Slashdot Mirror
Flawed Analysis, Failed Oversight: How Boeing, FAA Certified the Suspect 737 MAX Flight Control System (seattletimes.com)
In one of the most detailed descriptions yet of the relationship between Boeing and the Federal Aviation Administration during the 737 Max's certification process, the Seattle Times reports that the U.S. regulator delegated much of the safety assessment to Boeing and that the analysis the planemaker in turn delivered to the authorities had crucial flaws. 0x2A shares the report: Both Boeing and the FAA were informed of the specifics of this story and were asked for responses 11 days ago, before the second crash of a 737 MAX. [...] Several technical experts inside the FAA said October's Lion Air crash, where the MCAS (Maneuvering Characteristics Augmentation System) has been clearly implicated by investigators in Indonesia, is only the latest indicator that the agency's delegation of airplane certification has gone too far, and that it's inappropriate for Boeing employees to have so much authority over safety analyses of Boeing jets. "We need to make sure the FAA is much more engaged in failure assessments and the assumptions that go into them," said one FAA safety engineer. Going against a long Boeing tradition of giving the pilot complete control of the aircraft, the MAX's new MCAS automatic flight control system was designed to act in the background, without pilot input. It was needed because the MAX's much larger engines had to be placed farther forward on the wing, changing the airframe's aerodynamic lift. Designed to activate automatically only in the extreme flight situation of a high-speed stall, this extra kick downward of the nose would make the plane feel the same to a pilot as the older-model 737s.
Boeing engineers authorized to work on behalf of the FAA developed the System Safety Analysis for MCAS, a document which in turn was shared with foreign air-safety regulators in Europe, Canada and elsewhere in the world. The document, "developed to ensure the safe operation of the 737 MAX," concluded that the system complied with all applicable FAA regulations. Yet black box data retrieved after the Lion Air crash indicates that a single faulty sensor -- a vane on the outside of the fuselage that measures the plane's "angle of attack," the angle between the airflow and the wing -- triggered MCAS multiple times during the deadly flight, initiating a tug of war as the system repeatedly pushed the nose of the plane down and the pilots wrestled with the controls to pull it back up, before the final crash.
[...] On the Lion Air flight, when the MCAS pushed the jet's nose down, the captain pulled it back up, using thumb switches on the control column. Still operating under the false angle-of-attack reading, MCAS kicked in each time to swivel the horizontal tail and push the nose down again. The black box data released in the preliminary investigation report shows that after this cycle repeated 21 times, the plane's captain ceded control to the first officer. As MCAS pushed the nose down two or three times more, the first officer responded with only two short flicks of the thumb switches. At a limit of 2.5 degrees, two cycles of MCAS without correction would have been enough to reach the maximum nose-down effect. In the final seconds, the black box data shows the captain resumed control and pulled back up with high force. But it was too late. The plane dived into the sea at more than 500 miles per hour. [...] The former Boeing flight controls engineer who worked on the MAX's certification on behalf of the FAA said that whether a system on a jet can rely on one sensor input, or must have two, is driven by the failure classification in the system safety analysis. He said virtually all equipment on any commercial airplane, including the various sensors, is reliable enough to meet the "major failure" requirement, which is that the probability of a failure must be less than one in 100,000. Such systems are therefore typically allowed to rely on a single input sensor.
Boeing engineers authorized to work on behalf of the FAA developed the System Safety Analysis for MCAS, a document which in turn was shared with foreign air-safety regulators in Europe, Canada and elsewhere in the world. The document, "developed to ensure the safe operation of the 737 MAX," concluded that the system complied with all applicable FAA regulations. Yet black box data retrieved after the Lion Air crash indicates that a single faulty sensor -- a vane on the outside of the fuselage that measures the plane's "angle of attack," the angle between the airflow and the wing -- triggered MCAS multiple times during the deadly flight, initiating a tug of war as the system repeatedly pushed the nose of the plane down and the pilots wrestled with the controls to pull it back up, before the final crash.
[...] On the Lion Air flight, when the MCAS pushed the jet's nose down, the captain pulled it back up, using thumb switches on the control column. Still operating under the false angle-of-attack reading, MCAS kicked in each time to swivel the horizontal tail and push the nose down again. The black box data released in the preliminary investigation report shows that after this cycle repeated 21 times, the plane's captain ceded control to the first officer. As MCAS pushed the nose down two or three times more, the first officer responded with only two short flicks of the thumb switches. At a limit of 2.5 degrees, two cycles of MCAS without correction would have been enough to reach the maximum nose-down effect. In the final seconds, the black box data shows the captain resumed control and pulled back up with high force. But it was too late. The plane dived into the sea at more than 500 miles per hour. [...] The former Boeing flight controls engineer who worked on the MAX's certification on behalf of the FAA said that whether a system on a jet can rely on one sensor input, or must have two, is driven by the failure classification in the system safety analysis. He said virtually all equipment on any commercial airplane, including the various sensors, is reliable enough to meet the "major failure" requirement, which is that the probability of a failure must be less than one in 100,000. Such systems are therefore typically allowed to rely on a single input sensor.
This judgement is going to run into 10 digits.
[quote]only two short flicks of the thumb switches[/quote]
In the systems you design, typically how many times is the user expected to press the Stop Trying To Kill Us button before the system leaves off trying to do so?
The statement of using only one sensor is scary especially for something that automatically adjust the flight path, but even having two is scary. With 2 sensors how does the software know which is right when they disagree ? For true fault tolerance you need a minimum of 3 sensors
This smells like a collusion between Boeing and the US Government (FAA) in order to rush through certification to be anti-competitive to the Airbus product that was ready for this area.
The resulting hundreds of dead is a testament to failed oversight and cost-cutting, lack of redundancy, and what appears to be basic lying to other air regulators.
Almost certainly this will come back to bite Boeing badly - firstly the lawsuits from the families of the dead, second with sales on what many people would consider a flying death trap of a plane design. It will take a while for this taint to be forgotten, assuming that it is fixed, redundant systems are installed on all planes, and that they pass more robust certification processes around the world.
Is there no indication to the pilots that this system is being activated? Is there no simple way to de-activate it if it is falsely triggered? If not, why not? Airbus and Boeing have went too far in attempting to remove pilot error caused accidents in my opinion, to the point of making it difficult for the human pilots to actually fly a plane that has sensor problems.
Forget the revolving door between the aerospace industry and the FAA - Boeing took out the middleman by convincing the government to let it self-regulate, even on matters of extreme importance like the airworthiness certification of aircraft. It's a win-win: Boeing wins because they reduce R&D and materials costs in getting subpar designs certified that otherwise would be rejected. Politicians win because they get their healthy campaign donations. The only people who lose are the ones who screamed for their lives as their plane plummeted to the earth.
Let the free markets have their way!
