Boeing Unveils 737 Max Software Fixes (cnbc.com) 249
hcs_$reboot shares a report from CNBC: Boeing previewed its software fix, cockpit alerts and additional pilot training for its 737 Max planes on Wednesday, saying the changes improve the safety of the aircraft which has been involved in two deadly crashes since October. By the end of this week, Boeing plans to send the software updates and plan for enhanced pilot training to the FAA for certification approval. After the FAA approves the fix, Boeing said it will send the software update to customers.
Among the notable changes to the MAX flight controls:
- The plane's Maneuvering Characteristics Augmentation System, or MCAS, automated flight control system, will now receive data from both "angle of attack" sensors, instead of just one.
- If those disagree by more than 5.5 degrees, the MCAS system will be disabled and will not push the nose of the plane lower.
- Boeing will be adding an indicator to the flight control display so pilots are aware of when the angle of attack sensors disagree.
- There will also be enhanced training required for all 737 pilots so they are more fully aware of how the MCAS system works and how to disable it if they encounter an issue.
enhanced training (Score:3, Interesting)
so.. a youtube link?
also these are workarounds, why not fix the actual problem of sensor reading incorrectly?
Sensors are physical objects (Score:5, Informative)
Because the sensors are physical devices, and are this subject to all physical device problems. They can break, corrode, be bent by a physical impact, etc...
They're regularly inspected, which is about the best you can do.
Re:Sensors are physical objects (Score:5, Interesting)
which again goes to question the logic behind an automated system based on sensors that could be faulty forcing correction while on manual flight control... but i am sure i don't understand as I am not an industry insider.
Re:Sensors are physical objects (Score:5, Interesting)
I was keeping my response simple, but for "flight critical" sensors the general idea is to have at least 3 and use a voting system. For sensors that are 99.X% reliable, the odds that two will be out such that they are throwing the same erroneous value(or at least within error margins) is quite low. Though there are differences between 'simple' sensors that report back a simple voltage or resistance where determining a fault can be difficult, and complex ones like radar, GPS, that are more likely to tell the system they have a problem. The vanes here are simple sensors.
Though with the MCAS it was supposed to assist, not be critical, thus 1 vane being enough. Pilots were supposed to be able to override with just more stick application. That assessment is being challenged, and the 2 vane + alarm thing is Boeing hoping to avoid having to avoid installing another sensor for proper 3 sensor + voting reliability, as the extra sensor will be expensive.
3 good sensors: all good
2 good sensors: all good(less redundancy)
2 good sensors, 1 whack - get fixed after landing
1 good, 1 whack - system unreliable, turn off. Consider landing early.
1 good - 2 whack(different values) - system unreliable, turn off, consider landing early
1 good - 2 whack(same values) - hope you notice before crash/fire. Turn off system. Seriously consider landing early. Last good sensor may or may not be usable(does it have an output you can use?). Consider firing maintainers as it is likely at least one was whack when you took off.
0 good - 2 whack(same values) - same as previous, really. Without minor hope of good sensor being useable.
3 whack - same as previous. Consider firing maintenance department out of a cannon.
Re: (Score:2)
I am not sure why we do not do five sensors for critical stuff and three for less critical. This whole cost cutting business is shady as hell when lives are at stake.
Re: (Score:2)
Cost - which of course matters. There are always safety / cost tradeoffs. Overall commercial aviation is very safe, and very inexpensive per passenger-mile, so in general there seems to be a pretty good tradeoff. In this case they may have not gotten it right.
Re:Sensors are physical objects (Score:4, Insightful)
Re: (Score:2)
Still the idiot version. You have total engine thrust at that time and measured airspeed (airspeed that can be defined by not just onboard instruments but by external data from the air' traffic control system). The design is inherently bad and unsafe, brought about by cheap shitty shortcuts and a corrupt approval system for US aircraft.
