Page 9 of 12 FirstFirst ... 7891011 ... LastLast
Results 241 to 270 of 333

Thread: Lion Air Flight 610 Crash

  1. #241
    Join Date
    Apr 2011
    Location
    Norfolk UK and some of me is in Northern France
    Posts
    8,544
    Quote Originally Posted by Trebuchet View Post
    Just watched that. Very good, other than his annoying editing.

    I'm the guy that shrunk the wheels. Damn.
    were they directly linked to the tabs or servo powered?
    sicut vis videre esto
    When we realize that patterns don't exist in the universe, they are a template that we hold to the universe to make sense of it, it all makes a lot more sense.
    Originally Posted by Ken G

  2. #242
    Join Date
    Aug 2005
    Location
    NEOTP Atlanta, GA
    Posts
    2,776
    Quote Originally Posted by profloater View Post
    were they directly linked to the tabs or servo powered?
    The manual trim system controls the stabilizer through cables. These diagrams show the cables, tail section and relevant bits:

    https://leehamnews.com/wp-content/up...ch-control.png

    https://cimg0.ibsrv.net/gimg/pprune....c01473aabe.png
    Last edited by schlaugh; 2019-May-31 at 09:54 PM.

  3. #243
    Join Date
    Apr 2011
    Location
    Norfolk UK and some of me is in Northern France
    Posts
    8,544
    Quote Originally Posted by schlaugh View Post
    The manual trim system controls the stabilizer through cables. These diagrams show the cables, tail section and relevant bits:

    https://leehamnews.com/wp-content/up...ch-control.png

    https://cimg0.ibsrv.net/gimg/pprune....c01473aabe.png
    Thank you for that. It confirms how old the basic 737 design is.
    sicut vis videre esto
    When we realize that patterns don't exist in the universe, they are a template that we hold to the universe to make sense of it, it all makes a lot more sense.
    Originally Posted by Ken G

  4. #244
    Join Date
    Jun 2004
    Location
    The Great NorthWet
    Posts
    14,424
    Quote Originally Posted by Ken G View Post
    Seriously? I bet you never envisioned the MCAS though.
    Yes, seriously, and for exactly the reason described by Juan Brown. The old wheels didn't actually interfere with the panel structure, but were close enough to create a pinch point.

    The 737 is capable of what's called "manual reversion". Unlike any other modern largish airliner, the controls are physically linked to the surfaces and you can fly it with no hydraulics at all. That enable the plane to get by with only two hydraulic systems instead of three as on other models. (The A380 also has only two but has electrically powered actuators in some locations.) If you turn the wheel on a completely powered down airplane, the ailerons will move. And if you turn the trimwheel, the stabilizer will move.
    Cum catapultae proscriptae erunt tum soli proscript catapultas habebunt.

  5. #245
    Join Date
    Feb 2010
    Posts
    739
    This New York Times article (dated today), assuming it's accurate, answers a lot of questions re how Boeing came to deploy (and the FAA to certify) the defective 737MAX, "Boeing Built Deadly Assumptions Into 737 Max, Blind to a Late Design Change".

    Despite the obvious failures, I doubt that any heads will roll ...

  6. #246
    Join Date
    Jun 2004
    Location
    The Great NorthWet
    Posts
    14,424
    Quote Originally Posted by Jean Tate View Post
    Despite the obvious failures, I doubt that any heads will roll ...
    And if they do, they won't be the right ones.
    Cum catapultae proscriptae erunt tum soli proscript catapultas habebunt.

  7. #247
    Join Date
    Mar 2007
    Location
    Falls Church, VA (near Washington, DC)
    Posts
    8,652
    This looks like a long term accumulation of institutional bad habits involving shortcuts and fragmented internal communication. My educated guess is that it will take about two years or so of orderly, intensive company-wide training and indoctrination to put things right. I base this guess on what appears to have been an analogy in the Santa Fe Railroad back in 1956. There were two major passenger train disasters with a total of 50 fatalities. An in-depth investigation revealed that the company mindset had drifted away from the old adage, "There is only one way to do your job. You do it the right way." They had lapsed into taking shortcuts to save a bit of time here and there, with deadly results. My guess is that the trend started during the crunch time during World War II to keep the trains moving in a colossal increase of traffic, and persisted after the war. The investigators reported that after a couple of years of remedial training and indoctrination, the company had restored the gold standard of safety consciousness that had prevailed before the war.

