Comment by margalabargala

> At the end of the day, if the person who wrote that software had written it differently, then those planes would not have crashed and hundreds of people would not have died.

You can't really blame the software engineers. This was all thought out and tightly specified by Boeing to their avionics subcontractor (Collins, IIRC). This is how it was designed and engineered to work at a systems level - it is a design hack. As far as I know there weren't any software bugs or 'hacks' involved, and the avionics operated as designed (aside from the AoA DISAGREE alert, which was due to a requirements miscommunication, not a bug). It was broken by design, which happened long before implementation, at Boeing.

> When the flight computer trims the airplane to descend, because the MCAS system thinks it’s about to stall, a set of motors and jacks push the pilot’s control columns forward. It turns out that the Elevator Feel Computer can put a lot of force into that column—indeed, so much force that a human pilot can quickly become exhausted trying to pull the column back, trying to tell the computer that this really, really should not be happening.

The Elevator Feel Computer is a part of the 737NG as well, and would behave the same way in those airplanes when receiving such erroneous AoA data; it's nothing new in the MAX. It certainly did not help the crews during the fatal MAX incidents, and is clearly not an ideal design, but it's also barely a footnote in the root cause analysis, along with the stick shaker and stall warnings blaring at them constantly. The pilots would easily be able to overcome it long enough to get safely on the ground. What was a bigger problem for those crews was that the MCAS has enough trim authority to make it impossible, with any amount of elevator input, to restore level flight - limiting its trim authority was part of the 'fixes' required to get them airborne again.

I don't think it's reasonable to blame the implementation of MCAS for the accidents, its existence is to blame, and really highlights how nothing about the 737 platform has been designed holistically - it is a patchwork of hacks on hacks dating from the 1970s, which is difficult to reason about as a whole, and has dark corners. To truly 'fix' MCAS, you need to consider AoA as critical air data (which the 737 does not), and you need to integrate it holistically with the rest of the flight controls (which the 737 cannot, since it is not fly-by-wire), and you need to consider it critical equipment (it's an 'augmentation' and not considered critical on the 737, 'justifying' the lack of redundancy). Once you've done those things, you've basically got the bones of a proper envelope protection system in place, and you've obviated the need for MCAS in the first place. Of course the 737 team couldn't do this, because the business decided that it was more important to avoid (and hide) any differences than to bring the aircraft in line with modern standards.

Realistically, this should have been trapped by the safety analysis of the flawed design, which should have considered its effect on the whole flight control system when evaluating it, but Boeing again only considered MCAS to be an 'augmentation' and it got an abbreviated safety review as a result. Some engineers did express concern about some of these factors, but given the environment outlined in TFA, those concerns did not go anywhere, because they would have basically scuttled the idea and sent everyone back to the drawing board, which Boeing was desperate to avoid having already been caught flat-footed with the launch of the A320neo.

The 737 airframe needs to be put to rest, it is simply not safe or sane to keep stacking more hacks onto it. But there's no indication Boeing's working on a successor so it's probably going to be on the market for another 20+ years. Hard to imagine folks will probably be flying on an airframe with a 100 year old design (2024 + 20 years before a new revision + 20 years life span = 2064, around 100 years from the 737 launch before they start retiring)!