Corperate greed & the 737 max, read this

[SparkyFX]

Then they complain because they setup their business logistics in some inefficient and crazy way and claim its not profitable and impossible to do any better and bitch to the government then try to strong arm global travel and national economies.

What you described there is a way for clueless/very inexperienced people to stay in control of things. Or as they say: Never argue with idiots, they pull you down to their level and beat you with experience.

Any group of people that work on a project kind of need some list of priorities to follow to not whir off, but handing out priorities that are outside of an individuals control or get them in conflict with a real-world priority is just a dumb way to hand down responsibility. In the ideal case those real-world priorities would be included and conflicts sorted out by management long before they even reach one's desk or should go upstream once they are discovered.

I've seen both...

[pwlps]

I have read the report but couldn't get any answer to a basic question I was asking myself from the beginning: why MCAS was not designed to disengage on AOA disagree. I don't see any way such a basic security lock could interfere with the certification process especially as both the MCAS and AOA disagree alert were hidden anyway.  This remains a mystery for me, I can hardly believe it's just a simple omission. I guess it was rather because the whole MCAS development process was covered with such a heavy veil of secrecy that nobody would know what others were doing about it.

[SiliconWizard]

I have read the report but couldn't get any answer to a basic question I was asking myself from the beginning: why MCAS was not designed to disengage on AOA disagree. I don't see any way such a basic security lock could interfere with the certification process especially as both the MCAS and AOA disagree alert were hidden anyway.  This remains a mystery for me, I can hardly believe it's just a simple omission. I guess it was rather because the whole MCAS development process was covered with such a heavy veil of secrecy that nobody would know what others were doing about it.

I think we discussed this point on EEVBlog almost right from the start (don't remember the thread.)
AFAIR, there were already strong pro and con arguments, already among just engineers on this forum. I was one to agree with your point, but certainly not everyone did.

Seeing how there were a significant number of engineers seemingly *against* the idea of disengaging the MCAS in such an event, I'm also pretty sure this wasn't mere omission, and tend to think this was part of the spec. The whole "we don't really want people to know/notice about MCAS" was probably a big part of it, but there may have been other reasons. Maybe they were pretty sure (again as some people even on here seemed to be) that NOT disengaging it was the best approach in terms of the risks involved. Maybe, or most likely, they were also largely underestimating the potential consequences.

Another maybe: IIRC, there was actually a way of disengaging the MCAS manually that would be similar to disengaging auto-trimming (correct me if I'm wrong), so maybe the people in charge of the specs thought that was good enough in case something went wrong, and again maybe they assumed this would actually be part of the pilots training - whereas Boeing's upper management decided to make this feature largely hidden and there was (AFAIK at least) absolutely no significant training or even basic information on how the MCAS worked and what to do in case there would be a failure.

It's just maybe's and I'm just making hypotheses here from what I gathered. The fact the report doesn't answer any of this is concerning.

[SilverSolder]

I have read the report but couldn't get any answer to a basic question I was asking myself from the beginning: why MCAS was not designed to disengage on AOA disagree. I don't see any way such a basic security lock could interfere with the certification process especially as both the MCAS and AOA disagree alert were hidden anyway.  This remains a mystery for me, I can hardly believe it's just a simple omission. I guess it was rather because the whole MCAS development process was covered with such a heavy veil of secrecy that nobody would know what others were doing about it.

"They" are not going to want to reveal to the world that all of the loss of life and money could have been very simply prevented if "they" hadn't been sleeping at the switch.

[SparkyFX]

there was (AFAIK at least) absolutely no significant training or even basic information on how the MCAS worked and what to do in case there would be a failure.

Their set goal was to not have to retrain the flight crews for a new model/an upgraded model and provide the same user interface although the new model requires an additional system to fly.

That's the fundamental problem no one can work around. Runs down to the definition of what is a "new model" and what is an "upgraded model", i guess the FAA and other regulatory bodies like EASA did not cover themselves in honor with that one.

Does anyone know how the feedback from pilots to manufacturer/aviation administration looks like? I wonder which priority reports of previous malfunctions had where and how they are supposed to be distributed, if at all. I reckon that any aviation administration tries to distinct between recommendation and prohibition and might not try to mess with "maybe", but having even a hint of information at the right time would have saved lives.

[ve7xen]

I have read the report but couldn't get any answer to a basic question I was asking myself from the beginning: why MCAS was not designed to disengage on AOA disagree. I don't see any way such a basic security lock could interfere with the certification process especially as both the MCAS and AOA disagree alert were hidden anyway.  This remains a mystery for me, I can hardly believe it's just a simple omission. I guess it was rather because the whole MCAS development process was covered with such a heavy veil of secrecy that nobody would know what others were doing about it.

Seeing how there were a significant number of engineers seemingly *against* the idea of disengaging the MCAS in such an event, I'm also pretty sure this wasn't mere omission, and tend to think this was part of the spec. The whole "we don't really want people to know/notice about MCAS" was probably a big part of it, but there may have been other reasons. Maybe they were pretty sure (again as some people even on here seemed to be) that NOT disengaging it was the best approach in terms of the risks involved. Maybe, or most likely, they were also largely underestimating the potential consequences.

This is addressed directly on pages 107-108, and it's mentioned in context throughout the report, though there doesn't seem to be a clear answer other than that MCAS was considered a non-flight-critical system, with the same failure consequences as a trim system fault, and therefore didn't *require* redundancy, but it isn't clear why Boeing chose not to include a cross-check anyway. I assume that it simply goes back to the Speed Trim system Boeing decided to 'integrate' it with, which is a legacy system that also only used one AOA sensor. This would not be true redundancy, though, just a fail-safe. They didn't include a 3rd AOA sensor for obvious cost reasons, it wouldn't have made a lot of sense to add it for *just* MCAS and not integrate it with the other systems (not that that would stop them), and this likely also would have required some small amount of additional training which they were desperate to minimize.

The report also mentions that Boeing's first foray with MCAS with the KC-46 did include an AOA crosscheck for MCAS, so either their engineers disagreed on the safest action in case of an MCAS fault, or there were different pressures on the MAX that lead to its exclusion.

Might also have been intended, but if it was based on the AOA Disagree alert from the flight control computers, that was faulty too.

Another maybe: IIRC, there was actually a way of disengaging the MCAS manually that would be similar to disengaging auto-trimming (correct me if I'm wrong), so maybe the people in charge of the specs thought that was good enough in case something went wrong, and again maybe they assumed this would actually be part of the pilots training - whereas Boeing's upper management decided to make this feature largely hidden and there was (AFAIK at least) absolutely no significant training or even basic information on how the MCAS worked and what to do in case there would be a failure.

Not just no formal training, Boeing had not even told the airlines or the pilots about MCAS *at all* until the Lion Air crash, and even after it, minimal information was provided.

Boeing's fundamental assumption was that a fault with MCAS would be treated by crews as a runaway stabilizer, which had an associated checklist that would have had the crew engage the stabilizer trim cutout switches - effectively disabling electric trim entirely. However, the two crews did not identify it as such quickly, since MCAS repeatedly activates the stabilizer briefly rather than continuously (and also due to the other alarms in the cockpit due to the AOA disagree [stick shaker, stall horn, IAS unreliable etc]). It's fairly apparent that the pilot's training and expectations were that an electric trim failure would result in continuous activation. Because MCAS was activating repeatedly (also wasn't supposed to happen), the aircraft was allowed to get so out of trim that once they did cut out the electric stabilizer, the elevators alone didn't have enough pitch authority for level flight and the stabilizer was too [aerodynamically] loaded to move with the manual trim.

There were multiple ways the crews *could* have recovered at various points in the scenario, if they had understood the full picture of what was happening on their aircraft, but with limited information both crews ended up missing the path to recovery because they didn't have enough information to understand the failure. Simply enabling autopilot probably would have saved both crews, since this would deactivate MCAS - but crews are generally trained to fly manually when there are indications things are going sideways.

[raptor1956]

There are many factors that resulted in the 737Max fiasco.  First, the 320Neo was a treat, a very real threat, to the most popular AC Boeing made so they needed 'something quick' to address the Neo problem.  Second, like all too many companies Boeing became too fixated on placating the investor/leisure class and opted for cost cutting at the expense of engineering a better/safer plane.  Third, for the last five decades the US has unraveled most of the regulatory system that has both reduced the regulations AND cut the budget of the regulators so there are fewer of them.  This third point resulted in the FAA, with too few people to do the job they were set out to do, outsourcing the regulation of 737Max to ... wait for it ... Boeing.  That's right, self regulation.

One of the problems with regulations is that they're called regulations and not laws -- we are governed by laws that limit what we can get away with and when we cross the line and get caught there's no escape by claiming the law was not specific enough -- you are prosecuted by the intent of the law.  With regulations when a company runs afoul of the regulation an army of lawyers claim the regulations were 'too vague' and they often get off with little or no penalty and the result is a dramatic increase in the number of pages in the regulation as they attempt to prevent similar action in the future.  So many regulations start out at only a few pages in length but with constant 'testing' by industry it isn't long before the regulations become hundreds of pages.  Then industry cries about the regulations being so vast.  If, instead, the regulations were prosecuted like the laws we live by then the intent would circumvent the vague nonsense and appropriate penalties would be applied.

The five decade war on regulations waged by big business and the investor class was going to get us, eventually, to the point were Boeing would self regulate the disaster that was/is the 737Max.  In the end the money Boeing may have saved by going the Max route will be overwhelmed by the losses resulting from the two crashes and the causes of them.  The money they are pouring down the toilet over this could have financed a new, clean-sheet fly-by-wire replacement for the 737.  When bean counters take over they make more money in the short/near term but all too often the savings are a subtotal and not the real bottom line.  The bean counter approach Boeing has pursued in the last two decades made them and the investors a bunch of money until it cost them 10X that amount!


Brian

[Rick Law]

... ...when we cross the line and get caught there's no escape by claiming the law was not specific enough -- you are prosecuted by the intent of the law.  With regulations when a company runs afoul of the regulation an army of lawyers claim the regulations were 'too vague' and they often get off with little or no penalty... ...

First, I must disagree with you regarding regulations being more problematic as compared to laws in terms of "too vague".  They both have seen their defeats in court when challenged as "too vague".  They share other similarities such as they both have the power of law (as regulations are applied under the the law which empowered the responsible agency), and they both share the problem of being controlled by lobbyist. 

With that disagreement out of the way...

I do agree with you that Regulations in general are more problematic than Laws.  A Law needs to be proposed and passed as a bill by the legislative bodies (upper house Senate, lower house Congress) and then must be signed by The President for it to become a new Law.  (Unless the legislators have enough votes to override the President's veto).  Whereas, regulations just need the involved Regulatory Agency to make up a new rule, do the public commentary period thing, adjust and repeat only if they see fit.  Issue it and now we have something that can have the power of law if so worded.

Here is the problem: As the regulatory agency alone is the controlling body, new regulation can pop up like weed in Spring time.  Record shows during the 8 years Obama was in office, 20642 new regulations came into being.  Whereas, laws requires multi-parties' agreement and faces more road blocks before it can transforms from a bill to a law.  As we are experiencing now where Senate, Congress, and Presidency are not all occupied by the same party, hardly any bills "graduated" into laws.

No doubt FAA is too cozy with the manufacturers in this case.  I got into it in more details in an earlier post:

...
(2) FAA mission conflict which enabled coziness between regulator and regulated

The FAA has a mission-conflict problem.  In a nutshell, FAA was established to regulate and to promote aviation.  Regulation increase cost, yet cost increase is often counter to promoting the industry.  The wording was later changed from "promoting aviation" to "encourage aviation".  But still, the mission conflict between "regulate aviation" and "encourage aviation" are apparently not compatible enough to be easily housed under one roof.

The Los Angeles Times had a pretty good article about this issue:
https://www.latimes.com/business/la-fi-faa-ntsb-boeing-737-crash-20190322-story.html

[SiliconWizard]

I do - mostly - agree: regulations (at least in general) are completely non-democratic, and not just that: regulation bodies are often infiltrated with various lobbyists from powerful industries. So that's an additional problem.