Because if you did that, you'd have to alert the pilots when the AoA sensors disagree and MCAS has been disabled. And you can't do that without training them on what that means, notably how the plane will now fly differently with what you might call "relaxed stability" at high angles of attack. And Boeing really really wanted to avoid retraining of pilots because apparently they had a contract with SouthWest that would cost then $1M per plane if retraining was required.
It's worth noting that there are other more engineering reasons it could be tricky to use both. An aircraft in a side slip will show different reading on the left and right sensors. Also, there are failures which are likely to impact both at much the same time, icing being a big one.
Agreed. Boeing's revised MCAS will disable itself if the AoA sensors disagree by more than 5.5 degrees when MCAS activates, or a sustained difference of more than 10 degrees otherwise. This is to take into account the fact that the sensors disagree to some degree in normal circumstances. These are fairly relaxed limits, but does demonstrate that a reasonable solution is possible.
Related question: how does regulatory approval of planes work, worldwide? I read a few times that the FAA had approved the new plane too quickly, but don't other regulators have their word?
FAA have (or had) such a good record, that other regulators, like EASA, simply trusted a FAA certification. In the same way, FAA trusts an EASA certification for an Airbus plane.
Bilateral certification agreements. Canada and U.S. have one as well (it goes both ways): https://www.tc.gc.ca/eng/civilaviation/standards/int-baa-usa.... It's good in theory (cutting down on a giant amount of repeat work), as long as both certifying bodies maintain their standards and don't get politicized.
Yes. But the AoA disagree indicator did not disable MCAS. In similar circumstances, SouthWest pilots would not have taken off, because AoA disagree would have indicated as soon as they'd begun their takeoff roll. But if an AoA sensor had failed in flight, it would still have been up to the pilots to manually disable stabilizer trim.
If those victims would be primarily from western country, especially US, there would be almost immediate class action lawsuit against Boeing from families (US citizens seem more trigger-happy to fire lawsuits when feeling wronged, at least from my perspective).
But I guess Ethiopian/Indonesian cries for some sort of compensation/justice would have to go very viral in western media to force a corporation like Boeing into anything (since it is also a clear admission its purely their fault, which it seems to be).
Most countries don't have such a thing as class action, and even among the countries that have it, it's only commonly used in the one that invented the idea, and multi-national class action isn't really a thing. So I think you'd find that, far from "especially in the US," you should only expect a class action lawsuit like that for a flight that is either to or from (or both) a US airport.
With lots of of passengers on both flights being from lots of different countries, what they're getting instead is lots and lots and lots of individual lawsuits all being filed in different jurisdictions.
Which is, I'm guessing, likely to be more damaging to them in the long run.
MH370 was a multi-national class-action lawsuit filed in SC that was only dismissed because the circumstances of the disappearance were not clear and nothing to do with it being multi-national
It brings up the question of what it means for the two sensors to disagree. How much do they have to disagree? For how long? How many times? The atmosphere is full of weird effects that can transiently make the two sensors be different. How much and for how long do you get to disable the MCAS system until you can't claim it as a protection? If you can disable it whenever things get strange then why have it at all?
There is a tendency to fixate on the bug that caused a crash to the extent that you introduce new more new bugs than you had before.
I think the sensors are on the side of the nose, about as far forward as the pilots. It looks like one is on the left and one is on the right.
These things are essentially just wind vanes that read the direction that the air is moving past them.
Short of the plane flying obliquely into a tornado, I can't think of any atmospheric effect that could lead to a disagreement.
You'd need an atmospheric effect that causes a significant difference in wind direction between two points that are maybe 3 m apart and the difference that atmospheric effect is trying to cause would have to be noticeable when superimposed on the wind vector due to the plane's velocity.
Worse. Why don't they do it with three sensors and a voting system? By using two sensors, when they disagree, MCAS will have to be disabled. It seems the plane is unstable without MCAS, due to the forward positioning of the engines, requiring specific training and abilities from pilots.
No, it is not unstable without MCAS.
MCAS is only designed to change the trim if the airplane is hand flown in flaps-retracted, low-speed, nose-up flight.
This is something almost everyone is missing: A normal flight should not encounter this.
Plenty of normal flights fly manually for a significant portion of the climb-out after takeoff, which is exactly the portion of the flight when MCAS issues happened for the Lion Air and Ethiopian Air flights.
Also, you will have higher AoA in a bank, which can be encountered in manual flight on normal flights.
>> This is something almost everyone is missing: A normal flight should not encounter this.
Nobody said there was anything abnormal about the two flights that crashed. It really doesn't matter since the root problem is the plane doing things without telling anyone and then doing it wrongly. Without MCAS these accidents would not have happened.
That's my understanding. So a simple 'oh we'll just disable it if the readings disagree' seems like a faulty fix. MCAS is required for safe flight. While it may be possible to operate a Max 800 successfully without it, that's not how it was designed to be flown.
Not sure this is right. General aviation pilots often think of wing stalls as a consequence of low speed (their planes don't have AoA indicators!) but they can happen at any airspeed: they simply happen whenever the critical AoA is reached.
I think the idea is that the extra lift generated by the nacelles due to the engine position causes the plane to reach high AoA at e.g. full engine power, not just when flying slowly.
I think it's also the case that the plane does not actually become aerodynamically unstable, it just starts to handle differently (yoke pressure-wise) in a way that fails airworthiness requirements.
So it would only cause a stall if the pilots continued to pull back on the yoke into the stall while it's not fighting them as much as they're expecting it to.
What is your source? This is not what I have been reading. What I have been reading is that the MAX has a bigger engine and this engine has been positioned forward on the wing in order to preserve ground clearance. As a result of this unusual engine position, the MAX has a tendency to pitch up during acceleration. Nowhere did I read that this doesn't happen during normal flights.
MCAS only operates at high angles of attack, higher than normal flight would encounter. The reason it was even a factor in these crashes was the bad AoA sensor readings. If the AoA data had been correct, MCAS would not have been changing the trim.
When an aircraft pitches up, it increases the angle of attack, right? (If not MCAS would not be a fix for the pitching up problem.) And the pitching up can happen during normal flights, correct?
> When an aircraft pitches up, it increases the angle of attack, right?
Yes, but not what you may be thinking. The AoA is the angle of the wing vs relative wind (the angle the wing is attacking the air). You can have high relative pitch (attitude) to the horizon but a low AoA, such as during climb. That same attitude is a full stall at slower speeds/power.
The wing doesn't care where the nose points. All it cares about is its relative angle to the wind. Once it diverges past a critical angle the wing stalls.
What appears to have happened with these MCAS issues is that the MCAS senses that the AoA is too high when it's completely normal and safe, so it auto-trims down.
They can be related but not necessarily. Pitch is where the nose is pointed, while angle of attack is the angle at which the passing air hits the wings.
The nose can be pointed up with a low angle of attack (e.g. a climb during cruise) and conversely the aircraft can be pitched down with a high angle of attack (e.g. descent approach with flaps extended)
As I understand it, no. But airspeed, actually Mach, is an input to the calculation of how much nose down to apply. I.e. the higher the speed, the less trim change is needed to achieve the desired effect.
As far as I understand, the forward positioning of the engines makes it so that the plane tends to pitch up when it is already pitching up, and tends to pitch down when it is already pitching down. This is the definition of an unstable system.
MCAS compensates this by trimming elevators. Without MCAS, it is up to the pilot to handle the unstable system.
The way you describe it the faulty sensor would have not caused two crashes. If the code would check all these preconditions it would still ignore the AoA sensor.
It’s obvious that the code was executed during the regular flight conditions which means it has to be applied even then.
The motors simply push the plane nose up too much compared to the previous models, threating the plane to enter the stall. Once in the stall the plane is just not controllable. MCAS was there to hide that.
And now that the problem is known to the world either will Boeing provide the proper solution, no matter the cost, or there will be a third crash and that will be too much. Boring still tries to present all that as “business as usual.” It’s wrong.
It is possible that it was clear from the start that this is the right way to go, but a modern plane is a very complex and highly regulated piece of equipment. Even minor changes could have a long tail of ramifications for operation (some of those have been noted, such as likely very different performance when crabbing at crosswinds).
I am not saying that Boeing did not try to cut corners (I just do not know), but the current media circus painting Boeing as a bunch of [idiot engineers | greedy execs | lazy testers] is likely far from reality or at least a major oversimplification. Boeing planes (including 737 max) are still very safe (compare to cars). Mistakes should be calmly assessed and fixed and making a public circus of this simply pushes engineers to avoid everything but uber-conservative, uber-safe solutions, which has major costs in itself. My 2c.
Cause is always complicated in an air crash. We don't officially know the cause of either of these crashes.
When MCAS was established to be a likely factor in the first crash, Boeing issued an emergency airworthiness directive to all operators of the 737 Max, alerting pilots to the possibility of undesired nose down trim, and reminding them that the runaway trim procedure would disable it.
Which was far from enough as we can see. Full retraining and perhaps other actions should have happened immediately so Boeing could hold any form of moral high ground here.
When it comes to mass transport, safety should definitely have higher priority than pushing some potentially new cool tech ASAP (which is debatable, making plane unstable ain't cool by any measure)
All 737s have two AoA sensors - they're used for several purposes, not just MCAS. Originally MCAS used only one of the two sensors, though it alternated which one with each flight. The optional features were an AoA disagree indicator, and the AoA data itself being displayed on the cockpit displays. Having either optional feature didn't change the fact that MCAS only used one sensor.
Why wouldn't you design it that way from the beginning? This isn't Boeing's first plane.