Originally Posted by ecto1

I think there is a reasonable consensus (lest's say 50% chances) that vane shaft broke, keeping AOA vane attached or not, and subsequent alarms and checklists (both useful and useless) threw the crew out of balance. They didn't manage airspeed and lost ability to trim. They reengaged electric trim, was not strong enough either, forgot to CUTOUT, mcas trimmed down, EOF.

I think one of the biggest problems here is the compounding of stupidities. Each stupidity on its own is very much survivable, but all of them is a huge mess.

0. Of course MCAS MUST NOT BE operative with AOA disagree. Minimal software mod.

1. one AOA clearly fails, why not use a switch to transfer everything to the other (manually or automatically). It's a 3 way switch (AOA input L/NORM/R). In the event of stick shaker on, AOA disagree, check if any AOA is stupid (75 is quite stupid), switch to the other side, no more alarms in the cabin, crisis over in 10s tops. minimal wiring loom mod.

Even if you don't do it:

2. We have now perfect data about the influence of AOA over airspeed. 30 knots tops over the full AOA range and airspeed. Probably 15 knots 0 to 15 degrees 0 to 300 knts, probably less than 5 knots in the really tricky areas (slow). Upon AOA disagree, both airspeeds should use a default AOA value (4 deg maybe) instead of throwing UAS. and offer a reading with a possible +-7 knot deviation. But keep autothrottle and autopilot, maybe a caution message (airspeed calculation inacurate, stay 20 knots away from limits). Not a really disturbing unreliable airspeed, just because of a few knots. Minimal software mod.

3. Same with altitude. (altitude calculation inaccurate, stay 1000 feet clear from limits). Minimal software mod.

So that the only remaining alarm would be a stick shaker plus AOA disagree, and you still have autopilots. Much, much easier to handle. But if this is still enough for you to have the aircraft out of trim and miss speed management,

4. If speed goes over 280, message: reduce speed to regain trim ability). Minimal software mod.

My point is: most probably ANY of those mods would have saved the day, and all of them are pretty evident.

To me the problem is simply a huge lack of effort at design level to 1) Imagine 2) prepare for failures.

Chances are that the very same secuence of events, without MCAS final strike, has happened more than once before in other 737 variants (AOA fails, unreliable air data, stick shaker, big confusion, lack of proper aviation and or navigation and possibly all the way to overspeed and uneffective trim). Only without MCAS the aircraft would have been more or less in trim and therefore not nosediving and making the news.