Letter to the Editor
Capt. “Sully” Sullenberger
New York Times Magazine
Published in print on October 13, 2019
In “What Really Brought Down the Boeing 737 MAX?” William Langewiesche draws the conclusion that the pilots are primarily to blame for the fatal crashes of Lion Air 610 and Ethiopian 302.
In resurrecting this age-old aviation canard, Langewiesche minimizes the fatal design flaws and certification failures that precipitated those tragedies, and still pose a threat to the flying public. I have long stated, as he does note, that pilots must be capable of absolute mastery of the aircraft and the situation at all times, a concept pilots call airmanship. Inadequate pilot training and insufficient pilot experience are problems worldwide, but they do not excuse the fatally flawed design of the Maneuvering Characteristics Augmentation System (MCAS) that was a death trap.
As one of the few pilots who have lived to tell about being in the left seat of an airliner when things went horribly wrong, with seconds to react, I know a thing or two about overcoming an unimagined crisis. I am also one of the few who have flown a Boeing 737 MAX Level D full motion simulator, replicating both accident flights multiple times. I know firsthand the challenges the pilots on the doomed accident flights faced, and how wrong it is to blame them for not being able to compensate for such a pernicious and deadly design.
These emergencies did not present as a classic runaway stabilizer problem, but initially as ambiguous unreliable airspeed and altitude situations, masking MCAS. The MCAS design should never have been approved, not by Boeing, and not by the Federal Aviation Administration (FAA).
The National Transportation Safety Board has found that Boeing made faulty assumptions both about the capability of the aircraft design to withstand damage or failure, and the level of human performance possible once the failures began to cascade. Where Boeing failed, the Federal Aviation Administration (FAA) should have stepped in to regulate but it failed to do so.
Lessons from accidents are bought in blood and we must seek all the answers to prevent the next one. We need to fix all the flaws in the current system — corporate governance, regulatory oversight, aircraft maintenance, and yes, pilot training and experience. Only then can we ensure the safety of everyone who flies.
The above letter to the editor was mentioned in the article Self-regulation failed with banks, but with aircraft it can kill/. This article goes into considerably more detail concerning the structural regulatory deficiency that led to the 737 Max crashes.
I like the fact that, in Minecraft, kids take basic rules and do things the game’s authors never envisoned.
Take a look at this article in The Atlantic Monthly where, a 46-year-old father who is anti everything online tries the game to see what attracts his son to it. As you might expect, it surprises him:
Can it be true that in Minecraft, to apply a line of Philip Larkin’s, how we live measures our own nature? An octopus’s garden, a whirling hall of knives … Choose, minecrafter. Build. It’s all you. My son, to my astonishment, is building an international airport. Me, I’ve killed a couple of cows.
The article Why is my WiFi slow? Why does my WiFi keep dropping out? addresses the technical issues of why WiFi sucks, but just treats the situation as given from G-d. It’s not. This is what happens when the mantra of “all government is bad” gets applied to the FCC. They do nothing and let an essential service develop in a way that’s not reliable.
And, by the way, because the article only covers current problems, it doesn’t talk about one of the bigger technical fiasco’s of the 20th/21st century, the woefully inadequate WEP encryption that was the WiFi standard for more than 10 years.
|This is an edited version of http://www.datastax.com/documentation/cassandra/2.0/cassandra/architecture/architectureIntro_c.html (Under Documentation > Home> Understanding the architecture > Architecture in brief ) for feedback purposes.
In this edited version, I tried to explain things by what they’re supposed to do, rather than how they work. Ben Slade
Architecture in brief
An overview of Cassandra’s structure.
Cassandra is designed to handle big data workloads across multiple nodes with no single point of failure. Its architecture is based on the understanding that system and hardware failures can and do occur. Cassandra addresses the problem of failures by employing a peer-to-peer distributed system where all nodes are the same and data is distributed among all nodes in the cluster [can a cluster be defined across data centers? yes]. Each node exchanges information across the cluster every second [same for multiple data centers?]. A [sequentially written] commit log on each node captures write activity to ensure data durability. Data is also written to an in-memory structure, called a memtable, and then written to a [append only] data file called an SSTable on disk once the memory structure is full [can the same data be in the memtable and the SSTable at the same time? Ie., can the memtable act like a cache?]. [Is the commit log truncated when data is written to the SSTable?] All writes are automatically partitioned and replicated throughout the cluster. Using a process called compaction Cassandra periodically consolidates SSTables, discards tombstones (an indicator that a column was deleted), and regenerates the index in the SSTable.
Cassandra is a row-oriented database. Cassandra’s architecture allows any authorized user to connect to any node in any data center and access data using the CQL language. For ease of use, CQL uses a similar syntax to SQL. From the CQL perspective the database consists of tables. Typically, a cluster has one keyspace per application. Developers can access CQL through cqlsh as well as via drivers for application languages.
Client read or write requests can go to any node in the cluster. When a client connects to a node with a request, that node serves as the coordinator for that particular client operation. The coordinator acts as a proxy between the client application and the nodes that own the data being requested. The coordinator determines which nodes in the ring should get the request based on how the cluster is configured. For more information, see Client requests.
Key components for configuring Cassandra¶
- Gossip: A peer-to-peer communication protocol to discover and share location and state information about the other nodes in a Cassandra cluster.Gossip information is also persisted locally by each node to use immediately when a node restarts. You may want to purge gossip history on node restart for various reasons, such as when the node’s IP addresses has changed.
- Partitioner: A partitioner determines how to distribute the data across the nodes in the cluster. Choosing a partitioner determines which node to place the first copy of data on.[Partitioners use various algorithms to assign the key value of a data row to an integer “token”.] You must set the partitioner type and assign the node a num_tokens value for each node (the more tokens assigned to a node, the more data will be stored there). [New configurations typically use virtual nodes to evenly spread tokens across (physical) nodes]. If not using virtual nodes (vnodes), use the initial_token setting instead.
- Replica placement strategy: Cassandra stores copies of data [a “copy of data” or “replica” is a group of data rows mapping to the same token value] on multiple nodes to ensure reliability and fault tolerance. A replication strategy determines which [on how many redundant] nodes to place replicas [within a data center, if applicable]. The first replica of data is simply the first copy; it is not unique in any sense.When you create a keyspace, you must define the replica placement strategy and the number of replicas you want. [The NetworkTopologyStrategy is highly recommended for most deployments because it is much easier to expand to multiple data centers when required by future expansion If using data centers, you define the number of replicas you want in each data center. Each data center holds a copy of all data].
- Snitch: A snitch defines the topology information [eg., racks and data centers] that the replication strategy uses to place replicas and route requests efficiently. [By default, the snitch software monitors the performance of reads from the various replicas and chooses the best replica for reading based on this history]You need to configure a snitch when you create a cluster. The snitch is responsible for knowing the location of nodes within your network topology and distributing replicas by grouping machines into data centers and racks.
- The cassandra.yaml file is the main configuration file for Cassandra. In this file, you set the initialization properties for a cluster, caching parameters for tables, properties for tuning and resource utilization, timeout settings, client connections, backups, and security.
- Cassandra stores table properties in the system keyspace. You set storage configuration attributes on a per-keyspace or per-table basis programmatically or using a client application, such as CQL.By default, a node is configured to store the data it manages in the /var/lib/cassandra directory. In a production cluster deployment, you change the commitlog-directory to a different disk drive from the data_file_directories.
The following are excepts from The Atlantic Monthly article Can We Trust Google With the Stratosphere?
Google’s balloons’ primary mission might be to deliver Internet service, but it’s their aviation technology that is the real innovation. These balloons operate in the stratosphere, 12 miles up. Unlike unmanned weather balloons, they are capable of staying afloat for months, maybe years at a time. Each Loon balloon is about 50 feet wide and 40 feet high, relying solely on helium for lift. The envelope, or “balloon” part of the balloon, is one-tenth of an inch thick polyethylene fabric, lightweight and relatively delicate, but strong enough to withstand the high pressure differential of great altitudes. Google’s super-pressure balloons each have dual automatic air vents, which a remote pilot at Google Mission Control uses to control altitude by adjusting outside air levels. Tracking their every move by GPS, Google Mission Control says they can not only make them hover to a certain extent, but effectively navigate the Loons around the globe for weeks on end.
Each Loon balloon has three radio frequency antennas (on 2.4 Ghz and 5.8 Ghz bands) and a ground-pointing WiFi antenna, which beams an Internet signal to Earth in a 12-mile radius.
Google’s Loon balloons can talk to each other, and control themselves.”We use a distributed mesh network, so each balloon is pretty autonomous and has pretty much the same hardware in it,” Sameera Ponda, a lead aerospace engineer at the Dos Palos site that day, said on the video stream. “As one balloon floats over a certain area that balloon is talking to the ground antennas, and as that balloon floats away, another balloon comes in and takes its place, so it’s a pretty seamless operation.”
The extreme height at which Google’s Loons can flexibly operate raises a lot of questions. Where will they go? To what jurisdictions are they subject? Who regulates the stratosphere? Are they subject to physical intervention? And what will it mean for the world when Google breaks precedent, and achieves a stable stratospheric communications platform where everyone else has failed?
It’s crucial to figure out who controls the open space where Google’s Loons fly, and this is more difficult than it would seem. In the U.S., there are four classes of controlled airspace. According to the Code of Federal Regulations, Classes B, C, D, and E are below 10,000 feet, and designed to control lower traffic around airports. Class A covers airspace between 18,000 feet and where flight level begins to max out, around 60,000 feet (roughly 12 miles). Above that is the stratosphere, where Earth’s atmosphere gradually dissipates into outer space and the Loon balloons will fly in droves. Though there’s no point where space “begins,” the Kármán Line (327,360 ft.) has typically served that marker. Between where planes can fly and the Kármán Line, though, there’s almost 19 miles of unregulated stratosphere. Though there’s been debate, the stratosphere is generally considered sovereign airspace, but for most countries, it is un-policeable. Not only legally, but physically; no one can get high enough to touch it.
Hardly a speck in the blue overhead, ‘unmanned free balloons’ are the least regulated class of aircraft. With its Project Loon, Google is venturing into not one but two vast open spaces — the law and the sky.
WordPress is really quite nice to use for a blog. It takes a little getting used to, but it’s clearly a highly tuned application that’s gone through multiple iterations of improvement. Still gotta change that kumbaya banner photograph that came with the default installation though.