The Steampunk Forum at Brass Goggles
January 24, 2020, 01:24:22 am *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Support BrassGoggles! Donate once or $3/mo.
 See details here.
   Home   Blog Help Rules Login Register  
Pages: [1]   Go Down
Author Topic: RANT -"Boeing 737 Crash Caused By New Safety System Pilots Weren’t Told Existed"  (Read 746 times)
Prof Marvel
Zeppelin Captain
United States United States

learn from history, or be doomed to repeat it

« on: April 30, 2019, 02:57:18 am »

Ok be warned, this is a rant.

I am an ex-Aerospace flight systems software design engineer.
if you read any of my other posts you may have figured that out by now.

I didn't like where the Aerospace business was going, and so switched to commercial software design, testing, and support.
When that company started going south I jumped back into "badged" Defense Contractor large scale server systems design integration and suport.
I stayed long enough to get the desired experience on the latest and greatest cutting edge super-computers then in use by the Pentagon and
three letter agencies, then got into Sun Microsystems where I stayed for almost 20 years then finally  retired quit from the evil Ora Corp that had taken over .

But throughout, I maintained the strict mindset of
- process-and-procedure
- catastrophe planning
- design-review-redesign-rereview repeat as often as needed
- code-test-review-repeat
- built-in test and diagnostics
- independant Q/C
and especially - ANYBODY can point at a problem and "stop the presses" until it's fixed.


Because if we failed, the result was AWFOOTSAPWD
(Airplanes Would Fall Out Of The Sky And People Would Die)

Thus it is with great sadness that I saw a web article and chased down the below "just a snip" of the 737 Max debacle.

It starts here:

so we thought we'ld see how long the 737 has been in service. It is only the recent larger engine-and-software upgarde that caused any problem.

from wikipedia:

"The Boeing 737 Next Generation (NG) was introduced in the 1990s, with a redesigned, increased wing span, upgraded "glass" cockpit, and new interior. The 737 NG comprises the 737-600, -700, -800, and -900 variants, with lengths ranging from 31.09 to 42.06 m (102 to 138 ft). Boeing Business Jet versions of the 737 NG are also produced. The 737 was revised again in the 2010s for greater efficiency, with the 737 MAX series featuring CFM LEAP-1B engines and improved winglets. The 737 MAX entered service in 2017 but, after a successful start, was grounded worldwide in March 2019 following two fatal crashes."

The 737 is a  2 engine one-aisle aircraft, Apparently it put in service as a "low to the ground" jetliner that did not need lots of "high" baggage handling equipment.
That means it can easily service "less developed" airports and bring passengers into hitherto harder-to-reach areas.

The shorter landing gear folds sideways into/under the plane:

737 Max 8 jets (newest of new) put larger more powerful engines under the wings.In order to attach the new engines and still get a safe distance between them and the ground Boeing lengthened the nose wheel by 9.5 inches and, crucially, had to move the engines, inside their bulging nacelles, further forward from the wing.

It now appears that the changes in the 737’s low-speed handling characteristics resulted from this shift in the weight of the engines, as well as the effects of their increased power, making it nose heavy.

nose heavy makes for a tendency to stall at steep climb rates on takeoff.

When Boeing pilots were flight testing the new MAX-8 version of the venerable 737 jet they discovered a problem that made the airplane difficult to handle when its speed dropped to a point where it was in danger of triggering an aerodynamic stall, and a loss of control that could lead to a crash.

Normally the onset of an aerodynamic stall is indicated by “stick shake” – the joystick, more accurately the yoke, begins to shake and pilots are trained to instinctively increase speed and push the nose down to recover stability.

BUT Boeing thought better - in order to mitigate the problem Boeing introduced a new system to the flight controls. MCAS (Maneuvering Characteristics Augmentation System) software pushes nose down, but takes control away from pilots.  MCAS had known problems esp with faulty sensors and inabilty to handle conflicting sensor readings.  Boeing apparently did not anticipate the possibility that an erroneous message from another system, an angle of attack (the pitch of the wings) sensor, could initiate action by the MCAS, unknown to pilots.

One of the selling points of the 737 MAX, according to Boeing, was that pilots wouldn’t need any additional simulator time to learn the aircraft, and that the company opted not to disclose additional technical information in the belief that doing so would “inundate” pilots with technical details they neither needed nor could grasp.

"initial rolled out, the MCAS only relied on data from a single AOA sensor. There are multiple AOA sensors in a 737 Max 8, including sensors on both sides of the aircraft. After the upcoming April 2019 software update, the MCAS will be updated to check both sensors and to disable itself if there is “meaningful disagreement” between the two."

  a faulty sensor erroneously reported that the airplane was stalling

new information indicates that Boeing sells upgrades to critical flight systems that might have improved their overall safety — but it sells them as value-added profit centers. The first is the ability to compare data from more than one AOA sensor via a display that would have shown readings from both at the same time. The second was a ‘disagree light’ that would have activated when contradictory data was being received from both sensors. These could have alerted the pilots that something was wrong with the MCAS system specifically.

And it gets better -

Boeing didn't tell pilots about MCAS taking over control. At one point Boeing told pilots
the system did not exist. Boeing did not train pilots on the new systems .In several cases (per
publicly available FAA ASRS reports)

Pilots report several new conttrol panel switches and annunciators (warning lights) that are not
explained in the Flight Manual, annunciators turning on IN FLIGHT with no procedures to follow
and nothing in the flight manual to tell them what it means.

One pilot reports getting into a cockpit to see a unfamiliar control panel:
"This was the first flight on a Max for both pilots. Unfamiliarity with flight deck displays led to confusion about display annunciations and switch function. The Flight Manual does not address at least one annunciation, or the controls for the display"

Worst case was several reports that Auto Throttle not functioning during take-off and the pilot had to disengage everything (in one case by turning off breakers) and take over manually.

The aircraft accelerated normally and the Captain engaged the "A" autopilot after reaching set speed.

Within two to three seconds the aircraft pitched nose down bringing the VSI to approximately 1,200 to
1,500 FPM. I called "descending" just prior to the GPWS sounding "don't sink, don't sink."

The Captain immediately disconnected the autopilot and pitched into a climb. The remainder of the
flight was uneventful. We discussed the departure at length and I reviewed in my mind our automation
setup and flight profile but can't think of any reason the aircraft would pitch nose down so aggressively.


This "nice guy" report narrative is below verbatim:

"I had my first flight on the Max [to] ZZZ1. We found out we were scheduled to fly the aircraft on the way to the airport in the limo. We had a little time [to] review the essentials in the car. Otherwise we would have walked onto the plane cold.

My post flight evaluation is that we lacked the knowledge to operate the aircraft in all weather and aircraft states safely. The instrumentation is completely different - My scan was degraded, slow and labored having had no experience w/ the new ND (Navigation Display) and ADI (Attitude Director Indicator) presentations/format or functions (manipulation between the screens and systems pages were not provided in training materials. If they were, I had no recollection of that material).

We were unable to navigate to systems pages and lacked the knowledge of what systems information was available to us in the different phases of flight. Our weather radar competency was inadequate to safely navigate significant weather on that dark and stormy night. These are just a few issues that were not addressed in our training."


Most of these were comically summarized as "crew feeling unprepared to handle its displays and controls"


1) Big Corps are chasing max profit at the cost of human life
2) Big Corps (and politicians) are ignoring the very experts they hire, due to #1 above
3) We have entered the age of
      -  never-ending wars
      -  100 year disasters EVRY OTHER YEAR
      - AWFOOTSAPWD  (see acronym at beginning...  did you see what I did there? did you , did you?)

4) It is up to J Wilhelm to go forward, carry the torch to GEAerospace Mexico, and save us all.
        Go J !
        Viva Mexico!

prof mumbles  

« Last Edit: April 30, 2019, 06:54:13 am by Prof Marvel » Logged

Your Humble Servant
~~~~~Professor Algernon Horatio Ubiquitous Marvel The First~~~~~~
President, CEO, Chairman,  and Chief Bottle Washer of
Professor Marvel's Traveling Apothecary and Fortune Telling Emporium

Acclaimed By The Crowned Heads of Europe
Purveyor of Patent Remedies, Snake Oil, Cleaning Supplies, Dry Goods, and Picture Postcards
Offering Unwanted Advice for All Occasions and Providing Useless Items to the Gentry
Since 1822
J. Wilhelm
╬ Admiral und Luftschiffengel ╬
Board Moderator
United States United States

Sentisne fortunatum punkus? Veni. Diem meum comple

« Reply #1 on: April 30, 2019, 08:36:50 am »

4) It is up to J Wilhelm to go forward, carry the torch to GEAerospace Mexico, and save us all.
        Go J !
        Viva México!

Ay caramba! You're not asking for much, are you? I don't know exactly what I'm going to be able to do at my late stage of existence. The big players in Mexico are GE and Bombardier/Airbus. In Brazil, it will be Embraer /Boeing. I'm not sure what I can do for Boeing. Perhaps my younger Brazilian colleagues from the University of Texas might be able to infiltrate the ranks of Boeing and set that ship right.

Frankly, it's embarrassing the way that Boeing executives are dealing with the problem. Basically blaming pilot error in the context of a fault tree analysis. INMHO it's way past the point of saving face.

Now, to be honest as well, the culture at Aerospace design outfits, since the late 1980s (if not the 70s with Project Have Blue) was to let "the controls people" solve every conceivable problem that we faced. When we wanted unstable aircraft to fly, and once computers were fast enough, it was our controls brethren who came up with the systems needed to move control surfaces faster than a hummingbird can flap its wings. Naturally company execs were impressed, and I think that affected corporate culture regarding aircraft design. At least that was what one of my professors in the controls class told me about his participation at Boeing in the 1990s when I was a Junior at UT Austin.

My opinion is that this is a result of not only greed but gross over-reliance on the control design teams to solve any conceivable hiccup we may have, even if the issue could be solved just by thinking a little harder in the initial design phases. And if you take this over-reliance to its logical conclusion this is the result. And don't get me started about the V-22, because I'm very opinionated about it.

It's not like the 737 Max (or whatever it's called) is the most complicated of aircraft designs ever produced. Frankly we should be able to handle just about any changes in propulsion we want even during the "Sizing" procedure!! That is how basic the problem is. You're talking about the shift in dynamic center due to both a shift in the lift profile of the wing (read below) and a change in the center of gravity (news outlets will try to explain that every which way).

The way I heard it (as reported on the BBC- iI have not read any of the  intellectually significant material on the subject - because I'm very busy) it was the added lift over the wing due to entrainment caused by the new engine exhaust (significantly greater mass flow rate, and higher, more forward position of exhaust) what led to a shift in the dynamic center of the plane at a very particular point during the mission (step turns according to one source) and that's the whole reason for the existence of the software addition.

The problem, as I understood, and to be more specific, was that under certain situations like turning with a high load, the natural upward pitch created by the extra lift, increased the risk that the angle of attack of the wing would get near or past the maximum angle at which wing stall ocurrs. The point at which the flow over the wing separates from the wing and the wing loses its lift.

The way this sounds to me, the engineers found late at some stage that they would have this additional lift problem, and their response was to shove the problem to the controls department. The idea was to write software to trim the elevators in the horizontal stabilizers to bring the pitch of the nose down if there was a risk of a stall as indicated by *one*  (cough cough) Angle of Attack indicator.

But I'm not a controls guy. The way I'd look at the issue is to re-visit the wing root design, the engine strut design, and even go as far as radically changing the engine location. If the engine is too big to fit under the wing, then you either change the design of the root of the wing. Or who knows, maybe even place the engine on top of the wing? That would increase the lift, but perhaps the problem could be more manageable with a greater strut height. There are successful two and four engine aircraft designs using an over the wing engine placement. That, of course, entails a significant design change, and lots of money, not to mention the effect on sales and potential delivery details. They chose the "easy way out" - meaning giving you a software design projects called MCAS.

But the way it looks, their MCAS is a patch for a design problem that should be dealt with in a (re) sizing procedure. But here is where the problem lies. A faulty AOA indicator would trigger the MCAS, and there is no way that pilots can turn it off. Like having an invisible evil monkey aboard messing with the elevator trim knobs.

I don't know the quality level of the design teams at Boeing but I'm surprised they would even have this issue. I'm also perplexed at the position adopted by the company to only offer the "disagreement system" as an optional feature, if they knew there would be issues with a single AOA reading. I just don't know, man. I just don't know.
« Last Edit: April 30, 2019, 09:48:58 am by J. Wilhelm » Logged

J. Wilhelm
╬ Admiral und Luftschiffengel ╬
Board Moderator
United States United States

Sentisne fortunatum punkus? Veni. Diem meum comple

« Reply #2 on: May 06, 2019, 03:13:04 pm »

Explanations just getting better... Roll Eyes

BBC: "The firm said it had inadvertently made an alarm [the"disagree alarm"] feature optional instead of standard, but insisted that this did not jeopardise flight safety...  The planemaker said it had intended to provide the feature as standard, but did not realise until deliveries had begun that it was only available if airlines purchased an optional indicator."

So you can have "accidental marketing decisions"??   I *accidentally decided to charge people money for this extra safety feature that covers a software design mistake on a software patch itself designed to cover an aerodynamic stability problem created by poor configuration design design of the engine mount system. Does that about cover it?
Prof Marvel
Zeppelin Captain
United States United States

learn from history, or be doomed to repeat it

« Reply #3 on: May 07, 2019, 03:22:37 am »

So you can have "accidental marketing decisions"??   I *accidentally decided to charge people money for this extra safety feature that covers a software design mistake on a software patch itself designed to cover an aerodynamic stability problem created by poor configuration design design of the engine mount system. Does that about cover it?



prof mumbles
Pages: [1]   Go Up
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.20 | SMF © 2013, Simple Machines Valid XHTML 1.0! Valid CSS!
Page created in 0.137 seconds with 16 queries.