Edit: To be clear, while this was 10 years ago and noone died, this incident seems to me to be a bit worse than the issues with the 737 MAX in that with the A330, there is no shutting off the systems that caused this issue, as they are part of the flight controls. Fortunately the causes were investigated and while the exact cause of the issue was not identified, the computer systems were updated to deal the fault scenarios identified in the investigation.
That one was a case of electronic gremlins in one particular plane together with a quite particular edge case in the software, based on reasonable assumptions.
> So why fly on a 737MAX when any other plane out there is safer?
Well no one can fly one right now as they are all grounded. However, once they get approval for a fix from all countries, the airplanes get updated with said fix, and the pilots get whatever training required for the fix and thus can start flying again, why not fly them? Presumably, that failure type should never happen again and its record seems fine outside of this 1 problem.
>However, once they get approval for a fix from all countries
That's a big assumption. The planes are already unmanageable, even if MCAS is fixed: human pilots aren't strong enough to turn the trim wheels manually in an emergency.
>and the pilots get whatever training required for the fix
I don't see how this is possible without forcing pilots to get a totally different type rating for this aircraft. That's the whole reason they put MCAS in there in the first place: to avoid a different type rating, which would require an expensive add-on certification.
> The planes are already unmanageable, even if MCAS is fixed: human pilots aren't strong enough to turn the trim wheels manually in an emergency.
Operation of the trim wheel and the forces acting on it are the same as the 737 NG. If this worries you, you shouldn't take any 737.
The wheel in that video can not be turned manually because of the aerodynamic forces acting on it. Pilots are trained extensively to recognize a runaway trim condition and stop it before it gets to that point. At lower angles a roller coaster maneuver can be used to turn the trim manually.
The MCAS was definitely poorly designed but everyone is downplaying the poor pilot response and maintenance issues involved with the crash. Lion Air pilots flew a plane with a stall warning going on for a full hour instead of landing ASAP. Then when the plane got to the ground, the company saw it fit to fill it up with people again and fly it with a critical system malfunctioning due to unknown causes.
They dodged responsibility because boeing had a serious design issue but their behavior was criminal, even more so than boeing. I wouldn't fly any lion air plane.
Boeing’s own testing assumed pilots respond to runaway trim situation within 4 seconds [0]. Beyond that, the MCAS will have put the plane in an aerodynamic position where the pilot forces required to manually stabilise are too great. 4 seconds is not a lot of time. The Ethiopian pilots were aware of the need to disengage the powered trim and use manual control. They just couldn’t force the controls enough given the position the plane was in. The 737MAX is a death trap. It won’t fly again without significant redesign.
On the other hand, the AOA sensor on the Ethiopian Airlines plane failed at takeoff, likely due to birdstrike. Birdstrike isn't supposed to crash an aircraft.
The speaker talks about trimwheel behaviour. Pilots train for runaway stabilizer trim, but that's continuous movement of the trimwheel, faulty MCAS looks much like regular speedtrim. Also, activating electric trim activates another round of MCAS. Obviously you shouldn't take Lion Air, but after this talk Boeing doesn't look safe now either.
Broadly speaking, I agree with you. I was responding to the hysteria about the trim wheel in this thread. I'm getting the impression that some users think the trim wheel, or its behavior under extreme aerodynamic conditions, is a "new" design flaw unique to the 737 MAX when in fact almost every airliner in existence has a trim wheel behaves like that.
The exception being modern fly-by-wire planes that simply don't have an option of manual override.
The speaker talks about trimwheel behaviour. Pilots train for runaway stabilizer trim, but that's continuous movement of the trimwheel, faulty MCAS looks much like regular speedtrim
Empirically, the Lion Air plane exhibited the same MCAS behavior on its last (successful) flight. So it's at least possible for pilots to recognize it as a runaway trim and act accordingly.
Obviously you shouldn't take Lion Air, but after this talk Boeing doesn't look safe now either.
After reading the Lion Air report my conclusion is that the MCAS was poorly designed but it's also an easily fixed problem on an otherwise safe design and there's so much focus on boeing that they will take action and fix it. Meanwhile nobody cares about Lion Air and if they keep flying broken airplanes eventually they're going to kill more people, with or without MCAS.
The 737 should have been retired decades ago. It's an utterly primitive aircraft, and its cockpit hasn't changed significantly since the 1960s. Newer Boeing aircraft don't have those trim wheels at all. Even the old DC-9 didn't have them.
Yes, the plane might require expensive training and expensive modifications. It may even have to get completely scrapped if the changes are deemed uneconomical to deploy.
With all the different government agencies going to be manually inspecting the updated plane themselves, the MCAS problem is going to be put under a microscope by dozens of different countries and if they do approve it and deploy it, then I am going to take there word for it as having mitigated the MCAS problem and won't care about stepping on a 737 max as its track record outside of this 1 problem is fine.
If it does not get approved or deployed, then who cares because you won't even have the option to fly it as it will stay grounded. Regardless of what happens, checking what plane I will be flying on will not impact my decision when choosing flights.
What if it does get approved, but only by some countries? So, for instance, suppose the US approves it, but China and the EU don't? Then, it probably won't stay grounded, because this plane is usually used for shorter-distance travel. Southwest Airlines, for instance, exclusively uses 737-type aircraft, and all their travel is domestic US, so an EU ban wouldn't affect them at all.
I for one wouldn't feel too confidant about the FAA approving this plane with the EU regulators refusing to, considering what a criminally-negligent job the FAA did in approving it in the first place.
> I don’t know the same about my car, which is why I’ll take it over a Max any day
"ignorance is bliss"
If you knew how much software went into a car vs. an airplane, you might think twice. Airplanes seem more complicated than cars, but software-wise they are much simpler. Cars have millions upon millions more SLOC than airplanes. You think MCAS is bad, how about cars that have sudden loss of steering, emergency brakes that mysteriously engage, or a throttle that can't be disengaged?
Serious design flaws in airplanes are these big dramatic events. Serious design flaws in cars pop up in the news every day, and we just ignore them [1][2].
Software flaws in cars usually aren't fatal. If your car has a failure, you just pull over on the side of the road. You can't do that in an airplane.
>how about cars that have sudden loss of steering
Citation needed. I've never heard of a car having this problem, and it's generally impossible because there's a mechanical link between the steering wheel and the front wheels.
>or a throttle that can't be disengaged?
Citation needed. I've never heard of this happening where it's been proven to be real and not a publicity stunt. All the problems with "unintended acceleration", including on Toyotas a while back, have been shown to either be people using aftermarket carpet mats, or even people faking it. What's more, turning off the car in an emergency is not hard, even in push-button-start cars. Now of course, we can blame some wrecks from faulty systems on poor driver training, drivers who just aren't very good, drivers who can't handle an emergency, etc. This simply does not apply in an airplane: pilots go through a LOT of training to get that job, so if they crash anyway, that points to an unforgivable mistake in engineering or manufacturing.
> Citation needed. I've never heard of a car having this problem, and it's generally impossible because there's a mechanical link between the steering wheel and the front wheels.
That's not a loss of steering, that's a loss of power assist. You can still steer a vehicle just fine without power assist; you only need the assist at very low speeds.
I've driven a car with intermittent failure of power steering, it's not impossible and at higher speed, the wheel provide stablization on their own already.
And it's actually comparable to the _intended_ failure mode of a 737 Max. If the system fails you can't let the computer control the trim, so there are manual trim wheels provided and you switch off electronic trim. Like the steering wheel of a large modern car, these wheels are mechanically connected to the thing you want to change but if you're feeble like me you'll struggle to even move them which is why the computer was in the loop.
As I understand it large trucks existed prior to power-assist, they just hired big strong chaps who could wrestle the steering.
We probably don't want (and Boeing doesn't want) to make 737 Max certification have a "Physical strength check" where you need to exert so-and-so much turning force for so-and-so many seconds or you can't fly their plane. So probably trim wheels need a re-think, whether that happens as part of the 737 Max work, its immediate aftermath or not for years because this incident scares manufacturers away from changing anything about trim.
Seismic shifts in safety considerations do happen, we haven't seen the last of them. And they aren't always ultimately for the better. Titanic had a few effects, many of them really good, but one notable one is that it pushed the narrative that you need to provide and test a LOT of lifeboats on an ocean liner. Titanic, as you can probably all recite, did not have enough lifeboats. But in practice lifeboats are very much a last resort for an ocean liner captain. You've got a whole lot of civilians who are incompetent at sea at the best of times, probably panicking and now you're trying to successfully get them into smaller boats under supervision of a relatively smaller number of crew. Some of them are likely to be injured or even die. A ship's master would prefer _anything_ over putting passengers into lifeboats, except them all drowning. Almost always the sensible course of action, taken by the ship's master, will be to take the still working ship to any port and unload the passengers. Yes even if the ship is somewhat on fire, or has grave engine problems, almost anything except actually sinking right now.
Meanwhile just owning the lifeboats means your crew have to keep testing them and servicing them, each time also has a chance of injury or death as crew fall into the water, boats fall on the crew, and so on. So owning a suite of lifeboats for your ocean liner (which you weren't planning to crash into an iceberg at any time) is probably a net negative in terms of injuries and deaths.
>We probably don't want (and Boeing doesn't want) to make 737 Max certification have a "Physical strength check"
Actually, I think they absolutely should. And then it should be made illegal to have a plane that has any such requirements, so these planes should be deemed unairworthy, and Boeing should be forced to scrap them. Either that, or female pilots should be able to claim discrimination, and every female or otherwise not-strong-enough pilot should get a free lifelong chief pilot salary as part of the settlement.
Basically, this plane should never have been built. It's a 1960s design, and because of crappy regulations that allowed this, Boeing kept making this 1960s tech because it was "grandfathered". Newly-built planes should not be allowed just because they were OK 50 years ago, when they aren't good enough according to modern standards.
Software flaws in cars usually aren't fatal. If your car has a failure, you just pull over on the side of the road. You can't do that in an airplane.
Many modern cars have computer control of brakes, accelerator and even steering, so a software flaw could stop you in the opposing lane just as you start to pass a car, or accelerate and steer you into a bridge pillar (and since that car was already steering the car before that, the driver may not be able to react in time)
mechanical link between the steering wheel and the front wheels.
Steer by wire is becoming much more common. It’s already in luxury cars and, like most features, will probably eventually trickle into economy car designs
You’re right. I was conflating electrically powered steering with steer by wire. In either case, EPS relies on software to determine the amount of force/torque rather than hydraulic/mechanical means.
I did see one source indicating a roughly 25% increase in steer by wire by 2026, but it’s behind a paywall so I’m not sure how good that source is. According to a Tesla forum, there’s still a mandate for mechanical linkage
EPS has been used in economy cars for years now; most cars on the market now probably have it. The few laggards that don't have EHPS (electro-hydraulic PS), where software runs a pump that pressurizes the hydraulic system.
EPS has been on production cars now since the 1990s, and I've never heard of any software problems with those at all. In fact, it's probably been more reliable than hydraulic systems since it doesn't have so many moving parts, just an electric motor, and no hydraulic fluid to leak or get contaminated (due to not being replaced on time, a common thing for people to skip on maintenance).
Steer-by-wire is a no-go for now, because it's illegal to not have a mechanical linkage. That might eventually change when we get driverless cars, but there's no sign that those are coming nearly as quickly as many people used to think; there's just too many problems with them.
The Takata airbag issue wasn't ignored at all, it was a very serious safety issue. For defects of that magnitude there's the Department of Transportation, and there will be recalls to pull the faulty part out of circulation.
Catastrophic as in 300 people will not die due to the flaw, yes.
But one-off car fatalities that kill 1-3 people happen regularly and they add up. The self-driving variety pop up with the highest visibility but if you go searching you'll find tons of accidents where brake failure at highway speeds cause a fatal crash.
I do concede that distracted driving and alcohol play a much bigger role in the large amount of car fatalities than software flaws. But I still stand by my original assertion that you are more likely to die due to the effects of a software flaw in your car than due to a software flaw in the 737 Max.
How do software flaws in cars kill you exactly? The main example you bring up is brake failure at high speed, but that's not a software issue, that's a mechanical issue (and is oftentimes caused by neglecting maintenance on the part of the car owner).
Yes, there's the self-driving stuff, and there have been some egregious examples, but those systems also save lives by preventing accidents. Lane departure warnings, automatic braking, and electronic stability control all, on the balance of things, make driving much safer.
Braking systems have been partially modulated by software for decades, i.e. ABS, TCS, ESC.
Additionally, other software controlled systems can induce mechanical issues. For example, in the case of the Toyota unintended acceleration debacle, an engine at WOT typically does not produce vacuum. However, power-assisted brakes almost universally are vacuum-powered. So, if the software-controlled throttle gets stuck wide open, you lose power-assist to the brakes.
Power assist not working in the breaks doesn't really equate to loosing the breaks entirely. You can still use them to slow down unless the break wire or hydraulics are literally cut.
Software is increasingly controlling safety critical systems in cars so I would expect software failures to take up an increasingly large number of fatal vehicle faults going forward. On safety systems that have been using software for decades, one can find examples of such potential failures [1]
Only a heavy-software run car might (e.g. a Tesla autopilot or the Uber fatality). But I agree with you. I fail to see how software bug in a car would lead to a comparable outcome.
I don’t think most people realize how software dependent their “dumb” car is. From antilock braking to throttle response to steering response in some cases is largely controlled by software. It goes way beyond the infotainment systems we intuitively think of as software
I agree that cars are more safe now than ever before and that mechanical failure is more deadly than software failure.
The whole point of my comment was to put to bed the irrational fear of flying. You are still more safe travelling long distances in a faulty flight system such as the MAX than you are by car. There are just too variables to account for in cars, one of which includes increased software complexity.
The 737 MAX crashed twice and killed 346 people. It's not an "irrational fear" to refuse to ever fly in one again.
Secondly, what are the exact figures you're using to show that the 737 MAX is safer than cars? And now compare it to other planes, the more realistic comparison? I'm not taking planes to places that are within driving distance. The 737 MAX was waaaay less safe than other planes.
I think we have to stop segmenting our thoughts into “software” and “hardware” and instead look at issues like the 737 Max as an integrated system failure. “Software” failures can easily manifest themselves into hardware failures; thinking of them as separate systems can lead to a complacency mindset of “its just software so we don’t have to be as rigorous in our design”
In addition, there's no evidence that Airbus planes have design flaws as bad as MCAS. So why fly on a 737MAX when any other plane out there is safer?