Author Topic: Another deadly 737 Max control bug just found!  (Read 24060 times)

0 Members and 1 Guest are viewing this topic.

Offline raptor1956

  • Frequent Contributor
  • **
  • Posts: 869
  • Country: us
Re: Another deadly 737 Max control bug just found!
« Reply #50 on: June 30, 2019, 02:23:21 am »
classic
https://tech.slashdot.org/story/19/06/29/1555243/boeing-falsified-records-of-a-new-787-that-leaked-fuel

indian contractors writing aerospace software for EIGHT dollars an hour


I used to work for IBM and when I did the workforce totaled about 400,000 worldwide with about 250K in the USA -- today IBM employs more Indians than Americans.  Hiring them in India avoids the H1b visa problems and limits and you can hire them at the prevailing Indian wage level for similar work. 

Do you use Adobe products -- check out the splash screen next time you launch a product from them.


Brian
 

Offline BravoV

  • Super Contributor
  • ***
  • Posts: 7549
  • Country: 00
  • +++ ATH1
Re: Another deadly 737 Max control bug just found!
« Reply #51 on: June 30, 2019, 06:16:59 am »
-> New flaw discovered on Boeing 737 Max, sources say

Quote : "In simulator tests, government pilots discovered that a microprocessor failure could push the nose of the plane toward the ground. It is not known whether the microprocessor played a role in either crash."

Cmiiw, so the 737 Max, aerodynamically by design is unstable like fighter jets do that need "constant" corrections, in order just to fly straight ?

All this time I always assume at every civilian's plane design, that is the basic 101 when starting the plane design from the scratch, guess I'm wrong.  ::)

Offline Kleinstein

  • Super Contributor
  • ***
  • Posts: 14849
  • Country: de
Re: Another deadly 737 Max control bug just found!
« Reply #52 on: June 30, 2019, 10:04:25 am »
Like other passenger planes the 737 max is stable by itself and does not need the constant corrections from the computer. However like in many other planes there are computer systems that make the life easier to the pilots (e.g. automatic trim and auto-pilot) and some that should prevent some possible pilot errors (e.g. ground approach warning and the MACS to avoid to high an angle of attack).  If they don't work right these systems have the power to make like life of the pilot hard and possibly crash the plane.
 
The following users thanked this post: SilverSolder

Offline David Hess

  • Super Contributor
  • ***
  • Posts: 17205
  • Country: us
  • DavidH
Re: Another deadly 737 Max control bug just found!
« Reply #53 on: July 01, 2019, 12:09:01 pm »
Cmiiw, so the 737 Max, aerodynamically by design is unstable like fighter jets do that need "constant" corrections, in order just to fly straight ?

All this time I always assume at every civilian's plane design, that is the basic 101 when starting the plane design from the scratch, guess I'm wrong.  ::)

The 737 Max was not designed from scratch.  The primary objective was to modify the existing design to meet the new requirements.

I was going to say that the instability is not of the kind normally considered but that is not really the case, is it?  Moving the larger engines forward to increase ground clearance moved the center of lift *forward* of the center of gravity making the plane unstable on its pitch axis preventing passive recovery from stall.  To correct this, the wings would have needed to be moved back or the fuselage extended forward of the wings.
 
The following users thanked this post: MyHeadHz

Offline sokoloff

  • Super Contributor
  • ***
  • Posts: 1799
  • Country: us
Re: Another deadly 737 Max control bug just found!
« Reply #54 on: July 01, 2019, 12:15:07 pm »
Cmiiw, so the 737 Max, aerodynamically by design is unstable like fighter jets do that need "constant" corrections, in order just to fly straight ?

All this time I always assume at every civilian's plane design, that is the basic 101 when starting the plane design from the scratch, guess I'm wrong.  ::)

The 737 Max was not designed from scratch.  The primary objective was to modify the existing design to meet the new requirements.
The 737 Max is not negatively (nor neutrally) stable in pitch. What it is is "not high enough yoke force curve with high pitch and high power to meet certification requirements". In other words, it's still positively stable in pitch, but not by enough with the Max engines' power, location, and aerodynamic lift from the engine nacelles.
 

Offline windsmurfTopic starter

  • Frequent Contributor
  • **
  • !
  • Posts: 625
  • Country: us
Re: Another deadly 737 Max control bug just found!
« Reply #55 on: July 06, 2019, 10:42:14 pm »
The toyota unintended acceleration issue/bug didn't trigger any watchdog either.

It did... which led to $2.4 billion+ in fines and settlements.
https://en.wikipedia.org/wiki/Sudden_unintended_acceleration
 

Offline sokoloff

  • Super Contributor
  • ***
  • Posts: 1799
  • Country: us
Re: Another deadly 737 Max control bug just found!
« Reply #56 on: July 06, 2019, 11:25:53 pm »
The toyota unintended acceleration issue/bug didn't trigger any watchdog either.
It did... which led to $2.4 billion+ in fines and settlements.
https://en.wikipedia.org/wiki/Sudden_unintended_acceleration
I thought a significant concern in the Toyota unintended acceleration case was that the watchdog system did not detect all task failures and specifically did not detect the failure of the task that calculated throttle angle.
 

Offline donotdespisethesnake

  • Super Contributor
  • ***
  • Posts: 1093
  • Country: gb
  • Embedded stuff
Re: Another deadly 737 Max control bug just found!
« Reply #57 on: July 07, 2019, 09:41:43 am »
The toyota unintended acceleration issue/bug didn't trigger any watchdog either.
It did... which led to $2.4 billion+ in fines and settlements.
https://en.wikipedia.org/wiki/Sudden_unintended_acceleration
I thought a significant concern in the Toyota unintended acceleration case was that the watchdog system did not detect all task failures and specifically did not detect the failure of the task that calculated throttle angle.

Different types of watchdogs being discussed here (regulatory vs system). Generally  the system watchdog is a crude "is the main task still running" type of thing. Detecting if all individual tasks are still running - and running correctly -  is another thing all together.

It's hard to write correct software in the first place, writing software that monitors itself and corrects errors is a magnitude or two harder.
Bob
"All you said is just a bunch of opinions."
 

Offline floobydust

  • Super Contributor
  • ***
  • Posts: 7503
  • Country: ca
Re: Another deadly 737 Max control bug just found!
« Reply #58 on: July 07, 2019, 08:25:07 pm »
Watchdog does nothing for scambled variables that are out of range, or a task that is hung. Toyota had insufficient room for the stack which caused much drama.
You have to add more sophisticated algorithms that are not taught in university for fault detection and recovery.

Toyota's are more than happy to engage into Reverse while moving forward. The engine literally leaps out of the engine compartment, close to breaking something.
It's just idiot embedded software again, clown forgot to check for zero speed before engaging. Even a 1970 Chevy with hydraulic computer in a TH350 would refuse such a command.
 

Offline GeorgeOfTheJungle

  • Super Contributor
  • ***
  • !
  • Posts: 2699
  • Country: tr
Re: Another deadly 737 Max control bug just found!
« Reply #59 on: July 08, 2019, 05:10:24 am »
Even a 1970 Chevy with hydraulic computer in a TH350 would refuse such a command.
LOL I have one of those... Are you sure?
« Last Edit: July 08, 2019, 05:21:01 am by GeorgeOfTheJungle »
The further a society drifts from truth, the more it will hate those who speak it.
 

Offline sokoloff

  • Super Contributor
  • ***
  • Posts: 1799
  • Country: us
Re: Another deadly 737 Max control bug just found!
« Reply #60 on: July 08, 2019, 10:05:21 am »
“sure” and “correct” are largely orthogonal.
 
The following users thanked this post: GeorgeOfTheJungle

Online SiliconWizard

  • Super Contributor
  • ***
  • Posts: 15423
  • Country: fr
Re: Another deadly 737 Max control bug just found!
« Reply #61 on: July 08, 2019, 03:57:30 pm »
The whole point of the 737 MAX new MCAS system was to make up for the possibility of stall in some situations, due to the characteristics and location of the new engines.

Could have Boeing decided to release the plane without this new MCAS (letting pilots handle the trim under such situations)? Maybe, I don't have enough info to know that it would have been acceptable. But it would have at least made the plane look unattractive to pilots, with maybe a feeling of something not quite right about its design. Would it have been safer without it at this point? I'd say yes at the moment, but of course it's always easy to say that afterwards. Could Boeing have decided to modify the plane's design further to compensate for the new engines, instead of adding this software "fix"? Probably. Obviously, it would have made the plane's design and certification much longer.

And then, could the pilots have handled the MCAS fuck-up correctly? Looks like it's again a yes, but listing the fuck-ups on each side with the information we have now, looks like the list is much longer on Boeing's side.

Of course this is not the first time in history that a new plane is released with issues. But to put that in perspective, the point here is that the 737 MAX was never designed or marketed as a brand *new* plane, but merely an evolution of an existing and successful one, and this is the whole point, and the main factor leading to this disastrous start.
« Last Edit: July 08, 2019, 04:00:25 pm by SiliconWizard »
 

Offline sokoloff

  • Super Contributor
  • ***
  • Posts: 1799
  • Country: us
Re: Another deadly 737 Max control bug just found!
« Reply #62 on: July 08, 2019, 04:15:11 pm »
Could have Boeing decided to release the plane without this new MCAS (letting pilots handle the trim under such situations)? Maybe, I don't have enough info to know that it would have been acceptable.
If they could have, they probably would have.

The plane would have failed certification for insufficient stability of control force with increasing angle of attack.

See FAR 14§25.173.
 
The following users thanked this post: SiliconWizard

Offline floobydust

  • Super Contributor
  • ***
  • Posts: 7503
  • Country: ca
Re: Another deadly 737 Max control bug just found!
« Reply #63 on: July 08, 2019, 04:39:43 pm »
Even a 1970 Chevy with hydraulic computer in a TH350 would refuse such a command.
LOL I have one of those... Are you sure?

As a teenager, anything to get burn rubber in a V8 car.
"Neutral drops" - rev high in Neutral and drop it into Drive... a Powerglide will do anything, a TH350 had some logic and would not engage until RPM's dropped to something reasonable. I thought it will not go into reverse "at speed". Like deploying the flaps at high airspeed.

My point is Toyota's embedded software is doing worse than an old hydraulic computer. It allows autodestruct by shifting into anything anytime. But there may be a partial reason for it.
Honda had to change their transmission software after people got stuck in the snow/ice and could not rock the car back and forth (drive, reverse, drive, reverse etc.) to get out. The transmission controller was slow and would not allow it.
If the transmission controller software was smarter, compares front/rear wheel speeds, it can know you are stuck in snow, mud, ice etc. and let you shift at speed without damage.

Sometimes an embedded system just needs more smarts to work - the rule is use the available sensors to make the best decision possible. If a sensor is invalid, ignore it and still make the best decision possible.
 
The following users thanked this post: GeorgeOfTheJungle

Online SiliconWizard

  • Super Contributor
  • ***
  • Posts: 15423
  • Country: fr
Re: Another deadly 737 Max control bug just found!
« Reply #64 on: July 08, 2019, 05:01:45 pm »
Sometimes an embedded system just needs more smarts to work - the rule is use the available sensors to make the best decision possible. If a sensor is invalid, ignore it and still make the best decision possible.

Yes. But frankly, the simplest option I see is that it allows the user to disable the automation altogether, so they can do whatever they like, but knowing they have explicitely switched to this mode.

Just make it CLEAR to the user how to disable it (without them having to go through hundreds of pages), and give a CLEAR visual cue whether it's engaged or not. If it can allow the user to do something risky, also warn them clearly. Cars and planes both have been having nice displays and all for a while now, and even vocal messages - there is ample room to give useful tips and warnings to the user. Doing things behind their backs, even if that's claimed to be for their own good, is never acceptable IMO. Most automated systems are not giving enough information to the users IMO - that would already make a world of difference.


 
The following users thanked this post: GeorgeOfTheJungle

Offline SparkyFX

  • Frequent Contributor
  • **
  • Posts: 676
  • Country: de
Re: Another deadly 737 Max control bug just found!
« Reply #65 on: July 08, 2019, 05:07:46 pm »
Honda had to change their transmission software after people got stuck in the snow/ice and could not rock the car back and forth (drive, reverse, drive, reverse etc.) to get out. The transmission controller was slow and would not allow it.
If the transmission controller software was smarter, compares front/rear wheel speeds, it can know you are stuck in snow, mud, ice etc. and let you shift at speed without damage.
Old style systems have a transmission output speed sensor only (also used for the speedometer), so only driven wheel speed is available. Newer ones can get the info over the ABS wheel speed sensors for all wheels.

Anyway it doesn´t need to, under a certain speed it might be irrelevant, except parts might get damaged by doing so.
If switching gears takes too much hydraulic pressure off the system it might need a while to build it up again in idle, especially in cold weather (snow), when the car (and it´s transmission fluid) is not yet on operating temperature.

The problem is that everyone has his/her own understanding of how high the snow should allowed to be without packing a shovel and using it.
Support your local planet.
 

Offline floobydust

  • Super Contributor
  • ***
  • Posts: 7503
  • Country: ca
Re: Another deadly 737 Max control bug just found!
« Reply #66 on: July 08, 2019, 05:10:28 pm »
Imagine never having driven a car (piloted an airplane) and writing control software for it.
 

Offline SparkyFX

  • Frequent Contributor
  • **
  • Posts: 676
  • Country: de
Re: Another deadly 737 Max control bug just found!
« Reply #67 on: July 08, 2019, 08:53:36 pm »
Imagine never having driven a car (piloted an airplane) and writing control software for it.
This is why state machines need a really thorough documentation.
Support your local planet.
 

Offline blacksheeplogic

  • Frequent Contributor
  • **
  • Posts: 532
  • Country: nz
Re: Another deadly 737 Max control bug just found!
« Reply #68 on: July 08, 2019, 10:40:28 pm »
Most automated systems are not giving enough information to the users IMO - that would already make a world of difference.

Simplistic at best and leads to UI clutter, that 'important' indicator not seen because of 1,000 other indicators. The user needs an indication of the unexpected/abnormal not every time an automated system performs a routine action. In some cases, there is difficulty is in deciding if the action being performed is 'routine' and therefore warrants attention.

20/20 hindsight. This lecture on the 3 Mile Island incident is a really good overview of 1st Story bias - 'Sitting in my armchair I would have known' vrs 2nd Story fact.


Well worth watching but Skip to 24:30 for the 2nd story summary.
 
The following users thanked this post: WattsThat

Offline BravoV

  • Super Contributor
  • ***
  • Posts: 7549
  • Country: 00
  • +++ ATH1
Re: Another deadly 737 Max control bug just found!
« Reply #69 on: July 10, 2019, 01:43:25 am »
For great grand big sale .. cheap ... great discount ... NOS (New Old Stock) ...  The Flying "Nodding" Coffin ...

For sure they're running out of storage parking space for the unsold merchandises, looks pretty bad, especially at the huge idling capital sitting doing nothing on the tarmac.

I'm guessing the management would love to have them stack up vertically like ordinary boxes in warehouse.







Details -> HERE
« Last Edit: July 10, 2019, 01:52:18 am by BravoV »
 

Offline NiHaoMike

  • Super Contributor
  • ***
  • Posts: 9238
  • Country: us
  • "Don't turn it on - Take it apart!"
    • Facebook Page
Re: Another deadly 737 Max control bug just found!
« Reply #70 on: July 10, 2019, 02:20:05 am »
Simplistic at best and leads to UI clutter, that 'important' indicator not seen because of 1,000 other indicators. The user needs an indication of the unexpected/abnormal not every time an automated system performs a routine action. In some cases, there is difficulty is in deciding if the action being performed is 'routine' and therefore warrants attention.
Relevant event in the Apollo 13 incident:
Quote
The Mission Operations Report Apollo 13 recounts how the master caution and warning alarm had been turned off for a previous low-pressure reading on hydrogen tank 2, and so it did not trigger to call attention to the high oxygen pressure reading.
Cryptocurrency has taught me to love math and at the same time be baffled by it.

Cryptocurrency lesson 0: Altcoins and Bitcoin are not the same thing.
 

Offline David Hess

  • Super Contributor
  • ***
  • Posts: 17205
  • Country: us
  • DavidH
Re: Another deadly 737 Max control bug just found!
« Reply #71 on: July 10, 2019, 03:49:44 am »
Imagine never having driven a car (piloted an airplane) and writing control software for it.

This is why state machines need a really thorough documentation.

And why machines for which the state cannot be documented due to things like heap allocation should not be used in safety critical applications.  This also makes processor features which contain unknown state like caches, speculative execution, and multi-threading less desirable.
 

Offline SparkyFX

  • Frequent Contributor
  • **
  • Posts: 676
  • Country: de
Re: Another deadly 737 Max control bug just found!
« Reply #72 on: July 10, 2019, 03:37:26 pm »
And why machines for which the state cannot be documented due to things like heap allocation should not be used in safety critical applications.  This also makes processor features which contain unknown state like caches, speculative execution, and multi-threading less desirable.

And then someone dropped "AI" in the room  :-DD
Support your local planet.
 

Offline Mr. Scram

  • Super Contributor
  • ***
  • Posts: 9810
  • Country: 00
  • Display aficionado
Re: Another deadly 737 Max control bug just found!
« Reply #73 on: July 10, 2019, 03:54:12 pm »
And why machines for which the state cannot be documented due to things like heap allocation should not be used in safety critical applications.  This also makes processor features which contain unknown state like caches, speculative execution, and multi-threading less desirable.
That ship has sailed. Literally. They use Windows to run warships.

https://www.theregister.co.uk/2007/02/26/windows_boxes_at_sea/
« Last Edit: July 10, 2019, 04:00:07 pm by Mr. Scram »
 

Offline David Hess

  • Super Contributor
  • ***
  • Posts: 17205
  • Country: us
  • DavidH
Re: Another deadly 737 Max control bug just found!
« Reply #74 on: July 11, 2019, 03:14:10 am »
And why machines for which the state cannot be documented due to things like heap allocation should not be used in safety critical applications.  This also makes processor features which contain unknown state like caches, speculative execution, and multi-threading less desirable.

That ship has sailed. Literally. They use Windows to run warships.

https://www.theregister.co.uk/2007/02/26/windows_boxes_at_sea/

Back in the mid 1980s, a Ticonderoga class cruiser off of San Diego lost all power to this problem.  The only illumination they had was flashlights and they had to be towed back to port.

 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf