[boeinggggg]

You have oversimplified the Boeing one: their goal was to create an efficient plane to compete with Airbus without needing the expense and delays of a new type certification.

To do this they needed bigger engines on the same frame, which in turn needed to be mounted further forward affecting flight characteristics and requiring retraining. Retraining would be a sales killer so they hacked on some software systems to attempt to make the plane fly like an older 737.

Then they can just use an iPad training course for pilots to upgrade. The augmentation had to avoid the pilot knowing about (I think) the plane getting stuck in a stall at a too high AoA (this is where my memory might be off...) so the MCAS software uses AoA sensors to nose down based on the detected AoA.

The AoA sensors were never designed to be used for a direct life and death critical use case and sometimes they got stuck or failed. MCAS only used one as an input. If MCAS incorrectly asseses a nose down is required and the pilot follows their 737 training they are having their last day. That plane is going down.

Bascially people were murdered by Boeing so at every stage of this wretched plan they can make more money.

I think you are right but Boeing was more of perhaps the worst possible asshole design, and deserves it's own league.

[sokoloff]

> If MCAS incorrectly asseses a nose down is required and the pilot follows their 737 training they are having their last day. That plane is going down.

Boeing’s argument is that an MCAS trim runaway is able to be addressed by the (memory item) Trim Runaway checklist and the crew of ET302 correctly used the STAB TRIM CUTOUT on that checklist during their attempt to save the flight. They then undid that action, in order to manually command nose-up trim (also reasonable under the circumstances, though contrary to the checklist), then stopped commanding nose-up trim while leaving the trim runaway checklist item reverted, allowing MCAS to continue the trim runaway that they’d previously correctly stopped by following basic 737 training. Then the flight was lost.

Boeing did wrong here, but their argument was that if a 737 pilot correctly executed the emergency checklist that is drilled into them during initial type training and in recurrent training, they’d be able to overcome that emergency. That falls into at least the probably technically correct category to me.

(The yoke displacement method to disconnect the autopilot was not part of the emergency checklist for stab trim runaway.)

[pas]

Arguably the problem is that Boeing absolutely and utterly failed to do what they set out to do. After all, if the MCAS failures would present like the usual 737 runaway stabilizer, then the certified pilots would have been able to handle it as such. Since the "runaway MCAS" was a completely new phenomenon (one factor being the absolutely idiotic "on for a few seconds and then off for some" cycle).

And as we know the FAA also was clueless, as they approved Boeing's "safety analysis".

>>> Extensive interviews with people involved with the program, and a review of proprietary documents, show how Boeing originally designed MCAS as a simple solution with a narrow scope, then altered it late in the plane’s development to expand its power and purpose. Still, a safety-analysis led by Boeing concluded there would be little risk in the event of an MCAS failure — in part because of an FAA-approved assumption that pilots would respond to an unexpected activation in a mere three seconds.

And, just to drive whatever point home, on top of all this the FAA completely dropped the ball, because it did not notice that they allowed Boeing to break their own base conditions which in effect invalidated the safety analysis.

>>> As Boeing and the FAA advanced the 737 MAX toward production, they limited the scrutiny and testing of the MCAS design. Then they agreed not to inform pilots about MCAS in manuals, even though Boeing’s safety analysis expected pilots to be the primary backstop in the event the system went haywire.

It's understandable that Boeing wanted to avoid simulator training, but apparently this regulatory discontinuity (ie. either same or different, no in-between, as far as I understand) forced them to concentrate so much on avoiding the need for new type certification that they ended up completely believing their own crazy tale about the two models' sameness, which led to hiding information from pilots.

https://www.seattletimes.com/seattle-news/times-watchdog/the...

[sokoloff]

I think it may have been a contractual term where Boeing could avoid a $1M reduction in purchase price per aircraft (times 280 aircraft) if simulator training could be avoided for the launch customer, Southwest Airlines.

https://www.sciencedirect.com/science/article/abs/pii/S10575...

[zmgsabst]

There’s some really negligent stuff, like changing how to disable auto pilot (ie, MCAS) — as the pilots of both crashed planes attempted actions that would have disabled the autopilot on previous models.

[boeinggggg]

If the pilots know how this sausage is made, it aint a 737 anymore. I think thay is the reason they rolled the dice sadly.

[vlovich123]

Wasn’t the Boeing issue completely preventable with an inconsequential extra part that cost nothing? Like the short cuts actually worked but they literally went all the way to almost succeeding and snatched defeat from the jaws of victory. (Aside from all the other things they did that also contributed to disaster situations going worse)

[boeinggggg]

I don't know. Maybe an expert can chime in but I think it is a hard problem because of ice etc. I think the 737Max has the problem where AoA matters more because you can get into a stall you can't get out of.

Whereas maybe before on older planes you get in a stall and you nose down to reduce AoA. You don't need a sensor to know this look at altitude etc.

So now you need perfect ten nines of reliability AoA sensors. Their use case has gone from a data point to mission critical, but the sensor is the same.

[imoverclocked]

You never want to get into a stall in a large commercial jet. Private pilots are taught stall and maybe spin recovery techniques for small GA aircraft. ATP rated pilots are taught stall/spin avoidance.

Chances are, if your AoA is anywhere near the critical AoA, a competent pilot is likely aware of it. The sensors are just another safety factor on top of that to help ensure situational awareness.

[K0balt]

Or, in the case of the 737Max, to trigger a chain of events that proved lethal to hundreds to people. That’s the secondary use of the AOA sensor in combination with the FC software that they implemented. It would have been relatively easy to integrate the AOA input with other sensors to eliminate this problem, but it would have invited a deeper look at the hazards of their design decisions.

Bean counters bathing in blood, all the way down.

[robocat]

> Bean counters bathing in blood, all the way down.

No resource is infinite and money is an important constraint in any engineering project. Engineering is all about making compromises. Good engineering is making the right compromises: especially when life and death decisions are being made.

Casually blaming "bean counters" is a distracting fantasy available to anyone that doesn't have to make real-world decisions. Understanding the causes of how Boeing systematically screwed up requires a bit more maturity than you appear to show. "Bean-counters" particularly comes across as childish name-calling to me, and clichés don't help either.

The fact that the MAX has been cleared to fly again shows that the design decisions were not utterly flawed.

[K0balt]

The design decisions were acceptable, if they had admitted the fact that the new design necessitated significant new training for the pilots, who were now flying a version of the 737 that could lose positive stability in some corners of its flight envelope….a fact they buried to reduce scrutiny (or facilitate deniability) from regulators and to make it an easier sell to airlines.

Bean counters bathing in blood, all the way down.

The forward mounting of the engine nacelles could have been countered with a small adjustment of the sweep or the surface area of the horizontal stabiliser, instead of the faulty flight control software solution, keeping the aircraft an aerodynamically safe aircraft as had been earlier generations. But that would have been a de-facto admission that the fundamental aerodynamic characteristics of the aircraft as certified were changed by the forward mounted nacelles.

They chose to monkeypatch the flight control system instead of making a minor change that would have produced the inherently safe aerodynamic characteristics that the aircraft was certified with.

They did this to avoid the delay and cost that would have resulted if they had been required to prove the aircraft design was still airworthy. There’s a reason that new designs must be certified to be used in passenger transport. They tried to work around the fact that the 737 max is a substantially new aircraft by monkeypatching the FCS to compensate for a potentially dangerous aerodynamic flaw that was introduced by the new location of the engines.

They chose to produce a more profitable but potentially dangerous aircraft instead of letting the engineers do their job and make the aircraft stable with the new engines. Regulators were also complicit in the regulatory evasion. Hundreds died as a direct result of this malfeasance.

Bean counters bathing in blood, all the way down.

[imtringued]

Except anyone who has read up on this topic knows that Boeing got fined for several billion dollars by the FAA and that the FAA has increased the training requirements and that Boeing has lost 20 billion dollars from aircraft groundings and cancelled orders.

Clearly, it doesn't look like Boeing was hurting for money whatsoever. Bean counters allocate money to billion dollar fines but they won't allocate it to safety and good engineering.

There aren't any deep or hidden truths behind the crashes. Turn off the MCAS and you don't get autopiloted into a crash, but telling pilots to turn off the MCAS would defeat its purpose, which is to save money on recertification and pilot training precisely by keeping it a secret.