Originally Posted by
Loose rivets
Quote: ”By stopping any erroneous uncommanded movements automatically, the redesign takes the response out of the pilots’ hands altogether. ” What is it supposed to mean? Movements that are un-commanded, presumably meaning by the pilots, must mean movements made by MCAS. These are now going to be stopped automatically.
MCAS did not fail.
Correct.. worked as specified..
Originally Posted by
Loose rivets
Where are the erroneous un-commanded movements going to come from, given the quote implies it's not from the pilots and MCAS has been made safe?
From hard electrical faults e.g. welded relays, or faults in wiring looms. Or from soft faults aka. SEU (Single-event upset).
I have been wondering why there is so strong belief in that fixing the MCAS algorithm makes the aircraft safe, when it is not unlikely that a SEU generates a runaway even if the MCAS algorithm is deleted from the system. I.e. the risk of a software introduced runaway theoretically exists on the NG, except the NG still have the cut-out switches on the yoke.
My understanding of CS 25.671/25.672 is that, either: A trim runaway must be “extremely improbable”, this require a DAL A architecture all the way from sensor to actuators. Or be capable of continued safe flight and landing following runaway. The last claim have been proven impossible, so DAL A it is.