STS Shuttle discussion thread

[mikegarrison]

http://www.ulalaunch.com/ula-completes-dual-engine-centaur.aspx

The dual engine centaur has flown on Atlas more than 160 times, but not since 2003. This 2013 release says that at that time, the design changes necessary for the Atlas V had just gone through PDR. Remember, the basic centaur design goes all the way back to the early 60s. Atlas goes back even further, but the Atlas V doesn't have very much in common with the original Atlas ICBM except for the name.

Edited January 17, 2018 by mikegarrison

[tater]

5 minutes ago, mikegarrison said:

http://www.ulalaunch.com/ula-completes-dual-engine-centaur.aspx

The dual engine centaur has flown on Atlas more than 160 times, but not since 2003. This 2013 release says that at that time, the design changes necessary for the Atlas V had just gone through PDR. Remember, the basic centaur design goes all the way back to the early 60s. Atlas goes back even further, but the Atlas V doesn't have very much in common with the original Atlas ICBM except for the name.

But not as Centaur III, only in the earlier US configurations. So the stage changed, and flew once (the same size, etc as will be used for CST-100).

[mikegarrison]

Eh, I'm not worried. The Centaur is about as tried and true as rockets get. Kind of like the R-7.

[GoSlash27]

This is the report that shut the Shuttle down early:

https://ntrs.nasa.gov/archive/nasa/casi.ntrs.nasa.gov/20110008208.pdf

Obama had originally planned to fly it until 2013, but then this came out and they realized how much of a gamble it was to continue any further. They managed to squeeze out 3 more flights to get their affairs in order (each one personally authorized by the President) and then that was it.

Best,
-Slashy

[tater]

Very interesting. The foam risk waxed and waned for various reasons, but the final drop in risk included "improved rescue," which basically means that shuttle only flew to ISS, and the crew could stay there if they had a critical ascent event, the underlying risk of such an event didn't change. This also makes the use of the system just as a crew delivery perhaps not cost-effective (I suppose they could then have done huge supply deliveries at least, taking the place of a few launches for that in one go).

Edited January 17, 2018 by tater

[PB666]

54 minutes ago, tater said:

Note that this underlines the fact that any separation event while the SRBs were operating was a certain failure of the orbiter due to aerodynamic forces.

An engineer or safety officer is a more or less an advanced technician, they are not managers. Asking an engineer to be a manager and make economic decisions creates a conflict of interest. Most institutions, even the more respected don't consider that a conflict of interest, and in 1985 those words would be laughed at.

I have to take the side of the engineers, and the point is that they expected STS-51L to blow up on the launch pad, they expected it and it didn't and they thought that somehow they had dodged a bullet. You get a sense of this that 51L had two fault to destruct modes, one is on the pad (the grease did not fill in the hole) or in flight (grease fills but then is pushed through). So it really doesn't matter in the long run if the orbiter breaks up from aerodynamic forces or gets blown to smithereens on the launch pad.

The designation criticality I is something a manager uses, it lacks the detail needed to determine if the critical structure was robust enough under any circumstance to fly. The engineers believed that a situation developed over time whereby a design they thought they could trust could no longer be trusted under many operational states, and they were awaiting disaster. One has to wonder what MT had done had the blow hole was on the other side and the system limped to booster separation and aborted to say Spain or LEO. Would have they then said no . . you cant fly this anymore. . .too dangerous. Suppose the end of the booster had broken off and had been lost in the Atlantic. And then what, just say it separated on landing . . . .even though you expected it to blow up on launch pad. MT moved the two most critical engineers to other parts of the company and initially tried to blame one of them, but the report exonerated them. It was an attempted coverup, obstruction of justice . . no charges there were filed either. No culpability. Its institutional culture that caused it, file the RICO on them if its institutional.

You have to back a little bit away from the incident once you know that the culture of the institution was the primary cause of the accident and then look at the culture and argue the case. What are all the what ifs. If one what-if is that he you can blow up any time during the first 90 seconds of flight aerodynamic forces or not, then that's it, that's what it is.  Then you need to go to the design chain of command and ask, why did we choose this and why are we still using it. . . . . .And why isn't critical information being passed. The report itself did not go far enough, they did not criticize the OMB for making the decision, they did not offer  a bypass stance allowing for procurement of alternative boosters, and worse MT was not held negligent and its company officials walked away without a scratch, basically.

 

[mikegarrison]

Just now, PB666 said:

An engineer or safety officer is a more or less an advanced technician, they are not managers. Asking an engineer to be a manager and make economic decisions creates a conflict of interest.

That's incredibly wrong. Engineers make decisions based on cost all the time. It's a large part of the job -- finding ways to make things cost less.

The race car engineer Carroll Smith once defined an engineer this way: "An engineer is someone who can do for a dime what any fool can do for a dollar."

[PB666]

11 minutes ago, mikegarrison said:

The race car engineer Carroll Smith once defined an engineer this way: "An engineer is someone who can do for a dime what any fool can do for a dollar."

You've never worked in an institution. They were not worried about the cost of making the booster (they are US contractors), they were worried about the booster being the cost of launch delay's and more importantly had they aborted launch, there was a possibility with a loud enough critique that the boosters would have to have been removed and rebuilt. There would have been a situation they could not control in which scuttlebutt might have gotten out informing NASA that once temp drops below 40'F the boosters have to come off. This management decisions impinged deeply into safety engineering.

There was something like 7 engineers at MT that opined 'don't launch'. . . .they got overridden.

Edited January 17, 2018 by PB666

[DerekL1963]

18 minutes ago, PB666 said:

An engineer or safety officer is a more or less an advanced technician, they are not managers. Asking an engineer to be a manager and make economic decisions creates a conflict of interest. Most institutions, even the more respected don't consider that a conflict of interest, and in 1985 those words would be laughed at.

During the Apollo program, having engineers be managers was (is) lauded as being one of the keys to the program's success.  Many of those managers played key roles in the development of the Shuttle.  Many who had been working level engineers during Apollo went on to become managers on the Shuttle program.

Food for thought.

[tater]

43 minutes ago, mikegarrison said:

Eh, I'm not worried. The Centaur is about as tried and true as rockets get. Kind of like the R-7.

Yeah, it's likely fine, just expensive as all get out, because RL-10 is ridiculously overpriced. 2 RL-10s cost as much as a complete F9 launch.

The Shuttle incremental improvements were certainly effective on many fronts. At a certain point, there was probably an upper limit on how safe that vehicle would ever be short of a clean paper 2.0 version.

The precipitous drop in risk towards the end (as per the link above) is substantially impacted by mission choice---only flying to ISS, which functions as a lifeboat in case of emergency.

For commercial crew, this is a simple way to use program management as a risk mitigation scheme. In the ASAP hearing today, SpaceX said that the principal risk that was hard to mitigate was the on-orbit time due to orbital debris risk. Ascent risk of LOC can be better than required, but if the vehicle is at station for a year during a mission, then the debris risk adds up.

A simple solution would be to leave an empty commercial crew vehicle at ISS. Fly them up as partial resupply missions, keep them up for a time such that the on-orbit risk is appropriate, then rotate them. The crew still has their ascent vehicle, but if the sensors show problems with any systems, they use the alternate vehicle.

[sevenperforce]

1 hour ago, tater said:

Yeah, it's likely fine, just expensive as all get out, because RL-10 is ridiculously overpriced. 2 RL-10s cost as much as a complete F9 launch.

 

That's...crazy.

1 hour ago, tater said:

A simple solution would be to leave an empty commercial crew vehicle at ISS. Fly them up as partial resupply missions, keep them up for a time such that the on-orbit risk is appropriate, then rotate them. The crew still has their ascent vehicle, but if the sensors show problems with any systems, they use the alternate vehicle.

Don't they already do this, essentially? They have a backup lifeboat on the ISS at all times, right? Though at present it's only the Soyuz....

[PB666]

1 hour ago, GoSlash27 said:

This is the report that shut the Shuttle down early:

https://ntrs.nasa.gov/archive/nasa/casi.ntrs.nasa.gov/20110008208.pdf

Obama had originally planned to fly it until 2013, but then this came out and they realized how much of a gamble it was to continue any further. They managed to squeeze out 3 more flights to get their affairs in order (each one personally authorized by the President) and then that was it.

