Slashdot Mirror

← Back to Stories (view on slashdot.org)

NASA Will Man Destruct Switch Just In Case

Posted by CmdrTaco on from the explosions-are-cool dept.

Ant writes "Popular Mechanics reports if the looming Discovery mission or any other between now and the spacecraft's retirement loses control, National Aeronautics and Space Administration (NASA) is prepared to ditch it in the Atlantic ocean — or blow it up. The article also shows complete no-fly-zone maps and a photograph of the switch."

34 of 196 comments (clear)

  1. Four Buttons? by Anonymous Coward · · Score: 5, Funny

    I don't understand why there are four switches. I mean, I understand "Arm" and "Destruct", but why "test"? Does that blow up just a small section of the shuttle? I would have thought that turning off the "Arm" would be the same as "Safe"

    I know, I know ... it's the engineers having a laugh. Getting a kick out of the confused looks on stupid people like myself.

    1. Re:Four Buttons? by Anonymous Coward · · Score: 5, Informative

      The "Test" button probably checks the detonation circuits, WITHOUT igniting the actual charges. And the "Safe" button is probably for permanently disarming the charges once the shuttle's in orbit.

    2. Re:Four Buttons? by JustOK · · Score: 3, Funny

      The test switch only works once.

      --
      rewriting history since 2109
    3. Re:Four Buttons? by torstenvl · · Score: 4, Funny

      NOP? For shame, wasting your delay slots

    4. Re:Four Buttons? by Alwin+Henseler · · Score: 5, Funny

      Sure hope those are labeled correctly... just in case anyone at NASA would think it's a funny prank, I recommend NASA add one more rule to their launch procedures: "DO NOT lauch on April 1st"

      Best use a time window, to allow for differences in 'local time' (a relative notion for space operations)

    5. Re:Four Buttons? by MoonBuggy · · Score: 4, Interesting

      I had also heard that the astronauts would visit the RSO before their flights with pictures of their families, just to be sure he knows exactly whose lives he would be affecting if he had to destroy the shuttle. That's interesting, I'd actually heard the opposite - that the RSO is not allowed to meet the astronauts at all in order to ensure that they make rational, not emotional, decisions if it comes down to it.
    6. Re:Four Buttons? by maxume · · Score: 3, Insightful

      You are insinuating that the people who work in life and death situations at NASA are incapable of acting in a professional manner. It's preposterous.

      --
      Nerd rage is the funniest rage.
    7. Re:Four Buttons? by theeddie55 · · Score: 4, Funny

      The only recommendation I would make is to move the distruct button to the right by another half to full inch.
      They tried that... Not aesthetically pleasing.
      --
      Blazing Spiders
    8. Re:Four Buttons? by c6gunner · · Score: 3, Funny

      I had heard once that there were two buttons the RSO had to use to blow up the shuttle, and that the first button activated an indicator in the cockpit that let the astronauts know what was about to happen.
      Yeah, that makes perfect sense. Only it's not an indication-light. It actually activates a system which releases streamers and balloons, while loud celebratory music blares out of hidden speakers, and an amplified voice yells "CONGRATULATIONS!!! YOU'VE WON A FABULOUS TRIP TO PARADISE!!!!".
    9. Re:Four Buttons? by greeze · · Score: 5, Funny

      They should've had Apple design it. Apple would've done it with only ONE switch.

    10. Re:Four Buttons? by syousef · · Score: 4, Funny

      I don't understand why there are four switches. I mean, I understand "Arm" and "Destruct", but why "test"? Does that blow up just a small section of the shuttle?

      That button is for mission controllers that wanted to be astronauts but didn't make the cut. It blows up just one astronaut, but leaves the shuttle flying. Correct procedure when using this button is to laugh maniacally then yell "Who wants to be an astronaut now, bitch!" before flicking the switch.

      --
      These posts express my own personal views, not those of my employer
    11. Re:Four Buttons? by davolfman · · Score: 3, Funny

      Did we actually argue here? or did we just agree in a very hostile fashion?

  2. photograph by Anonymous Coward · · Score: 5, Funny

    I looked at TFA, and I gotta tell you, it's an exciting picture of the switch. Actually, it looks like FOUR switches and FOUR buttons. Well worth going to the site to see it.

  3. Not news by FuturePastNow · · Score: 4, Informative

    This is such a non-story. NASA has a Range Safety Officer for every single launch, manned or not, and always has.

    --
    Give a man fire, and you warm him for the night. Set a man on fire, and you warm him for the rest of his life.
    1. Re:Not news by XNormal · · Score: 5, Insightful

      The press does not exist to provide information but to provoke emotion. Showing the actual button that destroyes a spacecraft with human occupants achieves this effect nicely.

      --
      Stop worrying about the risks of nuclear power and start worrying about the risks of not using nuclear power.
    2. Re:Not news by moteyalpha · · Score: 5, Funny

      Could we get a set of buttons like that on this article? If the comments are going down in flames, CmdrTaco could self destruct the article.

    3. Re:Not news by dotancohen · · Score: 5, Funny

      Some people get them for every post. It's called -1 [troll||redundant||offtopic||overrated]. The people with them are called mods. Watch what they do to both our poor posts now.

      --
      It is dangerous to be right when the government is wrong.
  4. I hope their communication channels are secure by The+Fanta+Menace · · Score: 4, Interesting

    ...would be pretty nasty if someone if someone figured out how the radio comms for this function worked.

    --
    -- Even if a god did exist, why the fsck should I worship it?
  5. Re:People inside? by Chris+Mattern · · Score: 4, Informative

    Didn't RTFA, but are they planning on blowing it up with people inside, if something goes wrong.


    Yes, they are. They always have. *Every* NASA rocket launch includes a self-destruct to prevent ground casualties. This includes the manned missions. In such cases where it would be used, the crew is either dead or will unavoidably be dead very shortly, and the lives on the ground must be saved.
  6. destruct switches _should_ look like that. by Zarf · · Score: 5, Insightful

    You know, if you are going to have destruct switches... they really should look like that. A big turn key, solid, metal, single function panel that does nothing else. Heavy clunky switches that tell you you've done something. Yep, if you're going to have what is essentially a "big red button" that's how it should look. There's no mistaking that for the coffee dispenser switch. Putting modern "iPhone" styling on that would be a sin.

    --
    [signature]
  7. Already been used by camperdave · · Score: 5, Informative
    Not only are the destruct switches active during each and every launch, they have actually been used on one particular launch. When Challenger's external fuel tank blew up, destroying the shuttle, the solid rocket boosters started to fly out of control.

    At T+110.250, the Range Safety Officer (RSO) at the Cape Canaveral Air Force Station sent radio signals that activated the range safety system's "destruct" packages on board both solid rocket boosters. This was a normal contingency procedure, undertaken because the RSO judged the free-flying SRBs a possible threat to land or sea. The same destruct signal would have destroyed the External Tank had it not already disintegrated.[11]
    --
    When our name is on the back of your car, we're behind you all the way!
  8. Encoded Signals by reality-bytes · · Score: 4, Insightful

    According to NASA documentation, the SRB Range Safety system is operated by encoded signals.

    From the description in the document, it sounds like one coded signal to 'arm' and a second coded signal to 'fire'. I'd bet that due to the nature of the system, it's transmission method will be so simple that it rarely needs to be tested and as such gives little opportunity for homicidal black-hat analysis.

    Finally, I'll also bet that the codes are as top-secret as to-secret can be (as in: Get caught with this and you'll disappear forever). It wouldn't surprise me if the codes are created and handled by just one person on the day of use and never used again. Or perhaps two people where only one person knows the arm code and the other the fire code before the system is finally set.

    However it's done, I'd like to think that a hell of a lot of thought went into system security ;)

    --
    Ripping an new rectum in the fabric of spacetime.
    1. Re:Encoded Signals by Rorschach1 · · Score: 4, Interesting

      Oddly enough, I've seen the hardware specifications for at least one of the command destruct transmitters. That part wasn't classified, but I'm not sure where I came across it - might have been in some old Range documentation I found in the office I inherited. I don't remember much, but I'm pretty sure there were at least a couple of different designs in use. I think one was a redundant 68HC11-based system. All I really remember is that the design struck me as very conservative and architecturally simple. I don't recall any mention of crypto procedures and protocols - what I read only concerned getting the destruct message from its origin to the vehicle.

      I'm sure the codes are tightly controlled. It's really not hard to design a very secure system, when it only needs to send one message, and that very rarely. An arbitrarily long, purely random key generated and distributed to the transmitter and receiver under tight security would do it. Denial-of-service would be a more difficult problem to address, but then jamming the signals isn't exactly easy when you're competing with some fairly high-power transmitters on high-gain dishes aimed right at the receiver. And they've got RF measurement vans that I assume patrol for interfering signals, malicious or otherwise.

  9. Sounds Familiar... by Kyle_Katarn-(ISF) · · Score: 3, Informative

    Computer, activate self-destruct sequence, authorization Janeway Pi-One-One-Seven.

    "Warp core overload initiated"

    That's how they should do it...

  10. As if this is new.. by bigattichouse · · Score: 3, Informative

    Its funny this is "news" - they've had that switch since day one, if I know the military. And the no-fly zone has probably be a registered flightplan with the FAA since a year before day one. Interesting, yes, but not news since at least 1978 (or whenever it was they were building the fleet). I knew a guy who worked on the software on the early fleet. Made me wonder about the whole thing.

    --
    meh
  11. Re:What a kewl job by hughk · · Score: 3, Informative

    RSO usually also has to do a lot of work before the launch. They are ultimately responsible that there have been no incursions into the various danger zones. This would mean they would be talking to police, coastguard as well.

    --
    See my journal, I write things there
  12. Re:People inside? by Rorschach1 · · Score: 4, Informative

    And if you need an example of why those destruct systems are required, watch this.

    I've met at least one of the Range Safety Officers while working out at Cape Canaveral. It's not something they like to talk about much, when it comes to the Shuttle.

  13. Re:Space Shuttle Discovery by Jesse_42 · · Score: 4, Interesting

    The other issue, just as important as the explosives, is all the other chemicals on board - many of which are highly toxic. This includes chemicals like monomethyl hydrazine (MMH) used in the Orbital Maneuvering Subsystem (OMS) and in the Solid Rocket Boosters (SRBs) for control. It is great stuff, you mix it with nitrogen tetroxide (N2O4) and they ignite with no spark or air required. At the same time, by the time you can smell it, you have been exposed to ten times the lethal dose. Remember when Columbia crashed and they told everyone not to go near the wreckage? this was one reason why.

    As the parent said, remote destruct capabilities are simply par for the course when your strapping things to that much explosives and toxic chemicals. Really it should make us feel safer that NASA is honest about the risks and is willing to do what it needs to do to insure (as best as possible) public safety.

  14. Other abort modes! by pumpkinpuss · · Score: 5, Informative
    In addition to the destruct switch, there are other flight plans for an intact abort in case of problems. These abort modes are: Return to Landing Site (after SRBs are jettisoned, shuttle returns to Kennedy Space Center); East Coast Abort Landing where the orbiter lands on a different runway somewhere up the East Coast of the US; Transoceanic Abort Landing where the orbiter lands somewhere in Europe or Africa; Abort to Orbit; and Abort Once Around.

    The Solid Rocket Boosters can't be stopped once they are started, but they have their own navigation system (rate gyro assemblies, and inertial measurement units) that are considered as/more reliable as those on the orbiter due to the rigidity of the SRBs. So the reason this "self destruct" button exists is because there is no "off" button for the SRBs, but, as far as I know, it is only an issue if its quad-redundant navigation system fails and somehow its thrust gets stuck in an unsafe vector, and that is very unlikely.

    More detail, including why you can't jettison the flight deck with all the crewmembers: http://en.wikipedia.org/wiki/Space_Shuttle_abort_modes

  15. Re:People inside? by tgatliff · · Score: 3, Informative

    You really do not need to find an example... They used this procedure during the Challenger accident. Meaning, once the main booster had already exploded, they quickly detonated the individual spiraling side boosters to prevent potential problems. In this case the crew and craft had already separated and were presumed already dead, but they still needed to use the detonation procedure...

  16. Re:Four (Identical) Buttons (and Switches)? by NeverVotedBush · · Score: 3, Insightful

    I am no expert in man-machine interfaces, but I think I would make the Destruct switch a different kind of switch and color than the rest of the switches. It should be red and the others orange or yellow or something.

    I would just want to minimize as much as possible the chance that the destruct switch was accidentally activated if things got really hairy and fast moving and the range officer had to be prepared to blow the thing up.

    I know they toggles have the red guards on them so the officer would have to flip it up before actuating, and from the article it appears to be a two-step process (arm then destruct), but four identical switches next to each other for such a critical function just seems a bit risky to me. I think I might even make it a two-person job where the 2nd could destruct only after the first armed.

    But then I realize that by delaying the destruction, many more lives could be put in danger if the assembly was headed over populated areas. Still, four identical switches and buttons right next to each other, with such dissimilar functions seems a bit risky to me.

  17. Slashdot Translation by Anonymous Coward · · Score: 5, Funny

    Test: ping

    Arm: login root

    Destruct: rm / -rf

    Safe: logout

  18. Technical details by Anonymous Coward · · Score: 5, Informative

    For the technical details on how this works, check out an old Risks article here. They put a lot of thought into the system.

  19. Retired astronaut Mike Mullane talked about this.. by Ellis+D.+Tripp · · Score: 3, Informative

    in his book "Riding Rockets". The Range Safety system is nothing new, having been on almost every manned and unmanned launch that NASA or the USAF ever put up. The RSO is an Air Force officer, who intentionally avoids any social contact with the astronauts, so as not to allow personal feelings override his/her duty to protect the public from a wayward launch.

    In Mullane's book, he questions the the mindset of the NASA engineer who thought it a good idea to have the RSS system light an indicator lamp in the shuttle cockpit, giving the astronauts a second or 2 of notice (with no way to intervene) before the charges go off.

    He also relates an amusing story of a fellow astronaut making obscene comments about the RSO's mother over the Air/Ground link as they sat on the pad waiting out a launch hold.

    --
    Remember "News for Nerds, Stuff that Matters"? Help make it a reality again! http://soylentnews.org