back to article Boeing big cheese repeats pledge of 737 Max software updates following fatal crashes

Boeing chief exec Dennis Muilenberg has repeated earlier promises that a software update for the troubled Boeing 737 Max airliners is coming "soon". In an open letter published last night Muilenberg acknowledged the "shared grief for all those in mourning" after the separate crashes of two 737 Max 8s within a few months - …

Page:

          1. Alister

            Re: MCAS is being misportrayed

            In the OG models, they mainly run a display. The pilot notes it's wrong/disagrees with the copilot's display, and ignores it, logging a maintenance ticket. That does not make the evening news.

            Yep, fair point. It would be interesting to find out how many times that happens, and how reliable the AOA sensors normally are.

        1. PhilBuk

          Re: MCAS is being misportrayed

          @Alister

          The rule of three is broken - so is the rule of two. The 737 has two Flight Computers (FCs), these each have their own AOA sensor - there are no links between the two. In flight, only one FC, and therefore only one AOA is used. The standard operating procedure is to alternate FCs between flights. So it's worse than you thought - only one AOA is used during flight and if that one is buggered, so are you.

          Great design Boeing!

          Phil.

    1. Anonymous Coward
      Anonymous Coward

      Re: MCAS is being misportrayed

      Still, "AOA increases the lift provided by the engine cowling that is so large and mounted so far forward of the wing causes a nose up pitching moment that results is a decrease in the column pull needed to maintain a steady positive AOA rate" means that the risk of a stall is increased - as the the pilot must decrease the pull to maintain the AOA, it it keeps it in the same position the AOA keeps increasing by itself - and it could catch off-guard pilot trained in previous models.

      Especially in critical situations at higher AOA - take off and landing, where a stick shaker may be less useful, especially if the plane has reached a dangerous AOA, because it could take more time to recover.

    2. steelpillow Silver badge
      Boffin

      Re: MCAS is being misportrayed

      The root of the problem is that the lifting engine cowlings moved the aerodynamic centre forward of the centre of mass at high AOA. The traditional solution is to move the aircraft centre of mass forwards likewise, for example by extending the forward fuselage. This of course would mean a major structural redesign and could have further ramifications, such as a taller tailfin.

      Another approach that has been used successfully is to introduce a "lifting tail". This is a tailplane or horizontal stabilizer optimised to provide a little lift in normal flight. It acts to move the aerodynamic centre back aft of the existing centre of mass. But that would reduce fuel economy and range, and might also require a larger tailplane and strengthened rear fuselage.

      The modern approach is to fix such handling problems in the software so that, even if the plane flies like a brick tied to a pig, it still feels like a Spitfire. This was, very sensibly, the MCAS solution. Except, it doesn't feel like a Spitfire, it feels like a pig that has eaten the brick. Worse, Boeing and the FAA together chose not to train pilots in the gentle art of turning it off. And that is down to bad engineering, bad certification, and bad operational support.

    3. pavel.petrman

      Re: MCAS is being misportrayed

      Re the manufacturer self-certifies? Seriously?

      Self certification is actually quite common in highly complex areas (in many locales even nuclear power plant operators self-certify) which fact usually comes with very strong incentives for the operator or manufacturer not to lie in the certification. And having seen the complex certification processes in the nuclear power generation I would never argue that a public agency would be per default better suited to do the certification, quite the contrary. So in this case it may have been the incentives what failed.

    4. Anonymous Coward
      Anonymous Coward

      Re: MCAS is being misportrayed

      This is surely going to be another one of those laws of unintended consquences. That, in order to address a requirement that a dozy pilot who's holding a constant backforce on his control control shouldn't be able to cause a runaway pitch-up, that they've added a complexity to the control system that has caused two crashes and claimed hundreds of lives, when it kicked in by mistake and trimmed to the point of loss of control.

  1. steelpillow Silver badge
    Devil

    Let's not wait

    So, having analysed the current software for failure modes, let's rush the upgrade out a month early and we can all start flying again.

    Let's not wait to do the job properly, followed by independent FMEA and validation of the new software build first, that might cost money and look bad.

  2. Pascal Monett Silver badge
    Thumb Down

    Forget ROTM

    I more and more have the feeling that if we collectively kick the bucket, it will simply be by our own stupidity.

    We are obviously interfacing the human and the machine with more and more software, however we are singularly failing to properly think about the consequences, or properly test all the scenarios before we put it into production.

    Do that in a bank or an administration and you only get headaches trying to set the situation straight again (and some loss of money). As we have seen, do that in flight automation software - which we need - and you lose lives.

    Sorry Boeing, someone was not thinking right when they drew up and improperly tested this functionality. And more than 350 people have paid that negligence with their lives.

  3. Anonymous Coward
    Anonymous Coward

    Why did it require two?

    Why did it require TWO crashes to begin to realize that there's something wrong?

    Pretty serious issue if every aircraft fault now needs two crashes to prompt reaction. Especially in this age of software enabled incidents...

    There's some root-root-root... analysis needed here, about six layers of Why?

    1. Alister

      Re: Why did it require two?

      Why did it require TWO crashes to begin to realize that there's something wrong?

      Because Boeing and the FAA collectively stuck the fingers in their ears and denied that there was anything wrong. Until the preliminary report from the LionAir crash, they didn't even own up to the fact that MCAS was installed.

      Lest we forget, it's only a week ago that the FAA was still expressing "complete confidence" in the 737MAX, and that was AFTER the second crash.

    2. muhfugen

      Re: Why did it require two?

      Because more than 55 million people die every year, and the few hundred which died from these two accidents are nothing more than a rounding error.

      1. Tom 64
        Mushroom

        Re: Why did it require two?

        There is a difference between dying of old age, and dying from corporate manslaughter, don't you think?

        The only reason Boeing are acknowledging the problem now is because at the rate the accidents were occurring, it wouldn't be long until a 737MAX went down in a country where Boeing could get sued.

  4. Gustavo Fring
    Unhappy

    IS E M

    elon musk ? it seems to fit the correct number of asterisks ... but that cant be right , surely ?

  5. Aladdin Sane

    Seems to me, that the basic 737 design is unsuited to the power output of the newer engines. Rather than fiddle with the software, maybe they should consider sorting the hardware?

    1. Alister

      That would have cost them much more money though, and a full re-certification process.

      1. A.P. Veening Silver badge

        I'd say they guessed wrong and it will cost them even more money. A full re-certification will be required now and EASA and CAAC (to name just two) aren't going to rubber stamp the FAA certificate this time, but will require re-certification independent from FAA. If Boeing is luckier than it deserves, EASA and CAAC will agree to a combined certification, but will still have to be without FAA.

      2. Aladdin Sane

        I think this approach is going to cost a hefty amount in the long run.

        1. Anonymous Coward
          Anonymous Coward

          Again, on Pprune, someone posted some figures, I don't know how true they are:

          Boeing's projected income for sales of 737MAX 8/9 models: 600billion dollars.

          litigious value for each death, in the region of 2-3million dollars x 320 = 900million to 1 billion dollars

          Cost of recertification circa 10-15billion dollars in total.

          Profit!

          1. Hopalong

            litigious value for each death, in the region of 2-3million dollars x 320 = 900million to 1 billion dollars

            737Max production rate - 10 per week, ticket price for a max-8 $121M (not that anyone pays list price)

            So the cost of litigation < weekly income .....

    2. Robert Sneddon

      737

      The 737 has been around for a long time and Boeing has a number of large customers who want 737s, the newest and shiniest 737s with more efficient engines, better fuel consumption, more passenger capacity but basically 737-shaped flying machines. South West Airlines has 750 of them, for example and they will only buy 737s.

      737 pilots can switch between recent versions of the 737 easily with minimal retraining, the maintenance and ramp workers don't have to deal with lots of new hardware, any changes are incremental and reduce operating costs. Boeing really needed to design a son-of-737 which didn't have the airframe structural limits that the existing 737 versions suffer from. The resulting aircraft wouldn't be a 737 though meaning the customers would have a choice, wait for the new plane (797?) to start coming off the production line or buy planes like the Airbus 320neo now. That was something Boeing wanted to avoid at all costs hence the software-patch-for-an-aerodynamic-problem solution they eventually rolled out.

    3. imanidiot Silver badge

      It's not about the power output of the engines, it's purely about their size and the way their aerodynamics affect the aircraft at high angles of attack. Airflow upwards from below the aircraft push the engine cowlings upwards. On the old design the main part of the engines was close to the center of mass and didn't affect the pitch of the aircraft. The new engines are both larger and further forward. At high angles of attack the airflow from below pushes on the engines and because they are so far forward this pushes the nose of the aircraft up, increasing pitching moment. To counter this the MCAS system was introduced that counters this extra pitch up moment by applying nose down trim such that the pilot wouldn't feel the difference. However, when the Angle of Attack sensor fails, the MCAS system repeatedly adds nose down trim when not needed, until the pilots have to pull on the yokes with 50 kgs of force just to keep the nose from dropping. On 2 flights they lost that battle and the aircraft dove into the ground.

      1. Kubla Cant

        when the Angle of Attack sensor fails, the MCAS system repeatedly adds nose down trim when not needed, until the pilots have to pull on the yokes with 50 kgs of force just to keep the nose from dropping

        Solution: stronger pilots!

  6. Rasslin ' in the mud

    "MCAS was intended to add nose-down trim if it thought the aircraft was getting close to stalling."

    MCAS is a subsystem on a commercial aircraft! It doesn't THINK, it primitively responds to sensor inputs in a pre-programmed manner! If computers are so "gee-whiz" to the author, maybe he is working for the wrong publication.

    1. ChrisC Silver badge

      "MCAS was intended to add nose-down trim if it thought the aircraft was getting close to stalling."

      If I look out the window and see dark clouds rolling in, is "looks like rain" a thought that crosses my mind, or just a primitive response to sensor inputs?

      I'm pretty sure, nay, let's really push the boat out and say that I'm absolutely certain, that the author of this piece didn't for one femtosecond think that the MCAS system has any sort of sentience, and that the use of "if it thought" here is nothing more than a figure of speech used as a somewhat more readable alternative to "if it received inputs from the AOA sensor which crossed some pre-defined thresholds, determined after extensive flight regime testing, CFD modelling etc., to be a strong indicator that".

    2. Anonymous Coward
      Anonymous Coward

      Re: " if it thought the aircraft was getting close to stalling."

      It's just a way of expressing it, frequently used by those of us who in the past have had to explain things to the C-suite. "Thought", "Computed that", in context there is no ambiguity.

      1. Anonymous Coward
        Anonymous Coward

        Re: " if it thought the aircraft was getting close to stalling."

        Often there's more evidence of the computer thinking than the C-Suites

    3. Throatwarbler Mangrove Silver badge
      Headmaster

      Re: "MCAS was intended to add nose-down trim ..."

      PROTIP: In common parlance, people very often refer to programs or computers as "thinking" even when they do no such thing.

      You may also hear people refer to "dialing" a number on a cellular phone. Try not to let it bother you too much, is my advice.

  7. spold Silver badge

    Actually it will just be a change to the documentation for now...

    We will we have a fix real soon now, well a month later than we first said, and it will be coded and tested to the same exacting standards we are now famous for.

    Meantime

    In section 1 line 1 of the "737 Max 10 MCAS 101" manual please insert "N.B.You cannae change the laws of physics captain".

    In section 1 line 1 of the "MCAS recovery procedures" please delete the word "Don't" in "Don't Panic".

  8. Anonymous Coward
    Anonymous Coward

    Which airline wants to be the first to test the revised system?

    1. Anonymous Coward
      Facepalm

      Well it won't be BA; they pride themselves on having a Wright-era fleet and cancel so many flights that airborne accidents are statistically impossible.

      1. Anonymous Coward
        Anonymous Coward

        > Well it won't be BA; they pride themselves on having a Wright-era fleet and cancel so many flights that airborne accidents are statistically impossible.

        When they say they've got the right stuff they mean they've got the Wright stuff...

    2. sanmigueelbeer

      Which airline wants to be the first to test the revised system?

      I'm going to be brutally honest: Every operator will need to have this software installed.

      Airplanes make money when they are flying (and not flying INTO).

      The good news to this is every MAX pilot will now be armed with knowledge and skill to disable MCAS. Who knows, maybe pilots who didn't get simulator time (for the new "revised" syllabus with MCAS included) will/might just disable MCAS during (or immediately after) take-off.

  9. Anonymous Coward
    Boffin

    Here's an explanation for use in all news sites ever... (warning: science involved).

    MCAS is literally like mounting a Ferrari engine in a Vauxhall Corsa body, then driving it at high speed at night, through a town centre in the rain, manoeuvring by shouting instructions with your eyes shut at the gobby and horny 17 year old in the front seat who's drunk 8 blue WKDs in quick succession, and is showing off to his girlfriend who's alternating between screaming like a baby and vomiting into the footwell.

    1. Anonymous Coward
      Anonymous Coward

      Re: Here's an explanation for use in all news sites ever...

      I think you mean "metaphorically" rather than "literally like", and also the pilots deserve better.

      It wasn't the fault of the pilots, but they are the ones who get to be dead along with everybody else on board.

      Someone went and killed a whole load of people in New Zealand because of a right wing ideology. In this case over 300 people have been killed because of an ideology that put share price ahead of lives. Guess who will go to prison?

      1. Throatwarbler Mangrove Silver badge
        Thumb Up

        Re: Here's an explanation for use in all news sites ever...

        I wish I could upvote Voyna i Mor's comment a thousand times and also trumpet it from the rooftops.

        1. Anonymous Coward
          Anonymous Coward

          Re: Here's an explanation for use in all news sites ever...

          Don't let me stop you.

  10. Anonymous Coward
    Boffin

    Yep

    "This is your co-pilot speaking. If there's a software engineer on board, please come to the cockpit within the next 60 seconds."

  11. sanmigueelbeer

    Send in the lawyers!

    Once this blows over, I'd like to see if Ethiopia Air (and/or Lion Air) will launch a lawsuit against Boeing.

    It will be interesting to see how much compensation (outside of insurance) will Ethiopia and/or Lion Air will get from this.

    1. Frumious Bandersnatch

      Re: Send in the lawyers!

      Because obviously loss of human life invariably and inexorably leads to the idea of cash payouts. What a catch you are.

      1. Anonymous Coward
        Anonymous Coward

        Re: Send in the lawyers!

        That is why it's called "capitalism".

      2. sanmigueelbeer
        Thumb Down

        Re: Send in the lawyers!

        Because obviously loss of human life invariably and inexorably leads to the idea of cash payouts

        That's how "life" goes in America: People sue.

        Someone slips on a banana peel in mall, they sue the mall owner (get a generous payout). If one rides on public transport and gets t-boned, someone (will) sue the public transport authority and get a hefty payout (free health check to boot).

        `tis America. People for sport.

        (No offense to the Americans.)

        What a catch you are.

        Thank you. My wife agrees with you.

  12. Ptol

    Correct definition of a stall

    it is the break up of laminar air flow over the wing that defines the point when a wing stalls, not its air speed.

  13. herman Silver badge

    "it is the break up of laminar air flow over the wing that defines the point when a wing stalls, not its air speed." - It is a bit more complicated than that also.

  14. TheMeerkat

    I suspect Boeing hired an Agile Consultant who told them they have to deliver “working software” every two weeks. There was no time for testing.

  15. TrumpSlurp the Troll
    FAIL

    Software release process

    As noted before, it is not good practice to install an undocumented software feature which does not display an alert when activated.

    Especially as the undocumented feature has obviously no documentation on how to to turn it off. Which you won't need because you don't know about it, let alone know that it has been activated.

    Noting that an alert would be displayed should an optional extra have been installed.

    Noting further that the supplier should have been well aware what percentage of the target install had in fact had the optional extra installed.

    Still, the Alpha testing by end users does seem to have highlighted the problem and a fix is being rushed out.

    I haven't seen anywhere so far that the software fix will be accompanied by the additional (so far optional) instrumentation to warn when the software is active.

  16. Anonymous Coward
    Anonymous Coward

    How to kill people by saving money, episode #28066

    If we go to root causes, the whole reason that Boeing added MCAS was because it made design changes that in any other case would have led to a need for pilots to re-certify on what appeared to be the same airframe (the car analogy is not far off - what Boeing did significantly changed its flight dynamics). That would have made it much harder to sell (associated costs and lag while everyone got up to speed), so MCAS to the rescue.

    The problem is that MCAS, for all its critical functionality, appears not to have been coded with much in the way of redundancy on sensor input, and a critical error in assessing trim made that its changes were cumulative and thus had a far greater impact on trim that was intended. Add to this an inability to kill it when it became problematic and you have the recipe for the disasters we have seen - it also demonstrates that grounding the planes before we had a third crash confirming a suspicion was the right call (not that I think that should ever have been a question - there are some stiff questions here for the lag in the US that carried the potential that one of these planes could have dived straight into a densely populated area).

    These changes and their fix handily bypassed any critical eye asking intelligent questions by the way in which the FAA changed its approach to certification - the latter is now being investigated, and the political climate in the US makes for an uncertain outcome at best. This FAA thing may lead to another disconnect - there's no redundancy in the safety that the FAA used to provide, and with the changes in approach that have now laid bare I can see it quite possible that other nations may start looking at making this a tad more independent.

    My fear is that this will spawn becomes a political battleground that has everything to do with power, much less so with our safety (as always, that'll just be the excuse).

    1. Keir

      Re: How to kill people by saving money, episode #28066

      How about.....these planes should not be allowed to fly publicly until Boeing has flown them each day for 6 months with at least 2 board executives in the plane. At least a 2 hour flight to be conducted in all conditions. Any time an issues occurs, the 6 month clock is reset to zero. That will help ensure that any safety issues are paramount as opposed to any cynical commercial focus to get the orders flowing again.

  17. FSS

    The question everybody forgot

    Will anyone here be willing to fly in such planes, even after Boing issue SW updates?

    1. Anonymous Coward
      Anonymous Coward

      Re: The question everybody forgot

      Nope, but I can see some airlines advertising the fact they use Airbus!

  18. Anonymous South African Coward Bronze badge

    Yo Boeing!

    Ever heard of a thing called a boycott?

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like