Boeing knows from a PR perspective that many Americans will be glad to accept that it was the dumb filthy subhuman shithole country pilots who caused the crash to happen and they very much hoped to roll with that explanation if it was just one, except there were two crashes in entirely different shithole countries with entirely different crews, to explain.
That is to say it also starts to look kinda bad if it begins to seem like what they're saying in every case of an overseas crash is "(shithole country) operator error" when most of your sales of a particular product are to said shithole countries because most domestic carriers said "no thanks" to the product.
IDK what version of reality you're watching, but the first crash was Lion Air in Indonesia and from that moment on, the focus has been almost exclusively on the plane, the poor MCAS design and not the pilots. Which is wrong, because there should be focus on both. We need to understand why pilots can't identify a very basic thing, runaway trim and follow the procedure. It's supposed to be a memory item. There are multiple parties to blame here:
Boeing bad MCAS design FAA approving it FAA never informed that the authority of MCAS had been greatly increased Pilots incapable of identifying and dealing with runaway trim.
It's hard to understand how pilots could watch the electric trim run the plane nose down, time and time again, with the trim wheels beside them spinning, showing abnormal trim down, followed by trim up when you corrected it via the trim buttons. Hello? Get it near neutral, where you know it belongs, turn off the electric to stop whatever is causing it to move, and trim manually. In the LA crash they had almost 10 mins to figure it out. The Ethiopians had much less time, but then they also knew about MCAS and the previous crash.
On a sunny day (Mon, 6 May 2019 11:40:04 -0400) it happened bitrex wrote in :
Indeed, software developer for embedded is also a hardware developer, and should have refused or have sounded alarm when asked to code the system. Indeed redundancy is required, but a lot more than that It is possible that the sensor had nothing wrong with it, as in the first crash that sensor was just replaced? Or did they just replace the module with software? Clearly not all data is released! Had a pilot been in the software team (assuming it was a team and not some intern (on speed?) (what I think and have stated before), something totally different would have been created. Now they are doing just those things, having pilot input, made a new system, and are testing that, And again a simple MEMS sensor can see if the attitude of the plane makes any sense and software can then inhibit putting the nose ever more down, a 1$ sensor. Also I have read the new system will now only correct the angle _once_.
I think a "safety" system that is designed to bring the system it's managing the safety of, out of an error state, via some other action which in a different circumstance is also an error state and a safety risk too, has to be able to determine, with high accuracy, whether it's the overall system or itself that is in an error state.
If I'm understanding what I've read correctly (and I accept that I do not, I'm not an aviation engineer but it doesn't seem to stop anyone else from offering their commentary so...) the system relied on one AOA sensor to determine the overall state of the aircraft with respect to what action it needed to take.
but I think there's a fundamental information theory problem there in that with one sensor it doesn't have enough information to determine conclusively whether it's the overall system or itself that is the one in error. As long as everything works fine it works fine, but when it doesn't the system can no longer "reason" conclusively about anything anymore it's like the thought experiment of sitting in the train next to another train and figuring out which of you is the one moving.
And it sounds like the patch is to provide more indirect information from e.g. the airspeed and altimeter but as they don't actually measure the true parameter of interest it would seem to fall under the category of "heuristics" or "hacks."
It seems on paper like a reasonable thing to do and may improve things in empirical testing, but my guess is once you start using hacks like that there's no reasonable way to algorithmic-ally verify that this new system is actually internally logically consistent. it probably isn't.
Automation is probably a net benefit but I don't think aircraft should be flown by the halting problem
yes it does seem strange what the pilots did, but they might have had a reason for it, I guess we will learn eventually
I saw a 737 pilot show in a simulator that it is possible at high speed to get so much nose down trim that is near impossible to move the trim nose up because of the aero dynamic forces, the solution is to dive while trimming but with no altitude to spare that's not an option
Looks good on paper but once you start resorting to indirect heuristics like that it can become very difficult to verify that the system is still logically consistent and not introduce other, more subtle, bugs.
the story is that IBM charged something like a million bucks a line back in the day to modify the Space Shuttle flight control software for that kind of reason. and its code surely has numerous still-undiscovered bugs but irrelevant, now.
mandag den 6. maj 2019 kl. 10.12.17 UTC+2 skrev snipped-for-privacy@decadence.org:
and before that there's a stick shaker and the stick pusher
there is, two switches to turn off electric trim and the pilots are supposed to know how to handle run away trim by memory
You've snipped and avoided several key points from my previous post, so here they are again.....
Disabling the MCAS wasn't trivial. Normally manually operating the controls will disable the autopilot and give control back to the pilots. But MCAS wasn't part of the autopilot and was designed to prevent that.
Don't forget that the *purpose* of MCAS was to *pretend* nothing had changed, i.e. pretend that MCAS didn't exist!
It was far more than "trim".
Hiding behind "properly trained" is frequently an inadequate figleaf. That's definitely the case here, since the the whole purpose of MCAS is, *very explicitly*, to *avoid* having to retrain pilots!
For a long time Boeing has trumpeted that they allow their pilots full autonomy, unlike the Airbus fly-by-wire system. MCAS is a complete change in that philosophy.
You can stall a plane at any attitude and any speed. I've done that, many times.
It is particularly intense when you enter a spin at 100ft AGL.
On the bright side the DC-10/MD-11 eventually became a well-regarded aircraft and is still used by many cargo fleets today
The most shocking thing is that the problem occurred so frequently.
The system's entire *purpose* was to *avoid* new *training*.
"No new training" was the *reason* the system was installed.
So the concept of "properly trained" is a complete misdirection, in the sense that magicians misdirect their audience's attention.
incidentally the oldest bucket I've had the pleasure of flying on was a DC-9, New York Air. It must have been 1985 or 1986 I was very young but I still remember the plane with the apple on the tail. It was probably a unit from the late 60s. What a bucket
False.
The problem is that when approaching a stall, the SOP is to increase engine power. In the 737 MAX (unlike all other 737s) that causes a pitch up due to the changed engine position. That pitch up increases angle of attack, thus driving further into the stall.
MCAS was designed to sense that, and pitch down in a way invisible to the pilot - so that no new training was required.
False, or at least irrelevant.
The MAX's changed aerodynamics make it more likely to encounter high AoA, and if it does, the changed aerodynamics force it into even higher AoA.
MCAS was designed to detect and prevent the latter - without the pilot being aware of any changes. "No new training required, because it behaves the same".
Correct, but they did employ the people that set the company ethos that allowed (and possibly encouraged) the corner cutting.
Marketing pushed for "no new training necessary, because it behaves the same". We have no idea as to whether engineers pushed back.
This marketing push and corporate ethos thing is reminiscent of the VolksWagen diesel fiasco.
Sometimes when I'm in a hurry I forget to unplug my car from the electric charger port which is a thing I've done hundreds of times before and a totally dick-headed thing to forget, thoughtfully the GM engineers made it so the gear shift locks in park when the cable is connected so you can't rip the whole charge port out as you drive away. Well at least I've never done it at a gas station.
I propose a psychological phenomena called "Transient Reactive Incompetence" - when faced with a combination of unfamiliar situation or high stress levels, and presented with a set of options, humans will tend to pick the least advantageous options despite the information they already know that suggests to do otherwise
Basic training is that you can stall an aircraft at any attitude and any speed. I've done some :)
afaiu and heard from pilots who fly the things all aircrafts with under wing engines including the 737 NG will pitch up with power the pitch up is just stronger with the 737 MAX
IIRC the whole point of the system is that the envelope between where the stick-shaker would engage to give warning and the entry point of a catastrophic stall is not large
ElectronDepot website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.