Slashdot Mirror
Boeing To Make Key Change in 737 MAX Cockpit Software (wsj.com)
Boeing is making an extensive change to the flight-control system in the 737 MAX aircraft implicated in October's Lion Air crash in Indonesia, going beyond what many industry officials familiar with the discussions had anticipated. From a report: The change was in the works before a second plane of the same make crashed in Africa last weekend -- and comes as world-wide unease about the 737 MAX's safety grows. The change would mark a major shift from how Boeing originally designed a stall-prevention feature in the aircraft, which were first delivered to airlines in 2017. U.S. aviation regulators are expected to mandate the change by the end of April.
Boeing publicly released details about the planned 737 MAX software update late Monday [Editor's note: the link may be paywalled; alternative source]. A company spokesman confirmed the update would use multiple sensors, or data feeds, in MAX's stall-prevention system -- instead of the current reliance on a single sensor. The change was prompted by preliminary results from the Indonesian crash investigation indicating that erroneous data from a single sensor, which measures the angle of the plane's nose, caused the stall-prevention system to misfire. Then, a series of events put the aircraft into a dangerous dive.
Boeing publicly released details about the planned 737 MAX software update late Monday [Editor's note: the link may be paywalled; alternative source]. A company spokesman confirmed the update would use multiple sensors, or data feeds, in MAX's stall-prevention system -- instead of the current reliance on a single sensor. The change was prompted by preliminary results from the Indonesian crash investigation indicating that erroneous data from a single sensor, which measures the angle of the plane's nose, caused the stall-prevention system to misfire. Then, a series of events put the aircraft into a dangerous dive.
Why the hell wasn't this the case before?
Aren't flight control systems supposed to be triple-redundant anyway? Everything I've read about them says they are; three systems and if there is incorrect data it uses the two that agree.
Ground them. Ground them NOW! It must be using Windows!
msmash: that alternative link has even less useful information than the truncated wsj article.
million dollar aircraft brought down by a cheap sensor failure
if ( goingToCrash ) {
dontCrash();
}
It's funny how they point to aviation as nearly infallible when they talk about self-driving cars.
You cannot put the plane into alternate law unless you have malfunction instruments. Therefore, pilots do not practice alternate law, and in turn are utterly unprepared for the plane switching to alternate law for a sensor failure.
Gotta practice alternate law on real hardware from time to time to get a feel for how the aeroplane handles.
One errant sensor can bring down a plane? Yeah. That makes sense....
I mean, I'm no aviation expert... but what about adding something like "if altitude '${lowest safe value}' then don't dive"
Just saying...
... i hope they have a way of turning this off in the meantime...
The software industry has become a hot mess of unleashing garbage beta code onto the world, and figuring that they can finish it later and fix everything with patches. Being fast to market trumps all other considerations. It seems like this mindset has made it into the world of aviation finally, which you would expect might be the last bastion of common sense and doing things carefully and correctly. And people are paying for it with their lives by the hundreds. If there is not a billion dollar lawsuit against Boeing over this, something is very, very wrong.
Well, there's an obvious fix: Turn off the the control system that handles the anti-stall provisions that are likely at fault. Talking to my neighbor (AA pilot who's been trained on 737 Max 8), that was his comment. "It's pretty obvious the pilots need to be trained to turn off the system when they see that behavior."
But to an earlier comment: From the bit I know about commercial avionics safety, if there really is a single sensor that feeds into a control system, that does feel like a violation of safety design standards (for triple redundancy).
I'm betting this is at least in part a 'supplier management' problem on the part of Boeing. That's what led to the Dreamliner battery fires. And the current CEO of Boeing was PM for the big Army FCS program (that I was part of, on the government side.) Boeing did a piss-poor job of supplier/subcontractor management there, and it seems that Dennis Muilenberg took that problem with him when he moved over to the lead for the Dreamliner.
That would have been prevented by the current system.
Unh... Dorsai reference? All my mental banks pull up for "alternate law" is the Chantry Guild. But I'd really like to understand why you think that relates.
I think we've pushed this "anyone can grow up to be president" thing too far.
This comment would apply to an Airbus, but the planes in question are Boeing. This is a whole different issue.
Cockpits didn't have software. Aircraft had analog instrumentation, & required skilled pilots.
Now, GTF off my lawn.
Given such a serious error, it feels like that Boeing has taken the approach of completely overhauling the flight-control systems, rather than issuing a (relatively) quick change that'd (say) allow the pilot to switch off the system. But this 4.5 month delay has likely caused the deaths of another 157 people.
I'm shocked that anyone at Boeing thought it'd be a good idea to use only use either one sensor or the other (as opposed to a majority rule system with at least three sensors). It makes me wonder how such a critical design decision got past their (internal) peer review process. And now they will undoubtedly be rushing an "extensive change" (before another crash occurs), makes me even more wary of flying in Boeing 737 Max for at least a year or so until it has proven its reliability in the laboratory that is Mother-Nature.
It also seems like Boeing is finally moving to a fly-by-wire system which overrides the pilot like what Airbus has had for decades. But rather than taking a safe, humble approach (such as assuming sensors will go wrong and over-packaging with redundant sensors; as well as putting fly-by-wire into a plane that would operate safety even if the fly-by-wire system is disabled), we have a plane that's apparently more prone to stalling without this immature fly-by-wire system which assumes sensor data is reliable. So we're stuck in an uncomfortable position whereby Boeing can't switch off the fly-by-wire completely (until the more extensive changes are properly tested and incrementally rolled out to airlines on an optional basis over time).
There are undoubtedly Boeing fan-boys/girls who believe Boeing can do no wrong. Awesome, please be beta testers on my behalf.
You fucking moron. Of course pilots practice situations in which instruments malfunction, disagree, etc in simulators. Seriously, wtf is wrong with your brain, that you think airline pilots aren't trained, assessed and undergo constant reevaluation on how to deal with alternate flight regimes?
Ummmm......wtf are you talking about? There are no control laws for the 7M8, the 7M8 is not fly-by-wire and the 7M8 has a couple of new systems that are control-by-wire (the MCAS - which is what the software update is for) which can easily be disabled by the flick of a switch on the below the throttle controls on the centre pedestal.
Boeing has only to fully fly-by-wire aircraft platforms, the 777 and 787, neither of which have any sort of control laws. The pilot can crash a Boeing plane into the ground, stall the aircraft and exceed all flight envelope restrictions if they so chose to.
Airbus aircraft have control laws, four of them (with the exception of the A220 which has three control laws). In normal mode, the aircraft has full flight envelope protections, the only time the alternate control laws and direct law are enabled with when multiple air-data systems/sensors fail.
There is an option to disable the system. It's a new system and there was not a lot of training about it though.
Since the alternative source link in the summary appears to link to an article about stock prices, here's some alternative alternative links that actually contain more relevant information:
- Boeing press release
- Gizmodo
- Washington Post
Remember when their fancy new 787 would lose all 4 "redundant" power systems at the same time because of an integer overflow in the uptime counter?
Sing dem words to me in portugues
Are they going to enable pilots to disable the MCAS from nose diving the plane by pulling up on the yoke too?
Okay lets suppose that some or all of the stall sensors are malfunctioning. There's another sensor that the computer can look at and that's the altitude. If the ALTITUDE is rapidly falling of course the plane might think, see I was right about this stall! But there's one more thing. Namely if the pilots pulled the stick back and the altitude stops falling the plane should now have enough information to figure out that pushing the stick forward is not the right thing to do.
So it seems like the plane should be able to figure out that it's sensors can't be right even if it doesn't know what's exaxtly wrong.
That is, it's job is to overide the pilots if it's convinced they are ignoring a serious problem or doing something to make it worse. But if they do take action and it improves the situation then the logic should be, trust the pilot. Not, continue assuming the pilot is doing the wrong thing.
Some drink at the fountain of knowledge. Others just gargle.
For a system that can kill the aircraft? That sounds like criminal negligence to me. Somebody wanted to do things on the cheap obviously, ignoring all rules of the design of critical systems. In particular, you never, ever rely on a single sensor, and you make damn sure the operators (pilots) understand how things work. About 300 killed people later, Boeing seems to have remembered at least some of the basics.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Admittedly I have not researched it but was stalling a big issue with these planes prior to implementing this anti-stall feature?
Just seems like a solution in search of a problem which often does not end well.
"Action without philosophy is a lethal weapon; philosophy without action is worthless."
(Reuters) - The Ethiopian Airlines plane that crashed killing 157 people was making a strange rattling noise and trailed smoke and debris as it swerved above a field of panicked cows before hitting earth, according to witnesses.
https://www.reuters.com/article/us-ethiopia-airplane-witnesses/ethiopian-plane-smoked-and-shuddered-before-deadly-plunge-idUSKBN1QS1LJ
(AP) - Eight Chinese citizens were on the flight.
So, now we have an idea of where to look for the problem.
https://www.youtube.com/watch?v=l2lhuYP7ki8
https://www.youtube.com/watch?v=6H5BWTgBleQ
https://www.youtube.com/watch?v=6PHp2qbucns
___
It is on the dashboard or whatever they call the dashboard in a jetliner. Problem is that Boeing wanted to sell the plane as just another 737 that would not need any extra pilot training, to avoid losing deals to Airbus. So the new button is documented in the plane's maintenance manuals but the pilots weren't trained in using it. So in the Lion Air crash they kept struggling against the autopilot by tugging at the flight yoke instead of using 6 new control that they didn't know about. Oops :(. I can almost see a Dilbert PHB in the background making that decision.
It's not a button on the dashboard. It's a complex maneuver:
https://www.nytimes.com/interactive/2018/11/16/world/asia/lion-air-crash-cockpit.html
You don't learn to fly at flight school. A lot more flying is done under normal circumstances.
Unless you're flying for the military where basically all flying is for training only anyway.
A description of alternate law as it applies to aviation can be found here although this focuses on Airbus.
Why is there an "insightful" mod and why isn't it "-1"? If I wanted insight, I wouldn't be reading
Boeing is insufficiently managed?
Because the transient and eternal are the same.
Seven puppies were harmed during the making of this post.
Something struck me regarding latitudes: the Air Lion crash was 6 degrees South (Djakarta), the Ethiopian crash was 9 degrees North (Addis Ababa) ; both flights were close to the Equator (symmetrically). Could have something to do with sensors reliability.
Slashdot, fix the reply notifications... You won't get away with it...
There are two AOA sensors. What the software does with their inputs is of course another matter. It seems like it would be nice to have three, but there other things that there are only two of (like engines on most commercial airliners) and pilot input is needed to respond to a failure of one. Of course, the pilot needs to understand that there's been a failure.
Why is there an "insightful" mod and why isn't it "-1"? If I wanted insight, I wouldn't be reading
hopefully Boeing is sending huge amounts of compensation to the victims' families who, in my opinion, were guinea pigs for a failed experiment to save some dollars
Thank you. Someone please mod parent up as informative.
I think we've pushed this "anyone can grow up to be president" thing too far.
if (plane.aboutToCrash == true)
{
Dont();
}
Your point about "know there's a failure" is relevant. But if the two sensors don't agree, then the '3rd factor' is the pilot. System reports "sensor failure" and the pilot turns off that anti-stall system. The rules as I understood them (I am not a safety engineer, but I've had some training in this area) is to use voting to detect the failure. For an engine, there are other ways to detect the failure than seeing if the engines are all turning at the same RPMs :-)
They more or less ARE grounded in every country outside of two. (Big surprise... guess which two valued Boeings profits over human lives):
https://edition.cnn.com/2019/03/12/africa/airlines-suspend-boeing-flights-intl/index.html
... after the Lion Air crash, knew of the needed fix, and sat on their ass and did NOTHING about it until another 150+ people died? Somebody high up at Boeing needs to be sacrificed (literally?) and some major restructuring occur.
Uh...no. Have you seen the simulators? Are you aware of the cost? These are not rookie pilots but pros with typically 2 decades of experience under their belt. The simulators are essentially the real deal. This isn't Chuck Norris air combat.
After consideration they decided that the big red elbow-activated "Crash NOW!" button was to easily accidentally struck when pilot stretches, or scratching self.
Re-thinking similar function button small button next to light button above each passenger seat, and in bathrooms.
https://youtu.be/LwjP8HCpE4E.
Link from post above. Very informative.
Both countries have not reported any issues with the 737 MAX. If other countries feel like they have to ban them all because their nations ban general aviation or outright make it too expensive to train pilots in real planes, so they're unable to apply normal logic that normal pilots typically would do, by all means, ban all of Boeing.
I have heard and read 9/11 "truthers" over the past 17+ years explaining that the twin towers were hit by missiles, or drones, or CIA owned Learjets. The proof, I have read andf heard is that there was no major visible plane wreckage at Shanksville, the Twin Towers, or the Pentagon. The same thing is apparent here, therefore the so-called truthers should be making the same hyperbolic claims....
ahhhh... but they're not.
This crash was indeed a Boeing 737Max8, and there is very little recognizable as aircraft remains to the untrained eye. As sad as it is for those involved, this crash into an otherwise clear field should provide assistance to anybody who has ever had to deal with any 9/11 truthers.
Unthinking people see a large airliner on the tarmac and their pea-sized brains see it as a massive metal structure, which they presume means lots of dense and strong cast iron parts, like some sort of aerial battleship or flying army tank. In truth, an airliner is an extremely thin-skinned hollow aluminum (or now composite in the case of the 787s) tube. The airfoil structures of the wings, and vertical and horizontal stabilizers are also thin-skinned hollow structures. The landing gear struts, wheel hubs, and engine cores are the only real substantial masses of metal, and they are indeed visible here in the wreckage just as they were in the 9/11 crashes.
I'm sure (sadly) that there will be consiracy idiots arguing over the fuel. After 9/11 they argued that the fires from all that refined kerosene would not burn hot enough to melt steel, and here they'll probably rant that they see no sign of fire at the impact point from a plane that, just after take-off, should have been loaded with fuel. The thing about such hugh-speed impacts though is that the fuel can get aerosolized and in that state if ignited it can make a fireball that burns the fuel-air mix very rapidly and dies out before it can ignite much else.
seriously.
A bit of history that most people are unaware of is that after returning from the moon (and the obligatory world tour with moon rocks and such), Neil Armstrong returned to Edwards Air Force Base and worked to integrate an Apollo computer into a jet fighter to test the idea of flying a plane with assistance of a digital computer. The project was a success. After that, Armstrong eventually retired to his farm and sometimes taught some college classes, while the aerospace industry got busy putting compuers into cockpits.
It's a button in the aft toilet under a locked flap with "beware of the leopard" written on it.
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
If you've heard Sen. Blumenthal talking about how the Max 8 is "unsafe at any speed", needs to be grounded, and that Boeing and the FAA need to be raked over the coals, note that he's in the pocket of Boeing's only real competitor, Airbus.
This is why you NEVER override the pilot. Warn them, fight them, irritate them, but *never* override.
~Any apparent grammatical or typographic errors are caused by defects in your display device.
https://www.dallasnews.com/bus...
“The disclosures found by The News reference problems during Boeing 737 Max 8 flights with an autopilot system, and they all occurred while trying to gain altitude during takeoff — many mentioned the plane turning nose down suddenly. While records show these flights occurred during October and November, the information about which airlines the pilots were flying for is redacted from the database. Records show that a captain who flies the Max 8 complained in November that it was ‘unconscionable’ that the company and federal authorities allowed pilots to fly the planes without adequate training or fully disclosing information about how its systems were different from previous 737 models.”