Moderators: jsumali2, richierich, ua900, PanAm_DC10, hOMSaR

 
LDRA
Posts: 411
Joined: Fri Jan 15, 2016 3:01 am

Re: Call to cancel DPA with Boeing on 737MAX Crashes

Fri Aug 06, 2021 7:01 pm

Revelation wrote:
LDRA wrote:
Yes MCAS logic is poorly designed. But Boeing process should have caught this. Everyone can make mistakes, just like AOA sensors are expected to fail at some point of time. The point of safety process is to catch individual failures, so that single point failure of some body screwing up does not slip through

Pythagoras wrote:
It was reported by one of the regulators that had a complete description of MCAS been provided that the regulators would have reviewed the system in more detail rather than delegating finding of compliance to Boeing.

This is quite common in the commercial world as well. Often we find ourselves doing version 3 of a software module, which depends on versions 2 and 1, and version 1 depended on the interfaces to other modules at the time it was written. If one wants to understand version 3, one must go back and understand what was written for version 2 and 1, and for all the interfaces that existed when version 1 was written, and then all the enhancements to all those modules that have been incorporated since the time version 1 was written. Ideally "someone" would document the complete system state at the time version 3 is written, but then you get into the whole "scope of work" issue. The team doing version 3 is presumably under schedule pressure and will presumably do the minimal amount of documentation needed to gain some comfort level that their task is achievable but not much more than that.

It's a very good bet that no such "complete description of MCAS" in terms of cause and effect ever existed. MCAS at its heart is just a few changes to the flight laws in the flight control computer, ones that took little effort to describe or implement. The resulting system level impacts presumably were not deeply investigated so not documented, since the famous "3 second guy" decided the pilot would recognize whatever ill effects MCAS created within three seconds as a runaway stabilizer and deal with it. Without the "three second guy" and his "contribution" to the system safety analysis, MCAS would have gotten deeper scrutiny. Who he was and what led him to his decision and what pressure he was under to avoid deeper scrutiny is still something Boeing has not revealed, nor is something that Congress or DoJ forced Boeing to reveal, at least not to the general public.

As you pointed out earlier, the later changes to operation at slow speed as well as high was also done without any additional analysis being made available and quite possibly not done, nor any additional communication with FAA. There was a quip from a Boeing engineer saying "we only have to show our answers not our work" in the Seattle Times at one point. Seems Boeing felt itself to be the senior partner in the relationship, with disastrous results.

Commercial world does not apply. This is safety critical domain. Requirements and configuration management are mandatory.
Multiple levels of requirement artifacts tracing all the way to product level(aircraft) is safety assurance 101.

Boeing 737 program did not even have a product level team doing system engineering activities. No wonder requirements and failure analysis are ineffective and stuff can "fall through the cracks". It's straight negligence, no excuse, ggovernment certification or not.

Unfortunately no one in corp leadership willbe rresponsible for this
 
User avatar
Revelation
Posts: 26982
Joined: Wed Feb 09, 2005 9:37 pm

Re: Call to cancel DPA with Boeing on 737MAX Crashes

Fri Aug 06, 2021 8:19 pm

LDRA wrote:
Boeing 737 program did not even have a product level team doing system engineering activities. No wonder requirements and failure analysis are ineffective and stuff can "fall through the cracks". It's straight negligence, no excuse, government certification or not.

Unfortunately no one in corp leadership willbe responsible for this

They not only got government certification, they also got more or less a clean bill of health from both US and EU certification authorities after the fact, minus this one issue of provably not informing FAA about the changes to MCAS for the low speed regime. Given there was no official crackdown one can't really expect the corporate world to cleanse itself, can you?
 
ikramerica
Posts: 15186
Joined: Mon May 23, 2005 9:33 am

Re: Call to cancel DPA with Boeing on 737MAX Crashes

Fri Aug 06, 2021 9:02 pm

With regard to finding criminal fault with the software “engineers”, I couldn’t read every post, but unless an “engineer” has a professional license and stamps their work, mistakes are not criminal, no matter how negligent.

If the software code requires engineer stamps, it’s that person who is liable, civilly and criminally. I don’t know if that is a thing in aerospace, but it’s not in any other software field I know of.

It’s one reason Civil Engineers live a crappy existence. Underpaid, undervalued, overworked, and civilly and criminally liable for mistakes.
 
User avatar
YQBexYHZBGM
Posts: 295
Joined: Sun May 10, 2009 3:11 pm

Re: Call to cancel DPA with Boeing on 737MAX Crashes

Sat Aug 07, 2021 1:21 am

ikramerica wrote:
With regard to finding criminal fault with the software “engineers”, I couldn’t read every post, but unless an “engineer” has a professional license and stamps their work, mistakes are not criminal, no matter how negligent.

If the software code requires engineer stamps, it’s that person who is liable, civilly and criminally. I don’t know if that is a thing in aerospace, but it’s not in any other software field I know of.

It’s one reason Civil Engineers live a crappy existence. Underpaid, undervalued, overworked, and civilly and criminally liable for mistakes.

As an engineer with a degree in civil, I concur. As for whether software "engineers" should be permitted to use the word "engineer" in their job title, that is a subject of discussion that has been going on since I was in engineering school in the late 90s. In my opinion, the licensing bodies for professional engineers should have nipped that in the bud. Anyone else who uses "engineer" in the title of their business endeavor and does not have a degree in engineering or equivalent qualification will be in court in short order. The only notable exceptions made are for audio engineers, stationary engineers (i.e., engine and boiler operators), and locomotive engineers (i.e., train drivers).

Similar to the hippocratic oath taken by physicians to do no harm, professional engineers are ethically and legally bound by oath or affirmation to hold public safety paramount. It may have taken the loss of these two aircraft to finally reach the tipping point when it comes to requiring professional licensure for anyone who plays a significant role in the design of avionics or flight control software. At the minimum, in my opinion any such individual must have education and training in engineering design principles and ethics. There -are- accredited software engineering degree programs that include such coursework, and being a graduate of such a program should be a requirement to work on software that has a critical safety function in aviation or any other field.

Before anyone here posts a rant disagreeing with what I've written, please bear this in mind:
In addition to being an engineer, I am also an airline customer service agent. I personally checked in two passengers who perished the following day in Ethiopia. This may not be the appropriate forum to effect the changes needed to prevent similar "accidents" from ever happening again, but I cannot remain silent on this topic.
 
CanukinUSA
Posts: 148
Joined: Sun Oct 25, 2020 5:06 pm

Re: Call to cancel DPA with Boeing on 737MAX Crashes

Sat Aug 07, 2021 2:11 am

In the Commercial Aircraft world, the important designation for an Engineer/Pilot is called Unit Member (UM). The Unit Member is a member of the Organizational Delegation Authority (ODA) in the company which is the group of people who represent and are responsible to the FAA in the company to ensure that all the airworthiness regulations are complied with. The UM is only subject to the FAA while acting in this capacity not Boeing. During the 737 MAX Certification these personnel were called Authorized Representatives (ARs). The UM/AR is a senior Engineer/Pilot who has the background and responsibility to approve and recommend Certification of Aircraft Systems their UM/AR authority is approved for by the FAA when the FAA delegates that system to the manufacturer. There is a trail of Documentation with signatures for each system. It should not be an extremely arduous process to see who signed for the Flight Control System (MCAS) in the 737 MAX. This designation in the aircraft industry is more important than the licensing process for Civil Engineers. At a minimum the UM privileges should have been removed from the responsible Engineers by the FAA and they should be charged with Criminal Negligence if they did not check that the Documentation and testing were done correctly to ensure that it matched the system that was certified on the aircraft. Unfortunately, a culture developed in Boeing which the FAA should have put a stop to where the UMs who are Boeing Employees were of the belief that they were more responsible to Boeing management then the FAA and as a result the laws of the United States. Since they do/did not understand their responsibilities to the FAA they should have their UM status removed and not be able regain it for the rest of their lives. Under the FAA Order forming ODAs Congress allowed Boeing to appoint these UMs which gave Boeing much more power over these designees then they should have. Obviously, Boeing appointed Yes men/women who made decisions in favor of Boeing and not to ensure the safety of the flying public like they were supposed to. If they want to point the finger at Boeing management who demanded/encouraged that understanding above them that is their call when the Court Cases start. The problem with this agreement is that it allows the people responsible to continue this in the future will result in more problems in the future for both Boeing and the FAA with future aircraft and system certifications.
 
Gremlinzzzz
Posts: 419
Joined: Fri Jan 24, 2020 4:28 am

Re: Call to cancel DPA with Boeing on 737MAX Crashes

Sat Aug 07, 2021 2:59 am

Pythagoras wrote:
SEPilot wrote:
They did not cover it up after the first crash, they issued a bulletin to all operators outlining the problem and said they were working on a fix. They issued precise instructions on how to deal with a failure. The Ethiopian crew had this bulletin; why they crashed anyway is something I do not understand.


I agree. I do not understand why the emails from the Ethiopia Airlines training pilot Berndt Kai von Hoesslin haven't been more widely discussed. He knew that the capability of the pilots were not sufficient to handle the complex and dynamic situation should MCAS actuate. Sadly those warnings were ignored. Anyone who has spent time in Africa knows that Africa has its own set of rules. Something that is also not discussed widely.

"In his email dated December 13, [Berndt Kai] von Hoesslin told his superiors that in order to avoid a terrible accident like what happened on Lion Air Flight 610 on October 29, more training and better communication to crew members was needed.

'It will be a crash for sure,' von Hoesslin wrote, foreseeing the possibility that Ethiopian Airlines pilots might encounter the malfunction of Boeing’s flight-control system coupled with a cockpit warning that the plane was flying too low."

--DailyMail, 29 May 2019
Get off this. The jet was grounded for two years, and what started off as the regulators looking at MCAS quickly discovered a good amount of issues, some of them that had been solved ages ago.

It was a record grounding on a plane that even Boeing employees did not have confidence on.

As for criminal liability, there has to be some and it has to go up the chain because as stated, there has to be someone that said make sure this thing has the same type rating as previous 737's. This was the main reason they had MCAS and the main reason they kept hiding changes or downplaying its significance. These are people that get told what to do and it is their duty to accomplish just this.

Look at this email from this company...........regulators did not give a damn about that. They were more concerned about what went wrong and how it was allowed to go wrong. How do they clean up their act and how do they get the plane back to a condition where things work well enough to allow the jet back in the skies. When we look at the 777X, we realize that this company is still struggling to meet regulatory requirements. When we look at the 787, we see that design issues are an issue and we still do not know what will come of NG pickle fork issues that may well transfer to the MAX too.

Boeing has a culture problem that has eventually translated into a bad product in the literal sense. Some mid level employees should not have to bear the brunt of the blow, neither should the company get a pat on the wrist when it comes to fines, which is what happened.
 
Gremlinzzzz
Posts: 419
Joined: Fri Jan 24, 2020 4:28 am

Re: Call to cancel DPA with Boeing on 737MAX Crashes

Sat Aug 07, 2021 3:04 am

FlapOperator wrote:
But did the Boeing execs REALLY kill those people? I mean, they are culpable for a variety of sins, and I'm personally no fan of Boeing, But, words matter.

At what point, if we are talking about jail time, does the culpability of the crew come into play, or LionAir's maintenance practices, or Ethiopian's training curricula? Loss of AOA accidents/low altitude control accidents have been a significant known problem since AF443 and the 737 rudder hard overs. Most pilots in the 121 world were getting trained on prior to the MCAS fiasco.
Boeing's remit is to build a plane that is safe to fly. It was a monumental failure on their part.
 
LDRA
Posts: 411
Joined: Fri Jan 15, 2016 3:01 am

Re: Call to cancel DPA with Boeing on 737MAX Crashes

Sat Aug 07, 2021 3:37 am

CanukinUSA wrote:
In the Commercial Aircraft world, the important designation for an Engineer/Pilot is called Unit Member (UM). The Unit Member is a member of the Organizational Delegation Authority (ODA) in the company which is the group of people who represent and are responsible to the FAA in the company to ensure that all the airworthiness regulations are complied with. The UM is only subject to the FAA while acting in this capacity not Boeing. During the 737 MAX Certification these personnel were called Authorized Representatives (ARs). The UM/AR is a senior Engineer/Pilot who has the background and responsibility to approve and recommend Certification of Aircraft Systems their UM/AR authority is approved for by the FAA when the FAA delegates that system to the manufacturer. There is a trail of Documentation with signatures for each system. It should not be an extremely arduous process to see who signed for the Flight Control System (MCAS) in the 737 MAX. This designation in the aircraft industry is more important than the licensing process for Civil Engineers. At a minimum the UM privileges should have been removed from the responsible Engineers by the FAA and they should be charged with Criminal Negligence if they did not check that the Documentation and testing were done correctly to ensure that it matched the system that was certified on the aircraft. Unfortunately, a culture developed in Boeing which the FAA should have put a stop to where the UMs who are Boeing Employees were of the belief that they were more responsible to Boeing management then the FAA and as a result the laws of the United States. Since they do/did not understand their responsibilities to the FAA they should have their UM status removed and not be able regain it for the rest of their lives. Under the FAA Order forming ODAs Congress allowed Boeing to appoint these UMs which gave Boeing much more power over these designees then they should have. Obviously, Boeing appointed Yes men/women who made decisions in favor of Boeing and not to ensure the safety of the flying public like they were supposed to. If they want to point the finger at Boeing management who demanded/encouraged that understanding above them that is their call when the Court Cases start. The problem with this agreement is that it allows the people responsible to continue this in the future will result in more problems in the future for both Boeing and the FAA with future aircraft and system certifications.


I am curious about FAA authority appointees inside Boeing as well.

From JATR report:
"Although MCAS may have been briefed to some FAA personnel, key aspects of the MCAS function such as intended function description, its interfaces, and architecture, were not directly visible to the FAA in a straightforward manner through the certification deliverable documents."

It's basically an organized attempt to deceit. Certification process does not explicitely require reporting of MCAS function as an integrated system, that does not mean you don't communicate that to FAA. Especailly considering MCAS is using trim actuator in an unusual manner. Not reporting such special condidtion is really an abuse of certification process

I am wondering if the FAA authority appointees inside Boeing were fully aware of overall intent of MCAS as a system? Or to rephrase the question, is there any email record proving any relevant FAA authority appointee inside Boeing having knowledge on MCAS full intent and architecture? It might be possible at least some of them were actually not aware, considering Boeing 737 program did not have an aircraft system level team doing basic system engineering... The whole MCAS thing was designed with a bunch of scattered patchworks
 
ikramerica
Posts: 15186
Joined: Mon May 23, 2005 9:33 am

Re: Call to cancel DPA with Boeing on 737MAX Crashes

Sat Aug 07, 2021 4:22 am

It’s good to know there is criminal liability for certain negligence and fraud.

To posit that the software “engineers” who wrote troubled code or the executives who asked for a common type rating are criminally liable is a bit much. If anything, it’s the project managers who are the most culpable in the design failure.

Anyone know whether Boeing had adopted the cluster-f methodology known as “Agile” while working on the MAX? In a large, old school company like Boeing, it could result in a flight critical process relying on a non-redundant input while failing to account for previous activated states.
 
User avatar
Pythagoras
Posts: 149
Joined: Sun Oct 04, 2020 12:33 am

Re: Call to cancel DPA with Boeing on 737MAX Crashes

Sat Aug 07, 2021 4:41 am

CanukinUSA wrote:
Obviously, Boeing appointed Yes men/women who made decisions in favor of Boeing and not to ensure the safety of the flying public like they were supposed to. If they want to point the finger at Boeing management who demanded/encouraged that understanding above them that is their call when the Court Cases start. The problem with this agreement is that it allows the people responsible to continue this in the future will result in more problems in the future for both Boeing and the FAA with future aircraft and system certifications.


If it is "obvious", you should be able to point to evidence of that fact in the emails that Boeing released or the Joint Authorities Technical Report or the Department of Transportation Office of Inspector General Report.

The timeline of events does not support your unsubstantiated assertions.

The facts are that MCAS was a robust design relying upon two dissimilar sensors--angle-of-attack and g-sensor--throughout all the initial certification discussions with the FAA, e.g. the General Familiarization meetings, resulting in release of the G-1 issue paper which dictates how Boeing and FAA will certify the airplane. MCAS would only be functional for a remote corner of the flight envelope in the initial design under a high-speed wind-up turn. The decisions to remove the description of MCAS from the FCOM occurs well before first flight on January 29, 2016. The draft FCOM reviewed in September 17-18, 2015 includes a brief description indicating that it would only activate at high speed and high load factors. The final version of the FCOM is released March 2016 based upon this initial description of functionality.

MCAS Revision D is released on March 30, 2016 which changes the function of to a low speed regime. Released emails and instant messages from the Mark Forkner, the Chief Technical Pilot, indicates that this change in functionality was not communicated to the technical pilots. It is only in November 2016 that Forkner uncovers in a simulator session that the functionality has been revised to the low-speed portion of the flight envelope.

The Office of Inspector General finds that it was a fault in the certification process that caused the FAA to be not informed of the changes in MCAS functionality:

"... Boeing did not provide internal coordination documents for Revision D, noting the increased MCAS range, to FAA certification engineers. Because these revision documents were not required certification deliverables, the company did not submit them to FAA for review or acceptance."
-- U.S. DEPARTMENT OF TRANSPORTATION, OFFICE OF INSPECTOR GENERAL, Timeline of Activities Leading to the Certification of the Boeing 737 MAX 8 Aircraft and Actions Taken After the October 2018 Lion Air Accident, June 29, 2020.


The explanation by the DOT OIG office is the reason why there are no criminal charges against Boeing for actions which occur before November 2016. Boeing can only be held criminally responsible if it does not follow the regulations and guidance from the FAA. Boeing provided all certification documents, as required by the FAA. Boeing cannot be held criminally responsible for determining that a MCAS was a "Hazardous" failure mode when that finding was consistent with past practice and the FAA had provided insufficient guidance on how to evaluate human factors.

It was a failure of the certification process that permitted a change in functionality occurring during flight test to fall through the cracks.
 
Gremlinzzzz
Posts: 419
Joined: Fri Jan 24, 2020 4:28 am

Re: Call to cancel DPA with Boeing on 737MAX Crashes

Sat Aug 07, 2021 1:03 pm

Pythagoras wrote:
If it is "obvious", you should be able to point to evidence of that fact in the emails that Boeing released or the Joint Authorities Technical Report or the Department of Transportation Office of Inspector General Report.

The timeline of events does not support your unsubstantiated assertions.

The facts are that MCAS was a robust design relying upon two dissimilar sensors--angle-of-attack and g-sensor--throughout all the initial certification discussions with the FAA, e.g. the General Familiarization meetings, resulting in release of the G-1 issue paper which dictates how Boeing and FAA will certify the airplane. MCAS would only be functional for a remote corner of the flight envelope in the initial design under a high-speed wind-up turn. The decisions to remove the description of MCAS from the FCOM occurs well before first flight on January 29, 2016. The draft FCOM reviewed in September 17-18, 2015 includes a brief description indicating that it would only activate at high speed and high load factors. The final version of the FCOM is released March 2016 based upon this initial description of functionality.

MCAS Revision D is released on March 30, 2016 which changes the function of to a low speed regime. Released emails and instant messages from the Mark Forkner, the Chief Technical Pilot, indicates that this change in functionality was not communicated to the technical pilots. It is only in November 2016 that Forkner uncovers in a simulator session that the functionality has been revised to the low-speed portion of the flight envelope.

The Office of Inspector General finds that it was a fault in the certification process that caused the FAA to be not informed of the changes in MCAS functionality:

"... Boeing did not provide internal coordination documents for Revision D, noting the increased MCAS range, to FAA certification engineers. Because these revision documents were not required certification deliverables, the company did not submit them to FAA for review or acceptance."
-- U.S. DEPARTMENT OF TRANSPORTATION, OFFICE OF INSPECTOR GENERAL, Timeline of Activities Leading to the Certification of the Boeing 737 MAX 8 Aircraft and Actions Taken After the October 2018 Lion Air Accident, June 29, 2020.


The explanation by the DOT OIG office is the reason why there are no criminal charges against Boeing for actions which occur before November 2016. Boeing can only be held criminally responsible if it does not follow the regulations and guidance from the FAA. Boeing provided all certification documents, as required by the FAA. Boeing cannot be held criminally responsible for determining that a MCAS was a "Hazardous" failure mode when that finding was consistent with past practice and the FAA had provided insufficient guidance on how to evaluate human factors.

It was a failure of the certification process that permitted a change in functionality occurring during flight test to fall through the cracks.
We know what they did, but more important than that is the why. The motive.
The committee on transportation held that:


This report concludes the U.S. House Committee on Transportation and Infrastructure’s 18-month long investigation of the design, development, and certification of the 737 MAX aircraft, and related matters. The Committee’s investigation has revealed multiple missed opportunities that could have turned the trajectory of the MAX’s design and development toward a safer course due to flawed technical design criteria, faulty assumptions about pilot response times, and production pressures. The FAA also missed its own opportunities to change the direction of the 737 MAX based on its aviation safety mission. Boeing failed in its design and development of the MAX, and the FAA failed in its oversight of Boeing and its certification of the aircraft.




After Boeing redesigned MCAS in 2016 to increase its authority to move the aircraft’s stabilizer at lower speeds, Boeing failed to reevaluate the system or perform single- or multiple-failure analyses of MCAS.


The why is


Although Boeing assumed that the FAA would approve Level B (non-simulator) training for the MAX, that was a tremendous and risky gamble given the multiple new features on the MAX and the company’s business strategy to sell the MAX to customers as not requiring simulator training years before the FAA had made a determination on this issue. In December 2011, Boeing entered into a contract with Southwest Airlines, its U.S. launch customer, that laid out financial terms and
conditions if Boeing failed to obtain a Level B pilot training requirement from the FAA.

Southwest’s first 737 MAX began scheduled service on October 1, 2017.877 As part of the contract, Boeing agreed to pay Southwest $1 million per MAX airplane that Boeing delivered to Southwest if its pilots were unable to operate the 737 NG and 737 MAX “interchangeably” “due to any reason.”878 On top of that, Boeing agreed to reimburse Southwest for any training expenses that exceeded 10 hours if the FAA required more than 10 hours of pilot training and/or required flight simulator training.879 That agreement left Boeing with significant financial exposure if it failed to obtain Level B (non-simulator) training requirements from the FAA.


This was further expounded by others on the same report:

In a set of safety recommendations issued following the Lion Air and Ethiopian Airlines accidents, the U.S. National Transportation Safety Board observed that Boeing failed to account for the multitude of seemingly unrelated cautions and warnings, including an attention-getting stick shaker, when assessing that only four seconds would be needed for pilots to successfully respond to an erroneous MCAS activation. Moreover, a University of North Dakota researcher concluded in his dissertation in 2016 that pilots don’t regain their full cognitive abilities for 30 to 60 seconds after a “startle” event. The conspicuous omission from the Boeing OMB of information relevant to the role of the startle factor in the Lion Air accident is consistent with Boeing’s failure to establish realistic assumptions regarding the time necessary for pilots to successfully respond to an erroneous MCAS activation.


And;

One of the fundamental canons for engineers is that they hold paramount the safety, health, and welfare of the public. Or as Texas State University Engineering Professor Karl Stephan says, “A good engineer both does things right, and does the right thing.” In the case of the 737 MAX, unfortunately, Boeing failed to meet both criteria. It did not do things “right” when it designed MCAS, for instance. It failed to build in essential redundancies by permitting MCAS to rely on a single AOA sensor. It allowed MCAS to activate repetitively, although at least one Boeing engineer had raised concerns about that capability. And it did not appropriately address the question of faulty AOA data and the negative implications for MCAS because a Boeing engineer falsely assumed that MCAS would not allow that to happen and “shut down.” That did not happen in either of the MAX crashes.

Furthermore, Boeing did not do the “right thing” when it removed references to MCAS from the pilot’s Flight Crew Operations Manual (FCOM). Without question, it was not right for Boeing to fail to share with the FAA Boeing’s own test data showing that it had taken a test pilot more than 10 seconds to respond to uncommanded MCAS activation, and the test pilot believed the condition was “catastrophic[.]” Nor did Boeing do the “right thing” when it became aware that the AOA Disagree alert was not functioning on more than 80 percent of the 737 MAX fleet and then failed to alert the FAA, its customers, and MAX pilots while it continued to both manufacture and deliver an estimated 200 airplanes with this known nonfunctional component.


From JATR, which was there to review FAA practices, we found out that;

With adequate FAA engagement and oversight, the extent of delegation does not in itself compromise safety. However, in the B737 MAX program, the FAA had inadequate awareness of the MCAS function which, coupled with limited involvement, resulted in an inability of the FAA to provide an independent assessment of the adequacy of the Boeing proposed certification activities associated with MCAS. In addition, signs were reported of undue pressures on Boeing ODA engineering unit members (E-UMs) performing certification activities on the B737 MAX program, which further erodes the level of assurance in this system of delegation.


This was a huge failure first on the lawmakers because it is their deregulation and lowered funding of the FAA compared to what they are asked to deliver, and the dual mandate that the FAA has to ensure safety but also expand aviation. There is blame on the FAA for being incompetent; they were so incompetent that external experts were brought in to see just how much they had messed up, and to give recommendations as to what should happen next.

The biggest failure though, was Boeing. This is their bread and butter jet and the only thing they managed to do 'right' was get it to market early.

This is an enthusiast forum, and we can go through all technical talk and what not. The reality is that there are 346 lives lost and the humanity in us must always recognize that it is the loss of those lives that led to the grounding of this jet.

If Boeing had their way, the jet would have never been grounded because they were still singing out how safe the plane was, coming off as tone deaf. It got so bad that they were stalling on documents and eventually the CEO had to go. I have always harbored the thought that amateur hour FAA would have done nothing had other regulators not made the move. Most of those big regulators were simply 'let us try and figure out if there is something wrong with this jet before letting it fly' while some people in the US of A were singing how the jet was safe, or how they were data driven. To date, I think that this is the best thing that could have happened because Boeing was going to have a plane that they could not ship anywhere, and they were so blind they could not see it.

I do not think that a design flaw, implemented so that a company would avoid simulator training, a company that went out of its way to dissuade clients from having sim training, one of which was Lion Air should simply end with some software engineers bearing all the blame.
 
User avatar
Revelation
Posts: 26982
Joined: Wed Feb 09, 2005 9:37 pm

Re: Call to cancel DPA with Boeing on 737MAX Crashes

Sat Aug 07, 2021 3:35 pm

YQBexYHZBGM wrote:
ikramerica wrote:
With regard to finding criminal fault with the software “engineers”, I couldn’t read every post, but unless an “engineer” has a professional license and stamps their work, mistakes are not criminal, no matter how negligent.

If the software code requires engineer stamps, it’s that person who is liable, civilly and criminally. I don’t know if that is a thing in aerospace, but it’s not in any other software field I know of.

It’s one reason Civil Engineers live a crappy existence. Underpaid, undervalued, overworked, and civilly and criminally liable for mistakes.

As an engineer with a degree in civil, I concur. As for whether software "engineers" should be permitted to use the word "engineer" in their job title, that is a subject of discussion that has been going on since I was in engineering school in the late 90s. In my opinion, the licensing bodies for professional engineers should have nipped that in the bud. Anyone else who uses "engineer" in the title of their business endeavor and does not have a degree in engineering or equivalent qualification will be in court in short order. The only notable exceptions made are for audio engineers, stationary engineers (i.e., engine and boiler operators), and locomotive engineers (i.e., train drivers).

Interesting. I have a bachelor of science degree as an electrical "engineer" issued in the mid 80s and a master of science degree as a computer "scientist" issued at the end of the 80s. I feel no different obligations based on what my official titles are. I feel I have ethical obligations that I take seriously, but I know plenty of others in my field who don't take such things seriously and just want to get their changes checked into the system and be home in time for dinner.

There was a big push in the mid 90s by the State of New Jersey to require licenses for computer scientists / software engineers, and professional associations such as ACM and IEEE fought back saying it was a money grab by the state and there was no comprehensive test that could be used to determine who was a qualified software engineer and who was not. I tend to agree with the later. Computers are programmed in so many different languages and are used in so many different problem domains that it would be next to impossible to come up with a test. You could use some sort of made-up computer language and solve some generic problems, but what would that prove? If you wanted to sue such a professional engineer, he could just say he passed the made-up test so leave me alone, so what problem would that solve? There are no equivalents of "building codes" in software, there are few if any measurables that would apply across all the environments that software executes in.
 
FlapOperator
Posts: 406
Joined: Tue Jun 29, 2021 4:07 pm

Re: Call to cancel DPA with Boeing on 737MAX Crashes

Sat Aug 07, 2021 3:43 pm

Gremlinzzzz wrote:
Boeing's remit is to build a plane that is safe to fly. It was a monumental failure on their part.


By the standard you’re suggesting, there is no “safe” airplane in the world.

I’m not defending Boeing’s lazy practices. However, simply starting and stopping with Boeing is convenient to allow forgetting LionAir maintenance practices and Ethiopian’s self admitted training standards do have a component to both accidents.
 
User avatar
Revelation
Posts: 26982
Joined: Wed Feb 09, 2005 9:37 pm

Re: Call to cancel DPA with Boeing on 737MAX Crashes

Sat Aug 07, 2021 4:05 pm

CanukinUSA wrote:
In the Commercial Aircraft world, the important designation for an Engineer/Pilot is called Unit Member (UM). The Unit Member is a member of the Organizational Delegation Authority (ODA) in the company which is the group of people who represent and are responsible to the FAA in the company to ensure that all the airworthiness regulations are complied with. The UM is only subject to the FAA while acting in this capacity not Boeing. During the 737 MAX Certification these personnel were called Authorized Representatives (ARs). The UM/AR is a senior Engineer/Pilot who has the background and responsibility to approve and recommend Certification of Aircraft Systems their UM/AR authority is approved for by the FAA when the FAA delegates that system to the manufacturer. There is a trail of Documentation with signatures for each system. It should not be an extremely arduous process to see who signed for the Flight Control System (MCAS) in the 737 MAX.

You would think so, but this is what has been reported by the media:

n testimony to congressional investigators probing the fatal crashes of two 737 MAX jets, Michael Teal, the chief engineer on Boeing’s 737 MAX program who signed off on the jet’s technical configuration, said he was unaware of crucial technical details of the flight control system that triggered inadvertently and caused the crashes.

And under questioning, both Teal and Keith Leverkuhn, the vice president in overall charge of the MAX development program, denied the airplane had any design flaws beyond an assumption that the pilots would have reacted differently to the triggering of the system.

Ref: https://www.seattletimes.com/business/b ... y-details/

There's the standard party line, the design was perfect except for the assumption made by the unnamed three second guy that the pilot would recognize it as runaway trim within three seconds. Presumably this is the also the guy who signed off on the Flight Control system, but Boeing has managed to keep this guy totally out of the picture.

It goes on to say that Teal, who signed off on the airplane's configuration, knew there was a MCAS function but he didn't know it had repeated activation, nor that it was triggered by a single sensor.

He is quoted as saying:

“The technical leaders well below my level would have gone into that level of detail.”

So he's throwing the people below him under the bus.

Unfortunately, Congressional investigators apparently did not do what you suggest and follow the paper trail down to the three second guy, even though Boeing's Chief Engineer for MAX, and VP for MAX development both say this was the only problem in all of MAX's development.

It makes one wonder why we bother to have a paper trail, and if all this reverence for signatures on documents is nonsense.

Personally I think Boeing managed to position Forkner and Gustafsson as fall guys quite successfully. Congress took the bait and spent their time on them, along with taunting Muilenberg about his compensation. DM also became a fall guy but IMO that was inevitable once his actions early in the crisis turned out to be the wrong ones. Boeing got to cop to a minor aspect of the whole drama, not telling FAA about the MCAS changes late in development, whereas the fundamental problem, not doing a deep dive on MCAS because one guy decided on lord knows what basis that the pilot would decide that MCAS was a runaway stabilizer within three seconds.

Personally I hope the civil court system does expose the root cause of the tragedies. I hoped that Congress and/or DoJ would, but it seems that hope is forlorn. I definitely feel there is more to the story than what we are being told.
 
User avatar
Revelation
Posts: 26982
Joined: Wed Feb 09, 2005 9:37 pm

Re: Call to cancel DPA with Boeing on 737MAX Crashes

Sat Aug 07, 2021 4:16 pm

Gremlinzzzz wrote:
As for criminal liability, there has to be some and it has to go up the chain because as stated, there has to be someone that said make sure this thing has the same type rating as previous 737's. This was the main reason they had MCAS and the main reason they kept hiding changes or downplaying its significance. These are people that get told what to do and it is their duty to accomplish just this.

There's no mystery about who these people are. The ST link ( https://www.seattletimes.com/business/b ... y-details/ ) tells us both Teal (737 chief engineer) and Leverkuhn (VP of 737 development) say they both wanted this, and view it as a safety feature not a flaw. They say that some pilots would fly NG in the morning and MAX in the afternoon, and the more similar they were the better. They say NG had an excellent safety record and all they were trying to do was perpetuate that. They say it was not a money decision, it was a safety decision.

IMO the bigger issue is not that there was a MCAS, but how MCAS got botched. As above, just one guy decided whatever MCAS did was going to be recognized as runaway trim so there was no need to dig into its behavior at a system level. We don't know who this guy is, what pressure he was or was not under, why he alone made the decision, what criteria he used to make the decision, why no one else was in the loop, etc. Seems we may never know.
 
Cubsrule
Posts: 15362
Joined: Sat May 15, 2004 12:13 pm

Re: Call to cancel DPA with Boeing on 737MAX Crashes

Sat Aug 07, 2021 4:40 pm

Revelation wrote:
Personally I hope the civil court system does expose the root cause of the tragedies. I hoped that Congress and/or DoJ would, but it seems that hope is forlorn. I definitely feel there is more to the story than what we are being told.


I think some of the things DOJ didn't do - particularly not insisting that Boeing have an independent monitor, which is pretty common in DPAs over alleged product defects (e.g., Toyota) - may be more probative of DOJ not finding a systemic problem than you think. Paragraph 4(h) of the DPA is instructive in that regard.
 
User avatar
Revelation
Posts: 26982
Joined: Wed Feb 09, 2005 9:37 pm

Re: Call to cancel DPA with Boeing on 737MAX Crashes

Sat Aug 07, 2021 4:44 pm

Cubsrule wrote:
Revelation wrote:
Personally I hope the civil court system does expose the root cause of the tragedies. I hoped that Congress and/or DoJ would, but it seems that hope is forlorn. I definitely feel there is more to the story than what we are being told.

I think some of the things DOJ didn't do - particularly not insisting that Boeing have an independent monitor, which is pretty common in DPAs over alleged product defects (e.g., Toyota) - may be more probative of DOJ not finding a systemic problem than you think. Paragraph 4(h) of the DPA is instructive in that regard.

It's pretty clear DoJ didn't find a systematic problem, but it's not clear how hard they looked. We have testimony from VP level people like Teal and Leverkuhn but no evidence of follow-ups further down the chain of signatures to the ones who actually made the MCAS decisions. Instead all we have is Teal saying he trusted his underlings and no evidence of following up with the underlings.
 
Cubsrule
Posts: 15362
Joined: Sat May 15, 2004 12:13 pm

Re: Call to cancel DPA with Boeing on 737MAX Crashes

Sat Aug 07, 2021 4:57 pm

Revelation wrote:
Cubsrule wrote:
Revelation wrote:
Personally I hope the civil court system does expose the root cause of the tragedies. I hoped that Congress and/or DoJ would, but it seems that hope is forlorn. I definitely feel there is more to the story than what we are being told.

I think some of the things DOJ didn't do - particularly not insisting that Boeing have an independent monitor, which is pretty common in DPAs over alleged product defects (e.g., Toyota) - may be more probative of DOJ not finding a systemic problem than you think. Paragraph 4(h) of the DPA is instructive in that regard.

It's pretty clear DoJ didn't find a systematic problem, but it's not clear how hard they looked. We have testimony from VP level people like Teal and Leverkuhn but no evidence of follow-ups further down the chain of signatures to the ones who actually made the MCAS decisions. Instead all we have is Teal saying he trusted his underlings and no evidence of following up with the underlings.


On these sorts of matters, DOJ usually investigates relentlessly. Can I prove that DOJ wasn't orders of magnitude less thorough than usual with Boeing? I cannot (and if I could, I probably couldn't talk about it here), but it does not strike me as particularly plausible.
 
User avatar
Revelation
Posts: 26982
Joined: Wed Feb 09, 2005 9:37 pm

Re: Call to cancel DPA with Boeing on 737MAX Crashes

Sat Aug 07, 2021 5:13 pm

Cubsrule wrote:
On these sorts of matters, DOJ usually investigates relentlessly. Can I prove that DOJ wasn't orders of magnitude less thorough than usual with Boeing? I cannot (and if I could, I probably couldn't talk about it here), but it does not strike me as particularly plausible.

I'd be happier if we had evidence of them following things deeper than the VP level, but we don't. That doesn't mean they didn't, and I haven't personally gone through all the dumps that came with the Congressional Report but am assuming the media has and would report on such if they had. Maybe that's bad on me, but I already spend too much time on this stuff.
 
User avatar
Pythagoras
Posts: 149
Joined: Sun Oct 04, 2020 12:33 am

Re: Call to cancel DPA with Boeing on 737MAX Crashes

Sat Aug 07, 2021 5:23 pm

Revelation wrote:
IMO the bigger issue is not that there was a MCAS, but how MCAS got botched. As above, just one guy decided whatever MCAS did was going to be recognized as runaway trim so there was no need to dig into its behavior at a system level. We don't know who this guy is, what pressure he was or was not under, why he alone made the decision, what criteria he used to make the decision, why no one else was in the loop, etc. Seems we may never know.


I think that we are all familiar with the Challenger accident and the details that led up to the disaster. The investigation here traced all the decisions made by NASA and Thiokol with regards to the decision to launch on a morning that was outside the parameters for which safety was assured.

In the end, it was the phrasing of a question that led to the fateful decision to launch Challenger. The question posed to the engineers was the following: “This is a very important flight for NASA putting the first teacher into space. If we are going to scrub the launch, we have to be certain that there is a safety issue. So prove to me that we are unsafe.”

The flaw here is that one cannot prove a negative.

The question always should have been that Thiokol engineers need to prove that it was safe to launch that day. As I was mentoring my team, I would often bring this example up as always having to prove one is safe. If you can’t prove it is safe, it is inherently unsafe.

In this regards I agree with you. Boeing is doing a disservice to itself and the industry by not fully documenting the mistakes that were made, whether that was in software requirements, software assurance, test protocols, or internal technical reviews. A Safety Management System, which has now been mandated by the regulators, would document the specific mistakes in the process such that other organizations might learn from these mistakes so as to not repeat them.

Unfortunately the legal system in the United States is such that these important details are suppressed until they come out in testimony or discovery.

There are clues though as to what might have happened based upon findings. One is that the FAA acknowledges that it did not sufficiently account for human factors in its assessment of crew response to flight deck alerts. It would be my conjecture that the lab testing which found the 3-second rule acceptable was not conducted under a realistic scenario.

However, it does seem that the Lion Air accident was similar to the lab testing in that the prior flight was able to discern the fault and disconnect the system, and the accident flight had MCAS trigger twenty three times. It was only until the Ethiopia Airlines accident occurred that it was shown that this was incorrect.

Furthermore there are also clues in that Boeing has made an effort to hire a technical leader at the corporate level with a focus on software development.
 
CanukinUSA
Posts: 148
Joined: Sun Oct 25, 2020 5:06 pm

Re: Call to cancel DPA with Boeing on 737MAX Crashes

Sat Aug 07, 2021 5:47 pm

The UMs are almost always the senior engineers in a particular group like 737 Flight Controls. They spend most of their time as design Engineers and then put on an FAA hat when the Certification Activities are happening if the Certification and Testing is delegated by the FAA. I find it almost impossible to believe that they would not be aware of the changes being made to the system because of Flight Test Issue found during flight tests even if it occurred at the last part of the process. If they were not on the aircraft, they will still have access to all of the data that was collected and, in some cases, have the data available real time by telemetry during testing. From what I can tell the FAA Engineers at the FAA (because MCAS was delegated based on the earlier system design reviews) were not in the chain, but the FAA UMs at Boeing were obviously in the loop with what was going on and would have signed off on it in the Boeing internal documentation and the certification documentation later forwarded to the FAA. Quite often the other Engineers who are not UMs will consult with the UM to determine whether the system can be certified if it is redesigned or changed during the aircraft development process. These people need to be asked why they did not forward onto the FAA the system changes that occurred to MCAS. They are very often on board the Test Aircraft for both Boeing and later FAA Flight Testing.
As far as I understand Agile was first used during the 737 MAX project. The junior managers at Boeing were quite proud of that and were encouraging everyone to adapt it. I wonder if they still think that.
I do not believe that Boeing is the sole cause of the two accidents, but they have sure been a major contributor to the accidents. Like all accidents there has been a chain of events that happened to produce the result. There were obvious issues with the regulators, politicians, processes, airlines, etc. along with Boeing but the legal process likes to find someone to blame and, in my estimation, have left themselves in that position.
Captain Forkner was a Technical Pilot and not an UM as far as I know. UM Flight Test Pilots must have a technical background and/or many years of Flight Test Experience to get the designation. If you view his linked in page his degree is in Political Science and not a technical field. I am certain he was hired for his previous line airline pilot experience and his previous job at the FAA to navigate through the FAA processes for pilot training. Unfortunately, he made several very questionable IMs and E-mails that the DOJ obtained when it ceased the data after the second accident not realizing that these messages remain in the information stored on computers in the Boeing archives. Although I don't condone his behavior, he was only the tip of the iceberg and gave Boeing management a particularly good target to blame this mess on.
 
User avatar
Revelation
Posts: 26982
Joined: Wed Feb 09, 2005 9:37 pm

Re: Call to cancel DPA with Boeing on 737MAX Crashes

Sat Aug 07, 2021 8:20 pm

CanukinUSA wrote:
The UMs are almost always the senior engineers in a particular group like 737 Flight Controls. They spend most of their time as design Engineers and then put on an FAA hat when the Certification Activities are happening if the Certification and Testing is delegated by the FAA. I find it almost impossible to believe that they would not be aware of the changes being made to the system because of Flight Test Issue found during flight tests even if it occurred at the last part of the process. If they were not on the aircraft, they will still have access to all of the data that was collected and, in some cases, have the data available real time by telemetry during testing. From what I can tell the FAA Engineers at the FAA (because MCAS was delegated based on the earlier system design reviews) were not in the chain, but the FAA UMs at Boeing were obviously in the loop with what was going on and would have signed off on it in the Boeing internal documentation and the certification documentation later forwarded to the FAA. Quite often the other Engineers who are not UMs will consult with the UM to determine whether the system can be certified if it is redesigned or changed during the aircraft development process. These people need to be asked why they did not forward onto the FAA the system changes that occurred to MCAS. They are very often on board the Test Aircraft for both Boeing and later FAA Flight Testing.

Above in Post #60 we have:

Pythagoras wrote:
MCAS Revision D is released on March 30, 2016 which changes the function of to a low speed regime. Released emails and instant messages from the Mark Forkner, the Chief Technical Pilot, indicates that this change in functionality was not communicated to the technical pilots. It is only in November 2016 that Forkner uncovers in a simulator session that the functionality has been revised to the low-speed portion of the flight envelope.

The Office of Inspector General finds that it was a fault in the certification process that caused the FAA to be not informed of the changes in MCAS functionality:

"... Boeing did not provide internal coordination documents for Revision D, noting the increased MCAS range, to FAA certification engineers. Because these revision documents were not required certification deliverables, the company did not submit them to FAA for review or acceptance."
-- U.S. DEPARTMENT OF TRANSPORTATION, OFFICE OF INSPECTOR GENERAL, Timeline of Activities Leading to the Certification of the Boeing 737 MAX 8 Aircraft and Actions Taken After the October 2018 Lion Air Accident, June 29, 2020.


It seems to be the closest thing we have to an answer: a flaw in the certification process meant Boeing was not required to forward the documentation of MCAS Rev D to FAA, and indeed they did not.

We also have from Post #19 above:

Pythagoras wrote:
You are correct that the regulators in the AEG group were not informed. This is the basis for the criminal finding in the DPA. But note that this occurs in November 2016 once the Chief Technical pilot realizes that he had not been fully informed of the changes to the configuration in flight test. He is at that point obligated to inform the FAA AEG of the changes. The DPA finds no fault in the Type Certification process, that is the process by which the configuration is shown to meet the regulations.

It seems a bit of triangulation is needed to make these two statements stand. My attempt to reconcile them is the certification process itself did not require Boeing to forward the documentation on the changes to MCAS (something the IG report says is a flaw in the process), but Forkner's job role did require him to inform FAA when he realized the changes to MCAS to activate in the slow speed regime could impact training requirements.
 
CanukinUSA
Posts: 148
Joined: Sun Oct 25, 2020 5:06 pm

Re: Call to cancel DPA with Boeing on 737MAX Crashes

Sat Aug 07, 2021 8:43 pm

As I stated in an earlier post the ARs/UMs are responsible to the FAA when they are doing certification activities I find it hard to believe that a change could be done to a flight critical system such as Flight Control Systems and they as an FAA Designee (subject to all of the same FAA orders as a regular FAA employee) would not be responsible to ensure that the FAA is informed for it. If that were the case one could change any system on board the aircraft that has been delegated during certification testing. The manufacturer (In this case Boeing) spends a considerable amount of time and money before each test making sure the system conforms to the design and drawings that will be certified as required by the FAA.
I guess that is why the FAA has no respect for any of the testing it has done with other countries regulators these days.
 
ikramerica
Posts: 15186
Joined: Mon May 23, 2005 9:33 am

Re: Call to cancel DPA with Boeing on 737MAX Crashes

Sat Aug 07, 2021 9:02 pm

Not to belabor a point, but it sounds like an “Agile” type failure when things are changed without enough oversight and documentation and the higher ups don’t even know it happened.

It’s how major bugs and security holes show up in GM software releases that didn’t exist in the signed off betas.

It’s how entire websites go offline because someone made some little change without proper oversight and comment and under pressure to check-in their software by a deadline.

The process may, MAY, be faster, and may, MAY, lead to more advanced or mature features in a set time frame, but it can be detrimental to proper documentation, chain of responsibility and overall accountability. And that means fewer eyes which have the experience to see a fatal flaw are even aware the changes are being made.
Revelation wrote:
YQBexYHZBGM wrote:
ikramerica wrote:
With regard to finding criminal fault with the software “engineers”, I couldn’t read every post, but unless an “engineer” has a professional license and stamps their work, mistakes are not criminal, no matter how negligent.

If the software code requires engineer stamps, it’s that person who is liable, civilly and criminally. I don’t know if that is a thing in aerospace, but it’s not in any other software field I know of.

It’s one reason Civil Engineers live a crappy existence. Underpaid, undervalued, overworked, and civilly and criminally liable for mistakes.

As an engineer with a degree in civil, I concur. As for whether software "engineers" should be permitted to use the word "engineer" in their job title, that is a subject of discussion that has been going on since I was in engineering school in the late 90s. In my opinion, the licensing bodies for professional engineers should have nipped that in the bud. Anyone else who uses "engineer" in the title of their business endeavor and does not have a degree in engineering or equivalent qualification will be in court in short order. The only notable exceptions made are for audio engineers, stationary engineers (i.e., engine and boiler operators), and locomotive engineers (i.e., train drivers).

Interesting. I have a bachelor of science degree as an electrical "engineer" issued in the mid 80s and a master of science degree as a computer "scientist" issued at the end of the 80s. I feel no different obligations based on what my official titles are. I feel I have ethical obligations that I take seriously, but I know plenty of others in my field who don't take such things seriously and just want to get their changes checked into the system and be home in time for dinner.

There was a big push in the mid 90s by the State of New Jersey to require licenses for computer scientists / software engineers, and professional associations such as ACM and IEEE fought back saying it was a money grab by the state and there was no comprehensive test that could be used to determine who was a qualified software engineer and who was not. I tend to agree with the later. Computers are programmed in so many different languages and are used in so many different problem domains that it would be next to impossible to come up with a test. You could use some sort of made-up computer language and solve some generic problems, but what would that prove? If you wanted to sue such a professional engineer, he could just say he passed the made-up test so leave me alone, so what problem would that solve? There are no equivalents of "building codes" in software, there are few if any measurables that would apply across all the environments that software executes in.

The test should be about professional ethics and project management best practices and apply not to the code monkeys or qa staff, but their managers. It would be a start at least.
Last edited by ikramerica on Sat Aug 07, 2021 9:18 pm, edited 1 time in total.
 
ikramerica
Posts: 15186
Joined: Mon May 23, 2005 9:33 am

Re: Call to cancel DPA with Boeing on 737MAX Crashes

Sat Aug 07, 2021 9:10 pm

CanukinUSA wrote:
The UMs are almost always the senior engineers in a particular group like 737 Flight Controls. They spend most of their time as design Engineers and then put on an FAA hat when the Certification Activities are happening if the Certification and Testing is delegated by the FAA. I find it almost impossible to believe that they would not be aware of the changes being made to the system because of Flight Test Issue found during flight tests even if it occurred at the last part of the process. If they were not on the aircraft, they will still have access to all of the data that was collected and, in some cases, have the data available real time by telemetry during testing. From what I can tell the FAA Engineers at the FAA (because MCAS was delegated based on the earlier system design reviews) were not in the chain, but the FAA UMs at Boeing were obviously in the loop with what was going on and would have signed off on it in the Boeing internal documentation and the certification documentation later forwarded to the FAA. Quite often the other Engineers who are not UMs will consult with the UM to determine whether the system can be certified if it is redesigned or changed during the aircraft development process. These people need to be asked why they did not forward onto the FAA the system changes that occurred to MCAS. They are very often on board the Test Aircraft for both Boeing and later FAA Flight Testing.
As far as I understand Agile was first used during the 737 MAX project. The junior managers at Boeing were quite proud of that and were encouraging everyone to adapt it. I wonder if they still think that.
I do not believe that Boeing is the sole cause of the two accidents, but they have sure been a major contributor to the accidents. Like all accidents there has been a chain of events that happened to produce the result. There were obvious issues with the regulators, politicians, processes, airlines, etc. along with Boeing but the legal process likes to find someone to blame and, in my estimation, have left themselves in that position.
Captain Forkner was a Technical Pilot and not an UM as far as I know. UM Flight Test Pilots must have a technical background and/or many years of Flight Test Experience to get the designation. If you view his linked in page his degree is in Political Science and not a technical field. I am certain he was hired for his previous line airline pilot experience and his previous job at the FAA to navigate through the FAA processes for pilot training. Unfortunately, he made several very questionable IMs and E-mails that the DOJ obtained when it ceased the data after the second accident not realizing that these messages remain in the information stored on computers in the Boeing archives. Although I don't condone his behavior, he was only the tip of the iceberg and gave Boeing management a particularly good target to blame this mess on.

My school had a sad connection to that disaster because the son of one of our teachers was on it. So despite a “routine” launch that normally would have been ignored, our whole school was watching the tragedy, as was Krista’s school, so lots if little kids had to watch people blow up…
 
Vicenza
Posts: 407
Joined: Sun Apr 19, 2020 3:21 pm

Re: Call to cancel DPA with Boeing on 737MAX Crashes

Sat Aug 07, 2021 10:01 pm

FlapOperator wrote:
Gremlinzzzz wrote:
Boeing's remit is to build a plane that is safe to fly. It was a monumental failure on their part.


By the standard you’re suggesting, there is no “safe” airplane in the world.

I’m not defending Boeing’s lazy practices. However, simply starting and stopping with Boeing is convenient to allow forgetting LionAir maintenance practices and Ethiopian’s self admitted training standards do have a component to both accidents.


But, despite the denial, you actually are doing exactly that by trying to deflect from the fact that Boeing hid essential information from regulators, airlines and pilots in order to save money and cheat the certification process.....and then lied and covered it up. So yes, the member is correct. At the time, the MAX was not safe to fly.
 
Rekoff
Posts: 55
Joined: Tue May 18, 2021 7:15 pm

Re: Call to cancel DPA with Boeing on 737MAX Crashes

Sat Aug 07, 2021 11:10 pm

Pythagoras wrote:
Scotron12 wrote:
https://www.counterpunch.org/2021/08/02/collapsing-federal-corporate-crime-enforcement/

Artical by Ralph Nader giving a little more insight


The Executives didn't write bad code. The engineers wrote bad code. I feel for Nader and his family, but Nader can only see conspiracy when it is in fact incompetence. Sometimes incompetence can look like conspiracy.

One thing is true though is that the lawyers are keeping the facts of the case hidden which makes is very difficult to determine the circumstances for such poorly written code. Was it the fault of Boeing in writing the requirements? Or was it the fault of Collins in interpreting the requirements incorrectly? We just won't know unless the courts try this case.


First of all: it wasn't just about some bad code. You of all people should now better after hundreds of pages where intentional neglect, withholding information and misleading the FAA have been all but proven - let's please not rehash that discussion but to hear it being reduced again to sloppy coding from someone that should know of the complexities around systems engineering, verification, validation and certification -that are all designed to manage complex processes and uncover these kinds of low-level faults and inadequacies, all I can say is I expect better. It's insulting to the victims.

It's also strange how this logic was never applied to Volkswagen, where it were also the engineers that frauded their way to compliance. Nobody died from the diesel scandal (please spare me the theoretical deaths) yet two executives landed in jail and the Justice Department was looking for $46billion(!!) in penalties. In the end they paid $4.3billion in direct penalties and another $29billion in indirect penalties and compensations.

Contrast this with Boeing that in a settlement only paid a fine of a measly $243 million. Compensation for the families was $2.2billion.

We can all guess to the reason why Boeing only paid a fraction of Volkswagen yet the MAX disasters were a few orders of magnitude worse in their consequences. Yet we keep hearing on these forums how "close" and entangled European governments are to Airbus...as if the same isnt the case for Boeing and the US. At least Europe didnt try to levy fines on Boeing for the way they also mislead EASA and put European passengers at risk. So at least the Europeans can claim the moral high ground for the time being after years of being blasted for corruption.
 
rbavfan
Posts: 3899
Joined: Fri Apr 17, 2015 5:53 am

Re: Call to cancel DPA with Boeing on 737MAX Crashes

Sat Aug 07, 2021 11:40 pm

mig17 wrote:
SEPilot wrote:
Engineers, programmers, or whatever you call them, are human. So are executives. All humans make mistakes. In this case the main mistake was not thinking through the full consequences of a failure. As an engineer and pilot myself, I could not initially understand why these two crashes occurred, especially the second one. I attributed it to poor training. As a pilot, to me it is obvious that if you have uncommanded trim inputs the first thing to do is to disable whatever mechanism it is that is making them, in this case the vertical trim. Certainly all pilots should be trained to handle runaway trim. What I did not realize was that the intermittent operation of the MCAS system made it much more confusing. But I fly low tech, manually controlled GA planes, not highly automated airliners where the pilot is more of a systems manager than a pilot. I strongly suspect that too many pilots, especially in countries where GA is extremely limited or nonexistent, are trained only on highly automated planes and never learn true stick-and-rudder skills. But that is reality, and we are not going to change it. And with that in mind, it is important to learn from this rather than to find scapegoats. Airline safety has become as safe as it is precisely because we have managed to create a system for finding the true cause of crashes while avoiding political and financial interests, and acting to prevent the resulting findings to cause another crash. And this one must be handled the same way. Yes, there was excessive coziness between Boeing and the FAA, and that was a factor leading to the crashes. But it was not the only one. Let’s learn from it and move on. Punishing Boeing at this point really serves no purpose, they have been extensively punished in the marketplace. They are also being extensively punished in their effort to certify the 779. But let us not lose sight of the fact that we need airliners, and having only one source of them serves nobody well. There is nobody in the wings to pick it up if Boeing fails. And if we make the process too difficult both Boeing and Airbus will cease. And then we will be stuck. The idea has to be to find a way for Boeing and the FAA to work together to prevent a similar oversight in the future.

Mistakes can be made, ok. For exemple, Boeing knowing about a system failure in their design and covering it thinking "crews will handle". It is already a very big mistake, but ok.
But keeping it covered after the first crash isn't, it is a delibarate fault. The second crash is entirely their doing and even after Boeing calling the MAX "safe" is juste unbelivable.

That is why I don't understand all "aviation enthousiaste" cheering for the 737MAX. To me, it is the symbol of a corrupt system from start to finish and even if the US justice does nothing for political reason, every pax can with their wallet. I will never fly a MAX by principles.

To answer your fear about one manufacturer trusting the market, it will not happen, even if Boeing as a financial entity goes down, Boeing as a plane manufacturer will remain, juste with new owners after goeing bankrupt.



My comment is more on not only boeing ignoring years of historic data & FAA/EASA certification being allowed. They had only a single sensor so no failsafe backup. Airbus has software thats similar built in, ut they put 3 sensors for triple redundancy. Safety protocols need to be followed in all design. It is what has improved saftey over the last 30+ years. Boeing allowing a single point failure via the sensor ignored that ultimate saftey standard. Even in the current upgrade they do not have a third to require at least 2 to match before sending the plane into a plunge!
I used to be a huge Boeing fan, but from 787, 737Max & 777 delays & issues it shows they have taken profit over safety. Which always cost lives.
 
rbavfan
Posts: 3899
Joined: Fri Apr 17, 2015 5:53 am

Re: Call to cancel DPA with Boeing on 737MAX Crashes

Sat Aug 07, 2021 11:42 pm

rbavfan wrote:
mig17 wrote:
SEPilot wrote:
Engineers, programmers, or whatever you call them, are human. So are executives. All humans make mistakes. In this case the main mistake was not thinking through the full consequences of a failure. As an engineer and pilot myself, I could not initially understand why these two crashes occurred, especially the second one. I attributed it to poor training. As a pilot, to me it is obvious that if you have uncommanded trim inputs the first thing to do is to disable whatever mechanism it is that is making them, in this case the vertical trim. Certainly all pilots should be trained to handle runaway trim. What I did not realize was that the intermittent operation of the MCAS system made it much more confusing. But I fly low tech, manually controlled GA planes, not highly automated airliners where the pilot is more of a systems manager than a pilot. I strongly suspect that too many pilots, especially in countries where GA is extremely limited or nonexistent, are trained only on highly automated planes and never learn true stick-and-rudder skills. But that is reality, and we are not going to change it. And with that in mind, it is important to learn from this rather than to find scapegoats. Airline safety has become as safe as it is precisely because we have managed to create a system for finding the true cause of crashes while avoiding political and financial interests, and acting to prevent the resulting findings to cause another crash. And this one must be handled the same way. Yes, there was excessive coziness between Boeing and the FAA, and that was a factor leading to the crashes. But it was not the only one. Let’s learn from it and move on. Punishing Boeing at this point really serves no purpose, they have been extensively punished in the marketplace. They are also being extensively punished in their effort to certify the 779. But let us not lose sight of the fact that we need airliners, and having only one source of them serves nobody well. There is nobody in the wings to pick it up if Boeing fails. And if we make the process too difficult both Boeing and Airbus will cease. And then we will be stuck. The idea has to be to find a way for Boeing and the FAA to work together to prevent a similar oversight in the future.

Mistakes can be made, ok. For exemple, Boeing knowing about a system failure in their design and covering it thinking "crews will handle". It is already a very big mistake, but ok.
But keeping it covered after the first crash isn't, it is a delibarate fault. The second crash is entirely their doing and even after Boeing calling the MAX "safe" is juste unbelivable.

That is why I don't understand all "aviation enthousiaste" cheering for the 737MAX. To me, it is the symbol of a corrupt system from start to finish and even if the US justice does nothing for political reason, every pax can with their wallet. I will never fly a MAX by principles.

To answer your fear about one manufacturer trusting the market, it will not happen, even if Boeing as a financial entity goes down, Boeing as a plane manufacturer will remain, juste with new owners after goeing bankrupt.



My comment is more on not only boeing ignoring years of historic data & FAA/EASA certification being allowed. They had only a single sensor so no failsafe backup. Airbus has software thats similar built in, ut they put 3 sensors for triple redundancy. Safety protocols need to be followed in all design. It is what has improved saftey over the last 30+ years. Boeing allowing a single point failure via the sensor ignored that ultimate saftey standard. Even in the current upgrade they do not have a third to require at least 2 to match before sending the plane into a plunge!
I used to be a huge Boeing fan, but from 787, 737Max & 777 delays & issues it shows they have taken profit over safety. Which always cost lives.


Note the rigging of fuel burn numbers DOES NOT impact safety of the drivers & passengers in a VW. Also the 2.2 billion paid to families was what they right arounfd what they had estimated the added cost to develop the plane with engines mounted in a way that did not create the nose up issue. Add that payout to the billions in losses for the long grounding. They are close to what they said an clean sheet would have cost in the first place. All done so they coul compete against a newer model and keep their cash cow sales in place. Pure greed.
Last edited by rbavfan on Sat Aug 07, 2021 11:50 pm, edited 1 time in total.
 
Gremlinzzzz
Posts: 419
Joined: Fri Jan 24, 2020 4:28 am

Re: Call to cancel DPA with Boeing on 737MAX Crashes

Sat Aug 07, 2021 11:49 pm

FlapOperator wrote:
By the standard you’re suggesting, there is no “safe” airplane in the world.

I’m not defending Boeing’s lazy practices. However, simply starting and stopping with Boeing is convenient to allow forgetting LionAir maintenance practices and Ethiopian’s self admitted training standards do have a component to both accidents.

It is not my standard.

In 2013, there was the grounding of the Dreamliner. In 2019, there was the grounding of the 737 MAX. When these aircraft were grounded, no one was thinking about anything else other than that these jets had design flaws. Boeing was told to go back to work and solve these issues before these planes could get back in the air. In the space of half a decade, Boeing has had two planes grounded globally because they were unsafe to fly.

We often forget that it was not just MCAS that Boeing botched; once they started looking at the jet, they found a litany of issues. What you are presenting are side shows that take away from the fact that we just had the longest ever grounding of any jet ever made in the modern age. The funny thing is that it was not even a clean sheet plane. Boeing was so bad at their job that regulators in short told us that they were going to see to it that this jet is fixed, that they determine what the appropriate training regime should be before they allow it to take flight again. It was so bad that the FAA convened a task force all the while looking back at the plane again.


Revelation wrote:
Gremlinzzzz wrote:
There's no mystery about who these people are. The ST link ( https://www.seattletimes.com/business/b ... y-details/ ) tells us both Teal (737 chief engineer) and Leverkuhn (VP of 737 development) say they both wanted this, and view it as a safety feature not a flaw. They say that some pilots would fly NG in the morning and MAX in the afternoon, and the more similar they were the better. They say NG had an excellent safety record and all they were trying to do was perpetuate that. They say it was not a money decision, it was a safety decision.

IMO the bigger issue is not that there was a MCAS, but how MCAS got botched. As above, just one guy decided whatever MCAS did was going to be recognized as runaway trim so there was no need to dig into its behavior at a system level. We don't know who this guy is, what pressure he was or was not under, why he alone made the decision, what criteria he used to make the decision, why no one else was in the loop, etc. Seems we may never know.
It was a financial problem. They understood that if airlines had to take pilots out and offer sim training, this would be an added cost to the airlines who would similarly demand discounts. Businesses have to attach a cost to everything and in the case of Southwest as an example, who has a favored clause embedded, Boeing would have had to pay $1 million per frame if sim training was mandated. We know for a fact that they kept downplaying MCAS so that it would not receive extra scrutiny.

They eventually agreed to sim training, but all of this was after they got did some atrocious PR that forced them to get rid of Muilenberg. They then dumped as much bad news as possible to try and give Calhoun better platform to build upon.

The committee on transportation and the JATR report tell us exactly why this happened. Boeing was under commercial pressure to get something to compete with the NEO. American Airlines wanted something that was an evolution to NG, and Southwest was always going to want something similar seeing that this is all they have ever flown. In other words, they needed to keep some of their biggest customers at home from switching and this meant that they needed to come up with a solution that best fit the needs of these airlines. No sim training was one of those requirements.

What did we expect Boeing to tell us? That it was a money oriented move? The world has a lot of pilots that can fly the 737 and none that could fly a new potential 737 replacement that would need to be fly by wire. The entire MAX calculus was based on a cost basis i.e. easier to re-engine, less costly, it would be less expensive for airlines to acquire and it allowed Boeing to compete now, keep customers as they waited for a better solution down the line.

As stated earlier, MCAS was not the only thing that they messed up, they messed up a lot. MCAS was just what brought the plane down.
 
rbavfan
Posts: 3899
Joined: Fri Apr 17, 2015 5:53 am

Re: Call to cancel DPA with Boeing on 737MAX Crashes

Sat Aug 07, 2021 11:56 pm

CanukinUSA wrote:
The UMs are almost always the senior engineers in a particular group like 737 Flight Controls. They spend most of their time as design Engineers and then put on an FAA hat when the Certification Activities are happening if the Certification and Testing is delegated by the FAA. I find it almost impossible to believe that they would not be aware of the changes being made to the system because of Flight Test Issue found during flight tests even if it occurred at the last part of the process. If they were not on the aircraft, they will still have access to all of the data that was collected and, in some cases, have the data available real time by telemetry during testing. From what I can tell the FAA Engineers at the FAA (because MCAS was delegated based on the earlier system design reviews) were not in the chain, but the FAA UMs at Boeing were obviously in the loop with what was going on and would have signed off on it in the Boeing internal documentation and the certification documentation later forwarded to the FAA. Quite often the other Engineers who are not UMs will consult with the UM to determine whether the system can be certified if it is redesigned or changed during the aircraft development process. These people need to be asked why they did not forward onto the FAA the system changes that occurred to MCAS. They are very often on board the Test Aircraft for both Boeing and later FAA Flight Testing.
As far as I understand Agile was first used during the 737 MAX project. The junior managers at Boeing were quite proud of that and were encouraging everyone to adapt it. I wonder if they still think that.
I do not believe that Boeing is the sole cause of the two accidents, but they have sure been a major contributor to the accidents. Like all accidents there has been a chain of events that happened to produce the result. There were obvious issues with the regulators, politicians, processes, airlines, etc. along with Boeing but the legal process likes to find someone to blame and, in my estimation, have left themselves in that position.
Captain Forkner was a Technical Pilot and not an UM as far as I know. UM Flight Test Pilots must have a technical background and/or many years of Flight Test Experience to get the designation. If you view his linked in page his degree is in Political Science and not a technical field. I am certain he was hired for his previous line airline pilot experience and his previous job at the FAA to navigate through the FAA processes for pilot training. Unfortunately, he made several very questionable IMs and E-mails that the DOJ obtained when it ceased the data after the second accident not realizing that these messages remain in the information stored on computers in the Boeing archives. Although I don't condone his behavior, he was only the tip of the iceberg and gave Boeing management a particularly good target to blame this mess on.


It would be nice to note what "Agile" is in your comment?
 
fly4ever78
Posts: 85
Joined: Tue Mar 07, 2017 10:17 pm

Re: Call to cancel DPA with Boeing on 737MAX Crashes

Sun Aug 08, 2021 12:37 am

SEPilot wrote:
Engineers, programmers, or whatever you call them, are human. So are executives. All humans make mistakes. In this case the main mistake was not thinking through the full consequences of a failure. As an engineer and pilot myself, I could not initially understand why these two crashes occurred, especially the second one. I attributed it to poor training. As a pilot, to me it is obvious that if you have uncommanded trim inputs the first thing to do is to disable whatever mechanism it is that is making them, in this case the vertical trim. Certainly all pilots should be trained to handle runaway trim. What I did not realize was that the intermittent operation of the MCAS system made it much more confusing. But I fly low tech, manually controlled GA planes, not highly automated airliners where the pilot is more of a systems manager than a pilot. I strongly suspect that too many pilots, especially in countries where GA is extremely limited or nonexistent, are trained only on highly automated planes and never learn true stick-and-rudder skills. But that is reality, and we are not going to change it. And with that in mind, it is important to learn from this rather than to find scapegoats.


With all due respect, GA pilots have amazing stick and rudder skills, do not get me wrong... BUT there is a very big difference between an airliner with its mass and airspeed (magnitudes higher than GA) and a small GA airplane. Startle factor, speed, altitude and lack of proper knowledge/training on MCAS are all factors here. But to compare a runaway on a GA airplane with that of a 737 is like comparing apples to oranges. Not to mention the incredibly archaic design of the 737 warning system (system annunciator panel), which is at best, minimal to meet regulatory requirements. I am not surprised at all that these accidents happened. And to say the pilots should have recognized it immediately and pulled a circuit breaker, all while on a wild rollercoaster is a bit "monday morning quarterbacking". I do however agree that engineers had absolutely nothing to do with this.
 
User avatar
SEPilot
Posts: 5753
Joined: Sat Dec 30, 2006 10:21 pm

Re: Call to cancel DPA with Boeing on 737MAX Crashes

Sun Aug 08, 2021 1:04 am

fly4ever78 wrote:
SEPilot wrote:
Engineers, programmers, or whatever you call them, are human. So are executives. All humans make mistakes. In this case the main mistake was not thinking through the full consequences of a failure. As an engineer and pilot myself, I could not initially understand why these two crashes occurred, especially the second one. I attributed it to poor training. As a pilot, to me it is obvious that if you have uncommanded trim inputs the first thing to do is to disable whatever mechanism it is that is making them, in this case the vertical trim. Certainly all pilots should be trained to handle runaway trim. What I did not realize was that the intermittent operation of the MCAS system made it much more confusing. But I fly low tech, manually controlled GA planes, not highly automated airliners where the pilot is more of a systems manager than a pilot. I strongly suspect that too many pilots, especially in countries where GA is extremely limited or nonexistent, are trained only on highly automated planes and never learn true stick-and-rudder skills. But that is reality, and we are not going to change it. And with that in mind, it is important to learn from this rather than to find scapegoats.


With all due respect, GA pilots have amazing stick and rudder skills, do not get me wrong... BUT there is a very big difference between an airliner with its mass and airspeed (magnitudes higher than GA) and a small GA airplane. Startle factor, speed, altitude and lack of proper knowledge/training on MCAS are all factors here. But to compare a runaway on a GA airplane with that of a 737 is like comparing apples to oranges. Not to mention the incredibly archaic design of the 737 warning system (system annunciator panel), which is at best, minimal to meet regulatory requirements. I am not surprised at all that these accidents happened. And to say the pilots should have recognized it immediately and pulled a circuit breaker, all while on a wild rollercoaster is a bit "monday morning quarterbacking". I do however agree that engineers had absolutely nothing to do with this.

Flying is flying, whether an ultralight or an AN-225. The same basic controls are used and the same aerodynamic principles apply. My flying has been all in single engined airplanes, but I did have a chance to fly a KC-135 simulator once and did a credible job (which the instructor said was unusual for a single engine pilot). Any uncommanded control or trim input should be of immediate concern and must be dealt with immediately. Mass and speed do not affect this; they will only affect the size of the crater if control is not regained. G forces actually are not much different. The differences between slow, small planes and big, fast ones are mostly in takeoff and landing behavior and in high speed high altitude performance and handling. And it is certainly true that the faster a plane flies, the faster things happen and have to be dealt with. But what I did not initially understand is that the MCAS, when malfunctioning, would do one quick input and stop, and then do another, and then another, until it had run the trim to the limit. That could be very confusing. I believe that my reaction, without any knowledge of or training on the system would have been to pull the electric trim breaker, as that is the only thing that can move the trim uncommanded. It was mentioned that the Ethiopian crew did that and then could not move the trim manually. That is disturbing; and indicates another problem. I have never heard of manual trim being too hard to move; that is unacceptable. All airline pilots are trained to deal with runaway trim, which can happen. Training for runaway trim doesn’t do much good if it can’t be moved manually.
Last edited by SEPilot on Sun Aug 08, 2021 1:33 am, edited 1 time in total.
 
fly4ever78
Posts: 85
Joined: Tue Mar 07, 2017 10:17 pm

Re: Call to cancel DPA with Boeing on 737MAX Crashes

Sun Aug 08, 2021 1:16 am

SEPilot wrote:
fly4ever78 wrote:
SEPilot wrote:
Engineers, programmers, or whatever you call them, are human. So are executives. All humans make mistakes. In this case the main mistake was not thinking through the full consequences of a failure. As an engineer and pilot myself, I could not initially understand why these two crashes occurred, especially the second one. I attributed it to poor training. As a pilot, to me it is obvious that if you have uncommanded trim inputs the first thing to do is to disable whatever mechanism it is that is making them, in this case the vertical trim. Certainly all pilots should be trained to handle runaway trim. What I did not realize was that the intermittent operation of the MCAS system made it much more confusing. But I fly low tech, manually controlled GA planes, not highly automated airliners where the pilot is more of a systems manager than a pilot. I strongly suspect that too many pilots, especially in countries where GA is extremely limited or nonexistent, are trained only on highly automated planes and never learn true stick-and-rudder skills. But that is reality, and we are not going to change it. And with that in mind, it is important to learn from this rather than to find scapegoats.


With all due respect, GA pilots have amazing stick and rudder skills, do not get me wrong... BUT there is a very big difference between an airliner with its mass and airspeed (magnitudes higher than GA) and a small GA airplane. Startle factor, speed, altitude and lack of proper knowledge/training on MCAS are all factors here. But to compare a runaway on a GA airplane with that of a 737 is like comparing apples to oranges. Not to mention the incredibly archaic design of the 737 warning system (system annunciator panel), which is at best, minimal to meet regulatory requirements. I am not surprised at all that these accidents happened. And to say the pilots should have recognized it immediately and pulled a circuit breaker, all while on a wild rollercoaster is a bit "monday morning quarterbacking". I do however agree that engineers had absolutely nothing to do with this.

Flying is flying, whether an ultralight or an AN-225. The same basic controls are used and the same aerodynamic principles apply. My flying has been all in single engined airplanes, but I did have a chance to fly a KC-135 simulator once and did a credible job (which the instructor said was unusual for a single engine pilot). Any uncommanded control or trim input should be of immediate concern and must be dealt with immediately. Mass and speed do not affect this; they will only affect the size of the crater if control is not regained. G forces actually are not much different. The differences between slow, small planes and big, fast ones are mostly in takeoff and landing behavior and in high speed high altitude performance and handling. But what I did not initially understand is that the MCAS, when malfunctioning, would do one quick input and stop, and then do another, and then another, until it had run the trim to the limit. That could be very confusing. I believe that my reaction, without any knowledge of or training on the system would have been to pull the electric trim breaker, as that is the only thing that can move the trim uncommanded. It was mentioned that the Ethiopian crew did that and then could not move the trim manually. That is disturbing; and indicates another problem. I have never heard of manual trim being too hard to move; that is unacceptable. All airline pilots are trained to deal with runaway trim, which can happen. Training for runaway trim doesn’t do much good if it can’t be moved manually.


Air load on the stabilizer will make it impossible to move manually above a certain level. I have flown both and I do not agree that it's the same thing, but that is your opinion. You have much more time to deal with a problem in a GA airplane than one moving at 250 knots, that is just a fact.
 
RickNRoll
Posts: 1883
Joined: Fri Jan 06, 2012 9:30 am

Re: Call to cancel DPA with Boeing on 737MAX Crashes

Sun Aug 08, 2021 2:15 am

LAX772LR wrote:
Pythagoras wrote:
The Executives didn't write bad code.

But they ultimately approved the processes (or lack thereof) that allowed said bad code to go unaddressed and ultimately undetected both by regulators and (especially by) operators, with lethal consequences.


Pythagoras wrote:
The engineers wrote bad code.

Off topic: but would they be engineers, or programmers? Are programmers engineers?
Be interested if someone with frontline experience could chime in regarding how either is classified.


Programming is still as much an handcraft skill as an engineering exercise, engineering is becoming more of a science. Programming is still a very immature area of engineering. Planes are using engineering that has been developed over centuries.

NASA has tried to bring an egineering approach to software development but that is not very popular because it slows down software development times.
 
User avatar
Pythagoras
Posts: 149
Joined: Sun Oct 04, 2020 12:33 am

Re: Call to cancel DPA with Boeing on 737MAX Crashes

Sun Aug 08, 2021 3:05 am

Revelation wrote:
It seems a bit of triangulation is needed to make these two statements stand. My attempt to reconcile them is the certification process itself did not require Boeing to forward the documentation on the changes to MCAS (something the IG report says is a flaw in the process), but Forkner's job role did require him to inform FAA when he realized the changes to MCAS to activate in the slow speed regime could impact training requirements.


Exactly.

It is important to understand that both Boeing and the FAA are bureaucratic stovepipe organizations where information and responsibility is retained within disciplines. Finding compliance to a particular paragraph in the FARs is parsed out to individual UM/ARs who put together and approve the certification documents. These myriad of certification documents, where I remind you has MCAS interspersed, had been drafted and mostly completed at the time the MCAS Rev D revision. At the the time of the Rev D revision, the task before the UM/ARs would have been whether the change in functionality to include the low speed flight envelope necessitated changing these certification documents. When the erroneous activation of MCAS is judged as “Hazardous” which the FAA permits Boeing to make without outside oversight, it ensures the FAA does not gain visibility of the system and for its functionality to not be mentioned in the certification documents.

Mark Forkner in his role as Chief Technical pilot represents the services business of Boeing and not the design and manufacturing business of Boeing. It may be that the 737Max Flight Control engineers who developed and approved the Rev D revision considered whether the change in functionality required changing pilot training. It one sees the MCAS failure as equivalent to a runaway stabilizer trim one could conclude that there would be no impact to the training curriculum. That conclusion though is not Boeing’s to make exclusively of the FAA which is why Forkner and Boeing is found criminally negligent.

Let’s not forget that when Boeing concedes that additional simulator training is required for the 737Max for return to service that this training recommendation applies to all 737 models. The actions by both flight crews indicates an incomplete understanding of elevator, horizontal stabilizer and its systems.
 
Scotron12
Topic Author
Posts: 592
Joined: Fri Mar 01, 2019 2:13 pm

Re: Call to cancel DPA with Boeing on 737MAX Crashes

Sun Aug 08, 2021 4:46 am

Can you imagine, of course with a bit of 20/20 hindsight, if Boeing had come clean from the outset on MCAS, and that SIM training would be required??

Notwithstanding the so called $1M per plane deal with SW, it would have cost Boeing money, yeah, a lot of money, but certainly a lot lot less than the $billions it's cost to date.

OTOH, Im sure it wasn't Forkner et al, that were solely responsible. Doesn't make sense
 
LDRA
Posts: 411
Joined: Fri Jan 15, 2016 3:01 am

Re: Call to cancel DPA with Boeing on 737MAX Crashes

Sun Aug 08, 2021 5:16 am

Scotron12 wrote:
Can you imagine, of course with a bit of 20/20 hindsight, if Boeing had come clean from the outset on MCAS, and that SIM training would be required??

Notwithstanding the so called $1M per plane deal with SW, it would have cost Boeing money, yeah, a lot of money, but certainly a lot lot less than the $billions it's cost to date.

OTOH, Im sure it wasn't Forkner et al, that were solely responsible. Doesn't make sense


Forkner is one of the victims. Poor person was not even told of MCAS, had to find it out for himself in simulator. This MCAS thing is so low profile, even Boeing chief tech pilot doesn't know about it!
 
LDRA
Posts: 411
Joined: Fri Jan 15, 2016 3:01 am

Re: Call to cancel DPA with Boeing on 737MAX Crashes

Sun Aug 08, 2021 5:39 am

Finally took time to read through JATR report

From JATR report, it appears failure mode analysis for production configuration of MCAS was not even performed.

Observation O6.9-C: Boeing conducted an S&MF analysis on Revision C of the
STS requirements for MCAS software, which only included high-speed values in
its lookup table (as was used in the military tanker version of the B767).
o Observation O6.9-D: During Boeing flight tests, the company added low-speed
values to the MCAS lookup table in its Revision D of the STS requirements for
MCAS.
o Observation O6.9-E: The B737-8 MAX was certified with Revision E of the STS
requirements for MCAS software.
o Observation O6.9-F: The SSA was not updated beyond Revision C of the STS
requirements for MCAS. The JATR team observed no documented risk, failure,
or safety analyses conducted on the MCAS software beyond Revision C.
o Observation O6.9-G: Boeing determined the high-speed regime to be the critical
aspect of MCAS, and thus no revision to the SSA was necessary when the low
speeds were added to the software’s lookup table.


FAA only reviews for compliance based on Boeing design. If Boeing does not even bother to conduct necessary engineering - pencil whiping safety analysis in this case, FAA certification is not going to make Boeing product safe, no matter how hard FAA tries

The JATR report contains numerous other instances of failure in safety engineering domain. It is quite revealing just how widespread and deep problems are in safety engineering domain. You can't just pin the blame on one or two working level individuals. It's consistent pattern, root cause is leadership and management...
 
peterinlisbon
Posts: 1977
Joined: Wed Feb 01, 2006 3:37 am

Re: Call to cancel DPA with Boeing on 737MAX Crashes

Sun Aug 08, 2021 7:07 am

Scotron12 wrote:
https://www.corporatecrimereporter.com/news/200/manslaughter-for-you-and-me-but-not-for-boeing-or-boeing-executives/

Interesting piece on the successful outcome for Boeing management not facing any charges in the two crashes of the B737MAX.

Artical is calling for the Justice Dept. to reopen and reinvestigate the case which basically let Boeing off the hook.

Guess it pays to have "connections"??.


It´s OK because Boeing promised not to make any more planes that suddenly dive into the ground by themselves.
 
flash330
Posts: 36
Joined: Tue Nov 30, 2010 9:58 pm

Re: Call to cancel DPA with Boeing on 737MAX Crashes

Sun Aug 08, 2021 7:46 am

I bet the same executives were happy to take all the credit during the good times.
It's funny, I was always told higher management get the big bucks because of all the responsibility they have for the running of the company.....
 
User avatar
Revelation
Posts: 26982
Joined: Wed Feb 09, 2005 9:37 pm

Re: Call to cancel DPA with Boeing on 737MAX Crashes

Sun Aug 08, 2021 3:05 pm

Rekoff wrote:
We can all guess to the reason why Boeing only paid a fraction of Volkswagen yet the MAX disasters were a few orders of magnitude worse in their consequences.

The difference is there was incontrovertible evidence that VW intentionally cheated, whereas Boeing's human error defense is still intact.

I've written many times that Boeing has done a masterful job getting investigators to focus on the surface level stuff like Forkner's drunken texts and Muilenberg's pay while apparently not focusing on how the human errors happened. Some have suggested that this is because at the end of the day human error is not criminal behavior so going deep down that path would not be of interest to the criminal courts. I guess it's now up to the civil courts. I hope they can get to the bottom of it, but their goal is to get cash settlements for the victims and of course the lawyers too, so it's quite likely that it'll all end up with cash settlements and non-disclosure agreements with no admission of guilt by Boeing.

I'd love it if there were some "family jewels" ( ref: https://en.wikipedia.org/wiki/Family_Je ... nce_Agency) ) locked up in a safe somewhere that eventually would see the light of day, but I have to say I doubt it very much.

rbavfan wrote:
It would be nice to note what "Agile" is in your comment?

Basically, a project management technique that started out in one area of software development and IMO became a management fad so began being applied to all kinds of things it should not have been applied to. IMO managers love it because it has all kinds of fancy sounding titles and certifications one can get and generates all kinds of metrics that one can try to shape into a picture that can be used to advance one's career. Engineers hate it for many reasons, but one big one is that it makes one spend lots of time working in crappy tools just to generate low quality metrics for managers. Ref: https://en.wikipedia.org/wiki/Agile_sof ... evelopment

Scotron12 wrote:
Can you imagine, of course with a bit of 20/20 hindsight, if Boeing had come clean from the outset on MCAS, and that SIM training would be required??

Notwithstanding the so called $1M per plane deal with SW, it would have cost Boeing money, yeah, a lot of money, but certainly a lot lot less than the $billions it's cost to date.

OTOH, Im sure it wasn't Forkner et al, that were solely responsible. Doesn't make sense

There's a quote I've dug up a few times from a ST piece where WN says the $1M penalty was a leftover from the contract they signed for NGs and was something they didn't put much importance on and would have been willing to negotiate on if sim training was needed. Some suggest this was WN trying to avoid blame for pressuring Boeing, but I'm not sure about that. I could easily see some Boeing managers deciding they were going to be heroes and save the company $1M a plane by pressuring engineers to avoid sim training, rather than just asking WN if some accommodation could be made.

LDRA wrote:
Forkner is one of the victims. Poor person was not even told of MCAS, had to find it out for himself in simulator.

Not quite true. He knew about MCAS in general and its operation at high speed, he just didn't know engineering changed it to activate during the low speed portion of the flight envelope, that is what he discovered in the simulator.

flash330 wrote:
I bet the same executives were happy to take all the credit during the good times.
It's funny, I was always told higher management get the big bucks because of all the responsibility they have for the running of the company.....

The golden rule is he who has the gold rules. The executive class looks out for its own. They all know they are vulnerable and would need help if things went bad for them. Muilenberg had the best coaching money could buy before his ritual killing by Congress that was played out on national TV, and in the end he got full pay to the last day except some bonuses were cut, and he got his full retirement package too.
 
robsaw
Posts: 448
Joined: Sun Dec 28, 2008 7:14 am

Re: Call to cancel DPA with Boeing on 737MAX Crashes

Sun Aug 08, 2021 4:01 pm

9252fly wrote:
Correct me if I'm wrong, I was under the impression that a lot software engineering coding was contracted out?


Which in no way changes the chain of responsibility for the functional design engineering that forms the basis of the spec for that code nor the responsibility for testing the entire system to meet the requirements.

Pushing the responsibility for system safety analysis down to the coders to catch is madness. The structure of modern software and software development processes means that the "coder' often isn't even working on enough breadth and depth of code to even be exposed to the entire algorithm for any single action. Blaming coders for a "not my problem" attitude is just silly. My organization works on safety-critical systems and software for aerospace and in operations and maintenance support for aviation. Safety is reinforced as everyone's problem BUT we don't expect our coders to be specialists in aerodynamics, orbital mechanics, or regulatory requirements. What we do expect is that they write code that is in itself not "dangerous" (i.e. has its own internal checks). Of course if they are working on something and recognize something that appears algorithmically questionable they ARE going to ask for clarification.

Regardless, code isn't just accepted for a "coder" for a system without multiple levels of testing.
 
ikramerica
Posts: 15186
Joined: Mon May 23, 2005 9:33 am

Re: Call to cancel DPA with Boeing on 737MAX Crashes

Sun Aug 08, 2021 9:48 pm

robsaw wrote:
9252fly wrote:
Correct me if I'm wrong, I was under the impression that a lot software engineering coding was contracted out?


Which in no way changes the chain of responsibility for the functional design engineering that forms the basis of the spec for that code nor the responsibility for testing the entire system to meet the requirements.

Pushing the responsibility for system safety analysis down to the coders to catch is madness. The structure of modern software and software development processes means that the "coder' often isn't even working on enough breadth and depth of code to even be exposed to the entire algorithm for any single action. Blaming coders for a "not my problem" attitude is just silly. My organization works on safety-critical systems and software for aerospace and in operations and maintenance support for aviation. Safety is reinforced as everyone's problem BUT we don't expect our coders to be specialists in aerodynamics, orbital mechanics, or regulatory requirements. What we do expect is that they write code that is in itself not "dangerous" (i.e. has its own internal checks). Of course if they are working on something and recognize something that appears algorithmically questionable they ARE going to ask for clarification.

Regardless, code isn't just accepted for a "coder" for a system without multiple levels of testing.

This.

Coders are assigned bits and pieces to turn in regularly.

This can be problematic when some of the code is farmed out to the Philippines, India, Armenia, etc and there is a language barrier, lack of accountability to management.

This is why it’s the PMs and middle managers who are culpable. And the money crunchers who trade safety and accountability for cost savings.
 
graceintheair
Posts: 55
Joined: Sun Jun 27, 2021 4:11 am

Re: Call to cancel DPA with Boeing on 737MAX Crashes

Sun Aug 08, 2021 10:50 pm

I'm a bit confused. When it comes to pilot error this community seems to take a "forgive and forget" attitude claiming that holding pilots responsible for their mistakes or things like drinking on the job makes the industry less safe. But yet when it comes to the manufacturer making a mistake you all seem to be out with the pitchforks. Can someone explain this disparity on thinking?
 
Ertro
Posts: 197
Joined: Thu Apr 04, 2019 9:28 pm

Re: Call to cancel DPA with Boeing on 737MAX Crashes

Sun Aug 08, 2021 11:02 pm

graceintheair wrote:
I'm a bit confused. When it comes to pilot error this community seems to take a "forgive and forget" attitude claiming that holding pilots responsible for their mistakes or things like drinking on the job makes the industry less safe. But yet when it comes to the manufacturer making a mistake you all seem to be out with the pitchforks. Can someone explain this disparity on thinking?


A pilot is one person that needs to come up with a right solution very quickly in an confusing situation. This might work 99 times out from 100 but it is totally unrealistic to expect this to work out every time perfectly and the one time when this one person does not come out with a right solution during the one minute that the situation is ongoing that is when accident might happen and then clever people on their couches at home can point to this one mistake.

A company on the other hand is supposed to have 10 people understand the problem and think about it for a month pondering the pros and cons doing it this way or that way. In this case also it can happen that one person might have the wrong thought for a couple of minutes but it does not matter because the other 9 persons are correcting him and even this one person can change his thoughts during the whole month he has time to do so.

This is totally understandable difference to treat these two cases differently. It is totally unrealistic not to allow one person to function something else than completely perfect every minute of a year of working. On these forums it also can happen that one person can have a silly thought and post it for others to critique as not a perfect thought and we allow also this to happen.
 
graceintheair
Posts: 55
Joined: Sun Jun 27, 2021 4:11 am

Re: Call to cancel DPA with Boeing on 737MAX Crashes

Sun Aug 08, 2021 11:10 pm

Ertro wrote:
graceintheair wrote:
I'm a bit confused. When it comes to pilot error this community seems to take a "forgive and forget" attitude claiming that holding pilots responsible for their mistakes or things like drinking on the job makes the industry less safe. But yet when it comes to the manufacturer making a mistake you all seem to be out with the pitchforks. Can someone explain this disparity on thinking?


A pilot is one person that needs to come up with a right solution very quickly in an confusing situation. This might work 99 times out from 100 but it is totally unrealistic to expect this to work out every time perfectly and the one time when this one person does not come out with a right solution during the one minute that the situation is ongoing that is when accident happens.

A company on the other hand is supposed to have 10 people understand the problem and think about it for a month pondering the pros and cons doing it this way or that way. In this case also it can happen that one person might have the wrong thought for a couple of minutes but it does not matter because the other 9 persons are correcting him and even this one person can change his thoughts during the whole month he has time to do so.

This is totally understandable difference to treat these two cases differently. It is totally unrealistic not to allow one person to function something else than completely perfect every minute of a year of working.


But that would assume that a pilot could only make a mistake when a problem pops up unexpectedly. We have seen many accidents arise from a situation that pilot(s) created themselves. Just something to think about.
 
kalvado
Posts: 3384
Joined: Wed Mar 01, 2006 4:29 am

Re: Call to cancel DPA with Boeing on 737MAX Crashes

Sun Aug 08, 2021 11:15 pm

Ertro wrote:
graceintheair wrote:
I'm a bit confused. When it comes to pilot error this community seems to take a "forgive and forget" attitude claiming that holding pilots responsible for their mistakes or things like drinking on the job makes the industry less safe. But yet when it comes to the manufacturer making a mistake you all seem to be out with the pitchforks. Can someone explain this disparity on thinking?


A pilot is one person that needs to come up with a right solution very quickly in an confusing situation. This might work 99 times out from 100 but it is totally unrealistic to expect this to work out every time perfectly and the one time when this one person does not come out with a right solution during the one minute that the situation is ongoing that is when accident happens.

A company on the other hand is supposed to have 10 people understand the problem and think about it for a month pondering the pros and cons doing it this way or that way. In this case also it can happen that one person might have the wrong thought for a couple of minutes but it does not matter because the other 9 persons are correcting him and even this one person can change his thoughts during the whole month he has time to do so.

This is totally understandable difference to treat these two cases differently. It is totally unrealistic not to allow one person to function something else than completely perfect every minute of a year of working.

In the grand scheme of things, preventing future accidents is more important than punishment, punishment is just a tool in most cases.

When we are talking alcohol, there is a bit more than an instant decision. However, things like counceing, medical treatment and increased oversight, company and peer, do come into play. Retrainings and changes of training scope can help with other mistakes. Throwing out personal experience is generally undesirable if things are still salvageable. Firing a pilot is effective in some sense, but cost/benefit ratio may not be optimal.

Now, what are the ways to make sure Boeing Improves operation practices? Increased FAA oversight may work. Anything else? Money is a language corporations speak and understand best.

Same as with pilots, terminating (e.g. bankrupting and dissolving) company may prevent any future mistakes, but at what cost?

Last, but not the least... Boeing is a US company, unlike VW or BP. US jobs and taxes are at stake! And other places have less power, and less punitive culture...
 
User avatar
Pythagoras
Posts: 149
Joined: Sun Oct 04, 2020 12:33 am

Re: Call to cancel DPA with Boeing on 737MAX Crashes

Mon Aug 09, 2021 2:20 am

LDRA wrote:
Scotron12 wrote:
Can you imagine, of course with a bit of 20/20 hindsight, if Boeing had come clean from the outset on MCAS, and that SIM training would be required??

Notwithstanding the so called $1M per plane deal with SW, it would have cost Boeing money, yeah, a lot of money, but certainly a lot lot less than the $billions it's cost to date.

OTOH, Im sure it wasn't Forkner et al, that were solely responsible. Doesn't make sense


Forkner is one of the victims. Poor person was not even told of MCAS, had to find it out for himself in simulator. This MCAS thing is so low profile, even Boeing chief tech pilot doesn't know about it!


The released emails and IMs from Forker were certainly misread by the media. Many of the more sensational language is taken as Forkner is in the process of conducting his evaluation to certify the 737Max simulators in Miami. I don't think I read or heard anywhere in the media that the issues were ultimately resolved and the simulators were fully certified by the FAA. The media, likely unknowingly, confused the work that Forkner was doing on simulator certification with the work the Forkner was responsible for in developing the 737Max pilot training curriculum. Personally, I always appreciated working with engineers that argued and had real passion for their craft.

What we forget about the discussions concerning Forkner's comments of the "Jedi Mind Trick" is that Boeing was concerned primarily about the regulators imposing simulator training for adding two functions whose purpose was to enhance safety. The Roll Command Alerting System (RCAS) was added to both 737NG and 737Max to improve situational awareness when the airplane entered high-bank angles to prevent Loss of Control accidents. The Runway Situation Awareness Tools (RSAT) provided early indication to pilots that the airplane was set-up to conduct an overrun on landing. Contrary to the narrative that is in the media, Boeing was focussing on enhancing safety by adding these functions to the flight deck. The technical issues were insufficiently explained by the media and thus there is the appearance the Boeing was in the wrong by making this argument. However even upon the review after the two accidents, the FAA considers the RCAS and RSAT functions to only require Level B differences training when transitioning from 737NG to 737Max.
 
CanukinUSA
Posts: 148
Joined: Sun Oct 25, 2020 5:06 pm

Re: Call to cancel DPA with Boeing on 737MAX Crashes

Mon Aug 09, 2021 4:20 am

I am certain that Boeing Management was happy with that media confusion because it distracted everyone from the fact that the simulator is based on the Flight Model that is created from Flight Test Data that comes from the manufacturer (i.e. Boeing). I suspect that Captain Forkner was evaluating the simulator for training purposes which is quite different from Simulator Certification which involves data matching from aircraft flight test data on the simulator. I will have to look back at the timeline from when he did that evaluating as what it shows is that the Boeing Simulator Engineering support team obviously knew enough about the changed MCAS operation to put it in the Simulator Flight Model. If he noted that the data did not match like you stated for certification, he would want to get the simulator fixed so that the data matched or else it would not get certified by the regulator (FAA) when they check the graphs for matching during simulator certification. Control Forces are required to be simulated quite accurately to get the simulator certified. I spent several years doing final manufacturer testing on Flight Simulators at the world's largest simulator manufacturer up in Canada and having spent time in both Aircraft Flight Test and Simulator evaluation trust me it is harder to get a Flight Simulator certified then the real aircraft itself. Unfortunately, many line pilots who do not have a technical background think it will be a nice fun time for a few weeks flying around accepting a flight simulator. It can be a very frustrating experience after a while, and you really must dig back into how the simulator has been built and into the flight model from the manufacturer to get a certified and usable simulator. On the 737 Classic simulators when I worked there, we found out that the flight test aircraft used for obtaining data had the aileron deflection angle one degree in error and had to get Boeing to go back and look at the original flight test data because we could not get the data plots required to match to certify the simulators. After that we had to put a letter from Boeing in all the 737 Classic simulators that used that flight model stating that the deflection was one degree off during flight test before we could get the simulator accepted from the FAA or any other regulator to explain why the data did not match and was one degree out.
What this really demonstrates is the fact that there must have been quite a few groups in Boeing Engineering and Management who were aware of the changes done to the MCAS system low speed operation at the time when the flight simulator model was modified.

Popular Searches On Airliners.net

Top Photos of Last:   24 Hours  •  48 Hours  •  7 Days  •  30 Days  •  180 Days  •  365 Days  •  All Time

Military Aircraft Every type from fighters to helicopters from air forces around the globe

Classic Airliners Props and jets from the good old days

Flight Decks Views from inside the cockpit

Aircraft Cabins Passenger cabin shots showing seat arrangements as well as cargo aircraft interior

Cargo Aircraft Pictures of great freighter aircraft

Government Aircraft Aircraft flying government officials

Helicopters Our large helicopter section. Both military and civil versions

Blimps / Airships Everything from the Goodyear blimp to the Zeppelin

Night Photos Beautiful shots taken while the sun is below the horizon

Accidents Accident, incident and crash related photos

Air to Air Photos taken by airborne photographers of airborne aircraft

Special Paint Schemes Aircraft painted in beautiful and original liveries

Airport Overviews Airport overviews from the air or ground

Tails and Winglets Tail and Winglet closeups with beautiful airline logos