
Boeing MAX production cut signals long grounding - howard941
https://leehamnews.com/2019/04/06/boeing-max-production-cut-signals-long-grounding/
======
tibbydudeza
Like the Toyota unintended acceleration issue we need third parties to look at
the flight control software and engineering decisions taken for the MAX line
and give a an independent report.

Certainly not the FAA who delegated their oversight to Boeing.

346 people died because of their ineptitude.

~~~
MuffinFlavored
> 346 people died because of their ineptitude.

This might be too hot of a take for HackerNews, but... look at how many people
the FAA has kept safe over the past 30 years. I'm pretty sure the number of
people who travel without dying is very, very high. I don't disagree that
their might have been some ineptitude (I'm sure you could find that anywhere
for anything since it's opinion driven), but to say the FAA is all rotten
because 346 died is kind of dramatic when millions have been kept safe.

~~~
wtvanhest
Was this aircraft even under FAA jurisdiction? I thought the FAA only had
jurisdiction over airline flights to and from the US.

~~~
Svip
Certifying aircraft is a long and expensive process. So generally speaking,
aviation authorities 'share the burden' by relying on each other. By the same
token, the FAA will take an EASA certification of an Airbus aircraft as valid
without much additional checking.

FAA's reputation alone was good enough for other aviation authorities to
accept its certification of Boeing's MAX 8, which is why the FAA matter
despite happening way outside its jurisdiction.

~~~
mcv
And both Boeing and the FAA have some credibility to win back here. If they
don't, other aviation authorities might not trust the FAA's judgement on
Boeing airplanes in the future.

------
panarky
Not only a longer grounding, but some airlines are canceling orders and many
passengers don't want to fly in them.

The 737 Max could become the Edsel of airplanes.

[https://en.wikipedia.org/wiki/Edsel](https://en.wikipedia.org/wiki/Edsel)

~~~
adrr
I won’t fly one unless it has 3 angle of attack sensors. Since that can’t be
easily found out, I’ll avoid them.

~~~
mrpippy
No 737 has 3 AoA vanes, and it’s extremely unlikely they’ll ever change the
design to accommodate that. Every MAX will have an indicator to show if they
disagree though.

~~~
fanf2
The AOA disagree indicator was an optional extra that was missing on the
planes that crashed - [https://arstechnica.com/information-
technology/2019/04/boein...](https://arstechnica.com/information-
technology/2019/04/boeing-delays-737-max-software-fix-delivery/)

~~~
mrpippy
Correct, and the AoA disagree indicator will be added to every plane (for
free) as part of the MCAS software fix.

------
tus87
I wonder how high the scandal goes. I mean does the CEO have to sign off on
design decisions like the engine misplacement on the MAX?

~~~
bilbo0s
I'm pretty familiar with how all this works on the FDA side with medical
devices/software.

If it's the same general setup as on the medical side with the FDA, then it's
a virtual certainty that liability will fall with some compliance and QA
types, as well as any engineers or engineering managers who signed the
relevant documents. Those signatures are all legally binding, and represent to
everyone up the chain that the systems in question are functioning properly.
If the government can show that the systems in question could not have been
functioning properly, they got you. (Another thing we learned from our lawyers
about the FDA side, _each_ document that you signed, represents _one_ count of
lying to the federal government at a minimum. Multiply that by the number of
documents signed to get a single system through, and you get an idea of why
you should never sign _anything_ if you have _any_ reservations at _ALL_. No
matter how slight the reservation. No matter how much pressure the higher ups
put on you. I think the rules are the same on the FAA side. So these guys have
really stepped in it.)

That said, they may be able to snag a few executives here or there, but only
if they can prove who knew what, and when. Execs, you would think, would be
pretty careful about liability type things, so they could look very hard and
not find anything on any of the execs. It would not be collusion or
preferential treatment, it's just hard to find that kind of a smoking gun in a
mountain of electronic documents and messages. (I strongly suspect that if the
government were to press hard enough though, that some of the engineering
managers and compliance types would turn state's evidence to get lighter
sentences. At that point, you could probably get some execs I'd imagine? Still
might be hard though.)

The engineers and QA/Compliance folks, though, should really be consulting
with outside counsel. Just as a precautionary measure. I wouldn't trust Boeing
execs to not throw me under the bus.

And this time around, it looks like a pretty big bus. I don't think you
survive this hit.

~~~
selimthegrim
Good luck with the medical software industry - I was told things like “HIPAA
audits never ask about hashing passwords so why should we care”

------
the_fonz
This doesn't go far enough. As reported by Al Jazeera in 2010, critical
structural elements of the 737 NG that were supposed to be CNC'ed were
handmade and grossly out-of-spec, leading to at least three deaths when 737
NG's broke apart in several sections on runway overruns, while in the past
airframes held together intact in such events, protecting passengers. Boeing
then covered up and scuttled its own investigation panel after management
didn't like its conclusions.

tl;dr: 737 NG and MAX aircraft are fundamentally unsafe because of systemic
lapses in regulatory oversight. These aircraft cannot be made safe
economically due to Boeing's regulatory capture of the FAA, so it's best to
never fly on them.

In my mind, Boeing as a passenger transport company is, or should be,
finished. How they acted regarding the 737 NG and MAX are criminally-
unforgivable.

------
salawat
Putting on the Wild Ass Guess hat.

I remember reading that the MCAS system uses the exact same physical contacts
as the pilot's electrical trim adjustment switches.

I'm wondering if they're trying to change their software implementation to
more cleanly separate the two abstractions in the code in order to avoid
having to do a hardware or firmware change on the jackscrew motor controllers.

If before, the signalling was such that the signalling was handled as a sort
of one off block jammed into some function somewhere, they may now have to be
doing much more thorough refactoring to separate out those interfaces, and
improve the traceability, testability, and readability, all with the overhead
of a system likely reclassified to "catastrophic" system hazard rating.

Either way, after some number crunching of my own, I can only see going
forward with MCAS reasonable if there is some way to discretely disable its'
ability to signal the jackscrew motor while leaving the electronic trim
available in case of erroneous MCAS activation in the future, because with the
requisite torque involved to quickly actuate that control surface against
potential overspeed loads exacerbated by elevator up pitch commands, you'd
need the electric motors, period.

Without taking into account friction, and using the stabilizer dimensions of
the 737-800, in air conditions approximate to Addis Ababa, at 350 knots,
discluding extra load from elevator up, and assuming an M24 jackscrew thread,
it would have taken 357 ft-lbs torque to actuate against that wind load.

That's the output of a non-trivial automotive engine to bring that down to
something the non-mathematically inclined can recognize, and while
theoretically may be possible to gear for from a hand crank, I'm not confident
I'm going to be able to figure out a gear train that can gear reduce enough to
allow anywhere near enough speed when rotated by one pilot to get that
horizontal stabilizer where it needs to be in so short a length of time.

Either way, I foresee a lot of chaos, and scrutiny moving forward in the
handling of this, and can only hope we can finally come to terms as a nation
with why certain regulatory agencies are worth the cost of investing in if
only to keep the seeds of such tragedies as happened here from ever being able
to germinate again.

~~~
tropo
So, to get the aircraft back flying again, we just need to mandate some
physical strength standards for air crews.

------
foobarbazetc
This plane is dead. People just haven’t accepted it yet.

