In Star Wars: Rogue One we learn that that Jyn Erso's father purposefully put in the design flaw to destroy the Death Star, my question is: How did no other engineer see the massive design flaw?
asked Apr 28, 2017 at 14:09
-
203Nobody wanted to do the documentation– LCIIICommented Apr 28, 2017 at 14:54
-
84And any documentation that was made, no one wanted to read it– fyrepenguinCommented Apr 28, 2017 at 18:09
-
39Have you ever seen people do code review on complicated legacy systems with *&(*ton of code?– DVK-on-Ahch-ToCommented Apr 28, 2017 at 18:38
-
9The design flaw was critical but subtle. Meanwhile, the Death Star itself was massive; it's the size of a small moon; it would be rather difficult for most people to review something of that magnitude, especially if they didn't already know what to look for. Also, I expect that most of the engineering would be compartmentalized.– jamesdlinCommented Apr 28, 2017 at 19:24
-
5Did you want to be the guy who reported this? "Lord Vader - there appears to be a design flaw in the hypermatter annihilator unit" "I find your lack of faith in our little project...disturbing..." "GRRNNNKKKK! GLURRRNNNG! GNN...rmph... (klonk!)".– Bob Jarvis - Слава УкраїніCommented May 1, 2017 at 3:44
|
Show 4 more comments
3 Answers
They did, but Galen misdirected them
There's a supplemental document included in the Rogue One novelization, comprised of several messages sent between Galen and one of the engineering managers, where we learn that Galen's reactor modifications actually did trigger diagnostic warnings, as one would expect:
I had the droids generate a new Systems Safety and Compatibility Report incorporating your team's proposed adjustments to the reactor core. The new plans triggered a dozen subsystem warnings and spat out one blazing red stain on the line labeled "Hypermatter Annihilator Unit." I didn't bother asking my astromech how bad that could be — a redline on a critical system speaks for itself.
Rogue One: A Star Wars Story - Official Novelization Supplemental Data: Battle Station Engineering Notes
There's some back-and-forth between the assorted parties, but Galen manages to get his reactor changes approved mostly by appealing to Imperial interests in:
Getting the damn thing actually working, on-schedule (or less behind schedule)
You may be too obtuse to realize it, Erso, but I'm doing you a favor. This project needed to be done weeks ago.
Send me the final venting shaft and exhaust port plans. I'll bypass SSCR and submit them for production, manufacturing, and installation.
Changes have been approved.
Rogue One: A Star Wars Story - Official Novelization Supplemental Data: Battle Station Engineering Notes
Keeping the officers happy:
I oversaw construction of the northern command sector myself. Tarkin has already toured the facilities. If the particle funnel and recycler can't go anywhere else, stick with options two [a time-consuming research project on improving the reactor technology] and three [an exhaust port].
[...]
Send me your final plans. I'll declare the droids in error and override the next SSCR.
I'm not burying Krennic in redline reports while you figure out how to keep a handful of stormtroopers from developing a cough1.
Rogue One: A Star Wars Story - Official Novelization Supplemental Data: Battle Station Engineering Notes
1 Additional context which I don't want to quote in the interests of brevity: Galen has responded that installing venting shafts will only mostly solve the problem; there will still be some radiation leakage into crewed areas. Upon being assured by Galen that the leakage won't affect command sections of officer's quarters, that message was sent
answered Apr 28, 2017 at 14:19
-
88
-
36Having heard my resident engineer vent about companies wanting everything done yesterday but rarely approving plans on time this feels amazingly realistic.– MazelCommented Apr 28, 2017 at 16:07
-
23
-
8
-
9
Have you ever worked on or seen a FMECA? Even for a simple system, they are a truly stupendous amount of work. A few years ago, I reviewed one performed by someone else on a relatively complex system (four electronics racks, plus some ancillary equipment), and reviewing it alone took about three full-time months. I don't know how long performing it took, but it was at least several man-years dedicated, plus several more intermittently from the actual designers. Multiply that by the number of comparable systems on the Death Star, and it's likely that literally hundreds of thousands of man-years which would have to pour down the drain just for this single engineering task.
Further, when designing anything, you're playing a numbers game. Of course there will be things which could destroy your system. If you throw a handful of rocks at your laptop, there is a possibility that they will land on the keyboard in a way which correctly enters your password, calls up a command prompt, and types in "format c:". How much time should you spend "fixing" this exploit? Should you even document it? Should you even consider it? (my very rough estimate is that doing so would increase your FMECA time by at least two to three orders of magnitude).
Finally, even with small projects (like a DVD player) not everyone is an experienced senior engineer. You involve junior engineers because you need the help and because you need to give them experience (or else this generation will die off, and you'll never get a Death Star 2). This, incidentally, is one of the reasons that power supplies are so failure prone in most consumer devices: Power supplies are the part you can most safely assign to the least experienced designer.
So, what does the actual engineering analysis look like there? You probably have a junior guy looking at the exhaust system. If he's good, he probably comes up with something like "sudden over-pressure" as a failure mode, and shows that the next-higher level effect is feeding a pressure spike back into the core (many unstated and charitable assumptions about architecture there). With really, really, good analysis, that probably rolls up to some sort of critical failure. Junior engineers are excitable, so he probably assigns that a high likelihood. Let's assume he assigns it one high enough to push it over the threshold of "worth fixing." The lazy way of fixing an over-pressure in a straight pipe (especially if you don't believe its really a problem) would be to widen and straighten that pipe. So now, instead of a one-meter opening, it's a two-meter opening. Problem solved. (And if you're the overall system architect, this is a great place to put your thumb on the scale to create a vulnerability).
But maybe some survivability or safety engineers come along afterwards. This is a military project, after all. They're going to brainstorm a bunch of stupid edge-cases ("but what if the Death Star flies through a sun?"), but for everything real they're going to look at the FMECA failure modes. So, maybe they see that there's a place where "sudden over-pressure" causes a system-level problem (which already required quite a lot to go right), and maybe they think of proton torpedoes at that point. They probably do some pseudo-Bayesian analysis to find the probability: given that the Death Star is hit by a proton torpedo, will it hit this vent? And that probably looks like (surface area of vent)/(surface area of death star), because this thing is trivial anyway, and because its all classified you're looking at random chance, not deliberate action. But assume they decide that this one-in thirty-seven-billion chance is too high. How do they mitigate it? Well, maybe shield the vent. You could put a grate over it, but that's not ideal (the failure mode is "sudden over-pressure." What does that mean for an explosion at the mouth? Who knows!). But there is a trench nearby, so it's trivial to re-route it there, so the exposure is also limited to a much smaller range of attack angles. If you're still super-worried about it, throw a few extra turbolaser batteries around nearby and call it a day.
All in all, it's incredibly unlikely that this was the only such flaw. It's the flaw which was called out in the movies, but there were probably a half-dozen ways to mess with the superlaser emitters just right and blow the whole thing up too.
-
3I think a lot of this engineering for a type 2 civilization would be mostly automated, no? Like, this makes sense if this was all done by hand, but why wouldn't some complex simulation system consider it? A computer in this civilization should be able to map out "routes to high priority subsystems" and highlight this as a threat. Commented Apr 28, 2017 at 23:14
-
8@NateDiamond I don't think so, but it's hard to say. Star Wars computers are never really explored. Setting this sort of problem up is very hard, solving it is trivial (and tends to be automated now; basically it's just a funny spreadsheet). Ultimately, if this were automatable, I would expect all engineering to be automated, which doesn't seem to be the case.– fectinCommented Apr 28, 2017 at 23:34
-
1The engineering doesn't necessarily need to be "automated", in that most processes for doing this will still need the objectives of the design, along with balancing for things which may not be taken into account or are difficult to quantify. We're using "automated" design techniques nowadays, for instance genetic algorithms to design functional equipment, from turbines to automobile chassis. In these cases, the engineer still takes the output of the system and then tweaks it, doing passes with more directed attention (like security). This problem seems like it would have been caught early. Commented Apr 28, 2017 at 23:49
-
7@NateDiamond Star Wars, like a lot of space opera, has a very anthropomorphic notion of what AI is capable of: emotion, judgment, natural language, and so forth are so easy they happen by accident, but large-scale automation is hard (or involves using a zillion inexplicably-humanoid robots as factory workers, rather than any sort of integrated system). This is because few people were thinking about the real potential of ubiquitous computing pre-PC/internet, and partly because it's a lot easier to make a compelling film out of desperate fighter pilots on a suicide run than a pack of drones. Commented Apr 28, 2017 at 23:55
-
5@NateDiamond Also, in a world where spaceships maneuver like WW2 fighters, real-world physics don't necessarily apply. :) I like to think that the Star Wars universe has a completely different paradigm for what technology is capable of; barring scale and a few specific technologies like antigrav flight, hyperdrive, and droids, a lot of stuff seems to be pretty solidly mid-20th-century in terms of actual effect--e.g. blasters look snazzy but aren't notably more effective than firearms--and tech doesn't really change much over decades or centuries. Commented Apr 29, 2017 at 0:06
It's not from Rogue One, but Episode IV gave a somewhat different explanation--one more about the thinking and attitude of the Empire in general1:
Dodonna:
The battle station is heavily shielded and carries a firepower greater than half the star fleet. It's defenses are designed around a direct large-scale assault. A small one-man fighter should be able to penetrate the outer defense.
Gold Leader:
Pardon me for asking, sir, but what good are snub fighters going to be against that?
Dodonna:
Well, the Empire doesn't consider a small one-man fighter to be any threat, or they'd have a tighter defense. An analysis of the plans provided by Princess Leia has demonstrated a weakness in the battle station.
[emphasis added]
As with most good writing, this does (at least) double duty, so to speak. It not only tells us how this defect was allowed to happen, but also tells us more about the basic character of the Empire in general--rather than caring about an individual and how he or she can attack the station, they think only in terms of large machines and how they can attack the station.
In short, the Empire is basically like a person with a basic character defect--lack of empathy or caring for people. That defect is not only what allows the attack to succeed, but also a large part of what makes the Empire so evil, thereby justifying carrying out the attack in the first place.
-
3I would add that probably they ruled out a Kamikaze-like attack by small fighters as a real menace. After all Luke could hit the target only by using the Force. Analysis could have determined that that exhaust opening was too difficult to be hit even by a rebel top-gun. And Jedi's pilots were probably thought to be all dead by then! Commented Apr 30, 2017 at 12:14
-
1@LorenzoDonati: Perhaps not--but they should have assumed the rebellion would be halfway sensible, and had the computer launch the missile directly instead of having it show a display for a human to pull the trigger. For a human, you have to figure a delay of ~100 ms, and variation of tens of milliseconds (even at best); for a computer, an accuracy of 1 microsecond is trivial (and yes, of course I realize this wouldn't fit the plot at all). Commented Apr 30, 2017 at 16:41
-
10The officer telling Tarkin that they've analyzed their attack plan and discovered a danger suggests that command did not know about the weakness before the attack. Otherwise, the conversation would have been "the Rebels are trying to exploit that weakness we brought up". Commented May 1, 2017 at 4:53
-
@Thunderforge, in the public environment of the "workplace hallway"? You really think that officer is going to make it clear to one and all within earshot that Tarkin knew about the weakness already? Not a chance (or he would inexplicably be passed over for promotion for a long time). You, my friend, should spend some time reading Workplace SE. ;)– WildcardCommented Aug 14, 2017 at 20:32