Ethiopian plane crash
Discussion
George Smiley said:
Indeed, it won’t count for much but I won’t fly a max. Engines that can cause an unrecoverable nose up controlled by lawn dart MCAS- no
I love dramatic statements like this. 
Does that mean you won’t ever go on one for the remainder of your life, or just until this particular issue is fixed? If the latter then rather conveniently for you it’s not currently possible as they’re all grounded anyway.
If the former then there must be a very long list of aircraft which you refuse to go on.
dvs_dave said:
I love dramatic statements like this.
Does that mean you won’t ever go on one for the remainder of your life, or just until this particular issue is fixed? If the latter then rather conveniently for you it’s not currently possible as they’re all grounded anyway.
If the former then there must be a very long list of aircraft which you refuse to go on.
I'll go with that one (for me).Does that mean you won’t ever go on one for the remainder of your life, or just until this particular issue is fixed? If the latter then rather conveniently for you it’s not currently possible as they’re all grounded anyway.
If the former then there must be a very long list of aircraft which you refuse to go on.
I firmly believe that the issue cant be fixed with software... because the issue is not a problem with the software. You can't patch out a hardware design flaw with code.
I just hope it doesn't take another fatal accident for Boeing and the FAA to realise this.
Just to put this into perspective, the MAX series has had 2 fatal accidents resulting in 346 deaths in the last six months, within the first 2 years of it's entry into service. The Airbus A330 has had 3 fatal crashes resulting in 338 deaths its entire life of over 25 years. The Aviation industry takes safety that fecking seriously. The B777 would have a cleaner record if not for one being shot down over the Ukraine. The A380 and B787 have no fatalities against their names, both having been in service for over 7 years.
skwdenyer said:
hutchst said:
It's a huge leap from negligence to criminal intent. I think they're more likely to see the inside of the big house if they try to cover it up (pervert the course of justice in our terms)
But the costs to Boeing are going to be huge. Tens of billions. Damages, rectification costs, lost production, cancellations and lost sales.
Criminal negligence in engineering is a thing - no need for intent.But the costs to Boeing are going to be huge. Tens of billions. Damages, rectification costs, lost production, cancellations and lost sales.
For mission critical systems in particular I would also expect to see a record of meetings involving attendees from other parts of the engineering organisation who are not directly involved in the development programme, such as Senior/Principal Engineers (greybeards) to cast fresh eyes over the proposed solution.
If these process was not followed correctly or some of the stakeholders were not given an opportunity to contribute, or maybe the system was not deemed to be mission critical, then you could certainly argue the criminal negligence angle for those making those decisions to cut corners.
If it was case of correct procedure was followed but everybody involved overlooked the failure mode, then it may be more difficult to pin it on anyone specifically, possibly it will result in some heads rolling higher up. It's also possible that the process itself is not fit for purpose, but that seems hard to believe in such a mature organisation.
GT119 said:
Any aerospace development work would normally be carried out by a very structured process, which will be clearly defined in the organisations QA documentation. One of parts of the process is an FMEA (failure modes and effects analysis) in which I would expect to see attendees from all departments; engineering & test, project management, QA, procurement & manufacturing, etc.
For mission critical systems in particular I would also expect to see a record of meetings involving attendees from other parts of the engineering organisation who are not directly involved in the development programme, such as Senior/Principal Engineers (greybeards) to cast fresh eyes over the proposed solution.
If these process was not followed correctly or some of the stakeholders were not given an opportunity to contribute, or maybe the system was not deemed to be mission critical, then you could certainly argue the criminal negligence angle for those making those decisions to cut corners.
If it was case of correct procedure was followed but everybody involved overlooked the failure mode, then it may be more difficult to pin it on anyone specifically, possibly it will result in some heads rolling higher up. It's also possible that the process itself is not fit for purpose, but that seems hard to believe in such a mature organisation.
Would be interesting to see the minutes of any discussion / or signed off docs proposing set ups like single AoA input to MCAS. For mission critical systems in particular I would also expect to see a record of meetings involving attendees from other parts of the engineering organisation who are not directly involved in the development programme, such as Senior/Principal Engineers (greybeards) to cast fresh eyes over the proposed solution.
If these process was not followed correctly or some of the stakeholders were not given an opportunity to contribute, or maybe the system was not deemed to be mission critical, then you could certainly argue the criminal negligence angle for those making those decisions to cut corners.
If it was case of correct procedure was followed but everybody involved overlooked the failure mode, then it may be more difficult to pin it on anyone specifically, possibly it will result in some heads rolling higher up. It's also possible that the process itself is not fit for purpose, but that seems hard to believe in such a mature organisation.
was multiple input proposed and over ruled on commercial grounds?
... hard to see how the design process would meet the requirements of the US aviation equivalent of ISO 9000 or other QC and safety frameworks
captain_cynic said:
I firmly believe that the issue cant be fixed with software... .
The hardware flys. Right up to the point the software tries to kill everybody based on a single faulty sensor (one of two).We could introduce killer software into any airliner coming off the production lines. (Probably anything in the last 20 years).
Does that mean you will not fly on anything modern as the hardware is faulty, because the software can kill you?
The 787 software would have eventually turned off the plane if left active for long enough. Could well have been in mid air. Are you never going to fly on a 787 either? Despite that being patched.
Munter said:
The hardware flys. Right up to the point the software tries to kill everybody based on a single faulty sensor (one of two).
AoA vanes are not the most reliable sensors either and can give different readings if an aircraft has multiple. With multiple AoA vanes, logic is used to determine which are most correct as averages don't tend to reflect reality.Munter said:
We could introduce killer software into any airliner coming off the production lines. (Probably anything in the last 20 years).
Does that mean you will not fly on anything modern as the hardware is faulty, because the software can kill you?
You're missing the point.Does that mean you will not fly on anything modern as the hardware is faulty, because the software can kill you?
Software can't fix this issue because it's not a software issue. Hardware flaws require hardware fixes.
Its like using a screwdriver to hammer in a nail... You could do it, but it takes 20 times as long and all you end up with is a busted screwdriver and a nail that pops out as soon as someone sits on the fence.
Munter said:
The 787 software would have eventually turned off the plane if left active for long enough. Could well have been in mid air. Are you never going to fly on a 787 either? Despite that being patched.
???Not aware of a software issue that caused a fatal fatality on a 787... or even a fatal fatality on a 787 what so ever.
I think all you've demonstrated is that you don't understand the MAX series' problem.
captain_cynic said:
Munter said:
The 787 software would have eventually turned off the plane if left active for long enough. Could well have been in mid air. Are you never going to fly on a 787 either? Despite that being patched.
???Not aware of a software issue that caused a fatal fatality on a 787... or even a fatal fatality on a 787 what so ever.
I think all you've demonstrated is that you don't understand the MAX series' problem.
What would have happened if the MCAS had not reacted so aggressively to a single faulty sensor? The planes would most likely have landed back at their origin or their destination. What controls the decision making process of the MCAS? Software.
It still comes back to this. Physically the plane flys. Right up to the point a bit of software does something it shouldn't. Put different software in. Remove the crash. Plane will fly just fine.
This isn't a detailed legal debate, but if it was I would add, acknowledging that I know absolutely nothing about US law so can only comment from an English law perspective, that....
But, being America, everybody will sue everybody else for everything. Their legal system is a mystery to me.
skwdenyer said:
Criminal negligence in engineering is a thing - no need for intent.
I'm not aware that engineering gets any special category, the law on negligence doesn't discriminate against any particular profession, andGT119 said:
Any aerospace development work would normally be carried out by a very structured process, which will be clearly defined in the organisations QA documentation. One of parts of the process is an FMEA (failure modes and effects analysis) in which I would expect to see attendees from all departments; engineering & test, project management, QA, procurement & manufacturing, etc.
For mission critical systems in particular I would also expect to see a record of meetings involving attendees from other parts of the engineering organisation who are not directly involved in the development programme, such as Senior/Principal Engineers (greybeards) to cast fresh eyes over the proposed solution.
If these process was not followed correctly or some of the stakeholders were not given an opportunity to contribute, or maybe the system was not deemed to be mission critical, then you could certainly argue the criminal negligence angle for those making those decisions to cut corners.
If it was case of correct procedure was followed but everybody involved overlooked the failure mode, then it may be more difficult to pin it on anyone specifically, possibly it will result in some heads rolling higher up. It's also possible that the process itself is not fit for purpose, but that seems hard to believe in such a mature organisation.
If you wanted to go down the "criminal negligence" route you would need to prove recklessness, which has quite a high barrier to overcome. Unless any of the documents you mention show that they had considered this combination of circumstances, and decided it was worth taking the risk, then I doubt that recklessness could be proved. Corporate manslaughter could be a possibility here, if critical design or safety reviews that you mention should have been carried out were not.For mission critical systems in particular I would also expect to see a record of meetings involving attendees from other parts of the engineering organisation who are not directly involved in the development programme, such as Senior/Principal Engineers (greybeards) to cast fresh eyes over the proposed solution.
If these process was not followed correctly or some of the stakeholders were not given an opportunity to contribute, or maybe the system was not deemed to be mission critical, then you could certainly argue the criminal negligence angle for those making those decisions to cut corners.
If it was case of correct procedure was followed but everybody involved overlooked the failure mode, then it may be more difficult to pin it on anyone specifically, possibly it will result in some heads rolling higher up. It's also possible that the process itself is not fit for purpose, but that seems hard to believe in such a mature organisation.
But, being America, everybody will sue everybody else for everything. Their legal system is a mystery to me.
Munter said:
captain_cynic said:
Munter said:
The 787 software would have eventually turned off the plane if left active for long enough. Could well have been in mid air. Are you never going to fly on a 787 either? Despite that being patched.
???Not aware of a software issue that caused a fatal fatality on a 787... or even a fatal fatality on a 787 what so ever.
I think all you've demonstrated is that you don't understand the MAX series' problem.
What would have happened if the MCAS had not reacted so aggressively to a single faulty sensor? The planes would most likely have landed back at their origin or their destination. What controls the decision making process of the MCAS? Software.
It still comes back to this. Physically the plane flys. Right up to the point a bit of software does something it shouldn't. Put different software in. Remove the crash. Plane will fly just fine.
hutchst said:
Do you think the owners of around 400 Max 8s currently parked up around the world for more than a month now are just going to shrug their shoulders and put it down to just one of those things? I suspect that alone is costing Boeing $5m a day.
No they will be looking to recover the costs for the planes not in the air and for leasing short term aircraft all from Boeing. However I suspect Boeing will want to prove it was pilot error so they can try and get out of any compensation claims. However i suspect any compensation claims from airlines will be less than the profit to be made on the 737's on order.captain_cynic said:
AoA vanes are not the most reliable sensors either
Source?
There was a retired captain with 30 years on the 737 giving an interview for one of the US rags just a few days ago who said that in his entire career flying the 737 he'd never known an AoA to go faulty.
captain_cynic said:
Software can't fix this issue because it's not a software issue. Hardware flaws require hardware fixes.
Source?
The Max airframe flies absolutely fine as proven by tens of thousands of uneventful flights all over the world since it entered commercial service a few years ago. The issue is a software issue. Wire up the other AoA sensor, recode the software so that MCAS doesn't activate if there's a mismatch between the sensor readings and add an additional big manual 'OFF' button, flight test the changes, recertify it, problem over.
Lemming Train said:
captain_cynic said:
AoA vanes are not the most reliable sensors either
Source?
There was a retired captain with 30 years on the 737 giving an interview for one of the US rags just a few days ago who said that in his entire career flying the 737 he'd never known an AoA to go faulty.
FF
alfaman said:
... hard to see how the design process would meet the requirements of the US aviation equivalent of ISO 9000 or other QC and safety frameworks
AS9100. It has a very heavy emphasis on risk identification and control but I am not a certified auditor for this standard. Pet hate - ISO9000 is a reference of terms and definitions, the requirements for a quality system are in ISO9001 and I am certified to audit to this.
surveyor said:
The report I read suggested that runway heading was the standard procedure when having control problems and not facing immediate concerns with regard to ground height ahead.
It's as good as any and removes the need to navigate so freeing up some mental capacity.hutchst said:
Yes, and with visual clues outside the cockpit could be reasonably confident that they were in fact flying the approximate runway heading despite what the instruments were telling them.
The pitch, roll and heading indications were most probably functioning as intended and so could've been relied on. They wouldn't have been affected by the AoA sensor.dvs_dave said:
Something that’s not been made clear. When MCAS is doing its thing, are the trim wheels not whizzing around, making it visually obvious that it’s winding on a ton of nose down trim? If so, then is it not also obvious that to recover you’ll need to wind it back a similar amount to get back to where it started? Is there not a clear gauge or instrument showing the current trim position?
Yeah. The trim wheel would've been moving at the rate quoted in the MCAS technical documents. In isolation, it makes a bit of a racket and should be noticeable, but coupled to the stick shaker and dealing with UA and MCAS inputs it would've been pretty hard to notice it moving IMO.
Lemming Train said:
Source?
The Max airframe flies absolutely fine as proven by tens of thousands of uneventful flights all over the world since it entered commercial service a few years ago. The issue is a software issue. Wire up the other AoA sensor, recode the software so that MCAS doesn't activate if there's a mismatch between the sensor readings and add an additional big manual 'OFF' button, flight test the changes, recertify it, problem over.
hutchst said:
This isn't a detailed legal debate, but if it was I would add, acknowledging that I know absolutely nothing about US law so can only comment from an English law perspective, that....
Sorry, I wasn't clear. Of course criminal negligence is a thing everywhere; it is rather that engineering often involves decisions that could lead to loss of life and property. Aircraft, bridges, etc. That tends to make it a focus when large expensive engineering projects fail involving loss of life or property.skwdenyer said:
Criminal negligence in engineering is a thing - no need for intent.
I'm not aware that engineering gets any special category, the law on negligence doesn't discriminate against any particular professionAs undergraduate mechanical engineers, we were specifically taught law on the basis that in our careers we would most likely encounter contractual and/or negligence issues (or the potential for them), and that the nature of our work as engineers would quite likely result in the risks to us of such actions being larger than in many other professions.
pushthebutton said:
Lemming Train said:
The Max airframe flies absolutely fine as proven by tens of thousands of uneventful flights all over the world since it entered commercial service a few years ago. The issue is a software issue. Wire up the other AoA sensor, recode the software so that MCAS doesn't activate if there's a mismatch between the sensor readings and add an additional big manual 'OFF' button, flight test the changes, recertify it, problem over.
Agree with this.pushthebutton said:
The pitch, roll and heading indications were most probably functioning as intended and so could've been relied on. They wouldn't have been affected by the AoA sensor.
Except that the extract from the report that you quoted earlier (at 5:38.44) noted that the left and right directors were deviating from one another. We know that the captain was PF, so in the absence of any other evidence should assume (at least at this stage) that he was following the left side, with outside references perhaps confirming accuracy. There is no indication that the captain was aware of the deviation, and he would certainly not be aware of the AoA disagree. The reason I mentioned it was that they were not flying in northern European clag with nothing but grey soup outside the windows.HughG said:
pushthebutton said:
Lemming Train said:
The Max airframe flies absolutely fine as proven by tens of thousands of uneventful flights all over the world since it entered commercial service a few years ago. The issue is a software issue. Wire up the other AoA sensor, recode the software so that MCAS doesn't activate if there's a mismatch between the sensor readings and add an additional big manual 'OFF' button, flight test the changes, recertify it, problem over.
Agree with this.Definitely not a software issue despite what the Boeing fanboys are claiming.
The stall prevention part of MCAS is there to cover for a design flaw where the AoA can increase without input from the pilots (or flight control computers)... Trying to code that out in software is what lead to two fatal crashes in six months.
Adding an additional AoA sensor wont help as both Southwest and American Airlines planes that have the additional sensors have reported the same issue, fortunately without the crashing part.
This cant be fixed until the root cause is eliminated... that's a hardware fault, software is trying to treat the symptom.
Gassing Station | News, Politics & Economics | Top of Page | What's New | My Stuff