Wayne Hale is going to republish some of his blog posts leading up to this year’s anniversaries (it will be the twentieth anniversary of the loss of Columbia).
I left a comment over there. Perrow was right.
Wayne Hale is going to republish some of his blog posts leading up to this year’s anniversaries (it will be the twentieth anniversary of the loss of Columbia).
I left a comment over there. Perrow was right.
Comments are closed.
Glad to see Wayne reposting them – unedited. He is a national treasure.
I left a rambling comment there, as well, from an encounter I had with someone who had the most serious real live experience with shuttle – and dealt with both sides of the safety issue with a courage that seems uncommon today.
I have no doubt Wayne did great work as a mid-level bureaucrat at NASA all those years. But one only need read Dr. Richard Feynman’s minority report on the Challenger accident to see where NASA’s problems arise. I’ll give you a hint; Wayne was not part of the cure.
I think Perrow has a point. I’m not sure I agree with “all” complex, tightly coupled technical systems will fail, but the odds are high. My problems with STS-107 is less that a fatal failure occurred, but the poor decision making that happened after that failure was identified and before it became fatal.
It’s now just that they fail, it’s how the system is designed to deal with the inevitable failure. Failing gracefully has to be designed into the system. You have to account for systemic weaknesses of the meatbags who operates the things and include a tolerance for it.
Look a modern airliners. How frequently do they crash per passenger mile now vs 40 years ago? Big, HUGE, improvement. What changed and how? I bet a lot of those lessons learned can be applied to space flight too.
Not just that they fail…
Another thought on the inevitability of failure in a complex system:
I would look at the history of complex software for analogies and counter-arguments.
From the complexity perspective of early assembly language and unstructured programming, the software we use today is unimaginably complicated and programmers and managers back then would’ve predicted that it would take a million years and a million programmers to debug the code that we happily run all day long.
The code interfaces, practices, methods, and tools became rigorous, regularized, and well defined, instead of ad hoc. Musk seems to understand this as an engineering concept, along with the dangers of feature creep.
NASA still seems to be in the mindset of “If there’s problems, just throw more programmers at it.”
Yep. It’s not the complexity of the system, it’s how close it’s being pushed to failure, how well understood the boundaries are, and how redundant and fault-tolerant it is.
Jet engines are operated not far below their maximum RPM’s and engine temperatures for thousands and thousands of hours, whereas a rocket engine only needs to hold together for a few minutes. So rocket engines traditionally only had to be designed to only hold together for a few multiples of a launch duration, if even that. The same might apply to lots of other components.
And then there’s the idea that an engine failure on an aircraft shouldn’t automatically cause a disaster. The blades have to be contained. A fire has to be controlled or limited in the damage it can cause. The aircraft has to be flyable with an engine out. And of course it can make an emergency landing.
That latter idea is a possibility that’s opening up with advances SpaceX has made. Now that they’ve mastered powered return, re-entry, hover, and landing, they could go ahead and make a return-to-launch site the normal abort mode. As they focus on maximum re-usability, their designs will shift further from the margin of failure. Their airframes will be designed for thousands of flights, not just one like an expendable booster.
They’ll keeping adding digits to their reliability numbers, and something like the Shuttle, with non-redundant critical systems like SRBs, will likely never be seriously attempted again – except by NASA because someone has to keep Thiokol in business.
Notice how history has forgotten Linda Ham?
Several years ago I asked Hale about Ham and he seemed a bit offended that I even brought it up. But of course he’s not going to badmouth one of his colleagues, a person he probably considers a family member in a way, on a blog.
When you think about it, Starship/Super Heavy is really a giant gas stove. I hope the Consumer Product Safety Commission bans it for sake of the children.