[drawkbox]

On top of that there was a single angle of attack (AoA) sensor active that was complained about and failed hundreds of times. [1]

Not only is that a single point of failure, it is more easily sabotaged or easily damaged.

Besides the fact the plane has engines too big for it and needed this MCAS system simply to retrofit and route around regulations and deal with that by constantly checking the AoA to trigger nose down adjustments, this is bad engineering/product design by management.

The software now takes two sensors into account in case of a failure of one but is still a problem potentially. Not sure if software can solve this.

[1] https://www.cnn.com/2019/04/30/politics/boeing-sensor-737-ma...

[J-dawg]

In the original design, wasn't there an optional safety feature that added a second AoA sensor? It seems unbelievable, and is possibly one of the most ridiculous things about this whole story.

Presumably as part of the update, this optional feature has become standard?

I'd also like to see a list of all the airlines that chose not to spec the additional sensor in their initial order of the aircraft. It probably says a lot about their safety culture.

[detaro]

From what I understand, the plane always has two sensors and MCAS always only used one of them (with Boing arguing that the pilot was the "redundancy"). The plane was supposed to show an alert when the two sensors disagreed, but Boing made a mistake and that alert only showed when the airline had purchased an additional add-on package to show the sensor value in the pilot display. Boing discovered this in 2017, but did not consider this a safety-critical defect and thus didn't inform anyone or prioritize a fix, despite internally also assuming that the pilot realizing the issue within seconds was the redundancy for correcting MCAS.

[alavesto]

Boeing's expectations for pilots recovering from an MCAS error were criminal. With an erroneous AOE reading, MCAS would immediately and repeatedly force the nose down. Pilots, not even told that MCAS existed, would somehow need to quickly recognize it as a powered flight control problem, cut off power to the stabilizer, and use the manual trim wheel to raise the nose - which can be physically impossible at high speeds in a nose-down attitude.

No rational person would think this system wouldn't kill people. The people responsible committed manslaughter.

[J-dawg]

Thanks for that explanation. I think this was misreported at the time (or I just wasn't paying attention!).

In a way what you described is worse: a known bug that they decided not to fix.

I'm surprised that displaying the sensor value wouldn't be a standard feature.