>But the big issue with the MAX is not that it handles differently, it is that Boeing lied to everyone about that fact. Then they made another semi-unforgivable error by masking the handling with software, ok, but didn't even take the most basic steps available to ensure some redundancy in that software.
Which is exactly what I'm saying and the opposite of what the author and DTAL are saying.
>It is just so very very bad engineering and mindset that it's hard to describe.
I don't think it's even a mindset. It's that sort of "nobody is responsible for a large enough part of the system to be able to stop things and force things to be done right" situation that a lot of big-cos get into that results in them crapping out half baked products.
>Would I fly on a MAX if and when they get clearance again? Maybe after it's been flying for a year or so, and depending on what some trusted people and institutions say about it.
For me the decision would hinge on what training the pilots get.
> It will probably be the best reviewed passenger plane software developed in America, if not the world once this is over.
The problem is that this is not actually a software problem. It’s an airplane design problem, and Boeing is trying to convince you that it’s just the software.
Even if the software is perfect, this plane remains a flying coffin until it is redesigned from scratch.
> The error was not in the concept of the MAX nor the concept of the MCAS.
The reason MCAS was introduced in the first place was because the platform that Boeing chose to extend (to avoid recertification requirements) was unstable as a result of the introduction of CFM's new LEAP engines.
They insisted on correcting an emergent hardware defect with software in order to reuse an old platform to compete against a surprise threat from Airbus rather than design an inherently safe, novel platform.
Ordinarily I would agree with you, but this issue of stability is clouding the truly detestable course of action Boeing took.
Boeing was trying to save money. They wanted to keep the same type rating, so they added MCAS to an inherently stable and flyable aircraft for purposes of retaining the same type rating.
The system they added included optional safety measures that airlines had to pay more to install [0]. Boeing new that MCAS would be safer with these features and charged more for them!
The true outrage here should be directed at this underlying cause and the erroneous discussion over stability should be put by the wayside.
> The problem with the Max is that Boeing favoured the major airlines that wanted 2010s technology in a 60s airframe. But guess what, that doesn't work, in the same way you can't turn a Thunderbird into a Tesla by "just plugging a new engine".
No, the problem with the plane was that Boeing engineered a crappy solution to a problem they had.
There were 3 major problems that I am aware of.
1) A powerful(flight control wise) automated system that relied on one source of sensor data when multiple are available.
2) The switches that disabled the automated system also disabled all electronic control for the elevator trim, making it much harder for the pilots to recover from an out of trim condition.
3) The normal elevator controls are not enough for the pilot to overcome the out of trim condition so pulling back on the yoke as far as possible would not pitch the plane up enough to regain altitude.
The only way to recover from this type of situation is to momentarily pitch the plane further downwards to take stress off of the elevator trim so the manual controls are easier to operate with your hand. You would have to do that enough times to get the plane back into a stable position, this is not always possible when the plane is already at a low altitude.
> The MAX is a bad aeronautical design that Boeing made more "controllable" through additional control system engineering. Problem is, the additional control system engineering was pretty bad.
Yeah, it's really frustrating that the solution was already a band-aid, and they didn't even bother to do that properly so they covered up what was questionably fraud (the lazy way of not getting a new certification) with what was unquestionably fraud (lying about the MCAS system).
What's really sad though is it exposes just how defanged the FAA has become over the years, so now who the hell do we rely on to tell us what's safe for aviation?
>Sure, the sensor needs a redesign and some automation decisions were hot garbage, but 'never fly again' is just FUD.
Are you sure that only that except that MCAS all the other systems are fine and Boeing didn't cheap out on other systems, redesigned other things, other small updates etc? IMO the plane needs to be re-approved, this time for real.
> really big indictment that out of all the complex and hard to engineer systems in an aircraft it was poor software that caused the crash
While I frequently point out how bad we are as an industry at making fault tolerant code, this part is just flat wrong.
The software portion of the 737, while definitely flawed in a catastrophic way, would not have came to be if the aeronautics engineers had done their job and designed a flight worthy plane without software hacks. Not to imply the aeronautics guys are the root cause either though, the 737 Max fiasco is a top to bottom completely failure of Boeing as a whole, virtually every department involved in the Max has a significant reason to share in the blame.
> They are complex machines, but they typically have so many redundancies
But Boeing reduced redundancies, presumably to cut costs. The 737 MAX planes that crashed only had one AoA sensor. Where else did they cut costs? Where else did they reduce redundancies? The public trust has been lost. Boeing needs to design a new plane from scratch, this time let engineers design the plane without interference from accountants.
>> The 737 MAX has been grounded since March 2019 after two fatal crashes and cannot return to service until regulators approve software changes and training plans.
My understanding from the previous wave of news was that two planes crashed because they stalled in mid air because their engines were too large and too far forward and that somehow affected the plane's center of gravity... And the solution is a software update? You can't fix hardware problems with software.
I wonder if this is a trend. First Intel and now Boeing... Shipping defective products and then trying to hack together patches on top.
>> Remember, the issue here wasn't with the flight characteristics per se, it was penny pinching administrators who removed redundancy from a critical system to save (and attempt to mark up) a couple hundred dollars per plane.
This sounds good (blame it on cheapo mgmt) but really is not true. For one, the system never had redundant sensors, so they couldn't have been "removed". Secondly, the systems were designed by engineers -- with the mandate of no retraining necessary, true -- but I don't see where anybody stood up and said this is a failed/doomed system (except outsiders, after the fact). Third, "hundreds of dollars" is a total joke. The point of compatibility with previous 737s was a major selling point, worth billions of dollars in orders from airlines who liked the 737, instead of requiring them to choose between an entirely new Boeing design vs a semi-familiar (for many airlines) Airbus. It also had side effects of getting to market faster and reducing recertification and training expenses, likely totalling billions in additional savings.
>When designing a critical system such as an aircraft, you must include human authority into it
This is where Boeing messed up big time. According to the article they only had 2 AoA sensor, completely missing the fact that what happens if one sensor fails and which is correct. Airbus has 3, but IMO a critical component like an AoA sensor there should be 5 + additional inputs from the artificial horizon should be considered.
>You cannot design an unoverrideable automatic mechanism.
Yes, it makes sense. Even a complete automatic mechanism would need functionality to override in case things go completely haywire.
Hell no, I'll take Airbus or any other manufacturer over this crapware any day, even if I have to pay extra for the tickets. Boeing lost any trust in how they handled this, for very, very long time.
This topic is currently way beyond pure engineering issue, most human beings including me consider morality as quite an important aspect for example.
Unless I hear about some significant and measurable shift in the way company thinks and operates regarding to safety (nothing in the PR stuff discussed here), its a shady company with profits-above-safety mentality. No, thank you I can vote with my money
>the MAX was a flawed design due to the expectations it placed on pilot training, competency and in particular, instinct in a surprising situation. That's it.
As you eluded to earlier, there are usually multiple causes. One that the above statement seems to overlook is the poor application and adherence to the system safety analysis. According to their own process, even though they misclassified the failure they should not have relied on a single sensor.[1] It seems to me there's engineering, process, and human factor causes involved.
> It is not a mistake where Boeing is doing nefarious cost cutting and needs to hide it or has made a huge engineering mistake affecting all the aircraft.
Is this sarcasm? If not you really need to read the notes from the MAX 7 crash investigation, starting here [0]. That is exactly what Boeing did. MCAS was a hack to fix a plane badly designed to save costs. They rushed to release, ignored incomplete testing, hide information from the FAA, buried MCAS inside another features notes and forced engineers to say that only computer based training was needed for pilots for the new MAX planes despite big differences, all to save themselves and airlines costs.
> The MAX is a case of the actual aircraft manufacturer explicitly compromising the design of a safety feature because they knew it would help them sell more planes
The error was not in the concept of the MAX nor the concept of the MCAS. The problem was twofold:
1. MCAS should have used inputs from both AOA sensors, rather than just one. MCAS had too much authority over the travel, and it should have deactivated itself if the pilots repeatedly countermanded it.
2. The pilots were not trained properly in emergency procedures with the stab trim. Boeing put out an Emergency Airworthiness Directive after the first crash with explicit instructions on how to deal with it, but the EA pilots did not follow those instructions.
This is what Boeing did with Max. The airframe wasn’t stable in and of itself, and they relied on software to compensate. Terrible idea.
reply