Due to the way the engines are mounted on the frame, which enhances their efficiency, they also cause more of a "upward thrust vector." This makes it very easy for this plane to reach dangerously high AOA in certain scenarios, particularly during turns.
The MCAS has a specific and important function and just turning it off is probably not going to increase safety. The real problem was the Boeing did not disclose the existence of this device and it's functions in aircraft training, according to one source, because they did not want to inundate new pilots with too much information about the plane and it's attendant safety systems.
Perhaps, had the pilots known, they would have seen the stick shaker/stall warning system activating on _one side only_ as a serious indication of an Airspeed/AOA system fault and the potential for incorrect MCAS outputs being generated.
They might have known to disable the electronic trim control, bypassing the MCAS, and then to manually fly and trim the plane with the aforementioned thrust vectoring taken into consideration. They could have trained for this. That would have all given them the best safety margin for survival here.
In the case of a disagreement between the AoA sensors, the obviously correct thing to do is for the computer to disable MCAS and put up a warning light. The conditions MCAS addresses only happen when the AoA gets very high, such as in a slow speed over banked turn. The plane is stable in normal operation.
Think of how a human would react: One sensor says everything is normal. The other says a very rare emergency situation is occurring. Since the sensors disagree, you know one of them is defective and wrong. Applying a very rarely needed emergency correction when you know that you have a sensor fault is not reasonable.
Even applying the stick shaker is confusing to the pilots and dangerous. Much more appropriate is a warning light of a sensor malfunction/MCAS disabled. Then the pilots must simply be extra careful to not make overly banked turns for the remainder of the flight, and replace the sensor on landing.
> the obviously correct thing to do is for the computer to disable MCAS and put up a warning light.
The only problem with that is that problems rarely happen isolation, and you have to consider whether the pilots are going to notice the warning in the midst of several others and if they are going to give it the appropriate priority and consideration while flying.
> Think of how a human would react
That's exactly it, though.. look at Air France 447. The system automatically disabled itself and put the plane into an "alternative law." All automatically. The pilots did _not_ notice this, and still flew the plane into the ocean even though they had several minutes to work the problem.
It's not that simple.
> Even applying the stick shaker is confusing to the pilots and dangerous.
All evidence to the contrary. The stick shaker is an amazing safety device because it demands priority of consideration. It's not going to get lost in the noise of a degrading cockpit. Seriously, go listen to some cockpit voice recorders of a disaster.. it's never what you would expect.
Problems usually happen in isolation. Your dataset is skewed because you've read a bunch of accident reports. When there are multiple failures together, this is much more likely to lead to an accident. When there's just a single problem and it's handled with no loss of life, they don't write a report about it.
I agree, the stick shaker gets a pilot's attention. What the stick shaker tells the pilot is that he's about to stall, but that's not what was happening. Shaking the stick is loudly yelling false information at the pilot!
Let's look at the epistemology here. If we're only looking at the two AoA indicators, and one reads 5 degrees and the other reads 25 degrees, we know that there has been a sensor failure. All you can say that the airplane does not know what its angle of attack is. That's fine though, we've been flying planes for a hundred years without AoA indicators, even ones that had way worse pitch instabilities than the 737MAX. If the airplane doesn't know the angle of attack, there is no reason for it to activate the stick shaker, put in nose down trim, or do anything else except to calmly notify the pilots that AoA is unavailable and therefore MCAS is disabled. All the pilots need to do then is fly the plane normally and not do any crazy banked turns or extremely abrupt pullups at low speed. It's definitely wrong for the plane to start dialing in nose down trim "just in case", because the "just in case" can kill you if it's not necessary!
On AF447, there were as usual, a lot of mistakes made. One problem clearly though was that the plane was giving the pilots a lot of conflicting information that confused them. If the plane was seeing three different airspeeds, the best thing for it to do would have been to put a big red X over the airspeed tape and let them fly by pitch and power. This is exactly why a lot of instrument pilots in older smaller planes carry a little instrument cover. If say your AI fails in IMC, you don't want to see the wrong indication at all, so you cover it up and use your other instruments. Seeing a wrong indication, even if you know it's wrong is very confusing and can lead people to make errors in reasoning, especially in a stressful situation.
Im sure it has a useful function if it's operating on good data, but when it has bad data it can kill 189 people.
I don't really know just how unstable the aircraft is without this automation, but it seems like it would be better to warn the pilots they need to manually manage their trim, then send them crashing into the ocean.
If, without this device, it is very easy to reach a dangerously high angle-of-attack in turns, then it is beginning to look more like a necessary feature (at least from a certification point of view), which would raise additional questions about why such an important device is so vulnerable to sensor failure. It would also tend to heighten suspicions that Boeing has not been entirely forthright about the device's purpose, capabilities, risk if malfunctioning, and why it is being used in this model of aircraft. Could Boeing have downplayed its importance in order to simplify certification and training, or was all this made clear at the time?
> because they did not want to inundate new pilots with too much information about the plane and it's attendant safety systems
They didn’t want to require pilots to simulate for the plane. That was a big selling point. MCAS is a big enough change that it probably should have required training. (Not sure where on the fuck-up go fraud spectrum this falls, though.)
Adding MCAS didn’t change the symptoms / responses matrix. It’s mailfunction is the same as runaway trim and responses are the same (turn it off). This was a fair engineering decision to do not requir retraining for this.
Not a pilot, but isn't stalling dependent on AoA and airspeed? If airspeed is very high(as would be for a plane flying down into the ground), why would AoA safety levels matter?
The definition of stalling is exceeding the critical angle of attack... regardless of airspeed. You can stall an airplane at any airspeed, though typically you stall at slower speeds because you are operating closer to that critical AoA.
As a former Boeing software engineer (not on the commercial plane side) I can say without any hesitation that you're completely wrong in your description of what goes on at Boeing. The "bloat" you speak of is the very reason we are not subjected to many more tragedies like this. Safety takes time and people.
Why roll out a change without notifying someone? Why make systems more complex when miscommunication results in death?
This isn't to say that manual, mechanic controls are better that automated electronic ones. Indeed the Air France crash from Brazil was mechanical pilot error.
But for me it is not sufficient to say "we do a really good job and have a lot of safety protocols."
The MCAS has a specific and important function and just turning it off is probably not going to increase safety. The real problem was the Boeing did not disclose the existence of this device and it's functions in aircraft training, according to one source, because they did not want to inundate new pilots with too much information about the plane and it's attendant safety systems.
Perhaps, had the pilots known, they would have seen the stick shaker/stall warning system activating on _one side only_ as a serious indication of an Airspeed/AOA system fault and the potential for incorrect MCAS outputs being generated.
They might have known to disable the electronic trim control, bypassing the MCAS, and then to manually fly and trim the plane with the aforementioned thrust vectoring taken into consideration. They could have trained for this. That would have all given them the best safety margin for survival here.