Boeing How Safe is the Boeing 737 Max's MCAS System?

[cyboman]

the 737MAX also provides a noise and the sight of the trim wheel spinning when the trim is changing - both are easy to miss or ignore.

If they are adding an AoA display to the HUD or altimeter on some Maxs I think they should go further also display the current nose trim angle value of the stab. Since it has so much pitch authority. And if they stick with MCAS, I think an annunciation lighting up should indicate when it's operating too.

 

[cyboman]

What I'm hearing from the pilot's perspective makes them sound somewhat isolated from the design choices, and even the design information. That doesn't seem like a good thing, we'd like to imagine the people who have to fly the plane having a lot of input into its design and certainly complete information about its design. But it sounds more like something that engineers foisted onto the pilots, framed as being for their own good, without necessarily really telling them why and how to deal with it. Is it possible that this is due to a sense that certain aspects of the MAX needed to be concealed from the pilots to mitigate objections?

The reason I ask is because If I were an engineer being tugged in several different directions in my design choices, on the one hand wanting to make a plane that pilots like to fly while on the other hand meeting various profit-related specs, I might find myself tempted to conceal from both sides of those conflicting interests some of the tradeoffs going on. Would I hesitate to tell the executives who see the corporate bottom line that the plane could fly cheaper if I just made it harder on the pilots? Would I hesitate to tell the pilots that the plane could be made easier to fly but it would cost more? If I'm tempted to conceal that kind of information, it could lead me to design systems to help compensate for the tradeoffs in ways that I am not fully forthcoming about. Could this dynamic be playing a role in the design of the MAX and the MCAS? If so, it might explain why some pilots are saying things like "why isn't this in the manual?"

Some good considerations as to what lead to MCAS in the first place.

It also sounds like they need more engineers who are actually pilots and even more ideal, who have or do actually fly the planes they are designing.

 

[cyboman]

I made this for fun. It's a stab position display added to the Primary Flight Display. Not sure if that real estate is available but just made for fun as a proof of concept. It's to the left of the AoA display, above the attitude indicator on the left. Fairly self explanatory. It shows a graphic representation of the stab orientation. The number shows the stab trim angle and an arrow shows the position of up or down of the stab from leading edge. Two other annunciations show if MCAS is operating, same with STS. Perhaps the entire graphic could change to a red color if the stab is at a maximum down or up position.

 

[cosmik debris]

Fairly self explanatory. It shows a graphic representation of the stab orientation. The number shows the stab trim angle and an arrow shows the position of up or down of the stab from leading edge. Two other annunciations show if MCAS is operating, same with STS. Perhaps the entire graphic could change to a red color if the stab is at a maximum down or up position.

View attachment 240595

Self explanatory seems to mean something different to you than to me. :-)

Cheers

 

[FactChecker]

It also sounds like they need more engineers who are actually pilots and even more ideal, who have or do actually fly the planes they are designing.

They must have test pilots who flew and evaluated all the new features -- both in piloted simulations with all scenarios and in test flights. I can't believe that they did not complain about a system that would ignore their inputs and fight them for such a long time. Test pilots are much better at evaluating the final product than engineers are. Engineers think that they have everything working well or they would still be designing it.

 

[cyboman]

They must have test pilots who flew and evaluated all the new features -- both in piloted simulations with all scenarios and in test flights. I can't believe that they did not complain about a system that would ignore their inputs and fight them for such a long time. Test pilots are much better at evaluating the final product than engineers are. Engineers think that they have everything working well or they would still be designing it.

Do you think any of the test pilots are actually engineers? I mean I guess that's being pretty idealistic. It just seems maybe that would help bridge a sort of cognitive gap.

 

[PeterDonis]

Do you think any of the test pilots are actually engineers?

Historically, test pilots have often been engineers, particularly in the military and NASA. Neil Armstrong, for example, was an aeronautical engineer; that background was considered a significant asset for him as a test pilot with NASA.

I'm not sure to what degree that is still true, or even to what degree it was true back then for civilian companies. It certainly seems like it would be helpful.

 

[FactChecker]

Do you think any of the test pilots are actually engineers? I mean I guess that's being pretty idealistic. It just seems maybe that would help bridge a sort of cognitive gap.

I am not sure, but I always assumed that they had engineering degrees. I believe that most AF pilots have engineering degrees and test pilots are at the top. Their technical engineering skills might have gotten a little rusty because they worked with teems of full-time engineers who had all types of specialties. But they had a good working knowledge of the subjects. They certainly seemed smart enough and fit in perfectly. Their opinion was the one that managers really trusted and respected.

PS. A test pilot at a company like Boeing would have impressive credentials.

 

[jrmichler]

A lot of this discussion was about stability. The center of gravity has a huge effect on stability. Load the airplane to a forward center of gravity (CG), and it is very stable. As the loaded CG moves aft, the stability decreases. The aft limit is determined by the minimum allowable stability.

The wing provides positive lift upward in horizontal flight. The horizontal stabilizer provides negative lift, its force is vertically downward. The total lift from the wing is the gross weight of the airplane plus the negative lift from the horizontal stabilizer. At forward CG, the cruise speed is lower, and the stalling speed higher. Some small plane owner's handbooks list two different stalling speeds for forward and aft CG. Since cruise speed and gas mileage are extremely important in transport aircraft, the manufacturer has an incentive to move the CG as far aft as possible.

 

[Ken G]

Yes, that was just what I was wondering, if the engineers are caught between different priorities. It's natural to have to make tradeoffs, but I worry about the communication about the tradeoffs, versus a tendency to try to conceal what will not be taken well. It sounds like the pilots on the doomed flights must have felt they were fighting their own airplane, and not because any crucial system had failed, but something as simple as a sensor. I think of bomber pilots fighting their planes back to base with half a wing shot off, not because some sensor is acting up. How could a good design allow that?

 

[FactChecker]

How could a good design allow that?

This was not a good design.
1) There is no way that a good design would have the software fight against pilot inputs for such a long time. The initial reaction of the software to a perceived emergency should have been faded out fairly rapidly to allow the pilot commands to take over.
2) There was not enough redundancy to determine which sensor was at fault.
3) The pilots were not given the critical information that the sensors were disagreeing.
EDIT: I have deleted some speculative and possible inappropriate conclusions.

 

[cyboman]

Self explanatory seems to mean something different to you than to me. :-)

Cheers

It should be self explanatory to those following the thread. Let me know what's not clear and I can try to further explain.

 

[cyboman]

This was not a good design.
1) There is no way that a good design would have the software fight against pilot inputs for such a long time. The initial reaction of the software to a perceived emergency should have been faded out fairly rapidly to allow the pilot commands to take over.
2) There was not enough redundancy to determine which sensor was at fault.
3) The pilots were not given the critical information that the sensors were disagreeing.

Good synopsis. Considering the weight of investigations going into this, and now the FBI involved, I think there's going to be some extensive explaining to do on Boeing and the FAA's part.

EDIT: Removed speculative wording about any culpability to Boeing or FAA.

 

[PeterDonis]

fielding such a design may have been criminally negligent.

I felt very early on that it was indeed negligent

It's been a while since I posted a reminder about this, so I'll post it again. This thread is about the technical aspects of MCAS. Speculations about non-technical questions like negligence, which is a question of law, are off topic in this thread. There is a thread in General Discussion which allows somewhat wider latitude.

 

[cyboman]

Historically, test pilots have often been engineers, particularly in the military and NASA. Neil Armstrong, for example, was an aeronautical engineer; that background was considered a significant asset for him as a test pilot with NASA.

I'm not sure to what degree that is still true, or even to what degree it was true back then for civilian companies. It certainly seems like it would be helpful.

Right, that makes sense. Remember seeing a space station feed where they were taking questions from kids and more than once they get asked how to become an astronaut. Studying engineering in some form is typically part of the answer.

 

[cyboman]

I am not sure, but I always assumed that they had engineering degrees. I believe that most AF pilots have engineering degrees and test pilots are at the top. Their technical engineering skills might have gotten a little rusty because they worked with teems of full-time engineers who had all types of specialties. But they had a good working knowledge of the subjects. They certainly seemed smart enough and fit in perfectly. Their opinion was the one that managers really trusted and respected.

PS. A test pilot at a company like Boeing would have impressive credentials.

Right, I imagine the test pilots need that sort of vocabulary and understanding to communicate to the engineers the feedback they have. I guess as I think you and perhaps others have suggested, it seems surprising while testing stall scenarios that feedback about MCAS from the test pilots wouldn't of prompted direct changes to the system or annunciations, or at the least significant added training / sim time to deal with these scenarios when MCAS is active.

 

[Ken G]

And now this: "This is ridiculous," said Captain Dennis Tajer, a representative of the Allied Pilots Association, which represents 15,000 American Airlines pilots. "If you're going to have equipment on the airplane that we didn't know about, and we're going to be responsible for battling it if it fails, then we need to have hands-on experience."

The very fact that he described the situation as "battling" the features added to the MAX shows that the pilots do feel like it sounded to me as well. If someone is flying that plane with insufficient training, and something goes wrong, they end up feeling like the plane has a mind of its own and is trying to crash. What an awful feeling that must have been for those pilots who did not have the crucial information they needed, like a bad dream. How can Boeing explain not being more forthcoming with information about the MCAS, was it just carelessness or were they actively trying to slip something under the rug? I guess that's what the investigation will try to determine, but it's not clear which is worse, incompetence or deception. But if I had a family member on those flights, and was hearing what we're hearing now, I'd be irate.

 

[cyboman]

What an awful feeling that must have been for those pilots who did not have the crucial information they needed, like a bad dream.

Bad dream indeed. When you look at the vertical airspeed graphs, it would of been an absolutely terrifying experience, for both the crew and passengers.

 

[cyboman]

Take a gander at this:

It looks like there is perhaps a dangerous incentive to push the CoG aft as much as possible in order to "max"imize efficiency. However, the aircraft becomes less stable. Is this relevant to our discussion?

Also, pretty funny joke if you watch the entire video.

 

[FactChecker]

It looks like there is perhaps a dangerous incentive to push the CoG aft as much as possible in order to "max"imize efficiency. However, the aircraft becomes less stable. Is this relevant to our discussion?

Yes, it is relevant. Apparently, the engine position of the MAX changed and moved the CG so that the MCAS system was required for preventing a stall. There should be a mandated stability margin that would make a commercial airplane safe. The location of stored luggage is also a concern.

 

[jim hardy]

They must have test pilots who flew and evaluated all the new features -- both in piloted simulations with all scenarios and in test flights. I can't believe that they did not complain about a system that would ignore their inputs and fight them for such a long time.

The test pilots knew MCAS was there and to either switch it off or kill power to the jackscrew motor.

Apparently the Lionair and Erhiopian pilots did not.
https://jalopnik.com/a-pilot-who-bummed-a-ride-on-a-boeing-737-max-saved-the-1833441974

...it seems the very same plane narrowly avoided disaster the day before its crash, thanks to the input of an off-duty pilot who bummed a ridein the plane’s cockpit.

But the next day, staffed with a different crew that reportedly did not know how to respond to the malfunction, the same plane crashed into the Java Sea and killed all 189 people aboard.

Anyhow it goes to the basic idea of overconfidence in machine intelligence,
...see my signature.

Were i the "man behind the curtain" in that program
and i sensed pilot calling for a lot of up elevator after i'd just given him down trim
i'd back off my down trim
on the premise it's my job to assist him not think for him.

https://www.pprune.org/rumours-news...ware-fixes-due-lion-air-crash-delayed-16.html

Runaway(Stabilzer Trim-_jh! Stop and think what that's really meant to 737
pilots over time. Whrrr...Whrr... of the trim wheels
spinning away without input. EASY, we have a recall to
fix that.

This is DIFFERENT! Because of the component fault situation
AOA, the stick is shaking... a whole different and scary event,
especially because the plane seems to be in a routine flight
condition. Nobody would really notice that in such an unexpected
time the trim wheels are ever so discretely moving, and PAUSING...
due to inputs, but then relentlessly resuming their travel. Very
sneaky while a another perceived crisis is unfolding.

No reasonable person should just casually roll off their tongue,
This is a runaway stab, they should have selected cut out.

Was MCAS written by the same programmer who came up with Cortana ?

old jim

 

[berkeman]

Do you think any of the test pilots are actually engineers? I mean I guess that's being pretty idealistic. It just seems maybe that would help bridge a sort of cognitive gap.

Maybe software engineers...

https://www.cnn.com/2019/03/22/us/m...s-lion-air-ethiopian-airlines-intl/index.html

 

[FactChecker]

The test pilots knew MCAS was there and to either switch it off or kill power to the jackscrew motor.

I wonder if the test pilots flew it without the AOA indicators or the AOA mis-compare light. If a pilot doesn't have those, I wonder how long would it take to distinguish between a MCAS problem versus turbulance or other possible problems. I have trouble believing that the test pilots and pilot-vehicle-interface experts would approve of that situation.

 

[cyboman]

Maybe software engineers...

https://www.cnn.com/2019/03/22/us/m...s-lion-air-ethiopian-airlines-intl/index.html

View attachment 240646

Actually I think they need some good HCI software engineers moving forward. And ideally some that fly.

 

[cyboman]

The test pilots knew MCAS was there and to either switch it off or kill power to the jackscrew motor.

I wonder if they would of let the test pilots fly the plane first, without telling them specifically about MCAS. If it's purpose is to work flawlessly behind the scenes it appears that would make good sense. Have them induce 20 or 30 stalls under different scenarios, come back with their feedback, then brief them on what MCAS is doing.

Perhaps the'd be like, "Ohhh, I was wondering what the heck was going on! What's it called? MCAS? Well why the heck would you do that?"

I guess time will tell if the investigations make such internal conversations or disputes public.

 

[berkeman]

I wonder if they would of let the test pilots fly the plane first, without telling them specifically about MCAS. If it's purpose is to work flawlessly behind the scenes it appears that would make good sense. Have them induce 20 or 30 stalls under different scenarios, come back with their feedback, then brief them on what MCAS is doing.

Being a test pilot doesn't work like that. They want to know *everything* about a plane before test flying it. Have you not read any of Chuck Yeager's books?

https://images.gr-assets.com/books/1503287911l/1586034.jpg

 

[cyboman]

Being a test pilot doesn't work like that. They want to know *everything* about a plane before test flying it. Have you not read any of Chuck Yeager's books?

https://images.gr-assets.com/books/1503287911l/1586034.jpg

View attachment 240661

Nope. I've seen The Right Stuff and logged a ton of hours playing Chuck Yeager's Air Combat back in the day. Man I should try to fire that game up again. The audio would be hilarious now. It used the internal PC speaker I think.

Is that autobiography a good read?

 

[jim hardy]

Engineering skill doesn't equate with good pilot skills.

An engineer analyzing something needs the ability to focus in on one train of thought and follow it to a conclusion without getting distracted.
A pilot can't afford that degree of mental lockup - he has to keep situational awareness .

There are people like "Borderline-OCD-Me" .
I might make a decent Flight Engineer but I know better than to trust myself to maintain that presence of mind requisite for good piloting.
That's why i stayed in maintenance instead of operations .
I was a useful tool that operators could sic on a problem to get it fixed.
Their "Big Picture" grasp always amazed me, just as my knowledge of the instrument system details amazed them. I was the Details guy in that symbiotic relationship..

Eastern 401 is what happens when that "Mental Lockup" takes over a cockpit.

The crash occurred while the entire cockpit crew was preoccupied with a burnt-out landing gear indicator light. They failed to notice that the autopilot had inadvertently been disconnected and, as a result, the aircraft gradually lost altitude and crashed. It was the first crash of a widebody aircraft and, at the time, the second-deadliest single-aircraft disaster in the United States.[1][2]

You can't take psychology out of the picture.

Not saying an engineer can't make a good pilot, just it's not a given that he will.

old jim

 

[berkeman]

Is that autobiography a good read?

Yes, it's an excellent read, with many lessons to be learned. I had no idea how much work went into test flights before reading that book.

 

[cyboman]

Yes, it's an excellent read, with many lessons to be learned. I had no idea how much work went into test flights before reading that book.

Cool, I'll add it to my list. Cheers!