It's a dessert topping, AND a floorwax!

Does the max still have the same FCC’s then? That archaic master/slave stuff and failpassive autoland?

Sounds like the MCAS solution might be all but there but they are now struggling with a much harder one to solve. I was wondering why the trip to Cedar Rapids when Boeing wrote the software. Looks like they are back at the FCC oem trying to show how two computers can self check each other and figure out who's wrong. Good luck with that.

From : "After Lion Air crash, Boeing doubled down on faulty 737 MAX assumptions
Nov. 8, 2019 at 6:42 pm Updated Nov. 8, 2019 at 7:57 pm By Dominic Gates" :

A flawed process
The U.S. House Transportation and Infrastructure Committee, which displayed one slide from Boeing’s presentation during an appearance by CEO Muilenburg at a hearing last week, provided all 43 slides in the document at the request of the Seattle Times. The presentation is titled “MCAS Development and Certification Overview.”

It notes that MCAS was not evaluated as an individual system that was “new/novel on the MAX.” The significance of this term is that the FAA is required to be closely involved in the testing and certification of any new and novel features on an aircraft.

Though MCAS was new on the MAX version of the 737, Boeing argued that it wasn’t new and novel because a similar system “had been previously implemented on the 767” tanker for the Air Force.

Yet MCAS on the MAX was triggered by just one of the jet’s two angle-of-attack sensors, whereas MCAS on the 767 tanker compared signals from both sensors on the plane. When asked after the second crash to explain why the airliner version lacked this same redundancy, Boeing’s response was that the architecture, implementation, and pilot interface of the KC-46 tanker MCAS were so different that the two systems shared little but the acronym."

How can Boeing seriously square these contradictory statements? MCAS is similar and dissimilar at the same time?

This is 'Alice in Wonderland' time :

“When I use a word,” Humpty Dumpty said, in rather a scornful tone, “it means just what I choose it to mean—neither more nor less.” “The question is,” said Alice, “whether you can make words mean so many different things.”

Good, except most of Alice's problems and the bulk of Alices certification was done before Trumpty actually moved in...

How can MCAS possibly be considered a stall ID system or even a stall warning system? Any system code which autonomously (and secretly) moves a barn door sized HS is a stall prevention system .

So I am sure this has already come up many times, but can the MAX be certified without MCAS even if that required a new type rating G-d forbid? My Lake Amphibian would pitch down with power increases and vice versa. That idiosyncrasy was covered in transition lesson #1.

Retrofitting logic like this sounds to me like an even bigger disaster-in-the-making than MCAS.

Triple modular redundancy has three systems and a majority voting system for a reason: if you can't trust a single module to be sufficiently reliable at performing its own operation, how can you possibly trust it to monitor the dual redundant module sufficiently reliably to trust it to shut it down!? And trying to add this on to a system that was never designed, in a rush to get ungrounded... sounds terrifying.

Stall warning OR identification? You may want to add avoidance or augmentation device since it applied control input. Now let me help you with the warning or identification part......MCAS neither warned nor identified pilots of a pending stall situation. Hope that clears it up.
The MAX needs to be re certified from scratch !

Yes. 80286s in the MAX, same master/slave for the flight directors. The master f/d also determines which FCC is being used.

It always strikes me that these arbitrary risk factors, which have to be complied with, would be completely different if the majority of people were born with twelve fingers, rather than ten.

Can we consider the presence of those 286 processors as confirmed ?

It has been "common knowledge" for a long time and I've never seen or heard otherwise from an authoritative source.

FWIW, the mere reliance on the 80286 doesn't really alarm me, but the magnitude of the task of fully reconfiguring the operation of the FCCs is . . . well, it's a very big deal.

It is understandable that Boeing considers changing the rudder cables routing "unpracticable".
But what is this copper foil shielding in a specific part of the wing issue ? Isn't it standard practice everywhere in the plane, and what is so special and so costly about the leading edge ?

I think placement of conductive membranes and similar elements varies by location. Some parts of the aircraft, wingtips, radome, empennage, etc. are much more likely to receive lightning strikes than other parts, e.g., the fuselage. So more protection is applied to the more likely target areas. Not sure where, on that "scale," the wing leading edges fall.

