As I wrote earlier, perhaps this is because the emails from that phase were scrubbed and nothing dubious was found,
Without any additional evidence, I would take this approach, after the first crash the initial investigation pointed to MCAS something which most say they knew nothing about, then the second crash happened and MCAS was again front and center. So, unless Boeing was / has been able to successfully hide all documentation related to MCAS from the FAA, the media, whistle blowers and not have the FAA bow to politicians, EASA and other regulators pressure to get / produce the relevant documents, I would say nothing dubious.
The story reported by ST (repeated below) just seems hard to believe without some overt orchestration by management to curtail the test matrix, which often gets some sort of push back from engineering. Of course I could be wrong and the engineers silently complied, or they just lacked the motivation to dig very deeply at all. I agree that eventually we should find out one way or the other.
The decision to not redo the safety analysis after extending MCAS to the low end of the flight envelope also seems like something that should have left some sort of paper trail. Clearly it involved changing the MCAS software so if nothing else there should be a clear record of which engineer changed the code so you know who to start asking.
Redesigning landing gear was not seen as an easy upgrade so it was left out. Just hang the engines on the wings and that's it. All done. At that time when decisions were made engineers did not see the the problems they are going to run into later like needing MCAS and all what follows. If they would have forecasted everything we can be sure that they would have started doing something differently in a major way already many many years ago.
It's not that they didn't see the problems, it's like they seemingly did not look very hard at all for problems. I personally still think the problems with the engine placement are solvable using an improved MCAS and dual active flight computer configuration, but this is only happening now because Boeing have now been forced by the crashes to step back and sort through all the implications in order to save their investment in MAX, and that of their partners and customers.
With regard to MCAS, in viewtopic.php?f=3&t=1437867&p=21935495&hilit=revelation#p21935495
I wrote the way ST explains it, during the Functional Health Assessment phase Boeing only did the simplest of MCAS use cases, one single activation, then used nothing more formal than an email from minutes of a test pilot's meeting to justify that multiple activation was no worse than single activation. This allowed them to classify MCAS as "major" rather than "hazardous" inside the normal flight envelope, which in turn allowed them to avoid doing a Fault Tree Analysis and a Failure Modes and Effects Analysis for MCAS which may have turned up all the issues with sensor erross and with multiple activations, and allowed use of a single AoA sensor. The dubious math of the "accepted method" was used to then say that the risk outside the normal flight envelope also was not "hazardous" since the odds of being outside the normal flight envelope were low. Then the evaluation was not changed after MCAS was extended to the low speed end of the flight envelope which would have changed the dubious math in an unfavorable way.
It seems like Boeing was following the letter of the law but not its intention. If they had, they would have probably found the MCAS multiple activation problem, but they also probably would have found they needed multiple active sensors too, which would have conflicted with their goal to minimize changes and thus cost. Of course we now know they certainly did not end up minimizing cost due to their poor engineering. The people doing the analysis seemed to be driving with blinders on. They might actually had gotten away with it if someone had done a use case (on paper or in the engineering simulator or in flight) where bad AoA data triggered multiple MCAS activations and used that get the MCAS code cleaned up, but their own decision to minimize cost seems to have prevented them from doing a credible job at systems analysis.
Last edited by Revelation
on Wed Jan 15, 2020 3:11 pm, edited 1 time in total.