Author Topic: Implications of Soyuz MS-10 launch failure on ISS, crew rotation,Commercial Crew  (Read 63900 times)

Offline woods170

  • IRAS fan
  • Senior Member
  • *****
  • Posts: 8689
  • IRAS fan
  • The Netherlands
  • Liked: 5459
  • Likes Given: 1793
Commercial Crew, at least on the SpaceX side, is being hampered by NASA paperwork, not vehicle concerns. Throwing money or people at it will only serve to slow everything down. Someone upthread said that the best plan is to stick to the plan unchanged. I couldn't agree more. The only thing that NASA might consider doing is swapping DM-2 and the IFA mission. That would speed up Commercial crew by a couple of months. But even that would be a huge undertaking. If that decision isn't made very, very soon, then just changinging the plan to make that possible would, by itself, cause even more delay than just leaving it alone.

I said before, this is a Russian problem to solve. They will solve it. And then we will have a RTF. Until then we just wait.

No. I could not disagree more. Money is not the issue, ASAP is. The director should move to bypass ASAP and clear the path for the un-crewed test flight to fly IMMEDIATELY: pending crew manning resolution on ISS pending soyuz RTF.

Brings up an even more important point. We have a crew on ISS until December. After that Soyuz or no Soyuz we are going to lose that asset. Why not fly dragon ASAP and get as many flight test and certification objectives completed IN THE ACTUAL FLIGHT ITSELF right now. You can finish the freaking paperwork after the fact, go fly the system and see if it works if it doesn't we need to know that sooner rather than later anyway so much the better.

We should fly this vehicle right now before we have to look at pushing everything back significantly because we have to standown ISS. Get ASAP and anyone else out of the way of this. It is a national imperative.

The one thing not to do in a crisis is to panic. But that clearly does not stop you from being in a panic.

The worst that can happen is that ISS will be unmanned for a few months. According to NASA that is no big deal.
« Last Edit: 10/13/2018 04:35 PM by woods170 »

Offline clongton

  • Expert
  • Senior Member
  • *****
  • Posts: 10627
  • Connecticut
    • Direct Launcher
  • Liked: 2787
  • Likes Given: 1067
The worst that can happen is that ISS will be unmanned for a few months. According to NASA that is no big deal.

Correct. Decrewing ISS for a single crew launch cycle would not pose any danger to the ISS. It would be unfortunate for the science experiments that are aboard. But that would be the only real casualty. Experiments can be reconstituted and restarted. ISS will still be there waiting for the crew and it will be fine.
Chuck - DIRECT co-founder
I started my career on the Saturn-V F-1A engine

Offline ChrisWilson68

  • Senior Member
  • *****
  • Posts: 3814
  • Sunnyvale, CA
  • Liked: 2465
  • Likes Given: 3196
The way they've been handling this is maddening to me. There have been talks about RTF dates hours after a rocket failure that could have killed two astronauts happened, some even suggesting to anticipate the next crewed flight which is two months from now. This smells of recklessness and  complete lack of professionalism and seriousness. This is the time for them to shut up, be humble and throughly understand the situation before even suggesting a RTF.

I disagree.  There's nothing reckless about making plans as long as they're leaving open the possibility of changing them based on the outcome of the investigation.

There are a lot of people working on the Soyuz program who won't be able to contribute to the investigation.  Having them just sit on their hands and do nothing until the investigation is done doesn't help anything.  They might as well continue working, and to do that, they need to have a schedule, even if the schedule might change.  Since one of the possible outcomes of the investigation is that they will clear Soyuz to fly before the end of the year, they need to schedule a flight then and work toward it even before the results are known, or else there's no chance it will happen.

Offline ChrisWilson68

  • Senior Member
  • *****
  • Posts: 3814
  • Sunnyvale, CA
  • Liked: 2465
  • Likes Given: 3196
I thought the biggest part of the test was to prove that the capsule is safe for human spaceflight.

No. The entire approach sequence is being tested. But the most critical element, up to and including the actual docking, is the ability of ISS crew to command an approach abort. ISS must not be approached within the keep-out zone by any device that has not demonstrated the ability of ISS crew to abort the approach - from anywhere in the approach profile. That is why ISS crew must be aboard during this test.

That doesn't make any sense.  Your claimed rules is a catch-22 that would prevent any new vehicles from ever being cleared to approach the ISS.  The test flight that demonstrates that the abort works will itself be a case where the ISS will be approached by a device that has not demonstrated the ability of ISS crew to abort the approach.

DM-1 wouldn't be allowed at all by your rules, with or without a crew on ISS.  By those rules, no new vehicle could ever approach the ISS because it couldn't demonstrate the abort before it did approached to do the abort.

Offline hop

  • Senior Member
  • *****
  • Posts: 3341
  • Liked: 476
  • Likes Given: 829
Correct. Decrewing ISS for a single crew launch cycle would not pose any danger to the ISS.
This is clearly not accurate. There are well known failure modes which are recoverable by crew, but likely to result in loss of vehicle if crew were not present (i.e. the Big 14). The odds may be low enough to not be a big deal as woods170 put it, but they are clearly not zero and it's something that NASA has gone to significant effort to avoid in the past.

This of course does not mean harebrained schemes to rush other vehicles into service would be a better idea.

edit:
 Corrected unintentional 20% undervaluation of woods170 :-[
« Last Edit: 10/14/2018 08:08 PM by hop »

Offline ChrisWilson68

  • Senior Member
  • *****
  • Posts: 3814
  • Sunnyvale, CA
  • Liked: 2465
  • Likes Given: 3196
There's a lot of talk about how we can't speed up commercial crew at all because it wouldn't be safe.  These arguments imply that "safe" is a binary thing: either it is safe or it isn't, and the current plan for commercial crew is the minimum needed to be safe.  Do the current plan and it's safe, do anything else and it isn't safe.

I actually agree that it's probably not a good idea to try to speed up commercial crew, and that the reason is safety.  But it's not because there's safe and unsafe and anything other than the current plan wouldn't be safe.

Safety is always a trade off.  The current commercial crew plans are based on at least an implicit cost-benefit trade-off -- they try to get the best safety with a reasonable cost within a reasonable time frame.

If Soyuz is going to be offline for a while, there's more benefit to having commercial crew sooner.  But the best reason not to change the plan isn't that the current plan is the best possible one for the new circumstances.  The reason is that it's too costly to re-evaluate the plan at this late stage.  Probably, some moderate speed-up would be the right choice.  But the process of figuring out what the right trade-offs are to get that speed-up would itself likely take far longer than the gain.  And the pressure to speed it up would likely lead to the wrong choices being made.

Offline Chasm

  • Full Member
  • ****
  • Posts: 435
  • Liked: 200
  • Likes Given: 0
There is benefit to test at least one of the new vehicles while there is crew on board.
Could you do it without crew on station if you had to? Most likely, but why go there?

On the other hand you can always launch the next Soyus without crew to buy another 6 months. Or rather 6 months minus the time for the controlled shut down and de crewing of the station.
If it also fails that is just money. And bad statistics, but FG is on the way out.

Basically the cost of Soyuz MS-11 that launches empty. Not too terrible to guarantee that the ISS stays operational for the forseeable future. IF that is actually a real concern in the first place.

Online guckyfan

  • Senior Member
  • *****
  • Posts: 6793
  • Germany
  • Liked: 1809
  • Likes Given: 1844
There exists the remote but documented possibility during the approach of a crewed spacecraft that the crew is incapacitated in some manner and unable to abort an off-nominal approach. ISS crew therefore must have the ability to command an abort, even from a crewed vehicle. That must be demonstrated before any crewed vehicle attempts to dock.

It looks entirely feasible to me to evaluate this capability as a paper exercise with sufficient confidence if needed.

Edit: after all this has been tested on Dragon 1.
« Last Edit: 10/14/2018 05:54 AM by guckyfan »

Offline FinalFrontier

  • Senior Member
  • *****
  • Posts: 4012
  • Space Watcher
  • Liked: 437
  • Likes Given: 159
The vehicle is literally built and ready and sitting in a hangar waiting, this is beyond nonsensical right now. Paperwork and cert issues are things that can be solved after the flight, especially since any problem on the flight will generate additional issues anyway. We are literally doing this ass backwards, and before this failure that didn't matter as much, well now it matters big time.

We only have a few more years on ISS and that's IF the Russians don't pull out over political tension in the early 20s. We need to maximize that we cannot sit here and keep wasting time like this. The vehicle is built FLY THE TEST FLIGHT.

I'm an engineer (ok so its software..  different deliverables but core processes are the same ) and its so frustrating when I hear a comment like this.  But its really because we in the engineering disciplines do it to ourselves.   You have to realize that when an engineer says "all thats left to do is the paperwork", most of the time he/she means they are done with the development and integration phases (writing code, bending metal, mixing chemicals, whatever the discipline is) and all that's left is for the customer to proceed through agreement that the requirements were met and accept the product.   That's because most engineers aren't involved in those steps or if they are its at a lower level, so for them there isn't much direct work left.

That does*NOT* literally mean that people just have to fill out paperwork to finish the project.   That paperwork we are talking about is the documentation of all the acceptance work that still has to be done!  There are reviews of deliverables, verification that everything from design to end product matches the requirements, validations of the products.  Agreement on any variances that have arisen.  Reviews and verification that all action items are completed or otherwise accounted for.   This isn't drudgework, it isn't makework.  Its a vital part of the engineering process. 

Can it be sped up?  Maybe a little.  Government projects I've been on tended to stick to prescheduled dates for meetings to close this stuff out, even if everything is already ready.  After all the customer( govt) personnel aren't just sitting on their keisters waiting for meeting day to go to work.   They have other work to do as well.   Yes, schedules do move to the right because you can't review if its not ready, but rarely do they move these meetings to the left.  So maybe theres some room to compress the schedule a little *IF* they can shuffle day-to-day priorities.  But not a lot.  This is a complex system where getting this stuff wrong can result in loss of expensive equipment, or far worse loss of life.    Would you really want to be the person who made that call and as a result missed that a critical issue wasn't closed because not enough time was spent on the verification and validation?   I know *I* wouldn't.

Just remember..  January 27 1985.  The shuttle hardware was there, it was even on the pad!  Morton-Thiokol didn't have absolute proof temperature would be a problem.   The response will forever be remembered.  "My God, Thiokol, when do you want me to launch—next April?"    Basically.... "the hardware is there... why wont you let me launch it".  A VERY dangerous road indeed to be going down.
Not disagreeing with you here, these are very solid points but there is one problem. If something malfunctions or fails during the test flight you are gonna have to do all of what you just mentioned over again. On top of a loss investigation and a re-certification. The point here is that it would seem to be more logical to go and fly, and then integrate of all the remaining work with any ADDITIONAL work generated by faults found during the flight. As opposed to potentially having to do all of it over and incurring still more delays. You minimize the delay in the event of a serious issue on DM1 by flying DM1 that much sooner.

At this point it does not look like the Soyuz stand down may last that long, the problem seems to be understood and seems to be very simple, though I say that with caution since nothing is certain yet. Given this, the most likely outcome is that there are no changes to the crew program or forward planning, even though there probably should be. Also, I agree with an earlier statement made in the thread that Soyuz remains the safest most reliable system to get to ISS. The new vehicles are untested, brand new, never flown. Soyuz is the oldest vehicle still flying and it has had multiple aborts where the vehicle saved the crew. With that said, the issue here is not the system or the vehicle, it's the production line. Quality control is the underlying problem of late, and it's not clear that can be resolved. Given that, there is no reason right now, to think that another FG booster might not explode next year due to another QC related issue. That is what makes this really vexing, and really dangerous for ISS as far as getting maximum utilization is concerned.

So bottom line, we are getting to just now enjoy the consequences of bad policy decisions made in the early 2000s. There were many warnings about an HSF gap, about leaving ISS without domestic crew rotation capability, unfortunately these were all ignored. Now we have a rock and hard place situation developing. Hopefully there are no more issues with Soyuz after the RTF, and the commercial vehicles stay on schedule for next year with no more slips.
3-30-2017: The start of a great future
"Live Long and Prosper"

Offline ncb1397

  • Full Member
  • ****
  • Posts: 1183
  • Liked: 488
  • Likes Given: 4
You minimize the delay in the event of a serious issue on DM1 by flying DM1 that much sooner.

A serious problem with DM1 means you will likely fly another uncrewed test with the DM2 hardware. That means you push out first crewed flight to whenever the original first post certification hardware is going to be ready. This doesn't save you any time. How you save time is doing your best to get DM1 to fly right so that crew can be put on the next flight.

Offline FinalFrontier

  • Senior Member
  • *****
  • Posts: 4012
  • Space Watcher
  • Liked: 437
  • Likes Given: 159
You minimize the delay in the event of a serious issue on DM1 by flying DM1 that much sooner.

A serious problem with DM1 means you will likely fly another uncrewed test with the DM2 hardware. That means you push out first crewed flight to whenever the original first post certification hardware is going to be ready. This doesn't save you any time. How you save time is doing your best to get DM1 to fly right so that crew can be put on the next flight.
It saves you time in that you realize you have a problem 'now' instead of realizing you have one in say, march of next year. Which would mean a DM2 probably being in 2020. Which would mean no crew until at least 2020 (on that vehicle). Although the same applies to CST 100 as well. The risk here is essentially that by attempting to mitigate risk, you fail to mitigate additional risk and end up just wasting even more time trying.
3-30-2017: The start of a great future
"Live Long and Prosper"

Offline speedevil

  • Senior Member
  • *****
  • Posts: 3191
  • Fife
  • Liked: 1631
  • Likes Given: 1958
Correct. Decrewing ISS for a single crew launch cycle would not pose any danger to the ISS.
This is clearly not accurate. There are well known failure modes which are recoverable by crew, but likely to result in loss of vehicle if crew were not present (i.e. the Big 14). The odds may be low enough to not be a big deal as woods140 put it, but they are clearly not zero and it's something that NASA has gone to significant effort to avoid in the past.

This of course does not mean harebrained schemes to rush other vehicles into service would be a better idea.

The risks to a decrewed station may be other than technical.
Might certain voices start insisting loudly that it only comes back in a commercial manner, at a time when that is implausible?

Offline ZachF

  • Full Member
  • ****
  • Posts: 649
  • NH, USA, Earth
  • Liked: 640
  • Likes Given: 148
You minimize the delay in the event of a serious issue on DM1 by flying DM1 that much sooner.

A serious problem with DM1 means you will likely fly another uncrewed test with the DM2 hardware. That means you push out first crewed flight to whenever the original first post certification hardware is going to be ready. This doesn't save you any time. How you save time is doing your best to get DM1 to fly right so that crew can be put on the next flight.
It saves you time in that you realize you have a problem 'now' instead of realizing you have one in say, march of next year. Which would mean a DM2 probably being in 2020. Which would mean no crew until at least 2020 (on that vehicle). Although the same applies to CST 100 as well. The risk here is essentially that by attempting to mitigate risk, you fail to mitigate additional risk and end up just wasting even more time trying.

I have a problem with the assumption that a massively bloated testing and development program is the only key to safety, versus fast and smart iteration. Eventually you have to fly it,and when you do you'll get much better data than reams of paperwork and simulations. It  is much more likely to create paralysis by analysis with little performance gain, and it does nothing to fix the problem of unknown unknowns.

Fast and smart iteration got us to the moon in a decade, and reusable boosters.

Paralysis by analysis got us SLS, and commercial crew 4 years later than it should have been.
artist, so take opinions expressed above with a well-rendered grain of salt...
https://www.instagram.com/artzf/

Offline LouScheffer

  • Full Member
  • ****
  • Posts: 1925
  • Liked: 2533
  • Likes Given: 283
It does bring up a good point though, not having a launch abort system is a critical flaw in BFS.
Also, launch abort systems make sense for unreliable vehicles but not for reliable vehicles.  That's because any additional complexity comes with risk.  So a LAS adds some risk.  If your vehicle is already risky, the additional risk of the LAS is worth it because it also mitigates the existing risk.  But if your vehicle is safe enough to begin with, the LAS would just make it riskier.

As a concrete example of this, it is not at all clear whether oxygen masks on passenger planes have saved or cost lives.  They have likely saved a few lives, for marginally healthy people who might not have survived the several minute plunge to safer altitudes.  (The other passengers would have survived just fine, masks or no masks, since the pilots descend as soon as possible in the event of a problem).  On the other hand, the oxygen masks have killed at least 110 people, since the ValueJet plane would not have been carrying flammable oxygen generators had not they been mandated.

Offline Rocket Science

  • Senior Member
  • *****
  • Posts: 9129
  • NASA Educator Astronaut Candidate Applicant 2002
  • Liked: 3000
  • Likes Given: 8016
It does bring up a good point though, not having a launch abort system is a critical flaw in BFS.
Also, launch abort systems make sense for unreliable vehicles but not for reliable vehicles.  That's because any additional complexity comes with risk.  So a LAS adds some risk.  If your vehicle is already risky, the additional risk of the LAS is worth it because it also mitigates the existing risk.  But if your vehicle is safe enough to begin with, the LAS would just make it riskier.

As a concrete example of this, it is not at all clear whether oxygen masks on passenger planes have saved or cost lives.  They have likely saved a few lives, for marginally healthy people who might not have survived the several minute plunge to safer altitudes.  (The other passengers would have survived just fine, masks or no masks, since the pilots descend as soon as possible in the event of a problem).  On the other hand, the oxygen masks have killed at least 110 people, since the ValueJet plane would not have been carrying flammable oxygen generators had not they been mandated.
I'm going from memory Lou, but were not those in the cargo hold being shipped?
"The laws of physics are unforgiving"
~Rob: Physics instructor, Aviator, Vintage auto racer

Offline mulp

  • Member
  • Posts: 38
  • merrimack, nh
  • Liked: 18
  • Likes Given: 6
If NASA and industry had focused on one spacecraft instead of three, would it be flying by now?

Maybe ask if NASA had followed through with any of the programs they cancelled in the 90s, we wouldn't have had any gap in human spaceflight capability at all.
Yeah, because there would be no ISS and thus no humans in orbit to create a gap.

Things are cancelled because they cost too much and are missing dates and will be obsolete or have no purpose if they get completed.

Mission goals are too often set by committee, with the quiet voice with money dictating lots  of workers paid by taxpayers in certain districts, then lots of goals to get support from various factions.

The Shuttle was sold as a Swiss Army knife replacing every other tool. That required it carry a bomb as cargo to get things  in high orbits, among other things. That and delays led the DOD to restart funding rockets, cutting Shuttle development funding, plus cutting the number of flights, increasing operational costs, and starving replacement human flight solutions. Various attempts to cut costs, privatizing operations, for example, failed to cut costs, perhaps increasing them.

Stepping back, cutting taxes was supposed to create  more jobs by every taxpayer putting the extra money in their pockets into doing private human space flight much cheaper than government. So much for that economic theory. Except that is still the governing theory.

SpaceX and Blue Origin try to stay away from government getting to load up their projects with stuff that diverts from their focused and limited goals. Outsiders think they should design their systems differently, especially when taxpayers pay them for services, simply because taxpayers are paying. Both are creating too few jobs, and too little profits to major campaign supporters. Remember, the theory is more jobs are created by cutting government spending, not fewer jobs. And especially not job and profit losses in GOP voting districts.

Offline woods170

  • IRAS fan
  • Senior Member
  • *****
  • Posts: 8689
  • IRAS fan
  • The Netherlands
  • Liked: 5459
  • Likes Given: 1793
Correct. Decrewing ISS for a single crew launch cycle would not pose any danger to the ISS.
This is clearly not accurate. There are well known failure modes which are recoverable by crew, but likely to result in loss of vehicle if crew were not present (i.e. the Big 14). The odds may be low enough to not be a big deal as woods140 put it, but they are clearly not zero and it's something that NASA has gone to significant effort to avoid in the past.

This of course does not mean harebrained schemes to rush other vehicles into service would be a better idea.

That's woods170 to you buster. ;)

Offline FinalFrontier

  • Senior Member
  • *****
  • Posts: 4012
  • Space Watcher
  • Liked: 437
  • Likes Given: 159
Correct. Decrewing ISS for a single crew launch cycle would not pose any danger to the ISS.
This is clearly not accurate. There are well known failure modes which are recoverable by crew, but likely to result in loss of vehicle if crew were not present (i.e. the Big 14). The odds may be low enough to not be a big deal as woods140 put it, but they are clearly not zero and it's something that NASA has gone to significant effort to avoid in the past.

This of course does not mean harebrained schemes to rush other vehicles into service would be a better idea.

The risks to a decrewed station may be other than technical.
Might certain voices start insisting loudly that it only comes back in a commercial manner, at a time when that is implausible?
I am also very concerned about that. Again, the longer the commercial crew IOC slips to the right, the more likely that scenario may be, especially should the FG booster experience another failure. Again, it seems to me the right thing to do here would be to fly the vehicle that is ready to go while the crew is still up there, and finish the technical reviews and certifications after that flight provided the vehicle functions correctly. Because if it doesn't, if it's unable to dock or something else happens, all of the existing certification and review work will have to be re-done anyway on top of a failure investigation depending on severity. Now again, before this incident happened this was not a big deal. We were going down the normal logical path here, though frustrating: certification for flight-->then test flight--->then crewed flight. Now ideally the certification for flight part would have been completed before the vehicle was ready, so you don't wind up with a vehicle sitting in a hanger at the cape waiting. But in this case that's just how it worked out. Now, the next step normally would be test flight then, asses what happened on the test flight. If something goes wrong you then have to do an investigation, corrective actions, and then re-do the certification paperwork. You also have to re fly your demo flight, so everything gets pushed significantly to the right.

My argument here is why not keep working on the certification work, but also go fly the vehicle right now? It is after all a test flight, I am not sure why trying to 100% certify something that has never flown is something we should really be doing anyway. If it hasn't flown then you can do all the ground certifications you want, doesn't mean it won't explode, go out of control, or burn up on re-entry. Given the circumstances and the risk, which seems to be growing, that the Russians will have further QC related faults in the near future, does it not make more sense to go fly now? You can keep working on this stuff while the vehicle does it's test flight, then if there are no anomalies you can fully certify it AFTER it has been flight proven. That is what I meant when I said this seems to be getting done backwards given the circumstances.
3-30-2017: The start of a great future
"Live Long and Prosper"

Offline LouScheffer

  • Full Member
  • ****
  • Posts: 1925
  • Liked: 2533
  • Likes Given: 283
It does bring up a good point though, not having a launch abort system is a critical flaw in BFS.
Also, launch abort systems make sense for unreliable vehicles but not for reliable vehicles.  That's because any additional complexity comes with risk.  So a LAS adds some risk.  If your vehicle is already risky, the additional risk of the LAS is worth it because it also mitigates the existing risk.  But if your vehicle is safe enough to begin with, the LAS would just make it riskier.

As a concrete example of this, it is not at all clear whether oxygen masks on passenger planes have saved or cost lives.  They have likely saved a few lives, for marginally healthy people who might not have survived the several minute plunge to safer altitudes.  (The other passengers would have survived just fine, masks or no masks, since the pilots descend as soon as possible in the event of a problem).  On the other hand, the oxygen masks have killed at least 110 people, since the ValueJet plane would not have been carrying flammable oxygen generators had not they been mandated.
I'm going from memory Lou, but were not those in the cargo hold being shipped?
Yes, but the only reason they were being shipped was as expired parts for the mandated masks.  Had masks not been required, there would have been no reason to ship them.

Offline Rocket Science

  • Senior Member
  • *****
  • Posts: 9129
  • NASA Educator Astronaut Candidate Applicant 2002
  • Liked: 3000
  • Likes Given: 8016
It does bring up a good point though, not having a launch abort system is a critical flaw in BFS.
Also, launch abort systems make sense for unreliable vehicles but not for reliable vehicles.  That's because any additional complexity comes with risk.  So a LAS adds some risk.  If your vehicle is already risky, the additional risk of the LAS is worth it because it also mitigates the existing risk.  But if your vehicle is safe enough to begin with, the LAS would just make it riskier.

As a concrete example of this, it is not at all clear whether oxygen masks on passenger planes have saved or cost lives.  They have likely saved a few lives, for marginally healthy people who might not have survived the several minute plunge to safer altitudes.  (The other passengers would have survived just fine, masks or no masks, since the pilots descend as soon as possible in the event of a problem).  On the other hand, the oxygen masks have killed at least 110 people, since the ValueJet plane would not have been carrying flammable oxygen generators had not they been mandated.
I'm going from memory Lou, but were not those in the cargo hold being shipped?
Yes, but the only reason they were being shipped was as expired parts for the mandated masks.  Had masks not been required, there would have been no reason to ship them.
Yes, thought so, since then they no longer were allowed to to do so on passenger flights in the hold...
"The laws of physics are unforgiving"
~Rob: Physics instructor, Aviator, Vintage auto racer

Tags: