Hacker News new | past | comments | ask | show | jobs | submit login

Unclear why you're trying to conflate the MCAS issue with AF447. Or are even bringing up AF447 at all.

On the Max 8 a bad sensor is causing an automated system to misbehave, and may have resulted in crashes.

On AF447 ice blocking the pitot-static system caused automated systems to go offline (enter Alternative Law), and loss of situational awareness caused the pilots to crash their aircraft under manual control.

If you read the final report[0] you'll see that pilot error and loss of basic airman-ship caused the accident. There's always improvements to the airframe to mitigate the human component, but acting like these two are somehow different sides of the same coin is disingenuous.

I'm not actually sure why you brought it up. Comes across as "look they're both just as bad" while ignoring key details about AF447.

[0] https://en.wikipedia.org/wiki/Air_France_Flight_447#Final_re...




> the system rejected the data as invalid and temporarily stopped the stall warnings. However, "this led to a perverse reversal that lasted nearly to the impact: each time Bonin happened to lower the nose, rendering the angle of attack marginally less severe, the stall warning sounded again—a negative reinforcement that may have locked him into his pattern of pitching up", which increased the angle of attack and thus prevented the aircraft from getting out of its stall

From your link. In my mind that is the critical piece. The pilot did the right thing, pushed the nose down, heard the stall warning again, and did the wrong thing, pulled the nose up, because that made the stall warning go away. Having been in a plane upside down at night pointed toward the ground I can imagine the stress on the crew. It’s easy to say dump the nose when the stall warning goes off, but what if they had been upside down, then he would have been doing the right thing by listening to the warning. The fact the stall warning cut off was the final critical link in the accident, not pilot error.


AF 447 and Lion Air 610 are related in a way that does not have anything to do with Airbus vs. Boeing. In both cases, the crew experienced a situation that differed in some way from those they had explicitly trained or been prepared for (in the first case, because it was considered implausible, and in the second, because Boeing had not told pilots about it.) Nevertheless, in both cases, it is somewhat surprising that they were unable to recover from it (the Southwest pilots' union was upset at Boeing for not disclosing MCAS, but the American pilots' union did not think it was a big deal, and neither group seemed to think an MCAS failure would present a serious problem for a prepared pilot.)

After Boeing has made MCAS triply-redundant (or whatever else they have to do to get these airplanes flying again), questions will remain about why nominally well-trained people sometimes perform disastrously below expectations when faced with something unusual, and what can be done about it. Is it possible, for example, that highly-prescribed training adversely affects flexibility and resilience in problem-solving?


This is exactly the type of crowd I was referring to earlier. There seems to be a tendency on this site, and on reddit for people to accuse airbus of having an inferior philosophy when it comes to the sidestick not having any feedback. And while some of those criticisms can be fair, there is a tendency to bring this argument into any discussion about the differences in cockpit design philosophy between boeing and airbus. They always bring up AF447 and attribute that accident to the airbus FBW system. Even with the Sully landing, questions were raised about how the aircraft limited Sully's ability to control the aircraft, completely missing the fact that on dual engine failure, the FBW system degrades to alternate law.

The fact that Boeing themselves chose to implement flight envelope protections and FBW systems on their newer planes show that the industry in general is in favour of them, pretty much the only difference now is that the boeing yoke provides feedback.


I don't think Airbus has an inferior philosophy compared to Boeing, but I'm sure Airbus has a different philosophy from Boeing, and each philosophy comes with its own set of tradeoffs. And neither is a panacea. For me, that's the lesson of AF447.

Adding Airbus envelope protection to the 737 Max 8 would not have prevented the Lion Air crash because the root problem was bad sensor data. Sending bad sensor data into a flight computer will give you bad output, even in a FBW system.

Conversely, if the AOA sensors had been operating correctly, or triply redundant to mitigate failure, then MCAS would have worked correctly and safely, even without Airbus-style "normal law" FBW.

How to safely integrate imperfect automation with human control is a major developing issue, and not just in aviation. The same concerns are coming to light in cars and trucks with features like smart cruise control, lane-keeping assist, highway "autopilot," etc.

On the surface it seems like greater and better automation will make everything safer, and maybe it does in the aggregate, by covering a lot of low hanging fruit. Antilock braking and traction control certainly fit into this category in cars.

But as automation gets smarter, it means that the situations where humans are required to take over from the automation will become less frequent and more unusual. So systems need to be designed to not only protect humans with automation, but also to alert and orient humans as quickly and accurately as possible when they need to step in and take over. This is why I happen to think that physically synchronizing stick/yoke movement is a good idea; it's one less thing to have to talk about in an emergency.

I don't blame Airbus FBW for the AF447 crash, but I don't blame the pilots either. I thing it was the complex interaction of the two that caused the crash. That's a very complex problem to solve, and it's one that we will have to keep addressing until automation is so good that it never hands off to a human for any reason.


Did you read the comment I’m replying to?

The common element between Lion Air and Air France crashes is bad sensor data: AOA and airspeed, respectively. A computerized system, no matter how sophisticated, cannot protect pilots from themselves in the absence of accurate sensor data.


> The common element between Lion Air and Air France crashes is bad sensor data

Agreed but the context is completely different. The airbus flight computers rely on data from three sensors and thus are triply redundant. AF447 happened in severe icing conditions with water ingressing into the pitot tubes on the ground. All three pitot tubes froze, causing all three sensors to report bad data. The aircraft identified the discrepancy and degraded from normal law to alternate law as expected so it would not make any decisions based on the faulty data. The crash ultimately was caused by the pilots being disoriented because of the very low visibility. The sidestick issue is a different discussion, but its not related to the 737MAX accidents.

The MCAS system on the other hand is not triply redundant, and that's what people have issue with. Boeing itself has more redundant envelope protections on the newer models like the 777 and 787.


Although it is perfectly possible to fly an aircraft with the loss of certain instruments. And even if the plane is in a stall, there are established procedures for getting out of it that don't involve flying the plane into the ground. But the computer would need to be prepared to disregard some data in favour of other data.


For those of us non-experts, I am glad that it was brought up because that accident immediately came to mind for me as well, and I was curious about the differences between them. Thank you for the comparison!




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: