How is no one is prison again?
The 737 MAX was a failure of process, not by specific choices made by a leader - he was fired however for his poor response to the crashes, he committed many tactical and PR errors, which made the restoration process longer than it should have been.
If still you want to lay blame at any single persons feet, lay the blame at the feet of James McNerney, the CEO who ran Boeing while the bulk of the development of the MAX was done, he's the one who kicked the MAX program off.
The truly fatal decision though was made in 2016 when Muilenberg was CEO. That decision was to make MCAS a single sensor system vs. a two sensor system. Originally, MCAS would activate based on a combination of a G sensor and the AoA sensor. Sometime in the middle of 2016, when they did flight testing, they found that the undesirable handling characteristics could manifest without high G, so they took the G sensor out of the mix. In order to account for the low-speed, low-g handling problem, they also had to make the MCAS corrections be much more powerful, which made it much more dangerous. The FAA apparently wasn't informed of this.
This key moment was approximately one year into Muilenberg's tenure, and so the buck has to stop with him. Muilenberg was also CEO after the Lion Air crash, and he's responsible for the decision not to ground the fleet at that time. He's also responsible for not wanting to ground the fleet after the second crash, and pressuring the FAA to quickly certify a fix.
Airbus absolutely uses its fly-by-wire system to change the handling characteristics of its airplanes, to make them fly the same - I see no reason why Boeing couldn't do the same thing.
As a pilot and former CFI, without any question whatsoever, a pilot must know how the airplane behaves near stall. Student pilots have demonstrated certified pilot level competency of their particular make/model aircraft stall behavior, before any CFI feels comfortable doing a student pilot sign off for solo flight. It's that goddamn basic.
And 737 MAX airplanes have two such stall behaviors, with MCAS and without (via stabilizer trim cutoff). I'd like to see every Boeing pilot involved in these decisions put on a hot seat and asked if they really think it's appropriate to sign off a pilot, as competent to fly, when they aren't completely aware of two different stall behaviors for this aircraft.
In my opinion it's unconscionable to have deprived pilots of this knowledge. I am aware of the make/model type certificate arguments. As yet no authority has said for sure whether MCAS knowledge requirements would have then required a new type certificate, or if in fact MCAS is improperly papering over an airworthiness deficiency.
What we do know is, it's damn suspicious that this make/model has been grounded this long, with multiple supposedly official statements that software fixes are done and tested and should be ready for FAA approval and deployment any day now, and yet that's been postponed at least 3 times that I'm aware of. If this is strictly a software fix, and a mere tweak back to the original basis of certification, why all the delays?
AFAIK, being on the same type rating means the A320neo has the same behaviour as the A320ceo _even when in direct law_, where there's a 1:1 mapping between input and behaviour. (Yet alone the very limited mechanical fallback!)
The purpose of the MCAS is to make the aircraft certifiable - full stop. The MAX is dynamically unstable, in the sense that at high angles of attack it will tend to continue increasing AOA into a stall - a terrible airframe sin which they tried to fix in software. This is the real story, not this type rating stuff.
HN discussion: https://news.ycombinator.com/item?id=19695757
And I argue the opposite: it can‘t be made to behave exactly the same as soon as the failure scenarios are considered.
In computer speak, you just look from the point of view of a “most common” run, not all the special cases, exceptions etc.
There are other impossibilities too, directly related to the certification requirements, already documented in the news articles before.
Wait to see what the final opinion of European agencies are once the latest changes are evaluated and you’ll see that it’s not the same plane, even if Boeing all the time bent over backwards over the dead bodies of others.
isn't the whole problem here that the program wasn't ready for flight?
So they use SAFe Agile at Boeing, too?
We're not talking about "calculated" deaths like the ones VW's CEO hopefully goes to prison for. Rather directly attributable ones like the 737MAX or GM's faulty ignition switch scandals.
Given that Boeing and GM are/were some of the most powerful in the US stands to reason that most companies will fall under the "less powerful" characterization. But I think my point was clear already: the more powerful the company, the more clout they have when it comes to keeping their CEOs out of prison. whether or not this is doable for smaller players is irrelevant when talking about a heavyweight like Boeing.
Then I'm sure you also noticed none of this makes my point* less valid. Despite the wave of downvotes (which are probably aimed at me explicitly mentioning the US) I can't see any rebuttal of something I actually said:
*Given the precedents (like the GM scandal), CEOs of big/powerful companies (Boeing) in the US (where Boeing "lives") will pretty much get away with anything, including knowingly allowing hundreds to die (which Boeing/CEO did).
> simply trying to lockup CEOs I don't think is the right way to go.
Indeed, it's just a good first step. The very same companies and CEOs will always fight any legal changes that would further a culture of safety first because that usually hurts the bottom line.
In Brazil Vale and a number of its executives (along with the European dam inspector) are expected to be indicted. It will like be about falsifying documents related to dam safety.
Proving that the CEO is the one that should go to jail, while satisfying, is actually quite difficult. While I would probably agree with one piece of your sentiment, senior executives are often able to escape prosecution for things that are clearly illegal (looking at you HSBC), simply trying to lockup CEOs I don't think is the right way to go.
But you don’t have a single example of less powerful executives going to prison in situations comparable to the one we’re discussing, right?
Is it just an American thing? Why not just put the executives against a wall while we’re at it? That’ll teach them!
229. If a builder builds a house for a man and does not make its construction sound, and the house which he has built collapses and causes the death of the owner of the house, the builder shall be put to death.
233. If a builder builds a house for a man and does not make its construction sound, and a wall cracks, that builder shall strengthen that wall at his own expense.
Bugs in houses have been criminalized for a very long time. I don't think it's unreasonable to treat aircraft that carry passengers in a similar fashion.
They weren't commenting on the severity of the punishment, but rather showing an example of a very old case where similar scrutiny was placed on poor workmanship making the builder culpable to negligence and the ensuing fallout of that negligence.
From HN guidelines:
Please respond to the strongest plausible interpretation of what someone says, not a weaker one that's easier to criticize. Assume good faith.
In 2020 the US is the only western country with the death penalty.
I’m sure everyone is aware that most countries used to have very severe punishments, but that’s not the case today.
Did the CEO PERSONALLY kill them? No, but the claim for outlandish executive pay is executives get paid like they do because they have "all the responsibility". Every time the responsibility bird comes calling, they seem to claim they should have none. Cake and eating and such.
Seems like it might be better not to pay them such ridiculous amounts of money in the first place.
I have yet to see evidence that the oft-complained-about high tier executive pay in the US is artificially inflated and isn’t just market conditions pricing the work.
I can find someone on my parents couch who can’t be hired for $100k/yr. That doesn’t mean they are worth that much to the economy
I don't think anybody would complain if the CEO at the time was charged with 300+ crimes of some sort, manslaughter, gross negligence, murder, whatever. On a jury I'd be pretty lenient to the prosecution in this matter if they could find evidence that the CEO was aware of the calculus taking place, i.e. let's cut some corners with our regulatory capture so we can ship this plane more quickly and make more money, it is at that point that premeditation for me seems apt.
Truth, Justice, and the American Way.
It really feels like many commenters here are just after some weird revenge porn.
1. The company has an inherently bad culture and should be shuttered.
2. The leader of the company is responsible for that bad culture and should be punished (in some way).
1 is a non starter, because Boeing is "too big to fail".
We can argue about the correct punishment for 2, but "go home with $60 million" probably isn't sufficient.
This I think is the root of the problem. If we can’t conceive of and apply meaningful consequences for the distributed failures of groups of people, then people will group themselves in ways that allow them to distribute their failures in unpunishable ways.
I'm just not sure what a court-ordered re-structuring would look like. Something between a bankruptcy proceeding and an anti-trust action? Lots of moving parts and laws and whatnot.
Right... but why always prison? Why's it always 'who's going to prison for this'?
And the way it's written 'someone should be in prison', 'why isn't anyone in prison' it looks like nobody cares much who goes to prison, just has to be someone.
And it's never a case of 'this person should be tried carefully'. It's always just 'PRISON'.
Overall, seems like you want to find someone - anyone - drag them out of bed - put them in prison immediately, and you think that'll make something better somehow.
At this point it's pretty obvious that there was, at minimum, negligence. They knew what could happen, and took the least-cost route through the forest. And we've all seen countless cases where high-level people at companies have clearly committed some sort of crime, but get off incredibly easy. Prison is IMO a reasonable punishment, if we can adequately assign blame to individuals.
Another option is of course a large enough fine directed at the company, but that doesn't really hurt the people involved enough. The CEO will get his golden parachute, and will perhaps have a slightly-tarnished reputation, but will find another job and his lifestyle won't be harmed one bit. All that does is reinforce the message that you can cut corners, cause deaths, and suffer no consequences. Other executives see that and continue to do the same thing.
I suppose another alternative to prison might be fines directed at individuals, but I expect the response to that will be stronger legal-liability insurance packages for executives, and so the targets of those fines won't get hurt all that much. Depriving someone of their freedom for a period of time is the great equalizer.
I'm not convinced fines work to actually punish rich executives. Likely they have liability insurance that will cover a lot of it, and golden parachutes will cover the rest. The deprivation of freedom caused by prison is pretty unique.
Do you have suggestions for alternative punishments that actually punish the target, and serve as a disincentive for other corporate malfeasance?
The layman wants "don't cut corners and kill people, or punishment". The legal system tends to deliver "Accept a plea bargain, get reduced sentence," or "Cut corners,and apply sufficient lawyer to defray the consequences."
Justice is for many distinct from the machinations of the legal system. I like to use the story told in the song "The Night the Lights went out in Georgia" as an example.
A person finds out their wife was cheating with the whole town. Gets distraught. Goes home, finds just his gun left behind. Goes to a friend's house, sees weirdly sized footprints that don't match his friend's, eventually finds his friend dead. Flags down a cop with a shot. Cop assumes he killed the friend, Judge open shuts the case, guy gets hanged.
Turns out hanged guy's sister killed the friend and the cheating wife.
Without knowledge of the sister's deeds, the legal system believes justice was served by hanging him. He killed, therefore his life is forfeit. Where's the justice when the sister is taken into account and the hanging has been done? The legal system would have hanged the sister if it bothered to work right and done nothing to the man, but as the score stands, two will have been executed for the crime, one wrongfully. The judge facilitated the death of an innocent man. Should the Judge not suffer for his dereliction of duty? What about the sister? Even if we recognize she forfeit her life through her actions, an innocent man was killed. To balance that out, it stands one must be spared. Does the Sister get let off Scot-free?
Justice != legality. We try to keep them lined up as well as we can, and collectively we begrudgingly submit to it as the best compromise overall. That doesn't mean though that everyone feels that what the legal system musters is always appropriate for the perceived wrong doing.
Messy business all of it. The messier the business, the worse the legal system seems to be at generating a long-term satisfying result.
But as long as we’re showing that movie, right now it shows another man being arrested, and the police do not confiscate his cellphone.
He uses it in remand, and when it runs out of batteries, he asks for help charging it. He is then charged (npi) with illegally possessing a communications device in remand, and upon conviction for possessing a thing that was not confiscated from him, he was sentenced to twelve years in prison.
I’d rather not watch a movie where 9% of the citizenry of a country rots in jail with no expectation of changing their lives for the better when released, with them basically performing slave labour for corporations, and with little evidence it works to deter crime.
But if we are going to make this movie, it shouldn’t be a movie about only the poor citizens going to jail for misdeeds. The movie should show this broken concept of punishment being applied to all citizens, equally.
Justice theatre is the same thing. It doesn’t do anything about poverty or crime, but locking “scary people” up provides enough of the appearance of safety to make people feel like we’re doing everything we can.
The fact that it is theatre, and not real policy, helps explain why it’s so tilted against the poor. They’re the scary people.
Theatre is the metaphor. Movie theatre, stage theatre, whatever you like. If you’d prefer not to use a metaphor, fine, but once a metaphor goes around a few times and people have a shared understanding of what it means, it provides a convenient shorthand for communicating something.
“Security Theatre” has achieved a certain success as a metaphor. I’m trying to tap into how the justice system resembles the air traffic security system and the bank’s five questions systems and so on.
As I said right off the bat, I do not think it should suck for anyone, so if the argument is, “let’s fix the justice system by not making it suck,” you know you have a ready and willing ear.
None of those people should be going to prison, and in many sane countries they aren’t.
2. If #1 is unachievable, or while we're working on #1, poor people should not go to prison while rich people slide out of going to prison.
I don’t know why you have a lot of trouble with #2. It’s not like you can only argue for #1 or #2, and by arguing for #2, you give up the right to argue for #1.
It’s not a dichotomy.
"The company" did nothing wrong, the leaders, for encouraging the type of culture that lead to this, and specific other employees, etc. are the ones who did this.
It's like a bad tooth. You don't kill the patient for it.
And if this simulator training would have been unhelpful, maybe we should let the FAA know that Boeing is once again trying to pull a fast one since one of the major changes they’ve made is to require simulator training.
There should be a special place in hell for Mr. Muilenberg and his ilk.
If you're not able to keep promises you shouldn't make them in the first place. The buck stops with you, period.
No pilot training was often used as an argument. But I think the problem was actually much more severe.
If Boeing would have designed a completely new plane (which they should have) they would have lost a decade to Airbus' offerings in their most important market.
That, in my opinion, was the real reason for that shoddy hack of a plane.
But if they'd been honest about the fix, required pilot training, maybe this problem would have been discovered in a less catastrophic way so it could have been fixed earlier. It wouldn't have been as cheap as they'd like, but they'd still have a foot in the door in that market and they'd have their reputation. Now they squandered everything.
I don't know how you can look at this whole situation and think "yup, free market working as planned. Everything fine and normal!"
Besides, the reason we have regulations is because there are limits to the free market if we want to live in a sane society. Markets only find optimal solutions if everybody has perfect information, but in reality nobody has perfect information. You're free to choose between brands of honey, but it's expected that the government will ensure that no honey contains plutonium because 1) a consumer can't easily tell if it does and 2) it's assumed that everyone would avoid radioactive honey if they knew about it. Similarly, airlines are free to choose between aircraft, but it's assumed that none of them want an aircraft that will spontaneously and uncontrollably dive into the ground; it's the government's job to ensure that nobody sells such a plane.
The horrible thing is that this sentence could be applied to other Boeing products as well. The Delta IV springs to mind.
We always listened to our clients, and their wants and needs, but we also always put the robustness and the reliability of the platform over any feature request, no matter how adamant, vocal, or lucrative the client.
A big part of being a provider is to be the expert, to be the voice that says “what you are asking for is dangerous, and we will not do it”, and being prepared to sacrifice short term client pleasing for long term stability and overall client happiness. The customer is not the expert. They are not qualified to make decisions that endanger themselves and other customers. This is why they are paying you.
Yes, they’ll be thrilled when they get their shiny new blank, but hellfire will rain upon you when you have an outage due to a poorly planned improvement.
In my case, our worst case was revenue loss for our customers. In Boeing’s, their worst case is a terrifying death for hundreds of people.
The picture here is that Boeing have been deeply irresponsible, and have let their short term goals compromise their long term stability, the quality of their product, and have forgone their duty of care.
Vital to whom? Certainly not to venture capital nor to shareholders, because I see a real dearth of corporations acting with integrity, especially tech bigcos
As far as VCs and investors are concerned, I have seen all sides of that coin. There definitely are VCs and investors who are always and only out for a quick buck and others who think long-term, act with integrity and respond positively to it in others. In my experience the more you can surround yourselves with the second type the better your life will be, although as a public company, Boeing doesn't have that much opportunity to pick its investors.
Starting with the design goals of the 737 Max, continuing with penny pinching during the implementation, then bullying and lying during the certification process, then further bullying during the sales and training process, then massive amounts of blame shifting after the first crash, trying to pin it on the airlines and the pilots, then repeating the same thing after the second crash, then not providing documentation and data during the investigation, then further trying to get away with half baked fixes, then bullying the FAA to try and allow the Maxes to fly well before they were ready, etc.
At every stage of the process Boeing has led with lies and bullying. There is absolutely no reason to give them the slightest of the benefit of the doubt.
For every action, the best approach is probably to consider what would be the worst thing Boeing could have done as a response, because that’s likely what they did.
If Boeing wanted to be responsive to those customers they could have produced a plane that didn’t need additional training.
> If Boeing wanted to be responsive to those customers they
> could have produced a plane that didn’t need additional training.
There was no way to create such an efficient aircraft on the 737 airframe without requiring pilot training, even if software could smooth over the differences 99% of the time.
It is a simple fact that training is part of the total cost of ownership of an airplane, and so it is to be expected that it will be an issue in negotiating the price an airline is willing to pay for them, or whether to go with a different airplane.
In a responsible or well-regulated industry, responding to these sorts of issues (which are ubiquitous), through a reduction of safety standards, is supposed to be off the table. What Boeing was doing here was apparently part of a larger campaign to subvert this principle by hiding any hint of a safety concern.
So same as some companies in US then. Naming no names.
American businesses are constantly churning output with not much to show for (relative to effort vs results) as the employees are burned out, investors and C-suite demand more of the middle-management and they in-turn pressure engineering and sales teams, etc.
The results have spoken about which one works and which doesn’t. Toxic work culture starts from the top.
At that point I wasn't as gobsmacked anymore because several days before some 17 year old girl yelled in a 300 person biology lecture at the professor to stop telling lies about evolution (first week of college).
But "greed is good" struck me as an oddly American way of viewing the world. Europe isn't free of greedy people, by any means, but it's sort of not the first rule you learn in school.
But the microeconomics angle seemed more personal - as in attempting to describe interaction between people with some extrapolation to larger entities.
To extrapolate that further is a bit disingenuous. The US is still a leader in innovation over Europe, by a large margin. And I say that as a European.
Is it in terms of patents, in terms of the number of new companies, new companies that succeed (and according to which metrics?), new companies using/developing new technologies?
Do you consider modern implementations of old concepts as innovation or not (i.e. transitioning some activities into the digital world, that kind of things)?
Do you normalize that "innovation" quantity with how much money is injected into the "innovation industry"?
One airline demanding and getting simulator time doesn't help if the decision has already been made to not inform pilots about MCAS. Boeing's flight rules model has always been around the pilot(s) having situational awareness and being in absolute control; the problem with MCAS is not what it does, or that it's needed to avoid stalling, the problem is that it was not known to pilots, that it operates without any clear indication that it's operating, and that it can only be disabled by disabling electric trim, and that manual trim is extremely difficult to impossible to use if the stabilizer is at full nose down (there was an old 737 procedure for this, but it was removed some number of redesigns ago, it was reportedly not in the 737 NG manual)
If pilots knew about MCAS and that in the case of a runaway trim due to MCAS they need to disable electrical trim and switch to manual trim early and keep it manual for the rest of the flight, they would not get into the conditions where it is hard to turn the manual trim wheels.
Do simulators have the same hardware as real planes, or do they have a software model of the airplane?
If you simulated a broken AoA sensor, would the simulated plane behave similar to the real plane? Would the MCAS system have the same bugs in the simulator as in the one in the real aircraft?
Can you try new scenarios in a simulator, or can you just try scenarios that the simulator was designed to run?
the avionics are usually real, being fed dummy data from a software model with regards to the plane.
Here's a PDF about it.
Training simulators are typically convertible, meaning that the flight characteristics are entirely fluid and made by the simulator using physics models and data provided by the airplane manufacturer. This makes it possible to train multiple platforms on a single simulator.
I don't know how corporate simulators work. In automotive fields they utilize all OE automotive hardware and the simulator is only in charge of feeding data to the automotive systems. I would hope that it's similar for corporate plane simulators -- a real plane ECM/brain and accompanying systems being fed dummy data.
I doubt the corporate simulators are at all convertible -- they're likely brain-in-a-jar simulators; planes without engines or hydraulics, being fed dummy data.
If you're looking at the highest fidelity level D simulators, the instruments and controls in the cockpit are either the same parts as the aircraft, or functionally identical (but cheaper).
> If you simulated a broken AoA sensor, would the simulated plane behave similar to the real plane? Would the MCAS system have the same bugs in the simulator as in the one in the real aircraft?
One of the big costs in building a simulator is buying the data package from the aircraft manufacturer, with the aero model and details of system internals, things like electrical and hydraulic schematics. Sim makers build a software model of these internals at a pretty low level. For the most part, if you introduce a fault in some part of the system it will behave the right way as an emerging property, not because you're forcing the system to have the right outputs.
Some software components from the aircraft get installed on the simulator with the same hardware platform from the aircraft, others get run as executables on the simulator's computers, and others get re-implemented from scratch (lots of FORTRAN and C).
That kind of detail comes into play when the instructors introduce multiple failures at the same time - pilots have to take corrective actions to make the faults go away or manage them - if you don't model the systems at a pretty low level you'll never high fidelity.
> Can you try new scenarios in a simulator, or can you just try scenarios that the simulator was designed to run?
There is a list of malfunctions available to the instructor, who runs the session from the back of the "cockpit" on touch panels. For the most part, these malfunctions cover failures that are anticipated by the aircraft manufacturers, and the corrective actions / system behavior are well understood. Each fault is tested to make sure it works properly. You don't go and fail some random component in the system.
When an important failure happens in the real aircraft, it might get added as a training scenario to simulators already in operation.
I always wondered if they did that, something akin to fuzzing tests in SW. Wouldn't it be useful to detect unexpected situations that'd be catastrophic? Or the benefits from it wouldn't outweigh the cost/time loss?
Also, imagine you're an airline with thousands of pilots and dozens of instructors: you're running an airline and a school at the same time. You need to build a curriculum of training and testing that will standardize your pilots. There's room for thinking outside the box but not too much.
Well Boeing certainly doesn't fuzz their software as evidenced by the major bugs in the 737 NG and 747-400's flight displays. Both had bugs that would black out all instruments under specific conditions. That got fixed fairly quickly on the 747, but apparently Boeing didn't learn their lesson with the NG.
The bug blacked out all six display units. What other instruments are you thinking of?
I have a little background in this myself and the requirements to certify as Level C are tough l, but Level D requirements are quite stringent and rather hard to replicate. ( I did a detailed proposal a decade ago on using cutting edge VR and Haptics to try and cut the operational cost of maintaining multiple simulators for a flight training school. Level D was quite pedantic with respect to the “realism” requirements, we kept running into the requirement to not just look real, sound real, heck even feel real (switch actuation forces), but be real for that exact type of plane. Our argument was that we could reach sufficient fidelity with the haptics and graphics. This was all crazy expensive stuff, but ours would be cheaper crazy expensive stuff ;-)
To put it into perspective, in a couple of cases we found it was cheaper to build a Level D simulator by cutting off the entire front of a real second hand plane (finding one with an airframe issue that made it no longer airworthy was the dream) of the desired type, and then wiring up all the switches and displays and electrical stuff to the simulator driving hardware and mounting the entire thing on a huge platform. The cost to buy the plane, cut the front off, tap and splice existing cable harnesses stiffen the cockpit section and overbuild the motion platform
was cheaper than reverse engineering the layout with sufficient documentation and wiring a “fake” cockpit with sufficient accuracy including sourcing all the correct parts with the associated paperwork to prove they were all correct.
It never went anywhere but it was very educational and has served as a useful perspective as I have observed the rise of the modern VR ecosystem with respect to input and haptics. :-)
On the other hand, if you're simply looking for some training hours on some specific basic scenario and/or aircraft, the simulators can be a lot rougher and still be certified. I "flew" on an airliner manufacturer designed simulator, and everything from the instrument panel to the hydraulics simulating the small impact when rolling between plates on a concrete runway felt pretty damn real.
For more basic stuff, even X-Plane exists in an FAA-approved version.
”iPILOT is currently available in London, Munich, Berlin, Dresden, Hamburg, Düsseldorf, Prague, Doha, Dubai, Basel, Zurich”
Pardon my French, but seeing that photo makes me fully appreciate two things: 1. Just how incredibly low 737 sits to the ground (obviously a feature from back in the days when luggage was manually loaded), and 2. How anyone would think pushing those enormous engines forward like that could be any less disruptive of its proven design than lengthening the undercarriage to give them the clearance they so desperately need.
Death of a thousand cuts. Indeed. Hope the monster never flies again.
People, not luggage. Specifically, the 737 was designed to cover short-haul routes between regional airports that didn't have gates, where people had to get on the plane by walking up portable steps.
Boeing never expected the 737 to be the low-cost plane of choice between major aviation hubs.
Here is a side by side comparison with an a320: https://aviation.stackexchange.com/questions/61161/is-there-...
I've read (but not confirmed) one of the other things keeping the 737 so low to ground is the type of emergency exit used. Extending the gear so that the whole mess sits higher off the ground would require new exits and a ton of extra things to certify.
On the other hand, building a plane so aerodynamically unsound that it cratered 346 customers the moment it went out the door is the very textbook definition of “false economy”. One that Boeing itself will be paying for for years to come; even as those who made all the actual decisions gently golden-parachute to the ground.
It seems like Boeing completely missed serious cases on the testing of the plane, and is hoping that the "UAT" phase (simulator training) would have uncovered the issues.
But UAT never underwent the condition of an AOA sensor failing.
"There is absolutely no reason to require your pilots to require a MAX simulator to begin flying the MAX,” the Boeing employee replied. "Once the engines are started, there is only one difference between NG and MAX procedurally, and that is that there is no OFF position of the gear handle. Boeing does not understand what is to be gained by a three-hour simulator session, when the procedures are essentially the same.”
How are you not?
I mean, I get it 90% of the time we screw up the programming somehow, but as a computer scientist, I never ignore the possibility of hardware failure. Memory goes bad. Devices fail. Networks die. Semiconductors transiently in strange ways if you don't take the right precautions...
It's the entire impetus behind GIGO. If you shove garbage into a perfectly working software system; (corrupt data from a malfunctioning input source), you still get out garbage.
It's why life and safety critical automation is so fundamentally different from lower stakes programming tasks where "reboot the damn thing" is a viable option.
If your sensor goes bad, and you're in the air, you can't do squat to fix it. You have to detect the error, and fail the system gracefully by taking it out of the loop, informing the operator of the system failure, and most importantly, never allow that system to do anything that could jeopardize the ability of the operator to continue operating.
This is or at least I thought it was basic Control Systems 101...
I research compilers and type systems. If the RAM dies while the compiler is running, you rerun the compiler on a new machine. A lot of computer science abstracts away the notion of hardware failure, because otherwise it becomes enormously cumbersome to talk about anything. This is fine as long as you don't actually build real high-reliability systems with the same approach.
> I research compilers and type systems.
I hope it's obvious that the software you work on is not supposed to be run during the flight.
The critical software is supposed to do as little as possible, and everything is expected to be in already compiled (and thoroughly verified) state.
And even for the product of yours, as soon as it is not used only for the research but as a production compiler which produces a firmware for the plane, it would have to be proven much more than what is expected from it while it is just an artifact of a research.
In short, even if you are lucky to just do the research, you should be aware (and thankful) that the critical software has other expectations. Including how it responds to failed sensors: different response to the external inputs is a fundamentally different software, even if you never thought about it before.
Compare to the web app that awaits the username, but when the username is not the "most common" (e.g. contains some new unicode symbols, or is of zero lengh) it allows catastrophic security failure and intrusion.
It's been my experience, however, that these sorts of design tools are more unfamiliar to software groups than hardware bubbas. It's not uncommon to simply see "software fails" as a failure mode which isn't very helpful. I'd be curious what the HN community's experience is with software as it relates to design tools like FTAs, FMEAs, hazard analyses, etc.
