Originally Posted by
CurtainTwitcher
Boeing unwittingly performed a very large scale statistical study. Given Boeing's aim was to change as little as possible in the MAX, virtually everything was constant with the exception of the MCAS software (engines and other changes have not been implicated in the accidents). Exactly as you state, same crew, same training, even the same problems & vulnerabilities with the AoA sensor (same part number, willing to be corrected). That single change has been the software.
I hate to correct posts which I basically agree with, but that "single change" bit isn't actually true. There were
hardware changes too, one in my opinion, critical.
MCAS overrides the aft-column cutout switch (not the console cutout, the one which cuts off automatic trim movement if the column is pulled far enough back) that is a
hardware change. In addition to that (and possibly related - haven't seen any convincing explanation of why) the console stab trim cutout switches had a wholesale rewiring and renaming, changes that I don't think we yet understand the rationale behind or the impact of (one hopes Boeing does, but I would no longer assume that...).
The aft-column cutout would have prevented the crashes, period. Overriding it
should have been a red flag. I don't
know, but I can pretty much guarantee that it wasn't put there decades ago because a design team had a few spare switches and relays to use up on a Friday afternoon after a hard liquid lunch in the pub. The fact that it was necessary to override it to make MCAS work at all,
doesn't justify doing it - it should in fact have been a flag that MCAS was
wrong in principle. To my mind, if, to get your change to pass (safety) certification, you have to override a decades-old flight-proven safety system (that is part of the overall grandfather certification you a relying on),
you are doing it wrong. You don't make things safe by overriding (existing, proven) safety systems.
Now, I'm well aware that that is "gut feel" engineering and that it isn't done that way and that there is a whole system of procedures, analyses, calculations, checks and balances that ensure that you changes to a legacy system don't screw it up... well, they didn't
work. Sometimes when procedures, calculations, computers, all say something is right, your gut still says it's wrong, and sometimes the gut is right, listen to it and override it at your peril.
Overriding that switch was the point where, I think, Boeing threw their (pilot is ultimately in charge) flight controls philosophy out the window and sent the planes into the ground/sea. They headed down the Airbus HAL-knows-best route,
without the backing of a properly redundant sensor system (which still ****s buses sometimes) to tell HAL what is actually going on, and now they get to repent at leisure.
[end rant, back to lurk mode...]