If the only maintainence problem with this aircraft was a broken sensor, then that is almost irrelevant because sensors can break during flight too.
If it's really true that a mere broken sensor can cause the computer to ram the aircraft into the sea, then someone at Boeing really fucked up. Where are the redundancies and sanity checks?
Pilots and former safety regulators said that Lion Air flight and maintenance crews regularly filled out two log books, one real and one fake, to hide malfeasance.
If that’s true, i wouldn’t quite call it 100% boeing.
However, if the computer is found to have initiated the pitch downwards, then the same failure could happen to any aircraft of this type, even if well maintained, if the sensors or computer simply begin to malfunction while the plane is in the air. Absent pilot error, the worst that should happen is a reversion to manual control.
What concerns me is that any software flaws with the aircraft will not be addressed until the problem reoccurs with another more reputable airline in the future, because Lion Air appear so guilty in this case.
It will more likely trigger a 'fallback' action like turning autopilot off (or changing flight mode which is what happened on AF447)
For those who don't know, trim is the system by which the neutral position of an aircraft's controls is set. In this case in pitch. An aircraft will fly at more or less a fixed speed for a given trim setting, slowing down will cause it to pitch down unless a correcting force is applied to the controls, and speeding up will cause it to pitch up. The problem is that in a severe out of trim condition it can take tens of kilograms of force to maintain the desired pitch.
Trim runaway is when the trim motor for whatever reason doesn't stop moving, in the simplest systems this is sometimes caused by faulty switches. Most aircraft actually have a switch which is split down the middle but is naturally pressed as if it were one. This requires two of the switches to fail to get this situation. There are usually trim in motion indicators and alarms if it's in motion for too long which are intended to help pilots avoid this situation.
I suspect the computer drove the trim heavily nose down, as a result of the envelop protection trying to avoid a stall. The pilots probably tried to intervene or the autopilot handed them the aircraft back knowing something wasn't right. At that point the trim was mis-set enough that they failed to recover correctly.
Mostly conjecture but it fits what I've read.
If the crew applies sustained pitch up inputs, above what the flight director is commanding, the auto-trim will apply trim down to compensate. This can result in pilot applying even more pitch up input, resulting in more trim down. Solution of course is to kill the AP and trim motors, the multiple means of how to do so is a memory item in every aircraft.
Trim runaway has caused accidents to be sure, but is still a flight crew error IMO, unless every means to kill the trim was tried and failed.
But it sounds like there's still a lot of unknowns about sensor readings and chain of events -- for all we know, it's possible the plane made a reasonable auto-correction, but the pilots misinterpreted the sensor readings and inadvertently caused the plane to go into an uncontrollable dive. Given that this is the Boeing 737 Max 8's first major crash, and it happens to be with one of the most unsafe budget airlines, it seems premature to say Boeing is at 100% fault. OTOH, 1 crash/189 deaths of a new plane, of a model that has had just 2 years of service so far, is not a statistic that justifies giving Boeing the automatic benefit of the doubt.
edit: Also, the Lion Air plane was said to have had the same major glitch with its airspeed indicator in all of its 4 final flights . Even if Boeing's design is found to have shortcomings, Lion Air choosing to not ground the plane despite 4 consecutive flights of buggy behavior is a huge indictment of its safety culture.
Besides that the problem of having a very clever autopilot is that it makes it a lot harder for humans to react appropriately when it messes up, because they both don't expect it and are more likely to panic. The Tesla autopilot accidents are good examples of that, those have seen would've been easily avoided by a human but because the autopilot was usually fine on its own the driver didn't react quickly enough.
An other much more tragic example is the Air France Flight 447 crash in the Atlantic where the autopilot detected a faulty sensor and disengaged and the two pilots managed to get the otherwise perfectly functioning plane to crash into the ocean because they basically freaked out and failed to understand what was going on.
That's a strange paradox in a way, as we move from fully manual to fully automated we have a strange "uncanny valley" for safety where the computer is clever enough to handle most situations which lulls the human operator into a false sense of safety. The operator pays less attention, eventually starts losing their skills and reflexes and then at some point, maybe years later, the computer messes up and you have a handful of seconds (if even that) to remember what you're supposed to do.
On the other hand a simple but predictable autopilot might not be quite as autonomous but at least it's easy to understand and anticipate, and it forces humans to remain attentive.
I don't actually know how many AoA sensors there are, but the NYTimes article seems to refer to refer to them in the singular when talking about this plane.
There is, but there will always be a dependency on sensors to feed the input values into these funcitons. Modern flight computers are far better at pretty much any flying task than humans. Other than communicating wiht traffic control and raising/lowering the flaps and gear (none of which are absolutely necessary), a modern airliner can take off, cruise and land entirely on its own, with no human intervention.
I agree that it's probably a combination of bad maintenance, a not quite perfectly fault-tolerant system design and human error of the pilots. One factor that hasn't been mentioned is that even the newest versions of the 737 contain ancient, obsolete technology. A newer airliner will probably have more redundant and more fault-tolerant systems.
You mean technology like... wings? ;-)
More seriously, the "ancient" stuff is such because its reliability has been proven over decades of refinement. "Don't fix what ain't broke," as the saying goes. The aerospace industry moves slowly for a reason. I'd much rather fly on an old maintained plane than the very newest.
Yeah no. This is obvious patent nonsense.
Relevant: I am a licensed pilot
Their are many reasons a 747 is not setup to do this is, but it’s not technology that difficult. Ex: https://en.m.wikipedia.org/wiki/Autoland
Can they be remotely operated? I'm thinking putting a plane into autopilot has to be a remote operation by now. Its so trivial, how can they have left that out?
Basically to let the plane land itself, first the stars have to align
* AKA older designs have better understood failure modes.
Bad maintenance, and/or airline culture could still be a big part of the incident if it turns out there were warning signs ignored or bad repairs done.
So I would still disagree that anything is conclusive and certainly not 100% Boeing's fault yet.
Blaming "Boeing" here is about like blaming "Microsoft" for a bug in a Microsoft product, or "NASA" for Apollo 13. All the problems may have taken place in a building with that name on the door, but it's still very far from a single point of failure.
It seems like none of the airplane manufacturers test what happens when sensors go AWOL.
How many more crashes are we going to get because a stupid sensor malfunctioned before someone finally slaps some sense into Boeing and Airbus?
I haven't read too much into it but I suspect this system was part of an envelope protection system designed to stop the pilots from being able to fly outside of the aircraft's performance limits. Once a fix is applied I'm sure this system will save many more aircraft than it harms.
General Aviation is dangerous the same way private automobiles are dangerous. The operators take silly risks, they lack advanced skills, corners are cut on maintenance, procedures are not followed correctly. They usually have just one engine (if it fails this may be survivable but it's not good) one pilot (who doesn't need to be as fit and healthy as a commercial pilot, nor as well trained) and they aren't required to file a flight plan, which means they may not really even have a plan A let alone plan B.
General aviation aircraft operate in completely different circumstances. Using shorter, sometime grass, runways without the benefits of instrument landing systems. Usually outside of the ATC system.
The general aviation fleet is generally ageing. 30+ year old aircraft are not at all uncommon.
They have one engine; however it is about 2 steps below a lawnmower in terms of mechanical complexity. So long as it receives a fair supply of fuel stoppages are very rare.
I don't think you can make any connection between a lack of flight plan and the safety of a flight, other than perhaps that the search and rescue team might have a better chance of finding you if the worst happens.
There are plenty of non-commercial pilots who aspire to a standard of piloting which are at or above the level of commercial pilots (consider display pilots).
All in all, the level of safety in general aviation is roughly similar to that of riding a motorcycle.
Part of proper flight plans are taking the steps to mark out your emergency procedures and landing places for failures in several portions of the trip, including a few different failures during takeoff. Sure, it might just be "Turn into that field there and cross your fingers", but you've at least thought about it and planned before hand
There are two large features of that data. First there is the fact that scheduled fights carry more people than the other kinds, pushing the overall average into the "safe" region. Second, there is very wide difference between kinds of flight, where agricultural aviation can be more dangerous than riding a motorcycle in heavy transit.
In most situations, of course, the automation is good, preventing pilot errors like stalling or exceeding safe control inputs, but these are fundamentals that every pilot learns in the first few hours of flight training. Unlike some fighters that are inherently unstable, a 737 can be flown safely without the computer overriding the pilot's control inputs so long as the pilot flies reasonably.
I've had a similar experience in a car. Antilock brakes are designed to override an erroneous control input: braking too hard for the available traction. In the event of a wheel speed sensor malfunction, they can override a reasonable control input: moderate braking well within the limits of the available traction. This is terrifying, and there's no way to override it in the moment. It can, however be overridden in most cars by pulling out the fuse for the ABS.
A reasonable response in that situation might be to hit the big red button, removing any question about the behavior of the flight controls. It may not have been enough in this scenario, as the pilots didn't seem to be paying appropriate attention to the angle of attack indicator, which was apparently functioning and clearly indicating a stall, but it may have put them in the right frame of mind to correct the problem.
737s have a big lever that can be smacked to shut off all autopilot function and return to a completely human controlled system. Most of the time even just using the Yoke to fight the autopilot will turn it off as well, after a few seconds
Also, in most automotive instruction manuals I've read, they specifically call out that you can simply press very hard on the brake pedal to overcome the forces produced by the ABS pump and lock up the brakes if need be
Also, perhaps we need addittional sensor types that do not rely on direct air flow to work.
Even the best designed plane will eventually meet a pilot that can fly it out of the air.
> “The problem is, the less-desirable airlines are the ones with the least resources that are scraping the bottom of the barrel in terms of human resources,” said Martin Craigs, the chairman of Aerospace Forum Asia, an industry advocacy group in Hong Kong.
Fuck you, NYTimes Journalist, for including this quote in a story that seems to inescapably point at a combination of Boeing equipment failure and Lion Air's upper management.
I think poor working conditions in the Asian textile industry is a relevant analogy.
A textile factory collapses due to inexcusabe management decisions or incompetence. The management pulled the trigger, so to speak. However, it's the abusive dynamic of the free-market that incentivised management to cut costs to sustain the business. If they had not met the price offered by the big brands, the contract would go to someone else, i.e. there's an abundance of low-cost supply.
In the Asian textile market, the manufacturers, working at thin margins, are incentivised to cut costs to unreasonable levels, because they'd lose business. The local regulators are incentivised to not regulate, because the demand would move to another jurisdiction.
My point is that sometimes, there's two sides to the guilty coin. There's the isolated incident and the general atmosphere that breeds those incidents.
I can not relate this to the topic of Asian airlines, but you might find this interesting nonetheless.
inability to compete does not justify negligence
Edit: I agree with your remarks about the textile industry though, the customer does not feel the death and destruction for the workers
This situation is different.
It's not like most flights can move and start on different jurisdictions. Besides for the few that can, jurisdictions can compete on safety too, it's something the airline clients care about, not some externality.
I don't know how much an accelerometer would help. See, you can be upside down and still feel like gravity is pointing downward depending on the flight conditions.
The whole "sensors were broken" thing should never be a reason for a plane to crash if this alternate mode of flying is possible.
For reference to set-up the situation:
"On 30 Oct. 1991, United States Air Force Sikorsky HH-60G Pave Hawk, assigned to the 106th Rescue Wing, nicknamed the Jolly 110, New York Air National Guard, headed out into a hurricane that would become known as “The Perfect Storm.” Aboard were Major C. David Ruvola, pilot; Captain Graham Buschor, co-pilot; Staff Sergeant James R. Mioli, flight engineer; and pararescue jumpers Technical Sergeant John Spillane and Technical Sergeant Arden Rick Smith. Their mission was to attempt a rescue 250 miles (400 km) out to sea.
Due to the severity of the storm—a weather buoy located 264 miles (425 km) south of Halifax, Nova Scotia, reported a wave height of 100.7 ft (30.7 m) on 30 Oct., the highest ever recorded in that part of the Atlantic Ocean—the Pave Hawk crew was unable to make the rescue and had to return to their base.
Having already refueled from the Lockheed HC-130 Hercules tanker three times during the mission, and with low fuel, a fourth refueling was needed for the helicopter to make it back to the mainland. Because of the the extreme turbulence and lack of visibility, Jolly 110 could not make contact with the refueling drogue trailing behind the airplane.
Major Ruvola made more than 30 attempts, but finally both drogues had been damaged by the severe conditions. With just twenty minutes of fuel remaining, Jolly 110 would have to ditch in the middle of “The Perfect Storm.”"
Now, from The Perfect Storm:
"Ruvola finally breaks out of the clouds at 9:28, only two hundred feet above the ocean. He goes into a hover and immediately calls for the ditching checklist, which prepares the crew to abandon the aircraft. They have practiced this dozens of times in training, but things are happening so fast that the routines start to fall apart.(Aside: for a good look into the utter chaos of helicopter underwater egress, see this video from SmaterEveryday) Jim Mioli has trouble seeing in the dim cabin lighting used with the night vision gear, so he can't locate the handle of the nine-man life raft. By the time he finds it, he doesn't have time to put on his Mustang survival suit. Ruvola calls three times for Mioli to read him the ditching checklist, but Mioli is too busy to answer him, so Ruvola has to go through it by memory. One of the most important things on the list is for the pilot to reach down and eject his door, but Ruvola is working too hard to remove his hands from the controls. In military terminology he has become 'task saturated' and the door stays on. " (pg 184, The Perfect Storm, S. Junger)
Now, those Lion Air pilots had better weather, much better, but the time in which they had to react was much less. Though I know nothing about how those cockpits are set-up and what the protocols are, there is a strange similarity to the Jolly 110 ditching and 'Task Saturation'.
edit: here's a story about Japan Airlines, which apaprently had a spate of accidents in 2005, but previusly, hadn't had a fatal accident since 1985 (and apparently was the last airline in 2005 to have had a crash). https://www.nytimes.com/2005/10/05/business/worldbusiness/sa...
Saudi Arabia for all that it is authoritarian isn't corrupt (within it's own country) they are pretty effective at rounding those people up on a regular basis. North Korea is stuck in the 1960's and led by an insane idiot but they execute people for using their top offices for personal gain.
That is an incredibly naive point of view on the issue. USSR used to regularly jail/execute people for corruption, so to the outside it might have looked like it was really hard on people using their positions for personal gain.
But the truth couldn't be any further from this - basically everyone was corrupt, because that's how the whole system worked - and the people who were prosecuted were the ones who have fallen out with someone even higher up. It was basically the case of everyone is guilty, but the ruling party would selectively pick people to blame for things going wrong. The surveilance apparatus was very effective and it was trivial to find something on someone, it was just a matter of how hard you looked - and I can guarantee that pretty much everyone had to either take or give a bribe at some point in their lives, because the simplest things in life(like getting coupons to buy food for example) depended on you giving a "gift" to the right person.
This is a textbook means of social control. You may also refer to our war on (some) drugs (when consumed by certain people).