Date: Wed, 2 Dec 87 15:47:52 EST
Subject: Whistle-blowers who aren't

>  Maxson will share the stage with former Morton Thiokol engineer Roger
>  Boisjoly, who currently has a billion-dollar suit underway...

Maybe I am just being picky about this, but it still makes me see red when
I see Boisjoly described as a "whistle-blower".  Boisjoly is the man who
could have blown the whistle BUT DIDN'T, and seven astronauts died as a
result.  Boisjoly was the engineer who told MT management "don't launch",
was told "put on your management hat", did so, and changed his expert
professional opinion 180 degrees to match his hat color.  In a just world,
I cannot help but think that he (and, certainly, his management) would be
facing criminal charges.  Boisjoly did not blow the whistle; he merely
turned "state's evidence" after the fact.

Date: Wed, 2 Dec 87 15:48:00 EST
From: mnetor!utzoo!henry@uunet.UU.NET
Subject: Re: Space Shuttle Whistle-Blowers Sound Alarm Again (reprint) 

> ... new and improved shuttle escape mechanisms. Lot's of
> money is being spent, but whether reported or not, upon (close) examination
> none of these mechanisms would prevent the death of astronauts in a
> Challenger type disaster.  I wonder just how much additional engineering
> is happening for purely public relations purposes...

The escape work is not being done for purely public relations purposes; it
merely, for the most part, does not address situations as severe as the
Challenger disaster.  There is in fact some attention being given to such
situations, but the thorough re-examination of shuttle safety issues turned
up other cases where modest effort would yield a much higher probability
of survival.  The reason why most escape-system work is not addressing the
Challenger scenario is that it is very difficult to get the crew out
of such a situation reliably!  There are also tradeoffs to be considered:
regardless of managerial idiots blithering about safety being an absolute
priority, the only way to make the shuttles completely safe is to put them
in museums and never fly them again.  In practice, there is no way to avoid
some level of compromise between safety and utility, since adding any type
of escape system reduces payload.  There are also safety-vs-safety tradeoffs
to be made, since even simple ejection seats can and do fire accidentally,
often with fatal consequences.

Date: Fri, 18 Dec 87 04:41:38 EST
Subject: Roger Boisjoly and Ethical Behavior

There has been a fair bit of back-and-forth over Roger Boisjoly et al. in
private mail [subsequent to RISKS-5.63,70,71], most of which is pretty
peripheral to Risks.  Herewith a straight chronology of verifiable events.
One or two personal notes are in brackets [].  Numbers in brackets are page
numbers in the Rogers report, "Report of the Presidential Commission on the
Space Shuttle Challenger Accident".  (Any library with any pretensions to
quality should have this; it is not an obscure technical report, but a
widely-distributed and not overly expensive book that is basic to real
understanding of the disaster.)  Quotes in single quotes are approximate,
double quotes are literal.

Dramatis Personae:

B = Roger Boisjoly, Morton-Thiokol engineer
L = Bob Lund, M-T VP engineering
H = George Hardy, NASA manager
M = Larry Mulloy, NASA manager
K = Joe Kilminster, M-T VP boosters
R = Stan Reinartz, NASA manager

The scene:  a teleconference between M-T Utah and two NASA centers, called
	to discuss the issue of cold vs. SRBs [107].

1. B: 'Don't launch.' [89]  L: 'Don't launch.' [90]

2. H: 'Argh.  But if contractor says don't launch, we won't.'  [Note NASA
	willingness to at least talk about not launching.] [90]

3. K: 'If the engineers say no, M-T says no.' [90]

4. M&H: 'Argh.  We think it's not that bad.  We're impatient to launch.' [91-2]

5. K: 'We want a recess to talk about it.'  Done. [92]

6. Much discussion.  L told to put on his management hat. [93]

7. Teleconference resumes, same participants [including B]. [108]

8. K: 'Go ahead and launch.' [93]  B comments later in testimony:  "I did
	not agree with some of the statements that were being made to
	support the decision." [93]  [Note:  not just 'decision wrong' but
	'supporting arguments are lies'.]

9. R asks whether anyone in the teleconference has a different position or
	further comments. [96,100]

10.  --->  SILENCE  <--- [96,100]  In particular, B is silent. [93]

11. Teleconference concludes.  B is unhappy but does nothing. [93]

12. Next morning:  manned space program in shambles, seven astronauts dead.

13. Later, in testimony, B:  "I felt I really did all I could to stop the
	launch." [93]

The reader will have to form his own opinions on whether Boisjoly was, in
these events, a heroic whistleblower risking his job for his principles,
or a dutiful company man who shut up when his management told him to shut up.
He clearly did become a whistleblower later... after the damage was done.

Date: Tue, 12 Apr 88 14:57:31 EDT
Subject: Re: What happened to personal responsibility?

> ... To sit in a 30mph steam train was not only a joy, you placed
> your life in the hands of engineers who were ultimately accountable. To
> sit in a 125mph bullet train or a high-speed local subway is no longer
> quite so joyful. You *still* place you life in the hands of the company,
> but is it the Engineers, software or otherwise that carry the can?

Why, nobody, of course.

If you want a good example of what I'm talking about, consider the Challenger
disaster.  I think there is little doubt that specific people could plausibly
be held responsible for it, although there might be some debate about exactly
who.  Now, look at the aftermath.  How many people have been arrested on
criminal charges as a result?  None.  How many people have been fired in
disgrace as a result?  None.  (A few have run into trouble for talking too
much about the incident, but not for causing it!)  How many companies have
been disbarred from government business as a result?  None.  What penalties
were assessed against Morton Thiokol?  Well, after a long debate it was
agreed that ten million dollars would be deducted from payments on their
SRB contracts.  (Note that (a) the replacement value of a shuttle orbiter
is approximately two *billion* dollars, (b) both NASA and its customers
have been hard-hit by the long hiatus in spaceflight and other side effects
of the disaster, (c) Morton Thiokol has received many millions of dollars in
fix-the-SRBs contracts, and (d) the issue of an alternate source for SRBs,
a major worry to M-T, has been postponed for some years.)

To avoid a repetition of the Challenger disaster, people need an incentive
to avoid one.  For the lawyers and MBAs who run most aerospace companies,
that means a financial incentive.  Only if technical disaster translates
into financial disaster will the bean-counters see to it that the whole
company has a firm commitment to avoiding it.  Only then will a "no" from
the engineers be backed up by the management, even if it hurts.  So how much
of a financial disaster has Morton Thiokol undergone?  None!

Look at the results, not the rhetoric.  Who was responsible for Challenger?


Date: Wed, 20 Apr 88 10:45:56 EDT
Subject: Re: Accountability

> ... more indicative of a social failure than a true RISK ... because it's
> about the failure of a chain of command to control the situation.

I would diagnose it differently, unless you mean this in the broadest possible
sense.  The problem is not that the people on top are not properly in charge;
the problem is that the people on top do not *WANT* to be held responsible
for results (or lack thereof).  The more complex the organization, the
easier it is to point fingers at someone (anyone) else, until responsibility
is so diffused that nobody is ever really to blame when something goes wrong.

Particularly in that sort of setup, it is important to supply incentives
for doing it right that affect the whole organization rather than specific
individuals.  (Note that I am addressing pragmatic tactics here, not right
versus wrong.  I believe very strongly in individual responsibility, but
when dealing with, say, Morton Thiokol, it's not an easy notion to enforce.)
Major reductions in cash flow tend to get everyone's attention.

> -That cash is the only effective incentive for producing results is the 
> ultimate disaster of our times...

While I agree that it's an undesirable situation, I feel compelled to point
out that it's not a problem of "our times"; historically, life has always
been cheap.  Society has, on the whole, become considerably *more* humane
in recent times.

Subject: Re: Challenger Disaster
Date: Sat, 6 Jan 1996 06:25:40 GMT

In article <4cj01o$f6u$> Gerhard Wisnewski <100425.1601@CompuServe.COM> writes:
>1. US-Senator Ernest Hollings was sure, that the government 
>forced NASA to launch Challenger on January 28, 1986 because of 
>an important speech of Pres. Reagan ...

Richard Feynman, easily the most skeptical and most independent member of
the Rogers commission, went looking for evidence of this, and found none. 
His conclusion, as I recall, was that too many people would have to know
-- the secret couldn't have been kept.  (This is a common failing of such
theories:  they assume that a government which couldn't keep Iranscam
secret could hide much nastier secrets.  A much simpler way to explain it
is that the "secret" is entirely someone's overactive imagination.)

>2. Richard Cook, a former financial expert of NASA, wrote in an 
>1986-issue of "Washington Monthly", the Rogers commission failed 
>to ask, WHY Challenger was forced to start on this morning...

It wasn't.  There was pressure to get things moving because the launch
had already slipped repeatedly, NASA leaned on Thiokol, and Thiokol
gave in.  "Never ascribe to malice what can be adequately explained
by stupidity."

>Does somebody know something about the schedule and purposes 
>behind this PR-event? Why was McAuliffe aboard and which plans 
>hat Reagan with her? What about the purposes of the teachers in 
>space-program? Hope, somebody can help... Many thanks,G.Wisnewski

The teacher-in-space flight was the first Citizens In Space flight. 
C.I.S. was intended to eventually fly a wide variety of observers --
journalists, artists, etc. -- as a sort of proxy for the shuttle's
inability to fly ordinary people in quantity.  It had been widely
expected that a journalist would be first, but when Reagan officially
announced the program, he specified that a teacher would be first. 

There is no evidence that Reagan had any special plans for this
flight.  It happened to be on the same day as his State Of The Union
address... but that was entirely accidental, the result of repeated
schedule slips.  It wasn't scheduled for that day.
Subject: Re: Shuttle carrying explosives?
Date: Sun, 7 Jan 1996 02:08:28 GMT

>From what I heard, the explosion was caused, not by explosives, but by 
>the failure of an "o-ring" which was supposed to flex during liftoff...

Basically correct (as Ken H. has already elaborated on).  The fact that
the SRBs both surived the breakup indicated that *their* destruct charges
weren't involved.  There was, however, considerable suspicion about the ET 
destruct charges.  The salvage effort made a considerable effort to find
them or their remains, and succeeded:  they were recovered, intact, unfired.
(You can find pictures of them in the Rogers commission report, in fact.)
This finally exonerated the destruct charges of any responsibility.
Subject: Re: Challenger, a major malfunction?
Date: Wed, 31 Jan 1996 20:07:51 GMT

In article <4e4v1l$> (Randy Kielich) writes:
>	Should the Challenger have flown that day or should they have
>*never* even thought about a launch that damn cold day? ...

It was, unfortunately, a judgement call.  The hard, cold fact is that
perfect safety is impossible, and it's always necessary to fly with
less than complete assurance that everything is right.  The trick is
to draw the line between "we'd better look at this" and "this doesn't
look important" in the right place.  You can't avoid having to draw it.

The Challenger managers had legitimate concerns:  the flight was already
running late, and NASA had an ambitious schedule for that year, including
some flights with narrow launch windows that could not be postponed.  It
was quite reasonable for them to ask Thiokol "are you sure that the low
temperatures are really a problem?".

Of course, if the managers had been doing their jobs and keeping an eye on
safety-related engineering problems (which lower echelons know about but
hadn't succeeded in communicating), they wouldn't have pushed Thiokol so
hard about it.  There *was* real reason for concern.  But even so, it
wasn't self-evident that a launch in cold weather would lead to disaster,
only that it would reduce an important safety margin whose exact size was
somewhat uncertain. 

Mind you, the mere fact of that uncertainty would have been a red flag in
a rationally-run program.  The aircraft people have known for a long time
that the only way to be sure an aircraft will work in low temperatures is
to test it in low temperatures.  Unfortunately, the shuttle program wasn't
very well run, and didn't believe in thorough flight testing.

The *real* problem came when (a) Thiokol management decided to overrule
its engineers and (b) the Thiokol engineers sat still for it.  The
Thiokol engineers were the only people to whom it was clear that the
launch was a serious mistake, and they dutifully shut up when told to.

In short... given the context, it wasn't an unreasonable judgement call
on the NASA side.  The problem on the NASA side was that the context
should have been different.  The failure of the NASA managers was in
program management, not in that day's decision.  Had the program been
better run, it would have been clear that launching that day was a bad
idea; as it was, that wasn't obvious.  The only people who really knew
how worrisome the situation was, weren't talking.
Subject: Re: Did the Challenger crew survive the explosion, prior to falling to 
	the ocean?
Date: Tue, 6 Feb 1996 04:20:31 GMT

In article <4f1k5o$> CLAUDE BARIL <> writes:
>Re: Did the Challenger crew survive the explosion, prior to 
>falling to the ocean? No way,they we're to high (75'000feet)
>they had no air,and they we're probably kill at the explosion
>the steel didn't take it ,imagine the body...

Human bodies are pretty tough, and the orbiter isn't made of steel.
The Kerwin medical/forensic report concluded that the breakup (there
was no explosion, by the way) was not violent enough to have much
chance of killing the crew, and that the air used from some of the
emergency air packs indicated fairly conclusively that at least some
of the crew were alive until water impact.  There is no chance that
they would have stayed *conscious* unless the cabin held pressure,
which is extremely unlikely, but nothing before the water impact is
at all likely to have killed them.
Subject: Re: SpaceCub FAQ
Date: 19 Mar 1996 23:38:16 -0800

In article <4inhsv$>,  <> wrote:
>So... would the Challenger astronauts have survived a 1/1000th strength 
>explosion? If you're the size of an ant, then a newt is just as fatal as
>a T Rex.

The answer is undoubtedly yes, they would have survived a 1/1000th strength
explosion.  They might have survived a 10 times larger explosion.
They *did* survive the "explosion" when Challenger let go.  That is not
the right question, however, as there basically was no explosion
when Challenger's SRB burned through.

What is commonly referred to as "the explosion" was not an explosion.
It was a fire or a fireball.  Neither of the SRBs exploded, as you can
see from looking at the video, as they are both intact after the fireball.
The SRB that failed leaked a jet of hot gas or flame from inside onto
the surface of the rear of the external tank, in front of where the aft
SRB attach point is located.  That caused the tank to suffer a structural
failure in that region, which let the hydrogen out and caused the SRB to
pivot around its forwards attach point until it ruptured the oxygen tank.
The tank came apart on its own and shortly thereafter the LOX and hydrogen
mixed and fireballed.  A pressure wave from the fireball in combination
with the now highly disrupted airflow (the orbiter started to come loose
and pitched up into the airstream, if I remember right) caused the orbiter
to suffer a catastrophic structural failure.  It did not get blown to
bits; it broke into large pieces (the crew compartment, the engines and
tail section, the wings all came off intact, with the center section
being broken into smaller pieces) as the loads exceeded the strength.

A 1/1000th as strong explosion would mean something akin to the tank
fails but the end result is the shuttle flying free not attached to
the tank.  It might well be sufficiently stable to survive that,
though I wouldn't want to know.  I was told early on in the shuttle
program that they had simulated dropping the shuttle off the stack
early as an abort sequence, though several people within the program
have since denied that it is a known or safe procedure (some vehemently...).
Your mileage may vary.

In any case, the "explosion" didn't kill anyone, probably.  The nose of
the Shuttle was intact as it came out of the low pressure fireball as
the propellants mixed and burned.

Subject: Re: Space Shuttle
Date: Thu, 30 May 1996 16:41:14 GMT

In article <4ogblt$> (Anonymouse) writes:
>>Out of curiosity, how much was recorded after the well-known "Roger, go
>>at throttle-up" (roughly quoted)?  Was it ever determined how long the
>>astronauts survived after the explosion?  And one more question:  would
>>the currently-employed crew-escape system be of use in a
>>challenger-type disaster?  I don't know much about it.
>Well the last words issued by nasa were "Uh-Oh" said by onzuka? ..

Actually, I believe the "uh-oh" was from Smith.

>Nasa never said if there was more...

The "uh-oh" was the last thing on the tape, because the orbiter recorders
are not battery-powered and they lost power as the orbiter broke up.

>They could have been concious for
>200 seconds... If I remember correctly..

There are two possibilities, depending on whether the cabin held pressure.
If it didn't, they would have been unconscious within seconds due to lack
of oxygen (the accident took place at fairly high altitude), and would not
have regained consciousness before impact.  If it did hold pressure, they
could have been conscious all the way down.  Indirect evidence suggests
that they were unconscious -- for example, it is known that they were all
still in their seats at impact -- but even quite detailed investigation
could not resolve whether the cabin held pressure or not. 

>No The escape system would be worth jack crap...

The escape system itself is mostly designed to get the crew clear of the
orbiter if it is in controlled flight but unable to reach a runway.  It's
simply irrelevant to an accident like Challenger's.  (An escape system
which could get the crew clear of a Challenger-class accident is not
impossible, but it would be heavy enough to severely limit the shuttle's
usefulness, and it would add its own hazards.  NASA has studied the
possibility repeatedly and each time has concluded that it is

The parachutes and pressure suits that were added at the same time are a
slightly different story.  The suits would have kept the crew conscious,
and the parachutes would have offered a way of landing safely.  The hard
part would have been getting out of, and clear of, the cabin.
Subject: Re: Challenger Shuttle ?
Date: Mon, 29 Jul 1996 16:28:54 GMT

In article <> (Paul Gilmartin) writes:
>: Nasa conducted a very aggressive investigation of anyone found to have 
>: "collected" debris from the accident, some people will sell anything...
>What is the status of such debris uder maritime law?

Contrary to popular belief, the basis of maritime salvage law is *not*
"finders keepers".  Debris of identifiable origin belongs to the original
owner, except in certain unusual situations.

Now mind you, if you recover such debris, and if it's still of value, the
original owner may owe you a salvage fee.  And if he doesn't pay, the
obvious response is to put a lien on the debris, which may end up with
you owning the debris instead of the fee.

However, I expect the bottom line in this particular case is that the sea
bottom immediately off the Cape is considered government property, and 
private diving there is forbidden.  Generic maritime law can be overruled
by any number of such local issues until you get out into international

(Caution:  I am not a lawyer.  Consult an expert before making investments.)

>To what end did NASA conduct the "very aggressive investigation"?

To find anyone who was misappropriating government property for private
Subject: Re: Where are Challenger wreckage?
Date: Sun, 17 Jan 1999 03:12:04 GMT

In article <77r0du$qmv$>,
Kim Keller <> wrote:
>The Challenger wreckage is stored in an old Minuteman missile launch silo on
>Cape Canaveral Air Force Station. As remaining wreckage washes in from the
>ocean, it is added to the collection.

Incidentally, it's not a question of just dumping all the wreckage down a
hole.  Missile silos in general, and the Cape test silos in particular,
have assorted underground rooms attached to them, for support equipment
and such.  It's a place which is out of public view and secure against
thieves, doesn't require spending a bunch of money on construction or
maintenance, and provides reasonable protection against the elements in
case there's ever some reason to take another look at the wreckage (or use
bits of it in test programs and the like -- this has been done for one or
two items of hardware).
Subject: Re: Off-Earth fatalities.
Date: Mon, 15 Jun 1998 20:18:15 GMT

In article <>,
Karl D. Dodenhoff, RN <> wrote:
>> The Challenger crew did not have suits.  Assuming that the cabin lost
>> pressure -- which appears likely but could not be conclusively proved --
>> they were alive but unconscious at impact.
>At least one of the crew's emergency oxygen packs had been activated,
>which means that, whoever did the activating had to be conscious, I
>would think.

Emergency air packs, not oxygen packs.  And yes, several of the packs had
been activated, indicating that at least some of the crew were conscious
*briefly* after things went sour.  However, this merely proves what was
already almost certain:  the crew survived the orbiter's breakup.

>> (In fact, one strong argument
>> that the cabin *did* lose pressure is that there *is* conclusive proof,
>> from the damage to seat-support structures, that all seven were still in
>> their seats and strapped in at impact.)
>Where else would they go?  There was no system to bail out of the
>orbiter back then...

So?  These are resourceful people, trained to *cope* with an emergency as
best they can, not to sit there like sheep waiting for divine intervention
to save them.  It is ridiculous that of seven people with that kind of
training, not one would have so much as gotten out of his seat.

No matter how poor your chances are in a long free-fall into water,
they've got to be better than your chances inside a multi-ton cabin.
There wasn't an organized *system* for bailing out, but there were escape
hatches, intended for use on the ground.  Get the side hatch or the
overhead escape hatch open, maybe try to grab a spare coverall or
something to slow you down even a little bit, and get out!  (Actually,
hold off on the hatch opening until reasonably low altitude, since you
don't want to depressurize the cabin too early... but that gives you more
time to get people organized and ready, collect spare coveralls, etc.)
Above all, try *something* -- it's got to be better than doing nothing!

The situation wasn't good and the odds were poor, but they would have been
*trying*.  The only plausible reason for them still being in their seats
was that they became unconscious within seconds and stayed that way until

>Even if there had been, a vehicle plummeting down
>through the atmosphere is impossible to bail out of.

Utter nonsense.  Plenty of WW2 aircrew bailed out of falling pieces of
aircraft.  Many, even most, who tried it didn't make it, but some did.
By the way, a few of the ones who did it *without parachutes* survived.

>The current system
>requires that it be in stable, controlled flight for the crew to escape.

No, the current system requires that it be in stable controlled flight
for the crew to *reliably* escape.  There's a big difference.

>BTW - I believe that the first few shuttle flights had ejection seats.
>But, they were removed after the shuttle was deemed "operational".

Yes, seats for the two test pilots.  They were intended primarily for
situations in which the orbiter was in stable controlled flight but unable
to reach a runway.  The chances of such a situation developing were
(correctly) assessed as being low in operational service.  Removing the
seats was a reasonable decision:  they are heavy and dangerous, of very
limited use, and couldn't straightforwardly be provided to the whole crew.
Subject: Re: Off-Earth fatalities.
Date: Tue, 16 Jun 1998 03:15:39 GMT

In article <>,
James A Davis  <> wrote:
>...But Karl's point I believe is the difficulty of
>exiting an intact cabin that is tumbling out of control. WW2 experience
>is relevant here also. It is next to impossible to overcome the
>centrifugal forces inside an out of control, tumbling bomber.

Note key words here:  "difficulty", "next to impossible".  In other words,
while the odds of getting out are slim, the chance is there, and sensible
people -- if conscious -- will try.

>...Unless the cabin was stabilized
>in descent somehow they would have had no chance to reach a hatch and
>exit on their own...

Actually, it appears to have been stabilized to some degree by trailing
cables and plumbing.  It's hard to say how well.

Again, though, my original point:  the key thing to notice is not that
nobody got out, but that nobody was trying.  That means they were dead
(but other evidence indicates otherwise) or unconscious.
Subject: Re: Off-Earth fatalities.
Date: Tue, 16 Jun 1998 22:37:32 GMT

In article <>,
Karl D. Dodenhoff, RN <> wrote:
>I can't even believe this.  There is just no comparison to being in a
>WWII bomber getting shot up and what Challenger went through.  NOBODY
>can remain calm, cool, and collected in such a situation.  It was just
>too mind-numbingly horrific.

So they just sat there, paralyzed with fear, until they hit?  (Remember,
not only did nobody get out, but nobody was trying.)

Maybe you would.  Perhaps (although I'm skeptical) two payload specialists
would.  But five career astronauts wouldn't, especially not the three with
military flight-crew training.  Nobody's calm and cool in such situations,
but collectedness is something people can be, and are, trained for.  You
deal with the situation *first*, and change into dry pants *later*, when
you get the chance.  (I'm not kidding one little bit.)

In fact, what little evidence we have of any crew action after the breakup
supports this.  Judy Resnik turned on not only her own air pack, but also
Mike Smith's -- they were stowed on the back of Smith's seat and he
couldn't easily have reached his own.  Not that it helped much in the end,
but it was worth trying, and so she did.

Actually, this is the way a lot of human beings behave.  Folklore greatly
exaggerates the extent to which disaster paralyzes people.  Some just
break down into quivering uselessness, but many others do what they can to
cope.  And training improves the odds still more.

If you want to know how astronauts would behave in a crunch, the best
illustration I know is still from a press conference a little while before
Apollo 11.  Somebody asked Armstrong and Aldrin what they would do if the
ascent engine didn't light, and they were stranded on the Moon with only a
few hours of oxygen left -- what would they do in those hours?  I believe
it was Aldrin who responded "I think we'd spend most of them trying to fix
the engine..."
Subject: Re: NASA Keeps Subsidizing Mir Operations
Date: 3 Sep 1998 12:38:25 GMT

Pat: <<I merely wanted to point out that Jim has firsthand knowledge of self
delusion in action.>>

Of course, Pat has no such insights into what I felt, or saw, or thought, but
that doesn't stop him from proclaiming that he did.

In 1985, however, there were lots of signs of growing sloppiness in space
operations, and although I was working that year in flight design activities,
not mission operations, I recall vividly the case in which the "Pointer"
console sent a wrong data load to the Orbiter when it was supposed to point its
middeck window towards a ground site to measure an IR laser through its
optically flat high-transparency window (the flight deck windows are coated for
crew protection). The data load used feet instead of nautical miles for the
altitude of the site, on a Hawaiian mountain peak, the value was 11,000 feet,
so the Orbiter turned its window to view a spot 11,000 miles above Hawaii. It
was embarrassing, but it also was the result of inadequate ground checks and an
arrogant attitude to outside reviews (one young designer had actually warned
the Pointer office that their values were wrong, two months before flight, but
they ignored him). Equally objectionable to me, the flight control team laughed
off the mistake later, even though it was symptomatic (in my view) of wrong
attitudes. I recall writing up the incident for my own team and circulating the
memo higher up as an alert to this sort of problem.

As for the pressure to launch Challenger, I've always felt it was due to the
unslippable Jupiter launch windows in May 1986, and the near-panic over the
overambitious plans for two Centaur launches six days apart. Maybe if a former
General Dynamics official (they built Centaur) hadn't been head of NASA
somebody would have had the nerve to say we couldn't do it, we had to step back
from a "Can Do" obsession, and aim for lower targets -- one Centaur only, or
perhaps none until a year later.

That experience, and the post-hoc validity of my impressions at the time, made
a big impression on me.

Subject: Re: MPL lies
Date: Fri, 9 Jun 2000 03:00:32 GMT

In article <>,
rk  <> wrote:
>Oops, left off one part of my post, a good url:
>Roger Boisjoly: Fulfilling an Engineer's Responsibility for Safety

A small note of caution here:  Boisjoly speaks about this from the
viewpoint of someone who abdicated that responsibility on the one occasion
when it really mattered.  Thiokol management told him to shut up; he did.
("I had my say, and I never take [away] any management right to take the
input of an engineer and then make a decision based upon that input... so
there was no point in me doing anything any further...")  When Stanley
Reinartz (shuttle project manager) concluded the infamous teleconference
by asking if there were any further comments, Boisjoly said nothing.
Subject: Re: Surviving a Challenger Disater
Date: Mon, 12 Jun 2000 08:45:10 GMT

In article <>,
David Sander  <> wrote:
>Wouldn't the TPS offer *some* form of protection from the SRB exhaust? Or are
>we talking gas ejection velocities and temperatures substantially greater than
>atmospheric re-entry velocity / temperature levels?

Reentry takes place mostly in very thin air.  The *density* of the SRB
exhaust is literally orders of magnitude higher... and it's full of
abrasive aluminum-oxide particles too.  The TPS wouldn't help noticeably.

>I was under the impression Challenger was blown to bits rather than

Neither, really -- it broke up because it was thrown violently out of
control at high supersonic speed.  (Which is why the crew survived,
probably until water impact.)  Not even a jet fighter, far more strongly
built than a shuttle orbiter, can survive trying to fly sideways at
supersonic speeds.  For example, the F-100's yaw limit at maximum
aerodynamic pressure was 8 degrees, which one commentator (discussing
an infamous accident where that limit had been grossly exceeded due to
unexpected problems) described as "indicative of impressive strength".
