|
Post by echnaton on Jan 30, 2008 10:57:22 GMT -4
The item that stands out most for me in relation to the Challenger disaster is from the conference call where Thiokol was addressing the launch question. IIRC, some engineers whose approval was required for launch had expressed concern about the temperature and were opposed to approving launch. One of the senior managers asked them to “take off your engineers hat and put on your management hat.” Or something to that effect. A not so subtle hint that careers were in question. The engineers that didn’t join the team were then excluded from further decision making. The launch was ultimately approved, Thiokol’s solid rocket booster failed and the ship was destroyed.
That is a tough spot, if that had prevailed in stopping the launch, no one would have ever known for sure if they were right and their advancement at Thiokol would have been in doubt. By not prevailing in stopping the launch, I am sure they lost plenty of sleep wondering if there was something else they could have done.
|
|
|
Post by JayUtah on Jan 30, 2008 11:33:01 GMT -4
The guy who was asked to change hats was not a rank-and-file engineer but instead an engineering manager. He really did wear two hats. He had initially sided with the engineering team. The plea to don the management hat was not a threat to his job, but a request to consider the problem from a larger perspective that included his responsibility to manage the company wisely. The bigger picture in this case was other business NASA was negotiating with Morton Thiokol that might be jeopardized by Thiokol not approving the Challenger launch.
Unfortunately we know from hindsight that the decision made while wearing his engineering hat was the correct one. We have come to believe that the apparent placing of company objectives over flight safety was unethical. Later, the company executives who made the fateful hat-switching statement disavowed that they were urging him to disregard the technical aspects of the problem, but it's difficult to see how else that statement could have been made. More important than what they said was the fact that they were there to say it -- company executives had never previously attended flight readiness reviews.
Not only was delying the launch the right decision in terms of flight safety, it would have been the right decision in terms of company image. Even decades hence, the name Thiokol is still associated with that one unethical decision, despite an overall stellar record in the aerospace industry. Thiokol's reputation was irrepairably damaged. (Let's not judge an entire company on the basis of the actions of a very few men.)
The human effect was indeed pronounced: there was, I believe, at least one engineer suicide in the aftermath of the investigation. It wasn't just lost sleep.
One thing we know in hindsight could have been done better was the presentation of correlated data. It's not widely known that the numerical data Thiokol presented to NASA, to support their contention that O-ring erosion and blow-by from seating latency was caused by cold seal temperature, did not actually support that conclusion. That's because Thiokol presented only data from missions in which O-ring damage had occurred. The correlation was lost in the statistical noise of that sub-sample. Had they presented data from all missions, including those in which no O-ring damage occurred, the correlation between O-ring failure and seal temperature would have been quite apparent.
|
|
|
Post by scooter on Jan 30, 2008 12:41:48 GMT -4
Was there not an improvement program underway to redesign the joints at the time? I was under the impression that Thikol has recognized the trend and was already working on it when Challenger was lost.
|
|
|
Post by JayUtah on Jan 30, 2008 16:24:57 GMT -4
There was a working group formed to address the seal failure from the 1985 winter launch season. But at Thiokol it was not considered a high priority because the 1985 winter conditions were seen as anomalously cold, and there was still full confidence in the redundancy of the seal design. Nevertheless the documentary record reproduces two "red flag" memoranda written by the field-joint working group complaining of lack of resources. It was difficult to get anything done during the summer, especially since Thiokol was falling farther and farther behind in inspecting flown motors.
The 1986 winter proved to be even more harsh, and unfortunately all Thiokol's working group had been able to accomplish before the season was to keep tracking the problem. While they were "working on it" in the sense of recognizing it and taking steps, I don't think you could reasonably call it an effective level of effort.
|
|
reynoldbot
Jupiter
A paper-white mask of evil.
Posts: 790
|
Post by reynoldbot on Jan 31, 2008 5:41:38 GMT -4
Forgive me if I'm wrong, but couldn't they have just tested the actual o-rings if they halted the launch and found out exactly how bad they were in that cold? I mean, I read that the ice team inadvertently gotten a temperature reading of the right SRB at that joint and it was at something like 9 degrees. They could in theory have gotten a temperature reading and then used that to test a sample of the o-ring material's tenacity at that temperature.
...As evidenced by my above statement. Those very few men made an extremely selfish and short-sighted decision to put not just the shuttle and the astronauts' lives at risk but their entire company too. I mean, of course they were under enormous pressure to maintain the flight schedule (especially considering the upcoming missions that had the limited launch window) but that should never excuse them from the decision they made. We cannot allow NASA to brush aside mistakes and behaviors like that. It was doing just that which led to Columbia. And which will lead to the next big disaster if things don't change.
|
|
Al Johnston
"Cheer up!" they said, "It could be worse!" So I did, and it was.
Posts: 1,453
|
Post by Al Johnston on Jan 31, 2008 6:25:47 GMT -4
Forgive me if I'm wrong, but couldn't they have just tested the actual o-rings if they halted the launch and found out exactly how bad they were in that cold? I mean, I read that the ice team inadvertently gotten a temperature reading of the right SRB at that joint and it was at something like 9 degrees. They could in theory have gotten a temperature reading and then used that to test a sample of the o-ring material's tenacity at that temperature. Richard Feynman did just that at the Challenger committee press conference, and I'm sure the o-ring manufacturers would have done temperature-related testing which would have been used as design data, but whether any such tests were done in between those times ...
|
|
|
Post by gwiz on Jan 31, 2008 8:20:18 GMT -4
Even decades hence, the name Thiokol is still associated with that one unethical decision, despite an overall stellar record in the aerospace industry. Thiokol's reputation was irrepairably damaged. (Let's not judge an entire company on the basis of the actions of a very few men.) No doubt the reason they mostly use the name of parent company ATK these days.
|
|
|
Post by JayUtah on Jan 31, 2008 10:47:17 GMT -4
Everyone around here still calls it Thiokol. I think calling it by ATK's name has more to do with ATK. If I recall, the monument outside the plant reads "ATK Wasatch Propulsion Division" or something like that; Thiokol really doesn't exist as its own entity anymore.
|
|
|
Post by JayUtah on Jan 31, 2008 11:44:31 GMT -4
Feynman's demonstration made a big public splash (in ice water), but engineers and engineering managers were already well aware that rubber gets hard when it gets cold. It's tempting to reduce the Challenger incident to one technical cause and some amoral calculation.
The coldest prior launch did not erode the O-rings, and the O-rings eroded most at a joint temperature of nearly 70 F -- well within the acceptable temperature range for flight. Clearly there were other factors at work (joint pressure profiles, rotation profiles, quality escapes, etc.) and when you're the engineer of record you must absolutely find them and not just assume the one thing you know about (hard rubber) is all you need to consider.
On the eve of the launch, Thiokol looked at the weather and said no. NASA blew a gasket, mostly because MSFC people would then have to tell HQ they couldn't launch, which would be embarrassing since they had tried to keep the SRB field joint problems a Marshall-only affair. (Remember, NASA is a loose federation of largely autonomous centers.)
NASA demanded the data behind Thiokol's recommendation. Thiokol only had one hour to come up with it, and they dropped the ball. When push came to shove, they could present no hard data to show that there existed any greater risk for Challenger than had already been accepted in prior flights, rock-hard O-rings or not. That puts senior management in an awkward position.
Much has been said about the reversal of roles: that the burden of proof lies on the decision to proceed with the launch. In theory, Thiokol's no-go recommendation should have stopped the launch right there. But in fact nothing ever prevented NASA from asking a contractor for the rationale behind the decision. When NASA (i.e., MSFC) noted that (1) the data did not support their conclusion, and (2) Thiokol had given the "go" ruling under similar conditions prior and was now inexplicably reversing their position, they asked Thiokol to reconsider, and that's when it became a management-only affair with the engineers excluded. Of course the engineers were rightly furious. In their minds, they couldn't guarantee the machine would behave as designed, and that should have been enough.
But even if they had scrubbed the launch and performed Feynman's C-clamp and ice-water test on the O-rings that very morning, it probably wouldn't have changed anything for anybody. That is, it wouldn't have told the engineers, managers, and NASA anything they didn't already know.
The abstract elasticity and durometer of O-ring material tells you only a small part of the story. It doesn't tell you everything that's happening in the joint, and that's really what you want to know. Okaying the material won't prove the joint, and failing the material won't necessarily invalidate the joint.
The manufacturer of course has all kinds of materials property profiles on the material. But the manufacturer is not responsible for testing the material or the product in the customer's application and environment. That's the customer's duty. So Thiokol can call up the O-ring company (I think it's in Logan, Utah) and send them the design for the O-ring they need. (12-foot diameter O-rings usually aren't in the standard catalog.) And they'll provide it to spec, but Thiokol is responsible for ensuring that the part works in their design. So what the manufacturer says about the material isn't the important part of the story.
I'm not offering blanket defenses for everyone's actions here. Clearly the Challenger accident was preventable and lots of people made mistakes. My point is that it's unfair to simplify the issues down to a few paragraphs and high points and then judge harshly.
|
|
|
Post by Ginnie on Jan 31, 2008 18:09:34 GMT -4
The edited video was pretty funny. ;D
|
|
|
Post by PhantomWolf on Jan 31, 2008 19:56:22 GMT -4
I'm not offering blanket defenses for everyone's actions here. Clearly the Challenger accident was preventable and lots of people made mistakes. My point is that it's unfair to simplify the issues down to a few paragraphs and high points and then judge harshly. Not only that, but when the fault happened, the o-ring was actually blocked by a slag "cork". Unfortunately they hit windshear which knocked the "cork" loose and allowed the flame to spray out the joint. Had the O-ring failed on the other side, or the windsheer not dislodged the slag, the shuttle would have launched successfully even with the failure.
|
|
reynoldbot
Jupiter
A paper-white mask of evil.
Posts: 790
|
Post by reynoldbot on Jan 31, 2008 21:08:17 GMT -4
Would haves and could haves are moot considering what did happen. The point is that it should never have come to a lucky piece of slag plugging the hole, and you can't blame the wind shear for what happened.
|
|
|
Post by PhantomWolf on Jan 31, 2008 21:13:17 GMT -4
Would haves and could haves are moot considering what did happen. The point is that it should never have come to a lucky piece of slag plugging the hole, and you can't blame the wind shear for what happened. Oh, entirely true. What I was pointing out is that had circumstances other than what had happened occured during the launch, Management would have felt totally justified in their call because the launch would have been "safe" and who knows what that would have lead to down the road. Can you imagine the next time the engineers and management clashed: "That's what you said about Challenger and it was fine, you lot just worry to much."
|
|
|
Post by JayUtah on Jan 31, 2008 21:28:51 GMT -4
But in fact the space shuttle operations had invaded the margin. Several flights exhibited behavior that was deemed unsafe and unexpected. The fact that they didn't blow up doesn't negate the fact that they were invading a safety margin built to account for things like ice and slag and wind shear. When there is no more margin, the least thing causes a catastrophe.
It's very hard to get management to understand why that margin is there and why it's not wasteful.
|
|
|
Post by PhantomWolf on Feb 1, 2008 1:28:49 GMT -4
Which is sort of my point. If nothing had happened then management would have felt justified in cutting deeper into the safety margin and relying on luck to get them through, a rather bad attitude, but one I see often in the computer programming area. It's amazing how often you get told to just cut corners because "no one will ever do that." Generally that means the first person to use the program will do exactly that. While my programs generally aren't likely to cause an issue if they break, I really hope that the 777 software wasn't developed by managers like mine.
|
|