Hacker News new | past | comments | ask | show | jobs | submit login

There are actually 5 pitot tubes on the Boeing 737[1]. There was only one Angle of Attack sensor. I don't know why for sure, but armchair speculation is that it was considered non-critical before the introduction of MCAS and nobody re-evaluated after.

1: https://aviation.stackexchange.com/questions/50797/why-does-...

There were actually two AoA sensors (on either side of the aircraft) each connected to different sides of the panel. The issue was/is what to do when they disagree (with respect to MCAS).

EDIT: Source: https://aviation.stackexchange.com/questions/61011/how-many-...

The MCAS subsystem in the active Flight Control Computer was only taking input from the AoA vane on that FCC's side of the plane, and not cross-checking with the other instrument.

The triple redundancy only comes into play with systems with a severity of failure rated as catastrophic.

The MCAS system as originally designed was rated as merely hazardous. Which doesn't require redundancy. The decision to feed off of only one vane was intentional to avoid having to have pilots undergo level D simulator training as part of their type certification. Multi-sensor systems generally require Level D training.

See the 737 MAX Expose by 60 minutes, where the whistleblower testimony is first presented.

Wow, so they could've easily made it safer with the hardware they already had onboard, but chose not to because money?

Somewhere inside Boeing there are decision-makers that lack ethics (or even long-term financial thinking). They need to be fired.

Yep. If I had to start looking, I'd start looking here:


There's a Bloomberg article I've been trying to track down from back in the 2000's where a Boeing exec is quoted as saying that Boeing is going to undergo a financial transformation, part of which involved decreased "over thinking the box" and stripping all that wasteful effort (what engineers call the hard parts) from the process in order to bring Boeing into the mainstream as an optimized shareholder value generating machine.

This happened apparently shortly after the McDonnell Douglas merger as I understand it.

Unless they were just acting completely reckless, which is hard to believe considering their previous safety record and the downside of failure, it's probably more complex than that.

My understanding (form my own reading, and a few other comments on this post), is that they needed to maintain the existing 737 type rating, so that pilots would not need to be retrained (this I knew), but also apparently changing the type would mean they wouldn’t be allowed to grandfather in some old, no longer permitted, design elements. This latter bit is new to me and I haven’t seen it mentioned elsewhere so maybe take with a big bowl of salt :)


Specifically, because airlines wanted to save money on pilot training.

Rather because Boeing wanted to remain "competitive" against Airbus' superior alternative by selling something that didn't exist, namely the factually different plane which would be certified as "the same".


Could they have had multiple sensors, but then fed them through software that determined which one(s) to tell the pilot about, without requiring the additional training? Like perhaps if they had 2 AoA’s on each side, and the software would take a reading that was agreed upon by 3 of the 4 sensors, and would alert the pilots to a failure of the system if 2 agreed and 2 disagreed.

The problem there is you don't train for when everything works. You train for when things don't work.

The more complex you make the plumbing, as it were, the easier it is to clog it all up.

Plus, there have been instances where a majority Ocala sensors have frozen in the same position, and outvoted the last remaining functional one. At the end of the day, software can only be considered an automation aid.

The human pilot must be able to make a reasonably safe go of flying the plane alone. Even Airbus planes have this quality in direct law. They are still stable, there are just fewer safeguards to keep you from doing something daft.

And even with airbus' approach, there's a case to be made that overreliance on the computer to safely operate the plane degrades basic piloting skills through atrophy or complacency.

My next question would be are they adding a third? Everything I hear sounds like a software update rather than the more expensive hardware changes.

There is no need to add a third. The software update make MCAS to use both existing angle of attack sensors, and if they disagree MCAS will be disabled and a warning indication will be shown.

Then you risk a stall. If MCAS is non-essential why not remove it completely? And if it's essential, then you need >2 sensors to ensure it can operate all the time.

MCAS is not essential. It exist to make the airplane behave like the older B737.

This just isn't true. MCAS was added because it is a safety requirement that stick forces strictly increase. You don't want the thing to start stalling itself.

I think you mean decrease — pulling back should become less effective as you enter a stall.

Stick force doesn't refer to how effective any stick movement is.

Roughly speaking, stick force is the amount of force the pilot has to to apply to the stick to achieve a given movement of the control surfaces.

As the airplane gets closer to a stall, you want to make it harder for the pilot to pull it fully into the stall, by increasing the required stick force.

If the stick force decreased as the airplane approached a stall, then the pilot would have to actively push the stick back into more stable flight.

Not everything that is non-critical should be removed.

Autopilot? Not necessary, pilots can fly themselves. Still, it is added for convenience (and its consequences, less mental burden, more mental capacity to do other stuff).

Applications are open for YC Winter 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact