At the wreckage near Bishoftu in a small pastoral farm field and in the Java Sea off Indonesia lie the remains of the early victims of arrogant, algorithm-driven corner cutting, by reckless corporate executives and their captive government regulators.
You know, that something is 50+ years old in basic design doesn't make it bad, especially when it hasn't failed a bunch of times in those 50 years that could be pinned on some inherent vice.
To the contrary.
Nader had a use at one time. Then again my family owned a Corvair in my youth and we didn't die. In fact it was my mother's daily driver, so you can bet I rode in it as a kid more times than I could count, more than a few of them without any seat belt on too. And she wasn't all that good of a driver either -- certainly not up to racing standards. Can I tell you about the time she hit a bridge? No, really, she did.....
Don't get me wrong -- as my other articles point out there's plenty of finger-pointing to do with the 737MAX, with most of it aimed at the MCAS system and its poorly documented characteristics.
I'll even go so far (and have) as to call five-alarm bullcrap on allowing a 0.6 degree control authority to turn into a 2.5 degree one without the entire fault and risk analysis being re-run up and down the line, including the impact on CG and cargo carrying capacity. After all it's not the authority the pilot may require at cruise altitude and speed (he probably has enough to rip the tail off the plane if he could use the whole thing rapidly there) -- it's down low and slow when that's going to matter.
I can also raise a big stink about the fact I'm quite sure (although I don't have a flight or system manual for the plane) that there are multiple other sources of imputed attitude (angle-of-attack) data available, and as a result it shouldn't be all that hard for the flight management system to know that a sensor is full of crap in short order -- including on the ground at power-up when the angle of attack is (obviously) not some wildly-divergent figure. Not doing that right up front -- and charging extra to compare data in the air is IMHO flat-out culpably wrong. Digging back into why the system didn't cross-check as a matter of routine (that is, why someone or a bunch of someones thought it was not necessary or didn't consider it, and whether that was a pure revenue play with excuses paving the road) is something we deserve answers to, because it's something I would have thought of -- and I don't do flight control computers.
And I can make a stink about the fact the the previous generation 737 aircraft (from what I've been told by a couple of people who drive 'em) apparently disconnected auto-trim on a converse manual control input and this one does not (which makes sense; if you go the opposite way the computer has clearly gotten it wrong) so if the pilots (and carriers) were told this plane flies exactly like the old one and relied on that, well, no it doesn't.
I can take an even bigger beef with statistical models used to "predict" failure rates. I love those lines of BS that are commonly run in the computer world; 1x10^-14 or -15 bit-error rates, for example, or "2 million hours MTBF" that sound like "oh you mean that never happens" -- and since you believe that you never need to make known-good backups too. Let me know who you are if you buy that bullcrap so I can prepare to bill you at $1,000+/hour to try recover your general ledger and all the data that went into it (never mind the rest of your business data) when you lose it, because you eventually will. Oh, and may I remind you up front my odds of complete success in that circumstance -- that is, you lose little or nothing and at the end you're mostly ok business-wise -- are about one in five?
Or the reality of computers generally, which is that they run on electrons being stored, moved around and compared, and guess what -- there are these things called cosmic rays that can flip bits without warning in same. Happen often? No. Does it happen? Uh, yeah, it does. Can this be guarded against? In some cases (e.g. ECC memory) but not all (e.g. same hit on a logic gate in a peripheral, etc.) Do aircraft systems shield against this? I'm sure they do; military systems do, but is that shielding perfect and are defenses like ECC perfect? I hope nobody's counting on that to keep them from making smoking holes in the ground.....
None of this, however, changes that a human pilot had quite some time to figure out what was going on or simply decide all the computers are full of crap, I'm turning them off and flying the plane. At what point was that the right call? Obviously before the ground was hit, but also obviously neither crew did it. Is this human-factors engineering, people too damned reliant on technology, shitty training or.... something else? Hellifiknow but don't you think we better figure it out before we make more smoking holes? For all we know the second auger job might have ended the same way but not started the same way and there's some evidence of that (e.g. reports of an abnormally high take-off speed; unsubstantiated at this point since the data is not yet available from the FDR.)
And then there's what drove this entire thing, which was carriers demanding "same type" so they didn't have to spend much if any money on retraining and such -- and not just for pilots either, but also for ground crews and related things. There's a hell of a lot more than just a plane involved in flying a plane, in short, as anyone who has ever been to an airport knows.
Finally whatever you think of the professionalism of the crews involved (that is, are the carriers outside the US hiring competent people, in the main) there's one glaring fact -- Lion Air, the first 737MAX to go down, had a similar fault to what appears to have crashed it the day prior and for inexplicable reasons the aircraft was not immediately put on the ground, the problem reported, including up the line to Boeing and the aircraft tagged out (grounded) until the cause was found.
Might that have led to a resolution path before anyone got killed?
Maybe, maybe not.
But it didn't happen, and that one's not on Boeing since that flight did land safely.
Or is it on Boeing?
This much we do know -- modern aircraft engines, at least, send a lot of data in real time to manufacturers and so do modern aircraft avionics and flight management systems. Malaysia's lost hull in which we have had reported said system was intentionally disabled, anyone? So..... was the data sent, to whom was it sent, who if anyone got it on the previous day's flight with Lion Air when they had the computer go crazy but they lived and if someone did get it why didn't they instantly go apeshit when they got it and ground the damned aircraft?
I want an answer to that question too because again -- but for that, if the data was sent and someone got it 300 people would be alive.
Finally don't be so sure US crews are that "vastly" superior. We now know that a United Express plane missed the runway entirely in Maine. The original report was that it "slid off" the runway in icy conditions; that turns out to have been wrong. On the first attempt they went around on a missed approach but on the second they landed between the runway and taxiway on what was probably (if there hadn't been snow!) grass, ripping the gear off the aircraft. Oops.
So let's do get to the bottom of this and let's not just change the software and call it a day. Specifically, let's make damn sure that if the MCAS system retains it's 2.5 degree trim change authority that all of the calculations and fault analysis related to that are run with that figure and the 0.6 degree figures are voided, meaning that until that's complete the plane doesn't fly again.
What falls out of that does; it might be nothing, it might be something. It might even be a bad something, force MCAS to basically go away and with that all the retraining and certification issues come back with the cert as an entirely different type. Or maybe something less is required -- but let's have the formal verification re-run and know its right.
What I've said before and will say again is that the sort of rot that leads to these incidents doesn't happen in a day or a week. It takes years, even decades. Likewise it can't be fixed in a day or a week either.
Thiokol, if you remember, ignored multiple engineers who had told them that the seals on the shuttle booster rocket were unsafe at low temperatures. But their warnings were ignored, and despite a director for Thiokol refusing to sign the launch recommendation -- he believed the concerns were valid -- NASA launched anyway. Challenger was destroyed along with everyone aboard.
I suspect there's a decent pile of crap sandwiches to be served here, as I've said before, and I can't come up with any good reason for that control authority deviation to not be run back through the full set of analysis. That not being done, along with the reset behavior not being part of the analysis, and it appears it wasn't, is inexcusable.
But then again so is not grounding a plane when everyone on board damn near dies and only because there was a competent pilot in the jump seat did they figure it out and successfully complete the flight -- then the same apparent fault kills everyone on board the next day.
Figure it out and nail the responsible parties to the cross -- Nader-style scaremongering garbage serves nobody.