top | item 19510029

(no title)

gtr32x | 7 years ago

That actually sounds awful, sorry for my naivety if this is just industry standard. But for such a mission critical piece to have no redundancy build over it is just poor. Especially that it's prone to failure since it's situated on the outside of the plane.

It just seems to be that this is some terrible engineering done on Boeing's end of not fully understanding the critical situation here.

Generally two failures: 1. a lack of redundancy in a mission critical sensor 2. a blind trust on MCAS's priority over pilots

discuss

inferiorhuman|7 years ago

a lack of redundancy in a mission critical sensor

There is redundancy in the sensors, but the sensors are not being used in a redundant manner. There are whispers that the 767 fuel tanker (KC-46/KC-767) has a system similar to MCAS that will look at both alpha vanes for disagreement, which is a bit damning to say the least.

a blind trust on MCAS's priority over pilots

The entire purpose of MCAS is to engage only when the pilot is flying to prevent the pilot from doing something dangerous. Previous generations of 737 had the same problem but the MAX is more delicate and compounds it with nacelles that generate lift.

azernik|7 years ago

Part of the problem was that MCAS was originally designed with very little control authority, and so wasn't considered safety-critical. However, during testing they realized they needed to up the gain, and made pretty major retuning without reexamining their safety assumptions.

Plus the bug with the resets on the limiter.