Originally Posted by
andihce
SLF here, but with a background in experimental physics dealing with personnel and equipment safety in large-scale, hazardous experimental situations.
Assuming that both 737 MAX crashes were the result (in large part) of faulty AOA probe data, then we already know, from sad experimental evidence, that relying on one probe is unacceptable. With 2 hull losses in N (? - not a terribly large number) flights of this aircraft, the reliability statistics are hardly at the flight-safety-critical level.
Having an "AOA disagree" warning or AOA readouts for pilots is not necessarily going to help. I suggest that as a minimum, with only two AOA probes (and that should be the minimum number), that MCAS should shut itself down in an AOA disagree situation (with notification to the pilots). The principle here is "primum non nocere". The aircraft is not going to have an upset just because MCAS is not there on these rare occasions.
Furthermore, if AOA data is going to be used in this way (possibly killing people if it is wrong), further sanity checks should be applied to the probe data (e.g., AOA pre-rotation on take-off, consistency with inertial and other air data, whatever).
MCAS as currently implemented seems like a horrid kluge to a non-pilot, but I'm inclined to believe, from what I've read here, that with better engineering (and not too drastic a change) the 737 MAX could be restored to safe service.
I worked in fault-tolerant computing for some time and any single point of failure was something to be avoided at all costs. However, along come the mathematicians who say what is (a) the probability of an AoA failure? What is (b) the probability of a crew not being able to switch off a Stab Trim that is trimming against them - what probability do we have to meet. (c) if (a) * (b) is smaller than (c) -extremely improbable- then you meet the requirement. This type of reasoning is common.
Now that it is apparent that crews are
not able to cope with some things
unless well trained AND airlines are
unwilling to pay for the training. I would expect that first officers are about to be automated out (
is flying with HAL any worse than flying with a 25hour MPL?) and in some cases aircraft
will become autonomous. Note that MCAS was only there because there was a regulatory concern that
human pilots could mishandle the aircraft as the control column loads got lighter. MCAS does not operate with the autopilot controlling the aircraft as that is no safety concern.
Several articles in the media and statements by President Trump are that aircraft are too complicated. So are aircraft getting too complicated to fly? Or should that be that aircraft are getting too complicated
for humans to fly?
In a world where there are unmanned jet aircraft operating from carriers and doing air-to-air refueling, flying a 737 is seen (rightly or wrongly) as a simple task to automate - yes even a Cat II landing in an on the limits blustery cross wind to a wet runway.
And before people ask: Yes I would fly as pax in an autonomous aircraft.