Spaceship 2 Mishap

[N801BH]

Nothing at all, it was just that "1 went to the engine stand to jump the starter relay" was left out of the quote...


(it's a joke, a very bad joke, I say)

Maybe now they'll rethink their system design to include some automation.

.................

 

[Badger]

The FAA is already publishing initial findings of the crash. They are claiming an early engagement of the unlock feather lever.

so my question: Where are they getting this information? Are there recordings of cockpit conversations? Is there a flight data recorder?

 

[Henning]

The FAA is already publishing initial findings of the crash. They are claiming an early engagement of the unlock feather lever.

so my question: Where are they getting this information? Are there recordings of cockpit conversations? Is there a flight data recorder?

There's huge amounts of telemetry data from the whole flight. Hundreds if not thousands of sensors as well as over a dozen cameras all together.

 

[ClimbnSink]

I'm not surprised they have the data, I'm surprised they are talking cause already.

 

[Bill]

I'm not surprised they have the data, I'm surprised they are talking cause already.

~800 $250,000 reasons to get this neatly wrapped up asap.

 

[Henning]

~800 $250,000 reasons to get this neatly wrapped up asap.

Yep, but it's not like anyone really wants to waste time, it's that normally the data surrounding an accident is slim and takes time to develop, here they had everything ready to review before the crash was over.

 

[N801BH]

Originally Posted by Bill Jennings
~800 $250,000 reasons to get this neatly wrapped up asap.

Yep, but it's not like anyone really wants to waste time, it's that normally the data surrounding an accident is slim and takes time to develop, here they had everything ready to review before the crash was over.

Agreed, public image , perception is key to their survival..
After all.. They have already talked 800 people out of 250,000.00 to ride in what is obviously a RISKY adventure.... Barnum and Bailey would be VERY proud of them..

 

[wanttaja]

Ron, 17-5=12. Which number is wrong?

Dunno, the numbers are in the original document I quoted.

Ron Wanttaja

 

[Henning]

Originally Posted by Bill Jennings
~800 $250,000 reasons to get this neatly wrapped up asap.







Agreed, public image , perception is key to their survival..
After all.. They have already talked 800 people out of 250,000.00 to ride in what is obviously a RISKY adventure.... Barnum and Bailey would be VERY proud of them..

Talked them out of? More like:

 

[Dav8or]

Sounding like possibly pilot error is to blame, but I would also call it an engineering error as well. A system that is that critical to the safety of the flight should have safe guards built in IMO. It seems safety equipment, designs and procedures are sadly always put into place after someone dies.

 

[Henning]

Sounding like possibly pilot error is to blame, but I would also call it an engineering error as well. A system that is that critical to the safety of the flight should have safe guards built in IMO. It seems safety equipment, designs and procedures are sadly always put into place after someone dies.

Yep, to have it fail-safed by one procedure only is not particularly good design for a critical component.

 

[flightwriter]

Sounding like possibly pilot error is to blame, but I would also call it an engineering error as well. A system that is that critical to the safety of the flight should have safe guards built in IMO. It seems safety equipment, designs and procedures are sadly always put into place after someone dies.

Yep, to have it fail-safed by one procedure only is not particularly good design for a critical component.

All part of the KISS mindset that drives Scaled. If there was a simpler and cheaper method available to actuate the feather, they'd have gone with that. (Not admonishment, just the philosophy that's driven the program since the XPrize days.)

And I agree with Henning's earlier post that this news is the best of the bad for Scaled and VG. It'll be a lot easier to retrofit an improved tail rotation mechanism than designing a new engine... although that remains questionable, too.

 

[JimNtexas]

I do not think the NTSB has sold any tickets on SS2. That they have so quickly discussed this accident shows that the evidence is pretty cut and dried.

 

[Dav8or]

All part of the KISS mindset that drives Scaled. If there was a simpler and cheaper method available to actuate the feather, they'd have gone with that. (Not admonishment, just the philosophy that's driven the program since the XPrize days.)

Yeah, that is likely so. Simplicity and low cost are usually at odds with safety. The factory workplace of the industrial revolution is a testament to this observation.

 

[ClimbnSink]

Fallacy that simplicity is unsafe. Enough splattered Airbus's to see that.

 

[Henning]

Fallacy that simplicity is unsafe. Enough splattered Airbus's to see that.

Simplicity does not exclude redundancy.

 

[Henning]

Yeah, that is likely so. Simplicity and low cost are usually at odds with safety. The factory workplace of the industrial revolution is a testament to this observation.

It depends on HOW you go about things. You can have a simple system while still maintaining safety features.

 

[wanttaja]

All part of the KISS mindset that drives Scaled. If there was a simpler and cheaper method available to actuate the feather, they'd have gone with that. (Not admonishment, just the philosophy that's driven the program since the XPrize days.)

To expand that, I'd say it's because they have an aircraft-building attitude, not a spacecraft-building attitude; moreover, it's a one-off aircraft building attitude. They build test aircraft where most safety issues can be handled by handing the pilot a parachute.

The 2007 test-stand explosion is an example of this attitude. Safety-wise, they treated a rocket engine and hundreds of pounds of oxidizer like an O-200 and a two-gallon bucket of gas.

And, of course, they're building a commercial passenger-carrying spacecraft. Normally, there's be a ton of regulations requiring safety analyses and testing prior to the first revenue flight. But Step 1 for Virgin Galactic et al was to marshal senators and congressmen to get the FAA to waive safety standards.

Starting to sound like Challenger, doesn't it? Yes, there was one fundamental cause for the loss of that spacecraft, but the investigation revealed dozens of safety issues that had been waived in the interest in the interest of saving time, money, and political capital.

Ron Wanttaja

 

[Henning]

All part of the KISS mindset that drives Scaled. If there was a simpler and cheaper method available to actuate the feather, they'd have gone with that. (Not admonishment, just the philosophy that's driven the program since the XPrize days.)

And I agree with Henning's earlier post that this news is the best of the bad for Scaled and VG. It'll be a lot easier to retrofit an improved tail rotation mechanism than designing a new engine... although that remains questionable, too.

This is actually not a difficult thing to manage. Apparently he unlocked the tail before the shockwave passed it. To block that from happening below a certain speed can be done in a number of ways from purely mechanical pitot function to purely electronic function and any combination thereof.

 

[wanttaja]

This is actually not a difficult thing to manage. Apparently he unlocked the tail before the shockwave passed it. To block that from happening below a certain speed can be done in a number of ways from purely mechanical pitot function to purely electronic function and any combination thereof.

Sounds like they should be able to handle this with a procedural change; don't unlock the tail until you actually want it to deploy.

Again, this harkens back to aircraft- vs. spacecraft design attitudes. On spacecraft, you do everything you can to ensure that a single failure cannot cause loss of the mission. For the feather control, either add an inhibit so the feature can't be released unless certain parameters (airspeed/altitude, etc.) are met, or require actions by *both* pilots to release the lock.

In the traditional aerospace world, a Failure Modes and Effects Analysis (FMEA) is a standard product. It looks at what would happen if a number of different anomalies occur, and highlights where changes to improve reliability could be made. Wonder if one was performed on SS2....

Ron Wanttaja

 

[Henning]

Sounds like they should be able to handle this with a procedural change; don't unlock the tail until you actually want it to deploy.

Again, this harkens back to aircraft- vs. spacecraft design attitudes. On spacecraft, you do everything you can to ensure that a single failure cannot cause loss of the mission. For the feather control, either add an inhibit so the feature can't be released unless certain parameters (airspeed/altitude, etc.) are met, or require actions by *both* pilots to release the lock.

In the traditional aerospace world, a Failure Modes and Effects Analysis (FMEA) is a standard product. It looks at what would happen if a number of different anomalies occur, and highlights where changes to improve reliability could be made. Wonder if one was performed on SS2....

Ron Wanttaja

Maybe, but not if they want commercial certification. They already had a "procedural solution" in place, it failed, it caused a total loss. Certification will require it to be "Pilot Proofed".

The design will migrate towards autonomy anyway, all aviation will if we survive the next 20 years. Pray for Skunk Works to save us.

 

[Checkout_my_Six]

Sounds like they should be able to handle this with a procedural change; don't unlock the tail until you actually want it to deploy.

Again, this harkens back to aircraft- vs. spacecraft design attitudes. On spacecraft, you do everything you can to ensure that a single failure cannot cause loss of the mission. For the feather control, either add an inhibit so the feature can't be released unless certain parameters (airspeed/altitude, etc.) are met, or require actions by *both* pilots to release the lock.

In the traditional aerospace world, a Failure Modes and Effects Analysis (FMEA) is a standard product. It looks at what would happen if a number of different anomalies occur, and highlights where changes to improve reliability could be made. Wonder if one was performed on SS2....

Ron Wanttaja

Good question.....I've done quite a few of those...to include the Delta Clipper DC-X.

 

[3393RP]

...but I would also call it an engineering error as well. A system that is that critical to the safety of the flight should have safe guards built in IMO.

How is it an engineering error? The unlock system does what it's supposed to, it requires a definite movement by the crew to activate it. The abort command which activated the solid rocket escape tower in the Apollo command modules was a simple T-handle in front of the commander's seat. That device was certainly "critical to the safety of the flight".

That's why test pilots with aeronautical engineering degrees and huge amounts of experience fly craft like SpaceShipTwo. It's silly to design elaborate geegaws into test vehicles.

That doesn't mean mistakes won't be made in execution...there are a lot of dead test pilots.

 

[Checkout_my_Six]

How is it an engineering error? The unlock system does what it's supposed to, it requires a definite movement by the crew to activate it.

well....we don't yet know if this system worked as intended. It might not have.....

Could be something with the sampling rate for that lever, an improper code initialization....who knows what went haywire?...and caused the actuation of the feathers.

 

[Henning]

well....we don't yet know if this system worked as intended. I might not have.....

Could be something with the sampling rate for that lever, an improper code initialization....who knows what went haywire?...and caused the actuation of the feathers.

The actuation of the mechanism prior to Mach 1.35 as directed in the procedures? Do you think he had an "Oh ****" moment? Was that the guy that lived?

 

[Checkout_my_Six]

What we do know from the cockpit video....the second lever was never physically actuated.....so, the system appears to not work as intended.

The actuation of the mechanism prior to Mach 1.35 as directed in the procedures? Do you think he had an "Oh ****" moment? Was that the guy that lived?

 

[Henning]

What we do know from the cockpit video....the second lever was never physically actuated.....so, the system appears to not work as intended.

The actuation is a two step process that begins with unlocking the tail feathers above 1.35M then energizing the actuators to move them once the lock is free.

What happened was he unlocked the tail feathers at 1.0 Mach and as the shock wave passed them caused an uncommanded actuation. This was likely a known affect and the reason to not unlock prior to 1.35M.

 

[ClimbnSink]

If test pilots can move a lever early what chance do we have?

 

[Henning]

If test pilots can move a lever early what chance do we have?

Exactly, no biggie for private flying and record breaking. However commercial ventures are held to a different standard. By the time you get to fly one of these, the tail sequencing will be automated.

 

[Checkout_my_Six]

What happened was he unlocked the tail feathers at 1.0 Mach and as the shock wave passed them caused an uncommanded actuation. This was likely a known affect and the reason to not unlock prior to 1.35M.

and that could be pure coincidental.....

my bet is a software glitch of some kind.....and quite possibley resonance in a switch....which caused actuation.

 

[Henning]

and that could be pure coincidental.....

my bet is a software glitch of some kind.....and quite possibley resonance in a switch....which caused actuation.

What in any of Rutan's designs or philosophy would make you think this is a software driven switch rather than a simple pilot driven switch? The lock itself was not to be disengaged before 1.35M for a reason. The next iteration will have a safety interlock preventing the pilot from unlocking prior to 1.35M, simple as that.

 

[Checkout_my_Six]

What in any of Rutan's designs would make you think this is a software driven switch rather than a simple pilot driven switch? The lock itself was not to be disengaged before 1.35M for a reason.

switches are notorious for resonance issues.....let's see how this one unfolds.

 

[Henning]

switches are notorious for resonance issues.....let's see how this one unfolds.

It will likely unfold with an interlock to prevent future unlocks below 1.35M, now this may be simplest to be software driven. It could also unfold to have Branson pull the pilots.

 

[Checkout_my_Six]

It will likely unfold with an interlock to prevent future unlocks below 1.35M, now this may be simplest to be software driven. It could also unfold to have Branson pull the pilots.

So....why did the primary switch not work? It wasn't moved.....?

and you're saying add a third interlock?......na.

without knowing the cirucuitry of the interlocking switches, the physics of the mechanism, and software code....it really is impossible to determine causality.

 

[Henning]

So....why did the primary switch not work? It wasn't moved.....?

and you're saying add a third interlock?......na.

The statement from the NTSB on the telemetry stated IIRC that the circuit was never actuated, that the tail feathers were unlocked and moved by aerodynamic circumstances. Remember, they were looking at and recording every parameter of this flight from mission control in real time from multiple sources of data.

 

[Checkout_my_Six]

The statement from the NTSB on the telemetry stated IIRC that the circuit was never actuated, that the tail feathers were unlocked and moved by aerodynamic circumstances.

they don't know that......

If that were so....the position of either switch is independant of the failure event and we don't know that either.

 

[Henning]

they don't know that......

If the actuator circuit is never energized, what else would do it?

 

[Checkout_my_Six]

If the actuator circuit is never energized, what else would do it?

you know that? ....as fact?

 

[Henning]

you know that? ....as fact?

Not that I can point to, perhaps an inference I read. It definitely lead me to think the tail was unlocked and the circuit never actuated. That there would be an aerodynamic 'tuck' issue potential looks pretty and the fact that they wrote the procedure to NOT UNLOCK the tail feather prior to Mach 1.35 makes me believe that the engineers knew there would be an issue with it as the shock wave travelled aft. I'd love to see the telemetry on the flap to see if it was a flutter event.

 

[Checkout_my_Six]

here is the NTSB briefing.... https://www.youtube.com/watch?v=vjYVhGvUSNc&feature=youtu.be&app=desktop

many statements of "fact"...none of cause....

9 sec. after ignition of the hybrid rocket, the mechanism that controls the stowage of the moving tails moved from "lock" to "unlock." Two actions are required to "feather". The lock was not to be moved until mach 1.4....but was moved early at mach 1.0

the feather lever was never moved...it was an "uncommanded event"....confirmed by cockpit video & telemetry.