Your the first to say this isn't due to new wire separation rules that went into effect after the NG was certified.
All the other comments/reports have said it was related to changes in the rules that make the separation used on the NG no longer compliant.


Per Boeing the wiring in the areas of concern wasn't changed so it wasn't looked at.
They changed the "logic" in the console (signals/power passing through the switches and relays), but the same wires/signals eventually run out of the cabin to the tail. I'd have to go back and find both diagrams but I don't remember any new wires/signals compared to the NG.

Now whether the changes that were made would lead to a re-examination of the wire bundling/routing from cockpit to tail I'm not clear.
My inclination is that no, the wiring would not be looked at as they weren't changing it.
The new SSA would not have looked at the prior unchanged aspects for the unchanged portions.

And I'm still not clear where the possibility of a runaway that can't be stopped with the cockpit switches comes from.
If anything there are now 2 switches in series that cut the signal to the motor vs the old setup with parallel paths in the cockpit.
But either way there was just one signal going back to the tail.


I guess I need to find the wiring diagrams again and look at it again. This wasn't the focus at the time I last looked.

That's a different issue. The uncontained engine failure issue is with the control cables, not electrical wiring.

I'm unconvinced the new engine/location is anymore likely to damage the cables. But I'm just a EE so may be missing something.
I'd love to see a comparative analysis, but alas I doubt sure will be made public.

If a power wire loses its insulation and a control wire loses its insulation and then something forces the conductors of the two wires together it is the same input as if a trim switch was used and happens downstream of the cutout switches, so it would not be stopped by opening the control wire enable switches on the console.

Eventually the way to handle this will be by avoiding simple on/off signals and require complex cryptographically signed handshakes between all control components. Recall the German plane that had the stick wired backwards? Easy-peasy. Put an accelerometer in the stick to compare it's movement to the control movement when the plane is on the ground. The aircraft company nearly killed everyone on the plane to save a couple of bucks in such a sensor.

A weak example of this communications protocol is used on cars for some functions with CANBus, where shorting power to a signal wire just disrupts every device on the network, so it's not a great drop-in solution for aviation. It does mean that a single wire can go to multiple devices to supply power and a single wire can carry comms, allowing a lamp holder to report to the car's computer that the lamp is not taking any current and is burned out; each component can self-test at startup and report the condition without having to have complicated test wiring on top of the function wiring. In aircraft the control could be over fiber-optic lines, avoiding short circuits, with a wireless option in case of major damage and local power for each actuator - nope, wait, that would be batteries and those are bad. Anyway, solving this sort of problem to 100% reliability is not easy.

But the power for the trim motor is fed through a relay (R64 in the attachment on this post https://www.pprune.org/10445311-post194.html) and that relay is only engaged (passing power) when the stab trim breaker is closed and the cutout switched are in the NORM position.

Also the control signals (up, down, etc) are 28V DC while the motor power is 3 phase 115V AC.

Using a complex, failure-prone system to cure a simply-fixed and rare problem is generally not a good idea - ask Boeing.

Quite apart from the fact that "an accelerometer in the stick" and its certification will cost a lot more than a few bucks (again, ask Boeing), anyone else notice the subliminal messaging going on here?

So we can only hope that the FAA management still feels the scars from the nose rings that were put on them by B. If I understand you correctly the knowledgable engineers would require the change on the NT as well. And probably not only through an AD.

Addressing a problem identified by an AD does not necessarily mean physical changes have to be made. Many AD's stipulate an immediate condition and conformity inspection and then an enhanced inspection regime. Is it unreasonable to think that the stab trim wiring issue could be handled in this way ?

Honestly, I wasn't going for subtle.
The fact is that every accident or design problem can be fixed, in hindsight, if enough cash is thrown at it. But that certification would have looked cheap if the German-owned plane had augured into a kindergarten. So, figure in the additional costs and embrace the inexpensive new tech and the chance to clear off a ton of human-error potential problems. I am unsure what additional certification cost there would be that it doesn't already have to go through. It's already electronic; add a chip and look for qualitative changes. But, since no one died -this time- no certifying agency is forcing the planes to be grounded until a fix is made. And no one is adding a new requirement for new aircraft to meet.

As it is that stick would already be priced the same a typical used car. Maybe this adds the cost of new floor mats and a full tank of gas.

It's hardly "failure prone" This is what accelerometers do. It's all they do and they are very good at it. What happened with Boeing is they trusted that pilots would catch any trim problems, correct them, and then cut off the problem at the knees. I'm suggesting getting pilots out of the loop entirely - which is the Airbus philosophy. It seems to be working for them and they are entirely electronics and cross-checking.

My understanding is that the wire isolation concern is with the potential for 28 VDC hot shorts to either the up or down control signal wires and the arm circuit wire (the circuit that closes the R64 motor power contactor relay). Those control and arm wires are routed together over much of their runs and are co-routed with numerous 28 VDC power wires. Hot shorts to the motor power wires themselves are not the issue.

If you look at the FAA's TARAM handbook, which contains internal guidelines for determining whether an unsafe condition exists on transport airplanes, it has a discussion of the fail safe design expectation for transport airplanes in section 6.1. It says, "If you determine that the condition violates the fail-safe philosophy, you should consider the condition unsafe regardless of the calculated TARAM uncorrected fleet or individual risk values." Here's a link to that document. Section 6.1 is on page 33.

https://rgl.faa.gov/Regulatory_and_Guidance_Library/rgPolicy.nsf/0/4e5ae8707164674a862579510061f96b/$FILE/PS-ANM-25-05%20TARAM%20Handbook.pdf

If the same type of stab trim wiring fault vulnerability as has been described for the Max exists on the NG, the FAA's own guidelines would classify that as an unsafe condition requiring corrective action via design change and an AD. However, it also would be an expensive change. In such cases, the decisions are often made by the leaders rather than via the normal process for more routine AD decisions. There's nothing necessarily wrong with that - as long as they make good decisions.

I perfectly understand what you are saying. But I am also aware that the FAA has been very "weak" when it came to other safety aspects in the MAX certification by accepting explanations from B about the categorisation "risky" or "potentially fatal" (don't remember the exact wording, but you know what I mean). IIRC it was something around MCAS / AOA / single dependency. THAT makes me think hard and THAT makes me hope that the FAA Mgmt still feels the pain.

Vulnerability is not a failure condition.

if it were lots of military aircraft would never fly.

In my view currently flying aircraft come under "continued Airworthiness" standards which take into account in-service experience including maintenance

The issue at hand with the max is its original certification basis and whether the data used was valid..

In that case the arm circuit and thus the cutout would stop the motor. Prior comments were saying that it couldn't be stopped by any reasonable crew action.
The post I replied to said "so it would not be stopped by opening the control wire enable switches on the console."
The cutout switches would do exactly what they are supposed to, disconnecting the power feed via the relay.

And other comments even implied that the trim breakers wouldn't stop the motor. Not sure where the breakers are, but I'll agree they may be difficult to reach quickly, but the cutouts are there specifically to stop runaway/unwanted uncommand movement.

The best I can tell it takes 2 signals to actual move the trim motor. The ARM signal form R1193 (MAIN TRIM ARM) enabled by the thumb switches (the upper set of contacts in the linked drawing) as well as the direction signals that pass through the limit switches.

So 2 control wires, 1 arm and 1 direction, would have to short to power. That just got a lot less likely.

Depending on where R850 (STAB TRIM INTERLOCK) is located on the NG, I might be more concerned about the NG wiring than the MAX.
(That diagram doesn't show how the NG FCC trim signals work)

What I was trying to say was that it may not be "unsafe" such as to require grounding or similar, but it may not be certifiable (enough) to issue a C of A to a new aircraft.

The criteria for certification of military aircraft are not the same as for civilian air transport aircraft....

.

Adding to a sense of mounting anxiety, Boeing's new Chief Executive Officer Dave Calhoun was forced to apologize to senior staff after a rare attack on his predecessor and company leadership, which sources say provoked criticism from within the senior ranks of the company as well as the rank-and file.

Calhoun, who took over as CEO in January after serving about a decade on Boeing's board, told senior staff by email on Friday he was "both embarrassed and regretful" over his comments in a New York Times interview earlier in the week.

"It suggests I broke my promise to former CEO Dennis Muilenburg, the executive team and our people that I would have their back when it counted most," Calhoun said. "I want to reassure you that my promise remains intact."

https://au.yahoo.com/finance/news/bo...143002565.html

How Boeing Lost Its Way. Found this video which looks at the whole Boeing fall from grace thing through the lens of corporate greed. Interesting bits about Boeing share buy back strategy, a tool used by companies to raise their own share price.

The FAA written policy and practice for decades in managing continued operational safety has been that a potential single failure (such as a wire bundle fault condition), unless that failure can be agreed to be effectively impossible, does not meet the fail safe standard intended to be applied to nearly all aspects of transport airplane systems design, and warrants corrective action. (There are a few specific exceptions to this standard due to practicality issues - turbine engine rotor failures for example.) I posted a link to the applicable policy above. The FAA has issued numerous airworthiness directives to address potentially catastrophic failure conditions resulting from a single failure even when that condition, or the initiating single failure, is not known to have already occurred in service. That was the basis for my comment on the stab wiring of both the Max and the NG.

Interesting video. Boeing spent 32 B on stock buy backs in the last 10 years. The oft quoted number to develop a new single aisle is 6-10 B.
If they had spent the cash 10 years back and started in on a 737 replacement right now it would seem like a bargain.
Irony is if they had - they would have been slated for it.
When did the 787 program stop bleeding money?
20driver