
Ralph Nader: Greedy Boeing’s Avoidable Design and Software Time Bombs - walkingolof
https://nader.org/2019/03/21/greedy-boeings-avoidable-design-and-software-time-bombs/
======
cliveb
From applied control theory I intuitively knew that a cascade of issues
resulting in a system instability had overwhelmed the pilots. I now see this
arrogance of data science based software engineering being inserted into
business, industry and social systems. As an abstract example Facebook's
attempt to stabilize the politics on its platform through algorithms. More
concretely in the hydro dam control systems in the Pacific Northwest.
Specifically in this damned Boeing 737 Max control system. Control systems
need rigorous testing through simulation not accidents.

------
ajross
Boeing's design process was a shady mess for sure, but safety goes all the way
down and up the stack. Every failure mode should have some level of redundancy
and double checking.

So, yeah, a manufacturer tried to game the certification process to save a few
bucks (and months) on a new aircraft design. That's a failure. But it's _not_
an unforseen one!

The safety value for manufacturer shenannigans is supposed to have been the
certification process itself. And I gotta say the worst failings here are with
the FAA. At any point someone could have looked at the process and seen:

1\. They changed the engine

2\. They had to move it because it was too close to the ground, but they
couldn't stretch the landing gear and keep the type certification.

3\. So they moved the engines forward and up

4\. But now the aircraft was less stable, and they couldn't change the tail
design and keep the type certification.

5\. So they did software-managed stability augmentation instead

6\. But (that's right) they couldn't change the autopilot and keep the type
certification.

7\. So they did it with the trim, which had never operated under autonomous
control before.

I'm sure I have a few of those details wrong, but the point is that any
bureaucrat familiar with the aircraft could have seen that this was a
ridiculous house of cards they were playing with the type certificate. I mean,
one change with one workaround, sure. But a cascade like this is just
_obviously_ a perversion of the process.

Yet no one said something. Or if they did they were overruled.

The way the built-in incentives work, it's not feasible to rely on 100%
forthright and honorable manufacturers. So we have a regulatory body to catch
those failures for us, and it failed.

~~~
asynchronous13
> And I gotta say the worst failings here are with the FAA.

The FAA is underfunded to do their job properly. The major consequence of this
is that to properly certify the changes from Boeing would have taken a long
time. A long time would mean that Airbus would win more contracts compared to
Boeing. With a pro-business administration in place, there was significant
pressure put on the FAA to complete the certification quickly. They were
actively encouraged to outsource safety work back to Boeing's engineers to
keep pace on the timeline.

~~~
pathseeker
>The FAA is underfunded to do their job properly.

That's not an excuse to rubber stamp a design.

~~~
asynchronous13
Totally agree, and that's not what happened. Some of the data that Boeing
presented to the FAA was wrong/old.

------
vermontdevil
Boeing’s culture needs to change. They have a history of shady behavior.

The espionage against Lockheed Space that lead to the ULA formation

The rudder denials with 737 before this current crisis.

The 767 lease debacle.

I’m sure I’ve forgotten more.

They keep getting away with it and it needs to stop.

~~~
mhandley
The Boeing 737 bear straps fiasco is pretty sobering reading too:

[https://www.brandeis.edu/investigate/political-social-
justic...](https://www.brandeis.edu/investigate/political-social-
justice/boeing-parts-scandal.html)

[https://www.aljazeera.com/programmes/peopleandpower/2010/12/...](https://www.aljazeera.com/programmes/peopleandpower/2010/12/20101214104637901849.html)

------
colechristensen
The NTSB does and has done a fantastic job keeping flight safe, they are the
sorts of people we should be looking to for what went wrong and how to fix it.
Not politicians, Ralph Nader, or armchair engineers on forums.

Flying is complex and exposing the correct instrumentation, controls, and
training to pilots is a hard problem. There will be mistakes and the important
thing is to learn from them. The industry and regulators are very good at
this.

------
liber8
Nader may be right about some of this, but just claiming that evil "reckless"
Boeing executives caused this is pretty silly. Boeing execs are probably the
least reckless execs in any field, because even tiny failure rates can have
massive consequences.

What's scariest about this is that it highlights the fact that many pilots are
just regular schmoes. Average intelligence, adequate training. That's fine
99.9% of the time, when equipment failure isn't catastrophic. But it's crazy
how many, when they're actually faced with catastrophic failure, forget how to
fly the damn plane.

The runaway trim problem has been happening for 50 years. This isn't new, or
unique to the MAX (same thing can happen on the small jets I fly). Anytime
something like this (or any other autopilot failure) happens, every pilot is
trained to disengage the system and fly the goddamn plane. Apparently the
pilots on these flights didn't know how to do that. It's tragic.

For some more reading on the other end of the spectrum, see:
[https://www.aopa.org/news-and-media/all-
news/2019/march/20/c...](https://www.aopa.org/news-and-media/all-
news/2019/march/20/congressman-concerned-about-foreign-pilot-training) (this
is probably equally as bombastic as Nader's article, but offers some good
perspective from that side)

edit: Apparently Nader's niece died in one the crashes, which would certainly
explain his outrage: [https://www.cnbc.com/video/2019/03/22/ralph-naders-
niece-die...](https://www.cnbc.com/video/2019/03/22/ralph-naders-niece-died-
in-one-of-the-boeing-crashes-now-hes-calling-for-the-737-max-8-to-be-
grounded.html)

~~~
asynchronous13
> But it's crazy how many, when they're actually faced with catastrophic
> failure, forget how to fly the damn plane.

Your comment makes me sad. Especially since there will be many other people
who come to a similar conclusion without adequate information.

The runaway trim problem and the new MCAS problem are superficially similar,
but the symptoms are distinctly different. The runaway trim manifests itself
with a continuous deflection of the trim. Pilots are trained to recognize this
symptom and compensate. The new MCAS also affects the trim, but it is engaged
in repeated nose-down commands. It has fundamentally _different_ symptoms
compared to the older and more widely known runaway condition.

There is no absolute reference on the position of the stabilizer. It is a
wheel that turns, so a pilot must watch that wheel continuously to know if it
keeps turning or if it turns periodically.

The controls column has force feedback. The pilot was pulling back with ~50
lbs of force to fight the angle of the trim. Imagine holding a 50 lb dog while
simultaneously trying to review emergency procedures to find the source of the
problem. The pilot was flying the damn plane, and the symptoms of this problem
were different.

~~~
js2
> There is no absolute reference on the position of the stabilizer.

There’s an indicator right next to the wheel:

[https://qph.fs.quoracdn.net/main-
qimg-1dc99dbe662c71d7c470cf...](https://qph.fs.quoracdn.net/main-
qimg-1dc99dbe662c71d7c470cf1bb873a8ff-c)

And the pilots must have recognized it was a trim issue because they countered
it multiple times. Why they didn’t flip the stab trim cut off switch is a
mystery.

An earlier crew was able to fly the plane. I agree the pilots should have been
made aware of MCAS (though either the Ethiopian pilot was shockingly not aware
of it or being aware didn’t help him). But at the end of the day the pilots
are there to fly the plane, not manage automation:

[https://vimeo.com/159496346](https://vimeo.com/159496346)

~~~
asynchronous13
The earlier crew faced an identical issue the day before, and it was only the
deadhead pilot onboard who recognized the issue and suggested flipping the
stab trim cut off. Out of 5 pilots (7 if we count the other crash), only one
suggested the correct fix.

> Why they didn’t flip the stab trim cut off switch is a mystery.

Not really. In the previous incarnations of the 737, a hard pull on the yolk
by a pilot disengaged the automatic trim system. In the 737 MAX, the yolk pull
method to disengaged the trim was disabled. What the pilots did would have
worked on the previous version of the plane, but not on the MAX.

Boeing really tried to claim that the MAX was just like the previous version,
and that pilots didn't need new training to fly it. I think the data shows
that more pilot training is appropriate for this plane.

~~~
DuskStar
> The earlier crew faced an identical issue the day before, and it was only
> the deadhead pilot onboard who recognized the issue and suggested flipping
> the stab trim cut off. Out of 5 pilots (7 if we count the other crash), only
> one suggested the correct fix.

And there are two ways to look at that. One is to say "obviously this means
that this failure mode is too hard to diagnose". Another is to say "holy shit
Lion Air pilots are _fucking incompetent_ , I'm never going to fly any sort of
third world budget airline if any of them are like this".

The truth is probably somewhere in the middle, of course.

> What the pilots did would have worked on the previous version of the plane,
> but not on the MAX.

And yet the checklist continues past that point, because guess what? The
"control inputs disengage trim" component can also fail, and Boeing planned
for that.

~~~
asynchronous13
I believe you're right that the truth is in the middle. It really points to
the pilots being inadequately trained on this aircraft. Boeing strongly pushed
to avoid requiring new pilot training for the MAX airplane. They claimed that
MAX was similar enough to the previous version of the 737 that if a pilot were
checked out on the previous plane they were good to go. What we're seeing now
is that assessment was wrong. More training should have been required.

Boeing fucked up big time on this one. FAA also fucked up. Pilots were
inadequately trained, and some delivered info was false (Boeing said MCAS
could only bring the nose down 0.6 degrees, in fact, it was unbounded)

The MCAS system was designated "hazardous" by Boeing in their own safety
assessment. A system that is labeled hazardous can not be reliant on a single
system failure. MCAS _is_ reliant on a single sensor. That's already a major
error in the safety analyses. As we can clearly see from two accidents, MCAS
system should have been designated "catastrophic", one step more dangerous in
that scale, with even more stringent redundancy requirements.

------
yingw787
Does the FAA require civilian commercial airliners to have some sort of catch-
all (e.g. positive stability if you kill all power and lower a ram-air turbine
and assuming your flaps aren't jammed)? I don't know if that would have saved
lives on those flights, because it was high enough to crash and low enough to
not turn around to the airport or get to safety, but I would think a gliding
plane and some base assumptions about the inherent flight characteristics of
their plane would give the pilots a few precious seconds to think (like the
miracle on the Hudson). Physics-based problems should have physics-based
solutions.

If the engine placement and weight distribution caused an inherent problem
with the stability of the aircraft, a rule like that might have given Boeing
pause, no?

~~~
ams6110
Yes, in particular the 737 is a cables and levers and pullys design. It can
fly totally manually. If the pilots had realized they had a trim problem, and
switched off the electric trim, and trimmed manually (literally turning a
crank in the cockpit) they would not have crashed.

------
Johnny555
Should the airlines share some of the blame for not paying for the $80K
disagree light for the two sensors on their $100M plane?

If I don't pay for the $3K automated emergency braking upgrade for my car, is
it Honda's fault if I rear-end someone and die? It doesn't cost them $3K for
what's mostly software and a couple hundred dollars of sensors, should they
have bundled that obvious safety feature into the price of the car and not
made it an optional upgrade?

~~~
torpfactory
I personally don’t think safety equipment should be optional when they are
relatively inexpensive for the manufacturer to implement. Boeing were clearly
viewing this as an opportunity to get a bit more money out of a customer as
pure profit margin.

~~~
Johnny555
But who defines "inexpensive"? Is a $1000 feature inexpensive on a $30,000
car? Is an $80K feature inexpensive on an $100M airplane?

That's $4M across a fleet of 50 jets (Ethiopean's 737 order size) - so it's
not exactly insignificant.

Japanese authorities required the feature, while the FAA and others did not.
Should all of the onus be on the manufacturer? There's definitely an argument
to be made that Boeing didn't reveal the full nature of MCAS to the FAA, but
if that weren't true, is it Boeing's fault that they didn't bundle the
feature, or is it the FAA's fault? And why did the Japanese require it, did
they have information that the FAA did not have?

~~~
torpfactory
I guess I meant from the manufacturer's perspective. I doubt it costs Boeing
80k to implement, though that was apparently the list price for the feature.
This comment also really belongs within the context of the safety expectations
of your industry. For planes, there is a high safety expectation. For a
hardware feature that costs Boeing maybe $1k (wild ass guess here) to
implement, I would expect them NOT to view that as an opportunity to squeeze
someone for more profit. They would obviously have to increase the selling
price somewhat.

From a purely business case I can see why Boeing did what they did but I'm
just philosophically opposed to profit being the only goal. Even if it was the
only goal, this case pretty clearly shows that it wasn't 'worth it' for Boeing
to skimp on safety features with what, 20B wiped off their valuation.

------
llamataboot
'm a bleeding-heart socialist, actually an anarchist, far to the left of Ralph
Nader and I /still/ find his rhetorical style obnoxious and not useful.

We can have a discussion about how de-regulations and profit motives may have
contributed to this disaster, we have even throw in ideas about regulations
and corporate responsibility, but we have to recognize that software at this
scale and or these purposes is hard, and there's no reason why the govt may be
better at it than Boeing, and the discussion about what the risk/reward ratio
should be for society as a whole is super complicated and we don't nec have a
way to have it.

TLDR: I'm an anarcho-socialist programmer. Boeing may or may not be evil and
de-regulation and the profit motive probably eff things up in the current
socio-economic sphere, but Ralph Nader doesn't lend much to the conversation
here.

------
erentz
> Most notoriously, the airlines, after the hijacks to Cuba in the late
> Sixties and early Seventies, made sure that Congress and the FAA did not
> require hardened cockpit doors and stronger latches on all aircraft, costing
> a modest $3000 per plane. Then the 9/11 massacre happened, a grisly
> consequence of non-regulation, pushed by right wing corporatist advocacy
> centers.

This is a curious and very sad bit of history I was unaware of.

