Boeing Delays 737 Max Software Fix

Boeing's promised software fix for its 737 Max planes involved in two deadly crashes since October has been pushed back several weeks after an internal review by engineers not connected to the aircraft raised additional safety questions. "The results of the 'non-advocate' review have not been revealed, but the Federal Aviation Administration confirmed on April 1 that the software needed additional work," reports Ars Technica. From the report: "The FAA expects to receive Boeing's final package of its software enhancement over the coming weeks for FAA approval," an FAA spokesperson said in a statement. "Time is needed for additional work by Boeing as the result of an ongoing review of the 737 MAX Flight Control System to ensure that Boeing has identified and appropriately addressed all pertinent issues." Just how far back the delivery of the MCAS patch has been pushed is uncertain. The New York Times reports that the update's schedule has been pushed back "several weeks." And after its delivery, an FAA spokesperson said, "the FAA will subject Boeing's completed submission to a rigorous safety review. The FAA will not approve the software for installation until the agency is satisfied with the submission."

This means it could be months before grounded Boeing 737 MAX aircraft are once again deemed airworthy. And that means more flight cancellations for airlines that have the aircraft in their inventory. Southwest Airlines, Boeing's largest 737 MAX customer, canceled all of its flights dependent on its 34 737 MAX aircraft through April 20 so far -- about 150 flights per day. And Boeing's delivery of new 737 MAX aircraft -- the company's best-seller -- has been indefinitely delayed.

Biggest lawsuit ever

Boeing will be sued out of existence for this negligence. The MBA-esque desire to charge a few extra bucks for an essential safety system will mean they shall pay billions.

Re:Biggest lawsuit ever

[Sique]

I'm missing a "-1, Wishful thinking" moderation choice.

Re: Biggest lawsuit ever

The security module would not be required on a plane that was built in the last half century. It's a horrible plane with horrible hack as an attempt to keep it in the air.

Re: Biggest lawsuit ever

[gweihir]

Indeed. Not how anybody sane designs systems that can kill lots of people in accidents. The whole thing was completely botched, and the motivations was plain old-fashioned greed and arrogance.

Re:Biggest lawsuit ever

Forget about this. EU will definitely revenge for WV dieselgate, but everything else will stay where it is now.
Look at Intel's Meltdown and Spectrum processors vulnerabilities, all exciting processors produced since 2005 are basically must replaced as soon as possible. Do you see anybody to sue Intel? The answer is "no", so it is the same for Boeing.

I am more amazed by the fact that shitty social media companies like Snap-chat manage to make IPOs for 30Bln when Boeing capitalization is just 150 Bln. Is it Ok?

Re:Biggest lawsuit ever

[Tablizer]

The CEO should step down. On top of the crashes, the pay-for-safety thing is squarely on him: he either signs the final order, or if somebody else did it under his nose, he's incompetent for not watching the ship.

On a different note, what would happen if the Max is grounded for several months or years? Are there enough other planes to cover the load, or will rates go way up?

Re:Biggest lawsuit ever

[hawguy]

Forget about this. EU will definitely revenge for WV dieselgate, but everything else will stay where it is now.
Look at Intel's Meltdown and Spectrum processors vulnerabilities, all exciting processors produced since 2005 are basically must replaced as soon as possible. Do you see anybody to sue Intel? The answer is "no", so it is the same for Boeing

Wait, what does West Virginia have to do with Diesel? I thought that was Coal Country and they were just waiting for Trump to bring back steam locomotives to make rail great again?

Re: Biggest lawsuit ever

WV? Who the fuck is that?

Re:Biggest lawsuit ever

And he will get a huge golden parachute.
hopefully it will be packed wrongly and fail to open

Re:Biggest lawsuit ever

[Iwastheone]

Boeing is about to learn how the cheap becomes the expensive.

Re: Biggest lawsuit ever

[Iwastheone]

In between the 2 Boeing crashes, another crash was avoided only because there just happened to be another pilot who was in the extra cockpit seat. He knew and understood this flaw, and was able to instruct the 'real' pilots on how to keep the plane from nosediving into the ground like the other 2 did. If not for this, random informed off-duty pilot being in that cockpit, we would have had a third tragedy.

Re: Biggest lawsuit ever

If not for this, random informed off-duty pilot being in that cockpit, we would have had a third tragedy.

Correct me if I'm wrong, but I recall the one you mentioned was the same aircraft, which they apparently didn't fully repair and validate before returning to service. The next crash was the next day I think with that aircraft.

Re: Biggest lawsuit ever

Wolks Vagen

Re: Biggest lawsuit ever

[radarskiy]

"He knew and understood this flaw"

That pilot did not know and understand the flaw. He knew that if you worked through the trim excursion checklist you eventually hit something that resolved the symptom.

Re: Biggest lawsuit ever

[Lothsahn]

You're correct. Had the jump seat pilot not been present, the Lion Air plane (the first crash) would have crashed the day before. If that happened, I strongly suspect it would not have crashed again the next day. :)

Yes, the AOA sensor was not repaired properly on the Lion Air plane, it was put back into service, and the plane crashed. Unlike the Ethiopian airlines plane, the pilots were not aware of the MCAS system.

The jump seat pilot properly identified a runaway stabilizer condition (caused by MCAS), and by following the procedure for runaway stabilizer (which was unchanged from previous 737 models), prevented the crash.

Re: Biggest lawsuit ever

This is advanced disinformation.
The deadhead pilot knew what to do because he memorized the troubleshooting checklist that all pilots certified for the craft are supposed to memorize. He was merely competent, which seems to be unfortunately rare among Ethiopian Air pilots. There would be no third crash, since the plane which was saved by the deadhead pilot crashed the very next day under another clueless crew. The airliner didn't fix the AoA sensor or ground the plane, and also didn't think it was necessary to warn the next pilots that they may need to disable attitude correction to avoid a computer-controlled stall into the earth.

Boeing made a turkey of a plane, but don't pretend the (state owned and clearly poorly run) airline didn't play an enormous part in this.

Re: Biggest lawsuit ever

Whoops.
*computer controlled flight into earth

Who needs proof reading?

Re: Biggest lawsuit ever

[Obfuscant]

That pilot did not know and understand the flaw. He knew that if you worked through the trim excursion checklist you eventually hit something that resolved the symptom.

EVERY pilot is supposed to understand that if you are experiencing a runaway stabilizer that disabling the electric trim system is how you stop it. That's part of their training. It's part of the training beginning with the first contact with an autopilot that has an electric trim system. It's part of the recurring training in the simulators as ATP-level pilots go through their corporate check rides. Before I was ever let loose in an airplane with such an autopilot the CFI made me show him every one of the half a dozen ways of disabling the autopilot, including pulling the circuit breaker for the trim system. And amazingly enough, it's part of the preflight checklist, too.

It's not a case of "eventually hit something", it's a part of the design of the system and part of the emergency procedures that every pilot ought to know.

The important question is not why the dead-head pilot knew it, but why the six other pilots involved did not. No, it's not Boeing's fault that they weren't trained on dealing with this failure, it was in the POH from the beginning.

Re:Biggest lawsuit ever

[Tough+Love]

It's pretty much a given Boeing will to lose this one big, and pay big. But that cost will be small compared to the customer defections, which have already started.

It's beyond me why anybody would think it's a good idea buy an obsolete deathtrap 737 in the first place.

Re: Biggest lawsuit ever

[Tough+Love]

EVERY pilot is supposed to understand that if you are experiencing a runaway stabilizer that disabling the electric trim system is how you stop it.

Fuck off. The trim should not have run away, on top of the whole sad fiasco starting with the stubby landing gear. Boeing put the flight crew in a position where they needed to solve a puzzle in one minute or die in a huge fireball. They didn't figure out for whatever reason and hundreds died. Boeing did that.

Listen, just fuck off asshole. Boeing will pay, but it won't bring those people back to life.

Re:Biggest lawsuit ever

[Tough+Love]

And all 737s should be junked. Short ones are ancient and long ones are deathtraps.

Re: Biggest lawsuit ever

[Obfuscant]

Fuck off. The trim should not have run away,

Thank you for your kind words. Of course the system should not have failed. But, being a physical device, designed by humans, built by humans, systems CAN fail. And knowing that the system CAN fail, the designers put in a method of disabling the effects of the failure. Screaming that the system should not have failed is simply childish and immature, like the rest of your language demonstrates.

If the stabilizer trim runs away and there is no way to stop it, then yes, there is a problem with the design and outrage would be justified. But since there is a documented and practiced method to disable such a failure, outrage at the manufacturer is misplaced.

on top of the whole sad fiasco starting with the stubby landing gear.

The landing gear has nothing to do with MCAS or a runaway stabilizer emergency procedure.

Boeing put the flight crew in a position where they needed to solve a puzzle in one minute or die in a huge fireball.

And Boeing provided a method of disabling the runaway stabilizer trim that takes just a few seconds to accomplish. Prior to following the standard emergency procedure, pulling back on the yoke takes just a second and would stop the descent.

If you are going to be outraged at how Boeing put these pilots in such a bad position, then you need to be outraged at EVERY aircraft manufacturer, because EVERY aircraft manufacturer of similar aircraft has an electric trim system that can run away.

You clearly are not a pilot, or not a pilot who has transitioned from anything more complicated that a C152 or other trainer. If you had, you would know about electric trim failures and how easy it is to stop them dead without dying yourself.

and we are all waiting for autonomous vehicles

right... and some idiots are out there panting over how much we need to ban driver controlled vehicles and we must move to AI/Autonomous vehicles ASAP!!!! This right here is why we shouldn't
can you imagine if your car was "grounded" for months while a safety computer control /sensor issue was worked out/tested and approved before the Dept of _____________ signed off on it. horse hockey.. no thank you.

Re:and we are all waiting for autonomous vehicles

[laie_techie]

right... and some idiots are out there panting over how much we need to ban driver controlled vehicles and we must move to AI/Autonomous vehicles ASAP!!!! This right here is why we shouldn't can you imagine if your car was "grounded" for months while a safety computer control /sensor issue was worked out/tested and approved before the Dept of _____________ signed off on it. horse hockey.. no thank you.

If something goes wrong with autopilot in a plane, very bad things happen. If autopilot goes wrong on a car, not so bad things are probable. You can walk away from most car crashes. These glitches illustrate why we need the capability to override autopilot.

Re:and we are all waiting for autonomous vehicles

[Obfuscant]

If something goes wrong with autopilot in a plane, very bad things happen.

Yeah, really bad -- the pilot has to disable the autopilot and fly by hand.

If autopilot goes wrong on a car, not so bad things are probable.

Yeah, the driver disables autopilot ... oh, wait, there is no "driver" and no controls for him to take over when autopilot is disabled.

When an aircraft autopilot goes bad, the pilot, who has been trained and demonstrated the ability to deal with the emergency, has a reasonable amount of time to take control. When a car goes batty, it may first demonstrate the failure by running a pedestrian over. But that's ok because the occupants can "walk away."

These glitches illustrate why we need the capability to override autopilot.

Aircraft pilots already have that ability, and must be able to demonstrate that they have that ability every time they take a check-ride. That includes MCAS.

So they messed it up again

[gweihir]

If internal reviewers are brave enough to point out flaws with this huge amount of pressure, it must be a really bad mess. Or they actually have some engineers left that found a backbone and are unwilling to be responsible for hundreds of people killed, no matter what management wants.

Re:So they messed it up again

Well, they might also be trying to avoid having the review taken outside of Boeing due to suspicion that the review will not be valid. Better to slap oneself than lets others do it...

Re:So they messed it up again

[0100010001010011]

Aerospace operates entirely on the Peter Principle these days. Everyone that could find other jobs in a hot job market have left.

Good Aerospace engineers that lead the R&D went to Automotive for the upcoming ISO26262 certification and ADAS. All that's left is a skeleton of the old American companies that are coasting on decades old engineering with more money spent on marketing. (See also IBM, Oracle).

Re: So they messed it up again

Cartoonish

Re:So they messed it up again

If internal reviewers are brave enough to point out flaws with this huge amount of pressure, it must be a really bad mess.

Or they know there's going to be much more scrutiny from the media etc. this time around so everyone is working extra hard to cover their ass.

Independent engineering review

What a concept. :/

Tres Fucked.

[0100010001010011]

As someone that has worked in both functional safety and off-highway vehicles.

How the fuck did this ever make it into production. Why is a 'second sensor' an upsell?

When given the option to completely update the cockpit to the latest and greatest with digital displays.

They chose to replicate the old mechanical dials so the pilots couldn't be retrained.

The entire thing from start to finish was rushed. Mechanical design comes first. There is no 'try and develop software in parallel'. A clean software design depends on a good mechanical design.

The plane should have been a white board redesign, it should have been balanced such that a pilot could fly it stable with no avionics. This isn't a jet fighter.

But it was rushed because Europe invested in R&D and beat them to economy routes. How much money did Boeing C-suites make before 2011? During the 2009 crash there was a hiring spree by some companies because the market was flooded with cheap, good engineers that just got laid off. Companies invested in talent. Did Boeing?

People died because... Boeing sat on R&D from post WWII while making a ton of money so when Airbus released a good plane they scrambled to retrofit an old design by putting huge engines on an airframe causing it to pitch up but to appease its clients it added software to mimic the old plane behavior and tested it themselves and told the FAA they promise they did it right.

More or less.

Re:Tres Fucked.

[0100010001010011]

People have gotten smart since DO-178B was first implemented. They're following the letter of the laws but not the spirit.

So you break 'don't kill people' into 50 different requirements. All of them technically are met. No one of them directly contributed to the death of anyone. So no one engineer directly caused this. All of the software requirements were met.

Plus you have all of the requirements interfacing with their suppliers. Did GE fudge the numbers on how parts of the engine would perform to get the contract? How much did their air sensor supplier fudge how safe it was? How much did Boeing 'magic wand' testing and requirements to meet delivery dates?

Was it only tested around seattle? Did they do some extreme climate testing in their time frame? Or did they "eh, it's close enough to the last one we don't have to recert".

The end result is a software fix to not pitch the thing into the ground, but there were a lot of other physical design shortcuts that occurred to get to this point.

I just want to know how many people are lawyering up right now. Audi's down fall was an engineer with an e-mail in a safe. In the mean term I'm really weary of parts of flying.

Re:Tres Fucked.

[0100010001010011]

Not sure if I should lob my senator questions like:

1. What is your entire development toolchain. Especially:
    
   • What compiler. (GHS?)
   • What OS. (Windows... XP?)
2. How much of it was 'autocode'? Are your simulink models documented to the FAA? Could the senate & house cobble together enough engineers/scientists to know what they were looking at?
3. Can a 3rd party review the SIL/MIL/HIL testing documents?
4. Who made you plant model of the plane? How close is it to actual flight data. In a simulator, under a failed sensor does the simulation/HIL behave like the two crashes?

Re:Tres Fucked.

[0100010001010011]

How many subcontractors did this project get spread out across? I know you have small companies like Performance Software do the actual work.

One of the world’s top systems suppliers was building a next-generation computing platform for Boeing’s commercial aircraft. Its initial attempt to repurpose an existing military platform for commercial use presented a number of unforeseen challenges. Fatal bottlenecks formed since the three target hardware sets available were not enough to support the large team of 47 developers necessary for testing at the required rate. This created much more work than was originally anticipated against a razor-thin timeline. Having worked with Performance Software on previous programs, the supplier knew this was a partner who was well-versed in safety-critical software and able to consistently deliver on time.

How much did those 'shortcuts' play in to deaths? Was there a UI team? Is this a case of some small design decision not to show something?

Re:Tres Fucked.

How the fuck did this ever make it into production. Why is a 'second sensor' an upsell?

Wondered the same thing myself immediately after I heard the technical details of the failure. Makes you wonder how many layers of design approval at multiple organizations are at fault here.

When given the option to completely update the cockpit to the latest and greatest with digital displays, they chose to replicate the old mechanical dials so the pilots couldn't be retrained.

You mean so the pilots didn't have to be retrained. And that was a fucking bean counter that made that decision, not a pilot.

...People died because... Boeing sat on R&D from post WWII while making a ton of money so when Airbus released a good plane they scrambled to retrofit an old design by putting huge engines on an airframe causing it to pitch up but to appease its clients it added software to mimic the old plane behavior and tested it themselves and told the FAA they promise they did it right.

More or less.

Your latter comments summed it up well, and can't disagree with you there. Classic case of profit coming before sound design process and ultimately safety.

Re:Tres Fucked.

[hawguy]

How the fuck did this ever make it into production. Why is a 'second sensor' an upsell?

I think it's just the Disagree indicator (and Angle of Attack indicator) that are the add-ons, the second second comes standard, but only one is used for a time, and the pilot is expected to understand when MCAS was acting inappropriately. Turns out that determination (and resolution by turning it off) was not as clear as Boeing thought it was.

Though I'd also question why the airlines decided to save a few bucks by not buying it -- I bought the $3000 automated emergency braking upgrade for my car (which probably shoud have cost less than $500 if it wasn't bundled with other stuff I didn't need or want), so why didn't airlines pay the $80K for the extra indicators on a $100M airplane?

Re:Tres Fucked.

The 737 have used glass flight decks since the NG series.
Idiot.

Re:Tres Fucked.

[rtb61]

It is much worse than people think. The approval process was blatantly corrupted to maximise profits. Short cuts were taken in engineering to maximise profits. Incidents has occurred prior to the two crashes, were reported and covered over to maximise profits. The first crash occurred, they knew the cause right from the get go and covered it up to maximise profits. The second crash occurred and they still tried to covered it up to maximise profits. The FAA pretty much knew exactly what was going on and corruptly tried to prevent the planes from being grounded to maximise profits. The US was the very last country to ground those planes, in the most corrupt fashion in order to maximise profits.

NOW COME THE LOSSES and guess who is destined to go belly up, well at least play capitalism bankruptcy, to shift the losses from their executives and investors to the general public, socialise them losses, in order to maximise profits. Lie, cheat and steal, it's the American deal. Probably cheaper for Boeing to buy Southwest Airlines, rather that cover the losses of 150 missing flights for 90 days or more.

Re: Tres Fucked.

To correct, the second sensor was not an upsell. All planes had 2 sensors and MCAS was designed to use only one. The option was the disagree light and the manual readout of the sensors.

Re: Tres Fucked.

You bought the brakes because it is a car you/r family drives 90+% of the time it is operated. If you have a hundred planes, you spend at most 1% of your time in any random one of them. But really, if you have a hundred 737 planes, you are flying in the hundred and first plane your company owns, which is probably a gulfstream.

Re: Tres Fucked.

because you only bought ONE car. The airlines bought DOZENS of aircraft.

Re: Tres Fucked.

The really fucked up part is that both extra options are just software upgrades.

Re:Tres Fucked.

[Ol+Olsoc]

The plane should have been a white board redesign, it should have been balanced such that a pilot could fly it stable with no avionics. This isn't a jet fighter.

It is nothing short of incredible that an unstable airframe is even allowed to be put into passenger service. This is a good thing in fighter jets, a great way to have deathly accidents in a passenger jet.

What is more, the fighter jet is designed from the ground up to be unstable. The software is designed to work with that instability.

This is a case of software attempting to work around a plane that is by it's very design, a deathtrap.

Re:Tres Fucked.

[Bourdain]

I've been reading all of the coverage and commentary about the 737 Max on slashdot and I thought this was a post I already read...

indeed it is but the only difference is the formatting of the word "fuck" --> lol

this is not the say I dislike the comment, it is a great comment and continues to be applicable; keep on posting it as opportunities arise

Re:Tres Fucked.

[bobby]

Hey, you make a lot of great points and I agree. Just please everyone stop blaming engineers. I take it you're not one? We engineers do not make the decisions- managers do. Please study the Challenger disaster. Engineers said "do not launch" but the managers overrode them and launched. After 7 astronauts died, the managers pandered to public and govt. scrutiny and listened to engineers somewhat for a while. But the cycle repeats, and then we had Colombia.

We engineers are usually told what to do- we figure out how to implement someone else's ideas, under manager's rule. Often we come up with better ideas, or how and why something won't work or is dangerous, and we're told to shut up, don't make trouble, just do our jobs. That's why so many new companies are started by engineers who want to be in charge but the corporate authority structure disallows it.

The real problem, as most people point out, or at least ultimately understand, is greed.

BTW, my personal biggest gripe with most of technology today is excessive automation. Like Windows 10 auto updating, wizards, on and on, things you can't control. The machine is built by humans to serve humans. We should always be in control. We should always be able to override the machine instantly.

I'm not a pilot (a couple of hours of FAA flight log lessons) but from what I've read by actual pilots here and other blogs and forums, the flight dynamics that the MCAS compensates for are pretty minimal. Like if you increase engine thrust, the plane starts to climb. ANY pilot will see the vertical speed increase, artificial horizon move, and compensate manually (push on yoke, adjust elevator trim).

Part of the problem, IMHO, is that MCAS is more than a "trim" / compensation. It was trying to prevent stall, and generating HUGE elevator inputs, AND, that the pilots were not able to override. MCAS should only make fine trims, and only in response to pilot's input. Other systems should handle anti-stall. And all of them need to be very clearly controllable (big OFF switch label).

Finally, and most importantly, IMHO NO system should EVER override the pilot, especially not repeatedly. And AFAIK, autopilots will disengage when the pilot takes control. Of course that caused some crashes where the pilot did not notice the autopilot had disengaged, so I could advocate a system that prevents a plane from descending when there's no pilot input. IE., if there's been no pilot input, we're sinking and could be getting dangerously close to the ground, the system would take over and prevent the crash. There are altitude and stall warning systems, but maybe something happened to cause the humans to become unconscious, so with no human input, an automatic system would kick in. But no system should continually override the human.

Re:Tres Fucked.

[bobby]

I think it's just the Disagree indicator (and Angle of Attack indicator) that are the add-ons, the second second comes standard, but only one is used for a time, and the pilot is expected to understand when MCAS was acting inappropriately. Turns out that determination (and resolution by turning it off) was not as clear as Boeing thought it was.

I'd love to know if they gave it any thought. I think they were just gung-ho with their kewl brilliant stealth MCAS system.

Though I'd also question why the airlines decided to save a few bucks by not buying it -- I bought the $3000 automated emergency braking upgrade for my car (which probably shoud have cost less than $500 if it wasn't bundled with other stuff I didn't need or want), so why didn't airlines pay the $80K for the extra indicators on a $100M airplane?

I don't know the price, but someone somewhere in the news said it was $5K.

Somewhere else I read (hopefully good info) that there are 2 MCAS systems- one for pilot, one for co-pilot, and each one only uses the AoA sensor on that side of the aircraft. That normally the 2 don't "talk" to each other, so the optional upgrade involved probably some simple code in some system that could compare the 2.

Re:Tres Fucked.

[bobby]

NOW COME THE LOSSES and guess who is destined to go belly up, well at least play capitalism bankruptcy, to shift the losses from their executives and investors to the general public, socialise them losses, in order to maximise profits. Lie, cheat and steal, it's the American deal. Probably cheaper for Boeing to buy Southwest Airlines, rather that cover the losses of 150 missing flights for 90 days or more.

Uh-oh, are we (US) headed for another "too big to fail" huge bailout scenario?

Even if Boeing did fail and the rats scattered, other manufacturers would have to ramp-up, and would of course hire all the Boeing rats.

More seriously, I hope there is a big investigation, criminal charges, and none of the criminals ever allowed to work in aviation or anything else critical.

Re: Tres Fucked.

None of it was auto code. Every line off code is derived from a software requirement. Unlike Teslas shit code, every line of code is validated against requirements.

Re: Tres Fucked.

[0100010001010011]

You know that Simulink can link to software requirements.

https://www.mathworks.com/solu...

Requirements tracking with code gen is trivial. You can trace everything both ways.

Re:Tres Fucked.

[aaarrrgggh]

The second sensor is not an option; it is standard. The option is an indicator that the two sensors do not agree. (I am told this is optional to maximize commonality between the previous generation and the MAX. The asinine decision is that this system has too much authority to rely on a single sensor; the system was deemed non flight critical.

For legacy reasons, the aircraft is designed with fallback to manual as the default logic. This means that the sensors and flight commputers essentially mirror a single individual. Boeing might need to bring the aircraft closer to fly-by-wire with envelope protection, but even the 320 only has two sensors and not triple modular redundant logic for voting.

Re:Tres Fucked.

[angel'o'sphere]

Keep in mind, changing the instruments in a cockpit will take years to get approved by the authorities.

Re:Tres Fucked.

How the fuck did this ever make it into production. Why is a 'second sensor' an upsell?

Going by the seattle times piece on the MCAS the initial spec. limited it to slight corrections. So it could never suffer a failure worse enough to crash the plane. Boeing updated the software to support larger corrections (half the possible range) and never updated the specification. The people responsible for certifying the plane were rather surprised to hear of that after the first plane crashed.

Re:Tres Fucked.

[labnet]

I thing the smoking gun, is the MCAS initially only had 1degreeish of trim authority, and the risk assessment that was done on that, but then it was later changed to 7ish degrees which was enough to overcome pilots elevator control but without doing the risk assessment again

Re:Tres Fucked.

[Luckyo]

AoA sensor thing is actually normal. Pretty much the only ones who pay any attention to those are the military trained pilots, who are trained to fly in a very different way from civilian pilots. So the "conflict between two AoA sensors" is an option for the airlines that utilize military pilots. And those that don't will not take it, because there's no point, as civilian training employs different scan methodologies for tracking aircraft's status.

The "retain as much as possible of the old aircraft" is the same thing. Getting certification to fly a different aircraft (type rating) means huge expenses and pilot that is gone for almost a month for training. Whereas differences training between two models of the same aircraft is just a couple of days of training. Hence Boeing made a huge effort to make 737 MAX only require minimal crew retraining from other 737 models. Civil aviation is currently going through one of the worst if not THE worst phases of lack of pilots in it's entire history. Any effort to keep pilots flying rather than spending time being retrained means significantly better profit margins for the airlines.

The fuck up here is miniscule. Problem is, in the word of aerospace, even miniscule fuckups lead to lethal crashes. People seem to have forgotten this due to remarkable safety record of modern civil aviation.

Re:Tres Fucked.

[Luckyo]

Pilots trained directly to civil aviation are not trained to track AoA by itself AFAIK. It's not that useful of information in an airliner, compared to things like airspeed. That is the realm almost uniquely reserved for fighter pilots who often train to fly at very rapidly changing AoA and with very high AoA limits that they need to manage not to lose too much energy and not to lose control of the aircraft. So it's an option for airlines that employ a lot of former fighter pilots and pretty much no one else.

Other pilots would find this indicator useless, as it would not be a part of their mechanical memory of how to track aircraft status in the cockpit.

Re:Tres Fucked.

[jabuzz]

And it requires the use of three fricking sensors. One sensor, it goes wrong and your stuffed. Two sensors and one goes wrong, your still stuffed because you don't know which one has gone wrong. Three sensors and the one fails the other two can vote it down.

No amount of software fixes are going to overcome the fact that Boeing cheaped out and only fitted the device with two sensors.

Sure they can have the software detect that the two sensors disagree and disengage the MCAS, but that leaves you with a plane that has significantly different flight characteristics than a standard 737, which was the whole point of the MCAS in the first place so that pilots didn't need recertifying to fly the MAX.

Basically Boeing have two options. fit a third sensor and update the software, or fix the software so the MCAS disengages with different sensor inputs and have all pilots recertify for the MAX variants.

Meanwhile whoever signed off on just two sensors needs to send some time in jail for corporate manslaughter.

Re:Tres Fucked.

They chose to replicate the old mechanical dials so the pilots couldn't be retrained.

You confused a feature for a bug.

The pilots are not customers of boeing, they are only users of the product.

The airlines buy the product, and if you already have a fleet of 737's then you have a fleet of 737 pilots, already trained and able to fly.
If you put out a new 737 Max, and all your existing pilots can fly it, with no retraining, then you don't need to pay for retraining, you don't need to delay flights because you have a pilot who is trained on a 737 but not a 737 max, and you can pass the savings right on to your executives.

Not having to retraining pilots was (and likely still is) a selling point.
The problem is the plane is significantly different enough that it probably should have included some retraining (like say on what to do if the stall sensor trips erroneously).

Re:Tres Fucked.

good parent post, no mod points
It is also amazing the mental calisthenics performed to move code out of DO-178b.
I worked on middleware for a combat aircraft that interacted with the plane's main armament system (the thingy that would actually drop the bombs, shoot the missiles, etc). The DSMS was DO-178b compliant, but the middleware was not, it was a rushed, confusing mess
 
  but the thing was, through APIs, the middleware could actually tell the armamement system to actually drop bombs, shoot missiles, etc.
  none of the code in the middleware was actually run through DO-178b.. The excuse was that the operators would only turn the "master arm" switch (the final shoot/no-shoot gatekeeper) in the armament system on when they were good and ready to fire, so it didn't matter if shoot commands coming from the middleware were buggy...

Re:Tres Fucked.

Did they do some extreme climate testing in their time frame? Or did they "eh, it's close enough to the last one we don't have to recert".

One test flight should be enough for everybody.

Re:Tres Fucked.

[Lothsahn]

The whole point of the 737 MAX was to avoid a white board redesign, not because the plane was rushed, but because they wanted to make it similar enough that pilots would not need a new type rating or new training. Unlike you, I disagree that a redesign was necessary--I think the MAX design was sound except for the serious and fatal design flaws in the MCAS system. Boeing is correcting those. Yes, the plane has a positive feedback pitch design, but the plane is perfectly flyable both with and without MCAS, and MCAS eliminates the positive feedback when operating properly.

The main concern I have is what other serious design flaws exist in the plane. I am not happy that the FAA appears to have basically rubber stamped the design.

Clearly, the crash rate of the 737 MAX is very high compared to modern passenger aircraft. The planes should be grounded (and are). There were 88,000 flight hours of the 737 MAX, and 2 crashes. This is roughly 5x higher than the General Aviation crash rate, which is a much higher risk activity.

Once the fundamental problem causing both crashes is resolved, and assuming that we have proper oversight of the overall design, I would have no concern flying on a 737 MAX.

Re: Tres Fucked.

>>Even if Boeing did fail and the rats scattered, >>other manufacturers would have to ramp-up,

Name one

Re:Tres Fucked.

[thegarbz]

We engineers do not make the decisions- managers do.

I typically will chime in and defend our profession a lot. But don't take this to the extremes. There are some *fucking stupid* engineers out there and the only fault management can be given in some cases is to not understand enough to fire people. However in this case I generally agree with you. On a system like this there should be enough eyes to discount incompetence as a cause of failure.

IMHO NO system should EVER override the pilot

Your opinion is noted and dully ignored. The airline and process industries have achieved their great and ever improving safety record precisely by recognising that humans are a really weak link and designing systems specifically with the singular purpose of taking control away from that fallible human. I humbly have the opposite opinion, no pilot should EVER be able to override a safety system. Not when we have a long and sad history of pilots thinking there were right while instruments warn them repeatedly that their plane is falling out of the sky.

Ok the reality is that there's no absolutes. The word "ever" doesn't actually belong in this argument. Each risk and case should be individually assessed and on a case by case the ability to override should be part of an engineering decision.

Unfortunately we here have a system without a safe state. Letting a pilot override the MCAS system as is is not the answer. You're stuck between a system specifically designed to avoid pilots stalling the plane actually thinking the plane is stalling. Designed as is with the system that has this function there's no source of truth and the pilot is no more trustworthy than the damn AoA sensor which may or may not be faulty.

The correct answer here is not to let a pilot override but rather to install a 3rd sensor to provide an indication of what is happening. A man with a watch knows the time. A man with 2 watches is never sure.

Re:Tres Fucked.

[0100010001010011]

Hurray for DO-178C, I want to see the high and low level requirements. That '7' vs '1' is probably sitting in a header file somewhere with a commit tied to a specific requirement put in by an engineer that is probably sweating or lawyering up.

Re:Tres Fucked.

[Tough+Love]

How the fuck did this ever make it into production.

On many levels. The airframe is just a disaster. The landing gear is so stubby it risks a tail strike on every landing, and the wrongly placed engines make it dynamically unstable in near stall. Then there are the obsolete hydraulics and controls and basically the whole plane is a museum piece. Let it go. Just let it die.

Re:Tres Fucked.

[Tough+Love]

You again. Apparently you do understand that it was not the autopilot that dove the plane into the ground, and that is just the beginning of your display of ignorance. Just shut up.

Re:Tres Fucked.

[Tough+Love]

For legacy reasons, the aircraft is designed with fallback to manual as the default logic.

The problem is, the aircraft does not fall back to manual. In fact, this evil control system is only active when the plane is under so-called manual control. But it isn't actually under manual control, it's under control of a computer seemingly designed to kill entire planeloads of passengers, and that is exactly what it did. Twice.

Re:Tres Fucked.

[Tough+Love]

The fuck up here is miniscule.

I don't know where you got that from. There was a massive chain of fuckups, all of them major, and any one of them enough to kill people.

Re:Tres Fucked.

[Tough+Love]

Three sensors and the one fails the other two can vote it down.

And there are recorded cases where the sensor voted down was the only one functioning. Better go on to design a system that isn't prone to killing people because sensors failed, no matter what combination.

Re:Tres Fucked.

[Daralantan]

We engineers are usually told what to do- we figure out how to implement someone else's ideas, under manager's rule. Often we come up with better ideas, or how and why something won't work or is dangerous, and we're told to shut up, don't make trouble, just do our jobs.

This just reminds me of some guys I knew that used to work as video game testers. They would report tons and tons of bugs and repeatedly bring up bugs that hadn't been addressed, and were basically told these bugs weren't important because they just wanted the game to launch on time and not waste more hours on fixing little unimportant issues.... Then a game would come out and a big outcry would happen over some bugs.... Management would go to the team leads and such with: "WHY DIDN'T YOU REPORT THESE BUGS YOU ARE FAILURES AT YOUR JOBS" essentially.... and then they would show every single one of the bugs they reported, and how many times, and the responses they were given about the bugs not mattering and to stop reporting them.

Re:Tres Fucked.

[thegarbz]

You again. Apparently you do understand that it was not the autopilot that dove the plane into the ground, and that is just the beginning of your display of ignorance. Just shut up.

I honestly thought all you do is troll but at this point I see you actually struggle in an epic battle with the english language. That or you're actually schizophrenic (oops I used a big word, let me help you: you are delusional and and hear voices in your heard). Maybe read the thread and keep your completely irrelevant and off topic garbage to yourself.

Re:Tres Fucked.

[Tough+Love]

You wrote: "your opinion is noted and dully ignored." That is all anybody needs to know about you, fucking asshole.

Re:Tres Fucked.

[bobby]

I mean no disrespect nor disparagement, just to be clear. Being quite intelligent, I've already thought through all of what you wrote and I 1/2 agree. Basically it's a complex philosophical argument. At the end of the day, if I was a high-level judge / decision-maker, my decision would be to allow humans to override the machines. Machines can break. A broken machine should never kill a human. I know humans are fallible and I believe in machines cross-checking, and planes already have stall warning systems, ground distance, verticle speed, VNE, V1, V2 indicators / warnings, etc. Part of my frustration is that MCAS did its own thing disregarding all of the other systems.

More news came out today (4/5) about the pilots trying to overpower MCAS, and having followed proper procedures, but MCAS being determined and able to kill humans.

Not sure why you're so gung-ho about machines making final decisions. I'm an EE and equally good with mechanicals. Okay, in 737 case, I'd be okay with an MCAS system that has 5 computers and 10 sensors. But you know what? All 10 sensors can get iced and stuck. Please think about this a bit. I've given these things a lot of thought for a very many years. Corporations don't seem to be able to think through all of the failure scenarios. And even when they do, greed compromises the fixes.

BTW, I have an idea (invention) for a better AoA sensor.

Put another way (playing Captain Obvious)- the machine (737 MAX) had sensors and algorithms and killed humans. Human pilots were right, machines were wrong.

Bottom line: humans have interest in self-preservation. Machines _might_ someday, but for the near future, since machines can break, humans need to have final override authority.

Re: Tres Fucked.

[bobby]

Ugh. Okay, you've stumped me. Well, there are several smaller plane manufacturers, and military big plane manufacturers, so maybe they'd step up. Lockheed-Martin, Canadian Bombardier, certainly could.

Any of these could ramp up (ramp-up being the key phrase). https://www.internationalbusinessguide.org/10-coolest-small-business-jets-in-the-world/

Re:Tres Fucked.

[bobby]

One company I worked for about 20 years ago was fairly well known, almost household name. I was brand new, working in test engineering. One product, the bread_and_butter, was 24/7 very high volume production electronic circuit. The automated testers were failing left and right, stopping production. I was trying to improve them but I was being constantly interrupted. I couldn't even get the previous guy's code to compile, supposedly doing exactly what he had done. I tried to suggest how we could build much more reliable AND repairable testers, but the idiots (managers) decided to build a bunch more of the same kluges. The GM was feared and loathed, but I got along well with him. He was grumpy and curt, but efficient and to-the-point. I told him about the problem, my idea to fix, and he replied "gotta eat" - meaning, of course, we need short-term quick fixes. The company was out of business in less than 2 years.

Re:Tres Fucked.

[thegarbz]

You wrote: "your opinion is noted and dully ignored." That is all anybody needs to know about you, fucking asshole.

Indeed. It's worth ignoring negative opinions about the state of automation in an industry where safety advances have been made through automation by someone who in their post proclaimed they aren't in the industry.

I understood your need to defend your favouite graphics card company despite the fact that they have precisely the same number of products in the top 15 market share as my cat does, but now you're defending opinions by 3rd parties in doing so showing that you didn't even understand the post, and then proceeded to declare me an arsehole while clearly not understanding anything that is going on in the thread.

You need English classes.
Or maybe you need to lie down on the leather couch and tell the man with fluffy doll precisely where theses pseudonymous people on the internet touched you as a child to make you so angry.

Re:Tres Fucked.

[thegarbz]

my decision would be to allow humans to override the machines. Machines can break

Indeed. There's a hierarchy here. But the philosophical argument that (x) known to break in weird and uncharacterisable ways should override (y) because we have characterised the way (y) breaks despite the fact that given proper engineering (y) is far more reliable doesn't make sense.

Philosophically there is of course sense in what you say. The human should be in "control". However we rely on the machine to keep the human "safe". This is fundamental to all safety systems which primarily exist to take away control.

The big problem here is that we blurred the lines between what is primary control and what is safety. In typical safety systems, failure of those systems do not create an unsafe condition. If forward accident avoidance on your car breaks down, it doesn't work, you don't suddenly crash and explode. If a turbine anti-surge system fails the turbine shuts goes to full recycle.

Which brings me back to my point, don't absolve engineers. While we're generally a bright bunch there are some stupid idiots among us. The standards of active safety systems set the bar incredibly high and frankly the person who decided that an active safety system should make a decision based 2 sources which could show a discrepancy, and then made the override complicated (yes there should be the option to override a system that is this stupid, this is not a properly designed safety system), well they should have their license revoked. The buck stops with engineering, unless it was the manager who signed the final design and therefore made themselves legally liable.

Not sure why you're so gung-ho about machines making final decisions.

Because this is the fundamental point of well designed safety systems. Control systems provide control to people. Safety systems take control away. You should be able to play with the accelerator and brake on your car as you please. You should not be able to prevent FCAS from applying the brake. You should be able to line up high pressure lines to vessels if you want, you should not be able to do anything to prevent a pressure relief valve from opening.

This is 50 years of experience in human machine interaction which showed that by letting machines make final decisions we dramatically reduced incident and accident rates. Ironically the industry at the forefront of this is the airline industry, followed closely by the process industry.

Fundamentally here the problem was an incredibly poor system design.

Re:Propaganda is Working

boeing shrill alert

Who writes down the loss?

[manu0601]

Who will write down the loss the 150 flight per day canceled for months. I assume airlines are insured for that risk, but still, the cost will be close to the billion USD.

Re:Who writes down the loss?

Who will write down the loss the 150 flight per day canceled for months. I assume airlines are insured for that risk, but still, the cost will be close to the billion USD.

Uh, one billion USD?

3,900 outstanding orders (@55M ea) for these planes adds up quick, and at this point we don't know how long they're be grounded. Indefinitely isn't off the table unless the entire process and system is far more corrupt than we ever imagined.

Could be a LOT more than a billion at the end of the day.

Re:Who writes down the loss?

the losses from the flight cancelations are likely to be pretty minimal as most passengers are easily shuffled onto other flights or other planes have been rostered on to take over the capacity, some logistics etc but no actual significant loss of revenue. Boeing will be the one taking the true revenue hit from this one and I think it will be in the many billions, especially if some of the orders start being cancelled.

Re: Who writes down the loss?

They are probably past the cost point of re-training already

Re:Who writes down the loss?

As far as "who", the answer in the short term is likely insurance companies. Even large companies like BA that might "self-insure" some aspects of the business typically hold insurance/reinsurance policies to cover losses that are within a few orders of the magnitude of annual revenue, so losses in the 100'sM up range for a company like Boeing. My guess is that all losses are going to eventually wind their way back to Boeing's liability, including losses from airlines for cancelled flights...Boeing's/Boeing's insurer lawyers will pay fairly and quickly on those I'd suspect, because those are their customers.

In the long term, Boeing will pay through increases to said policies, as insurers "re-evaluate" Boeing's risks following these events.

Re:Who writes down the loss?

[Hognoxious]

An alternative PoV is that if the system was runnable with X fewer aircraft they'd have bought X fewer aircraft in the first place.

These things are expensive. You don't buy them to have them sitting idle just in case.

Settings

MAX hidden settings

Re:Settings

Clippy: "It looks like you're trying to fly an aircraft..."

Re:Settings

[arglebargle_xiv]

"Ahh, control this is 452, we're declaring an emergency due to LOC-I event, aircraft nose is pitching down and we can't correct, what do you suggest, hotfix, kernel patch, restart systemd?"

Fix, or papering over a major design flaw?

[sehlat]

From what I understand, the planned change involves adding one more trim sensor and leaving the pilot to notice a "disagreement" light in the middle of trying to keep a flying bucking bronco stable. It's almost like they're ASKING for another major crash.

Re:Fix, or papering over a major design flaw?

[0100010001010011]

Asking pilots on Reddit in various sub reddits, it does pitch up a bit at higher AoA, but it just means you have to adjust the yolk a bit.

The car analogy is different feels for clutches. It's not too unstable. They should have just eaten the cost to retrain pilots. That is where the most compromises were made.

Re:Fix, or papering over a major design flaw?

[caseih]

There's more to it than that. Under the fixed software, if there is a disagreement between the sensors, the MCAS will no longer activate. Also I believe they said something about detecting a pilot override inputs and shutting down MCAS also.

Re:Fix, or papering over a major design flaw?

Your points are all valid, and I have no disagreement.
However, I'm going to be a pedantic ass and point out that the word you meant to type is "yoke". Eggs have yolks.
As you were.

Re:Fix, or papering over a major design flaw?

[sjames]

I was under the impression that MCAS was supposed to auto disengage and the light come on now if sensors disagree.

Re:Fix, or papering over a major design flaw?

Friendly English social justice nazi here - It's yoke unless you want to scramble it or make it over easy. Fried is right out.

Re:Fix, or papering over a major design flaw?

...which will cause an accident someday when the plane is banking hard and the MCAS turns off suddenly and now the pilots can't apply enough physical pressure to keep the nose down and don't realize quickly enough they have to seriously retrim the aircraft by hand - and they'll stall out.

But this should occur less often than pilots failing to notice that MCAS is broken because one sensor is reporting bad data not long after takeoff.

( MCAS is there so pilots don't have to keep constant continuous forward nose-down pressure on the stick, and especially so in the high wing loading cases it's not impossible to prevent the nose from rising and stalling out using the stick alone - both of which are a result of the physical location of the engines, so high and forward of the center of gravity that in some conditions they generate aerodynamic lift themselves and pull the nose up. And that was because they were trying to re-engineer an existing craft to get it to market quickly, instead of creating a new bird from scratch and being late to market. )

Re:Fix, or papering over a major design flaw?

Which sensors disagree?
MCAS uses only one sensor, yes, there are two, but only one is used. There is one point where cutting corners results in diminishing returns; in this case the result is over 300 deaths due to greed taking over all other parameters taken together. If the diminishing returns means all pending orders are canceled, so be it.
Next time maybe management will admit that there is a limit to corner cutting, although I doubt it given how banksters have already forgotten LB going bankrupt.

Re:Fix, or papering over a major design flaw?

[sjames]

The proposed patch was supposed to detect disagreement between the two AOA sensors and if found, turn on the disagree light and disengage MCAS.

It absolutely should have been doing that from the first plane off the assembly line as a standard feature.

Re:Fix, or papering over a major design flaw?

[Obfuscant]

leaving the pilot to notice a "disagreement" light in the middle of trying to keep a flying bucking bronco stable.

It is this kind of repeated, ignorant hyperbole that makes this discussion to frustrating. The aircraft is not "a flying bucking bronco". The failure resulted in a nose-down trim condition. The solution to a nose-down trim condition is to pull back on the yoke. That stopped MCAS and corrected the flight attitude. At that point, disabling the electric trim system is the documented action to stop the problem.

The only reason the aircraft would be a "bucking bronco" is if the pilot, who has already demonstrated a lack of training on how to safely fly any aircraft with an autopilot or electric trim system, repeatedly pulls the yoke back and lets go without bothering to correct the nose-down trim problem. That's a demonstration of a complete lack of pilot qualifications, which is not Boeing's fault. Whatever airline lets its pilots fly without any knowledge of how to stop a runaway trim system is at fault.

