Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×
Government Transportation

Boeing Whistle-Blower Says Proposed 737 Max Fixes Aren't Enough (bloomberg.com) 102

Posted by BeauHD from the not-good-enough dept.
An anonymous reader quotes a report from Bloomberg: A whistle-blower at Boeing Co. is urging aviation regulators to add additional protections to the grounded 737 Max. Curtis Ewbank, who has previously raised concerns about the plane's design with congressional investigators, said in comments filed with the Federal Aviation Administration that a proposal to mandate fixes to the jet didn't address multiple hazards identified in the two fatal Max accidents and earlier incidents involving the 737. "Clearly more actions are required to revise FAA processes so that it accurately assesses airplane design and regulates in the public interest," Ewbank said in the comments, posted on the Regulations.gov website.

The FAA has proposed multiple changes to the plane following the crashes that killed 346 people before allowing it to carry passengers again. The system that was driving the jet's nose down in both accidents would no longer activate repeatedly and various steps were taken to minimize the chances it would malfunction. The agency is also proposing to require multiple other revisions to the plane, such as an improved flight-computer system to improve its redundancy. Ewbank said the FAA and Boeing should do more to prohibit faulty readings from the sensor implicated in both crashes and improve the plane's warning systems. In addition, the agency should do a broader review of how pilots react to emergencies and do a more thorough redesign of the flight-control system, he said.
This discussion has been archived. No new comments can be posted.

Boeing Whistle-Blower Says Proposed 737 Max Fixes Aren't Enough More

Boeing Whistle-Blower Says Proposed 737 Max Fixes Aren't Enough

Comments Filter:

  • It should work in theory (Score:4, Insightful)

    by AndyKron ( 937105 ) on Tuesday September 22, 2020 @09:10AM (#60531216)
    I'm sure all the upgrades will fix the problems they have. Also introduce new problems nobody thought about.

    • Re:It should work in theory (Score:4, Informative)

      by thegarbz ( 1787294 ) on Tuesday September 22, 2020 @09:23AM (#60531246)

      You know this isn't the first time we're designing planes right? Also not the first time we're applying redundancy.

      These are problems everyone in the industry has thought about. The upgrades will fix the problem caused by cheap and incredibly stupid design and in the process bring it in line with what is standard for redundancy control schemes.

      • Re:It should work in theory (Score:4, Funny)

        by flyingfsck ( 986395 ) on Tuesday September 22, 2020 @09:37AM (#60531296)

        I'm sure the planes will be perfectly safe, just keep track of what the new renamed 737-Max is called now:
        Boeing 737-8
        Boeing 737 -10
        ...

        ...and make sure it is not on your boarding pass.

        • They had these model numbers from the beginning. The same way the 737-NG is called 737-700, 737-800, 737-900 and so on.

      • Re: (Score:1)

        by xonen ( 774419 )

        the problem caused by cheap and incredibly stupid design

        I don't think it's simply a matter of being 'cheap'. After all, they have plenty resources. It's likely more an issue of increased complexity. And since you can 'multiply' all complexities of the individual components as opposed to adding them, it's easy to see where that is going in a digital era.

        I'm quite sure that all parts of the system work pretty much exactly as they were designed, but add the parts together and it's very easy to miss something. But for whatever bad press Boeing is getting, they most

        • Re:It should work in theory (Score:5, Insightful)

          by drinkypoo ( 153816 ) <drink@hyperlogos.org> on Tuesday September 22, 2020 @09:56AM (#60531378) Homepage Journal

          the problem caused by cheap and incredibly stupid design

          I don't think it's simply a matter of being 'cheap'. After all, they have plenty resources. It's likely more an issue of increased complexity.

          People don't cheap out only because they lack resources. Usually they do it just to make more profit. You don't have one bolt and two screws through an interior panel forcing you to use more tools because the automaker couldn't afford to use three bolts. It's because those two screws were cheaper. Who gives a fuck if they'll hold up as well as bolts? The interior warranty is only three years! Boeing cheaped out and only used one of two present AoA sensors for MCAS because it would save money. And people died.

          I'm quite sure that all parts of the system work pretty much exactly as they were designed,

          The MCAS system was designed like shit. You never, ever trust a single sensor without even any cross-checking of other sensors which could give you a clue as to whether the sensor is working correctly, let alone without cross-checking with the additional identical sensor that you could be using. That design was shit and the person who designed it was shit and the person who signed off on it was shit. Just fucking manslaughtering shit.

          But for whatever bad press Boeing is getting, they most certainly are not stupid

          No, they're evil.

          and are very unlikely to be purposely malicious.

          What do YOU call it when they skip standard best practice safety processes to save a few hundred bucks per plane? I call that malice. It's a deliberate willingness to risk others' lives for profit.

          That it takes a whistle blower is food for thought, i'll admit that much.

          That they have to be forced to do the right thing proves that they're deliberate fuckups.

          • Re: (Score:2, Insightful)

            by xonen ( 774419 )

            Why would they fuck up so badly to screw their own business? Even if they were the most psychopathic capitalists, they can do the napkin math and see that safety issues are bad for business. And seriously, i don't think they are all psychopaths.

            Ever worked at a big company? Ever seen how slow things move there? Ever experienced that every man on the floor knows exactly what is wrong yet management has no clue? That's not an exception, it's the norm, and it's inherent to a large organization.

            Now, i'm not try

            • Re:It should work in theory (Score:5, Insightful)

              by drinkypoo ( 153816 ) <drink@hyperlogos.org> on Tuesday September 22, 2020 @10:24AM (#60531478) Homepage Journal

              Why would they fuck up so badly to screw their own business?

              Because the bean counters from McDonnell-Douglas are now running Boeing, and they thought they could get away with it without consequences, and double especially any consequences for themselves. They're probably right about that last part.

              Ever worked at a big company? Ever seen how slow things move there? Ever experienced that every man on the floor knows exactly what is wrong yet management has no clue?

              Sure, but I've also witnessed that management actively refuses to understand what is going on because their job depends upon it. It's not like nobody is telling them what the problems are.

              Now, i'm not trying to talk right any failure they made. They fucked up, badly. The difference here is that i do not think there was any intentional malicious intent.

              You can't call it murder because they didn't set out to specifically kill people. They only took actions that a reasonable person skilled in the art would know would be at risk of killing people. That's why they deserve a lesser but still homicide-related charge.

              • Re:It should work in theory (Score:5, Informative)

                by clawsoon ( 748629 ) on Tuesday September 22, 2020 @11:41AM (#60531714)

                Because the bean counters from McDonnell-Douglas are now running Boeing, and they thought they could get away with it without consequences, and double especially any consequences for themselves. They're probably right about that last part.

                Not just probably right, definitely right. Jim McNerney, CEO during the design and testing of both this program and the 787 production safety lapses [wsj.com], stepped down in 2015 with a $3.9 million-per-year pension. He earned $20 million-plus in each of his last couple of years as CEO. Those were the consequences he faced.

              • Re: (Score:2)

                by grantdh ( 72401 )

                Because the bean counters from McDonnell-Douglas are now running Boeing, and they thought they could get away with it without consequences, and double especially any consequences for themselves. They're probably right about that last part.

                Boeing has never been the same since McDonnell-Douglas used Boeing's money to buy their way into controlling Boeing. The same senior management group who screwed up MDD have wound up taking Boeing to the edge of self-destruction.

                From the USAF tanker debacle through to FOD in brand new 787s & KC-40s and the MCAS disaster in between, Boeing is no longer the engineering company that introduced the 777. The 787 roll out on July 8th 2007 when it was practically held together by tape & glue and the 787 ba

            • They charged $80,000 extra to turn on a warning that there was something wrong with the angle of attack sensor they used for the MCAS system.

              The plane has two angle of attack sensors. MCAS using only one of them could simply be attributed to gross negligence and utter stupidity.

              Not including as standard an angle of attack disagree warning is intentionally doing something maliciously evil.

              • They charged $80,000 extra to turn on a warning that there was something wrong with the angle of attack sensor they used for the MCAS system.

                The plane has two angle of attack sensors. MCAS using only one of them could simply be attributed to gross negligence and utter stupidity.

                Not including as standard an angle of attack disagree warning is intentionally doing something maliciously evil.

                For a $100 Million aircraft adding $80,000 amounts to what? That's not even 1/10%. Chicken feed, which airline would say "nawh, keep the extra safety equipment, I'll keep the 80K to pay for the first flight's worth of fuel."

                I guess airline profit margins are pretty thin, in fact, that's WHY they are buying the 737-MAX, to save a few dollars on fuel costs per passenger mile.

                Oh and by the way, redundancy isn't easy. You cannot just look at both, you have to decide what you are going to do in the case they

                • In this case the additional safety equipment is a light.

                  It doesn't cost thousands of dollars. It might cost hundreds with certification overhead.

            • Re: (Score:2)

              by gweihir ( 88907 )

              Why would they fuck up so badly to screw their own business?

              Because seeing that in time is a far more complex task and requires even more experience than doing it right. They saved a penny here, a penny there and they shaved down the redundancy that makes safe air-travel possible in the first place. All in the name of short-term profits, the MBA-sickness at work. And at some point, they saved a few pennies too much and it ends up costing them billions.

              The root cause is people that only see numbers and not the big picture and that have no understanding of complexity

            • Why would they fuck up so badly to screw their own business?

              That wasn't their aim - they did a CBA and calculated that the upside to their bottom line from cheaping out and 'streamlining' the design process, was larger than the potential downside of a failure. In their corporate mind, (because a corporation is a person, don'tcha know), their only failure was the CBA miscalculation they made.

              Even if they were the most psychopathic capitalists, they can do the napkin math and see that safety issues are bad for business.

              Oh - you mean like the auto industry capitalists who at various points during the last 50 years have made the same kind of gamble? BTW, in a lot of those user-killing 'safety iss

            • Why would they fuck up so badly to screw their own business? Even if they were the most psychopathic capitalists, they can do the napkin math and see that safety issues are bad for business.

              Human beings are phenomenally bad at judging the risk of unlikely events. This isn't taking a dig at Boeing, this is people in general, intelligent people across a wide range of industries and specialties.

              Why would they fuck up so badly? Because they thought "what would possibly go wrong?" and then got the wrong answer. Or maybe they got the right answer and asked the follow up question: "but how likely is that to happen?" and got that answer wrong. We see this time and time again, whether we think those hi

            • Re: (Score:2)

              by mvdwege ( 243851 )

              Why would they fuck up so badly to screw their own business?

              Because there is no such thing as a perfectly spherical market actor of uniform density operating in a frictionless market with only similar unicorns as participants.

            • If you are pressured to meet your quarterly numbers to shareholders (a bunch of random people many do not give a rat ass about Engineering or the products you sell) every 3 months. All they care about is Q3 >= Q2*1.10 If Q1 Q4 then Sell in Q4, They will still make a profit, from the gains of Q1-Q3. But they sold their stock at Q4 so it is no longer their concern until it becomes profitable again.

              The problem with the market today, is a pure disconnect between how well a company is doing and its stock pr

            • Why would they fuck up so badly to screw their own business?

              Because what is very rational and highly incentivized to an individual or some groups within the massive Boeing organization is not necessarily in the interests of the company as a whole. If an individual manager gets his group to achieve his assigned goals, he gets a big bonus in the coming quarter, but the costs of cutting corners to the company are theoretical and not realized until multiple quarters or even years later (at least in this case).

              I do not actually believe anyone chose to allow this plane t

          • The MCAS system was designed like shit. You never, ever trust a single sensor without even any cross-checking of other sensors which could give you a clue as to whether the sensor is working correctly, let alone without cross-checking with the additional identical sensor that you could be using. That design was shit and the person who designed it was shit and the person who signed off on it was shit. Just fucking manslaughtering shit.

            That's a gross generalization that would result in an overly complex system. Complex systems have complex problems. It's best to keep things as simple as they need to be, and no more complex.

            The correct approach is to perform a FMEA. [wikipedia.org] The FMEA should result in the acknowledgement that a failure of the single sensor would result in a catastrophic failure. Actions need to be taken to prevent the catastrophic result. This is where the mistake was made. A blanket policy of redundancy in everything would

            • Not really. Newer aircraft have at least triple redundant AOA sensors, but the 737 is ancient.

              • I'm not talking about the AOA sensor specifically. GP was making a broad generalization that no single sensor should ever be trused. Which implies, for anything, not just MCAS.

                My point is, there are cases where redundancy is warranted, and cases where it's not. It sounds like the AOA sensor is a good candidate for redundancy. However, if a sensor failure results in a 3% fuel economy reduction, for example, it likely doesn't need redundancy.

                • Even in a car a single sensor is never blindly trusted. The crank angle sensor is cross checked with the cam angle sensor, the knock sensors, vehicle speed sensor... Why do you think it makes sense to do it in a plane carrying passengers? That's bananas.

                  • Even in a car a single sensor is never blindly trusted. The crank angle sensor is cross checked with the cam angle sensor, the knock sensors, vehicle speed sensor... Why do you think it makes sense to do it in a plane carrying passengers? That's bananas.

                    Cross checking automotive sensors is less common than you might think. It's mostly due to California legal requirements. Sensors out of range are quickly flagged. However, a sensor stuck within a plausible range is likely only checked for plausibility "once per trip". That means a sensor could fail, and not be detected for several hours.

                    For example, an intake manifold pressure sensor is continuously checked for plausibility, and circuit continuity. In a split second at startup, the sensor is compared

                    • The only redundant automotive sensor is the accelerator pedal position sensor. That's the result of FMEA. Even then, some manufacturers have issues. [wikipedia.org]

        • Re:It should work in theory (Score:5, Informative)

          by ytene ( 4376651 ) on Tuesday September 22, 2020 @10:33AM (#60531510)
          The trigger event that prompted all the difficulties with the 737 makes was the decision to fit the latest generations of much larger engine. The original 737 came equipped with relatively small-diameter engine nascelles. See here [wikimedia.org] for an example of one from the 737-200.

          By contrast, the 737 Max has much, much larger engine nascelles - see here [insider.com].

          Not only were these new engines significantly larger - see how the entire nascelle is now forward of the leading edge of the wing on the Max - but they were significantly heavier. These two things served to significantly alter the aircraft's Centre of Mass.

          Centre of Mass is important when the aircraft is in stable flight - as a designer, you balance the lift and drag around the fuselage so that, in level flight, there is no effort required on the controls to keep that stable, level flight. Literally, you could let go of the controls and the aircraft would just carry right along, perfectly trim and level (everything else being equal).

          Then along comes the Max. Boeing went this route - making the decisions to fit these huge new engines - because they knew that their original design proposal for the Max would have used an older generation of engine that burned considerably more fuel. This would have meant that the Max would have been unable to compete against aircraft such as the Airbus A320NEO (New Engine Option), which, unlike the 737Max, was much more of a "ground up" design.

          So Boeing needed to make a bunch of changes to fit the new engines to the Max. First, they had to alter the landing gear to be "telescopic" in nature, because there wasn't enough room in the wing compartments for the "longer-legged" landing gear to fit without it compressing first. All this because the outside diameter of the new engine nascelles was so much larger, they would literally have dug in to the tarmac without raised gear...

          But this was relatively trivial. Note that the aircraft did not receive modifications to the tail-plane (used to trim nose pitch (angle) in flight), despite the centre of mass moving down and forward, which in turn meant that the centre of mass moved *away* from the centre of lift.

          So to hide and cover up from this cluster#### of design decisions, Boeing fitted MCAS, the "Maneuvering Characteristics Augmentation System" - basically a type of fly-by-wire that allowed aircraft computers to over-ride pilot control inputs in certain flight conditions. Boeing did not tell pilots about MCAS - references to it were REMOVED from differences training and aircraft documentation.

          Then, just to make things even worse, Boeing designed MCAS to be triggered from something called the "Angle of Attack" sensor, a small detector placed on the nose of the aircraft that can tell whether the aircraft is flying "straight and level" or if it is trying to pull the nose up too aggressively.

          Here's where Boeing got stupid again. To cut costs, they fitted just a single AoA sensor. They made the second a cost-option extra, for airlines wanting an expanded cockpit instrumentation set. Guess what? Airlines didn't buy the option because they didn't understand what was missing.

          Can you tell where this is going yet? Allow me to explain... If the AoA sensor failed, or became blocked or jammed with debris - like say a large fly or locust (Africa crash? - this is me guessing...) then the data it gave the flight computers would prompt MCAS to trigger. But even better, even when you thought that the issue had resolved and the aircraft you were in had stopped trying to push itself into a nose-dive... MCAS would go quiet for a brief period and then wake back up and start the whole process over again.

          It was this weird

          • Re: (Score:1)

            by Anonymous Coward
            Center of mass change is irrelevant - aircraft get loaded differently all the time, and it changes throughout the flight. The safe range for center of mass is very large. Putting a bit of extra luggage far to the aft of the plane would offset the change in engine weight. Leap 1-B weighs ~150kg more than the heaviest CFM56, and about 450kg more than that used on the -800. The engines are located a few meters forward of CoM, but it's an 80 tonne, 40m long plane. Issue is variable center of lift with changes i
            • Correct. More generally it was the changes in forces and torques generates at different angles of attack. These changes can also be expressed as changes to lift, drag and pitch moments. As I understand it, the relationship of pitch moments and stick forces versus angle of attack became non-compliant, requiring MCAS as a workaround, that used relatively long-period secondary controls (trim) to attempt to modify short-period (elevator) response. The rest is history.

          • Re: (Score:3)

            by Ecuador ( 740021 )

            Your overall comment is correct, it was a series of bad design decisions based only on profit.
            But you do have a couple of factual errors:
            - All planes were fitted with TWO AoA sensors. On all planes MCAS was only connected to one. The paid option you are talking about was the "AoA disagree light", which originally was part of the standard package but some penny-pincher moved to optional. With that, the pilots would at least have an idea that one of the AoA sensors was faulty, but it would not help much for t

          • Overall you're right, but there are a few things incorrect about your details:

            Firstly, there's nothing inherently wrong with the changed dynamics of the plane. The key was that pilots would need to have been type certified and retrained to fly the plane due to its handling. MCAS was created to make the new plane act like the old one. It wasn't "covered up" nor removed from training. Fundamentally its existence negated the requirements for pilots to do training in the first place leading to no one knowing in

          • Your summary is good in general, I would however just question one thing.

            Did Boeing really try and be 'cheap' with the AOA sensor? I seriously don't think this was Boeing just being cheap.

            More likely in my view.

            AOA sensors are traditionally not as crucial to passenger aircraft. So Boeing probably kept the same regular options to customers as they always have with respect to AOA sensors. Customers just placed theirr orders as usual.

            Most acknowledge Boeing added on MCAS so they could keep the flying character

            • Re: (Score:1)

              by Anonymous Coward

              All 737s had 2 sensors. MCAS was linked to just one of them to cut costs (simpler system). The optional feature was a "sensor disagree light", which might have helped pilots possibly.

          • Not only were these new engines significantly larger - see how the entire nascelle is now forward of the leading edge of the wing on the Max - but they were significantly heavier. These two things served to significantly alter the aircraft's Centre of Mass.

            A heavier engine should add a nose-down moment. MCAS was implemented to cure the opposite, a nose-up moment.

            To be precise: One that got stronger as angle of attack increases. This made the MAX by itself unstable in pitch: Once it pitches up, this movement accelerates right into a stall. Which will crash the airplane if this happens at low altitude. That's why the MCAS retrim should keep the nose of the airplane down. Which it does if the angle of attack vane works correctly.

            What really caused the probl

            • I suspect that most people don't have a great depth of understanding in aerodynamics, hence linking mass and balance as a primary source of potential instability. Doesn't make it not tiring to see it suggested or stated as fact in every comment section on this topic.

              The allowable range of CoG on this aircraft is several feet long, and the allowable takeoff trim range is also quite large (to account for factors such as total weight, CoG, prevailing atmospheric conditions). Technically, the aircraft should
          • Slight correction to your last point - it is actually quite easy to "lift the corporate veil" and charge company directors with crimes. The hard part is the same as with any "white collar" crime, and that's proving your case beyond a reasonable doubt. Crimes require intent, and thus you need to show some sort of evidence a director knew something was unsafe but proceeded with it anyway. I agree someone in Boeing should be jailed for this, I'm just keenly aware of the legal difficulties in proving such a

          • Re: (Score:2)

            by jbengt ( 874751 )
            For the typical aircraft design, the center of mass is forward of the center of lift to help stability. (Though not too much, since the tail has to push down a little to balance the plane.) That way, if the plane begins to nose up, the angle of attack of the wing rises, causing more lift behind the center of gravity, which tends to rotate the plane more nose down. If the plane noses down, that reduces lift of the wing behind the center of gravity, which tends to rotate the nose back up. If the center of
        • According to reports senior developers in the US have been replaced by outsourced developers with less or no experience from the aircraft industry. https://medium.com/@dodiyadhar... [medium.com]

          • Re: (Score:2)

            by gweihir ( 88907 )

            Indeed. Like having people that do not understand the application domain write software for it is such an excellent idea. Right there I see several life-sentences for the "managers" that made that decision. The developers are blameless, development risks from selecting personnel is not their responsibility.

        • People on the inside knew about the problems [nytimes.com] (archive.is link [archive.is]), and some of them felt at least a little bad about their role in the cover up:

          Boeing employees mocked federal rules, talked about deceiving regulators and joked about potential flaws in the 737 Max as it was being developed, according to over a hundred pages of internal messages delivered Thursday to congressional investigators.

          “I still haven’t been forgiven by God for the covering up I did last year,” one of the employees sai

      • Re: (Score:3)

        by Zocalo ( 252965 )
        Not really, since the core issue is the way Boeing chose to implement that redundancy. They essentially had a dual-redundant control system, with the avionics (specifically, MCAS) attempting to make a decision when those two systems were in conflict, e.g. due to a fault in a sensor on one system, while making it less than obvious for the pilots to override the aircraft when it got things wrong. Unless, of course, the pilots had undertaken the additional, and very expensive, training that Boeing had insist

      • Re: (Score:3)

        by nashv ( 1479253 )

        Oh no, you don't know what you are talking about. The MCAS is not an essential system. In fact, the 737-Max is as good as any airplane without an MCAS.

        The 737 basic design is very low to the ground and cannot accommodate newer and more efficient larger-diameter turbofans. Airbus had used this strategy on the A320 to create the A320 Neo , which was incredibly successful. So Boeing panicked after American Airlines ordered 130 or so A320Neos, and decided to make the 737-Max with newer large diameter engines. T

        • Not an issue of thrust pitch-up. . That's a well-understood feature of ALL low-engined aircraft, and handled by the existing Speed Trim System. Nor engine mass/center of mass (as people also seem to think; CoM is easily changed, and the safe range is quite large). Variable center of lift from larger, further forward engine nacelles causes abnormally light control forces in high AoA low speed flight, hence the need for MCAS to counter with trim.
          • (And yes, this awful duct-tape and glue solution to the problem was implemented as a separate but similar system to STS; also separate is Mach Trim system that uses the elevators, as opposed to the whole stabilizer, to trim against mach tuck, so i suppose there's something resembling precedent for keeping the various aspects separate in the design)

        • Re: (Score:2)

          by gweihir ( 88907 )

          Basically, they chose to fake the old plane using software, due to greed. It failed horribly. No personal criminal liability for anybody that is responsible. That is the second problem.

        • It was right out impossible for Boeing to make the landing gear taller. There simply is no room for longer main gear in the fuselage the way it is mounted right now. You can see that pretty well if you look at the bottom of the aircraft - the 737 main gear bays don't have doors. But even if there was room could that, the 737 doesn't have slides for its overwing exit because it sits so low - the passengers are supposed to slide over the extended flaps. Longer landing gear would require slides, requiring chan

          • It was right out impossible for Boeing to make the landing gear taller.

            They went and did just this for the MAX 10. https://www.youtube.com/watch?... [youtube.com] Though this was done for the purpose of improving margins during rotation, as it is quite long.

            • it is not quite the same and can only be used during the rotation because the 737 has no overwing slides

              • This is true, but in principal, it is possible to employ different landing gear geometry if only they saw it as economic to do it. Overwing slides and a fancy landing gear mechanism seem a great deal cheaper, possibly even over the lifetime of the model, in comparison to what has transpired. Not sure if such a thing was ever considered.

