That's my takeaway after a lot of reading about this.
The seal performed exactly as it was specified to. The spec was that below certain temperatures it wasn't guaranteed to perform as a seal, and that's exactly how it performed.
The issue was that some level of management was alerted that they were operating outside of the spec, and they gambled that it didn't matter.
The seal did not "perform exactly as it was designed to."
The seal leaked during initial static pressure testing, it leaked during test-firings, etc. Engineers and management at both Thiokol and NASA knew about this. NASA engineers repeatedly objected to the Thiokol design (both original and modified) for different reasons, talked to the o-ring supplier who stated that the design was using o-rings in a way never used before, etc.
The author of the blog post is wildly wrong, but so are a lot of comments.
Everyone, PLEASE read the Rogers Commission report. It spells out the extensive problems with the design/manufacture, and at both Thiokol and NASA.
Edit: I can't post a response because my account has a posting limit, but "the o-rings were not defective" is...misleading.
The o-rings were constructed as an assembly that used multiple lengths of o-ring material glued together, instead of the entire o-ring being molded at once, which is what had been done on prior rockets. Up to five joints were allowed. No inspection of the glued joints was performed other than a surface inspection.
Second edit: no, the problem is not that the "selection team did not account for atmospheric pressure." The joints between sections mechanically did not hold together correctly. NASA engineers predicted this when examining the revised design during the earliest phases, although the assembly was found to act in a way different than how they had predicted, but still caused the seals to leak. Everyone knew the seals leaked, before the first shuttle headed to the launch pad.
Third edit: the blog is "wildly wrong" because it claims NASA supplied or modified the revised seal design and outright declares them incompetent government bureaucrats who didn't know how solid rocket motors worked. In fact, both designs came from Thiokol in entirety - and NASA engineers basically said in reports something to the effect of "the government (ie NASA and the military) has never seen a solid rocket motor sealed like this".
When NASA engineers approached the o-ring manufacturing company, the company said they'd never seen a design like it and felt that it was 'not being used like an o-ring' or something to that effect.
From the very beginning NASA engineers were screaming their heads off that the design was shit. Testing validated their concerns. Upper management at both Thiokol and NASA didn't care.
I should have been more specific: the o-ring did not fail in an unexpected way.
There was no defect in the o-ring. The design of the entire joint it was sealing was suspect, and was known to perform in a way that was not satisfactory. It did perform just as it was expected to (they expected a failure under the conditions) by the people that had the technical details.
True indeed, but it's important to not lose the uncertainly they had at the time, and the degree of o-ring failure being not so binary.
According to what I recall of Allan McDonald's version of things, they had a good amount of data that colder temperatures meant worse sealing performance from the o-rings (soot making its way past the first o-ring and in some cases damaging the second, basically). Like you said, it was a well-known issue in some circles. They also knew the Challenger launch the next morning would be very cold indeed, something wild like at or just above freezing, I think.
The engineers at Thiokol raised their concerns and were asked what a safe temperature to launch is and said something like 53F, basing this on the fact that a previous launch at that temp was successful. NASA (and Thiokol) management balked at this because the booster's certified minimum launch temp was something lower like 30 or 40F. Then they basically asked them to prove it would catastrophically fail at the temperatures expected the next morning, which they couldn't conclusively do since they didn't have the data to back it up. Management reversed the no-go recommendation based on this.
So yes, the o-rings performed as expected insofar as colder = worse, but it was a matter of how much worse at temperatures lower than any successful previous launch.
> Then they basically asked them to prove it would catastrophically fail at the temperatures expected the next morning, which they couldn't conclusively do since they didn't have the data to back it up.
Turns out they _did_ conclusively prove that, just not within the time or budget (or casualty) constraints demanded by management at the time.
Why is the blog post wildly wrong? He states the seal joints were poorly designed, similar to your statement. His statements seem reasonable and in agreement with Feynman's and others' (Boisjoly) account, which tell a story of corrupt NASA and Thiokol management, who pushed for flying outside the safe temperature window.
>The seal performed exactly as it was specified to.
Yeah, no.
The seal never performed the way it was designed to.[1] It was faulty by design. The seal always leaked, but that didn't always lead to an explosion.
There were multiple times where the erosion/blow-by problem was observed; in fact, the O-ring was (unsuccessfully) redesigned by Morton Thiokol to address the issue.[2]
The problem was that nobody really understood what was going on, and waved their hands about it.
Quote[3]:
“NASA had developed a peculiar kind of attitude: if one of the seals leaks a little and the flight is successful, the problem isn’t so serious. Try playing Russian roulette that way: you pull the trigger and the gun doesn’t go off, so it must be safe to pull the trigger again.”
Please do some due diligence before simply saying things that feel right for the sake of making a point.
Your point still stands (it was an organizational failure), but premising it on a false statement (that the O-ring performed to spec) isn't a way to make it.
> “NASA had developed a peculiar kind of attitude: if one of the seals leaks a little and the flight is successful, the problem isn’t so serious.
this quote is also feels pertinent to the Starliner decision to launch. They knew there was helium, but they just decided there was more helium for the mission than was leaking. so the acceptable risk bar seems to be pretty low.
It's prevalent all over the aerospace industry. It's also why the Columbia was lost (foam shedding happens but it's "in family" ie - it's a known issue that hasn't prevented a flight from being successful).
Complicated systems are always having some issues that aren't to spec. The difficulty is assigning an appropriate risk to them.
I've heard people who design 5+ sigma aircraft who refuse to fly on it because they know of some system that isn't up to spec in their eyes; in that case, the opposite is true: they're assigning a risk that is probably too large given the data.
You wrote this after my other reply clarifying my point to a sibling comment that addresses exactly what you are saying, so please go back and read that.
The gist of it is that the failure was expected by everyone with technical knowledge of the seal.
To be fair, there were specific temperature ranges in which the shuttle was supposed to be capable of launching, and the temperature range did not go as low as you might expect because the Shuttle was going to launch in Florida (and, maybe someday, California) - iirc, the minimum temperature was 40 def F or something like that.
Of course, the Thiokol engineers weren't sure that 40 was sufficient (they were worried about anything below 52 degrees), but in defense of the people that chose the o-ring material, Challenger launched outside of the design spec for the Space Shuttle.
The seal performed exactly as it was specified to. The spec was that below certain temperatures it wasn't guaranteed to perform as a seal, and that's exactly how it performed.
The issue was that some level of management was alerted that they were operating outside of the spec, and they gambled that it didn't matter.