Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
NASA Space Science

NASA Will Man Destruct Switch Just In Case 196

Ant writes "Popular Mechanics reports if the looming Discovery mission or any other between now and the spacecraft's retirement loses control, National Aeronautics and Space Administration (NASA) is prepared to ditch it in the Atlantic ocean — or blow it up. The article also shows complete no-fly-zone maps and a photograph of the switch."
This discussion has been archived. No new comments can be posted.

NASA Will Man Destruct Switch Just In Case

Comments Filter:
  • by Anonymous Coward on Saturday May 10, 2008 @08:32AM (#23360426)
    I don't understand why there are four switches. I mean, I understand "Arm" and "Destruct", but why "test"? Does that blow up just a small section of the shuttle? I would have thought that turning off the "Arm" would be the same as "Safe"

    I know, I know ... it's the engineers having a laugh. Getting a kick out of the confused looks on stupid people like myself.
    • Re:Four Buttons? (Score:5, Informative)

      by Anonymous Coward on Saturday May 10, 2008 @08:48AM (#23360514)
      The "Test" button probably checks the detonation circuits, WITHOUT igniting the actual charges. And the "Safe" button is probably for permanently disarming the charges once the shuttle's in orbit.
      • The "Test" button probably checks the detonation circuits, WITHOUT igniting the actual charges. And the "Safe" button is probably for permanently disarming the charges once the shuttle's in orbit.
        The charges are on the SRBs, not the shuttle.
        • All the more reason to use Test and Safe. Keeping a detonation system active on rockets that fall into the ocean [wikipedia.org] seems dangerous to fish and c^Hships (though a well-planned early detonation could allay risks if the boosters fall towards land or the aforementioned ships).

          Sometimes you just have to blow 'em up on the way down, I guess.

          • Actually, there are ships that collect the SRBs and I'm sure they would like to know that the active explosives on board are inoperable.
            • On the other hand I could argue that trying to re-use solid rockets which should be pretty much disposable was a dumb idea in the first place and is pretty much the only reason Challenger ever happened. NASA seems to like to do strange things with the shuttle like use the tires only once per mission while re-using the casing for the potentially explosive solid rocket fuel.
              • I think the engines are too expensive to ditch. That's why the shuttle carries the three MSE engines on it's tail the whole spaceflight and reentry, when they could have been ditched along with the ET. Their extra mass is a burden for every manuver (sp?) yet they've got to come home somehow.
      • by Alwin Henseler ( 640539 ) on Saturday May 10, 2008 @09:46AM (#23360846)
        Sure hope those are labeled correctly... just in case anyone at NASA would think it's a funny prank, I recommend NASA add one more rule to their launch procedures: "DO NOT lauch on April 1st"

        Best use a time window, to allow for differences in 'local time' (a relative notion for space operations)
      • Re: (Score:3, Interesting)

        by Z00L00K ( 682162 )
        This is not uncommon for many such systems where you want to verify the circuit to see that it actually will fire.

        The solution is even simpler, it just adds a resistor in the circuit so that the current flowing through the detonators are below ignition current.

    • Re: (Score:3, Informative)

      by Detritus ( 11846 )
      The test function allows you to verify that everything is working without blowing anything up or endangering anyone. Think of it as a "NOP" command to the launch vehicle's range safety system.
    • Re: (Score:3, Funny)

      by JustOK ( 667959 )
      The test switch only works once.
    • by NeverVotedBush ( 1041088 ) on Saturday May 10, 2008 @10:52AM (#23361324)
      I am no expert in man-machine interfaces, but I think I would make the Destruct switch a different kind of switch and color than the rest of the switches. It should be red and the others orange or yellow or something.

      I would just want to minimize as much as possible the chance that the destruct switch was accidentally activated if things got really hairy and fast moving and the range officer had to be prepared to blow the thing up.

      I know they toggles have the red guards on them so the officer would have to flip it up before actuating, and from the article it appears to be a two-step process (arm then destruct), but four identical switches next to each other for such a critical function just seems a bit risky to me. I think I might even make it a two-person job where the 2nd could destruct only after the first armed.

      But then I realize that by delaying the destruction, many more lives could be put in danger if the assembly was headed over populated areas. Still, four identical switches and buttons right next to each other, with such dissimilar functions seems a bit risky to me.
      • The panel design (and the panel itself?) likely dates back at least to the 70's - Apollo/post-Apollo. The Right Stuff era - men were men, and they didn't need no stinkin' Jakob Nielsen to push the right buttons...
    • by Anonymous Coward on Saturday May 10, 2008 @11:13AM (#23361506)

      Test: ping

      Arm: login root

      Destruct: rm / -rf

      Safe: logout

    • by greeze ( 985712 ) on Saturday May 10, 2008 @03:51PM (#23363760)
      They should've had Apple design it. Apple would've done it with only ONE switch.
    • by syousef ( 465911 ) on Saturday May 10, 2008 @04:01PM (#23363850) Journal
      I don't understand why there are four switches. I mean, I understand "Arm" and "Destruct", but why "test"? Does that blow up just a small section of the shuttle?

      That button is for mission controllers that wanted to be astronauts but didn't make the cut. It blows up just one astronaut, but leaves the shuttle flying. Correct procedure when using this button is to laugh maniacally then yell "Who wants to be an astronaut now, bitch!" before flicking the switch.
  • photograph (Score:5, Funny)

    by Anonymous Coward on Saturday May 10, 2008 @08:38AM (#23360458)
    I looked at TFA, and I gotta tell you, it's an exciting picture of the switch. Actually, it looks like FOUR switches and FOUR buttons. Well worth going to the site to see it.
    • I looked at TFA, and I gotta tell you, it's an exciting picture of the switch. Actually, it looks like FOUR switches and FOUR buttons. Well worth going to the site to see it.
      That sounds like a logitech mouse.
    • Re: (Score:2, Insightful)

      I like how there is a cut up pice of printer paper with larger labels around the buttons.

      That tells me that somebody looked at the Space Shuttle self destruct buttons and said, "You know this 'test' button looks alot like the 'destruct' button. We should probably do something about that."
      • I like how there is a cut up pice of printer paper with larger labels around the buttons. That tells me that somebody looked at the Space Shuttle self destruct buttons and said, "You know this 'test' button looks alot like the 'destruct' button. We should probably do something about that."

        More likely they put that piece of paper there so that people looking at the photograph would know what they're seeing. If you look closely, each of the individual buttons is clearly labelled with glowing text - it's j

    • by qzulla ( 600807 )
      But there is only one destruct switch so the headline is accurate.

      Oh, we can argue from now until doomsday about this switch and that switch (and probably will knowing this crowd) but in the end it is THAT switch.

      It is a cool pic. At least it is not a button on a screen that could tell us "The application destroy shuttle has unexpectedly quit"

      qz
  • Not news (Score:5, Informative)

    by FuturePastNow ( 836765 ) on Saturday May 10, 2008 @08:40AM (#23360468)
    This is such a non-story. NASA has a Range Safety Officer for every single launch, manned or not, and always has.
    • Re:Not news (Score:5, Insightful)

      by XNormal ( 8617 ) on Saturday May 10, 2008 @09:05AM (#23360594) Homepage
      The press does not exist to provide information but to provoke emotion. Showing the actual button that destroyes a spacecraft with human occupants achieves this effect nicely.

      • Re: (Score:2, Insightful)

        by Anonymous Coward

        The press does not exist to provide information but to provoke emotion.
        Hate to be a spelling nut, bit I think you misspelled sell advertising.

      • Sounds to me like an advertisement to keep funding going to the Orion spacecraft and making sure congress doesn't allow the space shuttle to continue after 2010. Oh look our shuttles are so risky now we need a self destruct button.
      • The press does not exist to provide information but to provoke emotion. Showing the actual button that destroyes a spacecraft with human occupants achieves this effect nicely.
        But you've have to have a cold, dead soul not to get a tiny thrill just seeing the thing.
    • Re:Not news (Score:5, Funny)

      by moteyalpha ( 1228680 ) on Saturday May 10, 2008 @09:26AM (#23360700) Homepage Journal
      Could we get a set of buttons like that on this article? If the comments are going down in flames, CmdrTaco could self destruct the article.
  • by The Fanta Menace ( 607612 ) on Saturday May 10, 2008 @08:46AM (#23360498) Homepage

    ...would be pretty nasty if someone if someone figured out how the radio comms for this function worked.

    • Encoded Signals (Score:5, Insightful)

      by reality-bytes ( 119275 ) on Saturday May 10, 2008 @09:19AM (#23360658) Homepage
      According to NASA documentation [nasa.gov], the SRB Range Safety system is operated by encoded signals.

      From the description in the document, it sounds like one coded signal to 'arm' and a second coded signal to 'fire'. I'd bet that due to the nature of the system, it's transmission method will be so simple that it rarely needs to be tested and as such gives little opportunity for homicidal black-hat analysis.

      Finally, I'll also bet that the codes are as top-secret as to-secret can be (as in: Get caught with this and you'll disappear forever). It wouldn't surprise me if the codes are created and handled by just one person on the day of use and never used again. Or perhaps two people where only one person knows the arm code and the other the fire code before the system is finally set.

      However it's done, I'd like to think that a hell of a lot of thought went into system security ;)
      • by Cally ( 10873 )

        Get caught with this and you'll disappear forever).
        Sure, you'd be in serious trouble, but there'd be no big drama to the STS program per se; they'd just change the keys. (Cos if it's real crypto, they'll have revocation processes and suchlike. Right? Sure they will. Uh huh. )

        Well, there are only ten more Shuttle flights to go now (assuming they don't lose another vehicle.)

      • Re: (Score:2, Funny)

        by barry99705 ( 895337 )
        It probably uses WEP.
      • Re:Encoded Signals (Score:5, Interesting)

        by Rorschach1 ( 174480 ) on Saturday May 10, 2008 @12:40PM (#23362122) Homepage
        Oddly enough, I've seen the hardware specifications for at least one of the command destruct transmitters. That part wasn't classified, but I'm not sure where I came across it - might have been in some old Range documentation I found in the office I inherited. I don't remember much, but I'm pretty sure there were at least a couple of different designs in use. I think one was a redundant 68HC11-based system. All I really remember is that the design struck me as very conservative and architecturally simple. I don't recall any mention of crypto procedures and protocols - what I read only concerned getting the destruct message from its origin to the vehicle.

        I'm sure the codes are tightly controlled. It's really not hard to design a very secure system, when it only needs to send one message, and that very rarely. An arbitrarily long, purely random key generated and distributed to the transmitter and receiver under tight security would do it. Denial-of-service would be a more difficult problem to address, but then jamming the signals isn't exactly easy when you're competing with some fairly high-power transmitters on high-gain dishes aimed right at the receiver. And they've got RF measurement vans that I assume patrol for interfering signals, malicious or otherwise.
      • Given my experience with government beaucrats, I guarantee that only one person has the codes to this.
    • Re: (Score:3, Informative)

      Comment removed based on user account deletion
    • by antdude ( 79039 )
      I hope the self-destruction doesn't malfunction/activate by itself! That's scary.
  • by Zarf ( 5735 ) on Saturday May 10, 2008 @08:58AM (#23360554) Journal
    You know, if you are going to have destruct switches... they really should look like that. A big turn key, solid, metal, single function panel that does nothing else. Heavy clunky switches that tell you you've done something. Yep, if you're going to have what is essentially a "big red button" that's how it should look. There's no mistaking that for the coffee dispenser switch. Putting modern "iPhone" styling on that would be a sin.
    • by xant ( 99438 )
      I dunno. How about if it were mounted on a black brushed metal plate with a slivery skull-and-crossbones watermark? That'd be pretty sweet.
    • A lot of stuff that means something is more function than anything else. Big machines of potential dangerous consequence have big red emergency stop buttons that shut off the machine's motors and often apply brakes.
    • You know, if you are going to have destruct switches... they really should look like that. A big turn key, solid, metal, single function panel that does nothing else. Heavy clunky switches that tell you you've done something.

      Actually, before I saw the picture, I'd pictured it as something like a missile launch panel. Two keys, far enough apart to not be operable by one person, and both people have to turn the key to execute the action.

      -b.

  • Already been used (Score:5, Informative)

    by camperdave ( 969942 ) on Saturday May 10, 2008 @09:12AM (#23360632) Journal
    Not only are the destruct switches active during each and every launch, they have actually been used on one particular launch. When Challenger's [wikipedia.org] external fuel tank blew up, destroying the shuttle, the solid rocket boosters started to fly out of control.

    At T+110.250, the Range Safety Officer (RSO) at the Cape Canaveral Air Force Station sent radio signals that activated the range safety system's "destruct" packages on board both solid rocket boosters. This was a normal contingency procedure, undertaken because the RSO judged the free-flying SRBs a possible threat to land or sea. The same destruct signal would have destroyed the External Tank had it not already disintegrated.[11]
  • Sounds Familiar... (Score:3, Informative)

    by Kyle_Katarn-(ISF) ( 982133 ) on Saturday May 10, 2008 @09:24AM (#23360692)
    Computer, activate self-destruct sequence, authorization Janeway Pi-One-One-Seven.

    "Warp core overload initiated"

    That's how they should do it...
  • can any of you actually imagine being a 'range safety officer'? Full govt pay, bennies, retirement, and all you have to do is sit by a switch panel during launches. Other than that it would be lots of paper reading and maybe some busy work to make it look like you are earning your pay.

    It's the job I want.

    • Re:What a kewl job (Score:4, Informative)

      by hughk ( 248126 ) on Saturday May 10, 2008 @09:43AM (#23360818) Journal
      RSO usually also has to do a lot of work before the launch. They are ultimately responsible that there have been no incursions into the various danger zones. This would mean they would be talking to police, coastguard as well.
      • Plus, of course, the little bit where you have to kill a bunch of astronauts if their rocket goes off course.
        • Re: (Score:3, Insightful)

          by TooMuchToDo ( 882796 )
          It's akin to being an executioner. You may not do your job ever but once in your life, but once you've done it you're never going to want to do it again. That's what you're getting paid for.
          • It's akin to being an executioner. You may not do your job ever but once in your life, but once you've done it you're never going to want to do it again. That's what you're getting paid for.

            Executioners often do their task repeatedly. Some countries even had what were basically family dynasties of executioners. It supposedly takes considerable skill to chop off a head, hang someone, or run an electric chair.

            -b.

    • can any of you actually imagine being a 'range safety officer'? Full govt pay, bennies, retirement, and all you have to do is sit by a switch panel during launches. Other than that it would be lots of paper reading and maybe some busy work to make it look like you are earning your pay.

      It's the job I want.
      You forgot about posting to /..
  • As if this is new.. (Score:4, Informative)

    by bigattichouse ( 527527 ) on Saturday May 10, 2008 @09:39AM (#23360790) Homepage
    Its funny this is "news" - they've had that switch since day one, if I know the military. And the no-fly zone has probably be a registered flightplan with the FAA since a year before day one. Interesting, yes, but not news since at least 1978 (or whenever it was they were building the fleet). I knew a guy who worked on the software on the early fleet. Made me wonder about the whole thing.
  • I have seen the movies and that is not a distruct switch panel. Where are the blinking lights, where is the count down timer, where is the second key lock, where is the music...
  • More then one (Score:3, Interesting)

    by NewToNix ( 668737 ) on Saturday May 10, 2008 @10:04AM (#23361014) Journal
    Range Safety Officer per launch might be a good idea --like the idea behind one blank round in a firing squad, only in this case one live destruct, and some not active, but no one knows which are which.

    Two reasons for this come to mind, 1) The obvious not having to 'know' you were the only one who flipped the kill switch on people, and, 2) the effect of thinking it's only a one in some number chance it's really you flipping the kill switch means a faster response time (less emotional hesitation to interfere).

    For all I know they do this already... it seems like a reasonable idea to me anyway.

    • There are two guys on each launch. Plus there are several support guys who are also trained or in training Mission Flight Control Officers (MFCO). RSO is just the term NASA calls them. Besides manned missions, they work every unmanned mission at the Cape. While they do discuss whether or not to take out a launch before doing so, when necessary, it only takes one to activate the destruct system and both are capable. The same system and controls are in use for both manned and unmanned launches.

      These fol

  • Other abort modes! (Score:5, Informative)

    by pumpkinpuss ( 1276420 ) on Saturday May 10, 2008 @10:16AM (#23361088)
    In addition to the destruct switch, there are other flight plans for an intact abort in case of problems. These abort modes are: Return to Landing Site (after SRBs are jettisoned, shuttle returns to Kennedy Space Center); East Coast Abort Landing where the orbiter lands on a different runway somewhere up the East Coast of the US; Transoceanic Abort Landing where the orbiter lands somewhere in Europe or Africa; Abort to Orbit; and Abort Once Around.

    The Solid Rocket Boosters can't be stopped once they are started, but they have their own navigation system (rate gyro assemblies, and inertial measurement units) that are considered as/more reliable as those on the orbiter due to the rigidity of the SRBs. So the reason this "self destruct" button exists is because there is no "off" button for the SRBs, but, as far as I know, it is only an issue if its quad-redundant navigation system fails and somehow its thrust gets stuck in an unsafe vector, and that is very unlikely.

    More detail, including why you can't jettison the flight deck with all the crewmembers: http://en.wikipedia.org/wiki/Space_Shuttle_abort_modes [wikipedia.org]

    • It's also an issue if the Shuttle blows up and the SRB manage to fly without tumbling, such as in the Challenger accident. The SRB destruct were activated on that mission.
  • Yes. It's a switch (four actually).
    One of them is even marked "KABOOOM".
  • ...for covering this story that broke in 1980.

  • Technical details (Score:5, Informative)

    by Anonymous Coward on Saturday May 10, 2008 @12:01PM (#23361812)
    For the technical details on how this works, check out an old Risks article here [ncl.ac.uk]. They put a lot of thought into the system.
  • the Space Torch for nothing you know
  • by Ellis D. Tripp ( 755736 ) on Saturday May 10, 2008 @03:56PM (#23363812) Homepage
    in his book "Riding Rockets". The Range Safety system is nothing new, having been on almost every manned and unmanned launch that NASA or the USAF ever put up. The RSO is an Air Force officer, who intentionally avoids any social contact with the astronauts, so as not to allow personal feelings override his/her duty to protect the public from a wayward launch.

    In Mullane's book, he questions the the mindset of the NASA engineer who thought it a good idea to have the RSS system light an indicator lamp in the shuttle cockpit, giving the astronauts a second or 2 of notice (with no way to intervene) before the charges go off.

    He also relates an amusing story of a fellow astronaut making obscene comments about the RSO's mother over the Air/Ground link as they sat on the pad waiting out a launch hold.

If mathematically you end up with the wrong answer, try multiplying by the page number.

Working...