PPRuNe Forums - View Single Post - Ethiopian airliner down in Africa
View Single Post
Old 29th Apr 2019, 15:18
  #4577 (permalink)  
L39 Guy
 
Join Date: Jul 2011
Location: Canada
Posts: 55
Originally Posted by PerPurumTonantes View Post
Rubbish. I have 21 years in safety related systems including design and certification and you NEVER, NEVER use a single fallible input to drive a safety critical system. And then to give it full authority driving a critical control surface, allowing it to trim full down? Breathtaking incompetence. Also, you ALWAYS design to fail-safe. This doesn't mean what most people think. It doesn't mean it will never fail. It means it will fail in a safe state. AOA disagree is an absolute obvious failure and yet MCAS failed in the most unsafe state that it could possibly have.

A 16 year old electronics student with a week's training in safety related systems design would have done a better job.
Newsflash: the entire stabilizer trim system in the B737 is a single point of failure system - there is only one electric motor, there is only one screw jack and any of these can (and have failed) and that is why there is and has been for the past 50 years a Stab Trim Runaway checklist that disables this single point of failure system and the pilot intervenes and trims the aircraft manually. And, a stab trim runaway Aircraft Nose Down (AND) exhibits the same characteristics as an MCAS failure and send the aircraft hurtling toward terra firma; a stab trim runaway Aircraft Nose Up (ANU) will send an aircraft towards the heavens and a stall combined with gravity will quickly bring it back to terra firma.

There are numerous other systems in aircraft which are single point of failure which require pilot intervention: engine failures, for whatever reason, are one. Pressurization where the motors controlling the outflow valves can fail and human intervention is required, hydraulic systems where if the main system fails certain services are not available (Centre system in the large Boeings as an example).

I can go on and on with other examples of systems in aircraft which are not a "single fallible input to drive a safety critical system". In some cases like an engine failure, there is no possible solution to get around this due to physics so that is why we have trained, professional pilots flying airliners and why there is a separate endorsement to fly multi-engine aircraft. We do not live in a utopian world in aviation so we manage it by education and training.
L39 Guy is offline