1) decided to move the engines forward making the aircraft dynamically unstable, but improve performance and potential sales
2) decided to counter the instability with a software system (MCAS) based on a single sensor, with zero redundancy or fail-safe mode, AND make a second sensor an optional extra cost for the airlines, AND bury the whole thing in a poor UI, in short: cheaping out on a band-aid fix to a critical problem of their own creation, to maximize profits
3) decided to evade normal requirements to make the airframe a new classification, so that airlines wouldn't need to spend money on retaining and separately qualifying pilots for the different airframe, again to reduce apparent costs of the new airplane and increase sales
4) minimized the training on the MCAS system and require no new training when they made changes to the system. AND make the MCAS system automatically re-engage, based on the single sensor to reduce customer costs
5) ensured that this cascade of bad decisions got implemented through the FAA and rolled out globally.
The effect of all of this was to overlook and minimize critical flaws in a complex human flight system, and do so in order to maximize sales and profits over safety.
They killed 346 people already, and nevermind the economic knock-on effects.
No, I'm not going to hunt back and provide a link to every bit of analysis I read gathering the above facts. It is all recent, non-obscure, and very google-able.
Yes, bad engineering and management decision that kill people will tend to get folks a bit riled up. This is a good thing. While this forum should indeed emphasize facts and intellectual argument, this is not a peer-reviewed journal, it is a forum for humans to discuss issues, and we should also keep here the human perspective on engineering.
> AND make a second sensor an optional extra cost for the airlines
This would be extremely egregious, but it's not what happened. Every MAX has two AoA vanes. Every MAX only hooks up the MCAS to one vane. The optional feature was just an "AOA disagree" light and display, which wasn't even hooked up to an error alarm. It's a red herring for these crashes, in my opinion. The pilots aren't going to hunt around the cockpit during an emergency and notice a disagree light and be able to conclude anything meaningful about what's happening to the plane and how to stop it.
They could have had "check for AoA disagree" as part of the pre-flight checklist though - I read somewhere that in at least 1 of the MAX crashes, the AoA vanes disagreed on the ground before departure.
You're right, they're literally vanes on the side of the aircraft, they don't do anything without airflow. Takeoff roll is when you could possibly first notice it.
> "decided to move the engines forward making the aircraft dynamically unstable,"
I don't believe that's true. Per Mentour Pilot, the 737 MAX and the 737 NG are both very stable aircraft that are not prone to stalling[0]. That there is a difference in performance characteristics that creates a difference in how an escape from stall maneuver is to be performed, and the MCAS is meant to paper over that difference.
[0] https://www.youtube.com/watch?v=TlinocVHpzk @16:25 "[...] The 737 MAX and NG are equally less indicative of getting stalled, okay? They are very good, very nicely flying aircraft. But once they're in a thrust stall, they have slightly different characteristics. [...]"
I'll have to track it down but from what I'd read, the change in handling characteristics was that once the airplane started to pitch up, the pitch-up forces would increase, making a stall much more likely if you didn't keep on top of it.
So, yes, if you;re actively flying the plane and staying on top of your trim & pitch, keeping it in the middle of the range is just a bit different. But, if it gets out of hand, it gets progressively worse at an increasing rate, which is what MCAS was apparently designed to prevent.
Of course, if they'd designed the MCAS with multiple redundant sensors, as well as integrating other data (thrust, accel, GPS trajectory, pilot inputs, etc.) into a complete image, or at least a solid series of sanity checks on then applied it, it could have been a great advance.
Instead, they cheaped out, with the result that they added to the design a single point of failure.
The result, within a year of its rollout, is 346 people dead.
Add to that the handling of the complaints about the system, handling of the first crash... The plane should have been grounded after the first crash and possibly some mitigating action should have been taken before that as well. There's going to be a final report and presumably this is far from the end of this story.
1) decided to move the engines forward making the aircraft dynamically unstable, but improve performance and potential sales
2) decided to counter the instability with a software system (MCAS) based on a single sensor, with zero redundancy or fail-safe mode, AND make a second sensor an optional extra cost for the airlines, AND bury the whole thing in a poor UI, in short: cheaping out on a band-aid fix to a critical problem of their own creation, to maximize profits
3) decided to evade normal requirements to make the airframe a new classification, so that airlines wouldn't need to spend money on retaining and separately qualifying pilots for the different airframe, again to reduce apparent costs of the new airplane and increase sales
4) minimized the training on the MCAS system and require no new training when they made changes to the system. AND make the MCAS system automatically re-engage, based on the single sensor to reduce customer costs
5) ensured that this cascade of bad decisions got implemented through the FAA and rolled out globally.
The effect of all of this was to overlook and minimize critical flaws in a complex human flight system, and do so in order to maximize sales and profits over safety.
They killed 346 people already, and nevermind the economic knock-on effects.
No, I'm not going to hunt back and provide a link to every bit of analysis I read gathering the above facts. It is all recent, non-obscure, and very google-able.
Yes, bad engineering and management decision that kill people will tend to get folks a bit riled up. This is a good thing. While this forum should indeed emphasize facts and intellectual argument, this is not a peer-reviewed journal, it is a forum for humans to discuss issues, and we should also keep here the human perspective on engineering.