The Wall Street Journal has an important story on the crash of a Lion Air Boeing 737MAX in which everyone on board perished. Boeing must be delighted that the ugly details are getting out when the press is fixated on heaving stock markets and California fires.
The short version of the story is that Boeing had implemented a new “safety” feature that operated even when its plane was being flown manually, that if it went into a stall, it would lower the nose suddenly to pick airspeed and fly normally again. However, Boeing didn’t tell its buyers or even the FAA about this new goodie. It wasn’t in pilot training or even the manuals. But even worse, this new control could force the nose down so far that it would be impossible not to crash the plane. And no, I am not making this up. From the Wall Street Journal:
Boeing Co. withheld information about potential hazards associated with a new flight-control feature suspected of playing a role in last month’s fatal Lion Air jet crash, according to safety experts involved in the investigation, as well as midlevel FAA officials and airline pilots.
The automated stall-prevention system on Boeing 737 MAX 8 and MAX 9 models—intended to help cockpit crews avoid mistakenly raising a plane’s nose dangerously high—under unusual conditions can push it down unexpectedly and so strongly that flight crews can’t pull it back up. Such a scenario, Boeing told airlines in a world-wide safety bulletin roughly a week after the accident, can result in a steep dive or crash—even if pilots are manually flying the jetliner and don’t expect flight-control computers to kick in.
“Under unusual conditions”? How many total miles had these models flow before the Lion Air crash? The available evidence says it might not take “unusual conditions” to trigger a nose dive. The Lion Air pilots told air traffic control they were finding it hard to control the plane.
And why haven’t the planes been taken out of service? As one Wall Street Journal reader put it:
If this tragedy had happened on an aircraft of another manufacturer other than big Boeing, the fleet would already have been grounded by the FAA. The arrogance of engineers both at Airbus and Boeing, who refuse to give the pilots easy means to regain immediate and full authority over the plane (pitch and power) is just appalling. Accident and incident records abound where the automation has been a major contributing factor or precursor. Knowing our friends at Boeing, it is highly probable that they will steer the investigation towards maintenance deficiencies as primary cause of the accident…
Boeing’s excuse was it didn’t want pilots having to tax themselves to learn about the new behavior. The reality was that Boeing had marketed the plane as not requiring additional training costs:
Boeing marketed the MAX 8 partly by telling customers it wouldn’t need pilots to undergo additional simulator training beyond that already required for older versions, according to industry and government officials. One high-ranking Boeing official said the company had decided against disclosing more details to cockpit crews due to concerns about inundating average pilots with too much information—and significantly more technical data—than they needed or could digest.
In fact, the older 737s didn’t have anything like this feature:
Earlier 737 versions have different stall-protection systems, that don’t automatically drive down the nose even when other functions of the plane’s autopilot are turned off. Yet operation of those older systems was highlighted in training over the years, and pilots had to memorize steps to counteract potentially dangerous unintended consequences. MAX 8 training materials don’t include a requirement to memorize the steps to turn off the stall-protection system.
And Boeing failed, or more accurately, refused to inform even the FAA, probably because the agency would have insisted at a minimum on updating manuals, which would in turn have alerted buyers that Boeing’s sales patter had been a crock. And why did Boeing decide to make it difficult to override the nose dive? This sounds like a disaster that was baked into the design. From the Journal:
“It’s pretty asinine for them to put a system on an airplane and not tell the pilots who are operating the airplane, especially when it deals with flight controls,” said Capt. Mike Michaelis, chairman of the safety committee for the Allied Pilots Association, which represents about 15,000 American Airlines pilots. “Why weren’t they trained on it?”
One Federal Aviation Administration manager familiar with the details said the new flight-control systems weren’t highlighted in any training materials or during lengthy discussions between carriers and regulators about phasing in the latest 737 derivatives.
So a supposed safety-enhancing device turned out to be deadly thanks to Boeing letting its sales imperatives come first. As one Wall Street Journal reader put it:
I am stunned that the auto system kicks in even in “manual flight mode”. That means the pilots had no idea that they can be overrode under certain circumstances and had to go through complex and long procedure to disengage it. This is effectively a death sentence to the pilots and passengers on board.
A telling detail is that it was the American Airlines pilots’ union was the first to alert its pilots. From the Journal:
Boeing’s latest communications with airlines prompted American’s union to alert its members. “This is the first description you, as 737 pilots, have seen,” the union pointedly told pilots in a memo, referring to the 737 MAX stall-prevention system. Noting the system wasn’t mentioned in American Airlines’ or Boeing manuals, the union memo added: “It will be soon.”
And for reasons that are impossible to fathom, Boeing made it harder to disable this feature:
The ultimate way to counteract dangerous automated nose-down commands is basically the same for old and new systems, though checklists and procedures for the 737 MAX 8 entail more steps and take more time. Investigators and safety experts are convinced that as the emergency worsened, the Lion Air crew had barely seconds in which they could have diagnosed the problem and taken action to save the aircraft.
Translation: even if the Lion Air pilots had been trained, it’s not clear they could have implemented the new complicated override quickly enough to have prevented the crash.
Perhaps readers will beg to differ, but the difficulty in designing automated safety controls for airplanes bodes ill for fully autonomous self-driving cars. The variables involved in navigating planes are much simpler than in driving cars. For starters, planes are kept well away from each other, so you don’t have anything like dealing with left turns, bicycles riding in your lane, someone making a dangerous pass that puts them head on in your lane, or people opening a car door right into your path. Recall that this Boeing design disaster occurred despite the airline industry having a very strong safety culture. Silicon Valley has nothing of the kind, yet they want us to entrust our lives to them.
This is the model. Cars are planes.
Its called moving from the right seat of Cessna 152 to the left seat of a jet
back in the 20’s there was talk of making planes as cheap as cars. That wasn’t possible so they have done the next best thing – make cars as expensive as airplanes.
Clearly this modification is a response to Air France 447.
It needs to work in manual mode. However the pilots should have been trained. But why was the plane so close to stalling that it kicked in?
Other news articles said the attitude sensor was defective. SO sending bad info to the automatic systems.
… which brings us back to France 447 – Malfunctioning Pitot Tubes.
Seems to me that the choice of letting the plane decide what do is partially based on “not having to train the pilots on more stuff”, but then again, less-trained pilots won’t be able to understand why the plane in making certain decisions and correct accordingly.
This is truly crapification.
>It needs to work in manual mode
No, that’s not what manual mode is for. If a pilot ever learned flying anything his reflexes on a mere buzzer would be enough.
Yes, the problem is (it seems) they overcorrected for 447. You can have user failure, mechanical failure, or sensor failure. Boeing went all in on correcting for user failure with (apparently) no thought of sensor failure (and sensor failure is what “started” the problem with 447).
But manual mode has to be manual mode (or has to be called something else). IIRC 447 didn’t go to complete manual mode, but reduced autopilot after the sensor failure.
And recent reports of an “uncontrollable” plane fortunately with no passengers on board. Not a Boeing. Sounds like some nasty feedback loops between instrumentation and autopilot.
Well, that’s one way to do full manual mode–turn all the computers off…
Yes….yes!!!! Yes!!@@@!!
Maybe the unabomber was on to something in his manifesto? Best example yet of extreme our government in collusion with big business psychosis to lose, cover up, obscure, and intentional obsfucation, insisting on shoving massively sensitive software and sensors more than likely to to crash planes due to the rush to to justify the zillions of dollars thrown at AI to remove humanintelligence, experience and capability from the equation
A massive failure of AI at a risk for which Boeing knowingly sent 189 Indonesians to their death
“Clearly this modification is a response to Air France 447”
No, not at all. Quite the opposite really. AirBus aircraft, for many decades now, including the Airbus 330 that crashed as AirFrance 447, are designed with automatic stall recovery modes that can/will override control inputs from pilots. In order to have saved AirFrance 447, which was also suffering from faulty/erroneous instruments, the pilots needed to disengage the auto-thrust, set a ballpark power setting that would have provided sufficient thrust for level cruise flight, then they would have needed to set the pitch of the aircraft within a few degrees of what would have normally provided straight and level flight. Basic pilot 101 type stuff, the tricky part was in the mist of a very startling and unsettling situation they first had to deduce all of their airspeed and altitude data was false, then the pilots would have needed to start stripping away layers of automation from the airplane that was designed to outsmart, override and protect the pilots from themselves, until finally they had a plane that they could manage that wasn’t making any uncommanded changes to pitch or thrust.
AirBus has been plagued by these types of automation failure crashes for years, but yet Boeing is copying their flawed design philosophy. Why? I’m a pilot, I have no idea, but I would guess trends and market pressure related to our current capitalist milieu. Boeing was looking not to prevent a AirFrance 447 type crash, but rather a Colgan 3407 type crash, but instead sent 189 people to a terrible end because they made a choice to put their faith in machines instead of humans, deliberately engineering the pilots out of the aircraft. The LionAir flight was never close to stalling. It was a sensor/instrument malfunction that made the automated systems believe the aircraft was close to stalling. Angle of attack sensor is suspected.
JerryDenim: Well-stated and absolutely correct (from another pilot). Doesn’t bode well for ‘autonomous’ autos, does it?
Nope. I’ve been beating that drum here for a while.
The NC commentariat is the best commentariat. Not one, but two pilots!
Boeing is copying Airbus’ models for control because there are a huge number of commercial pilots out there who have lost, or never had much in the way of, stick and rudder skills, and so are unable to manually fly the plane. (See the Korean Air crash in the bay area)
They are no longer pilots, they are system managers.
So when the system inevitably screws up then what? Presently the only substitute for a skilled pilot is a skilled pilot, so why do you act as if pilot de-skilling is something to be celebrated? What you’re describing is a cul-de-sac. If automation decreases pilots’ flying skills the answer obviously isn’t more automation, unless there is a ready-to-implement solution that’s fully autonomous; presently there isn’t.
Besides the loss of a good number of decent paying jobs that support the economy and the tax base, there’s other things pilots provide that machines can not. Pilots are frequently the best and only advocates for passengers in terms of safety and comfort, after all they are onboard the aircraft too and know better than anyone in a decision making capacity what it’s like inside the aircraft. Aside from that, I have yet to meet a machine that is skeptical of management bullshit and I have never encountered a machine that elects not to follow orders out of a sense of duty, concern or perhaps the will to save oneself from harm. If that was an option on autonomous airplanes in the future I’m pretty sure airline management wouldn’t want it anyway. Every department at an airline is a miniature fiefdom with it’s own little myopic agenda that never puts safety first. Without an experienced, skeptical Captain/Flight crew willing to push back against the profit-motivated, and clueless whims of the various departments inside of an airline, airplanes would crash far more often than they do now. The greatest autopilot in the world can’t save passengers from bad decisions being made by clueless, profit motivated idiots. Fully autonomous airplanes will take-off when management tells them to, end of story. That is something we all should fear.
