In article ,
says...
God, I hope you never wind up in a safety critical job!

Safety clritical job needs to evaluate as many failure modes as
possible, not just focus on one you think is the answer.


Not if you're in charge of the Russian space program. Instead you
assign blame, start launching again even before the investigation
completes, and maybe, eventually, you'll actually announce the cause.
The last thing you do is "evaluate as many failure modes as possible"
because that would interfere with the launch schedule and make you look
bad to the higher ups. Some of those higher ups could make you
permanently disappear if you make Russia look bad.

Because of this, nothing ever truly gets "fixed" because the biggest
problem is cultural. This is evident in the data. Despite flying much
the same launch vehicles that have flown routinely since the 1960s (both
Soyuz and Proton), Russian launch vehicles fail a lot more than you'd
expect for such mature designs. This has resulted in international
commercial customers largely abandoning Russian launch vehicles in
recent years.

That's the bit that you seem to keep trying to hand-wave away. Who
really cares what *this* cause was when the culture largely ignores the
failure and most certainly doesn't look for all possible root causes?
The glaring evidence is that Russia doesn't even stop flying to do a
complete investigation. In this case, it was reported that the next
launch was delayed by one whole day! That extra day could not have
allowed for evaluating "as many failure modes as possible".

Russia has a safety culture based on shooting the messenger and
continuing to fly. It's the polar opposite of NASA's culture which
grounds everything for an indefinite amount of time and conducting a
wide open investigation into every last component of the vehicle, even
if it's completely unrelated to the incident.

Somewhere in the middle is a culture of continuous improvement where
workers are encouraged to come forward with safety concerns like, "Hey
boss, we accidentally bent this booster attachment pin with the crane,
so maybe we should ask the engineers if it's still o.k. to force it on
with a bunch of added lubricant?". While at the same time, this middle
ground for a failed launch would not result in the grounding of the
launch vehicle for years at a time (because if you're continuously
improving safety, you wouldn't accumulate the huge amount of "technical
debt" that was "uncovered" after Challenger).

Jeff
--
All opinions posted by me on Usenet News are mine, and mine alone.
These posts do not reflect the opinions of my family, friends,
employer, or any organization that I am a member of.