The engines are larger than previous models and had to be moved forward, which causes it to (potentially) stall, so they implemented an anti-stalling mechanism called MCAS which relies on a particular sensor, which can malfunction potentially. They also didn't inform pilots that this system even existed which means they have trouble diagnosing the problem and will potentially only make it worse by trying other things.
Of course that's all speculation since we don't know much about this particular crash, but that's the main issue with them.
Note that the engines were moved forward because there's not enough ground clearance for bigger engines due to the grandfathered 1967-specified short undercarriage...
Bascially MCAS is a hack to cover a problem raised by trying to save money by pretending it's the same as a 52-year old airframe. Instead of just saying "let's do this properly ” and certificating as a new design with appropriate design features.
Minor nitpick. It's not that the engines directly cause stalls(EDIT: of course if you pitch up too much you will stall at some point). Is that they can cause some unintended lift in some flight configurations. So MCAS is supposed to pitch down (by trimming) to keep the attitude under control
Boeing's main argument is that the procedure for dealing with runaway trim is completely unchanged compared to other planes, so this shouldn't require any additional training.
I understand their reasoning, but it seems odd to not even inform that there was a change, so that this would be more on top of the pilots minds. It's even worse that the system engages as soon as flaps are retracted. Since 737's usually take off with at least some minimum flaps, and retract them soon after take-off once enough airspeed has been attained (but while the plane is still at low altitude), this is quite dangerous. Pilot workload is high at this stage and there is limited altitude to recover.
That said, since this issue is on top of everyone's minds, and US carriers have added the optional safety indicators, we are unlikely to see a crash any time soon. Pilots will be jumping to the override switches at any sign of trouble.
Didn't Boeing also market the plane as an evolution of the 737 that doesn't require retraining? So pilots with experience on the 737 can automatically fly the 737 Max?
Yes, but there are always going to be minor changes during each revision. Before the MAX there were the -600, -700, -800, and -900 series 737s. Before that, the -300, -400, -500 series. Each set will invariably have a few things that pilots will have to be aware of. In this case, Boeing didn’t alert pilots to the new MCAS system, which is a giant failure on their part.
It’s not yet known if this latest crash is in any way related to the first (although I have several outstanding wagers against this being the case).
It sounds really stupid for Boeing if you put it that way.
I can imagine it looks good on the marketing material, 'no pilot retraining required!', but as far as I understand from all the analysis so far, it's actually not that hard to disable the new MCAS system and prevent a crash. As a pilot you only need to know it is there, and what happens if it somehow fails.
I would be surprised if they had sold even a single plane less if they advertised it as 'very minimal pilot retraining necessary'.
> I would be surprised if they had sold even a single plane less if they advertised it as 'very minimal pilot retraining necessary'.
That might be enough for the plane to need a separate type certificate, meaning hundreds of millions of dollars expenses for Boeing to get it certified, and full new-type pilot training costs for every airline to fly the aircraft. (Plus, time, and ongoing crew management to juggle pilots certified on one but not the other.)
> As a pilot you only need to know it is there, and what happens if it somehow fails.
You don't even have to know it is there. All you need to know is "hey, auto trim is acting very funky today and I'm having to fight it. Better override.". And hit two switches.
> I would be surprised if they had sold even a single plane less if they advertised it as 'very minimal pilot retraining necessary'.
They were likely afraid that it would require a new type certificate.
From what I understand, there were design decisions that were reworked to be more similar and keep the same type class as a requirement of customer 1, Southwest Airlines who is a major consumer of the max 8.
I also wonder about the engineers involved, what they think about the system and whether it was created expressly for getting around retraining, realizing late into the project that the changes to the in-flight behavior of the plane may have been too much.
Also if an airline is going to have to retrain pilots, they might also look at completely different manufacturers (e.g. Airbus) and play them off against each other to get a better deal.
The linked article also mentions the plane was smoking, and fire was coming from the engines. This is new information to me that I think is being overlooked, because if MCAS was enabled erroneously, it's unlikely the plane would have caught fire. The Lion Air Max 8 wasn't reported to be smoking/on fire.
If something else made the engine(s) catch fire and become inoperative, and the MCAS system enabled correctly due to low airspeed/stall conditions, but was fought by the panicked pilot(s) resulting in an unrecoverable stall, it's an entirely different story.
I hadn't heard that, but that's exactly why he says (in his latest video and here) to avoid too much speculation, because there are other things that could go wrong under similar conditions. Takeoff and landing are the most risky parts of a flight so it's no surprise that if there is going to be an issue, it would be during takeoff.
Regardless of the cause of the Ethiopian crash, I think this whole affair has put into stark relief how much of a bodge job the 737 MAX is. It's the culmination of decades of revamps and modifications to a fundamentally outdated design, and the result is an aircraft that simply isn't very good. It's the aviation equivalent of the great edifices of legacy code that so many HNers will be familiar with from their day jobs.
The bottom of the engines are a mere 40cm of so above the ground when the plane is on the runway. Hence the tight fit and need to move the engines forward so they would fit. Then the auto-fix-the-stall software isn't something the pilots are told about.
They didn't come up with a common sense solution, doing so would have costed many billions for a new airframe with longer legs for the landing gear. This is how I understand the problem, coming from a design compromise and organisational groupthink.
Clearly this is my armchair speculation however I suspect there will be lessons to be learned from this that run along the lines of the 'Vasa' rather than the 'Comet'.
The Vasa story crops up on HN from time to time, it was a top heavy Swedish ship that sank after launch in light winds many centuries ago. The spec had changed with more gun decks added and groupthink drove the 'pride of the fleet' project forward. The launch date happened and it sunk.
Your link seems to indicate that the spec hadn't changed, that was just speculation that was disproved on inspecting the wreckage, and it turns out the design was basically bad in the first place, due to very tight safety margins and the poor understanding of engineering a ship at the time.
Are there any statistics available for how often there has been a need for a pilot to disengage MCAS?
If we speculate (e.g. before the facts are in) that this was similar in cause to Lion air incident, then I would be curious to know how often AoA sensor has malfunctioned and|or MCAS has otherwise gone haywire and pilots have needed to revert to manual control during the two years of service MAX8s have had.
The Lion Air plane that crashed had suffered from the exact same failure on its previous flight, though obviously the pilots managed to recover from that one.
As you say, most of the speculation seems to focus on MCAS in combination with faulty sensor data. While, as a layman, pilots being unfamiliar with MCAS seems like a reasonable explanation, doesn't this theory still require 2 planes in 6 months to have faulty AOA sensor data? That seems unusually high to me as well. I haven't really seen any comments on that.
It does not seem too surprising to me. Sensors fail all the time on planes. The AOA sensor seems like a particularly good candidate for failure given the design.
I think most people don't realize just how much stuff can be broken on an airliner and it still deemed safe to fly. And it happens all the time.
Sure, airliners might fly all the time with a missing seat number or a broken overhead bin. They're big, complex machines. But if you're implying that it's routine to fly with broken sensors, then no. That's not true.
If yesterday's Post Reports podcast [0] is anything to go by, there's also an issue with the autopilot refusing to give back control to the pilot in some situations because of what you just mentioned, on the basis that it would spare their clients the associated pilot retraining costs.
Picture being at the wheel of a self-driving car, with an obvious crash looming, and the car refusing to let you, the driver, take back control and steer the wheels or step on the brakes.
Of course that's all speculation since we don't know much about this particular crash, but that's the main issue with them.
Source: https://www.youtube.com/watch?v=zfQW0upkVus