Flawed Analysis, Failed Oversight: How Boeing, FAA Certified the Suspect 737 MAX Flight Control System (seattletimes.com) 471
In one of the most detailed descriptions yet of the relationship between Boeing and the Federal Aviation Administration during the 737 Max's certification process, the Seattle Times reports that the U.S. regulator delegated much of the safety assessment to Boeing and that the analysis the planemaker in turn delivered to the authorities had crucial flaws. 0x2A shares the report: Both Boeing and the FAA were informed of the specifics of this story and were asked for responses 11 days ago, before the second crash of a 737 MAX. [...] Several technical experts inside the FAA said October's Lion Air crash, where the MCAS (Maneuvering Characteristics Augmentation System) has been clearly implicated by investigators in Indonesia, is only the latest indicator that the agency's delegation of airplane certification has gone too far, and that it's inappropriate for Boeing employees to have so much authority over safety analyses of Boeing jets. "We need to make sure the FAA is much more engaged in failure assessments and the assumptions that go into them," said one FAA safety engineer. Going against a long Boeing tradition of giving the pilot complete control of the aircraft, the MAX's new MCAS automatic flight control system was designed to act in the background, without pilot input. It was needed because the MAX's much larger engines had to be placed farther forward on the wing, changing the airframe's aerodynamic lift. Designed to activate automatically only in the extreme flight situation of a high-speed stall, this extra kick downward of the nose would make the plane feel the same to a pilot as the older-model 737s.
Boeing engineers authorized to work on behalf of the FAA developed the System Safety Analysis for MCAS, a document which in turn was shared with foreign air-safety regulators in Europe, Canada and elsewhere in the world. The document, "developed to ensure the safe operation of the 737 MAX," concluded that the system complied with all applicable FAA regulations. Yet black box data retrieved after the Lion Air crash indicates that a single faulty sensor -- a vane on the outside of the fuselage that measures the plane's "angle of attack," the angle between the airflow and the wing -- triggered MCAS multiple times during the deadly flight, initiating a tug of war as the system repeatedly pushed the nose of the plane down and the pilots wrestled with the controls to pull it back up, before the final crash.
[...] On the Lion Air flight, when the MCAS pushed the jet's nose down, the captain pulled it back up, using thumb switches on the control column. Still operating under the false angle-of-attack reading, MCAS kicked in each time to swivel the horizontal tail and push the nose down again. The black box data released in the preliminary investigation report shows that after this cycle repeated 21 times, the plane's captain ceded control to the first officer. As MCAS pushed the nose down two or three times more, the first officer responded with only two short flicks of the thumb switches. At a limit of 2.5 degrees, two cycles of MCAS without correction would have been enough to reach the maximum nose-down effect. In the final seconds, the black box data shows the captain resumed control and pulled back up with high force. But it was too late. The plane dived into the sea at more than 500 miles per hour. [...] The former Boeing flight controls engineer who worked on the MAX's certification on behalf of the FAA said that whether a system on a jet can rely on one sensor input, or must have two, is driven by the failure classification in the system safety analysis. He said virtually all equipment on any commercial airplane, including the various sensors, is reliable enough to meet the "major failure" requirement, which is that the probability of a failure must be less than one in 100,000. Such systems are therefore typically allowed to rely on a single input sensor.
Boeing engineers authorized to work on behalf of the FAA developed the System Safety Analysis for MCAS, a document which in turn was shared with foreign air-safety regulators in Europe, Canada and elsewhere in the world. The document, "developed to ensure the safe operation of the 737 MAX," concluded that the system complied with all applicable FAA regulations. Yet black box data retrieved after the Lion Air crash indicates that a single faulty sensor -- a vane on the outside of the fuselage that measures the plane's "angle of attack," the angle between the airflow and the wing -- triggered MCAS multiple times during the deadly flight, initiating a tug of war as the system repeatedly pushed the nose of the plane down and the pilots wrestled with the controls to pull it back up, before the final crash.
[...] On the Lion Air flight, when the MCAS pushed the jet's nose down, the captain pulled it back up, using thumb switches on the control column. Still operating under the false angle-of-attack reading, MCAS kicked in each time to swivel the horizontal tail and push the nose down again. The black box data released in the preliminary investigation report shows that after this cycle repeated 21 times, the plane's captain ceded control to the first officer. As MCAS pushed the nose down two or three times more, the first officer responded with only two short flicks of the thumb switches. At a limit of 2.5 degrees, two cycles of MCAS without correction would have been enough to reach the maximum nose-down effect. In the final seconds, the black box data shows the captain resumed control and pulled back up with high force. But it was too late. The plane dived into the sea at more than 500 miles per hour. [...] The former Boeing flight controls engineer who worked on the MAX's certification on behalf of the FAA said that whether a system on a jet can rely on one sensor input, or must have two, is driven by the failure classification in the system safety analysis. He said virtually all equipment on any commercial airplane, including the various sensors, is reliable enough to meet the "major failure" requirement, which is that the probability of a failure must be less than one in 100,000. Such systems are therefore typically allowed to rely on a single input sensor.
This is going to be one of the biggest lawsuits ev (Score:4, Interesting)
Re: (Score:2, Interesting)
There's a good chance the aftermath of this is going to bankrupt Boeing.
The evidence for gross engineering negligence is piling up, and they are not going to live through the results.
Re:This is going to be one of the biggest lawsuits (Score:5, Insightful)
On a side note, this story from the Seattle Times shows how important investigative reporting is to society. If the government ever gets serious about regulating private enterprise again, it will be due to stories like this, and the resulting public outrage. We are yet again in their debt.
Re:This is going to be one of the biggest lawsuits (Score:4, Insightful)
It isn't just the FAA, this is a problem with many if not MOST of the Federal Regulatory agencies....
Look at the FDA rosters, and you can easily see why we won't ever get sensible food regulations/recommendations the would actually help address obesity, etc....in the US.
Re:This is going to be one of the biggest lawsuits (Score:5, Informative)
The term is "regulatory capture", and it's been blamed for the Deepwater Horizon incident [huffingtonpost.com], and Wall Street's shenanigans [businessinsider.com].
From that second link, "the process by which regulatory agencies eventually come to be dominated by the very industries they were charged with regulating. Regulatory capture happens when a regulatory agency, formed to act in the public's interest, eventually acts in ways that benefit the industry it is supposed to be regulating, rather than the public."
Re:This is going to be one of the biggest lawsuits (Score:5, Insightful)
Boeing did all these dodgy hardware and software hacks just to avoid the time and cost of certifying a new type. This was a panicked rush to market, to compete with Airbus 320neo. Which isn't crippled by stubby landing gear like the 737, so its engines can placed in an inherently aerodynamically stable position.
Because it wasn't a new type, FAA did not require that pilots be certified. And furthermore Boeing buried the details of how to fully return the plane to manual control, because that would conflict with the story they told the FAA about unchanged flight characteristics. Unfortunately for all involved, Max 8 really did have a new flight characteristic: falling out of the sky under computer control.
So yes, Boeing is going to pay out the biggest settlement in aviation history. There is just no way to escape culpability. And we have a huge indictment of Trumpist deregulation too: industry didn't win by weakening FAA oversight, rather it lost big league.
Questions for the system designers here (Score:4, Insightful)
[quote]only two short flicks of the thumb switches[/quote]
In the systems you design, typically how many times is the user expected to press the Stop Trying To Kill Us button before the system leaves off trying to do so?
Re:Questions for the system designers here (Score:5, Funny)
Otherwise, I use two. I'd use one, but Amazon also has the patent for single-click Sop Trying to Kill Us buttons in addition to single-click purchasing.
Re: (Score:3, Funny)
Infinitely many, but then again I'm designing a robot system that's specifically designed to kill humans.
But, like Octillion Killbots [fandom.com], Boeing 737 MAX planes have a preset kill limit. The only way to defeat them is to throw wave after wave of passengers at them ...
Re: (Score:2)
Re:Questions for the system designers here (Score:5, Informative)
If they had turned off the faulty system, it would have stayed off and they would have been fine. They didn't tell the system to stop. They just counteracted its instructions.
Especially with the Lion Air crash, it's kind of hard to turn off a faulty system when you aren't aware of it's existence. The crew on the final flight the night before got lucky: they had the same issue but went through a checklist that had the very fortunate but unintended side effect of disabling the system.
Re: (Score:3)
That's true, although the only way to turn off the system (which they didn't know existed) is to turn off the electric trim system entirely. Doing that would mean they would have to turn the trim wheels by hand. If you watch a video of it, the electrical system turns the wheels a lot, and quite fast.
They should have turned it off, but if you have to keep trimming up and you're not sure why, you might hesitate to turn off the system that's letting you do so quickly.
Auto pilot was off. (Score:2)
Dude, auto pilot was off. All auto systems that were in the manual were off.
Re: Auto pilot was off. (Score:5, Informative)
Auto pilot has nothing to do with this.
Except in the 737 MAX it kind of does. The mode of the adjustments used by the autopilot and the stall avoidance system is by adjusting the aircraft trim by turning the rear horizontal stabilizer trim jack screw. Also, I'm told that the same sensors used by the autopilot, or at least some of them, are used by the stall avoidance system.
However, turning off the autopilot doesn't disengage the stall avoidance system. It keeps doing it's thing regardless.
The problem here is that the aircraft is pretty much flyable even with the system malfunctioning, IF you understand what's happening and how to counter it. IF you don't understand what's happening though, the aircraft becomes unstable and your natural tendency is likely to do the wrong thing.
There are a number of non-intuitive things about flying that pilots must be trained to do. Stall/spin recovery is one of these things. When the nose of the aircraft fall though the horizon when you are tying to pull it up, the tendency is to pull harder, but when you are stalled, the right thing to do is push the nose down, stay coordinated and add power if you can. If you go with your natural tendency, and keep pulling, you are going to spin it eventually, which is MUCH worse. So, pilots practice this... A LOT... Fly into a stall, or nearly a stall, recognize how the aircraft feels as the AOA approaches the limit and then when it actually stalls, immediately do the right recovery... How do I know? It was one part of my check ride that I nearly failed when I went for my license. The Examiner said I spun on departure stalls (i.e. didn't stay in coordinated flight on stall so it broke one side first) but let me pass when he tried it twice and spun himself because the C150 was so badly rigged. Made me do 5 hours of departure stall and spin recovery training as a condition of granting my license.
Re: (Score:3)
Re: Auto pilot was off. (Score:5, Interesting)
The pilots thought it was relevant, they thought that without auto-pilot on there were no automatic systems overriding their controls.
Should they have treated it like any other trim failure, sure. Does the system betraying expectations increase the chance of cognitive dissonance and them failing to do so, of course.
Re: (Score:2)
Re:Questions for the system designers here (Score:5, Informative)
They were flying by hand. The problem is that the MCAS system is designed to add extra control inputs to the pilot's inputs to make the airplane behave the same as older 737s. And at high angles of attack (or when it thinks the angle of attack is high) it pushes the nose down to prevent a deep stall which would otherwise be a serious risk on this variant of the 737 due to the placement of its engines.
The part about single sensors being allowed if the chance of failure is less than 1 in 100000 is the biggest bullshit I've ever heard in my life as an airline pilot. If there are hundreds of parts that all have a 1 in 100000 chance of failure, that means failures will happen quite often, especially with thousands of planes flying around. And indeed failures do happen regularly, that's why airplanes normally have loads of redundancy. Airspeed, for example, is measured on most airplanes by three different pitot tubes that feed into three different air data computers that constantly compare their data. If one of them is different, it shuts down and throws a failure message.
That's just one example of many. Airliners have two fuel pumps per tank, several isolated hydraulics systems, several electrical systems with equipment spread over many buses with fault monitoring on all of them, etcetera.
If an engineer designs a plane so it overrides pilot inputs and pushes the nose down based on input from a single sensor, that engineer deserves to go to prison and be barred from practicing engineering for the rest of his life. In aviation, this kind of screw-up is simply unforgiveable.
Boeing is currently testing the common sense fix which crosschecks the angle of attack with other data (airspeed, inertial reference system, attitude,...), which is what they should have done from the beginning.
By the way, Airbus made a similar mistake not that many years ago, which was fixed with extra procedures and software updates. One would have expected Boeing to learn from Airbus' mistakes...
Re:Questions for the system designers here (Score:5, Insightful)
If an engineer designs a plane so it overrides pilot inputs and pushes the nose down based on input from a single sensor, that engineer deserves to go to prison and be barred from practicing engineering for the rest of his life.
I'd argue that the Boeing and FAA managers that approved such a system should get locked up while the engineer should be sent back to engineering school and learn how to say "no" if asked to design such a system again.
Re:Questions for the system designers here (Score:5, Interesting)
In some sense nobody really made the decision to use this design without redundant sensors. According to the article, the system was approved with a relatively small amount of authority - it could only move the tail by 0.6 degrees. That wasn't a bad enough issue to warrant redundancy. The problem is that the authority was then increased to 2.5 degrees, more than 4 times larger, and the safety impact was simply never re-evaluated due to the rush to get it on the market. Even documents given to other country's air safety bodies still listed the 0.6 degrees. The explosive thing about this, which is why the article predates the second crash, is that this puts the whole process in doubt. How many other numbers in the documents are just fiction? How many other safety evaluation chains have not been updated due to the rush to market? Does this amount to fraudulent behavior on the part of Boeing? My expectation is that the engineer who upped the authority from 0.6 to 2.5 did so with the intent, possibly even documented, that the safety would be re-evaluated before the jet went to market.
It's also unclear why the authority was listed as 0.6 degrees when the system could repeatedly reset itself and do it again, effectively giving it infinite authority. That is more along the lines of your question, but I think it actually wasn't clear why the ability to reset was not included in the safety analysis. This really looks a lot like an updated safety analysis was planned, postponed, and then just never done until after the Lion Air crash.
MCAS could cause to-the-stops nose-down trim. (Score:5, Interesting)
“So once they pushed a couple of times, they were at full stop,” meaning at the full extent of the tail swivel, he said.
So in summary a system FAA-certified on the basis of being able to adjust nose-down trim by 0.6 degrees could actually, (after a few cycles of the pilot correcting it a little bit with trim up), command full nose-down trim, about 5 or 6 degrees tailplane tilt.
All of this relying on input from a single angle-of-attack sensor. Get this, the plane has two such sensors, one on each side, but the MCAS only uses input from one of them!!! ! !! ! ! ! ! What the hell? If you use two of them, then your software can check if they diverge, and disable systems relying on the input, and warn the pilots. That is some criminally bad development cost saving judgement there.
Re:Questions for the system designers here (Score:5, Informative)
A system designed to overcome aerodynamic flaws of larger engines is not a major failure scenario?
Of course it is, but what is the safe action? Return control to the pilot when the system is designed to actively kick in to prevent the pilot stalling, or to maintain control in the face of being wrong (which is what happened here).
what pilot would trim up 21 times before disconnecting auto pilot and flying by hand while figuring out what is going on. This is showing the pilot is way to reliant on computers rather than hand flying the plane
You made a dangerous assumption and misplaced your blame. Autopilot was not enabled here. Engaging autopilot disables MCAS and disabling autopilot enables MCAS, which comes back to the pilot training component of the Lion Air investigation. The system as designed is too complex to disable under stress.
Who's at fault here, Boeing or the country with lax pilot regulation?
With your second point specifically identified early in the investigation, Boeing. They are the ones who provide the pilot training materials for their planes.
Re:Questions for the system designers here (Score:5, Interesting)
<quote><p>A system designed to overcome aerodynamic flaws of larger engines is not a major failure scenario?</p></quote>
<p>Of course it is, but what is the safe action? </quote>
The safe action is the one that nobody is talking about. The previous version of the 737 had engines so big that they had to flatten the intake on the bottom so it would fit under the wing. That should have been a clue that the existing 737 design was already at its limit. By putting even larger engines on it, they had to mess up the aerodynamic stability of the aircraft such that they had to implement this software fix just to get through the approvals. It's pretty obvious that someone should have said: "look, the 737 is great, but it's at end of life. We need to make a new aircraft design now."
Imagine if we were still flying the DC-3 with every new technological advance since it was designed kludged on to it even though it was never designed for them? At a certain point you need to realize that your design is at the end of its life and move on.
But that costs money, and apparently hundreds of lives.
Re: (Score:2)
this is like you are going up a hill and cruise control decides
Not really. What it is actually "like" is you are trying to climb in an aircraft but the "cruise control" keeps trying to fly you into the ground. So you tap "Stop Trying to Kill Us" and it does for a few seconds, only to resume trying the exact same thing again. Repeat 22 more times until either your thumb or your brain's capacity for CRM is overhwhelmed and everyone dies.
Re: (Score:2)
Re: (Score:2)
You're half way there. 21 * 2 = 42. That's the appropriate number of times to have to override.
So, the Answer to the Ultimate Question of Life, The Universe, and Everything.
boing is at fault (Score:3)
Boing is at fault. They should have made it mandatory and presented it as a major system which could lead to major lethal problem in case of misunderstanding or failure or mishandling. Instead they made it an option, a "don't worry not too important" case. They are the one knowing the consequence, so they are the ones which should have insisted. But by the sound of it, it was passed off
Re: (Score:3)
The system for disabling the system is relatively complex especially in a scenario when both pilots use all their strength to keep the plane level. Also it's my understanding that pilots weren't trained in doing this or even informed about the existence of the system, could be wrong.
Now I am even more worried... (Score:4, Insightful)
Re: (Score:2, Interesting)
Yeah, but that costs extra, and making it an option allows Boeing to nickel-and-dime the airlines that want to look more professional.
And we can't have these costly things being mandatory in a free market neo-liberal economy!
Re:Now I am even more worried... (Score:4, Informative)
It doesnt' have to cost extra. There are already other sensors that would give signals corresponding to an approaching stall condition that the computer could use to correlate.
Re:Now I am even more worried... (Score:5, Interesting)
In general if you have 2 sensors that disagree significantly, you disable all functions that rely on those sensors and issue an alarm.
You might be able to decide which sensor is correct from data from other systems, but that is another story
Re:Now I am even more worried... (Score:4, Interesting)
Right, automation is good but when lives are on the line....one needs to take every precaution and think about failure cases. I saw a video elsewhere that said that there was an easy way to disable the sensor, but when the pilot only has a few seconds to respond and he is busy trying to keep the plane in the air... in either case, even if we agreed that 1 sensor is enough, 1 in 100K chance doesn't sound reliable enough to me.....I'd rather see 1 in a million minimum, 1 in a billion ideally.. You might need to 5 sensors where at least 3 of them must trigger fault to get super reliability. I'm not sure how expensive or tricky placing several of these sensors is.... In any case, non of us are pilots so its all speculation here.
Politics and economics wise, the US Air Force was reported to have recently chastened Boeing for QA issues. China and Europe, which want to dominate high tech airplanes have a vested interest in taking down Boeing. But, it sounds like Boeing did this all to themselves....perhaps cutting corners to increase time to market and production speed.
As for the FAA, I never have high expectations of any government agency to look out for public safety over vested national and economics interests. Letting companies get sued into bankruptcy with the CEO's unemployable when they massively screw up is a much more compelling and reliable way to ensure corners aren't cut.
Re: (Score:2)
Re: (Score:2)
And I'm wondering, what does 1 in 100,000 mean?
Is it 1 in 100,000 instruments over their lifetimes? That would be pretty good, but it obviously hasn't met that criteria.
Is it 1 in 100,000 flight hours? That wouldn't be very good for a harzadous failure like this.
Bottom line, though, is that Boeing should have had training materials about this failure mode.
Re: (Score:2, Informative)
Technically at 1 failure out of 100k makes this a seven 9's system. That's on pair with medical devices and aerospace systems. That's a very stable system in general.
To put that into perspective, if you were running trying to run a system with a seven 9's uptime that ran 24/7/365 you would only have outage of about 36 mins over the course of a year. These are very stable and dependable systems.
99.99999% ("seven nines") is only 3.16 seconds per year, not not 36 mins. That is closer to 4 nines, which might be fine for Facebook, but not the plane that I'm getting on.
Re: (Score:2)
Re: (Score:3)
I saw a video elsewhere that said that there was an easy way to disable the sensor, but when the pilot only has a few seconds to respond and he is busy trying to keep the plane in the air...
...then it's a training issue. They didn't train for that failure enough. If airlines want to fly planes with new technology, they have a responsibility to make sure that pilots are trained on it. Fighting the plane while ignoring the warning that the plane thinks something wacky is going on is pilot error, but the fault likely lies with the airlines' training requirements being designed primarily for low cost rather than for adequacy.
Re: (Score:2)
With 2 sensors how does the software know which is right when they disagree ?
At least one possibility is laid out in TFA -- measure both sensors against a known point of reference when the plane is taxiing and therefore has an angle of attack of basically zero.
It's extremely disconcerting that (1) they had two sensor inputs available but apparently chose to use only one; and (2) they apparently chose not to calibrate or otherwise validate the sensors before making use of them in a given operational cycle .
Re:Now I am even more worried... (Score:5, Informative)
With two sensors, if they disagree, you scream and don't do anything. The human then has to decide what's going on. That scenario is fine (even desirable) for a supplemental system like the MCAS. It's very, very unlikely that both of the sensors would get stuck in the same position, although you'd want to make sure that doesn't happen if some twit leaves a protective cover on them or something.
A really critical system, that can't be shut off, should have triple redundancy.
Re:Or 7 Times Redundancy (Score:5, Interesting)
I'm not a big fan of MBAs, but this was a pretty long and complicated chain of errors. From what I gather: Boeing wanted to keep the 737's low ground clearance but needed to put bigger engines on to match the efficiency of the new A320s, which meant changing the aerodynamics. Boeing also wanted pilots to be able to do a simple difference training course, rather than have to recertify on a new aircraft, so they invented MCAS. The engineers must have figured that it was a supplemental system, and easy to turn off if it malfunctioned, so they chose to make it kick in aggressively rather than conservatively (either sensor says go, rather than both sensors say go). They also made it harder to turn off than the old system, probably by accident. Then Boeing decided not to mention the new system to pilots in that difference course, to avoid confusing them.
Lots of errors to go around. Some are definitely cost saving, but some are probably a result of not enough whole-system oversight. The decision to go based on one sensor is a bit mystifying. There are already two AoA sensors on the aircraft, and lots of other ways of cross checking them. In fact, Boeing is releasing a software update to add all that cross checking in, so it's not even a hardware limitation.
The 737 MAX isn't actually aerodynamically unstable in normal flight. Any airliner, including all the 737s, with the standard under-the-wing engines will have off-axis thrust that will add a bit of pitch up. The aircraft is designed to compensate for that in normal flight, but in a stall if the pilot gooses the engine it can make it impossible to recover. 737 pilots (including the older model) are trained NOT to increase throttle in a stall because of it. The MAX handles differently in that situation, so they added MCAS so the pilots wouldn't have to be trained in a new stall recovery procedure.
Re: (Score:2)
The statement of using only one sensor is scary especially for something that automatically adjust the flight path, but even having two is scary. With 2 sensors how does the software know which is right when they disagree ? For true fault tolerance you need a minimum of 3 sensors
It is scary, but it is also a trend. As we have continued to advance in our sensor and instrumentation development (not only in airlines but across many industries where sensors are required) we have become increasingly more reliable. As new standards are published they have continued to reduce requirements for redundancy and independence for safety critical equipment. Even the latest IEC standards stopping your local chemical plant from gassing all its neighbours is following this trend.
That said, I can't
Re: (Score:3)
Re: (Score:2)
This.
For manually flying IFR, the answer is that you compare multiple instruments. If the artificial horizon tells you that you're flying straight and level, but your compass is spinning, your altimeter says you're losing altitude, and your engine is revving higher than what it normally does for where the throttle is at...you know the artificial horizon is broken AND that you're in a spiral dive.
The fact that the computer did not have a backup AoA, but that it is not constantly cross-checking against all t
Re: (Score:2)
And every good engineer in the safety/security space knows that. But bring in some MBAs and they will find statistics that say this can be done cheaper. And cheaper. And then a lot of people die.
This is pretty much what I would have written when I had heard of the single sensor before these crashes. It is bloody obvious.
They have been working for a while you know (Score:2, Interesting)
it'll be safer to buy Delta tickets than find that other airlines are again allowed to put these Max planes back in the air
You said "Safer" and "Delta" in the same sentence, hmm...
This issue seems like something the pilots can work around if they know what is going on, which the U.S. pilots seem to.
I got an email from Southwest Cargo related to the Max, they stated:
While we remain confident in the MAX 8 after completing more than 88,000 flight hours accrued over 41,000 flights, we support the actions of th
Re:They have been working for a while you know (Score:4, Insightful)
This issue seems like something the pilots can work around if they know what is going on, which the U.S. pilots seem to.
Based on:
That's a lot of flights they have done with the plane, so it's not like the plane is inherently unsafe
You can't draw that conclusion from the data they presented you. This isn't like a plane that is hard to fly. What we are talking about here is pilots responding to a very specific instrumentation problem. The only relevant statistic for how well U.S. pilots can cope with this is how many times Southwest Cargo pilots have suddenly had MCAS fail on them and try to trim down the nose, and how many times in the face of this problem they successfully disabled the system and landed safely. The total number of hours in the air is entirely meaningless to what your pilots know or are capable of.
so it's not like the plane is inherently unsafe
Indeed the plane is not inherently unsafe, however it presents an incredible risk to crew and cargo when a very specific instrumented failure occurs.
Not inherently unsafe? (Score:2)
Re: (Score:2)
This issue can be worked around. The question is: are there other issues that were similarly glossed over? I'll agree, Southwest is probably fine. This kind of thing is exactly why they have a single type fleet, because they can use the experience over their whole fleet. There is a good possibility that this issue and some others are included in their internal supplementary flight training, without knowing in advance that any particular one has such dire consequences. But they aren't the only air carri
Re:Disabling the system is okay. I designed one (Score:4, Insightful)
> This system is designed to detect when the pilot has seriously screwed up, pointing the nose way too high.
Not even close! The plane NATURALLY wants to stand on it's tail at high power output. That's what moving the engines CAUSED. To compound the matter, the engine nacelle shape itself at certain AoA adds to the lift which can exacerbate the problem till it's no longer recoverable. Put your RC plane near vertical and watch what happens... (Well, RC planes generally have massive imbalance of thrust to weight ratio unlike real planes so doubtful you can actually demonstrate the problem)
Re:Now I am even more worried... (Score:5, Informative)
You can't disable a primary flight control system suddenly. That's what the problem is here. They get data from 2 sensors to determine AOA, one gets anomalous readings but the system doesn't know that. There's no way to know with 2.
Except, with an airplane, there is. There is GPS data. There is historical telemetry (and by historical, I mean the past ten seconds). There is engine speed data, altitude data, and airspeed data. All of this is already collected.
If the AoA is increasing, you'd expect the altitude to start increasing, the plane to start slowing, the engine RPM to decrease due to the increase load. All of these would correlate with GPS telemetry. Having the lives of 150 people hang on the reliability of a potentiometer attached to a weather vane is incredibly stupid.
Collusion between Govt and Business (Score:3, Insightful)
This smells like a collusion between Boeing and the US Government (FAA) in order to rush through certification to be anti-competitive to the Airbus product that was ready for this area.
The resulting hundreds of dead is a testament to failed oversight and cost-cutting, lack of redundancy, and what appears to be basic lying to other air regulators.
Almost certainly this will come back to bite Boeing badly - firstly the lawsuits from the families of the dead, second with sales on what many people would consider a flying death trap of a plane design. It will take a while for this taint to be forgotten, assuming that it is fixed, redundant systems are installed on all planes, and that they pass more robust certification processes around the world.
Re:Collusion between Govt and Business (Score:5, Interesting)
Well, you may be right that this smells... And you may be right in your assumption that Boeing rushed through the certification process and the FAA failed in its oversight capacity and Boeing will be left liable for a pile of money... However, the implication that there was some kind of behind the scenes collusion deal between the FAA and Boeing though is a pretty heavy lift as you have crossed over from civil liability into criminal activity where the burden of proof moves from preponderance of evidence to beyond a shadow of a doubt.
But, the Civil liability problem here will be borne by Boeing's insurance companies and punitive damages will rack up some pretty big numbers for the victims as a result which will come out of Boeing's profits after being tied up in court for about a decade on appeal.
The end result will be that the aircraft will be rendered fit for service pretty quick and sales of the 737 MAX will resume unabated perhaps with a new name, with some PR efforts by Boeing and the airlines that fly these aircraft for a reason (they are cheaper to operate). There is nothing systemically wrong with the aircraft mechanically or aerodynamically and this flight control issue will be resolved, albeit by adding multiple sensors, cross checking of existing and redundant sensor data along with some software fixes and pilot training.
I'm no Boeing fan boy, but let's be reasonable here. Yes, this will hurt Boeing in the short term and the awards will initially be sizeable, with the punitive part getting appealed and appealed for at least a decade before they get paid. This will largely be paid by their insurance carrier and their premiums will be assured to rise. However, these awards pale in comparison to the cost of an aircraft development program and Boeing won't struggle to pay them when they come due. The aircraft system will be reevaluated and redesigned as necessary to account for lessons learned. Any folks who should have known better in the decision tree for fielding and certifying the 737 MAX will be rooted out, processes to make sure this kind of thing doesn't slip by again will be introduced and we will return to normal.
Where this mistake is bad, let's put it in prospective for the nations air safety. We've come a LONG way from the 60's when the accident rates where huge compared to now or even the 90's on air safety, when DC-10's where crashing right and left from Cargo doors blowing open and uncontained turbine failures. It's been a LONG time since the last major management mistake in air safety. A very long time. Humans make mistakes and flying is a risky business that quickly turns mistakes into tragedy, we won't avoid human error in the future, all we can do is try and catch it before it kills anybody.
Re: (Score:3)
Everything will be in the paper trail. That, and dead bodies, is a conviction.
If not in the USA, then in any other country willing to prosecute on behalf of their dead citizen.
Sure, but if said person is not IN said country and extradition treaties are not in existence, what does it matter? Not a whole lot.
I can go to Sealand and get a judgment, but who's going to enforce it? Who's going to honor the judgment in the USA? It's not like you can contact the local Sherriff and get him to enforce a judgment from outside the country.
Also, don't forget there is a vast difference between civil judgments (i.e. money awards) and criminal charges.
Re: (Score:2)
Both Boeing and the FAA are following the same interests in principle: Allowing a safe aircraft to fly. It appears someone screwed up - that aircraft apparently ain't safe.
I can think of a similar case, June 3 1998 in a place called Eschede in Germany. Some of the wheels broke up on a train travelling at around 125 mph, part of the train smashed into a bridge which brought the bridge down on the rearmost part of the train. 101 dead and 88 badly injured.
It turned out that that particular version of the IC
Regulatory capture at its worst (Score:5, Informative)
Re: (Score:2)
It's a win-win: Boeing wins because they reduce R&D and materials costs in getting subpar designs certified that otherwise would be rejected.
The win they went for is much, much bigger than this. It is market opportunity. By "streamlining" (gutting) regulatory oversight they can get their new models to market faster against the still competition of Airbus, and book more sales. That is an enormously larger gain than R&D costs. Every airline that already received one of these has parted with their money. Boeing doesn't give refunds.
I don't know if I'd call it self regulation (Score:4, Insightful)
But I wouldn't call it "regulatory capture" either, since Boeing were left to their own devices. They didn't have anything to capture.
No, what we have here is plain, good 'ole deregulation. These days regulation > deregulation is automatic in most people's minds. Between this, Flint Mi, and the 2008 crash I hope folks are starting to change their minds in that regard.
Re: (Score:3, Insightful)
It should be noted that lots of other regulationors offload the work (and thus the cost) of implementing those regulations ont
Re: (Score:3)
If you think for a second that PCI is a neutral party, you're out of your mind.
Re: (Score:3)
This is what happens when oversight is thrown away and the lobbyist run the government.
wrestling with automatic systems (Score:3)
> Yet black box data retrieved after the Lion Air crash indicates that a single faulty sensor -- a vane on the outside of the fuselage that measures the plane's "angle of attack," the angle between the airflow and the wing -- triggered MCAS multiple times during the deadly flight, initiating a tug of war as the system repeatedly pushed the nose of the plane down and the pilots wrestled with the controls to pull it back up, before the final crash.
Jesus, what a nightmare. And, I'm sure, no way of turning off the MCAS even though it was clearly malfunctioning. That has to be the worst last moments for a pilot, ever.
I read in a different article that the reason for the airframe design has its roots in the way airports were designed decades ago. Before they had those mobile tunnels that connected between the terminal and the plane, passengers had to walk out to the plane and ascend on a portable stairway. To make boarding easier, the original 737 was designed to be lower to the ground, so there wouldn't be as many steps to board. That part of the 737 design was never changed, and it made the airframe changes for the Max very awkward to implement. Hence the necessity for something like the MCAS, and hence the current mess.
Re: (Score:2)
Jesus, what a nightmare. And, I'm sure, no way of turning off the MCAS
There's a switch, and a warning when MCAS activates, according to assorted comments in related discussions. That makes the crash a combination of bad design, equipment failure, and pilot error.
I read in a different article that the reason for the airframe design has its roots in the way airports were designed decades ago.
I read in slashdot comments :D that the reason for MCAS is the poor choice of putting too-big engines on this plane instead of doing a new design. It doesn't matter why the old design wasn't suitable for larger engines, the problem was not coming up with a new design that is suitable.
Re: (Score:2)
Hm. Ultimately, you are correct, but I think knowing the root of the design decisions points up another failing -- the company's tendency (or perhaps industry's tendency) to reuse old airframes for new designs. I suspect it's hugely more expensive to design a new airframe (Boeing's "new" dreamliner design is now 15 years old) rather than retrofit an existing one, and there's way too much financial temptation to leverage existing designs, even (this is the important part) where inappropriate.
But whatever,
Re:wrestling with automatic systems (Score:5, Insightful)
"but I think knowing the root of the design decisions points up another failing -- the company's tendency (or perhaps industry's tendency) to reuse old airframes for new designs."
Only this has nothing to do with current situation. Of course incremental development is inherently cheaper and safer and of course too, when time comes a new development is due, which Boing perfectly knows.
This was just because of time and time only: they wanted to fight in the current wave of companies' renovation against Airbus, which, because of timing too, was on the market with a more modern system (it will probably be the other way around in, say, five years): they couldn't reach the market on time with a new airframe but they could do if they just scratched a bit more from the bottom of the old barrel.
They tried, and it's just OK for them to do so.
But then, all checks and balances were outplaced: instead of letting FAA do their job, more and more parts where self-assessed by Boing itself (what could possible go wrong? duh!): "Good" for Boing, which could reach their goal date, and "good" for the overwhelmed FAA which was strongly pressured to do more with less.
As basically with any other accident, a lot of circumstances need to get aligned for the fatality but then, corporate greed and corporate greed alone put those planes much more near the tragedy line than they should.
* An old airframe design already squeezed.
* Pressure for passing approval at speed.
* Pressure for more and more processes to be pushed to Boing's side so they can reach their dates
* Business interest to offer the new MAX to be just like the old NG so there would be no re-training for pilots (not only cheaper, but also sooner and, you know, time is money)
* Moving posts for the approval process (0.6 to 2.5 degrees)
* ...and to top it all, the quite minor mistake among all this rush and changes, of forgetting that the final MCAS implementation would end up having full authority instead of just either 0.6 or even 2.5 degrees which in "standard" circumstances wouldn't fly past the first or maybe second reviewer.
So you ended up with a system categorized as non-critical (which it wast, by first draft), with (indirectly) full authority, and that was not even mentioned at least in the first batch of training manuals (because we made the new MAX to feel-fly exactly like the older NG for your convenience).
A magnificent example of the effects of modern capitalism in action.
Re: (Score:2)
The catch is that designing a new airframe leads to new, unknown failure modes. The 737 is a tried and true airframe that a wide array of mechanics and inspectors know intimately. It's failure modes are known and protocols are in place to deal with them.
Take the Airbus crash in New York many years ago. One of the problems that led to that was an under powered horizontal stabilizer that had been serviced improperly that gave way when it fell into the wake turbulence. (It's been said that aviation accident
Re: (Score:2)
There's a switch, and a warning when MCAS activates
But no pilot training. So "What's an MCAS?"
Re: (Score:2)
Re:wrestling with automatic systems (Score:5, Informative)
There's an auto-trim cut-out switch that shuts off MCAS. The pilots on the Lion Air flight kept on manually adjusting the trim (correctly diagnosing the problem as an auto-trim issue) but didn't cut off the auto-trim system. The penultimate flight crew on the same Lion Air jet also experienced the same problem, but disabled auto-trim and landed.
Re: (Score:3)
In the United States, a runaway trim problem would have immediately grounded the aircraft. The 2nd (doomed) crew would have never taken off in that aircraft.
Either the last crew failed to log it correctly or that country's failure laws are absolutely insane.
Re: (Score:3)
I don't think the reason for the 737's ground clearance is really passenger boarding (although that might have been nice). A major feature of the 737 is that it's low to the ground so you can more easily load and unload cargo, including baggage. Passengers hike up stairs no problem... their bags and other cargo doesn't.
Boeing has done a lot to keep that feature into the present day, including special engines with the bottom of the fairing flattened on the upgraded classic and NG 737s.
Re: (Score:3)
The 737 predates modern turbofan engines. The old turbojets were narrower and longer, which fit under the 737's wings.
https://airwaysmag.com/wp-cont... [airwaysmag.com]
https://www.preferente.com/wp-... [preferente.com]
They don't even look like the same aircraft, which is how Boeing can slip continuous changes to the 737 line in.
You what? (Score:4, Interesting)
> "Going against a long Boeing tradition of giving the pilot complete control of the aircraft, the MAX's new MCAS automatic flight control system was designed to act in the background, without pilot input"
Or notify them either, it seems. Or be disabled when it erroneously kicks in over 20 times causing unexpected dives. Fuck everything about this system. Even if they fix it I'm not flying on any aircraft that has this.
> "this extra kick downward of the nose would make the plane feel the same to a pilot as the older-model 737s"
And that's also ridiculous. Because of the change in the engine configuration it is an aircraft that handles differently. "Compensating" so the pilot doesn't know the difference causes confusion, something you don't need when in charge of a passenger jet. Do they make 747s feel like you're flying a TriStar? Of course not.
Re: (Score:3)
"And that's also ridiculous."
No, it isn't.
"Because of the change in the engine configuration it is an aircraft that handles differently."
No, it doesn't. That's exactly the point of MCAS.
""Compensating" so the pilot doesn't know the difference causes confusion"
No, it doesn't. The pilots were not confused about the flight envelope of their planes in the slightest.
"Do they make 747s feel like you're flying a TriStar?"
Was the intention when designing a TriStar that it should behave like a 747? Of course not.
Yo
Part of the problem ... (Score:2, Insightful)
Part of the problem is Boeing didn't want pilots to have to retrain and certify under a different type of aircraft.
So they've jiggled things around to make it look like it's just like any other 737, but it now has different flight characteristics.
So now Boeing has created a situation where they wanted this to
VERY defective safety analysis! (Score:5, Informative)
"1) Understated the power of the new flight control system, which was designed to swivel the horizontal tail to push the nose of the plane down to avert a stall. When the planes later entered service, MCAS was capable of moving the tail more than four times farther than was stated in the initial safety analysis document."
"2) Failed to account for how the system could reset itself each time a pilot responded, thereby missing the potential impact of the system repeatedly pushing the airplane's nose downward."
"3)
I think this is the most important story on Slashdot in a long time.
The article linked by Slashdot is the best, deepest story in a long time: Flawed analysis, failed oversight: How Boeing, FAA certified the suspect 737 MAX flight control system. [seattletimes.com]
Re:VERY defective safety analysis! (Score:4, Interesting)
What we see here is reflected somewhat in most major incident investigations through industry involving instrumented systems, the reliability of the equipment is not in question. Throughout the process industry some 80% of safety system failures were systematic. Poor design, poor maintenance, poor interaction, incorrect operation, etc. One in 100000 units failing is not what ultimately caused these planes to crash, it was a bunch of engineers who didn't think about how the system works in operation.
Did the FDA take over the FAA? (Score:2)
Re: (Score:2)
If these unfortunate events were to have happened on any aircraft not built by the USA, the media would be in a self congratulatory mode - touting how USA's "superior checks and balances" have been able to positively influence commercial flight with distinction for over a century.
This whole thing smells of corruption; usually relegated to "those other countries." I am not surprised that the USA was the last to ground these planes - corruption is why.
Re: (Score:2)
Re: (Score:3)
That's not *quite* true. The actual human testing is usually planned by independent academics, performed by independent groups (often a whole bunch of hospitals around the world) and often coordinated by an independent contract research organization. The analysis of that data may be done by the company, or might be done by another independent company. Either way, there's a good paper trail, and a whole bunch of people involved who are not paid by the company.
It's done that way because abuses have happened i
Stick pusher... (Score:4, Insightful)
Why not just use a stick pusher, like any other non-FBW aircraft with stall issues? Design it so it can be overridden with appropriate back force on the control wheels. Using trim for this is stupid, since with full down trim, you might not have enough elevator authority to recover quickly from a dive (i.e. even if the system is turned off, trim may have to be cranked back manually before the plane can recover).
This looks like criminal stupidity on the part of Boeing engineers.
Maybe I'm jumping to the wrong conclusion (Score:2)
"Going against a long Boeing tradition of giving the pilot complete control of the aircraft, the MAX's new MCAS automatic flight control system was designed to act in the background, without pilot input"
Often old and simpler is far better....
Re:Maybe I'm jumping to the wrong conclusion (Score:5, Interesting)
Often old and simpler is far better....
Right until you look at outcomes. You're speaking emotionally from a recent tragic incident. You're not speaking based on data. The airline (along with others such as the process and automotive) industries have had a long downward trend of safety incidents. One of the primary drivers of that has been taking control away from people. As a Boeing noses down to prevent a stall, a car somewhere in the world saves a drive thanks to forward crash avoidance. An operator who mistakenly lowers the level from a high pressure separator is greeted by flashing alarms on his screen and a valve slamming shut in the field to prevent an explosion.
Humans make mistakes, giving them full control is not the answer. It's always worth remembering why this system was built, and how in the past pilots have through their own failure demolished plenty of planes due to putting the aircraft into a stall.
Sidenote: The thing that is really missing here which goes against industry trends is a lack of inherently safer design. A more stable plane is preferable to a plane that is only stable when a certain control system is active.
Re:Maybe I'm jumping to the wrong conclusion (Score:4, Interesting)
You are. This crash merely shows yet again that a badly trained pilot - and many of them are - will crash the aircraft as soon as something unexpected happens. The cycle repeated for 21 bloody times yet the pilot kept fighting the aircraft instead of executing the correct procedure for a runaway stabiliser (essentily flicking two switches and manually cranking the stabiliser in the correct position).
Bad pilots are a fact of life, hence the only way to protect passengers from pilots is more automation, not less.
Re: (Score:3)
This crash merely shows yet again that a badly trained pilot - and many of them are - will crash the aircraft as soon as something unexpected happens.
Your post merely shows that you are an idiot. The pilots were properly trained, however the MCAS and means of disabling it are undocumented, and Boeing claimed that pilots did not need to be retrained for this version of the 737.
What about the ASI? (Score:4, Interesting)
Attitude is only one element of the aircraft's operation -- what about airspeed?
Surely if there was a large disparity between the aircraft's airspeed and its attitude (ie: it is accelerating beyond 500mph while the attitude sensor says it's in a steep climb) then the safety system ought to have recognized that there was a fault condition and triggered an alarm which would allow pilots to disable it with the simple flick of a switch.
Sadly, it seems that this system was never designed to be disabled -- because it was part of the FBW system used to modify the apparent flight characteristics of the new Max8 model so that it would fly like an earlier 737. This was done (so I understand) solely to make the plane more attractive to airlines that didn't want the extra expense of having to get their pilots "rated" for a new aircraft type.
When it comes to the mighty dollar versus safety -- you *know* which one wins :-(
Meanwhile, some people are still saying "it's only a matter of time before a drone brings down an airliner". I wish they'd shut up and focus on the *real* risks that are *actually* claiming hundreds of lives in the aviation industry.