Now Boeing will pay a market place because people will choose not to fly on their planes. /S...very /S
> Yet black box data retrieved after the Lion Air crash indicates that a single faulty sensor -- a vane on the outside of the fuselage that measures the plane's "angle of attack," the angle between the airflow and the wing -- triggered MCAS multiple times during the deadly flight, initiating a tug of war as the system repeatedly pushed the nose of the plane down and the pilots wrestled with the controls to pull it back up, before the final crash.
Jesus, what a nightmare. And, I'm sure, no way of turning off the MCAS even though it was clearly malfunctioning. That has to be the worst last moments for a pilot, ever.
I read in a different article that the reason for the airframe design has its roots in the way airports were designed decades ago. Before they had those mobile tunnels that connected between the terminal and the plane, passengers had to walk out to the plane and ascend on a portable stairway. To make boarding easier, the original 737 was designed to be lower to the ground, so there wouldn't be as many steps to board. That part of the 737 design was never changed, and it made the airframe changes for the Max very awkward to implement. Hence the necessity for something like the MCAS, and hence the current mess.
Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
No wonder China kicks our ass at building things.
it'll be safer to buy Delta tickets than find that other airlines are again allowed to put these Max planes back in the air
You said "Safer" and "Delta" in the same sentence, hmm...
This issue seems like something the pilots can work around if they know what is going on, which the U.S. pilots seem to.
I got an email from Southwest Cargo related to the Max, they stated:
While we remain confident in the MAX 8 after completing more than 88,000 flight hours accrued over 41,000 flights, we support the actions of the FAA and other regulatory agencies and governments across the globe that have asked for further review of the data
That's a lot of flights they have done with the plane, so it's not like the plane is inherently unsafe - there is a flaw in this system, which will get resolved one way or another. They'll be back in the air and as safe as any other place flying.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
> "Going against a long Boeing tradition of giving the pilot complete control of the aircraft, the MAX's new MCAS automatic flight control system was designed to act in the background, without pilot input"
Or notify them either, it seems. Or be disabled when it erroneously kicks in over 20 times causing unexpected dives. Fuck everything about this system. Even if they fix it I'm not flying on any aircraft that has this.
> "this extra kick downward of the nose would make the plane feel the same to a pilot as the older-model 737s"
And that's also ridiculous. Because of the change in the engine configuration it is an aircraft that handles differently. "Compensating" so the pilot doesn't know the difference causes confusion, something you don't need when in charge of a passenger jet. Do they make 747s feel like you're flying a TriStar? Of course not.
"Wait. Something's happening. It's opening up! My God, it's full of apricots!"
To assume that the FAA would have somehow made this "safer" is a big assumption.
They may have missed it, just like Boeing did. Boeing certainly doesn't want to make planes that crash. That's even worse for business than a delay in certification.
Part of the problem is Boeing didn't want pilots to have to retrain and certify under a different type of aircraft.
So they've jiggled things around to make it look like it's just like any other 737, but it now has different flight characteristics.
So now Boeing has created a situation where they wanted this to appear seamless to the pilots, but that it apparently doesn't work and is anything but seamless to the pilots. They took something which wasn't fly by wire, and made it fly by wire.
What we're seeing now is a case where the FAA let Boeing decide there was no material difference for pilots, when there actually was ... in which case their attempt to not have to force pilots to re-certify in type has now potentially led to two crashes.
When the pilot is saying up, and the system is saying down ... bad things happen.
And clearly, despite Boeing saying it would fly exactly the same, it doesn't.
The safety analysis:
...
"1) Understated the power of the new flight control system, which was designed to swivel the horizontal tail to push the nose of the plane down to avert a stall. When the planes later entered service, MCAS was capable of moving the tail more than four times farther than was stated in the initial safety analysis document."
"2) Failed to account for how the system could reset itself each time a pilot responded, thereby missing the potential impact of the system repeatedly pushing the airplane's nose downward."
"3)
I think this is the most important story on Slashdot in a long time.
The article linked by Slashdot is the best, deepest story in a long time: Flawed analysis, failed oversight: How Boeing, FAA certified the suspect 737 MAX flight control system.
Just like how the FDA relies on the drug companies to run all the tests, submit supporting docs, etc.
tl; dr: cost cutting ?
Why not just use a stick pusher, like any other non-FBW aircraft with stall issues? Design it so it can be overridden with appropriate back force on the control wheels. Using trim for this is stupid, since with full down trim, you might not have enough elevator authority to recover quickly from a dive (i.e. even if the system is turned off, trim may have to be cranked back manually before the plane can recover).
This looks like criminal stupidity on the part of Boeing engineers.
Dude, auto pilot was off. All auto systems that were in the manual were off.
Imagine a world where the CEO of Boeing and the head of the FAA announce that mistakes were made and we will make corrections and that they compensate the victims of the tragedy. Sadly in the real world legions of highly paid lawyers will generate tons of documents to prevent this from ever happening.
Everything will be in the paper trail. That, and dead bodies, is a conviction.
If not in the USA, then in any other country willing to prosecute on behalf of their dead citizen.
https://www.youtube.com/watch?v=rvkEpstd9os
Granted, this is the 787 - but now i will be asking airline carriers to tell me what make/model plane i will be traveling on.
OMG - the inside of Boeing is ROT.
The company is profit above anything else.
They attempted a political solution (Trump/Cho/McConnell) prior to finally admitting to grounding best go forward.
"You can always count on the Americans to do the right thing after they have tried everything else..."
From my own experience, the FAA and others put too much emphasis on paper forms and too little on actual tests and real safety reviews.
I designed a similar system for my RC planes. I haven't actually installed it, because it isn't necessary. It's okay to not have it.
This system is designed to detect when the pilot has seriously screwed up, pointing the nose way too high. Most planes don't have it. I thought about using one only because I'm a bad RC pilot. (I'm a bit better with a real plane).
So in this case, if you have two sensors which disagree, you can ignore the one that says you're nose high, and the plane will function like any other plane.
You could also cross-check other sensors and / or have a milder response. In a true high-speed stall in an airliner you'd expect to see significant deflection of the elevator or ailerons (turns can cause high-speed stalls). If you don't have a lot of elevator or aileron deflection, the stall warning could be a false positive.
Based on data from one or two AoA sensors plus correlation with other sensors, you could GENTLY nudge the nose down appropriately. It seems Boeing forced the nose down hard, despite the pilot pulling back as hard as he could.
I starting designing a fully aerodynamic system (not electronic) which would add a few degrees of down offset to whatever the pilot ordered. Assume the max AoA is 12Â. Once the the sensor detects AoA is more than 10, it would basically gradually subtract 0-3Â from the pilot input. So the pilot could pull the stick hard enough that would otherwise cause a 15Â AoC before the plane would hit the critical 12Â. It was designed to aid the pilot, helping the pilot avoid going over. It seems Boeing's system completely overrode pilot input. My design was more like "the pilot would have to try really hard to crash".
This report is fundamentally flawed and obvious biased against the president and boeng who is doing amazing work protecting americans! SEATTLE TIMES is just another democrat biased mainstreme media outlet with a agenda of underminig this administration and hurting america. SAD!
Obama made America great, and Trump the traitor sold it to Russia for pennies. Don't worry, Mueller will get it back - with his magic rope.
People make a country great, not the president.
It's your turn airbus/EU
"Going against a long Boeing tradition of giving the pilot complete control of the aircraft, the MAX's new MCAS automatic flight control system was designed to act in the background, without pilot input"
Often old and simpler is far better....
Attitude is only one element of the aircraft's operation -- what about airspeed?
Surely if there was a large disparity between the aircraft's airspeed and its attitude (ie: it is accelerating beyond 500mph while the attitude sensor says it's in a steep climb) then the safety system ought to have recognized that there was a fault condition and triggered an alarm which would allow pilots to disable it with the simple flick of a switch.
Sadly, it seems that this system was never designed to be disabled -- because it was part of the FBW system used to modify the apparent flight characteristics of the new Max8 model so that it would fly like an earlier 737. This was done (so I understand) solely to make the plane more attractive to airlines that didn't want the extra expense of having to get their pilots "rated" for a new aircraft type.
When it comes to the mighty dollar versus safety -- you *know* which one wins :-(
Meanwhile, some people are still saying "it's only a matter of time before a drone brings down an airliner". I wish they'd shut up and focus on the *real* risks that are *actually* claiming hundreds of lives in the aviation industry.
He said virtually all equipment on any commercial airplane, including the various sensors, is reliable enough to meet the "major failure" requirement, which is that the probability of a failure must be less than one in 100,000.
One in a hundred thousand WHAT?
Flights? As of 2014 there's a bit over 100,000 flights per DAY! With a rule like that there should be on the average somewhat over one "major failure" per day per system of that classification level, which allows a single point of failure to exist.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Why the hell does the FAA even exist if they leave the regulating up to the companies themselves?
Absolutely ridiculous.
I consider any system that can move or lock any control surface of an aircraft to be safety-critical. Why can't a company that designs aircraft for a living do better than an AC on Slashdot?
After accidentally confirming that the <Backspace> bug still exists on Slashdot and that it can destroy your draft without a trace...
My initial thought was that this angle was politically motivated. (I see that an AC may have opened the topic, but I don't care enough to forcibly open the AC's subject.) So I checked the schedule for the certification of the 737 MAX and confirmed that it happened in 2017, but early enough to blame on REAL president Obama. As long as you ignore any questions about FAKE Republicans (AKA Bolsheviks) working to kneecap Obama's entire administration from Day One. Saving money is a great excuse and even better when you can blame a Democrat for any little disasters that result.
I do think the FAA shares some of the blame, but (1) There's plenty of blame to go around, and (2) This appears to be the kind of software problem that is extremely difficult to trap and debug. At least it looks like complicated interactions between two systems that were supposed to be independent.
If it is a politically motivated angle of attack (not to be confused with the airplanes' angle of attack before their crashes), then I am curious who thought it up. But even if #PresidentTweety tweeted it, I'm sure someone gave it to him via his iPhone. Best input channel for most of his bad ideas.
Freedom = (Meaningful - Coerced) Choice != (Speech | Beer^2), and sad sock puppets' bad mods avail them naught.
Way to have no idea what a "fix" means? What you suggest is disabling the system, = a work-around or mitigation OF the problem, which continues to exist. Not a Fix. I'm sorry you were born unable to read, really I am. Good luck.
"regulation" implies a neutral third party. The Credit Card Industry has PCI. Video Games have ESRB. Movies the MPA. None of those things are as immediately lethal as a busted airplane though.
But I wouldn't call it "regulatory capture" either, since Boeing were left to their own devices. They didn't have anything to capture.
No, what we have here is plain, good 'ole deregulation. These days regulation > deregulation is automatic in most people's minds. Between this, Flint Mi, and the 2008 crash I hope folks are starting to change their minds in that regard.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
Yeah, lots of people died, but that taught them not to fly on these airplanes so that proves the free market works.
We just need to deregulate more, disband the FAA and allow companies to self-regulate. The companies are the closest to the product, so they know what to look for better than some dumb old inspector.
Small government is always better, amiright? Yeah!
How the hell does a critical sensor on an aircraft fail without the system knowing about it? My freaking car told me yesterday that the microphone in the entertainment unit had developed a fault...
I am not interested in articles about life extension advancements.
Too many patches to keep building newer technology airplanes that handle like the old ones. Just to save money on certification and pilot training. Stop already. Just design a new airplane.
Have gnu, will travel.
I'm not sure about parts of your description, but I am pretty sure that it involves the focus getting outside of the input window. Nothing to do with either keypad (though I suspect the mouse), and I am using Firefox. The first thing I do when it happens is to attempt to return forward, but no can do. Pretty sure I'm using the classic view of Slashdot, but not sure how to check that.
Are you perhaps suggesting that I can recover the lost draft by some other method? For example, I haven't tried playing with the history. Maybe it appears as a recently closed tab, even though the tab of the lost information appears to remain open?
Freedom = (Meaningful - Coerced) Choice != (Speech | Beer^2), and sad sock puppets' bad mods avail them naught.
Comment removed based on user account deletion
You're the world's most deserving incel, you know nothing about aviation, safety, regulations, SOP, none of it. You're a moron.
On June 29th, 2011, the Department of Transport's Office of Inspector General issued a detailed (23 page) audit report that examined the Federal Aviation Authority's approach to Risk Management.
You can read the report directly here.
This report, published in June 2011, documents in stark detail that the approach taken by the FAA - to significantly scale back oversight of aircraft manufacturers - represented significant risk, even if that activity were performed adequately.
In more detail, the report explains how the FAA took the decision to delegate responsibility for the hiring of individuals to serve as "FAA engineers" - essentially the supposedly independent inspectors who are intended to be able to objectively assess the effectiveness of the design and modification procedures conducted by the company that hired them.
If that wasn't bad enough, the report goes on to say that once the FAA had conducted initial inspections [the document quotes a 2 year time window of monitoring] it then stepped back from even an oversight role. In other words, there was no way that the FAA could have had any confidence that the modifications introduced with the 737 MAX aircraft were actually functional as claimed.
If you read around this news story in search of more details, you might find a couple of other relevant pieces of information. Staggering pieces of information...
One is that Boeing's design/development process broke down, so that when the "final" aircraft was reviewed / safety inspected by their in-house "FAA engineer", all the presented paperwork showed that the force imparted on the contol column by MCAS was set at relatively low, original design levels. In truth the design had changed, to the extent that one of the pilots in Lion Air flight incident had been attempting to fight the controls with over 100lbs of force - and had failed to overcome the aircraft's systems.
Another is that the sensor input to the MCAS system that turned out to be closely related to the problem may have been basing decisions on a single, faulty attitude sensor.
Whatever the causes of the two recent failures in terms of the operational characteristics of the two aircraft involved, I think the 2011 Inspector General's report clearly shows that both of these events were clearly avoidable and could have been prevented had the FAA leadership performed their duties responsibly.
They flew 88,000 flight hours and still flew two airplanes into the ground. I can see the FAA re-certifying the 737 but I wouldn't expect the EU to put this high on their to-do list. I'm sure Airbus will be happy to pick up the slack while Boeing works out their kinks.
I do not block ads. I do block third party scripts.
Maybe pilots should/must be always provided a way to disable any flight safety system (if they findout malfunction)?
& also, not to mention, all critical sensors could be doubled/tripled for fault detection/tolerance!
(To auto-detect malfunction whenever all 2/3 dont match!)
If the certification process is flawed, then the FAA needs to review Certifications for other planes in the last years. Just to be sure they were correctly applied.
On any airliner I know, there are two AOA(angle of attack) sensors. They're typically located somewhere on the sides of the a/c, near the nose. There have certainly been a few other incidents in which AOA sensors have played a part. However, it almost always takes several combined things to bring an aircraft down. They're supposed to have learned from these losses.
Looking at the results of Lion Air, and this most recent loss, IMNSHO the MCAS received and responded to bad data from at least one AOA sensor. Would you, dear reader, write code that doesn't account for bad data? If your system was reading sensors that relied on a mechanical action for the data, I hope you'd always insist on two sensors, which should agree, and build into the system a plan to disable the one that's sending erroneous data. There must be an action that the computer system, and the pilot, can take to prevent this sort of thing. The MCAS certainly needs a hard look, and probably some tweaks.
I believe the MCAS itself is an evolving technology, a basically sound one, made necessary in large part by a critical lack of sufficient training and experience in hand flying. basic airmanship, that pilot sh... tuff. Stick-and-rudder stuff. Pushing buttons and spinning knobs is most certainly not actually flying, it's merely operating systems. Airlines need to expect more from anyone that intends to fly a large aircraft. ANY aircraft, yes, but there's a lot more things that can go wrong in a large airliner. Try as one may to avoid any single point of failure, I suggest that despite having the best engineers and coders creating things, it's amazing what weather, icing of sensors/wings and empennage, low-voltage corrosion, pilots' lack of experience/training/basic airmanship etc. can produce.
Anywho, yes, Boeing needs to review their MCAS, the sensors, and pilot reactions to situations like this. Why, I wonder, isn't there a couple of switches that can disable the system, or something? Anything! Perhaps one of the AOA sensors froze, despite the current body of knowledge. I'll wait for the final report, but in the meantime, were I still willing to fly packed into a commercial a/c, I'd fly that model 737 anytime.
Yea, just so you know.. My father was an avionics and radio mechanic for a major US airline for 38 years, including a decade stent keeping flight simulators running at their pilot training center (to which I got to regularly go and "fly" the big sims), so I grew up around airplanes all my life. I also worked as an avionics engineer on a Navy fighter aircraft and I've done some private flying on my own. I'm not a expert on Boeing's avionics or modern flight control systems, but I do have a few clues about how they work.
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
Boeing will shortly spin off the Commercial Aircraft Division into a separate company and say they had been considering this for a long time.
You tell'em, Comrade Wang!
I love software testing, but I quit and moved on cause the field just doesn't get the respect/resources is needs.
Developers and managers are always trying to "reign in" the testing staff and make them stick to a stupid script --
written by the same developers that made the mistakes in the first place.
My most important bug discoveries were almost always the result of informal testing, or thinking about the test script
and "trying something" that wasn't on the script. Overnight "random monkey testing" with the automated test harness was
very effective at finding real world problems -- but invariably got a rebuke from some manager, "Why were you doing that?"
This sounds a lot like that, but with the added bureaucracy of Aerospace+gov't.
The development process then adapts to minimize bureaucracy, instead of maximizing safety.
So as I see it, one of two things happened:
1. There was a test engineer somewhere who thought about these failure modes before the first crash. He was ignored and didn't have the power to escalate the issue.
2. The tests were stupid and were run by stupid people.
There were enough red flags -- I think it was #1.
Test Engineers -- throw off your chains !
The safety of the world depends on you.
There's a good chance the aftermath of this is going to bankrupt Boeing.
The evidence for gross engineering negligence is piling up, and they are not going to live through the results.
In my experience with other safety analysis methods, faults of a "safety system" like MCAS were not even considered because of the theory that a fault in a safety system would only have the effect of not detecting a fault in the main system. And the chances of a double fault are low.
The idea that a fault in a main system could cause a safety system to make the vehicle unsafe was not on the "standard" checklist of things consider and certify. The manufacturer has very little motivation to go beyond that "standard" checklist.
Did the pilots not deactivate the MCAS system, or did doing that not adequately address the situation?
After the Lion Air crash I read several places that the instruction from Boeing was to deactivate the MCAS system when the continuing nose-down situation was encountered. I would assume that any airline pilot (especially one flying the 737-MAX8 would have been following the news with rapt attention, and would be keeping up with the news of the investigation as it progressed. And independently of the self-education of individual pilots on their own, that Boeing and all the airlines would have updated the training and manuals post-haste. And note that the Ethiopian airline was loudly proclaiming the quality of the training that their pilots received.
So, it seems to me that there are some unanswered questions.
1) If the pilots of the Ethiopian airplane did not dis-engage the MCAS system, why not? Did one or more of them not know about it, even after all of the publicity after the Lion air crash? Did they not know how to dis-engage it? Did they not recognize what was happening to the plane in time? Were they too busy trying to fly the airplane?
2) If they did disengage the MCAS system, why didn't that work? DId it not dis-engage? Did it dis-engage too late?
The various news reports that I've read just don't add up to a coherent explanation of what happened.
I look back to Republicans forcing sequestration shortly before this reduction of funding to the FAA due to this Republican lead effort which they shut down the government to get. This is like say you have a grenade, which many have gone off in the past killing people, so you add a safety pin. Then in your relentless push to deregulate and reduce expenditures you remove the safety pin. Not too long after the grenades start going off because there is no safety pin, killing everyone around. Who is to blame?
I thinks its pretty clear that after the first crash the 737 Max should have been grounded. But money talks and the airlines balked at putting aside new aircraft they paid dearly for. A good time to examine if technology overload is affecting the ability of pilots to fly aircraft safely. Do they really have to fight with a computer trying to over ride their inputs???
and self driving cars have much less testing and that can lead to more damage then just 1-2 planes going down.
When this is all over and done with, this will become the new poster child for engineering ethics.
It might even surpass the Challenger disaster.
ANOTHER example of poor management at Boeing: Boeing tanker jets grounded due to tools and debris left during manufacturing. (Feb. 28, 2019)
And my ex-wife likely was responsible for the OS that the plane was using. Certification is backwards. The company making the OS or plane or drug should not be paying for the certification. The buyers of the product need to group together to do it. When I did security certification at IBM no one ever failed. Our customer was the maker of the product so we couldn't fail them. We almost never asked the customer to make changes (and when we did we never verified that they did make the changes), all the certification process was about getting the paper work correct. For the OS certification it might actually be worse. The certifiers probably aren't very good programmers. Their tests are running automated code checkers and running a subset of the tests the OS maker made. One really bad mistake my ex's team made was misunderstanding a processor errata spec on cache misses. A non-trivial percentage of the worlds aircraft were nearly grounded because of that*. My ex's team had misread the errata and the certification house had relied on her teams interpretation of the errata (or more likely had no clue what it meant).
Critical systems don't allow free() so all non-stack memory will be in static locations. Someone was able to write a program to analyse the executable images to determine if this particular cache miss would ever happen. Turned out that no production systems were affected. The scary part though is change the length of a single text string could trigger this problem.
On a side note, this story from the Seattle Times shows how important investigative reporting is to society. If the government ever gets serious about regulating private enterprise again, it will be due to stories like this, and the resulting public outrage. We are yet again in their debt.
"One current FAA safety engineer said that every time the pilots on the Lion Air flight reset the (trim) switches on their control columns to pull the nose back up, MCAS would (reset its 0 degree reference and) have kicked in again and “allowed new increments of 2.5 degrees.”
“So once they pushed a couple of times, they were at full stop,” meaning at the full extent of the tail swivel, he said.
So in summary a system FAA-certified on the basis of being able to adjust nose-down trim by 0.6 degrees could actually, (after a few cycles of the pilot correcting it a little bit with trim up), command full nose-down trim, about 5 or 6 degrees tailplane tilt.
All of this relying on input from a single angle-of-attack sensor. Get this, the plane has two such sensors, one on each side, but the MCAS only uses input from one of them!!! ! !! ! ! ! ! What the hell? If you use two of them, then your software can check if they diverge, and disable systems relying on the input, and warn the pilots. That is some criminally bad development cost saving judgement there.
Where are we going and why are we in a handbasket?
professional engineer have the power to say no and there certs on the line.
It isn't just the FAA, this is a problem with many if not MOST of the Federal Regulatory agencies....
Look at the FDA rosters, and you can easily see why we won't ever get sensible food regulations/recommendations the would actually help address obesity, etc....in the US.
Light travels faster than sound. This is why some people appear bright until you hear them speak.........
2014 saw an averge of 102,000 passenger jet flights per day around the World. Are the FAA willing to accept one plane per day falling out of the sky because it relied on a single sensor? That's crazy, if true. Single sensors should never be used for critical decision making. I'm a fan of 3 independent sensors - if all are within a tolerance band of each other, use the average of all. If one is way out of tolerance, average the other two, use it by default, but allow the pilot to override and use the third. Then you'd need 2 failures to start using a bad value (1 in 10B flights ), and would still have a good value available to a competent pilot.
The FAA has a dual-contradictory role and that's its real problem:
- to promote flying, and
- to regulate air safety.
Sadly, there are a few fatalities that can be linked back to soft standards (I know citation), and one I can think
of was the famous fractured jet engine mounts. The mounts failed because of shortcuts taken to remove and
install the engine after maintenance were allowed to happen because of sloppy FAA oversight and inspections.
Not all, but I'd bet there's an uncomfortable percentage of fatalities that can be laid at the feet of the FAA.
It's like the olde saying that a traffic light wont be installed at an intersection until there are more than 2 deaths.
The FAA is reactive, not proactive like it was mandated.
CAP === 'crumbles'
Boing is at fault. They should have made it mandatory and presented it as a major system which could lead to major lethal problem in case of misunderstanding or failure or mishandling. Instead they made it an option, a "don't worry not too important" case. They are the one knowing the consequence, so they are the ones which should have insisted. But by the sound of it, it was passed off as a minor problem or no accent was really put on it.
C. Sagan : A demon haunted world:
http://www.amazon.com/gp/product/0345409469/
visit randi.org
And you seriously think that people would follow the FDA recommendation? Actually in several studies people loose weight if they are given food that adhere to the existing FDA regulations so the problem is not the regulations but that people do not give a shit.
The dumbest thing about all of this is that they chose to use a computer to compensate for a trim issue that could have just been handled manually. Instead of setting the trim to X for take off, set it to X+more.
Unless the initial pitch up resulted in wild oscillations that required a computer to deal with, let the pilots fly the fucking plane.
When Fascism comes to America, it will call itself Anti-Fascism, and tell you to give up your guns.
The same thing happened in the financial crisis. Fake certifications of the derivatives AAA ratings caused the rest of the world to buy worthless junk. Now they sell fake airworthyness certificates the FAA rates AAA.
Train the pilot to fly the aircraft instead of having the aircraft pretend to be something else. Also regulatory capture is a problem.
The 737MAX is a contraption designed to save a few pennies here and there. Beancounters in charge.
So much in charge, they could not even design a proper flight control computer. The high level design of MCAS is broken in several ways.
MBAs think they have to act like this.
That seems like a reasonable *rate* at which to bring the nose down.
If the system is adding 0.2 down elevator every second even though there is already 15 degrees down elevator and the pilot is pulling the stick back, and the AoA indicator isn't responding - it's staying at max AoA despite full down elevator, that's what I'm calling forcing the nose down hard. Forcing - overriding pilot input, hard - overriding all common sense based on the available dates.
For contrast, the system I designed set the elevator position near max AoA based on essentially this:
Max AoA - 2.5 + sqrt (stick back force)
So a pilot would have to have pull almost all the way back to exceed max AoA. The linkage was such that it had no effect until the elevator was up past neutral. Of course, this is on a plane that will naturally nose down in a stall if the elevator is neutral. That's a much more conservative approach than what Boeing did, based on what I've read.
I'm not a professional plane designer, just an amateur, and I haven't examined Boeing's design in detail. Reports indicate that it forced the nose down despite numerous indications that it was not appropriate to do so, based solely on the AoA sensor.
Drones in charge instead of engineers with authority. I design safety critical software and what I see is quite a few people who call for "box ticking" instead of robust measures to make the system safe.
It will all depend on the design engineers, because the rest of the company are box tickers mostly.
...create an MCAS function which is safe and correct. Something which is thoroughly tested from units to HIL Test. Where sensor failure is thoroughly analysed in test runs. Anything like an F16, Jäger 90, Mig29 or the like has it WORKING SAFELY.
MCAS obviously has the ability to kill everybody if it contains a bug. Proper engineers would have spotted this and assigned the highest integrity level to MCAS. Instead some drones wrote crap papers and waited for the inevitable to happen. A matter of probability, until the AoA fails and the pilots do not have steel balls and Einstein intelligence.
