I know better than to read between the lines on a press release like this, but can't help but notice that it falls far short of accepting responsibility for the problem.
He admits that MCAS "activated in response to erroneous angle of attack information" but doesn't admit that this alone directly resulted in the crashes. Rather, he implies that this sets off a chain of events which the pilots are unable to deal with ("pilots have told us, erroneous activation of the MCAS function can add to what is already a high workload environment") which puts undue blame on the pilots rather than the system.
If you'll excuse the analogy, it's as if they installed a new griddle in a restaurant kitchen which randomly gets ten times more hot than it ought to be, with no warning. The cook doesn't know it's too hot until the eggs start burning. Now the manager is saying that since the kitchen is so busy, the cook can't flip the eggs fast enough in response to these randomly fluctuating high temperature events. We're being told it's the cooks' fault.
I don't like being bullshitted and find this sort of dodgy language completely inappropriate when 300 people died.
Indeed, the whole press release brings to mind a couple of points from "Engineering a Safer World" which, if you're interested in this stuff, I can't recommend enough[0].
In the section "Questioning the Foundations of Traditional Safety Engineering":
Old Assumption
Most accidents are caused by operator error. Rewarding safe behaviour and punishing unsafe behaviours will eliminate or reduce accidents significantly.
New Assumption
Operator error is a product of the environment in which it occurs. To reduce operator "error" we must change the environment in which the operator works.
And:
Old Assumption
Major accidents occur from the chance simultaneous occurrence of random events.
New Assumption
Systems will tend to migrate toward states of higher risk. Such migration is predictable and can be prevented by appropriate system design or detected during operations using leading indicators of increasing risk.
In the press release we see both the "operator error" and "random events" hand-waving. Regardless of the fiduciary duty of this man, this is just not good enough.
The same quotes in an easier to read format, and I agree with them:
"Old Assumption
- Most accidents are caused by operator error. Rewarding safe behaviour and punishing unsafe behaviours will eliminate or reduce accidents significantly.
New Assumption
- Operator error is a product of the environment in which it occurs. To reduce operator "error" we must change the environment in which the operator works.
---
Old Assumption
- Major accidents occur from the chance simultaneous occurrence of random events.
New Assumption
- Systems will tend to migrate toward states of higher risk. Such migration is predictable and can be prevented by appropriate system design or detected during operations using leading indicators of increasing risk."
Just a day ago, user Gibbon1 also posted a link to a talk by the author of that book:
In a similar vein, I found Boing's statement about the software fix objectionable: “Our proposed software update incorporates additional limits and safeguards to the system and reduces crew workload,”
... reducing crew workload enough that the crew have a chance to figure out why the plane is trying to kill them? Nice move.
With the way litigation works, corporations will never admit blame for anything, since it greatly increases their legal risk. It's unfortunate, but their responsibilities lie with their shareholders, not the people who lost their lives on their planes.
> their responsibilities lie with their shareholders
This is the "shareholder value" theory, modern economists successfully brainwashed the population with. It became popular during the 1980s, "greed is good" times. It's just an ideology disguised as a science. The purpose and structure of modern corporation hasn't changed in the last hundred years or so. In 1950s and 1960s the public good, among others, role of corporations was wildly accepted. What changed is the ideologues who became more vicious and took complete control of the narrative.
Matt Levine's excellent Bloomberg newsletter "Money Stuff" frequently comments on this - search for the phrase "Everything is securities fraud": many reprehensible things a company does are possibly not technically illegal per se (or it's hard to prove that they are), but they do constitute securities fraud, and that's easier to prove and prosecute.
They avoid making actionable statements. In this case, the CEO did not explicitly assign blame, so it would be difficult to call them a liar. Omitting is different from lying. Using vague terminology isn't lying. So you get stuck with all this corporate talk, where they act as if they're apologizing, but won't even really say what they are specifically apologizing for.
If the CEO of a public company owns 10% of that company's shares and 90% of their new worth comes from the value of that stock, I can imagine them caring a great deal about increasing the value of the stock.
This is what people are referring to when they say "shareholder value" -- diving up the value of the stock.
I was thinking similar things. I'm plenty sure they don't have any legal responsibility to mislead and confuse people which is essentially what they are doing. They might have a legal responsibility to say we are at fault if their internal investigation is still ongoing. But almost certainly knowing they are fault and trying to placate people and distribute blame is all about greed, lack of moral and setting up a false narrative of 'duty to shareholder'.
Sure, however BA is part of the S&P500. I would wager almost every American who has retirement savings owns a chunk of BA. As well as most people in the Western world.
As much as we would love to having Boeing stock plummet, it will impact most people even if they're not aware that they own it.
Does not the majority have index fonds, which mean that a drop for BA is rather minor overall and stock money released from people selling BA stocks will then be invested in other companies on the market?
You are correct they have index funds, and the people selling off BA stock _may_ be investing in one of the other 499 S&P listed companies, or they may not be.
I know it's about litigation and looking out for themselves, but Boeing had to have been apprised of the reports and findings from multiple agencies about the circumstances of the crash prior to this announcement. Surely, some granule of awareness had to sink in for Boeing and the CEO to realize "Damn, we fucked up." One way or another, the public is going to realize Boeing seriously fucked up, whether they will admit it or not. The total dollar amount of the damage is still going to be settled in court, but there's no escaping the fact that Boeing's actions had an impact in this catastrophe. Boeing would have to be incredibly oblivious to hold a position that they had nothing to do with this.
But that's not how this whole show goes. CEOs are like robots that only act happy or serious. Go into a press conference and act all remorseful for the public, but don't ever offer a genuine apology or own up to the company's actions. Then when all the legal dust clears, the CEO can give a later update about how he is "shocked and appalled" that a verdict could possibly blame Boeing. What a joke.
People may get angry about this fact, but it really is the simple reality of an executive's fiduciary obligations. Ideally you run the enterprise in a manner that keeps the discharge of fiduciary duties within your personal moral constraints, but if you're not careful enough, you end up in this guy's shoes. And that's why they pay him the big bucks, because of such risks.
That said, it's also true that Boeing is in a boatload of trouble. This is gonna get ugly. Likely not for the CEO. I'm pretty sure his signature is not on any of the relevant paperwork. But now that this report has been released, it might be prudent for people who do have their signatures on the relevant paperwork just to consult with some legal counsel. I suspect Boeing, as a company, wouldn't hesitate to throw them under the bus.
> People may get angry about this fact, but it really is the simple reality of an executive's fiduciary obligations.
Sorry, but that's bull. Owning the mistake - and yes, that includes paying the families of the victims - and offering a serious apology combined with "that's what we will do to make sure it never happens again" would have been the best way to guarantee that Boeing as the current company will continue to exist. Right now they risk the 737 MAX being scrapped and governments around the work taking actions against the obvious regulatory shortcomings - the corruption that obviously happened, to have a plane being able to run itself into the ground based on one sensor system without any redundancies or other securities.
Now they need the US to protect them with further illegal subventions and government influence because they are too important for that country to fail. That's in no way the ideal way to follow "fiduciary obligations".
>People may get angry about this fact, but it really is the simple reality of an executive's fiduciary obligations.
With all due respect, that's Bullshit, and anyone who cares to look into the provenance of the modern concept of a corporation can see that.
A corporation is a mechanism by which people pool resources and distribute risk such that endeavors unachievable by any individual of that collective group. This privileged collective vehicle, however, was based on the principle that the existence of the corporation was providing a service or good to the benefit of the society enabling the incorporation.
As a sibling poster mentioned, the Reagan/Thatcher years ushered in "the death of Society" and the birth of the "shareholder value" meme.
A corporation does not exist without the societal framework in which it is implemented. If corporations don't take this into account moving forward, the system that put them in a position to do what they are doing may find itself under attack from without by legislators, and within by an increasingly marginalized millennial demographic.
Point being, you can't sit here and say that the only obligation executives have is to their shareholders when the entire arrangement that makes that possible is dependent on the goodwill of everyone else who isn't a shareholder.
I acknowledge my arguments may not convince a hard core "shareholder value" believer, but I'm willing to put my money in the long run on the state of corporatism in America sidling up to a line after which there isn't going to be much they have to lean on once people start realizing that shareholder/not shareholder is becoming the new social division point. Either we're all countrymen, or we're not. If corporate America pounds the "not" drum hard enough, I have no delusions enough people won't get together to bring the entire house of cards to the ground.
Your point is well received, and one would expect society to function that way, but it does not. People won't knock any house of cards to the ground unless they are starving. It's impossible to achieve anything of significance as individuals. And no organization fighting against the status quo could acquire enough resources to make a dent.
Corporations and government have hands in each others' pockets. They are protected by court systems designed in their favor, weapons which could wipe out populations in an instant, and complete control of the technology we all use to communicate.
I’m appalled by this point of view. Perhaps this is a weakness of capitalism.. primary responsibility should be to those who perished, not the shareholders.
From Boeing's standpoint, it's actually even worse than this. The families of the people who perished pose a risk to their business. The company doesn't want these people drawing attention to the incident, and they want to minimize any legal recourse. It's about finding a balance, pay them a reasonably small amount to get them to shut up and go away.
I know what you are saying and fully agree but would like to put a finer point on it: the problem is with unfettered capitalism, especially after 100 years or more of the lawyers writing the laws for the wealthy, who own the vast majority of the corps.
What we need is a balance between the entrepreneurial spirit of capitalism and governments that enforce corporate responsibility to its human workers and our communal environment. The corps have very effectively massaged the legal systems of the world into removing almost all notions of corporate responsibility. And here we are.
Corporations can't win big if they aren't exploiting some workforce somewhere. Whether it's keeping their skilled employees quiet on the shady business and anti-consumer practices through the veiled threat of job stability and thus their lifestyle, or the ones on the other side of the globe slaving away constantly to meet demands of their products or raw materials at the prices they dictate and not by the labour put into making the product.
A Japanese executive would accept responsibility honestly and commit seppuku.
I don't expect him to kill himself, but honesty seems the least we should expect in its place. Dishonesty is what caused it, and dishonesty continues dragging it out.
He should be pelted with rotten fruit whenever he show his face in public until he comes clean.
Yeah in fact it narcissistically points out how much this hurts them, and how smart and heroic they are in their solving of the problem. Wow good thing they happened along to save the day, eh?
Yep, it is full of bullshit corporate PR and crisis management. This story has just begun. FAA and Boeing hopefully will be held responsible. I don't hold my breath to see criminal charges for Boeing management, but this time, I wouldn't be completely surprised, if it happens.
> I don't hold my breath to see criminal charges for Boeing management, but this time, I wouldn't be completely surprised, if it happens.
I'd be very surprised if it did happen. "Lucky" for Boeing, it was mostly brown people in a third world country that died. Had it instead been two American planes that went down, Boeing and their executives would be in significantly deeper shit.
I don't get the downvotes, the real world out there is still very much racist in many aspects and places, and lives are not treated as equal but depending on nationality, color and situation. Things are improving, but it will take a lot more time to actually arrive there, even if we consider only western democracies.
Back to the topic - I am not surprised by this kind of empty bullshit talks from CEO, what else to expect from massive PR team? Each word was carefully considered together with big team of lawyers too. For me the outcomes are clear:
- be very suspicious about anything coming from Boeing, their reputation is properly damaged (Airbus doesn't get a free pass, but their products didn't kill 300 people recently and they didn't try to shift blame everywhere else but themselves although things are crystal clear now)
- FAA lost any credibility, period. Globally no other national agency should trust its evaluations, since its obviously susceptible to external pressures and failed at its core mission, directly in the media spotlights, globally, just few weeks ago. Gaining back the trust would be a lengthy process of measurable changes that led to their failure to act, and monitoring the results of this for quite some time.
Unfortunately, there's nothing different he can say at this point. If he wrote it they way you and I would like it to be, he'd probably be facing shareholder lawsuits and SEC fines and none of that would lead to a productive outcome. And it wouldn't change the fact that 300 people are still dead. All we can do at this point is hope they don't rush the MAX fleet back into service before its really ready and that the Boeing board really inspects the company's culture to ensure the whole fiasco has a lasting impact. Almost a "never again" sort of approach. Boeing has been doing a tremendous amount of innovative stuff and pushing the envelope in way more areas - commercial flight, space, military - than ever before, but apparently at the expense of what got it to its dominant position in the first place -- uncompromising engineering excellence. I would agree with you that before we, as the passengers of their products, can move forward, a stronger statement needs to at least address the specifics of how this is going to change.
And not to diminish this one issue - but if this can happen to Boeing, imagine the risks that many other companies with less of a track record in engineering may be inadvertently taking with introductions/reliance on ML. We've focused a lot on the ethics of AI making life/death decisions but in this case, based on what we know today, the prime culprit seems to lie in the decisions of humans (i.e. not to put two devices in place, or three as many have suggested, the decision to place engine mass in a different area, the lack of UI in the cockpits, etc)
Yeah, this is better than their initial "what, me worry" response. They should just own up to their screw up. They will owe giant fines and be sued. Their reputation is what is more important long term. Own up to the change.
Companies will usually not admit any kind of fault because it opens for door for trials and so on. You should not expect a press release like this to fall into self incrimination. Press releases are reviewed by groups of lawyers as well so they will edit the language carefully.
> You can't admit fault or imply so. The legal department will veto it.
They should do it anyway. After the Challenger and Columbia disasters, there were major public changes at NASA. If there are none at Boeing now, we have a huge problem (since the number of deaths is an order of magnitude larger!).
Well, then I'm irrational too, because I won't set foot in a 737 MAX after this shitfest. The FAA also lost a lot of trust, for rubber-stamping this.
The first accident was maybe understandable. We all know that shit happens. But Boeing has zero excuses for not immediately grounding the whole fleet after, and for putting out that useless recovery procedure which didn't work in this case. They let a deadly plane fly for 5 months after they were aware of it, and after the second crash they were phoning Trump to keep it in the air.
> The FAA also lost a lot of trust, for rubber-stamping this.
From documents I've seen (which I cannot find the links to now), it appears that the FAA let Boeing themselves do some of the certification work and sign offs.
Putting the foxes in charge of the hen house, so to speak.
This is deregulation in action. This is what people clamor for when they say they want "small government." This is in no way a fringe position. It is deliberate and desired by an entire political party in the US. And it's hardly limited to the FAA. The meat and coal industries are just some other examples of this deregulation in action. People die and will die because of this philosophy. It may not be as dramatic in other industries as it is in aviation, but death is death. We should remember that when politicians and their supporters start throwing about phrases like "deregulation" and "small government." This kind of tragedy is what those phrases mean.
It's called Regulatory Capture, and it happens to all regulatory agencies sooner or later.
They become primarily concerned with the interests of the companies they're regulating, rather than the public interest they're in theory tasked with working for.
Unfortunately, that is just how a regulated society works.
How do you arrive at such a conclusion? Have you researched regulatory agencies in EU? For example they just blocked a meeger between two massive train manufacturer. Your argument sounds like a weak libertarian talking point.
Of course, my post above is sharpened and overgeneralized to fit in an online forum. There are more nuances.
A current example in the news is Facebook asking congress to be regulated. This makes little sense from a conventional perspective. From the Regulatory Capture perspective it's an obvious play. Government regulation will be very costly to comply with, and only FB and a few other giants will be able to afford it, thus cementing FBs monopoly position for the foreseeable future.
It sounds like you are dreaming of it tough. To make such a strong statement. It is like saying all corporations end up like Theranos or Enron eventually.
Economists do a lot of research and disagree with each other violently. So I will not take your links as any proof that regulatory capture is an inevitable end. Yes it is concerning that it happens but there is absolutely no reason to believe it is the fate of all.
Economists don't disagree on most things, but people who don't like to adjust their beliefs according to Economic science often like to think that.
To be fair, Public Choice theory is certainly on the more controversial half of the subfields.
And of course you shouldn't blindly take some random post on this forum as complete proof of how the world works. That would be a foolish gullibility. Then again, completely rejecting it isn't the wisest thing either. At least that's my view :)
If all the economics you know of is Macroeconomics, I understand your question. It is an extremely difficult field to study, and we may never really understand it.
But that's a small part of Economics, and the field in general is as hard as any science outside of physics, and had given us an enormous amount of insights we lacked 200 years ago, and contributed immensely to the relative peace and prosperity the world enjoys today.
regulatory capture is an event, threshold, inflection point, or whatever else you want to call it. it isn’t something that just poofs into existence as soon as a regulatory body is created. however, it does seem to be an end state or at least an evolutionary state of many agencies. for example, the faa in this case or the fcc.
just because a regulatory agency did its job by protecting the pulic’s interest doesn’t mean it will always work that way. so your example doesn’t negate the existence of regulatory capture, which is an actual thing and not some political propaganda.
My point is reverse also holds true just because some regulatory agencies was taken over or was allowed to be taken over corporations doe not mean that it is the end state of some sorts.
Whe it becomes political propoganda is when you accept that it is the inevitable end state.
The integrity of engineering excellence should never be sacrificed for profit and/or conveniency in places where it involves human lives. Realistically and pragmatically speaking, you only ever get to have just one single shot at establishing and maintaining that kind of life/death level of trust. Fuck it up, and you're gone- quite literally, mind you.
This is some Challenger O-ring type of shitshow. Accidents are one thing; incompetency or, worse yet, callous indifference is absolutely unacceptable.
The first crash can be compared to the Challenger shitshow. It was a (massive) engineering mistake, which lead to the Lion Air plane crashing. Looking at the history of the 737 in general and the 737-MAX specifically it was rekless, but I'm pretty certain not intentional or foreseen by Boeing.
That massively changed by the fact that they didn't immediately pull the plane after this crash and went into deep analysis mode to really evaluate the cause. Instead they smeared everybody but themselves, developed a completely useless checklist without really knowing or (apparently) caring if it's useful at all and let that deathtrap fly.
The second crash, in my opinion is corporate mass murder for profit. Maybe not legally, but morally most certainly.
"The integrity of engineering excellence should never be sacrificed for profit and/or conveniency in places where it involves human lives."
There is always a trade off, your statement is too bold for a world of limited resources.
We can use engineering to make the roads safer. Spent a trillion USD on road safety will save lives for sure. But maybe it is spend better on cancer R&D efforts?
The safest plane would be the most expensive and most uncompetitive since it needs unlimited resources and unlimited time for being designed.
It's not so much a matter of ressources than of specifically engineering excellence. There's plentiful examples of a much better product that was created with less ressources than the shitty existing competition (this must be commonplace for HN members).
I'm convinced the safest plane is not the most expensive, it's the one designed through sound and clear-sighted engineering.
Since there won't be an ultimately and best product for ever, there is always a way to improve things. Then time and financial restrains come into place again.
Are you an engineer? Your argument sounds naive. Or to give a counter example: In the Soviet Union there were likely more accidents (normalized) compared to the west. Yet, they did not focus on maximizing profits.
I am, and I have experienced many times what I'm talking about.
A simpler yet effective design (may it be initial or rework) comes at a much lower cost than a flawed one, which inevitably aggregates irrelevant complexities.
The F-35 fighter is a good example. Trades many disadvantages (not fast, not good in dog-fighting, tremendous long maintenance time, low payload etc.) for one advantage. The F-35 may or may not be invisible to an able opponent. But this decision is a tremendous difficult one. Based on your argument, it would be better to stick with a simple design. This was worked for the Soviet Union in WW2 (don't build the best tank, build a decent one, build many).
Thanks for the suggested read, sounds interesting indeed.
I'm not comparing simple vs. complex but rather sound vs. flawed, although often sound = simpler than flawed.
The 737 here is yet another example of this :
- the MAX design is flawed : faulty risk assessment of MCAS, seemingly unstable airframe in some configurations
- a likely sound design could be : airframe rework, thorough risk assessment, extra pilot training...
While the flawed design came at a lower initial cost, it will now overrun the cost of a likely sound one (further rework + retrofit + sales/reputation damage + legal), including the cost of a probable longer design phase in the latter.
(I concede that legal/sales costs are not directly technical debt costs).
You're talking about the cost of the product, but what about the cost of redesigning in itself? Including the opportunity cost of delaying the product to keep reworking the design.
> Realistically and pragmatically speaking, you only ever get to have just one single shot at establishing and maintaining that kind of life/death level of trust. Fuck it up, and you're gone- quite literally, mind you.
I wish this statement was held with as much as accountability as this comment implies. But have any of the major outlets been discussing potential prison sentences for Boeing or FAA employees / executives or potentially even board members? If you want accountability in today's age it seems the pressure needs to be applied at the point where financial decisions are held with more precedent than safety of life.
Boeing stock was up today on the glimmer of hope that the "software fix was working". Investors are assuming the stock is on sale and this only impacts Boeing for, what, a few weeks? I said something similar in another comment but I think Volkswagen is going to do more jail time and have more brand detriment than Boeing or the FAA will. Egregious doesn't begin to describe the misdirection of conversation. Why is the focus not yet on who will be sentenced for death over profits?
> Investors are assuming the stock is on sale and this only impacts Boring for, what, a few weeks?
Reminds me of the Equifax breach. Stock tumbles then recovers. Overall, it validates that breaches are not a liability; therefore, additional resources to address future problems could be seen as a moot point.
Same with Boeing. If there is no impact to the company, then why change the business model?
Equifax is not comparable to this. The difference with Equifax is that there has been little actual damage compare to how much data got compromised. With Boeing we've had hundreds who got killed.
If the world was fair they should all (decision makers at Boeing and FAA both) be packed by the lot and send to stand trial in Ethiopia and Indonesia for 300+ murder, which is what I consider this to be.
If you don't have food in your belly and you steal you get jailed. You are not satisfied with your million dollar salary and your billion dollar company profit and don't care if people get killed, you get to have PR firm write how sorry and sincere you are. Justice seems truly blind so many times just not in the way the phrase was coined.
>If the world was fair they should all (decision makers at Boeing and FAA both) be packed by the lot and send to stand trial in Ethiopia and Indonesia for 300+ murder
And they're totally going go get a fair trial and not some sort of kangaroo court to appease the locals?
I actually thought about that a little also but if I have to find a fairer choice between Boeing most likely to get away with a slap in US because big corps almost always do (too big to fail) vs. them getting taken down by a kangeroo court in those two countries it's not hard not to pick a potential kangeroo court.
The difference between Wolkswagen and Boeing is the latter is an american company and hence is probably not going to face billion of dollars of damage from american authorities and current administration. Probably no jail time either.
Agreed. It remains to be seen if Boeing deliberately used a loophole to avoid reclassification of the MAX8. If so, I'm curious to see how this would be different in a court of law. Especially if Boeing is compelled to provide email around the comms with specific regard to MAX8 certification.
Black box high five for the win, amirite?! Roll it back up to the top of the hill and lets see if it records something different...
It's sad, but most faults seem to be like this. First one is treated as an anomaly, second one is treated as the start of a trend. It happens so many times I'm glad I'm not working with human lives.
>The integrity of engineering excellence should never be sacrificed for profit and/or conveniency in places where it involves human lives.
That's just unrealistic. Unless you want plane and car rides to cost as much as a trip to space, after all, since everything would need to be engineered to that level of quality.
Neither safe nor affordable are booleans. They are on a scale, and a dependency exists between them.
Anybody may have a different judgement with respect to exactly where on the scale is appropriate, but we cannot just pretend that there's no trade-off to be made. Or that absolute safety is even a possibility.
It's pretty freaking safe, isn't it? We've literally had zero-fatality years in the US. That doesn't happen through good luck alone. Clearly the manufacturers, regulators, and operators are doing almost everything right.
In my mind, the difference between science and engineering is that science is concerned about what's provably true, whereas engineering (and I include applied math and even medicine here) is about getting to a result.
Therefore, our medicine is not perfectly safe, our cars are not perfectly safe, our building are not perfectly safe, we don't / can't provide 100% health coverage to everyone, and so on... but in aggregate, they make the world a better place, so it's worth it.
I think lack or major crashes in recent years made them complacent and emboldened them to roll the dice. Then hit snake eyes. Then also may have looked down on the foreign pilots are the airline. Had this been a Southwest plane they may have grounded the plane.
I do think the complacency issue might be a component here. Humans tend to quickly accept recent history as "normal" and over time forget the lessons learned by past disasters.
"Those who don't remember history are doomed to repeat it"
It's been a couple of decades I think, maybe more, since an engineering screwup affected a passenger airliner like this. You could argue that the 787 LiIon battery thermal runaway thing was a red flag. That also resulted in an FAA grounding, but that was fairly easily remedied and nobody died.
I suspect we're going to end up seeing evidence that the first accident was also the result of known risks being down-played / swept under the rug in the name of profit.
One perspective is that the first and second accidents happened because the band-aid fell off, and the first accident should have been the cue to use stickier bandaids. But it seems very unlikely that no engineer anywhere through the development said "This design is for shit and is WAY too dependent on a bandaid that can't realistically be adequate".
According to what I read here, the European agency doesn't do exhaustive tests because they mostly trust whatever the FAA says
That's true. The FAA had a stellar record as a certification agency, which, it can be argued, they fucked in three days (sure, the hole history of this sad debacle is more complex. But by keeping the plane in the air longer than any other certification body in order to not hurt their buddies at Boeing they completely ruined their reputation, which was built in decades of good work).
I can't imagine that any responsible certification body anywhere trusts the FAA anymore without a complete and significant shakeup.
FWIW, the Brazilian regulator (whose name I don't remember...) did not rubber-stamp the FAA's type certification of the 737 MAX, and required some differences training for MCAS, IIRC.
Good question. Would be interesting to hear what (if any) additional training pilots there got.
And, yes, the Ethiopian Air pilots apparently did follow the procedures initially, flipping the Stab Trim Cutout switches, but did not manage to recenter the trim manually (via the trim wheel), so apparently re-enabled electric trim, and then let MCAS drive the trim even further down to their doom. :-/
Europe and the FAA have Cross-certification schemes. In reverse, Airbus is certified primarily in Europe. The same happens to varying degrees in medicines, appliances, etc.
This is unlikely to change. It’s expected that some changes will occur at the FAA. Certifying an airliner is also a prohibitively expensive undertaking, which is part of the reason for this mess in the first place. It would take years even to train enough personnel to duplicate all those efforts.
Agreed. But the EASA ought to be at least in a position to put pressure on FAA to put their house in order. You can add this to my very long list of reasons why the UK really ought to decide to remain in a position of influence within the EU instead of choosing to join the Trumpist libertarian shitshow those far-right loons are trying to push us into.
I will. I like flying places, and I'm not going to let some unfortunate hiccups get in the way of that. I trust Boeing and the people who work on airline safety a heck of a lot more than I trust ride share drivers who flip U-turns in the middle of the block, slam on the brakes, narrowly miss bicycle riders, etc. And I use the heck out of Lyft & Uber. I've got better things to worry about.
The main thing for me is that NOW pilots will be aware that there is a piece of software running in the background that might fight them. The first thing they will all learn is how to disable it so they can actually fly the airplane. That's even without a software fix.
To me, it all comes down to to Boeing being able to self-certify their aircraft, and they knew they were sneaking the "fix" known as MCAS as a way to prevent loss of sales to A320. Super shady in my opinion.
The reason this preliminary report is so damning is that it's evident that the pilots on flight 302 knew this - they realised what was happening, took the necessary steps to disable MCAS, and still couldn't stop the plane from crashing and killing everyone on board.
Read the narrative in the report. Why do you suppose that after they got the same initial signs of trouble that the Lion Air flight had (stick shaker on left side, disagreement in airspeed values, etc. immediately after takeoff) that the captain tried to engage autopilot and instructed the first officer to retract flaps and inform controllers they were proceeding to climb to FL 320 (32,000 ft). Why not instead turn back and land and hand the aircraft over to maintenance?
From the report:
At 05:38:44, shortly after liftoff, the left and right recorded AOA values deviated. Left AOA decreased to 11.1° then increased to 35.7° while value of right AOA indicated 14.94°. Then after, the left AOA value reached 74.5° in ¾ seconds while the right AOA reached a maximum value of 15.3°. At this time, the left stick shaker activated and remained active until near the end of the recording. Also, the airspeed, altitude and flight director pitch bar values from the left side noted deviating from the corresponding right side values. The left side values were lower than the right side values until near the end of the recording.
...
At 05:39:06, the Captain advised the First-Officer to contact radar and First Officer reported SHALA 2A departure crossing 8400 ft and climbing FL 320.
...
At 05:39:42, Level Change mode was engaged. The selected altitude was 32000 ft. Shortly after the mode change, the selected airspeed was set to 238 kt.
At 05:39:45, Captain requested flaps up and First-Officer acknowledged. One second later, flap handle moved from 5 to 0 degrees and flaps retraction began.
Bear in mind stick shaker and divergent instrument readings all this time.
Why not just return and land, leave the flaps configuration alone (which would have inhibited MCAS), especially since this is exactly how the Lion Air flight started.
I know this is easy to critique from the comfort of my chair, and the pilots are not here to defend themselves, but some things in this narrative just don't make sense.
It makes zero mention of flaps. It doesn't recommend avoiding retracting them or trying to land as soon as possible.
Trying to land as fast as possible is typicality a bad idea. Planes which have just taken off are almost always over their maximum landing weight. Even if you ignore that, the extra stress of trying to land as soon as possible could cause the pilots to make more errors.
Procedures for issues on take off are typically focused on continuing to climb to gain as much altitude as possible to give the pilots time and space to assess the problem before dumping fuel and landing. The more altitude you have the more time you have to recover.
And unfortunately, climbing through 5000 feet requires retracting the flaps.
Check the airspeed at the time they raised flaps. It was right at Vfe, and increasing.
I don't know the most likely consequence of flying with flaps 5 above Vfe. Maybe flaps would (asynchronously) depart the airplane, or induce flutter at a much lower than usual airspeed. Either of those is an extremely high risk of losing the aircraft.
Experience sounds like a good thing on the face of it, but it also adds noise where all of these indications sound familiar enough, and yet nothing in particular stands out and tells you to leave flaps alone. That suggestion isn't even in the emergency airworthiness directive. And still at the time of this event there's no simulator that can be configured for MCAS upset so that pilots can experience it in various phases of flight.
Also, the priority in a flight control problem is to fly the plane, get it stabilized, understand the problem, and turning back to the airport is inconsistent with that. Fly runway heading is the proper thing to do, it's less complicated. A turn increases angle of attack, increases drag, it makes a high angle of attack situation worse, and if you're trying to climb it reduces your rate of climb.
Of course they would have tried to land after getting the plane under control. They didn't have airspeed or altitude under control, and were following the checklists they were supposed to be following. IAS Unstable tells them to leave thrust high and flaps alone to avoid a wing stall.
The took the necessary steps and it was working until they went off script. Whether or not their hand was force because the script stopped working remains to be seen. IMHO, there's little to do except to wait for the full report to come out. The speculation about the crash was wildly wrong and the preliminary report coming out didn't really stop that.
> The took the necessary steps and it was working until they went off script. Whether or not their hand was force because the script stopped working remains to be seen
The script required them to manually crank in the stabilizer, which wasn't possible. The script was manifestly not "working". That doesn't "remain to be seen" -- it's in the transcript of the cockpit
> At 05:40:35, the First-Officer called out “stab trim cut-out” two times. Captain agreed and First- Officer confirmed stab trim cut-out.
> At 05:41:46, the Captain asked the First-Officer if the trim is functional. The First-Officer has replied that the trim was not working and asked if he could try it manually. The Captain told him to try. At 05:41:54, the First-Officer replied that it is not working.
I guess the First-Officer must have been speculating...
Pilots are often wrong about what their aircraft is doing. In fact, that's a big reason why they crash. So yes, the First Officer said that but that is not conclusive proof that they couldn't manually trim. He may have misinterpreted the question and tried the electric trim again. Or maybe he tried turning the wheel and didn't do it right. Or maybe he needed to try again. Or maybe he needed the pilots help. Or maybe the manual trim system was broken. There's any number of explanations for that statement.
Until someone sits down and calculates the torque needed to manually trim it's all just speculation.
Bear in mind that they're at low altitude and the pilot is busy supplying maximum pull on the yoke, and therefore likely unavailable to help crank a stiff trim wheel.
I wouldn't feed the troll, but I don't want your misinformation to spread.
> They weren't
They just took off, max height of the airplane was 1000 feet above the ground. That's a definely low altitude.
> Runaway trim should be a recoverable situation.
The trim pointed the nose down. The aerodynamic forces were so high on the elevator that the trim wheels could not be moved by a single person. This was confirmed in 737 simulator.
>They just took off, max height of the airplane was 1000 feet above the ground. That's a definely low altitude.
People thought that based on Flightaware data. But if you actually read the report you will see that it is incorrect and they reached about 7,000 feet.
>The trim pointed the nose down.
Incorrect. The plane was steadily gaining altitude until they re-enabled electric trim.
>I wouldn't feed the troll, but I don't want your misinformation to spread.
Try being right before throwing around personal insults.
which points clearly to MCAS applying maximum nose down, based on incorrect data from the left alpha sensor, both pilots pulling on their control sticks, and the aircraft failing to gain altitude even before final MCAS activation because the trim could not be manually reset by the F/O.
this report contradicts every element that you're pushing (plane reached altitude, pilots didn't pull on the column, the electric trim was not needed, MCAS did not intervene). did I missing anything ?
It’s pretty disgusting to accuse a dead pilot, that was fighting to save his life and that of hundreds of people, of incompetence from the warmth of your chair.
Or if you stick around long enough I may do it for gits and shiggles.
I'll need some schematic details of the actual manual trim wheel mechanism to figure out what the output forces on the jackscrew are... But hey, sounds like a fun mental exercise.
I'll see if I can find any details on it, but if anyone else just has it, reply to me, and let's see if we can get some delicious numbers going on here. Worst case scenario, I'll pull whatever design most makes sense to me out of my arse and theorycraft to get a feel for it.
737-800 has a 32.776m^2 horizontal stabilizer area. Let's double that to 65.556 to accomodate both airfoils.
Wing load is 1/2p(v^2)A
Where
A=65.556m^2 (352.8 ft^2)
v=180.556m/s (350 knots)
And we'll guess our air density around .95ish kg/m^3
given our altitude of 2334m (7625 ft plus change) asl
Barring any flawed fundamental assumptions, that gives us a wind load of 1015087 N (228200.636 pounds-force (lbf)), and a dynamic pressure of 15485 N/m^2
I'll leave this out there to offend any actual aerospace engineers that might be reading so they'll tell us I'm doing it all wrong while I try to work out whether I can use the screw jack equations and what we've calculated thusfar in the hopes of figuring out something that even remotely makes sense.
I have a feeling I'm oversimplifying or misapplying the wind load equation. But hey, it's the internet. I'm allowed to be wrong.
Okay. So after a bit of chewing on the screw jack equations, I settled on using an M24 screw as the basis just for convenience. Eyeballed a video of jackscrew of a 737NG, and figured a 6 inch lever arm. In the form of a pulley of some sort as the input for the screw jack from the trim wheel in the cockpit.
Dropping in the previously calculated wind load of 1015087 N, we end up with an effort force of 3182 N, which through a 6 in pulley would be 485Nm (357 ft-lbs) of torque,
Note, we're in automobile engine levels of torque output to actuate this screw jack against the wind load on the horizontal stabilizer.
Give me a bit to come up with some estimates on the trim wheel and play around with some gear trains to see if I can come up with an arrangement that does the trick.
It should be doable, but with the gear ratios I'm thinking will be required to generate the requisite torque, the actual rate of actuation is going to be pretty slow.
Why are you dismissing the data the report contains indicating that the flight crew was unable to trim manually, that the column forces were incredibly high, and that the captain repeatedly indicated he could not maintain elevator trim without the co-pilot's aid, then?
Your responses have been incredibly selective about which parts of the report you take as gospel and which you handwave away as "speculation".
From where I'm sitting it appears you've started out by picking a contrarian conclusion you like ("the plane was safe once STAB CUTOUT was set cutout, and the crew could have maintained altitude indefinitely at that point, but fatally fucked up by re-engaging electronic trim to try to trim the stabilizer"), and to maintain that a priori conclusion you've consistently ignored the data and parts of the transcript that indicate that was very likely impossible.
The report does not actually indicate which "manually" the pilots meant, with the switches or with the trim wheel. When the question came up they went and turned the electric trim system back on and appeared to test it (only trimmed 0.2 units). Honestly if I had just turned the thing back on I would have trimmed it all the way to where I want it.
>The report does not actually indicate which "manually" the pilots meant, with the switches or with the trim wheel.
This isn't consistent with any coherent reading of the transcript:
> At 05:41:46, the Captain asked the First-Officer if the trim is functional. The First-Officer has replied that the trim was not working and asked if he could try it manually.
They've already hit the stab cutout at this point. Now maybe they're think this is like the older 737s and the cutout cut the autopilot and not the full electrical, BUT if you think the question he was asking was whether or not he could try the thumb switch, what exactly would he have been trying prior to that that "wasn't working"?
There is no other trim to try before the thumb switches such that you'd refer to the thumb switches as "trying it manually" when $OTHER_THING was not working. In the transcript, given what's being said, it's clearly the wheel crank that's meant. It doesn't even make sense otherwise.
>Why are you dismissing the data the report contains indicating that the flight crew was unable to trim manually, that the column forces were incredibly high
> At 05:40:44, the Captain called out three times “Pull-up” and the First-Officer acknowledged.
> At 05:41:30, the Captain requested the First-Officer to pitch up with him and the First-Officer acknowledged.
> At 05:43:04, the Captain asked the First Officer to pitch up together and said that pitch is not enough.
Take a look at the chart of control column position deflections. They're jolting around like crazy at +10 to +15 aft starting immediately at the first big MCAS trim event through to the end of the recording. That's because the stabilizer mis-trim is exerting considerable force on the elevator. The captain wasn't calling for aid on the column for shits and giggles.
Data for "Column forces were incredibly high" would be the force on the column that the pilots experienced. Column position deflection isn't that. Column position deflection data is data that the column position was changing rapidly. Concluding that column position was changing rapidly due to "incredibly high" forces as opposed to say unpredictable forces is speculation.
So your take is that the column shows near constant movements of multiple degrees back and forth practically on a second to second basis, in the grip of someone trying to hold it steady at +10 aft, and who asked several times for help keeping it back enough to keep the nose up, but that that is not in and of itself indication that the force was "high"
You're shifting the goal posts. Obviously the force was "high" because the trim was out of position. That's different from "incredibly high" and can mean anything from "they gotta pull a little harder than normal" to "they have to pull as hard as they possibly can".
Control column position is not a delta. On a 737 that position directly correlates to the position of the elevator in degrees. Elevator position, stabilizer position, and airspeed as they were we can infer a force; corroborated by their own words, it's reasonable that this situation is described in the "mistrim nose down" sketch about 1/3 of the way down here:
05:41:46, 05:41:54 manual trim not working, that is absolutely a trim wheel hand crank attempt; fairly clear (to me) but not stated is that both pilots were not simultaneously cranking on the trim wheel, there's plenty of anecdotal evidence that this exact configuration puts to much upward force on the jackscrew that it is difficult to impossible to turn.
05:43:04, PIC asks SIC to pitch up together says pitch is not enough
As for the noisiness of the control column position data, it could be partly the stick shaker, it could be light turbulence, the accel vert row at the bottom shows it's a bumpy flight, and pitch and roll attitude is also variable but less so than vertical accelerate. And accel vert gets noticably more perturbed as airspeed increases. I think it's light to moderate turbulence, but I'm not certain. A search for PIREPs and weather reports at the time could corroborate it.
> At 05:40:35, the First-Officer called out “stab trim cut-out” two times. Captain agreed and First-Officer confirmed stab trim cut-out.
MCAS should be disabled at this time and this is confirmed further in the report.
> At 05:40:41, approximately five seconds after the end of the ANU stabilizer motion, a third instance of AND automatic trim command occurred without any corresponding motion of the stabilizer, which is consistent with the stabilizer trim cutout switches were in the ‘’cutout’’ position
I see this playing out in a couple of possible ways. One is that it ends up like the DC-10. Public confidence is lost, even though the problem is fixed. The aircraft end up going into freighter service.
The other is that they make a convincing case that the problem is resolved. I don't know if that's possible given today's default hate for big corporations, we'll see. They've done it before with the 737 and the rudder problem it had in the 1990s or so. That problem led to a few fatal crashes, but I'm not sure it ever got the attention that this story is getting. The news cycle was different then.
I would absolutely fly on one once the problem is corrected.
Be my guest. For sure I won’t be aboard one of these death traps in the next accident.
And we’ll have another accident if they let this killing machine take off again given that they are just doing a useless software fix.
In all fairness this plane is only a danger to its crew (and to regular commuters). Even without the software fix, the probability that you get into a crash in one of the few times in a year when you make a leg in this plane is still infinitesimal. For the crew that spends the whole year in there, different story.
