Slashdot Mirror
Failure Is Always an Option
Logic Bomb writes "The New York Times has a short but elegant op-ed regarding the different perspectives of engineers and managers and the role that plays in accidents like the space shuttle Columbia disaster. It's the sort of article you'll nod all the way through, then print and leave anonymously on your supervisor's desk. Any tech managers in the Slashdot crowd might have some interesting comments on how the right balance is struck." Henry Petroski has written several good books on engineering and failure.
Failure Is Always an Option
By HENRY PETROSKI
URHAM, N.C. -- Scientists seek to understand what is, the aerospace pioneer Theodore von Karman is supposed to have said, while engineers seek to create what never was. The space shuttle was designed, at least in part, to broaden our knowledge of the universe. To scientists the vehicle was a tool; to engineers it was their creation.
With the release of the report of the Columbia Accident Investigation Board, there is a new focus on the "culture" of NASA. Engineers have played a prominent but not a controlling role in that culture, both in the design of the shuttle and in the planning of its missions. When the report speaks of NASA's "broken safety culture," the particular failure it cites is "a consistent lack of concern" that Columbia may have been damaged by debris at takeoff. But perhaps NASA can be better understood by examining the culture that arises from the inevitable -- and healthy -- tension among scientists, managers and engineers.
A common misconception about how things such as space shuttles come to be is that engineers simply apply the theories and equations of science. But this cannot be done until the new thing-to-be is conceived in the engineer's mind's eye. Rather than following from science, engineered things lead it. The steam engine was developed before thermodynamics, and flying machines before aerodynamics. The sciences were invented to explain the accomplishments -- and to analyze their shortcomings.
The design of any device, machine or system is fraught with failure. Indeed, the way engineers achieve success in their designs is by imagining how they might fail. If gases escaping from a booster rocket can lower efficiency or cause damage, then O-ring seals are added. If the friction of re-entry can melt a spacecraft, then a heat shield is devised.
Much of design is thus defensive engineering: containing, shielding and fending off anticipated problems on the drawing board and computer screen so that they cannot bring down the design when it flies. Obviously, total success can only come if every possible mode of failure is identified and defended against.
Engineering is also very much about numbers. O-rings must be sized; the thickness of heat shields specified; the weight of insulation calculated. Often, the numbers work at cross purposes, as when increasing shield material decreases available payload. Engineering design is ultimately the art of compromise.
What results from the design process is a thing that has unique characteristics. It can withstand the conditions for which it was designed as long as it maintains its integrity. There is usually some leeway allowed, for engineers know that operating conditions cannot be predicted with absolute certainty. Until it fails, how far beyond design conditions a system can be pushed is never fully known.
But engineers do know that nothing is perfect, including themselves. As careful and extensive as their calculations might be, engineers know that they can err -- and that things can behave differently out of the laboratory. On the space shuttles, O-rings got scorched, heat tiles fell off, foam insulation broke free. To engineers, these unexpected events were incontrovertible evidence that they did not fully understand the machine.
Engineers do not feel comfortable with things they do not understand. It is at this point that they begin to act more like scientists. In the case of the scorched O-rings, the engineers studied burn patterns. They looked for a correlation between damage and temperature, and they warned about launching when the temperature was outside the bounds of their experience and scientific study.
If engineers are pessimists, managers are optimists about technology. Successful, albeit flawed missions indicated to them not a weak but a robust machine. When engineers and managers clashed over the 1986 Challenger launch, the managers pulled rank. In the case of Columbia, engineers who worried about damage that the
Google partnered link
IOW, they learned nothing from Challenger.
This is explictly the position of the CAIB in their report, mentioned in several different places.
The best way to do is to be.
It's a sober and informed discussion of engineering safety (mostly but not entirely computer related) that's been going on for almost twenty years.
Try entering "shuttle" in the search form. I did just now and found the brief, grim announcement of the Challenger explosion.
If you prefer to curl up with a dead tree by the fire, read moderator Peter Neumann's Computer Related Risks. It is also available in Japanese translation.
Now, few of us are likely to ever risk our lives flying in space shuttles. Maybe some of us might write the code or design the machinery the astronauts will trust with their lives. But all of us depend on computers every day for our livelihood, and many of us depend on them for our lives more than you would feel comfortable with if you understand the implications of it.
Fly on an airplane lately? Anything a little more modern than a DC-3? Do you know what fly by wire means? Ever write code with a stack overflow or heap corruption? What do you suppose that means for the embedded systems that run today's commercial aircraft?
Does your car have antilock brakes?
Read RISKS. It will make you a better programmer. Because it will put the fear of God into you.
Request your free CD of my piano music.
Our management bought a bunch of copies of a book and put it on our (engineers) desks.
The book?
"The inmates are running the asylum"
A book which basically says that engineers don't know squat about schedules and "real world" concerns and need to be managed.
I'm not working on software that's of a life and death nature, but still...
not mach-4. That's crazy talk. they estimated it hit the wing
at between 400 and 600 mph, relative to the wing. It may have
been going mach-4 in relation to the Earth, but it's the wing
that is the important frame of reference here.
*sigh* back to work...
Yes, it's the same Homer Hickam.
-h-
right.....
Actually, in addition to AC, Tesla also invented the radio.
If you dare say Marconi, well click here for an education
back to intro physics for you
Technology Consulting & Free Downloads
This could very well be the single most moronic post I have ever read on Slashdot. Nasa's budget for fiscal year 2004 is recommended to be 15.57 Billion dollars. In real terms that is four months of supply for the war in Iraq. The government is set to spend 2.2 trillion dollars in 2004. This means that Nasa's budget is rougly .7 percent of the total federal budget.
Medicaid, at 529 Billion dollars is roughly thirty-five times the Nasa budget. The department of Justice, which is famously incompetant these days does it for 22 Billion dollars.
For my tax contribution of roughly 10,000 dollars this year a stagering 63 dollars or so went to Nasa. This means that when the space shuttle blew up on reintry I lost something around sixty cents of value.
For my sixty-three dollars this year I expect that Nasa will continue to explore space. Regardless, since sixty-three dollars is roughly the amount of cash I spend on sodas in a month or, worse, loose down the back of my couch in a year, I think I'm getting damn fine value for my money.
Now unless you are Arnold Schwarzenegger and you paid 9 million in taxes, then you might have something to say about where the sixty thousand or so you contributed to the space shuttle program was being used then you should just shut the fsck up.
Beware the wood elf!!!
That's a good question and it has been answered.
They could have gotten Atlantis up in time to rescue the crew. With alterations to work schedules, activity levels and such the Columbia crew could have survived until Feb 15th, and Atlantis, assuming a problem-free launch protocol, could have gotten up there by February 10th. They covered this in the CAIB report, section 6.4, pages 173-174.
It would not have been without risk, and they could have lost TWO orbiters and TWELVE crew members if Atlantis failed on re-entry, but had they gotten the images everyone admits that they probably would have been able to tell that Columbia was doomed by January 18th.
The limiting consumable was not fuel, it was the lithium hydroxide they use to scrub CO2 from the air. They had enough to go until about February 15-16th, they had enough oxygen for perhaps another day after that.
The best way to do is to be.
NASA has already released information that states that they could have put Columbia into a low resource consumption mode that would have extended the mission duration to over a month, enough time to do a very quick preparation of another space shuttle to launch with a minimal crew. NASA admitted that it would be a very risky mission and the amount of time that it would have taken was on the ragged edge of Columbia's endurance margin, but it could have been done.
Also, a spacewalk could have been done - there were two EVA suits on the shuttle. Some sort of makeshift repair was possible. What we don't know (and hopefully will never HAVE to know) is how well such a repair would have worked.
There is a good article about this at Spaceflight Now. There are some very good quotes regarding a previous shuttle damage incident and about the merits of rescues and repairs.
-h-
http://liftoff.msfc.nasa.gov/rsa/buran.html
The purpose of management is not to make sure that the software has high quality, or even that it is shipped at any particular time.
The purpose of management is to extract money from customers.
Try it both ways. Go write some software on your own time and equipment and give it away under an open source license. Include a note in the software asking for donations. Then try working for a company with managers and writing software (heck, you might even find a company that will pay you to write GPL'd software, there are more and more such companies around).
The software will have a lot of similarities in both cases, but in the first case, you will not get much $, and in the second case, you will get $$$.
That's what managers do. They sure don't make your project better, but they arrange things so that you get $$$.
There WAS a reason for the wings being as large as they were, and it was actually explained in the report (if you read it - I'm anout 75% done)
Originally, the military was the main driving force of the shuttle design. The wanted the ability to launch from Vandenburg AFB, launch a satelite, and return to Edwards in ONE orbit. This required a large "cross range" ability, and could only be done by having the shuttle fly back on reentry!
-- 73 de KG2V For the Children - RKBA! "You are what you do when it counts" - the Masso
I didn't put the "off the ground" qualifier in there for no reason.
The Apollo 1 fire was tragic, but it was not a fundamental design flaw in the Apollo craft. The response was swift, the problem was fixed, and the program continued.
Ironically, the Apollo 1 fire happened during a test, when there should have been no danger to the crew. In all the very dangerous parts of space flight, there were no fatalities. That was the point I was trying to make and so I didn't include this in my summary.
Mod down posts with a "Free Mac Mini/iPod" sig, they're spam!
Everyone is focused on space flight. Yes, NASA does space. NASA also does earth science, atmospheric science, biology, aeronautics and even IT.
Next time, you land safely in a commercial airliner, thank NASA. They assist the FAA when bad stuff happens. Our servicemen are protected by NASA, as we assist the DOD in testing new designs. NASA assists in detecting problems with the ozone layer. We are working on some new power grids. Take a look at NASA's strategic plan for a sense of what we are working on.
Everyone thinks about the Apollo & Shuttle missions when they hear NASA. But there is a lot more going on than meets the eye.
Just a few recent links from NASA:
Wake turbulence- link
Fire fighting (earth science)- link
Biology- link
Go ahead, cut NASA funding. The US will start a neo-dark age.