~~~
cryptonector
I think that would be unfortunate. I don't think it should die over this. The
issues are eminently fixable. But a number of executives may have to exit
Boeing, and the FAA, in order for the plane to not die, and all the issues
must be fixed of course.

~~~
tanilama
> The issues are eminently fixable

Not really. I am no expert, that is why I no longer trust FAA/Boeing telling
me it is safe any more, at least in this particular case. As a passenger, I
would avoid buying tickets from this plane even it means more cost

~~~
DuskStar
What about it isn't fixable? Redundant (and thus more reliable) AOA sensors +
a less aggressive MCAS system that at maximum displacement can't override the
yoke would be more than enough of a fix for me.

~~~
cryptonector
No need to make MCAS less aggressive. Training + an alarm should be
sufficient. Even now, with no other changes at all, training might well be
sufficient, though I'd much rather they make the system more robust and add an
alarm.

~~~
ulfw
No training in the world will help if this system malfunctions and puts the
nose down at 1000ft already. You can't react fast enough to not hit the
ground.

Also I don't want to fly in a plane where 'trained' pilots have to fearfully
watched every feet they climb to quickly overturn a system that malfunctions.

~~~
cryptonector
That's clearly not true, since the day before the Lion Air crash a pilot
flying in the jump seat was able to diagnose and correct the issue.

~~~
ulfw
At 40,000 feet you have ample time to react. At 1000 you don‘t. That‘s my
argument.

~~~
cryptonector
IIUC the incident the day before the Lion Air crash was also on take-off.

------
rootusrootus
Still making more than one a day. Maybe they're running out of places to park
'em.

~~~
tus87
If by places you mean customers that sounds about right.

~~~
kyrra
Incorrect. They still have a backlog of 4600 planes to deliver. And they
aren't laying anyone off.

[https://www.npr.org/2019/04/05/710477435/boeing-to-slow-
prod...](https://www.npr.org/2019/04/05/710477435/boeing-to-slow-production-
of-737-max-jets-as-it-works-on-flight-control-software)

~~~
tus87
Then why are they slowing production? Interesting how the article doesn't
explain that.

> had a common link of a malfunctioning flight-control software called MCAS.

My understanding is the software was fine, it was faulty sensors with no
redundancy and poor feedback displays to pilots.

~~~
jdsully
If the planes aren't allowed to fly, then they won't have any place to put
them. Boeing Field is pretty small.

~~~
saryant
The FAA will grant special permits for flying grounded planes without
passengers. This isn't that big of a problem.

------
cmurf
I think there's a non-zero chance that the 737 MAX is going to end up with a
type certificate. MCAS causes the MAX to behave differently than an NG,
whether it's working as designed or not. And also that it can be disabled,
immediately means the airplane isn't airworthy as certified and without a type
rating the pilot isn't either.

Before this article I would have said, approaches zero chance a type
certificate would be required. But the idea it would take 6-8 months to get it
flying again? That's so outside the realm of what I was expecting that there
must be some talk about it.

------
joshbaptiste
The 737MAX was designed to compete with A320NEO .. why Did Boeing have to move
the engines forward while Airbus did not ? AFAIK the NEOs weren’t a complete
redesign either

~~~
bronco21016
The 737 rides significantly lower. Check out the 737-700/800/900 series and
you’ll notice the engine cowl (inlet) is not perfectly round at bottom because
of ground clearance. This is likely a design choice leftover from the original
737 series that used JT8D engines which are turbojet engines rather than high
bypass turbo fans that make modern airliners efficient. Because Boeing has
been so set on retaining the original type certificate they’re restricted in
how much they can change the airframe. The only way to slap bigger more
efficient high bypass turbo fans was to move them forward and up.

~~~
AnssiH
JT8D are low-bypass turbofans, not turbojets. But yes, their diameter is
smaller than modern engines, thus the issue.

------
remarkEon
I apologize if this is too soon to ask this question, or if it comes across as
crass given that 346 people are dead because of this failure.

What kind of long term implications could this have for the Aerospace industry
in the US? Will we see some fundamental changes in safety oversight, or
design, for these aircraft? Is this a "back to the drawing-board" moment for
Boeing and the 737?

------
thefounder
Would you still fly with Boeing Max after all this? I understand that the
"issue" can be fixed with software but it looks like a hardware/design issue
in the first place. If your highest priority is safety the software should be
used only when the hardware fails not to support a flawed design.

~~~
Innominate
I would be perfectly comfortable flying on the 737 Max right now even without
the software fixes.

~~~
Someone1234
That's an irrational position. After the Ethiopian Airlines initial report was
released pilots were discussing refusing to fly them even for ferry flights
(i.e. no passengers).

The Ethiopian airlines crew followed Boeing's post-Lion Air safety bulletin
and still crashed. There's no safe way to operate a 737 Max in its current
state. The hypothetical recovery techniques (e.g. point nose down to release
pressure on the horizontal stabilizer) only work at high altitude, which is
notable if Ethiopian airline's AOA sensor was damaged by a bird strike right
after take-off.

Nobody who understands the current state of this investigation should be
saying they'd be comfortable on a 737 Max without changes. The "pilot
training" narrative isn't just dead, but dead, buried, with a tomb stone.

Sure, pilots should have received training on MCAS existing, but MCAS was
commanding trim changes that aren't easily recoverable under any circumstances
and certainly not if you follow procedure and disable electronic trim. Nobody
should fly on the 737 Max until an update completed, I'd go so far as to
suggest that the US/EU should ban ferry flights.

~~~
Zak
> _The hypothetical recovery techniques (e.g. point nose down to release
> pressure on the horizontal stabilizer) only work at high altitude_

That's not quite right. Manually operating the motorized trim as soon as
unwanted nose-down trim is detected prior to disabling it with the cutout
switches appears to be a viable means of recovery. It's also an undocumented,
timing-sensitive procedure in a critical phase of flight, which is not
anything resembling what airline pilots want from their planes.

~~~
Someone1234
> Manually operating the motorized trim as soon as unwanted nose-down trim is
> detected prior to disabling it with the cutout switches appears to be a
> viable means of recovery.

That's what the Lion Air crew did. They died. The Ethiopian Airlines crew
followed Boeing's safety bulletin. They also died.

But I do take your point, which may prove to be correct. It is hypothetically
possible to electronically trim against MCAS then immediately cut out the
electronic trim system before MCAS has a chance to re-initiate (5 secs after
last trim command). Then you mechanically trim for the remainder of the
flight, which should be possible without too much pressure on the horizontal
stabilizer.

It is crazy to think that that may ultimately be the life saving procedure
here, given its complexity/nuance. Particularly for a largely undocumented
(for flight crew) system.

~~~
Zak
The information I'm aware of so far is that the Lion Air flight crew did
repeatedly attempt to adjust the trim, but it's not known if they used the
cutout switches. A previous flight with the same aircraft did experience
runaway trim,and the cutouts were used before the problem became
unrecoverable.

I find the design of this system shockingly ill-considered. At the very least,
it should require input from both sensors and not activate if the sensors
disagree. It seems to me a better system would be to automatically add some
nose-down trim if the pilot applies full forward pressure on the stick since
the primary underlying concern is insufficient elevator authority in certain
impending stall conditions for that standard pilot response to be effective.

------
filereaper
Looks like the 737 MAX issues are going to overshadow the unveiling of the
777x...

------
test6554
Fixed Title: A halt in the production of Boeing MAX airplanes is a sign that
they will be grounded for a long time.

~~~
andrewflnr
> (((Boeing MAX) production) cut) signals (long grounding)

I had a heck of a time parsing that. I kept trying to read the "grounding" as
something related to electrical grounding, wondering what "long grounding" was
in that context and how Boeing had screwed it up

------
smaili
Primary tldr's:

> Boeing hasn’t announced what the second software problem is. LNA is told it
> is the interface between the MCAS upgrade and the Flight Control System, but
> specifics are lacking.

> LNA interprets these combined events as indicative the MAX will be ground
> well past the Paris Air Show in June.

------
jarym
“This came so quickly and was steep”

Somewhat poor choice by the writer here given the association.

