These should not fly for a decade. They're rewriting the avionics from scratch. This should require a years-long process of testing, external auditing, and approvals. I'd even go so far as to say in flight, we should require competitor review. That's right, no trade secrets. If you want your Hello World up in the air, you better let your competitor vet the source code.
This is an engineering boondoggle and an embarrassment for Boeing. Software does not need to be this complicated. Design a damned airframe that's airworthy without needing stabilization hacks.
Agreed, the MAX was only designed to beat the competition to market with the least amount of re-certification and re-training. That gamble (with Boeing's reputation, the FAA reputation and most importantly, people's lives) did not pay off. They won't get away with rushing though certification of a complete rewrite of their flight software. The world is watching now. Time to cut losses and junk the MAX entirely.
Boeing certainly bears culpability for failing to execute, and whatever terrible lapses in certification were made to get there.
But why were they doing a dumb thing in the first place?
Because American Airlines asked-told them to. (Because they didn't want to have to pay to retrain pilots)
Boeing deserves to have substantial portions of management jailed over this, but there's blood on the legacy 737 operators' hands as well, for asking them to do it in the first place.
This sounds like the ratings agencies during the last recession, where they knew they were handing out good rating for junk bonds because if they didn't do it they'd lose a customer to the competition.
In which case American would have bought exclusively new A320neo's.
Boeing was caught flat-footed and underinvested in a new product in 2011.
So while Boeing management could have said "No" to their largest (?) customer, that would have been a hard decision to make. And probably would have led to the board chopping C* heads for breach of fiduciary duty.
It's not as if the current situation, in which Boeing is currently causing all their customers lots of financial pain each day the MAX is grounded, and the CEO of the commercial division has been fired, is any better.
The Airbus order backlog is almost a decade out as it is, so American just shoving it all into A320neos that would take longer to show up wouldn't exactly be realistic either.
Boeing should've just gone with a clean-sheet design.
>It's not as if the current situation, in which Boeing is currently causing all their customers lots of financial pain each day the MAX is grounded, and the CEO of the commercial division has been fired, is any better.
Hindsight is 20/20. The CEO chose a risky payoff (Boeing remaining competitive with the Max) over certain loss (Boeing losing many contracts to competition).
If the CEO didn't expect jail time (which given our history of such incidents is unlikely), he chose rationally in his own self interest.
If you want a different outcome you need to disincentivize this kind of behavior. E.g. if CEOs "taking responsibility" (because that's usually the reasoning for their insane income) meant they get locked up in prison without parole for 20 years. Then rational actors may become more careful.
It's still Boeing's fault. They're the ones that designed and built the damn thing. AA just asked for it; they didn't decide on the specific engineering defects that killed two planeloads of people.
Of course every customer ever is always going to ask for products on a faster timeline at a cheaper price. That doesn't absolve the manufacturer of its responsibility to build a safe product.
2006 - 2011, Boeing maintains the next 737 will be a clean-sheet redesign.
In December 2010, Airbus launches the A320neo, featuring new engines (LEAP included).
In July 2011, American Airlines releases a press release [1] containing the following:
"As part of the Boeing agreement, American will take delivery of 100 aircraft from Boeing’s current 737NG family starting in 2013, including three 737-800 options that had been exercised as of July 1, 2011. American also intends to order 100 of Boeing’s expected new evolution of the 737NG, with a new engine that would offer even more significant fuel-efficiency gains over today’s models. American is pleased to be the first airline to commit to Boeing’s new 737 family offering, which is expected to provide a new level of economic efficiency and operational performance, pending final confirmation of the program by Boeing. This airplane would be powered by CFM International’s LEAP-X engine." (emphasis added)
In August 2011, Boeing announces the 737 MAX program, featuring LEAP engines.
American Airlines literally ordered a plane that didn't exist. And then Boeing tried to build it.
There are structural failings (e.g. why Boeing wasn't better positioned by investing in a redesign in the 2006+ period), but American shares a fair amount of blame for this clusterfuck.
Boeing certainly could have said "No", in which case American likely would have bought additional planes from Airbus. So American had leverage, they used it to pressure Boeing into building what they wanted, Boeing failed at delivering that, and we're here today.
I don’t see how that proves anything about American pressuring Boeing. An equally likely scenario is that Boeing promised a plane they were developing and attempted to secure a market for it before it was completed. That alone doesn’t sound unusual. The problem is that it appears they were overly aggressive in their estimates and tried to circumvent the process with a software update.
Possibly. But that version doesn't jive with public statements.
Previous to American's press release, Boeing's leadership was strictly avoiding mentioning an up-engined 737. And was fairly reliably mentioning a clean sheet redesign program.
I can't think of a reason for doing that, if they in fact had such a program.
It would make sense to be trumpeting it loudly to anyone and everyone.
Contrary to popular belief, quad engine planes are not inefficient [1], at least not in terms of fuel consumption (we are talking 1% to 2% difference). In terms of dispatch reliability however I think they are doing somewhat worse than twins, as they are more likely to have one engine out of service. And it not a small problem: a plane flying revenue passengers is an asset, but a plane not flying is a liability.
At least two of the planes you list are not being phased out because they were quads. The A340-300 was doing very well against the 777, however the A340-600 did very poorly against the 777-300ER. This is because the frame was too long and narrow, requiring extra reinforcement not to bend, thus ending up much heavier than the frame of the 777. The frame itself was grossly overweight, the extra engines were a rounding error.
The A380 was (and still is) extremely efficient (in terms of fuel burn per seat, at equivalent seating density), with a fuel consumption similar if not better than that of 787s or A350s, despite engines one generation older. It is, however, way way too big. In the end flying empty seats is very inefficient. But that has little to do with having 4 engines instead of 2.
The re-engined 777-9 will certainly be the most efficient plane flying when it is launched in 2021. Yet sales are lacking. It may, like the A380, turned out to be too big.
The transition from 4 engines to 2 was accompanied by a great increase in systems reliability. Look up ETOPS for details.
The trade off between safety (loss of airframe) and reliability( plane has all engines functioning ) is complex. A 2 engine aircraft is more reliable than a 4 engine aircraft, but a 4 engine aircraft can still fly safely with less than 4 engines.
ETOPS made the design margins increase such that 2 engines would have identical safety and reliability.
The need for all four engines being operable isn't changed by the viability of 3-engine flight. Once the plane lands its grounded for revenue service, and even three engine ferry flights are a huge affair to pull off.
So, de facto, each engine is strictly required, and having twice as many as a twin, quad jets are half as reliable as a twin, all other things being equal.
(me: licensed dispatcher who worked with the BAE-146 for a time. Incidentally, "BAe" stands for "Bring Another Engine" <grin>.)
>>Software does not need to be this complicated.
>>Design a damned airframe that's airworthy without needing stabilization hacks.
In effect you are stating that you understand better than the hundreds of engineers involved with this project why these design trade-offs were made. Careful with that line of thinking. You're nearly guaranteed to be wrong.
There are a host of reasons for the design in place: Efficiency, ease of implementation, familiarity with the components/technology, reliabilty of subsystems, availability of components, cost, maintenance complexity, etc. etc. etc.
And, don't forget, efficiency standards. As the whole world freaks out about CO2 and global climate change/cooling/warming, and the insta-crowd 'air travel shames' those who use these magnificent machines, it's important to realize that some of these design decisions maximizing efficiency are the hereditary descendants of cultural pressures, too.
Not to excuse any engineering f-ups, but there's a lot more to it than just 'build a simple tube with wings and an engine.'
While your line of reasoning is sound in most scenarios, in this case, the why is pretty obviously written on the wall. The overriding reason why this hacky-hack software solution was slapped into the airframe was to keep from having to reclass the plane following the addition of too-large engines. Your reasons listed played into the design decisions that became MCAS, but the underlying reason as to why any of this nonsense was needed in the first place is because non-engineers forced a shitty situation on the people who actually implement these airframes.
Hacker News is frequented by engineers from multiple disciplines, including software engineering, and many of those engineers know the kinds of terrible design decisions forced by management that come about to make a quick buck. People are pissed about it due to this fact, and rightly so.
The lovely thing about HN is that that first half is probably indeed half of the people reading; whereas this same conversation on reddit might be 10% engineers, 90% echo chamber. That's at least my experience.
The reason for the MCAS hack was not any engineering wisdom but simply allowing them to build a completely different plane that they could claim was in fact the very same plane, and then sell it to airlines as such. While the aircraft manufacturing industry was decades ago heavily safety-focused, this oversight was possible because the FAA has resigned its regulatory powers to the industry's own "self-regulation".
When the purported self-regulation of a stock market company stands between making large profits, guess which one budges?
> The reason for the MCAS hack was not any engineering wisdom but simply allowing them to build a completely different plane that they could claim was in fact the very same plane, and then sell it to airlines as such
The idea that MCAS is some kind of 737 emulator intended to keep the plane under the 737’s certification, and that without MCAS it would have needed more thorough training, is a persistent myth on HN.
The reality is that MCAS exists because without it the 737 MAX’s aerodynamics are uncertifiable no matter how much training pilots were given.
During testing the MAX was discovered to have an inverted force curve on the stick approaching a stall — as the aircraft approaches stall angle, forces flip around and it becomes easier to pull the stick back (into the stall) than push it forward (out of the stall angle).
This violates a fundamental airworthiness requirement — commercial aircraft cannot be certified as airworthy if the stick forces invert.
MCAS “solves” this by commanding the stabilizers down when it thinks the airplane approaches stall — effectively using the stabilizer to put the forces on the stick that are “missing” due to the MAX’s aerodynamics, ensuring the force curve never inverts. MCAS isn’t really allowing the plane to pretend to be anything other than “a plane that doesn’t want to stall mid-air”.
Desire to keep the MAX requiring minimal training for 737 pilots (probably) drove the concealment of MCAS mentions from the manual, but MCAS would need to exist even if the airframe had been totally recertified from the ground up.
> In effect you are stating that you understand better than the hundreds of engineers involved with this project why these design trade-offs were made.
We don't know that any engineers approved this design. It could have been completely compartmentalized and approved by management only. We'll never know what the engineers said until there's a complete investigation and the engineers are subpoenaed.
Here's what we know so far about the 'engineers':
1) The MCAS software was outsourced.
2) MCAS as originally designed and submitted to the FAA didn't have enough authority to affect the plane in the needed amount, so Boeing increased it's authority and never told the FAA.
Point to speaks to a failure in basic engineering or a deliberate deception of the FAA. A competent engineering team should have been able to calculate exactly how much effect was needed before the plane left the ground. Sounds like they were winging it on this one.
I think the key thing is how the MCAS added new failure modes that the pilots where not briefed about.
There should be way more strict user interface requirements. Including how humans are supposed to react to failures and whether that makes sense from human psychology point of view
If the MCAS had informed pilots of a potential sensor failure, then there would have been a very good chance that the pilots would have been able to land the planes safely.
> If the MCAS had informed pilots of a potential sensor failure, then there would have been a very good chance that the pilots would have been able to land the planes safely.
Perhaps on the two crashes. We don't have any data on successful landings with MCAS disabled in very adverse flying conditions.
What if the plane is unsafe to fly without proper MCAS operation?
There should be a test that results in a plane crash with 50% of the simulations with MCAS behaving properly (IE, extreme weather, low fuel, land or die). Now during that same simulation, disable MCAS randomly. Also, there seems to be potential for the MCAS to come in and out based on disagreement (loose sensor wiring, etc), and see what the crash rate is for intermittent MCAS failures.
It's clear Boeing didn't do any of this kind of testing because they would have easily caught the failure modes that caused the plane to nose-dive into the ground. Completely predictable based on the behavior of the system.
An extensive rewrite in only a few months (they expect a return to service by the end of the year), involving a whole new paradigm of 2 computers monitoring each other vs the old failover mechanism. I'm sure the aviation industry has extremely stringent coding standards, but that's just not realistic and asking for bugs (aka risks to the safety of passengers and crew).
So claims Bloomberg. Since there seems to be overwhelming consensus in this thread (that I also agree with) that it would be colossal stupid, I'd wait until we see confirmation from some other source. Bloomberg hasn't had the best record with facts or nuance in many stories recently.
> Design a damned airframe that's airworthy without needing stabilization hacks.
The 737 Max is stable, as all commercial aircraft have to be. MCAS is not a system to take an unstable 737 and make it stable. It's a system that was meant to take a changed 737 and make it fly nearly identical to a previous 737, so pilots didn't have to get a new type rating (a very big deal for airlines).
Juan Brown, a commercial pilot and certified flight mechanic, on YouTube has a (great series of videos)[https://www.youtube.com/playlist?list=PL6SYmp3qb3uPp1DS7fDy7...] talking through the mess that is Boeing made of MCAS, including what the actual problem is.
Isn't there massive avionics commonality with all other modern Boeing AC? On the Airbus side, all types from A320 to A380 share a significant common core.
A decade is too long but I agree with your sentiment. The underlying problem with the 737 Max was commercial pressure leading to cutting corners and creating an unsafe plane (or plane with an unsafe core component) ... and now commercial pressure is again being applied on their R&D teams, which are probably scrambling because they know every day means millions in losses. That's not a great environment for quality and safety.
Boeing has to come out and say that the plane won't be back until at least 202x to take the pressure from their engineering and testing teams, so they can salvage this plane (and it may not be salvageable), instead of doing this month-to-month thing where they are hoping the FAA will sign-off on whatever latest change they put out.
Boeing makes up 8.8% of the Dow right now, the largest component. There is a lot of pressure from the finance community and the government to get this recertified to keep the stock market from going down.
That is incredibly misleading. The Dow is not representative of the entire stock market anymore. The S&P 500, which is only the 500 largest public companies by market cap, has a combined market capitalization of ~$25+ trillion. Boeing has a market cap of ~$200b, so that represent 0.8% of the total. If you include the top 3,000 public companies (i.e., the Russell 3000), the combined market capitalization is over $32 trillion. The idea that regulators at the FAA are going to let them fly a dangerous plane "because of the stock market" is absurd.
You can argue for days about your favorite index, but the Dow is printed on every financial news channel, every newspaper, every finance and trading site, every evening news show. You are naive if you think the Dow doesn't matter, or that the largest military supplier doesn't have large influence over government and finance.
How many people actually agree? Yes, if you ask them, the social costs and gains of each answer being given means most will disagree. But is that actually what we value more when their isn't a social cost to being honest with the 'wrong' answer? Is that what our actions speak too? I think we live in a world that puts a value on the plane crash and sees a certain level of cost from plane crashes as acceptable in the payoff is high enough. And this isn't unique to just plane crashes, look at what movie and music stars are allowed to get away with that would quickly get you or I a 20 year prison sentence.
The thing is, if they don't actually get it right, and another plane crashes, the stock is going to take a massive hit. So even if all you care about is the stock price, you have to get the fix right.
While enough crashes will hurt the stock, I don't think this is enough of a counter to the existing pressure because it is possible to modify a business in a way that increases stock value, sell the stock, and then let others take the losses when the public perception hits the point people stop buying the product (in this case, stop using flights flown with Boeing airplanes).
This is an engineering boondoggle and an embarrassment for Boeing. Software does not need to be this complicated. Design a damned airframe that's airworthy without needing stabilization hacks.