  8. #248
    Join Date
    Apr 2011
    Location
    Norfolk UK and some of me is in Northern France
    Posts
    8,544
    There has been a good habit of simulation in aircraft design and in pilot training. I saw at Duxford air museum just last week, a simulator used during the WW2 pilot training (for instrument only flying in that case) and the questions I would like to see put to the FAA are about these now imfamous changes to the 737 plus the simulation of predictable situations which can not have been done in introducing the Max versions. It does seem to me these two crashes were preventable with known techniques which really should have been applied and reported to, or by, the FAA. If there has accumulated a bad habit of not simulating a change plus testing obvious failure situations, then that's a very bad habit which must stop.
    sicut vis videre esto
    When we realize that patterns don't exist in the universe, they are a template that we hold to the universe to make sense of it, it all makes a lot more sense.
    Originally Posted by Ken G

  9. #249
    Join Date
    Apr 2011
    Location
    Norfolk UK and some of me is in Northern France
    Posts
    8,544
    addendum, the NYT article mentions the change to simulators from test flights but emphasises that the simulators did not reproduce the MCAS and failure of the sensor was not tested. How did that happen? Not by a series of assumptions but by not insisting on a full simulation of the final design. It would have cost time and millions of dollars but one 737 costs in excess of 100 million dollars, having a crash that arguably could be prevented costs billions of dollars.
    sicut vis videre esto
    When we realize that patterns don't exist in the universe, they are a template that we hold to the universe to make sense of it, it all makes a lot more sense.
    Originally Posted by Ken G

  10. #250
    Join Date
    Feb 2010
    Posts
    739
    There are many quotables in the NYT piece; here's one:

    "The company also played down the scope of the system to regulators. Boeing never disclosed the revamp of MCAS to Federal Aviation Administration officials involved in determining pilot training needs, according to three agency officials. When Boeing asked to remove the description of the system from the pilot’s manual, the F.A.A. agreed. As a result, most Max pilots did not know about the software until after the first crash, in October."

    But perhaps the most jarring is the two paras which follow:

    "Boeing has no higher priority than the safety of the flying public,” a company spokesman, Gordon Johndroe, said in a statement.

    He added that Boeing and regulators had followed standard procedures. “The F.A.A. considered the final configuration and operating parameters of MCAS during Max certification, and concluded that it met all certification and regulatory requirements,” Mr. Johndroe said.
    "

    If Boeing has no higher priority, how did the two 737MAXs crash? At least part of the answer to that question is that, in practice, Boeing did (and still does, most likely) a really awful job of turning its highest priority into SOPs, internal culture, etc.

    I'm sure there must be more context, but this left me astonished:

    "Technical pilots at Boeing like him previously flew planes regularly, two former employees said. “Then the company made a strategic change where they decided tech pilots would no longer be active pilots,” Mr. Ludtke said.

    Mr. Forkner largely worked on flight simulators, which didn’t fully mimic MCAS.
    "

  11. #251
    Join Date
    Oct 2005
    Posts
    26,633
    Quote Originally Posted by Jean Tate View Post
    "[I]“Boeing has no higher priority than the safety of the flying public,” a company spokesman, Gordon Johndroe, said in a statement.
    Yes, that's what I find jarring as well, I've seen similar words from both Boeing and FAA. Had they said that somehow their normal devotion to safety got superceded in this case, and they are investigating how that happened and how to set it right, I would have been much more comfortable with the situation. But to make those claims in this situation shows that they have somehow come to believe that simply saying the words will somehow protect their aircraft and passengers. This is a very disturbing trend in the US lately, many people in positions of authority are buying off on the idea that truth no longer matters, only words matter. You just say whatever you want to be true, and it's enough. It's what Orwell anticipated, "wrong is right." Nothing could be more opposite from the scientific mentality, which holds instead that nature will have her say no matter what words come out of the mouths of authority. Dedication to safety is not an ideology, it shows not in minds or mouths, it shows in actions. Let us hope that this does not need to be repeated too many times more.

  12. #252
    Join Date
    Mar 2007
    Location
    Falls Church, VA (near Washington, DC)
    Posts
    8,652
    If they are sincere about safety first, they appear to be in denial about doing a poor job of carrying it out. If this isn't collective self-brainwashing, I don't know what it is.

  13. #253
    Join Date
    Apr 2011
    Location
    Norfolk UK and some of me is in Northern France
    Posts
    8,544
    yes this is a deterministic system, the software can be dumped into a simulator and the whole linkage with actuators and limits is mostly already modelled in the 737max simulator, so then running a take off or a high speed manoevre with a sensor failure (just one regularly damaged sensor !) is not a difficult exercise, even given all the other scenarios that are tested. Even if they thought it was minor, which with hindsight we see was not minor, they had a duty to test it in simulation.
    sicut vis videre esto
    When we realize that patterns don't exist in the universe, they are a template that we hold to the universe to make sense of it, it all makes a lot more sense.
    Originally Posted by Ken G

  14. #254
    Join Date
    Jun 2004
    Location
    The Great NorthWet
    Posts
    14,424
    Simulators are far from perfect.

    In 1991, Lauda Air 004 crashed due to an in-flight thrust reverser deployment. Niki Lauda (RIP) went and flew in a simulator and found it survivable:
    As evidence started to point towards the thrust reversers as the cause of the accident, Lauda made simulator flights at Gatwick Airport which appeared to show that deployment of a thrust reverser was a survivable incident. Lauda said that the thrust reverser could not be the sole cause of the crash.[19] However the accident report states that the "flightcrew training simulators yielded erroneous results"[4] and stated that recovery from the loss of lift from the reverser deployment "was uncontrollable for an unexpecting flight crew"
    Boeing then updated the simulator model based on current aero data, and he went and visited:
    Lauda stated, "what really annoyed me was Boeing's reaction once the cause was clear. Boeing did not want to say anything."[18] Lauda asked Boeing to fly the scenario in a simulator that used different data as compared to the one that Lauda had performed tests on at Gatwick airport.[21] Boeing initially refused, but Lauda insisted, so Boeing granted permission. Lauda attempted the flight in the simulator 15 times, and in every instance he was unable to recover. He asked Boeing to issue a statement, but the legal department said it could not be issued because it would take three months to adjust the wording. Lauda asked for a press conference the following day, and told Boeing that if it was possible to recover, he would be willing to fly on a 767 with two pilots and have the thrust reverser deploy in air. Boeing told Lauda that it was not possible, so he asked Boeing to issue a statement saying that it would not be survivable, and Boeing issued it. Lauda then added, "this was the first time in eight months that it had been made clear that the manufacturer [Boeing] was at fault and not the operator of the aeroplane [or Pratt and Whitney]."[18]
    I spent a LOT of time on implementing the subsequent modifications.
    Cum catapultae proscriptae erunt tum soli proscript catapultas habebunt.

  15. #255
    Join Date
    Apr 2011
    Location
    Norfolk UK and some of me is in Northern France
    Posts
    8,544
    Quote Originally Posted by Trebuchet View Post
    Simulators are far from perfect.

    In 1991, Lauda Air 004 crashed due to an in-flight thrust reverser deployment. Niki Lauda (RIP) went and flew in a simulator and found it survivable:


    Boeing then updated the simulator model based on current aero data, and he went and visited:

    I spent a LOT of time on implementing the subsequent modifications.
    But, those quotes show that the modified simulator reproduced the crash. The Sully film also showed simulation, with the 38 ? Second pause, confirmed the decision to ditch. the physical action of the MCAS system with a faulty input is surely deterministic, perhaps with a similar pause to allow for pilot decision time. It is admitted that the 737 max simulator did not reproduce the MCAS system even after it was extended into low speed stall situations, following actual test flights where low speed stall chics. worried the test pilots. (According to the nyt article)
    sicut vis videre esto
    When we realize that patterns don't exist in the universe, they are a template that we hold to the universe to make sense of it, it all makes a lot more sense.
    Originally Posted by Ken G

  16. #256
    Join Date
    Feb 2005
    Posts
    11,496
    Quote Originally Posted by Trebuchet View Post
    The 737 is capable of what's called "manual reversion". Unlike any other modern largish airliner, the controls are physically linked to the surfaces and you can fly it with no hydraulics at all.
    That's good.


    More problems:
    https://www.npr.org/2019/06/03/72918...lty-wing-parts

  17. #257
    Join Date
    Aug 2005
    Location
    NEOTP Atlanta, GA
    Posts
    2,776
    Yeah Boeing can't win for losing. This time it's a supplier who owns the issue, and which is viewed as troublesome but probably not going to bring down an aircraft:

    Though the problem is not considered something that could lead to a crash, Boeing is contacting airlines that own the 737s in question, and the FAA has issued an air worthiness order directing airlines to immediately inspect the aircraft.

    Boeing and the FAA say some slats on the leading edge of the wing on some 737s may have been manufactured improperly by a Boeing supplier and could develop premature cracks.

    The FAA says none of the parts have failed, and even a complete failure would not result in the loss of an aircraft — but it could damage a plane in flight and the agency is therefore issuing the air worthiness directive.
    If not for the MCAS debacle this story would have been buried on page 6.

  18. #258
    Join Date
    Aug 2005
    Location
    NEOTP Atlanta, GA
    Posts
    2,776
    I had not heard of this before. Sound familiar?

    After detailed forensic analysis of the FDR data, the flight control primary computer (FCPC) software and the air data inertial reference unit (ADIRU), it was determined that the CPU of the ADIRU corrupted the angle of attack (AOA) data. The exact nature was that the ADIRU CPU erroneously relabelled the altitude data word so that the binary data that represented 37,012 (the altitude at the time of the incident) would represent an angle of attack of 50.625 degrees. The FCPC then processed the erroneously high AOA data, triggering the high-AOA protection mode, which sent a command to the electrical flight control system (EFCS) to pitch the nose down.[23]
    .
    .
    The ATSB's final report, issued on 19 December 2011, concluded that the incident "occurred due to the combination of a design limitation in the flight control primary computer (FCPC) software of the Airbus A330/Airbus A340, and a failure mode affecting one of the aircraft's three air data inertial reference units (ADIRUs). The design limitation meant that, in a very rare and specific situation, multiple spikes in angle of attack (AOA) data from one of the ADIRUs could result in the FCPCs commanding the aircraft to pitch down."[23]
    Qantas Flight 72, October 2008 with 119 injuries, 14 serious.

  19. #259
    Join Date
    Mar 2007
    Location
    Falls Church, VA (near Washington, DC)
    Posts
    8,652
    Quote Originally Posted by Hornblower View Post
    Last night I picked the brain of a recently retired systems engineer who has worked on software projects of similar magnitude and complexity. I asked him about having the computer doing the cross check I described above. He said yes indeed, but reminded me that it is complex and must not be rushed into production. He said it is entirely possible that there are other bugs lurking there that have not caused trouble so far, but could turn around and bite you if you do not do exhaustive testing after making the revision. If that takes six months or more, so be it. He agreed that it was unfair to blame the pilots for the missed opportunities under the circumstances.
    I just checked some online news, and it appears that I can paraphrase the various officials as saying something like, "This will take as long as it takes to get it right." Now they do not appear to have possibly false hopes of resolving this in the next few weeks.

  20. #260
    Join Date
    Feb 2010
    Posts
    739
    Boeing CEO Admits Mistake In 737 MAX Communication (from NPR):

    Boeing Chief Executive Officer Dennis Muilenburg says the company should have been more transparent with regulators and the public when Boeing discovered a safety light was not operating as designed.

    [...]

    "We clearly fell short in the implementation of the AOA disagree alert and we clearly should have communicated better with our regulators and the airlines," Johndroe said in an interview by phone from Paris.
    And so, over 300 people died.

  21. #261
    Join Date
    Aug 2005
    Location
    NEOTP Atlanta, GA
    Posts
    2,776
    Quote Originally Posted by Jean Tate View Post
    Boeing CEO Admits Mistake In 737 MAX Communication (from NPR):



    And so, over 300 people died.
    They didn't die because of a missing disagree alert but because MCAS was badly implemented. Thousands of aircraft have flown for years and millions of miles without an AoA disagree alerts.

  22. #262
    Join Date
    Sep 2004
    Posts
    3,199
    Boeing apologizes. Will this help lawsuits moving against it?

    https://phys.org/news/2019-06-boeing-max-renewed.html

  23. #263
    Join Date
    May 2007
    Location
    Earth
    Posts
    10,250
    Quote Originally Posted by Roger E. Moore View Post
    Boeing apologizes. Will this help lawsuits moving against it?

    https://phys.org/news/2019-06-boeing-max-renewed.html
    No; it doesn't absolve them of a tort.
    Information about American English usage here and here. Floating point issues? Please read this before posting.

    How do things fly? This explains it all.

    Actually they can't: "Heavier-than-air flying machines are impossible." - Lord Kelvin, president, Royal Society, 1895.



  24. #264
    Join Date
    Sep 2004
    Posts
    3,199
    Quote Originally Posted by swampyankee View Post
    No; it doesn't absolve them of a tort.
    I'm sorry, what I meant was, Boeing's admission of responsibility for the disasters will aid the lawsuits against it. Boeing's going to take a huge hit.

  25. #265
    Join Date
    Mar 2007
    Location
    Falls Church, VA (near Washington, DC)
    Posts
    8,652
    I cannot read the minds of the plaintiffs, their attorneys, judges or juries. I only know my own feelings. If I sensed that Boeing was sincerely caring and apologetic I might be more inclined to join a class action and maybe seek a settlement. If they still came across a callous I might be more inclined to go for broke in a jury trial and seek punitive damages. I don't think there is any doubt now that the company was negligent. Of course we could all be surprised by what eventually happens in a courtroom.

  26. #266
    Join Date
    Aug 2005
    Location
    NEOTP Atlanta, GA
    Posts
    2,776
    IMO, which is not worth the photons needed to display this note, the apology will likely have no effect, good or bad. It might help a tiny bit in a punitive damages case but it means nothing in actual damages litigation. Anyway, my guess is they will settle lawsuits out of court. What difference would the apology make then?

    I would be surprised if a class action case is filed. Those are usually aimed at large numbers of people.

  27. #267
    Join Date
    Apr 2011
    Location
    Norfolk UK and some of me is in Northern France
    Posts
    8,544
    In a bbc report the question of the high speed was aired. It meant the manual trim was impossible though aerodynamic forces but the pilots faced a dilemma. Normally high thrust lifts the nose, lowering thrust would dip an already diving aircraft. If they had known about the AoA mismatch early, they could have throttled back, switched the electric actuators off and manually trimmed but otherwise a dipping nose would be corrected by thrust. Horrible dilemma.
    sicut vis videre esto
    When we realize that patterns don't exist in the universe, they are a template that we hold to the universe to make sense of it, it all makes a lot more sense.
    Originally Posted by Ken G

  28. #268
    Join Date
    Feb 2010
    Posts
    739
    Quote Originally Posted by schlaugh View Post
    Quote Originally Posted by Jean Tate
    Boeing CEO Admits Mistake In 737 MAX Communication (from NPR):

    Boeing Chief Executive Officer Dennis Muilenburg says the company should have been more transparent with regulators and the public when Boeing discovered a safety light was not operating as designed.

    [...]

    "We clearly fell short in the implementation of the AOA disagree alert and we clearly should have communicated better with our regulators and the airlines," Johndroe said in an interview by phone from Paris.
    And so, over 300 people died.
    They didn't die because of a missing disagree alert but because MCAS was badly implemented. Thousands of aircraft have flown for years and millions of miles without an AoA disagree alerts.
    Indeed.

    I should have quoted more from the article, such as this (my bold):

    In his comments, Muilenburg referred to a safety feature connected to the sensors that feed into the MCAS software. The software would trigger when the plane was flying at an angle that might make a stall likely. Boeing designed a warning light to alert pilots when the two "angle of attack" sensors disagreed, which could mean MCAS would be triggered incorrectly.

    The light was supposed to be standard on all versions of the MAX; however, in practice, it only worked on planes with other safety features that airlines bought for extra cost.

    NPR's Laurel Wamsley has reported that Boeing knew the AOA disagree alert malfunctioned before the Lion Air crash.

    Muilenburg conceded that engineers learned in 2017 that the alert light did not work as intended, and he said he was "disappointed" Boeing did not work to make the information more public, The Wall Street Journal reports.
    My summary (not just from this article):
    - Boeing knew, from the day they let it loose on 737 MAX pilots, that MCAS took data from just one AOA sensor
    - Boeing did not require 737 MAX pilots to be trained on how to deal with MCAS; indeed, many pilots were never informed of the existence of MCAS
    - the FAA certified that this was perfectly OK
    - the AOA disagree light was installed on only some 737 MAXs
    - Boeing knew, well in advance of the Lion Air crash, that the AOA disagree alert "malfunctioned"
    - (reading between the lines) Boeing did not inform the FAA (or any equivalent) of any of this

    As a result, over 300 people died.

  29. #269
    Join Date
    Oct 2005
    Posts
    26,633
    What I still don't understand is why they designed the MCAS so you literally have to disable the automated control of the stabilizers in order to stop MCAS from activating. What on Earth is the advantage of that idea? Shouldn't it have been simply possible to flip a switch that blocked MCAS from activating its stall-prevention protocol, while having no other effect whatsoever? Isn't that completely obvious? If I'm a pilot, and I know my plane is not in danger of stalling and I don't want MCAS to fly me into the ground, I want to be able to pre-empt MCAS from taking over control of my stabilizers, but I don't want any other effect whatsoever of that pre-emption, I want to be left to fly my plane. I realize that pilot error is the whole point of MCAS, but since the entire philosophy is to help pilots "feel like" they are flying an NG instead of a MAX, this entire philosophy is predicated on the idea that the pilots will never even really know that MCAS is activating, and so they will certainly never have any reason to pre-empt it. So, it follows logically, that in any situation where the pilot has consciously chosen to pre-empt MCAS, they will have a darn good reason. Given this rather obvious fact, why would they ever want to design the MCAS so you had to sacrifice some of your own stabilizer control any time you make the conscious choice to keep MCAS from taking over stabilizer control? I literally cannot see any sensible reason for that design choice.

    This is all related to the apparent fact that it seems that the Ethiopian Air flight could have been saved quite easily if either of these things had held:
    1) the pilots can turn off MCAS without affecting stabilizer control in any way, OR
    2) the pilots can turn off MCAS when it is about to take over stabilizer trim, and then turn it back on and it would wait its normal 9 minutes before starting to trim the stabilizers, rather than doing so immediately.
    Either of those design choices would have been perfectly consistent with a recognition that pilots might want to be able to decide MCAS is malfunctioning. It's as though the designers never even considered the possibility that a system that relies entirely on a single sensor could possibly malfunction. How could any aircraft engineers be that stupid? I don't think they could be, I think they must simply have been told to put up and shut up. So there's the smoking gun in the court case-- the engineer with a whistle to blow, who said that a AoA sensor malfunction at low altitude could put the plane in a dangerous position that is not well accomodated in the current design. It is completely obvious to anyone who understands the way MCAS is designed that this will be true, so there has to be at least one engineer that pointed this out at some point, and not only was not heeded, they were downright suppressed. My guess is, that engineer is having some very sleepless nights about what to do about it at this point.
    Last edited by Ken G; 2019-Jun-19 at 05:22 AM.

