[sci.space.shuttle] Launching shuttles too soon

rjnoe@uniq.UUCP (Roger J. Noe) (11/18/86)

In article <260@cartan.Berkeley.EDU> desj@brahms (David desJardins) writes:
> In article <137@uniq.UUCP> rjnoe@uniq.UUCP (Roger Noe) writes:
> >....  Once those problems are known, solutions
> >can be devised for them, within the limits of practicality (time, money,
> >available technology, so forth).
> 
>    Exactly.  In this particular case the limit is not one of money ...
> but one of time.

But is the perceived shortness of time due to unbridled eagerness to resume
launches, or is it because we've made a reasonable effort to discover previous-
ly unknown problems and to implement corrections for known problems?  Only the
latter is (in my opinion) proper justification for saying that further delay
is unwarranted.  When the point is reached where we can honestly say (not just
about the SRB joints, but about all the criticality-1 problems) that we've made
a reasonable attempt to rectify the problems we know about and that further
delay would be all out of proportion to the expected gains in safety and
functionality, then and only then will it be time to reconsider launching
again.  This is precisely what happened following the 204 fire and that's
precisely what we should be doing now.

> >....  Only one who is foolhardy would
> >choose to ignore a known problem such as with the SRBs right now and say,
> >"Sounds like an acceptable risk to me."
> 
>    This is where you are wrong.  What is foolish is to refuse to fly until
> all known problems are fixed, regardless of the cost (in time and money).

Just *who* is proposing that?  Not me.  Because to fix all known problems
either requires infinite time and money or the attitude of an ostrich.
I have neither.  What is important is that we not be reckless, that we
not take *unreasonable* risks.

> It is also hypocritical, in that other equally serious problems are being
> neglected while others get the publicity.  I think that any person who is
> knowledgeable about the shuttle would agree that if the shuttle were to be
> launched immediately, with simple precautions (e.g., not launching in arctic
> weather!), that the risk of loss due to SSME malfunction would be substan-
> tially than the risk of SRB failure.  The main engines are extremely com-
> plicated, and an internal failure which would be minor in a more ordinary
> piece of hardware could easily prove fatal inside of the SSME.  But we
> accept this (known) risk of flying the shuttle; why are the SRB risks any
> different?  In each case the only rational approach is to analyze the
> risks and benefits of a launch and determine if it is desirable.

As a matter of fact, that last sentence is where we are in agreement.  We
just have different conclusions.  The SRB problem, to use your example, is
different from the SSME situation in quite a few ways.  One way is that there's
not a lot more that can be done with the SSMEs to make them much safer, without
huge outlays in time and money.  Not true with the SRBs.  Several ideas have
come under consideration and none of them will take an incredible amount of
resources.  I had hoped (over ten years ago) that the STS would be completely
reusable, all liquid-fueled, with engines to provide power for the orbiter
vehicle to use to abort a landing, if necessary.  Expensive?  You bet.
But in the design phase, I think it would have been well worth it.  Do I
favor redesigning STS to that extent now?  Absolutely not; it's impractical.
It makes much more sense to fix the SRBs now.  As for what problems generate
publicity and receive attention by the media, I think we can trust NASA to
see that things get fixed, as long as we give them the money they need to
do the job.  I don't make a habit of second-guessing experts and telling
others how to do their jobs.

> >.... Certainly they knew that some
> >problems were unsolvable and would result in loss of orbiter and crew.
> >Those problems were undoubtedly given most careful consideration and the
> >conclusion was such problems were unlikely in the extreme.
> 
>    Nonsense.  I don't have access to internal NASA documents, but I'm sure
> that the estimated probability of mission failure was at least 10-20%.  And
> if it was at the low end of this range they were being unrealistic.

How can you say you're certain of the estimated probability of failure without
consulting experts?  Are you an aerospace risk assessment engineer?  And how
are you defining "mission failure" probability?  If you refer to the chance of
losing both orbiter and crew, you'd better check the figures.  I've worked in
aerospace, especially engineering on some very new designs, and I find it very
hard to believe that any responsible organization would insist on testing an
untried design if they calculated the probability of losing both pilot and
aircraft at one in five.  That's reckless.  If you can't reduce the chance
well below that, there's just no point in trying it, unless you were the one
who invested *all* the time, money, and talent in the project and it's only
your life at risk and therefore no one else at all has anything to lose if
you choose to be reckless.  (I am also ignoring here possibilities of risk
to innocent bystanders and the public at large, which would of course enter
into consideration in a real situation.)

> >....  Had they known about this SRB mis-
> >feature I would hope that they would have said the risk is unacceptable;
> >let's do something about this problem first, then we'll fly.
> 
>    Why would you hope this?

Obviously, to prevent an accident.  While it is ironic that it took an event
such as 51-L to get a 40 per cent increase in the NASA budget, I hardly look
upon this turn of events as very positive [sarcasm].  We are making the best of
an adverse situation, or we would be had we more presidential direction.  (I
used to say that the thing this country's space program lacked most was money;
now I think that our lack of strategic goals has overtaken even this.)  But
I see nothing desirable in taking unnecessary risks and then rationalizing any
accidents that do occur as the "cost of doing business" or as ways of getting
the public's attention and their money.  (I can just see it now - a novel that
claims an internal NASA conspiracy to blow up a shuttle and kill seven people
just to get some attention and more funding.  It's not even funny, and it could
very well happen.  The novel, that is.)

