Index Home About Blog
From: (Allen Thomson)
Subject: Adequate testing: a view from 1960
Date: Tue, 16 Feb 1999 21:26:51 GMT

Checking out a used book store in Las Cruces, New Mexico, I found an
interesting little book of NASA history that contained the following:

   The marginal [Atlas-based manned] capability cannot be changed
   substantially until the Saturn booster becomes available.  The NASA
   program for utilizing Saturn involves the development of the so called
   Apollo spacecraft.  The Saturn rocket which is being developed now (C-1)
   should be capable of launching a spacecraft of about 19,000 lbs into a
   low earth orbit.  The proposed Apollo spacecraft  weight of 15,000 lbs is
   well within this limit and would enable orbital qualification flights of
   the Apollo spacecraft (some manned) about 1966-1968. Such a manned flight
   would occur after about 25 Saturn C-1s have been tested and much depends
   on whether a demonstrated reliability can be attained in this rather
   small number of tests.

   President's Science Advisory Committee, "Report of the Ad Hoc Panel on
   Man-In-Space," 16 December 1960
   Dwight D. Eisenhower Presidential Papers, Dwight D. Eisenhower Library,
   Abilene KS.
   Quoted in "NASA: A History of the U.S. Civil Space Program" by Roger D.
   Launius, ISBN 089464727X

My, how things changed.

From: (Henry Spencer)
Subject: Re: rocket reliabilty
Date: Thu, 18 Nov 1999 20:45:13 GMT

In article <%KHY3.3006$>,
Jeff Greason <> wrote:
>1) The machine cannot be realistically tested prior to use...
>2) The machine is generally constructed so that any failure in any
>substantial system is catastrophic...
>3) Production rates are low...
>A gracefully-failing reusable can attack (1) and (2), and mass-produced
>expendable boosters could change (3).  Both require a high launch rate to
>make sense, however -- so you aren't going to see much lower failure
>rates until the larger launch markets are identified to support them.

I'd go along with this, with one small reservation:  there is some ability
to adjust flight rate, within a market of a given size, by segmenting or
combining payloads.  The shuttle payload stream of recent years could have
supported a flight rate of maybe 20/year by a smaller vehicle, even more
if you are willing to allow in-orbit assembly (which permits, for example,
launching a beyond-LEO satellite and its upper stage separately).

>It would also be possible
>to envision an expendable with graceful failure modes (2) ...

Indeed, it's been done to some limited extent in the past (although
usually not as an explicit design objective).  Both Saturn I and Saturn V
completed missions successfully after surprise engine failures.

>...but that would
>take development money and add something to launch cost, and it's not
>obvious that the market demands that.

I think one has to be cautious here.  There's a difference between what
the market thinks it wants and what it really needs, a difference which
can be very significant to long-term sales.  Launch failures are costing
the customers A LOT OF MONEY, far more than just the direct costs, and a
supplier who got a reputation for being head and shoulders above the rest
on reliability could profit heavily from that.  (Of course, this does
require patient investors, who are not easy to find...)

I recall a discussion, some years ago, between folks involved with two
different operating systems (neither of which is around today, due to
larger issues like corporate mergers and bankruptcies).  It went about
like this:

X: "We've asked the customers where they'd put development money if they
were allocating it, and none of them would put much on greater system
reliability, so we decided that this was not a priority."

Y: "We got the same answers, but decided that they didn't tell the whole
story, and we mounted a big push on improving reliability in general and
chasing down the last lingering kernel bugs in particular.  This has paid
off HANDSOMELY, both in glowing reputation and in simpler troubleshooting
(because large parts of the system are now very unlikely to be the source
of a new problem).  Reliability is more important than it looks."
The space program reminds me        |  Henry Spencer
of a government agency.  -Jim Baen  |      (aka

From: (Henry Spencer)
Subject: Re: rocket reliabilty
Date: Thu, 18 Nov 1999 19:26:39 GMT

In article <8E7F7E12Adisco2000@>,
Oxnard <> wrote:
>...the failure rate still seems to be high.
>Why is this? Are there any ways to design and engineer launch
>systems to be more reliable? If so, why hasn't this been done?

Yes, there are known ways of doing this... but they are very different
from the artillery-derived "standard practice" of today's launch industry.

As Jeff Greason has already pointed out, the key facts about today's
launchers are that they are built in very small numbers, and each must
work perfectly the very first time it is used.  It is *absolutely*
*predictable* that this will lead to substantial failure rates.  In no
other branch of engineering would such stupidity be tolerated, let alone
become ironclad standard practice.

There are two ways to make things reliable.

The first, suitable for mass-produced expendable devices, is to build them
in large numbers using carefully monitored, highly automated processes,
which are debugged by extensive testing of large pre-production runs.

The second, suitable for devices built in smaller numbers, is to make them
both reusable and fault-tolerant, and test *each one* thoroughly in actual
service conditions (typically this involves fixing various minor problems
along the way) before it is trusted.

Only the Soviets came close to making method 1 work for launchers, with
long runs of identical hardware, high launch rates, and extensive
investment in automation for both production and operation.  Western
launchers tend to be hand-crafted slowly and painfully, with details
changing frequently and only small batches of each distinct type built.
(Anyone who quotes reliability numbers for "Delta" or "Ariane" without
qualification is lying to either himself or you.)

Method 2 is routine, and very successful, for aircraft.  It has never been
tried for launchers, despite some intentions along those lines early in
the shuttle program.  (The actual shuttle not only has expendable pieces,
but also is rebuilt extensively after every flight; in an aircraft, such
drastic overhauls would typically require test flights each time.)

The Western approach to launchers is to pretend that they can be built
perfectly (a known absurdity), fly (maybe) a couple of test flights in
hopes of finding design problems, and declare them operational (on a wing
and a prayer).  For example, the first four flights of the first shuttle
orbiter were considered test flights, although in fact all but the first
carried some "real" payloads, and the subsequent orbiters went straight
into operational service.  At about the same time, the F-18 program --
producing a considerably simpler military aircraft -- dedicated the first
eleven F-18s entirely to testing, and also did considerable testing with
the first few "pre-production" aircraft.
The space program reminds me        |  Henry Spencer
of a government agency.  -Jim Baen  |      (aka

Index Home About Blog