[breadwinner]

> They are complex machines, but they typically have so many redundancies

But Boeing reduced redundancies, presumably to cut costs. The 737 MAX planes that crashed only had one AoA sensor. Where else did they cut costs? Where else did they reduce redundancies? The public trust has been lost. Boeing needs to design a new plane from scratch, this time let engineers design the plane without interference from accountants.

[Reason077]

The 737 MAX, like all 737s, always had two AoA sensors. The problem was that Boeing engineers wrote software for the 737 MAX which could make critical flight control inputs based on the data from one sensor only. And didn't really tell pilots about it.

The fix, amongst other mitigations, was to have the MCAS software cross-check inputs from both AoA sensors.

[dotancohen]

The airplane could have a dozen AoA sensors, but if the software is ignoring 11 of them then there is only one actual AoA sensor for purpose of discussion. Even if the sensors are used for other aspects, such as pilot instrumentation.

And yes, I understand perfectly well that this invalidates the idea that the second sensor was "eliminated" to save cost - but if I remember correctly there was a paid option to have the MCAS consider both sensors. So there was a financial aspect to the decision. Someone please correct me if I'm wrong.

[salawat]

Close! AoA disagree hazard light was an optional feature. In the original implementation, the Flight computer in command, either the one on the pilot's side, or the one on the copilot's side (alternated on power up), were fed input from only the AoA sensor they shared a physical link with.

The optional feature was essentially networking the two ststems such that the data would be fed to the FCIC for warning light activation, so that pilot's could start running the right checklists.

[dotancohen]

Thank you.

[uuddlrlrbaba]

Still, when two sensors disagree how do you determine which sensor is correct? Really 3+ are needed

[DrFalkyn]

Ask the pilot ?

[shiroiushi]

Can't do that: the pilot can't be allowed to control, or even know about MCAS, because that would affect Boeing's ability to claim the plane is "just another" 737 and that the pilots don't need retraining. Giving the pilot the ability to control MCAS means the pilots all need retraining.

[slavik81]

That's certainly the regulatory logic, but I feel like the entire idea of hiding critical systems from the pilots may have been a bad idea from the beginning. Regulators should never have even entertained the idea of using active compensation systems to maintain the type class.

[anticensor]

They already received training on MCAS once they got 737 MAXes, albeit a short superficial one (1 hour of lecture&1 hour of simulator training iirc). Hence "cannot be allowed to know" does not apply anymore.

[shiroiushi]

Yeah, and that's wrong. It should apply. Pilots should not be allowed to know, because that means this is a different plane than the one they were rated for. And so, since the plane can't be flown safely without proper training, the planes should not get the same type rating as the old 737, and either 1) they should just be demolished, or 2) they should be considered an entirely different plane, with all the training requirements that entails. The regulators completely failed here, and by allowing this are showing they're corrupt.

[uuddlrlrbaba]

The pilot is managing takeoff at 1000ft

[schlauerfox]

This is VERY bad engineering practice, you throw away knowns for unknowns. A blue sky design isn't a fix. Especially if your corporate culture has the wrong leadership. First year engineers take engineering economics for a reason. Money is always an object.

[breadwinner]

Is there never a case where it is cheaper + better to start over? I think sometimes there is. The design of 737 MAX was flawed from the get-go. They made the engines bigger because bigger engines run hotter and burn less fuel. Ordinarily this would require the fuselage to be raised as well, so that the bigger engine can fit under the wing. Instead they changed the position of the engine. Instead of being hung under the wing, as in earlier models, the engines have been moved forward and upward, potentially leading to an aerodynamic stall under certain circumstances. Instead of going back to the drawing board and getting the airframe hardware right, Boeing relied on something called the ‘Maneuvering Characteristics Augmentation System,’ or MCAS. [1]

It's just poor design. If software fails, then any plane should be designed to have a neutral center of gravity in order to give the crew the greatest amount of time to recover from the loss.

