A late change, and fatal flaws, in a Boeing jet designhttps://www.seattletimes.com/nation-wor ... et-design/
So originally MCAS was designed to use two sensors, two different sensors. AoA and g-force.
Reading this article, assuming that it is a true representation of what happened around MCAS, one could believe that rank amateurs are working at Boeing on safety critical issues. I hope this mess at Boeing gets cleared up, because how can on trust system ever again with safety relevant decisions?
And according to the information in this article, one has to call MCAS a stall avoidance system.
Even though the original MCAS did rely on G-force sensors, along with an AoA sensor, why did they not incorporate both AoA sensors to MCAS even in the first iteration? I don't get it, there is no reasonable explanation to why you would not use two sensors when they were immediately available for use without extra cost. The fact that no-one considered the effects of the (single) sensor malfunctioning and tested what would happen if it did, is just a side effect of the single sensor implementation decision.
If I could influence the investigation of this affair, I would dig as deeply as possible into the underlying cause and decision process behind why the other AoA sensor was not connected to MCAS 1.0.
Yes, there are a number of questions here.
The MCAS system was borrowed from 767Tanker/KC46 (also called MCAS!) that is a competent 2 AOA sensor system with other sensor/sensors undefined. Why change it to a single AOA sensor system?
(NB it has been reported that Boeing looked at using MCAS on other applications as well but it found un-necessary).
It might be argued that it was because 737 system also used IRU sensors. Suggest this makes no sense perhaps, unless, you are trying to avoid AOA Sensor not available as a no despatch condition. (It became so anyway with AOA sensor removed from the MEL as reported in these threads).
It might be argued that the 737 is based on two FCCs that use single sensor inputs as standard and the a 2 sensor would be contrary to this philosophy. However, it would seem there is precedent in that there was a modification of Auto-Throttle from 1 sensor to use 2 radio altitude sensors following the THY AMS event ~2009 that became mandatory (we now go to a 2 sensor system for MCAS in similar circumstances!).
It might be argued that STS uses only one sensor and MCAS is part of STS. It would be of interest to know if KC46 MCAS is declared of part of an STS system and if that STS uses 2 sensors? I have had no luck looking for this information in open source.
However, and in any case, MCAS does not appear to share any functions with STS with perhaps, the exception of motor drives. Nor does it appear to use SPEED TRIM FAIL warning (although it is not clear what conditions set this) that is part of the STS.
MACH Trim would seem to be much more like Speed Trim but at MACH speed values, and as far as I can see, it does not appear to be declared part of STS and also has its own MACH TRIM FAIL Warning. I would have thought this would be more likely than MCAS to be declared part of STS.
I note that there does not appear to be any action For SPEED TRIM FAIL in QRH but MACH TRIM FAIL QRH places a restriction on Airspeed of 280kts.There is no similar MCAS TRIM FAIL or QRH.
Additionally, the STS descriptions I have seen do not cover the functions of MCAS, if this is so, and MCAS is part of STS why would it not be covered? The information in the NYT report this week, if correct, would indicate that description of the operation of MCAS was removed from the 'Pilots' manual (as we suspected due to MCAS appearing only in the glossary), so it is likely the STS description does not include MCAS functions.
I currently see no convincing justification for single sensor or calling MCAS part of STS. I remain to be convinced.