- Hi, it's me Tim Dodd,
The Everyday Astronaut. Behind me is SpaceX's Starship prototype, and it's missing something. Well actually it's missing
a lot of stuff right now. But one thing that's missing that there's no plans to put on it is a launch escape system, or a launch abort tower of any kind. No mechanical aborts are gonna
be on this rocket at all. Is that a good idea? Hindsight is always 2020, and one of the biggest
criticisms of the Space Shuttle, which also claim to be reusable, and airliner like reliable, was it didn't have any kind
of launch abort system. And that's the same type of thing SpaceX is claiming the Starship. So why are we doomed to
see history repeat itself? And as we know, spaceX's Dragon Capsule
and Boeing Starliner both have had problems with
their launch escape systems. So today we are going to debate is all that extra stuff necessary? Does it actually make for a safer vehicle? And hopefully by the end of this video we'll know whether or not it's a good idea to put people on top of this rocket without any kind of
mechanical abort system. Let's get started. - [Controller] Three, two, one, liftoff. (upbeat music) - [Neil Armstrong] That's
one small step for man. - [Controller] Subjects to the test zone. - This is another one of those topics I've been asked about over
and over and for good reasons! Especially now that we're seeing the commercial crew program put launch abort systems
through their paces. And this has come up even
more relevant ever since we've witnessed the failure of the MK-1 Starship prototype
down in Boca Chica while it pressure testing
on the launch pad. What if there were people onboard? Why isn't SpaceX thinking about putting a launch abort system on it? As you may know, I've already talked a good amount about abort systems in a video explaining why both SpaceX's Crew Dragon capsule and Boeing's Starliner have opted for liquid fueled pusher abort systems, as opposed to a more
traditional puller system with solid rocket motors. So if you need an
overview on those systems, definitely check that video out! It should help give you some extra perspective
on modern abort systems. Now in case you didn't notice when you clicked on this video, this is a again another pretty long one. As you may know, I don't like
to skim the surface of topics, I like to actually dive in deep and get into the data and history in order to find the answers. So we're going to get into
a lot of little details, charts and data and more
charts and more data. We'll go over certifications of rockets, the reliability of rocket engines, the risks and benefits
of Starship's designs, and even look at the whole history of human spaceflight and figure out how many times an abort system has actually saved the
lives of those on board. By the end of this video
it won't just be my opinion on whether Starship
without an abort system is a good idea or not, it'll mostly be an
analytical based summary. So to make it easy for
your viewing pleasure, here are the timestamps of each topic we're going to talk about in case you want to go
back and review something. There's also links in
the description below to those timestamps and an
article version of this video as well for you to easily go back over some numbers and sources. (upbeat music) Okay, so abort systems. The idea is pretty simple. Rockets are fickle beasts. They're riding the finest
engineering line possible. They need to handle
extremely intense loads, temperatures and environments while also being as
lightweight as possible. Since there's literally
millions of moving parts, it's honestly a miracle they work at all. So when you're putting
someone on top of a vehicle it's basically a giant bomb with a nozzle that has to have
millions of parts work properly in order to not fail, it's generally considered
a good idea to have a back up if things don't go as planned. Throughout most history
of human spaceflight, there's been one method that has dominated launch abort systems, a solid rocket motor launch escape tower. This is the tower that sits on top of the crew module that you may have noticed on vehicles like Mercury, Soyuz, Apollo and even NASA's Orion capsule. A few vehicles like Vostok, Gemini and early Space Shuttle's had ejection seats as an escape system, and I've got a video about that if you want to hear more about it, but regardless of whether
it's an ejection seat, a launch tower, or a more
modern liquid pusher system, the concept is the same. If the escape system detects
either a loss of thrust, a severe deviation in flight path, or even detects a rupture in the tanks, it'll triggers the abort system. Early rockets, and
probably some modern ones, I couldn't actually
find the answer to that, have a trio of sensor wires running the length of the fuselage. If any two of those wires lose contact, this indicates the fuselage had broken up, which then would trigger the abort system. The launch abort system can
also be manually triggered by an astronaut who may notice a critical flaw that the
system doesn't detect. Once an abort system is triggered, the stage separation
system needs to let go of the spacecraft as the
abort motors are fired, so it can pull it clean from the rocket. When the motors actually fire it accelerates the crew
capsule away extremely quickly. Abort motors can pull some
serious Gs, like over 10 Gs. So launch abort systems were pretty much considered the best
way to keep a crew safe. But what if you just made
your entire system more safe? What if you made more redundant systems and over-engineered every single part to even greater safety margins? (upbeat music) Designing a rocket to be
as reliable as an airliner that's exactly what NASA was hoping to do when engineering the Space Shuttle. - [Narrator] The vehicle
was called a space shuttle, an airliner like spacecraft capable of over 100 trips from Earth into Earth orbit. - The thought being if
every single part of the Space Shuttle was over engineered, the chance of loss of vehicle
and crew would be very low. So low it might actually be safer than adding additional moving parts and systems necessary to make
an effective abort system. During the Apollo era when NASA had what now seems like unlimited funding, they contracted General
Electric to do a full numerical probabilistic, how do you say that word? Probabilistic risk assessment of landing a human on the Moon and
returning them safely to Earth. The number GE came up with was five, 5%. A 5% chance of successfully landing a human on the Moon
and bringing them home. NASA administrator James Webb
didn't like those numbers, and instead of making changes
to the rocket and the mission, decided to change the way
they engineered around risk. Which let me point out, isn't
necessarily a bad thing. They developed something
called Failure Modes and Effects Analysis which was a way to identify designs and hardware that would worse case
scenario lead to catastrophe. These were ranked as Criticality one, which would threaten
the life of the crew or the existence of the vehicle. Criticality two which would threaten the mission or Criticality
three for anything else. They also added an R as
notation for redundant systems in these parts and design analysis. With NASA's budget beginning to dwindle once humans landed on the Moon, and congressional support for the upcoming Shuttle Program waning, NASA had to sell the Space Shuttle as a cheap and reliable workhorse. And its exact risk even had to be calculated in order to launch plutonium-fueled spacecraft like the Jupiter Probe, Galileo. Testing the reliability of a complex system involves
studying the system as a whole, identifying potential fault points, and then gathering the limits on these potential fault points over different environmental conditionals. You also test them in statistical models and
computer simulations these days, and iterating them to make sure that the computer simulations meet the real world performance
in order to help determine if the probability of success is
above the threshold required. Each and every single part will have a design specification and
a certain safety factor for how much more it can handle beyond its design specification. The general rule of thumb for most parts on a rocket is a
factor of safety of 1.5. All this really means is if a part needs to handle
10 newtons of force, when testing it it should be able to handle 15 newtons of
force without failing. But when there isn't good test or heritage data of a part, a factor of safety of 2.0 is considered a good rule of thumb. In other words engineered to handle twice that what's necessary. But by the start of the
Space Shuttle program, estimates of catastrophic failures ranged from less than 1% to less than 0.001%. So a couple orders of magnitude in its estimated range
of predicted safety. Despite the optimistic nature of NASA, the first four flights
of the Space Shuttle had ejection seats active, but were later ditched due to
their very limited use cases and the fact that they
could only eject crew from the upper deck since the rest of the crew was on the mid deck below them. After the Challenger disaster, NASA actually did consider utilizing an ejection cabin that could eject the entire crew module
free from the Shuttle like the F-11s and early B-1 prototypes, but it was deemed too complex, too heavy, and required way too many modifications to really make it feasible. So in hindsight, we know
the shuttle wound up with two failures out of 135 flights, one during launch and one during reentry, giving it a success rate of only 98.5%, which is way off from even the most conservative estimates of safety. Likely due to the Space
Shuttle's track record, NASA changed their
certification system for the Commercial Crew Program, which is required to have a probability of loss of crew at 1:500 on ascent, 1:500 on descent, with a 1:270 chance of
an issue while in orbit. To actually certify and validate systems, sometimes it comes down to
just putting it all through the ringer to test the system as a whole alongside testing
each individual part. Testing the system as a whole
is called all-up testing, that's what NASA coined
it during the Apollo Era, In the long run all-up testing might actually be a quicker route to verify the system versus
acquiring certification through more ground tests, analysis and using heritage data that might require a higher factor of safety per part if it's not
going to be tested as a whole. You can see this difference
in methods play out today in how SpaceX chose to validate
and certify their abort system by opting to test
it in flight while Boeing has opted to certify their
abort system through a more stringent certification
of individual parts. Since the Space Shuttle and Starship both lack abort systems, what design considerations did the Space Shuttle have
that were so dangerous? And does Starship share
any of the same flaws? (upbeat music) There's a few things that made the Space Shuttle
inherently kinda dangerous, but let's start off with those solid rocket boosters. Those giant white solid rocket
boosters on the side of the external fuel tank actually provided over 60% of thrust at liftoff. Here's the thing, once they ignited, there was no shutting them down, you're going somewhere and you're going somewhere in a hurry. Hopefully the pointy end is up
and the flame-y end is down. This meant any abort
mode or abort procedure, no matter how bad or dire, required the crew ride out the boosters, seriously. So for an entire 127 seconds, if there was a problem, you just had to cross your fingers and toes that it wasn't too
serious and you could keep going This is mostly because
if you were to abort by either detaching the
orbiter from the external fuel tank or by trying to jump out, you'd end up within the
plume of those SRBs, which would be very, very lethal. Unfortunately, some problems
you can't just ride out, like on January 28th, 1986 when the Space Shuttle Challenger took to the sky on its 10th mission. A leaky O-ring that sealed
one of the sections of the Solid Rocket Boosters
sprung a leak which ended up causing separation of the joint that held the SRB to
the external fuel tank, which then led to complete
structural failure of the vehicle and tragic
loss of the crew of seven. But perhaps the biggest problem with the Challenger disaster
wasn't a hardware problem, but a problem with program management and pressure to get that
particular flight off the ground. It was known that they would
be launching outside of the predetermined operating
envelope of the SRBs and it was recommended to not launch that day. Although utilizing liquid
fueled rocket boosters they probably wouldn't eliminate
all potential failures, and it could arguably be less reliable than a solid rocket booster, but liquid rocket boosters can at least be shut down which in general can open up more abort options. Take a look at this chart. Notice the black sections. Yeah, those are sections of ascent where there would be
a full loss of control and/or structural failure
if the vehicle were to lose two or three main engines. So basically lose two of the three main engines and you're screwed. And you're not even talking about having any problem with
the SRBs or anything else. But after Challenger disaster NASA did come up with a
lot more contingencies including alternate runways and the iconic orange
Advanced Crew Escape Suits to you know, escape if things went wrong. Literally escape, Here's the new abort profiles see these gray sections during ascent? Now the plan was for the crew to literally jump out
during those sections. As in, carefully ditch
the external fuel tank, get the orbiter into a stable glide, literally unbuckle, blow the hatch, extend a freaking pole that made it so you wouldn't hit the
wing when you jump out, and then jump out, seriously. Speaking of hitting the wing, that's another major flaw
of the Space Shuttle. The orbiter was hanging off
the side of the vehicle, which put the crew module and
fragile thermal protection system directly in the path
of ice and foam strikes. The orange external fuel tank
housed cryogenic hydrogen and oxygen which had a
good amount of insulation in order to keep them at
operating temperatures. You can actually see sheets of ice fall off basically any liquid fueled rocket at lift off, it's a known variable, and even large chunks of foam
were observed falling off the Space Shuttle's external fuel tank but NASA grew more and more
accepting of this fact. When you combine a large chunk of foam and the fragile nature
of the thermal protection system on the Space Shuttle, you wind up with a real
potential for disaster. And this is exactly what
caused the Columbia failure. A large chunk of foam struck the leading edge of
Columbia's wing on ascent, punching a large hole in the reinforced carbon-carbon section of thermal protection on the left wing. The shuttle and the seven
crew onboard continued to carry out their mission for 15 days with a hole that would
doom them on reentry. On February 1st, 2003, as Columbia reentered
the Earth's atmosphere, the large hole in the
wing caused hot plasma to essentially destroy the
wing and therefore the orbiter, tragically ending the seven
crew's lives who were onboard. Besides the orbiter being
slung off the side of the rocket and in harm's
way of falling debris, the danger was amplified by how fragile the Space Shuttle's thermal
protection system was. The Space Shuttle's
24,000 plus silica tiles were literally glued onto
the aluminum airframe of the orbiter which covered the entire bottom portion of the vehicle. Their fragile nature caused
not only many headaches, but also led to some close calls. Perhaps the most well noted
was STS-27 which experienced a debris strike 85
seconds into the flight. This knocked a tile clean off and damaged OVER 700 other tiles! Whoa! In the absolute luckiest of circumstances, the tile that went missing
was right on top of a steel mounting plate for the L-band antenna, which steel has a higher
melting point than the aluminum airframe and by sheer luck the orbiter survived
reentry and didn't end up a disaster like Columbia
would some 15 years later. (upbeat music) So now that we know some
of the major design flaws that plagued the Space Shuttle, let's go over Starship and
see how its design differs. Well right off the bat, Starship is on top of
the Super Heavy booster, and not slung off the side. As we've noted, this is clearly a safer place
for the crew cabin to be, putting it ahead of any
potential debris strikes. But we should note something that will definitely need to be studied. Remember, Starship also
has those large flaps that are vital to its reentry. This does mean there'd
be potential for ice from the liquid oxygen and liquid methane tanks on the Starship upper
stage to strike the leading edge of the flaps. Here's where a stainless steel body and the fact that the
thermal protection plates will be bolted on has a huge advantage over the fragile silica tiles and reinforced carbon-carbon
covering an aluminum airframe. So let's not forget, the leading edge and underside of the flaps of Starship will
still utilize a heat shield, but unlike the silica
tiles of the Space Shuttle, they're supposedly much more durable and actually bolted to the
airframe instead of glued. We've already seen SpaceX
test heat shield mounting and material options on Starhopper, putting them through extreme environments, vibrations and temperatures. They've also experienced
reentry when SpaceX put a few small pieces of
Starship heat shield on a Dragon Capsule to
observe through reentry. Steel body panels and some variant of a TUFROC heat shield bolted
to the airframe should be more resilient than the Space Shuttle, considering steel can dent
and ding and won't completely shatter like reinforced carbon-carbon or simply fall off like the silica tiles. But also, just like STS-27's
lucky brush with death, steel has a much higher
melting point than aluminum. This allows for much greater
tolerances to heat than the aluminum airframe of the
shuttle as we've talked about. As a matter of fact, it's likely Starship could
almost survive completely intact with little to no
additional heat shielding as other stainless steel components have survived reentry pretty
much completely intact. Now I've already done a video about, because it even talked
about having it bleed fuel, to do a form of transpirational cooling, but that since either fallen off the table or might be utilized in some hotspots. This is one of the biggest
reasons SpaceX switched to The full over carbon fiber because by the time you factor in how big of a heat shield is necessary, stainless steel starts to come ahead as it can handle much higher temperatures in general before it begins to fail. Okay, so hopefully a stainless steel body and a more resilient bolted
on thermal protection system along with putting Starship on the top of the rocket stack should all help mitigate the risk of a reentry
disaster, like Columbia. So now what about putting
this all on top of a rocket booster that
will have at least 37 of the world's most advanced
and complicated engines, that is of course the full flow staged combustion cycle Raptor engine. How could this possibly be safer and have less failures than a simple pair of solid rocket boosters that have virtually no moving parts? Now here's where SpaceX has some good knowledge and experience. Their Falcon 9 does
something fairly unusual in the rocket world, which is having nine smaller engines on the booster instead of
one or two larger ones. This actually allows multiple
engine out capability. Now depending on which engines fail and at what point in
the flight they do fail, nine engines gives the Falcon 9 a lot of extra safety margin
compared to other rockets. Each engine is isolated within a blast containment cell as part of the Octoweb configuration. This is why they can have an engine fail and have it not affect other engines. Mix this in with modern sensors and quick acting computers, and the rocket should be able to shut an engine down before that engine has a catastrophic failure. SpaceX has developed
their Merlin engine to the point of extreme reliability. In fact, only one Merlin
has ever shut down in flight out of over 800 merlins
being flown to date. Not to mention that was very
early on in the program, the fourth flight of a Falcon 9 for mission CRS-1 to be exact. And since then the engine
has been 100% reliable. So in total, the Merlin engine to date has
proven to be 99.88% reliable, mix that with redundancy
on the first stage, and you wind up with an
incredibly reliable booster. Not to mention the fact
that some of the Merlins on the first stage of the
Falcon 9 have to fire up and extra two or three times
per flight in order to land. But just for funsies, let's actually take a look at some other rocket
engines throughout history and see how reliable they have been. But just a little caveat, it gets really difficult
to just say reliability, because there's so many other factors, especially when you factor
in relighting of engines, or running out of TEA-TEB
ignition fluid or something. But still, looking at these
numbers should give us a decent perspective on how reliable liquid fueled
rocket engines can actually be. So again, SpaceX's Merlin
engine is currently at 99.88% reliability in flight, which makes it slightly more reliable than the RS-25 Space Shuttle main engine which also only shut down once in flight, but with only three
engines on 135 missions, it wound up with 99.75%
reliability in flight. Then there's the RD-180, which technically shut
down four seconds early on one of its 86 flights to date, making it 98.83% reliable, although it's also kind of 100% reliable since that particular mission, OA-6 was able to continue on
as and still be a success, but just barely. So we can say between
98.83% and 100% depending on how you define engine reliability. I mean, shutting down before
intended is considered a failure of the engine, had that happened at
any point before that, the mission would have failed. But I would consider
it a successful mission for the Atlas V since
the Centaur upper stage could compensate for the failure. But how about another Russian engine? The RD-107 and its brother the RD-108 that power the Soyuz rocket. Now this rocket has flown so many times and for so long in so
many different forms, it's definitely not fair to compare the early days of the Soyuz rocket, besides that the data
is really hard to find. So let's look at the 267 flights in the 21st century which
use an RD-107 and RD-108, of the 1,335 engines
fired in this century, only one has failed, giving the RD-107 and RD-108 a
99.92% in flight reliability. But one of the most
reliable engines ever flown was actually the monster F-1 engine that powered the Saturn V. The 13 times the Saturn V flew, all 65 F-1 engines that powered those flights were 100% successful. Now before you hop in the comments section and say but didn't Apollo
13 have a center F-1 fail? No, that was a J-2 on the second stage. There seems to be a Mandela effect on F-1 reliability where everyone, including myself, tends to think an F-1 failed on ascent. So let's assume since
there'll be a ton of data on the Raptor engines since the
Starship has so many of them, and they fly Starship a
few times over and over, that SpaceX will eventually
match the reliability of the Merlin engine with
multi-engine out capability, the booster should be a
very reliable first stage. Assuming SpaceX does their
due diligence to prevent an engine failure from affecting other engines nearby like they
have with the Falcon 9, and how the N-1 didn't do
a very good job of that. Having dozens of engines can make for an incredibly robust and reliable vehicle. Okay sure, having dozens
of engines on ascent could help make the
booster safe and reliable. But what about the big
elephant in the room? In order for humans to
survive a ride on Starship, the Starship itself
has to not only perform a pretty wacky landing maneuver, but it also relies on two out of three raptor engines working
for the landing burn itself. Is that actually safe? Can we actually rely on propulsive landing for human lives? Well, let's go ahead and take a look at the Falcon 9 again, as it's one of only
two vehicles in history to perform propulsive
landings after reaching space, but remember, it isn't reaching
orbital velocity either, like Starship is, so we're we're only going to be looking at the landing aspect of it,
just the landing burns, and using engines as
propulsive landings for now. Because the very end of
Starship's proposed landing burn will look and function almost
exactly like the Falcon 9's. To date, SpaceX has landed 46
out of 54 landing attempts. That doesn't sound great, but remember, before the first landing, it was literally considered impossible. No way, when it happened
it was a really big deal. If we look at just landing attempts starting in 2017 after it became
a little less experimental and they had it figured out, we get some pretty surprising numbers. There's been 45 attempts since 2017 and only three of those
were failed landings. None of these three
landing failures was due to a failure of a Merlin engine itself, although again that gets complicated. Going in order, on February 6th, 2018, SpaceX launched the first
Falcon Heavy on its demo mission and landed all but the center core of the Falcon Heavy. The center core ran out of TEA-TEB which is the pyrophoric starting fluid that actually ignites the engines. It sounds like there was a pretty easy fix and it wasn't actually that
they would need more TEA-TEB, but just needed to switch
which bottle it pulled the TEA-TEB from and at what
point to solve the problem. Then later that year,
on December 5th, 2018, for the CRS-16 mission, a brand new Block 5 Falcon
9 core failed to land when the hydraulic system that controls the grid fins seized up. The solution was simply a bleed valve that would prevent it
from happening again. As far as the merlin engine goes, it performed perfectly fine and allowed the vehicle to touch down so soft that it didn't break apart and could
be towed back into port. Lastly the latest Falcon
Heavy launch on June 25th, 2019 for the STP-2 mission had a failed center core landing attempt as well. SpaceX didn't expect the core
to survive reentry due to extremely high velocities and pushing the vehicle to the absolute limits. So far as we know, the engines themselves still
lit up and performed fine but the thrust vector
control that steers them was destroyed due to
that spicy reentry heat, which made the vehicle lack
precise control for landing. So the engines themselves were fine but the TVC kinda got destroyed, so it's hard to say. Since this was at the outer limits of what the booster is capable of, the solution is just don't push it that hard if you need to land. So if this were a Starship
mission with people on board, they would've made sure
there were healthy margins that are safely within
the operational range of Starship and not even accept a mission or design a mission where they push it to the
limits in the first place. So can we ever rely on
propulsive landings for humans? Eventually, sure. Think about it, the Apollo missions relied on purportedly landing on the moon, and that worked out pretty well. As far as everyday usage, as long as there are
redundancies in place. Having three engines light and having engine out capability
is a good place to start. But what about other systems
in place on Starship? What about those giant
wingy, flappy, fins things? What if the hydraulic system fails on those and they get stuck, like what happened on CRS-16? Well for this, we need to look no further than airliners and the Space Shuttle. Here's where good old
redundancy comes into play. Airliners would lose control
and be unable to operate their landing gear as intended if the hydraulic systems failed. Same goes for the Space Shuttle. Which is exactly why there
are redundant generators, redundant pumps, redundant lines, basically everything in
that system up is redundant. It's actually not very wise to compare the CRS-16 failed
hydraulic system and say, see, what if that happens on Starship? Because a Falcon 9 booster
landing isn't mission critical, let alone required for human safety, so they have intentionally
lacked redundancy for simplicity. But there is one big
thing that isn't redundant and can be catastrophic if it fails, and boy do I mean big, because that's the fuel
tank slash the fuselage. This is honestly my
biggest area of concern. And to be quite frank, it's the one thing SpaceX has had bad luck with over and over and over. The first failure of a Falcon 9 was due to a helium filled composite
over-wrapped pressure vessel or COPV, these pressurize
the fuel and oxygen tanks, and one broke loose in the upper stage oxygen tank on June 28th, 2015 for the CRS-7 mission. This caused a rapid
unscheduled disassembly and complete loss of the
rocket and it's payload. The next failure was the
infamous AMOS-6 anomaly on September 1st, 2016. Again, an over pressurization
due to a failed helium tank in the upper stage caused a
complete and total loss of the vehicle as it was being fueled up on the launch pad for a static fire test. Then we have the Crew Dragon
anomaly on April 20th, 2019. This is when SpaceX was testing the launch abort system on the ground and had a frozen chunk of
nitrogen tetroxide shoot through a titanium valve causing a rupture in the system and
total loss of the vehicle. And most recently and
perhaps most alarmingly, we actually saw a failure of a Starship MK-1 prototype
on November 20th, 2019 when we watched it blow its top off from over-pressurization
during a pressure test. Now this I'll give a bit of a pass to. This vehicle and that test was nowhere near future
operating conditions. SpaceX was pushing this
prototype much further than normal operating
ranges and these were the shotty welds of the
very initial rough prototype and they don't represent a future, the more refined vehicle like it will be. But it sure does get a
bit spooky when you think that if that was a fully fueled Starship, and there were people on board there would have been no aborting from it. (upbeat music) So I guess this leads us to the question of what options does
Starship have to abort? We've already gone over
what design considerations make it avoid the same design
flaws as the Space Shuttle, but it still is lacking an actual abort system. So can it abort at all? Well, let's first make sure we're clear on the types of abort options. There's a big difference
between a pad abort, an inflight abort, aborting to orbit and
aborting a mission in general. A pad abort is the option
to pull the spacecraft free from the rocket while still on the pad. This is actually a pretty dangerous time while the vehicle is fully fueled, full of highly pressurized
explosive material. So can Starship do a pad abort? Yes-ish and no. If the problem is in the
Starship upper stage itself, like a tank rupturing or something, the simple answer is no. But what if the problem
is with the booster? If the booster suddenly ruptures, the upper stage of Starship
could perform an emergency quick start of the Raptor engines
which could help prevent the Starship from just falling down onto a pile of what was once
a Super Heavy booster and is now a flaming hellish landscape. If all engines are fired, including its vacuum optimized engines, Starship would have just barely enough thrust to slowly get away from the pad and divert to a safe landing area. That is assuming a failed
Super Heavy booster didn't damage the Starship bad
enough to make it un-flyable. Don't forget, you're not trying
to outrun the pressure wave, because spoiler, unless you can go zero to the speed of sound literally instantly, you can't outrun it. So if you're inside a pressure vessel, you should at least
survive the initial blast. You also might ask how could they fire vacuum optimized
engines at sea level, That was a big part of the air spec you can't really do that. Well according to Elon, they could have dual bell nozzle design and fix the nozzle to the hull
wall which can stabilize it. And in general, yes, you can actually fire a
standard vacuum nozzle at sea level in an emergency, but it's very likely to
fail but why not try if the other option is
complete failure anyway? So pad abort, kinda, maybe a little, well it's at least better than the Space Shuttle's full lack of abort options while sitting on the pad. The same goes for an inflight abort. An in-flight abort is
just what it sounds like, aborting while the rocket is flying. Again, assuming the upper stage isn't the culprit of the problem, the Starship could theoretically pull away and perform whatever maneuver
necessary to re-enter and land somewhere else or worst case scenario do a soft splashdown emergency landing. Again, it should have more options and opportunities than
the Space Shuttle did. Once Starship has
detached from Super Heavy, there really aren't
any abort options other than aborting to a safe reentry profile and then reentering if
it can't achieve orbit. But luckily, with the
control surfaces on Starship, they could greatly alter
their aerodynamic profile and the dynamics for a handful
of safe reentry options. This is helpful compared to say a capsule which can't change its shape
and actually has areas in a launch profile that the
engineers need to avoid. For instance, if a standard
single engine RL-10 Centaur upper stage was used
on Boeing's Starliner, there would be large
portions of the profile where an abort would be deadly due
to extreme reentry forces. Boeing and ULA therefore had to opt with a two engine variant of
the Centaur upper stage that could fly a safer
profile which allows for a safe abort window
throughout the entire ascent. And of course, on reentry there really
isn't ever an abort option. Reentry just needs to work. Even if there was a mechanical
abort option during reentry, it likely wouldn't be very helpful. Now of course a passively
stable capsule with a simple ablative heat shield has very little that could go wrong, but again, redundant hydraulics for control surfaces and a structure that can handle high temperatures
in general should offer a decent buffer in reentry for Starship. (upbeat music) Okay, we're finally getting to the true meat of the question. Is it actually better to have an abort system on a rocket, period? To do that, let's quickly go over all the aborts and all the accidents of human spaceflight and determine whether or not an abort system could've helped. Looking at the history
of orbital spaceflight there's only been 18 deaths
actually occurring during orbital spaceflight activities. The first death being
a parachute failure on the very first Soyuz mission in 1967 which killed
cosmonaut Vladimir Komarov. An abort system would not have helped. The next tragedy was Soyuz 11 in 1971 which decompression of the
spacecraft actually led to the deaths of three cosmonauts. To this day, this is the only incident in which humans died in
space above the Karman line. An abort system would not have helped. Next we have the Space
Shuttle Challenger disaster in 1986 which we've already talked about. A mechanical abort system would have likely saved the crew of seven. Lastly we have the Space
Shuttle Columbia disaster in 2003 which again, tragically
killed the crew of seven. An abort system would
likely not have helped. There's a chance if an escape pod had its own heat shield and the like, it may have helped, but it's unlikely aborting during reentry would
be a very good option. Now let's look at the number of times a crewed orbital launch
escape system has aborted. This number is very small. Today, an abort system actually armed for a flight has only been
triggered three times. The first time an abort
system was used was actually on an un-crewed test flight of Soyuz for the Soyuz 7K-OK number
one mission in 1966. The launch was reset when a strap-on booster failed to ignite. The ground crew went out to inspect the rocket when suddenly, 27 minutes after the scrub the launch tower activated
because its gyroscope noticed it was 8 degrees off axis
from where it thought it should be due to the Earth's rotation. The firing of the abort system ended up lighting the third stage on fire, and then the rest of the rocket blew up on the pad killing one ground crew personnel. In this case an abort system
caused a failure and a death. The next time an abort system was fired, was the only time there's been a pad abort with crew on board. On September 26th, 1983, when the crew of Soyuz T-10-1 had to abort from their Soyuz rocket that had caught on fire while still on the launch pad. After safely aborting and landing
four kilometers downrange, the crew was bruised up and shaken when they were met by the recovery crew. They were given cigarettes
and shots of vodka to relax. In this case obviously the
launch abort system saved lives. Lastly, the abort system was triggered on another Soyuz mission
MS-10 in 2018 when there was a problem at booster separation that caused a booster to
rupture the core stage. This triggered the abort system, not the full tower which had just been jettisoned a few seconds prior, but a smaller abort system integrated onto the fairing covering the crew module. In this case, the abort
system saved lives, but perhaps simply
shutting down the engines and detaching from the booster would have been sufficient without a mechanical escape system active. There are really only about two other flights
which were aborted, the first was Soyuz 7K-T-39 in 1975, which aborted after the escape tower and fairing were jettisoned, An abort system obviously wouldn't have helped as it had
already been ditched. Then there's the only
Space Shuttle to abort, STS-51-F in 1985. It performed an abort to orbit maneuver when one of the
RS-25 main engines shut down. Again, an abort system wouldn't have helped as it was unnecessary. So in the grand scheme of things, to date, a mechanical abort system
has only saved lives twice, it may have prevented one tragedy and in one case it
actually created a tragedy. So out of the 320 orbital
human human flights to date, only three missions in total necessitated the use of an abort system, or less than 1% of crewed launches. There were another three launches where an abort system
wouldn't have helped at all, and two that aborted without
any kind of escape system. And if we look at the last 30
years of human spaceflight, from the 90's on, only one launch out of
180-ish launches required a launch abort system actually be used, so only about half a percent of flights would see any benefit from a launch escape system at all. (upbeat music) Now before we answer the question are abort systems necessary, let's just take a look at one more thing. How can we improve the
safety of rockets over all so we don't need an abort system period? I think the answer to this question is we need to fly more a lot more, a lot more. And we need to reuse systems over and over so we can see where things are weakest and where we can make the
greatest improvements in safety. Let's look at airliner safety. This is a chart showing
how many kilometers of commercial airline travel happen per accident over time. Unfortunately this data only
goes back to 1929 and doesn't even show the very early, wild, wild west days of air travel. But in less than a century, the industry's safety record improved by three orders of magnitude. Now I really really wish we had data on the first three decades
of human air flight, but unfortunately the
data is not available, but I wouldn't be too surprised if it didn't look too
far off from this chart. Now this is actually the orbital launch success rate per year. Notice how quickly humans got
into the upper 90 percentile. But then it stalled. Let's compare that to the
airline industry during the same time frame. Yeah, humans had pretty much
nailed down how to fly by then, it isn't until you zoom
into the tens of thousands that you can actually
even begin to decipher an improvement on flight success rate because we're well into chasing the nine's in reliability at this point. And I think there's a
few reasons for this. First off, in total there hasn't even been 6,000 orbital launches ever. Compare that to the almost 40 million commercial air
departures in 2018 alone and you realize just how
rare spaceflight is still. I'll bet the first 6,000 flight
attempts of airplanes had a similarly awful flight record as well. 6,000 flights was
probably just achieved in a much, much quicker timeframe and with a significantly
lower barrier of entry than building a rocket. Now we probably shouldn't be comparing rockets to airplanes, because getting a rocket to space and bringing it back safely
is really, really hard, orders of magnitude harder than flying an airplane to begin with. You can make airplanes out of paper, or if you are Peter Steeple you can make airplanes out
of pretty much anything. But it is fun to see how quickly we can actually really
improve reliability, it just takes more and more time. But it is fun to compare
how quickly things can become reliable
once you do them enough. The answer to what can we do to make rockets more reliable is simple. Fly them more often and
fly reusable rockets over and over instead of throwing them away. Only then will we begin to get anywhere near airliner like reliability. (upbeat music) So it's time we finally wrap this all up. Launch abort systems. Are they necessary. Do they actually make astronauts safer? Do we need them going forward? If so, will we always
need them in the future? So remember when we
looked at how many times a launch abort system would have saved the lives of crew and it's
a surprisingly small number? Well, I still think it's a good idea for this generation of rockets. I think NASA, SpaceX and Boeing are right to assume the Falcon 9 and Atlas V, as reliable of rockets as they are, still lack significant flight data to really be considered
safe enough without a launch abort system. But don't forget launch abort
system is still bring their own complications and problems with them. Remember how SpaceX's Crew
Dragon Capsule blew up when testing the abort system? And actually Boeing
had problems with their launch abort system catching
fire on the pad too. You're basically taking more parts and a small rocket and attaching
all these extra systems, that can also fail, and you are putting them directly on your crew module anyway. Sure, a lot of work goes
into making them safe, but you're solving the problems of rockets by sticking more rockets on them. That would be like putting a Cessna prop plane
inside of a 747 in case the 747 fails you can
fly away on the Cessna. You're probably better
off just making sure your maintenance is up to
speed rather than going and buying a Cessna. It's like how people ask all the time if the Super Draco Abort
motors could be used as a backup to the parachutes
if the parachutes fail, and the answer is, technically,
yes of course they could. But by the time you
certify that procedure, those systems, and make
them safe and reliable, you probably would've been better off just making sure your parachutes don't fail in the first place and make them more reliable. In the same way, would you
rather engineer an abort system, put together all these procedures and envelopes and subsystems or focus on making the entire
vehicle that much safer. At some point, you can
actually arguably achieve a more reliable system over
all if it has fewer parts. I think Elon Musk has a good point when he said this in
the 2019 Starship update - The best part is no part. The best process is no process, it weighs nothing, costs
nothing, can't go wrong. So as obvious as that sounds, the best part is no part. The thing I'm most impressed with when I have design meetings at SpaceX is what did you un-design? Undesigning is the best thing. Just delete it, that's the best thing. - So I guess the question should be would I ride on a Starship
without an abort system? For now, the answer is no. I think we should see at least a few dozen flights without crew first, We should find the limits and boundaries, maybe have some failures or two and only once we've seen Starships flying 10 plus times reliably
without any failures, would I consider getting on one. But I'm also a chicken, I don't think I'm cut
out for anything less. I do think it could be possible we see humans who are willing to risk it on Starship early on in the program, and if it's NASA astronauts on board, I wouldn't be surprised if they would require an abort system. Especially since SpaceX will
likely load and go their fuel, just like they do the Falcon 9, meaning the crew will need
to be onboard as fuel flows. In general, it's more
dangerous to be filling and pressurizing a vehicle than to have it sitting there
stable and fully fueled. So unless SpaceX can change
that procedure for Starship, I honestly can't really
imagine NASA wanting any of their astronauts on board without an abort system again any time soon. At the end of the day you can't fix the problems you don't know are there. Just like how SpaceX was so surprised to discover problems with cryogenics and composite over-wrapped
pressure vessels, or the failure of a strut, or titanium valve exploding, sometimes you simply don't discover a design flaw until it
rears its ugly head. So that's why I think it's vital we see these things fly, fly often, and fly over and over. Only then will I think there's a proven reliability track
record that would make it a safe enough option to
not have an abort system. So what do you think? Abort systems, are they
good or are they bad? Would you get on a rocket that
doesn't have an abort system. At the end of the day that's
really what it comes down to. I can see both sides of this argument. I can see where you might say obviously it can make things safer Because if the rocket fails you at least have a backup rocket, at the same time you're adding more parts. So maybe there's some elegance to the simplicity of the design that doesn't have all these extra parts, and just focus on making
those more reliable. But I don't know. Let me know your thoughts
in the comments below. And also be sure and let me know if you have any other questions about Starship, abort
systems, stainless steel, Raptor engines, Space Shuttles, anything. Let me know if you have any questions and I'll be sure and try to
crank it out on my video list. I have this never ending video list that I just cannot keep up with, but I'm really excited to
keep cranking away at them. So stay tuned, there's a lot
of really good content coming. As always, I owe the biggest thanks in the world to my Patreon supporters, who literally helped me
do all of this stuff. They have been a big,
big help on this video, trying to find all these fun facts, and find little nuggets
of information with me, crunching numbers and
confirming my stuff is accurate. So if you want to help do what I do, please consider becoming
a Patreon supporter By going to Patreon.com/everydayastronaut where you'll gain access
to our exclusive Discord, Patreon, and exclusive live streams. Thank you. And while you're online
be sure and check out everydayastronaut.com/shop
for limited edition merch. Now do notice that the
merchandise is getting awesome, they are all hand screen printed, hand sewn-on patches. Custom neck labels, all
these really cool things. And these awesome
designs are limited runs. So if you like something
you'd better grab it now, because there's a good chance it won't be there next time you
click on the website. And I guess you can even grab what's apparently one of
Elon Musk's favorite shirts, the full flow stage
combustion cycle shirt. We also have that as a
hoodie version as well just in time for the cool weather. So get in there while you can and get some awesome
merchandise for yourself. That's everydayastronaut.com/shop. Thanks everybody, that's
gonna do it for me. I'm Tim Dodd, The Everyday Astronaut, bringing space down to
Earth for everyday people. (upbeat music)
Hey guys! This is a question I got asked ALL the time... "Why won't Starship have an abort system?!".. and it's a very very good question. I wound up diving into the certification program for rockets and safety considerations of Starship and why comparing it to the also abort system-less Space Shuttle isn't really a fair comparison. I've also made this into an article version as well if you'd like to see some of the sources for total numbers and safety history and the like.
Let me know if you have any other questions about this! It's a VERY loaded topic. Thanks everyone! - Tim
Had no idea about the Space Shuttles' bailout procedure. Can you even imagine if a crew had to pull that off during it's tenure?
This is somewhat similar to submarine design ethos (although Russians include an escape capsule, I think it's only ever saved one crew member).
The goal is to design in enough reliability and redundancy that you can always save the sub if something critical fails, provided the sub isn't driven outside of its safe operating envelope.
Although that said, a sub should always be able to surface, which is akin to landing an aircraft. Can't do that in a rocket.
The timing was intentional here, wasn't it? Everyone just waiting for the launch and doesn't know what to watch in the meantime..?
To be serious, thank you so much for your awesome videos Tim!
Regarding a pad abort scenario, my math puts the TWR of a Starship at 1.02. That's assuming an average thrust per engine of 225 tonne, and 1320 tonne launch mass (Wikipedia). I think the engine thrust of 225 tonne is pretty optimistic for both the sea level and vacuum engines, at least when operated at sea level, so TWR might be less than 1 on early Starships. Even if it were 1.02, those engines are going to the blasting the top of Superheavy while not going anywhere quickly. I'm not sure it would work out, but it would be worth a try. Abort in flight should be a lot easier, as the booster will fall away if its engines shut down.
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:
GTO comsatPre-launch test failureDecronym is a community product of r/SpaceX, implemented by request
53 acronyms in this thread; the most compressed thread commented on today has 80 acronyms.
[Thread #5673 for this sub, first seen 16th Dec 2019, 20:56] [FAQ] [Full list] [Contact] [Source code]
An abort system on the starship doesn't make sense. I also don't think the starship will be all that safe. So to start off, here's some assumptions in the video.
The first assumption of the video seems to be that since the starship is a different design than the space shuttle, it mitigates the known risks of the space shuttle. I don't buy this assumption, because the starship will have different a different set of risks and problems than the space shuttle. Even though some known issues are mitigated due to the design, it will have new risks. An example would be the heat shield. The space shuttle had risk of damaging the heatshield because the tiles were essentially weak. The Starship has a risk of imperfections in the heatshield causing hot spots or clogging the cooling mechanism. There is a ton of unknown with their new design.
Even the idea that the space shuttle's first disaster was due to pushing the design envelope. Well who says spacex won't push the design envelope? Especially considering there could be a profit motive behind spacex. Who's to say they won't try to fly in adverse weather conditions or without necessary inspection or with unqualified maintenance personnel. Also, the starship will have a few orders of magnitude higher of a safety requirement than the space shuttle. For launch 60,342, will the maintenance crew perform the same quality inspection as the 500th launch?
The comparison to airliners. Airliners have tons of redundancy built in to them, and they do fail. Gear up failures and engine failures are quite common. They have a tendency to fail at the least opportune moment. For example, a recent 777 had an engine failure during takeoff at LAX, when the airplane is heavy, low, and slow. The plane is designed to fly and survive in those conditions. Crews are trained to react when this happens. Would the starship still be able to recover if one engine failed 15 feet over the landing pad?
The comparison to airlines has another large problem. An airliner can essentially have a crash landing (engines out, wheels up, control surface problems, electronic equipment failure, etc) and everybody aboard can walk away. Even the seats are designed for minimal injury even with a hard landing (hard enough to break the landing gears). The failure mechanism for the starship, no matter how minor, is almost always an entire vehicle/pax loss. An abort system is supposed to mitigate this risk.
Another big problem with rockets is the failure mechanisms are not known ahead of time. Since pilots essentially don't fly the rockets, the pilots are more or less along for the ride on what the programmers did in an office years earlier. This is due to reaction times. If anything goes wrong with the starship, the computer will have to react in milliseconds. If anything goes wrong on a plane, pilots often have minutes and sometimes hours to plan and execute a maneuver.
The biggest assumption of all is that spacex will be able to design out the dangerous parts. We have no idea what will happen with the safety looking forward. Simply put, we are biased people and push those bias onto the future. With this sub, it's very true. Being a spacex fan makes you optimistic about the chances. The only way to truly prove safety statistics is by looking at the past. That will take many launches to iron out the unknowns.
The thing is, if an abort system is good for a known disaster, we'd just mitigate the known disaster. The launch abort system probably is only good for the unknowns, so unless it can mitigate all of the unknown types of disasters, it's pretty useless. As (pointed out in the video), the launch abort system can increase the risk of an accident.
I hate to say it, but safe human flight in rockets is still a long way off. If you're willing to take the risk, we can probably start populating mars in 10 years. I'm guessing it'll be a 1/100 chance of death on the journey to mars. That's roughly the same risk of dying in a car accident in your lifetime (worldwide).
I love this guy.
I just wanted to thank Everyday Astronaut for this incredibly informative video.
What I particularly noticed were videos that I hadn't seen before, the tongue of fire on Challenger and the chunk of insulation hitting Columbia. Were those actual videos, or were they simulations?
The other thing I noticed was extra information. The one I remember was about the hydraulic failure causing the spin of a landing SpaceX booster. Elon at the time tweeted that they would install another pump, but the video mentioned that the real fix was a bleed valve. Other surprises were
and
I hadn't heard any of these, and they all surprised me. Had all of these been announced publicly before? What are the sources?