And you can look all the way back to their little hopper version of the Falcon 9 and see that this strategy has been the key to them undercutting the launch market significantly.

My prediction: SpaceX will have a 5th 100% successful launch of Starship before the SLS has a 5th successful launch. They'll just have ten not-100%-success launches before then.

There are other new space companies, but they're just not as good.

They have greatly benefited from being able to use modern tools and seen where other systems failed. Many rocket companies have failed when trying to go fast and break things because it isn’t an easy shortcut. Instead SpaceX has used the normal approach used by other successful organizations and simply executed it well.

Falcon 9 has the record for most consecutive successful orbital launches. Their last failure was AMOS-6 in September of 2016. Since then they've had 189 successful launches in a row.[1] In that same time Soyuz has had 113 launches with 3 failures. Soyuz's longest success streak was 100 launches from 1983 to 1986.[2] The US's Delta II had 100 consecutive successes from 1997 to 2018, though it has since been retired. A total of 155 Delta IIs were launched with 2 failures.

Falcon 9's current successful landing streak of 110 missions exceeds the competition's best launch streak. By any metric one can measure, SpaceX has the most reliable rocket.

1. See https://en.wikipedia.org/wiki/List_of_Falcon_9_and_Falcon_He... and https://en.wikipedia.org/wiki/List_of_Falcon_9_and_Falcon_He... for the list of launches and outcomes.

2. https://arstechnica.com/science/2022/02/spacexs-falcon-9-roc...

Current vehicles are vastly different from the originals. What we’re trying to do is predict the probability of the next launch failing. Equally weighting far historicals and recents is bogus statistics.

I thought we were comparing methods. Unless the next payload is yours then the odds of the next launch failing is meaningless to most of us, but we can learn something from the methods used.

But sure, if you have a bet in Vegas or something then feel free try and calculate things as closely as possible. Just understand that several of Soyuz failures didn’t kill the crew so there’s other metrics people might care about.

What does this mean? The question most of us care about is which method resulted in a more reliable rocket. And SpaceX’s track record shines uniquely in that respect. The frequency, moreover, makes the results robust. Legacy rockets like Ariane will never reach that confidence because the likelihood of fluke successes won’t have been minimised when the rocket is retired.

So sure, we can reasonably assume that Starship will get to a state of reliability similar to current Falcon rocket, eventually. We can’t assume the first few commercial Starship launches are going to even approach that level of reliability. And in fact the best point of comparison may be the early days of Falcon 9.

This was a partially successful test nothing more and nothing less. I get people really really think SpaceX had done an excellent job and I don’t disagree but people who are comparing the end result of a long process Aka the current state of falcon 9 with a new system like Starship are going to be disappointed.

Starship is extremely likely to fail repeatedly before achieving anything close to the same streak as the Falcon 9 has. That’s not an issue with SpaceX that’s an inherent aspect of doing something really difficult.

Really? I make is 189 successful F9 launches since the last issue in 2018 (there's a couple of landing failures, but given that everyone else apart from the space shuttle has a 100% loss...)

If you look at the "finished product" of block 5 that makes 162 launches and zero failures.

That's reliability far beyond any other launch system, including the space shuttle and Ariane 5 which are the only ones to come close in numbers of launches. Ariane 5 is certainly a reliable system as far as spaceflight goes, but it flies 3 times a year, Falcon 9 flies 3 times a month

Landing the shuttle is like landing the Dragon Crew capsule. SpaceX landed the booster, where shuttles ditch theirs into the ocean.

So even shuttles have a pretty high loss rate :)

They got great publicity from it, but landing vertically is a major compromise.

These systems all are quite good, and they have tended to get better over time.

It does though. During the development process. SpaceX will do five launches with lower reliability vehicles before the big launch providers will even do a single launch, and those five will have be cheaper in total. Of course, they aren't putting essential cargo (or god forbid people) on these higher risk test flights. By the time they're doing that they have developed certainty in the design.

Except Tesla, unlike SpaceX, is willing to put passengers in its test vehicles. The SpaceX approach would be to let a bunch of FSD Teslas crash into things and each other before giving them payloads.

Citation needed. Not Tesla's "stats" that if the people compiling them completed anything more than high school statistics are intensely misleading.

Comparing a subset of miles driven on the simplest and easiest roads (because the systems can't be used and are turned off) and comparing to accident stats across ALL roads is disingenuous to the extreme, and Tesla continues to tout it.

Short of pulling over, humans don't have the opportunity to say "let's disengage, because it's a bit challenging", and then not have to worry about "counting" any accidents from there forward.

SpaceX does not have a difference in intended reliability, or a difference in design reliability. (At least for the rocket as a whole. One could argue that 33 engines allows lower engine reliability through redundancy)

What they DO have is a significant difference in prototype reliability for live launch. This is clear when you look at their launch history.

I don't think that is accurate. There is a difference between 9%, 99%, and 99.999% confidence of success going into a launch.

You can almost always delay builds and launces to run more simulations, tests, and studies and increase confidence.

A simple example is SpaceX could have chosen to wait until they had a booster test with 100% engine ignition before moving on a full launch. Instead they choose move forward anyways without more stationary booster testing.

Why? If you're launching people I see why you want near-perfect, but if you're launching something with a low replacement cost (ex: getting fuel to orbit to support other projects) it seems to me that as volumes get large enough eventually "use lower quality and accept a slightly higher probability of failure" starts to be cost effective.

[1]https://en.m.wikipedia.org/wiki/Grumman_Ag_Cat

Your comments in this thread all go against the development approach of that rocket— Falcon9 is a stable platform now as it is used in production. In the development phase there were tons of explosions. This all happened in the past.

Is unarguably cheaper to forgo the additional testing and cost required for human flight.

But this is totally false. There are entirely different standards applied if you want to design an aircraft for commercial airline passenger transport vs for general aviation. There are entirely different requirements for instrumentation reliability if you're building a day-VFR aircraft vs one that is allowed to fly in instrument conditions. And there are entirely different requirements for aircraft that you sell to the public vs ones that you build yourself.

The aviation side is full of examples of exactly the sliding scale you're saying doesn't exist.

Of course there is. The famous example is radiation hardening. SpaceX opted for redundancy instead. Not only cheaper, but more modern, too.

> in such as complex high-energy environment, there is no money to be saved by building less-than-perfect machines

SpaceX has launched zero humans. (EDIT: Totally wrong!) It aims to, so target reliability is high. (I would argue their track record in production is a product of their willingness to push the envelope in tests.) But there is a large market for cheap, if unreliable, launches. Because there is an emerging market of cheap satellite makers.

It is the only US entity with the capability to do so.

Sorry, had a brain fart, no idea how I typed that out.

Indeed, if we assume that the each launch is an IID binomial coin flip (which isn’t really the right way to evaluate right-censored data), and observe (by reading Wikipedia) that SpaceX has had at least 450 successful Falcon 9 launches since the last in-flight failure, then they have at least five nines of reliability:

0.999995^450 ~= 449/450.

Which appears to be an industry-leading stat.

For context (excluding the Columbia re-entry failure), the space shuttle only had 4 nines:

0.99994^125 ~= 124/125

I saw in another comment that each SLS launch costs $2B. Do you think SpaceX spent $2B on this launch? I find it hard to believe.

Yes ultralights have some regulations, but even general aviation has less regulations resulting in cheaper aircraft, to say nothing of ultralights.

I don’t think SpaceX has smarter engineers. I don’t think they even have smarter managers, since many of their executives used to work for NASA and/or traditional aerospace firms (e.g. President+COO Gwynne Shotwell started out in aerospace at a private non-profit research centre doing contract engineering work for the NASA Space Shuttle and the US military space program)

One big difference is Elon Musk at the founding of SpaceX told his executives to take big risks (as in “if this fails we go bankrupt”). I think Tory Bruno at ULA is a great CEO, but no way is Boeing or Lockheed-Martin ever saying to him “we want you to take such big risks that we might go bankrupt if they fail”. He, and all the people under him, are only allowed to take small-to-medium sized risks. But that puts a definite limit on what they can achieve compared to SpaceX whose executives and engineers have the freedom to make much riskier decisions

I'm not the best way to frame this is "first one to a single successful launch". Reliability matters when you're dealing with high-risk scenarios, so a better measure is "probability of a given launch being successful".

I'm not asking as a 'gotcha' question, I'm acknowledging that the sample size matters. A lot of these statistics are bandied about without really elaborating on the full context of the way reliability is actually measured in industry.

Without checking for the most up-to-date numbers, I believe the F9 is slightly better than Soyuz on raw numbers (successful flights / total attempted). But Soyuz probably has around 6-7x more flights, meaning we have much more confidence that the Soyuz numbers accurately reflect reality.

Having said that I do think propulsive landing for crewed vehicles is pretty scary. F9 firsts stage landings have been pretty reliable for a while, and they now have several boosters with 10 or more flights, so we’ll see. It’s not like capsule landings are 100% safe either.

There has been over 140 crewed launches. For context, you seem to be counting both test/demo, crewed, and uncrewed F9 launches. Again, I don't know the exact number off the top of my head, but there's probably ~10 crewed F9 launches, so it's an order magnitude difference using the same metric. It's gets better though, when comparing total launches.

Not that many options for landing something that size on Mars. That’s what’s really driving many of the design choices.

A new vehicle will always be unproven. But one that's flown 5 times in testing (4 of them unsuccessfully) before its first flight will have had more flight time on most of its systems than something like the SLS where you take 10 years to think about what could go wrong and then do one test launch and call it good.

Lots of falcons failed, but you don't see anybody worried about their payload or crew on Falcon 9 these days.

It's the X-origin vs Slope issue - steeper slope always wins.

The problem is maintaining that aggressive problem-seeking culture after long periods of success

As an example, they had issues with failures related to their COPVs rupturing. On the one hand, they addressed the problem by redesigning their system. On the other, they never really investigated fully why the COPVs were failing in the first place. Instead, NASA decided to fund that investigation on their own. One possible consequence is that their redesign didn't fully address the risk because they never fully investigated the root cause.

From an outcome perspective, it's hard to ever see the lower launch rate dominating from any perspective.

You don't have economies of manufacturing scale, because your assembly rate is so low it doesn't make sense not to treat each as exquisite.

You don't have rapid iteration on manufacturing improvements, because the tyranny of safety checks on manufacturing time balloons {time from fix to flight}, after a proposed fix is identified.

And most importantly, you leave yourselves extremely vulnerable to unknown-unknowns, that you can't imagine in the design phase.

For example, if NASA had been launching the shuttle more rapidly, with the bulk of those being uncrewed launches, they probably would have picked an uncrewed launch to test expanding the temperature bounds at Cape Canaveral, and Challenger would have exploded without a crew.

As was, NASA's shuttle launches were so rare that there wasn't acceptable launch rate and weren't low-impact launch opportunities to do so. So they tested it on a crewed mission with disastrous results.

Point being: they backed themselves into a low-volume/high-risk corner of their own strategic design

SpaceX's most brilliant achievement was using Starlink to artificially boost launch demand and give them a minimally-profitable/break-even place to sink higher-risk launches.

Because they knew they had to "get it right" the first time because a bunch of buffoons(congress) would consider any crash or explosion as a failure and pull funds immediately.

That’s not the way the CCP contracting works.

You're focused on the wrong takeaway. You're making this about a person, I'm talking about a process. I used Tesla because it's easy to see how one culture translates to the other. Insert any company that uses rapid iteration in place of Tesla if you prefer.

The point is that there are certain circumstances where rapid iteration is useful and others less so. When reliability matters, rapid iteration may be working against you. (It's a continuum, of course, so the real question is where is that tipping point)

>SpaceX's strategy for the Falcon 9 worked

The point I'm driving at is there is a distinction to be made when finding out why certain iterations didn't work vs. just changing the design without fully understanding the failure mechanisms of the first. One leads to a greater understanding than the other. It's a difference in an engineers mindset and a scientists mindset.

You are driving at a point by pretending there's some important difference because "in this industry".

It's the same industry. Building the same type of product. By the same company.

Now go look at the history of Shuttle for the equivalent number of launches at that risk level. Would you claim they are equivalent in terms of human-rated safety?

If not, it’s only because you have the benefit of knowing the long-tail probabilities with the Shuttle.

>It's the same industry. Building the same type of product.

By extension of your logic, Starship should then already have the same launch reliability as F9. So either this is an example of a low-probability event, or your logic is flawed.

True, few of those F9 missions were crewed, but that's the point. There's no difference between a crewed and a noncrewed F9 launch vehicle, so there's no reason to think the presence of humans would change the risk. So, you get to accumulate most of that reliability data without putting people at risk doing so.

Because the nature of the two programs was fundamentally different. The Shuttle was a product contract, while CCP is a service contract. On the former, the govt has much more control, and will detail more rigorous acceptance criteria. This generally gives a much higher pedigree on quality control. On the latter, they take a much more hands off approach and have limited insight.

As an analogy, imagine you are making a big bet on acquiring a software company. One company gives you their source code, shows you all their most recent static analysis, unit test results, allows you to interview their programmers etc. The other company allows you none of that, but gives you a chance to play around on their website to see for yourself. Both systems seem to work when you try the end product, but which do you have higher confidence in?

At the end of the day, "reliability" is just a measure of how much confidence we have that a product will do what we ask of it, when we ask.

I'm not saying you can get by without thinking, but it's difficult for humans to estimate the reliability of a complicated system. Reality, though, has no problem doing it.

Plus, I think your analogy is flawed. NASA surely has a more hands-off approach on the CCP than on the Shuttle, but to say it's hands-off is misleading. They do have a lot of access.

Take the example of the F9 strut failure. They could have tested the material outside of the final test configuration and saved themselves a lot of trouble. They chose to forego that testing, and instead 'tested ' it as part of part of their launch configuration. (I put it in quotes because it's not clear to me that this was a conscious testing decision).

There’s also a difference between “we’re not completely sure of the fundamental principles, but our testing indicates it works” and “our testing indicates it works and we have a solid understanding why”. The latter allows you to know the limits of your application much more readily. The risk in the former is that you don’t know what you don’t know, so you can never be wholly sure if you’re good or lucky. And luck can be fickle. And this is also where rapid iteration can lead to issues: the more you change, the less sure you can be about whether your results are attributable to luck.

>Plus, I think your analogy is flawed. NASA surely has a more hands-off approach on the CCP than on the Shuttle, but to say it's hands-off is misleading. They do have a lot of access.

They have many engineers who want more access and are effectively told to back off because it's not their place in this type of contract. So I'm not saying they have no access, I'm saying they have very limited access by comparison. It would have been better if I made the analogy that they get the results to a small select number of tests, but not all.

N1 might have simply been before its time.

Our ex ante ability to estimate these probabilities is lacking. Especially when they’re coupled. And redundancy, instead of tighter tolerances, is often cheaper than the classic approach. These are proven lessons from SpaceX.

[0] https://upload.wikimedia.org/wikipedia/commons/b/b2/Survivor... :)

The Soviets proved that methodology works and SpaceX continues it to this day. I have a feeling most that follow SpaceX think they are trying a new revolutionary approach here.

https://en.wikipedia.org/wiki/N1_(rocket)

They were working with 1960s material science.

They were working with 1960s understanding of rocketry.

Korolev died.

We've come a long way in the last 50+ years, and sometimes you can use materials with substantially higher limits to paper over design risks.

>Adverse characteristics of the large cluster of thirty engines and its complex fuel and oxidizer feeder systems were not revealed earlier in development because static test firings had not been conducted.[9]

They planned and expensed the N1 as if it was another LEO Soyuz variant.

If the failure points are arranged in parallel - X OR Y OR Z must happen to have a successful outcome, with multiple redundant paths to success, your total failure rate is the chance that ALL of X, Y, and Z fail. This is a much lower number than when they are in series.

To use concrete math - say that Starship has 33 raptor engines with a failure rate of 0.01%, 3 grid fins with a failure rate of 0.05%, and a fuel tank with a failure rate of 0.001%. If it's engineered so that all 33 raptor engines, all 3 grid fins, and the fuel tank all need to work for a successful launch, the success rate of the whole system = 0.9999^33 * 0.9995^3 * 0.99999 = 0.9952 = ~0.5% chance of failure. If it's engineered so that it can get to orbit on 28 out of the 33 raptor engines, 2 out of the 3 grid fins, and there is a double-hull to the fuel tank with a failure rate of 0.005%, then the chance of failure for each subsystem is 0.0001^5 = 10^-20, 0.0005^2 = 2.5 * 10^-7, and 0.00001 * 0.00005 = 5 * 10^-10, and when you multiply out those subsystem failure rates you get 1 - (1 - 10^-20) * (1 - 2.510^-7) * (1 - 510^-10) = 0.9999997495 = ~0.000025% chance of failure.

Moreover, lets look what happens if you take the multiply-redundant design above and then increase the chance of failure of each component 100x. Raptor engines are now 99% reliable, grid fins are now 95% reliable, and fuel tanks are now 99.9% reliable. The overall failure rate for each subsystem becomes 0.01^5 = 10^-10, 0.05^2 = 2.5 * 10^-3 and 0.001 * 0.005 = 0.000005. When you multiply out those subsystem failure rates you get 1 - (1 - 10^-10) * (1 - 2.510^-3) * (1 - 510^-6) = 0.00250498759 = ~0.2% chance of failure. The multiply-redundant system, even with component failure rates 100x higher, still has better reliability than the perfectly-engineered system where every component must perform exactly to spec.

This principle is used all the time in practical engineering. It's why Google builds server farms out of thousands of commodity PCs, hooked up in primary/replica clusters with replication and transparent failover. It's why ships have watertight compartments and double-hulls. It's why passenger jets have multiple engines, multiple hydraulic control systems, and multiple flight computers. Any engineer worth their salt is going to avoid SPOFs and assume that components will fail, then build redundancies into the design so that a partial failure does not endanger overall mission success.

It seems like a strawman to suggest that you would let failure probability increase by a factor of ten as the first step.

>but with thousands of failure points adding up you are now essentially doomed.

And it was an easy one to tear down.

>And you haven't saved anything. The cost of 0.001 components isn't fundamentally different than the 0.0001 components were.

There is no reason to believe that at all. Invert the question: if a system is 99.999% reliable, does that mean it should be free to make it more reliable? And why?

>It is either go or no go. Take CPU production. Intel spends billions at each of hundreds of fabrication step to push down miniscule error rates because any of a million errors can destroy a chip. There is no money to be saved by allowing any one process to become less than as perfect as it can possibly be.

This is completely wrong. Chip factories do produce chips with defects; those chips are sold for cheaper, since they still work, but not as fast. IIRC most of TSMC's modern processes are designed to sell the good chips at a high price and the bad ones cheaper.

Your authoritative tone doesn't make any sense when Falcon 9 exists and has been actively dominating the entire industry for half a decade.

Oh yes: https://en.wikipedia.org/wiki/Unapproved_aircraft_part

For example:

The crash of Partnair Flight 394 in 1989 resulted from the installation of counterfeit aircraft parts. Counterfeit bolts, attaching the vertical stabilizer of a Convair CV-580 to the fuselage, wore down excessively, allowing the tail to vibrate to the extent that it eventually broke off.

This happens to aircraft, and the only way to ensure it doesn't happen to rockets is to have extreme control of your supply chain.

After they get to orbit they can start putting payloads on board, and the tests will pay for themselves. I’d say the risk of bankruptcy is very low.

Edit: Just saw photos of the crater under stage zero. Looks like they do need a flame diverter lol.

It's totally feasible for them to keep testing and keep refilling that hole while in parallel they build a perfect launch pad with a flame diverter somewhere else. That way they don't have a gap in testing cadence.

Triple redundancy is not a thing in general aviation while, for some systems, it is in commercial. That's a risk vs cost calculation.

Semiconductor manufacturers do risk vs cost calculations through the entire development and manufacturing process. Source: I've worked in semiconductor, doing those calculations.

So SLS does a LOT of analysis and manages to find and rectify failure points prior to flight. They pay a lot in analysis and inflexible design to do this.

SpaceX does some analysis, but then flies to confirm the analysis early. That way they identify actual failure points and can use sensors to see how close they got to failure.

For instance today I'm sure they learnt a lot from each failed engine, parts on the booster that stopped working, detailed telemetry on ship behavior on flight and sensors for the non-separation of booster from ship.

SpaceX builds to the same high tolerances as other rocket manufacturers, but they don't try to avoid testing through overly rigorous analysis. They also don't gold-plate their manufacturing, instead making tradeoffs to allow cheaper volume production with recovery instead.

Sometimes in aerospace you need to collect data, and sometimes that means explosions.

[0] https://www.space.com/spacex-starship-first-space-launch#:~:....

exactly. optimizing for an acceptable risk for space launches, esp space travel, seems still to be leading to $2B launches. at which point, what's the difference?