> Boeing charges extra, for example, for a backup fire extinguisher in the cargo hold. Past incidents have shown that a single extinguishing system may not be enough to put out flames that spread rapidly through the plane.
Well that's something that is not comforting to read. Charging extra for comfier seats, I can understand, but charging extra for features that might be the difference between life and death for 100+ persons, that's just sick and criminal in my mind.
What’s more criminal is not buying the extra safety features. Creating safety features, while important, is not free. Someone has to pay for it, no matter how many lives they save. Hard to fault Boeing there.
It’s like side air bags in cars. Some have them, some don’t, but if you want them you will pay an extra 2 grand as each airbag unit is easily a grand each, and must be replaced completely if it ever deploys. If you buy your teenager a car you can decide if you will pay extra for those safety features.
Sure, safety features aren't free, but that doesn't mean they shouldn't be included. If that raises your cost, you increase the cost of the plane, not offer it as an optional add-on.
Raising the cost per plane is not so simple of a solution in some markets, and may make it very difficult to stay competitive, putting you out of business there entirely. Also, not all planes might be purchased for passenger travel, maybe a plane is used for package delivery and doesn’t need to come with so much extra safety. Who knows.
In a world where air travel is remarkably safe, throwing in the extra fire extinguisher that may make the difference between a near miss and a tragedy seems like it'd pay for itself many times over versus the alternative even if you just consider the PR impact.
My thoughts, too. Certain core safety features should be included by default, to avoid the possibility of an uninformed buyer dooming the people flying their airline.
Auto manufacturers don't make an engine compartment firewall optional, or sell full-strength seatbelts as an upgrade.
Not arguing against safety, and this doesn't relate to aircraft at all, but your examples are interesting.
Pretty sure all three of those were optional when they were new things. The pattern of being optional on luxury vehicles, then standard on luxury models / optional on normal models, and finally, standard on all vehicles...is common.
I'm sorry, but the safety features in question here were software upgrades. The incremental cost to Boeing to add it to every aircraft during manufacturing would be negligible.
In my view it should be criminal to withhold such safety features for profit.
I don't think it's as simple as the article has made out. Many different airlines spec these planes for many different types of flight, and types of cargo - that's why features are optional. E.g. if an airline operates many routes on which the hold is likely to contain a high proportion of hazardous material, they can spec the additional fire suppression system. Even with a single system, the plane's certification will require that it can contain a hold fire for {X} mins (long enough to allow the plane to land and evacuate).
Isn’t it a security feature linked to a max load or a category of cargo? It could be a good reason: “Mixing cargo and luggage is only allowed on planes with a secondary extinguisher” => We sell the secondary, not because security is optional, but because we sell the ability to do something more with the plane.
In the software update that Boeing says is coming soon, MCAS will be modified to take readings from both sensors. If there is a meaningful disagreement between the readings, MCAS will be disabled.
How was MCAS rolled out and certified flight-ready when it did not rely on readings from both sensors? This breaks a cardinal law of airplane safety -- always have redundancy.
Because MCAS wasn't originally proposed as having enough authority to make dangerous flight inputs. It was allowed by that standard.
Then Boeing increased how much authority the system had to pass a different part of certification without telling the FAA.
> “The FAA believed the airplane was designed to the 0.6 limit, and that’s what the foreign regulatory authorities thought, too,” said an FAA engineer. “It makes a difference in your assessment of the hazard involved.”
[...]
> The discrepancy over this number is magnified by another element in the System Safety Analysis: The limit of the system’s authority to move the tail applies each time MCAS is triggered. And it can be triggered multiple times, as it was on the Lion Air flight.
To be fair, I don't think the "disagree" light would've helped those pilots any. Knowing that the AoA sensors disagreed isn't going to help them troubleshoot a system they are not aware exists. It's just one more warning to troubleshoot while fighting the aircraft.
If anything, it's MCAS that needs to be heeding the AoA readings disagreement. Instead it's more than happy to only rely on the reading of one of the sensors.
I seem to remember reading about an incident recently where pilots noticed divergent sensor reading and aborted take-off.
It would seem that AoA disagreement would be the very first symptom of the failure that lead to these crashes. Since pilots are likely not to immediately notice this (hence the indicator), this feature may well have given them additional time to sort out a response. Depending on how this failure progressed, it may have even been discovered on previous flights or before take-off.
Given that the warning is optional, it would suggest that the AoA sensors are not components that are critical to a safe flight. Well... or so they thought anyway.
It's questionable if most pilots would abort a take off because of an AoA sensor discrepancy, especially if they didn't know it controls MCAS or that MCAS exists in the first place.
But yeah - good point about it potentially triggering further diagnostics prior to the flight altogether.
The AoA disagree could go off as soon as the nose is lifted, which still may give pilots just enough time to abort take-off or immediately request landing.
> which still may give pilots just enough time to abort take-off
Airliners are committed to takeoff by the point of rotation. Typical ops manuals would abort for any warning before 80kts, at a speed known as V1 they are committed (even in case of engine failure) this typically occurs 10-20kts before rotation speed where the pilot initiates lifting the nose.
My understanding is there's a good chance that those sensors were malfunctioning for a while before the day of the crash (during the post-crash investigation they found that previous flights were showing dubious readings). In which case, a disagreement alert could have potentially saved all those lives.
MCAS wasn't in the training materials provided to airlines. Even some US pilots have complained that they had no knowledge of it before the Lion Air crash.
Because part of the advertised appeal of the MAX was that it would not require new training, despite a different aerodynamic profile:
> Since MCAS was supposed to activate only in extreme circumstances far outside the normal flight envelope, Boeing decided that 737 pilots needed no extra training on the system — and indeed that they didn’t even need to know about it. It was not mentioned in their flight manuals.
> That stance allowed the new jet to earn a common “type rating” with existing 737 models, allowing airlines to minimize training of pilots moving to the MAX.
The whole point of that system is that it would alter the plane controls so that it behaves the same as the older models, so that pilots wouldn't need to be retrained. It was one of the main selling points of that aircraft.
It's comforting knowing the airline I usually fly on bought both options. I wonder if we could mandate these options being public and who ordered what, so that airlines are more hesitant to leave them out?
Reminds me so much of the car market though. Adding a $3 thermistor is "automatic temperature control" and requires a trim level that costs $1,400 more.
Scary parallels with the way Tesla is selling software updates to enable features. Let's hope consumers don't have to choose which safety features they can afford in the future.
For a long time, ABS and airbags were as extras as well. The difference is that a consumer shopping for a car can decide how much safety they want to pay for, while air travelers have no idea how safe the plane they are going to board is.
Airbags and, to a lesser degree, ABS definitely add substantial costs to cars. So it wasn't entirely unreasonable to ask customers for extra money. Yet subsequently, as they became cheaper and proved their potential to safe lives, they became mandatory. If I had been in a position to make decisions on this, I believe I would have argued for charging costs only for these features. Volvo's publicly announced decision not to enforce its patent on seat belts is example of a company with a mindset that goes beyond pure profit.
Judging Boeing's strategy here obviously requires a better idea of what they were charging and the actual costs of installing these features.
There may well be an argument that these systems are not comparable to airbags, but rather "pay us $X,XXX extra, and your car will not have a 10% chance of randomly blowing up".
ABS, ESP aren't only for the safety of the person buying the vehicle.
You can have the latest, safest car money will buy and get plowed by a 30 years old land rover without any crumple zone and die because he couldn't stop in the snow/rain (bald tires, used break pads, &c.).
It's always a balance between regulations and ""freedom"".
In some US states you can drive anything as long as it has and engine and a plate. I lived in CA for a while, everyone drive with bald tire, I remember opening google maps on a rainy day, LA area was full of the red ! accident signs.
The world is a big kindergarden, you can't expect people/companies to do what's best for themselves/others so you have to enforce the rules through laws and regulations.
If companies were allowed to sell cars without safety features for a lower price people would buy them.
>If companies were allowed to sell cars without safety features for a lower price people would buy them.
On the other hand it costs money to develop these systems. The people developing them deserve to get paid. The government needs to decide at what points it becomes mandatory to have these systems.
If companies can't charge for new safety features, the result will be every company getting out of the safety feature (non-)business.
If the newest safety features make cars unaffordable for most, people will complain also.
That 30 year old land rover will most likely be obliterated by any modern car. When comparing old vs new cars the size difference is completely irrelevant. Modern compact cars are much safer than old large cars.
Overall he said, that it is not possible, as a principle, to put 'infinite' economic value into individual life.
--
Perhaps the argument can be made, that in a different situation the 'other data' pilots were to use, would increase safety.
--
Either way, I think there is something wrong with Friedman's argument.
'Optionality' -- when related to safety features, should be treated very different, than optionality in, say, comfort features.
Passengers themselves should not be expected to make choices which optional safety features, on a car, a bus, or plane should be purchased by the drivers/operators.
Drivers, should not be expected to make these choices, either.
My thinking here, is that
An optionality in safety device, should change the whole major (not minor) vehicle model number designation, for example.
This would drive different visible profiles: different training, cost, marketing and so on.
I don't disagree with you on the point here, but how much do the breaks and bags cost? I did a quick search and it seems like the total for all the parts that make up a car is about just over 1/2 of the cost of buying a car. I know replacing an airbag is super expensive. Do the manufacturers pay that much for a new one when they're building the vehicles? I'm more curious than anything.
Air bags are extremely cheap, like the cost of a (typical, not extreme) car stereo.
The designers generally don't care what happens to the rest of the car after deployment, so expect a broken windshield, various broken dashboard components, destroyed steering wheel components, HVAC system cracked (ducts, freon lines, vacuum lines, and water lines), broken wires of various kinds...
Even if the air conditioner evaporator coil wasn't cracked, for example, the sheer labor cost of having to disassemble and inspect the entire interior of the car is very expensive for labor. Technically yes you can replace an airbag in about an hour, then you discover there's no turn signals and at next inspection/registration you discover there's no working horn, etc etc it adds up.
Well, they tried to fix an airframe stability problem (caused by fitting larger/heavier engines to an existing airframe platform) with a fly-by-wire solution.
Kinda like if you or I could rent an 18-wheeler truck with a promise that it "drives just like a car."
One wonders: Did outside air temperature or weight-and-balance issues figure in to these crashes? Hotter=less lift. Weight too far aft=nose up tendency.
The system was designed to correct an issue inherent to all aircraft with podded engines under the wings: nose up tendencies at high power settings. This was inherent in all versions of the 737, it was a bit apparent in the NG, since the new engines make the problem a bit more prominent, MCAS was introduced to correct it.
So, its more like an Volvo 18 wheeler which drives just like your Volvo hatchback except when you try to take really sharp turns under power.
An accurate analogy, although a better HN automobile analogy in the sense of more accessible to the general public would be trying to drive SUVs like cars results in rollover accidents.
Its an error of regulation to permit a ridiculously safety critical real world physical system to digitally emulate a historical virtual system to save training money. Its a perfectly good aircraft on its own; it just has intentionally hacked and modified controllers to fake being another plane, and those hacked and modified controls unfortunately kill hundreds of people.
Given the merger of government and aerospace its going to be a huge dysfunctional fight where neither side can back down and admit they need to change things. My guess is for purely political reasons both sides will admit guilt, although its obviously completely a government failure. On the other hand, as per the recent VW Diesel situation, if the government implements stupid regulations that are followed to the letter resulting in predictably dumb outcomes, the government accepted no blame and the company was attacked. There are strong indications going both directions which will make this interesting to watch.
>An accurate analogy, although a better HN automobile analogy in the sense of more accessible to the general public would be trying to drive SUVs like cars results in rollover accidents.
That analogy implies that the pilots were trying to fly the plane in a way that it couldn't handle. A better analogy would be a safety mechanism on the SUV that prevents drivers from turning too sharply and rolling over. The crashes are caused by that system incorrectly measuring the turn rate, forcing the car to drive straight, and have it run off the road.
Really, there's nothing wrong with the MCAS system in theory. Plenty of planes require computer controlled inputs to fly safely. The problem is in the execution. The base model lacks redundancy and pilots weren't trained well enough to handle the system malfunctioning. And in the case of the Lion Air crash a poor safety culture.
Honestly, the problem is probably already solved at this point. Correcting the issue that caused the crashes is simply flipping a switch. The issue is identifying what's causing the control issues to know which switch to flip. Every pilot should be hyper aware of the potential issue and they'll be able to easily diagnose and fix in flight issues.
(Woof, sorry for the long comment) A little thought experiment, and I want to be clear, its apparent Boeing screwed up big time, but I also expect my airline to make every effort to incorporate all safety features. Since it’s a bit of an ethical gray area where cutting edge or expensive safety features are knowingly foregone, I haven’t seen the fact discussed concerning these airlines’ culpability for choosing to acquire aircraft without safety features to save money (aka, to make more money), just like Boeing marks up the cost of these features to make money. I realize that the AoA disagree is a safety feature that would have informed pilot of a bad Boeing design, but are there other sensors and features that could have been offered by Boeing, but aren’t available or aren’t purchased for similar reasons. If it was an option on the order sheet, and they had technical consulting to assist with specificying the plane, then they made an active decision not to beef up on safety.
I’m sure there are better examples that have a higher probability of improving safety, but for some fun examples, where are the massive, inflatable, roofmounted airfoils that inflate like big airbag parachutes in the event of an impending crash. What about 5 pt harnesses for all passenger? Where are the uniformed armed security squad on every flight to deter hostage situations? What about full situational awareness mesh network radar comms a la the F-35? What about no carryons allowed in the cabin to reduce flammability and airborne objects during crashes? Each of these things offers a potential, incrementally-increasing level of safety for passengers, that are not taken up by the market.
For an analogy, If my cabby didn’t buy curtain airbags from the Ford, and I get my head smashed in a wreck caused by a malfunctioning component elsewhere in the car, doesn’t the cab company still have some culpability for skimping in passenger safety? If not in that scenario, what about a poor level of maintenance (but still technically compliant) of the vehicle? At some point, for contracts of carriage, it’s up to the carrier to establish an expected, acceptable level of safety for its customers.
Again, it sounds like Boeing bears the lead blame, and it wasn’t clear the features as sold offered valuable data to the pilot in the event of an emergency, but I also expect my airline/carrier to provide as much safety is commercially reasonable. Just like when reviewing legal contracts or lines of code, if a line item is added with no obvious reason for existing, one must ask “why is this item here?”
I'm sure if Boeing had correctly described the lack of these features as potentially crashing the airplane, these airlines would have bought them. As it is, hundreds of people had to die because Boeing wanted to make a little extra cash selling essential, potentially life saving features as add-ons. If that's not criminal, I don't know what is. Of course, I would bet money that no one is held responsible for this, as usual. We probably won't even get a canned apology. This airplane design should be grounded permanently. If Boeing is willing to let hundreds die by making critical systems optional, who knows what other issues the plane has that will kill even more people? There should also be an investigating into how this plane was certified, as clearly regulators failed to do their job and check Boeing's greed. The CEO and people at Boeing responsible for this plane should face criminal charges as well as anybody in the regulatory bodies who decided to certify this plane buying Boeing's claims that it was just another 737 when that is not the case. Without criminal charges, Boeing and other companies are going to continue to play with people's lives to make a few extra bucks.
It's standard equipment on new Cessna 172's and marketed as "Safe Flight", specifically called out as a way to avoid a stall, etc. When the industry says it's a safety thing, it's hard to blame a reporter.
> Calling it a safety device is a bit of tabloid reporting.
It become a safety critical sensor as soon as flight inputs are directed as a result of its data. For example, bad data has now resulted in 346 deaths, if that isn't safety critical I don't know what the criterion would be.
To be blunt, hitting the ground at 300kts is what caused 346 deaths. There hasn't even been a preliminary report on the Ethiopian crash so we can't say with any certainty that the failure was the same.
It is quite likely that the pilots were overwhelmed with warnings (e.g. stick shaker activation) and conflicting data. It's not clear that presenting yet more conflicting data would have averted the disasters.
Limiting the authority of the MCAS system is likely to be the real fix.
> There hasn't even been a preliminary report on the Ethiopian crash so we can't say with any certainty that the failure was the same.
But there has been on Lion Air, compelling ADS-B data for Ethiopian, and every regulatory agency in the world agrees they're similar enough to warrant grounding the entire fleet.
> Limiting the authority of the MCAS system is likely to be the real fix.
They're already changing it to take data from both sensors, and there's been talk of requiring a third for voting logic. So the "real fix" is treating a safety critical sensor as a safety critical sensor.
> They're already changing it to take data from both sensors, and there's been talk of requiring a third for voting logic. So the "real fix" is treating a safety critical sensor as a safety critical sensor.
Interconnects like that are quite unusual. For example the autopilot is typically driven from either the same data source as pilot or the co-pilots system. There are some exceptions, for example in full auto-land mode both systems are engaged. But that really is an exception, only a fraction of the worlds runways have CATIII certification and they require special ground operations to support them.
There are procedures designed to ensure the systems agree on certain critical data, for example the 'pilot not flying' will usually call out 80 knots and cross check that the speed agrees between both sides.
Don't get me wrong. The system as designed is completely reprehensible and most likely initiated a chain of events which lead to the dealths of more than 300 people.
However, the point I started with is displaying the AoA in the cockpit is unlikely to have helped any of that. It's not really a safety feature except in quite specific scenarios (where the pilot is trying to extract maximum performance from an aircraft).
The other point I was making is that it's unlikely that they'll fit an extra sensor or cross connect the inputs. There are few systems which receive data from both pilots and co-pilots sources.
I was just wondering how Boeing could avoid the single-source prohibition that Gates writes about, but on reflection, I suppose it could take MCAS out of the hazardous class, and maybe limiting the degree to which it can change the trim will do that.
Questionable conclusion, the press release doesn't go into details either way.
To quote this NYT article:
> Boeing is updating the software to require data from both sensors for the system to kick in, according to pilots at several major airlines and two lawmakers briefed on the matter.
Not in aviation, for example the Airbus A330 has triple redundant Pitot tubes, the B737CL (Boeing 737 "classic") has four, the B737NG has three (737 Next Gen), etc.
So this "quite unusual" system appears on the very airplane we're discussing for the Pitot-Static System, a safety critical sensor.
> On the 737NG 3 pitot tubes are pilot, co-pilot and the elevator control feel input. They aren't averaged, voted upon or compared in any way.
You're mistaken. To quote Boeing themselves:
> The most modern systems today use an air data inertial reference unit (ADIRU), which incorporates the best information from three pitot and static sources and provides a single set of data to both pilots. An ADIRU receives information from air data modules, which are located close to the pressure sources.
This is used on, at least the Boeing 757, 737 and Airbus A319, A320, A321, A330, & A340.
> There are therefore three speed information elaboration systems that function
independently of each other. The probes known as “Captain” supply ADR 1, the “First
Officer” probes supply ADR 2 and the “Standby” probes supply ADR 3.
The standby instruments elaborate their speed and altitude information directly from
the pneumatic inputs (“standby” probes), without this being processed by an ADM or
ADR. The ISIS is a unique standby instrument integrating speed, altitude and attitude
information. It uses the same static and total pressure sensors as ADR3.
From the report on AF447 an Airbus A330. Again, much as I described.
This is the second time you've linked to something without having read it (or understood it) first. And your own link disputes your point:
> The Boeing 737 NG series are fitted with pitot probes mounted on the left and right of the fuselage just aft of the radome. The aircraft are also fitted with an auxiliary probe on the right side of the forward fuselage and two ‘elevator pitot probes’ on the fin.
The triple redundant system initiated a "IAS and ALT disagree master caution." Which is exactly what a safety critical sensor is meant to do.
As an aside I'm done conversing with you on this topic. You keep on saying incorrect things, link to bad citations that don't support your previous statements, and when that fails moving the goalposts to something else entirely. It isn't a good faith way to have a discussion.
Keep in mind half a dozen posts ago you claimed no aircraft used triple redundancy or voting logic (which the 737 does, as I've shown and your own citation shows). Now your argument has shifted to some kind of pedantic one about which exact systems consume what data or similar.
I think you've missed my point altogether. I said that limiting the authority of MCAS was going to be the real fix. You contested that they are going to read from both sensors and possibly add a third.
I pointed out that it would be highly unusual for them to cross connect the inputs as that's not normally the design of aviation systems.
You said:
> The most modern systems today use an air data inertial reference unit (ADIRU), which incorporates the best information from three pitot and static sources and provides a single set of data to both pilots.
The report said:
> The aircraft was on approach to London Gatwick when the crew was presented with
erroneous airspeed and altitude information on one of the two cockpit display systems.
These statements are clearly at odds with one another. That isn't a pedantic argument. The systems have a clear A and B system and cross connects between them are minimised.
> Keep in mind half a dozen posts ago you claimed no aircraft used triple redundancy or voting logic
I didn't claim that. I said on the 737NG the 3 inputs (actually there are 4, the additional one drives an auxiliary set of flight instruments) aren't averaged voted upon or compared. The 3 instruments simply display data taken their inputs, even when they are potentially wrong.
Technically the pilot and co-pilot IAS is compared in that it can sound a master caution if they disagree. This is a long way from automatically choosing the best air data.
Additionally, the A330 which you introduced to the conversation, has 3 independent systems. However, they however functionally they don't drive the autopilot or the pilots display based on the 'best' data. They simply display their output, unless the input source is manually changed to the hot standby.
Knowing that it was impact that killed people is not a very useful conclusion. You might as well say that AF 447 ended up at the bottom of the Atlantic because it flew into the water.
As air bags are activated by accelerometers, and having an air bag inflate while you are driving could cause a crash, I think your analogy is appropriate in a way that might not be immediately obvious.
In an emergency, too many warnings can be harmful. This can be a problem in hospitals, where every device beeps for all sorts of reasons. At Three Mile Island, the control panel became a 'christmas tree' of colored lights, when there was really only one problem: a stuck valve.
It is especially a problem when the significance of the alarm is not clear, as when a sensor is a control input to multiple systems with complex algorithms.
I would guess a warning light would be most useful in pre-flight checks, as a go/no-go indicator. It could also be an item in troubleshooting checklists (if the stick is shaking, yet the airspeed is good, is the AofA light on?)
I think it will turn out to be significant that there are two, but not three. This means that MCAS could not have been made triply-redundant through software alone.
See my response upthread. I don't think this is likely to be all that relevant. Aircraft systems are surprisingly dumb at times. They could easily have calculated an approximate AoA from their known reference data, rate of change of altitude (for extra credit they could use GPS and pressure altitude) and attitude and used that for a sanity check.
For AofA from those inputs, you also would need to need to know what the air is doing. Over a period of time I imagine you could approximate it, but for what MCAS does with it, I would think you need near-instantaneous (~ 1 sec.) figures, especially in turbulence or a downburst.
On the other hand, there is indicated airspeed, the traditional proxy for AofA. It, too, has its dependencies, but I think they are either measurable (e.g. flaps (, outside air temp.?)) or can be estimated from slowly changing values (e.g. weight from initial gross weight and fuel burn.)
True. I'm sure some safeguards could have been put in-place using existing data. Similar to simultaneous location and mapping. But as I said, the design of aviation systems is surprisingly stupid.
They have TCAS warning and know the height of the ground at any point on earth. Yet they'll let you dial up a path on the autopilot that flies straight through a mountain. It's only relatively recently that light aircraft autopilots gained envelop protection, until then they'd happily fly an aircraft into a stall trying to maintain the set parameters.
If it is a 737, the airline isn't buying any extras for comfort, even though they might give it a fancy paint job. (e.g. it's like putting a padded seat on a torture rack)
Not sure what you mean here. There are airlines with business class in a 737, and there's also the BBJ. Aircraft owners are free to choose how crowded the seats are on any aircraft.
You aren't going to be all that comfortable in business class if the airplane has a circular fuselage that squeezes you in the vertical direction.
The 737 is a classic story of undercompetition and underinvestment. The design goes back to the 1958 era 707, and it feels tiny on the outside even though it is big on the inside.
The Embraer 195 is much smaller than the 737 but it feels more like the 767 inside because it is designed with the human physique in mind.
Boeing was shocked by what it cost to develop the 787, but had it given the same treatment to the 737 it would have been able to recoup the costs more quickly because so many 737s get made. Also since the 737 is so common in the sky anyone who is concerned about climate change, noise, or any other environmental effects of air travel would see the 737 as a priority.
Ten years ago you could take a widebody from NYC to LAX. Today if you fly, you wind up on a 737 or an A320 which is basically the same thing. For me it is a reason to stay home, drive, or take the bus.
I think that's a reasonable point for the 737/A320 coach window seat. That egg shape of the Embraer hull does afford more room. It seems negligible for 737 business class though, since the seat is quite wide.
> A related habit uses editor commands to signify corrections to previous text. This custom faded in email as more mailers got good editing capabilities, only to take on new life on IRCs and other line-based chat systems. [...] The s/Erik/Eric/ says “change Erik to Eric in the preceding”. This syntax is borrowed from the Unix editing tools ed and sed, but is widely recognized by non-Unix hackers as well.
Well that's something that is not comforting to read. Charging extra for comfier seats, I can understand, but charging extra for features that might be the difference between life and death for 100+ persons, that's just sick and criminal in my mind.