~~~
mikeash
I’m going to put a big fat Citation Needed on that one. I don’t see how it
would have helped in the 1970s. The hijackers take over the rest of the plane
and say they’re going to execute one passenger every hour unless the pilots
take them to Cuba. Are we expecting the pilots to say, nope, we’re safe,
execute whoever you want?

9/11 was a game changer becasue it was a completely new kind of hijacking
where the hijackers have no demands and everybody dies quickly if the
hijacking goes according to plan. Reinforced doors are useful there, becasue
threats to the passengers don’t hold weight when you know they’ll all die
anyway if you open the door. That was very much not the case in the 70s.

~~~
iforgotpassword
Wouldn't it make sense in that case to just pretend it was a "regular"
hijacking? Why should you go "hey pilots, open the doors or not, everyone is
gonna die anyways." Vs. Open the door now or we'll kill a passenger every 10
minutes."

~~~
jdblair
That won't work, because the protocol has changed. No pilot today will open
the door, even as someone dies every 20 minutes. The pilots will divert to the
closest airport and land.

~~~
iforgotpassword
I wouldn't bet on that. It might be protocol, but they're humans, not robots.

~~~
setpatchaddress
No. The pilots know that they'll be dead if they open the door. I take it
you're too young to remember 9/11?

~~~
iforgotpassword
There's plenty of blackbox recordings and transcripts out there of pilots
losing control and freaking out instead of trying to stay calm and try to fix
the situation. Most recent example is lion air. How the fuck can you seriously
think every pilot on this planet would stay calm, act absolutely rationally
and not panic if they can hear people being shot behind a closed door,
especially if they'd been told they can make it stop by opening the door?
That's like a hundred times more psychological stress. Seems like you should
get out some time, have interactions with real people.

------
PaulHoule
As for a flyer's bill of rights it would be nice to have more widebody flights
or at least something small but comfortable like the Embraer 195.

What's been lost in this discussion is that the 737 is based on the 1958-era
707 in it's major configuration -- with its circular fuselage it is not built
with compatibility with the human body in mind so of course you are going to
feel like flying is hell after a transcontinental trip on what was originally
intended as a regional jet.

Even if you survive the flight on a 737 you are going feel like you're dead.
Since the 737 and A330 represent the vast bulk of planes built, anyone
concerned about the environmental impacts of air travel (e.g. climate change,
noise) would want to see the 737 get a clean sheet design like the 787.

~~~
mikeash
I’ve never noticed a difference in comfort between different airplanes. What
matters is the seat, and they’re pretty much all the same (and, when
different, this does not depend on the type of plane they’re in). Why would I
care about fuselage cross section?

~~~
rayiner
The narrow body gives you less room to work with. Delta Economy seats are
17.2” in the 737, 17.9” in the 767, and 18.5” in the 777.

~~~
Johnny555
United has a few configurations for 777 economy seating - a 3-3-3
configuration with 18.3" of width and a 3-4-3 with 17.1" of width.

I've flown the 3-4-3 one and will never fly it again, it is super cramped, and
even the few inches of extra leg room in economy plus can't make up for the
narrow seats.

So being a wide/narrow body jet doesn't really relate to seat width, it's all
based on how many seats the carrier can cram in.

[https://www.seatguru.com/airlines/United_Airlines/United_Air...](https://www.seatguru.com/airlines/United_Airlines/United_Airlines_Boeing_777-200_6.php)
[https://www.seatguru.com/airlines/United_Airlines/United_Air...](https://www.seatguru.com/airlines/United_Airlines/United_Airlines_Boeing_777-200_9.php)

