Yeah, the risk appetite was much higher. Those are good reminders on Apollo 1/6/8, but the problems didn't stop there. The first 5 landing missions all had huge problems that nearly killed everyone, too. Only the last 2 landings were sort of OK.
Apollo 1: burned all astronauts alive
...
Apollo 10: POGO oscillations on launch (Saturn V still trying to tear itself apart), LEM tumbling
Apollo 11: Computer kept crashing all the way down to the moon (it controlled the engines)
Apollo 12: Brownout in the command module during launch, "Set SCE to Aux"
Apollo 13: Oxygen tank fire. So rough they made a movie.
Apollo 14: Shorted abort button almost killed everyone
Apollo 15: Parachute failure
---------
We have no shortage of people who would be willing to put their life on the line, but we do have a shortage of the political urgency/unity to tolerate actual problems. Just look at people dig into Elon Musk every time he explodes a prototype with his own money and nobody on board, and realize that accelerating a human program creates 10x the political sniping opportunity.
Counterpoint: all of those incidents, except Apollo 1 are proof that the engineering was great, because nobody died.
For example, you mention the computer on the Apollo 11 lunar module crashing. In fact, it was recovering and working properly. The astronauts had left the rendezvous radar on during descent, in case it was needed for abort. That was not a nominal configuration, and the radar kept stealing cycles and causing the guidance computer to be overloaded with tasks. Remember, it was a hard real time system. What did the computer do? Reset and prioritize the key task: landing.
Apollo 12: Got hit (twice) by lightning. The electrical system wasn't fried, it survived it, in a protective mode. Importantly, the computers in the Instrument Unit, placed on the third stage, were completely unaffected.
Apollo 15: One lost parachute, still landed safely (if a bit hard) because of redundancy.
I could go on, but you get the point. It was a well-engineered system backed by a team of engineers.
Maybe. But it's hard to tell whether nobody died because the system was robust vs. nobody died because we got lucky.
For example, there were several cases of burn-through on the O-rings before Challenger. The engineers thought there was enough margin to not worry about it, so they didn't
Similarly, when Columbia was hit by foam-ice on ascent no one worried because it had happened before and nobody had died.
Correction -- at least for Challenger, engineers did not think there was margin, and argued against the launch.
At the technical level, both tragedies were caused by design flaws. Organizationally and culturally, multiple factors contributed, but an attitude of "nothing has happened yet, so this is fine" (normalizing risk) was a major one.
In my mind I have stored this phrase that "production pressures move the Overton window of acceptable shortcuts closer to disaster."
I think it captures several important nuances, like how it's a gradual process, how it ecpnomises/improves things at first, that there is a destination, that it covers even things such as discussions about shortcuts and not just their usage.
We don't disagree about the engineering being excellent. I was commenting on safety culture. A few days ago I saw Tory Bruno explain with visible frustration how they canceled the launch due to a valve that had to be cycled before it behaved. In that environment, the Apollo risks would not have been tolerated, even though they turned out to have been good bets.
The abort button on Apollo 14 would at worst have rendezvouzed the lander with the orbiter prior to landing on the moon. It would have killed the mission, but definitely not the astronauts.
The brownout also had several safe abort alternatives and the question was only ever about how to continue the mission, not how to save people.
Apollo 13 also had severe pogo on launch. Obviously it's overshadowed by the unrelated oxygen tank issues later, but that mission actually got extremely lucky that the oscillations happened to occur in such a way that the computer noticed the issue and shut down the affected engine. That could easily not have been the case, and if the oscillations had continued for a few more seconds it would have destroyed the vehicle.
Apollo 1: burned all astronauts alive
...
Apollo 10: POGO oscillations on launch (Saturn V still trying to tear itself apart), LEM tumbling
Apollo 11: Computer kept crashing all the way down to the moon (it controlled the engines)
Apollo 12: Brownout in the command module during launch, "Set SCE to Aux"
Apollo 13: Oxygen tank fire. So rough they made a movie.
Apollo 14: Shorted abort button almost killed everyone
Apollo 15: Parachute failure
---------
We have no shortage of people who would be willing to put their life on the line, but we do have a shortage of the political urgency/unity to tolerate actual problems. Just look at people dig into Elon Musk every time he explodes a prototype with his own money and nobody on board, and realize that accelerating a human program creates 10x the political sniping opportunity.