Re: MCAS =/= anti-death
@Electronics'R'Us: "The paper (or documents and email) trail of those conversations would be very interesting reading indeed."
Indeed so. Readers might find this to be interesting:
https://www.seattletimes.com/seattle-news/times-watchdog/the-inside-story-of-mcas-how-boeings-737-max-system-gained-power-and-lost-safeguards/
See also this from Electronics'R'Us right here, in August (?)
https://forums.theregister.co.uk/forum/all/2019/08/02/737_max_cosmic_bit_flipping_test/#c_3841060
and maybe also this text from my reply to Electronics'R'Us at the time:
The MCAS kit as originally specified was allegedly intended to have a limited-authority (maybe 25% of jackscrew travel, or something like that??) one-shot effect on a flight control surface. Perhaps in those circumstances it *might* just about have been acceptable to not have much resilience designed in (but the system might also have not had the authority to achieve the intended effect either).
As time went by, the fundamental MCAS design got transmuted into "keep retrying till the aircraft/system is back in control. No limits." So 25% authority on a one off basis, to full authority, whatever it takes, and nobody considered it might call for improvements in sysem resilience and recovery mechanisms?
Presumably MCAS variations got a "delta" design review rather than a "start from a blank sheet of paper" review, just like the 737 in general hasn't had a proper design review for decades.
...
The general principles of limited authority vs full authority, full review vs delta review, are more widely applicable than just MCAS and just Boeing.
Biting the hand that feeds IT
