Boeing Delays 737 Max Software Fix (arstechnica.com) 146
Boeing's promised software fix for its 737 Max planes involved in two deadly crashes since October has been pushed back several weeks after an internal review by engineers not connected to the aircraft raised additional safety questions. "The results of the 'non-advocate' review have not been revealed, but the Federal Aviation Administration confirmed on April 1 that the software needed additional work," reports Ars Technica. From the report: "The FAA expects to receive Boeing's final package of its software enhancement over the coming weeks for FAA approval," an FAA spokesperson said in a statement. "Time is needed for additional work by Boeing as the result of an ongoing review of the 737 MAX Flight Control System to ensure that Boeing has identified and appropriately addressed all pertinent issues." Just how far back the delivery of the MCAS patch has been pushed is uncertain. The New York Times reports that the update's schedule has been pushed back "several weeks." And after its delivery, an FAA spokesperson said, "the FAA will subject Boeing's completed submission to a rigorous safety review. The FAA will not approve the software for installation until the agency is satisfied with the submission."
This means it could be months before grounded Boeing 737 MAX aircraft are once again deemed airworthy. And that means more flight cancellations for airlines that have the aircraft in their inventory. Southwest Airlines, Boeing's largest 737 MAX customer, canceled all of its flights dependent on its 34 737 MAX aircraft through April 20 so far -- about 150 flights per day. And Boeing's delivery of new 737 MAX aircraft -- the company's best-seller -- has been indefinitely delayed.
This means it could be months before grounded Boeing 737 MAX aircraft are once again deemed airworthy. And that means more flight cancellations for airlines that have the aircraft in their inventory. Southwest Airlines, Boeing's largest 737 MAX customer, canceled all of its flights dependent on its 34 737 MAX aircraft through April 20 so far -- about 150 flights per day. And Boeing's delivery of new 737 MAX aircraft -- the company's best-seller -- has been indefinitely delayed.
Re: (Score:1)
Re: (Score:2)
It's pretty much a given Boeing will to lose this one big, and pay big. But that cost will be small compared to the customer defections, which have already started. [cnbc.com]
It's beyond me why anybody would think it's a good idea buy an obsolete deathtrap 737 in the first place.
Re: (Score:2)
Indeed. Not how anybody sane designs systems that can kill lots of people in accidents. The whole thing was completely botched, and the motivations was plain old-fashioned greed and arrogance.
Comment removed (Score:4, Informative)
Re: (Score:2)
"He knew and understood this flaw"
That pilot did not know and understand the flaw. He knew that if you worked through the trim excursion checklist you eventually hit something that resolved the symptom.
Re: (Score:2)
That pilot did not know and understand the flaw. He knew that if you worked through the trim excursion checklist you eventually hit something that resolved the symptom.
EVERY pilot is supposed to understand that if you are experiencing a runaway stabilizer that disabling the electric trim system is how you stop it. That's part of their training. It's part of the training beginning with the first contact with an autopilot that has an electric trim system. It's part of the recurring training in the simulators as ATP-level pilots go through their corporate check rides. Before I was ever let loose in an airplane with such an autopilot the CFI made me show him every one of the
Re: (Score:2)
EVERY pilot is supposed to understand that if you are experiencing a runaway stabilizer that disabling the electric trim system is how you stop it.
Fuck off. The trim should not have run away, on top of the whole sad fiasco starting with the stubby landing gear. Boeing put the flight crew in a position where they needed to solve a puzzle in one minute or die in a huge fireball. They didn't figure out for whatever reason and hundreds died. Boeing did that.
Listen, just fuck off asshole. Boeing will pay, but it won't bring those people back to life.
Re: (Score:2)
Fuck off. The trim should not have run away,
Thank you for your kind words. Of course the system should not have failed. But, being a physical device, designed by humans, built by humans, systems CAN fail. And knowing that the system CAN fail, the designers put in a method of disabling the effects of the failure. Screaming that the system should not have failed is simply childish and immature, like the rest of your language demonstrates.
