[dataflow]

You're quite mistaken AFAIK.

> The failure mode was a multiple independent root cause sequence of low probability events. If I remember correctly there were about 200,000 flights before it was grounded after two airframe losses which is a failure rate of 1 in 100,000 flights [...]

> preventing these types of problems

"1 on 100,000" is not a "type of problem".

Just because an event is rare that doesn't mean it's some kind of niche scenario that's hard to prevent.

If you actually look at reports of what they did wrong (which you did not do at all), you see there were plenty of actions that went against safe engineering judgment. (And no, I'm not referring to mine or other randos', but those of actual engineers and pilots.) They blew past multiple safeguards in the process, which made unlucky events fatal. It didn't need to be that way, and it wasn't that way for other planes either.

[Veserv]

First of all, I am not excusing how horrendous the 737 MAX failures were. They were a total failure of the safety regime. As I said, they were 100x-1000x worse than other planes which is a unacceptable safety regression. I am attacking the notion that the problem was "stupid" and thus easily fixed; no, the problem was very hard and thus needs a significant overhaul of their safety processes.

So, to get onto the main point, I disagree. The people who say things like "crude" or "stupid" mistakes are literally making the implication that the decision-makers were idiots.

"there's no way that anyone with half a brain wouldn't have an absolute air gap"

"After the Boing [sic] 737 Max disaster you still believe plane manufacturers don't make crude mistakes?"

That is a direct reply implying that the Boeing 737 MAX disaster is evidence that plane manufacturers do not have half a brain and make basic mistakes. That is a extremely dangerous perspective because it implies that the problem would not have occurred if they were not being stupid. I most commonly see this argument being put forward by commercial IT software developers who generally assume they have a whole brain and thus "if only the airplane people would adopt best practices" these dumb problems would be avoided.

This could not be further from the truth. The processes Boeing used when developing the worst catastrophe in a decade were still tens to thousands of times better than the moronic processes usually employed in software companies and were still likely better than the processes employed in basically every other safety-critical industry. That does not excuse their failure. They did 100x worse than everybody else and 100x worse than their past.

What it meant is that they needed to significantly overhaul the safety processes that lead to such a failure and re-adopt the old processes since their new processes were unacceptably terrible. It did not mean that any random person on the internet who, having seen the extensive post-mortem in hindsight, thinks they would not make the same mistake has even the foggiest clue about actual safety-critical development.

Downplaying how hard safety-critical development actually is does a great disservice to the amount of care actually needed to do it right. It leads people to think it is not actually that hard and then kill people in their ignorance. The message is that the amount of care Boeing spent to create a death-machine is probably 1,000x more than the amount of care you are putting in (if you are not making a safety-critical product); 1,000x more is a death machine, are you sure you are not going to kill somebody?

[avar]

> The people who say things like "crude" or "stupid" mistakes are literally making the implication that the decision-makers were idiots.

No, it really is just stupid, and that's not a claim that any individual cog in the machine is stupid.

As the saying goes: "None of us are as dumb as all of us". You can have dumb outcomes even though every individual step of getting there wasn't that dumb.

I touched on this in an upthread comment, but if airplanes worked like cars then your driving license would only be valid for one model of car. Now, you're a Ford F-150 owner who got his license in the mid-80s, and you'd like to buy a new car today.

So of course you're going to be biased towards the 2024 F-150, because Ford's implemented a complex system to have the newer model pretend it's a 40-year old car. It'll handle like your 1986 F-150, even though the length, weight etc. of the car is drastically different.

This is going to work really well, right up until it doesn't, because something's going to have to give when you've got a driving simulator on wheels.

Type ratings should exist, because it makes sense to treat minor iterations in design as the same airplane, and e.g. only re-train pilots on the specific things that were changed.

But if you look at the evolution of the 737[1] there's just no way to claim with a straight face that a 2024 model of that airplane is in any meaningful way the same airplane as the original 737. It's got 109% more thrust, it's over 50% longer, almost 30% wider, and has >75% more takeoff weight.

Once you peel back the layers of obfuscation that claim is the reason for the 737 MAX disasters. The system that failed (MCAS) doesn't need to exist in the first place, it only existed to maintain this continuity of type rating.

1. https://en.wikipedia.org/wiki/Boeing_737#Specifications