[QUOTE=Chronus;10452687Automation is therefore the way forward and that involves a cost for knowledge and learning from many mistakes. It was so in the past, where the process involved the misfortunes of many, so it will be in the future. This particular incident shows that until such time when machines are free from mistake, human fallibility shall remain. For reason that their fallibility is replicated in any machine they design and manufacture. Perhaps AI will resolve this weakness and we shall have machines designed by machines. Then we shall have fulfilled our pursuit for excellence. Don`t you remember when you were first instructed in Instrument Flying, I do. I was told trust your instruments.[/QUOTE]
Do we also need to learn again how tires are manufactured? Millions of cars are driving perfectly safe but still cheap chinese wheels crack because they are manufactured cheap and without x-ray check.
Hundreds of millions of cars have ESP, a system which could easily block single tires on the highway without a chance to react before hitting a tree. Still I have not heard of a single accident. Cost pressure on such systems (ESP, engine ECU, gearbox ECU...) is by orders of magnitude higher than in aviation. You're not counting fractions of cents in aviation. On the other hand lines of code are not considered cost-relevant within automotive, a programmer more or less does not really matter. It should be the same in aviation.
Almost every function within a car is single-point-fault tolerant if a defect would stop the car. Single point fault tolerance is not restricted to safety, but also extended to 'limp-home' to the garage and any other function which would be more than annoying in case of an error. So why the heck didn't they just compare 2 (already existing) sensors? Every system engineer would (if allowed to). Emission standards require such a 2oo2 to avoid abnormal emission (..of a single car in case of random HW defects).
In addition, EVERY sensor is usually range-checked. Why would you activate a 'stall-avoidance feel' if the AoA is at its mechanical limit which would mean the aircraft is flying backwards or is in free-fall?
Designing such a system in a safe way is nothing new, it is state of the art for >20 years. SW is controlling your car's engine and acceleration, brake (ESP), airbag, gearbox, there are fly-by-wire systems, trains, signals and so on. If you want to see state of the art safety:
This robot could break their necks or dump them into the ground with a fraction of it's available force. Instead it' perfectly safe.
But the process is costly and takes time. And it requires qualified engineers and a safety culture and a certain independence & priority between commercial interest and safety requirements.
To me it looks like Boeing was putting the priority on sales, not on safety.
Open any ISO/IEC on safety, you will probably find a list of sensor plausibilisation methods and how safe they are considered to be. The simple ones (range check, considered 60%) would have saved 1 aircraft, the better ones (2oo2, linearity... (90%/99%)) both.