If the stabilizer trim runs away and there is no way to stop it, then yes, there is a problem with the design and o
Re: (Score:3)
Yes, the AOA sensor was not repaired properly on the Lion Air plane, it was put back into service, and the plane crashed. Unlike the Ethiopian airlines plane, the pilots were not aware of the MCAS system.
The jump seat pilot properly identified a runaway stabilizer condition (caused by MC
Re: (Score:1)
Forget about this. EU will definitely revenge for WV dieselgate, but everything else will stay where it is now.
Look at Intel's Meltdown and Spectrum processors vulnerabilities, all exciting processors produced since 2005 are basically must replaced as soon as possible. Do you see anybody to sue Intel? The answer is "no", so it is the same for Boeing.
I am more amazed by the fact that shitty social media companies like Snap-chat manage to make IPOs for 30Bln when Boeing capitalization is just 150 Bln. Is it
Re: (Score:2)
Forget about this. EU will definitely revenge for WV dieselgate, but everything else will stay where it is now.
Look at Intel's Meltdown and Spectrum processors vulnerabilities, all exciting processors produced since 2005 are basically must replaced as soon as possible. Do you see anybody to sue Intel? The answer is "no", so it is the same for Boeing
Wait, what does West Virginia have to do with Diesel? I thought that was Coal Country and they were just waiting for Trump to bring back steam locomotives to make rail great again?
Re: (Score:2)
The CEO should step down. On top of the crashes, the pay-for-safety thing is squarely on him: he either signs the final order, or if somebody else did it under his nose, he's incompetent for not watching the ship.
On a different note, what would happen if the Max is grounded for several months or years? Are there enough other planes to cover the load, or will rates go way up?
Re: (Score:2)
And all 737s should be junked. Short ones are ancient and long ones are deathtraps.
Re: (Score:2)
and we are all waiting for autonomous vehicles (Score:1)
right... and some idiots are out there panting over how much we need to ban driver controlled vehicles and we must move to AI/Autonomous vehicles ASAP!!!! This right here is why we shouldn't /sensor issue was worked out/tested and approved before the Dept of _____________ signed off on it. horse hockey.. no thank you.
can you imagine if your car was "grounded" for months while a safety computer control
Re: (Score:2)
right... and some idiots are out there panting over how much we need to ban driver controlled vehicles and we must move to AI/Autonomous vehicles ASAP!!!! This right here is why we shouldn't can you imagine if your car was "grounded" for months while a safety computer control /sensor issue was worked out/tested and approved before the Dept of _____________ signed off on it. horse hockey.. no thank you.
If something goes wrong with autopilot in a plane, very bad things happen. If autopilot goes wrong on a car, not so bad things are probable. You can walk away from most car crashes. These glitches illustrate why we need the capability to override autopilot.
Re: (Score:2)
If something goes wrong with autopilot in a plane, very bad things happen.
Yeah, really bad -- the pilot has to disable the autopilot and fly by hand.
If autopilot goes wrong on a car, not so bad things are probable.
Yeah, the driver disables autopilot ... oh, wait, there is no "driver" and no controls for him to take over when autopilot is disabled.
When an aircraft autopilot goes bad, the pilot, who has been trained and demonstrated the ability to deal with the emergency, has a reasonable amount of time to take control. When a car goes batty, it may first demonstrate the failure by running a pedestrian over. But that's ok because the occupant
So they messed it up again (Score:5, Insightful)
If internal reviewers are brave enough to point out flaws with this huge amount of pressure, it must be a really bad mess. Or they actually have some engineers left that found a backbone and are unwilling to be responsible for hundreds of people killed, no matter what management wants.
Settings (Score:2, Funny)
MAX hidden settings [imgur.com]
Re: (Score:3, Funny)
Clippy: "It looks like you're trying to fly an aircraft..."
Re: (Score:2)
Re: (Score:1)
Aerospace operates entirely on the Peter Principle [investopedia.com] these days. Everyone that could find other jobs in a hot job market have left.
Good Aerospace engineers that lead the R&D went to Automotive for the upcoming ISO26262 certification and ADAS. All that's left is a skeleton of the old American companies that are coasting on decades old engineering with more money spent on marketing. (See also IBM, Oracle).
Tres Fucked. (Score:5, Insightful)
As someone that has worked in both functional safety and off-highway vehicles.
How the fuck did this ever make it into production. Why is a 'second sensor' an upsell?
When given the option to completely update the cockpit to the latest and greatest with digital displays.
They chose to replicate the old mechanical dials so the pilots couldn't be retrained.
The entire thing from start to finish was rushed. Mechanical design comes first. There is no 'try and develop software in parallel'. A clean software design depends on a good mechanical design.
The plane should have been a white board redesign, it should have been balanced such that a pilot could fly it stable with no avionics. This isn't a jet fighter.
But it was rushed because Europe invested in R&D and beat them to economy routes. How much money did Boeing C-suites make before 2011? During the 2009 crash there was a hiring spree by some companies because the market was flooded with cheap, good engineers that just got laid off. Companies invested in talent. Did Boeing?
People died because... Boeing sat on R&D from post WWII while making a ton of money so when Airbus released a good plane they scrambled to retrofit an old design by putting huge engines on an airframe causing it to pitch up but to appease its clients it added software to mimic the old plane behavior and tested it themselves and told the FAA they promise they did it right.
More or less.
Re: (Score:1)
People have gotten smart since DO-178B was first implemented. They're following the letter of the laws but not the spirit.
So you break 'don't kill people' into 50 different requirements. All of them technically are met. No one of them directly contributed to the death of anyone. So no one engineer directly caused this. All of the software requirements were met.
Plus you have all of the requirements interfacing with their suppliers. Did GE fudge the numbers on how parts of the engine would perform to get the
Re: (Score:2)
Not sure if I should lob my senator questions like:
Re: (Score:2)
How many subcontractors did this project get spread out across? I know you have small companies like Performance Software [psware.com] do the actual work.
One of the world’s top systems suppliers was building a next-generation computing platform for Boeing’s commercial aircraft. Its initial attempt to repurpose an existing military platform for commercial use presented a number of unforeseen challenges. Fatal bottlenecks formed since the three target hardware sets available were not enough to support the large team of 47 developers necessary for testing at the required rate. This created much more work than was originally anticipated against a razor-thin timeline. Having worked with Performance Software on previous programs, the supplier knew this was a partner who was well-versed in safety-critical software and able to consistently deliver on time.
How much did those 'shortcuts' play in to deaths? Was there a UI team? Is this a case of some small design decision not to show something?
Re:Tres Fucked. (Score:5, Insightful)
Hey, you make a lot of great points and I agree. Just please everyone stop blaming engineers. I take it you're not one? We engineers do not make the decisions- managers do. Please study the Challenger disaster. Engineers said "do not launch" but the managers overrode them and launched. After 7 astronauts died, the managers pandered to public and govt. scrutiny and listened to engineers somewhat for a while. But the cycle repeats, and then we had Colombia.
We engineers are usually told what to do- we figure out how to implement someone else's ideas, under manager's rule. Often we come up with better ideas, or how and why something won't work or is dangerous, and we're told to shut up, don't make trouble, just do our jobs. That's why so many new companies are started by engineers who want to be in charge but the corporate authority structure disallows it.
The real problem, as most people point out, or at least ultimately understand, is greed.
BTW, my personal biggest gripe with most of technology today is excessive automation. Like Windows 10 auto updating, wizards, on and on, things you can't control. The machine is built by humans to serve humans. We should always be in control. We should always be able to override the machine instantly.
I'm not a pilot (a couple of hours of FAA flight log lessons) but from what I've read by actual pilots here and other blogs and forums, the flight dynamics that the MCAS compensates for are pretty minimal. Like if you increase engine thrust, the plane starts to climb. ANY pilot will see the vertical speed increase, artificial horizon move, and compensate manually (push on yoke, adjust elevator trim).
Part of the problem, IMHO, is that MCAS is more than a "trim" / compensation. It was trying to prevent stall, and generating HUGE elevator inputs, AND, that the pilots were not able to override. MCAS should only make fine trims, and only in response to pilot's input. Other systems should handle anti-stall. And all of them need to be very clearly controllable (big OFF switch label).
Finally, and most importantly, IMHO NO system should EVER override the pilot, especially not repeatedly. And AFAIK, autopilots will disengage when the pilot takes control. Of course that caused some crashes where the pilot did not notice the autopilot had disengaged, so I could advocate a system that prevents a plane from descending when there's no pilot input. IE., if there's been no pilot input, we're sinking and could be getting dangerously close to the ground, the system would take over and prevent the crash. There are altitude and stall warning systems, but maybe something happened to cause the humans to become unconscious, so with no human input, an automatic system would kick in. But no system should continually override the human.
Re: (Score:2)
We engineers do not make the decisions- managers do.
I typically will chime in and defend our profession a lot. But don't take this to the extremes. There are some *fucking stupid* engineers out there and the only fault management can be given in some cases is to not understand enough to fire people. However in this case I generally agree with you. On a system like this there should be enough eyes to discount incompetence as a cause of failure.
IMHO NO system should EVER override the pilot
Your opinion is noted and dully ignored. The airline and process industries have achieved their great and ever improv
Re: (Score:2)
You again. Apparently you do understand that it was not the autopilot that dove the plane into the ground, and that is just the beginning of your display of ignorance. Just shut up.
Re: (Score:2)
You again. Apparently you do understand that it was not the autopilot that dove the plane into the ground, and that is just the beginning of your display of ignorance. Just shut up.
I honestly thought all you do is troll but at this point I see you actually struggle in an epic battle with the english language. That or you're actually schizophrenic (oops I used a big word, let me help you: you are delusional and and hear voices in your heard). Maybe read the thread and keep your completely irrelevant and off topic garbage to yourself.
Re: (Score:2)
You wrote: "your opinion is noted and dully ignored." That is all anybody needs to know about you, fucking asshole.
Re: (Score:2)
You wrote: "your opinion is noted and dully ignored." That is all anybody needs to know about you, fucking asshole.
Indeed. It's worth ignoring negative opinions about the state of automation in an industry where safety advances have been made through automation by someone who in their post proclaimed they aren't in the industry.
I understood your need to defend your favouite graphics card company despite the fact that they have precisely the same number of products in the top 15 market share as my cat does, but now you're defending opinions by 3rd parties in doing so showing that you didn't even understand the post, and
Re: (Score:2)
I mean no disrespect nor disparagement, just to be clear. Being quite intelligent, I've already thought through all of what you wrote and I 1/2 agree. Basically it's a complex philosophical argument. At the end of the day, if I was a high-level judge / decision-maker, my decision would be to allow humans to override the machines. Machines can break. A broken machine should never kill a human. I know humans are fallible and I believe in machines cross-checking, and planes already have stall warning sys
Re: (Score:2)
my decision would be to allow humans to override the machines. Machines can break
Indeed. There's a hierarchy here. But the philosophical argument that (x) known to break in weird and uncharacterisable ways should override (y) because we have characterised the way (y) breaks despite the fact that given proper engineering (y) is far more reliable doesn't make sense.
Philosophically there is of course sense in what you say. The human should be in "control". However we rely on the machine to keep the human "safe". This is fundamental to all safety systems which primarily exist to take away c
Re: (Score:2)
We engineers are usually told what to do- we figure out how to implement someone else's ideas, under manager's rule. Often we come up with better ideas, or how and why something won't work or is dangerous, and we're told to shut up, don't make trouble, just do our jobs.