One in 100,000 WHAT? (Score:2)
He said virtually all equipment on any commercial airplane, including the various sensors, is reliable enough to meet the "major failure" requirement, which is that the probability of a failure must be less than one in 100,000.
One in a hundred thousand WHAT?
Flights? As of 2014 there's a bit over 100,000 flights per DAY! With a rule like that there should be on the average somewhat over one "major failure" per day per system of that classification level, which allows a single point of failure to exist.
Re: (Score:2)
There are only 378 total 737 Max 8 airframes built. They are not flying them 100,000 times a day.
I'm not talking about the number of 737 Max 8s. Nor am I talking about just this system.
I'm talking about the number of flights of all aircraft containing one or more systems designed and approved according to that rule, times the number of such systems (averaged, weighted by number of flights) per plane.
Failure Detection (Score:2)
How the hell does a critical sensor on an aircraft fail without the system knowing about it? My freaking car told me yesterday that the microphone in the entertainment unit had developed a fault...
737 is EOL (Score:2)
Too many patches to keep building newer technology airplanes that handle like the old ones. Just to save money on certification and pilot training. Stop already. Just design a new airplane.
Dept of Transport - OIG Report (Score:5, Informative)
You can read the report directly here [dot.gov].
This report, published in June 2011, documents in stark detail that the approach taken by the FAA - to significantly scale back oversight of aircraft manufacturers - represented significant risk, even if that activity were performed adequately.
In more detail, the report explains how the FAA took the decision to delegate responsibility for the hiring of individuals to serve as "FAA engineers" - essentially the supposedly independent inspectors who are intended to be able to objectively assess the effectiveness of the design and modification procedures conducted by the company that hired them.
If that wasn't bad enough, the report goes on to say that once the FAA had conducted initial inspections [the document quotes a 2 year time window of monitoring] it then stepped back from even an oversight role. In other words, there was no way that the FAA could have had any confidence that the modifications introduced with the 737 MAX aircraft were actually functional as claimed.
If you read around this news story in search of more details, you might find a couple of other relevant pieces of information. Staggering pieces of information...
One is that Boeing's design/development process broke down, so that when the "final" aircraft was reviewed / safety inspected by their in-house "FAA engineer", all the presented paperwork showed that the force imparted on the contol column by MCAS was set at relatively low, original design levels. In truth the design had changed, to the extent that one of the pilots in Lion Air flight incident had been attempting to fight the controls with over 100lbs of force - and had failed to overcome the aircraft's systems.
Another is that the sensor input to the MCAS system that turned out to be closely related to the problem may have been basing decisions on a single, faulty attitude sensor.
Whatever the causes of the two recent failures in terms of the operational characteristics of the two aircraft involved, I think the 2011 Inspector General's report clearly shows that both of these events were clearly avoidable and could have been prevented had the FAA leadership performed their duties responsibly.
Re: (Score:3)
The inspector made a visit to look at these
Test Engineers -- throw off your chains ! (Score:3)
I love software testing, but I quit and moved on cause the field just doesn't get the respect/resources is needs.
Developers and managers are always trying to "reign in" the testing staff and make them stick to a stupid script --
written by the same developers that made the mistakes in the first place.
My most important bug discoveries were almost always the result of informal testing, or thinking about the test script
and "trying something" that wasn't on the script. Overnight "random monkey testing" with the automated test harness was
very effective at finding real world problems -- but invariably got a rebuke from some manager, "Why were you doing that?"
This sounds a lot like that, but with the added bureaucracy of Aerospace+gov't.
The development process then adapts to minimize bureaucracy, instead of maximizing safety.
So as I see it, one of two things happened:
1. There was a test engineer somewhere who thought about these failure modes before the first crash. He was ignored and didn't have the power to escalate the issue.
2. The tests were stupid and were run by stupid people.
There were enough red flags -- I think it was #1.
Test Engineers -- throw off your chains !
The safety of the world depends on you.
I used to do certification - backwards (Score:3)
Critical systems don't allow free() so all non-stack memory will be in static locations. Someone was able to write a program to analyse the executable images to determine if this particular cache miss would ever happen. Turned out that no production systems were affected. The scary part though is change the length of a single text string could trigger this problem.
"one in 100,000" WHAT! (Score:3)
One in 100,000 what? Seconds, minutes, hours, lifetimes?
It is stupid to make something that can kill people rely on a single input sensor. I programmed experimental tests in nuclear reactors and we always had multiple inputs (thermocouples, flow sensors, etc.) and had sanity checks on the values to identify failed equipment.
Seems like Boeing's software could have taken more things into consideration than just the angle of attack? What about speed, altitude, rate of climb/descent, etc.
Re: (Score:2)
After accidentally confirming that the Backspace bug still exists on Slashdot and that it can destroy your draft without a trace...
What are you on about? Do you mean that you're fat-fingering the touchpad, losing text focus, hitting backspace, and going back to the prior page? In that case, you should be using both the classic view of Slashdot, and a browser that preserves form contents on back/forward. Firefox, Pale Moon... I opened this reply window in a new tab, so I can't go back. But if I could, if I went forward again, my form contents would still be there. Maybe non-classic view uses DOM to rewrite the form contents, which would
The ancient Backspace bug (Score:2)
I'm not sure about parts of your description, but I am pretty sure that it involves the focus getting outside of the input window. Nothing to do with either keypad (though I suspect the mouse), and I am using Firefox. The first thing I do when it happens is to attempt to return forward, but no can do. Pretty sure I'm using the classic view of Slashdot, but not sure how to check that.
Are you perhaps suggesting that I can recover the lost draft by some other method? For example, I haven't tried playing with t
Re: (Score:2)
Pretty sure I'm using the classic view of Slashdot, but not sure how to check that.
Slashdot options popup, layout tab, check "Simple Design" (I also have Lowbandwidth on.)
The first thing I do when it happens is to attempt to return forward, but no can do.
It should work if you are using classic, although it's possible you also need to disable some scripts. I am permitting slashdot.org, fsdn.com, cloudfront, and licdn.com, and blocking everything else.
Re:How can the Trumpists blame Obama for this? (Score:5, Interesting)
You could blame it on the Obama administration or the Trump administration, but it goes back [faa.gov] a long time.
The Federal Aviation Act of 1958 was the original statute allowing FAA to delegate activities, as the agency thinks necessary, to approved private people employed by aircraft manufacturers. Although paid by the manufacturers, these designees act as surrogates for FAA in examining aircraft designs, production quality, and airworthiness. The FAA is responsible for overseeing the designees' work and determining whether the designs meet FAA requirements for safety.