Why are journalists still calling this an 'anti-stall' system. It's not, and it's so deceptive about what it actually does. The crashes had nothing to do with stalls, the system does nothing to prevent stalls, and the safety regulations that brought it about are only indirectly related to stalls.
The system affects how the flight stick feels and that's really it. The more you pull up (higher AoA), the more force is needed on the stick. That's supposed to be linear within some margin of error. The big fat new engines took it out of the linear envelope, making it a bit lighter than it 'should' be at high AoA as the engines caught the wind. They either fixed this, or else needed a new type rating (pilots can't hold more than one, so it's a huge issue for existing operators of 737s).
The solution was MCAS which, as originally designed, wasn't powerful enough to cause problems. But test pilots said that the stick was still a bit light, so they reworked it and made it way too strong, while still being invisible to pilots and lacking the reliability of a critical system. Then several hundred people died.
> system affects how the flight stick feels and that's really it
I kept hearing this too, so I wondered why they didn't just directly change how the stick feels, like with a force feedback system?
And I looked it up[1]: Turns out MCAS was also there to push the nose down at high AoA, to imitate what the 737 NG does even in the absence of control input, so it's not just a stick feel thing.
"The added nose down trim has the side effect of requiring more elevator input at high angles of attack", so simultaneously fixing the stick feel issue.
It seems to me like MCAS solved two related problems at the same time... and sadly thus created an even larger unintended problem.
What’s the implication here? That it’s these pilot’s fault? Surely their job is just to report what they experience during a flight sim and it’s someone else who would have decided to hide that.
The implication is that people at Boeing knew there were problems with MCAS before the crashes happened. I am not saying these particular guys are at fault.
The transcript (https://tmsnrt.rs/2OZl4Ic) shows them specifically talking about MCAS doing weird stuff in simulators and they they didn't know what was going on, or what the expected behaviour was. Interesting that it happened in a simulator where I presume that sensors don't sporadically break or deliberately give duff readings in what is probably a lot of highly controlled tests... perhaps a pure software error?
Did this problem just get lost somewhere in the noise of development? Was it "unreproducible" (in the bug sense)? Was it willfully ignored by "the management"? Who knows - but we now do know that some people at Boeing involved in development were aware of problems before the crashes.
Simulators can "break" in the sense that support simulating various failure modes, including presumably sensor malfunctions. It's very possible that they stumbled on the exact conditions that led to the real world crashes, which would be even more damning.
Yeah absolutely but if you are running a simulation/test would you deliberately inject some random sensor failure if you are doing your tests for something else?
It is not clear what they were testing - perhaps they were indeed testing the MCAS system with sensor failures, but if so I probably wouldn't have expected such a surprised resction from them. It seemed like it was totally unexpected and unexplained, which is not a reaction I would expect if they were testing this.
I guess the response would depend on if you think the flaw is in the existing type or not.
You could suggest that the trim system is defective regardless of MCAS. That the pilot should always be able to counteract automatic trim in any flight mode.
Or the problem is solely in the max modifications and you can safely ignore issues with the original design.
The implication is that Boeing needs to broken up into managable pieces. Right now it's a giant behemoth that's doing both passenger planes and also all kinds of hardware that is critical to the US DoD.
This sorta worked as long as Boing built consumer aircraft that worked exceedingly well. But alas...
>The pilot, Mark Forkner, complained that the system, known as MCAS, was causing him trouble. “It’s running rampant in the sim,” he said in a message to a colleague, referring to the simulator. "Granted, I suck at flying, but even this was egregious,” he went on to say, according to a transcript of the exchange reviewed by The New York Times.
I'm not sure if the link originally pointed to NYT, but the currently linked reuters report adds a bit more context to the messages.
>Forkner said in one text message, “I basically lied to the regulators (unknowingly).” The other employee responded that “it wasn’t a lie, no one told us that was the case” of an issue with MCAS.
>Forkner responded soon after: “Granted I suck at flying, but even this was egregious.”
Nope he was complaining they made changes to the MCAS without telling him and he was concerned the simulator wasn’t accurate to the planes actual experience.
Those are the pilots words and he’s saying the messages are being misinterpreted and cherry picked without context.
He was joking, as if you'd be a professional F1 pilot and when testing a new car you would say "I suck at driving but this thing loses grip in the corners".
Think about it from a Dunning-Kruger perspective. The more you know about flying, the worse you think you are. The pilot is an expert and very experienced. He knows what he doesn't know.
He's acknowledging that even with all his experience, he could be wrong -- but clearly he wasn't.
I'm normally against prison as a deterrent because it is used against people where it wouldn't work as a deterrent. In cases such as these it might actually work if the execs of such companies were simply jailed for a very long time as though they were about equally responsible as a regular bus driver would be if they were negligent at their job and killed a bunch of people. It just might have a positive effect the next time someone thinks they might get away with cutting some corners.
I would support this sentiment usually, but in this case I don't really see a way to determine the chain of responsibility. Who do we force into prison in this scenario? The engineer(s) who made MCAS? Just the one that wrote the lines of code that monitor the airflow sensors? Do we also imprison the QA people that signed off on this? Why not also their managers? Who of the C-suite? Probably the CTO and maybe the CEO, but isn't their behavior influenced by financial pressures from the CFO. Maybe we should just put them all into jail? The FAA was supposed to monitor this stuff but didn't. Should they be jailed as well? How about any congress people that cut the budget for the FAA? The list goes on. There are negative modifiers as well: what if the person who made MCAS was a very junior engineer in his/her first week? Are they still culpable? What if the CTO can prove they were never involved?
I don't think it's all that easy who is responsible.
If the CEO's are held responsible for the deeds of the companies they lead you can bet that there would be an instant improvement of corporate accountability.
Will the engineers also be responsible? I don't see how any attribution of blame can work in a system where causes are very distributed, such as in any large corporation. There is no one person responsible and claiming there is would just lead to a different sort of injustice.
No solution will ever be perfect. But the present day one clearly does not work, it leads to endless games of externalization and avoidance of eventual responsibility.
I've seen up close what even a little bit of accountability can do to large organizations, something a bit stronger would surely still have a positive effect.
As for whether the engineers will also be responsible: REAL engineers already carry responsibility and do so without any problem at all because they know their fellow engineers would not do any different. Professional integrity that's called. Software does not even come close to those standards, nor does most of tech.
And aviation - supposed to be different - went downhill in a hurry in the last decade and a half, not too late to turn back, though for Boeing it may very well be too late to recover their reputation.
> You'd get no new broken airplane designs - which is the point of the exercise.
Nobody seems able to write software that doesn't have bugs in it, in fact it seems to be humanly impossible. So, if you're going to jail people for buggy software, no new software will get written.
Buggy software will happen. Buggy software that isn't reported when it should be, that isn't fixed, reviewed and tested shouldn't happen. Software development for aviation is pretty good, that's not where the issue lies here. The issue is a systematic attempt to circumvent proper type certification for a new aircraft, and downright trickery in order to pretend it's just a minor change to an existing aircraft when in fact the aircraft was substantially different from the previous one sharing the same type number. That's not an innocent mistake.
It is a minor change. There is nothing inherently wrong with adjusting the flight controls so one airplane flies like another. In fact, engineers try to do it, as it reduces both costs and accidents. (There have been many aircraft accidents where the pilot did the right thing for airplane X, but unfortunately was flying airplane Y. These happen even when the pilot is experienced and properly trained to fly Y.)
> Software development for aviation is pretty good, that's not where the issue lies here.
MCAS is a software system, and the rules programmed into it had human factors mistakes in it.
You might want to read Aviation Week, 19-Aug, for more detailed information.
That may be preferable to broken ones, but no I don't think that will be the outcome. The outcome will be that companies will still follow the money and that executives will make it very plain that we're all playing by the same set of rules.
Rules without accountability and enforcement are meaningless.
Charging people with crimes means they'll go to great lengths to cover it up, instead of fixing it. The aviation system is as safe as it is because the people involved don't get prosecuted for making mistakes.
Standing over people with a sword is not going to get you any risk taking. All aviation improvement, including safety improvements, will come to a dead stop.
> because the people involved don't get prosecuted for making mistakes.
And they shouldn't be. But there is a very large difference between 'mistakes' and 'intentionally circumventing processes put in place to ensure safety'. Having to draw lines is always difficult, but in this case the line has been crossed. Consider what Martha Stewart went to jail for, then compare to what happened here. If justice is to be observed as even handed there ought to be some serious consequences here, not some already rich guys getting richer with their golden parachutes, the irony of which I'm sure will not be lost on the relatives of the people who died.
The legal definition of culpable negligence is actually pretty straightforward.
I see no reason not to hold key decision-makers responsible for the consequences of decisions that aren't just misguided or incorrect, but actively and wilfully negligent of factual information - especially if they cause even more deaths by attempting to suppress that information and place blame on innocent parties.
Boeing has designed planes that have an INCREDIBLE safety record, particularly when flying in US regulated airspace.
Interesting that prison time is demanded here when a much more simple explanation is that this was an oversight by the pilots in the sim who didn't fully understand the issue was MCAS related.
Millions killed from opioid epidemics, thousands killed from violence and various preventable diseases, huge number of road fatalities do not result in prison time.
The safety record of aviation in the US should be applauded.
This isn't just some "oops, these were badly trained pilots" – the whole premise of MCAS is seriously screwed up and smacks of non-engineers running the place.
What op seems to imply is that airplane incidents rates actually have a stronger track record as opposed to the opioid epidemic, road fatality, etc. And that if society believes that this individual/group should go to prison based on this mistake and in hindsight, without account for all the other factors that were a part of the decision making process, then society should start reconsidering the way it treats opioid, road fatality, etc.
The mindset of "quick to imprison" can also run the risk of creating a society that is overly averse to risk taking, which can hinder technology and scientific advances. For example, it may take 10 times as long to get a new, more advanced traffic light implemented in your city because now everyone wants to make sure no stone was left unturned, otherwise someone will get into an accident and a staff/group will be imprisoned. Or a new software is implemented but 3 months later it is found that failure under very specific scenarios has caused over 50 deaths. There are millions of potential scenarios that may fall under similar conditions as exemplified above.
Please note that this writing is not advocating for or against either views, it is simply shedding light on risks that should be considered.
This is already the case with the FDA 1962 "safe effective" regulations. There is little downside to the FDA wanting to take no risks whatsoever in approving a drug, but a huge downside to the regulators if they approve a drug that turns out to have a fault in it.
The result is that developing new drugs got enormously more expensive, far fewer new drugs get developed, long delays in effective treatments getting approved, diseases that don't affect large numbers of people don't get cures developed, etc.
The net result was a negative for patients.
This was all discussed in "Regulation of Pharmaceutical Innovation" by Sam Peltzman.
There have been a lot of deadly aviation crashes due to mistakes, false assumptions, oversights, incompetence, human failings, etc. But somehow we've wound up with incredibly safe airline travel. Millions of flights with no incident. Do we really want to start jailing people now? What improvements will we forsake if we give airframe makers powerful incentives to hide mistakes? or simply avoid making improvements to safety, because who wants to risk jail for making a mistake?
Has anybody argued that nobody else should be punished, ever? Otherwise "but there's drug addiction and car accidents! We shouldn't pass judgement on Boeing until everything else is perfect" is a really strange argument.
The really strange argument is saying it is totally OK for people to willfully engage in activities that result in significant and ongoing fatality rates within the bounds of US law without punishment (slaps on the wrist for everything from willful pollution to opiods where the investigators were waved off) and then demand jail time for folks who have no fatalities within US law AND have an incredible safety record in their field, a record FAR FAR better then lots of other areas (drug distribution, medical malpractice, enviro health and safety etc).
If you wanted to reduce auto accident rates, opiod deaths etc you'd put these folks in charge, not put the law enforcement lobby in charge (yes, they will arrest lots of low level offenders but will not systematically address the issues and do not chase the folks at the top).
I'm making the point that for for US flying (with US levels of maintenance / pilot training etc) boeing and even the 737MAX has a safety record that is incredible.
Not only that, it beats almost all other regulated modes of transit and even other regulated hazards (OSHA controlled worksites etc).
As always, it could be better - but it's actually amazingly good already - these planes are incredible safe in a challenging environment (miles, landing cycles, tolerances etc).
The demand for prison time here, when we have so many many areas where prison time can be MUCH more closely and immediately linked to bad actions (and goes unpunished) is misguided.
If it were safe to fly the Max in the US, and the problem were the pilots, it would be in the air now. It isn't, as the problem is clearly with the plane. It was likely just a matter of time before another Max fell out of the sky somewhere in the US, Europe or elsewhere.
If you look at where fault lies part lies with boeing and part lies elsewhere in the safety chain. In contrast to many other areas - the evidence of ill intent is relatively weak here. Even without prison Boeing is facing major financial impacts as a result of this issue (as it should).
It's looking like evidence from the airlines that proper maintenance was done may have been faked.
We know lots of maintenance issues unaddressed and repeated warnings by the plane itself that there were sensor issues were not properly addressed.
We know response was not ideal on pilot side which overlaps with some training and other items around stab trim cutoff and/or automation dependency.
These factors are partly why there have been no accidents in 737MAX in US despite lots of flying.
Yes - boeing should design a totally safe plane. Part of that is going to be designing plans to accommodate a wider range of pilot skill (what they are calling "future pilot populations") and to better accommodate maintenance and ground handling training assumptions to allow for greater risk of problems there. This is already being implemented.
Ironically, one element may be to REDUCE the reliance on pilots as a key flight safety control and then increase automation and redundancy in the automation.
By every metric I can find (passenger deaths per trip/flight leg/flight mile, hull losses per delivery/year, etc) the MAX is an outlier.
In fact, I can't find any other airframe in the last 50 years that even comes close (including the DC-9 and TU-154). What other airplane has killed 300+ passengers in its first 4 years of operation?
So, what metric have you selected to show that the MAX isn't dismal?
(and please, no lie-with-statistics stuff like hiding the MAX in 737NG data, or claiming that crashes by foreign pilots or on foreign soil don't count)
> the evidence of ill intent is relatively weak here
Most people are referring to negligence, not ill intent. "Let's make more money and rush this thing out! (Even though this could kill people)", not "Let's deliberately design a system to kill people".
Regardless, one sensor failing should not induce a plane to fly itself into the ground, despite the best efforts of the pilots to recover (and despite the fact they were not necessarily the best trained pilots). 2 / ~400 complete hull losses of brand new jets is completely unacceptable. That is dismal. Don't try to downplay it.
These were not the "best efforts" to recover - stab trim cutout is a memory item.
Absolutely - Boeing is going to be designing much safer planes in future to accommodate different pilot populations. That is clear and necessary. This will make us all safer. Boeing obviously screwed up with a primarily US based mentality.
This system was PARTICULARLY fragile in the face of poor maintenance and reliance on automation - which boeing was unreasonably dependent given a US centric view.
Look into history of comets and concorde if you want to look at hull loss rates (note - both stopped flying forever when safety issues became clear). I predict almost no chance that the max will be taken out of flying forever.
1. MCAS does not behave exactly like a normal runaway trim.
2. On the Ethiopian crash, they _did_ initially follow the stab trim cutout procedure, but they didn't manage their speed correctly and thus were unable to control the plane with manual trim.
IMO point 2 is very important - pilots will not always be perfect. It's easy to armchair pilot from your couch and say that "Oh, just manage your speed correctly when your plane is trying to pitch itself into the ground just after takeoff and follow the stab trim cutout procedure. Very easy to deal with MCAS." But reality is not that easy.
> Look into history of comets and concorde if you want to look at hull loss rates
Compared to every other new plane released in the past 20 years, the 737 MAX has a terrible hull loss ratio. I don't really care about the Comet or the Concorde since it's 2019.
Agreed - pilots will not always be perfect, and if the safety chain -> design of systems, maintenance, training, experience is weaker than this will matter more.
Pilot error still #1 cause of fatalities including in the US. In this case bad maintenance also looks to be an issue and a brittle design. You have a master caution on 4 seconds into flight - you've got a terrible maintenance log book etc. I actually thought initial stab trim call wasn't unreasonably delayed - though they did let it run 4.6 to 2.1 over 10 seconds or so, which is a HUGE trim change.
And stab trim cutout wasn't followed fully or MCAS wouldn't have been able to put them into the ground at the end, though they may have already in a bad spot so thinking not unreasonable, except of course you might sit on nose up trim for a bit once reversing cutout.
The move will be I think to more automation and reducing ability to dispatch with things like a flight computer out of service (histrionically pilot skill would cover this now).
I also think they may need to move to authenticated maintenance / self test / parts life / history items. Ie, prevent dispatch on sloppy fixes / sloppy test.
By US-based mentality, you mean one where it's OK to design an automation system that takes input from a single sensor? And this is somehow OK for American pilots, but not for foreigners?
I think evidence will show you're wrong. The MCAS is a terrible design no matter where you intend to fly it.
Yes - automation in the US context has historically evolved with pilots pilots considered a key and reliable redundancy. So yes - the automation is not full automation / full redundancy. The idea has (historically) been then that the pilots bring overall safety to required standard and the pilot is the redundancy. The evidence in the US has showed that this approach works from everything from stab trim cutout issues to dual engine failures.
In the US, efforts in last years have focused on the entire chain of safety (actually away from plane design) and the US has hit some of the BEST periods of safety in aviation. This is everything from duty / rest periods, maintenance, minimum training requirements etc.
"And this is somehow OK for American pilots, but not for foreigners?"
Let's be VERY clear here:
The requirement to fly Part 121 in US even as just a first officer requires an ATP and 1,500 hours. Most folks have a a significant amount of other flying prior to that, the US has a much bigger GA aviation scene, private flight instruction, glider, private jet / charter markets and military flying. The US has something like 12,000 pilots flying for the air force alone. The first officer on your long flight is very very likely to have a TON of experience in all sorts of situations, and particularly with manual flying.
Overseas - you can be a graduate with an academic / training background only and 250 hrs of "flight time" more broadly defined and be at the controls. Ethiopian airline pilots were 25 and 29 years old.
In the US, major carriers even more picky.
Southwest for example:
Flight Experience: 2,500 hours total or 1,500 hours Turbine total. Additionally, a minimum of 1,000 hours in Turbine aircraft as the Pilot in Command* is preferred. Southwest considers only Pilot time in fixed-wing aircraft. This specifically excludes simulator, WSO, RIO, FE, NAV, EWO, etc. "Other Time" will not be considered.
So yes, if boeing is going to sell into markets with folks getting into cockpit as co-pilots with sometimes as low as 50 hrs (1 week) of experience (in cadet / training systems) then 100% they will need to redesign and rethink things for this future pilot population - and yes, that means the systems will have to have MUCH more natural redundancy built in.
Ignoring this difference in background, opportunity and skill will lead to lots more deaths - all preventable if the thinking changes and a better understanding of future pilot populations is developed, and that includes accounting for differences in training and experience.
You hype up reliance on US pilot training, but ignore Boeing's intent to NOT train pilots on MCAS (and especially its differences from existing behavior). Plenty of US pilots have gone on record saying that their US-based MAX-8 training left them unprepared to fly the MAX-8 as it was originally delivered.
You're still trying really hard to blame the pilots and ignore critical and unarguable airframe deficiencies. It hasn't worked yet but maybe if you keep writing lots and lots of words you'll get somewhere.
And despite no training we have what may have been some amazingly good MCAS recoveries within the US during takeoff into things like turbulence triggered MCAS nosedowns - pilots thought their own fault / couldn't understand what was going on but the limited reports in terms of response are great for totally untrained situations. I'm sure pilots were pissed, they should be!
I think you are failing to understand how the chain of safety works. Ideally you have a great design. If you don't then ideally the flaws / weaknesses don't get hit because you have things like good maintenance. If you don't have that then maybe next hope is the pilots. Worst case you then you require instrumentation to help reduce risk of the next tragedy. Etc.
This system has resulted in an incredibly safe mode of transport despite many challenges / crazy tolerances etc.
"Amazingly good MCAS recoveries" are a crew success, yes, but they are even more a sign of aircraft and regulatory failure. You aren't acknolwedging that the MAX-8 has serious issues no matter where the pilot learned to fly.
American pilots are top notch. However, the pilots themselves don't want to be put in the position of saving the aircraft, and a big part of the FAA's charter is to ensure that they don't have to.
Does your chain of safety include feeding a twitchy automated system from a single sensor?
MCAS is a terrible software solution to an engineering problem. On top of that, no sufficient training for the pilots to cover up there awful solution.
There's deaths caused by Boeing's greed and lack of competition against Airbus' new planes.
Impressive spin but not enough to overcome the documentary evidence of deception. Lots of people go to prison for violence and I am heartily in favor of people like pharmaceutical executives joining them.
https://graphics.reuters.com/BOEING-737/0100B2J51TY/Boeing%2...