Originally Posted by
ecto1
It's time to roll up our sleeves and produce good computer systems for planes. Systems in which sensor signals jumping straight up to off - the - scale - high are automatically rejected and have zero impact. For a start. Updating whichever rules as we go to keep a cheap but much safer solution.
In general, the industry does, and overall does a very good job of it. Input value filtering is normal, and even the A330 that nose-dived in cruise had computers which did. It was done inappropriately, but most of the time the erroneous values were rejected.
The problem here lies much earlier, in specifying the requirements for MCAS. More specifically, the failure modes and the severity and likelihood of each were not properly analysed.
We totally know how to do it right, it's just we forbid ourselves to do it by all sorts of rules and bureaucracy. Let's not accept another band aid.
Au contraire. Aviation is the industry which mandates appropriate techniques. They are well-known, and used.
Add-on systems that bring airliners back into compliance, which are not by themselves aerodynamically completely compliant to regulations, are literally as old as jet airliners themselves. Many types have stick-nudgers or stick-pushers, and they work fine, and are perfectly sensible to use. But that does not mean one can skip due diligence in developing them, which includes a thorough risk and hazard assessment.
Bernd