> >And that's what the astronauts seem to be saying now.
> 
>    As I have said, I find this impossible to believe.  Henry has quoted
> sources which say otherwise.

Certainly there is a range of opinions within the astronaut corps.  It does
consist of over eighty individuals.  I wish I knew some astronauts personally
so I could ask them what the consensus of opinion is, if there is one.  Failing
that, about all we can do is rely on the public statements of astronauts and
assume they are somewhat representative of the others.  John Young, Bob Crippen
and Sally Ride have all been outspoken in this area.  A number of other astro-
nauts have also made public comments on the subject.  These have been published
in newspapers, news magazines, and "Aviation Week" (which some people say is
more of a gossip column than a trade news magazine :-).  I have yet to read
one attributed statement by a flight-status astronaut that any group of them
believes that launches should resume immediately.

> >In article <207@cartan.Berkeley.EDU>, desj@brahms (David desJardins) writes:
> >...
> > >    Finally, if the astronauts we have aren't willing to fly, then we
> > > should be training some who are (whether or not shuttle flights are to
> > > be resumed).
> >
> >... there is a big difference between bravery and stupidity.
> >I think the astronauts who say they want to continue flying after the
> >SRBs are fixed display a great deal of courage.
> 
>    Are you joking?  Why would anyone become an astronaut who is not willing
> to accept the risks?

Depends what risks you mean.  There are risks that can't be avoided because of
our imperfect knowledge.  There are risks that can be lessened or circumvented
entirely through the application of technology, patience, and rational thought.
There are risks about which little can be done because of our limitations as
human beings.  There are risks about which we choose to do little or nothing
out of practical considerations.  I think anyone who would be an astronaut must
accept these risks.  This does not include risks of which we are aware and
about which we do nothing because we're in a hurry.  To accept such risks is
not courageous, it's temerarious.  Perhaps you've heard the saying, "There are
old pilots and there are bold pilots, but there are no old, bold pilots."

>    The point is that the astronauts were willing to accept much greater
> risks on the early flights, so why are lesser risks suddenly too much to
> accept?

I disagree with your assessment that the first shuttle flights were
riskier than is flying now with the problems the STS is known to have.
The SRBs, in particular, were among the elements with what was perceived
to be the lowest chance of failure.  Taking this as true meant that the
complete lack of a redundant system was acceptable.  The first two minutes
of a shuttle mission are anomalous; the lack of fail-redundancy is odd enough
but the SRBs at this point aren't even fail-safe!  You can lose two SSMEs
and still have ditching capability but if even one SRB malfunctions at this
point, that's "game over!"  (For those of you who saw "Aliens.")  The problem
existed on STS-1, but it wasn't until 51-L that it was commonly known.  And
that makes all the difference.

> >I wouldn't want to fly with anyone so reckless as to propose resuming launch
> >of shuttles without attempting to understand and fix the SRB problem.
> 
>    The problem *is* understood, and a large part of the fix is not flying in
> certain conditions and taking certain precautions.

Partially true.  But it's premature to say we thoroughly understand what
happened to 51-L, why it happened, what similar malfunctions could occur in
future flights and how to lessen the chance that they will happen.  It was only
a few weeks ago, I think, that Morton Thiokol duplicated the joint rupture for
the first time since the accident.  You seem to agree that the shuttle should
not fly (at least) until this problem is understood and fixed, to whatever
extent is feasible.  The difference of opinion is over whether or not the
problem has yet been understood, fixed, and what the limits of feasibility are.

>    *I* wouldn't want to fly with someone so irrational as to demand that
> certain risks be reduced while other, larger risks remain.  Nor with someone
> so irrational as to be willing to fly with a 10% unknown risk but not with
> a 1% known risk.

Where do you get these ideas, David?  I'm in favor of reducing *all* major
risks, when practical and clearly beneficial to do so.  And how can you
measure the amount of unknown risk?  Rational behavior dictates doing what
is practical to reduce known risks.  You can't do much about unknown ones.

> >It's not that I don't think the goal is worth risking lives.  Quite the
> >contrary, I do think the risk is worthwhile and I'm willing to take that
> >risk personally.  But flying the shuttle now, without fixing the SRBs (at
> >least!) first, is unconscionable.  Should the tragedy repeat itself, the
> >result would be a waste of human life.  I cannot condone such a waste....
> 
>    I have this feeling that we are never going to understand each other.

How well one understands others is largely a result of how much one wants to
understand others.  I can understand precisely why you say what you say but
still disagree with your conclusions.

> I can't understand how you can worry so much about a few lives while millions
> die every year whom you could have saved by giving them some food.  Or while
> thousands are killed with weapons paid for by your tax dollars.  Or while
> thousands of accident victims could be saved by an investment in trauma
> centers.  If your desire is to save lives, it makes a lot more sense to
> invest your dollars and time in those things than to worry about making the
> shuttle safe.

This reeks of the same thinking that some people have used over the last two
decades in protest of spending money on space exploration.  "Why spend billions
on going to space when there are people starving in Berkeley, California?"
The argument is specious and has been presented and refuted too many times
already.  I think we've got better things to do with sci.space.shuttle.

>    It seems instead that your interest is in saving a few *particular* lives.

Yes!  Have you figured out *why* I am so concerned with these few particular
lives?  Because when we lose them we stand a chance of losing our space
program.  As valuable as I consider individual human lives to be, I think
the continued exploration of space is more important.  If we proceed too
quickly, if we aren't careful enough, if we WASTE human lives in an accident
that should have been avoided, then the citizens of this country just may
decide that people don't belong in space and that decision would be more of
a tragedy than the death of seven remarkable people.  The exploration of space,
especially by people, holds such promise for our species that my attitude is
that it MUST NOT be stopped.  I have my sights set on the long term and I
don't want to see that goal traded off for one or two years of shuttle
missions in the short term.  Rash actions now may do just that.

> And if you value the possible preservation of those particular lives more
> than the benefits of resuming shuttle launches, then I can note that you are
> being irrational, but I don't see how I can change your mind.
> 
>    -- David desJardins

You may have that opinion, but you should see now why I think it is more
rational to be patient, to assure the long-term continuation and expansion
of space exploration rather than resuming shuttle launches one year ahead of
the current schedule.  As for changing my mind, you have no more chance of so
doing than I do of *wanting* to change your mind or anybody else's.  I value
differences in how people think, even when I disagree strongly with their
ideas.  It is precisely this kind of dialogue which will sustain people's
interest over the long dry spell until we're back in space again.  Such
exchange of ideas will ultimately make our space program stronger and space
exploration will eventually benefit the human race far in excess of its
cost.
	Roger Noe			ihnp4!uniq!rjnoe
	Uniq Digital Technologies	(312) 879-1566
	Batavia, Illinois  60510	41:51:10 N.  88:18:25 W.
--
"While chaotic and inane ramblings abound, [USENET] is quite popular."
	Communications of the ACM, vol. 29, no. 10 (Oct. 1986), p. 958.

desj@brahms (David desJardins) (11/19/86)

In article <139@uniq.UUCP> rjnoe@uniq.UUCP (Roger J. Noe) writes:
>But is the perceived shortness of time due to unbridled eagerness to resume
>launches, or is it because we've made a reasonable effort to discover pre-
>viously unknown problems and to implement corrections for known problems?
>Only the latter is (in my opinion) proper justification for saying that
>further delay is unwarranted.  When the point is reached where we can
>honestly say (not just about the SRB joints, but about all the criticality-1
>problems) that we've made a reasonable attempt to rectify the problems we
>know about and that further delay would be all out of proportion to the
>expected gains in safety and functionality, then and only then will it be
>time to reconsider launching again.  This is precisely what happened
>following the 204 fire and that's precisely what we should be doing now.

   Great.  I can honestly say that further delay would be all out of
proportion to a risk that I estimate at 1%.  Let's go.


>> >....  Only one who is foolhardy would
>> >choose to ignore a known problem such as with the SRBs right now and say,
>> >"Sounds like an acceptable risk to me."
>> 
>>    This is where you are wrong.  What is foolish is to refuse to fly until
>> all known problems are fixed, regardless of the cost (in time and money).
>
>Just *who* is proposing that?  Not me.  Because to fix all known problems
>either requires infinite time and money or the attitude of an ostrich.
>I have neither.  What is important is that we not be reckless, that we
>not take *unreasonable* risks.

   You said (the quote is immediately above!) that it would be foolhardy to
decide that a known problem constitutes an acceptable risk.  The words are
right there in black and white.  If you can never decide that a known problem
constitutes an acceptable risk then you can never launch.  Period.
   With regard to your restatement, what is your criterion for determining
whether a risk is reasonable or unreasonable?  My criterion (and, I think,
the rational one) has already been presented -- the value of launching must
be weighed against the expected costs.
   If you were to accept this criterion, I find it hard to understand how
you could argue against shuttle launches.  Make the pessimistic assumption
that the probability of SRB failure is 1% for each launch (it should be
quite low, given that we know what conditions to avoid and can pay special
attention to SRB assembly).  That comes out to an expected cost of around
$25M, based on an orbiter replacement cost of $2G+, plus the cost of other
items like the SRB casings and crew training.  The mean cost to NASA of
each shuttle flight (not depreciation, just operational costs) is something
like $200M, so the additional cost of accepting the SRB risk seems to be
fairly small.  But the real kicker is that, of that $200M, much of it is
expenses that NASA incurs even if there are no shuttle launches!  Personnel
costs, maintenance of facilities and equipment, and so forth, cannot be
substantially reduced.  And there is a hidden cost even in those expenses
that can be reduced -- the cost of losing trained personnel.  Suppose that
NASA can reduce its costs by 75%, to only $50M per launch canceled -- a
very optimistic estimate.
   Then, I claim, the additional cost of launching a shuttle immediately,
*even including the cost of assuming the SRB risk*, is only $150M + $25M,
or LESS than we have been willing to pay for previous shuttle launches,
and less than we will pay once launches are resumed.  Not to mention other
benefits, such as improved morale and avoiding the cost of rescheduling or
canceling shuttle payloads, which can hardly be estimated.
   So, if you accept the cost analysis criterion, it is impossible for me
to understand how you can oppose the resumption of shuttle flights.


>How can you say you're certain of the estimated probability of failure without
>consulting experts?  Are you an aerospace risk assessment engineer?  And how
>are you defining "mission failure" probability?  If you refer to the chance of
>losing both orbiter and crew, you'd better check the figures.  I've worked in
>aerospace, especially engineering on some very new designs, and I find it very
>hard to believe that any responsible organization would insist on testing an
>untried design if they calculated the probability of losing both pilot and
>aircraft at one in five.  That's reckless.  If you can't reduce the chance
>well below that, there's just no point in trying it, unless you were the one
>who invested *all* the time, money, and talent in the project and it's only
>your life at risk and therefore no one else at all has anything to lose if
>you choose to be reckless.  (I am also ignoring here possibilities of risk
>to innocent bystanders and the public at large, which would of course enter
>into consideration in a real situation.)

   Let's use some simple statistics.  There were approximately two dozen
manned US space flights before the shuttle.  Two of these resulted in what
I would call "mission failure," one in loss of vehicle and crew.  Thus,
our a priori assumption would be that the chance of mission failure on manned
flights seems to be about 10%.
   There are obviously many other factors to be considered.  On the positive
side: much greater knowledge about rocket propulsion and space flight in
general and technological improvements since the 1960s and early 70s.  On
the negative side: at the time of the first launch the shuttle was the
most complicated and least tested of US manned space vehicles; in particular,
neither the SSMEs nor the SRBs had been tested in flight, nor had the thermal
protection been tested on atmospheric reentry, nor had there ever been a
flying reentry from orbit (although there had been some testing of the
shuttle's landing capability, and of course extensive simulation).
   In my opinion, the technological advancement about makes up for the
greatly increased complexity of the shuttle, and so the relative lack of
testing would put the first shuttle launch at greater risk than previous
space flights.  A more optimistic assessment perhaps would estimate the
risks as equal.

   No doubt you could produce some calculations which would have a much
smaller result.  But, as you yourself say later in your article, it is
impossible to estimate unknown risks accurately.  For example, the estimate
of the risk of catastrophic SRB burnthrough was obviously much too low
(although flying it outside its rated temperature range certainly didn't
help!).  I am not saying that risk assessment has no value; quite the
contrary.  It has great value for estimating relative risks and setting
priorities.  But to pretend that the numbers produced by risk-assessment
engineers are accurate predictions of the probability of failure is just
fantasy.
   I wish I had access to the data, say of risk assessments for all US
space flights, so that I could perform a statistical analysis of the
relationship between predicted and observed risks.  I am very confident
that the results, when applied to shuttle risk assessment figures, would
justify my estimates of the probability of failure of the initial shuttle
mission.


>I disagree with your assessment that the first shuttle flights were
>riskier than is flying now with the problems the STS is known to have.
>The SRBs, in particular, were among the elements with what was perceived
>to be the lowest chance of failure.  Taking this as true meant that the
>complete lack of a redundant system was acceptable.  [...]  The problem
>existed on STS-1, but it wasn't until 51-L that it was commonly known.
>And that makes all the difference.
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
   This is precisely the point.  It makes no difference at all.  The risk
is the same regardless of whether you know about it!  The *only* difference
is that until a shuttle actually blows up you can hide your head in the
sand and pretend that it is perfectly safe.  And then after the accident
you can pretend that it is completely unsafe.  But the *fact* of the matter
is that the danger was always exactly the same.
   It appears to have turned out that the risk of initial shuttle flights
was less than we might have expected -- certainly less than I expected --
it seems to have been on the order of 5%.  But we must realize that we
have been very lucky!  I'm sure that if you had told the shuttle designers
before the launch that we would have 24 perfect shuttle flights (i.e., no
mission failures) they would have been *extremely* pleased.  For that matter,
I don't know of any informed analyst who failed to predict that we would
lose at least one shuttle during the life of the shuttle program.  So why,
when that loss finally occurs, do we pretend that the risk of flying the
shuttle has increased?  In fact the risk has *decreased* substantially,
because we have now identified one of the major unknown failure modes of
the shuttle and can take steps to mitigate it.


>Partially true.  But it's premature to say we thoroughly understand what
>happened to 51-L, why it happened, what similar malfunctions could occur in
>future flights and how to lessen the chance that they will happen.  It was
>only a few weeks ago, I think, that Morton Thiokol duplicated the joint
>rupture for the first time since the accident.  You seem to agree that the
>shuttle should not fly (at least) until this problem is understood and fixed,
>to whatever extent is feasible.  The difference of opinion is over whether
>or not the problem has yet been understood, fixed, and what the limits of
>feasibility are.


>>    *I* wouldn't want to fly with someone so irrational as to demand that
>> certain risks be reduced while other, larger risks remain.  Nor with someone
>> so irrational as to be willing to fly with a 10% unknown risk but not with
>> a 1% known risk.
>
>Where do you get these ideas, David?  I'm in favor of reducing *all* major
>risks, when practical and clearly beneficial to do so.  And how can you
>measure the amount of unknown risk?  Rational behavior dictates doing what
>is practical to reduce known risks.  You can't do much about unknown ones.

   Here is the quote I referred to above, where you admit that risk assess-
ment cannot do much to measure unknown risks.
   In any case, your reply is not responsive.  Do you agree that the first
shuttle flight was much more hazardous than an immediate one would be now?
This seems impossible to deny, given that we can now substantially reduce
the chance of SRB failure by avoiding certain launch conditions, and further
given the fact that there seems not to have been a single serious design
flaw on the shuttle itself, which is amazing given its great complexity
(i.e., it would not have been all that surprising to lose one of the first
few shuttle flights to, say, a structural weakness, while it would be very
surprising now).


>> I can't understand how you can worry so much about a few lives while
>> millions die every year whom you could have saved by giving them some
>> food.  Or while thousands are killed with weapons paid for by your tax
>> dollars.  Or while thousands of accident victims could be saved by an
>> investment in trauma centers.  If your desire is to save lives, it makes
>> a lot more sense to invest your dollars and time in those things than to
>> worry about making the shuttle safe.
>
>This reeks of the same thinking that some people have used over the last
>two decades in protest of spending money on space exploration.  "Why spend
>billions on going to space when there are people starving in Berkeley,
>California?"  The argument is specious and has been presented and refuted
>too many times already.  I think we've got better things to do with
>sci.space.shuttle.

   Then why the hell do you bring it up?  I didn't make this argument; I
didn't even say anything that resembles it.  *You* brought it up in order
to discredit what I was saying by associating it with this nonsensical
argument, while not having to respond to what I said.
   Again, I will ask you specific questions.  Do you deny that, if you
desire to save lives, you could save more lives by spending $100M on trauma
centers, or cancer research, or aid to Ethiopia, than you could by spending
that $100M on making the shuttle safer?  The truth of this seems to be self-
evident, since you could save at most seven lives on the shuttle, while any
of the alternatives would save a hundred or more lives.
   And then, if you accept the above, do you admit that your interest in
making the shuttle perfectly safe cannot be solely justified by an interest
in saving lives?  This is the only point I was trying to make.  You may
accept it, but the person to whom I was replying with the above lines did
not, and that is why I wrote them.


>>It seems instead that your interest is in saving a few *particular* lives.
>
>Yes!  Have you figured out *why* I am so concerned with these few particular
>lives?  Because when we lose them we stand a chance of losing our space
>program.  As valuable as I consider individual human lives to be, I think
>the continued exploration of space is more important.  If we proceed too
>quickly, if we aren't careful enough, if we WASTE human lives in an accident
>that should have been avoided, then the citizens of this country just may
>decide that people don't belong in space and that decision would be more of
>a tragedy than the death of seven remarkable people.

   Aha!  This I can agree with.  It is certainly true that the American
people are too stupid to understand why lives should and must be risked,
and so for political reasons it may well be best to avoid risks that would
otherwise be acceptable.  So if you believe that these political consider-
ations make it necessary to avoid risks that would otherwise be acceptable,
then I (and, I suspect, Henry as well) will admit that this might well be
correct -- while I may still disagree, I can at least understand this point
of view.

   -- David desJardins

cdaf@iuvax.UUCP (Charles Daffinger) (11/20/86)

Common, People... 260+ lines... three levels of followups quoted?
I know it's been said dozens of times, but once more..

  P L E A S E, please trim the dead weight out!

-charles    (sorry for the clutter)

-- 
... You raise the blade, you make the change, you re-arrange me til I'm sane...
    Pink Floyd

rjnoe@uniq.UUCP (Roger J. Noe) (11/21/86)

In article <359@cartan.Berkeley.EDU>, desj@brahms (David desJardins) writes:
> In article <139@uniq.UUCP> rjnoe@uniq.UUCP (Roger J. Noe) writes:
> ...
> >... [have we] made a reasonable effort to discover previously
> >unknown problems and to implement corrections for known problems?
> >Only [that] is (in my opinion) proper justification for saying that
> >further delay is unwarranted.  When the point is reached where we can
> >honestly say [about critical problems] that we've made a reasonable
> >attempt to rectify [these problems] and that further delay would
> >be all out of proportion to the expected gains in safety and functionality,
> >then and only then will it be time to reconsider launching again.
> ...
>    Great.  I can honestly say that further delay would be all out of
> proportion to a risk that I estimate at 1%.  Let's go.

That's your opinion.  As you can see, not everyone agrees with that opinion.

[To avoid four levels of inclusions, the next few paragraphs are presented as
a dialogue.]

RJN: .... Only one who is foolhardy would choose to ignore a known problem
     such as with the SRBs right now and say, [the risk is acceptable]

DdJ: This is where you are wrong.  What is foolish is to refuse to fly until
     all known problems are fixed, regardless of the cost (in time and money).

RJN: Just *who* is proposing that?  Not me.... What is important is that we not
     be reckless, that we not take *unreasonable* risks.

DdJ: You said (the quote is immediately above!) that it would be foolhardy to
     decide that a known problem constitutes an acceptable risk.  The words are
     right there in black and white.  If you can never decide that a known
     problem constitutes an acceptable risk then you can never launch.  Period.

Read it again, David.  "... a known problem SUCH AS WITH THE SRBs RIGHT NOW"
(emphasis added).  Not just any known problem, but a problem that has already
demonstrated its capacity to destroy STS and crew.  A problem for which, the
experts have said, virtually nothing can be done to prevent "moby lossage"
even if it's detected in advance.  The are a number of criticality-1R problems
which show potential for this much destruction and which are unavoidable after
they start.  It makes good sense to take at least SOME steps to see that they
never get started.

>    With regard to your restatement, what is your criterion for determining
> whether a risk is reasonable or unreasonable?  My criterion (and, I think,
> the rational one) has already been presented -- the value of launching must
> be weighed against the expected costs.

We are in agreement that the value of launching must be weighed against the
expected costs.  But I don't think that expected-case analysis is sufficient;
I think worst-case conditions need to be examined, too.  In the end, it comes
down to a value judgment, which is going to be different for every person.
My standard is to leave it up to the experts, i.e. the NASA and contractor
personnel directly involved with the mission.  If they are all in agreement
that the time is right, I'm comfortable with that.  This, by the way, is
apparently not what happened just before the 51-L launch and demonstrates
the need for independent oversight.  If and when I become immediately
involved in a space mission, I would hope that I have some participation in
the go/no-go decision.

>    If you were to accept this criterion, I find it hard to understand how
> you could argue against shuttle launches.  Make the pessimistic assumption
> that the probability of SRB failure is 1% for each launch ...
> ....  That comes out to an expected cost of around
> $25M, based on an orbiter replacement cost of $2G+, plus the cost of other
> items like the SRB casings and crew training.  The mean cost to NASA of
> each shuttle flight (not depreciation, just operational costs) is something
> like $200M, so the additional cost of accepting the SRB risk seems to be
> fairly small.  But the real kicker is that, of that $200M, much of it is
> expenses that NASA incurs even if there are no shuttle launches!

It's not all dollars, David.  If the same accident happens again, you can be
pretty sure that Congress (with the approval of most of the U.S. citizenship)
and the President will take the STS away from NASA, if not dissolve or
radically change the mission of NASA itself.  Crewed space exploration would
(or very well could) completely cease in the United States for a couple of
generations, easily.  Remember, most of the general public is still under
the impression that space launches are basically safe, that AS-204 and
STS-51L were just flukes.  The truth is that it is very dangerous and
only with the utmost care (and a little luck) can we prevent total disasters.
If we can make plain just how dangerous this undertaking truly is, then
the public could be a little more tolerant of accidents.  Then isolated
(i.e. non-systematic) incidents would have much less chance of causing the
cancellation of entire programs.  But if NASA says, "Uh, we did lose one
orbiter and, coincidentally, its crew, but we're very confident that future
missions will show more nominal performance" then the people are going to
say they're fools and should be stopped.

>    So, if you accept the cost analysis criterion, it is impossible for me
> to understand how you can oppose the resumption of shuttle flights.

Clearly, I reject out of hand the cost analysis criterion.  If STS was meant
to be a for-profit venture, it would be in the hands of NASA, Inc. not NASA,
a U.S. government administration.  It never should have been expected, much
less required, to live up to the profit making fantasy.  Certainly not when
Congress (and its constituency) was unwilling to invest the necessary venture
capital to achieve the kind of operational efficiency they wanted.

>    Let's use some simple statistics.  There were approximately two dozen
> manned US space flights before the shuttle.  Two of these resulted in what
> I would call "mission failure," one in loss of vehicle and crew.  Thus,
> our a priori assumption would be that the chance of mission failure on manned
> flights seems to be about 10%.
>    There are obviously many other factors to be considered.

One of which you are forgetting:  that we show the same care in making mission
decisions that we used to.  In any event, the number of space missions so far
is so small as to be statistically insignificant, from an actuarial point of
view.

> >I disagree with your assessment that the first shuttle flights were
> >riskier than is flying now ....
> >The SRBs, in particular, were among the elements with what was perceived
> >to be the lowest chance of failure.  Taking this as true meant that the
> >complete lack of a redundant system was acceptable.  [...]  The problem
> >existed on STS-1, but it wasn't until 51-L that it was commonly known.
> >And that makes all the difference.
>  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>    This is precisely the point.  It makes no difference at all.  The risk
> is the same regardless of whether you know about it!

I insist this makes all the difference.  You can't do anything about a problem
until you're aware of it.  Accidents because of ignorance, in spite of making
a sound attempt to discover unknown risks, are understandable because they are
unavoidable in any human endeavor.  But to say "why do anything about a problem
I just learned about if it was always there anyway?" is just self-deception.
As it turns out, several people *did* know of the SRB problem beforehand and
either didn't speak up or were silenced by others.  This is inexcusable.  Now
that a major disaster has occurred, we have the opportunity to actually reduce
the risk of shuttle flights, and not only in the area of SRBs.  Up until the
25th shuttle mission, the risk was nearly the same as the first flight, not
significantly less since the engineering changes were limited.  Mostly what
has changed is our confidence in various parts of STS, not the actual risks
associated with flying it.

> .... I'm sure that if you had told the shuttle designers
> before the launch that we would have 24 perfect shuttle flights (i.e., no
> mission failures) they would have been *extremely* pleased.

What do you call a "mission failure?"  Just look at the launch aborts - a
redundant set (of computers) launch sequencer (RSLS) abort June 26, 1984
(41-D, Discovery), another one July 12, 1985 (51-F, Challenger) and then an
abort-to-orbit (ATO) on the same mission when it launched 17 days later
(remember, one SSME shut down and another one was about to had they not
overridden what turned out to be faulty sensors), and a final RSLS abort on
December 19, 1985 (61-C, Columbia), the last mission before 51-L.  Not to
mention malfunctions in fuel cells, on-board computers, auxiliary power
units, remote manipulator system, etc.  But that's four launch aborts in
24 missions.  If you merely define "mission failure" to be loss of crew
and vehicle, that's something different.  But I think many on the design
team would have been less than pleased to find out, before STS-1, that one
orbiter and crew would be obliterated in the first 25 missions.

> ... I don't know of any informed analyst who failed to predict that we would
> lose at least one shuttle during the life of the shuttle program.  So why,
> when that loss finally occurs, do we pretend that the risk of flying the
> shuttle has increased?  In fact the risk has *decreased* substantially,
> because we have now identified one of the major unknown failure modes of
> the shuttle and can take steps to mitigate it.

That "life of the shuttle program" was supposed to be like 100 flights for
each of the orbiters.  One vehicle in 400 launches is 16 times less than one
vehicle in 25 launches.  And it says nothing about losing a crew.

We aren't pretending that the risk has increased; just that we are now aware
of a risk of which we were formerly ignorant.  The risk decreases only when
we *do* take some steps to prevent future occurrences of the problem.  We've
just started on that.

> Do you agree that the first
> shuttle flight was much more hazardous than an immediate one would be now?

No, just about the same.  The difference is that we know of a bug we can start
fixing, and that is what will make future shuttle missions less hazardous than
the first.  We also know of things we didn't before STS-1, things that won't
cause problems.  But that doesn't change either how risky STS-1 was or how
risky an immediate flight would be.

> This seems impossible to deny, given that we can now substantially reduce
> the chance of SRB failure by avoiding certain launch conditions, and further
> given the fact that there seems not to have been a single serious design
> flaw on the shuttle itself, which is amazing given its great complexity

I agree, it is amazing.  Hats off to NASA, Rockwell International, and all the
other contractors with the possible exception of Morton Thiokol. :-)
But the final evidence is not yet in on what else might cause similar launch
accidents.  It seems prudent to take the time to analyze the situation and
make what engineering and operational changes we can to make the occurrence
less likely in the future.  While we're at it, why don't we fix a lot of the
other problems we've been warned about, rather than waiting until after a
disaster has happened?

> .... do you admit that your interest in
> making the shuttle perfectly safe cannot be solely justified by an interest
> in saving lives?  This is the only point I was trying to make.

I am not interested in making the shuttle "perfectly safe" because I do not
pursue unattainable goals.  In any event, I have pointed out that my goal is
not just to save lives (although that is something I do pursue in various ways)
but to save the crewed space exploration program.  One way to accomplish this
is to take steps to help prevent further loss of shuttle orbiters and crews.

> ....  It is certainly true that the American
> people are too stupid to understand why lives should and must be risked,

I would not call them stupid.  Let's just say they don't share my goals.

> and so for political reasons it may well be best to avoid risks that would
> otherwise be acceptable.  So if you believe that these political consider-
> ations make it necessary to avoid risks that would otherwise be acceptable,
> then I (and, I suspect, Henry as well) will admit that this might well be
> correct -- while I may still disagree, I can at least understand this point
> of view.
> 
>    -- David desJardins

I'm happy to see that you have come to understand my point of view, in spite
of your earlier doubts.  I hope that others have found our exchange interesting
and, possibly, enlightening.  Considering what is at stake, this mutual
understanding is very rewarding and all too rare over this medium.  (There
are a couple puns in that sentence for those daring to look.)  Now if we can
only get Congress to talk this much about space exploration ...
	Roger Noe			ihnp4!uniq!rjnoe
	Uniq Digital Technologies	(312) 879-1566
	Batavia, Illinois  60510	41:51:10 N.  88:18:25 W.
--
"While chaotic and inane ramblings abound, [USENET] is quite popular."
	Communications of the ACM, vol. 29, no. 10 (Oct. 1986), p. 958.

animal@ihlpa.UUCP (D. Starr) (11/21/86)

> 
{ You should all be familiar with this argument by now... }

Some observations on the whole controversy:

1.  Political considerations being what they are, *nothing* is going
to get shuttles flying before '88.  A widespread lobbying effort would
be needed to change NASA's policy, and I really doubt that any such 
effort could be effective before 1988 anyway.  Still, lobbying for a
clear *policy* concerning flying/grounding the shuttle over known,
potentially-fatal bugs would be useful, because this situation will 
occur again some day.

2.  On the policy issue, perhaps what NASA needs to do is equip only the
replacement shuttle with an escape system.  Then, when hazardous conditions
are discovered (for example, the O-ring erosion on flights beore 51-L),
there would still be one vehicle which could be flown for missions considered
essential.  Note that this escape system need only be sufficient for a
skeleton crew.

3.  On the escape issue, I wonder:  would Young and Crippen (?) have survived
if the SRB failure had occurred on the first flight of Columbia?  Consider,
somebody stayed conscious long enough to turn on two air packs, and the 
official "cause of death" is now said to be impact with the Atlantic Ocean.
This seems to imply that there is at least some chance that ejection seats
could have been used before impact.  

4.  On the chance of failure of the first shuttle flight, it is worth noting
that NASA had taken precautions against the "most likely" failures.  The
ejection seats were based around the idea that the most likely catastrophic
failure was SSME explosion during or shortly (<20 seconds) after ignition.
This was, at least, where they tended to blow up in tests.

5.  Back to the subject of resuming flights immediately: where would the
payloads come from?  Given that the government has decided to ban commercial
payloads in order to promote an expendable booster industry, and that even
the most enthusiastic supporters of the "launch now" point of view have
identified a lot of scientific payloads (indeed, nearly all of them) that
shouldn't be risked, what's left?  Even spysats are doubtful--given the cost
and lead time for replacing a Big Bird (or equivalent), is the Air Force
really going to be that enthusiastic about launching before this known bug
is fixed?  Probably not, unless the satellites we have in orbit now degrade
severely.  

6.  On a related topic:  I see that Hughes has redesigned the "Jarvis"
proposal to use shuttle parts--ET, one SSME and two SRBs.  I see a problem
here in that, because they use the same technology, a shuttle failure will
(at least temporarily) ground Jarvis, and vice versa.  I thought that one
of the motivations for a new MLV was to provide launch capability when the
shuttle is grounded by technical problems; this proposal certainly doesn't
seem to do that.  The shuttle-based Jarvis is a nice addition to the shuttle
family, but if it's built we'll still need an alternative vehicle.

Disclaimer:  The opinions expressed do not represent those of my employer,
and may not represent my views by this time tomorrow.

henry@utzoo.UUCP (Henry Spencer) (11/24/86)

> ...about all we can do is rely on the public statements of astronauts and
> assume they are somewhat representative of the others...

We can probably rely on the public statements of some of the astronauts to
be representative... representative, that is, of the *public* *statements*
that other astronauts would make.  This has little or nothing to do with
their private opinions.  They are obviously in a position where their open
and public support for safety improvements is very important to both NASA
and themselves.  Displays of such support tell us nothing about how they
would actually feel about flying a mission tomorrow.
-- 
				Henry Spencer @ U of Toronto Zoology
				{allegra,ihnp4,decvax,pyramid}!utzoo!henry

henry@utzoo.UUCP (Henry Spencer) (11/24/86)

> 2.  On the policy issue, perhaps what NASA needs to do is equip only the
> replacement shuttle with an escape system.  Then, when hazardous conditions
> are discovered... there would still be one vehicle which could be flown...

Unfortunately, this assumes that escape systems suffice for safety.  As I
recall it (my copy of the report isn't handy), the Rogers Commission found
that no escape system would have helped.  They recommended investigating
an escape system for a different situation:  an intact orbiter flying at
low altitude, more or less under control, but with no airstrip handy.
(The orbiter is too flimsy to ditch or belly-land safely.  I've read the
STS-1 flight plan; all the sequences which involve descent into the ocean
end in "EJECT".)  Not even an escape capsule would suffice to get the crew
out of something like an asymmetric SRB ignition.

> 3.  On the escape issue, I wonder:  would Young and Crippen (?) have survived
> if the SRB failure had occurred on the first flight of Columbia?  Consider,
> somebody stayed conscious long enough to turn on two air packs, and the 
> official "cause of death" is now said to be impact with the Atlantic Ocean.
> This seems to imply that there is at least some chance that ejection seats
> could have been used before impact.  

Given that Young and Crippen were wearing spacesuits, and assuming that
damage to equipment or hatches didn't interfere, they could probably have
ejected if their suits had on-suit or on-seat emergency oxygen supplies
(I'm not sure whether they did or not).  The suits are important:  they
eliminate unconsciousness due to decompression (which almost certainly
knocked out the 51L crew within 10-20 seconds) and they provide enough
physical protection to make high-speed ejection practical.  Even modern
ejection seats are normally red-lined at around 600 knots, as I recall,
because the pilot isn't well enough protected against the slipstream.

> 5.  Back to the subject of resuming flights immediately: where would the
> payloads come from?  ...  Even spysats are doubtful--given the cost
> and lead time for replacing a Big Bird (or equivalent)...

The key point here is that the USAF is (a) well funded, and (b) in the
business of taking risks in the national interest.  Undoubtedly the USAF
would prefer not to take risks with its satellites, and indeed the USAF is
getting more openly anti-Shuttle by the day, but they can simply be given
orders otherwise.
-- 
				Henry Spencer @ U of Toronto Zoology
				{allegra,ihnp4,decvax,pyramid}!utzoo!henry