Disclaimer: I am not an aircraft engineer. But I am a software engineer, one who looks at my own field with a critical enough eye to see how software is often used inappropriately, and I see the signs of the latter all over the place in this latest story.
The original software didn’t fix its fundamental unairworthiness, so why should new software be able to? The problem with the 737 Max isn’t that it has buggy software, it’s that it should never have been built in the first place. Its safety should come from its airframe being compatible with its engines. It can’t come from a software-and-sensor kludge that tries to compensate for an unsafe physical design.
In an article in today’s Washington Post:
Boeing said it would take about an hour for technicians to load a software update for the planes. The company’s software fixes will change the way the MCAS receives information, requiring feeds from both outside “angle of attack” sensors, rather than one, before it is triggered.
The system will also have more limits on how often it will engage, and Boeing will make changes that prevent the anti-stall feature from angling the plane’s nose too far downward in its attempts to correct for a possible stall.
Let’s take the fix of requiring both sensors to concur. We know the angle of attack sensors are unreliable, because they sometimes falsely indicate an excessive angle of attack. Being unreliable, it seems reasonable to presume that they also sometimes fail to indicate an excessive angle of attack. So this “fix” will actually fix nothing. It will merely trade one form of unsafe behavior for another.
The second fix is in fundamentally the same category as the first: like the former, it makes the system more conservative in deciding when to engage. That system was put there for a reason: the attempt to compensate for an unairworthy plane, whose airframe mismatches its engine size and placement. The physical plane will remain as unairworthy as before, only with less software compensation for it. Again, one problem is merely being traded for another.
Instead of tragedies caused by planes falling out of the sky because MCAS engaged in error, we will have tragedies caused by planes falling out of the sky because MCAS didn’t engage and they stalled.
I strongly suspect the only fix for these planes will be to scrap them and sell their bodies to recyclers, who will turn them into new metal stock from which fundamentally safe planes can be built. Those “fundamentally safe planes” will mostly be Airbus A320neo’s. Boeing’s attempt to get out of the corner they found themselves in the cheap and devious way is going to end up costing that company a lot.