Re: Apollo. The only thing I never understood
From: Andre Lieven (dg411_at_FreeNet.Carleton.CA)
Date: 08/24/04
- Next message: Andre Lieven: "Re: Apollo. The only thing I never understood"
- Previous message: Pat Flannery: "Re: Apollo. The only thing I never understood"
- In reply to: Jay Windley: "Re: Apollo. The only thing I never understood"
- Next in thread: Jay Windley: "Re: Apollo. The only thing I never understood"
- Reply: Jay Windley: "Re: Apollo. The only thing I never understood"
- Reply: dave schneider: "Re: Apollo. The only thing I never understood"
- Messages sorted by: [ date ] [ thread ]
Date: 24 Aug 2004 18:36:52 GMT
"Jay Windley" (webmaster@clavius.org) writes:
> "Andre Lieven" <dg411@FreeNet.Carleton.CA> wrote in message
> news:cgfk7d$f8b$1@freenet9.carleton.ca...
> |
> | Pat Flannery (flanner@daktel.com) writes:
> | >
> | > Although she didn't have to legally carry more lifeboats, she was
> | > designed to be unsinkable-
> |
> | No, she was designed to be *as unsinkable as the technology would
> | allow*. Thats not an absolute, as the word " unsinkable " directly
> | implies.
>
> Nevertheless Capt. Smith is on record as having said he could conceive
> of no situation in which a ship built according to TITANIC's design could
> founder. I'm inclined to dismiss that as hyperbole motivated by pride,
> but the prevailing attitude toward TITANIC's safety and reliability was
> not a unison sentiment. Obviously the engineers knew one thing and the
> press reported another.
Sure, but the point stands, that no such claims were made about
the first of the class, Olympic. And, the actual differences
between her and Titanic were rather minimal.
> Today we don't describe ships as "unsinkable" even though the art of
> building them is significantly more advanced since 1912. But we can
> engineer ships to stay afloat longer and increase the chances of rescue.
Depending on what damage they take. Witness HMS Hood. :-)
> | > the worst-case scenario that the designers could conceive of was a
> | > collision that occurred at one of the bulkheads and would cause two
> | > compartments to flood, she seemed to have a one hundred percent safety
> | > margin in her design
> |
> | Indeed, and the pair of O rings would suggest that one would correct
> | the other's malfunction, therefore a one hundred percent safety margin.
>
> These aren't really directly comparable.
Metaphorically, they are, though.
> We can fault the TITANIC designers
> for failing to imagine a situation worse than their worst-case scenario.
> But the dynamics of most collisions fit their model. What the designers
> didn't consider was a flaw in materials that created a whole new model.
Indeed, and, as the state of the art in both cases was being expanded,
the comparison remains just.
> Steel is normaly soft; it deforms to absorb the energy of a collision. And
> so ship collisions tend to be mostly inelastic. They didn't count on the
> steel becoming cold and brittle so that instead of bending, it broke. They
> didn't count on substandard rivets (even for the time) being used by the
> thousands. In short, the *design* was reasonably sound, but the *execution*
> of the design was flawed. This goes back to engineers needing to account
> for such flaws in their designs.
And, for matters of safety legislation to be more swiftly revised,
when the state of the art is moving so rapidly. Had Titanic had
enough ready to use lifeboats for all aboard, surely many still
would have died ( See the tales of half full boats pulling away ),
but nowhere as many as actually did.
> We can also fault the SRB designers for failing to understand the effects
> of scaling up a joint known to work, and of using it repeatedly where
> before it had only been used once. But there is more insidiousness here
> than meets the eye.
Well, a general NASA attitude shifting from " show me that it's reasonably
safe to fly, and then we will ", to " you must prove that it's not safe
to fly before we'll scrub. "
> A design margin is an excess of capacity provided to allow for unknown
> effects. The O-ring erosion and blowby had been observed in previous
> cases. The cause was determined to be joint rotation contrary to design
> intent and prior experience. Yet the system was operated repeatedly in
> this condition.
Indeed.
> This invalidates the purpose of the design margin. As Feynmann pointed
> out, the O-rings were not supposed to erode *at all*.
Exactly. NASA accepted that erosion, because nothing bad happened from
it, those times.
> Therefore there is no such
> thing as a "safe" erosion of the O-ring. If you expend your margin
> intentionally for a condition you know to exist and should account for by
> re-engineering, then you have no more margin left for conditions you can't
> foresee; and that's the original purpose of the design margin.
Agreed.
> | > but just like in
> | > the Shuttle, it's usually not what you think will get you that gets you,
> | > it's a combination of two unplanned for things that interact in a
> | > unexpected way...in Titanic's case the attempt to turn away from the
> | > iceberg rending a long gash in her side,
> |
> | Myth. The damage along the sprung compartments was not a continuous
> | gash...
>
> Yes, the TITANIC's mortal wound has been more accurately characterized in
> recent times, but Pat still has an important point: It is not possible to
> engineer against all possible combinations of failure modes. In fact, it
> is not even possible to foresee all of them in a sufficiently complex
> system.
>
> In this case, the iceberg collision should have merely dented the plates
> instead of cracking them or shearing their fasteners. The combination of
> the materials properties and the collision geometry was not foreseen.
True, but a collision with another large ship, say, in very poor
visibility could also have caused more than five compartments worth
of damage. At least taking to bulkheads up to the main deck would
have been reasonable.
> Interestingly, both these scenarios raise the question of operator
> confidence. The CHALLENGER operators had improper confidence in their
> redefinition of the design margin. The TITANIC operators had improper
> confidence in the ship's ability to navigate dangerous waters. We find
> this over and over: that people will confidently operate a complex and
> dangerous system well past the prudent level because they regard design
> and operational safeguards and margins as additional capacity that can
> be relied upon to relieve production pressures.
Agreed, and the key lesson of such historical events, is not to do
that. If a design is exceeding it's margins, stop, figure out *why*
thats happening, and examine seriously, where those exceedings will
take the design.
> | > and the fact that the watertight
> | > compartments didn't go all the way up to the top deck so that
> | > water started to flow over the top of the watertight bulkheads as the
> | > bow settled. In the case of the Challenger, cold launch temperatures
> | > combined with a faulty O-ring seal design.
> |
> | Indeed.
>
> Again, it behooves us to examine the details for the devils hiding in it.
Agreed.
> Poke a hole in a compartmented ship and the compartment will flood, but only
> up to the water line. Yes, the ship will be heavier and ride lower in the
> water, thereby raising that water line. But there will be an equilibrium
> point. Poke three more holes in three more compartments and the ship will
> flood further and come to a new equilibrium, but having flooded only up to
> the (new) water line. Except in TITANIC's case it was known that this
> amount of water taken on would at that point reverse the ship's buoyancy and
> she was doomed then anyway, no matter how high above the water level those
> bulkheads rose. That "extra" bulkhead thus becomes superfluous mass,
> incurring additional cost and depriving the ship of that much payload,
> while at the same time providing no protection.
>
> Well, that's how the rationale went, anyway. What wasn't considered was
> that full bulkheads would have slowed the ship's foundering and thus
> increased the chances of other ships coming to her aid. Engineers,
> unfortunately, do this all the time. They are told to engineer for
> *survivable* cases. Why? Because the number of unsurvivable cases is
> practically infinite, and would require infinite foresight and cost to
> account for them. The flooding of four compartments was considered an
> unsurvivable scenario; the ship would have sunk anyway, no matter how high
> the bulkheads ran. Only in hindsight was it seen that high bulkheads was
> not wasted robustness. Had the ship remained afloat for longer, it may
> have survived until the CARPATHIA arrived, or perhaps the CALIFORNIAN
> could have wised up.
Well, the connection point of the idea, in the case of Titanic, would
be that, as a commercial passenger ship, one mandated to carry at least
some lifebiats, that the possibility of losing a ship, while doing
all one can to save the passengers/payload, is worth looking at.
> Intuitively we know that cold temperatures exacerbated a design flaw that
> engineers wrongly believed they had well under control. And the engineers
> that acquiesced to the launch decision have come under fire for having done
> so. Unfortunately hindsight is always acute. Thiokol engineers correctly
> claimed that the O-rings would seat more slowly. However, in the world of
> leading-edge engineering immersed in a culture of production, intuition
> does not suffice.
Agreed. Management's pressure to launch should have come to a stop,
when Thiokol's people said, in effect ", we don't know, but we think... "
> And unfortunately the data Thiokol produced did not support their
> contention. When data from several sources was correlated, it showed
> that the greatest O-ring erosion was noted on flights that were well within
> the STS operating temperature range, and that the coldest launches up to
> that point had not experienced significant O-ring issues. Thiokol thought
> they had data that would support their completely justifiable contention
> that the O-rings would not properly function in low temperatures. But it
> turns out their operational data didn't support that conclusion, correct
> though the conclusion turned out to be.
Indeed.
> | > In Columbia's case foam shedding combined with a weaker than thought
> | > wing leading edge....in the next case "?" combined with "?".* The
> | > Shuttle should have had a escape system of some sort incorporated into
> | > its design from day one
>
> I don't see the two as related. Yes, the STS system should have had more
> safeguards designed into it. But a launch escape system would not have
> helped the COLUMBIA crew. The debris strike was not noticed during the
> boost.
Sure. And, there remains the question, would have an LES on the STS
final design, have left much payload capacity at all ?
> Here again the politics drove the design. The design was severely
> compromised by budget constraints as well as new objectives and requirements
> imposed by the Air Force. As Andre points out, the design was already
> marginal. And so certain things were simply classified as non-survivable
> scenarios so that they could be ignored in the engineering design. Booster
> failure was considered non-survivable, even though CHALLENGER proved that
> was not true.
Yeah.
> | But, who wants to consider all the ways that the model of passenger
> | aircraft one is currently boarding has suffered such catastrophic
> | failures ?
>
> I do. I provide technology to Boeing for doing just that, among other
> things. I am highly confident in Boeing engineering. But I know that
> Boeing engineers have faced certain problems and have said, "You know,
> that's just not survivable. If that happens, you're going to have a Bad
> Day."
Such as, a plane hitting a huge building... :-(
> | Yet, we still put our pink fannies on that line... Just to get to
> | the beach...
>
> We all accept risk. We don't like to think that we do, but we do. And
> unfortunately we still don't have a foolproof idea -- from the engineering
> standpoint -- of what risks are worth trying to mitigate.
Exactly. As much as we, as individuals, try to manage our risks, theres
a serious, and unknowable in quantifyable terms to us, fudge factor
involved.
Andre
--
" I'm a man... But, I can change... If I have to... I guess. "
The Man Prayer, Red Green.
- Next message: Andre Lieven: "Re: Apollo. The only thing I never understood"
- Previous message: Pat Flannery: "Re: Apollo. The only thing I never understood"
- In reply to: Jay Windley: "Re: Apollo. The only thing I never understood"
- Next in thread: Jay Windley: "Re: Apollo. The only thing I never understood"
- Reply: Jay Windley: "Re: Apollo. The only thing I never understood"
- Reply: dave schneider: "Re: Apollo. The only thing I never understood"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