This just reminds me of some guys I knew that used to work as video game testers. They would report tons and tons of bugs and repeatedly bring up bugs that hadn't been addressed, and were basically told these bugs weren't important because they just wanted the game to launch on time and not waste more hours on fixing little unimportant issues.... Then a game would come out and a big outcry would happen over some bugs.... Management would go to the team leads and such with: "WHY DIDN'T YOU REPORT THESE BU
Re: (Score:2)
One company I worked for about 20 years ago was fairly well known, almost household name. I was brand new, working in test engineering. One product, the bread_and_butter, was 24/7 very high volume production electronic circuit. The automated testers were failing left and right, stopping production. I was trying to improve them but I was being constantly interrupted. I couldn't even get the previous guy's code to compile, supposedly doing exactly what he had done. I tried to suggest how we could build
Re: (Score:2)
You know that Simulink can link to software requirements.
https://www.mathworks.com/solu... [mathworks.com]
Requirements tracking with code gen is trivial. You can trace everything both ways.
Re: (Score:2)
It is much worse than people think. The approval process was blatantly corrupted to maximise profits. Short cuts were taken in engineering to maximise profits. Incidents has occurred prior to the two crashes, were reported and covered over to maximise profits. The first crash occurred, they knew the cause right from the get go and covered it up to maximise profits. The second crash occurred and they still tried to covered it up to maximise profits. The FAA pretty much knew exactly what was going on and corr
Re: (Score:2)
NOW COME THE LOSSES and guess who is destined to go belly up, well at least play capitalism bankruptcy, to shift the losses from their executives and investors to the general public, socialise them losses, in order to maximise profits. Lie, cheat and steal, it's the American deal. Probably cheaper for Boeing to buy Southwest Airlines, rather that cover the losses of 150 missing flights for 90 days or more.
Uh-oh, are we (US) headed for another "too big to fail" huge bailout scenario?
Even if Boeing did fail and the rats scattered, other manufacturers would have to ramp-up, and would of course hire all the Boeing rats.
More seriously, I hope there is a big investigation, criminal charges, and none of the criminals ever allowed to work in aviation or anything else critical.
Re: (Score:2)
Ugh. Okay, you've stumped me. Well, there are several smaller plane manufacturers, and military big plane manufacturers, so maybe they'd step up. Lockheed-Martin, Canadian Bombardier, certainly could.
Any of these could ramp up (ramp-up being the key phrase). https://www.internationalbusinessguide.org/10-coolest-small-business-jets-in-the-world/ [internatio...sguide.org]
Re: (Score:2)
How the fuck did this ever make it into production. Why is a 'second sensor' an upsell?
I think it's just the Disagree indicator (and Angle of Attack indicator) that are the add-ons, the second second comes standard, but only one is used for a time, and the pilot is expected to understand when MCAS was acting inappropriately. Turns out that determination (and resolution by turning it off) was not as clear as Boeing thought it was.
Though I'd also question why the airlines decided to save a few bucks by not buying it -- I bought the $3000 automated emergency braking upgrade for my car (which pro
Pilot could not just pull back the stick (Score:2)
In any normal flying, the trim is just a help. So even if this system trims badly, it should just annoy the pilot that has to countermand it. But apparently that was not possible, and that seems to be the real design issue. Nothing to do with sensors.
It would be like having automatic lane sensors in a car. If they go wrong the driver should be able to just grab the wheel and override them. The driver should NOT have to read some checklist in the manual to figure out which buttons to press to disable th
Re: (Score:2)
Sounds like you're a pilot, which is awesome, and I absolutely agree with your post.
I have a big problem with the word "trim". To me, and many standard definitions, "trim" means fine tuning, minor adjustment. I suppose in aviation, "trim" becomes the thing that normalizes flight surfaces to achieve level flight with no yoke pressure, in all conditions. So continuing in that context, trim could become a big thing if big compensation is necessary. (needs more thought...)
Stated a better way, one of my many
Re: (Score:2)
Actually, Boeing needs to design a better airframe that isn't to prone to stall, and go through the type certification like they should have done in the first place. Hundreds of people died simply because Boeing played games to avoid type certification.
Re: (Score:2)
Actually, Boeing needs to design a better airframe that isn't to prone to stall...
I know about the MAX without MCAS handling differently enough to require retraining, but are you sure about the "prone to stall"?? I've seen that written in comments here and elsewhere, but not from strong sources. Any plane can be prone to stall. I've heard from solid sources that all jets can nose-up a bit on thrust increase, and the 737 MAX does it more, but any pilot (certainly autopilot) should know this and would see it and compensate. Vertical speed and artificial horizon would alert a pilot. Al
Re: (Score:2)
are you sure about the "prone to stall"
Yes, I am sure about prone to stall. The issue with the 737 Max is that the engine cowling generates lift, which would not be a serious problem if the engine was mounted directly below the center of lift of the wing as with classic 737, but is a big problem with the 737 Max, where it has a large offset from the center of lift, therefore generates a large pitch up torque in a high angle of attack situation such as takeoff. When the wing stalls the engine cowling does not stall (because it is a much less effi
Re: (Score:2)
Yes, I've been reading about this for 2 weeks and I fully get it. I've flown a bit so I understand maybe a bit more than the average person who has never piloted an airplane.
From what I've been reading here and other sources, from actual commercial pilots, is that every plane has its own specific handling characteristics. Under-wing engines always create rotation force, and the MAX has even more. The point being, yes, we want pilots that are trained on and used to a particular aircraft, but any pilot shou
Re: (Score:2)
Some skill, some training, some luck, and 300 people would be alive now. But that does not change the fact that Boeing sold a deathtrap junkheap of a plane that requires special skill, special training, and special luck, or it will dive straight into the ground and blow up in a huge fireball, killing everybody.
Re: (Score:2)
But apparently that was not possible,
Of course it was possible. Pull up. Countermand, check. Then readjust trim, check. Then DISABLE ELECTRIC TRIM -- not check. That's what the emergency procedure for a runaway stabilizer says. (It also includes "disable autopilot if engaged", but it wasn't, so that step is moot.)
The driver should NOT have to read some checklist in the manual to figure out which buttons to press to disable the system all while the car is heading towards a tree.
Some checklists are immediate action, and are supposed to be automatic. If the electric trim is running away, disable the electric trim. You don't need a checklist to figure that out. And THEN the PNF pulls out the book and goes throu
Re: (Score:2)
The point is that they should not need to disable anything. Just haul on the stick to override it.
According to everything I've read, they can just pull back. It just gets tiring to have to pull back all the time, so it's good to be able to retrim and then turn off the electric trim.
Re: (Score:2)
The real design issue is that the airframe was stretched past its limits until it became unsound.
Re: (Score:2)
I think it's just the Disagree indicator (and Angle of Attack indicator) that are the add-ons, the second second comes standard, but only one is used for a time, and the pilot is expected to understand when MCAS was acting inappropriately. Turns out that determination (and resolution by turning it off) was not as clear as Boeing thought it was.
I'd love to know if they gave it any thought. I think they were just gung-ho with their kewl brilliant stealth MCAS system.
Though I'd also question why the airlines decided to save a few bucks by not buying it -- I bought the $3000 automated emergency braking upgrade for my car (which probably shoud have cost less than $500 if it wasn't bundled with other stuff I didn't need or want), so why didn't airlines pay the $80K for the extra indicators on a $100M airplane?
I don't know the price, but someone somewhere in the news said it was $5K.
Somewhere else I read (hopefully good info) that there are 2 MCAS systems- one for pilot, one for co-pilot, and each one only uses the AoA sensor on that side of the aircraft. That normally the 2 don't "talk" to each other, so the optional upgrade involved probably some simple code in some system that could comp
Re: (Score:2)
Pilots trained directly to civil aviation are not trained to track AoA by itself AFAIK. It's not that useful of information in an airliner, compared to things like airspeed. That is the realm almost uniquely reserved for fighter pilots who often train to fly at very rapidly changing AoA and with very high AoA limits that they need to manage not to lose too much energy and not to lose control of the aircraft. So it's an option for airlines that employ a lot of former fighter pilots and pretty much no one els
Re: (Score:2)
The plane should have been a white board redesign, it should have been balanced such that a pilot could fly it stable with no avionics. This isn't a jet fighter.
It is nothing short of incredible that an unstable airframe is even allowed to be put into passenger service. This is a good thing in fighter jets, a great way to have deathly accidents in a passenger jet.
What is more, the fighter jet is designed from the ground up to be unstable. The software is designed to work with that instability.
This is a case of software attempting to work around a plane that is by it's very design, a deathtrap.
Re: (Score:2)
indeed it is but the only difference is the formatting of the word "fuck" --> lol
this is not the say I dislike the comment, it is a great comment and continues to be applicable; keep on posting it as opportunities arise
Re: (Score:3)
The second sensor is not an option; it is standard. The option is an indicator that the two sensors do not agree. (I am told this is optional to maximize commonality between the previous generation and the MAX. The asinine decision is that this system has too much authority to rely on a single sensor; the system was deemed non flight critical.
For legacy reasons, the aircraft is designed with fallback to manual as the default logic. This means that the sensors and flight commputers essentially mirror a sing
Re: (Score:2)
For legacy reasons, the aircraft is designed with fallback to manual as the default logic.
The problem is, the aircraft does not fall back to manual. In fact, this evil control system is only active when the plane is under so-called manual control. But it isn't actually under manual control, it's under control of a computer seemingly designed to kill entire planeloads of passengers, and that is exactly what it did. Twice.
Re: (Score:2)
Keep in mind, changing the instruments in a cockpit will take years to get approved by the authorities.
Re: (Score:3)
I thing the smoking gun, is the MCAS initially only had 1degreeish of trim authority, and the risk assessment that was done on that, but then it was later changed to 7ish degrees which was enough to overcome pilots elevator control but without doing the risk assessment again
Re: (Score:2)
Hurray for DO-178C, I want to see the high and low level requirements. That '7' vs '1' is probably sitting in a header file somewhere with a commit tied to a specific requirement put in by an engineer that is probably sweating or lawyering up.
Re: (Score:2)
AoA sensor thing is actually normal. Pretty much the only ones who pay any attention to those are the military trained pilots, who are trained to fly in a very different way from civilian pilots. So the "conflict between two AoA sensors" is an option for the airlines that utilize military pilots. And those that don't will not take it, because there's no point, as civilian training employs different scan methodologies for tracking aircraft's status.
The "retain as much as possible of the old aircraft" is the
Re: (Score:2)
The fuck up here is miniscule.
I don't know where you got that from. There was a massive chain of fuckups, all of them major, and any one of them enough to kill people.
Re: (Score:2)
And it requires the use of three fricking sensors. One sensor, it goes wrong and your stuffed. Two sensors and one goes wrong, your still stuffed because you don't know which one has gone wrong. Three sensors and the one fails the other two can vote it down.
No amount of software fixes are going to overcome the fact that Boeing cheaped out and only fitted the device with two sensors.
Sure they can have the software detect that the two sensors disagree and disengage the MCAS, but that leaves you with a plane t
Re: (Score:2)
Three sensors and the one fails the other two can vote it down.
And there are recorded cases where the sensor voted down was the only one functioning. Better go on to design a system that isn't prone to killing people because sensors failed, no matter what combination.
Re: (Score:2)
Re: (Score:2)
How the fuck did this ever make it into production.
On many levels. The airframe is just a disaster. The landing gear is so stubby it risks a tail strike on every landing, and the wrongly placed engines make it dynamically unstable in near stall. Then there are the obsolete hydraulics and controls and basically the whole plane is a museum piece. Let it go. Just let it die.
Who writes down the loss? (Score:4, Interesting)
Re: (Score:2)
An alternative PoV is that if the system was runnable with X fewer aircraft they'd have bought X fewer aircraft in the first place.
These things are expensive. You don't buy them to have them sitting idle just in case.
