Placing the batteries in a steel cased compartment with a vent to the exterior of the plane to limit future, perhaps inevitable explosions and fires is an example of
1) __ An inspired engineering fix
2) __ A kluge
3) __ A feature, once the proper FAA documentation has been filed
Mitigating your failure modes is an important and legitimate part of engineering. If anything, designing your product as if it can't possibly fail in horrifying ways is the surest way to kill several hundred people at once.
Yep, it's an inspired kludge that results in a nice feature. If you design a machine never to fail, you only ensure that you can't recover when it does fail.
There's noting inspired about "put the fire hazard in a fireproof box". I'm not sure it amounts to a kludge, either - it's a quick fix, and probably not the most elegant one possible, but there's a good chance it would have been deemed the most cost-effective solution even without the time pressure.
The sarcasm isn't warranted. This is appropriate. The actual engines on these planes have non-zero failure rates. Every year or so (someone will have to look up stats because I'm too lazy) a jet lands with the smoking remains of one under its wings.
Stuff breaks. The goal of safety engineering is as much to reduce the impact of failures as it is to reduce their frequency. Everything is about tradeoffs.
The original design, years in the making, was based on batteries that would never catch fire.
They have moved from never catch fire, in a period of a few months, to batteries they hope will not catch fire, with features to enable survivability should a battery catch fire.
If this new design is appropriate, that earlier design was engineering malpractice.
I doubt this design would be the outcome of the same Boeing design engineering effort without the get it to market time constraint. Just like when a web service goes down mysteriously and the engineers desire is to take it down and debug it and the required response is to patch it, and get her flying again. But I wouldn't term that "design" or "engineered".
"Malpractice" seems like a loaded word chosen more for debate impact than suitability. We can certainly agree that the original design was wrong (or "mistaken" if you want to load it on the other side). Isn't that enough?
I honestly don't know. I am hard put to explain what malpractice might be for a lawyer or doctor that wouldn't be the same for the largest US manufacturer of aircraft and her engineers.
This was a huge mistake, and it seemed as though they should've known.
While the failure rate is certainly not zero (Hudson miracle, Qantas A380 engine explosion) jet engines are so extremely reliable that I doubt such statistics can even be found.
There are additional safeguards when it comes to a jetliners powerplants. For example: The oil is never exchanged at the same time in all engines on a plane.
I fail to see, however, what this has to do with burning batteries on a plane.
A fire on a plane in flight is one of the worst imaginable scenarios, while the chances to land a plane without engine power are actually quite good. Unless you're in the middle of an ocean, that is.
Jet engines fail with decent regularity. It's not exactly common, but nor is it too rare to measure. For example, this claims a failure rate of about once per thirty years:
A contained battery overtemp failure is not a big deal, but an uncontained battery thermal runaway is a huge safety issue.
Qantas A380 was a extremely rare uncontained failure, the most serious type of malfunction. The Hudson A320 was a double engine failure, also is extremely rare. There have been incidents of maintenance SNAFU causing oil loss in all 3 engines on a DC-10, but ETOPS rules for twin aircraft prevent such incidents from maintenance causes.
An uncontrolled fire on a plane is a worst case scenario, and ironically in some cases a water ditching might actually be advisable. A contained and extinguished engine fire in one engine is not nearly as critical.
This Airbus documents suggests a failure rate of of <1 per 100,000 flight hours [1]. (just an FYI, pretty increasing. 40 fold decrease since start of the jet liner era).
I think the point he was trying to make is that while Boeing's actions clearly do not reduce the risk dangerous battery fire to zero, Boeing not only does not have to reduce it to zero, but really there should be no expectation that it be reduced to zero, given that we already fly accepting some sort of failure rate on the engine. This stems from the original posters implication that Boeing just used some sort of cheap hack fix so they could stem the deluge of bad PR and start making money again - with the further implication that the actions taken are a cheap hack fix since they clearly do not reduce risk to zero.
I would imagine that increasing the spacing between the cells actually fixed the problem, while the case and vent are just limiting the PR and financial liability.
The spacing between the cells minimizes the chance of a multi-cell cascading fire. I think they also changed the charging controller to better monitor the battery status and charge/discharge current. Changing the controller was part of the "fix".
I'm guessing at some point, they'll make a change to the Lithium cell chemistry for enhanced safety. Changing the chemistry of the battery, and controller software updates is the real fix. The rest is just failure mitigation.
pooch, your post is appearing as [dead] to me so your account may be hellbanned, which you may want to get fixed since you've made an informative post that many users won't be able to see.
"From an electrical engineering standpoint, that makes no sense. Thermal runaway starts when too much power is being drawn from the batteries and they begin to overheat until exploding or melting, their promixity to each other may limit the damage of an overloaded or malfunctioning cell, however the core problem remains, why are 787 electronic systems overloading the batteries?"
"If one cell explodes or melts, you still essentially have a fire in progress. Protecting the other cells buys you time, but how much time do you have when there is fire on a plane?"
"Obviously its a design issue, probably very complex that Boeing simply doesnt have the time and money to investigate thoroughly."
"So this is a patch. Nothing I have read indicates an engineering approach was taken to prevent the previous result."
It is a necessary engineering fix. Any new design they introduce will have to go through extensive testing and verification that will take months. The goal here is to be able to assure the authorities and the public of absolute safety as quickly as possible.
You have multiple factories staying still at an enormous cost because of this. You have angry customers that have billions of dollars worth of planes standing still (while they have to pay interest on those billions of dollars). This is not the time to get creative.
If they were starting from scratch they certainly should have done something better and put it through the usual verification channels. But there is no time for this now.
I don't believe they idled their factories. In fact, there was an article about how they had to find parking for all their newly assembled airplanes while they were grounded:
and, what if they DIDN'T put a fireproof box around the batteries that had caught on fire multiple times in the past, when given the opportunity as the whole fleet was grounded?
Airliners use generally two likelihoods of a failure: once in a billion hours for events which can bring down the plane and once in 10 million hours for events which don't take it down alone, but a combination of those can.
The problem with the batteries is that they were certified to fail once in ten million hours but failed twice in 50000 hours. If both engines fail (unlikely, but it can happen -birdstrikes, fuel contamination, it is one of the 10 million events), you need the main battery for powering avionics (if it fails you're screwed) until APU is started and providing power (you have about 10 minutes, 2 APU start attempts). The APU battery is needed to start the APU. Unfortunately, APU has fire protection which needs power to run, which is drawn from the APU battery. So if APU battery fails at any time after APU start, the system will shut the APU down and you'll lose all the power.
What do you mean by 'sustainable'/and your argument for that is?
An argument why this would be a working solution: the entire design went for fuel efficiency. Apparently, they were overconfident in the reliability of some parts. This fix adds some weight to diminish the impact of the unreliability of those parts.
On the other hand, give that these planes probably will fly for half a century or more, it would be very unlikely if they never modified this design in the future. For example, further testing might show that this new steel container is stronger than needed, or materials might improve, or new battery technology will half the volume of these batteries, etc.
One thing to note re engine failure vs battery failures. In the 787 the electrical power generation for hydraulic systems has been replaced by electrical systems powered by these batteries.
If an engine fails, you can still land the plane. If these batteries fail, you cannot. You have no power to guide the plane to a safe landing.
If the battery fails, you still have power from the engine, APU generators, and if all else fails the ram air turbine, no? According to [1], one battery is used only for ground operations or backup braking power (so the primary braking ought to still be operational if the battery fails) and the other powers the APU starter motor and provides temporary power in the event of a failure of engine generators until the RAT is operational.
You may not need power from the failed battery, but the thermal runaway scenario sounds rather terrifying. Sort of like a nuclear power plant in meltdown. Having read that Aviation Week article, my inclination would be to use nickel-cadmium and just deal with the extra weight, which is only a factor of two. But my job is not to design airplanes.
