|
Post by ka9q on Jul 21, 2010 8:18:54 GMT -4
What would be a fair criterium to gauge the capacity of the Apollo and STS computers, and to compare with modern ones? Clock, memory, operations per second? All are relevant, but you have to be very careful to compare apples and apples. Clock speeds are especially deceptive. There are fundamental tradeoffs in computer design between gate count and the clock count needed to perform some function. More gates allows fewer clocks. The Apollo guidance computer (AGC) was severely limited in gate count, so even simple operations took many clocks. E.g., there was no floating point hardware; it had to be emulated in software. Not only do today's computers have much faster clocks than the AGC, they do much more on every clock through parallelism. This is again made possible by the very high gate counts now available on modern ICs. Parallelism now takes several forms: multiple CPU cores; vector processing; super scalar execution; and pipelining. I don't think the AGC had any of those features. Intel got itself in serious trouble in the 1990s and 2000s by competing on clock speeds. Faster clocks mean higher power, a major system issue, so today there's a very deliberate trend to limit clock speed to improve energy efficiency and cooling. So again, just comparing clock speeds would greatly understate the difference between the AGC and a modern computer. Memory size is also obviously important to a computer's capability. There are more tradeoffs between gate count and performance, notably through caching, so again you have to be careful when comparing the AGC to the modern computer. Modern RAM is not only much bigger and faster than the AGC's read/write memory, but the modern CPU memory cache makes that RAM seem even faster. The bottom line is what matters; can you program a given computer to do what has to be done in the time available? Remember that the AGC, though very sophisticated for its day, didn't have to do any serious number crunching. It had two main functions: serving as a fly-by-wire control system ("digital autopilot") for the CSM or LM, and maintaining the spacecraft state vector through dead reckoning (the state vector is the spacecraft position and velocity vectors at some moment in time). All the real number crunching was done on the ground in the Real Time Computer Complex (RTCC), a room of big mainframe computers in Houston. Every maneuver was planned there and read up to the crew, who wrote them down. In addition to their planned course corrections the crew always had a number of abort scenarios on hand so they could return to earth if communications were lost. The transcripts are full of these "maneuver PADs". Today, all of this could easily be done in a small onboard computer. Although Apollo relied primarily on ground tracking to correct errors in its state vector, the crew could autonomously determine its state vector through scope sightings of relative star positions to the earth and moon. Apollo 8 (notably Jim Lovell) showed they could do as good a job as the ground, which is pretty remarkable. With the increased computing power now available, an Apollo mission could now navigate itself through an entire mission without help from the ground.
|
|
|
Post by ka9q on Jul 21, 2010 6:57:22 GMT -4
That decrease in accident rate the late 1950s is pretty striking, isn't it? What accounts for it?
|
|
|
Post by ka9q on Jul 21, 2010 5:36:53 GMT -4
Operators tend to adopt a de minimis hypothesis early in the accident sequence and to filter incoming information based on the hypothesis. For nearly an hour Apollo 13 controllers believed they were looking at a simple failure that was being aggressively misreported in the telemetry. If anyone is at all interested in understanding how the crew and Mission Control initially troubleshot the Apollo 13 emergency, I strongly recommend getting Sy Liebergot's book "Apollo EECOM - Journey of a lifetime". The CD-ROM in the back contains several hours of the flight director and EECOM loops as Sy and his relief EECOM work things out with the backroom team. I never thought I could be so riveted by "techie talk" as I was by these recordings, especially for an event 40 years in the past that I was already quite familiar with. I kept thinking "C'mon, can't you tell? The O2 valves for cells 1 and 3 are closed, even though it doesn't show it. Try cycling them!" but they never do. Not that it would have made any difference, of course. Nor was it fair to judge them with crystal clear hindsight. They had absolutely no reason to think that the explosion had shocked those two valves closed. They had no indication of their positions in telemetry. Not even the crew did, because the H2 valves were still open and the indicators were wired to show "open" unless both H2 and O2 valves were closed. In fact, they didn't even have a reason to think there'd been an explosion. At least not right away.
|
|
|
Post by ka9q on Jul 21, 2010 5:03:56 GMT -4
I'd say that the decision to launch was courageous as the Manned Space Flight Center Launch Mission Rule 1-404 stated that "the vehicle will not be launched when its flight path will carry it through a cumulonimbus (thunderstorm) cloud formation." Courageous? There's a difference between courage and stupidity. I didn't know that the Apollo 12 launch actually violated any rules. I thought the rule was simply that there be no active lightning, and there wasn't. The rule writers didn't know that the Saturn V could actually induce lightning simply by its presence. The S-IC's long, ionized plume was an electrical conductor, and it extended a path to ground up into the charged cloud and triggered the two strikes. The Apollo 12 strikes led to the installation of an elaborate network of electric field sensors at Cape Canaveral, and they are now part of launch commit criteria.
|
|
|
Post by ka9q on Jul 19, 2010 22:42:44 GMT -4
Haise and Lovell, at least, certainly had the ability to do a 0g EVA. All Apollo lunar crews trained for a contingency EVA back to the CSM in the event of a failed LM/CSM redocking after ascent and rendezvous. That's why each crew carried the OPS and LEVAs back to lunar orbit. Missions 15-17 would later make use of one of each during the CMP deep space EVA. But 13 had two perfectly good PLSSes and OPS available, so they wouldn't have been in a hurry as in a contingency transfer using OPS alone.
The tricky part would have been doing it in 0 g, trying to keep everything inside the MESA from floating away when they opened it up.
With today's fast digital links, CCDs and other electronic sensors there probably wouldn't be any need for a deep space EVA in an Apollo J-type mission. It's easy to forget that until fairly recently, high quality space photography required film that had to be physically returned to earth at enormous cost and complexity.
Lunar Orbiter was an innovative hybrid of film and electronic sensing, but the results were still nowhere near the quality of the film physically returned by each Apollo mission.
|
|
|
Post by ka9q on Jul 19, 2010 18:02:23 GMT -4
The only consumable they really lacked was the spare LiOH canisters (which were about a foot away outside in the MESA and totally unreachable) I wonder if they would ever have considered an EVA to get them. They actually had plenty of oxygen - ironically, given the loss of the O 2 tanks in the SM - and could have afforded a single cabin dump. The EVA could have been done from just one spacecraft with the tunnel hatches closed to save the atmosphere in the other, with the OPS providing backup O2. Just outside on the LEM was another potentially useful item: the plutonium fuel capsule for the SNAP-27. It dissipated about 1.5 kW of heat, enough to have kept them nice and warm instead of freezing on their way back. And it could have been recovered and reused instead of being allowed to re-enter uncontrolled along with Aquarius to drop into the ocean. Contrary to popular belief, radiation would not have been a significant hazard. Plutonium dioxide was chosen specifically because it was a pure alpha emitter with minimal radiological hazards. The real problem would have been ensuring a way to get rid of all that heat at all times during the return, entry and recovery.
|
|
|
Post by ka9q on Jul 19, 2010 15:59:31 GMT -4
I was reminded also of the Gare de Lyon railway accident in Paris in 1988 - a remarkably long sequence of events required to cause the accident, and preventing any one of them would have averted or greatly mitigated the severity of the accident. I was unaware of that one, so I just read about it. Yes, a very interesting chain of occurrences and unintended consequences. As a communications engineer, I find it interesting that a major contributing cause was a lack of identification of the runaway train. It's not so surprising that an analog radio wouldn't identify him, but he also sounded an alarm of some kind. I definitely would have expected it to identify the specific location. I wonder if the Shuttle or ISS comm systems identify the speaker. Probably not. Even though the over-the-air transmission is digital, the audio system within each spacecraft is probably a simple analog bus, just as they've always been. This feature just might be important in an emergency some day.
|
|
|
Post by ka9q on Jul 19, 2010 15:44:32 GMT -4
and yet they seemed to get away with some startlingly courageous decisions (Apollo 12 comes to mind in particular). But with the Shuttles the policy seemed to be "Launch unless proven unsafe". What about Apollo 12? Do you mean the decision not to abort after the lightning strikes? I attribute that to the MOCR rules "If you don't know what to do, do nothing" and "Never call an abort without two independent indications". I've always thought both rules are good ones that should get wider attention. Minor problems are often made worse by operator overreaction (again, Three Mile Island). The FAA does try to investigate close calls, so sometimes you can study what could have been serious accidents that were averted late in the chain of causes.
|
|
|
Post by ka9q on Jul 19, 2010 6:35:37 GMT -4
The one Apollo 13 decision I've always had my doubts about was the decision to keep the SM attached all the way back to earth. I know the stated reason: concern that the heat shield on the bottom of the CM might not survive being exposed to deep space. But I've never been able to find out if that concern was based on an actual test or analysis, or if it was just one of those "well, we just don't know" kinds of things. There were a lot of unknowns during Apollo 13, including whether they'd make it back before their consumables ran out. As it turned out, they did. But they could have made it back a lot faster without that excess dead weight.
