In article >, rk wrote:
> I read these numbers in USA Today, found them kind of surprising:
>
> The public accepts some risk that astronauts will die. Only
> 17% considered any shuttle accidents "unacceptable." Slightly
> fewer than half, 43%, said they would accept one accident
> every 100 flights; 32% said they would accept an accident
> every 50 missions or fewer. Two shuttles have crashed in
> 113 flights.
>
> This is much less risk adverse than I thought.

It's surprising to me, certainly...

Does anyone know, as a reference, if similar polls were carried out over
the past thirty, forty years? I'd be interested to see what the public
thought circa 1983 or 1968...

--
-Andrew Gray

rk > wrote:

>I read these numbers in USA Today, found them kind of surprising:
>
> The public accepts some risk that astronauts will die. Only
> 17% considered any shuttle accidents "unacceptable." Slightly
> fewer than half, 43%, said they would accept one accident
> every 100 flights; 32% said they would accept an accident
> every 50 missions or fewer. Two shuttles have crashed in
> 113 flights.
>
>This is much less risk adverse than I thought.

Problem is, they are risk averse in theory, but not so when confronted
with reality. (Same way folks are for cutting taxes, but not
services.)

D.
--
The STS-107 Columbia Loss FAQ can be found
at the following URLs:

Text-Only Version:
http://www.io.com/~o_m/columbia_loss_faq.html

Enhanced HTML Version:
http://www.io.com/~o_m/columbia_loss_faq_x.html

Corrections, comments, and additions should be
e-mailed to , as well as posted to
sci.space.history and sci.space.shuttle for
discussion.

Good to see you back Pat! By the way, I'll have a large pepperoni with
extra cheese. Make sure your delivery girl wears a thong please!

Gene

Gene DiGennaro wrote:

>Good to see you back Pat! By the way, I'll have a large pepperoni with
>extra cheese. Make sure your delivery girl wears a thong please!
>
>Gene
>
>
>
Only if she's wearing a blue dress with FBI seizable spots on it...by
the way, a friend and I ate a medium pepperoni with extra cheese, black
olives, onion, and green peppers on it around 8 hours ago...and Linda
Tripp didn't know a thing about it...to the best of my recollection at
least.

Patrick Clinton Flannery (no kidding...that's my real name)

rk > wrote:
>Personal opinion: I think that many people realize that it's risky
>business and will accept that. However, that gets turned around for
>mishaps that could have and perhaps should have been prevented.

>From the evidence in hand, it remains unclear whether Columbia could
have been prevented or mitigated. It possible in theory, but there is
nothing to make a clear call one way or the other. I await with
interest to see if the CAIB report is rational, or adopts the 'they
shoulda tried everything, anything' approach.

D.
--
The STS-107 Columbia Loss FAQ can be found
at the following URLs:

Text-Only Version:
http://www.io.com/~o_m/columbia_loss_faq.html

Enhanced HTML Version:
http://www.io.com/~o_m/columbia_loss_faq_x.html

Corrections, comments, and additions should be
e-mailed to , as well as posted to
sci.space.history and sci.space.shuttle for
discussion.

(Derek Lyons) wrote in
:

> rk > wrote:
>>Personal opinion: I think that many people realize that it's risky
>>business and will accept that. However, that gets turned around for
>>mishaps that could have and perhaps should have been prevented.
>
> From the evidence in hand, it remains unclear whether Columbia could
> have been prevented or mitigated. It possible in theory, but there is
> nothing to make a clear call one way or the other.

The decision-making process for the Columbia accident actually falls into
two phases: pre-flight and in-flight. This is distinct from the Challenger
accident where *all* the critical decisions were made pre-flight; post-SRB
ignition, nothing could have been done to save the Challenger crew.

With regard to the in-flight decision-making, I agree with you. Pre-flight,
I'm not so sure. There was a process by which the ET foam-shedding became
to be seen as a maintenance issue rather than a safety-of-flight issue. By
the time the current generation of managers was in place, it was an issue
that had been dealt with by their predecessors for a long time.

An argument could be made that the fleet should have been grounded after
STS-112, when it was discovered that foam had been shed from the ET bipod
ramp (for the first time in over a decade, IIRC). This would have required
recognition of the foam-shedding as a safety-of-flight issue rather than a
maintenance issue. However, the shuttle program faces thousands of
maintenance issues all the time. How does a manager pick the safety-of-
flight "signal" out of the maintenance "noise"? It's easy now to look back
with hindsight and say, "shoulda looked at the foam, dummy". But as Admiral
Gehman said, "If you're so smart, tell me what's the *next* thing that will
go wrong?"

I probably need to read _Normal Accidents_ some time; from other posts I
gather that it addresses some of these issues, so that I can stop asking
stupid questions.

--
JRF

Reply-to address spam-proofed - to reply by E-mail,
check "Organization" (I am not assimilated) and
think one step ahead of IBM.

rk wrote:

>
> The other key
>is the worst-case analysis. Two parts. First, during system and
>component analysis, this should ensure that the system will work
>properly under all credible combinations of conditions. For a
>failure, it would entail, say for the foam, how big of a piece can
>possible come off, as opposed to limiting the analysis to the
>existing database (and without dealing with the root cause you have
>double the problems). Next would be what is the worst-case on
>system safety for the largest piece that could have come off (as
>opposed to what has come off).
>
To me it seems that the root cause of our crew losses in spaceflight
hasn't been single point failures, but things that were in themselves
not working optimally, and in combination with other less-than-optimally
working systems led to catastrophic failure by unforeseen interactions;
as examples:
1. Apollo 1- Pure oxygen environment; high pressure for ground test to
simulate pressure differential in a vacuum; faulty wiring; combustibles
in spacecraft; no quick-open hatch.
2. Challenger- Bad field joint design; cold weather launch causing
O-ring failure to seat.
3. Columbia- ET foam shedding problem; possible deterioration of RCC
panel's structural strength over period of years; inaccurate modeling of
effect of debris strike on RCC panels.
This is going to be a very difficult problem to solve...as it requires
NASA to analyze failure modes that only manifest themselves when a
perceived minor problem interacts with another perceived minor problem
in an unanticipated way- maybe there should be a separate entity inside
the agency, made up of top-quality engineers whose sole purpose is to
locate such possible interactions, and issue "No-flights-till-fixed"
orders when such a problem is found- to be effective, such a entity must
not be beholden to NASA management in any way, so that the "keep quiet,
and keep your job" mindset can be broken...if one were looking for some
engineers to staff such a NASA department...then the engineers who were
shooting those concerned e-mails back and forth about the damage to
Columbia from the foam strike would be a good place to start.
One obvious problem would be both the administrative and political
pressure that could be used against the members of such a department, as
their decisions could both cost the agency money and political pull when
it comes to congressional funding requests, as there is a definite
"let's keep launching" mentality at NASA...and understandably so- as the
press loves to jump on the agency when there are launch delays (in fact,
one can make the argument with some certainty that the press ridicule of
NASA due to the multiple delays to Challenger's last launch was a very
major factor in the flawed decision to launch the shuttle on that very
cold day.)
Maybe we should look to another institution for an answer- maybe, like
the justices of the Supreme Court, such an entity should be made up of
skilled engineers with a lot of years under their belts, who are
appointed for say a long term on the promulgated "Flight Safety
Investigation And Assurance Board", and then retire on reaching age 65;
but other than going completely berserk, can't be taken off of the board
for any reason whatsoever- a number would have to be chosen for
membership on the board which would be small enough to allow decisive
action, yet large enough to encompass all of the technologies embraced
by the manned spaceflight challenge with competence and intimate
knowledge; as well as insulate such a board from the flawed decision
making or grandstanding on the part of one or more members; what, say 13
to 25 total?

Pat

On 25 Aug 2003 17:50:01 GMT, in a place far, far away, Pat Flannery
> made the phosphor on my monitor glow in such a
way as to indicate that:

>To me it seems that the root cause of our crew losses in spaceflight
>hasn't been single point failures, but things that were in themselves
>not working optimally, and in combination with other less-than-optimally
>working systems led to catastrophic failure by unforeseen interactions;
>as examples:

That's true of any well-designed system, by definition.

http://www.interglobal.org/weblog/archives/002950.html#002950

--
simberg.interglobal.org * 310 372-7963 (CA) 307 739-1296 (Jackson Hole)
interglobal space lines * 307 733-1715 (Fax) http://www.interglobal.org

"Extraordinary launch vehicles require extraordinary markets..."
Swap the first . and @ and throw out the ".trash" to email me.
Here's my email address for autospammers:

rk > wrote:
>I did some reading on the recent study last year between NASA and
>the Navy:
> 07.17.03 - NASA/Navy Benchmarking Exchange (NNBE)

That one is high on my to-be-read list.

>Note that they use terms such as "maximum reasonable assurance" -
>that differs from "maximum assurance." This is similar to radiation
>training, ALARA, "as low as reasonably achievable."

Yep, the ol' tunnel trio: Time, Distance, and Shielding

>One can never drive the risk to zero since that would require n levels
>of redundancy, n infinite. That's where "acceptable risk" comes in.
>The definition of "acceptable risk" is of course quite subjective.

Yep. It's made worse when the perceived risk is driven by the
assumption that "routine" = "safe as a nursery school".

D.
--
The STS-107 Columbia Loss FAQ can be found
at the following URLs:

Text-Only Version:
http://www.io.com/~o_m/columbia_loss_faq.html

Enhanced HTML Version:
http://www.io.com/~o_m/columbia_loss_faq_x.html

Corrections, comments, and additions should be
e-mailed to , as well as posted to
sci.space.history and sci.space.shuttle for
discussion.

"Jorge R. Frank" > wrote:

(Derek Lyons) wrote:
>
>> From the evidence in hand, it remains unclear whether Columbia could
>> have been prevented or mitigated. It possible in theory, but there is
>> nothing to make a clear call one way or the other.
>
>The decision-making process for the Columbia accident actually falls into
>two phases: pre-flight and in-flight. This is distinct from the Challenger
>accident where *all* the critical decisions were made pre-flight; post-SRB
>ignition, nothing could have been done to save the Challenger crew.

And arguably the same is true post SRB ignition for Columbia. Sure
there were possibilities, but none with significant and elevated risks
themselves. Worse yet, all of those hinge on early detection and
decisive action.

>With regard to the in-flight decision-making, I agree with you. Pre-flight,
>I'm not so sure. There was a process by which the ET foam-shedding became
>to be seen as a maintenance issue rather than a safety-of-flight issue. By
>the time the current generation of managers was in place, it was an issue
>that had been dealt with by their predecessors for a long time.

The real problem in a system as fragile as the STS, is that there are
darn few preventive or corrective maintenance issues that *aren't*
ultimately safety of flight issues. Separating the two, and
prioritizing and managing them is a decidedly non-trivial task. (And
for the man who can figure a testable, repeatable, and sustainable
method for doing so, the world is his oyster.)

>An argument could be made that the fleet should have been grounded after
>STS-112, when it was discovered that foam had been shed from the ET bipod
>ramp (for the first time in over a decade, IIRC). This would have required
>recognition of the foam-shedding as a safety-of-flight issue rather than a
>maintenance issue. However, the shuttle program faces thousands of
>maintenance issues all the time. How does a manager pick the safety-of-
>flight "signal" out of the maintenance "noise"?

That's the part that perplexes me, and others as well. Given the
history of groundings in the last half decade, what made the foam
different?

>I probably need to read _Normal Accidents_ some time; from other posts I
>gather that it addresses some of these issues, so that I can stop asking
>stupid questions.

It's a damm good read.

D.
--
The STS-107 Columbia Loss FAQ can be found
at the following URLs:

Text-Only Version:
http://www.io.com/~o_m/columbia_loss_faq.html

Enhanced HTML Version:
http://www.io.com/~o_m/columbia_loss_faq_x.html

Corrections, comments, and additions should be
e-mailed to , as well as posted to
sci.space.history and sci.space.shuttle for
discussion.

Derek Lyons wrote:

>Yep, the ol' tunnel trio: Time, Distance, and Shielding
>
>
>
>>One can never drive the risk to zero since that would require n levels
>>of redundancy, n infinite. That's where "acceptable risk" comes in.
>>The definition of "acceptable risk" is of course quite subjective.
>>
>>
>
>Yep. It's made worse when the perceived risk is driven by the
>assumption that "routine" = "safe as a nursery school".
>
>

Or, in the case of Soviet submarines,"routine" = "as safe as a gulag"....

Pat

Pat Flannery > wrote in
:

> This is going to be a very difficult problem to solve...as it requires
> NASA to analyze failure modes that only manifest themselves when a
> perceived minor problem interacts with another perceived minor problem
> in an unanticipated way- maybe there should be a separate entity inside
> the agency, made up of top-quality engineers whose sole purpose is to
> locate such possible interactions, and issue "No-flights-till-fixed"
> orders when such a problem is found- to be effective, such a entity must
> not be beholden to NASA management in any way, so that the "keep quiet,
> and keep your job" mindset can be broken...if one were looking for some
> engineers to staff such a NASA department...then the engineers who were
> shooting those concerned e-mails back and forth about the damage to
> Columbia from the foam strike would be a good place to start.

There is a danger from going too far the other way, however.

"Paralysis by analysis."

You can *always* find a reason not to fly. An organization so predisposed
will not fly.

--
JRF

Reply-to address spam-proofed - to reply by E-mail,
check "Organization" (I am not assimilated) and
think one step ahead of IBM.

(Derek Lyons) wrote in
:

> "Jorge R. Frank" > wrote:
>
>>An argument could be made that the fleet should have been grounded
>>after STS-112, when it was discovered that foam had been shed from the
>>ET bipod ramp (for the first time in over a decade, IIRC). This would
>>have required recognition of the foam-shedding as a safety-of-flight
>>issue rather than a maintenance issue. However, the shuttle program
>>faces thousands of maintenance issues all the time. How does a manager
>>pick the safety-of- flight "signal" out of the maintenance "noise"?
>
> That's the part that perplexes me, and others as well. Given the
> history of groundings in the last half decade, what made the foam
> different?

I don't think there's a short answer to that. It's not like NASA didn't try
to solve the foam-shedding - they were periodically tweaking the foam
formulation and application processes. It may well have come down to "gut"
judgment: it's easy to see how cracked MPS flowliners, hydrogen leaks, and
frayed wiring can cause fatal accidents, so managers promptly grounded the
fleet after learning of each of these problems. But no one seemed to have
"connected the dots" that 1) if *part* of the ET bipod ramp can come off,
then *all* of it can come off - and that's a *lot* of foam; 2) if foam
comes off in supersonic flight, it will decelerate *very* rapidly and
potentially hit the orbiter *very* hard; and 3) a hard foam impact carries
enough kinetic energy to cause fatal damage to RCC.

>>I probably need to read _Normal Accidents_ some time; from other posts
>>I gather that it addresses some of these issues, so that I can stop
>>asking stupid questions.
>
> It's a damm good read.

Thanks for the recommendation!

--
JRF

Reply-to address spam-proofed - to reply by E-mail,
check "Organization" (I am not assimilated) and
think one step ahead of IBM.

> And arguably the same is true post SRB ignition for Columbia. Sure
> there were possibilities, but none with significant and elevated risks
> themselves. Worse yet, all of those hinge on early detection and
> decisive action.
> >With regard to the in-flight decision-making, I agree with you.

Hmmm..the largest piece of foam ever seen, hitting the TPS in contrast to
the SRB for the previous flight, and potentially at a place for which no
data existed? At least, somebody should have said - in particular, given
the scant quantity and bad quality of tracking images - that there was
insufficient knowledge to _exclude_ a safety of flight issue.

Jan

Jorge R. Frank wrote:

>There is a danger from going too far the other way, however.
>
>"Paralysis by analysis."
>
>You can *always* find a reason not to fly. An organization so predisposed
>will not fly.
>
>
>
That's why I think that such a group should be made up of NASA veteran
engineers....they would have the best chance of being able to analyze
what constituted a real risk versus a simple annoying problem that could
be addressed when time and budget allowed; we have had two near fatal
single point problems regarding the Apollo spacecraft (Apollo 13's
oxygen tank rupture, and the leaking RCS propellants on the Apollo from
the ASTP leading to crew inhalation and failure of one of the three
landing parachutes... in both cases these were things that could not
have been foreseen before the launch....but in the case of Challenger,
the gas leakage on the SRB was foreseen by the engineers who tried to
have the launch stopped...only to be overruled by managment...in the
case of Columbia, the engineers were probably concerned about foam
shedding in regard to vehicle damage based on past experience; and very
concerned once they saw the foam impact during ascent...but again their
input (small that it was- they mainly talked among themselves about it;
and that is very troubling in itself, as it indicates that they were, in
their own opinion, outside the loop as to having real input into flight
decisions on-orbit) didn't change the mission's flight profile in
regards to trying to get a look at possible damage, or planning for a
possible abnormal reentry (not that either of these would probably had
any effect on the final outcome of the mission). The use of outside
contractors for Shuttle mission support and between-mission maintenance
makes the need for some sort of completely independent safety analysis
doubly important in my opinion, as the support companies have a vested
economic interest in maintaining a smooth flight schedule; both to avoid
being penalized for poor performance, and to maintain their contracts-
while receiving incentive rewards for on-time launches. This means that
they have a possible conflict of interest in regards to the safety of
launches, as it will be in their interest to regards to corporate
profits to assure that the vehicle flies on time every time....even when
there are possible flight safety concerns; whatever else one can say in
regards to Boeing's foam strike analyze of damage to the Columbia, the
simple fact remains that they were wrong....whatever else can say in
regards to Lockheed/Martin's external tank, the fact remains that it was
consistently shedding foam in larger or smaller pieces during virtually
all flights; which under NASA's own guidelines for Shuttle safety was an
unacceptable situation.
Anyway, the CAIB has just started giving its report, so I'll wait to
hear what they say.


Pat

"Jorge R. Frank" > wrote:
>There is a danger from going too far the other way, however.
>
>"Paralysis by analysis."
>
>You can *always* find a reason not to fly. An organization so predisposed
>will not fly.

As a collory to this, I'd like to toss in an article of faith from the
Navy; "Any inspection can always find something f****d up, no matter
how competent the folks being inspected are".

We firmly believed that the inspections teams searched through obscure
regs and directives in order to have something, anything, to fry a
crew.

D.
--
The STS-107 Columbia Loss FAQ can be found
at the following URLs:

Text-Only Version:
http://www.io.com/~o_m/columbia_loss_faq.html

Enhanced HTML Version:
http://www.io.com/~o_m/columbia_loss_faq_x.html

Corrections, comments, and additions should be
e-mailed to , as well as posted to
sci.space.history and sci.space.shuttle for
discussion.