OT: Deadly 'Misguided Assumptions' Were Built Into Boeing's

[bitrex]

On 6/2/19 8:50 PM, Lasse Langwadt Christensen wrote:

mandag den 3. juni 2019 kl. 02.30.16 UTC+2 skrev bitrex:
On 6/2/19 8:15 PM, trader4@optonline.net wrote:
On Sunday, June 2, 2019 at 7:55:36 PM UTC-4, bitrex wrote:
On 6/2/19 4:37 PM, bloggs.fredbloggs.fred@gmail.com wrote:
On Sunday, June 2, 2019 at 9:18:59 AM UTC-4, Winfield Hill wrote:
Details of an error in engineering procedures
and decision-making:
https://www.nytimes.com/2019/06/01/business/boeing-737-max-crash.html

The comments to the article are also interesting.

The airlines have a history of this kind of risk taking.
"According to the NTSB, a fuel tank explosion happens on average every four and a half years. In May 1990, six years before TWA 800, a center tank exploded on a Philippine Airlines 737 shortly before take off, killing eight people. Four years and eight months after TWA 800, the center tank of a Thai Airways jet exploded on the ground, killing one person."

http://www.cnn.com/2006/US/07/14/twa.main/index.html

Up to the TWA flight 800 disaster, they were spending way more money on their in-flight entertainment system than a fuel tank oxygen removal system could ever cost.

As for the NYT article, they have the basic facts but as usual their interpretation is pathetically naive.
The FAA is incapable of certifying a design as complex as the 737 MAX. They in fact handed the entire certification off to Boeing with the certification reports being "reviewed" by semi-comatose swivel chair operators with probably less than 10% (on the high end) comprehension of what they were reading. And when NYT reports Boeing delivered this or that information to FAA, it only means it was part of a probably huge documentation package most of which was simply glossed over by the FAA. As is typical of most politicized bureaucracies, they're just not going to pay much attention to anything that's not already a high visibility issue.
I agree with Boeing about the MCAS not being a single-thread catastrophic failure mechanism because the pilot is always available to pull the system out of MCAS control, and the MCAS was relatively slow acting, taking 10 seconds to do anything. And you can't implement a voting scheme with just two sensors. The only good a second sensor would serve is if it was something the pilot could switch in when/if the first sensor gave him trouble with the MCAS.
The fault lies with the airlines for not properly training their pilots.

Has anyone told Boeing there's no point to using two sensors? Cuz as
part of their fix to this issue, according to the article, using two
sensors continually seems to be central to the plan, not just a second
sensor that's switchable/optional.

The idea to two seems to be that if they disagree by a substantial amount, then
MCAS will take no action, because something is wrong and the cure is
potentially far worse than the problem.


That makes sense. you can have a "voting system" such as it is with two
sensors but it can't actually _do_ anything other than to take itself
offline and provide a gripe signal that its internal state is inconsistent.

The Space Shuttle had four main computers in a voting system, and IIRC
the plan was if there was a time when there was a repeated two-two split
on some decision of importance then all four would be taken offline and
a fifth normally out-of-the-loop computer would be brought online, which
was hardcoded with only what was necessary for de-orbit and landing, and
return home immediately. Also IIRC there was never a two-two split on
anything during operation of the Shuttle.

voting can also fail, https://en.wikipedia.org/wiki/XL_Airways_Germany_Flight_888T

that really unlucky situation might inspire a black-comedy joke about
redundancy like "Two is better than one, except when one is better than
three. Four is intrinsically better than three but sometimes worse than
two. Five, is right out."

Well I'll work on it, if it hasn't been done already. because then my
labor would be redundant.

 

[Lasse Langwadt Christense]

mandag den 3. juni 2019 kl. 02.30.16 UTC+2 skrev bitrex:

On 6/2/19 8:15 PM, trader4@optonline.net wrote:
On Sunday, June 2, 2019 at 7:55:36 PM UTC-4, bitrex wrote:
On 6/2/19 4:37 PM, bloggs.fredbloggs.fred@gmail.com wrote:
On Sunday, June 2, 2019 at 9:18:59 AM UTC-4, Winfield Hill wrote:
Details of an error in engineering procedures
and decision-making:
https://www.nytimes.com/2019/06/01/business/boeing-737-max-crash.html

The comments to the article are also interesting.

The airlines have a history of this kind of risk taking.
"According to the NTSB, a fuel tank explosion happens on average every four and a half years. In May 1990, six years before TWA 800, a center tank exploded on a Philippine Airlines 737 shortly before take off, killing eight people. Four years and eight months after TWA 800, the center tank of a Thai Airways jet exploded on the ground, killing one person."

http://www.cnn.com/2006/US/07/14/twa.main/index.html

Up to the TWA flight 800 disaster, they were spending way more money on their in-flight entertainment system than a fuel tank oxygen removal system could ever cost.

As for the NYT article, they have the basic facts but as usual their interpretation is pathetically naive.
The FAA is incapable of certifying a design as complex as the 737 MAX.. They in fact handed the entire certification off to Boeing with the certification reports being "reviewed" by semi-comatose swivel chair operators with probably less than 10% (on the high end) comprehension of what they were reading. And when NYT reports Boeing delivered this or that information to FAA, it only means it was part of a probably huge documentation package most of which was simply glossed over by the FAA. As is typical of most politicized bureaucracies, they're just not going to pay much attention to anything that's not already a high visibility issue.
I agree with Boeing about the MCAS not being a single-thread catastrophic failure mechanism because the pilot is always available to pull the system out of MCAS control, and the MCAS was relatively slow acting, taking 10 seconds to do anything. And you can't implement a voting scheme with just two sensors. The only good a second sensor would serve is if it was something the pilot could switch in when/if the first sensor gave him trouble with the MCAS.
The fault lies with the airlines for not properly training their pilots.

Has anyone told Boeing there's no point to using two sensors? Cuz as
part of their fix to this issue, according to the article, using two
sensors continually seems to be central to the plan, not just a second
sensor that's switchable/optional.

The idea to two seems to be that if they disagree by a substantial amount, then
MCAS will take no action, because something is wrong and the cure is
potentially far worse than the problem.


That makes sense. you can have a "voting system" such as it is with two
sensors but it can't actually _do_ anything other than to take itself
offline and provide a gripe signal that its internal state is inconsistent.

The Space Shuttle had four main computers in a voting system, and IIRC
the plan was if there was a time when there was a repeated two-two split
on some decision of importance then all four would be taken offline and
a fifth normally out-of-the-loop computer would be brought online, which
was hardcoded with only what was necessary for de-orbit and landing, and
return home immediately. Also IIRC there was never a two-two split on
anything during operation of the Shuttle.

voting can also fail, https://en.wikipedia.org/wiki/XL_Airways_Germany_Flight_888T

 

On Sunday, June 2, 2019 at 9:30:15 PM UTC-4, bitrex wrote:

On 6/2/19 9:20 PM, bloggs.fredbloggs.fred@gmail.com wrote:
On Sunday, June 2, 2019 at 8:15:39 PM UTC-4, tra...@optonline.net wrote:
On Sunday, June 2, 2019 at 7:55:36 PM UTC-4, bitrex wrote:
On 6/2/19 4:37 PM, bloggs.fredbloggs.fred@gmail.com wrote:
On Sunday, June 2, 2019 at 9:18:59 AM UTC-4, Winfield Hill wrote:
Details of an error in engineering procedures
and decision-making:
https://www.nytimes.com/2019/06/01/business/boeing-737-max-crash.html

The comments to the article are also interesting.

The airlines have a history of this kind of risk taking.
"According to the NTSB, a fuel tank explosion happens on average every four and a half years. In May 1990, six years before TWA 800, a center tank exploded on a Philippine Airlines 737 shortly before take off, killing eight people. Four years and eight months after TWA 800, the center tank of a Thai Airways jet exploded on the ground, killing one person."

http://www.cnn.com/2006/US/07/14/twa.main/index.html

Up to the TWA flight 800 disaster, they were spending way more money on their in-flight entertainment system than a fuel tank oxygen removal system could ever cost.

As for the NYT article, they have the basic facts but as usual their interpretation is pathetically naive.
The FAA is incapable of certifying a design as complex as the 737 MAX. They in fact handed the entire certification off to Boeing with the certification reports being "reviewed" by semi-comatose swivel chair operators with probably less than 10% (on the high end) comprehension of what they were reading. And when NYT reports Boeing delivered this or that information to FAA, it only means it was part of a probably huge documentation package most of which was simply glossed over by the FAA. As is typical of most politicized bureaucracies, they're just not going to pay much attention to anything that's not already a high visibility issue.
I agree with Boeing about the MCAS not being a single-thread catastrophic failure mechanism because the pilot is always available to pull the system out of MCAS control, and the MCAS was relatively slow acting, taking 10 seconds to do anything. And you can't implement a voting scheme with just two sensors. The only good a second sensor would serve is if it was something the pilot could switch in when/if the first sensor gave him trouble with the MCAS.
The fault lies with the airlines for not properly training their pilots.

Has anyone told Boeing there's no point to using two sensors? Cuz as
part of their fix to this issue, according to the article, using two
sensors continually seems to be central to the plan, not just a second
sensor that's switchable/optional.

The idea to two seems to be that if they disagree by a substantial amount, then
MCAS will take no action, because something is wrong and the cure is
potentially far worse than the problem.

That's the least reliable option because you lose MCAS if either/or the angle sensors fail. Maybe they think it's important to have MCAS, making the switchable option the most reliable to that end.
In both crashes the sensor activated MCAS because it thought the angle was too high and the aircraft was in danger of stalling. So it put the nose down at a steep angle causing the crash. I don't know why it just as easily could have sensed the nose was down too much and put the nose up causing the plane to stall and crash. The basic problem is the pilot doesn't have any wiggle room when he's coming in for a landing. It only takes a few seconds of bad control to put the aircraft in a bad spot it can't get out of. Maybe they should just shut the damn thing off below a certain ground height and ground speed.


The way the article framed it was that there was feature-creep in the
design of the MCAS system. from an emergency system that would only
engage in exceptional circumstances to being just another part of the
normal flight controls that was always operating in the background to
make it a more comfortable aircraft to fly.

Right, and it's a good feature. Boeing failed to properly account for the human factor in their failure modes effects analysis.

 

On Sun, 2 Jun 2019 18:20:16 -0700 (PDT),
bloggs.fredbloggs.fred@gmail.com wrote:

On Sunday, June 2, 2019 at 8:15:39 PM UTC-4, tra...@optonline.net wrote:
On Sunday, June 2, 2019 at 7:55:36 PM UTC-4, bitrex wrote:
On 6/2/19 4:37 PM, bloggs.fredbloggs.fred@gmail.com wrote:
On Sunday, June 2, 2019 at 9:18:59 AM UTC-4, Winfield Hill wrote:
Details of an error in engineering procedures
and decision-making:
https://www.nytimes.com/2019/06/01/business/boeing-737-max-crash.html

The comments to the article are also interesting.

The airlines have a history of this kind of risk taking.
"According to the NTSB, a fuel tank explosion happens on average every four and a half years. In May 1990, six years before TWA 800, a center tank exploded on a Philippine Airlines 737 shortly before take off, killing eight people. Four years and eight months after TWA 800, the center tank of a Thai Airways jet exploded on the ground, killing one person."

http://www.cnn.com/2006/US/07/14/twa.main/index.html

Up to the TWA flight 800 disaster, they were spending way more money on their in-flight entertainment system than a fuel tank oxygen removal system could ever cost.

As for the NYT article, they have the basic facts but as usual their interpretation is pathetically naive.
The FAA is incapable of certifying a design as complex as the 737 MAX. They in fact handed the entire certification off to Boeing with the certification reports being "reviewed" by semi-comatose swivel chair operators with probably less than 10% (on the high end) comprehension of what they were reading. And when NYT reports Boeing delivered this or that information to FAA, it only means it was part of a probably huge documentation package most of which was simply glossed over by the FAA. As is typical of most politicized bureaucracies, they're just not going to pay much attention to anything that's not already a high visibility issue.
I agree with Boeing about the MCAS not being a single-thread catastrophic failure mechanism because the pilot is always available to pull the system out of MCAS control, and the MCAS was relatively slow acting, taking 10 seconds to do anything. And you can't implement a voting scheme with just two sensors. The only good a second sensor would serve is if it was something the pilot could switch in when/if the first sensor gave him trouble with the MCAS.
The fault lies with the airlines for not properly training their pilots.

Has anyone told Boeing there's no point to using two sensors? Cuz as
part of their fix to this issue, according to the article, using two
sensors continually seems to be central to the plan, not just a second
sensor that's switchable/optional.

The idea to two seems to be that if they disagree by a substantial amount, then
MCAS will take no action, because something is wrong and the cure is
potentially far worse than the problem.

That's the least reliable option because you lose MCAS if either/or the angle sensors fail. Maybe they think it's important to have MCAS, making the switchable option the most reliable to that end.
In both crashes the sensor activated MCAS because it thought the angle was too high and the aircraft was in danger of stalling. So it put the nose down at a steep angle causing the crash. I don't know why it just as easily could have sensed the nose was down too much and put the nose up causing the plane to stall and crash. The basic problem is the pilot doesn't have any wiggle room when he's coming in for a landing. It only takes a few seconds of bad control to put the aircraft in a bad spot it can't get out of. Maybe they should just shut the damn thing off below a certain ground height and ground speed.

How about an MCAS unreliable warning? Of course trained pilots would
help, too.

 

[bitrex]

On 6/2/19 9:38 PM, bloggs.fredbloggs.fred@gmail.com wrote:

On Sunday, June 2, 2019 at 9:30:15 PM UTC-4, bitrex wrote:
On 6/2/19 9:20 PM, bloggs.fredbloggs.fred@gmail.com wrote:
On Sunday, June 2, 2019 at 8:15:39 PM UTC-4, tra...@optonline.net wrote:
On Sunday, June 2, 2019 at 7:55:36 PM UTC-4, bitrex wrote:
On 6/2/19 4:37 PM, bloggs.fredbloggs.fred@gmail.com wrote:
On Sunday, June 2, 2019 at 9:18:59 AM UTC-4, Winfield Hill wrote:
Details of an error in engineering procedures
and decision-making:
https://www.nytimes.com/2019/06/01/business/boeing-737-max-crash.html

The comments to the article are also interesting.

The airlines have a history of this kind of risk taking.
"According to the NTSB, a fuel tank explosion happens on average every four and a half years. In May 1990, six years before TWA 800, a center tank exploded on a Philippine Airlines 737 shortly before take off, killing eight people. Four years and eight months after TWA 800, the center tank of a Thai Airways jet exploded on the ground, killing one person."

http://www.cnn.com/2006/US/07/14/twa.main/index.html

Up to the TWA flight 800 disaster, they were spending way more money on their in-flight entertainment system than a fuel tank oxygen removal system could ever cost.

As for the NYT article, they have the basic facts but as usual their interpretation is pathetically naive.
The FAA is incapable of certifying a design as complex as the 737 MAX. They in fact handed the entire certification off to Boeing with the certification reports being "reviewed" by semi-comatose swivel chair operators with probably less than 10% (on the high end) comprehension of what they were reading. And when NYT reports Boeing delivered this or that information to FAA, it only means it was part of a probably huge documentation package most of which was simply glossed over by the FAA. As is typical of most politicized bureaucracies, they're just not going to pay much attention to anything that's not already a high visibility issue.
I agree with Boeing about the MCAS not being a single-thread catastrophic failure mechanism because the pilot is always available to pull the system out of MCAS control, and the MCAS was relatively slow acting, taking 10 seconds to do anything. And you can't implement a voting scheme with just two sensors. The only good a second sensor would serve is if it was something the pilot could switch in when/if the first sensor gave him trouble with the MCAS.
The fault lies with the airlines for not properly training their pilots.

Has anyone told Boeing there's no point to using two sensors? Cuz as
part of their fix to this issue, according to the article, using two
sensors continually seems to be central to the plan, not just a second
sensor that's switchable/optional.

The idea to two seems to be that if they disagree by a substantial amount, then
MCAS will take no action, because something is wrong and the cure is
potentially far worse than the problem.

That's the least reliable option because you lose MCAS if either/or the angle sensors fail. Maybe they think it's important to have MCAS, making the switchable option the most reliable to that end.
In both crashes the sensor activated MCAS because it thought the angle was too high and the aircraft was in danger of stalling. So it put the nose down at a steep angle causing the crash. I don't know why it just as easily could have sensed the nose was down too much and put the nose up causing the plane to stall and crash. The basic problem is the pilot doesn't have any wiggle room when he's coming in for a landing. It only takes a few seconds of bad control to put the aircraft in a bad spot it can't get out of. Maybe they should just shut the damn thing off below a certain ground height and ground speed.


The way the article framed it was that there was feature-creep in the
design of the MCAS system. from an emergency system that would only
engage in exceptional circumstances to being just another part of the
normal flight controls that was always operating in the background to
make it a more comfortable aircraft to fly.

Right, and it's a good feature. Boeing failed to properly account for the human factor in their failure modes effects analysis.

A consequence of having too many software jockeys and not enough pilots
on the development team, perhaps. Or not talking to working pilots often
enough. Or not really listening to what they had to say.

 

[Rick C]

On Sunday, June 2, 2019 at 8:50:20 PM UTC-4, Lasse Langwadt Christensen wrote:

voting can also fail, https://en.wikipedia.org/wiki/XL_Airways_Germany_Flight_888T

Can someone explain what this means?

"Moreover the stall warning in normal law was not possible. However, the stall warning function was still available, and was triggered during the last phase of the flight."

The stall warning was not "possible", but it was "available"???

--

Rick C.

+ Get 1,000 miles of free Supercharging
+ Tesla referral code - https://ts.la/richard11209

 

On Sunday, June 2, 2019 at 9:33:18 PM UTC-4, bloggs.fre...@gmail.com wrote:

On Sunday, June 2, 2019 at 7:55:36 PM UTC-4, bitrex wrote:
On 6/2/19 4:37 PM, bloggs.fredbloggs.fred@gmail.com wrote:
On Sunday, June 2, 2019 at 9:18:59 AM UTC-4, Winfield Hill wrote:
Details of an error in engineering procedures
and decision-making:
https://www.nytimes.com/2019/06/01/business/boeing-737-max-crash.html

The comments to the article are also interesting.

The airlines have a history of this kind of risk taking.
"According to the NTSB, a fuel tank explosion happens on average every four and a half years. In May 1990, six years before TWA 800, a center tank exploded on a Philippine Airlines 737 shortly before take off, killing eight people. Four years and eight months after TWA 800, the center tank of a Thai Airways jet exploded on the ground, killing one person."

http://www.cnn.com/2006/US/07/14/twa.main/index.html

Up to the TWA flight 800 disaster, they were spending way more money on their in-flight entertainment system than a fuel tank oxygen removal system could ever cost.

As for the NYT article, they have the basic facts but as usual their interpretation is pathetically naive.
The FAA is incapable of certifying a design as complex as the 737 MAX.. They in fact handed the entire certification off to Boeing with the certification reports being "reviewed" by semi-comatose swivel chair operators with probably less than 10% (on the high end) comprehension of what they were reading. And when NYT reports Boeing delivered this or that information to FAA, it only means it was part of a probably huge documentation package most of which was simply glossed over by the FAA. As is typical of most politicized bureaucracies, they're just not going to pay much attention to anything that's not already a high visibility issue.
I agree with Boeing about the MCAS not being a single-thread catastrophic failure mechanism because the pilot is always available to pull the system out of MCAS control, and the MCAS was relatively slow acting, taking 10 seconds to do anything. And you can't implement a voting scheme with just two sensors. The only good a second sensor would serve is if it was something the pilot could switch in when/if the first sensor gave him trouble with the MCAS.
The fault lies with the airlines for not properly training their pilots.

Has anyone told Boeing there's no point to using two sensors? Cuz as
part of their fix to this issue, according to the article, using two
sensors continually seems to be central to the plan, not just a second
sensor that's switchable/optional.

Two sensors is just a way of shutting it off if any part of it is not working, cuts the pilot out of the loop. So what happens is you have the pilot, who's banking on MCAS for a successful landing, crashes the aircraft with a bad approach angle. This is what happened to certain crew, whose nationality will not be named, that crashed into the pier at San Francisco when they took the ILS offline for a few minutes.

MCAS has nothing to do with approach angle or landing. It only activates at
extreme, high angles of attack, where the plane is close to stalling.
And MCAS is deactivated anytime flaps are deployed. It has nothing to do
with a successful landing.

 

On Sunday, June 2, 2019 at 8:11:17 PM UTC-4, Lasse Langwadt Christensen wrote:

mandag den 3. juni 2019 kl. 01.55.36 UTC+2 skrev bitrex:
On 6/2/19 4:37 PM, bloggs.fredbloggs.fred@gmail.com wrote:
On Sunday, June 2, 2019 at 9:18:59 AM UTC-4, Winfield Hill wrote:
Details of an error in engineering procedures
and decision-making:
https://www.nytimes.com/2019/06/01/business/boeing-737-max-crash.html

The comments to the article are also interesting.

The airlines have a history of this kind of risk taking.
"According to the NTSB, a fuel tank explosion happens on average every four and a half years. In May 1990, six years before TWA 800, a center tank exploded on a Philippine Airlines 737 shortly before take off, killing eight people. Four years and eight months after TWA 800, the center tank of a Thai Airways jet exploded on the ground, killing one person."

http://www.cnn.com/2006/US/07/14/twa.main/index.html

Up to the TWA flight 800 disaster, they were spending way more money on their in-flight entertainment system than a fuel tank oxygen removal system could ever cost.

As for the NYT article, they have the basic facts but as usual their interpretation is pathetically naive.
The FAA is incapable of certifying a design as complex as the 737 MAX.. They in fact handed the entire certification off to Boeing with the certification reports being "reviewed" by semi-comatose swivel chair operators with probably less than 10% (on the high end) comprehension of what they were reading. And when NYT reports Boeing delivered this or that information to FAA, it only means it was part of a probably huge documentation package most of which was simply glossed over by the FAA. As is typical of most politicized bureaucracies, they're just not going to pay much attention to anything that's not already a high visibility issue.
I agree with Boeing about the MCAS not being a single-thread catastrophic failure mechanism because the pilot is always available to pull the system out of MCAS control, and the MCAS was relatively slow acting, taking 10 seconds to do anything. And you can't implement a voting scheme with just two sensors. The only good a second sensor would serve is if it was something the pilot could switch in when/if the first sensor gave him trouble with the MCAS.
The fault lies with the airlines for not properly training their pilots.

Has anyone told Boeing there's no point to using two sensors? Cuz as
part of their fix to this issue, according to the article, using two
sensors continually seems to be central to the plan, not just a second
sensor that's switchable/optional.

switching it off if the AoAs disagree and reducing the maximum trim it can
do when it is working, would fix the problem of it crashing the plane

but it does pose the question, if it isn't a problem turning it off or
reducing its power why was added in the first place

It is a problem at high angles of attack. And regardless of if pilots could
deal with an approaching stall like that without it, whether it could have
been certified without it, the fact remains that the MAx behaves differently
at that point than other 737s and that was unacceptable. They wanted it to
behave the same, so there was no additional training, or worse, a different
type rating being needed.

 

On Sunday, June 2, 2019 at 9:23:10 PM UTC-4, bloggs.fre...@gmail.com wrote:

On Sunday, June 2, 2019 at 8:11:17 PM UTC-4, Lasse Langwadt Christensen wrote:
mandag den 3. juni 2019 kl. 01.55.36 UTC+2 skrev bitrex:
On 6/2/19 4:37 PM, bloggs.fredbloggs.fred@gmail.com wrote:
On Sunday, June 2, 2019 at 9:18:59 AM UTC-4, Winfield Hill wrote:
Details of an error in engineering procedures
and decision-making:
https://www.nytimes.com/2019/06/01/business/boeing-737-max-crash.html

The comments to the article are also interesting.

The airlines have a history of this kind of risk taking.
"According to the NTSB, a fuel tank explosion happens on average every four and a half years. In May 1990, six years before TWA 800, a center tank exploded on a Philippine Airlines 737 shortly before take off, killing eight people. Four years and eight months after TWA 800, the center tank of a Thai Airways jet exploded on the ground, killing one person."

http://www.cnn.com/2006/US/07/14/twa.main/index.html

Up to the TWA flight 800 disaster, they were spending way more money on their in-flight entertainment system than a fuel tank oxygen removal system could ever cost.

As for the NYT article, they have the basic facts but as usual their interpretation is pathetically naive.
The FAA is incapable of certifying a design as complex as the 737 MAX. They in fact handed the entire certification off to Boeing with the certification reports being "reviewed" by semi-comatose swivel chair operators with probably less than 10% (on the high end) comprehension of what they were reading. And when NYT reports Boeing delivered this or that information to FAA, it only means it was part of a probably huge documentation package most of which was simply glossed over by the FAA. As is typical of most politicized bureaucracies, they're just not going to pay much attention to anything that's not already a high visibility issue.
I agree with Boeing about the MCAS not being a single-thread catastrophic failure mechanism because the pilot is always available to pull the system out of MCAS control, and the MCAS was relatively slow acting, taking 10 seconds to do anything. And you can't implement a voting scheme with just two sensors. The only good a second sensor would serve is if it was something the pilot could switch in when/if the first sensor gave him trouble with the MCAS.
The fault lies with the airlines for not properly training their pilots.

Has anyone told Boeing there's no point to using two sensors? Cuz as
part of their fix to this issue, according to the article, using two
sensors continually seems to be central to the plan, not just a second
sensor that's switchable/optional.

switching it off if the AoAs disagree and reducing the maximum trim it can
do when it is working, would fix the problem of it crashing the plane

but it does pose the question, if it isn't a problem turning it off or
reducing its power why was added in the first place

Apparently the aircraft last minute corrections on landing approach were producing too much acceleration for the comfort of the passengers, making it seem like the pilot was fighting for control and it was miracle they landed in one piece.

Where on earth did that come from?

 

[Tom Gardner]

On 03/06/19 15:10, trader4@optonline.net wrote:

On Sunday, June 2, 2019 at 9:30:15 PM UTC-4, bitrex wrote:
On 6/2/19 9:20 PM, bloggs.fredbloggs.fred@gmail.com wrote:
On Sunday, June 2, 2019 at 8:15:39 PM UTC-4, tra...@optonline.net wrote:
On Sunday, June 2, 2019 at 7:55:36 PM UTC-4, bitrex wrote:
On 6/2/19 4:37 PM, bloggs.fredbloggs.fred@gmail.com wrote:
On Sunday, June 2, 2019 at 9:18:59 AM UTC-4, Winfield Hill wrote:
Details of an error in engineering procedures
and decision-making:
https://www.nytimes.com/2019/06/01/business/boeing-737-max-crash.html

The comments to the article are also interesting.

The airlines have a history of this kind of risk taking.
"According to the NTSB, a fuel tank explosion happens on average every four and a half years. In May 1990, six years before TWA 800, a center tank exploded on a Philippine Airlines 737 shortly before take off, killing eight people. Four years and eight months after TWA 800, the center tank of a Thai Airways jet exploded on the ground, killing one person."

http://www.cnn.com/2006/US/07/14/twa.main/index.html

Up to the TWA flight 800 disaster, they were spending way more money on their in-flight entertainment system than a fuel tank oxygen removal system could ever cost.

As for the NYT article, they have the basic facts but as usual their interpretation is pathetically naive.
The FAA is incapable of certifying a design as complex as the 737 MAX. They in fact handed the entire certification off to Boeing with the certification reports being "reviewed" by semi-comatose swivel chair operators with probably less than 10% (on the high end) comprehension of what they were reading. And when NYT reports Boeing delivered this or that information to FAA, it only means it was part of a probably huge documentation package most of which was simply glossed over by the FAA. As is typical of most politicized bureaucracies, they're just not going to pay much attention to anything that's not already a high visibility issue.
I agree with Boeing about the MCAS not being a single-thread catastrophic failure mechanism because the pilot is always available to pull the system out of MCAS control, and the MCAS was relatively slow acting, taking 10 seconds to do anything. And you can't implement a voting scheme with just two sensors. The only good a second sensor would serve is if it was something the pilot could switch in when/if the first sensor gave him trouble with the MCAS.
The fault lies with the airlines for not properly training their pilots.

Has anyone told Boeing there's no point to using two sensors? Cuz as
part of their fix to this issue, according to the article, using two
sensors continually seems to be central to the plan, not just a second
sensor that's switchable/optional.

The idea to two seems to be that if they disagree by a substantial amount, then
MCAS will take no action, because something is wrong and the cure is
potentially far worse than the problem.

That's the least reliable option because you lose MCAS if either/or the angle sensors fail. Maybe they think it's important to have MCAS, making the switchable option the most reliable to that end.
In both crashes the sensor activated MCAS because it thought the angle was too high and the aircraft was in danger of stalling. So it put the nose down at a steep angle causing the crash. I don't know why it just as easily could have sensed the nose was down too much and put the nose up causing the plane to stall and crash. The basic problem is the pilot doesn't have any wiggle room when he's coming in for a landing. It only takes a few seconds of bad control to put the aircraft in a bad spot it can't get out of. Maybe they should just shut the damn thing off below a certain ground height and ground speed.


The way the article framed it was that there was feature-creep in the
design of the MCAS system. from an emergency system that would only
engage in exceptional circumstances to being just another part of the
normal flight controls that was always operating in the background to
make it a more comfortable aircraft to fly.

They didn't actually say that. What they said was that MCAS was later
extended to lower speeds too. But you still needed a dangerous angle of
attack, approaching a stall, which the aircraft would not see during
normal operation.

Aircraft regularly encounter "non-normal" conditions. of course.

Windshear is a classic extreme example, but there are others.

 

[Rick C]

On Monday, June 3, 2019 at 10:10:34 AM UTC-4, tra...@optonline.net wrote:

On Sunday, June 2, 2019 at 9:34:34 PM UTC-4, bitrex wrote:
On 6/2/19 9:30 PM, bitrex wrote:
On 6/2/19 9:20 PM, bloggs.fredbloggs.fred@gmail.com wrote:
On Sunday, June 2, 2019 at 8:15:39 PM UTC-4, tra...@optonline.net wrote:
On Sunday, June 2, 2019 at 7:55:36 PM UTC-4, bitrex wrote:
On 6/2/19 4:37 PM, bloggs.fredbloggs.fred@gmail.com wrote:
On Sunday, June 2, 2019 at 9:18:59 AM UTC-4, Winfield Hill wrote:
Details of an error in engineering procedures
   and decision-making:
https://www.nytimes.com/2019/06/01/business/boeing-737-max-crash..html

   The comments to the article are also interesting.

The airlines have a history of this kind of risk taking.
"According to the NTSB, a fuel tank explosion happens on average
every four and a half years. In May 1990, six years before TWA 800,
a center tank exploded on a Philippine Airlines 737 shortly before
take off, killing eight people. Four years and eight months after
TWA 800, the center tank of a Thai Airways jet exploded on the
ground, killing one person."

http://www.cnn.com/2006/US/07/14/twa.main/index.html

Up to the TWA flight 800 disaster, they were spending way more
money on their in-flight entertainment system than a fuel tank
oxygen removal system could ever cost.

As for the NYT article, they have the basic facts but as usual
their interpretation is pathetically naive.
The FAA is incapable of certifying a design as complex as the 737
MAX. They in fact handed the entire certification off to Boeing
with the certification reports being "reviewed" by semi-comatose
swivel chair operators with probably less than 10% (on the high
end) comprehension of what they were reading. And when NYT reports
Boeing delivered this or that information to FAA, it only means it
was part of a probably huge documentation package most of which was
simply glossed over by the FAA. As is typical of most politicized
bureaucracies, they're just not going to pay much attention to
anything that's not already a high visibility issue.
I agree with Boeing about the MCAS not being a single-thread
catastrophic failure mechanism because the pilot is always
available to pull the system out of MCAS control, and the MCAS was
relatively slow acting, taking 10 seconds to do anything. And you
can't implement a voting scheme with just two sensors. The only
good a second sensor would serve is if it was something the pilot
could switch in when/if the first sensor gave him trouble with the
MCAS.
The fault lies with the airlines for not properly training their
pilots.

Has anyone told Boeing there's no point to using two sensors? Cuz as
part of their fix to this issue, according to the article, using two
sensors continually seems to be central to the plan, not just a second
sensor that's switchable/optional.

The idea to two seems to be that if they disagree by a substantial
amount, then
MCAS will take no action, because something is wrong and the cure is
potentially far worse than the problem.

That's the least reliable option because you lose MCAS if either/or
the angle sensors fail. Maybe they think it's important to have MCAS,
making the switchable option the most reliable to that end.
In both crashes the sensor activated MCAS because it thought the angle
was too high and the aircraft was in danger of stalling. So it put the
nose down at a steep angle causing the crash. I don't know why it just
as easily could have sensed the nose was down too much and put the
nose up causing the plane to stall and crash. The basic problem is the
pilot doesn't have any wiggle room when he's coming in for a landing..
It only takes a few seconds of bad control to put the aircraft in a
bad spot it can't get out of. Maybe they should just shut the damn
thing off below a certain ground height and ground speed.


The way the article framed it was that there was feature-creep in the
design of the MCAS system. from an emergency system that would only
engage in exceptional circumstances to being just another part of the
normal flight controls that was always operating in the background to
make it a more comfortable aircraft to fly.

That is to say it might be expected it would also be operating at low
ground height/ground speed because it was operating in the other
regimes, also. Shut it down in that area and suddenly you're flying a
different plane. Which could also be pretty hazardous if you're not
expecting it.

Two things. First you also needed a dangerous angle of attack, nearing a
stall, which the plane would not see during normal operations. Second
at lower speeds and elevation, eg landing, as soon as flaps are activated,
MCAS is disabled.

I'm not certain, but I don't think the MCAS was installed to deal with impending stalls. It was added to improve the handling characteristics of the plane. To make it feel like other 737s since the new engines altered that characteristic. I haven't read anywhere that the new engines would cause the plane to stall.

--

Rick C.

-+ Get 1,000 miles of free Supercharging
-+ Tesla referral code - https://ts.la/richard11209

 

[Rick C]

On Monday, June 3, 2019 at 9:54:05 AM UTC-4, tra...@optonline.net wrote:

On Sunday, June 2, 2019 at 9:23:10 PM UTC-4, bloggs.fre...@gmail.com wrote:

Apparently the aircraft last minute corrections on landing approach were producing too much acceleration for the comfort of the passengers, making it seem like the pilot was fighting for control and it was miracle they landed in one piece.


Where on earth did that come from?

I believe he is talking about why the MCAS was added in the first place, to improve the handling characteristics.

--

Rick C.

-- Get 1,000 miles of free Supercharging
-- Tesla referral code - https://ts.la/richard11209

 

On Sunday, June 2, 2019 at 9:30:15 PM UTC-4, bitrex wrote:

On 6/2/19 9:20 PM, bloggs.fredbloggs.fred@gmail.com wrote:
On Sunday, June 2, 2019 at 8:15:39 PM UTC-4, tra...@optonline.net wrote:
On Sunday, June 2, 2019 at 7:55:36 PM UTC-4, bitrex wrote:
On 6/2/19 4:37 PM, bloggs.fredbloggs.fred@gmail.com wrote:
On Sunday, June 2, 2019 at 9:18:59 AM UTC-4, Winfield Hill wrote:
Details of an error in engineering procedures
and decision-making:
https://www.nytimes.com/2019/06/01/business/boeing-737-max-crash.html

The comments to the article are also interesting.

The airlines have a history of this kind of risk taking.
"According to the NTSB, a fuel tank explosion happens on average every four and a half years. In May 1990, six years before TWA 800, a center tank exploded on a Philippine Airlines 737 shortly before take off, killing eight people. Four years and eight months after TWA 800, the center tank of a Thai Airways jet exploded on the ground, killing one person."

http://www.cnn.com/2006/US/07/14/twa.main/index.html

Up to the TWA flight 800 disaster, they were spending way more money on their in-flight entertainment system than a fuel tank oxygen removal system could ever cost.

As for the NYT article, they have the basic facts but as usual their interpretation is pathetically naive.
The FAA is incapable of certifying a design as complex as the 737 MAX. They in fact handed the entire certification off to Boeing with the certification reports being "reviewed" by semi-comatose swivel chair operators with probably less than 10% (on the high end) comprehension of what they were reading. And when NYT reports Boeing delivered this or that information to FAA, it only means it was part of a probably huge documentation package most of which was simply glossed over by the FAA. As is typical of most politicized bureaucracies, they're just not going to pay much attention to anything that's not already a high visibility issue.
I agree with Boeing about the MCAS not being a single-thread catastrophic failure mechanism because the pilot is always available to pull the system out of MCAS control, and the MCAS was relatively slow acting, taking 10 seconds to do anything. And you can't implement a voting scheme with just two sensors. The only good a second sensor would serve is if it was something the pilot could switch in when/if the first sensor gave him trouble with the MCAS.
The fault lies with the airlines for not properly training their pilots.

Has anyone told Boeing there's no point to using two sensors? Cuz as
part of their fix to this issue, according to the article, using two
sensors continually seems to be central to the plan, not just a second
sensor that's switchable/optional.

The idea to two seems to be that if they disagree by a substantial amount, then
MCAS will take no action, because something is wrong and the cure is
potentially far worse than the problem.

That's the least reliable option because you lose MCAS if either/or the angle sensors fail. Maybe they think it's important to have MCAS, making the switchable option the most reliable to that end.
In both crashes the sensor activated MCAS because it thought the angle was too high and the aircraft was in danger of stalling. So it put the nose down at a steep angle causing the crash. I don't know why it just as easily could have sensed the nose was down too much and put the nose up causing the plane to stall and crash. The basic problem is the pilot doesn't have any wiggle room when he's coming in for a landing. It only takes a few seconds of bad control to put the aircraft in a bad spot it can't get out of. Maybe they should just shut the damn thing off below a certain ground height and ground speed.


The way the article framed it was that there was feature-creep in the
design of the MCAS system. from an emergency system that would only
engage in exceptional circumstances to being just another part of the
normal flight controls that was always operating in the background to
make it a more comfortable aircraft to fly.

They didn't actually say that. What they said was that MCAS was later
extended to lower speeds too. But you still needed a dangerous angle of
attack, approaching a stall, which the aircraft would not see during
normal operation.

 

On Sunday, June 2, 2019 at 9:59:50 PM UTC-4, k...@notreal.com wrote:

On Sun, 2 Jun 2019 18:20:16 -0700 (PDT),
bloggs.fredbloggs.fred@gmail.com wrote:

On Sunday, June 2, 2019 at 8:15:39 PM UTC-4, tra...@optonline.net wrote:
On Sunday, June 2, 2019 at 7:55:36 PM UTC-4, bitrex wrote:
On 6/2/19 4:37 PM, bloggs.fredbloggs.fred@gmail.com wrote:
On Sunday, June 2, 2019 at 9:18:59 AM UTC-4, Winfield Hill wrote:
Details of an error in engineering procedures
and decision-making:
https://www.nytimes.com/2019/06/01/business/boeing-737-max-crash.html

The comments to the article are also interesting.

The airlines have a history of this kind of risk taking.
"According to the NTSB, a fuel tank explosion happens on average every four and a half years. In May 1990, six years before TWA 800, a center tank exploded on a Philippine Airlines 737 shortly before take off, killing eight people. Four years and eight months after TWA 800, the center tank of a Thai Airways jet exploded on the ground, killing one person."

http://www.cnn.com/2006/US/07/14/twa.main/index.html

Up to the TWA flight 800 disaster, they were spending way more money on their in-flight entertainment system than a fuel tank oxygen removal system could ever cost.

As for the NYT article, they have the basic facts but as usual their interpretation is pathetically naive.
The FAA is incapable of certifying a design as complex as the 737 MAX. They in fact handed the entire certification off to Boeing with the certification reports being "reviewed" by semi-comatose swivel chair operators with probably less than 10% (on the high end) comprehension of what they were reading. And when NYT reports Boeing delivered this or that information to FAA, it only means it was part of a probably huge documentation package most of which was simply glossed over by the FAA. As is typical of most politicized bureaucracies, they're just not going to pay much attention to anything that's not already a high visibility issue.
I agree with Boeing about the MCAS not being a single-thread catastrophic failure mechanism because the pilot is always available to pull the system out of MCAS control, and the MCAS was relatively slow acting, taking 10 seconds to do anything. And you can't implement a voting scheme with just two sensors. The only good a second sensor would serve is if it was something the pilot could switch in when/if the first sensor gave him trouble with the MCAS.
The fault lies with the airlines for not properly training their pilots.

Has anyone told Boeing there's no point to using two sensors? Cuz as
part of their fix to this issue, according to the article, using two
sensors continually seems to be central to the plan, not just a second
sensor that's switchable/optional.

The idea to two seems to be that if they disagree by a substantial amount, then
MCAS will take no action, because something is wrong and the cure is
potentially far worse than the problem.

That's the least reliable option because you lose MCAS if either/or the angle sensors fail. Maybe they think it's important to have MCAS, making the switchable option the most reliable to that end.
In both crashes the sensor activated MCAS because it thought the angle was too high and the aircraft was in danger of stalling. So it put the nose down at a steep angle causing the crash. I don't know why it just as easily could have sensed the nose was down too much and put the nose up causing the plane to stall and crash. The basic problem is the pilot doesn't have any wiggle room when he's coming in for a landing. It only takes a few seconds of bad control to put the aircraft in a bad spot it can't get out of. Maybe they should just shut the damn thing off below a certain ground height and ground speed.

How about an MCAS unreliable warning? Of course trained pilots would
help, too.

They had that as an "option" and even if you ordered it, it didn't work!
Boeing offered an AOA disagree light and an AOA display as options.
They learned in 2017 that the planes that had the disagree light, it
never worked because of a software error. They were planning on fixing
it someday, but in the meantime never told operators about the disagree
light not working. It probably wouldn't have made a difference anyway
as the pilots in the crashes were overwhelmed and couldn't identify a
runaway trim situation and deal with it. And I don't think the crash
planes had the disagree option either.

 

On Sunday, June 2, 2019 at 9:34:34 PM UTC-4, bitrex wrote:

On 6/2/19 9:30 PM, bitrex wrote:
On 6/2/19 9:20 PM, bloggs.fredbloggs.fred@gmail.com wrote:
On Sunday, June 2, 2019 at 8:15:39 PM UTC-4, tra...@optonline.net wrote:
On Sunday, June 2, 2019 at 7:55:36 PM UTC-4, bitrex wrote:
On 6/2/19 4:37 PM, bloggs.fredbloggs.fred@gmail.com wrote:
On Sunday, June 2, 2019 at 9:18:59 AM UTC-4, Winfield Hill wrote:
Details of an error in engineering procedures
   and decision-making:
https://www.nytimes.com/2019/06/01/business/boeing-737-max-crash.html

   The comments to the article are also interesting.

The airlines have a history of this kind of risk taking.
"According to the NTSB, a fuel tank explosion happens on average
every four and a half years. In May 1990, six years before TWA 800,
a center tank exploded on a Philippine Airlines 737 shortly before
take off, killing eight people. Four years and eight months after
TWA 800, the center tank of a Thai Airways jet exploded on the
ground, killing one person."

http://www.cnn.com/2006/US/07/14/twa.main/index.html

Up to the TWA flight 800 disaster, they were spending way more
money on their in-flight entertainment system than a fuel tank
oxygen removal system could ever cost.

As for the NYT article, they have the basic facts but as usual
their interpretation is pathetically naive.
The FAA is incapable of certifying a design as complex as the 737
MAX. They in fact handed the entire certification off to Boeing
with the certification reports being "reviewed" by semi-comatose
swivel chair operators with probably less than 10% (on the high
end) comprehension of what they were reading. And when NYT reports
Boeing delivered this or that information to FAA, it only means it
was part of a probably huge documentation package most of which was
simply glossed over by the FAA. As is typical of most politicized
bureaucracies, they're just not going to pay much attention to
anything that's not already a high visibility issue.
I agree with Boeing about the MCAS not being a single-thread
catastrophic failure mechanism because the pilot is always
available to pull the system out of MCAS control, and the MCAS was
relatively slow acting, taking 10 seconds to do anything. And you
can't implement a voting scheme with just two sensors. The only
good a second sensor would serve is if it was something the pilot
could switch in when/if the first sensor gave him trouble with the
MCAS.
The fault lies with the airlines for not properly training their
pilots.

Has anyone told Boeing there's no point to using two sensors? Cuz as
part of their fix to this issue, according to the article, using two
sensors continually seems to be central to the plan, not just a second
sensor that's switchable/optional.

The idea to two seems to be that if they disagree by a substantial
amount, then
MCAS will take no action, because something is wrong and the cure is
potentially far worse than the problem.

That's the least reliable option because you lose MCAS if either/or
the angle sensors fail. Maybe they think it's important to have MCAS,
making the switchable option the most reliable to that end.
In both crashes the sensor activated MCAS because it thought the angle
was too high and the aircraft was in danger of stalling. So it put the
nose down at a steep angle causing the crash. I don't know why it just
as easily could have sensed the nose was down too much and put the
nose up causing the plane to stall and crash. The basic problem is the
pilot doesn't have any wiggle room when he's coming in for a landing.
It only takes a few seconds of bad control to put the aircraft in a
bad spot it can't get out of. Maybe they should just shut the damn
thing off below a certain ground height and ground speed.


The way the article framed it was that there was feature-creep in the
design of the MCAS system. from an emergency system that would only
engage in exceptional circumstances to being just another part of the
normal flight controls that was always operating in the background to
make it a more comfortable aircraft to fly.

That is to say it might be expected it would also be operating at low
ground height/ground speed because it was operating in the other
regimes, also. Shut it down in that area and suddenly you're flying a
different plane. Which could also be pretty hazardous if you're not
expecting it.

Two things. First you also needed a dangerous angle of attack, nearing a
stall, which the plane would not see during normal operations. Second
at lower speeds and elevation, eg landing, as soon as flaps are activated,
MCAS is disabled.

 

On Monday, June 3, 2019 at 10:19:38 AM UTC-4, Rick C wrote:

On Monday, June 3, 2019 at 10:10:34 AM UTC-4, tra...@optonline.net wrote:
On Sunday, June 2, 2019 at 9:34:34 PM UTC-4, bitrex wrote:
On 6/2/19 9:30 PM, bitrex wrote:
On 6/2/19 9:20 PM, bloggs.fredbloggs.fred@gmail.com wrote:
On Sunday, June 2, 2019 at 8:15:39 PM UTC-4, tra...@optonline.net wrote:
On Sunday, June 2, 2019 at 7:55:36 PM UTC-4, bitrex wrote:
On 6/2/19 4:37 PM, bloggs.fredbloggs.fred@gmail.com wrote:
On Sunday, June 2, 2019 at 9:18:59 AM UTC-4, Winfield Hill wrote:
Details of an error in engineering procedures
   and decision-making:
https://www.nytimes.com/2019/06/01/business/boeing-737-max-crash.html

   The comments to the article are also interesting.

The airlines have a history of this kind of risk taking.
"According to the NTSB, a fuel tank explosion happens on average
every four and a half years. In May 1990, six years before TWA 800,
a center tank exploded on a Philippine Airlines 737 shortly before
take off, killing eight people. Four years and eight months after
TWA 800, the center tank of a Thai Airways jet exploded on the
ground, killing one person."

http://www.cnn.com/2006/US/07/14/twa.main/index.html

Up to the TWA flight 800 disaster, they were spending way more
money on their in-flight entertainment system than a fuel tank
oxygen removal system could ever cost.

As for the NYT article, they have the basic facts but as usual
their interpretation is pathetically naive.
The FAA is incapable of certifying a design as complex as the 737
MAX. They in fact handed the entire certification off to Boeing
with the certification reports being "reviewed" by semi-comatose
swivel chair operators with probably less than 10% (on the high
end) comprehension of what they were reading. And when NYT reports
Boeing delivered this or that information to FAA, it only means it
was part of a probably huge documentation package most of which was
simply glossed over by the FAA. As is typical of most politicized
bureaucracies, they're just not going to pay much attention to
anything that's not already a high visibility issue.
I agree with Boeing about the MCAS not being a single-thread
catastrophic failure mechanism because the pilot is always
available to pull the system out of MCAS control, and the MCAS was
relatively slow acting, taking 10 seconds to do anything. And you
can't implement a voting scheme with just two sensors. The only
good a second sensor would serve is if it was something the pilot
could switch in when/if the first sensor gave him trouble with the
MCAS.
The fault lies with the airlines for not properly training their
pilots.

Has anyone told Boeing there's no point to using two sensors? Cuz as
part of their fix to this issue, according to the article, using two
sensors continually seems to be central to the plan, not just a second
sensor that's switchable/optional.

The idea to two seems to be that if they disagree by a substantial
amount, then
MCAS will take no action, because something is wrong and the cure is
potentially far worse than the problem.

That's the least reliable option because you lose MCAS if either/or
the angle sensors fail. Maybe they think it's important to have MCAS,
making the switchable option the most reliable to that end.
In both crashes the sensor activated MCAS because it thought the angle
was too high and the aircraft was in danger of stalling. So it put the
nose down at a steep angle causing the crash. I don't know why it just
as easily could have sensed the nose was down too much and put the
nose up causing the plane to stall and crash. The basic problem is the
pilot doesn't have any wiggle room when he's coming in for a landing.
It only takes a few seconds of bad control to put the aircraft in a
bad spot it can't get out of. Maybe they should just shut the damn
thing off below a certain ground height and ground speed.


The way the article framed it was that there was feature-creep in the
design of the MCAS system. from an emergency system that would only
engage in exceptional circumstances to being just another part of the
normal flight controls that was always operating in the background to
make it a more comfortable aircraft to fly.

That is to say it might be expected it would also be operating at low
ground height/ground speed because it was operating in the other
regimes, also. Shut it down in that area and suddenly you're flying a
different plane. Which could also be pretty hazardous if you're not
expecting it.

Two things. First you also needed a dangerous angle of attack, nearing a
stall, which the plane would not see during normal operations. Second
at lower speeds and elevation, eg landing, as soon as flaps are activated,
MCAS is disabled.

I'm not certain, but I don't think the MCAS was installed to deal with impending stalls. It was added to improve the handling characteristics of the plane.

Well, you're wrong. MCAS was added specifically to counter the tendency
of the Max to increase nose up when approaching a stall because of the
placement of the new, larger engines.




To make it feel like other 737s since the new engines altered that characteristic. I haven't read anywhere that the new engines would cause the plane to stall.
>

The engines don't cause the stall, but if the plane gets into an unusual
event where the angle of attack is approaching a stall, the size and
placement of the new engines will push the nose up even more.
And that was not only undesirable, but also different from how the
existing 737 fleet behaves.

--

Rick C.

-+ Get 1,000 miles of free Supercharging
-+ Tesla referral code - https://ts.la/richard11209

 

On Monday, June 3, 2019 at 10:16:23 AM UTC-4, Rick C wrote:

On Monday, June 3, 2019 at 9:54:05 AM UTC-4, tra...@optonline.net wrote:
On Sunday, June 2, 2019 at 9:23:10 PM UTC-4, bloggs.fre...@gmail.com wrote:

Apparently the aircraft last minute corrections on landing approach were producing too much acceleration for the comfort of the passengers, making it seem like the pilot was fighting for control and it was miracle they landed in one piece.


Where on earth did that come from?

I believe he is talking about why the MCAS was added in the first place, to improve the handling characteristics.

--

Rick C.

Like I said, where on earth did that come from? If it's what you say,
it makes no sense. MCAS has nothing to do with passenger comfort or landing
approaches.

 

On Monday, June 3, 2019 at 1:56:19 PM UTC-4, Lasse Langwadt Christensen wrote:

mandag den 3. juni 2019 kl. 18.44.18 UTC+2 skrev tra...@optonline.net:
On Monday, June 3, 2019 at 10:19:38 AM UTC-4, Rick C wrote:
On Monday, June 3, 2019 at 10:10:34 AM UTC-4, tra...@optonline.net wrote:
On Sunday, June 2, 2019 at 9:34:34 PM UTC-4, bitrex wrote:
On 6/2/19 9:30 PM, bitrex wrote:
On 6/2/19 9:20 PM, bloggs.fredbloggs.fred@gmail.com wrote:
On Sunday, June 2, 2019 at 8:15:39 PM UTC-4, tra...@optonline.net wrote:
On Sunday, June 2, 2019 at 7:55:36 PM UTC-4, bitrex wrote:
On 6/2/19 4:37 PM, bloggs.fredbloggs.fred@gmail.com wrote:
On Sunday, June 2, 2019 at 9:18:59 AM UTC-4, Winfield Hill wrote:
Details of an error in engineering procedures
   and decision-making:
https://www.nytimes.com/2019/06/01/business/boeing-737-max-crash.html

   The comments to the article are also interesting.

The airlines have a history of this kind of risk taking.
"According to the NTSB, a fuel tank explosion happens on average
every four and a half years. In May 1990, six years before TWA 800,
a center tank exploded on a Philippine Airlines 737 shortly before
take off, killing eight people. Four years and eight months after
TWA 800, the center tank of a Thai Airways jet exploded on the
ground, killing one person."

http://www.cnn.com/2006/US/07/14/twa.main/index.html

Up to the TWA flight 800 disaster, they were spending way more
money on their in-flight entertainment system than a fuel tank
oxygen removal system could ever cost.

As for the NYT article, they have the basic facts but as usual
their interpretation is pathetically naive.
The FAA is incapable of certifying a design as complex as the 737
MAX. They in fact handed the entire certification off to Boeing
with the certification reports being "reviewed" by semi-comatose
swivel chair operators with probably less than 10% (on the high
end) comprehension of what they were reading. And when NYT reports
Boeing delivered this or that information to FAA, it only means it
was part of a probably huge documentation package most of which was
simply glossed over by the FAA. As is typical of most politicized
bureaucracies, they're just not going to pay much attention to
anything that's not already a high visibility issue.
I agree with Boeing about the MCAS not being a single-thread
catastrophic failure mechanism because the pilot is always
available to pull the system out of MCAS control, and the MCAS was
relatively slow acting, taking 10 seconds to do anything. And you
can't implement a voting scheme with just two sensors. The only
good a second sensor would serve is if it was something the pilot
could switch in when/if the first sensor gave him trouble with the
MCAS.
The fault lies with the airlines for not properly training their
pilots.

Has anyone told Boeing there's no point to using two sensors? Cuz as
part of their fix to this issue, according to the article, using two
sensors continually seems to be central to the plan, not just a second
sensor that's switchable/optional.

The idea to two seems to be that if they disagree by a substantial
amount, then
MCAS will take no action, because something is wrong and the cure is
potentially far worse than the problem.

That's the least reliable option because you lose MCAS if either/or
the angle sensors fail. Maybe they think it's important to have MCAS,
making the switchable option the most reliable to that end.
In both crashes the sensor activated MCAS because it thought the angle
was too high and the aircraft was in danger of stalling. So it put the
nose down at a steep angle causing the crash. I don't know why it just
as easily could have sensed the nose was down too much and put the
nose up causing the plane to stall and crash. The basic problem is the
pilot doesn't have any wiggle room when he's coming in for a landing.
It only takes a few seconds of bad control to put the aircraft in a
bad spot it can't get out of. Maybe they should just shut the damn
thing off below a certain ground height and ground speed.


The way the article framed it was that there was feature-creep in the
design of the MCAS system. from an emergency system that would only
engage in exceptional circumstances to being just another part of the
normal flight controls that was always operating in the background to
make it a more comfortable aircraft to fly.

That is to say it might be expected it would also be operating at low
ground height/ground speed because it was operating in the other
regimes, also. Shut it down in that area and suddenly you're flying a
different plane. Which could also be pretty hazardous if you're not
expecting it.

Two things. First you also needed a dangerous angle of attack, nearing a
stall, which the plane would not see during normal operations. Second
at lower speeds and elevation, eg landing, as soon as flaps are activated,
MCAS is disabled.

I'm not certain, but I don't think the MCAS was installed to deal with impending stalls. It was added to improve the handling characteristics of the plane.

Well, you're wrong. MCAS was added specifically to counter the tendency
of the Max to increase nose up when approaching a stall because of the
placement of the new, larger engines.


MCAS is not an anti stall system, 737 pilots have repeated that numerous times

MCAS is there to make a 737-Max behave like a 737-NG

It most certainly is an anti-stall system. The Max when pushed to a high
level of attack will tend to push itself further nose up into a stall.
It's both an anti-stall system and to make the Max behave like other 737s
that don't exhibit that undesirable behavior. And also possibly because
they could not get it certified without it too.

 

[Lasse Langwadt Christense]

mandag den 3. juni 2019 kl. 18.44.18 UTC+2 skrev tra...@optonline.net:

On Monday, June 3, 2019 at 10:19:38 AM UTC-4, Rick C wrote:
On Monday, June 3, 2019 at 10:10:34 AM UTC-4, tra...@optonline.net wrote:
On Sunday, June 2, 2019 at 9:34:34 PM UTC-4, bitrex wrote:
On 6/2/19 9:30 PM, bitrex wrote:
On 6/2/19 9:20 PM, bloggs.fredbloggs.fred@gmail.com wrote:
On Sunday, June 2, 2019 at 8:15:39 PM UTC-4, tra...@optonline.net wrote:
On Sunday, June 2, 2019 at 7:55:36 PM UTC-4, bitrex wrote:
On 6/2/19 4:37 PM, bloggs.fredbloggs.fred@gmail.com wrote:
On Sunday, June 2, 2019 at 9:18:59 AM UTC-4, Winfield Hill wrote:
Details of an error in engineering procedures
   and decision-making:
https://www.nytimes.com/2019/06/01/business/boeing-737-max-crash.html

   The comments to the article are also interesting.

The airlines have a history of this kind of risk taking.
"According to the NTSB, a fuel tank explosion happens on average
every four and a half years. In May 1990, six years before TWA 800,
a center tank exploded on a Philippine Airlines 737 shortly before
take off, killing eight people. Four years and eight months after
TWA 800, the center tank of a Thai Airways jet exploded on the
ground, killing one person."

http://www.cnn.com/2006/US/07/14/twa.main/index.html

Up to the TWA flight 800 disaster, they were spending way more
money on their in-flight entertainment system than a fuel tank
oxygen removal system could ever cost.

As for the NYT article, they have the basic facts but as usual
their interpretation is pathetically naive.
The FAA is incapable of certifying a design as complex as the 737
MAX. They in fact handed the entire certification off to Boeing
with the certification reports being "reviewed" by semi-comatose
swivel chair operators with probably less than 10% (on the high
end) comprehension of what they were reading. And when NYT reports
Boeing delivered this or that information to FAA, it only means it
was part of a probably huge documentation package most of which was
simply glossed over by the FAA. As is typical of most politicized
bureaucracies, they're just not going to pay much attention to
anything that's not already a high visibility issue.
I agree with Boeing about the MCAS not being a single-thread
catastrophic failure mechanism because the pilot is always
available to pull the system out of MCAS control, and the MCAS was
relatively slow acting, taking 10 seconds to do anything. And you
can't implement a voting scheme with just two sensors. The only
good a second sensor would serve is if it was something the pilot
could switch in when/if the first sensor gave him trouble with the
MCAS.
The fault lies with the airlines for not properly training their
pilots.

Has anyone told Boeing there's no point to using two sensors? Cuz as
part of their fix to this issue, according to the article, using two
sensors continually seems to be central to the plan, not just a second
sensor that's switchable/optional.

The idea to two seems to be that if they disagree by a substantial
amount, then
MCAS will take no action, because something is wrong and the cure is
potentially far worse than the problem.

That's the least reliable option because you lose MCAS if either/or
the angle sensors fail. Maybe they think it's important to have MCAS,
making the switchable option the most reliable to that end.
In both crashes the sensor activated MCAS because it thought the angle
was too high and the aircraft was in danger of stalling. So it put the
nose down at a steep angle causing the crash. I don't know why it just
as easily could have sensed the nose was down too much and put the
nose up causing the plane to stall and crash. The basic problem is the
pilot doesn't have any wiggle room when he's coming in for a landing.
It only takes a few seconds of bad control to put the aircraft in a
bad spot it can't get out of. Maybe they should just shut the damn
thing off below a certain ground height and ground speed.


The way the article framed it was that there was feature-creep in the
design of the MCAS system. from an emergency system that would only
engage in exceptional circumstances to being just another part of the
normal flight controls that was always operating in the background to
make it a more comfortable aircraft to fly.

That is to say it might be expected it would also be operating at low
ground height/ground speed because it was operating in the other
regimes, also. Shut it down in that area and suddenly you're flying a
different plane. Which could also be pretty hazardous if you're not
expecting it.

Two things. First you also needed a dangerous angle of attack, nearing a
stall, which the plane would not see during normal operations. Second
at lower speeds and elevation, eg landing, as soon as flaps are activated,
MCAS is disabled.

I'm not certain, but I don't think the MCAS was installed to deal with impending stalls. It was added to improve the handling characteristics of the plane.

Well, you're wrong. MCAS was added specifically to counter the tendency
of the Max to increase nose up when approaching a stall because of the
placement of the new, larger engines.

MCAS is not an anti stall system, 737 pilots have repeated that numerous times

MCAS is there to make a 737-Max behave like a 737-NG

 

On Monday, June 3, 2019 at 9:54:05 AM UTC-4, tra...@optonline.net wrote:

On Sunday, June 2, 2019 at 9:23:10 PM UTC-4, bloggs.fre...@gmail.com wrote:
On Sunday, June 2, 2019 at 8:11:17 PM UTC-4, Lasse Langwadt Christensen wrote:
mandag den 3. juni 2019 kl. 01.55.36 UTC+2 skrev bitrex:
On 6/2/19 4:37 PM, bloggs.fredbloggs.fred@gmail.com wrote:
On Sunday, June 2, 2019 at 9:18:59 AM UTC-4, Winfield Hill wrote:
Details of an error in engineering procedures
and decision-making:
https://www.nytimes.com/2019/06/01/business/boeing-737-max-crash..html

The comments to the article are also interesting.

The airlines have a history of this kind of risk taking.
"According to the NTSB, a fuel tank explosion happens on average every four and a half years. In May 1990, six years before TWA 800, a center tank exploded on a Philippine Airlines 737 shortly before take off, killing eight people. Four years and eight months after TWA 800, the center tank of a Thai Airways jet exploded on the ground, killing one person."

http://www.cnn.com/2006/US/07/14/twa.main/index.html

Up to the TWA flight 800 disaster, they were spending way more money on their in-flight entertainment system than a fuel tank oxygen removal system could ever cost.

As for the NYT article, they have the basic facts but as usual their interpretation is pathetically naive.
The FAA is incapable of certifying a design as complex as the 737 MAX. They in fact handed the entire certification off to Boeing with the certification reports being "reviewed" by semi-comatose swivel chair operators with probably less than 10% (on the high end) comprehension of what they were reading. And when NYT reports Boeing delivered this or that information to FAA, it only means it was part of a probably huge documentation package most of which was simply glossed over by the FAA. As is typical of most politicized bureaucracies, they're just not going to pay much attention to anything that's not already a high visibility issue.
I agree with Boeing about the MCAS not being a single-thread catastrophic failure mechanism because the pilot is always available to pull the system out of MCAS control, and the MCAS was relatively slow acting, taking 10 seconds to do anything. And you can't implement a voting scheme with just two sensors. The only good a second sensor would serve is if it was something the pilot could switch in when/if the first sensor gave him trouble with the MCAS.
The fault lies with the airlines for not properly training their pilots.

Has anyone told Boeing there's no point to using two sensors? Cuz as
part of their fix to this issue, according to the article, using two
sensors continually seems to be central to the plan, not just a second
sensor that's switchable/optional.

switching it off if the AoAs disagree and reducing the maximum trim it can
do when it is working, would fix the problem of it crashing the plane

but it does pose the question, if it isn't a problem turning it off or
reducing its power why was added in the first place

Apparently the aircraft last minute corrections on landing approach were producing too much acceleration for the comfort of the passengers, making it seem like the pilot was fighting for control and it was miracle they landed in one piece.


Where on earth did that come from?

That info is from the second set of Boeing test pilots who described the flight characteristics as "too rough" for passenger comfort. So they modified the original MCAS to the current form. The original MCAS included a g-threshold in addition to attack angle. I think that one had to do with surviving turbulence like microbursts.