CRS-7 Launch Update(spacex.com) |
CRS-7 Launch Update(spacex.com) |
4:09 AM - 29 Jun 2015
(There are similar stories about debugging stuff on the various Martian rovers, but Cooper's book is a very good treatment...).
I'm curious as to the QA system used here. I imagine with proper simulation this should have been catchable. I wonder if SpaceX's low cost approach means cutting certain corners and situations like these where catchable issues make it into the wild because of the difficulty of rocketry in general with the added difficulty of cheap spaceflight tacked on.
I really hope they didn't just find themselves in a STS-51-L moment where it'll take months to truly iron out the root issues. Thank goodness there was no loss of life and SpaceX's stack isn't man rated yet.
Sounds like they are trying to suggest that if there had been people in the capsule they would have survived...
They intentionally disable ("safe") the parachute system during the launch phase, but from the rumors I'm hearing coming out of SpaceX, if they had been enabled, this capsule would have survived.
I wonder if the launch abort mechanism on the Dragon V2 would've been of any help here too to jettison it safely away from the rocket.
I read the rocket was around maximum dynamic pressure during the event (Or just after?) and I'm not sure if it would stand such forces of a jettison during such time.
Option 1 is based on the fact that it's constantly evaporating and needs to vent. This seems really unlikely given that it passed all test on the pad 2 minutes before. It also sounds like this was likely ruled out based on Elon's tweet about a "counter intuitive cause".
Option 2 sounds like fire or flames due to fuel leakage or something, but then realize that this is the second stage and all the action is going on 100 or more feet down in the first stage. They also have a camera on the 2nd stage engine which was shown shortly before the incident and nothing was going on in there. I wonder what the in-tank camera showed.
It seem that to get the extra energy into the tank, something must have fired up early. But if there's one thing Spacex seems to have a lot of it's data. Aside from a breech letting external air in (like the last shuttle accident), how do you get enough added energy into a tank to build pressure to the breaking point? In 2 minutes.
I'm seeing a lot of folks dropping articles. It's also becoming quite common to eliminate pronouns at the beginning of sentences, i.e., instead of "I went down to the store" you write "Went to the store"
I use this purposefully to jar the reader. I have no idea what the underlying linguistic reasons are.
You're probably demonstrating this on purpose: your very first sentence is itself an example of dropping a pronoun + verb.
It's considered standard to write in formal, passive, third-person tone. [2]
During undergrad, I was constantly drilled to make my writings as concise as possible.
[1] http://www2.aje.com/en/education/other-resources/articles/ed... [2] http://writingcenter.unc.edu/handouts/passive-voice/
They almost feel like "uncountable" nouns, but I'm not sure. "Flight" can be countable, but as a generalized state/phase, I think it wouldn't be. It doesn't sound strange to me (a native speaker).
It would not be wrong to use "the" for many/all of these cases, but it would have changed the meaning, somewhat.
[1] http://www.edufind.com/english-grammar/definite-article/
The other meme is there are or have been rockets or overall systems with flight profiles and designs that have unsurvivable portions of the flight. Or only extremely theoretically survivable. Think of the old shuttle system, for example. A RTLS abort was theoretically survivable, but lets be realistic here... However the space-x guys are extremely proud that they designed an overall system that has no unsurvivable by design flight portions, and also very proud that they did a test flight with a separation near max-q specifically to prove it would work just fine even at max-q...
One interesting problem with a structural failure at that speed is it could be hard computationally to tell the difference between some irrelevant pogo-ing or vibration vs 50 ms later half the rocket is flying sideways, at which point it might be unsurvivable. Bad car analogy is I can jump out of an airplane with a parachute at 100 MPH and all turns out just fine, but randomly getting tossed out of a 100 MPH car isn't going to likely end very well even if under ideal conditions its no big deal.
The in-flight abort test for Dragon v2 is scheduled to occur later this year. It hasn't occurred yet. https://en.wikipedia.org/wiki/Dragon_V2#Flight_testing
Also note that Dragon v2 was not on this mission and won't fly to space for a while. This was a Dragon v1 mission. Dragon v1 is unmanned and has no launch abort capability.
As I understand it, the primary payload (the new international docking adaptor for the ISS) wasn't in the Dragon capsule itself, so it wouldn't have been saved even if the Dragon was recovered (sadly).
The IDA is the heaviest thing they have ever carried in the trunk, AFAIK. Maybe its mounting bracket failed and it impacted the top of the second stage, buckling the LOX tank. A suddenly induced crack allowed some LOX to escape (the initial 'puff'), and the suddenly reduced pressure allowed the rest of the LOX to boil off and the tank to BLEVE, causing the catastrophic failure of the second stage.
Obviously this is a completely theoretical scenario, but it's one of many I could dream up...
EDIT: While is is a fairly technical discussion, I realize I got a little heavy handed with the acronyms there...
IDA: https://en.wikipedia.org/wiki/International_Docking_Adapter
LOX: https://en.wikipedia.org/wiki/Liquid_oxygen
BLEVE: https://en.wikipedia.org/wiki/Boiling_liquid_expanding_vapor_explosionExample footage here: https://youtu.be/p7x-SumbynI?t=25m45s
Grab it used for $0.75 http://product.half.ebay.com/The-Evening-Star-Venus-Observed...
Cooper is a wonderful writer, I've got all of his books :-)
Looking back at a gif of the incident, there was a pretty impressive amount of fire. Initially when the oxygen hit the first stage exhaust, causing the unburnt RP1 to burn (all the 'extra' flame that appears in the exhaust plume), and then there is a fair amount of fire at the front of the vehicle a second or two later (I assume the second stage RP1 tank failed at that point). Finally there is a large cloud and the rocket vanishes. That's the part that I assume is some sort of FTS, and likely blew the rocket apart with enough force that the prop didn't get a chance to mix.
IDK, that tweet felt like when you're watching a movie and then the 'hacker' comes around and you see a lot of props on the screen that are designed to excite 'geeks'. Like, right now, a lot of guys should be like: "OMG OMG! They are looking at the hex code directly! Damn, that is so looooooow-level, they call it rocket science for a reason!"
Anyway, hopefully they find the problem; whether with hex editors or not SpaceX is really doing cool stuff.
Far from BS, pointing a hex editor at your data dump sounds like the very first thing you'd do when you get some data that your software can't immediately read.
See this image: http://www.nasaspaceflight.com/wp-content/uploads/2014/04/Z8...
"Dragon also will use its unpressurized trunk to deliver the first International Docking Adapter to enable future commercial crew vehicles to dock to the station."
https://www.nasa.gov/sites/default/files/atoms/files/spacex_...
They've previously used the trunk for a payload on CRS-2, CRS-3 and CRS-5. You can see a video of how it works in CRS-5 here:
https://www.youtube.com/watch?v=yXfOOIYWGF8
(Really cool video by the way!)
However, the trunk is later jettisoned, so only the capsule is recovered in the end.
http://www.spacex.com/sites/spacex/files/padabortinfographic...
In this particular case, it sounds like Dragon survived and probably could have been recovered using the parachutes, but they weren't armed since survival without an abort system isn't something they really try for. It would be interesting to make the attempt, but not informative for manned flights since those will have a proper abort system.
Dragon 2 has a powered escape system. Dragon 1 just has parachutes for the recovery phase.
You safe the parachutes for the ascent phase because they're dangerous. If they accidentally trigger, you lose the whole rocket due to structural failure from the sudden forces. You'd most likely lose the capsule/chute at this point too.
A chance of recovering the cargo in the event of an incident like this just isn't considered worth it.
It would be interesting to know if they can remotely trigger the parachutes - i.e. in this case after it had fallen a ways they could have triggered them - even just to see what would happen.
I imagine this level of simulation might not be entirely feasible yet. Maybe for the lack of trying or budget. In a growth industry or one powered by both commercial and technical pressures, it may be difficult to sit down and build something like this out. From a more practical point of view, it may make sense to just let things explode than spend years running expensive simulations instead of building things, launching, and collecting paychecks.
Part of what makes the idea of bringing the first stage back to the pad so important is that we so rarely get to use the same engines multiple times in the field (where all the really nasty reality checks are done). Being able to reuse stages allows us to far better model how they will perform in the future. Otherwise, we're using test beds to feed parameters into sims to inform our launches; it's good practice, but more physical evidence is always better.
Frankly, no. You're wildly underestimating the complexity of the system.
We don't know in this specific instance, but generally this is just fundamentally not true. You're way over-estimating the abilities of computers and way under-estimating the complexity of these systems.
I haven't been down voting your comments, but if I had to guess as to why other people are, it's because comments like this are typical of a certain kind of arrogance. I think we've all had that moment where we think "what, that sounds easy!" about someone else's problems, only to realise when we try to solve it ourselves we're suddenly confronted with that problem's true complexity. These are very smart people working on these problems, and your comments come across as if you're suggesting they've been negligent–while that could be true, it wouldn't be my first guess. Rocket science is hard, and things go wrong, and no amount of computing can change that.
You have literally hundreds of systems working in concert and tied to more hundreds of physical components coming under extreme temperature and pressure conditions, some of which can interact in the weirdest and most unexpected ways - certainly not ones you'd always think to model. The chances that any one of those does something unexpected is not low, and the chances that it cascades into a much larger failure is non-significant.
edit: It's also sometimes a human problem - thousands of people working on this together, and all sorts of different incentives. Here's a famous example of a failure, and the PR kerfuffle that ensued: https://en.wikipedia.org/wiki/Rogers_Commission_Report
Quoth Feynman:
"It appears that there are enormous differences of opinion as to the probability of a failure with loss of vehicle and of human life. The estimates range from roughly 1 in 100 to 1 in 100,000. The higher figures come from the working engineers, and the very low figures from management. What are the causes and consequences of this lack of agreement? Since 1 part in 100,000 would imply that one could put a Shuttle up each day for 300 years expecting to lose only one, we could properly ask "What is the cause of management's fantastic faith in the machinery? .. It would appear that, for whatever purpose, be it for internal or external consumption, the management of NASA exaggerates the reliability of its product, to the point of fantasy."
No, we don't. While we can do this very well for the "high level" physics, we can't do it very well for the "low-level" physics such as -- for one example -- the detailed effects of turbulent flows (both outside of the craft and inside of the plumbing), which are usually modeled based on averages of aggregate effects and random models because a detailed deterministic model is impractical (both, IIRC, because doing so at the level we could in theory do is too computationally expensive to do in practice, and because even our theory is pretty limited when it comes to turbulence.)
> I imagine with proper simulation this should have been catchable.
Its possible that there is some level of simulation which would have caught this (we won't know unless they figure out with enough detail what the problem was), but even if it would have been possible, it may not have been cost effective.
This is exactly what computers are for: doing hard stuff we can't do on paper or just by real world prototype testing. I imagine this is a hard problem, but it may be so because from a time/budget perspective it may just make financial sense to let stuff blow up now and again, than build out such a system.
I kinda see this as the difference between writing typical code versus writing code that's deterministic. The former is cheaper/faster but the latter is safer but more expensive and slower. In growth industries or when you have a strict schedule on your back, the slower approach is often ignored.
>Quoth Feynman
Feynman died when the hottest CPU was the 386. We simply have the capabilities, at least in hardware, for non-trivial simulation that during Feynman's time would have required CPU resources ridiculous to even speculate about. Safe assumption in Feynman's world (1918-1988), at least in regards to technology and engineering, may not be safe assumptions in our world. The same way our assumptions today won't make too much sense for our grandchildren. They might be bewildered by the idea that rocket fails were constant and common, the same way I'm bewildered by things like hot-days causing vapor lock to shut down old cars or, say, occasionally tuning a carburetor. We have electric gas pumps and computer controlled fuel injectors now.
edit: to reply to jacquesm. That's a pretty bold claim about O-rings. We fully understand the materials they're made of, their typical decays, etc. They're not magic. If someone wanted to make a top-down simulation that included, well, everything, it certainly seems possible to me, and while certainly not perfect, if done right, should provide positive outcomes. The real question is, what's the incentive? Spend billions and years doing this for one system (which may be old or even obsolete by the time the simulation is complete) or just accept the occasional preventable loss. Seems the latter approach just makes more sense financially, but that doesn't mean the former approach must be impossible. Many things are possible that just aren't incentivized.
I'm not even talking about jackquesm's note about the failure mode, either. Just real insidious errors in manufacturing that can't be detected in any sort of reliable, sane way. Even the Challenger's o-ring wasn't guaranteed to fail, and indeed most didn't. In fact, most of that entire o-ring didn't fail.
I've seen some really freaky things amplify what are essentially chaotic edge cases. You can certainly figure them out, but you'd never get anything done for any level of affordability in time for any ship date if you didn't just calculate risk and go ahead.
TL;DR: risk is always there because the world's imperfect. At best you just tighten the statistical confidence, but that's super hard.
Engineering is what hopefully guides reality up the correct branch of a theoretically possible tree.
You can simulate most of each one of those branches. But what are you going to do with a million simulation results? How does that guide your course of action? What do you do differently?
If this was an engineering or assembly defect, the answer is always going to be "Don't do that next time." If it was a design defect, then the part wasn't simulated (unlikely) or our understanding of how it operated in this design was incomplete (more likely).
The trick with rocket science is that the design tolerances are by necessity very tight. Physics dictates this with chemical propulsion. Every part you over-engineer in a weight-increasing way decreases the weight available for payload. And there isn't very much weight there to start with...
