"No Survivors": Second New Boeing 737 to Crash in Four Months

capnstabn said:
I had some friends that assembled components for planes in college. If you screwed something up you could face criminal charges on what you touched for the next 20 years. I am curious if the engineers of these systems are facing jail time.
Click to expand...

Your "friends" were mistaken, intent would have to be proven. A mistake is not intent.
 
Paul_Johnson said:
Well, some one had to give the key information you intentionally left out in your spin since with the WHOLE story you get a much different picture of how things actually work.
Click to expand...
Odd how that works, facts and stuff.

The dreamliner cell and battery build process has been enhanced. This should prevent cells from breaking open as easily if things get a little toasty. The testing procedure for manufactured cells has also been revised. The design of the complete battery pack has been altered to operate in a narrower voltage range to reduce heat. Additionally, a new charging system was developed to prevent over-charging damage. Lastly, Boeing developed a battery enclosure to protect the aircraft in the event of a failure.
https://www.geek.com/news/how-boeing-fixed-the-787-dreamliner-1552766/
spin away
 
Jim Kim said:
Odd how that works, facts and stuff.

The dreamliner cell and battery build process has been enhanced. This should prevent cells from breaking open as easily if things get a little toasty. The testing procedure for manufactured cells has also been revised. The design of the complete battery pack has been altered to operate in a narrower voltage range to reduce heat. Additionally, a new charging system was developed to prevent over-charging damage. Lastly, Boeing developed a battery enclosure to protect the aircraft in the event of a failure.
https://www.geek.com/news/how-boeing-fixed-the-787-dreamliner-1552766/
spin away
Click to expand...

Yes. That is exactly what I said, the underlying problem still exists to this day. I'm not sure how you missed what I said earlier. He let them go back in the air with a known fault still present.
 
It is interesting seeing all the comments about this being a potlical hit and questioning the pilots.

On the first point if this was purely political, the rest of the world would certainly not have followed China's lead (and Trump just grounded the MAX here). Also it is common knowledge in aviation circles that China's regulatory body is extremely conservative when it comes to percieved safety issues. For example, their minimum time between take-off/landing is significantly higher compared to ours while using the same standards in ILS equipment, and they only allowed electronics last year when we've been allowing it for years.

As for questioning the pilots, the verdict is still out on this crash. However the Seattle Times article is pretty comprehensive and damning about the LionAir crash.

Anyway hope we get more details soon and any issues resolved quickly as I really do enjoy flying the new MAX.
 
So Trump just grounded the planes here in the US. Read the WSJ report that aviation ‘experts’ examined the flight data and are positive that the crash in Ethiopia was very similar to the crash with Lion Air. Inconclusive however, and it’ll take months to determine the cause in Ethiopia.

Could this pinpoint a design flaw with the 737?
 
An aircraft flown by an experienced and trained pilot is brought down by an Auto Pilot. It's likely the aircraft was ascending in a straight line, at a fixed speed, in weather conditions well in tolerances for flight. Yet, Auto Pilot crashes plane. Fast forward to our Automated driving future, with arguably infinitely more variables to control, where if there is an auto pilot failure even if the driver is trained, there wouldn't even be a wheel to turn, or brake to press. Riiiiiiiight…
 
capnstabn said:
I had some friends that assembled components for planes in college. If you screwed something up you could face criminal charges on what you touched for the next 20 years. I am curious if the engineers of these systems are facing jail time.
Click to expand...
That's not how it works

Every design that is to make it onto an aircraft is subject to a continually audited process.
The design and development must adhere to DO178, DO254, DO331, ARP4754 (a combination depending whether it contains firmware and/or software).
A product must have first article inspection by an independent auditor
A product must have a DDP released and inspected by an airworthiness officer
OE must be ISO9001 approved and audited
...
Every single unit being built must have a PAT report, a report who's test coverage is previously approved.
Every single unit is weighed before shipping to ensure no less, no greater than the expected weight (build correctness)
Every single LRU is tested as part of an Assembly system
Every single Assembly system is tested as part of an airframe

The PAT's coverage, the assembly coverage, the maintenance is to cover possible build or installation errors.
No single failure (within an LRU) should be capable of bringing down an airframe due to a failure (hence why FADEC's are dual-channel to meet the safety numbers)

If a build was completed incorrectly, if it passed every single PAT's it means the coverage is incomplete, the ISO9001 manufacturing quality is incomplete BUT it is not criminal unless there was a proven intent to damage a unit.


What I find most shocking about this is the system architecture that Boeing went with AND that it got approved. This scheme relied on a SINGLE SENSOR. Erroneous data from this SINGLE SENSOR would yield observable results to the pilot with potentially catastrophic consequences (which has been proven in these two crashes!). This would have resulted in this sensor being DAL-A and thus redundancy would have been mandated, be it two sensors or correlation from other data. The failure would have been classified as CRI-0 and would have forced the architecture to manage the failure numbers.

How did this get passed the auditors
 
Paul_Johnson said:
That is not quite accurate. The "exert" enough force through the yoke is one way that allows human override in Boeing aircraft. In Airbus aircraft you can not fully override the flight envelope protection. You can select an alernate control law but the software restrictions can not be completely removed on Airbus aircraft. It is exactly as I stated, the classic argument is Boeing believes in the pilot while Airbus believes in the computer. It is excactly why barring a structural failure of some sort (or take over, etc.)at least part of the cause of this accident will end up being pilot error as would be the case on all Boeing aircraft. The pilot has ultimate control, the computer can not say no if the pilot works the procedures correctly.

As for Boeing being FBW, that doesn't mean anything in the scheme of things. An electronic signal to actuator is no real difference than the old method of manipulating control surfaces other than it weighs less, is less maintence, and more reliable. The FBW systems employed by Boeing are meant to mimic the older hydraulic/mechanical while Airbus are completely divorced from the interaction.
Click to expand...

'You can not fully override the flight envelope protection' - this essentially can be done by turning multiple things off... but I take your point, it's a different mentality for sure. The main thing you can do is turn off alpha protection. My point is that both planes are pretty much now governed by flight envelope protection systems - if they were not, and they hadn't malfunctioned or been responded to incorrectly, we wouldn't have these tragic incidents (assuming of course that's what happened with the latest case).

The only reason I mentioned FBW is because others posting here seem to differentiate between Boeing and Airbus on the basis of FBW, possibly because they're not aware that Boeing planes are now FBW also. Not sure what you mean about the difference between them though - on the one hand you say there's no difference between the old method and FBW except it weighing less and being lower maintenance, but then you say Boeings are designed to mimic the older hydraulic/mechanical systems - do you mean that they introduced artificial feedback or similar, because Airbus have this also? Or perhaps you mean that you can 'push past' envelope protection on a Boeing, in a way mimicking going past a physical envelope (but of course, it's not the same feel either)?
 
Corporal Hicks said:
An aircraft flown by an experienced and trained pilot is brought down by an Auto Pilot. It's likely the aircraft was ascending in a straight line, at a fixed speed, in weather conditions well in tolerances for flight. Yet, Auto Pilot crashes plane. Fast forward to our Automated driving future, with arguably infinitely more variables to control, where if there is an auto pilot failure even if the driver is trained, there wouldn't even be a wheel to turn, or brake to press. Riiiiiiiight…
Click to expand...
Arguably an aircraft has more variables to consider for automatic systems compared to a ground vehicle. The environment is more the key difference. Air is air. Wind is wind. Exceed "x" variable and you are no longer in control. There is also the truism that at 30k feet you have time to correct sometimes unless your aircraft is totally fubared.

Autodriving cars turn into benny hill movies the instant you introduce things like unexpected "ice" thanks to the system, yes even a computer system, not being physically fast enough to react before total loss of control.
 
Nafensoriel said:
Autodriving cars turn into benny hill movies the instant you introduce things like unexpected "ice" thanks to the system, yes even a computer system, not being physically fast enough to react before total loss of control.
Click to expand...
Isn't that possible with all unknown factor in auto mode?
 
Corporal Hicks said:
An aircraft flown by an experienced and trained pilot is brought down by an Auto Pilot. It's likely the aircraft was ascending in a straight line, at a fixed speed, in weather conditions well in tolerances for flight. Yet, Auto Pilot crashes plane. Fast forward to our Automated driving future, with arguably infinitely more variables to control, where if there is an auto pilot failure even if the driver is trained, there wouldn't even be a wheel to turn, or brake to press. Riiiiiiiight…
Click to expand...

No, what would be more likely is that when the system (autopilot) acted incorrectly the pilot failed to take over at the correct time or in an appropriate manner failng to fly the plane resulting in the crash not that the autopilot crashed the plane.
 
naib said:
That's not how it works

Every design that is to make it onto an aircraft is subject to a continually audited process.
The design and development must adhere to DO178, DO254, DO331, ARP4754 (a combination depending whether it contains firmware and/or software).
A product must have first article inspection by an independent auditor
A product must have a DDP released and inspected by an airworthiness officer
OE must be ISO9001 approved and audited
...
Every single unit being built must have a PAT report, a report who's test coverage is previously approved.
Every single unit is weighed before shipping to ensure no less, no greater than the expected weight (build correctness)
Every single LRU is tested as part of an Assembly system
Every single Assembly system is tested as part of an airframe

The PAT's coverage, the assembly coverage, the maintenance is to cover possible build or installation errors.
No single failure (within an LRU) should be capable of bringing down an airframe due to a failure (hence why FADEC's are dual-channel to meet the safety numbers)

If a build was completed incorrectly, if it passed every single PAT's it means the coverage is incomplete, the ISO9001 manufacturing quality is incomplete BUT it is not criminal unless there was a proven intent to damage a unit.


What I find most shocking about this is the system architecture that Boeing went with AND that it got approved. This scheme relied on a SINGLE SENSOR. Erroneous data from this SINGLE SENSOR would yield observable results to the pilot with potentially catastrophic consequences (which has been proven in these two crashes!). This would have resulted in this sensor being DAL-A and thus redundancy would have been mandated, be it two sensors or correlation from other data. The failure would have been classified as CRI-0 and would have forced the architecture to manage the failure numbers.

How did this get passed the auditors
Click to expand...

I'll have to look it up again how it finctions but the sensor being discussed, even though we don't know what here, in the Lion Air crash was the AOA sensor. Of which there is more than just one. There is something with the way the data is fed or displayed. As to how to how this got past the auditors, the 737 type certificate is ancient. The original is more than 50 years old and these are certified under a grandfathering process. Among comparable age products the 737 is incredibly safe and reliable. When Boeing clean sheets a NSA then everything will have to be up to current requirements.
 
Nausicaa said:
Isn't that possible with all unknown factor in auto mode?
Click to expand...
With a car yes. With a plane at 30k feet no.
Cars at 100km/h on the ground get microseconds to correct anything and the stress of a 5 degree turn can be catastrophic.
An aircraft can cycle its engines on from a failure in flight. Unless the frame fails you've got tons of time before you hit the dirt comparably.

In short, auto-driving cars are extremely difficult compared to an at cruising altitude autopilot. Different story entirely during takeoff and landing though but still less complex than a car.
 
Nafensoriel said:
With a car yes. With a plane at 30k feet no.
Cars at 100km/h on the ground get microseconds to correct anything and the stress of a 5 degree turn can be catastrophic.
An aircraft can cycle its engines on from a failure in flight. Unless the frame fails you've got tons of time before you hit the dirt comparably.

In short, auto-driving cars are extremely difficult compared to an at cruising altitude autopilot. Different story entirely during takeoff and landing though but still less complex than a car.
Click to expand...
Do you mean reaction time is not enough? It a lot less complex but easier to crash seemingly.
 
Paul_Johnson said:
I'll have to look it up again how it finctions but the sensor being discussed, even though we don't know what here, in the Lion Air crash was the AOA sensor. Of which there is more than just one. There is something with the way the data is fed or displayed. As to how to how this got past the auditors, the 737 type certificate is ancient. The original is more than 50 years old and these are certified under a grandfathering process. Among comparable age products the 737 is incredibly safe and reliable. When Boeing clean sheets a NSA then everything will have to be up to current requirements.
Click to expand...
While the 737 does have two AOA sensors, only one is used by the MCAS. There was some reason why they couldn't use both (resulting in more changes meaning separate 737-MAX training compared to 737 + additionals - training is expensive) but I don't know the specifics why.

https://www.ecommercedailynews.com/...ftware-over-coming-weeks-wall-street-journal/
Boeing publicly released details about the planned 737 MAX software update on its website late Monday. A company spokesman confirmed the update would use multiple sensors, or data feeds, in MAX’s stall-prevention system—instead of the current reliance on a single sensor.
Click to expand...

https://www.wsj.com/articles/pilot-...control-problems-11552473593?mod=hp_lead_pos3
The pilot “reported back to air-traffic controllers that he was having flight-control problems” and wanted to return to Addis Ababa
Click to expand...



https://www.dallasnews.com/business...-complained-feds-months-suspected-safety-flaw
"inadequate and almost criminally insufficient,"
Click to expand...

https://www.documentcloud.org/documents/5766398-ASRS-Reports-for-737-max8.html
At least five complaints about the Boeing jet


https://www.nytimes.com/interactive/2018/11/16/world/asia/lion-air-crash-cockpit.html
 
Nausicaa said:
Do you mean reaction time is not enough? It a lot less complex but easier to crash seemingly.
Click to expand...
We don't know what happened to the planes that crashed. We know they had airspeed problems and similar flight profiles during take off. It suggests that the pilots might have been fighting the plane.
It could be any number of hardware or software failures or it could simply be the flight crew not knowing how to disable a malfunctioning system.

For the purposes of what I said however if a plane is at 30k feet and suddenly its autopilot decides it's about to stall and pushes the plane into a hard dive, the pilots have entire whole seconds to actively stop this. If it was an engine failure its conceivable to have an automated recovery program in an autopilot because you have entire whole seconds to DO something about the problem.

In a car at speed, even a blazing fast computer will have issues getting the data, processing the data, sending the reaction, and having the mechanical parts actually react before the car is completely out of control.

So yes, In a car reaction time of even computers is sometimes not enough because all the accompanying parts have mechanical delays and the total time to react to failure is considerably less before catastrophic failure.
 
Nafensoriel said:
In a car at speed, even a blazing fast computer will have issues getting the data, processing the data, sending the reaction, and having the mechanical parts actually react before the car is completely out of control.

So yes, In a car reaction time of even computers is sometimes not enough because all the accompanying parts have mechanical delays and the total time to react to failure is considerably less before catastrophic failure.
Click to expand...
Thats more of a space issues rather than a computer problem of never isn't it. Wider roads with more clearance could make it a problem of the past, although the tradeoffs for clearance are rather steep.
 
Nausicaa said:
Thats more of a space issues rather than a computer problem of never isn't it. Wider roads with more clearance could make it a problem of the past, although the tradeoffs for clearance are rather steep.
Click to expand...
Ice at 100km can cause a car to turn uncontrolled more than enough to render the vehicle unrecoverable. Road size isnt going to make autopilot for cars work in a Canadian winter.
 
Paul_Johnson said:
Indeed, but as the argument always goes that is design philosophy difference between Boeing and Airbus. The classic argument is Boeing believes in the pilot while Airbus believes in the computer. Automation versus handflying. Sidesticks versus yokes. Computer limits versus human override. Etc.
Click to expand...

If I recall one of the contributing factors was the little tactile feedback of the A330 side stick and the lack of visual confirmation that one pilot is manipulating the stick. If you're focusing on something else you likely cannot see if the other guy is manipulating the side stick. I understand it makes sense in fighters, but yokes with tactile feedback and easy visual confirmation for both pilots seems ideal for commercial aircraft.
 
Falkentyne said:
When a major news site calls an airplane fleet a CRASH fleet, you know you're in trouble. This is teenage meme comedy in full force now.

https://www.bbc.com/news/business-47562727
Click to expand...

