Did you actually run the numbers? The 737 MAX statistics are abysmal [1]. It stands at 3.08 crashes per million flights, compared to 0.06 for the 737 NG. It's two orders of magnitude worse. Are cars really two orders of magnitude more dangerous than planes?
As another commenter stated, you can mince statistics any way you want to paint any picture you want.
Only two 737 MAX have ever crashed (both outside of the US), so the 3.08 figure is an extrapolation, not necessarily reality. After the software update it might have gone another 500K flights (or more) without a crash, leaving the figure at 2.0 (or smaller).
Let's say you need to travel from NYC to San Diego.
Let's assume a car death rate of 1.25 deaths per 100 million vehicle miles (a figure that popped up in Google). But that includes motorcyles and pedestrians, so let's play it safe and call it 1 death per 100 million miles.
By now we are comparing apples (chance of death by trip) to oranges (chance of death per mile traveled) but let's press on.
Distance from NYC to San Diego is 2,800 miles. So your chance of dying en route to San Diego is about 1 * 2,800 / 100,000,000 or ~30 in a million chance if using a car. Whereas with the MAX it is ~3 in a million (if you take a direct flight), or an order of magnitude more safe.
Statistically, you’re more likely to choke and asphyxiate on your dinner than to die in a plane crash.
That doesn’t make a defective flight system a greater or lesser problem. It’s irrelevant.
Aggregate data is tough to interpret anyway for a cross country trip. Traffic deaths per 100M miles vary from 1.83 (South Carolina) to 0.54 (Massachusetts). Also, motor vehicle aggregate numbers include all trips — if you compare common carriers, busses and rail are dramatically safer than private cars.
> That doesn’t make a defective flight system a greater or lesser problem. It’s irrelevant.
Oh, I totally agree. I was just trying to put into perspective the fact that even defective flight systems are incredibly safe and that our fear of flying is often irrational...
Indeed I looked into it a little bit more and found that planes are about three orders or magnitude safer than cars [1] (fatality per miles traveled). So even assuming that the MAX is two orders of magnitude less safe than the 737 NG (based on limited data), it would still be an order of magnitude safer than traveling by car.
[1] I found 11 fatalities per trillion miles for planes, and 12.5 fatalities per billion miles for cars (in the US).
But how does travel per million miles make sense? Nobody decides to fly from Singapore to Sydney or drive. It's just not comparable.
It's hard to find a good statistic that would make modes of transport comparable. But if I'd pick one I'd pick time spent (are 10 hours on a plane more or less safe than 10 hours in a car)
Just considering safety, per trip is what I personally care about - the total odds I will die going by plane or by car. Often, this means flying through a hub which we would not visit by car so the numbers would be really hard :-/
Airplanes are faster than cars, and the average trip is longer. So, even if the pax fatality rate per distance is much better for aircraft (a factor of 200 to 1000, say), the fatality rate per trip is not that much better (a factor of 2 to 10, say).
Some more notes:
- That is for part 121 aviation (airlines). General aviation fatality rates are much worse (you're 15 times more likely to die in a small plane than in a car for the same distance, and 250 times more per trip...)
- An airliner also carries many more pax. The above numbers are per pax; if you base it per vehicle, then a plane is only about 5 times safer than a car for a given distance, and about 20 times more likely to crash than a car per trip.
- About 4% or so of all B747 or A300 ever built have been complete hull losses. (Newer planes are safer, presumably, but also haven't been around that long, so the statistics are not entirely trivial to compare.)
I find the whole "most accidents happen within X miles of home" argument so tired. That's like saying "most electrons are found within the vicinity of their nuclei."
I'd be more interested in knowing where FATAL accidents occur, on the suspicion that most people do not live on highways and local streets are traveled at lower speeds.
This is odd: that table suggests the MAX has flown 600k flights, but https://randy.newairplane.com/2018/05/22/737-max-a-year-of-s... suggests the MAX had only flown 41k total flights six months before the first crash. Adding >500k flights before the grounding seems implausible.
That article was published exactly one year after the introduction, at the time about a third of all delivered aircraft to date were delivered, theres some lag from delivery to first revenue flight, so its plausible that less than 100 had been in revenue service.
So, with all the lag in getting the aircraft into service, its plausible that in the next 10 months the type could rack up 500,000 flights, since thats just a little more than 4 flights a day per aircraft on average.
So if airlines would be forced to print the stats and if on your ticket for a MAX will be printed 100x more likely to crash then 737 classic would you chose MAX because some cars,bathroom or lightning statistics?
My point is that American pilots probably have an intrinsic advantage flying American-made planes over foreign pilots (it's the "white privilege" of the aviation world). It's hard to measure, but it's likely there in the form of pilot social circles.
I doubt it's the fact that they're American flying American planes as egregious accidents happen even in those sorts of scenarios (cf. Air France 447, French pilots, French plane, French carrier).
There's the NY Times Magazine article that reminded everyone of the word 'airmanship' [1] although it wasn't terribly well-received [2], [3] by some other pilots.
If you don't want to read all those, basically pilots in richer countries might be more likely to also be private pilots and more familiar with how an aircraft 'feels' that translates to a better sense of what's happening in larger aircraft. Combine a lack of that in poorer countries with the dumpster fire of Boeing's choices, crap replacement parts, and 'limited' training regimens and you have a fatal error chain forged.
The criticisms focus on the idea that heroic pilots who could recognize and avoid the situation probably aren't the norm. Further, there's often prejudice against pilots from developing countries even when they are competent; neither of these excuse the systemic failure and getting to the conclusion of "but for the pilots the crashes wouldn't have happened" is somewhere between insulting and reductive.
Did you read about Boeing and airlines trying to cut more of the pilots training costs? With the FAA in Boeing's pockets (if this accidents would not have happened) you would probably get less simulator training and more VR, tablet apps and software hacks to make even more money for the rich.
Edit: To be clear, while this was 10 years ago and noone died, this incident seems to me to be a bit worse than the issues with the 737 MAX in that with the A330, there is no shutting off the systems that caused this issue, as they are part of the flight controls. Fortunately the causes were investigated and while the exact cause of the issue was not identified, the computer systems were updated to deal the fault scenarios identified in the investigation.
That one was a case of electronic gremlins in one particular plane together with a quite particular edge case in the software, based on reasonable assumptions.
> So why fly on a 737MAX when any other plane out there is safer?
Well no one can fly one right now as they are all grounded. However, once they get approval for a fix from all countries, the airplanes get updated with said fix, and the pilots get whatever training required for the fix and thus can start flying again, why not fly them? Presumably, that failure type should never happen again and its record seems fine outside of this 1 problem.
>However, once they get approval for a fix from all countries
That's a big assumption. The planes are already unmanageable, even if MCAS is fixed: human pilots aren't strong enough to turn the trim wheels manually in an emergency.
>and the pilots get whatever training required for the fix
I don't see how this is possible without forcing pilots to get a totally different type rating for this aircraft. That's the whole reason they put MCAS in there in the first place: to avoid a different type rating, which would require an expensive add-on certification.
> The planes are already unmanageable, even if MCAS is fixed: human pilots aren't strong enough to turn the trim wheels manually in an emergency.
Operation of the trim wheel and the forces acting on it are the same as the 737 NG. If this worries you, you shouldn't take any 737.
The wheel in that video can not be turned manually because of the aerodynamic forces acting on it. Pilots are trained extensively to recognize a runaway trim condition and stop it before it gets to that point. At lower angles a roller coaster maneuver can be used to turn the trim manually.
The MCAS was definitely poorly designed but everyone is downplaying the poor pilot response and maintenance issues involved with the crash. Lion Air pilots flew a plane with a stall warning going on for a full hour instead of landing ASAP. Then when the plane got to the ground, the company saw it fit to fill it up with people again and fly it with a critical system malfunctioning due to unknown causes.
They dodged responsibility because boeing had a serious design issue but their behavior was criminal, even more so than boeing. I wouldn't fly any lion air plane.
Boeing’s own testing assumed pilots respond to runaway trim situation within 4 seconds [0]. Beyond that, the MCAS will have put the plane in an aerodynamic position where the pilot forces required to manually stabilise are too great. 4 seconds is not a lot of time. The Ethiopian pilots were aware of the need to disengage the powered trim and use manual control. They just couldn’t force the controls enough given the position the plane was in. The 737MAX is a death trap. It won’t fly again without significant redesign.
On the other hand, the AOA sensor on the Ethiopian Airlines plane failed at takeoff, likely due to birdstrike. Birdstrike isn't supposed to crash an aircraft.
The speaker talks about trimwheel behaviour. Pilots train for runaway stabilizer trim, but that's continuous movement of the trimwheel, faulty MCAS looks much like regular speedtrim. Also, activating electric trim activates another round of MCAS. Obviously you shouldn't take Lion Air, but after this talk Boeing doesn't look safe now either.
Broadly speaking, I agree with you. I was responding to the hysteria about the trim wheel in this thread. I'm getting the impression that some users think the trim wheel, or its behavior under extreme aerodynamic conditions, is a "new" design flaw unique to the 737 MAX when in fact almost every airliner in existence has a trim wheel behaves like that.
The exception being modern fly-by-wire planes that simply don't have an option of manual override.
The speaker talks about trimwheel behaviour. Pilots train for runaway stabilizer trim, but that's continuous movement of the trimwheel, faulty MCAS looks much like regular speedtrim
Empirically, the Lion Air plane exhibited the same MCAS behavior on its last (successful) flight. So it's at least possible for pilots to recognize it as a runaway trim and act accordingly.
Obviously you shouldn't take Lion Air, but after this talk Boeing doesn't look safe now either.
After reading the Lion Air report my conclusion is that the MCAS was poorly designed but it's also an easily fixed problem on an otherwise safe design and there's so much focus on boeing that they will take action and fix it. Meanwhile nobody cares about Lion Air and if they keep flying broken airplanes eventually they're going to kill more people, with or without MCAS.
Note the penultimate Lion Air flight had a third-pilot dead-heading in the cockpit. Not a regular luxury.
Also, the AoA-vane was replaced with a faulty part, and never retested after install if I recall correctly. A procedure complicated by the fact the plane would have had to have been started, shutdown, then restarted since the Flight Computer switches from side-to-side each flight.
So a maintenance tech may have accidentally tested the wrong computer assuming the documentation wasn't up to snuff. Can't say as I've seen that part of the documentation myself; but considering they left MCAS out of the pilot docs, I somehow doubt that it was greatly elaborated on in the maintenance docs as well.
I think that 3rd pilot was key not just because of an extra person; IIRC, he had a vantage point the pilots didn't have, and saw what was going on with the trim wheels.
The 737 should have been retired decades ago. It's an utterly primitive aircraft, and its cockpit hasn't changed significantly since the 1960s. Newer Boeing aircraft don't have those trim wheels at all. Even the old DC-9 didn't have them.
Yes, the plane might require expensive training and expensive modifications. It may even have to get completely scrapped if the changes are deemed uneconomical to deploy.
With all the different government agencies going to be manually inspecting the updated plane themselves, the MCAS problem is going to be put under a microscope by dozens of different countries and if they do approve it and deploy it, then I am going to take there word for it as having mitigated the MCAS problem and won't care about stepping on a 737 max as its track record outside of this 1 problem is fine.
If it does not get approved or deployed, then who cares because you won't even have the option to fly it as it will stay grounded. Regardless of what happens, checking what plane I will be flying on will not impact my decision when choosing flights.
What if it does get approved, but only by some countries? So, for instance, suppose the US approves it, but China and the EU don't? Then, it probably won't stay grounded, because this plane is usually used for shorter-distance travel. Southwest Airlines, for instance, exclusively uses 737-type aircraft, and all their travel is domestic US, so an EU ban wouldn't affect them at all.
I for one wouldn't feel too confidant about the FAA approving this plane with the EU regulators refusing to, considering what a criminally-negligent job the FAA did in approving it in the first place.
> I don’t know the same about my car, which is why I’ll take it over a Max any day
"ignorance is bliss"
If you knew how much software went into a car vs. an airplane, you might think twice. Airplanes seem more complicated than cars, but software-wise they are much simpler. Cars have millions upon millions more SLOC than airplanes. You think MCAS is bad, how about cars that have sudden loss of steering, emergency brakes that mysteriously engage, or a throttle that can't be disengaged?
Serious design flaws in airplanes are these big dramatic events. Serious design flaws in cars pop up in the news every day, and we just ignore them [1][2].
Software flaws in cars usually aren't fatal. If your car has a failure, you just pull over on the side of the road. You can't do that in an airplane.
>how about cars that have sudden loss of steering
Citation needed. I've never heard of a car having this problem, and it's generally impossible because there's a mechanical link between the steering wheel and the front wheels.
>or a throttle that can't be disengaged?
Citation needed. I've never heard of this happening where it's been proven to be real and not a publicity stunt. All the problems with "unintended acceleration", including on Toyotas a while back, have been shown to either be people using aftermarket carpet mats, or even people faking it. What's more, turning off the car in an emergency is not hard, even in push-button-start cars. Now of course, we can blame some wrecks from faulty systems on poor driver training, drivers who just aren't very good, drivers who can't handle an emergency, etc. This simply does not apply in an airplane: pilots go through a LOT of training to get that job, so if they crash anyway, that points to an unforgivable mistake in engineering or manufacturing.
> Citation needed. I've never heard of a car having this problem, and it's generally impossible because there's a mechanical link between the steering wheel and the front wheels.
That's not a loss of steering, that's a loss of power assist. You can still steer a vehicle just fine without power assist; you only need the assist at very low speeds.
I've driven a car with intermittent failure of power steering, it's not impossible and at higher speed, the wheel provide stablization on their own already.
And it's actually comparable to the _intended_ failure mode of a 737 Max. If the system fails you can't let the computer control the trim, so there are manual trim wheels provided and you switch off electronic trim. Like the steering wheel of a large modern car, these wheels are mechanically connected to the thing you want to change but if you're feeble like me you'll struggle to even move them which is why the computer was in the loop.
As I understand it large trucks existed prior to power-assist, they just hired big strong chaps who could wrestle the steering.
We probably don't want (and Boeing doesn't want) to make 737 Max certification have a "Physical strength check" where you need to exert so-and-so much turning force for so-and-so many seconds or you can't fly their plane. So probably trim wheels need a re-think, whether that happens as part of the 737 Max work, its immediate aftermath or not for years because this incident scares manufacturers away from changing anything about trim.
Seismic shifts in safety considerations do happen, we haven't seen the last of them. And they aren't always ultimately for the better. Titanic had a few effects, many of them really good, but one notable one is that it pushed the narrative that you need to provide and test a LOT of lifeboats on an ocean liner. Titanic, as you can probably all recite, did not have enough lifeboats. But in practice lifeboats are very much a last resort for an ocean liner captain. You've got a whole lot of civilians who are incompetent at sea at the best of times, probably panicking and now you're trying to successfully get them into smaller boats under supervision of a relatively smaller number of crew. Some of them are likely to be injured or even die. A ship's master would prefer _anything_ over putting passengers into lifeboats, except them all drowning. Almost always the sensible course of action, taken by the ship's master, will be to take the still working ship to any port and unload the passengers. Yes even if the ship is somewhat on fire, or has grave engine problems, almost anything except actually sinking right now.
Meanwhile just owning the lifeboats means your crew have to keep testing them and servicing them, each time also has a chance of injury or death as crew fall into the water, boats fall on the crew, and so on. So owning a suite of lifeboats for your ocean liner (which you weren't planning to crash into an iceberg at any time) is probably a net negative in terms of injuries and deaths.
>We probably don't want (and Boeing doesn't want) to make 737 Max certification have a "Physical strength check"
Actually, I think they absolutely should. And then it should be made illegal to have a plane that has any such requirements, so these planes should be deemed unairworthy, and Boeing should be forced to scrap them. Either that, or female pilots should be able to claim discrimination, and every female or otherwise not-strong-enough pilot should get a free lifelong chief pilot salary as part of the settlement.
Basically, this plane should never have been built. It's a 1960s design, and because of crappy regulations that allowed this, Boeing kept making this 1960s tech because it was "grandfathered". Newly-built planes should not be allowed just because they were OK 50 years ago, when they aren't good enough according to modern standards.
I'm guessing you meant "bigger"? Otherwise I don't know what a bogger trim is. The wheels already have servo motors, but understandably the cut-out cuts those out also.
Software flaws in cars usually aren't fatal. If your car has a failure, you just pull over on the side of the road. You can't do that in an airplane.
Many modern cars have computer control of brakes, accelerator and even steering, so a software flaw could stop you in the opposing lane just as you start to pass a car, or accelerate and steer you into a bridge pillar (and since that car was already steering the car before that, the driver may not be able to react in time)
mechanical link between the steering wheel and the front wheels.
Steer by wire is becoming much more common. It’s already in luxury cars and, like most features, will probably eventually trickle into economy car designs
You’re right. I was conflating electrically powered steering with steer by wire. In either case, EPS relies on software to determine the amount of force/torque rather than hydraulic/mechanical means.
I did see one source indicating a roughly 25% increase in steer by wire by 2026, but it’s behind a paywall so I’m not sure how good that source is. According to a Tesla forum, there’s still a mandate for mechanical linkage
EPS has been used in economy cars for years now; most cars on the market now probably have it. The few laggards that don't have EHPS (electro-hydraulic PS), where software runs a pump that pressurizes the hydraulic system.
EPS has been on production cars now since the 1990s, and I've never heard of any software problems with those at all. In fact, it's probably been more reliable than hydraulic systems since it doesn't have so many moving parts, just an electric motor, and no hydraulic fluid to leak or get contaminated (due to not being replaced on time, a common thing for people to skip on maintenance).
Steer-by-wire is a no-go for now, because it's illegal to not have a mechanical linkage. That might eventually change when we get driverless cars, but there's no sign that those are coming nearly as quickly as many people used to think; there's just too many problems with them.
There’s been some issues related to recalls on EPS. An excerpt below is from a 2015 GM truck recall:
“Recalled products do not contain the updated software that mitigates the effect of the condition. When the system voltage drops below 8.8 volts for more than 1 second — e.g., during low-speed turns — EPS assist is disabled”
Honda has had similar recalls.
I don’t know if that can be used to claim software caused the initial hazard but does indicate software is used to mitigate safety issues with the implication that software failures can lead directly to hazards
This doesn't sound like a big deal. Electronics normally can't function when system voltage is too low, and that can happen in a car if the battery is weak and the alternator isn't producing enough power (e.g., at very low speeds and with a high electrical load, such as making a sharp turn in a parking lot with a nearly-dead battery).
This isn't very different from old hydraulic-assist cars that also had the assist die or be too low when there was some problem (fluid too low, pump failure, belt failure, etc.). Was it ever a big problem? No, not really. If your power steering fails in a parking lot, it's a pain, but you're already barely moving, so you just stop. At worst, you might have a minor fender-bender.
I don't see how this is a software problem; this is an electrical problem. The only software issue here is the decision to shut down the EPS instead of bringing it back online when the system voltage goes high enough.
Personally, I'd say the fundamental problem here is actually the fact that cars still have 12V electrical systems, and batteries that are really meant for starting only, not for continuously supplying heavy electrical loads (like EPS). Carmakers should have gone to 42V or 48V systems ages ago.
To your point, the GM issue was involved in 30 accidents in a couple years but no fatalities. The problem is obviously not a failure in a parking lot, but at speed.
I don’t know the specifics of the system safety analysis but if the software is used to mitigate a hazard, it’s usually considered safety critical. In this case, if it shuts the EPS off, or fails to bring it back online, it it would significantly affect the vehicle handling dynamics. Again, I don’t know their classification scheme but I would assume the steering is a safety critical system. Some reports claim the vehicle lost all handling control, but I’m a little skeptical of that claim.
In any event, I wouldn’t consider it no issue. Recalls cost a lot of money. In the GM case it affected 1MM cars. I didn’t look up the cost of each fix, but I wouldn’t be surprised if it cost nine figures. I doubt they would go forward with a recall of that magnitude for a trivial issue.
I could see the same rationalization for MCAS. The system safety analysis didn’t claim an MCAS failure was catastrophic and they already had a procedural mitigation in place if it did fail. It wouldn’t take much to convince someone that such a recall fix was no big deal. This is part of the problem with systems using safety critical software
>To your point, the GM issue was involved in 30 accidents in a couple years but no fatalities. The problem is obviously not a failure in a parking lot, but at speed.
I'm not familiar with the specifics of that case, but having a low system voltage is more likely at parking lot speeds because the alternator isn't turning very fast, whereas at speed the alternator should be generating enough power to run everything including EPS, but maybe they underspecced the alternator, so I can see it happening. Still, losing your power assist at speed is still dangerous of course, but it is recoverable, and it's nothing like having a critical system fail in an aircraft. Failures in cars are always safer than in aircraft, because you're already on the ground. This is why safe design is so important in aircraft: if something goes wrong in a car, it might result in a wreck of a few vehicles at worst (multiplied by the number of cars experiencing that failure), but many times tragedy is avoided because the driver just needs to steer away from traffic and avoid running into something too fast. In an aircraft, there's no such thing as a "fender bender"; crashes are usually fatal, and they usually carry dozens to hundreds of passengers.
>Recalls cost a lot of money. In the GM case it affected 1MM cars. I didn’t look up the cost of each fix, but I wouldn’t be surprised if it cost nine figures.
That seems high: you're assuming each car cost $1000 to fix there. That's a lot of money to fix one component; at that volume, the part probably cost well under $100 each, and as another poster noted, the dealer labor required was pretty small.
I completely agree that car failures are almost always less severe than aircraft. However, to play devil's advocate, pilots have much more stringent training requirements and that's a relevant point to the MAX situation. I hope I didn't come across that I was trying to equate the two in terms of criticality, just trying to point out a couple counter examples to statements about car software not being critical. The details of the Honda case seem even more critical than the GM one.
I was estimating at $100 per fix (since it's just the labor cost of software). At roughly $120 per labor hour multiplied by 1MM vehicles is where I came up with the nine figure mark. At $1k per fix, it would be in the 10 digits. Regardless, it was overshot and I corrected it with the details in a reply (since I couldn't edit the original). It only comes in at 0.5 hours per fix. Not chump change but the decision to fix it may also have been influenced by the Toyota accelerator and GM ignition recalls that got a lot of press.
There was a problem with GM ignition switches. The detent was too short and so it was possible for it to accidentally be switched to off. Bunch of people died as a result. Three problems. Power steering and brakes no longer work. Two the anti-theft device can lock the steering wheel. Third the airbags are disabled. It's a classic systems interaction issue. And is exactly the thing that shows up as the design processes becomes Balkanized.
I remember that one; that was absolutely criminal because they were informed there was a problem, and refused to do a recall because it would cost money. Instead, they quietly changed the ignition switch to fix the design defect, but without changing the part number or informing anyone.
And, as you pointed out, it was a systems interaction problem. Losing power steering at speed isn't great, but it's recoverable (maybe less so if you're weak and you're driving some big stupid SUV, rather than a small economy car), and losing power brakes is also bad but recoverable because you have enough vacuum in the system to do a full stop (but only 1 usually), but tie them together, at speed, and also (worst of all) lock the steering wheel, and you have a recipe for disaster. This is far, far, far worse than losing your power steering assist at parking-lot speeds.
What you bring up in terms of cascading failures is termed the "swiss cheese model"[1]
This is the traditional way to deal with system hazards. What has been talked about is the need for changing the way we think about software failures on safety critical systems, distinct from traditional failure mode approaches.
"The result is that software-related accidents involve a new type of accident, which can be called a component interaction accident: None of the components fail (all satisfy their specified requirements) but the problems arise from dysfunctional interactions among the components."[2]
The Takata airbag issue wasn't ignored at all, it was a very serious safety issue. For defects of that magnitude there's the Department of Transportation, and there will be recalls to pull the faulty part out of circulation.
Catastrophic as in 300 people will not die due to the flaw, yes.
But one-off car fatalities that kill 1-3 people happen regularly and they add up. The self-driving variety pop up with the highest visibility but if you go searching you'll find tons of accidents where brake failure at highway speeds cause a fatal crash.
I do concede that distracted driving and alcohol play a much bigger role in the large amount of car fatalities than software flaws. But I still stand by my original assertion that you are more likely to die due to the effects of a software flaw in your car than due to a software flaw in the 737 Max.
How do software flaws in cars kill you exactly? The main example you bring up is brake failure at high speed, but that's not a software issue, that's a mechanical issue (and is oftentimes caused by neglecting maintenance on the part of the car owner).
Yes, there's the self-driving stuff, and there have been some egregious examples, but those systems also save lives by preventing accidents. Lane departure warnings, automatic braking, and electronic stability control all, on the balance of things, make driving much safer.
Braking systems have been partially modulated by software for decades, i.e. ABS, TCS, ESC.
Additionally, other software controlled systems can induce mechanical issues. For example, in the case of the Toyota unintended acceleration debacle, an engine at WOT typically does not produce vacuum. However, power-assisted brakes almost universally are vacuum-powered. So, if the software-controlled throttle gets stuck wide open, you lose power-assist to the brakes.
Power assist not working in the breaks doesn't really equate to loosing the breaks entirely. You can still use them to slow down unless the break wire or hydraulics are literally cut.
And successful control of the vehicle depends on the vehicle's specific characteristics and the physical ability and awareness of the driver. The point being: it has killed people.
Software is increasingly controlling safety critical systems in cars so I would expect software failures to take up an increasingly large number of fatal vehicle faults going forward. On safety systems that have been using software for decades, one can find examples of such potential failures [1]
Only a heavy-software run car might (e.g. a Tesla autopilot or the Uber fatality). But I agree with you. I fail to see how software bug in a car would lead to a comparable outcome.
I don’t think most people realize how software dependent their “dumb” car is. From antilock braking to throttle response to steering response in some cases is largely controlled by software. It goes way beyond the infotainment systems we intuitively think of as software
I agree that cars are more safe now than ever before and that mechanical failure is more deadly than software failure.
The whole point of my comment was to put to bed the irrational fear of flying. You are still more safe travelling long distances in a faulty flight system such as the MAX than you are by car. There are just too variables to account for in cars, one of which includes increased software complexity.
The 737 MAX crashed twice and killed 346 people. It's not an "irrational fear" to refuse to ever fly in one again.
Secondly, what are the exact figures you're using to show that the 737 MAX is safer than cars? And now compare it to other planes, the more realistic comparison? I'm not taking planes to places that are within driving distance. The 737 MAX was waaaay less safe than other planes.
I think we have to stop segmenting our thoughts into “software” and “hardware” and instead look at issues like the 737 Max as an integrated system failure. “Software” failures can easily manifest themselves into hardware failures; thinking of them as separate systems can lead to a complacency mindset of “its just software so we don’t have to be as rigorous in our design”
My fleet sums to ~100k trips and zero (human) deaths. The 737MAX can't claim such a low number of deaths per trip.
Regardless, we can choose our metrics to paint whatever picture we want to paint and any metric we choose is of little use anyway because it's an apples to oranges comparison.
Yes, I think you are right, it is much lower than 500K, I misread the wiki page which stated it had 500K flights at the time groundings started and assumed there weren't a significant number of flights between the first crash and groundings.
I'm still not sure I follow. How many flights do you think the MAX has now? I'd guess around 100k but the wiki says around 600k and the difference seems important.