Best,
-Slashy

Once again you did not read the report. https://ntrs.nasa.gov/archive/nasa/casi.ntrs.nasa.gov/20110008208.pdf

Quote

* Using this analysis technique shows that Shuttle average mission risk has improved by approximately an order of magnitude over the life of the program [Serious risk went from 1:10 to 1:90 over the life of the program]
* Risk reductions are the result of re‐designs or operational changes, the most significant of which follow major events (e.g. Challenger , Columbia , STS ‐ 27 TPS damage)
• This analysis is different than traditional reliability growth models which show improvement with each additional flight
– Risk can increase due to trading safety margin for increased performance (e.g. SSME) or due to external events (e.g.EPA ban of CFC ‐ 11 Freon)
– Significant improvement does not happen without time and money to re ‐ design risk significant hardware (e.g. Block IIA SSME, IAPU) or without impacts to mission (e.g. ATL adjustments, inspections)
– Need to understand what the drives the risk in order to reduce the risk (e.g. ascent debris)

Page Summary " CONCLUSIONS" page 29.

 

1 hour ago, tater said:

Yeah, it's likely fine, just expensive as all get out, because RL-10 is ridiculously overpriced. 2 RL-10s cost as much as a complete F9 launch

Yep, and its hard to explain because the design is far simpler than the SSME. Most of the original patents on the RL-10 have expired, but I understand the nozzel of the b-2 is made of some-kind of special plastic or something.

[mikegarrison]

1 hour ago, PB666 said:

You've never worked in an institution. They were not worried about the cost of making the booster (they are US contractors), they were worried about the booster being the cost of launch delay's and more importantly had they aborted launch, there was a possibility with a loud enough critique that the boosters would have to have been removed and rebuilt. There would have been a situation they could not control in which scuttlebutt might have gotten out informing NASA that once temp drops below 40'F the boosters have to come off. This management decisions impinged deeply into safety engineering.

There was something like 7 engineers at MT that opined 'don't launch'. . . .they got overridden.

How do you know where I've worked? In fact I've worked for government contractors my entire career. I've worked on military projects, commercial projects, and civil projects for government customers.

[PakledHostage]

2 hours ago, Starman4308 said:

A faulty management decision that only killed astronauts thanks to a faulty design that had no abort mode for much of the ascent.

That the managers messed up does not absolve the design's failure to have a robust abort mode on an experimental craft. Granted, the Shuttle was halfway designed by the managers, with the engineers just doing what they could under far too many demands.

I'm going to go with the findings of the Rogers Commission Report:

From Chapter IV - "Cause of the Accident" (Page 40)

Quote

The consensus of the Commission and participating investigative agencies is that the loss of the Space Shuttle Challenger was caused by a failure in the joint between the two lower segments of the right Solid Rocket Motor. The specific failure was the destruction of the seals that are intended to prevent hot gases from leaking through the joint during the propellant burn of the rocket motor. The evidence assembled by the Commission indicates that no other element of the Space Shuttle system contributed to this failure

 

And from Chapter V - "The Contributing Cause of the Accident " (Page 83)

Quote

The decision to launch the Challenger was flawed. Those who made that decision were unaware of the recent history of problems concerning the O-rings and the joint and were unaware of the initial written recommendation of the contractor advising against the launch at temperatures below 53 degrees Fahrenheit and the continuing opposition of the engineers at Thiokol after the management reversed its position.

 

The report also contains lots more information about the considerations that went into the abort modes and crew escape systems in Chapter IX - "Other Safety Considerations", starting on Page 179, but I don't have time to summarize them all here. Feel free to read through that chapter yourself, though.

[PB666]

1 minute ago, mikegarrison said:

How do you know where I've worked? In fact I've worked for government contractors my entire career. I've worked on military projects, commercial projects, and civil projects for government customers.

Well, then you should know that value exist outside of material cost, there is prestige, power and reputation at stake.

[GoSlash27]

1 minute ago, PB666 said:

Once again you did not read the report.

You assume too much. I have read it many times and understood it's implications when it came out, as did NASA when they rushed to shut it down before it got more people killed.

 I am also fed up with your snotty attitude. I asked you repeatedly to keep it civil, and you don't seem to be willing to do that. I'm not interested in anything else you have to say.

 

 

[PB666]

1 minute ago, GoSlash27 said:

You assume too much. I have read it many times and understood it's implications when it came out, as did NASA when they rushed to shut it down before it got more people killed.

 I am also fed up with your snotty attitude. I asked you repeatedly to keep it civil, and you don't seem to be willing to do that. I'm not interested in anything else you have to say

Because you have been misrepresenting the science in every step of the discussion. BTW not all risk is catastrophic, abort to orbit or RTLS or another base is also factored into that risk.

Edited January 17, 2018 by PB666

[mikegarrison]

Just now, PB666 said:

Well, then you should know that value exist outside of material cost, there is prestige, power and reputation at stake.

You know what large corporations value more than prestige, power, and reputation? Money. That's how they get to be large corporations.

I've never worked on an engineering project where someone said, "we don't care how much this costs". (I will admit that they do exist, but they are very rare. Typically they are when the project is in firefighting mode.)

[GoSlash27]

PB666,

 Sorry dude, I know you posted something, but I don't know what. You have rightly earned the honor of being the first person on this forum I've ever put on ignore. May as well find someone else to inflict your rude behavior on.

Best,
-Slashy

[PB666]

But likewise, I have been in similar situations were you are a safety officer planted between the institution (who you know is lying for prestige reasons) the director who wants to expedite some project and save money, the end user who just wants to proceed. And I have sat at discussions were alot of  'false representations' were flying around from all sides. I had a general philosophy at the end of my career, beware of institutional types coming around bearing gifts, that's frequently a prelude to a major compromise of performance or 'ethics'.

[mikegarrison]

6 minutes ago, PB666 said:

But likewise, I have been in similar situations were you are a safety officer planted between the institution (who you know is lying for prestige reasons) the director who wants to expedite some project and save money, the end user who just wants to proceed. And I have sat at discussions were alot of  'false representations' were flying around from all sides. I had a general philosophy at the end of my career, beware of institutional types coming around bearing gifts, that's frequently a prelude to a major compromise of performance or 'ethics'.

It is possible to be a good engineer, responsive to costs, business needs, customer needs, and the reality of physics, and still be ethical. You just have to be brave enough to say "no" sometimes.

[GoSlash27]

8 hours ago, PakledHostage said:

But that's just it. Is the glass half full or half empty? A lot of the criticism of the Shuttle program seems to be motivated by people's political ideology, by SpaceX tribalism, by people's belief that the Shuttle's very existence held us back from achieving some "Buck Rogers" vision of the future, etc. But those are all far from objective perspectives and the fervent certitude of those shuttle program haters is tedious. Sure the Shuttle design and program were far from perfect, but don't throw the baby out with the bath water... We learned a lot from the Shuttle program, both good and bad. Appreciate the upsides, learn from the mistakes, then move on and make it better next time. That's a large part of what real world engineering is all about.

PakledHostage,

 I think that's what most of us are doing tho'. It is perfectly reasonable for someone to love the Shuttle, yet objectively look at it's strengths *and* weaknesses. You don't have to "hate" the STS to see the serious safety hazards and exorbitant costs that came with it.

 As I pointed out in my OP, I am thankful for the contributions the STS has made to the space program and I consider it to be one of the greatest feats of engineering in human history. I also loved watching it launch and loved following it during reentry and landing.

 Despite all that, I can set my feelings about the STS aside and dispassionately analyze it and come to the conclusion that it had some serious problems. I *think* that's where most of us are.

Best,
-Slashy

Edited January 17, 2018 by GoSlash27

[Starman4308]

1 hour ago, PakledHostage said:

I'm going to go with the findings of the Rogers Commission Report:

From Chapter IV - "Cause of the Accident" (Page 40)

 

And from Chapter V - "The Contributing Cause of the Accident " (Page 83)

 

The report also contains lots more information about the considerations that went into the abort modes and crew escape systems in Chapter IX - "Other Safety Considerations", starting on Page 179, but I don't have time to summarize them all here. Feel free to read through that chapter yourself, though.

These two quotes mostly agree with my understanding of what caused the LOV (Loss Of Vehicle) event. Management pushed for a launch below the temperatures the Space Shuttle was designed to operate at, having ignored prior warning signs that the O-rings were being pushed beyond their specified intent. As a consequence, a seam burst, a fortuitous oxide seal formed, but that was eventually torn off by windshear, exposing the main tank and support structure to SRB plume, culminating in a strut failing.

 

They do not, however, address what transformed the Challenger LOV event into a LOCV (Loss Of Crew and Vehicle) event. While it is possible that that long report contains something I'm unaware of, fundamentally, my understanding is:

The Space Shuttle was a novel and largely untested design (orbiter placed on the side of the tank and boosters, instead of a vertical stack).

Orbital launch vehicles, even today, are largely experimental vehicles with margins far slimmer than even jet fighters, most of which have an abort mode (ejector seats).

No abort provision had been made for large sections of the launch process. Even after Challenger, SRB failure was a guaranteed LOV with near-guaranteed LOC.

There is a very substantial chance that had a conventional LAS been provided, Challenger's crew would have survived the event.

A later disaster, Columbia, was fundamentally caused by the design of the Space Shuttle; with a conventional stack, foam could only have struck glancing blows to crucial components of the launch vehicle, nevermind the reentry vehicle that is physically above all the insulation foam.

Remaining issues such as tile loss were never addressed, with NASA just hoping it didn't cause a failure.

The behavior of conventional, vertical stacks is far better understood thanks to the sheer number of unmanned launches.

 

In the cases of both Columbia and Challenger, if you replaced the Space Shuttle with a Space Launch System/Orion, the crew would very likely have survived. In the case of Challenger, there is an abort tower to permit crew abort from T=0, and my understanding is that Orion would have stood a very good chance of separating for a safe parachute landing. Not guaranteed, but a heck of a lot better than "have to hold onto failing SRBs and pray". Mission failure, but crew survival. In the case of Columbia, unless gravity magically reversed itself, falling foam would not possibly have hit the Orion vehicle. It would have been a non-incident, and today we would have been blissfully ignorant of foam's capacity to punch through aluminum wings.

Now, it is possible the SLS has design flaws that the Shuttle didn't. We may never find out. Unlike the Shuttle, though, SLS-Orion, Falcon 9-Dragon, Atlas-Starliner, and Soyuz all have functional and relatively simple abort modes, and are based on the well-understood architecture of "put something on top of a rocket". While they all have some flaws, and likely have undiscovered flaws, major failures of launch vehicle components need not doom the crew.

[mikegarrison]

I know it's not exactly the same, but commercial airplanes do not have ejection systems or otherwise any way to survive a mishap on the airplane unless it actually reaches the ground structurally intact enough to escape from. When we fly on one, we all rely on a safety system that predicates survival of passengers and crew on survival of the airplane, at least until the point of some kind of landing or survivable crash. I don't think it is an inherently wrong concept that a spacecraft might be designed with a similar philosophy -- one that equates survival of the crew with survival of the craft.

Even the capsule designs generally require that at least the capsule must survive relatively intact for the crew to survive -- only a couple designs in history had space capsules with provisions for crew ejection.

My own closest personal experience to this is the one time that I was on the first flight of a 757. I was confident it would work fine, and it did, but I was certainly aware during the takeoff that this was the very first time that airframe had ever lifted off the ground, and that I was trusting all the steps in the design/build/certification process to make sure that yes, in fact, this plane could fly.

I think it was (and is) a reasonable design choice to decide that certain kinds of abort modes that are available for some spaceships are not available for others, as long as the safety of the design and operation meets the specified requirements.

Edited January 18, 2018 by mikegarrison

[Starman4308]

Just now, mikegarrison said:

I know it's not exactly the same, but commercial airplanes do not have ejection systems or otherwise any way to survive a mishap on the airplane unless it actually reaches the ground structurally intact enough to escape from. When we fly on one, we all rely on a safety system that predicates survival of passengers and crew on survival of the airplane, at least until the point of some kind of landing or survivable crash. I don not think it is an inherently wrong concept that a spacecraft might be designed with a similar philosophy -- one that equates survival of the crew with survival of the craft.

Even the capsule designs generally require that at least the capsule must survive relatively intact for the crew to survive -- only a couple designs in history had space capsules with provisions for crew ejection.

My own closest personal experience to this is the one time that I was on the first flight of a 757. I was confident it would work fine, and it did, but I was certainly aware during the takeoff that this was the very first time that airframe had ever lifted off the ground, and that I was trusting all the steps in the design/build/certification process to make sure that yes, in fact, this plane could fly.

I think it was (and is) a reasonable design choice to decide that certain kinds of abort modes that are available for some spaceships are not available for others, as long as the safety of the design and operation meets the specified requirements.

It's a difference in magnitude, of reasonable risk.

Commercial airplanes are extremely well-understood, and can be extensively tested. Each new model of aircraft flies a large number of times before ever being allowed to carry passengers, with the individual airframes likely flown several times before carrying passengers to boot. Commercial airflight has been pushed to the point where it is reasonable to forgo abort modes that do not rely on survival of the airframe. Spaceflight, however, is at the point where a long, successful production run is the number of times a commercial airliner has to fly just to get certified.

In the future, maybe space travel will get to the point where it's safe to put people on board and just expect it to work, but right now I would call space travel insufficiently developed to forgo abort procedures for the entire mission.