
Boeing's Crashes Expose Systemic Failings - CaptainZapp
https://www.spiegel.de/international/business/737-max-boeing-s-crashes-expose-systemic-failings-a-1282869.html
======
FabHK
> What's more, over the course of his 55 years in the profession, he [lawyer
> Marc Moller] [has] learned that every plane crash can be traced back to a
> single, simple cause.

I don't know, that strikes me as nonsense. It's precisely the interplay of
many factors that lead to an accident - and if any one of them had been
different, the outcome might have been different. See Reason's "swiss cheese"
model of accidents - all the holes have to line up [1].

How you can go and designate one of these holes _the_ hole, the "single,
simple cause" is beyond me. This doesn't do the complexity of engineering
justice. Might help to win cases with juries, but I don't see how it could
help to make flying safer.

[1]
[https://en.wikipedia.org/wiki/Swiss_cheese_model](https://en.wikipedia.org/wiki/Swiss_cheese_model)

~~~
AnimalMuppet
Forgive me a great deal of cynicism here. I suspect that a more accurate
statement is "he learned that it works well for him to argue that every plane
crash can be traced back to a single, simple cause."

We don't ask lawyers to do surgery. We don't ask them to design bridges. _And
we don 't ask them to do root cause analysis._ We leave all of those things to
those who actually know what they're doing in those areas.

~~~
amelius
You don't need to be able to analyze causes in order to count them.

~~~
atoav
No, but if you _want to prevent_ future incidents, it usually helps to have a
more systemic view of failure. E.g. questions like: “what kind of management
lead to decisions that made such misbehaviour possible?” are usually
completely uninteresting for a lawyer, as they either play a legal role or
not.

In real life a incident may be the emergent behaviour enabled by complex
circumstances and a certain culture, all culminating in one crystalized point
of failure. Think of causal chains: Managment pressures engineers and fires
experienced older engineers, engineers are clearly not up to task, do
something. Qualitt control might catch it but is circumvented by other
managers who fake documents. The thing is not up to speck but wouldn’t have
failed if the pilots... etc.

This is what I mean by systemic emergent behaviour. All of these things were
wrong or wreckless, but pinning it to one cause isn’t doing reality a favour
here.

~~~
philjohn
And that's all well and good ... but his role isn't about preventing future
incidents, it's seeking restitution for the victims and their families,
nothing more, nothing less.

It is the job of regulators to figure out how to prevent future incidents, and
it seems that the EASA will be taking the hardline lead on that as there seems
to be a general mistrust of the FAA this side of the pond.

------
nness
> _Bickeböller 's complaint endangered the planned inauguration of the 787,
> which had already been delayed due to technical difficulties. The problems
> identified by the engineer, however, weren't addressed by Boeing, which is
> why he turned to EASA in June. [...] In those papers, it states that
> management and top executives at Boeing had ordered that the coordination
> problems with the company's suppliers be "closed." The reason: "to get the
> 787 production certificate."_

I, for one, hope this plane never flies again.

~~~
dsfyu404ed
We're talking about the 787 here, not the 737 variant that's falling out of
the sky. Despite initial teething issues (something all big systems like this
have to some extent) the 787 has gone on to be a successful design. To say "I,
for one, hope this plane never flies again" is an overreaction, especially
since said problems have been fixed and the plane is in service without the
issue popping up.

~~~
CivBase
If those are teething issues, I'm scared to find out what you'd consider to be
a serious problem.

~~~
dsfyu404ed
Per TFA QA wasn't definitively being done not because they were too stupid to
want it done but because of coordination issues with the suppliers because it
was a new plane and they didn't have the process down yet. That is almost by
definition teething issues. It takes some serious mental gymnastics to say
with a straight face that coordination issues with suppliers when a product is
first being made are not "teething issues." Sure, it points to systemic
incompetency on some level but to say "I, for one, hope this plane never flies
again." when the plane now has a proven track record of not being crap is an
overreaction, to say the least.

~~~
salawat
My issue as a Quality Assurance practitioner, is that this excuse
(coordination issues) quite literally pops up everywhere, and one of the first
skills you need to master to get anywhere with a business is to nip that
attitude in the bud. No one will let you have the license to test what needs
to be tested unless you are willing to hold up the entire project until you
get your results/questions answered.

It is not sufficient to get an unproven platform out there to build up "track
record" to prove it is safe. That's ludicrous. That's how you get things
blowing up, catching on fire, losing power, throwing turbine blades, what have
you.

You have to have your your fundamental analysis done, and if you are
integrating with a major system from someone else, you need to bloody
coordinate with them, and ideally talk with their Quality department. If your
plane is going to be spending a lot of time in Asia, testing how your turbine
should up to the atmosphere there is not an unreasonable experiment to run.
Expensive? Yes. Difficult to prepare? Yes. Unreasonable? Goodness, no.

The thing that scares the bajeezus out of me, is that I've not once come
across anywhere that makes that kind of contact between organizational Quality
departments feasible or efficient. In my pursuits, I basically end up having
to do end runs around obstacles and become such a subject matter expert, I
start asking questions that make other service providers nervous, because they
don't know whether they're saying too much. I've spent so much time tearing
stuff apart it's just natural to me to do so; but as I'm frequently reminded,
I'm apparently not a typical specimen in my craft.

------
papito
This is probably the best piece I've read about this:

"How the Boeing 737 Max Disaster Looks to a Software Developer"

[https://spectrum.ieee.org/aerospace/aviation/how-the-
boeing-...](https://spectrum.ieee.org/aerospace/aviation/how-the-
boeing-737-max-disaster-looks-to-a-software-developer)

~~~
salawat
Obligatory further reading repost.

[https://www.seattletimes.com/seattle-news/times-
watchdog/the...](https://www.seattletimes.com/seattle-news/times-watchdog/the-
inside-story-of-mcas-how-boeings-737-max-system-gained-power-and-lost-
safeguards/)

EDIT: What? It's one of the better written articles that actually includes
most of the technical details, plus some of the corporate environment related
ones. The two articles together are basically guaranteed to contain all the
essentials one needs to understand what happened.

~~~
noneeeed
The Seattle times has had some of the best reporting on this, presumably
because they have been covering aviation for a long time. I've found some of
the tech press have (not surprisingly) treated it too much as a technical
issue in the sense of it being about broken software or hardware.

This whole disaster has been a great example of the importance of good systems
and safety engineering, of effective oversight, and of a good safety culture.
What is depressing about it is that the aviation industry worked hard for
decades to develop an open and effective safety culture, and Boeing seem to
have forgotten a lot of the painful lessons of the past.

Hopefully, if anything good comes out of this situation, it will be a
reinforcement of the culture and mindset that has made commercial flight
incredibly safe.

------
darknoon
I saw this documentary about issues with the 787 back in 2014, and it was
clear that something was massively wrong at Boeing:

[https://www.youtube.com/watch?v=rvkEpstd9os](https://www.youtube.com/watch?v=rvkEpstd9os)

The engineers doing the work know what it takes to make a good airplane. Let
them do their jobs.

------
PhasmaFelis
> _By the end, the planes had gained so much speed and were descending so
> steeply that the pilots would have had to possess superhuman strength to
> counter the pressure on the horizontal stabilizer trim._

I thought these systems were all fly-by-wire now?

Edit: Don't downvote for asking an honest question, guys. Thanks to the people
who actually answered.

~~~
yeezul
My understanding is that the 737 does not use Fly by wire [1] and if I
remember correctly it's because they wanted to piggyback on the original 737
certification. I could be wrong.

1: [https://www.quora.com/Does-the-737-MAX-family-use-fly-by-
wir...](https://www.quora.com/Does-the-737-MAX-family-use-fly-by-wire)

~~~
lisper
> I could be wrong.

You're not :-) The 737 still has direct mechanical linkages to the control
surfaces. Changing that would require completely redesigning the aircraft.

~~~
xvector
What's the motivation for this? Regulatory, I get that. But why use direct
mechanical linkage in an era where fly-by-wire would probably be
faster/safer/etc?

~~~
markbnj
I'm not a pilot, but from what I have read many pilots actually prefer
mechanical linkage to the control surfaces. Sullenberger even indirectly
blamed fly-by-wire systems (in this case the lack of a link between pilot and
copilot controls) for the crash of Air France 447:
[https://www.cbsnews.com/news/air-france-
flight-447s-lessons-...](https://www.cbsnews.com/news/air-france-
flight-447s-lessons-four-years-later/)

~~~
PaulHoule
One of the most popular features of Boeing aircraft is that there is a
mechanical linkage between the yokes of the pilot and copilot.

Boeing's modern planes (not the legacy 737) have fly by wire where there is
still a mechanical connection between the yokes. Thus you have the nice shared
feel, but you have the benefits of fly-by-wire.

There have been accidents where fly-by-wire has been part of the problem but
there have also been failures of the old mechanical linkage systems. Airliners
have had active systems to cancel out unstable modes for a long time (e.g. to
suppress "Dutch Roll" on the old 727)

The A320 has particularly been plagued by extreme "human error" situations
where people crashed the plane after seemingly trying to crash it. For
instance the first passenger flight involved a stunt that resulted in a crash.
later on New Zealand regulators who were investigating fly-by-wire glitches
tried to provoke the fly-by-wire system into failing when they were
approaching a runway and they wound up dead.

------
blt
> _Boeing developed a software program that constantly monitored the angle of
> attack. As soon as this angle became too risky, the Maneuvering
> Characteristics Augmentation System (MCAS) would automatically lower the
> plane 's nose without the pilot having to do anything at all. To do so, it
> doesn't manipulate the rudder, but the horizontal stabilizer trim, the most
> forceful control surface on the entire aircraft._

How could the rudder possibly be used to change the angle of attack? Isn't the
horizontal stabilizer the only control surface that can do this?

~~~
Gibbon1
It's the horizontal stabilizer. Which has two parts. The control surfaces
controlled by the pilots yoke. And the trim system which adjusts the entire
horizontal stabilizer. MCAS uses the trim motors.

------
linuxftw
It's obvious to me neither the FAA nor Boeing attempted to accurately
replicate the first crash scenario, because this could have wholly averted the
second crash. As soon as the planes were grounded, we were getting all sorts
of reports about the stablizer being too hard to move and basically an
unrecover situation.

Jail time is the only outcome I will accept.

~~~
FabHK
How is it obvious to you that they didn't investigate the first crash
sufficiently?

I'd say some time after the first accident it was reasonably well understood
what had happened, and the FAA (and many others!) concluded that it was still
safe to fly the plane, as the pilots could easily interrupt the accident chain
by doing the right thing quick (as the pilots on the Lion Air flight preceding
the accident flight had done).

Why that assessment was wrong is a complicated story that has to be examined
carefully.

From what I gather, in aviation safety circles "jail time" is very rarely
considered a wise answer. As soon as you threaten jail, people will cover
their ass and obstruct investigations. Instead, the goal is and should be to
examine the entire system to ensure accidents don't repeat, and by and large,
the system works exceedingly well.

~~~
semerda
"as the pilots could easily interrupt the accident chain" \-- No they
couldn't!

To survive a runaway trim, pilots had to know the rollercoaster maneuver and
have enough altitude to aerodynamically relieve airloads off the jackscrew so
they could manually trim the plane back. If FAA and many others knew this then
they should have instantly communicated it to all boeing max pilots. Instead
none of that happened.

~~~
heyiforgotmypwd
This jives with what I've seen from blancolirio, MentourPilot and others
sources. The pilots should've had memory items to disable _automation control_
of trim for the duration of the flight rather than _all electric control of
trim (including yoke-mounted switches),_ because aerodynamic forces were too
large and altitude was too low to manually spin the trim wheels. I do hope
Ralph Nader sues the pants off Boeing for murdering his goddaughter through
negligent homicide. The FAA is also culpable for failing to oversee self-
certification properly and getting too cozy (regulatory capture) with Boeing.
As a consequent, equipment models including the whole line of 737 NG (-600 to
-900; 2010 Ducommun structural parts scandal), 787 Dreamliner failures and 737
Max 8 and 9 are models I would not step foot on without a gun to my head.

~~~
linuxftw
I have read some of the earlier reports that they changed how the electric
trim works. On earlier 737's, there were two switches: one to kill automated
input, one to kill all electrical input.

On the MAX's, the switches only kill all electrical input. So those procedures
literally didn't apply.

------
Havoc
At this rate they're getting a US bailout. I don't recall Boeing positive
anything recently.

And as much as it fuckin irks me...US better throw them a juicy bailout if
necessary. Because one aircraft manufacturer global monopoly would be a epic
shitshow.

Boeing and Airbus have to walk away from this alive and roughly equal.

~~~
Xixi
Don't worry, the duopoly will soon die. Comac is coming with the C919 and
C929, and with a huge captive domestic market they are bound to succeed (given
enough time).

I know I will sound cynical, but if the past is any indication of what's
coming, it is entirely possible that a decade from now Airbus and Boeing won't
be able to fight for Chinese orders anymore, while Comac will enjoy the
ability to fight for every single American and European order...