By my calculation the plane was flying roundabout 100.000 days with 2 accidents. Assuming 2 round-trips a day maybe 200.000 takeoff during this time. One crash every 100.000 take-offs.
Now assuming 40.000 road deaths per year in the US and 300.000.000 citizens we have 0.000133 probability to suffer a road death a year. Assuming one 737MAX round trip per quarter we have 8 take-offs so .00008 probability to die in a 737MAX. Assuming commuter 40 trips a year we have a risk much higher than the average road death risk.
I assume that AoA sensor disagree would have been warned about still on the ground. Even if both fail, a new take off checklist will probably include comparing AoA information with analog instruments. If one sensor failure is 10E-5, two simultaneous should be 10E-10, multiplied with assumption of competence (say 99/100 will now know how to deal with it), which gives 10E-11 - 10E-12. I.e. I wouldn't worry about MCAS anymore after every plane has been updated.
What I would worry about is departure stalls, as MCAS doesn't seem to solve these. I wonder whether there isn't another 10E-5 to 10E-6 risk in there and people have just been lucky so far. Another MAX8 crash involving a stall would kill this plane I think, as it would prove much more that it's inherently unsafe.
From the FDR data in the report, it seems that the AoA sensor disagreements on this flight didn't start until after takeoff. I don't know if this is the normal failure mode.
When CEO said "We're taking a comprehensive, disciplined approach, and taking the time, to get the software update right.", I wondered if they would characterize their initial design the same way.
It's shameful to even try to pin it on software. The fundamental problem is that they didn't want to do the right thing by admitting and teaching pilots that this plane has different flight characteristics and they need to train for flying a similar, but different plane.
As long as this MCAS software even exists on the plane, I'll never fly on one again. If they take MCAS out, certify, and train properly then I'll fly on them. Otherwise, no.
The MCAS is there to fix a design fault whereby the plane has a tendency to pitch up automatically (and hence have a chance of stalling) when accelerating, due to the oversize engines and their placement.
It's actually very rational. No one can declare something complex like a plane or a version of Windows to be "safe" or "secure". Only the absence of incident for a long period of time is an indication that it is.
You, as a non-expert, can absolutely take that stance - but when it comes to planes I am comfortable demanding that mechanical units can be provably safe and secure and that there is a reasonably exhaustive understanding of those unit interactions that assures safety at some point.
There has been the mention that the customization of planes in a certain way exposed this error - that's the bullshit part. Planes are complicated, the testing of them is complicated, allowing your marketing/sales team arbitrarily inject feature flags into your life or death machine to maximize profits is silly.
Make a thing and prove it is safe, if you wish to modify said thing, then prove the new version is just as safe - and don't allow corners to be cut with something as dangerous and expensive as a plane, these things aren't cheap and they don't need to rapidly iterate versions, they can move slowly and safely and be held to a standard of provable safety that I agree would be unreasonable for software like windows or instagram.
As an aside, I would offer more leeway to Cessna, given their focus on the individual consumer market and emphasis of customization, if someone ordered the plane equivalent of the small pizza with half sausage no cheese and no sauce[1], but not too much more leeway due to the danger these planes can have on others.
I don't know. A lot of the problems that occured on planes were hard to predict even though they go through the rigorous process you mention. Battery fire on B787. Cargo door on DC10. Engine leaks on A380, etc. These are all quality/design issues that were not predicted.
He could put his safety where his mouth is and vow to only fly on the MAX for the next two years. That would be a much stronger vote of confidence than whatever words his PR firm came up with.
That doesn't really prove anything though. The risk to a specific flight is still quite low. The risk that is concerning is the risk of any 737 Max flight crashing. It would be like a lottery detractor saying "I'll prove that no one wins the lottery by buying a ticket every day, and never winning." Chances are that person won't win. But chances are quite high that someone will win.
That's a terrible show of confidence. What are the chances that the next plane to have an accident is carrying the CEO? What is the average expected punishment to the CEO for getting it wrong? It's probably less risk than BASE jumping.
I would rather there be guaranteed liability: have the execs set up a legal system to refund the entire order book and voluntarily plead guilty to federal charges in the event of another > 10 MAX deaths. But frankly, if Boeing is at fault for 340 deaths they should already be doing that.
I haven't seen any mention yet specifically, are they being held liable for the deaths and forced into some financial penalties or has this case been relegated to the right-wing "The free market will adjust and discourage consumers" sort of liability?
My impression is that the relevant laws for crash liability are those of Indonesia and Ethiopia. So nobody professional is clamoring for it. The silence of the pundit class is curious; I guess we will find out how political this in the next few days.
That said, it seems likely that in the US Boeing is liable to their customers (airlines and aircraft owners) for fraud. In theory, the entire organization could be disbanded under RICO, but Boeing is a defense contractor, so more likely they pay to settle damages. I could see them getting away with paying for the costs of repairs, retraining and the lost revenue for planes already delivered in the US.
It also seems likely that Boeing is spending incredible amounts of money on PR to control the fallout. I expected the release of this report to be near the top of Reddit, but on reddit's /r/news the BBC report on this was sitting at only 21 net upvotes after 3 hours. (As of 8 hours ago.)
While I wouldn't be surprised if they weren't held liable, it's way too early to know. The justice system moves slowly, and the reports haven't even been finished.
No. Aside from this one issue, the plane is likely as safe or safer than every previous 737. With this much public attention, this issue will get resolved and then some. The end result will likely be the safest plane in the air.
It's a different car, but still arguably a safer one. Every part in the 737 MAX is either the same or newer and improved over the previous 737 series. While they should have gone through far more scrutiny in the certification process, the 737 MAX, viewed holistically, is a newer, more modern aircraft that will be safer than older aircraft once the kinks are fixed.
Every time you change part of a system, even if you claim you're "improving" it, you introduce risk. That is my holistic view of this aircraft: the 737's record is not meaningless but it is also far from the whole picture for the MAX. Any new system introduces the potential for defects that were not present on previous models, and for unanticipated integration issues with existing systems.
Add in the facts that Boeing has been caught red-handed implementing a half-baked engineering solution as a regulatory dodge, and that this solution has to date crashed two aircraft and killed 346 (IIRC) people, and your view starts to look downright naive. You might call these tragedies "working out the kinks"; I call them wholly preventable, and evidence that human lives don't carry the proper weight in Boeing's financial calculus.
Which is to say, early defects in construction which were later resolved is not actually wholly uncommon to just this aircraft line, and planes of that model are still literally flying around today.
I'm not sure why you think I wouldn't be aware of those well-known facts about the 737.
I'm also not sure why you'd reply to my comment when you clearly either haven't read it or have no interest in actually replying to the substance of it.
I get that you're rightfully upset at Boeing for trying to skip the proper regulatory testing processes. I am too. But you are not meaningfully contesting my point, that a fixed 737 MAX is a safer aircraft to be flying in.
What would you suggest? Mothballing the MAX line for a wholly new aircraft? Arguably the MAX has significant flight testing time in production, to which one defect was found and is being remedied. A new aircraft would have less testing comparatively, and as noted, older aircraft really aren't inherently safer, as the 737's history shows.
My point was that the MAX will likely be the safest choice to fly in, and I don't think you offered up any logical argument saying otherwise.
I would suggest a fine-toothed audit of every single change made in the MAX aircraft, with particular attention paid to whether said changes were made solely in the interest of skirting regulations to sell more planes faster.
Because that is the point: Boeing's decision-making process is now highly suspect. It is pretty clear that the MCAS would not exist in anything like its current (flawed) form if Boeing hadn't been trying to avoid the pilot retraining requirement.
This is not a typical life-cycle for an engineering defect/flaw.
Hell no, I'll take Airbus or any other manufacturer over this crapware any day, even if I have to pay extra for the tickets. Boeing lost any trust in how they handled this, for very, very long time.
This topic is currently way beyond pure engineering issue, most human beings including me consider morality as quite an important aspect for example.
Unless I hear about some significant and measurable shift in the way company thinks and operates regarding to safety (nothing in the PR stuff discussed here), its a shady company with profits-above-safety mentality. No, thank you I can vote with my money
The parts that are the same can easily be a problem. Take, for instance, the emergency exits (this was about getting the NG certified in Japan almost 25 years ago BTW):
"We regret the impact the grounding has had on our airline customers and their passengers." - I really hated this. As if they did the grounding for safety reason and regrets the cost. As if the passengers and clamoring for flying in 737-MAX.
There's obviously a lot of concern and outrage. But I wonder if Boeing's share price would have been higher than last year if the two crashes were in first world countries specially US.
I don't doubt that Boeing will fix the MCAS problem, but the bigger issue for me is what other systems were hacked into place in order to rush this plane to market to compete with Airbus? The whole philosophy behind the design of the 737 MAX is what has me unsettled, not necessarily this one particular issue.
This. We have seen that there was another problem only noticed because of the extra scrutiny. We have a saying in the software business: two is an impossible number.
That said, the Air France Airbus dive into the ocean was caused by an equally stupid design decision that should never have shipped. Pilot and copilot were applying opposite force on the joystick, and instead of a siren going off, it just averaged them. Have they even fixed that yet? It was in ever Airbus.
They are trained and aware, but in high stress situations pilots sometimes forget things like that, which was significant in the air france crash. The pilot who had better control of the situation only momentarily pressed the button used to take full control, when you are supposed to hold it as long as you wish to keep control. I believe the "dual input" warning was also not aggressive enough at the time
It didn't help that the pilot flying was the one that made the error, and the other one, who correctly understood the situation, was the pilot monitoring. Even more, the pilot monitoring didn't explicitly take control of the aircraft - "My aircraft". Bonin was under the impression that he's in charge, and was utterly confused by the whole situation, until the end.
As with each aviation accident, it's not a single cause of failure - it's a swiss cheese model of failures, where it just happened that all the holes aligned - from the flight law dropping to alternate, to Bonin who didn't trust what the computers said, to the other pilots not understanding completely what Bonin did, to the pitot tubes freezing.
This has been a 50 year problem in the making, and whether it's for better or worse should be more carefully studied. Because here's my understanding of the history:
Through WW2 and the proliferating age of defense contractors, the government (mostly defense department, but also civilian agencies) stood almost on equal footing with contractors in their ability to design, scope, and evaluate big projects.
