[danso]

From my complete layperson perspective, this flawed-sensor/autopilot failure feels even more inexplicable than Tesla's Autopilot failing to stop for stationary objects. In the latter case, I can grasp how it's difficult -- or at least an open-ended problem to train a system to distinguish such objects in real time. But the heuristics for stable flight seem much more bound to hard-coded heuristics and physical facts -- isn't there a calculable, mostly-predictable limit -- for any given altitude -- to how much a plane can correct for a stall by nosediving. And when this limit is approached, shouldn't the plane's autopilot cede more control to the human pilot, if there's no indication that the pilot is otherwise incapacitated?

But it sounds like there's still a lot of unknowns about sensor readings and chain of events -- for all we know, it's possible the plane made a reasonable auto-correction, but the pilots misinterpreted the sensor readings and inadvertently caused the plane to go into an uncontrollable dive. Given that this is the Boeing 737 Max 8's first major crash, and it happens to be with one of the most unsafe budget airlines, it seems premature to say Boeing is at 100% fault. OTOH, 1 crash/189 deaths of a new plane, of a model that has had just 2 years of service so far, is not a statistic that justifies giving Boeing the automatic benefit of the doubt.

edit: Also, the Lion Air plane was said to have had the same major glitch with its airspeed indicator in all of its 4 final flights [0]. Even if Boeing's design is found to have shortcomings, Lion Air choosing to not ground the plane despite 4 consecutive flights of buggy behavior is a huge indictment of its safety culture.

[0] https://www.popularmechanics.com/flight/airlines/a24568956/l...

[simias]

I'm not saying that you're wrong or that one couldn't come up with a better algorithm but at the same time I wonder if it's a good idea to have ultra-complicated heuristics in something like an airplane. For one thing a complicated heuristic with many inputs and weights is a lot harder to validate and can lead to strange and unexpected failure modes.

Besides that the problem of having a very clever autopilot is that it makes it a lot harder for humans to react appropriately when it messes up, because they both don't expect it and are more likely to panic. The Tesla autopilot accidents are good examples of that, those have seen would've been easily avoided by a human but because the autopilot was usually fine on its own the driver didn't react quickly enough.

An other much more tragic example is the Air France Flight 447 crash in the Atlantic where the autopilot detected a faulty sensor and disengaged and the two pilots managed to get the otherwise perfectly functioning plane to crash into the ocean because they basically freaked out and failed to understand what was going on.

That's a strange paradox in a way, as we move from fully manual to fully automated we have a strange "uncanny valley" for safety where the computer is clever enough to handle most situations which lulls the human operator into a false sense of safety. The operator pays less attention, eventually starts losing their skills and reflexes and then at some point, maybe years later, the computer messes up and you have a handful of seconds (if even that) to remember what you're supposed to do.

On the other hand a simple but predictable autopilot might not be quite as autonomous but at least it's easy to understand and anticipate, and it forces humans to remain attentive.

[rjvs]

If the sensors are giving the software false altitude readings, how would your heuristics help?

[village-idiot]

There’s more than one sensor, expecting one to give bad readings is something that should be handled.

[asdfasgasdgasdg]

This is my question: why just one AoA sensor? It seems like there is plenty of space on the nose to put two or even four. Their results could be averaged. Presumably the MTBF for any individual AoA sensor is quite low (if we're happy to fly planes with just one right now), so this shouldn't cause too much of an increase in maintenance burden.

I don't actually know how many AoA sensors there are, but the NYTimes article seems to refer to refer to them in the singular when talking about this plane.

[village-idiot]

Every article I’m reading says “AoA sensors”, which implies more than one. I think the flight computers did not correctly handle one of several sensors providing bad data.

[skgoa]

> isn't there a calculable, mostly-predictable limit -- for any given altitude -- to how much a plane can correct for a stall by nosediving. And when this limit is approached, shouldn't the plane's autopilot cede more control to the human pilot, if there's no indication that the pilot is otherwise incapacitated?

There is, but there will always be a dependency on sensors to feed the input values into these funcitons. Modern flight computers are far better at pretty much any flying task than humans. Other than communicating wiht traffic control and raising/lowering the flaps and gear (none of which are absolutely necessary), a modern airliner can take off, cruise and land entirely on its own, with no human intervention.

I agree that it's probably a combination of bad maintenance, a not quite perfectly fault-tolerant system design and human error of the pilots. One factor that hasn't been mentioned is that even the newest versions of the 737 contain ancient, obsolete technology. A newer airliner will probably have more redundant and more fault-tolerant systems.

[Piskvorrr]

Nope. Nope nope nope. It can, very theoretically, do each of those things, but it can't switch those modes, must not take off automatically (there's no safe way to do this, and therefore would be very illegal), and requires vigilance that's above manual w/r/t landing. Please stop perpetuating urban legends.

http://www.askthepilot.com/questionanswers/automation-myths/

[userbinator]

One factor that hasn't been mentioned is that even the newest versions of the 737 contain ancient, obsolete technology

You mean technology like... wings? ;-)

More seriously, the "ancient" stuff is such because its reliability has been proven over decades of refinement. "Don't fix what ain't broke," as the saying goes. The aerospace industry moves slowly for a reason. I'd much rather fly on an old maintained plane than the very newest.

[CPLX]

> Other than communicating wiht traffic control and raising/lowering the flaps and gear (none of which are absolutely necessary), a modern airliner can take off, cruise and land entirely on its own, with no human intervention.

Yeah no. This is obvious patent nonsense.

Relevant: I am a licensed pilot

[Retric]

A single operator handles multiple military drones. A large part of this is they can takeoff and fly to a specific location, and or land from a specific location on their own.

Their are many reasons a 747 is not setup to do this is, but it’s not technology that difficult. Ex: https://en.m.wikipedia.org/wiki/Autoland

[danielvf]

Just because other aircraft can to this today does not mean "a modern airliner can". No modern airliner currently has the capability to make remote controlled flights.

[JoeAltmaier]

Hm. Autopilots have been able to fly the whole plane for decades, from runway to runway. They're not permitted for whatever reason; there has to be a pilot in the seat. But honestly for most flights of airliners (not even just modern ones) the autopilot is in control almost all of the time.

Can they be remotely operated? I'm thinking putting a plane into autopilot has to be a remote operation by now. Its so trivial, how can they have left that out?

[mrguyorama]

They can't and don't fly runway to runway by themselves because even the smallest problem/perturbation/deviation from the norm knocks the plane out of the higher levels of automation and requires a human to intervene. The automation is great at making small adjustments to keep a plane flying stable, but give it a complicated, unknown airframe and it would fail miserably

[snowwrestler]

Military drones sometimes fail to do these things correctly, but it doesn't really matter because they are drones.

[Retric]

So do manned military aircraft. The military does a crazy amount of flying so you need relative rates for similarly refined systems* to really compare them.

* AKA older designs have better understood failure modes.