If by Korean Air, you mean Asiana 214, there was a lot more going with that crash than a simple lack of hand-flying skills. Pilot reliance on automated systems and confusion about how the automated systems operated was the main focus of the NTSB report. The Koreans have a very bad reputation as pilots and their aviation culture, sometimes referred to as CRM (Crew Resource Management) or TEM (Threat and Error Management) is notoriously bad. The week before that crash I was interviewing for a flying gig in Japan with an American expat captain working for Korean Airlines. I received an earful. He absolutely hated the cockpit culture there and predicted they (Koreans) would crash an airplane very soon. He thought the work environment was absolutely toxic, but regarding the flying abilities of the the Koreans he said, “anytime you turn the autopilot off, it’s a full-blown emergency”. That said, I stand by my original statement, the fix for pilots with weak hand-flying skills isn’t more automation. Practice makes perfect. Work those neural networks, beef up those synapses! Seems like common sense, no?
No, I think that pilot deskilling is a disaster.
I was describing Boeing’s response to the problem, not putting my stamp of approval on it.
Fair enough- sorry for any improper assumptions on my part. Sounds like we’re in total agreement on keeping pilots on the flight deck and keeping their skills sharp.
It wasn’t close to stalling. The computers “thought” it was. Investigators are suspecting air speed indicators sent faulty info.
Too much MIC welfare has made them fat dumb and happy? And arrogant……
> concerns about inundating average pilots with too much information—and significantly more technical data—than they needed or could digest.
This specifically makes me wonder how much the troubles with the helmet for the F-35 “Fat Duck” have to do with the meat part of the interface.
Blame the pilot, not the idiot tech?
That’s what they were trying to do in the earlier information put out. Spin it as pilot error rather than programmer/technical error. Kudos to the WSJ for exposing the reality of it.
Since Boeing renounced its roots and moved its head office to Chicago it seems to have become or be becoming another GE. Focused on next quarter; reliant on government contracts; hubristic and financialized rather than engineering focused.
But the top people make the biggest bucks ever.
The diff is that if a GE washing machine craps out they have one angry customer. Whereas as a result of this accident–or as we saw in AZ with the fatal self driving car incident–the legal and reputational consequences will be huge. Air disasters get a great deal of attention and there’s even a cable TV show about them.
Automation is a good thing on the whole and modern airliners depend on it. But obviously when human lives are at stake you don’t get the luxury of a “beta version” to be tested out by customers. Boeing should be condemned–automation not so much.
If a GE nuclear reactor craps out, I think they’ll have more than one angry customer.
In fact, in Japan a few years back, they certainly did.
But what has any anger and upset that such a “who could possibly have anticipated such a concatenation of failures” generated (Japan, of course, being a very polite and maybe a little authoritarian society, among a swath of other features) actually resulted in? It’s hard to find up to date information on the kinds and levels of harm and future losses that this set of events, including incompetence, corruption and failure of “governance,” has set in motion.
I read that Japan, Inc. is moving people back into the Fukushima area, and it’s hard to find non-screechy articles that give any kind of honest picture of what the event and its ongoing gifts to the distant future are actually dumping on people who took no benefit from it. Like the mope islanders, and US citizens and US imperial troopers who got irradiated by the nuclear arming up and testing of weapons. Meanwhile, Abe and the rest of the owners and rulers of Nippon glide on above it all, and their Bernaysians seem to have done a masterful job of whitewashing and obfuscation.
And of course the nuclear power true believers, some or many of them like the people who sold their “science expert credentials” to the asbestos and pharmaceuticals industries, and ExxonMobil and Monsanto and the giant Blob now called DowduPont, to convince the mopery that “Without chemicals there would be no life,” and “Better living through chemistry,” and all that jazz, are telling us that only through a crash program of bringing their several favorite flavors of reactors on line, toot sweet, to generate all the electricity we can possibly use to power our sex toys/Teslas/bitcoin mining servers, can the planet be “saved” from combusto-doom…
“Trust us! We are EXperts! And Murphy’s law was rescinded by unanimous votes in both houses of the 115th Congress, across party lines, in a massive demonstration of the virtues of bipartisanship! It can’t happen here! Or again!”
Parkinson’s Law. You get promoted by devising a new thingy and persuading people to put it into production. Then you’re promoted to supervise a larger group so are paid more money. Although I’d love to hear the arguments the winner(s) made to make the override process so much more difficult. I’ve seen a surprising number of cases lately that appear to confirm Parkinson’s Law. I suppose Millenials have never heard of the book. After all, it comes from the experiences in England in the reconstruction after World War II. The original Law was stated as, “Work expands to fill the time available.” It takes some explication from that to explain how it drives the growth of bureaucracy.
I’m on the edge of being a Millenial and I’m familiar with Parkinson’s Law, but Parkinson’s Law Of Triviality (better known as bike-shedding) is popular in my circles.
More apropos to the article and my daily struggle is Larry Tesler’s rule of NO MODES.
HTML before coffee —
Parkinson’s Law Of Triviality – https://en.m.wikipedia.org/wiki/Law_of_triviality
NO MODES – https://en.m.wikipedia.org/wiki/Larry_Tesler
Pardon the gallows humour, I am not at all amused or being ironic, but it reminds me of the saying: “Don’t use version 1.0.”.
I don’t like flying; I use to think the newer the plane, the better. Now I’m thinking…see the above.
There is a reason that C-47/DC-3 flew so long…..
Maybe it is time to resurrect the DC-3/C-47? https://www.askbob.aero/content/dc3-has-been-grounded-eu-health-and-safety-rules Douglas Aircraft Company was, as I recall, one of the Boeing Blob’s victims: https://en.m.wikipedia.org/wiki/Douglas_Aircraft_Company
Some enterprising entrepreneurs are reviving and refitting DC-3s with snappy interiors, turboprop engines and “modern” avionics, too — many for the Wealthy Trade: https://www.airspacemag.com/flight-today/turbine-charged-1066824/ The basic design has a few issues, like tip stalling, that are still of concern, but the aircraft are very much what are called “workhorses,” for very good reasons.
Of course these aircraft don’t run on solar magnetism and fairy dust, but petroleum derived jet fuel. But gee, the nostalgia, and the survival of what was once really leading-edge (aviation humor) design and engineering! And they can deliver the people who are into travel and special experiences to all those far-flung, hard-to-reach, off the track places where such delights and titillations are to be had, and added to the unique life experiences of the fortunate, that can then be mentioned for the edification of the rest of us. What’s not to like? And their addition to all the CO2 in the atmosphere is of course so very minimal, compared to all the other sources…
If you’ve ever seen and heard the piston engine version land and take off, there’s nothing like it.
I got to fly in several over the years. One one occasion, there was this long trail of black oil streaming back along the starboard nacelle from the engine. I was an aircraft mechanic in the Army, and oil leaks are generally Bad Thiings in more ‘modern’ aircraft. I pointed this leak out to the blasé guy in the next seat, who was more familiar with the aircraft, and he responded, “That’s how the crew can be sure there is oil in the engine.” That twin-row Pratt&Whitney radial engine was notorious for oil leaks and other interesting behaviors. This was a former C-47, with the interior still fitted out like the military did it —fabric sling seats, one of which ripped apart under the backside of one of my fellow intrepid aviators. But what a well designed aircraft. Something actually fit for purpose.
I wonder if this ‘safety’ device was a response to the Air france Flight 447 crash – this was largely attributed to a co-pilot responding incorrectly to a stall. It may well be a situation where a hasty fix for a known problem has set off a cascade of further issues.
If this is as bad as it looks for Boeing, then they got off lucky with a first crash of a small Asian carrier – there is an inbuilt assumption that these carriers are among the most dangerous due to cost cutting and poor staffing. It it was a US or European airline, then it would be a very different story. It’ll be much easier for them to blame the crew, which is no doubt what they’ll try to do.
With so many lives lost, I’m not sure characterizing this crash as Boeing “getting off lucky” is a particularly wise choice. While i’m certain that’s not how you meant it, the choice of words might come across as insensitive, especially to someone who might have been personally affected by this crash (we know NC to have pockets of readers in all regions around the world so it’s not inconceivable that someone in Asia might be reading this).
Well, nothing offends quite like the truth: We don’t really care about what happens to brown people! Sorry. If we did care we wouldn’t be bombing them all the time, letting them manufacture out stuff for less than living wages and selling them crap planes, useless economics theories and faulty nuclear power plants.
Indeed, if it was a US or European airline, the media outrage would be pegged at ’11’, politicians would be on it and the regulators would already be spinning up.
You want proof, you can go to any news site and see that only the westerners on that plane was “reported”.
I do not disagree with you. It is offensive. I just think that the sooner people “here” gets truly offended over the actual situation and not the wording of the facts as they are, the sooner attitudes can be changed.
May be repeat, but here it goes:
AF447 caused by junior co-pilot left in command of plane flying it into the ocean. Wikipedia article full of miss-direction, like many articles which relate to corporate empire. Pilot fixated on over speed signal from air speed indicator, flew the plane from normal flight altitude into ocean over a considerable amount of time. He failed to fly the aircraft, but rather was flying one signal.
Early, and much data is not available, but it seems the Lion Air crash was pilot error too, but in this case the pilot was not human, but did the same, focus only on airspeed and fail to fly the whole aircraft, a violation that if it didn’t kill a human pilot, would get him canned. This is a considerable fuck up if true.
Imagine having to do a go-around after flying through a microburst (small thunderstorm) hitting the tailwind side, approaching stall, and have the plane fly straight down into the ground from 2000 feet. There would not be enough time to even find the checklist.
Boeing, Boeing, Splat!
well the US is not the center of the world and one of the passenger’s dad has sued boeing already. more lawsuits are surely to follow. and Lion air is indo’s biggest carrier with some thousands of islands being connected only by aircrafts.
noobasskun
I thought Boeing’s approach to safety was always predicated on giving the pilot as much manual control as possible in the event of an emergency (in contrast to Airbus’ flight control envelope which prevents complete manual override). With this new “safety” feature, it seems Boeing is adding another “override” layer for pilots to overcome in regaining full manual flight control during emergencies, piling on additional stress on a crew already facing a precarious situation. Perhaps this migration to a hybrid model between its traditional approach and that of relying on automation at the edge of the flight safety envelope favoured by Airbus was a bright idea they forgot to share with their customers.
What both companies have in common however is that the cockpit in a modern jetliner has become a hive of incredible complexity, reducing the human in the human-machine interface to an observer for long periods of time during flight, yet expecting said human to take over with a minimum of fuss in an emergency, even as the machine has been programmed to only allow for partial handover (as was the case with the Lion Air crash). Are we in the era of automation for the sake of automation, and are we going to see a precipitous decline in the ability of pilots to actually fly airplanes (especially in emergency situations)? One hopes not…
“Are we in the era of automation for the sake of automation, and are we going to see a precipitous decline in the ability of pilots to actually fly airplanes (especially in emergency situations)?”
I’d say we’re already there, this is a primary area of concern for the FAA at the moment. They’re really stressing hand-flying skills during airline recurrent training curriculums. The conspiracy theorist in me wonders if sapping pilots of the ability to fly isn’t some kind of industry-wide diabolical plan. Airlines want 100% autonomous flight with no pilots, Boeing and Airbus can’t wait to sell the industry the technology.
> Airlines want 100% autonomous flight with no pilots, Boeing and Airbus can’t wait to sell the industry the technology.
Pilots, as trusted individuals with a strong union, are in a position to hold the knife against the jugular of this part of the supply chain. There’s no demand for this transition from passengers.
This is not related to the 737, but it might be relevant that observers have noted that Boeing, since its merger with defense contractor McDonnell-Douglas, has begun to import sloppy design- and testing habits from the military-industrial world (Boeing used to keep a Chinese wall between its civilian and military design teams).
From a 2013 Harpers piece by Andrew Cockburn:
MD was not a pure military play. They had the DC-10/11, MD-83, etc, and Boeing used much of the MD designs in the 777 and 787. Hopefully that didn’t include the single point failure of the horizontal elevator trim bolt threads.
McDonnell was a pure military play (1 unsuccessful civilian project in its history).
When it subsumed Douglas, there was never again a new civil design.
Unfortunately, McDonnell took over Boeing with Boeing’s money.
Stonecipher’s outsourcing of the 787 was a complete and total disaster.
His affair with an underling is also a hold over from the way business was done as a defense contractor.
“… Boeing didn’t tell its buyers or even the FAA about this new goodie….”
That implies the changes or additions were not certified – after the usual rigorous validation – which would be a very serious issue.
That is a VERY important point which the Journal should have highlighted.
With the scale of liability this infers, they’d better hope to recover from the coming plunge in value.
Passengers should inquire as to the aircraft model at the boarding gate.
If it’s a Boeing of this model, in a loud voice so that everyone can hear, they should speak up:
“Boeing 737 MAX? That plane is not safe. I refuse to get on it!”
A few weeks of this and maybe the aircraft will be recalled at Boeing’s expense.
Both Bush Jr. and Obama have denuded FAA, NRC, OSHA, etc. and instituted many “self-regulation” short term industry friendly/executive bonus friendly “reforms”. Former head of MSG certification at United Airlines told me he departed early because he could see being forced to participate in industrial homicide looming in the near future. Hence I’d not be surprised to find out certification was no longer a given requirement in this case.
Very true. The Grover Norquist philosophy of small and weak enough to “be drowned in a shallow bath” is alive and well at the FAA. Don’t forget outsourcing heavy-checks and other maintenance to well-regulated places like El Salvador. (snark) Southwest was caught falsifying their inspection records and bribing their assigned FAA overseer after a series of explosive decompressions resulting from aluminum fatigue, yet the media didn’t even mention their history of regulatory and maintenance malfeascence when a catastrophic engine failure breached the fuselage and killed a passenger this past spring. The story that emerged instead was a feel-good human interest story about the Captain, a plucky Christian, ex-military pilot who was, (gasp!) a female.
Media comment spot on. Funny, isn’t it that GE (engines), Microsoft(software) and all those other mass media corporation owners who have a conflict of interest with their airline customers and being a watchdog, never seem to mention that conflict of interest before they report, yet get nutty about RT being owned by Russia.
> the media didn’t even mention their history of regulatory and maintenance malfeascence when a catastrophic engine failure breached the fuselage and killed a passenger this past spring. The story that emerged instead was a feel-good human interest story about the Captain, a plucky Christian, ex-military pilot who was, (gasp!) a female.
Identity politics corrupts everything, doesn’t it. (Or more precisely, “enables anything to be corrupted,” since it’s part of a larger structure of incentives that have nothing to do with identity, ka-ching.)
I’m trying to understand this organizationally. Doesn’t Boeing have a unit dedicated to legal risk review, even if only for the purpose of assessing possible costs? Not that there should be one, but I don’t see an escape clause for them here.
You can compare their “risk review” departments with the same in the financial world pre GFC and beyond…..with almost identical complaints…..
As Yves or Lamberth mentioned some time ago: the reason the airplanes are safe is because the executives have to fly themselves.
Maybe private jets for executives is kicking in now?
Oh great. I get to fly this exact aircraft on a five hour flight to Mexico City this Thursday. Even though it’s an overnight flight, I’m sure i won’t be able to sleep wondering if we’re just going to dive straight down at any moment the computer deems it necessary.
Just for extra cozies remember Popocatépetl is just shy of 18,000 feet tall.
Not often that I read an article that gob-stops me but this is one. Did not the software designers think that perhaps before they had the aircraft undertake a maneuver such as diving, that it might be an idea if the system interrogated the altimeter to see if there is altitude enough to do this maneuver?
What if a pilot was taking off, saw an obstacle on the runway which made him pull up as hard as he could – would this system detect that maneuver and put the aircraft in a dive at only a few score meters above the runway? This has happened in the past.
In previous aircraft, a pilot only has to push against a control column with so many pounds of pressure to over-ride the system. Is this no longer possible with this generation of aircraft? Finally, a good pilot will ‘be ahead of the plane’ when flying it but have software engineers designed this out?
From previous software catastrophes, I have seen that software designers really only program in normal conditions but take little account of things out of the norm. When I think back, there was an air crash in France when the aircraft flew into a forest because it had the wrong altitude set in. It was not possible for the pilots to take back control and so they died. This was when computer controlled aircraft were new so the French blamed the dead pilots for the crash to protect sales. Looks like not much as changed since and that was about forty years ago.
Rev, if you mean the Ermenonville Forest crash of 1974, the blame was laid on the Turkish maintenance crew who, it was claimed, failed to close the luggage door properly, thereby causing the plane to crash soon after takeoff from Orly. It seems there was a problem with the door. Also, it appears that maintenance training by McDonnell-Douglas might have been inadequate. The DC-10 was a badly designed plane. I refused to fly in one. I as pleased when it was scrapped. The Sunday Times, under the editorship of Harold Evans, published an in-depth analysis of this crash by their Insight team. Evans left soon after Murdoch bought the paper, and then destroyed it.
No. Wasn’t that one. I saw this on one of those air crash investigators series and have just now found it. It was Air France Flight 296 back in 1988 and I was mistaken about the pilots dying. There was a cover up in effect as a foto of the flight recorders when they were retrieved was visibly different to the flight recorders that were on display afterwards. Here is a bit more on that ill-fated flight-
https://en.wikipedia.org/wiki/Air_France_Flight_296
The problem with testing is that you can only ever prove the existence of bugs, never their absence. And with testing integrated hardware and software components, the big issue is usually detecting the failure of hardware components and both detecting and testing the edge scenarios when a sensor is out of calibration and feeding you bad data, but it’s not obviously bad data.
As an example – it’s fairly easy to detect that sensor data is bad if it’s reporting that your aircraft is standing on its tail with the engines at idle. But detecting that a pitot tube (airspeed sensor) is malfunctioning and reading low, and while the computer says that the climbing angle and airspeed are in stall territory but the aircraft is actually fine is a much harder decision to make and much harder to test for as well.
That’s not an excuse, but the test harnesses for these systems are software themselves and have bugs, so it’s more of a reflection of reality.
Oh, and a good reason why there needs to be a big button that says “full manual control with no helper systems active” in the cockpit.
On the other hand quickly going to full manual control with no helper systems active led to the Staines crash. No really easy answers for how to implement safety features and be sure anything you do or don’t do in the process doesn’t lead to problems down the line. Aircraft that can fly at high Mach numbers generally need some form of stall prevention intervention as the consequences of stalling the wing can be pretty severe. What amazes me about this incident is that it seems Boeing made the system dependent upon a single angle of attack indicator with no redundancy. That’s crazy to begin with. Making an effort to not tell the people who would be flying the aircraft about the change and how to work with the system is beyond crazy.
I’m not as worried about self driving cars because, unlike pilots (and especially commercial pilots), the skill of ordinary drivers is questionable. It’s not that I think Silicon Valley can and will be reckless with the engineering but, rather, that normal drivers are so crappy on average that whatever Google/Waymo comes up with is bound to eventually be better. The hurdle they have to cross to make a safer car than those driven by kids, texters, drunks, and the generally distracted or bubble-headed, is a lot lower than the hurdle to make a safer plane.
Darwin Awards help keep a limit on the incompetent drivers, so that they are only a small % of the the total population, though they garner most of the news. if auto-piloting results in the majority good drivers being replaced by slightly less safe robotic drivers, then killing even a small increase of pedestrians and other drivers, then your hypothesis is already invalid, much less being able to prove it into a theorem.
You don’t want to get caught driving near a Florida retirement village at the begging of the early bird special, Darwin takes that time off.
you give people too little credit and software too much. Go drive over the grapevine this thanksgiving, it’ll be a chaotic madhouse 24/7 and once in a while something bad will happen but by far most people consistently survive it. Add in the safety of modern cars, minus the god mode of self driving (cruise control is a driver assist that optimally allows the driver to not have to look at the console to check speed and as long as the responsible party is paying attention and the system, as in the case of this crash, is not too complicated to cancel, then the human, who is in fact bristling with sensors, can avoid misfortune) and it’s very safe to drive a car. Now make that grapevine trip in a 100,000 lb computer guided semi…what could go wrong? Who’s going toover ride the system?
I lived in South Florida for years. It’s hard to imagine robots doing a much worse job than the drivers there as a whole. I do understand that’s arguably a worst-case scenario though. I’m sympathetic to the concerns but just can’t see a self-driving car being worse than a half blind 95 year-old behind the wheel. It’s not like human-driven cars will disappear anytime soon for people who want to drive themselves though they may have “safety” features that take over and cause accidents, like the Boeing example in the article.
ok fair enough, from that perspective my dear elderly relative already has a self driving car /s
That said, here is a perfect civil service opportunity. A community app like meals on wheels but with a real kitchen hiring locals who need jobs to cook, a real senior center with activities, which would/could employ many creative people who now have nowhere to look/go, combined with an uber like service, yes just rip them off, anyone can make an app, so jobs, pay a living wage and provide vehicles, in anacortes the bus system, super awesome skagit transit $2 for a day pass awesome, has a route that just picks up oldsters/handicapped and takes them where they need to go centering on said awesome senior center, add dynamic retail, more jobs, need I say more? They could even have a daycare function
Totally doable
This is a common attitude, but IMO a dangerous one. In reality, humans are extremely good at the highly complex activity of driving. The average driver goes through an entire 40 year driving career, in all kinds of weather, in all kinds of road and visibility conditions, in all kinds of vehicles, without a single serious crash. In MTBF terms, this is a stunning achievement. It’s only because hundreds of millions of vehicles are continually on the road that we see large numbers of crashes.
Software-based control systems using error-prone LIDAR type sensors will struggle to get a tiny percentage of this reliability under real world conditions. Currently, they relinquish control the the backup driver (i.e., crash) every few minutes under ideal conditions (sunny, low-traffic Arizona). Going even a single year under ideal conditions is far beyond the state of the art.
Be careful not to discount human drivers or idealize automated ones.
I very much agree with this.
One can blame humans on distractions but not on capacity. On the contrary, you may not blame computers on distraction but those will fail on capacity. If you have in the roads a mixture of capable but distractable humans and undistractable robots with limited capability be ready for the worst.
For instance, experience tells you a lot about what the next move will be done by the car running before yours. You can somehow predict it based on an “attitude” you detect watching the car. Try to teach a robot to do this.
It seems to me that the trend is towards making human pilots an unnecessary expense.
How many articles have I read that say planes can basically take off and land by themselves, and that pilots are there to supervise an otherwise automated system because people don’t want to fly on planes without pilots.
Chesley Burnett “Sully” Sullenberger, in a Forbes interview from July 2017 (I got a beachball due to advertising, so use this link with cation) pointed out both George ‘W’ Bush, and Obama pushed deregulation at FAA and other agencies that allowed for a lot less pilot training.
The investor class sees people, employees as primarily an expense to be eradicated if at all possible, and BTW, with as little R&D expense involved, as evidenced by the insistent pressure to allow autonomous vehicle development to go onto public roads without the benefit of costly simulation, witness Uber.
Sullenberger also describes the fact that the computer helping control the plane he landed in the Hudson river ‘fought’ with his efforts to achieve what he considered the proper pitch for the landing.
Thankfully, he had a computer that he could still fight with.
Presumably, the computer was not programmed for the kind of landing Sully was making, which would seem to require a higher pitch that would avoid bringing the nose down at the usual time, which could create enough drag to flip the plane and pretty much kill everyone on board.
For a top pilot like Sully, the physics of that would have been automatic. A computer not programmed for that sort of emergency maneuver would keep insisting on maneuvering the plane for a normal landing.
What does this rushed, hidden move by Boeing say about the health of the safety-first mentality in the airline industry?
It says money still comes out on top !
this from p war yesterday…
https://www.psr-la.org/woolsey-fire-burns-nuclear-meltdown-site-that-state-toxics-agency-failed-to-clean-up/
FTA…In 2010, DTSC signed agreements with the Department of Energy and NASA that committed them to clean up all detectable contamination in their operational areas by 2017. DTSC also in 2010 committed to require Boeing, which owns most of the site, to cleanup to comparable standards. But the cleanup has not yet begun, and DTSC is currently considering proposals that will leave much, if not all, of SSFL’s contamination on site permanently.
Maybe a sell signal?
I am also reminded of something much too common in U.S. life. Management wants to manage processes but is terrified of things. So you manage with an employee manual that makes the perfect cup of coffee every time: Except that a real cup of coffee is a real physical thing, including a liquid and a porcelain container. (Hmmm. Maybe this is why so many places love disposables.)
This attitude goes along with the U.S. disdain for and fear of people in the trades. They do physical labor. They work with things. Remember that article in the NYTimes from the Hillaryista who was worried that his plumber might have voted for Trump? And so much of feminism has been about not having to interact with such people: Women should control the office, and a paradise will ensue.
We are well past peak management. Is it time to close some business schools yet?
It’s been time to close business schools for at least 50 years. If B-school faculty were successful in their professions they would be practicing those professions and not regurgitating old news in B-schools. B-schools have done immense damage to the business world in the US (and, now that they are being aped abroad, worldwide). They have successfully propagated a myth of success; what they are is little more than networking sites.
I’ve heard that 19th century manufacturing operations were generally run by skilled tradesmen, and that part of the move to “modern management” in the early 20th century was taking away that control and putting it in the hands of white collar types. So all this is part of a long term trend…
Professional Pilots Rumour Network has an interesting discussion on the topic: https://www.pprune.org/rumours-news/614857-indonesian-aircraft-missing-off-jakarta.html
Boeing used to be the “pilot’s plane” (“If it’s not Boeing, I’m not going.”). Looks like they’ve followed Arrogant Airbus© down the “engineers know how to fly better than the pilots” rathole.
Interesting – so it sounds like Boeing implemented the aeromotive equivalent of automotive stability control and didn’t supply the button that said “turn the thing off properly, right now”.
There doesn’t seem to be a lot of info out there on how they implemented the system – probably because “intellectual property” and maybe not wanting to tip off the FAA – but as a software engineer who occasionally plays with hardware, I’m beginning to wonder if they implemented this a single system/component that may have gone haywire when one of the sensors was feeding it bad data. That certainly would qualify as “unusual conditions” and if there was no independent second system that could be used to verify the readings from the first, well, it’s only people who can’t afford a private jet (that’s sarcasm, by the way). I am however wondering if the implementation was never tested properly to simulate sensor failure or if they hit a software bug that scraped through their testing methods. Of course it wouldn’t be that unusual if the system was implemented under a time crunch and corners might have been cut to meet an artificial deadline.
The Space Shuttle had a lot less computing power than modern planes, yet they still implemented critical systems like these using a consensus-based model that used multiple (usually three) independent measurement and verification methods that had to achieve quorum. Those systems tended to disagree surprisingly frequently even when properly calibrated, which should tell people how reliable these things tend to be. And one has to keep in mind that the skill levels of the people who piloted the Shuttle tended to be off the charts compared to a normal experienced commercial pilot.
Either way, I would suspect that the failure of Boeing to disclose the new system and provide the necessary training materials should provide a bunch of lawyers with a decent living for quite some time.
Regarding the autonomous car connection – I would expect that aircraft manufacturers don’t quite have to pinch pennies as much as car manufacturers have to for these systems. It’s much easier to hide a few $100k’s worth of hard and software in a plane that costs 10 figures compared to hiding a grand or two’s worth of hardware and software in at $50k consumer appliance. Not to mention that the automated features on a car tend to have to work with a far wider variety of scenarios than an airplane’s – you usually don’t get that much jaywalking at 30000′.
Did Boeing ask actual professional pilots — those flying these things — if this was a good Idea? But no — they were treated like ignorant children, as the arrogant governments and huge corporations always treat people (and voters or citizens). Decisions from on high, often made in secret by ‘elites’. This top down attitude is found everywhere, even when starting wars.
Crapification through software is also a matter of control. Software is used to take control away from the humans directly involved and centralize in in a corporation. This tragic outcome is at the far end of a spectrum of bad effects from such power concentration.
Having said that, if current reports are true, this was not all due to the software. The plane is reported to have been giving pilots problems on previous flights and should never have been allowed to take off for this flight. So Boeing and Lion seem to both be contributors to the tragedy.
On the one hand, I’ve read many accounts indicating that pilots skills atrophy in the presence of autopilots, making it hard for them to react when an emergency abruptly demands skills grown very rusty in the interim.
But if Boeing made a “manual” mode that wasn’t, well, all bets are off. It is BECAUSE things like pitot tubes and Angle of Attack sensors can fail/give bad input that the manual mode needs to exist, AND needs to be truly manual.
If the pilots were fighting a computer with bogus inputs, the pilots are blameless. Shame on whatever middle managers/software developers signed off on obscuring this from the pilots!
Given how frustrating and useless he was at doing what I wanted to be doing, I always wondered (morbidly) what would happen when we get to the state of automation where we effectively have Clippy run heavy equipment or flying a plane. Now we know, and the results sounds pretty much like I was expecting.
“It looks like your plane is stalling, let me put you in an uncontrollable nose dive to compensate.”
“The crash is only attributable to human error.”
The takeaway is that it’s not technology so much as it is those who develop/own/control it and the current regulation free environment in which they do so. Where money talks.
But in that mix, software presents a huge problem due to it’s complexity; and the tendency increasingly for it to be a complete black box in every aspect and at every level, now often including even the developers themselves. https://www.technologyreview.com/s/604087/the-dark-secret-at-the-heart-of-ai/
Apply this to autonomous cars in an environment where truth and facts are manufactured by profit schedules and where software caused deaths can represent but a price of business penalty, and the outlook is indeed troubling.
Interesting comment by Hunisgung from the HN thread https://news.ycombinator.com/item?id=18438607 :
Anonymous Boeing exec gives reason for new stall protection mechanism in this article: https://www.seattletimes.com/business/boeing-aerospace/u-s-pilots-flying-737-max-werent-told-about-new-automatic-systems-change-linked-to-lion-air-crash/
Comments on Aviation Herald indicate that Boeing probably assumed no new instructions or training were needed because the existing stab trim runaway procedure would resolve any malfunction. It is not clear whether that is indeed true. Hence the new procedure. http://www.avherald.com/h?comment=4bf90724&opt=0
Regardless, the human-computer interface problem keeps rearing its ugly head.
The crash of the Boeing 737 Max is the natural outcome of the global duopoly that no longer has government oversight. Instead of safety, the maximizing of rents outweighs the consequences to the workers or the environment. Unless this neoliberal new world order is overturned and humans placed first, we all will need Go Bags. But, we will have nowhere to go.
The faith in process (algorithm in modern parlance) over substance is touching. At every scale you see it, which is a sure sign of ideology/religion. As above, so below.
From phones to economics to airplanes, interfaces are made “seamless”. Tools are turned into appliances and we’re turned from customers to consumers.
Have faith until you can’t see the faith like a fish in water.
Years ago I read that oxygen systems for commercial airliners which were made redundant with 3 or 4 backup systems within, were being replaced by one digital oxygen system, that was a lot cheaper and took up less room.
What’s the worst thing that could happen when you’re well above Mount Everest, and it craps out on you?
5000feet is less than a mile…and as per reports the plane crashed nosedown at 400mph….I wonder if any pilot could have saved that? boeing is in deepsh#t