I am more interested in hearing how the accidents happened. People seem to suspect the MCAS which uses the angle-of-attack sensors, and is susceptible to the sensor failures. However, a jet liner typically uses 2 alpha vanes, and there are some aircraft having 3.
In the past, a fatal accident involving an A320 was found to be caused by 2 out of 3 alpha vanes failing, but being in agreement. The 3rd operational sensor was voted out by the flight computer. Aye aye aye!
Sorry, more than you wanted to know follows.
The 737 MAX 800 and 900 series has (at least) 2 AoA sensors (one on the left, one on the right). As it is presently designed, the MCAS system uses only one of these (and I've
read it actually alternates between the left and right one each flight, but that seems hokey). IMO, the rationale for using a single AoA sensor is that the MCAS is
not critical to flight, and as we've seen many times (you correctly point out the Airbus example), introducing a "voting" system and/or the complex programming needed to discern which sensor is correct introduces complexities that detract from safety rather than enhance it (esp when a crew is trying to troubleshoot a problem in flight).
The MCAS only adds nose-down trim in certain situations. If it gets bad AoA information, it can move the horizontal stabilizer to a "nose down" trim position because it "believes" the plane's nose is dangerously high (relative to the airstream, not the horizon). The crew can use the normal trim switch to bring the nose back up, no problem. After 10 seconds (if the faulty AoA sensor still reads "nose too high!"), the MCAS will again trim the nose down, and the crew can (again) bring it up. The Lion Air crew (and the crew which flew the plane before) did this many, many times. At any time, the crew can turn off the automatic/electric trim and the cycle will stop. The crew would then use the manual trim wheel to adjust the pitch, the plane can be flown this way without a problem.
We don't know exactly what happened in the case of Lion Air, but it appears that the captain was handling the situation using the trim switch, and did so for many cycles (for minutes of flying time). It appears that he handed control over to the copilot/first officer, and for whatever reason he
apparently handled the situation differently and stopped cycling the nose up. It don't think it is known whether he/they ever disconnected the electric trim and used the manual wheel. Little has been publicized about the state of the investigation in Ethiopia, but it is reported that the stabilizer jack screw found at the crash site was set for nose-down trim, which is consistent with (but does not prove) a situation similar to the one in the the case of Lion Air. The airspeed and altitude data that has been made public from Ethiopia is quite unusual (very high airspeed, very little climb), but more detailed data is in the hands of investigators.
The MCAS system simply augments the normal pitch trim system. A failure or "uncommanded pitch down" from the MCAS is handled like "runaway trim" on the 737, an emergency that (in the US at least) >every< crew member must see and master in the sim before being certified to fly the aircraft. In retrospect, most people now believe that crews should have been explicitly told about the MCAS system and trained in its functions. But, fundamentally, uncommanded nose-down trim caused by the MCAS "looks" the same as the same situation that can be caused for several other reasons, and corrective actions are the same.
Boeing is modifying the system, maybe it will compare the AoA data or use some other tricks. IMO, it would be much better to leave it slaved to a single AoA sensor and then alert the crew if there is a difference between the AoA sensors and let them solve it (select the other AoA sensor, disconnect the MCAS, etc). Automation is great, but Boeing's philosophy has always been to provide the crew the information and means to fly the plane if automation fails. I hope they'll continue doing that.