thomas@mvac23.UUCP (Thomas Lapp) (08/05/90)
drd@siia.mv.com (David Dick) writes: > If every part must work perfectly every time, it's a wonder > the shuttle hasn't failed more often. I would say that > any engineered system in which "every part is critical" is > rather badly designed. I would guess it depends on the use of the term 'critical'. It may be critical that all of the parts perform to specifications, but does it also mean that every part must perform? Maybe the specs say that a system contains two components, of which at least one must work each time. So although the system is a critical one, you can tolorate a failure of one of the components. If I design a part for some value of extremes which will never be reached, and test it to those extremes, than I would have a pretty good idea that as long as the specs are less than the extremes, that I would be pretty well assured that my part would work every time under normal conditions. Doesn't seem like too poor a method of design to me. Am I missing something here? - tom -- internet : mvac23!thomas@udel.edu or thomas%mvac23@udel.edu uucp : {ucbvax,mcvax,psuvax1,uunet}!udel!mvac23!thomas Location : Newark, DE, USA Quote : I know how to spell banana, I just don't know when to stop -- The UUCP Mailer
gary@ke4zv.UUCP (Gary Coffman) (08/08/90)
In article <313.UUL1.3#5131@mvac23.UUCP> thomas@mvac23.UUCP (Thomas Lapp) writes: >drd@siia.mv.com (David Dick) writes: >> If every part must work perfectly every time, it's a wonder >> the shuttle hasn't failed more often. I would say that >> any engineered system in which "every part is critical" is >> rather badly designed. > >I would guess it depends on the use of the term 'critical'. It may >be critical that all of the parts perform to specifications, but >does it also mean that every part must perform? Maybe the specs >say that a system contains two components, of which at least one >must work each time. So although the system is a critical one, >you can tolorate a failure of one of the components. > >If I design a part for some value of extremes which will never be >reached, and test it to those extremes, than I would have a pretty >good idea that as long as the specs are less than the extremes, that >I would be pretty well assured that my part would work every time >under normal conditions. Doesn't seem like too poor a method of >design to me. Am I missing something here? > - tom It's called fault tolerant design or soft fail. All parts eventually fail. Fault tolerant design tries to eliminate single point failures as a reason for disaster. In a good design, it takes an unlikely combination of failures to cause loss of vehicle. That's why modern automobiles have dual braking systems. That's why an Eastern captain once announced over the intercom "that's why they put four engines on this here aeroplane" after losing an engine on takeoff. We returned safely to the airport that time. Any design that has multiple single point failure modes that result is loss of vehicle is a poor design. In very high performance vehicles, like most rockets including the shuttle, there are many potential single point failures. So these designs are very poor when considered as fault tolerant designs. Therefore, anyone who believes or is led to believe that these designs are safe and reliable by normal standards, is badly mistaken. High performance rocketry is a high risk business with loss of vehicle accidents being almost certain. Any program that does not plan for loss of vehicle accidents and the necessity of replacement vehicles and crews is fatally flawed. Rocketry like combat must routinely be planned with losses and replacements clearly stated up front. NASA did not sell the program to the Congress or the people in this manner. Thus the hoopla over the Challenger. Gary