Naval Reactor success ...

rk wrote:

I contend that 1. above is practical and can be realized and
demonstrated although designwise it is more difficult.
Additionally, 2. above is highly dependent on having the correct
statistics and a perfect model. This is easier designwise but an
accurate number is *much* harder to compute practically and is
extremely sensitive to a small error in a complex analysis.

Is the "perfect model" even obtainable in relation to spacecraft? It
would require such a complete understanding of each of the system's
elements (right down to the last rivet), and all of their interactions
under all possible circumstances that it sounds like the statistical
equivalent of Heisenberg's uncertainty principle; particularly when the
effects of aging on the system and human interaction with it are added
in as factors.
And that human aspect can be a real wild card; such as was the case in
the the recent screw-up where one Lockheed Martin ground crew team
unbolted the NOAA-N satellite from it's tip cart....and didn't tell
anyone they had done it- followed by the other ground crew team's
failure to notice that it wasn't bolted down, and it's crashing to the
floor http://www.spaceref.com/news/viewsr.html?pid=10299

Pat

http://www.spaceref.com/news/viewsr.html?pid=10299

I recently had a talk with some Apollo software engineers about
that. How does one protect against all possible humanoid
interactions?

In most devices you'd have an interlock which would prevent the turn
over cart from tilting up with the bolts (or equivalent) removed.

If something like that would be too complex, a simpler fix might be
along the lines of having the bolts be visible from the controls of
the tilt-up mechanism (with a big visible head on the bolts or some
such if need be).

Usually if a process is error-prone, there is something about the
process which can be fixed to make it less so. And often a sufficient
fix can be pretty simple.

http://66.113.195.245/richcontent/so...ac_updated.pdf

Well that is a case in which everyone involved knew - or should have
known - that the thing was flaky. It's a bit more of a global
management issue than a single error-prone step like the one which led
to dropping NOAA-N. I guess it is analogous to Columbia and
Challenger in that way, although it was more blatant in terms of the
problems being obvious beforehand.

Jim Kingdon wrote:

In most devices you'd have an interlock which would prevent the turn
over cart from tilting up with the bolts (or equivalent) removed.

Of course these are small production run devices, and probably almost
custom hand made. One doesn't expect all the safety devices that such a
device would have had if it had been a mass produced item (such as the
safety interlock you mentioned) but one would have expected someone to
have stuck a sheet of paper on the control panel that said "We have
taken the bolts out of this one for ours- don't tilt it until you get
the bolts back." That would have been common sense on the part of the
team who took the bolts.


If something like that would be too complex, a simpler fix might be
along the lines of having the bolts be visible from the controls of
the tilt-up mechanism (with a big visible head on the bolts or some
such if need be).


I don't really fault the guys who tilted it; they would have assumed
that the bolts were in place, just like when you walk out to your car,
you don't peek under the hubcaps to make sure all the lug nuts are still
on the wheels; if they were there yesterday, you assume they are still
there.


Usually if a process is error-prone, there is something about the
process which can be fixed to make it less so. And often a sufficient
fix can be pretty simple.


I'm pretty sure that the NOAA-N story will become a legend at Lockheed
Martin, as will the fate of the former employee who led the team that
took the bolts.

Pat

On or about Sun, 14 Sep 2003 17:25:20 CST, Pat Flannery
made the sensational claim that:
I'm pretty sure that the NOAA-N story will become a legend at Lockheed
Martin, as will the fate of the former employee who led the team that
took the bolts.

It wouldn't surprise me if the paperwork is already in work for his promotion
to vice-president.
--
This is a siggy | To E-mail, do note | This space is for rent
It's properly formatted | who you mean to reply-to | Inquire within if you
No person, none, care | and it will reach me | Would like your ad here

LooseChanj wrote:



I'm pretty sure that the NOAA-N story will become a legend at Lockheed
Martin, as will the fate of the former employee who led the team that
took the bolts.



It wouldn't surprise me if the paperwork is already in work for his promotion
to vice-president.


Of Lockheed Martin....or the U.S.? :-)

Pat

On or about 15 Sep 2003 03:10:01 GMT, Pat Flannery
made the sensational claim that:
LooseChanj wrote:
It wouldn't surprise me if the paperwork is already in work for his promotion
to vice-president.


Of Lockheed Martin....or the U.S.? :-)

LM, of course. And I'm only half joking. Dilbert's creator has talked about
this sort of thing. Manager makes big screwup, gets promoted. The bigger the
screwup, the bigger the promotion. The reasoning is we all learn from our
mistakes, so collosal mistakes must have a *huge* lesson learned, meaning the
dolt must now be far wiser than before. Plus it's a good idea just to get him
into a position where he can't do any damage.

Of the US, hmm. No, just can't see it. Maybe if people had died. But even
then, he has a space background, so he's just a geek who'd have a better chance
being elected King of a Star Trek convention. Besides, I don't think Cheney is
quite ready to relinquish the reins of power just yet. Still a few countries
out there to deal with, and big dollar contracts to be awarded to companies in
which Cheney & friends own stock in exchange for "rebuilding" them.

It's all moot anyhow, the robots will be taking over circa 2030, see
http://marshallbrain.com/manna1.htm for details.

Just to be a tad on topic, I've heard KSC's Chief Counsel was escorted off the
center recently[1]. KSC's logistics director was fired recently as well, having
a history of temper problems for which he'd been sent to charm school[2]. KSC's
safety director seems to have actually retired of his own free will. Seems his
wife is going blind, and he wants to spend more time with her.

Next week: Who's "launching" who!

[1] He may be getting reinstated, I'm not sure.
[2] Seriously. He must have been stress free tho', seems he tried to strangle
someone in a meeting once!
--
This is a siggy | To E-mail, do note | This space is for rent
It's properly formatted | who you mean to reply-to | Inquire within if you
No person, none, care | and it will reach me | Would like your ad here

LooseChanj wrote:

Besides, I don't think Cheney is
quite ready to relinquish the reins of power just yet. Still a few countries
out there to deal with, and big dollar contracts to be awarded to companies in
which Cheney & friends own stock in exchange for "rebuilding" them.

No one has yet seen Dubya talking while Cheney was drinking a glass of
water. But we must remember Dubya's good side...in the recent Discovery
Channel presentation about his actions on 9/11, he was seen holding a
little boy whose father was one of the firefighters killed during the
Twin Towers collapse, and autographing a picture of the grieving lad's
father.... before returning it to him, with instructions that the child
should show it to his dad when they next met, and his father would then
believe that his son had really met the President of the U.S....what
made the moment so heartwarming is that both the President and the boy
knew that the father was dead. Which leaves one wondering when and where
exactly the happy reunion is going to occur- I would imagine around
2015, with the son showing up in his Mideastern mud and American blood
spattered uniform.
But as the President stated about the encounter: "Where others see
tears, I see opportunities..."
I couldn't have said it better myself....



[2] Seriously. He must have been stress free tho', seems he tried to strangle
someone in a meeting once!


Where was he when Goldin was in charge? I would have bought him some of
those spring handgrip exercisers.

Pat

rk wrote:
Pat Flannery wrote:


And that human aspect can be a real wild card; such as
was the case in the the recent screw-up where one Lockheed
Martin ground crew team unbolted the NOAA-N satellite from it's
tip cart....and didn't tell anyone they had done it- followed
by the other ground crew team's failure to notice that it
wasn't bolted down, and it's crashing to the floor
http://www.spaceref.com/news/viewsr.html?pid=10299


I recently had a talk with some Apollo software engineers about
that. How does one protect against all possible humanoid
interactions? Particularly with limited computational capability
and memory? You can't and in one instance a program did overwrite
memory that was intended, from an operator error.



From a design standpoint, you engineer the thing to be as idiot proof
as possible (interlocks, redundancies, etc.). When operations are
conducted or maintenance is being performed, it is still possible for
the thing in question (reactor, submarine, shuttle) to go outside its
established limits, in which case you need alarms & warnings. Beyond
that, the last resort for protection is operator training and proper use
of well-written procedures.

In the NOAA satellite drop, apparently there was no requirement (or it
wasn't followed), to install a Lockout-Tagout on the lift when the bolts
were removed. This should have been obvious, but my guess is that there
was an element of complacency or "that's not how we've done things in
the past".

Oh, and the really final last resort for critical systems where even a
trained operator may not follow the procedure correctly, is to have two
operators perform the procedure; or have an independent verification of
an equipment lineup, or something along these lines. That's what's done
when calculating where a reactor goes critical upon startup or when
working on submarine seawater piping.

I think in the NASA community, there is some attempt at this (viz ISO
900X), but it is either not rigorous enough or standardized across the
centers.

stmx3 wrote:



In the NOAA satellite drop, apparently there was no requirement (or it
wasn't followed), to install a Lockout-Tagout on the lift when the
bolts were removed. This should have been obvious, but my guess is
that there was an element of complacency or "that's not how we've done
things in the past".


There is also the mystery of why Lockheed Martin apparently couldn't
afford a complete set of bolts for each of the turn over carts, so that
one team felt it necessary to abscond with the other team's bolts. That
is somewhat difficult to fathom; but I'm sure there is a very involved
bureaucratic reason for the situation- "Requisition bolts? Do you have
any idea of the paperwork involved? The Congress is always getting down
on us about launch costs- by using just on set of mil spec bolts we save
the taxpayer hundreds of dollars! We'll just put them back on NOAA-N
when we're done; they don't even need to know that we took them..."
That may sound like a bad joke, but I bet the truth comes out pretty
close to that in the end.



Oh, and the really final last resort for critical systems where even a
trained operator may not follow the procedure correctly, is to have
two operators perform the procedure; or have an independent
verification of an equipment lineup, or something along these lines.
That's what's done when calculating where a reactor goes critical upon
startup or when working on submarine seawater piping.

I think in the NASA community, there is some attempt at this (viz ISO
900X), but it is either not rigorous enough or standardized across the
centers.


This is probably one of those things that got removed in the interests
of downsizing NASA's human infrastructure in the quest for privatization
of the workforce and economic efficiency.

Pat

On 15 Sep 2003 17:15:19 GMT, in a place far, far away, stmx3
made the phosphor on my monitor glow in
such a way as to indicate that:

From a design standpoint, you engineer the thing to be as idiot proof
as possible (interlocks, redundancies, etc.).

Of course, as von Braun pointed out, you can't make something
completely idiot proof--idiots are too ingenious...

--
simberg.interglobal.org * 310 372-7963 (CA) 307 739-1296 (Jackson Hole)
interglobal space lines * 307 733-1715 (Fax) http://www.interglobal.org

"Extraordinary launch vehicles require extraordinary markets..."
Swap the first . and @ and throw out the ".trash" to email me.
Here's my email address for autospammers: