
Starliner faced “catastrophic” failure before software bug found - GraemeL
https://arstechnica.com/science/2020/02/starliner-faced-catastrophic-failure-before-software-bug-found/
======
m4rtink
""While this anomaly was corrected in flight, if it had gone uncorrected it
would have led to erroneous thruster firing and uncontrolled motion during SM
separation for deorbit, with the potential for catastrophic spacecraft
failure," Hill said during the meeting."

I guess some things just never get old, citing from
[https://en.wikipedia.org/wiki/Soyuz_5](https://en.wikipedia.org/wiki/Soyuz_5)
:

"The flight was also memorable for its dramatic re-entry. The craft's service
module did not separate, so it entered the atmosphere nose-first, leaving
cosmonaut Boris Volynov hanging by his restraining straps. As the craft
aerobraked, the atmosphere burned through the module. But the craft righted
itself before the escape hatch was burned through."

This actually happened three times so far with the Soyuz (in all cases without
the loss of crew):

"An incomplete separation between the Service and Reentry Modules led to
emergency situations during Soyuz 5, Soyuz TMA-10 and Soyuz TMA-11, which led
to an incorrect reentry orientation (crew ingress hatch first)."

(from
[https://en.wikipedia.org/wiki/Soyuz_(spacecraft)#Service_mod...](https://en.wikipedia.org/wiki/Soyuz_\(spacecraft\)#Service_module))

One would kinda expect that past crewed vehicle emergencies would be studied
in detail when designing a new one & that the developers would make extra sure
they can't reasonably happen with their design.

~~~
worik
Given commercial pressures would a Boeing reentry vehicle be over designed to
such a extent that on such a failure (failure to separate, entering with the
wrong attitude ?correct term?) result in "...the craft righted itself before
the escape hatch was burned through"?

~~~
m4rtink
I would assume it would work the same as with the soyuz, provided that the
service module separates/explodes before the capsule reentering the wrong way
is irrecoverably damaged.

Basically, all space capsules have their of gravity placed in such a way that
they will automatically orient themselves heat shield forward once they
encounter the atmosphere. So once the service module is gone, it should flip
into the correct orientation just by physics alone.

(BTW, this is the same reason why the Crew Dragon spacecraft keeps it's aft
section "ring" attached during a launch escape, where it's super draco
thrusters drag it to a safe distance from a failing launcher.

The aft ring prevents the capsule from trying to flip over during the abort.
Then once in safe distance from the vapor & debris cloud that used to be the
launcher, the aft section is jettisoned and the capsule again automatically
re-orients itself heat shield forward.)

~~~
Already__Taken
I think who you're replying to is implying the escape hatch would have been
cheaper if it wouldn't last long enough before burn through during improper
re-entry

------
mzs
"Given the potential for systemic issues at Boeing, I would also note that
NASA has decided to proceed with an organizational safety assessment with
Boeing as they previously conducted with SpaceX"

~~~
geerlingguy
Ah so just the fact that Boeing has been around for half a century doesn't
absolve them from being subject to safety reviews? Nice to see some sense.

~~~
pstuart
It's McDonnell-Douglas with a Boeing name -- beancounters run the show now.

~~~
webpaymentsguy
You put a very disappointing feeling into words. Such a shame.

------
ceejayoz
> According to the source, Boeing patched a software code error just two hours
> before the vehicle reentered Earth's atmosphere. Had the error not been
> caught, the source said, proper thrusters would not open during the reentry
> process, and the vehicle would have been lost.

Uh, that's _extremely_ concerning for a CREWED capsule.

~~~
moftz
It depends on if the crew would have been able to control those thrusters
themselves. Obviously you want the entire system to be autonomous enough that
no crew interaction is required but things do happen and the crew needs to be
able to act and fix the problem if capsule can't do it nor the ground. When
the Starliner started a burn at the wrong time, a crew would have been able to
stop it and prevent the loss of fuel. I wonder if this re-entry thruster issue
was a result of the earlier thruster issue (or a result of the troubleshooting
of it).

There are uncrewed test flights for a reason. You can't always simulate every
possible failure mode. Things fail on the ground that wouldn't be possible
during normal operation and vice versa.

~~~
m4rtink
The "crew would fix it" argument is a very very bad one. Many spacecraft
maneuvers need to be very precise in both pointing and direction. Something
computers are very good at, humans less so.

Also, the crew would first have to know something wrong is going on either
based on activity happening that was not planned previously or unexpected data
on flight instruments. But guess what is driving those instruments in a modern
crewed space vehicle - also computers and software. That software might be
faulty as well or even displaying the same wrong data the automated control
software is acting upon.

In such a case the crew might not even notice something is wrong until the
craft is on a wrong and potentially even unrecoverable trajectory once ground
radar notices something is wrong.

As for the crew taking over thtuster control during a _reentry_ \- sorry, if
you space capsule is trying to kill you that hard, something is wrong.

At that point in time, the capsule is hurtling through the atmosphere
protected only by its from ablative shield. The thrusters are used to shift
the center of gravity a bit, to give the capsule some lift, offsetting some of
the g forces due to the rapid deceleration. This is called "lifting reentry".

This all needs to be very very precise & based on up to date sensor data, as
the whole capsule is _not_ covered by the heat shield and if you change the
center of gravity too much, you might expose unprotected parts of it to the
hot plasma.

This is not really a good environment for a crew member to take over - not
only are you under couple g's of deceleration but any mistake will kill you
all. But hey, no pressure!

BTW, the Soyuz capsule has a backup mode available in case it's reentry
control thrusters fail, where the capsule just follows an unguided ballistic
reentry. This is much harder on the crew (due to no lift compensating for some
of the deceleration), but survivable & has been used a couple times during
various emergencies.

~~~
remarkEon
Im not disagreeing with you, I suppose, but we _did_ do this before with a lot
less sophisticated systems and a lot more manual control. It stands to reason
that, given proper training, a pilot of one of these spacecraft could identify
a problem and switch to manual.

~~~
avmich
A good spacecraft would allow transportation of injured or incapacitated crew,
so fully automatic landing is definitely desirable.

------
smoyer
So we know there were catastrophic bugs in the 737 Max, they've found
additional bugs that haven't been catastrophic yet and now we hear that the
Starliner also has software bugs. I'm going to order a copy of "The Mythical
Man-Month" for Boeing ... they need to get way back to the basics.

(Where's Margaret Hamilton when you need here?

~~~
trhway
> I'm going to order a copy of "The Mythical Man-Month" for Boeing

too late. Boeing is already deep in Agile, a methodology which promises that a
child can be delivered by the way of 9 incremental monthly deliveries.

[https://www.infosysconsultinginsights.com/2019/06/12/the-
ris...](https://www.infosysconsultinginsights.com/2019/06/12/the-risks-of-
moving-to-mature-agile-too-fast-a-cautionary-tale/)

"Boeing was an early Agile adopter in 2008 surpassing its rival, Airbus, in
2012 by deploying a newly renovated 737 Max 8 faster to market.

[...]

The 2008 article Boeing Frontiers- Goin’ Agile by Doug Cantwell from Boeing
describes how Boeing, in partnership with Lockheed Martin, created an Agile
lab to move changes to the aircraft to market it faster, cutting down flight
test times from months to days. "

~~~
erikpukinskis
The baby analogy is pithy, but I don’t really see the comparison.

You don’t do your software development in increments smaller than a month?
What does that mean, you spend two months just writing specs?

~~~
trhway
I'd hope that it takes more than 2 months for specs at Boeing. No, we don't
write the specs that long, if any. I mean that would be so w-word. In our case
while usually almost everybody is on the same page that legs should be
attached lower and hands - higher, the actual attachment points and number of
the legs, hands, etc. may be pretty fluid through the iterations, and
especially the things like number and topology of digits or the shape, number
and location of eyes and other sensors.

------
axilmar
What I would like to know is what the software bug was. Unfortunately the
article does not say it, and I am sure no information online exists about
this.

------
classicsnoot
On a certain blog that is completely outside acceptable standards for
wrongthink and political correctness, a very popular topic of late is why NASA
seems to have it in for Elon Musk Personally and SpaceX generally. The
commonly stated reasons, and I will be paraphrasing and transliterating
freely, are: HR culture defining administration wide objectives and methods
and reasoning, professional embarrassment over languishing reputation, gross
incompetence, turf defense of budget and status, and a desire to stay firmly
planted on Terra while being lauded for dreaming of the stars.

I am always skeptical of any argument that is unfamiliar, but more and more it
does appear that NASA has lost its way. The shuttle was an obvious mistake in
retrospect; there may even be some credibility to the obscure theory that NASA
only did it to further separate themselves from DoD. I think NASA has become a
political creature that is less concerned with science and more concerned with
SCIENCE™. If this is the case, they will fight tooth and nail against any
expansion of manned space exploration (because it will be both private and
military in nature), the will fight against innovation that doesn't spring
from their own workshop(s), and they will use Cape Canaveral (and their
heritage facilities/infrastructure) as a way to bully "adversaries" into
submission.

I hope this isn't the case, and if it is, I hope they can reverse whatever
practices and policies that have led us to where we are. As it stands though,
it appears NASA is more like OSHA then it is like its historical instance.

~~~
MiroF
> On a certain blog that is completely outside acceptable standards for
> wrongthink and political correctness

What does this statement really add besides political signaling?

~~~
jshevek
It is important as a community that we are aware of the criteria, both claimed
and actual, which guide the moderation of our community. Statements like this
give people like me an opportunity to research and learn more about the
decision making of the mods.

