Don’t post often – but my observations FWIW. Firstly, I have 35 years aviation experience mostly military but my last 14 years are in flight testing and last 11 years on fairly complex unmanned systems.
Observation 1 - Having spent weeks of my life looking at Failure Modes Effects Analysis (FEMA) spread sheets/matrixes. It seem inconceivable that the Boeing engineers would allow a single point of failure (AOA vane) to result in a catastrophic failure ( lost of life). If they did and convinced the regulators of that, then this is criminal. Personally, I don’t believe that – the loss of an AOA vane and utilisation of MCAS would need to be mitigated to be a safe event. That said without seeing the analysis and the mitigation strategy if remains on the table for discussion and it could be that the mitigation was poor – but well argued to allow certification. So, the big question is how did they mitigate this event??
Observation 2 - Since the day I first strapped myself into an aircraft, I have made in my professional duty to understand the aircraft system I am flying in and have always studied and learnt from other accidents and incidents. If I was a Max 737 pilot ( I am not) I would be damn sure I knew everything about the Lion Air crash and these forums are a superb learning aid tolerating from these rare and unfortunate accidents (thank you to the many contributors who encourage learning and data gathering). I would expect I am correct in thinking that all 737 Max pilots would also be doing the same. So the next question is would the Ethiopian crew know how to handle initiation of the MCAS? The answer must surely be yes.
Obseravtion 3 - The Ethiopian aircraft landed fully serviceable (so we are told) and on an almost perfect weather day had immediate issues on take-off with systems (Airspeed/AoA)!! What are the chances of this – AOA and pitot static systems are normally very, very reliable (except in very poor weather conditions or if someone leaves the covers on or insects get into them!). However what about if sabotaged or damaged by ground handling equipment and not reported. That said most of these potential gotcha's should be picked up by people on the ground (i.e. flags in place) or on the take-off run (odd read outs) – so I don’t buy this.
Observation 4 - In my 14 years of flight testing the biggest issues are the “we didn’t expect it to do that” when testing software-based systems, normally in the rig but occasionally in flight. Software engineers are great at solving problems quickly but understanding the impact of those changes across the whole system is both very costly and timely and there is no way of knowing if you have covered all eventualities. One accident ( unmanned – total hull lost) was the classic swiss cheese of numerous low (ish) probability events leading to a piece of logic with told the aircraft it was on the ground (WOW activated) when in fact it was still flying at 30ft on approach – the WOW logic was to push the nose fully forward and doing this at 30ft was not a good outcome!! Almost immediately the logic that caused this accident was determined and the software guys admitted that they didn’t envisage the 2 other failures occurring that led to this event – how could you? This is the nature of the beast. So, are we seeing something new and unexpected with the Ethiopian crash. The FDR and CVR will almost certainly give the evidence required to gauge the set of events and actions that led to this horrible crash.