Fix, or papering over a major design flaw? (Score:2)
From what I understand, the planned change involves adding one more trim sensor and leaving the pilot to notice a "disagreement" light in the middle of trying to keep a flying bucking bronco stable. It's almost like they're ASKING for another major crash.
Re: (Score:2)
Asking pilots on Reddit in various sub reddits, it does pitch up a bit at higher AoA, but it just means you have to adjust the yolk a bit.
The car analogy is different feels for clutches. It's not too unstable. They should have just eaten the cost to retrain pilots. That is where the most compromises were made.
Re: (Score:3)
There's more to it than that. Under the fixed software, if there is a disagreement between the sensors, the MCAS will no longer activate. Also I believe they said something about detecting a pilot override inputs and shutting down MCAS also.
Re: (Score:1)
...which will cause an accident someday when the plane is banking hard and the MCAS turns off suddenly and now the pilots can't apply enough physical pressure to keep the nose down and don't realize quickly enough they have to seriously retrim the aircraft by hand - and they'll stall out.
But this should occur less often than pilots failing to notice that MCAS is broken because one sensor is reporting bad data not long after takeoff.
( MCAS is there so pilots don't have to keep constant continuous forward nos
Re: (Score:2)
Re: (Score:2)
The proposed patch was supposed to detect disagreement between the two AOA sensors and if found, turn on the disagree light and disengage MCAS.
It absolutely should have been doing that from the first plane off the assembly line as a standard feature.
Re: (Score:2)
leaving the pilot to notice a "disagreement" light in the middle of trying to keep a flying bucking bronco stable.
It is this kind of repeated, ignorant hyperbole that makes this discussion to frustrating. The aircraft is not "a flying bucking bronco". The failure resulted in a nose-down trim condition. The solution to a nose-down trim condition is to pull back on the yoke. That stopped MCAS and corrected the flight attitude. At that point, disabling the electric trim system is the documented action to stop the problem.
The only reason the aircraft would be a "bucking bronco" is if the pilot, who has already demonstrat
Clippy to the rescue (Score:1)
They added Clippy: "It looks like you are battling an aggressive autopilot. Would you like some help?"
An old lightbulb joke (Score:2)
How many hardware engineers does it take to change a light bulb?
None - we'll fix it in software.
How many software engineers does it take to change a light bulb?
None - we'll document a workaround.
How many tech writers does it take to change a light bulb?
None - the user can figure it out.
So in this case we have:
How many hardware engineers does it take to not crash an airplane with a faulty sensor?
None - we'll detect and avoid it in software.
How many software engineers does it take to not crash an airplane wit
Ask Alan Turing (Score:3)
The reason aircraft software should always be able to be overriden by the pilot is that software can never be proven to work as specified.
In computability theory, the halting problem is the problem of determining, from a description of an arbitrary computer program and an input, whether the program will finish running (i.e., halt) or continue to run forever.
Alan Turing proved in 1936 that a general algorithm to solve the halting problem for all possible program-input pairs cannot exist.
Re: (Score:2)
The reason aircraft software should always be able to be overriden by the pilot is that software can never be proven to work as specified.
So the answer is to hand control to people who have repeatedly over the past 100 years shown to make stupid decisions against the advice of software and cause planes to drop out of the sky?
You're applying computational theory without actually considering the single most important factor: The probably of failure at any given time. And that my friend, for a well designed system (which this is not), is several orders of magnitude better than any human could achieve. This is the reason we have safety systems in
This release cycle made me distrust boeing (Score:2)
Re:Propaganda is Working (Score:4, Insightful)
Re: (Score:2)
Agree, what a screw up it is, just today I read about the latest accident, that MCAS was engaged several times just before the crash even after it had been deactivated.
Always fond of Boeing, fully aware that nobody's perfect (Airbus also had their issues with overriding pilots decisions - yet not on such a scale), honestly have to say that this crack in their reputation cannot be easily repaired.
Finally about the way it was handled: FAA let Boeing engineers verify their own work, reports about MCAS proble
Re: (Score:2)
Only 8?