PPRuNe Forums - View Single Post - Boeing 737 Max Software Fixes Due to Lion Air Crash Delayed
Thread: Boeing 737 Max Software Fixes Due to Lion Air Crash Delayed
View Single Post
Old 15th Feb 2019, 14:05
  #66 (permalink)  
PEI_3721
 
Join Date: Mar 2006
Location: England
Posts: 997
Likes: 0
Received 6 Likes on 3 Posts
yo gums, et al,
From your wide experience, the role of an aircraft influences the stability requirements. A ‘bomb truck’ / dive bomber (SLUF) requires good speed stability, alternatively a gun aiming fighter needs the agility of less stable aerodynamics.
The quoted Voodoo is a well used example in test flying schools of how pilots are able to fly an ‘unstable’ aircraft; stick force - trim / position reversal during transonic acceleration. The alleviating context includes routine familiarity within the heart of the operating envelope, technical knowledge, awareness, and military training.
Conversely the rare - to be avoided, low speed operating envelope of a civil aircraft requiring stability ‘enhancement’ should not be considered normal in any respect.

The 737 MAX is a ‘new’ aircraft requiring low speed stability enhancement. MCAS provides this; the design concept and normal operation is not a problem, the implementation appears to be. Sensor failure can pose significant difficulties for pilots in both understanding and continued operation.

Situations involving the failure of an AoA vane in older designs are arguably safe, being dependent on pilot intervention. e.g. in legacy aircraft, AoA failure might only give a false stick shake at lift off. The alleviation is that with three independent speed displays a hazardous low speed situation could be quickly identified, deducing that the stick-shake is false.

However, with EFIS and the salient AoA derived low-speed awareness, the situation is increasingly complex - need to cross-check speeds and / or low speed awareness. Add to this several consequential ‘disagree’ alerts, then whilst the three airspeeds might agree (depending on ADC corrections - AoA input), the two low speed awareness symbols could disagree.
Stall margin is directly related to stick-shake, which with mismatched displays could be the dominant factor in concluding unreliable airspeed - yet speed could be reliable. Situation resolution takes longer, higher airspeed evaluation.

Failure of an AoA input into MCAS could be alleviated by requiring an AoA disagree alert (currently an option), and an abnormal drill requiring stab trim to be selected off before selecting flaps up. This also requires a caution about low speed handling with high thrust. Yet it is in this same situation of reduced stability safety-margin due to MCAS ‘failure’ where the low speed awareness indications are inconsistent, and with a false stick-shake and ‘disagree’ alerts, stemming from the interconnectivity of systems. The situation could be (should be) judged beyond normal piloting ability, particularly with several consequential alerts without related explanation.

This highlights the problem of the complexity of modern designs, where neither crew or maintenance can have a complete understanding of the interactions and consequences, and the need for a comprehensive checklist and maintenance guide.
In addition to the usual probability based risk assessment (future risk is always a guess), it is necessary to consider the amount of uncertainty the operator will face; to be alleviated with alerting indications and check-list / maintenance guidance, and prior knowledge and training.
The regulators and manufacturers might disagree about these aspects, but that’s being human, including hindsight.
Once bitten, ………, change the design.

Last edited by PEI_3721; 15th Feb 2019 at 16:18. Reason: Typo
PEI_3721 is offline