WorldWide Drilling Resource

Airplanes Don’t Just Drop Out of the Sky by Britt Storkson Owner, P2FlowLLC In my April 2019 WWDR article, I commented on the Lion Air plane crash in Indonesia, and the need for the proper number of sensors to make sure everything works correctly regarding the computer con- trols. A short 5½ months after the Lion Air crash, another Boeing 737 MAX 8 crashed in Ethiopia, in a very similar manner. Both planes violently lurched nose-downward and crashed a few minutes after takeoff. While I am not a part of the team investigating these crashes and do not have all of the facts regarding what happened to cause them to crash, I would like to offer some informed comments based on what I do know - and that is computer systems and the way they are developed, which I believe to be the problem here. I understand the aircraft in question had received new engines which altered the way they responded to cockpit computer commands. It appears either the full scope of the change was not taken into account and/or it was inadequately addressed and tested before being released for sale. There are certain hard and fast realities which must be respected when developing computer system software and hard- ware. First: The computer hardware and software must be tested UNDER ALL CONDITIONS it will encounter during its lifetime. This includes ambient temperature, pressure, humidity, G-forces, possible radiation exposure, and any other extremes known to exist. One way to test products is to give them away for noncritical applications and periodically ask the users how the product has performed. Often, these control units end up outside (not recommended) or otherwise abused and that’s fine. If it does fail, we want it to fail in such a way it will not cause more problems. The only way to determine if the product is truly “bulletproof” is to simply live with it. There is no other way. Second: One cannot simply just “add” software to an existing program. Things don’t work that way. Any changes must be carefully integrated into the existing program because one change could impact something entirely unrelated somewhere else in the program. Any and all conflicts must be resolved and be thoroughly tested before releasing the product for sale to the public. This is only speculation, but I suspect new engines were installed which significantly altered the flight dynamics and it was not fully addressed by the auto-pilot software and were not adequately tested before releasing for sale. With almost any machine, when one changes one part of the machine, often other parts must be changed as well. They must be carefully vetted changes, being fully tested both independently, as well as tested in the final product - not just something installed as a “patch”. I would submit the major factors leading up to both recent 737 MAX 8 airplane crashes were: • Overly complex autopilot software making adequate testing virtually impossible, as well as far more costly and time con- suming. • The computer controls developers are too far removed from what actually happens “in real time”. Very few developers know what really happens between the command they type into the computer and what “comes out the other end”. While this may work in the short-term, it’s a long-term recipe for disaster. • Production deadlines and budget limits were unrealistic given the scope of what was needed to ensure proper testing. • The overall philosophy of the autopilot “flying the plane”, which fosters pilot complacency and inattention to detail. The pilots should fly the plane with the autopilot as a backup - not the other way around. Despite the validity of my comments above, do you think the industry will listen? Britt Britt Storkson may be contacted via e-mail to michele@ worldwidedrillingresource.com 24 JUNE 2019 French fries aren’t French at all! The origins of the French fry go back to Belgium where histor ians claim potatoes were being fried in the late 1600s. WorldWide Drilling Resource ®