
Preliminary conclusion MCAS misfired in Ethiopian's 737 max crash - leemailll
https://www.cnbc.com/2019/03/29/ethiopian-crash-boeing-737-max-anti-stall-system-likely-activatedwsj.html
======
just_steve_h
Here's the design decision that puzzles me the most: MCAS commands nose-down
trim. The pilot uses the trim button on the yoke to command nose-up trim. Why
isn't that enough to disable MCAS and cause an audible alert?

Think of an analogy: when the autopilot commands a nose-down elevator input,
and the pilot pulls back on the control column, that's enough to disengage the
autopilot.

Or think of cruise control in a car: if the computer commands acceleration,
and the driver steps on the brake, cruise control disengages.

The necessity of MCAS is to meet regulatory requirements for similarity in
handling characteristics to achieve a common type rating. It's not strictly an
engineering requirement, nor is it a safety-assisting technology. It's an
attempt to mask the actual aerodynamic characteristics of the aircraft being
flown. That is a conflicting mission if you will.

~~~
losvedir
> _MCAS commands nose-down trim. The pilot uses the trim button on the yoke to
> command nose-up trim. Why isn 't that enough to disable MCAS and cause an
> audible alert?_

It does. It's just that MCAS tries again in 5 seconds. That's why the
experienced pilots in both the Lion Air and Ethiopian crashes kept the MCAS in
check - trimming to neutral column force is second nature to them - and it
only crashed when the first officers took over, who allowed it to get to full
nose down trim.

A constantly incorrectly trimming system is supposed to trigger the runaway
stabilizer trim checklist, so Boeing thought a failure in this system was
covered by existing training. Unfortunately, a periodic every-5-seconds trim
wasn't recognized as such. I'm not a 737 pilot, so I don't know what runaway
stab trim normally looks like; maybe it's usually constant?

~~~
lisper
> I'm not a 737 pilot, so I don't know what runaway stab trim normally looks
> like; maybe it's usually constant?

Yes, exactly.

The problem (well, one of the problems) is that during normal operations the
trim wheels are constantly moving intermittently, so additional intermittent
motion isn't immediately seen as unusual.

(Disclaimer: I am not a 737 pilot either, but I am a pilot, I fly a plane with
an electric trim (Cirrus SR22) and the info above came from a very experienced
737 pilot named Juan Browne who hosts an excellent channel on YouTube called
Blancolirio.)

------
mysterydip
"Instead of relying on a single sensor indicating the angle of the plane’s
nose, MCAS will rely on data from both of the plane’s sensors"

Why wouldn't you design it that way from the beginning? This isn't Boeing's
first plane.

~~~
mhandley
Because if you did that, you'd have to alert the pilots when the AoA sensors
disagree and MCAS has been disabled. And you can't do that without training
them on what that means, notably how the plane will now fly differently with
what you might call "relaxed stability" at high angles of attack. And Boeing
really really wanted to avoid retraining of pilots because apparently they had
a contract with SouthWest that would cost then $1M per plane if retraining was
required.

~~~
yg6ht5
$1M sounds like pocket change after all that has happened.

~~~
bredren
Market cap loss since crash of flight 303 is $27 billion.
[https://ycharts.com/companies/BA/market_cap](https://ycharts.com/companies/BA/market_cap)

~~~
dingaling
None of which matters to Boeing as an entity. Market cap is not liquidity.

Outstanding Max order backlog is $600 billion at list price. _That_ is what
matters.

~~~
ddalex
> None of which matters to Boeing as an entity. Market cap is not liquidity.

> Outstanding Max order backlog is $600 billion at list price. That is what
> matters.

So at 600 billion in orders they got greedy and didn't want to spend 1M extra
per plane to make it safe.

------
VBprogrammer
That's not very surprising to anyone who has been following along. The more
interesting question is why they failed to identify the trim runaway
condition, or if they did indeed identify it, why the procedure failed to
correct it?

This is significantly different to the Lion air incident where you can easily
give the pilots the benefit of the doubt because the failure mode hadn't been
previously identified. The details of MCAS and the procedure to handle it was
communicated to all operators months before this accident.

~~~
tapland
Maybe time was an issue? Saw in an earlier post that the issue had to be
mitigated within 40 seconds of it occurring.

~~~
sokoloff
40 seconds is an eternity to accomplish the memory items on runaway stab trim
non-normal checklist. It’s literally “control column - hold firmly” (already a
given, since MCAS only affects manual flight and the increased back pressure
required is the cue that something is amiss), “autopilot and autothrottle -
disengage” (click-click, click-click), (if runaway continues) “stab trim
cutout switches - cutout (both)”, (if runaway continues) “trim wheel x grasp
and hold”

All of those are “above the line, memory items” which the crew must be able to
recall and execute prior to referencing the checklists in the QRH.

Boeing has some significant fault here, but I’d expect a full performance crew
to handle this emergency and suspect the CVR and FDR data will show them in a
less than fully flattering light, especially after Lion Air, the emergency AD,
safety memos, and general publicity surrounding the previous crash.

~~~
tyingq
The layperson in me wants to know why things like trim don't have a
meter/display that shows the actual setting. Seeing +6/-6 seems like it might
trigger recognition of runaway adjustment.

~~~
userbinator
It does...

[http://www.b737.org.uk/images/throttlequadrant.jpg](http://www.b737.org.uk/images/throttlequadrant.jpg)

See the scale with "APL NOSE UP" and "APL NOSE DOWN" next to the trim wheels.

Whether the pilots noticed it (or the attitude indicator pointing nose-down,
or the rapidly decreasing altimeter...) is the question.

~~~
tyingq
Ah, so that indicator would have been abnormally in the "nose down" area after
MCAS over adjusted it. Interesting. Information overload, and nobody looked
because that amount of auto adjustment wasn't anticipated. And also means they
didn't correlate the fairly noisy/visual turning off the wheels to get it in
that position.

~~~
DougBTX
There was a PDF incident report going around earlier with a chart showing a
graph of the inputs from MCAS and the pilots over a period of time. There was
a "nose down" command from MCAS, followed by a "nose up" command from the
pilot, then a "nose down" command from MCAS, a "nose up" command from the
pilot... repeated about 20 times in a row...

~~~
mhandley
The full preliminary report from the LionAir crash is here:

[https://www.flightradar24.com/blog/wp-
content/uploads/2018/1...](https://www.flightradar24.com/blog/wp-
content/uploads/2018/10/2018-035-PK-LQP-Preliminary-Report.pdf)

I've put the relevant figure showing the trim adjustments here:

[http://nrg.cs.ucl.ac.uk/mjh/lionair.png](http://nrg.cs.ucl.ac.uk/mjh/lionair.png)

------
linuxftw
Still doesn't answer the question of, why if MCAS is required during critical
portions of the flight to prevent stalling is disabling of MCAS an acceptable
solution for this aircraft?

Introducing a new condition of "We think MCAS is on, but we're not quite sure
/ it's cutting in and out due to censor disagreements" is preposterous.

~~~
ams6110
This might be splitting hairs, but MCAS is not there to prevent stalling. It's
there to meet a specific certification requirement on control stick forces at
high angles of attack. Yes the intent of the requirement is to reduce the
tendency of the pilot to pitch up too much near the stall. But MCAS doesn't
prevent stalling.

Modern aircraft have many automatic systems that are there to make the pilot's
job easier. That doesn't mean they are unsafe to fly if those systems
malfunction and have to be disabled.

~~~
linuxftw
Every source I've found refers to it as an anti stall system, and the system
is designed to limit angle of attack (eg, prevent the system from stalling).

It's definitely a safety feature that's required and not an assistive device.
It was required for certification, and in fact as originally specified was
unsuitable to prevent stalls, so Boeing had to increase the authority of the
system to make it functional.

------
tomnm
Physics cannot be fixed by software.

The necessity of MCAS means the airframe has fatal flaws.

I would avoid 737 Max by all means, no matter whatever software revisions
Boeing releases.

Previous discussions:

[https://news.ycombinator.com/item?id=19509618](https://news.ycombinator.com/item?id=19509618)

~~~
wp381640
most modern fighter jets would drop out of the sky like a rock without
software

they'll eventually get this right - they just need to step back and recognise
that the MAX is a completely new type of aircraft and stop taking shortcuts on
certification and training

what saves them is that Airbus is at production capacity on the neo

~~~
bobowzki
While it's true that fighter jets have been aerodynamically unstable for
decades, they're not built for transportation and have ejection seats.

The main reason they are unstable is to increase agility. Is this necessary or
even wanted in passenger aviation? I don't know but I'd guess not. Probably
safety, comfort and fuel economy are far more important and can (should?) be
achieved with a stable airframe.

~~~
wp381640
fighter jets are the more extreme and established example, it also applies to
most modern airliners which have software systems in place to prevent human
controls from exceeding the aircraft flight envelope

fuel efficiency in these modern aircraft has been gained with swept back
wings, larger intake engines etc. which with direct control and no software
would be almost impossible to keep flying

discarding _all_ of these systems because of a problem with one would set
airline safety and efficiency back decades

~~~
bobowzki
Swept back wings and larger intake/bypass engines does not make the airframe
inherently unstable.

The fly-by-wire system has multiple redundancies and layered protection,
including direct law (at least for Airbus). Fly by wire is, like you say, of
course a great innovation for improved control and safety, but it's nice when
the plane continues flying even during a failure, however unlikely.

I guess in the case of MCAS the software was activity working against the
pilots so maybe it's more of a problem with the design of this particular
system and training.

------
bdavis__
The amount of Boeing hate is phenomenal. "scrap the plane" ! "require a new
type certificate" "never fly in a 737 max, no matter what".

Boeing made a plane that conformed to all rules and regulations. As part of
the design process, they made many, many tradeoff's. What kind of fastener
goes on this panel? How often does this data go across the data bus? What
material is used for this cable? Literally thousands of them. Not every one ,
by itself is safety critical; but many of them can turn out to be.

The MCAS design was not some engineer skirting the law, or wanting to kill
people, or even disinterested in safety. It was a compromise design of cost vs
safety; in hindsight it looks like the compromise was done poorly.

A 100% safe airplane weighs too much to fly and costs too much to build. This
means every design decision has to take into account other things than just
'raw safety'.

They made a mistake. Even when you are not "moving fast and breaking things",
people make mistakes. process adherence misses the mistake.

And in this case people die. Unfortunately, that is how we improve aviation
safety. With the blood of passengers and crew. Not on purpose, not because
boeing is greedy, but because people make mistakes, systems fail, airplanes
crash. This was not a single failure of the aviation safety system. N things
had to happen for these crashes. And the system is going to fix each one of
them, and do a humans best effort to change the process so it does not happen
again.

i would fly a Boeing aircraft tomorrow (yes, a 737 MAX 8). Or an Airbus. They
are both built and overseen by the best our world has to offer.

This is not the first design failure that has been the cause of an incident
(or even a series of incidents) and it will not be the last.

------
armitron
I'll never fly 737 Max. No matter what changes they do, barring a complete
redesign of the plane.

Boeing deserves to go out of business for this.

~~~
chasingthewind
I'm not going to defend Boeing's conduct here for one moment, but I do think
your statement is an over-reaction. The company employs 150,000 people, it
contributes billions to the US economy, and builds significant aerospace know-
how in the US. I imagine we could come up with lots of reasons why Boeing is a
net positive. These crashes are tragic and Boeing's conduct deserves
condemnation, but a solution that keeps the company going and fixes the
culture that led to this seems to be a far better solution than them going out
of business entirely.

~~~
fopen64
If I pack air, sell it as panacea, and employ 150k people doing that, do I
deserve to be be in business?

~~~
salex89
If you can actually pay 150k people, maybe you do, since you're bloody good at
it!

Joke aside, let's be fair, Boeing did not sell air. Their greed got the better
of them, and the institutions set to prevent that did not do their job. They
should take responsibility for the things they did (or in this case, did not).
There is no penalty high enough to bring back lives.

~~~
rubinelli
I wish there was a law to nationalize a company that was found guilty of gross
negligence, to subsequently pay damages and re-sell them in the market. Make
shareholders accountable, instead of sending a couple of middle managers to
jail and keeping the same incentives that caused the first tragedy in place.

~~~
Rooster61
> instead of sending a couple of middle managers to jail

So you want to turn the company over to the same governmental body that lets
companies get off by firing a few middle managers? The same body that possibly
allowed this lapse in safety to get through regulations in the first place?

~~~
rubinelli
Temporarily, yes. It doesn't have to be the same government agency, and the
aim would be to divest as fast as possible, so hopefully less short-sighted
and more responsible shareholders would control it in the end.

------
marksomnian
Paywalled, anyone have a workaround?

~~~
1f60c
Simply search for the title on Google, and they’ll let you in based on that.

[https://www.google.com/search?q=Investigators+Believe+Boeing...](https://www.google.com/search?q=Investigators+Believe+Boeing+737+MAX+Stall-
Prevention+Feature+Activated+in+Ethiopian+Crash)

~~~
mastazi
The little "web" link under the title of every HN post does that for you :-)

~~~
sundvor
Oh didn't know that one - thanks!

