FlyerTalk Forums - View Single Post - B737MAX Recertification - Archive
View Single Post
Old Mar 15, 2019, 9:05 am
  #485  
EWR764
 
Join Date: Jan 2005
Location: New York, NY
Programs: UA, AA, DL, Hertz, Avis, National, Hyatt, Hilton, SPG, Marriott
Posts: 9,425
Originally Posted by AirbusFan2B
Are such extensive workaround procedures considered best in class for modern aircraft, eg A320 fraught with this kind of stuff too?
I wouldn't exactly call it "fraught", but Airbus products have similar procedures. For instance, the 320 series has automated stabilizer trim built into the flight control architecture, but there's still a manual trim wheel that will override automation if a pilot intervenes. There's no cutoff switch like on the 737.

Airbus FBW aircraft have a different flight control philosophy which is probably beyond the scope of our discussion here, but a) there is a way to manually trim the 320 series, and b) both Airbus and Boeing products have protections built in to​​​​​ address runaway stabilizers, they just have different ways of doing it.

Originally Posted by surram
Thank you for the detailed explanation. But this still begs the following simple questions:
1) Why does an MCAS depend on only a single AoA sensor? Isn't this completely contrary to all the design principles of avoiding a "single point of failure"?
It's a single point of failure insofar as a failed instrument will likely lead to a series of successive errors before the cascade can be stopped, and in this case, manual intervention is probably required. If true, that is, by definition, less redundant than other control augmentation systems.

2) If MCAS was supposed to make flying more safer, and idiot proof (from getting into a stall situation), isn't it logical for it to shut itself off automatically, when it diagnoses a runaway situation? Why does this MCAS necessitate or relies solely on a pilot to diagnose a critical situation and cutoff the automation - which flies in the face of basic design principles. Does it not?
A stab runaway isn't limited to phases of flight where the MCAS protection could theoretically apply, and there's no evidence that the Lion Air crash was actually a stab runaway. It presents the same way to pilots, so the response should be the same, but the Lion Air crash appears to be related to the faulty sensor continuing to feed data to the FCC that the airplane was being flown into a dangerous situation, and the MCAS kept doing its job (activating to prevent that low-energy state). The way it is designed, if instrumentation is working properly, any manual intervention by the pilot will disengage the MCAS because it suggests the crew is actively managing the situation. MCAS will reassess its criteria five seconds later to see if the situation has resolved. Simplistically, the theoretical conversation between MCAS and the crew would go something like this:

MCAS: Hey guys, looks like you're flying into a possible stall, let me start to pitch the nose down to help you out.
Pilot: Thanks, MCAS, we've got it (trims nose down).
MCAS: Ok, I am disengaging.
Pilot: Thanks, MCAS.
MCAS: (five seconds later) Hey guys, still looks like there's a problem, starting to pitch down.
Pilot: (trims nose down) Nope, still good.
MCAS: (five seconds later) Just checking... looks good now.

If the situation doesn't resolve, either because the airplane is still being flown into the stall, or the faulty instrumentation fools the computer into thinking it is, it will keep trying to kick in. At that point, pilots should be able to recognize either that the airplane is approaching a stall, or the response (uncommanded nose down input) is incongruent with other apparent factors, or is not resolving, and steps should be taken to correct the discrepancy. 737 pilots have weighed in on the issue in the course of this thread, but to reiterate, if the controls keep getting heavier (requiring more back pressure on the yoke) while opposite inputs are commanded, the next step is to run a non-normal runaway stab checklist. This will 100% of the time correct an unwanted activation of MCAS protection, because it completely cuts out automated pitch trim.

4) Does it not feel like the MCAS is band-aid to fix a engine positioning design flaw (yes, flaw)? Or to keep the same 737 certification and avoid a costly re-certification process with the FAA. Rather than fix the core issue, they designed a work-around and expecting a human to figure out and kill the "work-around" in a very dangerous situation with alarms blazing and a few seconds to react.
You emphasize "flaw". What makes it a "flaw"? Is there some objective criteria you apply to arrive at that conclusion? If that's a flaw, then yes, all aircraft have lots of flaws which are mitigated in many ways... mechanically, aerodynamically, by automated flight controls, etc. Again, no different than systems like yaw damper or Mach trim that prevent seriously dangerous consequences that are incidental to the physics of hurling a gigantic aluminum tube through the air at 500mph+.

Moreover, if the 737MAX were to require a new type certification, it probably doesn't sell nearly as well as it has, and costs substantially more to develop as well as for airlines to acquire. Economics absolutely come into play, and the public accepts a reasonable compromise between cost and safety, regardless of whether we like to admit it.

5) So, let's say in the event of manually cutting off the MCAS by pilots, (MCAS allegedly was designed to prevent a stall) would not not risk a stall situation? Because I read the MCAS becomes active ONLY in manual fly mode as opposed to the Autopilot. This last question is truly terrifying. If you design a product designed to work with a workaround that would prevent a fatal stall, if you kill the workaround, wouldn't you add more risk?
Pilots aren't manually cutting off MCAS; they are cutting out automatic trim, and the 737 can be trimmed manually. MCAS works to prevent a stall in a low-energy, hazardous situation that pilots shouldn't find themselves in during the course of normal operations (high AOA, high bank angle, manual and clean configuration). This isn't something that's actuating on every flight... MCAS is very much a protection toward the edge of the envelope.

An aerodynamic stall should never, ever happen in normal commercial flight operations, but strictly speaking, stall does not = fatal. I would wager that the average traveler would be truly terrified to know why many automated systems on commercial aircraft actually exist. For the most part, they work flawlessly day-in and day-out to prevent major catastrophes, and when they don't, that's one reason we still have at least two well-trained pilots sitting at the pointy end.

6) Boeing can blame the pilot and maintenance - why does a 6 month old aircraft need so much maintenance anyway?
The same reason a brand new BMW or Honda can require maintenance at low mileage. Things break, parts fail, and need to be replaced.

Last edited by EWR764; Mar 15, 2019 at 9:13 am
EWR764 is offline