> It will probably be the best reviewed passenger plane software developed in America, if not the world once this is over.
The problem is that this is not actually a software problem. It’s an airplane design problem, and Boeing is trying to convince you that it’s just the software.
Even if the software is perfect, this plane remains a flying coffin until it is redesigned from scratch.
>First the design of the software used in commercial airplanes is bat shit insane
At least in that case. But it isn't normal that you blindly trust a sensor, not even Level D (failure is unimportant and easy to deal with) Software would/should do that. It actually takes a significant effort to put Software into a plane, which only increases with safety requirements.
The chain of failure which needed to happen in this case is enormous. Dozens of people need to have looked at the documentation and nobody cared/figured out this blatant security issue. How can a company like Boeing even operate like that?
>Sure, the sensor needs a redesign and some automation decisions were hot garbage, but 'never fly again' is just FUD.
Are you sure that only that except that MCAS all the other systems are fine and Boeing didn't cheap out on other systems, redesigned other things, other small updates etc? IMO the plane needs to be re-approved, this time for real.
> really big indictment that out of all the complex and hard to engineer systems in an aircraft it was poor software that caused the crash
While I frequently point out how bad we are as an industry at making fault tolerant code, this part is just flat wrong.
The software portion of the 737, while definitely flawed in a catastrophic way, would not have came to be if the aeronautics engineers had done their job and designed a flight worthy plane without software hacks. Not to imply the aeronautics guys are the root cause either though, the 737 Max fiasco is a top to bottom completely failure of Boeing as a whole, virtually every department involved in the Max has a significant reason to share in the blame.
> You can fix Boeing's reckless greed and willful negligence with software!?
I can't, but Boeing can fix things with software and a lot of money. They need to do what they've been unwilling to do, which is go for a new type rating.
I also can't fix the current imbalance between profit and safety within Boeing.
> The issue involves how software on the plane checks itself to ensure it’s receiving valid data [...] when the system is initially starting up.
> software reviews have occurred in a special simulator used by engineers on the ground.
> The problem came to light when the latest version of the software was loaded onto an actual aircraft
My stomach hurts reading this! I get no confidence at all and I am scared more problems will be found or more accidents occur.
Just guessing... Someone at Boeing testing the new shiny software on a real airplane decided to mess with a sensor (AoA?) to simulate it being stuck or something and to make sure this would be properly handled. It did not work.
How on earth can problems like this be found this late?
> This is how airplanes are made safe. Not by imagining you can create perfect hardware or software, but by assuming any part can fail, and how does the airplane continue to fly safely?
>Fixing an "aerodynamic" problem with a "software" solution is already cutting over to a different problem domain and it will lead to unforeseen circumstances.
I have a hard time parsing this. A modern airliner is a conglomerate of physical aerodynamic design, electronics and software. I am not convinced that something like MCAS is so out of the norm from modern aviation design principles.
>People at Boeing who made decisions for this project whether it is a team lead or a test lead or a project manager or a sales exec or a CEO; are all equally blamed for this.
Maybe. Or maybe there is no actual underlying problem. Or maybe the problem has nothing to do with the MCAS system. Let's wait a little and see how it plays out.
> but my iPhone is not going to kill me. That attitude is not Ok for airplanes.
This is the key point. I imagine the stakeholders here do not think the weight software is that critical, when in fact it could be. This is a common issue with complex systems.
Even though the software does not directly interface with the plane, its outputs are used to make key decisions on takeoff. Normally, there would be a large margin of error allowed, but in this case, due to the desire for max efficiency, the behavior of the aircraft is sensitive to the outputs.
The solutions are to (1) go back to having a large error margin, which of course should be cross-checked for sanity by the pilots, or (2) consider that the software is safety-critical, and should meet the same quality standards as the in-built flight systems.
> Firstly, no the software did not do exactly as it's supposed to. It crashed the plane by rendering it unflyable. It's not supposed to do that.
This belongs in the true-but-trite category. The decision to depend on a single, unverified AofA input was not a programming error, and neither was the increase in power in the second version. These decisions were made by Boeing, and endorsed by the FAA (to the extent that Boeing informed the FAA of them.)
> Not sure if you're being serious, and while it hasn't been tried AFAIK for the flight software specifically, but cost-minimization and outsourcing has been credited as the major sources of Boeing's safety problems for the last decade (737 MAX, 787 Dreamliner, 737NG). Doing more of it would be neither a change of course nor an improvement IMO.
I hear you, but I suspect aperocky was criticizing that exact approach.
>> The 737 MAX has been grounded since March 2019 after two fatal crashes and cannot return to service until regulators approve software changes and training plans.
My understanding from the previous wave of news was that two planes crashed because they stalled in mid air because their engines were too large and too far forward and that somehow affected the plane's center of gravity... And the solution is a software update? You can't fix hardware problems with software.
I wonder if this is a trend. First Intel and now Boeing... Shipping defective products and then trying to hack together patches on top.
>It makes the control curve slightly different, don't be so dramatic.
I'm not being drastic, the plane has an unconventional control system built to hide a physical flaw that is never an actual physical property on planes designed from the ground up. The plane will literally stall:
It's well known boeing used a hack to avoid costs of redesign.
>Tape, and the equivalent of tape, is a valid solution to many problems if you have an expert analyze it.
The experts who killed 300 people analyzed the mcas and also built it. No one will get on a plane covered in duck tape no matter how many experts analyzed it.
>I'm not psychic, I can't tell you how they fixed it,
Makes sense that you're not psychic. Likely you went to google at some point and tried to find out what that fix was and likely you found nothing. That's a red flag, a huge one.
Being psychic is the only possible way you'll know what the engineers did to duct tape the whole design. At the very least this is something any wise man should know about before getting onto that plane.
I worked on the design of the 757 stab trim system, am trained in aerospace engineering, and am a programmer. I'm not a pilot. I am not explicitly familiar with the 737 stab trim system.
It is indeed at least partially a software problem. I had thought of two possible improvements: one is to limit the authority of the MCAS's commands to the trim, and the other is to not issue further commands if the pilot fights the trim commands. I read today that Boeing's proposed software fix includes both of those.
>Boeing gets away with this software issue because it's not really a big issue. The scary point the media can tell you because you don't have context to understand why it's mundane.
Yes, like the mundane software overriding pilot's intent from software written specifically to not retrain pilots on the system? Yup, sounds mundane to me.
When I said I don't trust anything from Boeing, it had little to do with this 50 day reboot, but much more in line with the Boeing is allowed to self certify and has been shown to not do that in a good way. They have ruined that trust because of greed. You might think that's a broad brush? At this point, every little bit is just another instance of death from a thousand cuts.
> and it became clear that the 737 MAX had some serious design problems that they had tried to fix in software.
It could be argued it was an appropriate design.
The critical error was in that 737 MAX has two angle of attack sensors that feed data into the cockpit; however, the MCAS software only used input from one of them. In the Lion air case the one considered sensor had been improperly calibrated after being flagged for maintenance by the crew.
The fix is fairly comprehensive. If an angle of attack disagree occurs between the two sensors the system is inhibited from activation.
> Why are airlines so eager to buy such a compromised model from a company that destroyed its reputation?
They don't see it as compromised. The purchase price was set based on the fact that airlines would _not_ need to retrain existing 737 pilots for the new model, that it was type equivalent.
With the software changes and with additional training there are cost implications but not necessarily safety considerations with the model.
> how can one wake up in the morning and seek for a safety exemption regarding
It's because planes with this same issue are currently flying and it's an easily managed issue (i.e. don't use it when certain conditions happen).
Boeing was hoping to add another model to the list of planes currently grandfathered in, but decided not to do that and instead fix it, and then back-port the fix to the currently flying planes.
The problem is that this is not actually a software problem. It’s an airplane design problem, and Boeing is trying to convince you that it’s just the software.
Even if the software is perfect, this plane remains a flying coffin until it is redesigned from scratch.
The only real fix is not to fly on this plane.
reply