|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
Naval Reactor success ...
rk wrote: I contend that 1. above is practical and can be realized and demonstrated although designwise it is more difficult. Additionally, 2. above is highly dependent on having the correct statistics and a perfect model. This is easier designwise but an accurate number is *much* harder to compute practically and is extremely sensitive to a small error in a complex analysis. Is the "perfect model" even obtainable in relation to spacecraft? It would require such a complete understanding of each of the system's elements (right down to the last rivet), and all of their interactions under all possible circumstances that it sounds like the statistical equivalent of Heisenberg's uncertainty principle; particularly when the effects of aging on the system and human interaction with it are added in as factors. And that human aspect can be a real wild card; such as was the case in the the recent screw-up where one Lockheed Martin ground crew team unbolted the NOAA-N satellite from it's tip cart....and didn't tell anyone they had done it- followed by the other ground crew team's failure to notice that it wasn't bolted down, and it's crashing to the floor http://www.spaceref.com/news/viewsr.html?pid=10299 Pat |
#2
|
|||
|
|||
Naval Reactor success ...
http://www.spaceref.com/news/viewsr.html?pid=10299
I recently had a talk with some Apollo software engineers about that. How does one protect against all possible humanoid interactions? In most devices you'd have an interlock which would prevent the turn over cart from tilting up with the bolts (or equivalent) removed. If something like that would be too complex, a simpler fix might be along the lines of having the bolts be visible from the controls of the tilt-up mechanism (with a big visible head on the bolts or some such if need be). Usually if a process is error-prone, there is something about the process which can be fixed to make it less so. And often a sufficient fix can be pretty simple. http://66.113.195.245/richcontent/so...ac_updated.pdf Well that is a case in which everyone involved knew - or should have known - that the thing was flaky. It's a bit more of a global management issue than a single error-prone step like the one which led to dropping NOAA-N. I guess it is analogous to Columbia and Challenger in that way, although it was more blatant in terms of the problems being obvious beforehand. |
#3
|
|||
|
|||
Naval Reactor success ...
Jim Kingdon wrote: In most devices you'd have an interlock which would prevent the turn over cart from tilting up with the bolts (or equivalent) removed. Of course these are small production run devices, and probably almost custom hand made. One doesn't expect all the safety devices that such a device would have had if it had been a mass produced item (such as the safety interlock you mentioned) but one would have expected someone to have stuck a sheet of paper on the control panel that said "We have taken the bolts out of this one for ours- don't tilt it until you get the bolts back." That would have been common sense on the part of the team who took the bolts. If something like that would be too complex, a simpler fix might be along the lines of having the bolts be visible from the controls of the tilt-up mechanism (with a big visible head on the bolts or some such if need be). I don't really fault the guys who tilted it; they would have assumed that the bolts were in place, just like when you walk out to your car, you don't peek under the hubcaps to make sure all the lug nuts are still on the wheels; if they were there yesterday, you assume they are still there. Usually if a process is error-prone, there is something about the process which can be fixed to make it less so. And often a sufficient fix can be pretty simple. I'm pretty sure that the NOAA-N story will become a legend at Lockheed Martin, as will the fate of the former employee who led the team that took the bolts. Pat |
#4
|
|||
|
|||
Naval Reactor success ...
On or about Sun, 14 Sep 2003 17:25:20 CST, Pat Flannery
made the sensational claim that: I'm pretty sure that the NOAA-N story will become a legend at Lockheed Martin, as will the fate of the former employee who led the team that took the bolts. It wouldn't surprise me if the paperwork is already in work for his promotion to vice-president. -- This is a siggy | To E-mail, do note | This space is for rent It's properly formatted | who you mean to reply-to | Inquire within if you No person, none, care | and it will reach me | Would like your ad here |
#5
|
|||
|
|||
Naval Reactor success ...
LooseChanj wrote: I'm pretty sure that the NOAA-N story will become a legend at Lockheed Martin, as will the fate of the former employee who led the team that took the bolts. It wouldn't surprise me if the paperwork is already in work for his promotion to vice-president. Of Lockheed Martin....or the U.S.? :-) Pat |
#6
|
|||
|
|||
Naval Reactor success ...
On or about 15 Sep 2003 03:10:01 GMT, Pat Flannery
made the sensational claim that: LooseChanj wrote: It wouldn't surprise me if the paperwork is already in work for his promotion to vice-president. Of Lockheed Martin....or the U.S.? :-) LM, of course. And I'm only half joking. Dilbert's creator has talked about this sort of thing. Manager makes big screwup, gets promoted. The bigger the screwup, the bigger the promotion. The reasoning is we all learn from our mistakes, so collosal mistakes must have a *huge* lesson learned, meaning the dolt must now be far wiser than before. Plus it's a good idea just to get him into a position where he can't do any damage. Of the US, hmm. No, just can't see it. Maybe if people had died. But even then, he has a space background, so he's just a geek who'd have a better chance being elected King of a Star Trek convention. Besides, I don't think Cheney is quite ready to relinquish the reins of power just yet. Still a few countries out there to deal with, and big dollar contracts to be awarded to companies in which Cheney & friends own stock in exchange for "rebuilding" them. It's all moot anyhow, the robots will be taking over circa 2030, see http://marshallbrain.com/manna1.htm for details. Just to be a tad on topic, I've heard KSC's Chief Counsel was escorted off the center recently[1]. KSC's logistics director was fired recently as well, having a history of temper problems for which he'd been sent to charm school[2]. KSC's safety director seems to have actually retired of his own free will. Seems his wife is going blind, and he wants to spend more time with her. Next week: Who's "launching" who! [1] He may be getting reinstated, I'm not sure. [2] Seriously. He must have been stress free tho', seems he tried to strangle someone in a meeting once! -- This is a siggy | To E-mail, do note | This space is for rent It's properly formatted | who you mean to reply-to | Inquire within if you No person, none, care | and it will reach me | Would like your ad here |
#7
|
|||
|
|||
Naval Reactor success ...
LooseChanj wrote: Besides, I don't think Cheney is quite ready to relinquish the reins of power just yet. Still a few countries out there to deal with, and big dollar contracts to be awarded to companies in which Cheney & friends own stock in exchange for "rebuilding" them. No one has yet seen Dubya talking while Cheney was drinking a glass of water. But we must remember Dubya's good side...in the recent Discovery Channel presentation about his actions on 9/11, he was seen holding a little boy whose father was one of the firefighters killed during the Twin Towers collapse, and autographing a picture of the grieving lad's father.... before returning it to him, with instructions that the child should show it to his dad when they next met, and his father would then believe that his son had really met the President of the U.S....what made the moment so heartwarming is that both the President and the boy knew that the father was dead. Which leaves one wondering when and where exactly the happy reunion is going to occur- I would imagine around 2015, with the son showing up in his Mideastern mud and American blood spattered uniform. But as the President stated about the encounter: "Where others see tears, I see opportunities..." I couldn't have said it better myself.... [2] Seriously. He must have been stress free tho', seems he tried to strangle someone in a meeting once! Where was he when Goldin was in charge? I would have bought him some of those spring handgrip exercisers. Pat |
#8
|
|||
|
|||
Naval Reactor success ...
rk wrote:
Pat Flannery wrote: And that human aspect can be a real wild card; such as was the case in the the recent screw-up where one Lockheed Martin ground crew team unbolted the NOAA-N satellite from it's tip cart....and didn't tell anyone they had done it- followed by the other ground crew team's failure to notice that it wasn't bolted down, and it's crashing to the floor http://www.spaceref.com/news/viewsr.html?pid=10299 I recently had a talk with some Apollo software engineers about that. How does one protect against all possible humanoid interactions? Particularly with limited computational capability and memory? You can't and in one instance a program did overwrite memory that was intended, from an operator error. From a design standpoint, you engineer the thing to be as idiot proof as possible (interlocks, redundancies, etc.). When operations are conducted or maintenance is being performed, it is still possible for the thing in question (reactor, submarine, shuttle) to go outside its established limits, in which case you need alarms & warnings. Beyond that, the last resort for protection is operator training and proper use of well-written procedures. In the NOAA satellite drop, apparently there was no requirement (or it wasn't followed), to install a Lockout-Tagout on the lift when the bolts were removed. This should have been obvious, but my guess is that there was an element of complacency or "that's not how we've done things in the past". Oh, and the really final last resort for critical systems where even a trained operator may not follow the procedure correctly, is to have two operators perform the procedure; or have an independent verification of an equipment lineup, or something along these lines. That's what's done when calculating where a reactor goes critical upon startup or when working on submarine seawater piping. I think in the NASA community, there is some attempt at this (viz ISO 900X), but it is either not rigorous enough or standardized across the centers. |
#9
|
|||
|
|||
Naval Reactor success ...
stmx3 wrote: In the NOAA satellite drop, apparently there was no requirement (or it wasn't followed), to install a Lockout-Tagout on the lift when the bolts were removed. This should have been obvious, but my guess is that there was an element of complacency or "that's not how we've done things in the past". There is also the mystery of why Lockheed Martin apparently couldn't afford a complete set of bolts for each of the turn over carts, so that one team felt it necessary to abscond with the other team's bolts. That is somewhat difficult to fathom; but I'm sure there is a very involved bureaucratic reason for the situation- "Requisition bolts? Do you have any idea of the paperwork involved? The Congress is always getting down on us about launch costs- by using just on set of mil spec bolts we save the taxpayer hundreds of dollars! We'll just put them back on NOAA-N when we're done; they don't even need to know that we took them..." That may sound like a bad joke, but I bet the truth comes out pretty close to that in the end. Oh, and the really final last resort for critical systems where even a trained operator may not follow the procedure correctly, is to have two operators perform the procedure; or have an independent verification of an equipment lineup, or something along these lines. That's what's done when calculating where a reactor goes critical upon startup or when working on submarine seawater piping. I think in the NASA community, there is some attempt at this (viz ISO 900X), but it is either not rigorous enough or standardized across the centers. This is probably one of those things that got removed in the interests of downsizing NASA's human infrastructure in the quest for privatization of the workforce and economic efficiency. Pat |
#10
|
|||
|
|||
Naval Reactor success ...
On 15 Sep 2003 17:15:19 GMT, in a place far, far away, stmx3
made the phosphor on my monitor glow in such a way as to indicate that: From a design standpoint, you engineer the thing to be as idiot proof as possible (interlocks, redundancies, etc.). Of course, as von Braun pointed out, you can't make something completely idiot proof--idiots are too ingenious... -- simberg.interglobal.org * 310 372-7963 (CA) 307 739-1296 (Jackson Hole) interglobal space lines * 307 733-1715 (Fax) http://www.interglobal.org "Extraordinary launch vehicles require extraordinary markets..." Swap the first . and @ and throw out the ".trash" to email me. Here's my email address for autospammers: |
Thread Tools | |
Display Modes | |
|
|