  30. #270
    Join Date
    Feb 2010
    Posts
    739
    My bold.

    Quote Originally Posted by Ken G View Post
    What I still don't understand is why they designed the MCAS so you literally have to disable the automated control of the stabilizers in order to stop MCAS from activating. What on Earth is the advantage of that idea? Shouldn't it have been simply possible to flip a switch that blocked MCAS from activating its stall-prevention protocol, while having no other effect whatsoever? Isn't that completely obvious? If I'm a pilot, and I know my plane is not in danger of stalling and I don't want MCAS to fly me into the ground, I want to be able to pre-empt MCAS from taking over control of my stabilizers, but I don't want any other effect whatsoever of that pre-emption, I want to be left to fly my plane. I realize that pilot error is the whole point of MCAS, but since the entire philosophy is to help pilots "feel like" they are flying an NG instead of a MAX, this entire philosophy is predicated on the idea that the pilots will never even really know that MCAS is activating, and so they will certainly never have any reason to pre-empt it. So, it follows logically, that in any situation where the pilot has consciously chosen to pre-empt MCAS, they will have a darn good reason. Given this rather obvious fact, why would they ever want to design the MCAS so you had to sacrifice some of your own stabilizer control any time you make the conscious choice to keep MCAS from taking over stabilizer control? I literally cannot see any sensible reason for that design choice.

    This is all related to the apparent fact that it seems that the Ethiopian Air flight could have been saved quite easily if either of these things had held:
    1) the pilots can turn off MCAS without affecting stabilizer control in any way, OR
    2) the pilots can turn off MCAS when it is about to take over stabilizer trim, and then turn it back on and it would wait its normal 9 minutes before starting to trim the stabilizers, rather than doing so immediately.
    Either of those design choices would have been perfectly consistent with a recognition that pilots might want to be able to decide MCAS is malfunctioning. It's as though the designers never even considered the possibility that a system that relies entirely on a single sensor could possibly malfunction. How could any aircraft engineers be that stupid? I don't think they could be, I think they must simply have been told to put up and shut up. So there's the smoking gun in the court case-- the engineer with a whistle to blow, who said that a AoA sensor malfunction at low altitude could put the plane in a dangerous position that is not well accomodated in the current design. It is completely obvious to anyone who understands the way MCAS is designed that this will be true, so there has to be at least one engineer that pointed this out at some point, and not only was not heeded, they were downright suppressed. My guess is, that engineer is having some very sleepless nights about what to do about it at this point.
    As I understand it, part of this is now a bit clearer.

    For example, there was considerable "scope creep" in MCAS; initially a failure due to a sensor malfunction was not considered because "sensor input" was not part of the original specs (or something like that). When the scope was expanded, the initial design team was not informed.

    The initial specs called for the AOA disagree light to be a standard feature, but later it was changed and no one important was informed (not even the FAA apparently). There was the view that experienced pilots could overcome a rogue MCAS (e.g. acting on erroneous sensor data) without needing to know that it was MCAS messing with them, so no need to tell pilots of the existence of MCAS; I think the FAA may have explicitly signed off on this. The testing that was done - on MCAS in a real plane - was for scenarios quite different from those the Lion Air pilots had to deal with. At the time the test pilots were unaware of any "sensor failure" scenario, so no surprise that they didn't test it.

    There was (though I'm much less sure of this) also a scope change in how aggressively MCAS would act: initially its actions would be both obvious and relatively mild, later it was given the power to attempt to over-ride the pilots much more frequently and violently (in terms of what it would feel like in the cockpit).

    I'm now a long way from software development, testing, and project management, but the sorts of things Boeing did surely violated a great many basic cannons of "best practice". A separate failure is the FAA's (and in hindsight other regulatory/certification agencies): given the known havoc "bad" software systems can have, why were they so relaxed about accepting what Boeing told them about MCAS?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •