Rolling Back

I’ve had a number of thoughts rolling around my head lately and they’re somewhat related so here goes.

I’m going to start with a depressing headline and URL: Civilization will end in 2050. Ok, perhaps that’s more of an alarmist headline than anything else. I posted this elsewhere, and some folks correctly pointed out that this could have been written by Thomas Malthus over two centuries ago.  And it’s true; prognosticators have predicted the fall of humans since probably before recorded history.  How many of us recall in the last century alone predictions of world-wide famine, a world-wide ice age, comets smashing into us and other horrible events.

Some were prevented, such with the Green Revolution. Some were corrected with better data or a better understanding of the data. Some where just… nuts.  That said, some predictions can be made with 100% certainty, even if the bounds on the actual circumstances are fuzzy. I’ve been giving this particular nugget a lot of thought.  Since I’ve passed that magical (at least to humans) mark of a half-century, I’ve given more thought to what I call my expiration date. It’s a fact. At some point I will cease all biological functions and will be dead.  I can’t escape that. Every day the odds increase a very tiny percentage.  So, I am predicting my own death, most likely sometime in the next 1/2 century. There’s a very slight possibility it could be tomorrow, and a much greater chance it could be 40 years from now, and based on current medicine an absolute certainty 80 years from now.  You’ll note I hedged that last one. It’s quite possible in the next few decades we figure out how to extend the human lifespan by decades if not centuries.  But I’m not counting on it. And even then, there are no guarantees I’m not hit by a driver while biking or some other catastrophic event.

That said, right now I’d say the odds are decent I’ll be alive in 2050. And almost certainly my kids will be (and very likely I’ll have grandkids by then).  So, am I worried that the world will end in 2050? Yes and no. For one thing, there’s time between now and then for a lot to happen. But, as we get closer, it’s going to be harder and harder to forestall the impacts of higher levels of CO2 in the atmosphere and oceans. Yes, to be clear, I believe the evidence supports that humans are greatly impacting the climate via CO2 and other emissions.

But I’m also optimistic that we’ll work harder, especially as things get worse, to stave off the most pessimistic scenarios. But it won’t be easy and the longer we wait, the harder it will be.

While anecdotal, I’ve already seen the impacts in my life, earlier springs, caves that once held ice year round no longer do, less snow in the winters, etc. It worries me. But I also still have some hope.

That said, an analogy that’s been rolling around in my head that isn’t 100% perfect but fits me as a DBA.

Many of us in the SQL server community have started a long running transaction, only to realize we’ve brought the server to a halt. In other words, no other user can access their data until our transaction is complete. We can abort the transaction, but if we wait too long, that can be a far worse solution than trying to stop it early on. For the non geeks, in other words, if our transaction is going to update 1 billion records and we realize 5 minutes in that it will take 10 hours, we can abort it and it should take about 5 minutes to rollback to the original state. This means we’ve only brought the server to a halt for about 10 minutes. However, if we ignore the problem, and keep pretending it’ll go away and we wait say 9 hours and then finally decide, “oh what the heck, let’s try to fix the problem now” it might take another 9 hours to rollback. In other words, by waiting to long to resolve the problem, instead of being 10 minutes, it can be 1080 minutes.

In other words, the longer you wait, the harder it can be to recover. I think that’s where we’ll be at by 2050. Whether or not I’m still alive (though I plan to be!)

Punditry

We’re all experts on everything. Don’t think so? Go to any middle school or high school soccer game and you’ll be amazed at how many parents are suddenly experts on soccer. It’s also amazing at how many parents are parents of future NCAA Division I scholarship soccer players.

Seriously though, we’re all guilty of this from time to time. I’ve done it and if you’re honest, you’ll admit you’ve done it.

Yesterday the world suffered a loss, the near destruction of Notre Dame.  Early during the fire our President tweeted:

“Perhaps flying water tankers could be used to put it out. Must act quickly!”

As many have pointed out, this was actually a terrible idea. The idea of dropping 100s of kilograms of water onto an already collapsing roof is most likely to do more damage than not. But, while I think it’s easy to mock the President for his tweet, I won’t. In some ways it reminds me of the various suggestions that were made last summer during the Thai Cave Rescue. We all want to help and often will blurt out the first idea that comes to mind.  I think it’s human nature to want to help.

But, here’s the thing: there really are experts in the field (or to use a term I see in my industry that I dislike at times: SME (it just sounds bad) Subject Matter Expert.)

And sometimes, being a SME does allow you to have some knowledge into other domains and you can give some useful insight. But, one thing I’ve found is that no matter how much I know on any subject, there’s probably someone who knows more. I’ve written about plane crashes and believe I have a more than passing familiarity in the area. Perhaps a lot more than the average person. But, there’s still a lot I don’t know and if I were asked to comment by a news organization on a recent plane crash, I’d probably demur to people with far more experience than I have.

Having done construction (from concrete work in basements to putting the cap of a roof on), I again, have more than a passing familiarity with construction techniques and how fire can have an impact. That said, I’ll leave the real building and fire fighting techniques to the experts.

And I will add another note: even experts can disagree at times. Whether it’s attending a SQL Saturday or the PASS Conference itself, or sitting in a room with my fellow cave rescue instructors, it can be quite enlightening to see the different takes people will have on a particular question. Often no one is wrong, but they bring different knowledge to the table or different experiences.

And finally, you know what, sometimes the non-expert CAN see the problem, or a solution in a way that an expert can’t. But that said, at the end of the day, I’ll tend to trust the experts.

And that’s the truth because I’m an expert on punditry.

Followers and CPR/First Aid

Yesterday, I performed a little social experiment and was pleased to find it worked. I’ve got to say, sometimes it’s the small things that make me happy.

Despite the below zero (Fahrenheit, so really cold, not that warm-cold of 0°C) temperatures, my son and I decided to head up to a local state park and do a hike.  Surprisingly, OK, maybe not, when we arrived, the parking lot was completely empty.  It had been plowed, but there was still a layer of snow over the entire thing, so it was impossible to see where the parking lines were. Now in the summer, this parking lot can be completely full, but I wasn’t too worried about that occurring when the temp was about -4°F.

So, which way to park? Well, there was some sun, so I figured I’d park so that the windshield would get the most sun and hopefully warm up the car just a bit while we hiked. I was sure at the time and later confirmed, this was at a 90° angle to the way the parking lines run. Ironically it was also about 90° colder than the summer temps!

Even when we started hiking, no one else had shown up. But, I have to admit, in the back of my mind I had to wonder if I would start a trend.

Sure enough, 1.5 hours later, when we arrived back at the car there were 3 other cars.  Not only were they parked in the same orientation, they were all parked right next to my car.  This parking lot probably covers 3 acres. They could have parked pretty much any place they wanted in any direction they wanted. But, because I had randomly picked a spot (and not so randomly a direction) 1 car was parked next to me in the same orientation and the other 2 parked facing us.

So what does this little experiment have to do with First Aid or CPR? Have you ever been at an event when someone has a medical event and at first no one reacts? It’s actually fairly common.  Everyone is standing around waiting for someone else to react. But once someone reacts, others tend to follow.  Be that person that others follow.  Learn CPR and learn First Aid so that when something happens, you can be the first to react. Sometimes people just need a leader to follow; and often they don’t necessarily realize it.

There’s no good reason anyone else parked just like I did, and yet they did. But there is a good reason for people to follow you if you can be the first to react in an emergency.  And you don’t have to be an expert. Obviously it didn’t take “expertise” to park yesterday, but people followed anyway. You don’t have to be an EMT or paramedic to react at a medical emergency. You can be the person that simply shouts, “Call 911” and gets people reacting.

That said, I still highly recommend taking a CPR and First Aid course. Not only do you learn very useful medical response skills, it will help you be that person that reacts first.

And stay warm!

Why the submarine wouldn’t work

I was going through my old drafts and found this post I had started to write earlier this year but never finished.  Actually it appears I meant this to be part of White (K)nights but I cut it out to make that post more readable.

During my media interactions I was asked multiple times to comment on Elon Musk and once or twice on his submarine. I tried to keep my comments fairly neutral, but the truth is, I and some of my fellow trained cave rescuers were pretty bothered by Musk’s attempted involvement. I got into at least one online debate about how the people in charge obviously were clueless and that Musk’s solution of a submarine was a brilliant idea.

It wasn’t and I figured I’d address some of my concerns.  Please note as with all situations like this, I was not directly involved, so I’m going on publicly available facts and my training as a cave rescue person and a cave rescue instructor. I am also not in any way speaking on behalf of the National Cave Rescue Commission or the NSS.

Now let’s discuss the device itself:

  • It almost certainly would not have fit. By all accounts, the tightest pinch was 15″ and hard to navigate. Anyone who has moved through a cave knows that even larger passages can be hard to navigate. Locally we have a cave that has a pinch that’s probably close to 15″, but that is at the bottom of a body sized V-shaped passage. Unless you can bend in the middle, you will not fit through it. A cylinder like Musk designed, would not fit. I don’t know the passages in the Thai cave, but odds are there is more than one passage where flexibility is important.
  • It also, in many ways was superbly dangerous. Once sealed into the tube, there would be no easy way to monitor the patient’s vitals. And if the tube had started to leak (cave environments can be extremely destructive, even to metal objects), there appears there would have been no recourse except to keep swimming and hoping to get to an air filled chamber quickly enough and that was large enough to debug the issue.
  • In addition, if the patients were not sedated, I’d have to imagine that being sealed into such a tube, even with lights for 20-40 minutes at a time would have been sheer terror. As it is, the kids were in fact apparently heavily sedated (a fact that some of us still find a bit surprising, even though very understandable), and yet at least one started to come out of sedation while in a water passage. Without being able to directly monitor the vitals of the patient, who knows what would have happened.
  • There’s probably other issues I could come up with. But let me end with this one. Rarely if ever do you want to beta-test or heck even alpha-test, which is what this would have been, a brand new design in a life or death situation when there are alternatives.

Like our White Knights, we want our brilliant tech solutions, but often we’re better off adapting what we’ve done in the past. In cave rescue we try to teach our students a “bag of tricks” that they can adapt to each particular rescue. Foe example, there is no single rigging solution that will work for every rescue.  How I might rig a drop in Fantastic in Ellison’s might be very different from how I’d rig a drop here in New York.  How I  package a patient for movement here may be different than in a Puerto Rican cave.  And honestly I’ve seen a lot of high-tech equipment get suggested for cave rescue that simply doesn’t work well in a cave environment and we often go back to the simple proven stuff.

I will add a tease, to perhaps a future blog post, of a mock rescue rescue where a high-tech approach failed after several hours of trying, and the low-tech solution solved the problem.

 

 

 

The Soyuz Abort

Many of you are probably aware of the Soyuz abort last week. It reminded me of discussions I’ve had in the past with other space fans like myself and prompted some thoughts.

Let’s start with the question of whether Soyuz is safe. Yes but…

When Columbia was lost on re-entry a lot of folks came out of the woodwork to proclaim that Soyuz was obviously so much safer since no crew had died the ill-fated Soyuz 11 flight in 1971. The problem with this line of thought was that at the time of Columbia, Soyuz had only flown 77 times successfully vs 89 successful flights since the Challenger Disaster. So which one was safer? If you’re going strictly on the successful number of flights, the Space Shuttle. Of course the question isn’t as simple as that. Note I haven’t even mentioned Soyuz 1, which happened before Soyuz 11 and was also a fatal flight.

Some people tried to argue that the space shuttle was far less safe because during the program it had killed 14 people during its program life vs 4 for Soyuz.  I always thought this was a weird metric since it all came down to the number of people on board. Had Columbia and Challenger only flown with 2 on each mission, would the same folks argue they were equally safe as Soyuz?

But we can’t stop there. If we want to be fair, we have to include Soyuz-18a. This flight was aborted at a high altitude (so technically they passed the Karman Line and are credited with attaining space.)  Then in 1983, Soyuz T-10a also suffered an abort, this time on the pad.

So at this point I’m going to draw a somewhat arbitrary line as to what I consider a successful mission: the crew obtains an orbit sufficient to carry out a majority of their planned mission and returns safely. All the incidents above, Soyuz and Space Shuttle are failed missions.  For example, while Soyuz-11 and Columbia attained orbit and carried out their primary missions, they failed on the key requirement to return their crew safe.

Using that definition, the shuttle was far more successful. There was one shuttle flight that did undershoot the runway at Edwards, but given the size of the lakebed, landed successfully.  We’ll come back to that in a few.

Now let me add a few more issues with the Soyuz.

  • Soyuz-5 – failure of service module to separate, capsule entered upside-down, and the hatch nearly burned through. The parachute lines also tangled resulting in a very hard landing.
  • TMA-1 – technical difficulties resulted in the capsule going into a ballistic re-entry mode.
  • TMA-10 – Failure of the Service Module to separate caused the capsule to re-enter in an improper orientation (which could have lead to a loss of the crew and vehicle) which ended up causing the capsule also re-enter in a ballistic re-entry mode. The Russians initially did not tell the US.
  • TMA-11 – Similar issue as TMA-10, with damage to the hatch and antenna that was abnormal.

And there have been others of varying degree. I’m also ignoring the slew of Progress failures, including the 3 more recent ones that were launched on a rocket very similar to the current Soyuz-FG.

So, what’s safer, the Soyuz or the Space Shuttle?  Honestly, I think it’s a bit of a trick question. As one of my old comrades on the Usenet Sci.space.* hierarchy once said, “any time a single failure can make a significant change in the statistics, means you really don’t have enough data.” (I’m paraphrasing).

My personal bias is, both programs had programmatic issues (and I think the Russians are getting a bit sloppier when it comes to safety) and design issues (even a perfectly run shuttle program had risks that could not have been solved, even if they might have prevented both Challenger and Columbia).  However, I think the Russian Soyuz is ultimately more robust. It appears a bit more prone to failures, but it has survived most of them. But, that still doesn’t make it 100% safe. Nor does it need to be 100% safe.  To open the new frontier we need to take some risks.  It’s a matter of degree.

“A ship in harbor is safe, but that is not what ships are built for.” – John A. Shedd.

A spacecraft is safe on the ground, but that’s not what it’s built for.

In the meantime, there’s a lot of, in my opinion naive, talk about decrewing ISS. I suspect the Russians will fly the Soyuz TM-11 flight as scheduled. There’s a slight chance it might fly uncrewed and simply serve to replace the current Soyuz TM-9 capsule, but it will fly.

 

Crying Wolf

We all know the story of the boy who cried wolf. Last week we had a nationwide example of that.

I’m about to break an unwritten rule I have for this blog in that I try to avoid politics as much as possible. But here I’m going to try to steer away from any particular partisan position and try to discuss the impact of both certain policies and the resulting reactions.

So, to be upfront, I am not a fan of President Trump, nor do I subscribe to his brand or style of politics. That said, let’s carry on.

So, at approximately 2:20 PM EDT on Thursday of last week, millions of Americans had their phones buzz, beep, play some sort of tune, etc.  By the build up and reaction, you would have thought it was the end of the world. Ironically, the system MIGHT someday be used to actually alert us to the end of the world.  Hopefully not.

The event I’m referring to of course was a test of a new system that many phones classify as a “Presidential Alert”.  It’s really the latest in a series of systems the US has had over the years to alert citizens to potential dangers or crises.

Some of my readers may be old enough to recall AM radios that had two markings on them, small triangles with a CD in them. This was for the CONELRAD alert system that was in place from 1953-1963. This was designed to be used strictly in the event of a nuclear attack and was never intended nor used in the event of a natural disaster.

It was replaced by the Emergency Broadcast System. This system was actually used to alert local and regional areas to extreme weather events and other natural disasters.  In 1997 it was replaced by the Emergency Alert System. The EAS was designed to take advantage of the expanding ways of reaching people. This ultimately included the ability to send text alerts to phones in the US.

There are, and have been from day one of the design for phones, three types of alerts, the “Presidential Alert”, alerts for extreme weather or other events and Amber alerts.  Phones have had the ability to receive these alerts for close to a decade now; and, importantly, for the second two type of alerts, the ability to shut them off. Phones can NOT turn off the Presidential Alert. This is by design and this has been a feature of the system from day 1. In other words, despite what many in social media seemed to believe, this feature was baked in long before President Trump took office.

So enough history, let’s get to the the wolf cry. Both before and after, I saw people all over Facebook and other media proclaiming how bothered they were and upset that the President had the ability to text them directly. He (or ultimately she) can’t.

Ok, that’s not quite true. My understanding is that the President can issue a statement through the White House Communications Director that gets passed on to the appropriate people that would activate the EAS and the WEA and the statement would go out. But the idea of President Trump or any President sitting at their desk and picking up their phone and texting all of America is not true.  It’s a myth and image built up by folks who are quite frankly paranoid. This does not mean that the system can’t be abused. However, there are numerous checks in the system that I’m extremely doubtful that such non-emergency use would ever actually intentionally occur.

But, the fact that people apparently feel so strongly about the risks troubles me. There’s no doubt that this President uses social media in ways unlike any previous President. This President is far more likely to say what’s on his mind without much filter. Some people love him for that, some vilify him.

BUT, this man is the President, NOT the Office of the President nor the entire Executive Branch. This is an important distinction and one to keep in mind. Regardless of how one feels about the State of the Union, there are still checks on the actual authority he can wield.  And ultimately if the system did get abused, one would hope that someone along the chain would say “no” or if it got beyond that Congress would ultimately enact additional safeguards.

For a system like the EAS and the WEA to work, we need to test them. And we need to have faith they are properly used. Yes, sometimes mistakes happen in an unscheduled test going out, or worse, a test mistakenly sending out a message that a real event is transpiring. These mistakes NEED to be avoided and minimized so that people don’t panic (which can cause harm, including death in some cases). But the testing needs to happen to make sure the system DOES work when needed.  We need to have a general faith, though perhaps tempered with SOME caution of abuse of the system.  (BTW, I do realize there’s some controversy over exactly what transpired in the Hawaii incident and in fact might actually illustrate an actual abuse of the system by an individual.)

But we should not let the partisan social media actions of one particular President make us never believe the boy who cried wolf. Someday the cry may be real.

As long as the national level tests like the one that occurred last Thursday remain infrequent, with a clear purpose, and are clearly tests, I will continue to advocate for them.

P.S. Oh, one more addendum, anything you see about John McAfee concerning the test, or the E911 of your phone should be basically ignored.

P.P.S One of the eeriest experiences of my life was walking into my apartment and catching a rebroadcast of the movie Countdown to Looking Glass. It made me better understand how folks could have fallen for the Orson Welles broadcast of The War of the Worlds. Now I would never advocate searching for a bootleg copy of the movie on Youtube, but if you can find a copy it’s worth watching in my opinion, and honestly, the last minute or so still sort of freaks me out.

 

Safety Third

This is actually the name of an episode of Dirty Jobs. But it’s a title that has stuck with me because it’s near and dear to the sort of things I like to think about. Mike Rowe has a good follow-up article here. The title and show ruffled feathers, but he’s right, it’s an important concept to discuss.

You’ll often hear the mantra “Safety First”. This often means in work places things like wearing fall protection when working at height, or wearing a life vest when working in water, or ear protection, or other safety measures. The idea being that above all else, we have to be safe.

I got thinking about this while reading Rand Simberg’s book, Safe is Not an Option.  He argues that trying to make safety the highest priority of spaceflight is holding us back. I tend to agree.  And I’d like to argue out that despite NASA talking about safety in public announcements, the truth is NASA hasn’t always been upfront about it and also it has made decisions where safety wasn’t first (and I would argue in some cases those decisions were justified).

Now I know at least a few of my readers have read the Rogers Commission Report on the Challenger shuttle disaster.  It’s worth the read, especially Dr. Feynman’s appendix. One of the issues that came up during the investigation was exactly how safe the Shuttle was. (Here I’m referring to the entire system, the orbiter, SRBs and ET). Some at NASA were claiming that the Shuttle had a 1 in 100,000 chance at a loss of an orbiter. (a loss of a an ET or SRB as long as it didn’t impact the Shuttle wasn’t really a concern, as all ETs were lost at the end of each mission and at least 2 SRBs were lost due to other issues). As Feynman pointed out, this meant you could fly the Shuttle every day for 300 years and only have one accident.  What was the reasoning behind such an argument? Honestly, nothing more than wishful thinking.   As we know, the shuttle was far less safe, 1 in 67.5.  That’s a hugely different number.

There were many reasons that lead to either accident and I won’t delve into them here; though I would highly recommend The Challenger Launch Decision by Diane Vaughen as a comprehensive analysis of the decision making that helped lead up to the Challenger disaster.

But let’s talk a bit about how things could have been made safer, but NASA correctly decided NOT to go down that route.  One early iteration of the shuttle design had  additional SRBs mounted to the orbiter that would have been used to abort during an additional 30 seconds of the flight envelope1. I can’t determine if these 30 seconds would have overlapped with the critical 30 seconds Challenger’s final mission. But let’s assume they did. The total cost would have added $300 million to the development of the program and reduced the payload capacity of the orbiter2..

In a system already beset with cost considerations and payload considerations, this might have meant the program never got off the ground literally. Or if it did, it would fail to meet its payload guidelines.  All this for 30 more seconds of additional safety. Would that have been worth it? Arguably not.

Another design decision was to eliminate thrust termination for the SRBs. Again, this is something that would have arguably made the ascent portion of the flight safer: in theory.  The theory being that since you can’t normally shut down the SRBs, you can’t perform an orbiter separation, which means the orbiter can’t detach during the first 2 minutes of the flight and hence can’t perform a return to launch site abort.

But again, adding that safety feature didn’t necessarily make things better. For one thing, it really only would have been useful above a certain altitude since below that altitude all the orbiter could have done is detach from the stack and fallen into the sea with too little time to get into a glide position and make it back to a runway.

But there was a bigger issue: the thrust termination was determined to be violent enough it would probably have damaged the orbiter if used. This could have been mitigated by beefing up the orbiter structure. But this would have imposed an 8,000 lb payload penalty. Since the shuttle was already having trouble reaching its 65,000 lb payload goal, this was determined to be unacceptable3.

So, NASA could have made the decision of “safety first” and ended up with a shuttle system that never would have flown. And given the political calculus at the time, it’s unlikely NASA could have come up with a better solution nor had Congress fund it. The shuttle was an unfortunate compromise brought about a host of factors. But it did fly.

As I like to tie this back to some of my other interests; so what about caving and cave rescue.? I mentioned in a previous post how we’ve moved away from treating one line in the system strictly as a belay line. But what if I told you we often only use one line! There are many places in caving and cave rescue where we do not have a belay line. A good example is for a caver ascending or descending a rope.  This is called Single Rope Technique or SRT. There are some who come to caving from other activities and ask “where’s your belay? You have to have a belay!”

But, a belay line (here used in the sense of catching a caver from a potentially dangerous fall if their mainline fails) is actually far less safe.  I’ll give an example. First let’s start with some possible failure modes

  1. Main rope being cut or damaged to the point of failure
  2. The point the rope is rigged to (the anchor point) failing
  3. Your ascent or descent system failing

So the idea is, if one of those 3 things happen, the belay line will catch you.  But there’s issues with that theory. One major issue is that large drops in caves are often accompanied by air movement and waterfalls. The air movement, or even simple movements by the caver (and influenced by the rope in some cases) can cause a twisting motion. This means that before you know it, your belay line has been twisted around your mainline and you can no longer ascend or descend. You’re stuck. Now combine this with being in a waterfall and you’ve become a high-risk candidate for hypothermia, drowning, and harness hang syndrome.  In other words, your belay line has now increased your chances of dying. So much for the attitude safety first.

Even if you avoid those issues, you haven’t really solved the possible failure modes I listed. If you think about it, anything that’s going to damage your mainline is possible to your belay line. There are some differences, your belay line, for example because it’s moving is far less likely to wear through in a single spot like a mainline might from being bounced on during an ascent. On the other hand it’s more possible to suffer a shock load over a sharp edge if it’s not attended well.

If your mainline anchor point fails, you’re relying on your belay anchor point to be stronger. If it’s stronger, why not use it for your mainline? (there are reasons not to, but this is a question that should cross your mind.)

Finally, for equipment failure, catastrophic failure is rare (only seen in movies honestly) and other failures are better mitigated by proper inspection of your equipment and close attention to proper technique.

Of course the safest thing to do, if we were really putting safety first would to never go caving. But where’s the fun in that.

We can insist on safety first in much of what we do, but if we do, we inhibit ourselves from actually accomplishing the activity and in some cases can actually make things LESS safe by trying to add more safety. And safety is more than simply adding additional pieces to a system. It’s often proper procedures. Rather than adding a belay line, focusing on better rigging and climbing technique for example. Or even simply accepting that sometimes things can go sideways and people may be injured or die.  We live in a dangerous world and while we can make things safer and often should, we should be willing to balance our desire for safety with practicality and the desirability of the goal.

I’m going to end with two quotes from an engineer I respected greatly, Mary Shafer who formerly worked at NASA at what was Dryden Flight Research Center and is now the Armstrong Flight Research Center at Edwards Air Force Base.

Insisting on absolute safety is for people who don’t have the balls to live in the real world.

and

There’s no way to make life perfectly safe; you can’t get out of it alive.

For a more complete record of Mary’s thoughts, I direct you to this post.

Footnotes

    1. Space Shuttle – The First Hundred Missions. Dennis Jenkins, 2001. Page 192
    2. Ibid.
    3. Ibid