Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Space

Human Error Blamed For European Vega Rocket Failure (spacenews.com) 139

"A quick analysis of Monday night's Arianespace Vega rocket failure has been root caused to 'a series of human errors,'" writes an anonymous Slashdot reader. STAT reports: In a call with reporters, Roland Lagier, chief technical officer of Arianespace, said the first three stages of the Vega rocket performed normally after liftoff from Kourou, French Guiana, at 8:52 p.m. Eastern Nov. 16. The Avum upper stage then separated and ignited its engine. However, "straightaway after ignition" of the upper stage, he said, the vehicle started to tumble out of control. "This loss of control was permanent, inducing significant tumbling behavior, and then the trajectory started to deviate rapidly from the nominal one, leading to the loss of the mission."

Analysis of the telemetry from the mission, along with data from the production of the vehicle, led them to conclude that cables to two thrust vector control actuators were inverted. Commands intended to go to one actuator went instead to the other, triggering the loss of control. "This was clearly a production and quality issue, a series of human errors, and not a design one," Lagier said.

This discussion has been archived. No new comments can be posted.

Human Error Blamed For European Vega Rocket Failure

Comments Filter:
  • A little like (Score:4, Interesting)

    by Ol Olsoc ( 1175323 ) on Thursday November 19, 2020 @08:09AM (#60742252)
    There was a Proton rocket failure a few years back, where some components were installed upside down. The same outcome, just much lower in altitude.
    • Re:A little like (Score:4, Interesting)

      by K. S. Kyosuke ( 729550 ) on Thursday November 19, 2020 @08:42AM (#60742380)
      Even better, as far as I can remember, installing them upside down must have involved considerable force since they were meant to be impossible to mount that way. Someone must have hammered them in or something like that.
    • Commands intended to go to one actuator went instead to the other, triggering the loss of control.

      I think there was a translation error: the cables were swapped, not inverted.

      • I think there was a translation error: the cables were swapped, not inverted.

        Why would this be a cause of failure? Aren't the cables just pass through, from this part to this part? Why should it matter if the cables were swapped?
        • Swap the cables running from your steering wheel and see what happens when you try to turn left...

          They may be "pass through", but it's important that they pass through to the correct part!

  • by charon69 ( 458608 ) on Thursday November 19, 2020 @08:11AM (#60742260)

    If it is possible to hook up cables the wrong way, and doing so can lead to a catastrophic failure of thousands or millions of dollars, then said cables should have been designed in such a manner where they *CAN'T* be hooked up backwards!

    Different connector shapes or whatnot, that can only be hooked up in one particular manner. Some technician is doing the hookup, not paying attention, tries to do it backwards... *AND IT FLAT-OUT WON'T CONNECT*.

    Don't rely on humans. We get bored. We've done the same thing over and over, and we stop paying attention.

    • by thegarbz ( 1787294 ) on Thursday November 19, 2020 @08:31AM (#60742340)

      Don't rely on humans. We get bored.

      I just wonder who you think makes cables. Sure having different connectors sorts out the assembly but it does not in any way solve the underlying issue which is that a human is responsible for assembly. You just moved the potential issue from connection to cable manufacture.

      That's also before you consider that many such systems are not connected point to point but rather point to multi-point (single large mating connectors carrying lots of signals which fan out to different areas) and all you didn't achieve anything because someone still needs to put the cables into the connectors at the end.

      If you try to make something foolproof you're only fooling yourself.

      The thing missing here was function testing, QC and verification. In any case human error may have lead to the cables being swapped, but human error was not what lead to the loss of the mission. That was procedural.

      • Re: (Score:3, Informative)

        by toddz ( 697874 )
        Connector manufacturers specifically design keyed connector for exactly this situation. In fact most connectors have multiple keying and color coding to prevent this exact scenario. Does it take place of testing and verification? No. But it makes testing and verification a hell of a lot easier.
        • More likely, the actuators are all identical, a good design decision. And manufactured identically, a good practice.

          It gets complicated, but at the least, labels... Not that hard, eh?

          • by Pascoea ( 968200 )

            Eh, I'm with OP. You're never going to engineer out all human error, but at least make it a little harder to screw up. If you have two devices next to each other and it's critical that you don't hook them up to the wrong cable, you make it at least difficult to hook them up to the wrong cable. I agree that having two identical actuators makes sense from a cost perspective, minimize BOM creep on your expensive parts. Having two different pigtails on the same expensive part is a cheap way to prevent a mul

            • Well, extra anything on a rocket is usually a bad idea. Perhaps labeling so that, on installation, each actuator cable was labeled 'correctly'.

              But, lest we jump ahead of the obvious, why weren't these all tested for function before flight?

              Oh, that's too obvious.

              • by Pascoea ( 968200 )

                Well, extra anything on a rocket is usually a bad idea.

                Apparently, in this particular instance, "extra" safeguards against human error would have proven wise. Maybe I'm missing your argument, what's "extra" here? 2 extra BOM lines for the different male/female connector? Order the actuator with a blank pigtail, apply the connectors in-house then tag/bin the parts accordingly. If you don't want the BOM "complexity" of different connectors, engineer the loom in such a way that connector A won't reach socket B. (And yes, of course everything has a label on it

      • by gweihir ( 88907 ) on Thursday November 19, 2020 @09:34AM (#60742600)

        Don't rely on humans. We get bored.

        I just wonder who you think makes cables. Sure having different connectors sorts out the assembly but it does not in any way solve the underlying issue which is that a human is responsible for assembly. You just moved the potential issue from connection to cable manufacture.

        Cables can be tested. Independently. Several times by several different people. Failure gets _very_ unlikely with that.

        • by Pascoea ( 968200 )
          Hell, testing a wiring harness can be done by a computer and a good testing jig.
        • Cables can be tested. Independently

          Everything can be tested independently. If they had an independent testing system in place we would be here bitching about Microsoft contributing to the Linux kernel and not discussing a problem with a launch vehicle.

      • Ensuring adjacent connectors cannot swap is an ancient precaution proven in practice. The famous F15 crash due to misconnected flight control linkage is a mechanical example. Shit will happen and good design takes nothing for granted. Humans are unreliable meatbags so wise designers choose accordingly.

        • You're making an assumption that these are adjacent connectors. That's all I'm saying, everyone here is so full of assumptions and trying to make something fool proof where the reality is having an actual functioning QA/QC system in place would have prevented this.

          The F15 is a good example though where engineering design is essential as airframe maintenance performed during war time is a whole different ball game than putting together a rocket. The former is time sensitive, the latter is time sensitive only

      • The thing missing here was function testing, QC and verification.

        Bingo.

        It's pretty shocking that this wasn't caught before flight; unless they're not doing any sanity, control, function, or QC checks then I'm at a loss to see how the hell this was missed.

    • I rather wonder why this was not tested before. We are testing the lights on a trailer each time we connect it, why not test fire the thrusters after assembly?
      • I rather wonder why this was not tested before. We are testing the lights on a trailer each time we connect it, why not test fire the thrusters after assembly?

        I should think the reason they don't do that to be obvious. Thursters often use some pretty dangerous propellants and for the safety of the ground crew you don't want to have this stuff just blowing around.

        However, you are on the right track. Somebody needs to VERIFY the assembly is correct and functional after it's assembled. Where I don't think you can do a full functional test, you should be able to verify the wiring at least.

        • by sjames ( 1099 )

          That was my thought, it should have been possible to dry test the system and verify that the unfueled thruster being actuated is the one the computer thinks it is.

    • Different connector shapes or whatnot, that can only be hooked up in one particular manner.

      Not a bad idea, but something like this didn't help the last time. [russianspaceweb.com]

      • by Pascoea ( 968200 ) on Thursday November 19, 2020 @11:38AM (#60743040)

        There's only so much stupid you can engineer out of a system. From the article: "The improper installation apparently required some considerable physical effort" and "...simulated the improper installation... on the actual hardware. As it turned out, it would be very difficult to do but not impossible." and "As a result, the plate holding the sensors sustained damage."

        These are two wildly different failure modes. Your example wasn't someone absentmindedly switching two identical plugs around, it was a "technician" making a conscious decision to violently and destructively beat a square peg into round hole.

        • Yes, but what is being proposed above are "different connector shapes or whatnot, that can only be hooked up in one particular manner". Mine was an example of how this didn't work the last time.
          • by Pascoea ( 968200 )

            And I agree with you, no system is infallible. But my point, echoing the point above, is that there are small things you can do to reduce human error. Your example is almost inexplicable, where the worker took extreme measures to bypass engineering controls. No reasonable experienced worker would do what this person did.

            I've worked in a manufacturing environment, as a technician you absolutely do not deviate from written procedure. If something doesn't fit like the instructions say they should you don

    • They did not insert the cable wrong way changing the polarity. This is trivial to fix. They connected left cable to the right socket and right cable to the left socket. Cables should have been marked correctly, each end numbered and marked with the corresponding socket numbered and marked.
      • by gweihir ( 88907 )

        To prevent that, you have different connectors for different sensors and actuators. Then you cannot plug them in wrongly.

        • by 140Mandak262Jamuna ( 970587 ) on Thursday November 19, 2020 @11:39AM (#60743044) Journal
          The actuators are the same parts, two identical parts one for the left and one for the right. Its like the disc brake in the car. All the four wheels have exactly the same disk brakes. The hydraulic lines are identical, coupling is identical.

          In a rocket you can create inserts in the sockets with keys and matching slots in the cable to prevent misconnections. Usually not possible in mass produced machines using interchangeable parts.

          But the more serious question is, how did this pass QA? Every control surface is tested by technicians after assembly who gives control inputs and verifies correct reaction. They verify full traversal. They verify each step of control input and the correct response. This is the standard process. They have log books and signatures. Now a days with cheap ubiquitous cameras and videos, its possible the testing is recorded and reviewed by additional engineers. I was part of one such testing rig back when I started my career, seen two technicians going through the test protocol, one calling out, "Pin 529 +1 volt" and the other calling back, "Left aeleron up 2 degrees", record it in the ledger. The expected value is not in that register, it is in another log book where the third technician compares the observed values with expected values and signs off. These technicians are usually sergeants or their civilian equivalents.

          • The actuators are the same parts, two identical parts one for the left and one for the right. Its like the disc brake in the car. All the four wheels have exactly the same disk brakes. The hydraulic lines are identical, coupling is identical.

            The hydraulic lines in automotive brakes are never identical. The couplings may be the same, but the lines are different lengths. Asymmetry is purposely built into the system so the right line won't reach the left brake. The same is typically done for wiring harnesses, and should have been done here.

      • by tragedy ( 27079 )

        Sounds like they still should have been keyed individually and/or there should be some sort of test procedure that verifies this. For that matter, why are the cables able to reach when going from the wrong socket to the wrong socket? For that matter, are these just straight electrical cables? No data bus along with unique id codes for parts with protocols to identify where they're installed?

        • by Pascoea ( 968200 )

          No data bus along with unique id codes for parts with protocols to identify where they're installed?

          That seems excessive, and extremely over-engineered, when all you need is "on" and "off". You are spot on with the other two main points: The connectors should have been difficult/impossible to connect backwards, and that absolutely should have been caught in a check out.

    • by gweihir ( 88907 )

      Also, defense-in-depth. Even if you think humans should do it right, in critical places you put in more than one control. For example: Well-trained people, connectors that only go in one way, and testing things on the ground before it is too late. When you have two or three things that need to fail, failure gets a lot less likely. Anybody not doing defense-in-depth is not qualified to do safety-critical engineering. And if people like that get to work on expensive or critical hardware that is the fault of m

    • I would argue it is at lest equally a testing issue. There should be a method of testing that verifies the expected actuation/movement occurs - And not from feedback on the same wire that sent the command - that is not an independent test - but I bet that is how it WAS actually tested. I would expect a test where a series of commands are sent and an observer is verifying that the expected action happens from each.

      • Right - you would expect that when this engine was put on the test stand, it would have its thrust vectoring go to a series of set positions, and have the bell have to touch a limit switch at each, or have markings on the bell that allow a pair of cameras to determine its orientation.

    • Another good solution - test and map things on the ground. If the parts are identical, it really doesn't matter which one gets hooked up where, as long as the computer can figure out which is which.

      This could even be done in depth. Layer 1: have part of the pre-flight checklist include a procedure to identify which device is connected to which IO port. Layer 2: have the software look for unexpected positive feedback loops (or really any control device that produces an unexpected effect) and be willing t

    • If it is possible to hook up cables the wrong way, and doing so can lead to a catastrophic failure of thousands or millions of dollars, then said cables should have been designed in such a manner where they *CAN'T* be hooked up backwards!

      Different connector shapes or whatnot, that can only be hooked up in one particular manner. Some technician is doing the hookup, not paying attention, tries to do it backwards... *AND IT FLAT-OUT WON'T CONNECT*.

      Don't rely on humans. We get bored. We've done the same thing over and over, and we stop paying attention.

      That may fix the final assembly errors, but it doesn't eliminate the human error problem.

      What you *really* need is VERIFICATION. When there is a possible human error involved, such actions need to be verified correct by another independent process. Where was that? Where was the - "it's hooked up, now verify that it works as expected" step?

      This is a process problem, not a design issue. Just changing connectors won't help if you don't verify the correct wires get connected to the different connectors som

    • Different connector shapes or whatnot, that can only be hooked up in one particular manner. Some technician is doing the hookup, not paying attention, tries to do it backwards... *AND IT FLAT-OUT WON'T CONNECT*.

      A much cheaper solution than connector shape is asymmetric harness layout. That way the devices can still be manufactured identically, but the connector won't reach the incorrect component.

    • If it is possible to hook up cables the wrong way, and doing so can lead to a catastrophic failure of thousands or millions of dollars, then said cables should have been designed in such a manner where they *CAN'T* be hooked up backwards!

      Or simply color-code / differently-mark the cables *and* connectors so they get connected to their matching color/mark. There are practical benefits to having identical components vs. unique even within a single module.

    • by PPH ( 736903 )

      It's an engineering decision often complicated by internal company politics.

      When a failure mode analysis is done of a system, is incorrect assembly accounted for as a failure? If so, how is it dealt with? Keyed connectors, wire bundle design, etc? Not high on most engineers' priority list. It also complicates procurement as otherwise identical units now have to be spec'd as Left, Right or System 1, 2, 3, etc.

      QA procedures? Now engineering is sticking their nose into the manufacturing process. A huge polit

  • by ElectraFlarefire ( 698915 ) on Thursday November 19, 2020 @08:11AM (#60742262) Journal

    The original one. Or at least one of the originals. Long and complicated history, but one I liked:
    "If there is a wrong way to do something, then someone will do it". or the longer version:
    "If there's more than one way to do a job and one of those ways will end in disaster, then somebody will do it that way."

    (Been a fan of 'Sod's law" being the "if something can go wrong, it will" one.)

  • by northerner ( 651751 ) on Thursday November 19, 2020 @08:13AM (#60742266)

    "This was clearly a production and quality issue, a series of human errors, and not a design one."

    The actuator cables should have been fitted with slightly different connectors so they could not have been plugged into the wrong place. The designers could have anticipated this potential error. If the actuators are electrically the same, testing can't detect this assembly fault.

    • You didn't solve the underlying problem. These companies do not buy off the shelf cables from Walmart, they make their own. Simply using different cables still very much allows the error to come through during cable assembly.

      • by Entrope ( 68843 )

        It is much harder to put the wrong connector or shell on a cable end, or cut the cable to the wrong length, without noticing the error than it is to plug a cable into the wrong (compatible, in-reach) connector without noticing the error. There are also more independent points at which the error might be noticed. Yes, it is possible for all those to fail -- but it is vastly less likely. Do not make perfect the enemy of much better.

        • by gweihir ( 88907 )

          It also gives you one more point where things can be checked, also technologically. The cables can fully be checked with a simple device and once they are checked, they cannot really go the wrong way in anymore.

        • Who said wrong connector, it's trivial to get connector pins in the wrong location. Shit man I've found commercial off the shelf cables miswired before.

          The fact of the matter is neither process should rely on human error and simply bandaiding one possible error doesn't address the underlying problem: That there are QA QC gaps. Seriously something wired backwards? I don't deal anything near as expensive as rockets, but even our processes have functional tests as a part of them.

    • so they could not have been plugged into the wrong place

      You underestimate human ingenuity.

      • by gweihir ( 88907 )

        so they could not have been plugged into the wrong place

        You underestimate human ingenuity.

        Well, you cannot really prevent crass incompetence and intent. Like people drilling holes into space vessels and then covering that up with an unsuitable glue.

    • "This was clearly a production and quality issue, a series of human errors, and not a design one."

      The actuator cables should have been fitted with slightly different connectors so they could not have been plugged into the wrong place. The designers could have anticipated this potential error. If the actuators are electrically the same, testing can't detect this assembly fault.

      They could have had different connectors and the problem could still have happened.

      I'm assuming that the "red+black" cable was connec

      • by gweihir ( 88907 )

        They could have had different connectors and the problem could still have happened.

        Not really. How to do this right is well established and there are tons of connectors on the market that are fool-proof, as long as the fool is not very determined or very violent.

        • They could have had different connectors and the problem could still have happened.

          Not really. How to do this right is well established and there are tons of connectors on the market that are fool-proof, as long as the fool is not very determined or very violent.

          You didn't read my post. I didn't suggest that the connectors were mated incorrectly, I suggested that the cable was _made_ incorrectly. I'm assuming it will have been one of those wiring loom things where one end has a big connector and then at var

          • by gweihir ( 88907 )

            They could have had different connectors and the problem could still have happened.

            Not really. How to do this right is well established and there are tons of connectors on the market that are fool-proof, as long as the fool is not very determined or very violent.

            You didn't read my post. I didn't suggest that the connectors were mated incorrectly, I suggested that the cable was _made_ incorrectly. I'm assuming it will have been one of those wiring loom things where one end has a big connector and then at various points wires "break out" to connectors along the body of the rocket.

            I did read your posting. Cables can and should be inspected and tested before being installed, especially critical cables. Hence either the actual problem is with those inspections and tests missing or your speculation is baseless.

            • by nagora ( 177841 )

              They could have had different connectors and the problem could still have happened.

              Not really. How to do this right is well established and there are tons of connectors on the market that are fool-proof, as long as the fool is not very determined or very violent.

              You didn't read my post. I didn't suggest that the connectors were mated incorrectly, I suggested that the cable was _made_ incorrectly. I'm assuming it will have been one of those wiring loom things where one end has a big connector and then at various points wires "break out" to connectors along the body of the rocket.

              I did read your posting. Cables can and should be inspected and tested before being installed, especially critical cables. Hence either the actual problem is with those inspections and tests missing or your speculation is baseless.

              I guess you're in the union or something.

              "The brakes you installed failed and everyone on the bus was killed."

              "Brian was supposed to test the brakes, so it's nothing to do with me, guv. Now, about that promotion we talked about last time - any word on that?"

    • by Ogive17 ( 691899 )
      How many different connectors do you think would be required on a rocket if you wanted to make it impossible to plug anything into the wrong spot? Then you also have to know when each of those special connections is actually done properly.

      You're adding cost and complexity. I do not think anyone can say with a straight face that added complexity leads to fewer mistakes.
      • by tragedy ( 27079 )

        Every checklist is added complexity. I would say that those absolutely lead to fewer mistakes. Overall, adding complexity absolutely leads to fewer mistakes if the complexity is in the form of well thought out design features that make it impossible to make a mistake without noticing.

        • Complexity also leads to problems and costs. Just because a system is built "fool proof" doesn't mean the world won't produce a better fool.

          One of the unfortunate truism of the world is that the more complex you make something, the more unforeseen issues that can lurk in your design.

          In aircraft automation, human factors engineers have to understand that Automation lowers pilot workload, until something goes wrong, then automation greatly increases it. So automation helps when things are going great, but

      • by dgatwood ( 11270 )

        How many different connectors do you think would be required on a rocket if you wanted to make it impossible to plug anything into the wrong spot?

        Exactly two: Power and communications signal.

        In an ideal world, you have one or more switched buses. Everything communicates over automotive Ethernet (fixed time slicing) on that shared bus. Every data connection is mechanically identical, and the system can learn the topology dynamically if somebody plugs a device into the wrong switch. Each device is unique and has a unique identifier.

        This leaves only the problem of someone installing the wrong sensor/engine into the wrong spot, which can be prevented

      • Not everything on the rocket needs to have a different connector. Reusing common and proven components is actually a good idea. However, when there are two identical actuators being plugged into with identical looking cables, probably coming out of a tightly anchored cable harness that can't be easily traced back, having some sort of keying to avoid a mix up is a good idea.

    • by gweihir ( 88907 )

      I completely agree. The designers screwed up badly and so did technical risk management and by extension, management. Making it hard to assemble things in the wrong way is a very basic design technique. The people really responsible here are now doing finger-pointing to the person that has the least responsibility for this.

      • by tragedy ( 27079 )

        Also, there's a question of management culture. In order to have fewer mistakes, you need to have a management culture that's tolerant of people making mistakes. If a technician develops a nagging fear that they wired something the wrong way after the fact, you need a culture where they can bring it up without immediate reprimands, firing, etc. Someone else brought up holes being drilled through spacecraft skin and then being filled in in an unapproved fashion. Unless they're a complete moron, someone doesn

        • by gweihir ( 88907 )

          Very true. Although that hole in the Russian space capsule was obviously incompetently drilled on a level that would justify a firing, including the person that hired that person. You could see how the drill wandered... Some level of incompetence is not covered by tolerance to errors anymore.

    • by v1 ( 525388 )

      Kinda sounds like someone in Design trying to shift blame to Assembly.

      KEY your identical connectors or you are inviting Murphy into the room. If Design invites Murphy to the party, you can't blame Execution for what happens as a result.

      And this is not the same as the Vega sensor problem. Those sensors were keyed, but the idiots assembling it found it wasn't fitting right so they hammered it into place, breaking the alignment pin off to get it installed upside-down. THAT one you can blame on Assembly.

      THIS

    • This might be one of those cases where a full functional test is not feasible. A well known example of that is the integrity of the semi-permeable membrane in a Lithium battery. You have to assemble the battery properly, with a tightly controlled procedure. I believe membrane failure is one of the things that makes the difference between a good battery, and a cheap imitation that is liable to burst into flames.

  • Again? (Score:5, Insightful)

    by cpt kangarooski ( 3773 ) on Thursday November 19, 2020 @08:16AM (#60742282) Homepage

    This isn't the first time something like this has happened, and part of the obvious fix is to make it so that it's impossible to assemble the parts incorrectly. But at the very least, you'd think that from a software perspective they could program the computers (thanks to two-way communication with ground control) to look for this kind of situation so that it could be corrected for (ie reassign yaw as pitch, pitch as roll, roll as yaw)

  • Color-code (Score:5, Informative)

    by bill_mcgonigle ( 4333 ) * on Thursday November 19, 2020 @08:19AM (#60742286) Homepage Journal

    I often help small businesses set up their networks and there's nothing better than having an assortment of cable and electrical tape colors.

    The red cable plugs into the red ports (usually switch cross-connects). The yellow cable plugs into the yellow ports (ISP). The purple cable plugs into the two routers (failover management). Blue connects to devices or, if we're really fancy, special VLANs get special colors.

    But never green (males) . There's a nice Android app for helping out people with zero color vision. Labels can work for them but are generally unreliable.

    Any system requires some level of conscientiousness, but that's how you can avoid wasting $220M on cabling errors.

  • by thegarbz ( 1787294 ) on Thursday November 19, 2020 @08:26AM (#60742324)

    Human error may be responsible for incorrect connection of cables, but it is not responsible for the loss of the mission. The odds of a cascade of repeated human errors going through from assembly, checking, testing, and then independent verification are infinitesimal implying these quality control steps were not conducted.

  • by Applehu Akbar ( 2968043 ) on Thursday November 19, 2020 @08:52AM (#60742414)

    https://en.wikipedia.org/wiki/... [wikipedia.org]
    After a complicated deployment in space, years of collecting solar wind particles, and intricate stowage and re-entry sequence, that probe was destroyed at the very last moment by a bonehead human error. Years of work was lost.

  • I wonder if it would be possible for the control software to be smart enough to say “hey, wait a sec, these controls are working backwards” and recover from the problem. Seems like it would be in this isolated case. Some level of this in a rocket would be achievable, I think. Probably some if this kind of thing is in there.

    Personally, I’ve always held the mantra that you can’t depend on the human operator and systems have to be designed accordingly.
    • by gweihir ( 88907 )

      Nope. This makes things a lot more complex and hence the software will have a lot more problems itself, usually completely negating any advantages and usually causing more problems.

  • I wonder whether it's impossible to run a deep learning simulation, similar to those that teach robotic animals how to walk when injured, that can make a program capable of thinking almost as well as a human pilot would. If the situation were massively slowed down a human pilot would have been able to figure out what was going on and reverse the inputs. Theoretically a computer is capable of doing the same. So run the simulations through millions of iterations that include not just missing or malfunctioning
    • by gweihir ( 88907 )

      At this time: Impossible. In the future: Unknown.

    • Unless you reversed the input/output of that neural net too. ;)

      BTW, the other user is wrong: This is definitely possible today. But the computing power is quite high, and it is a crutch and a bullshit job. Better do it right in the first place.

  • If you ever hear someone blaming computer error, you should fire that guy instantly because he's an idiot.
    • I thought about this too, and I guess there could also be something like unexpected weather or space aliens or something else that happens, even if everyone foresaw everything they possibly could and did everything right.

  • by gweihir ( 88907 ) on Thursday November 19, 2020 @09:15AM (#60742530)

    Human error only happens if somebody _else_ has screwed up rather badly before. This may be hiring of unqualified personnel, lack of training, bad corporate culture, insufficient processes and redundancies in processes, botched tech design that makes it far too easy to mess things up, etc. The person that finally makes the mistake that kills the device is typically the one with the least amount of responsibility for what happened.

  • by 140Mandak262Jamuna ( 970587 ) on Thursday November 19, 2020 @09:16AM (#60742538) Journal
    In my first job back in India. We changed the vendor who supplied a gyro sensor. The new one had same + or - 5 V range but reversed polarity, + was clockwise instead of counterclockwise. The autonomous aircraft crashed 1 sec after launch. Simply put, correction for left turn was to turn more to the left.

    Regular technician was on vacation, the vehicle was tested by a new technician. He swore he tested the aelerons and the control inputs. Mystified till the director ordered the designers to watch the testing process. For the designers left aeleron is the left as seen by the pilot. To the technician it was left seen from the front, like the ground crew! Two errors cancelled each other and resulted in the loss of the vehicle.

    Designers came up with strong training and testing procedures as the fix. The director said, "Put the technician behind the aircraft testing rig during the testing". Amazing guy, that diro. Eventually became the President of India. BTW he knew FORTRAN. I know. He asked me a FORTRAN question in the campus interview before recruitment.

    • This would be easy to verify, if you gave us the name of that director...

      • The number of Presidents of India is a quite a small set, and there is only one who would fit the bill, a missile program director, a rocket scientist, nuclear bomb program director, scientific advisor to the defense minister, to the prime minister ....
  • The same exact thing destroyed a prototype US Army Pershing missile except it was the first stage. The missile cleared the ground, did two coomplete loops and crashed into the ground. And BTW, the cables were transposed, not "inverted". Probably a translation error.
  • by thrich81 ( 1357561 ) on Thursday November 19, 2020 @10:09AM (#60742724)

    A similar assembly error was part of a cascade of failures during the flight of the second Saturn V (the uncrewed Apollo 6 mission). During the operation of the second stage (the S-II stage with five engines) engine Number 2 shut down early due to mechanical failure of a fuel (hydrogen) line. The safety system on-board then automatically shut off the oxygen supply to normally operating engine Number 3 because some wiring between engines 2 and 3 was mixed up. The flight had other problems, too, and would have been a mission abort if a crew had been on-board. This was the second Saturn V launched, the first one had flown almost flawlessly.

  • by Plammox ( 717738 ) on Thursday November 19, 2020 @10:27AM (#60742788)
    Having been in the space industry for a couple years, I have the following observations:
    1. 1. Harnessing and connector selection and cable planning is the lowest prestige job in the whole org, typically being filled with inexperienced entry-level applicants.
    2. 2. No subsystem designers, typically OBDH, comms and ADCS, or even system engineers are interested in harnessing or external interfaces. Their brains refuse to acknowledge the fact, that they need to give connectors and interfaces serious attention to detail.

    When cabling and connector keying becomes an afterthought, this happens.

  • Space weather or ... aliens? ;)

  • by argStyopa ( 232550 ) on Thursday November 19, 2020 @11:28AM (#60742990) Journal

    I'd been told by several friends in Europe that the "silly" American use of imperial measures was more or less the root human error that caused the destruction of the well-known Martian probe.

    So HUMAN ERROR is possible even with complex rockets built entirely in the metric system?
    Who'd have imagined it?

  • by Magnificat ( 1920274 ) on Thursday November 19, 2020 @12:10PM (#60743156)
    If you can accidentally swap the cables and have them still fit into the wrong connectors, that IS a design error. This is why, at the place I worked, when we were designing TV's years ago, we made sure every cable connector and every sub-assembly in the TV had a unique header/connector that could not physically BE connected to the wrong place. By making sure every connector on the PCB itself was unique, the entire cabling process became a non-issue at the manufacturing stage.
  • I respectfully disagree that there was no design error. The cables should have been designed such that it is nigh on impossible to plug them in wrong. At the very least, a unique label printed or branded into each male and female connector. Even better, unique form factors that are impossible to mate wrongly.

  • There is a reason to why SpaceX is blowing up so much hardware on the testbed. They actually test those engines and rockets before assembling and sending them to space.

    Reiteration and fixing stuff on the ground is challenging, but doing that after rocket is far away is impossible.

  • And that wasn't caught during testing? And then there was the time they got the wrong software version uploaded and trashed a rocket. And the time the Russians put a sensor upside down and wrecked a rocket. R/C modeler tip: Always check the direction of your control surfaces before takeoff especially after working on it.

Think of it! With VLSI we can pack 100 ENIACs in 1 sq. cm.!

Working...