And now for something completely different...
I like to read about when things go wrong -- when airplanes crash, buildings fall down, bridges break, etc. Spaceflight is a good area, too. Examining the why and how of these events is illuminating to human nature; people's greed, laziness, and pride all happen to intersect in the right way to cause catastrophic failure. The design and procedure changes that come out of these incidents also ties into basic human nature -- this is why I think these things are worth examining in detail, even though I don't expect I'll ever be involved in any of these industries. I write software for a living, and while I view the software I work on currently as being relatively low risk (after all, I don't write firmware for people's insulin pumps, or for aircraft navigational systems), the lessons still hold.
Living in Seattle, Boeing looms large. Last week, one of their planes fell out of the sky and killed everyone on board; the 737 MAX 8 they were in, an essentially brand new plane, experienced some failure. This is the second time in 6 months that one of these planes has gone down, after only three years since this models first flight. As a consequence, nearly(?) all 737 MAX planes have been grounded until questions relating to safety are answered (https://www.nytimes.com/interactive/2019/03/11/world/boeing-737-max-which-airlines.html). The investigation hasn't even concluded yet for the crash of Lion Air Flight 610 last October, but immediately after the crash, Boeing was happy enough to blame human error as the problem -- the pilots didn't follow the checklist that they should've. I've read the analysis on many air crashes at this point, and it is vanishingly rare that human error is the only problem (Aeroflot Flight 593 is the best example I can think of -- https://en.wikipedia.org/wiki/Aeroflot_Flight_593). Humans act in response to their surroundings; if the surroundings are poorly designed, then they won't be used properly. Sure, training is certainly part of it, but bad design is bad design.
The current theory for the cause of both of these crashes has to do with the Maneuvering Characteristics Augmentation System (MCAS) malfunctioning; the systems sole purpose is to point the plane nose down if it senses a stall. Why is this system needed on the 737 MAX but not other models? By implementing a series of aerodynamic changes on the MAX, Boeing was able to get a 14% improvement to fuel consumption; the consequence of this however, is that the plane tends to go nose up, which could lead to a stall (https://theaircurrent.com/aviation-safety/what-is-the-boeing-737-max-maneuvering-characteristics-augmentation-system-mcas-jt610/). Some of the main selling points for this plane were the fuel efficiency, and the fact that the FAA agreed that pilots did not have to be retrained to use it.
The MCAS turns on automatically; so without pilot intervention, the plane can be pushed nose down. The most interesting design choice that Boeing made was not adding this system -- Airbus uses a very similar system in their planes -- it's that the company decided that the MCAS would not turn off when a pilot gave input -- it has to be disabled. This design decision is very similar to how Airbus designs their aircraft; the system knows best. The design philosophy of Boeing has been that the pilot is always in control -- an automated system would not prevent a pilot from taking control. This change, coupled with the fact that pilots were not required to be retrained has at least contributed to these two accidents. Further, it seems that there has been significant problems with the sensors that the MCAS depends on; the Lion Air plane had its sensors replaced and cleaned multiple times before its accident. Boeing only equipped these plans with two Angle of Attack (AoA) sensors, rather than three and implementing a cross-checking algorithm (which how Airbus operates). It is a baffling that, if these sensors are so safety critical that erroneous readings can down a plane, the design is not more hardy.
It's also worth noting that while Airbus has used a system like MCAS for years, it has not been without its own accidents -- there were two incidents within a year relating to the AoA sensors in 2008 and 2009 (Qantas Flight 72 and Air France Flight 447), so to be honest it seems that the proper approach to this sort of technology hasn't been perfected by anyone yet.
It is deeply sad these accidents happened, though fortunately these things are a rare occurrence due to vigorous analysis that follows these accidents.
