Originally Posted by Peter H

As SLF and retired s/w engineer I find the discussion of high-reliability computer systems interesting, but feel that in this case it is misplaced.
MCAS's use of trim to provide feel may have "seemed like a good idea at the time", a cheap and cheerful sticking plaster. But once you consider
the costs of implementing it to certifiable levels of safety it's simply a blind ally.

If you don't use trim to solve a feel requirement, them MCAS triggered trim runaway is impossible. Use a stick-pusher type mechanism and
surely inappropriate MCAS activation becomes a minor embarrassment. (All the crews seem to have managed the situation for several
minutes, if all they had to do was pull back strongly on the stick...)

Regards, Peter

PS Of course this would still leave a few issues that need attention, such as:
- Due process for any criminal/professional derelictions of duty.
- Reducing the myriad of warnings triggered by a failing AoA probe, or at least simplifying their handling.
- Telling the pilots about MCAS (and providing at least minimally adequate training).
- Fix the non-functioning AoA-disagree warning (and ensure that maintenance protocols would actually test that it works?).
- Discover why MAX AoA probes seem to be failing so frequently (and if this high rate invalidates any probability-based safety assessments).
- Fix the emergency-trim system so it can be operated in emergencies.

PPS If you want to argue that the MAX need high-reliability computers to run any software handling of the stab, surely this argument
also applies to other variants of the 737.