When I watch Air Crash Disaster, one of the things I am always hearing is that multiple systems have to fail before a situation becomes uncontrollable. And all systems are designed for fail safety and/or multiple backups. Safer first etc etc.
I don’t understand how on something as critical as this, a Boeing could miss the mark as profoundly as they did EBIT a design fault (which given the facts as you understand them would be unforgivable in my book) or a software error.
Ah no you completely missed the point. I was commenting on the report on the starliner 'successful test flight'. Military and NASA contracts are a big trough to guzzle at, being usually cost plus contracts. So much politics is tied up in this that they can cost 10x as much as SpaceX and the contracts will still flow.
A malfunctioning MCAS was supposed to seem like a runaway stabilizer trim malfunction to the crew, which has a single step to solve it.
I agree that the lack of dual redundancy and ranges of acceptable and invalid information is completely and utterly baffling.
Busqueda | Pagina12
"The Boeing 737 MAX, forced to remain on the ground for almost a year, is a" basically defective and dangerous "aircraft, which demonstrates the need to reform the laws and regulations related to the certification of commercial aircraft, considered this Friday the Transportation Committee of the US Congress. "
"The fact that several technical design errors or certification errors have been considered 'compliant' by the FAA (the air regulator) illustrates a crucial need for legislative and regulatory reforms," he said in the conclusions of his preliminary report. "Developing a commercial aircraft that complies with FAA regulations but is basically defective and dangerous reveals an aviation surveillance system that urgently needs a change," said the committee.
"The Boeing 737 MAX, forced to remain on the ground for almost a year, is a" basically defective and dangerous "aircraft, which demonstrates the need to reform the laws and regulations related to the certification of commercial aircraft, considered this Friday the Transportation Committee of the US Congress. "
"The fact that several technical design errors or certification errors have been considered 'compliant' by the FAA (the air regulator) illustrates a crucial need for legislative and regulatory reforms," he said in the conclusions of his preliminary report. "Developing a commercial aircraft that complies with FAA regulations but is basically defective and dangerous reveals an aviation surveillance system that urgently needs a change," said the committee.
Attachments
Last edited:
The cited document -
https://transportation.house.gov/im...gative Findings Boeing 737 MAX March 2020.pdf
https://transportation.house.gov/im...gative Findings Boeing 737 MAX March 2020.pdf
This agrees with the studies I've read about safety and failures of high-tech devices and complex systems. I posted earlier in the thread about James Reason's Swiss cheese model.
To the "software error" point, I'd guess that's from the reporters for reporting it that way. Software is only part of a system, and the system has design faults.
The truly unforgivable part is that there are actually 2 AoA sensors fitted but MCAS only uses input from one of them while the AoA Disagree warning was an extra that needed to be specced and paid for.
To top it all of I've read somewhere that that warning was actually non-functional unless the customer also specced a heads up display at more extra cost.
To top it all of I've read somewhere that that warning was actually non-functional unless the customer also specced a heads up display at more extra cost.
This is what I meant earlier on about an organization losing it’s way. Dozens of HBR articles over the years on this stuff since it’s easy with 20/20 hindsight to see all the problems.
Probably a bunch of guys so infatuated with their own brilliance they thought they could outsmart the obvious. I always thought the aero industry were the gold standard for engineering practice.
First class business school ‘case study’ fodder (and organizational psychology studies as well).
Probably a bunch of guys so infatuated with their own brilliance they thought they could outsmart the obvious. I always thought the aero industry were the gold standard for engineering practice.
First class business school ‘case study’ fodder (and organizational psychology studies as well).
It almost always comes down to management. Well, sometimes it's a poor architecture to start with that leads you down this path. By the time other engineers raise a flag saying they need to refactor large parts of the code it gets shot down due to budget or schedule pressure. They put in enough fragile fixes to get it out the door and it's a problem for another year or another group.
I do not think that it contributes much for the sake of the airing to continue to argue about the technical details, that if the software was badly designed or that if the state regulation was not efficient, etc, etc.
The only truth and irrefutable truth, for me, is that the manufacturer removed the possibility of canceling the operation of the software in its entirety immediately by the pilots before the imminence of the catastrophe!
That is, the human creature left to technology (created by him, what a contradiction) the possibility of being his executioner before the minimum and irreparable error!
The only truth and irrefutable truth, for me, is that the manufacturer removed the possibility of canceling the operation of the software in its entirety immediately by the pilots before the imminence of the catastrophe!
That is, the human creature left to technology (created by him, what a contradiction) the possibility of being his executioner before the minimum and irreparable error!
There was an possibility to cancel immediately by the pilots the action that led to the crash. It was done on a similar flight the day before, on the same plane of the 2nd crash, by a 3rd pilot hitching a ride in the cockpit.
Jan
I was the director of software / hardware architecture in my last job. Some projects that were started by my predecessor were going off the rails and when I tried to rectify this I ran into a wall of political resistance by senior collegues.
Left the company shorly afterwards as I did not want to be associated with such an attitude and ultimately become the scapegoat.
The above was 20 years ago and I imagine that it has only gotten worse since. IMHO management is deliberate myopic.
We only need to look at the present worldwide upheaval with the coronavirus to notice that society has become unncessary complex and is like a cardhouse ready to come tumbling down. With supply chains being disrupted the effects will be coming for a long time.
Ultimately it is the senior management and, if they fail, the government where the buck stops. But all that is being done is blame someone else while trying to pocket as much as possible for themselves in the meantime.
Left the company shorly afterwards as I did not want to be associated with such an attitude and ultimately become the scapegoat.
The above was 20 years ago and I imagine that it has only gotten worse since. IMHO management is deliberate myopic.
We only need to look at the present worldwide upheaval with the coronavirus to notice that society has become unncessary complex and is like a cardhouse ready to come tumbling down. With supply chains being disrupted the effects will be coming for a long time.
Ultimately it is the senior management and, if they fail, the government where the buck stops. But all that is being done is blame someone else while trying to pocket as much as possible for themselves in the meantime.
I'm not sure it's complexity, but I do think there is a lack of ownership and accountability in these large organizations.
Ethiopia blames Boeing’s 737 MAX design and training in interim report on crash
Ethiopia blames Boeing’s 737 MAX design and training in interim report on crash | The Seattle Times
Ethiopia blames Boeing’s 737 MAX design and training in interim report on crash | The Seattle Times
I can only wonder, was there ever a case where a "properly working" MCAS prevented a stall (or did whatever it's supposed to do)?
I remember working for a company (who I ended up staying with for 17 years) on equipment that went into hazardous areas on petroleum plants ie it could cause an explosion if the energy was not limited (non-sparking stuff). We built this piece of gear and if you unlocked the door, you could grab these Euro cards and just pull them out. I pointed this out to my boss who was in his 50’s (I was about 23 at the time) who said ‘well that’s their problem if they want to be that stupid’.
Anyway, I persisted a bit more and the result was a steel bar across the front of the card slots with a sign on it warning about card removal when powered up. The bar could only be removed by undoing 4 Allen screws.
Point of this is despite being fitted with zener/resistor safety barriers plus a whole bunch of other protective circuitry, it would have all been to waste had someone pulled one of those cards out in a hazardous environment. I always like to think that I did a good thing as the company ended up shipping hundreds of those systems all with the metal bar and the warning tag in the course of the following 2 or 3 years.
This stuff happens all the time in industry. Usually it gets caught because you have dozens of pairs of eyes on a problem. But, if management drive the wrong culture from the top, sometimes problems get through that should have been caught by common sense.
Anyway, I persisted a bit more and the result was a steel bar across the front of the card slots with a sign on it warning about card removal when powered up. The bar could only be removed by undoing 4 Allen screws.
Point of this is despite being fitted with zener/resistor safety barriers plus a whole bunch of other protective circuitry, it would have all been to waste had someone pulled one of those cards out in a hazardous environment. I always like to think that I did a good thing as the company ended up shipping hundreds of those systems all with the metal bar and the warning tag in the course of the following 2 or 3 years.
This stuff happens all the time in industry. Usually it gets caught because you have dozens of pairs of eyes on a problem. But, if management drive the wrong culture from the top, sometimes problems get through that should have been caught by common sense.
Last edited:
Some of the recent programming "paradigms" I've been catching up on is pair programming and mob programming, where there's always more than one person reading, and often contributing to, every line of code. One claim (due to different people having different areas of knowledge, and thus one sees problems another doesn't) is this substantially lowers the number of bugs.
I can think of at least one traditional idea that goes against this, especially where security is involved, that only people with a "need to know" see the design.
- Status
- Not open for further replies.