Originally Posted by PiggyBack

I am not a pilot so my view may not be correct but I do design systems with functional safety requirments and I profoundly disagree with this. A system which cannot tolerate a single fault without entering a dangerous state which requires prompt action to prevent a catastrophe is not safe paticularily when at least one of the failures can occur in a high workload situation, must be responded to within a time limit and will generate misleading and distracting warnings. I am confident that I and all the teams I have worked in would have anticipated this would cause problems and would not have considered it an acceptable design.

Yes we are all human and may overlook failure modes with common causes or fail to understand complex interactions between sub-systems but this was just straightforwardly poor design which should have been identified as such.

The idea that Boeings big mistake was 'to underestimate the public and to some extent the industry's interpretation of two failures' is shockingly callous given the death toll and relatively small timespan. As far as we know the scenario concerned has occured three times and only been survived once and then perhaps a little fortuitously.