Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Tufte's improvement on the NASA chart was adding an X/Y axis to show correlation between temperature and damage; something the original charts failed to communicate.

Maybe he didn't offer a response to this paper because the fundamental design approach is correct, albeit the actual numbers need refinement?



> Tufte's improvement on the NASA chart was adding an X/Y axis to show correlation between temperature and damage; something the original charts failed to communicate.

But, as the response that justin66 linked to shows, Tufte's "improved" chart is incorrect on both axes: its "temperature" axis wrongly conflates ambient air temperature with O-ring temperature, and its "damage" axis wrongly conflates erosion with blow-by. (See comment at end.)

The reasons why the charts shown by the Thikol engineers did not communicate "correlation between temperature and damage" was, as the Boisjoly response makes clear, because, at the time (the night before the Challenger launch), nobody knew what that correlation was. The argument the engineers were making was not "the risk of O-ring failure increases with decreasing temperature". It was "since we don't understand the root cause of the O-ring issue, we should not launch at any temperature outside the previous range of launch temperatures". The lowest previous launch temperature was 53 F; the temperature on the morning of the Challenger launch was 29 F.

Why did the engineers not know the correlation between temperature and damage? Because the data they had at the time was inconclusive and incomplete (for example, they did not even have complete data on the ambient air temperature and the O-ring temperature for every previous launch--a point Tufte overlooks), and their attempts to obtain more data had been mostly unsuccessful.

And why were the engineers reduced to making what is, on the surface, a fairly weak argument the night before the Challenger launch? Because, as I noted in another comment upthread, they had already tried, the previous summer, to get NASA to stop all Shuttle flights until the O-ring issue could be properly understood and fixed, on the grounds that with it not fixed, every Shuttle flight had a significant risk of loss of vehicle and loss of life (see further comment below on this). And NASA refused. So the engineers that night already knew they were dealing with a NASA management that was simply ignoring a critical flight risk; therefore, arguments of the form "this is a critical flight risk we don't understand, so we shouldn't launch" were out of bounds, since they had already been tried and had failed. The engineers were simply trying to do the best they could to get at least some Shuttle flights stopped, and making the best arguments they could to do that, against the background of their much better argument for having all flights stopped having already failed.

A further comment on what I said above, that every Shuttle flight was a significant risk with the O-ring issue not understood. Tufte's assumption that the root issue was in fact a "correlation between temperature and damage" was wrong. It is true that the data from previous launches showed more "witness events" (evidence of either erosion or blow-by) at lower temperatures. But the engineers also had test stand data showing that under some conditions, the O-ring joints were failing to seal at any temperature below 100 F! (And there was at least one flight that showed blow-by, i.e., evidence of the O-ring joint failing to seal, at 75 F.) So the problem wasn't "the joint is OK at higher temperatures but unacceptably risky at lower temperatures". The problem was "the joint is unacceptably risky at any temperature below 100 F"; the fact that it was more unacceptably risky at lower temperature than higher was a relatively minor detail. But NASA had already refused to listen to that argument.

And a final brief comment on erosion vs. blow-by. Erosion is damage to the O-ring due to hot gas eroding part of it while the O-ring is sealing the joint. Blow-by is hot gas going right past the O-ring because it is not sealing the joint. The O-rings were designed to tolerate a certain amount of erosion, based on the expected temperature of the gas and the duration of the burn; so erosion, in and of itself, was not evidence of a problem not anticipated by the design. But the O-rings were not designed to not seal at all: not sealing was a failure of the design. So blow-by was direct evidence of a failure of the design. That's why conflating the two is wrong: blow-by is the problem, not erosion. (It's true that an O-ring that has hot gas blowing by it because it's not sealing will also have erosion; but blow-by without erosion is still a problem, while erosion without blow-by is not. So blow-by is the indicator that should be focused on when assessing the risk level of the O-ring joint design.)


#ChangeMyView delta awarded :-)




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: