Sorry for another comment, but in my research into the topic the saddest bit of information I've seen is the image of the black box data for the flight (the first crash): https://i.imgur.com/WJuhjlO.png
You can see from the graph that in the final minutes and seconds, the pilot put insane amounts of force on the control column (aka the yoke) to try to pull the plane out of the dive - to save the 189 people on board. But no, MCAS was overpowering and lacked the documentation for the pilot to try anything else.
Also interesting to see is the amount of times the pilots bring the nose up, only for MCAS to kick in and force the nose back down. 26 times.
Don't airplanes have an equivalent of 'power steering' like we have in cars? It seems strange that pilots have to use actual physical force to move the control surfaces, and that there is a point where the physical force of a human is not enough anymore to move them. I get that Boeing wants to give pilots feedback of what is going on in and around the airplane. But putting pilots into a situation where they can't command the airplane even if they want to is a bit extreme.
Depends on the aircraft. Some modern jetliners are using fly-by-wire, while others have hydraulically-boosted controls. Some still rely on cable-and-pulley.
Either way, as I understand, it wouldn't matter with the MCAS-related MAX aircraft crashes. The elevator trim is able to move the entire elevator (literally, the entire elevator moves in response to the jackscrew controlled by the trim system) to such an extent that, depending on CG, airspeed, and other factors, it cannot be overpowered by moving the control surface to its full deflection. So whether or not the MAX had boosted controls or fly-by-wire probably wouldn't have mattered in the case the aircraft were trimmed fully nose-down. The pilots would have been struggling to maintain control either way. That's why there's stabilizer trim cut-out switches and manual trim.
I'd highly recommend Mentour Pilot's videos on the subject, links below:
Unlikely. In the case of the first crash, they didn't even get as far as switching off the stab trim (they were flipping through the flight manual to find it as the plane crashed). A second switch would have done nothing if they couldn't remember how to use the first one. Yet another switch in a cockpit (which already has hundreds of them) would also have been yet another way to create an emergency by having a switch accidentally flipped the wrong way.
In an emergency it has repeatedly been shown that pilots often forget complicated/rare recovery procedures. We need to stop relying on humans to perform at a superhuman level in these situations; better automation is the only way out.
On the other hand, there are many who believe, that automation got us into this. The more we automate, the more we depend on it which leads to problems if exceptional situations occur. [1]
Maybe the 737 Max is just too complex and relies too much on automation to fly correctly? I'm reminded of the Quantas QF32 flight, where pilots were nearly overwhelmed by the endless amount of errors and checklists they had to perform. [2]
the AF flight that was lost over the Atlantic years back (10 years now maybe?) did just that, when the pilots believed that the plane's automation was in a state that would not allow them to do anything that would result in unrecoverable flight... so they stalled it all the way into the ocean.
The problem here is nearly identical to the problems with self driving cars. The automation is capable of handling 95% of situations, but the 5% it's not capable of is not clear to either the operators or the software itself.
I firmly believe that both car and air travel need to be either 100% completely automated, or 100% under the control of the operators with well defined areas where the automation systems will ASSIST but always yield to the well trained (pilots) or poorly trained (car drivers) when requested. A human operator is able to think outside the box, and is not limited to what code has been conceived and written.
That sounds more like an issue of not correctly communicating the detected problem to the humans.
In any event, the situation where the humans aren't processing the data correctly and doing illogical things as a result would always lead to failure outcomes, until the point where we no longer allow humans to be pilots/operators at all.
I thought a central part of this was that there was according to Boeing no need to train on this particular aircraft because it was so close operationally to the 737NG. But that in fact the correct response in the particular situation is vastly different. So yes, kinda "incompetence" but more "ignorant due to Boeing's assertions that training wasn't needed"; ie the blame should not primarily rest on the pilots.(?)
I'm ignorant on the details, but this sort of article seems convincing:
> It’s probably this counterintuitive characteristic, which goes against what has been trained many times in the simulator for unwanted autopilot trim or manual trim runaway, which has confused the pilots of JT610. They learned that holding against the trim stopped the nose down, and then they could take action, like counter-trimming or outright CUTOUT the trim servo. But it didn’t. After a 10 second trim to a 2.5° nose down stabilizer position, the trimming started again despite the Pilots pulling against it. The faulty high AOA signal was still present.
> How should they know that pulling on the Yoke didn’t stop the trim? It was described nowhere; neither in the aircraft’s manual, the AFM, nor in the Pilot’s manual, the FCOM. This has created strong reactions from airlines with the 737 MAX on the flight line and their Pilots. They have learned the NG and the MAX flies the same. They fly them interchangeably during the week.
Boeing went complete retard with this. Which is funny, because historically Boeing is the company known to give final authority of the plane to the pilot, in contrast to their rival Airbus which relies more on the onboard fly-by-wire system. Modern planes have hydraulics and fly-by-wire, so pilots don't get the feedback they'd get if their controls were directly connected to the airfoils. To give pilots this feedback, Boeing simulates it mechanically by exerting force on the yoke. Normally this is fine and dandy, until the critical AoA sensor malfunctions and makes the computer think the plane is in a different attitude than it actually is in.
MCAS has nothing to do with force feedback on the yoke. MCAS adjusts the trim. The 737 does not have artificial feel in any case, as far as I know. There's a direct mechanical linkage from the yoke to the control surfaces, so no artificial feel is necessary.
> MCAS has nothing to do with force feedback on the yoke
When did I say it has anything to do with it?
> The 737 does not have artificial feel in any case, as far as I know. There's a direct mechanical linkage from the yoke to the control surfaces, so no artificial feel is necessary.
That's what I was referring to. Also whilst the 737 does have mechanical linkages to the control surfaces, they are there primarily for redundancy so the plane is flyable in case of hydraulics/power failure. By definition any hydraulics assisted system requires artificial force feedback.
> Modern planes come with stick shaker-pusher systems. That's what I was referring to.
Hmm? You were talking about systems that mimic the yoke feel of an aircraft with manual controls. A stick shaker is an emergency warning system that would never once activate on a normal flight. It has no effect on the feel of the controls.
>When did I say it has anything to do with it?
In the comment I replied to:
"To give pilots this feedback, Boeing simulates it mechanically by exerting force on the yoke. Normally this is fine and dandy, until the critical AoA sensor malfunctions and makes the computer think the plane is in a different attitude than it actually is in."
> Also interesting to see is the amount of times the pilots bring the nose up, only for MCAS to kick in and force the nose back down. 26 times.
That is awful. I heard that MCAS kicks in for ten seconds and then goes off for five seconds. So that must have been terrifying, for the pilot to think he has it under control for the death wish of MCAS to try again, and again and again until it gets its own way.
When you look at how much has been invested in Homeland Security over the last seventeen years it is doubly tragic. It wasn't terrorists that we needed to fear, it was hasty management decisions at the FAA.
1) Let's place the blame where it belongs, Boeing. The FAA didn't force them to rely on a single sensor (in fact, given that MCAS can have hazardous consequences, two are mandatory IIRC). The FAA didn't force them to have MCAS three times the control range that's mentioned in the specs. The FAA didn't force them to not mention MCAS at all.
2) While this is certainly a tragic incident, it has nothing to do with homeland security existing or not. It's not like the autopilot suddenly decided to use planes as weapons. Apples and oranges.
Thanks for that, the point has not been made in mainstream media, but time will reveal what a farce the Homeland Security thing was, a project fear to keep everyone believing what they have been believing. Meanwhile the FAA has been changed from being the helpful body it once was.
Blaming Boeing is one thing but we know from our own coding work that you don't have the programmer test and deploy mission critical stuff, you get someone else to do it. It is a team effort. In code if you cut the people out that do all the testing and just ask the programmers to deploy stuff when they want to it goes wrong.
I am not cutting Boeing slack in this, if you go back to the programmer analogy, you still get your code written to best practice before you put it anywhere near the testing and deployment people.
1) then why didn't they force them to use input from both? Why give this shitty design green light? Why outsource parts of the certification process to Boeing, the same company who's plane is to be certified?
Because of 2) obviously. All the money is gone. No budget for rigorous testing and validation of specs.
Outsourcing of certification predates homeland security - see e.g. mid-90s reporting on the 777 certification[1]. In fact, the idea of outsourcing parts of the certification process started IIRC in the mid-1940s. What did happen past 2001 (but not due to budget pressures) is that the airline manufacturers got the authority to appoint their own designees, and were allowed to self-certify.
Not for budget reasons, but for "deregulation is good" reasons. The money isn't gone. We've just got people who'd like "a government so small they can drown it in a bathtub". Well, it's drowning alright.
There's one thing I don't understand while looking at the flight recorder data:
After flaps are retracted for the final time, the altitude seems to stabilize. So why the sudden drop before the crash? Why couldn't the pilots just keep on flying on the same level?
There must be a sudden behavioural change of the plane or the pilots right before it went down, but I never got it explained to me clearly why...
Second question: why did they retract the flaps? Wouldn't the wings generate more lift with flaps extended?
IIRC, the pilot increased thrust to increase airspeed which made it harder to pull back on the yoke to fight against MCAS. I will need to check references again but I just got into bed.
Edit: here we go: Pilots have demonstrated in simulator that the trim wheels cannot be moved in severe mis-trim conditions combined with a high airspeed.[92][93] As the pilots on Flight 302 pulled on the yoke to raise the nose, the aerodynamic forces on the tail’s elevator would create an opposing force on the stabilizer trim jackscrew that would prevent the pilots from moving the trim wheel by hand.[86][91][94]
The resolution for this jammed trim issue is not part of Boeing's current 737 manual according to The Air Current.[90] The Seattle Times reports pilots on the 737-200 were trained for this failure, but latter models got so reliable, this procedure was no longer necessary.[91][90]
The drop in altitude occurred because of MCAS activations retrimming the plane into a dive. MCAS is only active during flaps retracted flight regimes.
They couldn't redeploy the flaps to shutdown MCAS because
A) they didn't know it would work, and it was not documented in any standard procedure
B) the plane was travelling too fast for safe flap deployment
C)Flap deployment decreases the critical AoA of the wing, meaning that pilots would have to be extremely careful during the recovery, and may in fact not have been able to pull out fast enough even if they fixed the mistrim.
Also, remember that a plane flying straight at the ground is still making lift as it barrels toward the earth. Lift isn't something magic that guarantees the plane stays away from the ground. The force vector will happily accelerate you 90° relative to your lifting surface's velocity vector through the fluid.
If for whatever reason you decide that that vector should no longer be parallel to the surface... Well... That's on you.
Or in this case, a computer programmed with an insufficiently robust algorithm for safely doing what it was actually meant to do. As the flight computer had no way of understanding that what its AoA sensor was telling it could possibly be wrong, and therefore alerting the pilots that they were flying on their own now.
So while the pilots knew what they wanted, the computer, not being programmed with the possibility of being wrong in mind, did exactly as it was designed to do.
And this, ladies and gentlemen, is how you kill 300 people without realizing that you're doing it.
> the altitude seems to stabilize. So why the sudden drop before the crash?
> There must be a sudden behavioural change of the plane or the pilots right before it went down
The altitude was stable because the pilot valiantly countered the AND (aircraft nose down) trim input from MCAS with ANU trim (using the electric trim switch) again and again and again. And again.
From what I gather, he then handed the plane off to the copilot to look things up in the QRH (Quick reference handbook, checklists basically), and unfortunately the copilot did not trim up quite as stubbornly, allowing MCAS to trim down so much as to be unrecoverable with elevator control forces alone. Truly terrible.
> Second question: why did they retract the flaps? Wouldn't the wings generate more lift with flaps extended?
Standard operating procedure after the initial climb, you retract flaps. Yes, wing would generate more lift with flaps, but that’s not the problem if you’re pointing downward.
Having said that, deploying flaps would have inhibited MCAS and allowed them to control the plane, maybe, but they didn’t know that.
EDIT to add: I’m talking about the doomed Lion Air flight here (which the FDR data plot linked above pertains to, if I’m not mistaken).
I don't know whether that's true or not, but either way it doesn't matter.
The AoA sensor does not function on the ground, it's basically a windvane and with no air moving over it, it would move to whatever angle gravity dictates.
It should detectably not function, though, right? On level ground, with zero airspeed, it should always be in a certain position, and a deviation from that should be something the plane can detect and compensate for.
A certain air speed is required (to turn the weather vane, as it were).
While in ground effect, the air flow is different from the airflow in flight (away from the ground), so apparently a certain altitude above ground is required for the indication to be considered reliable.
However, I believe that it should be possible to recognise a sufficiently defective AoA sensor during the take off roll, and possibly in time to abort the take off. However, not sure whether pilots are briefed to do so, as that is a risky manoeuvre in itself, and a missing AoA sensor should not be any problem per se (in the absence of MCAS that is trying to kill you).
You can see from the graph that in the final minutes and seconds, the pilot put insane amounts of force on the control column (aka the yoke) to try to pull the plane out of the dive - to save the 189 people on board. But no, MCAS was overpowering and lacked the documentation for the pilot to try anything else.
Also interesting to see is the amount of times the pilots bring the nose up, only for MCAS to kick in and force the nose back down. 26 times.
All data from this Seattle Times article, which was written before the second crash occurred: [1] https://www.seattletimes.com/business/boeing-aerospace/black...