General > General Technical Chat
Another deadly 737 Max control bug just found!
<< < (13/37) > >>
sokoloff:
“sure” and “correct” are largely orthogonal.
SiliconWizard:
The whole point of the 737 MAX new MCAS system was to make up for the possibility of stall in some situations, due to the characteristics and location of the new engines.

Could have Boeing decided to release the plane without this new MCAS (letting pilots handle the trim under such situations)? Maybe, I don't have enough info to know that it would have been acceptable. But it would have at least made the plane look unattractive to pilots, with maybe a feeling of something not quite right about its design. Would it have been safer without it at this point? I'd say yes at the moment, but of course it's always easy to say that afterwards. Could Boeing have decided to modify the plane's design further to compensate for the new engines, instead of adding this software "fix"? Probably. Obviously, it would have made the plane's design and certification much longer.

And then, could the pilots have handled the MCAS fuck-up correctly? Looks like it's again a yes, but listing the fuck-ups on each side with the information we have now, looks like the list is much longer on Boeing's side.

Of course this is not the first time in history that a new plane is released with issues. But to put that in perspective, the point here is that the 737 MAX was never designed or marketed as a brand *new* plane, but merely an evolution of an existing and successful one, and this is the whole point, and the main factor leading to this disastrous start.
sokoloff:

--- Quote from: SiliconWizard on July 08, 2019, 03:57:30 pm ---Could have Boeing decided to release the plane without this new MCAS (letting pilots handle the trim under such situations)? Maybe, I don't have enough info to know that it would have been acceptable.
--- End quote ---
If they could have, they probably would have.

The plane would have failed certification for insufficient stability of control force with increasing angle of attack.

See FAR 14§25.173.
floobydust:

--- Quote from: GeorgeOfTheJungle on July 08, 2019, 05:10:24 am ---
--- Quote from: floobydust on July 07, 2019, 08:25:07 pm ---Even a 1970 Chevy with hydraulic computer in a TH350 would refuse such a command.

--- End quote ---
LOL I have one of those... Are you sure?

--- End quote ---

As a teenager, anything to get burn rubber in a V8 car.
"Neutral drops" - rev high in Neutral and drop it into Drive... a Powerglide will do anything, a TH350 had some logic and would not engage until RPM's dropped to something reasonable. I thought it will not go into reverse "at speed". Like deploying the flaps at high airspeed.

My point is Toyota's embedded software is doing worse than an old hydraulic computer. It allows autodestruct by shifting into anything anytime. But there may be a partial reason for it.
Honda had to change their transmission software after people got stuck in the snow/ice and could not rock the car back and forth (drive, reverse, drive, reverse etc.) to get out. The transmission controller was slow and would not allow it.
If the transmission controller software was smarter, compares front/rear wheel speeds, it can know you are stuck in snow, mud, ice etc. and let you shift at speed without damage.

Sometimes an embedded system just needs more smarts to work - the rule is use the available sensors to make the best decision possible. If a sensor is invalid, ignore it and still make the best decision possible.
SiliconWizard:

--- Quote from: floobydust on July 08, 2019, 04:39:43 pm ---Sometimes an embedded system just needs more smarts to work - the rule is use the available sensors to make the best decision possible. If a sensor is invalid, ignore it and still make the best decision possible.

--- End quote ---

Yes. But frankly, the simplest option I see is that it allows the user to disable the automation altogether, so they can do whatever they like, but knowing they have explicitely switched to this mode.

Just make it CLEAR to the user how to disable it (without them having to go through hundreds of pages), and give a CLEAR visual cue whether it's engaged or not. If it can allow the user to do something risky, also warn them clearly. Cars and planes both have been having nice displays and all for a while now, and even vocal messages - there is ample room to give useful tips and warnings to the user. Doing things behind their backs, even if that's claimed to be for their own good, is never acceptable IMO. Most automated systems are not giving enough information to the users IMO - that would already make a world of difference.


Navigation
Message Index
Next page
Previous page
There was an error while thanking
Thanking...

Go to full version
Powered by SMFPacks Advanced Attachments Uploader Mod