One in 100,000 what? Seconds, minutes, hours, lifetimes?
It is stupid to make something that can kill people rely on a single input sensor. I programmed experimental tests in nuclear reactors and we always had multiple inputs (thermocouples, flow sensors, etc.) and had sanity checks on the values to identify failed equipment.
Seems like Boeing's software could have taken more things into consideration than just the angle of attack? What about speed, altitude, rate of climb/descent, etc.
"Almost every wise saying has an opposite one, no less wise, to balance it." - George Santayana
c6gunner?
In case of corrupt AoA information, the MCAS will detrim the aircraft ultimately to the point the aircraft MUST crash. The only way an aircraft can survive is the pilots early understanding the AoA failure and disabling MCAS using the cutout switches. If they miss that time window of a few seconds, they and their 150 passengers are doomed.
It's dangerous crapware, rubberstamped by FAA, designed and approved in fact by Boeing themselves.
Sandy Hook taught me that the non-regulated industries have lobbyists that prevent regulation.
It is ok for babies to be slaughtered in USA.
The couple of adult americans killed on an airplane is a sad event, but the reality is babies were slaughtered on USA soil and usa government did nothing.
I fully expect in light of this, that the entrenched Boeing politically connected will also walk free, maybe a small slap on wrist and a stern talking to.
In the end, they only have their reputation tarnished.
Thats it.
Specifically to save pennies, Boeing hid the existence of MCAS to pilots until the Lion crash. MBAs running the show and killing at least one planeload of people.
The Ethiopian folks should have flipped the MCAS cutout immediately. OR BETTER: MCAS should disable itself in case of faulty AoA data and display a warning light. Now we know there are TWO crap software firms in Seattle.
Only pilots who know about the dangerous MCAS shit can recognize and disable the contraption.
...you are infested by MBAs and your name is Boeing.
MCAS does NOT validate the AoA sensor for correctness. It just trims the aircraft until it is dead-trimmed.
The CEO must do Jailtime for MCAS, otherwise they might go bankrupt and will be rescued for being "too big to fail".
I bet Muilenurg will dole out a few hundred millions out of Boeing coffers and shower himself with a big bonus, as every year.
Nobody will be held responsible. Anonymous cash will be sprinkled around.
MCAS#2 will continue to exist, until more people are killed. Also see the 787 battery burnliner.
Sensor failures must be anticipated and handled properly ("reach a safe state"). That is a cornerstone of safety critical control systems.
They could have done this easily (compare both AoA sensors and call it faulty if more than (say) 3 difference), but bullshitted themselves into not doing that. The bullshit is all nicely documented according to FAA rules and DO178 etc etc.
Sensor failures are WAY TOO LIKELY to let them mis-control something critical such as MCAS. Not hard to figure this out. Any seasoned systems and/or safety engineer knows this.
If your ABS would freak out in case of sensor error, you would die at age 38, on average.
Boeing should have calculated how much "MCAS disable-time" is acceptable. If that means 7 AoA sensors, then install them. There is a price to pay for an aerodynamically instable aircraft.
A few more sensors are actually pennies as compared to 300 folks killed and an entire fleet grounded. But yeah, the MBAs cannot figure that. Too dumb for rationality.
Exactly because the AoA sensor was locked, the MCAS freaked out on these two flights. A proper MCAS must detect AoA data failure and disable itself immediately. Additionaly, a small light must be turned on, to inform pilots of the disabled MCAS. Pilots can then carefully return to the airport and have the AoA sensor fixed. Nobody hurt, no fleets grounded.
In a true safety-critical system, you will always have to consider sensor and actor failures. And in many cases you need to have special handling code in the software. Which must be properly tested using state of the art SW engineering methods.
This is nothing new and being done for decades in the auto industry and at Airbus. And many others. Just Boeing thought they could play amateuers with MCAS.
AoA fault can be easily decided by comparing the two sensors of the a/c. Crappy MCAS does not do that.
Also, AoA sensors are not pitot tubes. And even two pitot tubes can be compared, too.
In general, when a sensor craps out, the consumer of the sensor data must react properly on this. The best way is to disable the function governed by the sensor data. Disable MCAS when AoA is of bad quality.
Nothing new here, except Boeing's incompetence.
Everybody else would have disabled MCAS upon reading two different AoA sensor angles. Or two different pitot speed values. Boeing does not. Why ?
" farther forward on the wing, changing the airframe's aerodynamic lift. "
"farther forward on the wing, making the plane unstable."
FIFY
300 planes in operation.
In operation since 2014 - five years.
That is something like 300*5*365*2 = 1000 0000 flights.
Two crashes.
That would be one crash in 500k flights. That nicely fits with the sensor crapping once in 100k flights (order of magnitude-wise). The sensors are actually a bit better than advertised.
But MCAS is dumb enough not to handle sensor failure, as it should. So it kills every 500k flights.
https://boeing.mediaroom.com/news-releases-statements?item=130402
I don't think the FDA is doing much better than the FAA.
Fraud, making misrepresentations to federal authorities. https://news.yahoo.com/boeing-justice-department-crash-202330994.html
Comment removed based on user account deletion
This is such a fundamental flaw that I'm actually in awe that it could have ever been approved. It goes against EVERYTHING taught in practically any engineering discipline.
You NEVER rely on a single sensor for life-critical operations- you normally use 3 and use an intermediary computer or other device to "vote" on what the reading actually is (or should be).
Segals Law: "A man with one watch always knows what time it is. A man with two watches is never sure."
And that's true, but a man with three watches can be reasonably certain what time it is even if one watch fails.
Granted, most things don't need a "tell me three times" setup, but for manned flight and other mission critical applications it's the standard.
How could they possibly have passed this through? It's an engineering mistake that even most rookies and newbs would never make.
One bad sensor (or even two!) should never bring down a plane. This was, at its heart, negligent engineering from a company that should have known better.
I don't care if the sensors only fail one in a million times and cost a million dollars per piece, you NEVER rely on just one sensor. NEVER.
Just cruising through this digital world at 33 1/3 rpm...
It is ok for babies to be slaughtered in USA.
Of course it is! Didn't you hear those Democrats a few months ago unironically suggesting post-birth abortions?
Companies have to spend money complying with regulations. That's kind of the point. To force compliance. What the hell would the alternative be? I suppose we could nationalize their industries. But beyond that, well, that's just how laws work. It's like complaining the government doesn't set the speed on my car.
As for the IRS, it's been heavily manipulated by the GOP. Seriously, it has. They massively cut funding to audits for big companies and the wealthy while writing requirements into law that the IRS audits a certain number of "low income earners", e.g. poor people. This is a calculated attack on the working class to make them hate the IRS and taxation so that they can in turn use that hate to get tax cuts for themselves and their wealthy donors.
Finally, ask how important the overall stats of airline travel are to the families of the dead after they find out this was no accident.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
Boeing did all these dodgy hardware and software hacks just to avoid the time and cost of certifying a new type. This was a panicked rush to market, to compete with Airbus 320neo. Which isn't crippled by stubby landing gear like the 737, so its engines can placed in an inherently aerodynamically stable position.
Because it wasn't a new type, FAA did not require that pilots be certified. And furthermore Boeing buried the details of how to fully return the plane to manual control, because that would conflict with the story they told the FAA about unchanged flight characteristics. Unfortunately for all involved, Max 8 really did have a new flight characteristic: falling out of the sky under computer control.
So yes, Boeing is going to pay out the biggest settlement in aviation history. There is just no way to escape culpability. And we have a huge indictment of Trumpist deregulation too: industry didn't win by weakening FAA oversight, rather it lost big league.
When all you have is a hammer, every problem starts to look like a thumb.
So basically you just spat off all this shit to say you don't know shit.
Educate yourself
1 in 100,000 is just not enough for something that is a matter of life and death. Considering that Google says the FAA handles over 15 million flights yearly, it is conceivable that this system could have become implemented in enough planes eventually to make 1 in 100,000 very common, even if it hadn’t actually failed much sooner than that. I would say no fewer than three sensors must be checked before fighting with the pilot for control. Of course you do have to account for the fact that the pilot could be wrong, but then we have a copilot to act as a redundancy. Any lack of redundancy is just a bad idea.
Incipiamus, fratres, servire Domino Deo, quia hucusque vix vel parum in nullo profecimus.
Quit reanimating the undead 737 airframe, introduce a new type, and train pilots to fly that.
When all you have is a hammer, every problem starts to look like a thumb.
The term is "regulatory capture", and it's been blamed for the Deepwater Horizon incident, and Wall Street's shenanigans.
From that second link, "the process by which regulatory agencies eventually come to be dominated by the very industries they were charged with regulating. Regulatory capture happens when a regulatory agency, formed to act in the public's interest, eventually acts in ways that benefit the industry it is supposed to be regulating, rather than the public."
It's called Regulatory capture. When the fox is guarding the hen house. Have you met Trump's administration.
If you really believe that you will invest every penny you have or can beg, borrow, or steal to bet on the downside - selling short, options etc.
Nope, Boeing will survive this. Yes, there's some engineering changes needed and it will hurt their reputation a bit for a couple years but I'd wager that this won't result in many cancelled orders. A few billion dollars is easily absorbed. The sooner they can get the 737 MAX back in the air, the better for them of course.
If both the Lion Air and Ethiopian Airline crashes were caused by the same thing and that was a faulty AOA sensor driving the MCAS to do the wrong thing, I'd happily fly on a 737 MAX even without any fixes -- as long as I know the pilots have trained for this scenario. It's really fairly easy to detect this problem and recover from it if the pilots are trained in it. Of course, I'd rather fly on a 737 MAX with some engineering fixes (just warning the pilots that the AOA indicators don't agree and training the pilot to disable automatic trim control and "take the wheel" would be a step in the right direction).
Why is there an "insightful" mod and why isn't it "-1"? If I wanted insight, I wouldn't be reading
Probably not. Most people think safety regulation is to protect consumers. It isn't. It is to protect the entrenched companies that can afford to dedicate departments to compliance, pay the fees, and pay the lobbiests for more (which said company in turns publicly protests).
Because Boeing followed all reasonable efforts to comply in good faith with all FAA safety regulations and good practices and the FAA certified the system as being safe, short of some hidden or misleading information submitted, it is going to be a serious uphill battle to claim negligence on the part of Boeing here.
Boeing wasn't negligent, the FAA was and until their bread stops being buttered by the people they are supposed to regulate it will happen with the FAA and every other safety agency. Until lobbyists and politicians bread stops being buttered by the same safety regulation that is difficult for upstarts to comply with but presents no real barrier to megacorps like Boeing will continue to be the rule of the day.
"Sandy Hook taught me that the non-regulated industries have lobbyists that prevent regulation."
Aviation is hardly an unregulated industry but in most regulated industries it is industries that pay the lobbyists to fight FOR regulation. They make sure the regulations carry fines, fees, and most of all red tape that keeps anyone from entering their industry without very deep pockets and a pack of insiders. In the meantime, the more regulation the more protection they have against lawsuits. Which is exactly why Boeing will walk away from this unscathed. They disclosed everything to the FAA and followed all good practices and compliance procedures to ensure the aircraft was safe. The FAA giving their blessing means short of having lied or misrepresented something somewhere Boeing is in the clear.
sadly news outlets are more interested in the trump russia stuff where they found nothing so far than things that kill hundreds of people when they crash
and even if some reporter found all this stuff I bet you its been refused for publication because its not good press. remember these corps also own the media...
Yes. Those recommendations impact what the giant food companies can get away with. There need to be regulations on refined flour and sugar. First step is to treat and list refined flour as sugar. Refined olis also need called out. This shit is disastrous to the general health of everyone--that we are all expected to pay thier massive health bills to save thier feet from falling off or thier heart failure. We need to start labeling this trash that is currently passed off as healthy, as junk food.
Someone said HOWITZER!
FYI: https://grammarist.com/homophones/stent-vs-stint/
Yeah , flying doesn't need promoting. Like the Brooklyn 99 joke about being a drug pusher. Drugs don't need pushing, people love drugs.
You DO NOT need "government" to regulate private enterprise.
YOU need to regulate private enterprise.
DEMAND opensource public access to and audits of all designs, procedures, and maintenance, or
DONT GIVE THEM YOUR FUCKING MONEY.
If you think your "government" mommy teat gives a SINGLE FUCK about real safety for you, you are FUCKING MISTAKEN.
Time again over history, the only REAL safety you get is when you do it yourself.
"TRUST US" no longer works, it NEVER has.
It's time to OPENSOURCE all the above.
NO MORE SECRETS.
and you start a company to do it, you will run straight into the hyper-regulation of aviation in the USA. You will discover that you must pay to have trained people who are recognized by the FAA come in and review and sign-off on everything you do (cannot remember at the moment what they are called - brain freeze). There are people who make a good living by having these certifications from the FAA and then going around doing inspections and sign-offs for smaller aerospace firms. This is very time consuming and expensive and they cannot always come in when it's convenient for you, and it's one of the many things that drives development costs of new aircraft through the hangar roof. This is one reason flying cars for regular people will never arrive (the dev costs are too high and when you divide them across a short production run they make the sticker price too high, per flying machine).
In the case of a huge company like Boeing, however, they send some of their employees to get that inspector training and get certified by the FAA and then they are in-house and on-staff and the company can then self-certify everything. I'm pretty sure Airbus and Bombardier do the same thing (get some managers certified and then have those employees sign-off on stuff).
Regulatory capture at its finest - the big established firm is in reality not overseen much at all since it is certified to oversee itself with people on its own payroll, but any smaller upstart gets financially ruined by the government oversight overhead costs before it can even get off the ground. This can go on for many years, saving the big boys lots of money, until something goes wrong badly enough to get congressional attention...
I know, because I observed it first hand years ago in an aerospace firm I'll not here name.
note the date: This stuff got rolling under GW Bush, but got out of control under Obama. It has Nothing to do with Trump.
I'm NOT campaigning for Trump, it's just that seemingly every subject on Slashdot since 2016 gets populated with deranged Trump haters trying to vent their hatred and one can almost sense the spittle on their keyboards. TRUMP IS NOT THE PROBLEM HERE.
This is an issue of an aganecy of the federal government being too cozy with a corporate giant that is effectively a national monopoly and further protected because it is vital to national security for them to be a viable corporation. Things were not this way back before the federal government allowed all the big aerospace firms to gobble up most of their competitors. The USA used to have three big defense firms that also built civilian airliners (Boeing, McDonnell Douglas, and Lockheed). Boeing was allowed to gobble up McDonnellDouglas (which itself was a merger of the Douglas Aircraft and the McDonnell Aircraft Company and had absorbed the aero divisions of General Dynamics which had absorbed the aero portions of Consolidated, Convair, and Vlutee) and Locheed merged with Martin and got out of the airliner business (last big airliner from them was the L-1011).
Now, with Boeing as the only real US airline maker and vital to US defense, it would be politically impossible for the FAA to sink them by not certifying one of their new birds. Before any Euro-people start jumping up and down about this: you have the same thing with Airbus. Europeans are pretty much down to just Airbus making airliners and Airbus also being vital for jobs and defense, so there's little chance a Euro regulator would decide not to certify one of their planes (the A380 is a great example, having failed its initial structural test of the wing). Given the alliances between the US and Europe, and the desire to avoid a trade war, it's also nearly impossible for the FAA to not cert an Airbus and for the Euro authorities to not certify a Boeing.
At least this article finally gives some info on the software fixes being developed by Boeing, instead of the nonsensical speculation we've been getting thusfar. Changing MCAS to take into consideration the angle of both AOA vanes, and limiting the amount of trim that it can command to a more reasonable level. Unfortunately for Boeing, at least one of these is a fairly obvious safety features which should have been implemented in the first place; it's not going to look good for them in any upcoming lawsuits.
737's can inappropriately (and repeatedly) retard the throttles to idle if the single radar altimeter used gives a bad reading. (And the plane has two radar altimeters!)
https://en.wikipedia.org/wiki/...
There are supposedly other similarly reported incidents.
Love many, trust a few, do harm to none.
Nope - the lawsuits they are screwed on. But they (and their insurance company) have plenty of money and it will be mostly forgotten in two years. Although, they are lucky that most of the dead are not from the US, the land of ridiculous lawsuit outcomes (at least until appeal).
Why is there an "insightful" mod and why isn't it "-1"? If I wanted insight, I wouldn't be reading
The MCAS was programmed to move the Trim forward in increments until it eventually reached the Maximum deflection which easily overrided the Yoke.
Perhaps the reason for the name of the 737 variant?
If the MCAS had been limited to say 50% of max Trim deflection then the pilot would always have been able to bring the nose up using the Yoke. Crash avoided
737 Max - the first airliner with Max Trim Bunt
Thank you for repeating some of the salient points in the article.
Faulty pitot tubes feeding incorrect airspeed data to the flight computers, resulting in a crash?
Subsequent investigation found over a dozen similar episodes... the only difference being that at the time the pilots were not flying at night through heavy thunderstorms and could visually assess their airspeed. "Luckily" this defect was to blame for "only" one crash.
Boeing will recover from this, just as Airbus did. The difference here, however, is that there is an element of malfeasance.
Only available in red States. Only necessary in red States.
Food Nazi
And we have a huge indictment of Trumpist deregulation too: industry didn't win by weakening FAA oversight, rather it lost big league.
Enough with the partisan nonsense. This plane wasnt designed, built and tested sebsequent to any deregulations from trump.
Indeed it is. What everyone is missing is they've taken a 737 airframe, bodged some aerodynamic changes onto it that has seemingly caused the aircraft some serious and probably unknown aerodynamic problems and they've covered it with software. It isn't the software that's the problem here.
I'd start selling Boeing stock.
Go back to your silent disco in your mom's basement.
The underlying problem is (agency name) has a revolving door to the (industry name) Industry where people, regulation and oversight passes through unobstructed by responsibility or moral conscience.
FTFY
1 in 100,000 is not great really.
Odds of getting all six numbers in the Lotto 6/49 is 1 in 13,983,816. Yet it gets won on a semi-regular basis.
This sounds too much like the "unsinkable" Titanic.
This is how the FAA has operated for years folks, get a grip. They require the aircraft manufacturers to certify their designs but again, how many incidents with this aircraft type in the US? 0
Armchair philosophers here will of course obviate Airbus when their tail fell off an A300 in Jamaica Bay in 2001 and they did nothing about it.
Oh remember when Airbus had to change all their angle of attack sensors after that A400M crashed while testing? They washed the plane and water behind the sensor froze at altitude, giving erroneous information to the flight control system.
It's not Boeing or Airbus it's the culture that technology will solve all the problems. Yes, more testing always helps but design flaws exist in every system out there. I fly every week in Boeing, Airbus, Bombardier, Embraer and even McDonnell Douglas planes. Your risks are all the same regardless of tech or age.
Move on, Boeing will fix this and another tidbit unless they can find criminal misconduct or negligence, the passenger losses are fixed by international agreement.
Harrison's Postulate - "For every action there is an equal and opposite criticism"
>The pilots flew properly and under normal operation the MCAS trimmed out the elevator over and over until pulling the stick all the way back still left you pointing at the ground.
Yes, I explained it does that based on one sensor, and suggested that perhaps it shouldn't trim so far, especially with other instruments indicating it probably wasn't in a stall. So you disagree with the second half of my comment? You think it SHOULD nose dive?
Use this one then:
Nordic Nutrition Recommendations 2012 http://norden.diva-portal.org/...
"so the problem is not the regulations but that people do not give a shit."
Actually I think it's both. The FDA getting more lax, and people giving 'less of a shit'. And if that's the case, then the thing to work on is the causes contributing to both situations.
You make no sense. You literally blame the plane issues on "guns and booze".
Post birth abortions is a ridiculous lie and also a contradiction.
I doubt it. There are too many US operators who won't buy European, and even if they do there ins't a good alternative to the 777x for replacements to the 747, 777, and a380.
The relevant deregulation happened under Obama, you butthurt cock sucker.
When Fascism comes to America, it will call itself Anti-Fascism, and tell you to give up your guns.