MAX’s Return Delayed by FAA Reevaluation of 737 Safety Procedures
Thread Starter
Join Date: Apr 2015
Location: Under the radar, over the rainbow
Posts: 788
Likes: 0
Received 0 Likes
on
0 Posts
Really? You think the nine bucks an hour guys in India understand the 286 and the special programming techniques it takes to efficiently program those systems better than a US engineer?
The real reason is obvious: the Silicon valley techie won‘t do the job for $9 an hour.
The real reason is obvious: the Silicon valley techie won‘t do the job for $9 an hour.
Anyway, we've seen no evidence of problems with coding. MCAS seems to have done just what it was designed to do. That's the problem.
Join Date: Jul 2013
Location: Within AM radio broadcast range of downtown Chicago
Age: 71
Posts: 845
Received 0 Likes
on
0 Posts
Circling greenbacks
Flight Alloy, if you can draw up (3815) hypotheticals for legally fraught scenarios and situations like that one, not to mention one relating spot-on to a prime example of piling on of failures, don't settle for just a law professor gig. There's not exactly a surplus of good writing in the legal academy that bears tight relationship to the real world - go for something like Deputy Directorial Authority for QC and Monitoring, for Resources and Curricular Materials [(Q)uality (C)ontrol].
Join Date: Sep 2019
Location: leftcoast
Posts: 2
Likes: 0
Received 0 Likes
on
0 Posts
From Boeing presentation to Congressional Hearing page 16 of 45
The above is/are Boeing FACTS as presented to Congress in a public hearing - the next page has interesting graphics re limits
Enclosure to RA-19-00256
Page 14 of 43
System Level Functional Hazard Assessment (FHA)
Erroneous Inputs to MCAS Control Law
Erroneous inputs to MCAS control law could result in loss of MCAS function or
unintended MCAS activation.
Unintended MCAS activation due to erroneous input would still be subject to
the control law table limits encoded in the MCAS software (2.5 deg maximum
incremental stabilizer movement)
Unintended MCAS activation has previously been shown to be:
. Major in normal flight envelope.
- Failure can be countered by using elevator alone.
. Stabilizer trim available to off load column forces.
. Stabilizer cutouts available but not required to counter failure.
. Hazardous in the operational fight envelope.
. The probability of being outside the normal flight envelope is 10-3 (refAC 25-7C). Therefore, a condition that meets the integrity requirements for a Major within the normal flight envelope also meets the Hazardous integrity requirements for the operational fight envelope.
Page 14 of 43
System Level Functional Hazard Assessment (FHA)
Erroneous Inputs to MCAS Control Law
Erroneous inputs to MCAS control law could result in loss of MCAS function or
unintended MCAS activation.
Unintended MCAS activation due to erroneous input would still be subject to
the control law table limits encoded in the MCAS software (2.5 deg maximum
incremental stabilizer movement)
Unintended MCAS activation has previously been shown to be:
. Major in normal flight envelope.
- Failure can be countered by using elevator alone.
. Stabilizer trim available to off load column forces.
. Stabilizer cutouts available but not required to counter failure.
. Hazardous in the operational fight envelope.
. The probability of being outside the normal flight envelope is 10-3 (refAC 25-7C). Therefore, a condition that meets the integrity requirements for a Major within the normal flight envelope also meets the Hazardous integrity requirements for the operational fight envelope.
Join Date: Mar 2019
Location: On the Ground
Posts: 155
Likes: 0
Received 0 Likes
on
0 Posts
Join Date: Jul 2013
Location: Within AM radio broadcast range of downtown Chicago
Age: 71
Posts: 845
Received 0 Likes
on
0 Posts
KC .... huh?
From the Seattle Times "doubled down" article, this premise for a question, or two....
Boeing stated to FAA MCAS "wasn't new and novel because a similar system had been previously implemented in the 767 tanker for the Air Force..."
Is there a track record in existence for this level of flight control system or system components (meaning, the MCAS) being waved through because it had been part of an Air Force aircraft development program? Of any type of aircraft?; of a program taking an airliner airframe and converting it to a military type? (How about, and specifically a wide-body type decades after a narrow-body had been certified originally?)
If there is such a track record, specifically, how many types of aircraft, and what were they?
Were any of those aircraft (if any) the subject of quite serious procurement scandals, and/or continuing evident QC issues in the production (debris? debris left in a completed aircraft??)?
What data, if any, did the USAF possess, and act upon in deciding to accept MCAS in the KC-46 Pegasus based upon, that is as derived from, the 767 airliner, with respect to pilot reaction times? Are these data (if any) and the assumptions based upon them comparable to those relied upon in the MCAS proces?; if so, how and to what extent?
What is the total set of communications, bureaucratic and/or official information channels of exchange, and all other forms and modalities of comparative and/or collaborative analysis related to airworthiness and ultimately certification, between USAF with an existing aircraft program, and FAA for a pending cerification decision? In other words, seeing that information that MCAS was already riding along on the KC-46, does FAA just nod "okay yes" and draw the conclusion Boeing obviously was seeking - or if not, then what is the sum total of all types of information exchange between FAA and the Air Force? As a process generally, and specifically for MCAS?
This, as discovery will go (or, as this one atty contends it needs to go and should go), is just the start.
Boeing stated to FAA MCAS "wasn't new and novel because a similar system had been previously implemented in the 767 tanker for the Air Force..."
Is there a track record in existence for this level of flight control system or system components (meaning, the MCAS) being waved through because it had been part of an Air Force aircraft development program? Of any type of aircraft?; of a program taking an airliner airframe and converting it to a military type? (How about, and specifically a wide-body type decades after a narrow-body had been certified originally?)
If there is such a track record, specifically, how many types of aircraft, and what were they?
Were any of those aircraft (if any) the subject of quite serious procurement scandals, and/or continuing evident QC issues in the production (debris? debris left in a completed aircraft??)?
What data, if any, did the USAF possess, and act upon in deciding to accept MCAS in the KC-46 Pegasus based upon, that is as derived from, the 767 airliner, with respect to pilot reaction times? Are these data (if any) and the assumptions based upon them comparable to those relied upon in the MCAS proces?; if so, how and to what extent?
What is the total set of communications, bureaucratic and/or official information channels of exchange, and all other forms and modalities of comparative and/or collaborative analysis related to airworthiness and ultimately certification, between USAF with an existing aircraft program, and FAA for a pending cerification decision? In other words, seeing that information that MCAS was already riding along on the KC-46, does FAA just nod "okay yes" and draw the conclusion Boeing obviously was seeking - or if not, then what is the sum total of all types of information exchange between FAA and the Air Force? As a process generally, and specifically for MCAS?
This, as discovery will go (or, as this one atty contends it needs to go and should go), is just the start.
Dominic Gates - Seattle Times
https://www.seattletimes.com/busines...x-assumptions/
After Lion Air crash, Boeing doubled down on faulty 737 MAX assumptions
Nov. 8, 2019 at 6:42 pm Updated Nov. 8, 2019 at 7:57 pm
By Dominic Gates
Seattle Times aerospace reporter
Nov. 8, 2019 at 6:42 pm Updated Nov. 8, 2019 at 7:57 pm
By Dominic Gates
Seattle Times aerospace reporter
Join Date: Oct 2019
Location: Great White North of the 49th
Posts: 77
Likes: 0
Received 0 Likes
on
0 Posts
Limited? How bout non-existent. The vast majority of these techies weren’t even born when that technology was developed and it hasn’t been formally taught in eons. Sadly the best talent might very well be in India as they’re used to playing with our hand-me-downs. Such a sad state of affairs.
IMHO I can no longer see a long term path for sustained MAX production. The sooner they start a clean sheet with modern systems while getting a limping MAX back in the air is their best, and maybe only, option. The MAX can not survive as the malfeasance continues to emerge on an almost daily basis.
Limited? How bout non-existent. The vast majority of these techies weren’t even born when that technology was developed and it hasn’t been formally taught in eons. Sadly the best talent might very well be in India as they’re used to playing with our hand-me-downs. Such a sad state of affairs.
IMHO I can no longer see a long term path for sustained MAX production. The sooner they start a clean sheet with modern systems while getting a limping MAX back in the air is their best, and maybe only, option. The MAX can not survive as the malfeasance continues to emerge on an almost daily basis.
Join Date: Mar 2015
Location: North by Northwest
Posts: 476
Likes: 0
Received 0 Likes
on
0 Posts
Air Force Magazine
The AF has also been public about halting deliveries of the KC-46 due to QC issues though I don't see where this would have any bearing on the Max. QC is not only an issue with new deliveries, it is also a maintenance problem (not necessarily a Boeing problem) on existing platforms.
https://www.airforcetimes.com/news/y...-debris-found/
I'll leave it to your imagination on how much one branch of the gov't keeps another informed. However, I'd suggest that the AF is under little obligation to provide design details to any other gov't organization beyond those that insure the aircraft can safely traverse commercial airspace controlled by the FAA.
It makes you wonder if Boeing have any project managers left who remember a time when they didn’t dictate terms to the FAA. If their documentation is still wanting then it seems like they still don’t get it.
I had heard talk about it as competition to the A220, but once boeing aquired embraer and the E-jet range it became a moot point and they went back the NMA
Press reports indicate Boeing has been discussing a 'Future Small Aircraft' with US airlines. Had not heard that name before, maybe a straw in the wind
https://en.wikipedia.org/wiki/Boeing...dsize_Airplane
Join Date: Dec 2015
Location: Cape Town, ZA
Age: 62
Posts: 424
Likes: 0
Received 0 Likes
on
0 Posts
Edit: I did not realise there are so many categories. Hard to choose between investigative reporting, national news, explanatory reporting, etc. See: https://en.wikipedia.org/wiki/Pulitzer_Prize#Categories
Last edited by GordonR_Cape; 10th Nov 2019 at 16:53.
Really? You think the nine bucks an hour guys in India understand the 286 and the special programming techniques it takes to efficiently program those systems better than a US engineer?
The real reason is obvious: the Silicon valley techie won‘t do the job for $9 an hour.
The real reason is obvious: the Silicon valley techie won‘t do the job for $9 an hour.
What has happened to Boeing’s pride in their products? It seems to have been replaced by greed for money, and that is a real pity.
What is the issue with using “old” CPUs such as 286s, as long as they can process everything at the required speed? Indeed, there is a lot to be said for keeping to a tried and tested CPU.
How much extra code can be involved in an AoA vane comparison routine? : If x = y then continue. If x ≠ y then goto: (routine to illuminate AoA disagree light, master caution and disable MCAS). Repeat.
(I realise there will have to be limit windows applied to how much of a difference between AoA vanes for how long will trigger the disagree routine, but it’s basic stuff and not nuclear science.)
Join Date: Jun 2009
Location: in the barrel
Posts: 147
Likes: 0
Received 0 Likes
on
0 Posts
Join Date: Jul 2013
Location: Within AM radio broadcast range of downtown Chicago
Age: 71
Posts: 845
Received 0 Likes
on
0 Posts
b1lanc, no material or significant disagreement to comments relating to, existence of MCAS in KC-46 for USAF.
Nevertheless in context of legal manuevers very likely to occur or which already are underway intensely . . . and these include the liability lawsuits for the crashes, the criminal investigations, and the SWAPA lawsuit....getting at basic, underlying factual sets can make a lot of difference (or all of it - "cases are won and lost in discovery").
As these matters stand now, based on publicly reported information, the questions about the interplay between the USAF tanker system and Boeing's discussions with FAA all would be ruled relevant for purposes of discovery (I think there could very well be some of Flight Alloy's "Sky Blue" retirement wheels involved in what gets unearthed, too); and in DOJ investigation on the prosecutorial side as well.
Not looking to drift on this, how these interactions will cycle into, and then out of, the intensifying legislative initiatives to re-do FAA delegation . . . I'll just nod in the general direction of a note OldnGrounded has sounded ( & others); this crisis is a very multi-legged and -footed beast, as the shoes keep...on dropping.
Nevertheless in context of legal manuevers very likely to occur or which already are underway intensely . . . and these include the liability lawsuits for the crashes, the criminal investigations, and the SWAPA lawsuit....getting at basic, underlying factual sets can make a lot of difference (or all of it - "cases are won and lost in discovery").
As these matters stand now, based on publicly reported information, the questions about the interplay between the USAF tanker system and Boeing's discussions with FAA all would be ruled relevant for purposes of discovery (I think there could very well be some of Flight Alloy's "Sky Blue" retirement wheels involved in what gets unearthed, too); and in DOJ investigation on the prosecutorial side as well.
Not looking to drift on this, how these interactions will cycle into, and then out of, the intensifying legislative initiatives to re-do FAA delegation . . . I'll just nod in the general direction of a note OldnGrounded has sounded ( & others); this crisis is a very multi-legged and -footed beast, as the shoes keep...on dropping.
Last edited by WillowRun 6-3; 10th Nov 2019 at 11:57. Reason: (incomplete)
Complexity and quantity of software testing and validation B may be required to undertake could still be significant?
Been following this topic since the start and while I'm not a professional pilot I did work a lot on Avionics software in the 80s, none of this was flight critical but I did work a lot in fuel gauging, writing real-time software both in assembler and Coral 66 for 6502, 8031 and early versions of the 286 processors.
The most recent articles seem to suggest that alongside the MCAS SW changes B has moved (or been forced to move) the flight management computer from a simple dual-redundant system with a clear master-slave (active-passive) split between each "side" of the pair. To a semi "active-active" system where both sides are constantly checking each other and exchanging data/taking duplicate data feeds in real-time. If this is the case they will have a "shed load" of retesting to do. We did a similar thing way back when we modified a successful (and quite simple) fuel gauging platform used on a number of civil and military aircraft from active-passive to semi-active-active for a new airframe. We were finding race conditions, putting in semaphores and re-writing working code for nearly a year before the system was fit for purpose. There was little/no change to the functionality of the fuel-gauging S/W just the change of operations with respect to fail-over and real-time checking. Major project.
Typically each hour of software changes require at least 10 hours of testing in rigs before anything was near being suitable for flight testing.
We weren't flight-critical so we could fail hard and reboot it if things got messy. I would guess B don't have that option so god only knows how they are planning to deal with disagreement between each side of the system during normal operations, dual systems can't do majority voting :-). As a result, I would expect a number of new issues to be found in the system for some time after it has come back into service.
With respect to the comments on 286 I would guess these are all mil-spec components and will be around for many, many years (you can still get brand new mil-spec 8051s and I was working on those in 1985!). Flinging more modern CPUs at the problem is not likely to be a sensible approach and would require significantly more work to recertify?
I know the current issue is B specific but I also think that the "grandparent" rules aviation has been using for certifying new versions of older airframes will need some looking at in light of the Max issues?
Been following this topic since the start and while I'm not a professional pilot I did work a lot on Avionics software in the 80s, none of this was flight critical but I did work a lot in fuel gauging, writing real-time software both in assembler and Coral 66 for 6502, 8031 and early versions of the 286 processors.
The most recent articles seem to suggest that alongside the MCAS SW changes B has moved (or been forced to move) the flight management computer from a simple dual-redundant system with a clear master-slave (active-passive) split between each "side" of the pair. To a semi "active-active" system where both sides are constantly checking each other and exchanging data/taking duplicate data feeds in real-time. If this is the case they will have a "shed load" of retesting to do. We did a similar thing way back when we modified a successful (and quite simple) fuel gauging platform used on a number of civil and military aircraft from active-passive to semi-active-active for a new airframe. We were finding race conditions, putting in semaphores and re-writing working code for nearly a year before the system was fit for purpose. There was little/no change to the functionality of the fuel-gauging S/W just the change of operations with respect to fail-over and real-time checking. Major project.
Typically each hour of software changes require at least 10 hours of testing in rigs before anything was near being suitable for flight testing.
We weren't flight-critical so we could fail hard and reboot it if things got messy. I would guess B don't have that option so god only knows how they are planning to deal with disagreement between each side of the system during normal operations, dual systems can't do majority voting :-). As a result, I would expect a number of new issues to be found in the system for some time after it has come back into service.
With respect to the comments on 286 I would guess these are all mil-spec components and will be around for many, many years (you can still get brand new mil-spec 8051s and I was working on those in 1985!). Flinging more modern CPUs at the problem is not likely to be a sensible approach and would require significantly more work to recertify?
I know the current issue is B specific but I also think that the "grandparent" rules aviation has been using for certifying new versions of older airframes will need some looking at in light of the Max issues?
Join Date: Feb 2006
Location: USA
Posts: 487
Likes: 0
Received 0 Likes
on
0 Posts
All 43 pages of the Boeing presentation MCAS Development and Certification Overview.