|
|
|
|
|
|
by nicholast
1591 days ago
|
|
|
This article highlights a few fundamental flaws: - design certification treated as "just another 737" which ignored fundamental deviations in hardware and software, complicated by safety certification by manufacturer instead of public employee - hardware design including a "dynamic instability" in which
airplane approaching an aerodynamic stall had a tendency to go further into the stall due to lift produced by the oversized engines at high angles of attack, which was intended to be mitigated with software - omission of using multiple inputs, including the opposite angle-of-attack sensor, in the computer's determination of an impending stall - a changed philosophy about human/machine interaction from humans winning a battle of the wills every time to computers winning a battle of wills in cases of envelope protection The final item is perhaps the one most fundamental to other cases of safety critical human machine interaction designs. If we are signing over agency to machines for envelope protection, that means we need in advance to understand every potential edge case scenario where that envelope may be mis-framed. Such comprehensive foresight in some environments may be intractable. For the 737 this was exasperated by the presence of an inherent source of instability originating from hardware design. |
|
|