Hacker News new | past | comments | ask | show | jobs | submit login
E.U.’s Biggest Economies Ban Boeing Max 8 Jets (nytimes.com)
350 points by semigroupoid on March 12, 2019 | hide | past | favorite | 348 comments

I urge people to read the discussion by pilots regarding the 737 MAX.


It all comes down to this:

"There are far too many aerodynamic bandaids that are permitted to pass the current standards. Not just this particular airplane, but a whole bunch of airframes. If the basic aerodynamics won't pass without the pushers, pullers and now AOA induced changes to primary and secondary controls then a new design of the wing platform should come into play."

The way I interpret this, is that the plane should never have gotten the green light to fly.

More info about the MCAS here: https://theaircurrent.com/aviation-safety/what-is-the-boeing...

Pilots have been pushing back hard on the narrative that this was simply pilot error.

The crux is that safety agencies never mandated training on these new systems, and new procedures weren't created with them in mind. Worse still procedures from older models of the same aircraft (such as automatic overriding of auto-trim) were removed without re-training on that either.

Lion Air had to repair the AOA sensor multiple times (replace, then flush), but a single sensor failure should not bring down an aircraft; and if the AOA sensor is that safety critical then why did Boeing put two of them instead of three (i.e. for cross-checking readings)? Either it wasn't safety critical and Lion Air's actions are reasonable, or it was and Boeing cut costs on safety.

So the justifications blaming either the pilots (who didn't get training, because safety agencies told them it wasn't needed) or maintenance (who were repairing a non-critical sensor that turns out to be safety critical) are weak.

> Either it wasn't safety critical and Lion Air's actions are reasonable, or it was and Boeing cut costs on safety.

This is an excellent point. Boeing can't have it both ways.

I recall reading on HN that a second AOA sensor was an option.

If the AOA sensor is safety critical they need three, rather than two.

The inherent problem with two is if one is feeding false data, you don't know which one, whereas if you have three (or more; but an odd number) you can cross-check the data and drop the faulty one.

It is a very common strategy already for commercial aviation and is called "voting logic."

> A more reliable form of voting logic involves an odd number of three devices or more. All perform identical functions and the outputs are compared by the voting logic. The voting logic establishes a majority when there is a disagreement, and the majority will act to deactivate the output from other device(s) that disagree. A single fault will not interrupt normal operation. This technique is used with avionics systems, such as those responsible for operation of the Space Shuttle.

But the real crux here is: Is the AOA sensor safety critical or not? If it can fail-safe then they can likely continue as it is currently designed. But if its failure state can cause an aircraft crash, then it becomes a safety critical component.

It's a bit more complicated than that even. The 737 was originally designed for a very different mission than it's being used for right now. If you find pictures of the original 737-200s they look very different from the MAX line of today. It was built in an era when it was assumed that 707 and soon after 747 class airliners would serve the hubs and then smaller 737s would serve the small regional airports. As such the 737 was designed with VERY low ground clearance such that it could offload without a ramp and generally be serviceable at these types of low infrastructure airports, hence the lack of wheel doors, the ovoid engine inlets and the generally low stance.

Fast forward to today where airport infrastructure is much more developed and these small/medium size airliners are being pressed into front line service including intercontinental routes. The aircraft has changed drastically to accommodate these changes through the years, enough that it may be time for a clean sheet design. They've changed just about everything on the air-frame from the fuel load/cabin length/wing to the avionics to make this all work.

Now, the other side of that coin is with systems. In theory this should be fine, but obviously isn't. It's hard to differentiate bandaids from regular systems and if either fails then safety is compromised. Obviously the amount of unnecessary systems should be minimized but as time goes on more systems WILL be added to gain the rewards of automation, which is a good thing. As such, we need to educate pilots on ALL of the systems, and rigorously test them before they enter service.

Additionally, if you do as the pilots want and achieve very high aerodynamic stability through the air-frame instead of stability control systems (fly by wire essentially) it reduces the aerodynamic efficiency of the airliner, particularly with current conventional designs.

>if you do as the pilots want and achieve very high aerodynamic stability through the air-frame instead of stability control systems (fly by wire essentially) it reduces the aerodynamic efficiency of the airliner

It's crazy to me that that would be an acceptable compromise.

Fly-by-wire means the control surface actuators are connected to cockpit controls electronically rather than with hydraulic lines or metal cables; it's not necessarily related to stability and control augmentation system.

With regard to the other point, I don't think anyone is advocating for very high aerodynamic stability. That would be a B52 carrying nuclear weapons. It was designed to be extremely stable and forgiving. That being said, you don't want to rely solely on stability augmentation for trimming an airliner.

It reminds me of Air Canada flight 143, the pilots lost both engines and power. yet they were able to land the plane safely on an abandoned airport. I'm not sure if that would be possible with a 737 Max.

Yes it would. There are backup systems to keep things working even with both engines dry (ram air turbine etc). In fact, if you really want to stretch our a glide, all those automated systems are probably a good things. They will keep the aircraft more perfectly trimmed for a glide than the pilots ever could by hand.


And in case of the electrical system being down how do you control the flight when you have fly by wire controls?

If the electrical failure is severe enough to lose control authority, it seems just as likely that a hydraulic system would have failed. These planes are just too large to operate the controls mechanically, so in practice there is just as much to fail in a hydraulic system as electrical control, since both require power.

>>And in case of the electrical system being down

That is what the RAT is for, alternative electrical power. If the entire electrical system is down, ie electrons no longer flow anywhere anyhow, then everyone is doomed. But that is up there with the tail falling off. The are no backups for the wings/tail either.

Yeah as long as the sensors actually work

How so?

When I say stability control, we're not generally talking about unstable or "relaxed stability" airframes where the system failing would cause a pitching moment to accelerate rather than converge and the aircraft would tumble and disintegrate. From an efficiency and handling standpoint, this would be ideal, but it's only used in tactical military aircraft where the crew can bail if there's a problem.

In most cases, we're talking about preventing stall in a swept wing aircraft. Swept wings are necessary to cruise efficiently beyond ~300mph at high altitude so they have to stay obviously, however they have VERY poor stall characteristics. As such, we have to do some things to prevent the aircraft from stalling such as playing with trim, using a stick pusher, etc.

> Swept wings are necessary to cruise efficiently beyond ~300mph at high altitude

Layman here, but 737, 747, etc. don't have swept wings, right? So they all cruise inefficiently... but are in fact stable... which is the opposite of what you wrote earlier? Sorry, I'm just really confused.

You're picturing a fighter jet or something with severely swept wings. Do an image search - 737s, 747s, et al do indeed have gently swept back wings. They don't stick straight out at 90 degrees like aircraft from the piston era.

Totally off topic but I see some of those WWII era piston craft flying and its quite a nostalgic experience.

Ohh I see, okay thanks.

I like the LAX screensaver on Apple TVs—you can pick out the more organic/bird-like curve of the newer generation carbon fiber 787 planes from the old ones. I’ve never thought about it, but they do look less stable.

From a stability perspective there's likely no difference insofar as the stall response will be bad regardless. You can have complex wing geometry that stalls gracefully, for instance carbon general aviation aircraft have similar traits but require much cleaner stall response for certification generally.

BTW since it's been tossed around a lot, good stall response is when the whole wing stalls at the same time and both wings tend to stall together, therefore you get a clean lurch downward in a straight predictable line. Bad stall response is one part of one wing stalling before the rest such that the wing drops and the plane has to be fought to avoid a spin or if extreme enough, a tail slide or extreme side slip.

> Layman here, but 737, 747, etc. don't have swept wings, right?

They do, in fact, have swept wings.

Obviously stability has to be achieved through fly by wire tech. Doing it through natural aerodynamic stability is a waste of resources of insane proportions as such airframes induce more drag and burn more fuel. If this sounds too scary for people in a forum of software developers it only puts a shame on our profession, from ourselves.

The software itself isn't necessarily the issue, though- it's also all the sensors and actuators involved.

Suppose, for instance, that an aircraft needs more yaw stability.

There's all sorts of design choices that could be made, but consider either A: a larger vertical stabilizer or B: automatic application of the rudder to damp oscillations.

The vertical stabilizer here is essentially a bit of metal. We know very, very well what can go wrong with bits of metal. Fatigue, corrosion, manufacturing defects, bad repairs... But, in 2019, we've pretty much figured out the failure modes of big bits of metal on an aircraft, and we generally know how to prevent and/or minimize them.

Now, the dynamic stabilization approach. We'll need gyroscope data (from the IRS, probably), a software model of flight dynamics (which almost certainly already exists and is running), and possibly faster servo valves for the rudder actuator.

This can work! We can formally verify that the control system we've created damps oscillations throughout all normal flight regimes. The gyroscopes are already redundant and well-tested. And you might not even need the faster servos.

Problem is, now avionics failures are even scarier. Will the stabilization here still operate when you get dropped into secondary mode? Probably not- so now, in unexpected situations, pilots need to keep in the back of their minds that yaw oscillations are more possible, that they may need to damp them manually, etc, etc.

Now you throw in some extra factors- turbulence, IMC (which would probably make detecting those oscillations manually that much more stressful), and trying to solve whatever problem dropped you into secondary mode in the first place... and you have something a bit concerning!

A bit of metal won't do that to you. We can make much better estimates of a bit of metal's reliability, and its failures are also less correlated- they aren't much more likely to crop up when you already have another problem.

Well military jets have been doing exactly that - maintaining stability through software on inherently unstable planes that would break up even in straight and level flight in a split second if computer crashes - for 40 years now. And Boeing builds both kinds of planes so they have the experience.

No one knows better than software engineers how difficult it is to make inherently reliable software and how much complexity can add to the difficulty of making reliable software.

That said, the cost of not using latest fuel efficient airplane would indeed be huge and the actual reliability of modern aircraft is very high and has been increasing over the years in which fuel efficiency also increased.

Sometimes, human can hit on a formula that produces objects that satisfy all the given parameters more fully rather than compromising on any of the requirement. But it's quite plausible that these formulas cannot be milked forever - thus the "Max" may be the point where tradeoffs stop working.

Could you clarify your assertion that it would be massively more expensive?

A quick look at the numbers suggests that a 737 MAX 8 is about 10% more efficient on fuel burn compared to a 737 300. That is not "massive" in my book and I'm more than happy to pay a little bit more per ticket if it means a higher safety margin.

Did you mean something older and less efficient than a 737 300?

such airframes induce more drag and burn more fuel

As a curious bystander, I assumed using fly by wire tech to achieve stability would involve using control surfaces, which increase drag by their nature. How would an airframe that's naturally stable and doesn't require control inputs burn more fuel?

It's more about preventing a stall with a swept wing which is needed to achieve high mach numbers.

That said, an easy (but different) case to visualize is a traditional tailplane. The center of gravity on an airplane is in front of the wing so it wants to pitch down slowly. The tail pushes DOWN in the back to keep the nose up. Nose heavy planes are stable and forgiving but you induce drag because the wing needs to supply some lift just to counteract the tail which is producing negative lift. If you move the CG backward, you get less stability because the airplane wants to pitch up/down more violently with a control input but you have less negative lift from the tail.

That’s a great explanation, even if it is oversimplifying.

We don’t build planes with training wheels anymore because the performance cost was too high. Planes are still the safest way to travel even without the training wheels.

I don’t think 737 MAX 8 pushes the envelope too far. I think they screwed up on re-training the disengage, and they may have screwed up on redundancy by only using a single AoA sensor, but I also am guessing the latest crash has absolutely nothing to do with trim.

There are two alpha vanes on 737s, including the MAX 8, that measure angle of attack. Also we don't know the exact source of the error (in the Lion Air case; in the Egyptian Airlines case we don't know at all). The vane itself could be the source or some other part of the system.

I think you mean the Ethiopian airlines case, not Egyptian.

Yep! Thanks for the correction.

So the stable airframes we know are stable because a dynamic aerodynamic force opposes a static one.

Makes sense then, that those opposing aerodynamic forces induce drag.

> the ovoid engine inlets

The original design of the 737 did not have ovoid inlets.

You can see regular circular nacelle inlets on the 737-100:


and on the 737-200 here:


The ovoid inlet design was introduced with the 737-300, when the engine was changed to the CFM56.

The ovoid engines were a result of high bypass engines being added on the 300. The low bypass turbines on the older models was much smaller. These were then removed on the max because the engine was mounted higher and further forward on a low profile pylon.

Are you saying that the lack of proper response to changed requirements is the primary source of 737MAX's issues?

Maybe? Let me leave you with one other tidbit though. Beyond the requirements, airframe changes, and added electrical stuff, to fly the 737s you need a type rating and that rating is basically an education on all systems and procedures for the airframe. Boeing worked hard to make all aircraft from the 200 through the MAX fall under one type rating so if you get certified to fly an old low bypass 200, you can hop out, walk across the tarmac to a MAX and take off with another load of passengers. Obviously almost nobody runs the 200 anymore but the later aircraft are all still operated in some capacity and having one rating to rule them all makes it cheaper for small operators with mixed fleets to afford the training costs. In doing this, Boeing had to make the basic "UI" for the aircraft all the same, regardless of model. I'm not typed in the 737 but from what I've heard, it's resulted in a lot of user flow and documentation idiosyncrasies, particularly in the MAX lineup which could be part of the issue here. All that said, the trim motor disconnectors have been in the same place for most of the aircraft's history I'm told and hitting them would have likely prevented the Lion Air accident.

Trump tweeted that planes have become too complicated and that the old and simple form is much better.

His tweet sounds dumb but there is some truth in it.

As you say, planes and procedures have become very complicated. And I think there are only two options: making planes simple again which make them less efficient or let computers fly the plane and make the interface simple(r).

If you look at the rockets of SpaceX then you can say they are the extreme form of fly by wire and very instable when it comes to aerodynamics. But computers can land them within centimeters when they fall out of space.

So maybe that will be the future. Planes that are very efficient instable flying 'rockets' that are controlled by computers.

> His tweet sounds dumb but there is some truth in it.

There really isn't. Automation is part of what has made flying safer over the years. Also, compare the cockpit of an Airbus with e.g. an old B737, the 300 series for instance. The Airbus cockpit is much simpler, in the sense that there are less gauges and knobs for the pilots to be concerned about. Automation has, over all, made things simpler and safer.

Citation needed, please.

The most convincing popular article I've read on this topic is https://www.vanityfair.com/news/business/2014/10/air-france-...

It's far from clear-cut that the way automation is happening is advisable, however conservative it might appear to be, and I'm sure you'd agree that there are many confounding variables that make it difficult to say just what is responsible for the trajectory of aircraft safety. There's not much of a control group of advanced modern aircraft which omit automated features.

Almost every (or perhaps every?) swept wing jet has active/positive anti-stall systems, at least a shaker and often a pusher.

The wings need to be swept for efficient travel much over Mach 0.6 and these aero aids are needed for swept wings.

At this point, pushers and shakers are well-accepted fixes for aero that is not inherently recoverable.

Stick pushers go all the way down to the PC12 (a single engine turboprop). Honestly there is no putting that genie back in the bottle. Getting benign stall behaviour out of a highly efficient wing is very difficult.

"the plane should never have gotten the green light to fly."

this is an overstatement. airframe fuel efficiency is a undoubtable good thing vis a vis climate change, costs, etc. Obviously they've reached a point were the aerodynamic profile of a modern, efficient airframe is difficult to control via manual pilot input alone in some scenarios. This was the case for stealth technology with fighter/bomber designs.. the B2 for example has no vertical stabilizer and would not be controllable at all without fly-by-wire. Of course pilots will lament complexity and the loss of manual input. Regardless, the FAA wanted MCAS in the 737Max. Augmenting human input in the face of instrument failure and possible human failure is an extremely hard problem and uncharted territory for the industry. Doesn't at all mean its a not a worthy goal or that the designers or regulators had ill intent or negligence.

That's not really the problem with the B737 MAX though. It's not inherently unstable like e.g. a fighter. The issue is that they had to fit the engines in front of the wings, and this will create a significant pitch-up if thrust is added abruptly, e.g. in a go-around.

To counteract this they introduced the MCAS system. They would not have needed this if they hadn't "retrofitted" big engines on an old airplane design, but instead started from scratch. The B737 MAX is not really a modern aircraft, but a heavily modded old design.

That's interesting to know, I think the 737 Max looks very kitbash because of the way the engines dangle in front of the wings.

The problem here isn't that a 737 MAX style design is inherently unstable. The issue is that the larger engines really needed longer landing gear and other significant airframe changes, but due to demands from Southwest that it remain within type-certification for the 737 (to avoid the costs of pilot retraining) some unfortunate compromises were made that affected the aircraft's behavior.

You can design an aircraft just like this that won't have those characteristics. You'll just need to pay to get it certified and then airlines will have to pay to train their pilots. Instead, Southwest wanted the band-aid fix, and Boeing obliged them.

An aerodynamically sound redesign to accommodate the high bypass engines would have been just as fuel efficient as the version with confusing software band-aids.

If it is cheaper to invent something like MCAS than to properly adapt the airframe, then maybe the processes that would be used for the latter are ripe for some efficiency optimization.

When I see cockpit videos, the pilots tell each other what they do / run checklists together... Does the MCAS do the same, i.e. announce "stall risk detected, increasing stabilizer trim by 2.5 degree to xx degree"?

No, but the pilots will hear/see the trim wheel moving.

Inattention to autopilot modes has killed before. So much focus is put on pilots recognizing and confirming flight mode annunciator mode changes (such as change of autopilot or autothrottle state) has been put into place to stop that kind of accident.

The lack of feedback from the MCAS system is probably the killer here.

How am I supposed to know that MCAS is operating, and how do I know when to hit trim cutoff switches to override it? You don't want to ever be asking "what the heck is the airplane doing now?". Watching the trim wheel to check if it's spinning nose down all the time isn't going to work.

The Lion Air pilots were not even aware of the existence of the MCAS system, because Boeing at the time did not include any information about it in its manuals.

The behavior would be similar to runaway stabilizers, though, for which B737 pilots have memory items to perform (turn off the trim). This would have solved that problem. However, several other warnings and alerts, like stick shaker, might have been going off at the same time, making the situation chaotic and problems hard to diagnose.

An additional problem is that if it fails (the MCAS) the airplane is low, in full thrust during take-off and the pilots have zero room for error as the airplane is trying to dive into the ground (as in the LionAir flight).

Reading the posts there is a lot like listenning to 'retired generals' on <insert entertainment "news" network here> who haven't seen action/training in decades talk about modern tactics, equipment, and situations as if they magically have been informed by companies/players in the field they left (hint: they haven't).

I'd rather wait for formal investigations (e.g. NTSB-style) before jumping to any conclusions.

I interpret this as an indication that the United States policy and law is run by Wall street and is corrupted. Boeing didn't want to develop a new airplane, cut costs, and doesn't want to lose money, so the FAA is not allowed to ban the plane

So this isn't just banning from airports, this is banning from their airspace? That's then more or less a total grounding of them in Europe.

As an example, Norwegian (who has 15 of them) said they weren't grounding them as late as this morning, but now they'll have no choice. They use them mainly for their medium flights between scandinavia and southern europe (Nice, Budapest, Tenerife etc). No way they can do that without flying over Germany and France. It wouldn't be very good optics if they swapped their MAX'es to domestic use to free up regular 737's for flying over the continent either.

It looks like Norwegian is already asking its 737 Max flights to return to their departing airports, at least according to this recent screenshot I found on reddit [1]

[1] https://i.redd.it/6gtecemacpl21.png

Wow. This is pretty ridiculous considering all three of these planes seem to have been closer to their destination than the origin, making it safer to just finish the planned flight.

Both incidents have been in the first few minutes of flight and this is also a 'long term safety' thing. They're relatively safe to fly still.

On the other hand, if your plane gets stuck in a foreign country the bill just for parking the thing could be massive. Better to get it back while you still can.

Eventually the bill can get so high that it doesn't make financial sense to still attempt to claim to be the owner. As of January there was a McDonnell Douglas MD87 in Madrid thats abandoned. Three 747 were sold for scrap in 2017 after they were abandoned at Kuala Lumpur.

It can happen any time if it’s the MCAS issue again. Which we don’t know yet.

You have a lot more time and airspeed to work with when flying at altitude at full speed.

Getting back is another story. Stranding a plane at an away-station can be costly.

Especially if there’s some repair required before next takeoff.

If the plane is going to get grounded, the operator absolutely wants that to happen at home base, not at an outstation.

edit: NVM missed that these were mostly Turkish Airlines not Norwegian.

2/3 of those planes are flying back to Istanbul vs their destinations. Does Norwegian have a maintenance hub there?

They got bitten by this recently: https://matadornetwork.com/read/norwegian-air-emergency-land...

(emergency landing in Iran, can't get parts there because of sanctions)

Do these groundings also apply to ferrying the plane?

From the official reports mentioned elsewhere:

> From the effective date and time of this AD, do not operate the aeroplane, except that a single non-commercial ferry flight (up to three flight cycles) may be accomplished to return the aeroplane to a location where the expected corrective action(s) can be accomplished.

So they are allowed to be ferried in certain situations.

Yes. You’d have to seek an exemption from every country you’re overflying. Probably not worth it.

Typically not. Ferrying without paying customers is probably allowed.

Yikes. How would ya like to be a passenger on one of those planes: "We're returning to our departure airport because this airplane has been grounded."

Although if you'd realised it was a 737 MAX, you might already be clutching a medicinal gin & tonic ...

> Although if you'd realised it was a 737 MAX, you might already be clutching a medicinal gin & tonic ...

I wouldn't, haven't all the problems so far have been during takeoff? So once you're cruising you're safe from them?

12 and 6 minutes after take-off.

The MCAS problem cannot occur when flaps are deployed, and it happens when flaps are initially retracted. So if it hasn't happened by now, it's not going to.

It could also happen while resetting after a late missed approach.

I was on a Norwegian plane once going from Oslo to London, 3/4 into the journey, just before descending into Gatwick, we got told the plane is turning around due to fault on the plane. So deflating when you are nearly home. The pilot did a good job calming everyone down and explaining it was a minor fault, two duplicate sensors were showing different values, but still, enough to recall the plane.

So basically another 1.5h flight back to Oslo, a few hours wait, then on a replacement plane (thank god) with another flight back to London. A long day.

I can, however, understand it. As with this 737 Max-8s they did not want the plane grounded in an airport where they don't have a full service centre with parts etc. Had it only been a few years later we could have continued as they made Gatwick one of their major hubs with probably full stock of parts.

Though I do have a rule of preferring flying out from an airport with a "local" airline, as they are quite likely to have parts and chances of spare or frequent incoming planes to shuffle around to.

Related, Norwegian plane was stuck in Iran: https://eu.usatoday.com/story/travel/flights/2019/01/10/norw...

I had the same experience with an Easyjet flight, which departed from the Easyjet hub (also Gatwick) and returned there.

The pilot strongly implied that had I been on the British Airways flight, we'd have continued to the destination: BA would have flown their spare pilot + spare plane + repair crew out.

But Easyjet didn't have a spare crew.

This is Turkish Airlines, not Norwegian...

Edit: Two are Turkish, only one is Norwegian

I speculate we’ll see more airspace closures once countries give enough time to avoid stranding their nationals.

I wonder if, say, Germany, waited until its planes had to chance to land before closing their airspace, while other countries/companies, like Norwegian got caught by surprise.

Convenience over safety?

Total speculation on my part.

The closest thing to a German 737 MAX are 15 owned by TUI, which seem to all be based in the UK.

There hasn't been much fleet renewal in the German market in recent years, just lots of consolidation (it's actually a bit of a lottery to buy a ticket in advance due to all the bankruptcies)

I didn’t single-out Germany for its fleet, just that it was one of the countries with a delayed closure of its airspace.

A potentially interesting tidbit from Norwegian's Wikipedia page:

> Diversion to Shiraz, Iran December 2018

> A Norwegian Boeing 737 MAX suffered an unspecified technical failure over Iran in December 2018. The pilot made a precautionary landing at Shiraz Shahid Dastgheib International Airport without incident. Spare parts required to make the aircraft airworthy were not available in the world outside the United States, which has prohibited exports of technology to Iran. Two months later, the almost-brand-new aircraft remained stranded in Shiraz and subject to seizure by the Iranian government.[86]

> On 22 February 2019 the plane was ferrried from Shiraz to Stockholm as DY8921

That seems like a disincentive to buy American aircraft.

If you're a reasonably sized international airline, it seems like a reasonable possibility that you'd have to (or want to) land in a territory that the US in unfavourable toward. Why take the risk?

In the Iran case, there are similar sanctions from the EU, so the Airbus A320 family are also out of the question.

And if you want something the size of the best selling variants of the A320 family and 737 MAX you have essentially no choice.

And whats more, even the Russian jets are 'not russian enough' so Iranians could buy them[0].

"The US approval for the transaction was needed, as Sukhoi aircraft contained more than 10% (22%, according to state news RIA) of American-made parts."

[0] https://www.aerotime.aero/ina.hladyshava/22228-not-russian-e...

Maybe, but in the specific case of an Norwegian airline, it seems less likely there would be a 'mismatch' of interests, with the rest of Europe, compared with the US.

And I thought Europe were lifting their Iran sanctions? They're trying to get a non USD payment system sorted so they can continue trade after the US pulled out of a deal.


> In the Iran case, there are similar sanctions from the EU

Nope, since the 2015 nuclear agreement with Iran, Europe has no sanction against firms that commerce with Iran. However, since USA pulled out of the agreement, USA threatens european firms that commerce with Iran. The agreement is however still in place.

This is somewhat true, but to be fair there are only a few countries the US and it’s allies don’t do business with - as long as you don’t land in Iran or North Korea you’d be in pretty good shape.

Not so sure about that. The US Government lists 13 places as “Do not travel” and 15 as “reconsider travel”. Looking at the list, it doesn’t seem unreasonable advice. https://travel.state.gov/content/travel/en/traveladvisories/...

Many of those countries are friendly (extremely so) to the US. For example, the US is perfectly happy to ship aircraft parts (and even fully functional military aircraft) to Afghani buyers; they just give non-binding advice to US citizens that traveling to a war zone is maaaaaybe not the safest idea.

A travel advisory is something completely different than economic sanctions.

The grandparent comment was talking about landing in Iran or North Korea. I assumed this was about travel rather than economics.

Austria also closed the airspace for 737 max planes, while not the largest country in Europe together with France and Germany that adds quite a bit of extra detour coming from Norway.

Indeed. Norwegian is doing this because the optics now force them to do so, not self-assessment of the risk. They, and the Norwegian Civil Aviation Authority, failed in that regard.

Do you have a reference to confirm that this was a knee-jerk/optics reaction, out of interest? (definitely curious to see how airlines/authorities are reaching these decisions)

The MCAS system and the way it was introduced sound a little like a patch, and slightly haphazard.

While training & runbooks and procedures are important, take-off is a busy time, and the Max-8 is (afaik) intended to operate very-nearly-like a standard 737, so it's not inconceivable that pilots wouldn't have time or intuitively know how to handle this situation.

Ultimately any vehicle/software/tool is going to be safest when the responsible designer makes it intuitive and reduces the possibility of failure cases rather than adding workarounds or runbooks to patch over them and/or disclaim the liability.

Anyway, it seems like it could be early to strongly assign blame or critique until we know how serious the issue is.

Over 300 people dead sounds pretty serious to me. It's probably safest to ground the plane model until we know more.

I should have been clearer here; I was responding to the parent post's assignation of blame towards the airline/air authority.

Generally do agree with grounding the Max 8 fleet as a precaution, and also given the poor engineering smell around the MCAS.

But not keen to assign blame/failure and damage reputations until there are credible investigation results, or without providing references.

I've seen a number of people pointing at this likely being more an issue with untrained pilots than the plane itself. EI, the flight crew on the crashed planes may have had considerably less experience than the minimum requirements most major airlines and all US airlines set for flying these planes.

This seems like corporate PR blaming "3rd world pilots" and am not sure it's such a smart move. If your plane requires substantially different handling & the interface does not accommodate it, it seems to me the problem is not the pilot.

It seems more likely that the plane suffers from some elemental design problems that were insufficiently patched over to pass inspection in order to protect the already invested capital.

Huge number of third world pilots are flying other models of Boeing 737, they obviously didn't crash that often.

They are just blaming the victims, trying to let those already killed pilots to take responibility for their faulty designs.

If it was 2 freighters, would we have done the same?

UK CAA reasoning:



Norwegian Air and Norwegian authorities had the same information (or indeed lack thereof), but did not act until now. Given the known similarities, and the lack of data that rules out a problem with the B737 MAX, the responsible thing is to err on the side of caution.


"very nearly like" is also extremely dangerous when it comes to risk prevention.

People are pattern-matchers, and if 99% of flying the plane is the same except the part that will kill you if you don't do it the new way--well, people will do it the old way and die. That's infinitely more true in an emergency situation where you tend to fall back strictly on training and instinct.

If you want to jar people into different behavior, the interface needs to be different as well. Otherwise it looks like the same old contract.

I think many of us kind of know this from GUI/API/whatever design, but there's no reason jet planes would be any different.

>Do you have a reference to confirm that this was a knee-jerk/optics reaction, out of interest? (definitely curious to see how airlines/authorities are reaching these decisions)

Considering that pretty much any criticism can be dismissed with "better safe than sorry, also everyone else was doing it, we had to consider the optics" it makes perfect sense to step in line and ground them like everyone else. Not doing so would just be stupid when there's near zero downside to the people making the call.

It's like highway traffic. Sure you can obey the letter of the law but when everyone else is doing something drastically different your exposure to risk is minimized if you just do what they do whether it's right or wrong.

Norway also closed the airspace 40min ago

At least it’s not the country bound and determined to prop up the brand at all costs. If it was 2 A320s that went down, you can bet we’d be banning them instantly in the states.

EASA has just banned 737 MAX jets throughout Europe.


The official directives seem to be these ones: https://ad.easa.europa.eu/blob/EASA_AD_2019_0051_E.pdf/EAD_2... and https://ad.easa.europa.eu/blob/EASA_SD_2019_01.pdf/SD_SD-201...

In particular, ferry flights are allowed with certain limitations.

From the notice:

> "[...]do not operate the aeroplane, except that a single non-commercial ferry flight (up to three flight cycles) may be accomplished to return the aeroplane to a location where the expected corrective action(s) can be accomplished.".

Doesn't this just say the 737 MAX can be flown only to undergo future maintenance that'll resolve whatever the current issue is, unless another notice is posted clearing it?

At the gym today, on all the TVs, the media talking heads were crucifying the FAA for being "unsafe" or playing fast and loose with passenger safety (for not grounding the planes).

I've always held the FAA in high regard, and think they do a good job. Are they really being negligent here? Or is the media just looking for something to spark outrage?

Can anyone with more specific knowledge of aircraft safety weigh in?

Two crashes in 6 months and there's only 350 planes in existence is a pretty bad safety record that is probably on par with Tupolev.

The US can tacitly blame "third world" pilots all they want, but with 300 people dead already, I think it's important for the FAA and Boeing to say exactly what is going on, especially since the planes are in use in the USA.

There is a debate over if the plane's hardware, software, or pilots are at fault-- either the planes should be grounded or the exact protocol should be published all over for the world to know, since it is the passengers' lives at stake.

The Boeing Max 8 entered service in May 2017. Assuming a linear deployment rate, the 350 planes in service have seen an average life of 10 months. Assume 4 flights/day, that's 420,000 flights so far. 2 have gone down. A best estimate of the likelihood that a plane goes down (MLE), p = X/n = 2/420,000 = 1/210,000 ~ Binomial(n=420,000, p=P(crash)). According to the Economist [1] the likelihood your plane goes down generally is 1/5,000,000. So based on the fact that the plane crashes had similar characteristics, the Boeing Max 8 is 25X more dangerous than a regular plane. 25X is the difference between surviving a commute on a bicycle vs a car [2].

[1 https://www.economist.com/gulliver/2015/01/29/a-crash-course...].

[2 https://www.riskcomm.com/visualaids/riskscale/datasources.ph...].

EDIT: The Economist source that estimates a plane's p(crash) is questionable, for a passenger plane. If anyone wants to dig into this further, I found this source too: http://www.baaa-acro.com/crash-archives

> 25X is the difference between surviving a commute on a bicycle vs a car

Meaningless and misleading comparison at best.

According to numbers released by Boeing [1] itself, the original 737 designed back in 1967 had a hull loss of 1.75 per million flights, the 737 NG designed in the late 1990s to early 2000s had a hull loss rate of 0.27 per million flights. So Boeing 737 had a 7X less likelihood to crash as the results of 30 years of improvements. 25X difference is going to send the highly unsafe 737 MAX design back to the WWII level. Now think again whether WWII era aircrafts with similar crash likelihood should be allowed to carry passengers in huge volume in 2019.

You number proves one thing and one thing only - FAA has the legal and moral obligations to ground all those highly dangerous 737 MAX immediately.

[1] http://www.boeing.com/resources/boeingdotcom/company/about_b...

If I have an upcoming flight on a MAX 8, can I sufficiently compensate for any increased risk by taking the train to the airport instead of a 25km Uber drive?

Given the uncertainty about p(crash) that I mention, then to satisfy confidence limits, you should wear a styrofoam helmet for the full duration of your trip. And post a photo.

This is excellent data and calculation work. I really appreciate it!

I have a suspicion that if you were to remove all instances of terrorism and look at the crash rate of Boeing vs Tupolev, almost all Boeing planes would be way better except for the MAX 8.

That is probably a meaningful piece of data too.

The FAA and Boeing need to investigate this, but you can't make such statistical inferences, since you simply don't have enough data points. There could be no more crashes for the next few years with those 350 planes.

The FAA and NTSB are very good at what they do, one of the very few examples of government services that work well together with industry, give them some time.

We have some idea of a crash rate for safe airplanes. Something like: P(Crash|Miles Flow & Hull Age)

If we assume this airplane is safe, we can apply that probability to it and then ask P(2 Crashes|N Miles & 350 New Planes).

You would then have a probability for this just being bad luck, and compare that against your prior that this is a safe plane.

I haven’t done the math, but my gut says it would point to grounding the plane.

According to https://en.wikipedia.org/wiki/Aviation_safety#Evolution the fatal accidents per million flights were 0.39 in 2018.

The MAX8 fleet has been operational for about six months. Assuming 3 flights per day: 350 * 6 * 30 * 3 = 0.189 million flights.

To estimate the probability of two accidents, we can use a Poisson distribution with x = 2 and μ = 0.189 * 0.39 = 0.0737

P(x=2) = e^(-μ)μ^x / x! = 0.25%

I.e your gut feeling is correct (if my math is correct, that is). If one uses the estimate from a sibling comment of 1 crash in 11 million fights, the probability decreases further to 0.01% Actually the correct calculation is:

1 - P(x=0) - P(x=1) = 0.26%

since we are looking for the probability of there being more than one plane crash -- not just the probability of there being exactly two plane crashes.

Might also be worth considering P(2 Crashes | N Miles across 350 planes where at least one operator has incompetent maintenance), because that might not be all that different from P(1 crash | N Miles across 350 planes where all operators properly maintain their planes)

Look at things like Alaska Airlines Flight 261 [0] - safe airframe, deficient maintenance, plane loses all pitch control and impacts ocean. Yes, this still means that Boeing needs to improve things - single points of failures are never OK on a plane - but it also doesn't (IMO) mean the plane is fundamentally unsafe without those fixes.

0: https://en.wikipedia.org/wiki/Alaska_Airlines_Flight_261

The mean of a Beta Distribution (2, 348) (https://www.wolframalpha.com/input/?i=beta+distribution+(2,+...) is roughly half a percent, much higher than the 1 in 11 million across all flights (https://www.quora.com/What-is-the-probability-for-an-airplan...).

(You can pretty much always make statistical inference, with uncertainty going up with the lack of data)

I highly doubt there have been 11 million airliners manufactured, though - and that's what the 348 number is.

If we assume that the average MAX 8 has been in service for a year (first delivery was a little less than 2 years ago), and conducts 4 flights a day, we get this [0] - a mean of 1/250000. Still worse than 1/11000000, but only by a factor of 50 instead of 50 thousand.

0: https://www.wolframalpha.com/input/?x=0&y=0&i=beta+distribut...

Good point, I was wondering why I was off orders of magnitude.

Depends on your assumptions, but safe aircraft will crash making the first data point meaningless as you are choosing it at the starting point. Second, you are not just running one trial on one design but many trails on many designs.

I suggest you try the math as the odds are reasonably high.

This changes if you start talking about crashes since the first commercial flight, but those are again different numbers.

>I haven’t done the math, but my gut says it would point to grounding the plane.

"Guts" are notoriously good at statistical inference

The statistic looks appallingly bad to me viewed as a poisson process. If you had thousands of planes with zero crashes over decades would you consider that as zero data points?

You just can't have more data points, because flight travel is too safe.

And no, the FAA is not really that good, general aviation pilots die all the time from negligence and the FAA doesn't enforce the rules when pilots violate them (in particular low altitude flying).

General aviation is actually quite safety focused. The entire culture is centered around safety; a large amount of private pilot training time is dedicated to the subject; human factors in particular. Go to any fly-in breakfast and talk to the pilots and inevitably at some point during the conversation you'll hear something about being a safe pilot.

That being said, the government gives general aviation pilots a fair amount of freedom once they get their license. There are rules and they are enforced; particularly when violations put the general public at risk. But there's also recognition that it's quite possible to regulate GA out of existence like a lot of other countries have, and that has pretty negative consequences in terms of pilot availability for other purposes. Therefore, regulations scale with the amount of danger the public is exposed to.

For example, ultralight aircraft (single place, <254 lbs, <=5gal fuel, <=55kts) are virtually unregulated; the idea being that they're so small and light that they aren't much danger to others. LSA/sport (1-2 place, <=1320lbs, <=120kts) are regulated; require a license and inspections but less stringent than a private license, and so on. Private licenses can't be used for commercial purposes, and generally speaking more training and endorsements or ratings are required for eg. aircraft with multiple engines; those that are >=12,500 lbs, those that land on water, those that have old-school landing gear, etc. etc.

When it was time to regulate quadcopters out of existence, we didn't feel the "scaling with the amount of danger the public is exposed to".

I would liken GA enforcement to be somewhat like motorcyles. Lots of people die on motorcyles and we see bad behavior all the time, but we don't look at law enforcement and say they're doing a bad job. You're simply operating a platform with a higher probability of death than a car or truck when you do screw up.

If only model aircraft fliers who for have not killed anyone yet benefited from the same leniency.

What’s the “low altitude flying” rule that isn’t being enforced?


§ 91.119 Minimum safe altitudes: General.

Except when necessary for takeoff or landing, no person may operate an aircraft below the following altitudes:

(a)Anywhere. An altitude allowing, if a power unit fails, an emergency landing without undue hazard to persons or property on the surface.

(b)Over congested areas. Over any congested area of a city, town, or settlement, or over any open air assembly of persons, an altitude of 1,000 feet above the highest obstacle within a horizontal radius of 2,000 feet of the aircraft.

(c)Over other than congested areas. An altitude of 500 feet above the surface, except over open water or sparsely populated areas. In those cases, the aircraft may not be operated closer than 500 feet to any person, vessel, vehicle, or structure.

(d)Helicopters, powered parachutes, and weight-shift-control aircraft. If the operation is conducted without hazard to persons or property on the surface -

(1) A helicopter may be operated at less than the minimums prescribed in paragraph (b) or (c) of this section, provided each person operating the helicopter complies with any routes or altitudes specifically prescribed for helicopters by the FAA; and

(2) A powered parachute or weight-shift-control aircraft may be operated at less than the minimums prescribed in paragraph (c) of this section.

14 CFR 91.119

Except when necessary for takeoff or landing, no person may operate an aircraft below the following altitudes:

(a) Anywhere. An altitude allowing, if a power unit fails, an emergency landing without undue hazard to persons or property on the surface.

Better safe than sorry. For example if a plane crashes in the first flight should we just ignore it because it is statistically insignificant ? 2/350 seems like a fairly good number to ground the plane and do an investigation. In general this is good for aviation industry because next time Boeing will not cut corners as it has so far.

I think I see a new product from LLoyd’d of London Syndicates: Early big double failure on new airframe insurance.

A perfectly good airframe can have its reputation ruined with 2 incidents in a short time period.

If they need time shouldn't the first course of action be grounding this aircraft?

From what I gathered so far, it looks like airplane design was made with many compromises that made it complicated to pilot planes properly.

I agree, in my eyes it is debate between "the plane is not safe to fly by anyone"


"the plane is safe to fly with additional training, when given"

If the 737 MAX planes remain in the air in the USA, Boeing and US Govt are de facto saying "third world pilots clearly just don't understand how to fly our planes".

If they ground the planes, they de facto admit there is an actual safety issue.

> "the plane is safe to fly with additional training, when given"

If that is ultimately the conclusion, then it still gives the FAA and EASA a black eye, since they allowed the aircraft update without additional training for MCAS.

Best case scenario for Boeing is that the Ethiopian Airlines crash turns out to be something else. If it is MCAS related Boeing, the FAA, and EASA amongst others that green-lit the update without training have a lot to answer for.

> "the plane is safe to fly with additional training, when given"

Here's the thing. The additional training is not strictly necessary. The same procedures pilots are already trained for in previous models should have saved the aircraft. Unless investigations turn up a new problem.

Of course, one could argue that, by disclosure changes to the system, that the pilots would be able to react faster. But that's not really for us to decide.

It feels to me like Air France Flight 447 [0] - there was a flight computer behavior that the pilots didn't know about, but nonetheless following normal procedures would have prevented the crash. (For AF 447 that would have been "point the nose down to recover from a stall", for Lion Air 610 it was "check the trim wheel - you know, that thing that moves right by your knee - if pitch control is abnormal") Unfortunately, as we add more and more safety systems to planes people seem to be forgetting how to compensate for when the systems fail...

0: https://en.wikipedia.org/wiki/Air_France_Flight_447


Actually, "de facto" is in contrast to "de jure", meaning "in law" or more generally "officially". If they leave the planes in the air, then whatever the offical reason, they are de facto asserting that there is no (significant) problem. (Grounding them on the other hand could just be considered a excess of caution, so at most it asserts "We aren't sure there isn't a problem.".[0])

0: Which action, if either, is definitive might differ if the stakes weren't inconvenience vs death, or if the FAA openly didn't care.

True randomness does not preclude clusters of events. In fact that's the nature of random events.

Not saying I think these are completely random. But since we don't even know the cause of the Ethopian crash yet, who's to say? The causes may very well be unrelated.

The FAA is not an agency that should be assuming something is safe by default. It is an agency that should be assuming something is unsafe by default and demanding the manufacturer prove it is safe.

If it's random chance, Boeing should be able to prove it is random chance. Until then, the FAA should ground them.

How do you suggest Boeing "prove" that there are no links between the events? You can't prove the null hypothesis.

They can prove the causes were different in each case.

They may very well be unrelated, but shouldn't the FAA take precautions until that is known?

Both crashes happened soon after takeoff (6 and 13 minutes) and Boeing seems to think that they know where the error is (stall in high angle-of-attack) and have a fix in pipeline. FAA is taking calculated risk.

How is the FAA responsible for crashes outside of its jurisdiction? There haven’t been any 737 Max 8 crashes in the US. I can’t speak for Ethiopian, but Lion Air and Indonesia in general have a pretty bad safety record. Lion Air was removed from the EU safety blacklist in 2016. In 2013 another Lion Air 737 (not the Max 8) crashed into the ocean near Bali. Lion Air has had pilot test positive for crystal meth (2012). Lion Air has had multiple major incidents with various 737s over the past years.

The Ethiopian Air copilot only had 200 total hours of experience. In the US, you need an ATP certificate with a minimum of 1500 hours to even be a first officer.

Before we start throwing sand at the FAA, why not ask how a 200 hour pilot gets into the copilot seat of an airliner. Let’s also ask why Lion Air failed to fix a problem with the airspeed indicator. During a previous flight the day before the crash, the pilot reported a problem with the airspeed indicator and deactivated the anti-stall system. Lion Air didn’t fix the problem and the airplane crashed the next day. But that’s Boeing’s fault? Lion Air is a shit airline with a horrible safety record. Southwest Airlines uses only 737s and you can count their major incidents on one hand and their fatalities in over 47 years? Just 1.

Lion Air fatalities? Hundreds over multiple incidents. Ethiopian Air? Much safer than Lion Air, but much less safer than Southwest. Ethiopian has a fleet of 108 airplanes and Southwest has a fleet of 754, including 35 Max 8 planes — yet not a single incident despite flying an order of magnitude more frequently than those other airlines.

Air Canada has 24 8 Maxes in the air as does American. Along with Southwest, that’s hundreds of flights per day without incident, but then there is a crash with some third world Lion Air plane where maintenance is provided with proverbial duct tape and Ethiopia Air who has a student pilot as the first officer? Perhaps instead of grounding specific airplanes, we should ground specific airlines, because it’s clear than Ethiopian and Lion Air ought not be flying until they can figure out the basics such as maintenance and pilot training.

> How is the FAA responsible for crashes outside of its jurisdiction?

They have jurisdiction over the type certification as the responsible regulatory body for the nation of origin of the airframe.

Even if all this speculation of yours is true, it's still the FAA's and Boeing's problem.

These supposedly awful third world pilots and aircraft engineers have somehow been managing to fly earlier models of the 737 for decades, but when they upgrade to the MAX variant somehow two of them crash in quick succession?

That either indicates that these two events are freak accidents, or that the MAX shouldn't have the same type rating, the latter of which is on the FAA and Boeing.

There is a long history in aviation of putting safety in front of profits. And what Boeing and the FAA have the appearance of right now is putting profits in front of safety. So you're seeing trust being burned, and other government regulators standing away from the fire to avoid their own citizen trust relationship from getting shredded in the process.

Is it fair? Maybe not all of it. But I think it's completely predictable.

"News" today is a "for profit" enterprise and they will take advantage crises and public outrage to bolster their bottom lines when the opportunity arises... it's nothing personal, it's just the nature of the beast.

> "News" today is a "for profit" enterprise [...]

Hasn't news always been for-profit? If not: which news organizations (newspapers, magazines, wire services) have been run on a non-profit basis?

The only recent change (IMHO) has been higher time-to-market pressures (minutes versus hours/days).

BBC News, France 24, Al Jazeera, NPR..?

Its easier for everyone to just cover their ass and err on the side of caution. If another accident happens politicians would be held accountable. For the US its harder because they have a stake in Boeing and they don't want to damage them.

Honestly why not ground a few hundred planes just to be safe? It doesn't bother the Netherlands or Singapore. There are other aircraft, nobody is running out.

> For the US its harder because they have a stake in Boeing and they don't want to damage them.

Those dastardly politicians and bureaucrats, how dare they consider the broader consequences of their actions. /s


Those poor politicians and bureaucrats, how terrible that they be forced to consider the broader consequences of their actions for once. /s

I'm not going to lose any sleep over politicians having to deal with a complex trade-off for once.

Someone needs to pay for this and I think it should be boeing and not FAA.

It could be an EU-USA economic war. We’ve seen the Being competition won over the A380, which had to be abandoned. Maybe any excuse to ground a Boeing airframe and incur costs to owners makes Airbus look better. It doesn’t have to be lobbying, it could be a natural inclination.

It’s mean, but I’m not surprised, given the money in the game, that Europe is acting up much faster than FAA for a Boeing airframe, and the opposite for an Airbus/DC airframe.

1) The direct comparison to the A380 is the Boeing 747 which is being phased out as well. It's not a rivalry that put either of them out, just realities of modern air travel.

2) McDonnell Douglas (maker of the DC planes) is now owned by Boeing and was an American company.

American and Southwest Airlines are still flying the Max 8/9, and are refusing refunds (Southwest/American) and charging change fees (American) for customers concerned for their safety.

I don't understand this logic. They are essentially risking their entire company over the safety of this plane. If something happens now they'll be driven to bankruptcy at record speed.

One thing to note is that both American and Southwest's 737 Max aircraft are configured differently to those flown by most other operators, with regards to the display of AOA indicators and the "AOA DISAGREE" warning light. These features are optional and the fact that they are not present on Lion Air's aircraft may have contributed to that crash.


That would mean Southwest strongly believes the lack of "AOA DISAGREE" caused the crashes, so they are safe to continue flying their fleet. If so, they should come out and say it.

Right now, 737 Max Fleet is the deadliest plane per mile that is in the air [1], by a wide margin. Maybe it's an anomaly and the rate is much lower, but by the same reasoning, it could be worse. I'm not flying on one, and my opinion of Southwest and American is at a new low.

1. https://finance.yahoo.com/news/the-boeing-737-max-is-now-the...

They have said it. At least, their airline pilots union has.


.. the MAX aircraft has 17,000 recordable parameters and Southwest has compiled and analyzed a tremendous amount of data from more than 41,000 flights operated by the 34 MAX aircraft on property, and the data supports Southwest's continued confidence in the airworthiness and safety of the MAX. ... SWAPA also has pushed hard for Angle of Attack (AOA) sensor displays to be put on all our aircraft and those are now being implemented into the fleet. All of these tools, in addition to SWAPA Pilots having the most experience on 737s in the industry, give me no pause that not only are our aircraft safe, but you are the safest 737 operators in the sky.

> That would mean Southwest strongly believes the lack of "AOA DISAGREE" caused the crashes

No, that only means that they believe this will improve pilot's situational awareness. You don't need that feature to override uncommanded trim.

Until the FAA says the aircraft is unsafe, your opinion of these airlines is misplaced. They went beyond what's legally required and added an additional safety feature.

Southwest exclusively flies 737s. They have one of the largest pilot corps for that type. The airline has good safety and maintenance records.

While I understand your point and appreciate your knowledge of the situation, I’m left with the idea that while the rest of the world is grounding these planes until more is known Southwest is flying them anyway. The only motive I can see for them to do so is money.

What’s the non-monetary harm in grounding until more is known? They are a small percentage of their fleet.

Southwest are extremely experienced with the 737 in general and have specifically trained on MCAS and its potential failures on the MAX.

Southwest have been flying since the 1960s, and have I think a total of (3) fatalities. No relation or association to them but the operator and their training matters. Southwest are by any measure one of the safest airlines in the world.

One thing that I keep rolling over in my head is right now it wouldn't appear that the pilots should have been been able to fly without instruments when they crashed. And both crashed apparently due to the pilots being unable to control pitch.

Two lost aircraft. Both new. Both with the same symptoms. Under conditions you would not expect to lose an aircraft.

That's a really really bad sign.

It would still be prudent to ground them anyways until they know for sure they avoid the problem with their solution.

Optional deconfliction UI for flaky angle of attack sensing? That's a indictment of the standard deliverable. Is this option free or do you have to pay for it?

> and are refusing refunds (Southwest/American)

Is southwest refusing refunds? Not doubting you, just asking if there has been a story about it.

>If something happens now they'll be driven to bankruptcy at record speed.

I hate to say it, but given the track record for appalling incidents happening with airlines in the US, I'll buy that dip.

> They are essentially risking their entire company over the safety of this plane

But all that profit, would someone think of stock holders please!?

When passengers starts wondering what model plane they are going to fly on then you know that you have lost the narrative.

No wonder McDonald Douglas changed the DC-10 into the MD-11.

...which also crashed. It was bumping because it was too long and the pilots couldn’t feel when they touched down. I think it caused 2 crashes.

Which is a lot, considering DC-9 and DC-10 are known for all sorts of crashes, including losing the same door 4 times for the same reason, each time with deaths. Ah, and who doesn’t remember the Concorde crash. Provoked by bursting a tyre on a piece lost by a DC-10. The airplane that literally falls into pieces.

I always wonder what model I'm going to fly, but it's mostly because of noise, seating and overhead baggage space consideration.

I may not have this correct, but here is the FAA, a branch of our government not temporarily grounding the Max 8 - looks like the government is protecting a (mostly) US company. Flip this around and we are putting a lot of pressure on allies like Germany to not use ‘dangerous’ Chinese 5G infrastructure.

I guess it is natural for governments to promote local industries but the cynical me thinks that corporations have captured our government so they don’t act in the public interests.

According to the head of the Norwegian civil aviation authority, interviewed live on radio right now, the ban is EU-wide as of a couple of minutes ago.

Does anyone know if there is a material difference between the MAX-8 and the MAX-9? All the banning seems to be specifically for the MAX-8, but should they consider banning all MAX series aircraft? I realize the crashes themselves were MAX-8, but the difference between them seems not significant?

From what I could gather all Boeing 737 MAX have been banned by UK, France and Germany. This is not limited to just the MAX-8.

In the UK at least, it's both 737-8 and 737-9

From the CAA: https://www.caa.co.uk/News/Boeing-737-MAX-Aircraft/

I believe only the MAX-8s are in service. MAX-7s exist, but not sure if they're in use, or just on order. The 9 and 10 haven't been produced yet.

MAX 9 deliveries started in 2018. About 30 have been delivered, many for United Airlines.


From Wikipedia

The 737-700, -800 and -900ER, the most widespread versions of the previous 737NG,[10] are replaced by the 737 MAX 7, MAX 8 and MAX 9, respectively[61] (FAA type certificate: 737-7, -8, and -9[8]). The 737 MAX 8 entered service in May 2017,[2] and the MAX 9 entered service in March 2018.[62] The MAX 7 is expected to enter service in January 2019, followed by the MAX 200 later in 2019, and the MAX 10 in 2020.

Not true: https://www.jetphotos.com/aircraft/Boeing+737-9+MAX. You can also filter on flightradar24.com; use "B39M" as the aircraft designation.

Given this only seems to be afflicting MAX8 craft in terms of material evidence, my guess is they won’t ground the whole series unless/until another MAX craft goes down.

AFAIK the avionics on both variants are the same. A pilot who is (properly!) trained and type-rated on one should be able to effortlessly use the other.

The only difference, again AFAIK, is the passenger and cargo capacity, length, and the range.

The 737 type rating (training/licence addon required) covers pretty much the entire family of 737s from the 200 to the max.

The avionics are the same but because the planes have substantially different air-frames, the software parameters and possibly some functionality will differ. It's not unreasonable for differences in these flight parameters to be a factor.

Honestly, it goes even further than that. The generally accepted theory in the Lion Air incident is that a system caused MCAS might be one of the major causes of the accident.

Basically, the larger/more powerful/further forward engines on the MAX would cause the airplane to behave differently to other 737 variants in some situations, and MCAS is designed augment pilot input and allow the pilots to fly the planes as they would have flown other 737s (and allows pilots to fly MAXes under the same type ratings as previous 737 models). However, in edge cases (in the case of Lion Air, erroneous sensor input) the airplane might do something totally different from other 737 variants. Evidently Boeing didn't even require pilots to be told about MCAS, because all it (supposedly) does is make a MAX feel like an older 737.

Just two days ago, people were poo-pooing China for doing the same exact thing, referencing political interference, protectionism, and setting all sorts of other ill deeds at the doors of their regulators.

The FAA has always been very pro-active about grounding planes that are unsafe. The airlines operating these aircraft do not benefit by continuing to fly them if they are un-safe. Between the cost of the loss, public image etc. it would not make economic sense.

Given the trade tensions the US has with both China and the EU and the fact that both are offering competing products (Airbus more so), this sounds like more of a political move. In the case of the EU, the WTO ruled that Airbus was illegally subsidized by the government that has now banned a Boeing aircraft while it has the green light to fly in the US.

As swampy as the US government is, the EU has it's fair share of payoffs etc.. I expect this to further heat up the trade war.

To me the more political move seems to be the FAA not grounding them... 2 brand new planes yoyoing after take-off and crashing...

Older 737 crashed in the similar manner as well:

- Flydubai Flight 981

- Tatarstan Airlines Flight 363

Does anyone actually know or suspect what's wrong with these planes? Hardware issue? Software issue?

The engines are larger than previous models and had to be moved forward, which causes it to (potentially) stall, so they implemented an anti-stalling mechanism called MCAS which relies on a particular sensor, which can malfunction potentially. They also didn't inform pilots that this system even existed which means they have trouble diagnosing the problem and will potentially only make it worse by trying other things.

Of course that's all speculation since we don't know much about this particular crash, but that's the main issue with them.

Source: https://www.youtube.com/watch?v=zfQW0upkVus

Note that the engines were moved forward because there's not enough ground clearance for bigger engines due to the grandfathered 1967-specified short undercarriage...

Bascially MCAS is a hack to cover a problem raised by trying to save money by pretending it's the same as a 52-year old airframe. Instead of just saying "let's do this properly ” and certificating as a new design with appropriate design features.

Minor nitpick. It's not that the engines directly cause stalls(EDIT: of course if you pitch up too much you will stall at some point). Is that they can cause some unintended lift in some flight configurations. So MCAS is supposed to pitch down (by trimming) to keep the attitude under control

Boeing's main argument is that the procedure for dealing with runaway trim is completely unchanged compared to other planes, so this shouldn't require any additional training.

I understand their reasoning, but it seems odd to not even inform that there was a change, so that this would be more on top of the pilots minds. It's even worse that the system engages as soon as flaps are retracted. Since 737's usually take off with at least some minimum flaps, and retract them soon after take-off once enough airspeed has been attained (but while the plane is still at low altitude), this is quite dangerous. Pilot workload is high at this stage and there is limited altitude to recover.

That said, since this issue is on top of everyone's minds, and US carriers have added the optional safety indicators, we are unlikely to see a crash any time soon. Pilots will be jumping to the override switches at any sign of trouble.

> Pilots will be jumping to the override switches at any sign of trouble.

This is a good point. And very concerning!

Maybe. Or perhaps a pilot disengages the system and stalls the plane.

Didn't Boeing also market the plane as an evolution of the 737 that doesn't require retraining? So pilots with experience on the 737 can automatically fly the 737 Max?

Yes, but there are always going to be minor changes during each revision. Before the MAX there were the -600, -700, -800, and -900 series 737s. Before that, the -300, -400, -500 series. Each set will invariably have a few things that pilots will have to be aware of. In this case, Boeing didn’t alert pilots to the new MCAS system, which is a giant failure on their part.

It’s not yet known if this latest crash is in any way related to the first (although I have several outstanding wagers against this being the case).

Yep, that was the big selling point since airlines hate retraining pilots.

Totally backfired in that regard though.

It sounds really stupid for Boeing if you put it that way.

I can imagine it looks good on the marketing material, 'no pilot retraining required!', but as far as I understand from all the analysis so far, it's actually not that hard to disable the new MCAS system and prevent a crash. As a pilot you only need to know it is there, and what happens if it somehow fails.

I would be surprised if they had sold even a single plane less if they advertised it as 'very minimal pilot retraining necessary'.

> I would be surprised if they had sold even a single plane less if they advertised it as 'very minimal pilot retraining necessary'.

That might be enough for the plane to need a separate type certificate, meaning hundreds of millions of dollars expenses for Boeing to get it certified, and full new-type pilot training costs for every airline to fly the aircraft. (Plus, time, and ongoing crew management to juggle pilots certified on one but not the other.)

> As a pilot you only need to know it is there, and what happens if it somehow fails.

You don't even have to know it is there. All you need to know is "hey, auto trim is acting very funky today and I'm having to fight it. Better override.". And hit two switches.

> I would be surprised if they had sold even a single plane less if they advertised it as 'very minimal pilot retraining necessary'.

They were likely afraid that it would require a new type certificate.

> All you need to know is "hey, auto trim is acting very funky today and I'm having to fight it. Better override."

Unless you believe your instruments (AoA reading high) and assume the plane is actually doing the correct thing.

Probably a boardroom type of decision that seemed fine and dandy until planes started crashing into the ground.

From what I understand, there were design decisions that were reworked to be more similar and keep the same type class as a requirement of customer 1, Southwest Airlines who is a major consumer of the max 8.

I also wonder about the engineers involved, what they think about the system and whether it was created expressly for getting around retraining, realizing late into the project that the changes to the in-flight behavior of the plane may have been too much.

The contractors involved would be gone long before realizing anything. The decade(s) it takes to make a new plane is much longer than any tenure.

Also if an airline is going to have to retrain pilots, they might also look at completely different manufacturers (e.g. Airbus) and play them off against each other to get a better deal.


The linked article also mentions the plane was smoking, and fire was coming from the engines. This is new information to me that I think is being overlooked, because if MCAS was enabled erroneously, it's unlikely the plane would have caught fire. The Lion Air Max 8 wasn't reported to be smoking/on fire.

If something else made the engine(s) catch fire and become inoperative, and the MCAS system enabled correctly due to low airspeed/stall conditions, but was fought by the panicked pilot(s) resulting in an unrecoverable stall, it's an entirely different story.

Bear in mind that eyewitness reports of events like this are notoriously unreliable.[1,2]

Yes, it may turn out that this incident bears no relation to the Lion Air one, but I think it's much too early to make any such assumption.

[1] https://www.nytimes.com/2002/06/23/weekinreview/ideas-trends...

[2] https://commons.erau.edu/cgi/viewcontent.cgi?article=1040&co...

Also, news reports about eyewitness reports are notoriously unreliable.

I hadn't heard that, but that's exactly why he says (in his latest video and here) to avoid too much speculation, because there are other things that could go wrong under similar conditions. Takeoff and landing are the most risky parts of a flight so it's no surprise that if there is going to be an issue, it would be during takeoff.

An engine compressor stall (which is more common at low altitude and high thrust) can cause fire to come from the engine.

https://www.youtube.com/watch?v=MQWYhsYfMxE (jump to 1 minute for an example, found in an earlier HN thread).

Regardless of the cause of the Ethiopian crash, I think this whole affair has put into stark relief how much of a bodge job the 737 MAX is. It's the culmination of decades of revamps and modifications to a fundamentally outdated design, and the result is an aircraft that simply isn't very good. It's the aviation equivalent of the great edifices of legacy code that so many HNers will be familiar with from their day jobs.

The bottom of the engines are a mere 40cm of so above the ground when the plane is on the runway. Hence the tight fit and need to move the engines forward so they would fit. Then the auto-fix-the-stall software isn't something the pilots are told about.

They didn't come up with a common sense solution, doing so would have costed many billions for a new airframe with longer legs for the landing gear. This is how I understand the problem, coming from a design compromise and organisational groupthink.

Clearly this is my armchair speculation however I suspect there will be lessons to be learned from this that run along the lines of the 'Vasa' rather than the 'Comet'.


The Vasa story crops up on HN from time to time, it was a top heavy Swedish ship that sank after launch in light winds many centuries ago. The spec had changed with more gun decks added and groupthink drove the 'pride of the fleet' project forward. The launch date happened and it sunk.

Your link seems to indicate that the spec hadn't changed, that was just speculation that was disproved on inspecting the wreckage, and it turns out the design was basically bad in the first place, due to very tight safety margins and the poor understanding of engineering a ship at the time.

> The bottom of the engines are a mere 40cm of so above the ground when the plane is on the runway

Jeez. How are pilots supposed to land that thing in heavy wind scenarios? One wind blow at the wrong moment and it will make ground contact.

When airplanes land their longitudinal axis isn't parallel to the ground. If it is they've got bigger problems than engine clearance.

The 737 MAX engine clearance from the ground isn't very unusual. E.g. the A320neo is below 56 cm[1].

1. https://aviation.stackexchange.com/questions/9350/is-the-gro...

Well, if it is that bad, you should have made a decision to divert to the alternate long ago. Plus, it's not any wind that would cause this.

The older versions of this aircraft have the same ground clearance and have had for decades.

Are there any statistics available for how often there has been a need for a pilot to disengage MCAS?

If we speculate (e.g. before the facts are in) that this was similar in cause to Lion air incident, then I would be curious to know how often AoA sensor has malfunctioned and|or MCAS has otherwise gone haywire and pilots have needed to revert to manual control during the two years of service MAX8s have had.

The Lion Air plane that crashed had suffered from the exact same failure on its previous flight, though obviously the pilots managed to recover from that one.

As you say, most of the speculation seems to focus on MCAS in combination with faulty sensor data. While, as a layman, pilots being unfamiliar with MCAS seems like a reasonable explanation, doesn't this theory still require 2 planes in 6 months to have faulty AOA sensor data? That seems unusually high to me as well. I haven't really seen any comments on that.

It does not seem too surprising to me. Sensors fail all the time on planes. The AOA sensor seems like a particularly good candidate for failure given the design.

I think most people don't realize just how much stuff can be broken on an airliner and it still deemed safe to fly. And it happens all the time.

I think you'll be surprised to see how long a typical MMEL is: http://fsims.faa.gov/wdocs/mmel/b-737%20r55a.pdf

Sure, airliners might fly all the time with a missing seat number or a broken overhead bin. They're big, complex machines. But if you're implying that it's routine to fly with broken sensors, then no. That's not true.

If yesterday's Post Reports podcast [0] is anything to go by, there's also an issue with the autopilot refusing to give back control to the pilot in some situations because of what you just mentioned, on the basis that it would spare their clients the associated pilot retraining costs.

Picture being at the wheel of a self-driving car, with an obvious crash looming, and the car refusing to let you, the driver, take back control and steer the wheels or step on the brakes.

[0]: https://www.washingtonpost.com/podcasts/post-reports/questio...

>and had to be moved back

Small typo: He says "forward and up" in the video.

Woops yeah I misremembered that detail, thanks.

There's speculation that the crash was caused or contributed to by the MCAS system, which is new on the MAX 8. At this point it is just speculation.

Here's a good answer from Reddit:


So much speculation is going on. The angry mob has already concluded that the MCAS must be the cause. Greedy Boeing was too cheap to redesign the plane and made a cheap software hack to fix it. Sneaky computers are overriding the decisions of the poor helpless pilots. The FAA is too incompetent to certify aircraft, etc etc.

Based on what I read, the truth is a lot more complicated. The MCAS doesn't work the way most people seem to think it does. Maybe it is a factor in the crashes. We don't know that yet.

We don't know much, if anything, about the Ethiopian crash; but we do know that in the case of Lion air, MCAS was a major factor.

Let me also enter the impopular Null Theory:

Maybe there is nothing in particular wrong with these planes, and they were just hit with two random accidents.

Malaysian Airlines would say that's always a possibility



2 Boeing 777-200ERs down within three months of each other (one was shot down by Russia and the other is speculation)

The fact that the safety record of the 777 was near perfect before 2014 honestly makes me more concerned about what happened to MH370 if it's an inherent fault.

We still don't know why MH370 went down, and when MH17 was shot down over Ukraine some other airlines had already diverted flight paths away from that area due to the conflict.

I don't think you could say Malaysia Airlines was at fault for MH17, but it's hardly a good example of a null hypothesis. Since e.g. if BA was operating the same flight at the time it wouldn't have been anywhere near Ukraine.

Crashes are useful data because they surface otherwise unknown or poorly understood failure modes. In that sense it is like a zero day vulnerability. It suggests that all aircraft of this type have an unpatched issue. And the best way to think about the problem is with thorough technical analysis of the issue itself.

. Maybe this turns out to be true but right now you can't make decisions based on that.

Indeed: in the aviation world the philosophy is that things have to be proven safe [1] to be allowed to fly, rather than proven unsafe to be banned. In that regard, two similar crashes a few months apart is enough to worry of a design flaw. And if it was just two unrelated pilot errors, the planes will be allowed to fly again quickly.

[1] To a reasonable extent, of course, nothing can ever be proven 100% safe.

Yeah, I'm not saying anyone should. Just a reminder of the possibility.

The more I read about flight systems and protocols (and I am absolutely a layman when it comes to this), the more it seems like it's very rarely solely isolated to one component.

The hardware, software, and human systems are so intertwined that it likely involves all 3, even if the route cause can be isolated to one.

That being said, there hasn't been much specific information about the cause released yet, that I've heard.

Problem is, if they've added so much automation that trained pilots cannot determination the proper course of action 100% of the time, the system is at fault.

"You don't have to do anything, the plane will fly itself. Unless there's a catastrophic emergency. Then you better remember everything you haven't practiced from 18 months ago" seems like a failed implementation.

That's definitely a mischaracterization of what the airlines do. Anyone that has been in a cockpit of a plane knows that you fly by checklists.

There's a checklist procedure for almost any scenario they will run into (of course not every). This exact issue was seen by other airlines and the pilots followed the checklist procedures to safely regain control of the plane as expected.

In theory, these checklists are optimized to resolve these issues and regain control as quickly as possible while ruling out other causes. It is very rare the correct course of action for the pilot differs from the checklist procedure.

There is 0 expectation that the pilot should remember everything. Pilots are trained specifically to communicate with each other to go through these checklists as quickly as possible.

That being said, there is a major concern that this issue will popup while taking off and being too low to the ground to properly follow procedure in time to recover control of the aircraft.

Chicken and egg problem. How does the pilot know that the automation is malfunctioning? The pilot has to go through their mental checklist and make the realization that intervention is necessary to prevent catastrophic results. All this while in critical take-off situation.

Apparently, the plane thought all was well, just needed to point the nose of the plane down a wee bit.

And yet it is precisely because Captain Sullenberger did not follow protocol, in the moment, that he was able to save the lives of everyone aboard flight 1549. It was only determined afterwards (obviously) that he made the right call.

Many pilots in similar situations would have made the wrong decision. As a passenger you are not necessarily going to get someone of Sullenberger's quality. And it is possible that automation could help in this kind of situation. It could provide an estimate of glide distance. It could use spatial data to identify crash landing sites, avoid populated areas, and design an optimal landing profile. All in a fraction of a second. Of course this kind of failure is so unusual that it is probably not worth designing the automation to deal with it.

I mean, initially pilots were not informed this system existed. Certainly the assumptions that went into that decision seem to match up with what the person above you is describing.

In theory (not saying I agree), the "regain control checklist" is very similar before and after this change which is apart of why they did not see a need to communicate this until after the 1st crash.

Reviewing the video below - it appears to still line up with this. He doesn't mention the actual memory items changing. His explanation is the pilots starting using the wrong memory items because of information overload.

Example - They could have been going through the stall memory items instead of the runaway vertical stabilizer memory items.

That appears to be contradicted in this video which was linked above, around the 8:45 minute mark, it's a different set of memory items ("Runaway stabilizer") which should be enacted in the case this system was coming into force outside of a stall situation.


The problem is information overload to pilots. And the pipeline how commercial pilots are trained also changed. 50 years ago a lot of pilots were having military backgrounds and training. So they were having more experience with shit going down the drain situations.

50 years ago they also crashed about 100 times as often as today.

(Air Traffic increased ten-fold since 1970, while fatalities went from 3,500 pa to a few hundred)

That is literally how Tesla and some otber players started car automation. With the same predictable results. A human just cannot stand on standby in perpetum. Either the human must be in control or out of the loop.

Standng by in a Tesla and standing by in an airplane are two very different things. You cannot compare them.

When a typical civilian passenger plane throws everything up and yields control to its pilot, the pilot gets 10+ minutes to fix it, helped by a copilot, mountains of checklists and a direct audio line to air traffic control.

Nothing to do with the 5s you maybe get when your Tesla yields.

All three. It also has to do with pilot training.

The general idea is that there is an auto-trim system meant to stop the plane from stalling. But when it gets bad data from a faulty sensor it tries to crash the aircraft (short version). Pilots, all pilots, are trained to recognize this and override the system, but this aircraft requires them to do some things slightly differently. Specifically, they have to shut down the system rather than manually work against it. Difficulties arise where there is a disconnect between what the pilots think is happening, what the systems think and tell them is happening, and what the aircraft is actually experiencing. So this is an interaction between an automated system (software) a potentially faulty sensor (hardware) and pilot training. It is a complex problem that will take a while to fully understand and solve.

It's a simple problem: don't dodge training requirements by falsely stating that there's no need to retrain pilots on this aircraft.

These crashes happened because Boeing tried to market the plane as not requiring retraining in order to boost sales to airlines.

One amelioration would have beem a simple "MCAS ACTIVE" announcement every time it activated. That would have eliminated a lot of checklisting and guesswork in moments of high stress.

"What the hell is happening?"


"Flip the cutouts!"

Why that wasn't mandated by the FAA I have no idea. Instead the pilots are expected to systematically analyse the options whilst trying to stay airborne.

This is a very succint explanation of what's happening here (in the Lion Air case, anyway). Not sure why you're being downvoted - perhaps the claim that this is a "complex problem".

HN is slowly walking towards facebook culture. People up/down vote things they like or dislike, with the goal of disappearing opinions with which they even mildly disagree. Valid points and thoughtful discussion are increasingly unwelcome.

Lol. Thanks for the downvote all below. Thanks for proving my point about the change of behavior.

Facebook doesn’t even have a downvote option.

It does on some pages' comments. It's a feature they're slowly rolling out.

How do we know the software works in all conditions, as described?

We don't know it had anything to do with pilot training until the investigation is actually finished. To say it's pilot training is pushing Boeing's narrative.

Also training issue - according to a commentator on Radio 4 this morning, the conversion training for this aircraft is a 90 minute course run on an iPad.

The speculation I've seen is around a change to the autopilot system which pilots ave been struggling with:

> Following the Lion Air crash, US aviation authorities issued an emergency directive to carriers to update flight manuals with information on what to do when the aircraft’s anti-stall system is triggered by erroneous data from what’s called an “angle-of-attack” sensor. The flight system can react to that data by pointing the plane’s nose sharply downward. Boeing, meanwhile, directed airlines to a checklist in manuals for stabilizing the aircraft. Pilots said the crash and the directives that followed were the first time that they were made aware of these changes to the flight system.

Traditionally the fly-by-wire systems have at least 3 AoA sensors, which each "vote" on the output value.

That way, if you have one faulty sensor, it gets outvoted.

The MCAS system in the new 737-MAX's only have 2 AoA sensors, which means a single faulty sensor can cause bad things to happen.

> The MCAS system in the new 737-MAX's only have 2 AoA sensors

That's pretty damning if true.

This is what i was told (it was something like "they have 2 flight computers, and 1 AoA sensor hooked up to each").

The reddit thread linked from elsewhere says the same thing.

The preliminary report on the Lion air crash (http://knkt.dephub.go.id/knkt/ntsc_aviation/baru/pre/2018/20...) says they replaced and tested the AoA sensor 2 days prior.

They repeatedly refer to the AoA sensor using only singular nouns everywhere.

Given the report says it was giving faulty data and that was used, the only way this can occur is either:

1. Their are multiple sensors and the software is broken

2. There is a single sensor

Given all other data, i'm going with #2 :)

Nobody has been enterprising enough to publish the MAX8 troubleshooting/etc manuals online, if they did, you could easily verify this.

Some acquaintance of mine told me – which I really can't believe given the seriousness of aviation security – that there is in fact just one sensor.

If true than that's preposterous.

There are definitely at least 2. You can see them :)

Still seems like at least one to few, no?

Yeah, this would line up with "1 sensor for each flight computer".

Either way, this is insanity.

I’d like to see the math on that cost savings now.

MCAS is not a fly-by-wire system. Pages and pages of speculation by arm-chair aircraft designers going on. So depressing.

I understand it's not a fly by wire system. I was comparing it to the other common use of AoA sensors.

Do you have anything real to add here other than "I am Very Smart and everyone else is not"?

For example, whether it is a fly by wire system or not does not change anything about what i said about the sensors.

> Traditionally the fly-by-wire systems have at least 3 AoA sensors, which each "vote" on the output value.

That way, if you have one faulty sensor, it gets outvoted.

That would make sense, but unfortunately it's not the way they're actually implemented. Several incidents with Airbus aircraft were due to one AoA sensor's faulty input being allowed to trigger uncommanded pitch down events, instead of the one faulty sensor being outvoted by the other two.

I agree having only two sensors is even worse.

Boeing is issuing a software update in April.


A software update that was scheduled for distribution (iirc) in January, so already late. As a software practitioner, this scares the living shit out of me. Already late software, now pushed for a deadline-driven release... This can't end well.

I would think the software is relatively simple and that the fix, as it's described, is more smoothing inputs and limiting outputs. Or course the combined software that flies a plane is enormous and incredibly complicated, but I'm talking about a relatively small component of that whole. The program reads sensors and actuates surfaces to correct what it incorrectly registered as an abnormally high angle of attack but was, in reality, a misbehaving sensor. The new program, from what's described, tries to figure out the right value even if the sensor disagrees, and limits the output to avoid large corrections. Along the programs, they also need to write new documentation, operating and maintenance manuals, issue corrections for flight simulators and so on.

It's also not the first plane to crash because of software reading bad data from bad sensors. Or the last.

Applications are open for YC Winter 2024

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact