots that do their homework on a particular model of helicopter, before they fly it.

    1. Sorry that handle is already taken. Silver badge

      Re: This is pilot error.

      Blaming the pilots sounds like an administrative solution to a design flaw

  16. Anonymous Coward
    Anonymous Coward

    wondering

    I'm wondering if the anti-hot start has an override.

    It's not directly relevant to this story, but I can imagine situations where a military helicopter that was recently shut down may need to restart NOW. If you've come under unexpected attack, the added stress on the engine is probably much less damaging than whatever your enemy wants to shoot at you.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like