Clippy to the rescue

[Tablizer]

They added Clippy: "It looks like you are battling an aggressive autopilot. Would you like some help?"

Re:Propaganda is Working

Fucking Idiot misspelling turd located.

Re:Propaganda is Working

[Santas+L+Helper]

Except mcas was designed not as an anti-stall mechanism exclusively but rather a software solution to make this abomination of an aircraft fly move like the NG models. The design was so shitty from the start they had to install a new system and keep it quiet from pilots. Further more this is not just a simple trim runaway like pilots have been trained on, MCAS runs the trim a whole lot faster than standard trim inputs, do this during takeoff when there's a lot going on and you can quickly find yourself in an extremely bad situation. It's a shit plane that Boeing rushed to the market in order to compete with the Airbus A320Neo. This pile of shit should have never been drafted on paper much less frankenstined onto a 60+ year old design like those 707's you reference.

Pilot could not just pull back the stick

[aberglas]

In any normal flying, the trim is just a help. So even if this system trims badly, it should just annoy the pilot that has to countermand it. But apparently that was not possible, and that seems to be the real design issue. Nothing to do with sensors.

It would be like having automatic lane sensors in a car. If they go wrong the driver should be able to just grab the wheel and override them. The driver should NOT have to read some checklist in the manual to figure out which buttons to press to disable the system all while the car is heading towards a tree.

Re:Pilot could not just pull back the stick

[bobby]

Sounds like you're a pilot, which is awesome, and I absolutely agree with your post.

I have a big problem with the word "trim". To me, and many standard definitions, "trim" means fine tuning, minor adjustment. I suppose in aviation, "trim" becomes the thing that normalizes flight surfaces to achieve level flight with no yoke pressure, in all conditions. So continuing in that context, trim could become a big thing if big compensation is necessary. (needs more thought...)

Stated a better way, one of my many problems with the Boeing system is from what I know of the MAX's dynamics and what MCAS is supposed to do, it should never be able to cause that much elevator motion. A different anti-stall system should do that job, using all sensor inputs.

And as I just posted further up, and agreeing with you 100%, ANY automatic system should disable itself, with a big warning, if the pilot obviously tries to override it, especially after 2 or 3 times.

Re:Pilot could not just pull back the stick

Q: Could skilled pilots have prevented these two airline crashes?
A: Quite probably.

Q: In the most recent aircraft crash, did the pilots have the expected experience levels that passengers are accustomed to?
A; No.

Q: Is the current MCAS system needlessly unsafe?
A: Yes, it can trim the aircraft into an position that the pilots cannot recover when close to terrain.

Q: Does the FAA have a conflict of interest in its regulation of the airlines and the planes it flies?
A: Yes. It is interested in maximizing the commerce provided by US airline's operation as well as keeping the aircraft that are designed and operated in the US safe. These roles can conflict with one another.

Re:Pilot could not just pull back the stick

[Obfuscant]

But apparently that was not possible,

Of course it was possible. Pull up. Countermand, check. Then readjust trim, check. Then DISABLE ELECTRIC TRIM -- not check. That's what the emergency procedure for a runaway stabilizer says. (It also includes "disable autopilot if engaged", but it wasn't, so that step is moot.)

The driver should NOT have to read some checklist in the manual to figure out which buttons to press to disable the system all while the car is heading towards a tree.

Some checklists are immediate action, and are supposed to be automatic. If the electric trim is running away, disable the electric trim. You don't need a checklist to figure that out. And THEN the PNF pulls out the book and goes through the written checklist to deal with the non-obvious things.

Considering that a runaway stabilizer failure is a possibility for many reasons, it is one of those immediate action items that is practiced in the simulator and demonstrated in check rides. To claim that disabling the electric trim was not possible and takes some kind of special training is just looney.

Re:Pilot could not just pull back the stick

The point is that they should not need to disable anything. Just haul on the stick to override it.

Re:Pilot could not just pull back the stick

[Obfuscant]

The point is that they should not need to disable anything. Just haul on the stick to override it.

According to everything I've read, they can just pull back. It just gets tiring to have to pull back all the time, so it's good to be able to retrim and then turn off the electric trim.

Re:Pilot could not just pull back the stick

[Tough+Love]

The real design issue is that the airframe was stretched past its limits until it became unsound.

Re:Pilot could not just pull back the stick

[Tough+Love]

Actually, Boeing needs to design a better airframe that isn't to prone to stall, and go through the type certification like they should have done in the first place. Hundreds of people died simply because Boeing played games to avoid type certification.

Re:Pilot could not just pull back the stick

[Tough+Love]

Some skill, some training, some luck, and 300 people would be alive now. But that does not change the fact that Boeing sold a deathtrap junkheap of a plane that requires special skill, special training, and special luck, or it will dive straight into the ground and blow up in a huge fireball, killing everybody.

Re:Pilot could not just pull back the stick

[bobby]

Actually, Boeing needs to design a better airframe that isn't to prone to stall...

I know about the MAX without MCAS handling differently enough to require retraining, but are you sure about the "prone to stall"?? I've seen that written in comments here and elsewhere, but not from strong sources. Any plane can be prone to stall. I've heard from solid sources that all jets can nose-up a bit on thrust increase, and the 737 MAX does it more, but any pilot (certainly autopilot) should know this and would see it and compensate. Vertical speed and artificial horizon would alert a pilot. Altimeter and GPS would too, and maybe ground RADAR if you're close enough.

... and go through the type certification like they should have done in the first place. Hundreds of people died simply because Boeing played games to avoid type certification.

Yep, gotta keep those stockholders happy! Oops...

Re:Pilot could not just pull back the stick

[Tough+Love]

are you sure about the "prone to stall"

Yes, I am sure about prone to stall. The issue with the 737 Max is that the engine cowling generates lift, which would not be a serious problem if the engine was mounted directly below the center of lift of the wing as with classic 737, but is a big problem with the 737 Max, where it has a large offset from the center of lift, therefore generates a large pitch up torque in a high angle of attack situation such as takeoff. When the wing stalls the engine cowling does not stall (because it is a much less efficient airfoil) so the stall increases. As compared to a normal wing, where the center of left moves backward in stall so that the plane naturally tends to pitch back down. So it is fair to call the 737 Max dynamically unstable in stall: the stall tends to increase instead of decrease. Not what anybody should want if they have a choice.

I hope that it is clear now, what a dangerous piece of crap this is, which Boeing tried to foist off on the public and only got caught because they killed more than 300 unsuspecting people with it.

Re:Pilot could not just pull back the stick

[bobby]

Yes, I've been reading about this for 2 weeks and I fully get it. I've flown a bit so I understand maybe a bit more than the average person who has never piloted an airplane.

From what I've been reading here and other sources, from actual commercial pilots, is that every plane has its own specific handling characteristics. Under-wing engines always create rotation force, and the MAX has even more. The point being, yes, we want pilots that are trained on and used to a particular aircraft, but any pilot should be able to handle the concepts and adapt.

My point is, if I'm piloting a 737 MAX and I increase thrust, I'm going to know the plane is pitching up, and I'm going to
compensate. Even the simplest small plane has an altimeter, artificial horizon, and likely many more (airspeed, stall warning, vertical speed, etc.) so I'll know I'm climbing. If a plane is pitching up, as a pilot I know to push on the yoke to level myself out. Most basic flying lesson first few minutes- keep it level, unless you mean to climb or descend.

Let's please not argue here. I don't participate in these online discussions much (recently more than most of my life) because people will argue up a storm, based on their imaginations. I'll do some research and get real commercial pilots to weigh in.

No matter the outcome, my hope and preference would be that pilots are able to sense and adapt and control the plane. In fact there have been many reported and unreported cases of MAX planes trying to kill humans, and the pilots disabling ALL trim electrics, which forces the pilots to adapt to the plane, and they did so successfully. The Lion Air 737 had a major MCAS problem the day before but an off-duty pilot knew to switch it off and they handled the plane manually. Mind boggling that something major wasn't done then. Infinitely more mind boggling that something wasn't done after that crash.

Maybe software can't fix it?

What a damn mess is all I can. So as a pilot you deal with a badly designed aircraft that has handling issues, which were addressed with software that fights you in deciding how to keep the aircraft in flight. Its like having two people try to drive a car at the same time.

Re: Propaganda is Working

Sounds like someone is shorting Boeing.
Fine by me. I set straddles whenever enough of you nutters try to crash a stock. You may not move it much or for long, but I'll still get to skim your profits and leave you with the costs and potential fraud liabilities.

Well, not your profits, you don't have any. But your master's.

Re:You're going to win again, Mr. President!

[Hognoxious]

Only 8?

Re: Propaganda is Working

Shrill? Bare you retarded?

An old lightbulb joke

[Michael+Woodhams]

How many hardware engineers does it take to change a light bulb?
None - we'll fix it in software.

How many software engineers does it take to change a light bulb?
None - we'll document a workaround.

How many tech writers does it take to change a light bulb?
None - the user can figure it out.

So in this case we have:

How many hardware engineers does it take to not crash an airplane with a faulty sensor?
None - we'll detect and avoid it in software.

How many software engineers does it take to not crash an airplane with a faulty sensor?
None - the pilots can be trained to disable the auto-trim mechanism.

How many trainers does it take to not crash an airplane with a faulty sensor?
None - the pilots can figure it out.

How many pilots who have no idea why the plane is reacting as it is does it take to crash an airplane with a faulty sensor?
None - the plane will do it for them.

(No, this isn't meant to be funny.)

Ask Alan Turing

[wombatmobile]

The reason aircraft software should always be able to be overriden by the pilot is that software can never be proven to work as specified.

In computability theory, the halting problem is the problem of determining, from a description of an arbitrary computer program and an input, whether the program will finish running (i.e., halt) or continue to run forever.

Alan Turing proved in 1936 that a general algorithm to solve the halting problem for all possible program-input pairs cannot exist.

Re:Ask Alan Turing

Yet the halting problem can be solved for some program-input pairs.

And this possibility is actually a reality.

Also, it is possible to prove that software works as specified.

And this is done daily.

Re:Ask Alan Turing

Yet the halting problem can be solved for some program-input pairs.
And this possibility is actually a reality.

Your answer is incomplete compared to what the GP said. "A general algorithm to solve the halting problem for all possible program-input pairs cannot exist." Besides, a general algorithm may very unlikely solve the halting problem if both values in the input-pair are defective.

Also, it is possible to prove that software works as specified.

Proving that a software works as specified DOES NOT prove that the software is working CORRECTLY. Besides, a software can work correctly in most cases if and only if certain conditions are met. In this case, the input is faulty and that cause the software to output incorrect result.

Re:Ask Alan Turing

[thegarbz]

The reason aircraft software should always be able to be overriden by the pilot is that software can never be proven to work as specified.

So the answer is to hand control to people who have repeatedly over the past 100 years shown to make stupid decisions against the advice of software and cause planes to drop out of the sky?

You're applying computational theory without actually considering the single most important factor: The probably of failure at any given time. And that my friend, for a well designed system (which this is not), is several orders of magnitude better than any human could achieve. This is the reason we have safety systems in the first place.

Re:Propaganda is Working

MCAS still only controls the trim. The quick temporary solution is to tag the breaker so it's easier and faster to find. And the GP is right, all the recent fatal airline crashes are happening with third world airlines and/or with crazy mixed up international crews that barely understand each other. The real problem is cultural. Boeing's design is defective, but needn't result in catastrophe. Simple competence would have saved the day. Look through all the squawk sheets over the last year or two. You will see lots of write ups on the system, pulled the breaker, landed, ground check ok, sign the fucker off, rinse, repeat... The Indonesian and African crews pray to Allah, and everybody blames big bad Boeing! That's fucked up

Wordplay

The "MAX" in 737 Max is code for the aircraft being a substandard POS.

  Kind of like Windows 10 "S" means you are getting a badly crippled, junk version of Windows 10.

If it's a Boeing I ain't going!

n/t

Re:Propaganda is Working

Blame Boeing
Fuck Yeah

Its a super reliable sensor so we can do anything we want!
Fuck the artificial horizon
Fuck the GPS
Fuck the pilots
Fuck the terrain radar
Deliberately driving a plane into the ground in order to avoid the ground is as dumb as fuck

Dear Pilot -
We are going to point the plane at the ground
You have 30 seconds to figure out what is wrong and pop the right circuit breaker
We aren't going to give you any info at all let alone a light hidden among lots of other lights
we are just going to point the the plane at the ground come what may
Opps too late - every one is dead - its not the planes fault - its your fault for not being fast enough

Bullshit
0.1% pilot 99.9% incompetent plane designers.

Even if this one is fixed, what other short cuts have the idiots at Boeing taken ????

Re:Propaganda is Working

Ethiopians are Christians you racist knobhead

You just reposted your own comment from 5 days ago

https://slashdot.org/comments.... you lazy tosser.

And you didn't answer my questions: https://slashdot.org/comments....

This release cycle made me distrust boeing

[plague911]

Honestly the whole 737 scandal only raised a little concern. You make products for long enough one will crash and burn. Thinking that you can actually design, produce, and QA, and begin delivering a solution which lives depended in a matter of weeks, is a institutional cultural problem that will take a major effort to overhaul. Agile has its uses, this is a abomination of what looks to be a corporations attempt at it.

Re:Propaganda is Working

[AlwinBarni]

Agree, what a screw up it is, just today I read about the latest accident, that MCAS was engaged several times just before the crash even after it had been deactivated.

Always fond of Boeing, fully aware that nobody's perfect (Airbus also had their issues with overriding pilots decisions - yet not on such a scale), honestly have to say that this crack in their reputation cannot be easily repaired.

Finally about the way it was handled: FAA let Boeing engineers verify their own work, reports about MCAS problems were coming long before accidents, but it took 2 crashes and hundreds lost lives to do something about it - disgusting - and the whole reason for MCAS was to make the new plane feel like the old one, because they didn't bother to properly design it.

Re: Propaganda is Working

*bear you

Any Competent Pilot...

...would simply disable that computer driven bullshit system and simply set the trim appropriately.

What Was The Old Saying?

Aviation gets better, one crash at a time.

Re:Propaganda is Working

Lol you're a piece of work flyover retard :)
Ethiopian is a very good company dumbass, if your weren't so focused on inbreeding in your shitty 'murica you would realize this :)
It's probably better than most US airlines :)

Re:Propaganda is Working

Same difference. They're all superstitious primitives. They can barely drive a donkey cart. They have no business operating an airliner.

Re:Propaganda is Working

You don't get it. The only people that had a problem are the third worlders. Nobody else crashed the plane because they knew how to handle a relatively minor issue. Pilot error played a big part. It's that simple. So you can stop with all that SJW crap.

Re:Propaganda is Working

The problem is not African donkey cart drivers being pilots, the problem is fat American beer guzzlers designing crap planes.

Re:Propaganda is Working

The donkey cart drivers are the only ones that have crashed the plane. You have to take that into account. All recent airline crashes, not just these, are in third world countries. The cause is obvious, but nobody is allowed to address it, so more people are going to die for this very reason. We are compromising safety for profit and politics.

Re:You're going to win again, Mr. President!

Stupid euroserf doesn't get term limits.

You're the miniscule fuckup

The fuck up here is miniscule.

Cutting corners and not telling the pilots what's going on in their own aircraft, all to save a few bucks and kill hundreds of people. Is not a miniscule fuckup