Edit: I found this article in B's Aero Magazine: https://www.boeing.com/commercial/ae...les/2012_q4/4/

Really? You think the nine bucks an hour guys in India understand the 286 and the special programming techniques it takes to efficiently program those systems better than a US engineer?
The real reason is obvious: the Silicon valley techie won‘t do the job for $9 an hour.

Those guys in India are the ones who haven't (yet) established resumes and contacts to get to Silly Valley with H1-B visas to get paid a lot more. The vast majority of them are quite capable coders.

Anyway, we've seen no evidence of problems with coding. MCAS seems to have done just what it was designed to do. That's the problem.

Circling greenbacks
 

Flight Alloy, if you can draw up (3815) hypotheticals for legally fraught scenarios and situations like that one, not to mention one relating spot-on to a prime example of piling on of failures, don't settle for just a law professor gig. There's not exactly a surplus of good writing in the legal academy that bears tight relationship to the real world - go for something like Deputy Directorial Authority for QC and Monitoring, for Resources and Curricular Materials [(Q)uality (C)ontrol].

From Boeing presentation to Congressional Hearing page 16 of 45The above is/are Boeing FACTS as presented to Congress in a public hearing - the next page has interesting graphics re limits

https://moneymaven.io/mishtalk/econo...kuZLkDJn3Jy8A/

KC .... huh?
 

From the Seattle Times "doubled down" article, this premise for a question, or two....
Boeing stated to FAA MCAS "wasn't new and novel because a similar system had been previously implemented in the 767 tanker for the Air Force..."

Is there a track record in existence for this level of flight control system or system components (meaning, the MCAS) being waved through because it had been part of an Air Force aircraft development program? Of any type of aircraft?; of a program taking an airliner airframe and converting it to a military type? (How about, and specifically a wide-body type decades after a narrow-body had been certified originally?)
If there is such a track record, specifically, how many types of aircraft, and what were they?
Were any of those aircraft (if any) the subject of quite serious procurement scandals, and/or continuing evident QC issues in the production (debris? debris left in a completed aircraft??)?
What data, if any, did the USAF possess, and act upon in deciding to accept MCAS in the KC-46 Pegasus based upon, that is as derived from, the 767 airliner, with respect to pilot reaction times? Are these data (if any) and the assumptions based upon them comparable to those relied upon in the MCAS proces?; if so, how and to what extent?
What is the total set of communications, bureaucratic and/or official information channels of exchange, and all other forms and modalities of comparative and/or collaborative analysis related to airworthiness and ultimately certification, between USAF with an existing aircraft program, and FAA for a pending cerification decision? In other words, seeing that information that MCAS was already riding along on the KC-46, does FAA just nod "okay yes" and draw the conclusion Boeing obviously was seeking - or if not, then what is the sum total of all types of information exchange between FAA and the Air Force? As a process generally, and specifically for MCAS?

This, as discovery will go (or, as this one atty contends it needs to go and should go), is just the start.

Dominic Gates - Seattle Times
 

Anyone else think Dominic Gates ought to be in line for something like a Pulitzer Prize for this continued attention to this?

Press reports indicate Boeing has been discussing a 'Future Small Aircraft' with US airlines. Had not heard that name before, maybe a straw in the wind?

The USAF has already publicly stated that the KC-46 MCAS system is not a concern - it is different then the Max implementation. How Boeing might have presented that to the FAA is another matter. If Boeing had kept the same design for the Max, one has to wonder if two crashes would have been avoided.
Air Force Magazine

The AF has also been public about halting deliveries of the KC-46 due to QC issues though I don't see where this would have any bearing on the Max. QC is not only an issue with new deliveries, it is also a maintenance problem (not necessarily a Boeing problem) on existing platforms.
https://www.airforcetimes.com/news/y...-debris-found/

I'll leave it to your imagination on how much one branch of the gov't keeps another informed. However, I'd suggest that the AF is under little obligation to provide design details to any other gov't organization beyond those that insure the aircraft can safely traverse commercial airspace controlled by the FAA.

I had heard talk about it as competition to the A220, but once boeing aquired embraer and the E-jet range it became a moot point and they went back the NMA

Probably referring to this etudiant, plenty of references to peruse.

https://en.wikipedia.org/wiki/Boeing...dsize_Airplane

I did hint a few months ago that Dominic Gates should be nominated for a Pulitzer Prize. His work is certainly merit-worthy, and the clarity of the writing is excellent. It may not be under the same personal and professional risk that some high profile stories attract, though there must be haters amongst the Boeing fan-boys. He likely has the backing of management, for all the extra attention this brings to the newspaper.

Edit: I did not realise there are so many categories. Hard to choose between investigative reporting, national news, explanatory reporting, etc. See: https://en.wikipedia.org/wiki/Pulitzer_Prize#Categories

And it is a real shame that a respected and pioneering manufacturer such as Boeing thought it would be OK to go to the cheapest option for modifying the program code, (no disrespect to the coders they did use). One would think Boeing would at least bring in the original programmers as consultants - there must be some of them still alive?

What has happened to Boeing’s pride in their products? It seems to have been replaced by greed for money, and that is a real pity.

What is the issue with using “old” CPUs such as 286s, as long as they can process everything at the required speed? Indeed, there is a lot to be said for keeping to a tried and tested CPU.

How much extra code can be involved in an AoA vane comparison routine? : If x = y then continue. If x ≠ y then goto: (routine to illuminate AoA disagree light, master caution and disable MCAS). Repeat.

(I realise there will have to be limit windows applied to how much of a difference between AoA vanes for how long will trigger the disagree routine, but it’s basic stuff and not nuclear science.)

I know. That was not my point. My point was that Boeing went the cheapest path regardless of where on this planet the most software expertise might have been located.

b1lanc, no material or significant disagreement to comments relating to, existence of MCAS in KC-46 for USAF.
Nevertheless in context of legal manuevers very likely to occur or which already are underway intensely . . . and these include the liability lawsuits for the crashes, the criminal investigations, and the SWAPA lawsuit....getting at basic, underlying factual sets can make a lot of difference (or all of it - "cases are won and lost in discovery").
As these matters stand now, based on publicly reported information, the questions about the interplay between the USAF tanker system and Boeing's discussions with FAA all would be ruled relevant for purposes of discovery (I think there could very well be some of Flight Alloy's "Sky Blue" retirement wheels involved in what gets unearthed, too); and in DOJ investigation on the prosecutorial side as well.
Not looking to drift on this, how these interactions will cycle into, and then out of, the intensifying legislative initiatives to re-do FAA delegation . . . I'll just nod in the general direction of a note OldnGrounded has sounded ( & others); this crisis is a very multi-legged and -footed beast, as the shoes keep...on dropping.

Complexity and quantity of software testing and validation B may be required to undertake could still be significant?

Been following this topic since the start and while I'm not a professional pilot I did work a lot on Avionics software in the 80s, none of this was flight critical but I did work a lot in fuel gauging, writing real-time software both in assembler and Coral 66 for 6502, 8031 and early versions of the 286 processors.

The most recent articles seem to suggest that alongside the MCAS SW changes B has moved (or been forced to move) the flight management computer from a simple dual-redundant system with a clear master-slave (active-passive) split between each "side" of the pair. To a semi "active-active" system where both sides are constantly checking each other and exchanging data/taking duplicate data feeds in real-time. If this is the case they will have a "shed load" of retesting to do. We did a similar thing way back when we modified a successful (and quite simple) fuel gauging platform used on a number of civil and military aircraft from active-passive to semi-active-active for a new airframe. We were finding race conditions, putting in semaphores and re-writing working code for nearly a year before the system was fit for purpose. There was little/no change to the functionality of the fuel-gauging S/W just the change of operations with respect to fail-over and real-time checking. Major project.

Typically each hour of software changes require at least 10 hours of testing in rigs before anything was near being suitable for flight testing.

We weren't flight-critical so we could fail hard and reboot it if things got messy. I would guess B don't have that option so god only knows how they are planning to deal with disagreement between each side of the system during normal operations, dual systems can't do majority voting :-). As a result, I would expect a number of new issues to be found in the system for some time after it has come back into service.

With respect to the comments on 286 I would guess these are all mil-spec components and will be around for many, many years (you can still get brand new mil-spec 8051s and I was working on those in 1985!). Flinging more modern CPUs at the problem is not likely to be a sensible approach and would require significantly more work to recertify?

I know the current issue is B specific but I also think that the "grandparent" rules aviation has been using for certifying new versions of older airframes will need some looking at in light of the Max issues?