Newsroom - An Update on the Boeing 737 MAX - American Airlines Group, Inc.
NEWS RELEASE An Update on the Boeing 737 MAX 9/1/2019 Updated Sept. 1, 2019 at 9 a.m. CT. Cancellations extended through Dec. 3 American Airlines remains confident that impending software updates to the Boeing 737 MAX, along with the new training elements Boeing is developing in coordination with our union partners, will lead to recertification of the aircraft this year. We are in continuous contact with the Federal Aviation Administration (FAA), Department of Transportation (DOT), National Transportation Safety Board (NTSB) and other regulatory authorities. American is extending cancellations for the MAX through Dec. 3. By doing so, our customers and team members can more reliably plan their upcoming travel on American. In total, approximately 140 flights per day will be canceled through Dec. 3. Our Reservations and Sales teams will continue to work closely with customers who are impacted by these cancellations. |
Originally Posted by Loose rivets
(Post 10559523)
Did we know that MCAS was mentioned loud and clear in a Brazilian ODR table dated January 18?
https://www.quora.com/How-safe-is-th...comment_type=2 I've just had a 'comment' to a post I penned on Quora quite a while ago. It shows a copy of the page. Sadly, what is a good forum for science is spread over many subjects and is not structured in a way that gives easy references. However, click 'more' and scroll to Phil Seely's pictures. I found the original document on the Brazilian ANAC site. The MCAS reference is on page 18. |
Is it plausible that there is an ongoing broad evaluation of the proposed modifications by the various international authorities without any leakage of these?
It seems more likely that we are still in closed doors negotiations between Boeing and the FAA to define what changes must be made. That suggests the timeline is slipping. |
Can we entertain ourselves with a slightly different but related issue? How will 777X be certified? Will (Can) EASA, TC and CAAC demand their own certification? I doubt anyone in the world trusts Boeing or FAA with certification process at the moment. As a matter of fact their own senate doesn't trust them in that regard.
|
Originally Posted by Notanatp
(Post 10558866)
I have no information about what process Boeing actually followed for the design and verification of MCAS, either initially or as it evolved to encompass a second requirement (i.e., low speed maneuvering). I don't know what kinds of specs were written, what kinds of reviews were held and what kind of testing was performed. But whatever process they followed, coding input validation and output constraints would have cost no additional money. Someone would have just had to think of it and do something reasonable. The more formal the process, the more likely this was to happen. But even with no formal process, it is really difficult to understand why the people who implemented MCAS didn't think of any of this.
I don't see the solution as being primarily software either although software will certainly be involved. The best solution woudl be an intrinsic one, remove the need for the system to be present at all, this isn't going to happen. The next best solution is one which cannot fail unsafely due to a single failure. Various ways seem possible to achieve that but they are not purely software and they will take time to develop, verify and certify. |
I have been wondering for a few weeks now myself, how any future Boeing manufactured/produced aircraft may be certified too. Glad others have the similar line of thinking too! Might delay the 777X for a time, certainly a new NMA design/project. Of course they can try the old 747-400 trick again by just updating engines on B757/767, ho ho!
|
Originally Posted by esscee
(Post 10559851)
Of course they can try the old 747-400 trick again by just updating engines on B757/767, ho ho!
And that right there ladies and gentlemen is the elephant in the room, Boeing took and lost the gamble in 04’. The 757 had the main gear clearance and chord to have enabled a reengine, the 321XLR couldn’t have come at a better time! |
Originally Posted by PiggyBack
(Post 10559823)
I think it is a mistake to focus on the software and software development process. Certainly it would be sensible for their to be input validation/plausibility checks and these may or may not be present but the big issue was in the system design. It is quite clear that at a system design level this function and the software associated with it were not assessed as having a high safety impact. Everything flowed from this, a single sensor single channel system vulnerable to a single failure in a whole range of areas including the software design and implementation.
I don't see the solution as being primarily software either although software will certainly be involved. The best solution woudl be an intrinsic one, remove the need for the system to be present at all, this isn't going to happen. The next best solution is one which cannot fail unsafely due to a single failure. Various ways seem possible to achieve that but they are not purely software and they will take time to develop, verify and certify. And then someone comes a long and demands you to be more agile :ugh:. Just look at the suggestions to use multi core processors with multiple layers of non deterministic caching and predictive execution. Unfortuneately many managers are on the same "But my iphone can do this"-knowldedge level. |
Originally Posted by BDAttitude
(Post 10559903)
And then someone comes a long and demands you to be more agile :ugh:. Just look at the suggestions to use multi core processors with multiple layers of non deterministic caching and predictive execution. Unfortuneately many managers are on the same "But my iphone can do this"-knowldedge level. |
Originally Posted by Speed of Sound
(Post 10559982)
How long do you believe that new aircraft systems can continue to be run on x286-based 16 bit processing? |
Originally Posted by Speed of Sound
(Post 10559982)
How long do you believe that new aircraft systems can continue to be run on x286-based 16 bit processing? The only real answer to that is "as long as people keep buying them", or just maybe "as long as they are allowed to". |
Originally Posted by Speed of Sound
(Post 10559982)
How long do you believe that new aircraft systems can continue to be run on x286-based 16 bit processing?
Originally Posted by bzh
(Post 10560000)
Another 30 years probably.....
The last commercial B737NG went off the assembly line only in the last few weeks, and they're still building P-8A & E-7 airframes that are B737NG-based. Boeing hope to build at least another 4,000 B737-8, -9 & -10 and possibly a few -7 too and unless they get a complete new FCC they'll all be running "x286-based 16 bit processing". At 60/month that's another 5 to 6 years production, and a reasonable proportion of them should last at least thirty years. So if everything goes to Boeing's plans, airframes will be flying that good old early-1980s technology until the 2050s or 2060s. Horrifying to contemplate |
So if everything goes to Boeing's plans, airframes will be flying that good old early-1980s technology until the 2050s or 2060s. |
Originally Posted by Notanatp
(Post 10558866)
The truth may eventually prove otherwise, but I have a hard time believing that someone told his manager that they should hold a design meeting to review the requirements and spec for the feature, and the manager said no. There may have been cost and schedule pressures that explicitly or implicitly discouraged a highly-formal development process for MCAS. But it smells more like a situation where the engineers involved simply didn't appreciate the risk presented and thought of it more as a bug fix or minor tweak not requiring formal process, rather than appreciating the risk but intentionally cutting corners on the sw dev process to save money.
“Take off your engineering hat and put on your management hat” Jerry Mason, a Senior VP at Thiokol, and the most senior manager present starts the Thiokol caucus by observing that the decision from here on will be “a management decision”, and that “Am I the only one who wants to fly?” Well-analysed here: https://clearthinking.co/the-telecon...fted-part-two/ Also https://www.onlineethics.org/Topics/...icationContent |
Originally Posted by RomeoTangoFoxtrotMike
(Post 10560807)
“Take off your engineering hat and put on your management hat” Jerry Mason, a Senior VP at Thiokol, and the most senior manager present starts the Thiokol caucus by observing that the decision from here on will be “a management decision”, and that “Am I the only one who wants to fly?” Well-analysed here: https://clearthinking.co/the-telecon...fted-part-two/ |
You're welcome. NASA went on to do it all over again with Columbia (ignoring prior engineering warnings about foam damage to the heat-resistant tiles).
The "normalisation of deviance" -- Diane Vaughan -- is a serious organisational threat in most modern businesses. |
Originally Posted by Smythe
(Post 10558896)
There is a threshold to where a new version is easily certified for use, (ie expedited review) but that is usually reserved for corrections or modifications to existing code. MCAS was an additional feature, so that would have caused a major level upgrade and the extended certification process.
The problem was the later modifications to that code were not seen as significant and thus not subjected to the higher level scrutiny. |
Originally Posted by ST Dog
(Post 10561000)
The original MCAS was reviewed and fully disclosed to the FAA. The problem was the later modifications to that code were not seen as significant and thus not subjected to the higher level scrutiny. |
The news today from EASA, doing their own certification.
"European Aviation Safety Agency (EASA) executive director Patrick Ky said there is “still a lot of work to be performed” before it will allow the Boeing 737 MAX to return to service. Europe’s aviation safety authority has criticized the way FAA has allowed Boeing to “auto-certify” the key systems. Ky told the European Parliament’s transport committee Sept. 3 that EASA has decided to recertify parts of the MAX’s flight control systems itself, oversight of which had been transferred to the FAA previously. “A lot of work is being done,” Ky said. EASA has been in close coordination with Boeing and the FAA for months. At this point the European agency is “happy” with some aspects of Boeing’s answers to its requests while there are others that “we need to discuss some more” and some issues still require more work." https://aviationweek.com/commercial-...eed-be-changed |
Originally Posted by Smythe
(Post 10561262)
The news today from EASA, doing their own certification.
https://aviationweek.com/commercial-...eed-be-changed Don't know if I'm especially unlucky, but the link wouldn't load until I removed the 's' from 'https'. It then loaded and re-establish the 's'. |
All times are GMT. The time now is 14:23. |
Copyright © 2024 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.