737 Max

On Tuesday, March 19, 2019 at 8:03:43 AM UTC-4, snipped-for-privacy@downunder.com wrot e:

g
r
l

he MCAS design even when the actual failure was in the AoA sensor.

Then your issue is with the aviation industry, not just Boeing.

It's not like the airplane jettisoned the fuel or stopped the engines or so mething else that would pretty much be unstoppably fatal. The AoA sensor f ailed BEFORE take off, the MCAS responded in a dangerous way and the pilots failed to handle the situation appropriately.

Yes, there are other things they can do in the MCAS to help minimize the ch ances of this happening again.

The Seattle Times seems to have their finger on the pulse of this for obvio us reasons. In fact, they filed paperwork with Boeing and the FAA about th is issue four days before the second accident. Interesting...

formatting link
crash/

suspect the airplane was not flyable.

"It"??? "It" was consistent. The AoA failed and the MCAS operates badly w hen that happens... consistently. I think I'm missing your point.

The training should be up to snuff on ALL pilots and all flights. Why shou ld a lack of training be tolerated and more than the operation of the plane ???

I believe the co-pilot is trained to fly the plane. No? That's his purpos e.

airport. Had these pilots been on top of their game there is no reason to suspect they could have not also done the same thing. We will know more o nce the accident report is made public.

Test pilot??? You are in another universe. EVERY pilot in the cockpit sho uld be able to fly the plane or he shouldn't be there.

g
.

apable of "crashing the airplane" unless the pilot is not aware of what is happening. The pilots can compensate for the MCAS or turn it off.

-air-crash/

:

to

e

utomated control. There are two of these sensors, but there seems to be no sanity checking.

use of the MCAS and we have seen in the reporting that there are instructio ns on what to do to deal with the MCAS not working right. So clearly they did plan for this eventuality.

By system you mean pilot? All they had to do was look at the other AoA sen sor. I don't recall the details of the Lion Air flight, but a flight that crashed because of a faulty air speed indication from a clogged pitot tube (faulty ground maintenance was suspected) showed the pilot wrong numbers an d he asked the co-pilot to call out from his air speed indicator. Once off the ground the pilot's indicator increased the reading and he started to t rust it rather than read the other TWO indicators where he could have picke d two our of three that agreed.

There are only two AoA sensors, but your third is what you see from the win dow. If you see ground in front of you, your angle of attack mostly likely is not too positive.

urn off the MCAS???

t.

out a rational discussion?

His arguments are flawed for several reasons, the biggest one being that we don't have the accident report yet. But my comment was not about his argu ment, but his language. "dangerous automatic safety system" is just fear m ongering. Another flaw in his argument is that by the aviation rules havin g a disable switch *is* an acceptable way to mitigate the possibility of th e MCAS malfunctioning. Ask the aviation industry. I'm pretty sure they ha ve fairly similar rules across the globe or international air travel would be very, very difficult.

a

an

Yes, apparently not and this is something I expect will be addressed regard less of the ultimate cause of the crashes. I'm not so certain that turning the system off is appropriate. In reality they should have three sensors so the system has an idea of what is right.

re. They shut them down. They have many circuit breakers through out the cabin to turn off malfunctioning equipment. This is standard procedure.

The plane doesn't start out "pogos up and down". It starts putting the nos e down and the pilot corrects with a thumbwheel. The process repeats, mult iple times before the plane goes into a dive. The pilot should immediately know the MCAS needs to be turned off in addition to other potential causes . This is clearly explained in the article linked above.

But why did it get to that point? Why didn't the pilot notice the AoA read ing was bogus???

e.

You need to remember that this system isn't "controlling" the airplane. It is trimming the elevator. The pilot can override it and if the MCAS conti nues to do the same thing repeatedly, it can be turned off. This is not li ke a full self driving car or an automated assembly line. The pilot is sup posed to be aware and in control at all times.

Ok, I don't know what that title is supposed to mean. Operators in nuclear power plants get a lot of training as well and yet they make mistakes. Wh at is your point?

Going outside the evidence, I think Boeing did screw up, but it isn't in th e design of the MCAS. I think they failed to underline the importance of k nowing how to handle this event and the pilots failed to pick up on the not ices that were sent out. I would have no concerns flying on the 737 MAX ju st the way it is if the pilots are correctly trained.

Rick C.

Reply to
gnuarm.deletethisbit
Loading thread data ...

rote:

gnized that the horizontal stabilizer was moving uncommanded, and should ha ve responded with a standard pilot checklist procedure to handle what? ?s called ?stabilizer runaway.?

d deactivated the automatic stabilizer movement.

before the crash experienced similar behavior to Flight 610 and did exactl y that: They threw the stabilizer cutoff switches, regained control and con tinued with the rest of the flight.'

air-crash/

t they just didn't do what they were supposed to do?

light why was the AOA sensor not replaced ? And why did the pilots not inform the next crew of the problem?

Sorry, I didn't mean the same tail number. But I don't know. Here is the article.

"Boeing has pointed out that the pilots flying the same plane on the day be fore the crash experienced similar behavior to Flight 610 and did exactly t hat: They threw the stabilizer cutoff switches, regained control and contin ued with the rest of the flight."

Do they mean the same tail number? I don't know.

Rick C.

Reply to
gnuarm.deletethisbit

Lion Air isn't exactly known for the quality of its maintenance:

formatting link

In this case I suspect a sensor for a new aircraft type might not be easily available as a spare in far flung places. It was impolite of the previous flight crew not to leave a note for the next one though.

They wrestled with the stick twelve times before finding the MCAS disable button. The second lot got to 21 times and ran out of height.

Heck AA have trouble when they ruin an engine on our side of the pond. And they run some right old clunkers on the transatlantic route.

--
Regards, 
Martin Brown
Reply to
Martin Brown

The problem was that once you got some reading from a sensor it was assumed that it was OK regardless what s*it the sensor was delivering.

On a critical system design, you assume that the sensor values are suspect, until there is some confidence that the value is OK (e.g. two or more sensors show the same value).

That is not the question, you must assume that any sensor or cabling can fail.

While I have not always been too sure about US control systems, but I am certain that even US control system engineers understands much better about this kind of issues.

There are many bright people in the US after all.

Reply to
upsidedown

This is not about the control systems engineers. This is about forgetting about sound engineering philosophy/approach. There was a shitty foundation upon which a fantastically engineered control loop was built upon.

Reply to
bulegoge

OK, so it is flyable without MCAS, so why not disable it when there is some doubt about sensor data ?

When the control systems are updated (after 20-30 years) in US nuclear reactors, I hope they do not hire automaton engineers from Boeing :-(.

Reply to
upsidedown

On Tuesday, March 19, 2019 at 10:52:22 AM UTC-4, snipped-for-privacy@downunder.com wro te:

rote:

te:

g the

the

may

ny

rly.

engineer coding a loop badly. That is a systematic failure of the whole en gineering process of Boeing.

o aoa. So philosophically you better not let something that is not needed t o keep the plane flying cause a plane to crash.

Because MCAS is first and foremost a marketing gimmick. With MCAS the plane fly just like a 737. We call the new plane a 737...we market that no addit ional training is needed to fly the max. And we therefore can't talk about MCAS because when MCAS goes off the plane no longer flies like a 737 and i f we bring that into play someone is going to say that it really isn't a 73

  1. Can you see why this is so damning?

Reply to
bulegoge

snipped-for-privacy@columbus.rr.com wrote in news: snipped-for-privacy@googlegroups.com:

No, it is not. I am sure it was reviewed. That reviewer would be more culpable, IMO, than the person he was charged with monitoring the coding of. That is the entire premise of design review.

You are, again, simplifying.

Reply to
DecadentLinuxUserNumeroUno

I am sure it was reviewed too. My comments were responding to the guy who said the whole thing rests on a single engineer who wrote a crappy control loop. I was basically saying that if a single engineer can write a loop th at brings down a plane then it is not on that guy but rather reflects a sys tematic failure in the whole engineering process. I am sure the loop was v etted

If these planes crashed due to a bug I could almost get it. These planes ( 2 of them for God's sake) crashed due to a far more insidious poison that has taken hold into Boeing's culture.

When the dust clears on the real tradeoffs that Boeing made regarding this MCAS design is clear it will be so obviously horrible that any 10 year old will see the folly in it.

Reply to
blocher

Have you similar examples about Airbus or new Russian/Chineese plains?

A plain can't stop in the middle of the air, a passenger liner can't stop in shallow waters or a nuclear power plant be stopped, it must . run for a week whatever happened.

Thus no ordinary pilot should enter the cockpit.

babysit some system startups. While this may make sense the first time a new control system is used, this can't be a general solution. You cant't expect to have a Boing control system engineer sit on the jump seat every time a 73 MAX is flying somewhere in the world.

As a control system engineer, you can not outsource the critical issues to some inexperienced operator.

Reply to
upsidedown

On Tuesday, March 19, 2019 at 11:44:10 AM UTC-4, snipped-for-privacy@columbus.rr.com wro te:

o said the whole thing rests on a single engineer who wrote a crappy contro l loop. I was basically saying that if a single engineer can write a loop that brings down a plane then it is not on that guy but rather reflects a s ystematic failure in the whole engineering process. I am sure the loop was vetted

( 2 of them for God's sake) crashed due to a far more insidious poison tha t has taken hold into Boeing's culture.

s MCAS design is clear it will be so obviously horrible that any 10 year ol d will see the folly in it.

Just to point to folly. An AoA failure should never crash an airplane. NE VER NEVER NEVER. I know there are engineers at Boeing (not personally but I know corporate culture) that said out loud "We have a situation where an AOA failure can crash this plane" And you know what??? the AOA failure cra shed the plane. That is what I am talking about . I am not an aeronautics engineer, but I know that an AOA failure should not crash a plane. I real ly boils down to this level of non sense. Why did Boeing design a plane whe re an AoA senser failure takes the plane down? It is unacceptable. And th en through some unbelievable convoluted burst of arrogance they encouraged people to keep flying this and a 2nd plane went down

Reply to
blocher

It's the wing center section. We don't want the spar to go right through the cabin, where passengers would have to look at it.

You can't wiggle out of this. Look at the pictures. High wings, low wings, shoulder wings, parasol wings. One of those has this great big thing right on the top of the wing. Nobody even mounts that thing on a pedestal. Pylon.

Reply to
Bonk

snipped-for-privacy@downunder.com wrote in news: snipped-for-privacy@4ax.com:

No, it will be GD. But haha... Boeing will probably buy them by then. ;-)

Reply to
DecadentLinuxUserNumeroUno

tirsdag den 19. marts 2019 kl. 13.40.23 UTC+1 skrev snipped-for-privacy@downunder.com:

rote:

he

y

.

ineer coding a loop badly. That is a systematic failure of the whole engin eering process of Boeing.

even that can fail,

formatting link
_888T

two of the AOA sensors were stuck because frozen water from the plane being washed

"The aircraft's computers received conflicting information from the three a ngle of attack sensors. The aircraft computer system?s programming logic had been designed to reject one sensor value if it deviated significa ntly from the other two sensor values. In this specific case, this programm ing logic led to the rejection of the correct value from the one operative angle of attack sensor, and to the acceptance of the two consistent, but wr ong, values from the two inoperative angle of attack sensors. This resulted in the system's stall protection functions responding incorrectly to the s tall, making the situation worse, instead of better. In addition, the pilot s also failed to recover from an aerodynamic stall in a manual mode in whic h the stabilizer had to be set to an up position to trim the aircraft. But only the stick was applied forward but aircraft didn't trim itself because it was switched to full manual mode. Seconds later the plane crashed into t he sea. "

Reply to
Lasse Langwadt Christensen

I've often wondered why the software can't take more things into account. It knows the power setting, trim position, and altitude. It should be able to figure out the airspeed from these three things even without the needed sensors. In fact, if it kept a running account of these parameters and correlated them with the measured airspeed and AOA, it could detect false readings caused by damaged or frozen sensors.

Reply to
Steve Wilson

Not really simplifying, more like just venting.

Rick C.

Reply to
gnuarm.deletethisbit

On Tuesday, March 19, 2019 at 11:57:24 AM UTC-4, snipped-for-privacy@columbus.rr.com wro te:

rote:

re

who said the whole thing rests on a single engineer who wrote a crappy cont rol loop. I was basically saying that if a single engineer can write a loo p that brings down a plane then it is not on that guy but rather reflects a systematic failure in the whole engineering process. I am sure the loop w as vetted

es ( 2 of them for God's sake) crashed due to a far more insidious poison t hat has taken hold into Boeing's culture.

his MCAS design is clear it will be so obviously horrible that any 10 year old will see the folly in it.

NEVER NEVER NEVER. I know there are engineers at Boeing (not personally bu t I know corporate culture) that said out loud "We have a situation where a n AOA failure can crash this plane" And you know what??? the AOA failure c rashed the plane. That is what I am talking about . I am not an aeronauti cs engineer, but I know that an AOA failure should not crash a plane. I re ally boils down to this level of non sense. Why did Boeing design a plane w here an AoA senser failure takes the plane down? It is unacceptable. And then through some unbelievable convoluted burst of arrogance they encourage d people to keep flying this and a 2nd plane went down

I still don't know why you keep saying false shit. There was no reason why the planes HAD to crash even assuming this was what happened. The PILOTS could have flown the plane if they did what they were supposed to do. If y ou blamed the lack of education or specifically drawing the pilots attentio n to this issue before they entered the planes, then I might agree. But I don't see a problem with the MCAS that meant the plane had to crash when th e AoA failed to work.

You just don't want to read any of the information that explains this.

Rick C.

Reply to
gnuarm.deletethisbit

ht_888T

ng washed

angle of attack sensors. The aircraft computer system?s programmin g logic had been designed to reject one sensor value if it deviated signifi cantly from the other two sensor values. In this specific case, this progra mming logic led to the rejection of the correct value from the one operativ e angle of attack sensor, and to the acceptance of the two consistent, but wrong, values from the two inoperative angle of attack sensors. This result ed in the system's stall protection functions responding incorrectly to the stall, making the situation worse, instead of better. In addition, the pil ots also failed to recover from an aerodynamic stall in a manual mode in wh ich the stabilizer had to be set to an up position to trim the aircraft. Bu t only the stick was applied forward but aircraft didn't trim itself becaus e it was switched to full manual mode. Seconds later the plane crashed into the sea. "

This is why it is not a good idea to quote much from Wikipedia. I can't ma ke out what they are trying to say with this sentence, "But only the stick was applied forward but aircraft didn't trim itself because it was switched to full manual mode."

Rick C.

Reply to
gnuarm.deletethisbit

If you consider the preceding sentence,

"... the pilots also failed to recover from an aerodynamic stall in a manual mode in which the stabilizer had to be set to an up position to trim the aircraft."

They're distuingishing between two different manual modes: "a manual mode in which the stabilizer had to be set to an up position to trim the aircraft" and "full manual mode".

The pilots should have been in the first manual mode, but had switched into the second. Resulting in no stab leading edge going to an up position, just elevator trailing edge going down. Which wasn't enough to break the stall.

Follow the _normal law_ link in the next line and you'll reach "There are four named flight control laws, however alternate law consists of two modes, alternate law 1 and alternate law 2. Each of these modes have different sub modes: ground mode, flight mode and flare, plus a back-up mechanical law." and the nightmare just worsens from there. I can't read it.

Reply to
Bonk

On Tuesday, March 19, 2019 at 10:54:26 PM UTC-4, snipped-for-privacy@gmail.com wr ote:

rote:

e
e

more

y who said the whole thing rests on a single engineer who wrote a crappy co ntrol loop. I was basically saying that if a single engineer can write a l oop that brings down a plane then it is not on that guy but rather reflects a systematic failure in the whole engineering process. I am sure the loop was vetted

anes ( 2 of them for God's sake) crashed due to a far more insidious poison that has taken hold into Boeing's culture.

this MCAS design is clear it will be so obviously horrible that any 10 yea r old will see the folly in it.

NEVER NEVER NEVER. I know there are engineers at Boeing (not personally but I know corporate culture) that said out loud "We have a situation where an AOA failure can crash this plane" And you know what??? the AOA failure crashed the plane. That is what I am talking about . I am not an aeronau tics engineer, but I know that an AOA failure should not crash a plane. I really boils down to this level of non sense. Why did Boeing design a plane where an AoA senser failure takes the plane down? It is unacceptable. An d then through some unbelievable convoluted burst of arrogance they encoura ged people to keep flying this and a 2nd plane went down

hy the planes HAD to crash even assuming this was what happened. The PILOT S could have flown the plane if they did what they were supposed to do. If you blamed the lack of education or specifically drawing the pilots attent ion to this issue before they entered the planes, then I might agree. But I don't see a problem with the MCAS that meant the plane had to crash when the AoA failed to work.

Show me where the official cause of each of these crashes is Pilot error.

Reply to
blocher

ElectronDepot website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.