Ethiopian plane crash

The description was that it uses alternate AoA sensors on alternate flights. So presumably both are wired up and ready to play ball. It just needs the software changed to read from both and act appropriately.

It's not what they have done.

What they have done is implemented MCAS so that airlines don't have to re-certify all their 737 pilots, who would then be taught to fly the new plane within it's new envelope, and the danger of going outside that, and what to do about it.

Unfortunately the software in MCAS isn't good enough to identify a faulty sensor and try's to crash the plane. At which point the plan is to then fly around without allowing MCAS to do it's thing. Which kinda shows it's not a physical design issue. Because if you can remove the software that's trying to take control, and still fly about and land etc. Physically the thing is just fine. But the software is junk.

It was definitely a survivable crash.

It’s just a question of how difficult it was to sort it out based on the situation at the time.

The fault still rests squarely with Boeing and the FAA in my mind though.

Survivable incident - possibly.

Survivable crash? Into the ground like a dart...I doubt it .

They were deviating from one another due to the faulty AoA sensor feeding information to the Captain's (LHS) Instruments. The instruments on the RHS were receiving information from the functioning AoA sensor on the RHS and so indicating correctly. These indications related to airspeed, altitude and flight director pitch. To simplify things, with all systems operating normally, the flight director will derive its commands from the appropriate inputs so, in Layman's terms it will have a planned speed to fly and will command the pitch of the aircraft to satisfy that speed. If there is a discrepancy between the inputs between the two sets of instruments that will result in a difference in the pitch commanded by the FDs as they are reading different speeds and so commanding a different pitch value to achieve that.

Pitch, AoA and speed are all related and so it's possible to fly a defined pitch and power setting and derive a speed from that. In effect, you're reversing the concept of flying using speed as a parameter, but achieving the same result. This is the concept of the UA checklist and is an equally valid method of flying the aircraft, as is using AoA and Power to achieve the desired speed (I think). The 737's pitch attitude information comes from the Inertial Reference Units:

"The IR component of an ADIRU gives attitude, flight path vector, ground speed and positional data.[1] The ring laser gyroscope is a core enabling technology in the system, and is used together with accelerometers, GPS and other sensors to provide raw data.[10] The primary benefits of a ring laser over older mechanical gyroscopes are that there are no moving parts, it is rugged and lightweight, frictionless and does not resist a change in precession."

...and is independent of the speed inputs. This is why it's used in the AU checklist. Roll is also derived from the IRUs in the same way - which is why I said that the aircraft was flyable in Pitch and Roll - so a visual reference wasn't necessary in this case. If you lose the IRUs in some way then you have a bigger problem and a visible horizon is very useful.

My terminology and system descriptions aren't 100% correct. I could make them so, but that would've meant this post would take me 3 times as long as it has.

Except you seem to feel they had 10000 more ft to play with and in the same situation when you have seconds to respond whilst pulling back on the stick and trying to figure stuff out, another 20 degree nose down is commanded for x seconds, you get a 9 second window to respond. Do you think in the situation with no training on MCAS that you would have done anything that could have avoided this?

A valid question for sure. We don't know yet. Maybe there are some QC issues with the ones used on the Max that need addressing. We see this reduction in quality on items and products in many aspects of our lives where we discover they are not built to last but instead to a price point and designed to expire the day after the warranty runs out so you go out and buy a new one. Obviously that's not directly comparable to a 737 airframe, but it would be naive to think that Boeing hasn't pressured it's suppliers to reduce costs over the years and this generally translates into a reduction in quality. We already know from JT that they've used a company in Florida to "repair" at least one of theirs but whether that's because it just stopped working or whether it's because JT bent it remains unknown.

I think you answer your own question there. Safety critical software shouldn't ever be written to act on the output of a single sensor. There are no infallible sensors (or pilots).

The hardware did actually have a sensor providing the truth. It was just being ignored. That's really stupid given the 2nd sensor is right there, doing the same job, giving enough information to say something is wrong. The sensor that went wrong, also provided enough information over a short period of time to show it was faulty. Combined with information from other sensors, all of this should be enough to trip out the system and let the pilot deal with it. If the software was written sensibly. Which it wasn't. Hence it's being patched/rewritten.

AoA sensors might be very reliable. But Boeing have to have assumed they can fail, but then made some odd decisions on how the systems should work at the point one of two AoA sensors gives spurious readings.

Gonna disagree here,
Had this NOT been a Max or any aircraft without MCAS, i believe they would have been Okay.
As has been said, this all went to st after the flaps were retracted and MCAS engaged...

While i agree not responding correctly and swiftly to a UA could lead to an undesirable situation, in the ET case they had an ample thrust setting and a nose up attitude.
In any other 73 variant, they would have kept on flying, yes maybe they would have gone into the clacker,
But they would have kept on flying.
Without the helping hand of bucket loads of nose down trim from MCAS the ac would have continued to climb with any thrust over 60% and a normal take off trim setting. The aircraft would not be going anywhere near the big hard thing.

However, as you have said.... had the ET crew responded to the initial failure, and completed the qrh for UA, the flaps would not be retracted and MCAS would not have engaged.
But who knows what would or would not have happened next.

I can live with that and it's fair. What level of knowledge did the crew have regarding the MCAS service bulletin? Did the relevant training department disseminate the information in a timely manner and was it digested appropriately by the crews? There exists for pilots a necessary responsibility to digest such bulletins and consider their implications. The time for what ifs is on the ground before you fly. Is it fair to suggest that if the crew were in posession of all of the technical information surrounding MCAS, that they shouldn't have retracted the flaps? Again, that's something you have to think through on the ground as part of a what if scenario.

The same could be said for a momentary blip of the electric trim to keep the aircraft in trim and at the desired pitch attitude - after MCAS did its thing - until you can figure out what's happening. As the control column pressure increases it's an indicator to trim and instinctive to 737 pilots IMO. Why wasn't the electric trim used, if only to relieve control column pressure as it built up? The crew from the Lion Air crash did this 20 times before, I believe, control was handed to the FO and the inputs stopped(?). The aircraft was airborne, but was it being flown?

I'd imagine that they'd complete an approach using manual trim if we assume everything else remains equal. As an aside, the UA checklist doesn't prevent crews from moving the flaps, it just suggest appropriate pitch and power settings dependent on their position. You may or may not elect to move them depending on the aircraft's configuration and location at the time of the failure.

All of your points are valid. What I'm attempting to show is that the statement by the ECAA, that said that the pilots followed Boeing's guidelines, is at best misleading. It really depends on when and how the appropriate checklists were actioned and, possibly, if even at all. What has happened is, as a result of the preliminary report, judge, jury and executioner have already acted and the actual causes are of little relevance: consequentially, the opportunity to learn from the accidents will potentially be diminished.