Definition of Terms

I guess I’m getting to be an old curmudgeon (Hey Kids – get off my lawn!) but there are some irritants in life that just seem to capture my attention, no matter how trivial they may be.  So, if this post applies then use it; if you find it is off the wall please excuse it as an artifact of my advanced age.

 

A number of years ago my daughter, who was very interested in amateur astronomy, did a science fair project of the libration of the moon.  Here are a couple of pictures from her report:

Everybody knows that the moon shows only one face to the earth – we can never see the far side (please don’t call it the ‘dark side’).  It is “tidally locked” with the earth.  But maybe not quite.

It turns out that the moon’s orbit is not perfectly circular, there is some eccentricity in its monthly ellipse around the earth.  If you hear about ‘supermoons’ or ‘micro-moons’ you know that there is an apogee and perigee in the lunar orbit.  Not only does the moon come closer and farther away by a fraction every month but orbital mechanics dictates that it slows in orbital velocity at apogee and speeds up near perigee.  So, based on when you look it is possible to see a little of the ‘far side’ depending on where the moon is in its orbit.

Similarly, the moon does not orbit the earth at the equator, but its orbit is inclined about 5 degrees.  This means that sometimes the moon is a little north, and sometimes it is a little south of perfectly in line with an earth-based observer.

Put together, it is possible to see about 9% of the far side of the moon, in pieces, at various times.

The spot on the edge of the moon that is tilted the most toward an earthly observer is called ‘the libration point’.

Have you heard that term before?  I bet you have but in a different context.

Joseph-Louis Lagrange (1736-1813) was an Italian mathematician who played a large part in the development of the metric measurement system (SI) in post-revolutionary France.  He also studied orbital mechanics involving three bodies (e.g. sun/earth/moon) and mathematically proved there are locations around such an orbit which are gravitationally stable.  These points are called Lagrange points in his honor.  There are typically 5 such points and I will leave it to the student to research their locations.

As you can see Lagrange points and Libration points are quite different and literally have nothing to do with each other.

But if you read any number of popular media stories – and even several NASA technical papers – there appears to be confusion and the terms are used interchangeably.  This is so widespread that some dictionaries have started changing the definitions to keep up with what appears to be popular usage.

 

STOP THAT!

Unfortunately, the curmudgeon in me realizes that this erroneous usage has become so common that it will be hard to change usage in popular literature.

But at least you now know the difference.  And you, like me, will stop when you hear some ‘expert’ (never an astronomer) mixes the terms and think about how much ignorance is being displayed.

Oops

Thanks to Iron Flight for reminding me of this obscure situation.  And for Holly who wants to understand.

This mostly true story is about the Space Shuttle payload bay doors and what to do if they won’t shut properly.  And how we forgot about that emergency in our rush to achieve other mission objectives.

Some months ago, I visited Atlantis at the Kennedy Space Center visitor center.  Superbly displayed, it is the only shuttle vehicle with the payload bay doors open.  In the picture you can see some of the rube-goldberg mechanism that operates the doors critical latches to ensure the doors don’t spring open during aerodynamic flight.  A set of push rods and hinges at the sill open and close the doors.  A long set of push rod/bell crank mechanisms located in the front and rear edges of the doors operate the latch mechanisms.  On the bulkhead just aft of the crew cabin you can see the black cylindrical knobs which the latch mechanisms grab onto to secure the door in place.  More latches and their mechanisms ran down the centerline of the doors.  If this sounds complicated, it is.

Early in the shuttle days there was a huge concern about what to do if the doors did not close and latch properly at the end of the mission.  The doors had to be open during most of the orbit stay time for cooling and to allow satellite deployments or other objectives.  But during re-entry and the atmospheric part of the flight, the doors had to be firmly shut and latched down.  If they were to spring open and rip off, the vehicle would become uncontrollable and catastrophe would ensue.  Flight rules prohibited deorbit with any more than one set of latches not closed; and in that case the aerodynamic maneuvers were to be severely restricted.

Of course, the power to the motors that drove all this mechanism were redundant but that did nothing for a physical jam.  During STS-3 a thermal engineering test caused the doors to become banana shaped and prevented – for a short time – closing the doors.  This was done on purpose to see what the limits of the spacecraft were.  We found out.  And never did it again.

Long before STS-1 flew, a set of procedures for a spacewalking crewmember to deal with potential problems was developed and practiced.  I got my opportunity to take the class; use the tube cutters to cut a pushrod that had jammed, put clamps around unclosed latches to hold doors tight, and more.  There was a whole set of tools flown on every shuttle flight to deal with this contingency and every crew got at least one practice session on how to deal with it.

But the trick is that a space suited crewmember must get to the doors from the inside.  Normally this is not a problem; with an empty or near empty payload bay the EV crewmember just translates to the worksite; latches everything down, returns to the airlock door and ingresses.  Oh, and quickly gets out of the EVA suit and into the Launch/Reentry Suit and straps down because deorbit must occur shortly after the doors are closed and the radiators can no longer cool the ship.

If a payload blocked the path from the EVA worksite to the airlock, early in the program they were always jettisonable.  Not a problem.

Despite the complicated design, the payload bay door and latch mechanisms worked perfectly on every mission.  Over time, the concerns about having to deal with a failure faded away, even though the procedure and tools were on every flight.

During the evolution of the shuttle design, the European Space Agency built a laboratory to fit in the shuttle payload bay.  You can see the SpaceLab module on display right behind Discovery at the Smithsonian Udvar-Hazy center in Virginia.  Before the ISS, this was a facility to do micro-gravity research for up to three weeks in space.

But there is a trick that the designers missed.

If the mechanism on one of the aft payload bay door latches failed, and an EVA crewmember had to go back there to secure the doors down, there was no way for that crew member to squeeze past the SpaceLab module to get to the airlock with the payload bay doors closed.  Jettisoning the SpaceLab was not a task that an EVA crewmember could do.  The way home was going to be blocked.

Oops.

It may have been the first SpaceLab mission when we discovered this, but my recollection is that it was uncovered later, during a simulated mission.  Those darn Sim Sups!  They always made us work problems that were unrealistic!  Except that most of the time they weren’t.

What to do?  No more SpaceLab flights?  Unacceptable.

Review the risk?  Great history of reliability, low likelihood of needing to do the EVA.  Case closed?  Not exactly.

What if?

Here is the crazy resolution.  If the aft latches had to be secured on a SpaceLab flight, then the crewmember would just stay back there.

There was a good place to strap down at the bottom of the payload bay aft of the SpaceLab module.  It would be a short wait from finishing up with the doors until the deorbit burn, probably no more than an hour and a half.  From deorbit burn to the ground was about an hour and in normal flight the g loading was light, nothing more than 1.5g.  The EMU had plenty of consumables to work for the necessary time, but there are a couple of sticky things to resolve:

1.   The EMU uses a water sublimator to keep the crewmember cool.  As the payload bay repressurizes during entry, the sublimator will quit.  If the crewmember had selected full cool and chilled down as much as he/she could stand, it would probably be OK.
2. Getting out of the spacesuit: after landing, getting out of the helmet and gloves is not a problem.  Getting out of the hard upper torso by oneself is a chore but probably doable in 1 g if one is not in a hurry.  The lower pressure garment (pants) would not be a problem.
3. Getting the crewmember out of the payload bay, well that is a problem. Remember the doors are latched shut and clamps have been applied to keep them shut.  Surely the ground crew could figure something out . . . given several hours . . .  .

So that is the story.  Accept the risk because we think it is low; have a screwy contingency procedure ready if we’re wrong.

But that is not the way you really want to fly in space.

Night Flying

I just finished reading ‘Origins of 21^st Century Space Travel’ SP-2019-4415 from the NASA history office.  A fascinating book recounting the development of the Vision for Space Exploration in the Bush administration leading up to 2004.  Most of the action takes place in Washington, DC.  After all, this is about national space policy direction, not execution.  Those of us out in the field centers who were doing the detailed work to make the shuttle fly and build the ISS were not involved in the policy development.

My name appears in the book only on one of the last pages where the authors correctly observe that being able to launch the shuttle at night was critical to the ISS assembly.

This post is about how the night launch decision was made down at the program technical level.

Shortly after the loss of Columbia – while I was still assigned as the Shuttle Program Launch Integration Manager at KSC – the Eastern Range folks sent me a CD ROM with the radar tracking information from January 16, 2003.  Purportedly the radar tracking scans would show any debris falling away from the shuttle stack.  This was something that could be of great importance in the ongoing accident investigation.

I studied that data long and hard.

It was incomprehensible.

I consulted the experts who were experienced interpreting the squiggles and dots on the radar tracking data.  They confirmed there was a lot of things apparently coming off; none of it correlated to the time of interest that when the long-range tracking cameras saw foam coming off the ET.  No way to tell the nature of the material in those radar indications: foam, ice, metal; it was unknowable from the radar, just something that reflects radar waves came off.

A few things are known to came off during shuttle launches: ice from the extremely cold hydrogen channels on the main engines, engine covers from the booster separation motors.  And foam of course, but that is not very reflective.  And that was the extent of the list.  Nothing on the radar traces correlated.

Conclusion:  while the radar data was interesting and probably telling us something, it was not very useful given current state of understanding.

Fast forward two years to the hard work of getting ready to fly the shuttle after that accident.  One key element in our safety of flight rational was that detection of debris liberation during launch phase was mandatory.  Impact detection sensors we installed inside the leading edge of the obiter’s wings to detect anything that might impact those critical areas.   A bevy of new ground cameras with high magnification telescopes and super accurate tracking mounts were deployed around the launch area.  There were new in-flight cameras installed onboard both the SRBs and the ET.  A tremendous amount of money was spent to develop and install tracking cameras on NASA’s WB-57 aircraft to see the shuttle stack from a different viewpoint.

Trying out the new ground camera trackers

Two compact X-band radars were deployed on offshore ships to monitor for debris.  A powerful C-band radar became available from a Navy installation that was closing so we bought that and installed it well north of the launch pads to plug a hole in our radar coverage.  All these efforts were made at great taxpayer expense just to detect any debris that might come off the shuttle stack during launch.

Inspecting the X-band radar installation on one of the SRB recovery ships

Navy Surplus C-band radar installed north of Haulover Canal

 

 

 

 

 

 

 

 

 

Also developed was a special inspection boom that attached to the end of the shuttle robot arm.  The ISS crew was trained to use long lens cameras to photograph the underside of the orbiter as it did a backflip during near approach.

For the first two flights after Columbia, we required daylight launches to ensure that all those cameras would see anything that came off during ascent.  And we saw lots of stuff, mostly foam that missed the orbiter.  I wrote about that in How We Nearly Lost Discovery https://waynehale.wordpress.com/2012/04/18/how-we-nearly-lost-discovery/

 

During those first two flights we found out how well all the new detection/inspection systems worked.  The onboard cameras were fantastic; the new ground-based cameras were superb; the wing leading edge impact detectors gave a lot of false indications; the airborne cameras on the WB-57s just didn’t have the resolution to be helpful; and the radar was . . . incomprehensible.  Never could correlate any of the visually detected debris events to the squiggles and dots in the radar tracking data.  Seemed like we had wasted our effort and a lot of taxpayer money.  However, the real proof of health of the orbiter turned out to be in the in-space inspections; that saved the day.

To maintain our safety rationale in its entirety, many in the human spaceflight community really did not want to fly without that real time ascent monitoring of debris events, and the cameras were useless at night.  Orbital mechanics dictates the launch window to rendezvous with the ISS and without the capability to launch at night it might be months between available launch days.

What to do?  Rely on the radar, of course.  Not exactly an untruth but certainly a stretch.  Knowing that the real proof of safety was the in-space inspections, we continued to gather radar data and try to understand it.  Some experts even came to believe they could make use of the data.

I was never convinced.

Nonetheless, I publicly said that we could launch at night and would depend on the radars to detect any significant debris events during launch.

A fib?  A white lie?  An outright falsehood?  Never!  We poured over the radar plots every launch.

For what they were worth.

Calculating the Risk

Recently I have been involved in discussions about public risk resulting from commercial space flight.  It is interesting to think back to the shuttle days and how those calculations were made.

If you ever were invited to a shuttle launch and got a car pass to park on the causeway – seven miles from the launch pad – you might not have noticed the fine print at the bottom of the windshield placard – noting that you were accepting the risk to you and your family from launch hazards.  I’m betting you didn’t read that.  By the rules of the Range Safety organization, you should not have been there.  But the KSC center director had ‘accepted’ the responsibility for allowing you to be present when the risk calculations exceeded the standard that the Range set for the general public.

The limit for public risk was 30 chances in a million that one person could be seriously injured or killed from an event.  Don’t ask how they came up with that number.

The LCC building at KSC was constructed a full 3 statute miles from the Apollo launch pads because somebody did a calculation about the maximum explosion hazard from a Saturn V.  Three miles was far enough to be safe, or so they thought in the 1960s.

We still used that LCC building for the Space Shuttle launches and I was present in the firing room for several of them.  Every time before the clock counted down to zero, I would remember the hazard calculation for that room.

Follow this logic:  If, exactly at the moment of liftoff, the Orbiter blew up and took out not only itself and the astronauts but the External Tank as well so that the Solid Rocket Motors would be free flying, then if the hydraulic systems on the SRBs – now without any computer brain to command them – steered randomly but in just the right direction, and if the Flight Safety Officer took the maximum seven seconds to recognize the problem and send the destruct command, and then if the aft segment of the SRB – which did not have the linear shaped charge but was generally thought to peel apart when the rest of the booster destructed, rather stayed intact and burning – Then there was a non-zero probability that the flaming solid rocket aft segment could land on the LCC building with catastrophic results.

That is a lot of ‘ifs.’  And for several ‘ifs’ there was no way to calculate the probability, it is just assumed that they occur.  Given that all of those things happened, the only variable was the exact direction that the errant flaming segment might travel. Assuming an equal probability for each degree of heading, the ‘calculated’ hazard for the LCC exceeded the maximum allowed by the range rules, even for essential personnel.  But the firing room crew is essential to the launch so the KSC director again ‘accepted’ responsibility.

Those big louvers on the windows facing the launch pad were merely for shade, not for blast protection.  If something big hit them, they would probably just add to the shrapnel.

But even more, the KSC director ‘accepted’ responsibility for the hazard to workers in the Orbiter Processing facilities and the VAB who were not essential to the ongoing launch but were critical for maintaining schedule to the next shuttle launch.  And the KSC director also ‘accepted’ responsibility for the VIPs gathered on the balcony of the office building across the street from the LCC, and for the media at the Press site, and for other VIPs at the Banana Creek viewing stands.

That is a lot of ‘acceptance’ which let the Range organization off the hook, so to speak. Many of the guests and workers were not aware that they were in a hazard area.  It wasn’t a secret, it was quietly announced or in the fine print; never dwelt on.

That is for hazard areas as the Range calculated them.  Probably 1 chance in a ten thousand that you could be harmed.  Would you have still wanted to go?

As we go forward with ‘commercial’ launches, the FAA is responsible and has adopted virtually unchanged the calculations performed by the USAF Eastern Range.  But here is the catch; the KSC director is not allowed to ‘accept’ risk for commercial launches; its not in his/her area of responsibility.

Hopefully those smaller rockets will have a smaller hazard area than the shuttle.  But maybe not for some of the proposed super heavy boosters.

It will be interesting to see how all this plays out.  Public safety – what is your personal risk acceptance?  What probability would make you stay home and watch on TV rather than come see it live?  1 in a million, one in a hundred thousand, one in ten thousand, what?

And I wonder about the relatively unsophisticated calculation about the hazard from the Saturn V back in the 1960s.  I am guessing that most of the folks who came out to watch those launches would have accepted some risk, probably more than people would today.

They were willing to take more risks for a worthwhile cause in those days.

Finding Meaning in Apollo

I was born before Sputnik.  Yep, that old.

I grew up with the space age – the X planes, the Original 7, JPL sending Ranger to photo-bomb the Moon, JFK and LBJ, the whole enchilada.

I was crushed with Mariner 4 evaporated the Martian atmosphere into insignificance and when Mariner 2 turned the lush steamy jungle planet Venus into a sulfuric acid oven.  So many good science fiction stories were instantly pulped.

I watched Alan Shepard’s launch on a big black and white TV wheeled into our elementary school classroom.  The same for John Glenn.  When many of my friends kept baseball cards and knew the statistics on their favorite sports star, I kept track of astronaut flight assignments, and watched the Croft puppets do a real time simulation of Gemini spacewalks.

When Apollo 7 flew, I smuggled my transistor radio into middle school to listen to hourly updates on the flight from the radio news.  When she found the clandestine box, my teacher thought I was listening to the baseball playoffs like my classmates. But I wasn’t.

So, when it comes to the space, I got the bug early and hard.  The value of space exploration – robotic as well as human – is an article of faith for me; hardwired in from my earliest days.

Some years later, my college roommates could not believe that I spent three 7-hour days (during finals week!)  in the dorm TV lounge watching the Apollo 17 moonwalks live.  On the other hand, I couldn’t believe nobody else was watching with me.  (Yes, having to go to a special room where there was a TV was a thing then).

But a constant throughout those days was the criticism: ‘Why should we spend money on space?”  “We have problems enough here at home we should solve first!” “My taxes are too high, and this is just tomfoolery!” And after the first time:  “Been there, done that, why do it again?”

Maybe you thought that everybody was in favor of Apollo.  That was not the case, it was always controversial.

A couple of years later one historian offered this retrospective: “How different would the world have been if the Soviet Union had gone to the moon in 1970 and the biggest contribution the United States made to world affairs in that decade had been the war in Viet Nam?”  Yes, a very different world would have resulted; an alternate universe that should cause us all to shiver.

So, when I hear people question the spending proposals for renewed space exploration, I think ‘how old fashioned’ or maybe ‘how short sighted’.  Heard it all before; it was wrong then and it is wrong now.

I appreciated the entire summer of Apollo remembrances.  There were well-deserved tributes properly done.  If young folks think that everybody was in favor of Apollo, then we have not told the complete story.

And one last bittersweet thought:  When I came to work at NASA shortly before STS-1, space cadet that I was, I thought we would do this ‘shuttle’ thing for a couple of years, then assemble the space station as an embarkation point, and then head out for permanent outposts on the moon and to Mars and other places in the solar system.

Nope, I never expected to spend my entire professional career on the good old shuttle, with the ISS coming along right at the end.  How did we let that happen?

We need to keep that outpost on the frontier staffed and operating but more we need to take the next step.  Because I doubt if we ever have a 50-year celebration for the space shuttle – not like they will for the first boot print on the red planet.

STS-121 The Hardest Launch Part 5: What Can We Learn?

Engineering is the art of modelling materials we do not wholly understand, into shapes we cannot precisely analyze, so as to withstand forces we cannot properly assess, in such a way that the public has no reason to suspect the extent of our ignorance.  – Dr A. R. Dykes

 A Flight Readiness Review is like Confession.  Every department must stand up in public and confess their sins, whereupon we all make a judgement about the severity and punishment.

Well, not exactly that but close enough.

At a NASA FRR each area is supposed to demonstrate that each and every piece part of a flight vehicle was designed with good engineering standards to accomplish the required purpose; and that further each part was manufactured to exacting tolerances and passed inspection; and still further that each part was tested or qualified to the conditions it would experience in spaceflight; and finally that all parts and all systems would work together to perform their functions successfully.  If the tiniest discrepancy was detected, an explanation must be forthcoming in excruciating detail with mountains of engineering rationale –  test and analysis – to show the discrepancy was acceptable.  A good FRR for the space shuttle could last two or more days with lengthy presentations, probing questions, sometimes acrimonious debate, and finally resolution:  fly or stand down and fix.

There was never a Flight Readiness Review without problem discussions.  I have found that every other space launch system which holds FRRs similarly discusses problems and discrepancies before deciding to fly.  These are complex systems built to exacting tolerance near the limit of what materials can stand.  There has never been a perfect rocket or a perfect launch; there are always discrepancies, problems, and issues.

Over the last several posts, I have recounted just a few of the major issues at the STS-121 FRR.  This is intended as an example and object lesson for those getting ready for future FRRs.  The STS-121 FRR was the most contentious that I ever experienced.  But it was like all those other reviews in that the imperfect system was laid bare, probed with great intensity, and at the end of the day a judgement made.  Those judgements were never based on perfect knowledge or understanding.  It is to be understood that perfect understanding – and perfect safety – does not exist.

For STS-121 the results were success.  But the questions remain:  were we smart or just lucky?  How close to the edge did we come?  Would it have been better to stand down and wait for better understanding or more perfection in the vehicle?  How long could we have waited before the program got cancelled?

It takes experience, skill, and understanding to come to a judgement in such matters; it is as much an art as a science.  How to know when enough has been done; how to know when it is safe enough; or how to decide to stop the clock and go back to work to understand and fix the problem.

At this point I generally quote Dr. Dianne Vaughn, a sociologist that studied how engineers at NASA make decisions in her book “The Challenger Launch Decision.”  Of course, it would take a sociologist to help us all understand the complex roles and interactions involved.  So here goes:

From Chapter 6 Engineering Culture:

1. “…the messy interior of engineering practice, which after the accident investigation looks like “an accident waiting to happen” is nothing more than “normal technology.” Normal technology…is unruly.”
2. “Judgments are always made under conditions of imperfect knowledge.”
3. “…experts are operating with far greater levels of ambiguity, needing to make uncertain judgments in less than clearly structured situations.”

Or just reference Dr. Dykes above.

The next time you hear a journalist reporting on a train crash or an aircraft accident or a ‘self-driving-car’ incident you can expect to hear it was ‘just an accident waiting to happen’ — because they ALL are.  The job of the engineers is to minimize the possibility of failure within the limits of what we know.

As we approach new space systems – especially launch systems – dissention should be expected at the Flight Readiness Review, some experts will believe there is more work to be done before the vehicle is ready to fly, that it is not safe enough.  That is because ALL flight vehicles are never perfect or perfectly understood.

Pray that there are leaders with judgement, maturity, and understanding that can properly evaluate the risks and make crucial decisions correctly.

When the countdown reaches zero say a little prayer and hold your breath.  Every single time.

Does that mean we should not go?

If you want to avoid all risk, you should stay in bed.

 “The desire for safety stands against every great and noble enterprise.” – Gaius Cornelius Tacitus (56-120 AD) 

 

STS-121 The Hardest Launch Part 4: Damage to the Heatshield

The ultimate controversy at the STS-121 Flight Readiness Review was the potential of fatal damage to the space shuttle during launch from foam loss from the External Tank.  The possibility of a replay of the loss of Columbia was the nightmare scenario that none of us wanted to experience.

In the first return to flight attempt, STS-114, events proved we had not adequately solved that problem.  Our initial conclusion that foam loss was due to installation error by the workers turned out to be incorrect.  Rather we found in that flight and the investigation that followed, that areas of foam on top of foam – where slightly different formulations of foam were used – would come apart due to something called ‘differential coefficient of thermal expansion’.  I wrote about that in depth earlier:  https://waynehale.wordpress.com/2012/04/18/how-we-nearly-lost-discovery/ .

The External Tank is a thin aluminum structure with surface parts sticking out; it all needs to be insulated because the liquids inside the tank are cryogenic.  Without insulation water from condensation out of the humid Florida air would quickly turn to ice.  Ice is an even bigger threat than loose foam.   So, insulation is required, and foam is the lightest weight type of insulation.  The vast expanse of tank surface area was covered by a formulation of insulation that was robotically sprayed on, but the small sticky-outie areas had to be covered by hand with different types of foam.  These ‘foam on foam’ areas proved to be the problem; they could come off during launch – particularly a from fittings called ‘ice-frost ramps’ (IFR).  We started an effort to shave down the foam as much as possible.  That limited the amount of possible debris.  But losses were still possible.

Ice-Frost Ramps of foam cover the attachment points for external lines on the outside of the ET

Using wind tunnels, super computers with Computational Fluid Dynamics programs, and finally Probabilistic Risk Analysis we studied the possible results.  Starting in January there was not much time.  In June, just before the Flight Readiness Review, the first results were finally ready to be revealed.  We needed to know what would be the likelihood of the shaved down foam coming off and critically damaging Discovery’s heat shield. Days before the FRR we got the results.

The results were not good.

NASA uses a matrix to plot the risks involved in any activity.  Five squares by five squares; rating risk probability from low to high and consequence from negligible to catastrophic.  The risk of foam coming off part of the External Tank and causing another catastrophe was in the top right-hand box:  5×5:  Probable and Catastrophic.  That square is colored red for a reason.

Completely unacceptable.  All the rules said no-go.

But the analysts did more than just present the results; they discussed the methodology used in the analysis.  In several critical areas they did not have the information they needed so they made worst case assumptions.  The results, they said, were probably overly bad; but they could not tell us by how much.  Weeks more of additional analysis might yield a more precise answer. And of course, we could return the vehicle from the launch pad back to the assembly areas where we could do more foam removal, if possible. Either way, it seemed like the launch would be delayed by a significant time.

This was a low point.  I felt, as the program manager who had multiple discussions with the analysts, that the results should have been better, in the area where the risk might be acceptable.  But it was hard to argue that the launch would be adequately safe.

Then up jumped the NASA Administrator, Mike Griffin, from his seat in the front row of the gallery, to the microphone.  What followed was a very interesting discussion of probability and statistics and a plausible interpretation that the PRA results were too conservative.  In fact, he concluded, the risk was acceptable.  Even the analysts present agreed with him.

What a turnaround.

With considerable discussion, and the notes penciled in on the Certification of Flight Readiness, the decision was to go ahead with the mission.

Were we smart or just lucky?  Nothing came off to damage Discovery on a beautiful July 4 launch.

As months past, and the analysis got better, the probability of catastrophe – as calculated – became acceptable, even low.

IFR Risk evolution

Reminds me somehow about what Mark Twain said about statistics.