I've also wondered about the decisions taken to diagnose the fuel cells immediately after the explosion. It wasn't known at the time that the explosion had shocked the O2 valves closed for FCs 1 and 3; in fact, it wasn't even known for some time that there'd been an explosion. There was no telemetry on the states of those valves, and even the c*ckpit indications were such that the valves appeared open because the H2 valves appeared open. [note added - does this board really censor that two-syllable word for the control area of a spacecraft or airplane? Geez.]
But as I read the blow-by-blow I kept wondering "why didn't it occur to somebody to at least cycle those valves?"
I knew that if you shut down the fuel cells you couldn't restart them, but I had understood the reason to be that you didn't have the power to bring them up to operating temperature in space. Ground power was needed for that.
I recently asked Sy Liebergot about this and learned something new: a loss of pressure in the O2 feed to the fuel cell allowed the KOH electrolyte (which was pressurized) to break out through the anode and damage the fuel cell in under a minute. Suddenly it made sense. Not that it would have made any difference, of course.
|
|
|
Post by ka9q on Jul 18, 2010 16:47:47 GMT -4
Great point, Raven! Now does anybody know if the LM DPS engine was ever tested for restarts? (I suppose if it failed they would've jettisoned the descent stage and used the ascent engine; but no throttle, then!) Jettisoning the descent stage would also discard most of their batteries, water and oxygen supply. That was not an option...
|
|
|
Post by ka9q on Jul 18, 2010 16:45:55 GMT -4
It's amazing how the hoax enthusiasts have whooped it up over this one. They really think this incident has somehow disproven the reality of the Apollo landings. It's as if the fact that, years ago, someone put counterfeit currency in the vending machines at work proves that US currency doesn't exist...
|
|
|
Post by ka9q on Jul 18, 2010 16:43:08 GMT -4
That's what Space-X said, but I still have my doubts. Immediately after staging, the second stage seemed pretty stable. The attitude oscillations built up only later.
At staging, the upper stage tanks are full so there should be little opportunity for the propellants to slosh. That can only happen later as an ullage forms.
So while I can certainly believe that the loss of the mission was caused by sloshing of the upper stage propellants that couldn't be controlled by the flight control system, I find it hard to understand how that was caused by the recontact during staging. They seemed to be two separate phenomena.
Although the upper stage nozzle hit pretty hard - it even looked like it had bent elastically - it seemed undamaged and appeared to operate normally until the end of the video.
I would have thought baffles in propellant tanks are more or less mandatory. It's far easier to just add the baffles than to figure out how to dampen sloshing in software, although they do admittedly add some weight. Baffles also prevent swirling of the propellants, which can add so much roll momentum to the launcher that it could conceivably run out of roll control authority. I noticed the Falcon 1 rolling quite a bit toward the end of its flight.
|
|
|
Post by ka9q on Jul 18, 2010 16:30:32 GMT -4
Why is this effect not apparent in other footage? Oh, but it is apparent in a lot of other footage. You're just not looking at it as closely. How much Apollo EVA footage have you still-framed and carefully examined? LM ascent is the most dramatic example because you've got little bits of insulation flying all over the place, and each bit moves quite far between successive frames. So you get a red dot, then a green dot, then a blue dot, and so on for each bit. It certainly doesn't look natural. Oh, there's another phenomenon that frenat (I think) mentioned, and that's blooming. If the footage you saw passed through a kinescope stage (i.e. display on a CRT and recording by a film camera), then you also have CRT artifacts to consider, and one of those is "blooming". If the high voltage supply to the CRT anode isn't perfectly regulated, then it will decrease as the average picture brightness increases -- such as when Scott and his bright suit enter the picture. A drop in anode voltage causes the electrons to move more slowly and to be deflected by a greater angle as they pass through the magnetic deflection yoke. This causes the entire picture to get a little bigger, hence the name "blooming". I think I can detect a little of this as Scott enters the picture. It's easy to forget about a lot of these video artifacts as we look at our modern LCDs driven by digital computers displaying digital data that had been transferred over a digital network. Digital systems don't accumulate artifacts at each stage; analog systems, like those on Apollo, do. One of the reasons I'd really been looking forward to going back to the moon was to see it all over again but in digital high definition TV, with a continuous real-time stream of high resolution digital still photography better than the Apollo Hasselblads. The communications aspect of Apollo helped inspire me into a career in communications engineering, and we've come so far since then...
|
|
|
Post by ka9q on Jul 18, 2010 16:11:50 GMT -4
Gotcha. Thanks, Jay, for an excellent write-up.
Of course, waivers aren't always a good thing, as we saw in both the Challenger and Columbia accidents, which bore some remarkable similarities. In both cases we had engineers (or their managers, to be fair) who seemed to argue that just because an accident hadn't happened already, that things were safe. They didn't understand the basic concepts of probability; that just because you got an empty chamber the first time you played Russian roulette didn't mean that it was safe to continue playing it.
Taking your example, it's as if your components, instead of maintaining their lengths after manufacture, somehow randomized themselves after each mission. So while their overall length might be within specifications most of the time, the law of large numbers gave you a normal distribution with a very long tail that, some of the time, put you outside the specifications.
Although I'm not a forensic engineer, from time to time I do read accident investigation reports. I think I developed the habit when I read the Challenger report. They can be remarkably educational. Accidents rarely happen because of a single cause. They invariably seem to happen after a long series of events, any one of which could have prevented the accident had it not happened. This is especially true for aviation, which has become so mature that serious accidents are a real rarity. (I guess if it weren't true that aviation accidents are the result of a long chain of events, we'd have many more of them.)
You see the same thing in shipping. My favorite shipping accident report was done by the Australian government about a container ship that ran onto the Great Barrier Reef because the bridge officer in charge was talking to his mother-in-law on his mobile phone. He missed the alarm for a turn from the GPS because he and his wife, who was on board for the first time, went out onto one of the bridge wings and closed the door to block the noise from a vacuum cleaner being used by one of the seamen to clean the carpet. The crew was from southern Asia, and the report noted that the culture is such that subordinates in a hierarchy simply don't question their superiors: the guy vacuuming the rug heard the alarm but didn't think it was his place to notify the officer on duty.
You see this kind of thing over and over in accident reports. A long chain of events that would be almost comical (or the plot of a farcical movie) if not for the serious consequences.
I've also learned that there are definite limits to human reliability. It doesn't matter how well trained or experienced you are, sooner or later you're going to do something really stupid. You see this a lot in transportation accidents of all types. Humans just aren't well suited to situations where nothing happens for a very long time, and then suddenly and without warning you have to make a crucial decision.
I really do think we need to revisit the age-old debate of the proper relationship between men and machines. I think there's an unwarranted belief out there that the human is ultimately more reliable than the machine, and that's just not always so. We need human/machine systems that make better use of the best features of both. Humans are best when it comes to making complex reasoned judgements with plenty of time to do so, while machines are best at dealing with relatively simple problems that can appear suddenly after many hours of routine operation, which must be handled very quickly, and which are common enough that they can be thoroughly analyzed in advance and the software written to provide the proper responses. There have been any number of accidents where, had the human simply taken his hands off the controls, the automatic systems would have recovered. Three Mile Island is an example; the operators shut off the core cooling system that was keeping the reactor in a safe state.
|
|
|
Post by ka9q on Jul 18, 2010 4:49:01 GMT -4
Okay, it can't be air moving the flag.......so what can it be. There appears to be a small movement when he's 2 feet away. I've studied this one quite a bit, and I conclude you're seeing video artifacts. First of all, the color TV system used by Apollo is quite different from the one used in the US until the recent switch to digital. There's only one camera tube, with a rotating color wheel in front that sequentially exposes each field to red, green and blue light. Except for this rotating filter, the signal coming out of the camera is essentially a standard black and white signal. Back on earth, the individual fields are recorded on a magnetic disk and read back to synthesize a NTSC (US color standard) image. Note what this means: the individual color components in each TV frame that you see (especially when still-framing) do not come from the same instant in time. That's why you so often see those colored artifacts in Apollo video, especially on rapidly moving objects (like the "confetti" during LM ascent). Second, the image you're seeing has been through an additional step of lossy digital compression. MPEG-2 (and all later schemes) code across several frames in time, looking for parts of each picture that remain the same so they don't have to be repeatedly transmitted. Combine all these artifacts and it's not at all surprising that you might, while still-framing a video, see what looks like something beginning to move before it actually started to move.
|
|