                • Like I said, the overwing slides would require modifications to the fuselage. This means losing all the grandfathering and this in turn means that the aircraft would not be certified - it is not built to the modern standards. Basically, it would be easier for Boeing to develop a narrowbody from scratch.

        • Oh no, you don't know what you are talking about.

          I wouldn't be so sure – your post shows that it is you who is clueless.

          The MCAS is not an essential system.

          Wrong for the MAX. In the versions before the MAX, it was indeed not flight critical. With the MAX things changed and MCAS became much more aggressive and flight critical as well.

          See, as designed and without MCAS, the MAX was unstable in pitch at low speed and high power. The reason was the much increased amount and more forward location of the suction force on the engine intakes. In order to regain stability, the existing MCA

          • MCAS has nothing to do with engine power, only aerodynamic handling differences; Speed Trim System (STS) manages thrust pitch up, among other things. It's well understood, and affects all aircraft with low mounted engines. As far as I can tell, MCAS only takes flap position, autopilot state, and AoA into consideration. That the region of flight in which MCAS is likely to activate is also likely to see high thrust settings is coincidental. Why MCAS was implemented separately, I do not know.

        • Re: (Score:2)

          by amorsen ( 7485 )

          Unfortunately, MCAS is essential. No amount of control input is sufficient to counteract the pitch-up caused by high thrust at low speed, and since modern jet engines take a few seconds to react to throttle, you cannot fix the pitch-up that way either. The only thing that works reliably is trimming, because trimming controls the entire horizontal stabilizer, not just the comparably small elevator at the end of it.

          Incidentally, that is also why no amount of elevator input could save the plane when MCAS took

          • Thrust pitch up is well understood (it happens on any aircraft with low-slung engines), and has long been managed by the Speed Trim System (STS) on 737. This has not changed; MCAS corrects for a different effect related to shifting center of lift at low speeds and high angle of attack.

        • You DO understand that they actually did option 3.. All of the above.

          Yea, they went with the big fan - Why? Because it was more efficient and that's what this business is about, eking out the cheapest cost per passenger mile you can. That's why Boeing, Airbus and any other manufacturer is running headlong into carbon fiber and higher and higher bypass engines with hotter and hotter burners running at higher an higher pressure ratios. Efficiency is what this is all about.

          But they ALSO modified the landin

      • Re: (Score:2)

        by gweihir ( 88907 )

        But that is just the issue here: They did cheap and incredibly stupid design, _despite_ "everyone in the industry" knowing that this can only lead to a catastrophe. So have they identifies every instance of cheap and incredibly stupid design and have they identified the people responsible for it and removed them? Because if not, they will have more, yet unidentified cheap and incredibly stupid design and they may even have cheap and incredibly stupid fixes. The FAA is worthless as a quality control gate at

      • However it seems a lot of manufacturers are taking cues from Software Development methods. Which is part of the problem. They want to get the product out as fast as possible. Software we can get away with a lot of extra crap, because we just can apply a patch when we find a problem. For machines like Airplanes and Cars, there is only so much a software patch can do, and the cost of failure is much higher than say your Companies Accounting System.

      • Re: (Score:2)

        by sjames ( 1099 )

        The first time they designed the Max wasn't the first time designing an airplane either.

  • This is why it will take me a long time to trust self-driving. Especially if they expect me to take responsibility for what the car does through insurance. Companies are just too motivated to make money to have their customers lives in mind. I don't want to be the person who gets into a one in a million situation that the car couldn't handle because no one thought it profitable enough to analyze or test for.

  • Critical Fields... are they really? (Score:5, Interesting)

    by scamper_22 ( 1073470 ) on Tuesday September 22, 2020 @10:57AM (#60531560)

    Oddly enough, I just watched a Netflix Documentary about the Challenger space shuttle crash. It got me thinking on our perception of safety in critical systems.

    What's interesting about the Challenger crash was the tremendous amount of good will and honesty that appeared to be throughout the process. The contractor was calling alarms. NASA had all the right people and processes.

    Yet, at the end of the day, there were executive decisions made that should be familiar with anyone who has worked. Sales, politics, deadlines, schedules... and the result was a deadly.