[1] https://spectrum.ieee.org/how-the-boeing-737-max-disaster-lo...

[Retric]

Never is a loaded word.

It’s almost impossible for a completely fresh design to be safer on day one. There’s so many different ways to fuck up many of them are counterintuitive because nobody ever considers if someone could install this backwards until someone does. 20+ years of debugging written with people’s lives tests just about everything in a way engineers never really think about

[breadwinner]

The difference here is that 737 MAX has a flaw (forward positioning of the engine) that cannot be fixed as a "bug".

[ianburrell]

The flaw was fixed with MCAS. The problem that caused the two crashes was that pilots weren't trained on the new system because Boeing wanted to act like it was the same plane. The pilots didn't know what was going on or how to disable MCAS when it started misbehaving because of bad sensor.

With training, improved systems, and redundant sensors, MCAS should be safe. There are other planes that have similar systems. And there procedures for disabling bad sensors or misbehaving sensors.

I'm not sure if MCAS is necessary, there is some indication it is only there to mimic older 737 and plane would be safe without it and with training.

[Retric]

You can definitely treat it as a design flaw and fix it without impacting most systems.

Designers need to make radical changes before cockpit windows would need to be updated. That specific example may not seem like much but there’s a lot of safety critical engineering that goes into such things and yet design flaws where still uncovered.

[breadwinner]

Sure you can bring over the "good parts" of the old plane, but if this design flaw is fixed then it is essentially a new plane. They will no longer be able to pretend it is the same as the old 737s (and that's what got them into trouble).

[burnte]

Yes. A place design that's 70 years old has had THOUSANDS of bugs fixed. I'd rather fly on a new 737 than an "all new 797 or A390".

Side note: I know there isn't a 797 or A390 yet, that was the intent of the statement, a future unknown plane.

[Reason077]

All-new aircraft designs are only certified to fly after many years of rigorous analysis and testing. It was Boeing's desire to avoid the full expensive certification process, by claiming that the MAX was just a minor update to an existing design, which led to two catastrophic crashes in the space of a few months.

On the other hand, no 787 or A380 has ever had a crash or incident that resulted in a passenger fatality or hull loss. This LATAM flight is probably the most serious incident that has ever happened on a 787 in almost 10 years of service, with over 1100 aircraft active.

[stouset]

> On the other hand, no 787 or A380 has ever had a crash or incident that resulted in a passenger fatality or hull loss.

There have been nearly 10x as many 737s built as 787s and A380s combined. Given the date of first flight (1967 vs. 2009 and 2203, respectively) it is safe to say they have been flown for significantly more than 10x the total flight hours. Probably at least 20x but I’m pulling that number out of thin air.

The data is certainly promising but it’s probably a little too soon to be too confident in relative safety comparisons. For one, we don’t have nearly as much data on those newer airframes as they age.

[rob74]

There are two recent accidents that show how much new airplane designs (and better safety measures) have improved survivability of accidents: Emirates Flight 521 (https://en.wikipedia.org/wiki/Emirates_Flight_521), a Boeing 777 that crashed in Dubai in 2016, where all 300 people on board survived (although un unfortunate firefighter lost his life); and the A350 that collided with another airplane while landing at Tokio Haneda airport in January this year - if you look at the burnt out airplane (https://en.wikipedia.org/wiki/2024_Haneda_Airport_runway_col...), it's hard to believe that all 379 people on board made it out alive...

[weweersdfsd]

The problem is quality control of production and new features. It doesn't matter how old most of the design is, if someone messes up in the production line, or if new features are not adequately tested like in case of MCAS.

Lack of QC is why I'll gladly choose any Airbus over any new Boeing.

[cesarb]

> The 737 MAX planes that crashed only had one AoA sensor.

IIRC, it had two, but each of the computers only used the sensor on its side; which was OK for the original (pre-MAX) design because of they way these sensors were originally used by it.