Reality the only safe choice now, DO NOT BUY US AIRCRAFT, the approval system has been entirely corrupted, with the manufacturers self approving the aircraft and the FAA an
Re:Sensors are physical objects (Score:4, Insightful)
Reality the only safe choice now, DO NOT BUY US AIRCRAFT
A whole set of EU pitot tubes would never ice over above a tropical storm, any more than an EU rudder would snap off in wake turbulence, would they now?
Re: (Score:2)
An EU rudder never snapped off in a wake turbulence. It was an American pilot using the rudder pedals like a dance dance revolution pad that broke it because he was so scared like a girl of wake turbulences.
Re: (Score:2)
Re: (Score:2)
I hear the Russians make good planes.
Re: (Score:2)
Those EU pitot tubes were fitted to replace ones made in the good ol' USA by Goodrich - because of safety issues with the Goodrich ones So nobody exactly covered themselves in glory.
But it's so cute how you pout and wrap yourself in that star-spangled blankie.
Re: (Score:3)
Pretty much every industry worldwide is like this. Auditors check that various reviews and things have been done. The reviews etc. are done by the manufacturers. Take a look at the auto industry and the emissions issues the last few years. The government seldom does the testing, etc. They just set the standards and the manufacturers claim they meet them. Same with the drug manufacturers (see the recent worldwide recall of the blood pressure medicine irbesartan). There isn't enough government expertise or ma
Re: (Score:2)
Medical device certification in the EU is a joke compared with the US.
That must be why practically every EU country has life expectancy higher than the US.
The shitty medical device certification.
We found the cure for old age, let's party.
I'd say that's probably more because healthcare is actually affordable across most of europe rather than the quality of the machines. Plus we don't run around shooting each other all the time.
Re: (Score:2)
Another thought is that the system needs to have a sense of time as well when working with real sensors. There should be some time smoothing (exponential is simple to implement and usually pretty good at reducing noise in the signal) as well as some tracking of rate of change of the readings as a reality check.
Re: (Score:2)
I was keeping my response simple, but for "flight critical" sensors the general idea is to have at least 3 and use a voting system.
Great. How do you determine whether the vote has a correct outcome?
3 good sensors: all good
/
Unless the sensors have a design flaw and under certain weather conditions they all report an erroneous value. Like the Pitot tubes on the ill-famed Air France crash a few years back.
1 good - 2 whack(different values) - system unreliable, turn off, consider landing early
Unless the two different values are identical, in which case the system would think they are good and crash the plane. But let's see...
1 good - 2 whack(same values) - hope you notice before crash/fire. Turn off system. Seriously consider landing early. Last good sensor may or may not be usable(does it have an output you can use?). Consider firing maintainers as it is likely at least one was whack when you took off.
The idea is that crash tendency is noticed. Remember that both MAX 8 crashes happened very soon after take-off, when plane is
Read the whole post? (Score:2)
Great. How do you determine whether the vote has a correct outcome?
Well, I'd start with reading my whole post before replying, because this is only like one of three questions you ask that are answered later in the same post. In some cases by the very next line.
Why ask when the question is already answered?
As for design flaw - that is a whacked sensor. I did mention firing people out of a cannon at that point...
The idea is that crash tendency is noticed.
Well, I said "hope" for a reason. It is a very scary situation to be minimized if possible.
About the only defense against defective sensors that are all returnin
Re: (Score:2)
this fix is just a software fix and no hardware/maintenance fix is needed. So lot less expensive.
Re: (Score:2)
Re: Sensors are physical objects (Score:5, Informative)
thrust is what causes the stall this system is designed to mitigate.
The most thrust you apply to an aircraft the low mounted engines, the more the aircraft pitches up, making a stall more likely.
If the aircraft has tiny elevators, like the 737, there is a point where the thrust is pitching the aircraft up more than they can correct, given the current angle of attack.
In that situation, there are only two things you can do to stop a stall
1) lower the thrust that is pitching the aircraft up
2) use the stabilizer trim to change the angle of the rear stabilizer - which is what MCAS does automatically.
Re: Sensors are physical objects (Score:5, Insightful)
So by disabling the MCAS you can't go full throttle without manually adjusting trim. That's not exactly ideal.
I've heard elsewhere that the purpose of the MCAS was also to make the Max fly like previous 737 and thus reduce retraining. With MCAS disabled, the pilot is flying a plane he is not trained for.
I'm not sure if I'm comfortable with this solution. Instead of a crash you get a high risk situation which sure is better but far from good.
Re:Sensors are physical objects (Score:5, Insightful)
Just your industry standard screwup. A better design is expensive, more testing is expensive, any delay is expensive. To the product managers will push and push and push for you to ship the product. The plan was not designed from scratch, it's an incremental modification of the 737 line and this feature was essentially a patch that was less expensive than a redesign.
Re: (Score:3)
which again goes to question the logic behind an automated system based on sensors that could be faulty forcing correction while on manual flight control... but i am sure i don't understand as I am not an industry insider.
That is Airbuses model, if all 3 flight computers cant agree, they throw control back to the pilot and say "sorry, your plane now". A system that has been fantastically safe and Boeing has spend billions trying to rubbish.
The system in the 737 MAX is there because they've changed the position of the engines from under the wing to in front of the wing which pushes the thrust directly under the surface of the wing. This has the nasty side effect of being able to increase the pitch of the aircraft without t
Re:Sensors are physical objects (Score:5, Informative)
No, it's intended to stop a stall from happening by automatically adjusting the stabilizer trim as the elevators don't have enough pitch authority to counteract the pitch-up caused by the more powerful engines.
The system is intended to allow the plane to be certified without redesigning the elevators.
Re: (Score:3)
Re: (Score:2)
Somehow that doesnâ(TM)t make me feel a whole lot better about this fix.
You must be sane. It's totally bananas to build an airliner which isn't neutral and stable by its basic design. While not cross-checking the two sensors they actually had in place should probably be considered criminal negligence, the real root cause is building this plane with these engines at all. They should have built a new airframe, but they couldn't do that in a timely fashion, so they glued big engines onto a small plane — and people died.
Re:Sensors are physical objects (Score:5, Informative)
No, you are wrong. It is not specifically intended to stop a stall. Read up on the issue. It is intended to let all qualified 737 pilots fly the Max WITHOUT EXTRA TRAINING. This plane has different stall characteristics, meaning it does different things when it stalls. Normally, you would train a pilot to notice what it is doing and adjust accordingly. But, that requires training that Boeing told airlines they would not have to do. So, Boeing designed MCAS specifically to make the Max behave like a regular 737 when approaching a stall, ie. kick the nose down. By doing that, the pilot is supposed to be able to see a familiar characteristic and say *ding* *ding* *ding*, my plane is stalling. NO EXTRA TRAINING. MCAS is not a stall prevention system, but a Maneuvering Characteristics Augmentation System. To learn more, at least read the first three paragraphs of this article:
https://theaircurrent.com/avia... [theaircurrent.com]
And all the white nationalists talking about foreigners in this thread is sickening. Sad to see Slashdot being overrun by these maggots.
Mod parent up (Score:2)
Never thought I'd ever write this, but yeah.
Re: (Score:3)
My UID is pretty old. I remember GNAA, frosty piss, hot gritz, JonKatz and Roblimo, etc., etc..
Slashdot is a mere shadow of what it once was. The moderation system is beyond broken. MOST of the posts here should be moderated away yet aren't. The seedy underbelly was always there, but now it's being elevated to the top. OP is right, /. has been overrun with the maggots. I'd estimate a good 80% of every story's comments are shitposts and racist bullshit. It didn't used to be that way.
Re: (Score:3)
>The system is intended to allow the plane to be certified without redesigning the elevators.
Actually the whole airframe has to be redesigned because the original 737 was designed too low to fit the larger, more efficient engines of the MAX fully underneath it's wings. The workaround was for the engines mounts have to be moved forward, changing the handling of the aircraft and leading to the introduction of MCAS.
Re:Sensors are physical objects (Score:5, Funny)
You started out with such a level atittude in the first paragraph, then you really stalled. Are you sure your MCAS was enabled?
Re:Sensors are physical objects (Score:5, Interesting)
It might not be the physical sensor. Data from both the LION and Ethiopian flights shows an offset between the two AoA sensors of 22 degrees. Neither appear to be stuck, as they both track airplane movements. But with this offset. Same physical fault causing the exact same offset? Doubtful.
One theory is that the 22 degree figure is pretty close to the value of one bit in the ARINC 429 word for AoA (22.5 degrees). So, software might be flipping a bit. This might be a tough bug to run down.
Re: (Score:3)
If the crashes were due to software bug, ouch. Didn't the LION flight take off with a known defective AoA sensor though?
Re:Sensors are physical objects (Score:5, Interesting)
The LION plane had an AoA system problem on a previous flight. The sensor was replaced. It appears that didn't fix it.
Re: (Score:2)
LION air has poor Maintenance
That would make things easy. But no, maintenance was not the cause of these 2 crashes.
Re:Sensors are physical objects (Score:4, Insightful)
Re:Sensors are physical objects (Score:5, Interesting)
It might not be the physical sensor. Data from both the LION and Ethiopian flights shows an offset between the two AoA sensors of 22 degrees. Neither appear to be stuck, as they both track airplane movements. But with this offset. Same physical fault causing the exact same offset? Doubtful.
One theory is that the 22 degree figure is pretty close to the value of one bit in the ARINC 429 word for AoA (22.5 degrees). So, software might be flipping a bit. This might be a tough bug to run down.
It seems unlikely that software would suddenly start flipping a bit repeatedly. That usually implies faulty hardware. The real question is how two pieces of hardware could experience the exact same fault on exactly the same bit.
My money is on thermal expansion of a BGA fastened with lead-free solder.
Re: (Score:3)
That usually implies faulty hardware.
It would seem so. Like an open/shorted lead on a parallel bus. Maybe a bad pin on an A/D chip. ARINC 429 is a serial protocol, so it's not likely something loose between boxes. What really rules the h/w angle out is the similar fault on (at least) two unrelated flights.
Re:Sensors are physical objects (Score:5, Informative)
It only rules out hardware if you assume that the failure is a random fluke. If it is the result of a mechanical design flaw or an under-specified simple component like a resistor, capacitor, or transistor, hardware failing in the same way isn't particularly rare. For example:
GPU thermal failures often result in a small number of different sets of identical symptoms; the same solder balls break more frequently because of their location and the way that the chip expands.
At one point, I was involved in a group buy of some preamplifier hardware from a manufacturer in China. There was something like a 40% failure rate, and it was caused by a single transistor being substituted with a lower-quality part that became unstable in the presence of too little capacitance. And they all failed with the exact same symptom, en masse.
And a particular age range of certain models of TV failed en masse because of capacitor plague. In every case, the symptom was that they wouldn't turn on.
Or consider the T-Con board that drives various LCD panels in TVs. They fail with alarming regularity, to such a degree that there's actually a third-party company manufacturing new replacement boards for old TVs. There are only a few different failure modes, usually involving one color channel stuck off or on, and statistically if you buy a used board, nearly 100% of the time you'll get a bad one, because it's the #1 cause of replacing TVs that contain certain models of T-Con board.
And I can also recall a hard drive connector built by a major manufacturer that was attached by a screw on only one end, and repeatedly would work its way lose, requiring a complete redesign of the hardware in the next generation.
You get the idea.
Re: (Score:3)
If you had asked me a month ago whether Boeing would build hardware that could command huge amounts of trim using only a single AoA sensor, I'd have said no. So if you're seriously asking whether I think that a design team who would sign off on MCAS might also have underestimated the impact of using a different epoxy in some BGA part, not realizing that it would overstress some solder ball because
Re: (Score:2)
RoHS is for consumer electronics. Aerospace is very much exempt and will still use leaded solder. While many components aren't available with lead free balls, even pretty small contact manufacturers will have reballing kit. It's the same in the medical industry which is where I know this from.
Re: (Score:2)
Also, do they use BGA for aerospace? Automotive is sticking to leaded devices for the most part, because of the problems with BGA reliability in systems that experience a lot of vibration and temperature cycling.
Re: (Score:2)
I'm honestly not sure whether BGAs are used in aerospace tech. For sure, some companies have been testing them for aerospace use for many years [eetimes.com]. It probably depends on whether a non-BGA version exists for whatever chip they need, and whether the alternative is worse (e.g. LGA).
Of course, the same problems can happen just as easily with any other surface-mount parts; it's just somewhat less common because it's easy to inspect and verify the soldering work when it isn't under a chip. I guess I probably sh
Re: (Score:2)
Do they use lead-free in aerospace applications? The lead-free requirement of RoHS rules only really applies to consumer items. Stuff like aerospace, automotive and medical are all exempt.
Re: (Score:2)
The requirements, AFAIK, don't apply to aerospace, but that's not the same thing as guaranteeing that no electronic component contains lead-free solder internally; the same parts can be used for multiple things.
Re: (Score:3)
In these cases when the sensors disagree for whatever reason, it looks like a light will turn on but essentially they will lose reliability of both sensor ans they won't know which one is faulty (assuming they won't fault at the same exact time, which i sa safe assumption).
If so it's a little stupid, and sad, as there are plenty of techniques to decide which one is correct and which one is faulty based on the reading of the other sensors (and a small internal model of the aircraft). I hope they implement a
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
They're regularly inspected, which is about the best you can do.
The best you (they) could do is to have implemented sensor cross-checking in the first place, not after people died. Our 2006 Sprinter has two pots on the accelerator pedal, and cross-checks them. WTF was Boeing thinking by not using both sensors? On what basis is that not criminal negligence? At very best, it's gross incompetence.
Re: Sensors are physical objects (Score:2)
Exactly why they are pushing for the "guess a fix and hope no one else dies" approach.
Suppose it is slightly better than the "pay the faa to not make them fix it and hope no one dies" approach.
But you'll never find me on a 737 either way.
Re: (Score:2)
You're right here, Johnny, dying in a crashing 737 is the very definition of the adventure of a lifetime.
And what if you survive while paraplegic and burned up?
You'd hate your children missing that opportunity, if you could have them.
Your chances of dying in a car crash are still waaaaaaaay higher? Do you not drive anywhere either?
Re: (Score:2)
Re: (Score:2)
just having two on a plane is already borderline minimalist
I would assume there are only two optimal places to put the AoA sensor, one on each side of the plane at the front in the centreline, where the airflow over that section of the plane is just right.
Also, why do they need to have separate indicators for every possible failure mode? Nowadays, you have a bunch of large screens in there, you can certainly log some warnings on one of them if essential instruments disagree.
That's what they already do. Boeing offers an optional extra to display the angle of attack to the pilot on one of those screens. It also shows a warning when the two sensors disagree. The angle display is going to continue to be a paid extra, the warning is going to be made standard.
Just to make the previous point clear: Boeing deliberately made a malfunctioning sensor warning to a critical system a paid optional add-on.
patch (Score:4, Funny)
if (crashing() && uncrashFeatureEnabled()) {
uncrash();
}
No, no, no... (Score:3)
If
{Audio.conv.facebook.newposts == "Oh my god, we're gonna die!!!" >120
}
then
{
Push.stick.omg.enable==1
Set NOCRASH=1
Reset OMG mode
}
endif
*note for the pedantic: this is not code. :)
Re: (Score:2)
Re: (Score:2)
disable(MCAS);
}
Changes to the MAX flight controls ... (Score:5, Funny)
Before engaging MCAS the control software will display an animated dialog:
Clippy: It looks like you're plane may stall. Would you like help?
Re: (Score:2)
I'd give you the funny mod if I ever had one to give. (I think the comment that currently follows this one is also bidding for a funny mod, but I'm not getting the joke yet...) Anyway, I just wrote about a reincarnation of Clippy, though I wasn't joking.
If I was a comedian, I'd try to come up with a funny expansion of MCAS. Something like Mud Capture Attack System.
Re: (Score:3)
I'd try to come up with a funny expansion of MCAS.
May Cause Air Sickness
Re: (Score:2)
I'd try to come up with a funny expansion of MCAS.
May Cause Air Sickness
May Cure Air Sickness. It's hard to have air sickness when you're smeared across the runway as a chunky paste.
Re: (Score:2)
How will they certify it? (Score:2)
So, the FAA previously left the MCAS certification (along with other systems) to Boeing engineers. Is this how the "fix" is going to go through again? Normally they should go back and have FAA engineers redo the certification of every 737 Max system that might affect safety. ;)
But that would take years and FAA/Boeing wouldn't like that, would they
And all the above is without talking about what is the major cause of concern: software trying to compensate for the hardware design shortcomings an airplane... We
Re:How will they certify it? (Score:5, Insightful)
As someone that has worked in both functional safety and off-highway vehicles.
How the fuck did this ever make it into production. Why is a 'second sensor' an upsell?
When given the option to completely update the cockpit to the latest and greatest with digital displays.
They chose to replicate the old mechanical dials so the pilots couldn't be retrained.
The entire thing from start to finish was rushed. Mechanical design comes first. There is no 'try and develop software in parallel'. A clean software design depends on a good mechanical design.
The plane should have been a white board redesign, it should have been balanced such that a pilot could fly it stable with no avionics. This isn't a jet fighter.
But it was rushed because Europe invested in R&D and beat them to economy routes. How much money did Boeing C-suites make before 2011? During the 2009 crash there was a hiring spree by some companies because the market was flooded with cheap, good engineers that just got laid off. Companies invested in talent. Did Boeing?
People died because... Boeing sat on R&D from post WWII while making a ton of money so when Airbus released a good plane they scrambled to retrofit an old design by putting huge engines on an airframe causing it to pitch up but to appease its clients it added software to mimic the old plane behavior and tested it themselves and told the FAA they promise they did it right.
More or less.
Re: (Score:2)
If with good software you can reuse 80% plus of your previous design, why wouldn't you do it?
Re: (Score:2)
Outside Audit (Score:2)
That new software needs to be audited, source code and all, by outside experts. The first thing that was drilled into me in basic instrument flight training was never to fixate on one gauge. Boeing seems to have committed a transport category aircraft to just that.
apt update && apt upgrade (Score:2)
Done.
Re: (Score:2)
Not an implementation problem (Score:2)
The problem isn't implementation bugs, it's the basic design that gives the autopilot control authority over the pilot. This exact sort of accident has been with us since the introduction of the first A320 (the first fly-by-wire aircraft where the autopilot could overrule the pilot's control inputs). The fix is in 2 parts:
Re: (Score:2)
The first A320 accident showed that a fly by wire aircraft that overrides the pilot actually saves lifes.
The pilot actively tried to stall the aircraft. Had he succeded, there likely would have been no survivors. Since the aircraft fought the pilot, it managed to decent much slower and onto the top of the trees cushioning the impact, only killing three people.
This is why the flight control systems must disregard the pilot's inputs if they would put the aircraft outside of its flying envelope.
https://www.fli [flightglobal.com]
Re: (Score:2)
Not really, it's in the setting "Controlling input when commands from MCAS conflict with inputs from pilot: Obey pilot? Obey MCAS?". The "Obey MCAS?" option should simply be removed, then the other settings simply control how often a reportable incident will occur and not whether the aircraft will crash. At least as long as the pilots themselves know how to actually fly the aircraft, and if they don't that's not a problem that the aircraft's control software should be even trying to solve because, as a soft
Boeing screwed up ROYALLY (Score:2)
Boeing screwed up ROYALLY and they'll pay for this, likely to the tune of hundreds of millions of dollars.
This was an egregious engineering fuckup that was completely 100% avoidable. So many mistakes, it's horrendous and shameful for a company like Boeing to implement these insane design choices.
Basic SOL and mission-critical applications are always always ALWAYS supposed to use a minimum of two sensors and in most cases they should use three (with an arbitrated voting system).
In addition there was very lit
Re: (Score:2)
Boeing screwed up ROYALLY
Certainly.
and they'll pay for this, likely to the tune of hundreds of millions of dollars.
Should be more in the billion(s), total including indirect costs (decline in orders, reputation, stock, ...). But we'll see, what actually happens. Boeing being a national treasure...
Primtive, but good ideas (Score:2)
Re: (Score:3)
Passengers will keep debugging.
This is the global trend. But unfortunately that pattern does not apply well for aviation (or medical)
Offer a bug bounty... (Score:2)
Bug Bounty. (Score:2)
Real fix is already in (Score:3)
Can anybody imagine a 737 MAX pilot being anything less than viscerally aware of the problem and what must be done to fix it? Anything else being done is gilding the lily. Of course, turning off MCAS with an AoA sensor mismatch simply makes the job easier for the pilots. Now, why do they disagree? Are they really AoA indicators or something else entirely? Why aren't there three if you're going to use them in a flight safety critical manner?
{^_^}
A software fix could have used both sensors? (Score:5, Insightful)
The depressing (or incriminating?) part here is that the fix didn't require any hardware modifications, as I would have expected. I assumed that there was some cost/weight issue to having the MCAS have access to the left and right sensors. But nope, it could have compared both.
If it can be fixed with a software fix, then it could have been done right from the start without any extra hardware costs of production.
Very damning.
I get so tired of the reports calling clear software/algorithm bugs "computer glitches."
It's akin to blaming every pilot error situation on the plane.
Just as with hardware design flaws, software design flaws should have repercussions for the manufacturer, and not written off as "oh, one of those computer glitches!" If your computers are glitchy, don't put them on my plane, thanks.
Re: (Score:2)
Similarly, I was shocked to see that the standard procedure for flight computers acting up was to simply re-power them. Computer hardware/software should be made reliable enough that you don't need to do the "Windows thing" of rebooting regularly to keep it operating. Circuit breaker instead of power switch, but the same deal, really.
Who needs Skynet... (Score:2)
I have a dream (Score:2)
"I dream of a world where a chicken can cross the road without having its motives questioned."
Re: (Score:2)
can the chicken cross the road with a faulty sensor?
Re: (Score:2)
Evidence suggests it's more likely to tunnel underneath.
Re: (Score:2)
I have a dream where no chicken is afraid to walk across the road.
Re: (Score:2)
I live mostly in Thailand, and trust me, they are not scared to cross the road.
You already have trouble to explain to the dogs sleeping on the road that my tire is bigger than him ... and then don't mind the buffaloes. There is one buffalo that is always dreaming somewhere on the field. When his herd goes home, he misses it often. No idea if he is def or something. As soon as he realizes he is alone he gallops over the field home, up the small slope to the road then with full speed over the road.
So far he
the PHB is not an Professional Engineer! also H1B (Score:2)
the PHB is not an Professional Engineer! also an H1B can take your job if you don't ship now.
Re:Why wasn't it done in the first place!? (Score:5, Informative)
Re: (Score:2)
You've confused MCAS with something else.
The only "control grabbing" you can do to stop MCAS is to grab the stabilizer trim wheel while it's spinning and physically stop it. Which only to be done if cutting the power to the stabilizer trim motor doesn't fix the problem.
To be fair though, the pilots should have noticed the trim moving by itself and pitching the plane down. If they didn't know why it was happening they should have gone through their runaway stabilizer trim checklist, which every 737 pilot sho
Re:Why wasn't it done in the first place!? (Score:5, Interesting)
Actually, it's more confusing, and that's the problem.
If the pilot manually re-trims, MCAS is overridden for 5 seconds, then it adjusts the trim again. It's not hard to see how the pilot might mis-identify the ongoing problem as a recurrent momentary problem.
Re:Why wasn't it done in the first place!? (Score:5, Informative)
And according to Boeing's simulations, they only had forty seconds between stick shaker activation and a rapid unplanned deceleration, so...
Re:Why wasn't it done in the first place!? (Score:5, Interesting)
Why wasn't this done in the first place!? It is an industry standard to use redundancy for life critical applications. They have redundancy already, why didn't they use it?
Also: Applying the patch creates TWO single points of failure for the system. If EITHER of the angle of attack sensors fails, goes off-calibration by more than 5 1/2 degrees, or angle of attack at the two sensors differs by more than that small amount, the MCAS will shut down.
The MCAS is there to bring the nose down if the aircraft is about to stall, which it is prone to do because of the relocation of the engines (relative to the previous model) forward and up, along with the reshaping of their nacelles. With the MCAS shut down the aircraft is back to having a risk of a sudden stall, which can ALSO cause it to have an "uncontrolled flight into ground" if it's too low for the pilots to recover (which is pretty darned high).
As with aircraft carrier naval groups, continents also ALWAYS have the right-of-way over airliners.
Re: (Score:3)
The difference is that with the patch, it fails to a less unsafe condition compared to before the patch, with a warning light now to let the pilot know he'll need to be more vigillent. Before the patch, a single failure would cause the plane to repeatedly try to crash.
Re: (Score:2)
Does anyone know if Lennart Poettering designed the MCAS? It reminds me of pulseaudio a lot. It is a system built to solve some problem but it has so many problems of its own that the best solution to any problem is to turn it off... which leaves you with the original problem.
Re: (Score:2, Troll)
Nothing is wrong with the aircraft beyond the MCAS system's design and human factors aspect of how it works in a specific failure mode. There is no need to send these aircraft to the scrap yard, yet...
Arguably the pilots flying the two ill fated flights where not up to par and better training could have saved them, what I see happened is the lack of training ran headlong into a human factors issue of the MCAS design. The failed system confuses pilots, the human factors part of the design sucked badly eno
Re:Look at all the Boeing Apopogists (Score:5, Insightful)
The MAX 8 will be one of the safest planes in the sky after this design review is done and the software gets updated.
A plane where the engines have to much power and push the nose so far up that the plane can stall: does not sound safe to me.
Re:Encouraging news. Still nervous. (Score:5, Informative)
The amount of pitch up with the newer more powerful engines got to a point where when the plane is already at a high angle of attack, the elevator don't have enough authority to counter act it. The entire rear stabilizer needs to be moved using the stabilizer trim.
Other planes have larger elevators or less pitch-up under full thrust.
Re: (Score:2)
The amount of pitch up with the newer more powerful engines got to a point where when the plane is already at a high angle of attack, the elevator don't have enough authority to counter act it. The entire rear stabilizer needs to be moved using the stabilizer trim.
Other planes have larger elevators or less pitch-up under full thrust.
The moving of the entire stabilizer is how this is done in most commercial aircraft and is not unique to the MAX. There is a "jack screw" that adjusts the angle of the horizontal stabilizer in many aircraft that is driven by the trim system. This arrangement has been standard fare for aircraft design for a very long time and I've seen it used on aircraft from the 60's and I'm sure it was in use long before then. Again, this is not a unique arrangement to the 737 MAX, but very common due to it's aerodynami