    I'm not here to say BAD EXECUTIVES, because I've been in those meetings and I don't envy it. Without NASA 'selling' the space shuttle program to the public and government, there is no space shuttle program. Without results and schedules, funding may go away and then you don't have a space shuttle program at all. At the end of the day, political selling is basically the same as actual selling.

    The same is largely true for Boeing. They felt they had to deliver for whatever reason (Airbus competition...) and this is what they came up with.

    It gels with my experience as well. In the early stages of my career, I worked in 'mission critical' areas. I designed mining safety equipment and later core network routers.

    When I later moved onto more tech oriented and business oriented software... the weird things is I didn't see much of a difference in the actual resultant products. It all really depended on the project and people. Some were really well run. Others were not.

    Just off the top of my head. You look at say two tech titans. Google and Amazon. Totally unregulated and yet, they're probably the most reliable systems I've ever seen as far as the user experience goes.

    Even for things you might think of as needing higher security. Google's authentication is probably of a higher quality than the 'critical' systems like banks or healthcare software.

    I'm just talking out loud here. I'm not saying regulation is useless. I'm just saying that people have this perception that these regulated critical systems industries are 'better' or 'safer' or 'more secure' when the end result may not hold water.

    It's a weird problem to solve and I don't have the answer.

    • I've done security for banks, certificate authorities and a stuffed toy company. The stuffed toy company cared the most about security but that made sense. The people making the decisions there knew that any security flaw would come back and affect them personally. At the banks all they cared was if someone else could be blamed. If I explained that their so called "best practices" like using single DES or password policies that encouraged weak passwords they not only didn't want to change they often wer

    • I'm just talking out loud here. I'm not saying regulation is useless. I'm just saying that people have this perception that these regulated critical systems industries are 'better' or 'safer' or 'more secure' when the end result may not hold water.

      From experience creating an FDA regulated product, at the end of the day, the FDA approval is highly dependent on a mountain of self-reporting. The heart of the matter is a diligent and honest assessment of risks and applying appropriate mitigation strategies. Inspectors cannot be expected to understand the issues in enough detail to challenge a very wrong assessment. They may catch some things. Maybe. But they are never ever going to catch everything.

  • Wake me when they've wired in a third pitot. Meanwhile, if your Boing has frilly jet exhausts "I'm not going". As if there were anywhere to go, in the hard months ahead.

  • when we was told it is now "safe" according to FAA.

    https://slashdot.org/comments.... [slashdot.org]

  • I have often claimed that "Bureaucracies under-react until they over-react." The 737MAX saga may be one such example. It is likely that the MAX, as currently modified, is the safest 737 ever built. But because it was the cause of so much suffering, the focus remains on it. Meanwhile, older 737 varieties and the other 7xx series, presumably with as yet undiscovered shortcomings, escape this scrutiny, as do the Airbus offerings until something else happens. By the time they're done, there will be 10 AOA senso

  • And government can't do anything right, only big business can do it right.

    Y'know, I've got a bridge for sale.....

  • ...is one that doesn't take off. Ban airplanes.

  • Hopefully, Europe's EASA will be brought into this.

    • Hopefully, Europe's EASA will be brought into this.

      They already are IN this, ankle deep - head first. They have already said that they reserve the right to refuse the FAA's judgment and keep the 737 MAX grounded in their airspace until THEY are satisfied with Boeing's fixes. The Canadians have done so as well.

      This means that the FAA may let the 737 MAX fly again with passengers, but the rest of the world may not honor the normal "you certify, we certify" agreements on this one.

      So your wish has already come. The FAA has lost it's prestige in the world.

      A

  • Boeing certainly had problems here. But let's not forget that the crews in those two aircraft were not trained to standards we are accustomed to in western countries. Boeing was correct that any MCAS issues would manifest as a runaway trim issue. Those crews either didn't recognize the runway trim condition or didn't apply the correct EPs. I'm just an owner of a small general aviation 4-banger with manual trim, but even I know with electric trim the first thing you do is pull the breaker on the trim mot
  • Truth is stopped in the name of loyalty, discipline, patriotism, job security, national security, intellectual property etc

Slashdot Top Deals

"When the going gets tough, the tough get empirical." -- Jon Carroll

Close