No, when a major news site calls an airplane fleet a crash fleet with two accidents that do not yet have a known cause and will likely have a not insignificant portion of the cause be pilot error you know that the major news site has no credibility. The media has largely been a joke for years, in aviation even longer.
 
Paul_Johnson said:
No, when a major news site calls an airplane fleet a crash fleet with two accidents that do not yet have a known cause and will likely have a not insignificant portion of the cause be pilot error you know that the major news site has no credibility. The media has largely been a joke for years, in aviation even longer.
Click to expand...

The causes are very well known and I'll bet anyone here a nice big $100 since I don't make wagers I can't lose.
Read this.
https://www.pprune.org/rumours-news/619272-ethiopian-airliner-down-africa.html

Beoing engineers actually KNEW their "hack" for a badly engineered engine system could fail and even knew exactly under what conditions the MCAS system would fail last year, yet told no one. This information was posted on that professional pilot forum, somewhere around page 60. I'd trust them far more than anyone here. Want to take me up on that $100?
 
Falkentyne said:
The causes are very well known and I'll bet anyone here a nice big $100 since I don't make wagers I can't lose.
Read this.
https://www.pprune.org/rumours-news/619272-ethiopian-airliner-down-africa.html

Beoing engineers actually KNEW their "hack" for a badly engineered engine system could fail and even knew exactly under what conditions the MCAS system would fail last year, yet told no one. This information was posted on that professional pilot forum, somewhere around page 60. I'd trust them far more than anyone here. Want to take me up on that $100?
Click to expand...

I'm sorry, where are the complete investigative findings again?
 
Paul_Johnson said:
I'm sorry, where are the complete investigative findings again?
Click to expand...

Summary of the "rumor" --remember you have PROFESSIONAL pilots posting here (and some engineers).
https://www.pprune.org/rumours-news/619272-ethiopian-airliner-down-africa-60.html#post10417292

FAA reporting extreme similarities to the flight envelope on both lion air (proven btw, Paul, MCAS caused the crash) and Ethopia.


And this:
https://www.theatlantic.com/notes/2...ecord-about-problems-with-the-737-max/584791/
https://www.pprune.org/rumours-news/619272-ethiopian-airliner-down-africa-60.html#post10417297
https://www.pprune.org/rumours-news/619272-ethiopian-airliner-down-africa-52.html#post10416648
 
Falkentyne said:
Summary of the "rumor" --remember you have PROFESSIONAL pilots posting here (and some engineers).
https://www.pprune.org/rumours-news/619272-ethiopian-airliner-down-africa-60.html#post10417292

FAA reporting extreme similarities to the flight envelope on both lion air (proven btw, Paul, MCAS caused the crash) and Ethopia.


And this:
https://www.theatlantic.com/notes/2...ecord-about-problems-with-the-737-max/584791/
https://www.pprune.org/rumours-news/619272-ethiopian-airliner-down-africa-60.html#post10417297
https://www.pprune.org/rumours-news/619272-ethiopian-airliner-down-africa-52.html#post10416648
Click to expand...

So you don't have the complete investigative report for the crash? Or even the Lion Air crash.
 
Last edited:
Nausicaa said:
That's nuts, what a great article. How well known were these issues?
Click to expand...

They were known last fall.
I can't find the original source. It was posted on pprune but I can't find the exact post. Hard to find with all those posts all over now.
 
Nausicaa said:
That's nuts, what a great article. How well known were these issues?
Click to expand...

The New York times reported this issue last month says Joel Hruska

https://www.nytimes.com/2019/02/03/world/asia/lion-air-plane-crash-pilots.html

" ... to persuade its airline customers and, crucially, the Federal Aviation Administration, that the new model would fly safely and handle enough like the existing model that 737 pilots would not have to undergo costly retraining.

Boeing’s strategy set off a cascading series of engineering, business and regulatory decisions that years later would leave the company facing difficult questions about the crash in October of a Lion Air 737 Max off Indonesia."
 
You must log in or register to reply here.
Back
Top