The Shocking Reality: Developers Behind Boeing 737 Max’s Software Issues

Medium ^ | 21 Aug, 2023 | Vishnu Ravi

[cymbeline]

“... (and a failed sensor input would be one such obvious case, especially if it’s not redundant”

I am not an aviation expert but a pilot friend blames the pilots of the crashed planes because they should have known to disengage the MCAS. Perhaps inadequate training.

If I were designing a plane, I’d want its autopilot to have as many redundant inputs as possible, and I’d want it to tell the pilots if it’s seeing anything strange in its inputs, and even suggest what the pilots should do in those cases.

Prototypes were flown a lot by test pilots. I doubt that those pilots are allowed to speak publicly on what they thought. And since the MAX was deployed, they’ve been flown by hundreds of pilots. Wonder what they would have to say about the plane and specifically the MCAS.

My final poorly informed conclusion is that the plane could have been more mediocre-pilot-friendly.

[T.B. Yoits]

The Boeing 737 Max should never have been built. It's unstable and flies "goofy foot" which might be acceptable for military aircraft such as the F-16, F-117, etc. but is NOT acceptable for civilian aircraft. That's on the executives, the engineers, and the FAA.

The MCAS systems should have never been implemented but once installed, should have had redundant systems. That's on the engineers and the FAA.

The code writers should have called full stop, asking what the code writing would be for the redundant sensors. If they had done so, and found out there were no redundant sensors, they should have refused to write the code.

If someone walks into your shop and asks you to program a throttle for their car with no shut-off, you don't write the program.

[citizen]

Winning comment!

[Skywise]

You could design in something like a logarithmic analysis of the data over the previous X readings and if something seems out of whack (like a sudden spike change in the reading) you could ignore the reading and not engage. But that’s kind of dependent on how the sensor fails. Without that second sensor the software has to “guess” if the sensor data is valid and engage safety protocols or not.

I agree there was a complete business process failure here on all sides. Software design should’ve pushed back on the design in general and hardware shouldn’t have gone with a faulty design to begin with. That I will place the blame squarely at the feet of poor management (maybe H1B there) and/or an emphasis on hiring for identity rather than capability.

But unless there’s an actual bug there - I’d say the software guys did the best with what they could from a pushed down design.

[flamberge]

The shoddy work of Musk’s H1-Bers on display.

These were outsourced developers working in India for Boeing. Boeing cut out all the middlemen and got them for rock-bottom prices. Somewhere between $5 and $9 per hour. Let's see American or European developers "compete" with that!

The results do not speak well for the competence of Indian software development training or Boeing management. "But they are so cheap", say the executives.

[nagant]

I follow the “South Main Auto” Youtube channel. The mechanic there just encountered his 2nd Kia SUV where a failure in the backup camera rendered the cars into bricks.

This cr@p has to stop. Stop making drive systems rely on computers. Period.

[citizen]

Really? I did not know BOTH crashes were piloted by Moslems. hmmm

I speculate that a woke company like Boeing would admit to anything other than casting suspicion on Islamic piolots.

[Dave Wright]

Some minor corrections to this story. First, the MCAS software and related systems performed exactly as designed and were not responsible for the Ethiopian and Indonesian aircraft accidents. The MCAS sensor selection depended on the aircrew’s manual selection of flight controls. The left and right seat controls indicated a large difference in angle-of-attack, which should have caused them to select the reading corresponding to their attitude relative to the horizon. This would have restored normal flight operations.

Instead, they misdiagnosed the false stall warning and nose-down trim, believing the automated system rather than the reality they could see outside the cockpit. This corresponded to a memory checklist item, Runaway Stabilizer Trim, that all pilots must train on, so they don’t have to use the operations manual. Due to a lack of training, the inexperienced first officer began thumbing through the manual rather than immediately switching off the electric stabilizer trim. This would have again restored normal flight operations.

The incorrect angle of attack reading on the pilot’s side was due to maintenance crews damaging the left side AoA vane and not repairing and recalibrating it properly when a prior flight crew reported it.

None of this relates to Boeing software engineers or where they came from. The MCAS was modified to alert crews when there is a discrepancy between the AoA sensors, but this just added a bell-and-whistle to the standard flight training that requires them to crosscheck their instruments for these anomalies.

[Paal Gulli]

"Regardless of the software issues, the problem goes back to management who decided it was more expedient and cheaper to install much larger engines then the original airframe had been designed to accommodate."

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ THIS ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

If a pilot has a type rating on one aircraft "type" (B-747, MD-80, SAAB-340, etc) he can do more of his FAR-required training and check-ride "flights" in the simulator rather than the actual aircraft, which obviously amounts to a YUGE reduction in overhead for the operator.

So it's a BIG selling point to an air carrier if you offer them a new a/c that their pilots' existing type ratings will cover. This is why Boeing elected to put engines so oversized on a 737 airframe that it required longer landing gear. Because it would be the same "type" as the older 737s.

Have you ever seen a Boeing 737-400? Did you notice how oddly shaped the engine nacelles were?

The original 'Jurassic' 737s had engines with a much lower bypass ratio, so the engine was skinnier and the engine intake (and to an extent, the rest of the nacelle) could be made circular.

But as higher-bypass (and hence more efficient) engines became available, Boeing's engineers were faced with the problem of how to cram them into the space between the bottom of the 737's wings and the surface of the runway.

And that's why the -400's engines have flat bottoms.

But the engines for the Max were going to be so large that that trick was no longer effective, so they resorted to taller landing gear.

But having such large engines also moved the thrust they created further below the centerline of the airframe. Which reeked havoc with the aerodynamic balance of the airplane. Which necessitated a different stall prevention system.

So if Boeing hadn't been hell-bent on getting the FAA to certify the Max as a 737, this might never have happened.

[flamberge]

That was a great "true story"!

I don't believe a word of what that ex-CEO said, but it was still a great story. Very entertaining.

Thank you.

[citizen]

I understand. I see cheap labor, as the prime motivation of mgmt, the same - whether on foreign soil or in-country as H1-Bers.

[GMThrust]

I was the primary flight tester for the Air Force’s development of the MH-60 Simulator. I spent months working directly with the software engineers. They would make a change and down the line, some other item was affected. Bottom line, it was a painstaking experience going over line by line of code to get it close to reality.
Pilot training is the larger issue here. We used to have to be a “little drop of oil or gas or electron” and draw out the schematics of the systems in detail and go through all the possible emergencies. Now, if it’s green it’s good.

[citizen]

Your comment and some others illustrate the danger of having MBAs controlling instead of a cadre of seasoned engineers.

[RckyRaCoCo]

You're welcome.

While many (among the rank and file) called Bob Crandall a tool and a "stool"...he had his moments.

[fella]

MBA think; Cheapest (Efficiency) is best.

[Tahoe3002]

I worked 30± years in engineering & construction companies. A big selling point for many clients was the use of “low cost” engineering centers,usually in India or South America. Frequently, when engineering drawings, calculations or software were received in our Houston office, it required massive amounts to of rework by American trained engineers.

The client effectively paid twice for the same work. But, hey all billable hours to the client.

[Sequoyah101]

Don’t tell me, let me guess. The developers and coders were a bunch of H1B dot Indians who won the low bid for the work to Boing.

[PLMerite]

[Have you ever seen a Boeing 737-400? Did you notice how oddly shaped the engine nacelles were?]

Makes for an easier wheels-up landing when the onboard systems fail.

[Sequoyah101]

Interesting isn't it? Interesting how total reliance on software and systems generally leads to total failure when it happens not to work.

Of course, everyone knows that software and sensors are totally reliable and never ever fail. Right? /s

[Montana_Sam]

MCAS was intrinsically engineered to depend on data sourced from a solitary sensor.

The pseudo code for the initial meeting looked somewhat like:
... if(sensor.Reading == isBad)
{
crash();
exit(1);
}
Code passed review and the dev team was teeing off the first hole by 10 a.m.