You would see scientists and in-house advisers at these departments able to expertly evaluate proposals/designs by contractors with sufficient background knowledge and tools to do so. They even worked closely with contractors to lay out the requirements and designs for systems, or products.
But, through the decades, a couple factors eroded this equal footing of the government / regulatory experts:
-- Shrinking of government budgets for (or unwillingness of the public to stomach) the ranks of Washington "bureaucrats" who represented this expert class of people (what harm is there in cutting "fat" from public servants who don't seem to produce anything tangible?)
-- More attractive pay, career potential, prestige, etc. of working in the private sector
-- Political distaste for being seen as working too closely with contractors
So what happened is that gradually but surely, government lost the tools to do these things themselves, and by sheer need to still have things approved, shifted the work onto industry.
What can you do when industry comes to you with new complicated designs for things, and you have no one who can assess (and no budget to pay for assessments of) whether those designs are safe? You ask the person proposing to critique themselves, and in many cases, they seem to know more than you anyway.
Of course, what in part probably led to our current situation.
As I said in the beginning, the pros and cons of operating a system in this way should be looked at.
As a society, my question is, how do we make it possible to choose to do these things in the way that produces the right outcome? For a start, I think we need to stop asking everyone to make uninformed votes about certain detailed things we don't understand, yet rely on every day. That definitely produces bad consequences for many issues.
The deep reason is the hollowing out of the technical professions. Engineering (not software 'engineering') is not in the scope of most college bound youth.
Claims aren't evidence. But testimony is evidence. How compelling that is depends on their credibility, qualifications, and whether there's corroborating evidence.
It is unclear if they are lacking technical expertise, but they are certainly being significantly more lax than one would want a regulatory body to be.
It's now fairly obvious MCAS was at the root of those two crashes. But, did it save lives in other circumstances?
Meaning, was there ever a case where the nose went up so much, because of the bigger motors and their different location on the wings, that the activation of MCAS prevented a stall? I'm surprised no one seems to talk about this.
It's also surprising the MCAS was implemented at all, instead of an alarm. Yes, the point of MCAS is to make appear the MAX is the same plane as earlier models (when in fact it's not), but if pilots need to learn how to deal with MCAS malfunction, isn't it the same as learning to deal with unexpected stalling during take-off? The whole reasoning sounds kind of circular.
That is what it looks like. In some sense, you are not “contrlling” a 737MAX, you are flying a virtual machine emulating the 737 previous gen, whose host is a new generation.
Calling it an emulation layer is more than slightly disingenuous. MCAS just sits and watches until a specific set of circumstances occur. Only then does it try to trim the nose down. Did they implement it well, no. Is that an "emulation layer", no.
They were going to lose customers to Airbus, who had a longer range plane. The solution was to retrofit larger engines on the 737. But they were too large and collided with the ground. They moved the engines to the front of the wing for ground clearance. This made the plane unstable and tend to tilt upwards, so they came up with MCAS to work around the instability.
> It's also surprising the MCAS was implemented at all, instead of an alarm.
Regulations are that "(1) The stick force vs. g curve must have a positive slope at any speed up to and including VFC/MFC; and......(a lot of other text)......During the approach to the stall, the longitudinal control pull force should increase continuously as speed is reduced from the trimmed speed to the onset of stall warning."
The Max's aerodynamics are such that as you approach a stall angle, at a certain point the force inverts and the aircraft "pitches nose up" reducing force against the stick close to the stall angle.
An alarm thus fails to meet the stick force requirement. The intention behind the MCAS is to push force against the stick throughout the approach to the stall angle to meet the requirement.
(Which obviously created a whole host of failure modes that everyone seems to have entirely missed).
> The Max's aerodynamics are such that as you approach a stall angle, at a certain point the force inverts and the aircraft "pitches nose up" reducing force against the stick close to the stall angle.
Which anybody who claims that MAX is safe without MCAS is ignoring: without properly working MCAS the plane effectively starts to misbehave exactly when it shouldn't (when it's harder to save it).
Unfortunately, with improperly working MCAS, the way it was designed (non redundant single sensor which is blindly trusted by MCAS and which is in effect stronger than the pilots fighting against it) there were already two crashes.
>Which anybody who claims that MAX is safe without MCAS is ignoring: without properly working MCAS the plane effectively starts to misbehave exactly when it shouldn't (when it's harder to save it).
MCAS is there to prevent stalls at high thrust and AoA. It's also disabled when flaps are down. Meaning that it's turned off for take offs and landings where you'd most expect high thrust and AoA as well as the worst times to stall. It's hard to square that with MCAS being necessary for safe operation.
As far as I know, MCAS has never activated in service due to actual high AoA. However, even the 737 classic could have "interesting" pitch up characteristics:
"The Boeing 737-300 was on approach to Bournemouth Airport following a routine passenger flight from Faro, Portugal. Early in the ILS approach the auto-throttle disengaged with the thrust levers in the idle thrust position. The disengagement was neither commanded nor recognised by the crew and the thrust levers remained at idle throughout the approach. Because the aircraft was fully configured for landing, the air speed decayed rapidly to a value below that appropriate for the approach. The commander took control and initiated a go-around. During the go-around the aircraft pitched up excessively; flight crew attempts to reduce the aircraft’s pitch were largely ineffective. The aircraft reached a maximum pitch of 44º nose-up and the indicated airspeed reduced to 82 kt. The flight crew, however, were able to recover control of the aircraft and complete a subsequent approach and landing at Bournemouth without further incident."
You are, of course, correct. I've not heard anything about whether lift from the nacelles on the Max could be more of an issue than on older 737s in such circumstances. Perhaps it's not an issue at low airspeeds? Would be interesting to know.
> It's now fairly obvious MCAS was at the root of those two crashes. But, did it save lives in other circumstances?
Let's say Boeing ships a new airliner, where in 1/1,000 flights, the wings fall off for no reason.
Would you be asking the question of: "But did the wings save lives in other circumstances?"
Of bloody course, they did. Doesn't mean that they should have ever shipped an aircraft, where the wings fall off for no reason!
MCAS was a hack around a redesign of the plane. If the plane would have crashed at an even higher rate, without that hack, then the conclusion is not: "WOW, MCAS saves lives."
The conclusion is: "That airplane should never have been shipped, because it is a deathtrap."
If it would have crashed at a lower rate, without MCAS, then no, MCAS was not a net life-saver.
Boeing chose to redesign the place, making it more dangerous to operate. To mitigate the danger, they added MCAS, which was also dangerous to operate. It doesn't matter whether or not a MAX with MCAS, or a MAX without MCAS is more dangerous. What matters is that a MAX with MCAS is dangerous. Nobody put a gun to their head, and made them redesign their plane.
I'm not trying to defend Boeing, I'm trying to understand if MCAS is actually needed in real life.
Reading the other comments it seems the answer is yes.
That said, it's unclear that a Max with MCAS is dangerous: the danger comes from pilots not being aware of it / trained for it. Which, again, doesn't disculp Boeing in any way.
> Nobody put a gun to their head, and made them redesign their plane.
The execs at Boeing probably felt the A320 was a gun to their head. The A320 was set to eat their lunch, and they made a decision that ultimately has resulted in 300+ deaths. Was it a malicious decision? I give them enough credit to say that they honestly believed they solved the problem with MCAS. Was it a malicious decision to lie about pilots not needing to re-train? I'm leaning towards yes.
It's a bandaid fix for an airframe issue. So yeah it probably saved lives, but ones which shouldn't have been at risk in the first place.
The whole thing wasn't kosher - re-using an old airframe to save costs even though its not really compatible with new engines to rush something to market with reduced certification requirements. The bandaid coming off shouldn't be where the focus should be
Culturally move fast & break things shouldn't be how aircraft go to market
The problem with dealing with a departure stall is they’re extremely deadly, happen faster than a person can react to, and are in general unrecoverable all because of the lack of altitude. If it was the case that you could easily deal with a departure stall in the 737-MAX then they would have seen no need to implement MCAS.
And if Boeing had originally went with a new type certification, the plane they'd build wouldn't need MCAS. The MAX can't exist without something like MCAS, can it?
Are you claiming that the fact that without MCAS, the plane being fundamentally dangerous is a good thing? I am not sure that "MCAS saved lives because that plane is begging to crash otherwise" a big selling point for Boeing.
"It's now fairly obvious MCAS was at the root of those two crashes. But, did it save lives in other circumstances?"
Very possible. The question is, should you use a plane with an unstable design in civilian air transport? AFAIK, a stealth bomber can't fly without the help of a computer to keep in in the air. But for a civilian aircraft this should be a very conscious decision and nothing that is hidden under band aid.
If you don't want to fly in a aircraft which requires a computer to fly then avoid anything Airbus and almost all other modern passenger jets. The 737 is literally as close to that ideal as you'll find in service today. If an EMP goes off your are still in trouble though, the engines have FADEC, so they'll probably shut down.
MCAS is an example of where ugly hacks take lives, not save them. If the plane was properly engineered hundreds of people would be alive, it's not a choice between MCAS and a dangerous plane.
I guess you can't tell. You could see how often it operated but not know whether the pilots would have saved it. That said it's pretty unusual for professional pilots in an airliner to get into a stall situation.
The desired mode of operation for a plane is to keep flying, without crashing. MCAS did not save anybody. By that logic steering wheels are also saving billions of people because without a steering your car would veer off the road.
"An erroneous AOA input can cause some or all of the following indications and effects:"
"IAS DISAGREE alert."
The whole "what to do" is then:
"Initially, higher control forces may be needed to overcome any stabilizer nose down trim already applied. Electric stabilizer trim can be used to neutralize control column pitch forces before moving the STAB TRIM CUTOUT switches to CUTOUT. Manual stabilizer trim can be used before and after the STAB TRIM CUTOUT switches are moved to CUTOUT."
We know now that the pilots performed what was there laconically written, and that even these actions couldn't save the plane.
Which means either:
- Boeing never actually tested how to really handle the situation described then or
- Boeing indeed tested that and knew that IAS DISAGREE procedures would also be followed and which would guarantee to make the plane uncontrollable (for details see here: https://leehamnews.com/2019/04/03/et302-used-the-cut-out-swi... how one pilot recently reconstructed that and made a video about it, which was later withdrawn on the demand of the pilot's company -- note a single pilot here did what Boeing, which is supposed to sell hundreds of billions USD worth of these planes didn't want to do), but bet on "it won't happen soon enough, we can get away with it."
I can't find that anybody can excuse either of these.
The pilots didn't actually do that. They did not use electric stabilizer trim to "neutralize control column pitch forces before moving the STAB TRIM CUTOUT switches to CUTOUT" in fact the trim had been run markedly down by MCAS by the time they switched off the electric trim.
I'm pretty sure this will end with retraining or the restoration of "pull up" method of the pilot overriding the feature (the later may require retraining anyway)
> We remain confident in the fundamental safety of the 737 MAX
He just finished several paragraphs about how the plane and it's software was not safe ("erroneous activation of the MCAS function"), and then arrives at this conclusion?
If my car erroneously responds to the pressure on the gas pedal it's not safe.
If he says anything other than that, odds of the 737 MAX being scrapped entirely (from customer and air passenger pressure) goes up. Saving face to save the share price.
Maybe it shouldn't be, but your comment is surprisingly cynical to me.
I don't believe share price is at the front of his mind, nor any of the engineers working at Boeing. I, for one, work for much more than a paycheck; I think it's reasonable to think they do too.
You could argue that it was at the front of their minds before these accidents, but IMO that conclusion only stands in confirmation of some bias against large corporations (which apparently is pretty common!)
What is more likely? That Boeing is genuinely sorry for their enormous process failures (that others on HN have documented in great detail) to catch these product deficiencies earlier in the process, failures that have killed hundreds of people? Or the catastrophic financial losses they will suffer in the event they are forced to scrap the MAX?
I'm cynical because of Occam's razor, not because I want to be. I'd very much prefer not to be cynical, to tell you the truth.
I mean, yeah, if a bad hardware driver could threaten my life in some way (like overheating a component to the point of a fire risk) then I would discontinue use of that machine immediately.
This is a hardware issue. Lack of redundancy in sensors. Lack of knobs to turn MCAS off without turning off the electric motors that are apparently necessary to control the plane in challenging circumstances (which a hardware failure can put you in).
It's also a training issue, especially with the first flight pilots not being informed about this system.
Maybe it can be worked around via software changes and human training. But the software appears to have done what it was supposed to.
Two isn't good for much, if they give different readings you don't know which to believe. Either that kills you like in real life, or it kills you because of the stall problem it was invented to fix.
Edit: And yes, you could do something more sensible than what they did, but that doesn't "fix" the issue, it merely mitigates it to some extent.
This seems a little overstated. As I understand it the plane isn't actually aerodynamically unstable and isn't going to stall itself without the pilot pulling into it. The main issue seems to have been software to me.
I'm not saying they should avoid using a third sensor. It sounds like a good idea. But I'm not sure it's required for airworthiness, after you move from one to two.
Maybe a little overstated to avoid getting into subtleties, but I stand behind the point.
Yes, it seems the plane is probably mostly flyable if you kill the MCAS system (which is the only reasonable step to take in a two sensor system when they disagree). But
- The plane no longer handles the same, you definitely need to be alerting the pilots, and put this change into manuals and training. This isn't just a thing you should silently do in software and expect not to kill people.
- The plane no longer meets the FAA rules for the class under these conditions. Maybe that's acceptable because it is an error state, but I think that meets the definition of a "workaround" and not a "fix".
- At least one of these planes took off when one of the sensors was known to be bad from the previous flight (as I understand it). I can only assume that they don't do that when something critical to the handling of the plane is broken. This is another process bug that needs to be fixed before a software workaround might be acceptable.
I don't see any way to interpret this other than "the hardware didn't work as we thought it did", which leads me to say "hardware bug", even if you can maybe work around it with process, training, and software changes.
Except if your computer has a failed driver it won't kill you, why are you all over these posts so adamantly defending Boeing? OP had a valid comparison via car and plane, yours was simply asinine.
>> We're taking a comprehensive, disciplined approach, and taking the time, to get the software update right.
If only you had done that the first time.
>> This update, along with the associated training and additional educational materials that pilots want in the wake of these accidents, will eliminate the possibility of unintended MCAS activation and prevent an MCAS-related accident from ever happening again.
From what we've read, your company thought that cost too much the first time around. Maybe it's time to reconsider the costs of NOT doing the work up front. Boeing used to be better at this.
You think they did that with pilots specifically trained in MCAS functionality, or with pilots from some small country halfway around the world where they were specifically told it was the same as any ol' 737?
The problem for me is not with the error that happened but by the response of the CEO for the accident. People who fly on new planes can't be bullsh*tted that easily, as they read news all the time. The Boeing CEO has no idea how much he is in the center of attention for his clients right now.
I think he underestimates how well informed people are, or maybe I'm overestimating. It's good that he said that Boing takes responsibility, but instead of saying that he's confident in 737 MAX he should have said that he's making sure that the fix is well tested. Also he could have gone into the details of the verification plan to calm the technical crowd.
Anyways, we'll see how the stock price looks in a year, I sincerely have no idea, but I think airlines outside US will try to prefer Airbus for new contracts in the next year.
Like, Fly-by-wire is not new, airbus has been flying this way for 30 years, and had some bad early accidents because of it. The name of the system doesnt matter very much, so I fail to understand how the name would ground the airplane forever
MCAS was designed to only activate in extreme flight conditions (e.g. AoA being abnormally high). The reason why they decided have MCAS activate even without autopilot can probably be traced to this: https://en.wikipedia.org/wiki/Air_France_Flight_447.
The Airbus system certainly does override pilot commands. It doesn't matter if the autopilot is disengaged. There are situations even outside of normal law where the system will prevent the pilot from entering a stall.
I think $3B in R&D, half of that is the engines, but more importantly, time to market trying to compete with Airbus.
They can reuse the engines. If the airframe can’t fly safely without MCAS (it’s getting a new type rating anyway at this point, right?) then I think perhaps it shouldn’t fly.
Yea somehow I don't think that's how they are crunching the numbers. Stock price is probably sitting on the assumption that those 5000 orders at cool 128M are going to go through. That would be considered 600B loss.
That's two billion roughly per life lost. Seems like a small price to pay. The CEO should be going to jail too. I highly doubt any of this will happen. Human lives are probably worth a million or two at most to a corporation like Boeing and the political apparatus that lets it operate these planes.
Would the Boeing executives put their families on a 737MAX running the same version of the software that Ethiopian was running? Would they be willing to do this with a purposeful placed hypothetical AoA sensor that was known to manfunction quite often? Can that really be considered a safe plane?
Safety is one thing but the problem is that MCAS was brought in to keep the common type rating. It's hard to see that common type rating holding now with what we know.
It’s clear FAA lacks the expertise to regulate this kind safety issues. It’s not easy for them to have it either since the innovators are always a step ahead but it’s clear they need to shape up.
I don’t have any knowledge of the process for verification of new airplane models, but one thought as software developer would perhaps be for FAA to become more digital in their efforts. Require from manufacturers (At least for bigger models) a digital virtual model of the entire airplane that will be used for simulated tests. You could for instance test faulty signaling sensors but also the whole subseqqunt chain of events taking into account pilot actions (or lack of).
It should be a routine to replay a simulation with data from previous crashes. In this particular instance perhaps FAA would have understood the reasons of the first crash and been able to stopped the second crash from ever happening.
You could even develop methods that can generate data to be able to predict hidden issues with an existing design without a real crash ever happening.
Boeing fucked up. FAA fucked up. Boeing management fucked up after Lion. Boeing mgmt fucked up after EA. They should resign in disgrace, not issue self-serving press releases.
"From the days immediately following the Lion Air accident, we've had teams of our top engineers and technical experts working tirelessly..."
If they've been working tirelessly, then they should have understood the risks and grounded the fleet.
Either they understood the risks, but neglected to ground the fleet, or they didn't understand the risks and hence we can't trust the fix.
I also find it sort of nauseating that the CEO implicitly gets the message through that the fix already has been worked on for a long time, has thus matured, can now be fully trusted, and we are just weeks away from flying with a safe plane.
I don't buy any of it. Let's analyse this critically.
The MCAS still needs to augment the flight characteristics. There is nothing that can be fundamentally changed regarding this fact. We can only change the conditions under which MCAS activates and the conditions under which it is deactivated.
It still has to have the same authority for a nose-down and recovering from an erroneous high-magnitude nose-down will still be mechanically hard or require additional pilot knowledge and actions. The latter should be impossible without recertification.
The operational characteristics of the airplane are not matched with the operational controls offered to the pilots, by design constraint. The plane is thus unsafe and will forever be unsafe, without redesign and recertification, because with the constraints in place, they can only add additional information on displays, add more reliability by having the MCAS utilise input from more sensors, add more conditions under which the the MCAS deactivates, etc, but none of this attacks the fundamental impedance mismatch between characteristics and controls, as well as the lack of education for it. Deactivation also simply exchanges the risk of stalls for nose downs.
All-in-all, the MAX is simply an airplane with a worse flight envelope as far as safety is concerned, and nothing can be done about it.
Ugh. I just read the report and maintain that the pilots acted incompetently. Though they regained control of the plane and turned off the stab trim system, their reaction took considerable time. The fatal blow, however, is this: distracted by the problem, neither pilot paid attention to the aircraft's speed as they flew along in level flight. They had tunnel vision. You can see in the report that the overspeed clacker began alerting them midway through the incident. With the nose-down trim, this high airspeed exacerbated the difficulty of holding the nose up. Had they slowed down, the aircraft would have been controllable. The moment they reactivated the system at high speed, adding even more nose down trim, they killed themselves and everyone on board.
I also question the lack of clear communication between the two pilots. Examples such as the captain asking the first officer if the aircraft could be manually trimmed and the first officer replying in the negative, with no verification on the part of the captain and no checklist use make me wonder. Maybe they were doing those things. I'd be interested in seeing a transcript. It's understandable why Muilenburg doesn't seem particularly remorseful.
As a few posters mentioned, an interesting question is why the plane needs MCAS in the first place. I read somewhere that the max 8 got new engines which were bigger than engines on previous 737 series, and that makes the plane nose up. Any kid who ever made a model plane understands the idea of CG - if it pitches up you change something, maybe move the wings back. Is it possible that an industry leader shipped a plane that’s not even freakin balanced, tried to fix it in software(!) to avoid an expensive redesign, screwed up the software and maybe the safety analysis, and then didn’t even manage to mention to the pilots that this software hack even existed? This is hard for me to fathom. If the Ethiopian report is right, it might even be that the procedure to turn off MCAS didn’t even work. I hope I am misunderstanding something here.
The new, more economical engines are physically bigger, so in order to maintain the required ground clearance the engines were moved forward and up. This gave the plane a tendency to nose-up in certain extreme circumstances. MCAS was supposed to make the plane behave more like previous 737 models, in order to fulfill the "common type" requirement that would allow 737 pilots to fly it without getting qualified for a new aircraft type.
The plane _is_ balanced; it's not like Boeing built an aircraft that falls out of the sky if you slightly nudge the yoke wrong. (Which wouldn't even be unusual; plenty of modern aircraft are completely uncontrollable without computer assistance.) Yes, the problem could've been solved with a re-design of the aircraft- lengthening the landing gear struts, modifying the wings, etc. - but that would negate the point of using an existing and well-tested design.
There's A LOT of guilt to go around in this story, but no one can actually be casting doubt on the abilities of Boeing engineers in the fundamentals of aircraft design.
You're partway there. The design isn't inherently unstable under normal conditions, it just becomes unstable under slightly different extreme conditions than the previous 737. Rather than training pilots on this difference, Boeing tried to emulate the old behaviour in software.
Not quite, without MCAS the flight behavior is quite predictable, it just doesn't match the existing type certification and it falls outside of the allowed parameters for this class of planes.
The root problem seems to be FAA not having qualified engineers to thoroughly test the planes Boeing makes.
Boeing pays better, so it hires the best engineers. FAA pays less so it gets second-grade engineers. And we all pay by flying in unsafe planes.
This has been a 50 year problem in the making, and whether it's for better or worse should be more carefully studied.
Through WW2 and the proliferating age of defense contractors, the government (mostly defense department, but also civilian agencies) stood almost on equal footing with contractors in their ability to design, scope, and evaluate big projects.
You would see scientists and in-house advisers at these departments able to expertly evaluate proposals/designs by contractors with sufficient background knowledge and tools to do so. They even worked closely with contractors to lay out the requirements and designs for systems, or products.
But, through the decades, a couple factors eroded this equal footing of the government / regulatory experts:
-- Shrinking of government budgets for (or unwillingness of the public to stomach) the ranks of Washington "bureaucrats" who represented this expert class of people (what harm is there in cutting "fat" from public servants who don't seem to produce anything tangible?)
-- More attractive pay, career potential, prestige, etc. of working in the private sector
-- Political distaste for being seen as working too closely with contractors
So what happened is that gradually but surely, government lost the tools to do these things themselves, and by sheer need to still have things approved, shifted the work onto industry.
What can you do when industry comes to you with new complicated designs for things, and you have no one who can assess (and no budget to pay for assessments of) whether those designs are safe? You ask the person proposing to critique themselves, and in many cases, they seem to know more than you anyway.
Of course, what in part probably led to our current situation.
As a society, my question is, how do we make it possible to choose to do these things in the way that produces the right outcome? For a start, I think we need to stop asking everyone to make uninformed votes about things we don't understand, yet rely on every day.
Most government agencies are incapable of having a good workforce. There are strict rules for hiring, paying, and firing. These rules involve all sorts of political nonsense unrelated to job performance, such as veteran status and seniority. The high-performing workers will go where they will be appreciated and rewarded, and where they won't be surrounded by useless and awful people.
Absent a politically impossible change to the way the government handles employment, trimming the ranks is the only way to get rid of the harmful parasites that infest the typical government agency.
Following your line of reasoning, wouldn't the supposedly better engineers build more safe planes, relegating the poor dunces to only validating the designs from their intellectual superiors? In your hypothetical, they aren't paying more for safety dodgers.
Even smart engineers ultimately have a product manager who makes the call. Many times before I've been on projects where the team said we should not do something in a particular way only for a product manager or their superior to say no, we'll do this as it aligns with company goals or "we'll come back and fix it later".
Then you either have to put up and do it or you'll be strategically moved elsewhere or be managed out of the job.
Building a plane is a more challenging task than testing it.
As a developer, I can say the same about writing software. Yet, my software is not likely to kill people and comes with no warranties whatsoever.
In this scenario, we should make sure the test engineers are even more competent than design engineers. We can't rely on designers to thoroughly test what they build.
This address does nothing to make me feel better about flying on any future Boeing plane. They promise to fix the MCAS system in the current crop, but say nothing about the organizational choices and structures that allowed this to happen in the first place.
Allowing the company to produce a plane, equipped with a non-redundant system with control over the vertical attitude of the plane, and doing so in a way that intentionally minimizes the perceived impact and required training to operate a plane with this system is the true mistake here.
This is a failure of the both the FAA, Boeing, and pretty much every player along the chain.
Corporate irresponsibility and getting away with it is something I have mostly gotten used to at this point. But this particular incident is still really getting to me specially after the press release.
I was just trying to read up a little about sings of sociopath. It seems to me that a big chunk of major corporate big brash could be considered extreme versions of sociopath.
What exactly does “getting away with it” mean in this context? Boeing will get sued from many different directions, their share price will suffer, and likely they’ll have lost orders for their aircraft.
Let’s say we wanted to get really punitive... who do we blame? The engineers that worked on it? The Boeing CEO for not personally verifying every piece of software on all of their aircraft?
Do we throw someone in jail? How does that help improve safety culture exactly?
Boeing & Airbus are largely responsible for the massive improvements in flight safety over the last 40 years. It’s incredible that flying is as safe as it. Yes the deaths are a tragedy, but every time I get in a plane I accept the fact that the physics of flying could ultimately kill me, and I trade that off against the convenience of getting somewhere quickly.
Assuming what's revealed so far is reasonably accurate and the decisions were not taken for some yet to be revealed completely unexpected reason (unlikely) here's who to blame.
This was a business decision to remove re-certification/re-training for some 60B sales. So yes the CEO is responsible. If you can float on money for the success you can spend the lifetime in jail for the deaths too.
But that might be a little extreme. So here's a better one for after Lion Air crash there is no reason to believe that Boeing including the CEO didn't go over this, didn't realize they made a risky plan and even then they didn't go through with their temporary mitigation with a fine tooth comb. So yes it seems the CEO and some big shots and maybe some down the line should go to jail.
No one is sent to jail for complicated to reason or never before seen problem that they didn't know about or didn't think about and it happened. This wasn't an accident, they implemented absolutely critical safety feature by design without triple redundancy as well understood to be required then they lied about it (if I understood the max change from earlier to later version), tried to downplay it and when a crash happened due to this didn't own up to it. So for sure this helps safely culture. If you hide safety problem knowingly for greed/money, because your boss asked and you didn't care you shouldn't be working in safety critical system.
> Boeing & Airbus are largely responsible for the massive improvements in flight safety over the last 40 years. It’s incredible that flying is as safe as it. Yes the deaths are a tragedy, but every time I get in a plane I accept the fact that the physics of flying could ultimately kill me, and I trade that off against the convenience of getting somewhere quickly.
I don't even know what to say to this. So I drove safely for 40 years and today I decided to see if I can safely drunk drive if I play the music really loud and killed a family of four.
This was not physics, this was not a complicated software bug (at the core) but it was cutting corners for profit.
It's related to the incentive structures of big corporations. Profit for investors is the primary goal, and the only real constraint is the legal system (where loopholes are often found or bought). People are viewed through the lense of KPIs.
It's clear why this type of system selects for leaders who do not value ethics, respect the law, or value the individual. I'm not sure what to call these leaders, but sociopath doesn't seem too far off.
> This update, along with the associated training and additional educational materials that pilots want in the wake of these accidents, will eliminate the possibility of unintended MCAS activation and prevent an MCAS-related accident from ever happening again.
How can he claim this? They'd have to remove MCAS for this to be true.
So after hundred of lives lost the only thing that they will do is a software fix.
Thanks, but when the max won’t be grounded again I’ll check all my flights to avoid going on that death machine.
this is just a total saving face scenario. he even mentions that after the lion air flight they knew about this (i would claim they knew about it long before that anyway) and have been working on a fix. then why the cold response still after the ethiopian airlines crash?
furthermore, this is summed up by just "we'll fix it in software". hurray, everything we touch including cars and airplanes are now subscribing to the "we'll fix it in software" approach. failed a safety brake test? fix it with software. kill a few hundred people by an automatic system crashing a plane? fix it with software.
i really hope society wakes up and SLOWS DOWN. we're trying to move so fast, with hardly any reason at all, and in doing so, we are throwing away all ability to properly design, build, and god forbid, think about things. i don't know what it's going to take, but it feels out of control. everywhere you look is people hurrying and hurrying to release, to productize, to ship it, etc. whenever i ask "why?" to schedules, there has NEVER been a clear answer. it always boils down to basically "just because".
in addition, we simply have too much laziness and greed taking place, which is what added to boeing's misstep here. they tried pulling a fast one on buyers (and basically accomplished it) to make a few bucks towards that everlasting capitalist dream.
The amount of oh gotchas and keyboard guesses from lots of google searching is quite comical. Think any real in-depth analysis has been done yet? Silly.
Airbus had similar issues a while back. The software was forcing the nose of the plane down and the pilots had to fight with it to bring the plane out of a dive.
Is it absolutely necessary for the computer to be adjusting the angle of attack?
"The occurrence was the only known example where this design limitation led to a pitch-down command in over 28 million flight hours on A330/A340 aircraft"
The common-platform A330/40 had been in service for 15 years before this event. It really was a freak failure of one computer unit which went haywire and which led to a design change to mitigate it. That was 11 years ago.
It is deceptive to claim it's anything like the 737 Max issue.
He admits that MCAS "activated in response to erroneous angle of attack information" but doesn't admit that this alone directly resulted in the crashes. Rather, he implies that this sets off a chain of events which the pilots are unable to deal with ("pilots have told us, erroneous activation of the MCAS function can add to what is already a high workload environment") which puts undue blame on the pilots rather than the system.
If you'll excuse the analogy, it's as if they installed a new griddle in a restaurant kitchen which randomly gets ten times more hot than it ought to be, with no warning. The cook doesn't know it's too hot until the eggs start burning. Now the manager is saying that since the kitchen is so busy, the cook can't flip the eggs fast enough in response to these randomly fluctuating high temperature events. We're being told it's the cooks' fault.
I don't like being bullshitted and find this sort of dodgy language completely inappropriate when 300 people died.