Titanic Museum, Belfast

Posted on Facebook under “Heard it might be a Boeing 737 MAX on way back from Ireland so decided to take a ship for safety.”:

Could this be the world’s most lavish museum devoted to engineering failure? The science turned out not to be settled, unfortunately. Folks in Belfast do like to point out “She was alright when she left here.”

The museum does disclose how badly the first voyage turned out for most people on board:

This was despite substantial government regulation:

Also despite the latest in wireless communication technology:

Yet the skill of management, engineers, and workers is celebrated:

Is it a bad thing when a country goes from being a world industrial leader to irrelevant compared to South Korea, China, and Japan? Barack Obama says “No problemo:”

Passengers were arbitrarily divided into only two genders:

Not every movie about the Titanic is an unimaginative derivative:

Then, as now, the migration industry was highly profitable for some…

A reminder to be humble…

… considering that the best humans could do lasted less than two weeks against Nature. From notes typed up by a shipyard office worker:

The building is a beautiful work of engineering in itself and includes a gratuitous Disney-style ride:

More: Visit Titanic Belfast

Full post, including comments

Another airplane that fights the pilot if one AOA sensor is bad: Cirrus Jet

In another triumph for American engineering, it seems that the Cirrus Jet‘s stick pusher activates if a single AOA sensor fails mechanically (FAA Emergency Airworthiness Directive 2019-08-51). The system isn’t quite as badly designed as the Boeing 737 MAX’s silent gradual pusher, but it is nowhere near as robust as the early 1990s design on the Pilatus PC-12 (Swiss engineering). An important difference is that it is obvious to the pilot(s) when the Cirrus system is operating and the disconnect button is right on the yoke (just the usual A/P disconnect button).

Full post, including comments

Disney World shows that VR is pointless?

If you’re trying to save a few dollars, maybe a head-mounted display is a good idea. What if you don’t care about capital cost? Disney World has a lot of immersive simulators that don’t require any headgear for the park guests. They just project a virtual world on big curved screens.

What about for home use? Why not build a small room in a house with a curved screen that completely surrounds the player? Use whatever tricks they’re using at Disney to make the projection work, but with $100 LCD projectors instead of the super bright ones needed for the monster domes that hold hundreds of people simultaneously.

If you’ve got your head-mounted VR system on, you’re not going to be a great asset to the rest of the folks in an apartment or house. Why not declare that immersive gaming is an activity that happens in its own room? Maybe it costs $5,000 instead of $500 for the hardware, but people used to pay $5,000 for the then-new plasma TVs.

Readers: Would this be better or worse than the VR headsets?

Full post, including comments

Boeing 737 MAX crash and the rejection of ridiculous data

“Boeing 737 Max: What went wrong?” (BBC) contains a plot showing the angle of attack data being fed to Boeing’s MCAS software. Less than one minute into the flight, the left sensor spikes to an absurd roughly 70-degree angle of attack. Given the weight of an airliner, the abruptness of the change was impossible due to inertia. But to have avoided killing everyone on board, the software would not have needed a “how fast is this changing?” capability. It would simply have needed a few extra characters in an IF statement. Had the systems engineers and programmers checked Wikipedia, for example, (or maybe even their own web site) they would have learned that “The critical or stalling angle of attack is typically around 15° – 20° for many airfoils.” Beyond 25 degrees, therefore, it is either sensor error or the plane is stalling/spinning and something more than a slow trim is going to be required.

So, even without checking the left and right AOA sensors against each other (what previous and conventional stick pusher designs have done), all of the problems on the Ethiopian flight could potentially have been avoided by changing




About 10 characters of code, in other words. (See the Related links below for the rest of the flaws in the MCAS system design, which the above tweak would not have fixed.)

We fret about average humans being replaced by robots, but consider the Phoenix resident who sees that the outdoor thermometer is reading 452 degrees F on a June afternoon. Will the human say “Arizona does get hot in the summer so I’m not going to take my book outside for fear that it will burst into flames”? Or “I think I need to buy a new outdoor thermometer”?


Full post, including comments

Green New Deal will not cost as much as feared

It turns out that a powerful Vestas wind turbine can be purchased for $199 on Amazon.com.


Full post, including comments

Certification process for the 737 MAX silent gradual pusher system

A reader was kind enough to send me “Flawed analysis, failed oversight: How Boeing and FAA certified the suspect 737 MAX flight control system” (Seattle Times), which gives some more detail on how the world’s first “silent gradual pusher” system was unleashed on airline passengers and crew. (See https://philip.greenspun.com/blog/2018/11/11/boeing-737-crash-is-first-mass-killing-by-software/ for my description of how the conventional stick pusher works; it requires two sensors to agree before it will activate and the pushing is readily apparent to the pilots; disabling the pusher in a simple turboprop aircraft is as simple as pushing a button on the yoke).

The Seattle Times article describes the delegation process by which an employee of Boeing can actually do a lot of the work that members of the public imagine FAA employees would be doing. Boeing is an “Organization Designation Authorization” holder (“ODA”). A Boeing employee puts on an FAA hat periodically and checks work done by fellow Boeing employees.

Putting government workers in the critical path for engineering improvements slows things down so much that safety ends up being compromised. And having people pay designated or delegated authorities cuts the cost to taxpayers. But I wonder if it is time to say that certification scrutiny should be done by an independent private engineering team, not by engineers employed by the manufacturer.

Full post, including comments

Theranos was an immigration and H-1B story

Bad Blood, the authoritative book on the rise and fall of Theranos, describes American- and British-born engineers and scientists being fired for saying “the goal is too ambitious” or quitting when realizing this. Who replaced them? According to the book, almost all immigrants from India, either folks who’d recently completed a degree in the U.S. or coming over on H-1B visas, all managed by Ramesh Balwani, Elizabeth Holmes’s boyfriend.

During the “grand fraud” stage of Theranos, therefore, it was a primarily immigrant show except for the young impresaria.

[I’m going to guess that neither Mr. Balwani nor any of these engineers and scientists make it into the children’s book First Generation: 36 Trailblazing Immigrants and Refugees Who Make America Great…]

The money to fuel the craziness of Theranos seems to have been all domestic. Walgreen’s kicked in $100 million(!) as an “innovation fee” and then loaned the company another $40 million, according to the book. The credulous yet imperial CEO Steve Burd (Wikipedia shows him hanging out with Barack Obama) drained huge amounts of Safeway shareholder cash to help Theranos. The idea in both cases was that Theranos devices were supposed to be placed in these retailers’ stores.

If the end result is a tech staff that is mostly Indian, I wonder if the Silicon Valley location makes sense. Why not have all of the engineers and scientists work from Bangalore or Delhi? Instead of 8 people sharing a two-bedroom apartment in Menlo Park, each of those 8 workers can enjoy his or her own comfortable house (rent for a 3BR apartment in the center of Bangalore is about $570/month (source), 1/10th the price of Menlo Park (source)). What’s the advantage of bringing H-1B slaves over to toil on a Silicon Valley plantation compared to running the tech farm in India?

(Another interesting aspect of the book is learning just how much room there is for human error in traditional medical lab tests, e.g., in the handling of reagents. Elizabeth Holmes was not wrong in thinking that a fully automated process could potentially be more reliable.)


Full post, including comments

Cruise ships should be wired up for stargazing

One of the luxuries of being out at sea in the old days was seeing stars that would never be visible from light-polluted cities. Cruise ships don’t offer this, though, because they don’t want people stumbling and falling on the upper/outer decks.

The officers of Empress of the Seas talked about trying to darken the top deck for stargazing during a ferry trip (crew-only). It turned out to be impossible. “Every time we thought we’d turned off some lights with a breaker, an emergency system would come on and replace them. We ran around for about an hour trying to turn off individual switches, but gave up.”

In case any future cruise ship engineers happen to read this… how about a system where a top deck area can be darkened for 15 minutes? Passengers can walk up there for an event. Once they’re all comfortably established on the ubiquitous lounge chairs, the crew can kill the lights.

Full post, including comments

Boeing 737 crash is first mass killing by software?

The Lion Air 610 mystery/tragedy seems to be mostly solved. The Boeing 737 MAX 8 airplane, which uses a de Havilland Comet (1949; also BBC)-style hydro-mechanical flight control system, has a touch of intelligent software layered on top. This NYT article and an Emergency Airworthiness Directive #2018-23-51 explain how the airplane will trim itself into a crazy nose-down attitude in the event of a single angle-of-attack (AOA) sensor going bad.

“At Doomed Flight’s Helm, Pilots May Have Been Overwhelmed in Seconds” (nytimes) explains 

[disabling the system] would not have been a simple matter of pushing a button. Instead, pilots said, Captain Suneja could have braced his feet on the dashboard and yanked the yoke, or control wheel, back with all his strength. Or he could have undertaken a four-step process to shut off power to electric motors in the aircraft’s tail that were wrongly causing the plane’s nose to pitch downward.

Can we consider this the first mass killing by software?

[Background: an airplane wing will suffer an aerodynamic stall, in which the airflow over the top of the wing is no longer smooth, and lose Bernoulli effect lift, if the angle between the relative wind and the wing is too large. This is what limits an airplane’s ability to hover. To generate sufficient lift, the wing has to be within about 12 degrees of level and the wing needs to keep moving. It isn’t possible to fly super slowly at a 45-degree nose-up angle and still have enough lift to remain at the same altitude. The helicopter works by spinning a conventional airfoil so that, even if the fuselage isn’t moving, the wing is still moving rapidly and generating lift.]

What are some alternatives to Boeing’s design, you might ask? The Airbus philosophy, as embodied in the A320 and subsequent airliners, is to turn everything over to the computer(s). Despite holding the stick all the way back, Captain Sully was not able to stall the A320 that landed in the Hudson River. If the fancy computers on an Airbus aren’t getting what they think is good or consistent data from the various sensors, they hand over the machine to the pilot who can look out the window or at the attitude indicators in the cockpit and do something sensible (or panic like a student pilot, as with Air France 447).

Stepping down the food chain, we have the Pilatus PC-12, a Swiss-designed 11-seat turboprop. The plane starts out with a standard light aircraft flight control system. The pilots’ yokes are connected directly to control surfaces via pushrods and cables. On top of this Pilatus has layered a stick shaker to warn pilots that the airplane is nearing a stall and a stick pusher that yanks the yoke forward. The airplane has a great safety record despite being operated into some challenging short runways and being flown, in some cases, by inexperienced pilots.

Instead of Boeing’s single AOA sensor and software to run the trim, the PC-12 has two AOA sensors and two computers. If both sides agree that it is time to go nose-down, then and only then will the stick pusher be engaged. If somehow both sensors and both computers are defective and push inappropriately, a “pusher interrupt” button is always right there on each yoke. From the AFM (“owner’s manual”):

A friend who is a Silicon Valley engineer texted me incredulously “Wouldn’t they do fusion from zillions of sensors?” My response on the FAA certification process:

It is like ISO 9000. Boeing had binders of paperwork and bureaucratic approval for their design, but the design itself may never be scrutinized.

Almost certainly if the B737 had the same system design as the PC-12 all 189 folks aboard Lion Air 610 would have arrived safely at their destination. The worst that would have happened is the pilots being briefly annoyed by a shaking stick and having to hit a checklist.

I’m not sure if this crash can fairly be attributed to a software problem, since the software presumably did function as designed. It seems that we can attribute the crash to a poor system design, but ultimately the plane was crashed into the water by software.


  • Wikipedia has a good article on the various aircraft flight control system alternatives
Full post, including comments

ADS-B should sequence airplanes at nontowered airports?

I flew the Cirrus recently to Gaithersburg, an airport that supposedly sees only 131 operations per day (airnav). On the flight from Allentown, Pennsylvania to KGAI, the controllers did not even once tell me to look for a nearby plane. I was pretty much alone in the sky at 6,000′.

Things were different within 5 miles of the destination airport. I arrived on a gusty bumpy Tuesday at 1 pm and became the fourth airplane in the pattern as this non-towered airport. I departed behind a Pilatus PC-12. The Pilatus crew waited for a small plane to land before they could depart. I asked a plane on downwind to extend slightly so that I could get out with my IFR clearance (i.e., there were at least four airplanes operating at 5 pm when I departed). Given the active flight school at KGAI and the fact that I have nearly always found myself with company in the traffic pattern there, I question the 131/day number (since there is no control tower, the statistic may not be authoritative).

There is some structure to the traffic pattern at an airport that makes it a bit easier for pilots to identify each other, but self-sequencing is not always successful. AOPA’s Air Safety Institute:  “Eighty percent of the midair collisions that occurred during ‘normal’ [not formation or aerobatics] flight activities happened within ten miles of an airport, and 78 percent of the midair collisions that occurred around the traffic pattern happened at nontowered airports.”

Americans have spent billions of dollars over the last twenty years on ADS-B, partly sold as a way to avoid midair collisions. I’m wondering now, though, if ADS-B solves the wrong problem and/or the non-problem of enroute traffic conflicts.

Maybe it was too advanced an idea in the 1990s when ADS-B was conceived (with an implementation date of Jan 1, 2020!), but I wonder if it would make sense for ADS-B gear to sequence airplanes at nontowered airports. Why couldn’t the pilot press a button on the transponder and have the ADS-B software say “You are Number 3 for Runway 32. Number 2 is turning right base. Number 1 is on final”?

Full post, including comments