from the the-dangers-of-being-a-test-pilot dept.
The National Transportation and Safety Board (NTSB) has found that a mix of pilot error and design flaws led to the crash of SpaceShipTwo last year:
The crash of a Virgin Galactic spaceship last fall in California's Mojave Desert was caused by pilot error and design problems, the National Transportation and Safety Board announced Tuesday after a nine-month investigation.
NPR's Geoff Brumfiel reports the NTSB found that SpaceShipTwo broke apart during a test flight on Oct. 31 because the co-pilot prematurely unlocked a section of the space plane's tail used in braking. The pilot survived, but the co-pilot, Michael Alsbury, was killed.
"But investigators found that SpaceShipTwo's design was also to blame. NTSB board member Robert Sumwalt says proper safeguards to prevent such human error weren't in place," Geoff says.
Detailed summary at Wired. Richard Branson's statement [video] in response.
Related Stories
Virgin Galactic conducted its first test flight of its SpaceShipTwo suborbital vehicle in more than five months Jan. 11 as the company prepares to begin powered test flights of the vehicle.
The glide flight, conducted in the skies above the Mojave Air and Space Port in California, was the seventh for the second SpaceShipTwo, named VSS Unity, dating back to December 2016. Pilots Mark Stucky and Michael Masucci landed the vehicle at the airport after a successful flight.
The glide flight was the first for SpaceShipTwo since one in early August. The company said in a statement that it had spent the intervening months on "extensive analysis, testing and small modifications to ensure vehicle readiness for the higher loads and forces of powered test flight."
Virgin Galactic tested those modifications on the glide flight, as the pilots pushed the vehicle into a steep descent shortly after release from its WhiteKnightTwo carrier aircraft, reaching a top speed of Mach 0.9. That is the fastest the vehicle can fly without igniting its hybrid rocket motor, according to the company.
This flight may be the last glide test before the vehicle begins powered test flights. "I think we'll probably do one more glide flight, and then we'll be ready to go into powered flight," George Whitesides, chief executive of Virgin Galactic, said in a presentation at the Next-Generation Suborbital Researchers Conference in Broomfield, Colorado, Dec. 18.
[...] Virgin Galactic's first SpaceShipTwo, VSS Enterprise, was lost in an accident in a powered test flight in October 2014, the fourth for that vehicle. An investigation by the National Transportation Safety Board concluded the vehicle's co-pilot prematurely unlocked the feathering system for the vehicle that raises its tail for reentry, causing the vehicle to become aerodynamically unstable and break up as it passed through Mach 1. The investigation also blamed vehicle designers for not including safety systems that would have prevented the feathering system from being unlocked during that phase of flight.
Source: http://spacenews.com/spaceshiptwo-performs-glide-flight-in-advance-of-powered-tests/
Related:
- Virgin Galactic Spaceship Makes First Glide Flight
- Virgin Galactic moves on from crash, debuts flashy new spaceship
- Virgin Galactic Crash Due to Pilot Error and Design Flaws
(Score: 2) by c0lo on Wednesday July 29 2015, @11:02AM
(this is from the "English is a crazy language" saga. Try to parse the quoted at letter value, like you've never heard of Virgin Galactic)
A Galactic spaceship flies in the desert.
Actually, it doesn't fly, it just falls. Multiple times, as indicated by the "last fall" (signalling there were some other previous falls, only the last one resulted in a crash)
(large grin)
https://www.youtube.com/watch?v=aoFiw2jMy-0
(Score: 0) by Anonymous Coward on Wednesday July 29 2015, @11:43AM
That's why Americans should use Autumn. :P
(Score: 2) by wonkey_monkey on Wednesday July 29 2015, @11:45AM
"Galactic" is capitalised, though.
But yes, my brain did go "shouldn't that be 'last fell?'"
systemd is Roko's Basilisk
(Score: 2) by c0lo on Wednesday July 29 2015, @11:58AM
Oh, yea? What about TFT?
"Translation": Pilot Error and Design Flaw Caused a Galactic Crash on a Virgin?.. or was it just a simple "Galactic Virgin Crash"?
https://www.youtube.com/watch?v=aoFiw2jMy-0
(Score: 2) by wonkey_monkey on Wednesday July 29 2015, @01:21PM
Oh, yea? What about TFT?
Well that's because title case is stupid.
I may have mentioned it once or twice in the past...
systemd is Roko's Basilisk
(Score: 0) by Anonymous Coward on Wednesday July 29 2015, @01:54PM
Based on the word choice and capitalization I can honestly only see ONE way to parse that sentence fragment, and it happens to make perfect sense.
The crash of a Virgin Galactic spaceship last fall in California's Mojave Desert.
The (crash (of (a (Virgin Galactic) spaceship)) (last fall)) (in (California's Mojave Desert))
There is no possible way to interpret "last fall" as meaning there were previous falls because it doesn't say "spaceship's last fall".
(Score: 2) by tangomargarine on Wednesday July 29 2015, @04:41PM
And with the prepositional phrase, "the crash" would still be the subject, too. "The crash last fell"? No.
"Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
(Score: 5, Informative) by VLM on Wednesday July 29 2015, @01:10PM
You linked to the press release. That's OK. The actual report / presentation is at
http://www.ntsb.gov/news/events/Pages/2015_spaceship2_BMG.aspx [ntsb.gov]
and is in the form of multiple PDFs of multiple powerpoints (I shit you not, corporate technology culture is laughable sometimes).
The story in the report is subtly different than the press release. True the immediate cause of breakup was improper manipulation of control surfaces. However, critically, the failure was in the training process / procedures.
The failure was almost exactly analogous to deploying flaps above max flap speed (its been a long time since I took lessons, there is a fancy name similar to Vne but different) Anyway depending on your flight instructor and training doctrine at the time of training, you never even put your hand on the flap lever without eyes on the airspeed indicator such that the speed isn't above and in the (yellow?) bar on the airspeed, and you could recite from memory what that speed is. Its like how you never touch the power switch of a drill press or lathe without touching the chuck key first (as in, its not currently attached to the chuck, which would be really bad) Needless to say if everyone who ever flight trained on a mere 172 knows this and even remembers it twenty years later, a dude flying a rocket today would be pretty familiar with the general concept of not deploying flaps while going so fast it rips the wings off, so the concept of not feathering the tail or it disintegrates the plane would be pretty easy to train up on, but the report indicates they did a relatively shitty job of it.
The specific failure mode is not training the pilot etc up on this peculiarity of some weirdass feathering tail airplane.
The problem with designing something like that is you could bulk it up to make it strong enough to handle anything, but it'll be too heavy to get off the ground, or you can automate it, but then programmers will kill someone or the hardware will inevitably fail. Also with something this experimental, practically every flight is focused on emergency abort modes and its not entirely understood when you'll have to intentionally do something "weird" to avoid a worse scenario.
So its kinda an inevitable loss, not this specific loss, but do risky stuff, people gonna unpredictably die. Which in a way is good news. Its not like the basic concept is a fail, or criminal negligence, or some hunter shot at it, or the failure was discovered after passenger rating rather than by test pilots.
The long term solution is to get more flights and more data so you can design a tougher to disintegrate ship and use actual flight data to partially or fully automate that specific flight control. Or in summary, test pilot work, which is exactly what they were doing anyway.
(Score: 2) by bob_super on Wednesday July 29 2015, @04:26PM
> Or in summary, test pilot work, which is exactly what they were doing anyway.
One could argue that the loss of only one of the two pilots is a success of sorts. Something really bad happened, but not all life was lost, therefore the overall design is not fundamentally flawed.
(Score: 2) by VLM on Wednesday July 29 2015, @05:11PM
Eh pretty much. I'd say a design failure scenario would be modeling and ground testing made them claim the wings fall off if you deploy flaps above 100 knots, and you deploy at 80 knots and the wings fall off anyway. Or we thought it would be stable but it goes into uncontrollable flat spin at high altitude. Pitch-roll coupling like the ancient old X-3? How about placing a giant liquid fuel tank to the side of a multi-segment solid rocket booster, like, what could possibly go wrong? Test pilots been killed by design issues like that, and its not the kind of thing you can patch around "eh just make that bracket bolt hole one size bigger and call it good". The X-3, LOL what a dog of a plane, I got to fly one in a simulator many years ago, what a POS, I guess they call it a learning experience for a reason, never design a plane like that again, I still remember it was like a flying telephone pole with a wound up rubber band for an engine and the pitch-roll coupling made it feel like I was fighting an autopilot on acid, that plane just sucked, a freakish flying gyroscope.
This failure basically boils down to "never do that particular flight maneuver again" and train the hell out of it. Maybe a solenoid that energizes and locks the control lever in place if the airspeed is out of range unless some kind of "emergency override" button is simultaneously pressed. It should be safe to launch the next one like next month or so. Going all the way back to the drawing board could have required years or shut down the program.
Something I miss in "modern" computer games is flight simulators that are realistic enough not to be a video game arcade port toy but unrealistic enough that the PITA issues of flying are no issue. Basically the computationally limited era of 80s sims, maybe with slightly better graphics.
(Score: 3, Insightful) by Nerdfest on Wednesday July 29 2015, @03:02PM
It seems to me that the crash was purely pilot error. Considering lack of handling of pilot error as a design flaw is a hole you can't really dig yourself into unless you want to eliminate pilots completely. Having safety interlocks and idiot lights and that sort of thing is a nicety, but should generally not be relied on in the first place, especially by professional test pilots.
(Score: 4, Insightful) by RedBear on Wednesday July 29 2015, @06:28PM
Argh. This is an idiotic but extremely persistent attitude that gets a large number of people all over this planet killed every year in various different professions. It's absolutely part of the engineers' job to design for Murphy's Law, and part of Murphy's Law is the possibility of operator error. I could whip off a hundred different reasons why the human operator of a machine might suddenly do something that would end up destroying the machine or harming people, from deliberate action to sudden oxygen deprivation to panic. There will always be plenty of actions and decision points left in the control of the machine for humans to do, but deliberately leaving it possible to accidentally do something that we know will destroy the machine and kill people is not something that anyone in their right mind should be advocating. If they had properly accounted for this possibility we would still have SpaceShipTwo and two _living_ test pilots, and a small log file saying "WARNING: PILOT2 ATTEMPTED TO UNLOCK TAIL FLAP DURING BRAKING STAGE2 AT FLIGHT SPEED NNNN", and that would have been the end of it.
There are probably 10,000 interlocks of various sorts from hardware to software to operator conditioning already built into a machine like that, and probably still 10,000 things the pilot could do that would have extremely bad results. But when you find something that you can do to negate the possibility of operator error that can be implemented without exorbitant cost, you don't stand around with your thumb up your butt saying, "Well, shit happens. That dumbass shoulda known better." People are dead, that isn't good enough.
I guarantee that 9 times out of 10 if an accident report conclusion is "Operator Error", there will almost always eventually be a repeat of that event, usually multiple repeats, and there will almost always be a simple, reliable way to keep that event from happening. In most cases there is _NO_ valid reason not to implement the solution, but this attitude of "whelp, pilot error, let's go home boys" all too frequently keeps us from doing anything about it. Not cost, not complexity, just this bizarre belief that we should "do more training" and continue to rely on the flawed human operator to be perfect 100% of the time. When highly experienced test operators are still able to ACCIDENTALLY destroy your machine and get themselves killed, there is something wrong with the training AND the design. Each is a backup for the other. You don't do either/or, you do both.
¯\_ʕ◔.◔ʔ_/¯ LOL. I dunno. I'm just a bear.
... Peace out. Got bear stuff to do. 彡ʕ⌐■.■ʔ
(Score: 2) by sjames on Thursday July 30 2015, @01:10AM
The actual finding is pilot TRAINING error. The pilots were told when to unlock the feather and were warned of the dire consequences of unlocking it too late. They were NOT warned of the equally dire and unintuitive consequences of unlocking it early.