> "Boeing knew the approach might be questioned [Calling MCAS a simple addition to Speed Trim], so it sought input from its FAA-designated authorized representative (AR) "to ensure this strategy is acceptable” for certification.
> "After speaking with the [AR], concurrence was provided that we can continue to use the MCAS nomenclature internally...while still considering MCAS to be an addition to the Speed Trim function,” the memo said. "This will allow us to maintain the MCAS nomenclature while not driving additional work due to training impacts and maintenance manual expansions
I can imagine some Boeing employees being uncomfortable, but having it run past the FAA would have relieved that. Pretty shocking regulatory lapse. I know nothing about the AR system - is this a Boeing employee, or someone who works full-time for the FAA?
The employee however, is still managed, and reports first to Boeing management. They're a glorified liaison/paperwork interface. This was different than before as I understand it, because the FAA used to become the direct report for their Designated Engineering Representatives under the old system. This meant there was no management layer running interference between the rep and the regulator.
I might be misremembering that though.
There were some emails released where a Boeing employee boosted about he used "jedi mind tricks" on the FAA people.
Another post showed how AoA sensors (IIRC) has systematic errors causing MCAS to operate when corrections weren't required. As you say, lack of redundant sensors.
The lesson from this is still not learned, and can see at least one apologist on this thread repeating this same BS again...it's infuriating.
Obviously, now that they're adding checklist practice for emergency scenarios relevant to the 737 MAX, it makes sense to require simulator practice, but I don't think that would have previously made a difference.
I had my first flight on the Max [to] ZZZ1. We found out we were scheduled to fly the aircraft on the way to the airport in the limo. We had a little time [to] review the essentials in the car. Otherwise we would have walked onto the plane cold.
My post flight evaluation is that we lacked the knowledge to operate the aircraft in all weather and aircraft states safely. The instrumentation is completely different - My scan was degraded, slow and labored having had no experience w/ the new ND (Navigation Display) and ADI (Attitude Director Indicator) presentations/format or functions (manipulation between the screens and systems pages were not provided in training materials. If they were, I had no recollection of that material).
It’s just more evidence of Boeing being a corrupt organization.
And do note: those released items are Boeing putting its best foot forward. And it's a low bar. Imagine the emails and chat transcripts that were not released.
My guess was that the new CEO was trying to get out ahead of developments by airing the remaining dirty laundry. It makes him and Boeing look sincere and starts the clock on the public forgetting the bad news. The constant drip of bad publicity made the previous CEO look like an idiot.
I don't expect Boeing to actually clean up their act, but I bet they're going to be smarter about things going forward. I doubt there are going to be any more damning reveals about the 737 other than what can be mined from these latest disclosures. 777X is another matter, but I bet any revelations will occur more quickly and cleanly.
Plenty of internal company emails have been leaked and they paint an awful picture.
Do you mean the company lawyer / company PR side?
If Boeing starts talking, then the focus moves from debating whether more training was needed and who was responsible for deciding it wasn't (corrupt FAA? customer pressure? honest mistake?) to whether the company is hiding something.
The first is a better scenario for Boeing than the second.
The average Javanese person I've talked to knows 900 relatives by name.
This does not mention that an Emergency Airworthiness Directive was sent to all 737MAX crews after the LA crash explaining exactly how to resolve the runaway trim issue, which is:
1. restore normal trim using the column trim switches
2. cut off the stabilizer trim with the console cutoff switch
The text is:
Boeing Emergency Airworthiness Directive
"Initially, higher control forces may be needed to overcome any stabilizer nose down trim already applied. Electric stabilizer trim can be used to neutralize control column pitch forces before moving the STAB TRIM CUTOUT switches to CUTOUT. Manual stabilizer trim can be used before and after the STAB TRIM CUTOUT switches are moved to CUTOUT."
Both the LA and EA crews repeatedly successfully countered the runaway trim with the electric trim switches. The LA crew never took the next step of cutting off the trim. The EA crew did cutoff the trim, but did not trim to normal first.
Dealing with runaway trim is a "memory item" for the 737, meaning the pilots are supposed to know about the cutoff switches that are prominently placed on the center console in easy reach.