>
>It is not possible, in the theoretical sense, to make complex systems
>perfectly safe. Complexity itself is intractable. If you're implying that
>we should fly only systems that can

I agree about this. But for MANNED flight enoiugh safety has to be designed
from day 1 to cover the most likely most dangerous failure modes.

Sadly the lack of crew boost escape was a major error.

Also the entire vehicle must be completely tested. The shuttle to save $ didnt
get all this testing.

If it had the o rings and RCC might have been noticed and fixed.

"Hallerb" > wrote in message
...
|
| I agree about this. But for MANNED flight enoiugh safety has to
| be designed from day 1 to cover the most likely most dangerous
| failure modes.

I'm talking about manned flight. Complexity is inherently unmanageable.
Manned space flight is orders of magnitude more complex than unmanned
flight, and therefore orders of magnitude less inherently manageable (in
terms of ensuring both efficient and reliable operation). You can never
achieve total reliability, or even total understanding of the applicable
problems in systems of sufficient complexity.

| Sadly the lack of crew boost escape was a major error.

It was not an "error". It was a trade-off. The ability to credibly
navigate such trade-offs is what separates engineers from laymen. Pundits
today talk about the short-sightedness of the shuttle's designers, but they
fail to realize that engineering is not about creating technology, it's
about creating technology WITHIN THE GIVEN CONSTRAINTS. Cost, development
time, available materials, projected life-span, expected reliability --
these are just some of the many constraints engineers must work on.

Granted, there were some unattractive trade-offs in the shuttle design. I'm
not saying the shuttle design is perfect. I'm saying that you can't
criticize the design decisions without understanding the constraints, nor
can you credibly lament the fact that constraints exist.

Would you like to have a car that got 100 miles per gallon and would keep
you alive in crashes up to 70 miles per hour? We can give that to you, but
would you be willing to pay $1,500,000 for it? Rather than produce
perfectly safe, wonderfully efficient cars that no one can afford, we
produce cars in a range of compromises between features and affordability.
There is a constraint that cars have to be affordable to the majority of the
general public. That limits what engineering can go into them.

It's not a linear scale. As I said, complexity is inherently unmanageable.
You cannot ever achieve 100% reliability. So let's say you spend $100
billion and achieve 98% reliability. That seems reasonable, but since we're
talking about human life we want a bit more than that. So we push it to 99%
reliability. That additional 1% of reliability is not going to cost just 1%
more of the budget. You won't get it for a grand total of $101 billion.
That 1% might cost you an additional $10 billion. And let's say you want
another "nine" to bring your reliability up to 99.9%. That additional
nine-tenths of a percent is likely to cost you ANOTHER $100 billion. The
more "nines" you want, the more each "nine" costs, and you'll never have
100% no matter how much you spend.

At a certain point you realize that it's more than you want to pay. (Money
here is an abstraction of all the requirements needed to build the thing.)
So it becomes an issue of doing it somewhat recklessly versus doing it AT
ALL. The public has to be made aware that failure is in the NATURE of a
complex system and cannot be compensated for by skilled operation. The more
money you throw at reliability, the more reliability you will get -- but not
according to the schedule most people would anticipate.

| Also the entire vehicle must be completely tested. The shuttle
| to save $ didnt get all this testing.

No. It is not possible to exhaustively test a complex system, for the same
reason it is not possible to reliably control or predict one. It is true
that operation reliability is proportional to the degree of testing, but it
is not true that reliability can be ENSURED via testing.

Above you said that we should chase after the "most dangerous failure
modes," and that's correct. But the judgment as to what constitutes a
dangerous failure mode is subject to error -- and not the kind of error that
results from incompetence or neglect. A fundamental property of complex
systems is that they generally cannot be fully COMPREHENDED by a single
individual or small group. The operators of complex systems like power
plants or space craft have to deal with observations that cannot necessarily
be fit to a manageable set of pre-existing scenarious.

Vagaries aside, the RCC panels caught the world's best engineers by
surprise. They were assumed to be naturally stronger than the ceramic
tiles. Based on all available engineering knowledge at the time, this was a
perfectly defensible judgment. Thus the focus of testing was on the tiles.
They tested the tiles under the assumption that whatever the tiles could
withstand would also be withstood by the RCC panels. This is how you test
in the face of the literal impossibility of exhaustive testing. If you
"know" these qualitative relationships, you use them to formulate expected
failure modes and test those.

And nobody could have tested ahead of time what happens to RCC panels after
27 cycles of aerodynamic, structural, and thermal loading. Understanding
how materials fatigue has no shortcut. 20 years later we're still writing
the manual on how to operate a space shuttle. That's just how this sort of
engineering works. There is no engineering solution that assures reliable,
safe, affordable operation.

--
|
The universe is not required to conform | Jay Windley
to the expectations of the ignorant. | webmaster @ clavius.org

>
>I'm talking about manned flight. Complexity is inherently unmanageable.
>Manned space flight is orders of magnitude more complex than unmanned
>flight, and therefore orders of magnitude less inherently

Thats why its important to have some backup capacty. In this case Atlantis on
the pad reay for launch might have been useful.

NASA should at minimum have a fast launch to orbit cargo capacity. Being able
to launch emergency supplies, tools or a power capsule to the shuttle or ISS is
critical.

Ignoring this were going to look careless and foolhardy if another problem
occurs.


Congressman. So we have permanetely lost ISS. The crew got back safely but the
station isnt recoverable, and will deorbit uncontrolled within the next 6
months. It may cause injuries or death depending n where it disengrates and
hits the ground.

Now Mr O Keefe your telling me this could of been prevented? But the spare
parts werent available on the station and we lacked any ability to get cargo to
the station in a emergency?

Yes congressman Russia had just launched a progress and no more were available
for 3 months.

After columbia why wasnt this corrected.

Well ahh my congressman {clear throat) We felt it was a unneded expense.

THIS COULD EASILY BE A DISCUSSION OF A ORBITER OR STATION.


>The public has to be made aware that failure is in the NATURE of a
>complex system and cannot be compensated for by skilled operation. The more
>money you throw at reliability, the more reliability you will get -- but not
>according to the schedule most people would anticipate.
>

Thats why from now oin after every flight nasa shuld release a list of all
safety problems and not only what they might have caused but whats being done
about them. Media shouldnt have to get freedom of informations for these.


>| Also the entire vehicle must be completely tested. The shuttle
>| to save $ didnt get all this testing.
>
>No. It is not possible to exhaustively test a complex system, for the same
>reason it is not possible to reliably control or predict one. It is true
>that operation reliability is proportional to the degree of testing, but it
>is not true that reliability can be ENSURED via testing.
>
>Above you said that we should chase after the "most dangerous failure
>modes," and that's correct. But the judgment as to what constitutes a
>dangerous failure mode is subject to error -- and not the kind of error that
>results from incompetence or neglect. A fundamental property of complex
>systems is that they generally cannot be fully COMPREHENDED by a single
>individual or small group. The operators of complex systems like power
>plants or space craft have to deal with observations that cannot necessarily
>be fit to a manageable set of pre-existing scenarious.
>
>Vagaries aside, the RCC panels caught the world's best engineers by
>surprise. They were assumed to be naturally stronger than the ceramic
>tiles. Based on all available engineering knowledge at the time, this was a
>perfectly defensible judgment. Thus the focus of testing was on the tiles.

AGREED. But NOW we know those RCCs are very fragile and it appears one came off
and floated away:( Yet posters here say FLY! No redesign needed.

Given how fragile they are a redesign is needed since the foam adhesion will
never be 100%.

>They tested the tiles under the assumption that whatever the tiles could
>withstand would also be withstood by the RCC panels. This is how you test
>in the face of the literal impossibility of exhaustive testing. If you
>"know" these qualitative relationships, you use them to formulate expected
>failure modes and test those.
>
>And nobody could have tested ahead of time what happens to RCC panels after
>27 cycles of aerodynamic, structural, and thermal loading. Understanding
>how materials fatigue has no shortcut. 20 years later we're still writing
>the manual on how to operate a space shuttle. That's just how this sort of
>engineering works. There is no engineering solution that assures reliable,
>safe, affordable operation.
>
>--

We need to look at all the likely problems and build some redundancy in the
SYSTEM.

Fast cargo to orbit, personal deorbit capacity ( moose ) Extra shuttl;e on pad
less fuel. All this and more for the NEXT unanticipated faiilure

"Hallerb" > wrote in message
...
> NASA should at minimum have a fast launch to orbit cargo capacity.

Fine. Write a check.

*Still* waiting for you to provide verifiable references for hard data that
supports your contention that things *would have* turned out different for
Columbia if the meetings you claim should have been held had actually been
held.
--
If you have had problems with Illinois Student Assistance Commission (ISAC),
please contact shredder at bellsouth dot net. There may be a class-action
lawsuit
in the works.

On Fri, 1 Aug 2003 22:46:56 -0400, "Scott Hedrick"
> wrote:

>*Still* waiting for you to provide verifiable references for hard data that
>supports your contention that things *would have* turned out different for
>Columbia if the meetings you claim should have been held had actually been
>held.

....I can see it now: Scott Hedrick's new book, _Waiting on Haller_.
Godot has nothing on good ol' Bob.


OM

--

"No ******* ever won a war by dying for | http://www.io.com/~o_m
his country. He won it by making the other | Sergeant-At-Arms
poor dumb ******* die for his country." | Human O-Ring Society

- General George S. Patton, Jr

>
>> NASA should at minimum have a fast launch to orbit cargo capacity.
>
>Fine. Write a check.
>

Ahh just what will you say if the lack of a key part to ISS takes out the
station and its permanetely lost?

Or a stranded shuttle is sent on a death plunge with crew onboard into the
pacific, or a shuttle dies slowly and later comes down on someones head?

All for the lack of quick parts to orbit capability?

"Jay Windley" > wrote:

>Would you like to have a car that got 100 miles per gallon and would keep
>you alive in crashes up to 70 miles per hour? We can give that to you, but
>would you be willing to pay $1,500,000 for it? Rather than produce
>perfectly safe, wonderfully efficient cars that no one can afford, we
>produce cars in a range of compromises between features and affordability.
>There is a constraint that cars have to be affordable to the majority of the
>general public. That limits what engineering can go into them.

And automobiles have an advantage that the Shuttle, in fact almost any
reusable booster, can never have. To wit; Development costs can be
amortized over dozens of years of production and thousands (if not
tens of thousands) of individual units.

OTOH, this advantage does come at a cost; anything that goes into the
automobile must be amenable to mass production.

D.
--
The STS-107 Columbia Loss FAQ can be found
at the following URLs:

Text-Only Version:
http://www.io.com/~o_m/columbia_loss_faq.html

Enhanced HTML Version:
http://www.io.com/~o_m/columbia_loss_faq_x.html

Corrections, comments, and additions should be
e-mailed to , as well as posted to
sci.space.history and sci.space.shuttle for
discussion.

On Sat, 02 Aug 2003 19:00:58 GMT, (Derek Lyons)
wrote:

>OTOH, this advantage does come at a cost; anything that goes into the
>automobile must be amenable to mass production.

....and/or have a reasonable chance of being repaired by the owner
using duct tape, bailing wire and/or cyanocryolate.


OM

--

"No ******* ever won a war by dying for | http://www.io.com/~o_m
his country. He won it by making the other | Sergeant-At-Arms
poor dumb ******* die for his country." | Human O-Ring Society

- General George S. Patton, Jr

In article >, "Scott
Hedrick" > wrote:

> "Hallerb" > wrote in message
> ...
> > >
> > >> NASA should at minimum have a fast launch to orbit cargo capacity.
> > >
> > >Fine. Write a check.
> > >
> >
> > Ahh just what will you say if the lack of a key part to ISS takes out the
> > station and its permanetely lost?
>
> I'd say, "Damn I hate that."
>
> Which has nothing to do with answering my question...

But, anyway, back on-topic, I've always had this weird curiosity about
visiting the other Surveyor sites, or the Lunakhod sites, or especially
the impact sites of the Ranger probes, or -- especially fascinating,
somehow -- the impact sites of the jettisoned LMAS's or S-IVB's.

Collect samples of parts from the crashed stages -- after a thorough round
of in-situ fotos, of course -- and perhaps a photographic/video
investigation of impact damage to the environment and the vehicles, maybe
in the manner of examining an automobile or airplane test-crash.

Nothing at all to do with geology, mind you, but something that's always
fascinated me.

--
"All over, people changing their roles,
along with their overcoats;
if Adolf Hitler flew in today,
they'd send a limousine anyway!" --the clash.
__________________________________________________ _________________
Mike Flugennock, flugennock at sinkers dot org
Mike Flugennock's Mikey'zine, dubya dubya dubya dot sinkers dot org

>
>But, anyway, back on-topic, I've always had this weird curiosity about
>visiting the other Surveyor sites, or the Lunakhod sites, or especially
>the impact sites of the Ranger

Yeah lets go get some pieces of apollo 11s LM ascent stage!!!

>visiting the other Surveyor sites, or the Lunakhod sites, or especially
>the impact sites of the Ranger probes, or -- especially fascinating,
>somehow -- the impact sites of the jettisoned LMAS's or S-IVB's.

Would there be anything to see beyond a hole in the ground? Alot of writers
have said that a spacecraft hitting the moon at terminal velocity would be
"vaporized" on impact.

>
>Would there be anything to see beyond a hole in the ground? Alot of writers
>have said that a spacecraft hitting the moon at terminal velocity would be
>"vaporized" on impact.

No atmosphere to burn anything, just parts disassembled by impact. Could be
very interesting.

How much would you pay for a fragrement from apllo 11s LM ascent stage?

In message >, G EddieA95
> writes
>>visiting the other Surveyor sites, or the Lunakhod sites, or especially
>>the impact sites of the Ranger probes, or -- especially fascinating,
>>somehow -- the impact sites of the jettisoned LMAS's or S-IVB's.
>
>Would there be anything to see beyond a hole in the ground? Alot of writers
>have said that a spacecraft hitting the moon at terminal velocity would be
>"vaporized" on impact.

But isn't that the main point of looking? To examine an artificial
impact of precisely known mass, speed, and date? Debris would be a
considerable bonus, though.
--
"Roads in space for rockets to travel....four-dimensional roads, curving with
relativity"
Mail to jsilverlight AT merseia.fsnet.co.uk is welcome.
Or visit Jonathan's Space Site http://www.merseia.fsnet.co.uk

"Hallerb" > wrote in message
...
> Imagine the price of a piece thats been on the moon all these years...

All that means is that the current owner gets the benefit of the
appreciation. No different than any other collectable.
--
If you have had problems with Illinois Student Assistance Commission (ISAC),
please contact shredder at bellsouth dot net. There may be a class-action
lawsuit
in the works.

Jonathan Silverlight > wrote:

>In message >, G EddieA95
> writes
>>>visiting the other Surveyor sites, or the Lunakhod sites, or especially
>>>the impact sites of the Ranger probes, or -- especially fascinating,
>>>somehow -- the impact sites of the jettisoned LMAS's or S-IVB's.
>>
>>Would there be anything to see beyond a hole in the ground? Alot of writers
>>have said that a spacecraft hitting the moon at terminal velocity would be
>>"vaporized" on impact.
>
>But isn't that the main point of looking? To examine an artificial
>impact of precisely known mass, speed, and date?

But such an examination would have little scientific value, as the
impactor is wildly different from the typical distribution of cosmic
bodies.

D.
--
The STS-107 Columbia Loss FAQ can be found
at the following URLs:

Text-Only Version:
http://www.io.com/~o_m/columbia_loss_faq.html

Enhanced HTML Version:
http://www.io.com/~o_m/columbia_loss_faq_x.html

Corrections, comments, and additions should be
e-mailed to , as well as posted to
sci.space.history and sci.space.shuttle for
discussion.