Since the actual disaster record for the shuttle was 2/135, they must have done some other adjustments to come up with 1/12. Still, at this point it seems very likely that SpaceX will be safer than the shuttle.
The first flights were more risky than later ones. They made improvements. But there were many close calls (including main engine failure).
But SpaceX necessarily WILL be safer because they're using a proven vehicle and a more robust capsule. Plus a launch abort system. Shuttle flew crewed on the very first launch.
There's also the concept of the "Drift into Failure", which I believe was coined by Sydney Dekker (https://www.amazon.com/Drift-into-Failure-Components-Underst...), where small compromises in operations eventually cause very important security and reliability protections to be eroded away.
i tend to think this is a strength of the Russian R7/Soyuz: the vast majority of the R7 launch family launches are uncrewed (and with a lower level of "mission assurance," i.e. less double-checking), therefore any systemic problems (i.e. due to "drift into failure," etc) are almost certainly going to be caught in an uncrewed launch first. Likewise, uncrewed Progress cargo spacecraft missions use a very similar platform as the Soyuz spacecraft, I think on the same line, so problems with the spacecraft can also be found on uncrewed missions.
Falcon 9 is planned to launch maybe twice a year crewed, compared to 20 or 30 uncrewed launches (including like 2 or 3 uncrewed Dragon launches), meaning any new systemic problems with the launch vehicle will almost certainly pop up in an uncrewed launch before they result in loss of crew. Shuttle ONLY launched uncrewed, therefore any systemic problem which resulted in a loss of vehicle necessarily resulted in loss-of-crew.
Yes, so in the F9 case, that only works well if NASA doesn't insist that the one crew launch per year doesn't use a super-unique rocket. Which appears to be something that the safety committee appreciates, but maybe not far enough.
> Shuttle ONLY launched uncrewed, therefore any systemic problem which resulted in a loss of vehicle necessarily resulted in loss-of-crew.
Don't you mean that shuttle only launched crewed? Either that or I think I do not have the same definition as you do for "uncrewed" -- I take it to mean that there is no crew on board?
One of the three SSMEs failed on STS-51F https://en.wikipedia.org/wiki/STS-51-F due to sensor malfunction. Another engine nearly failed for the same reason, but quick action from the crew prevented shutdown. The Shuttle performed an Abort-to-orbit, meaning it continued to a lower contingency orbit.
And STS-93 had a pretty bad close call, too, with some of the engine coolant lines rupturing in-flight (leading to early shutdown) due to a oxidizer post plug coming undone as well as an electrical short taking down some of the engine controllers. That was pretty early in flight, so would've been incredibly risky in the case of an abort. https://en.wikipedia.org/wiki/STS-93
Falcon 9 has higher levels of first stage redundancy than Shuttle (can lose a first stage engine immediately at lift-off and reach orbit just fine, and lose multiple engines later in flight), and uses just a single upper stage engine, reducing probability of failure.
Take an example of why this number is probably not as meaningful as you might think. We have only one astronaut. And this astronaut flies on a ship 1000 times. And then on the 1000th time it blows up. Well we had 1 astronaut that flew and he died. So it would be fair to say that 100% of astronauts that flew on our imaginary ship died on it, but it would lack much of any meaning.
Accounting for repeats, there were 833 individuals that flew on the shuttle and 14 died. The ratio there is about 60:1 which is predictably comparable to the ratio of successful:failed flights.
Oh my lord you guys that is not how probabilities work. You can’t look at what actually happened and then say “Well that was the chance.” If I flip a coin 20 times and happen to end up with a 15:5 split that doesn’t mean the chance of heads is 3:1.
Also the context of that 1 in 12 in the quote is important. They’re saying that was the chance on the first flight in retrospect. The shuttle and it’s supporting facilities and processes didn’t stay static, they improved over time.
>Oh my lord you guys that is not how probabilities work. You can’t look at what actually happened and then say “Well that was the chance.” If I flip a coin 20 times and happen to end up with a 15:5 split that doesn’t mean the chance of heads is 3:1.
Erm, over a large sample size, yes this is exactly how things work. Sure 15/5 may be too small, but 150/50 isn't. That's well after the point where its reasonable to believe that your coin is rigged.
As the other user mentioned, if you don't have the prior that the coin is fair, a 15/5 outcome may (and does) indeed imply that heads are more likely than tails. In fact, 15/5 would imply a less than 1% chance of a fair coin, given uniform priors. (Beta[15, 5] -> 1st percentile is 50.175)
That's not quite the same question as what I'm answering. I'm saying "given you flip a coin once and it comes up heads, what is the probability that its a fair coin" (or previously, given you flipped a coin 20 times, and it came up 15/5, what is the likelyhood it is a fair coin). And with a single flip, you can't actually answer that question (BetaDist[1, 0] is undefined).
Now, once you've answered that question, you can integrate to get a probability that the next coin is heads, but with a single flip you can't even answer the first question. You need to have gotten heads and tails each at least once.
No, the beta distribution BetaDist[a, b] is only defined for a, b strictly > 0.
When a or b is very large and the other is zero, you can treat it as 1 and get a decent approximation, but it'll be a an estimate that biases towards the center.
I should also mention that if you're willing to make assumptions like a uniform prior, this totally works, but it can lead to some surprising results for small a, b. Notably a uniform prior is Beta[1, 1]. Beta[2,1] implies something like a 75% chance of the true mean being above .5, which seems a tad overzealous.
Exactly, that's not the question you're answering, but it is the question that is being asked in this context: what is the probability of rapid unplanned disassembly of SpaceX rockets.
If your rocket has a 50% chance of being explosion proof and a 50% chance of blowing up half the time (you could imagine this as any number of situations, like two otherwise identical rockets which you use), any given launch has a 25% chance of rapid unplanned disassembly.
You can do the same thing over a continuous random variable.
The beta distribution[1] is a cool statistical distribution defined by BetaDist{a,b} (or alpha, beta, but that's too much work), where a is the number of successes and b is the number of failures you've sampled.
It has a number of cool properties, chief among them that given X = BetaDist{a,b}, then cdf(X, x) = the probability that the mean of the distribution you are approximating is less than x. It has a bunch of other nice properties too (like E[X] = a / (a + b), which should be obvious), but those aren't as relevant here.
So let's say that you assume a uniform prior. This is defined as BetaDist{1,1} [2]. this is probably the wrong prior. So you might have a better idea. If, for example, you believe there is a 10% chance of your rocket exploding based on some calculations you've done, you might use a differently tuned beta distribution, like BetaDist{9,1} or BetaDist{4.5,.5} if you were feeling uncertain (but in general it would likely be better to use {8,2} in that situation iirc). But let's assume {1,1} for now.
So you launch your rocket. Everything goes great. You update your distribution. Its a success. So you get BetaDist{2,1} [3]. So what is the chance your rocket explodes? Well the cdf of your beta distribution is the probability that the mean is less than x. So the pdf of the beta distribution is the probability that the mean is exactly x. So then
The integral from 0 -> 1 of `(1 - x) * pdf(X, x) dx` is the estimated probability that your rocket explodes on its next launch, since that's "for every value x, the likelyhood of the distribution being that one multiplied by the chance your rocket explodes given that distribution". For the one rocket case, this happens to be equal to E[X] = a / (a + b), so it's 1/3.
For the two rocket case, you apply reinforcement learning/k-armed bandit strategies like UBC1[4] or Thompson Sampling[5]. These are algorithms that will result in you picking the best rocket with as few unnecessary explosions as possible, provably.
You can see some related discussion I've had on HN about these algorithms [6].
Yes if you actually run an experiment with real sample sizes you can begin to form hypothesis around and unknown probability.
But my point was you cannot look at a historical event and say "Well this happened, so that was the chance." That's the basis for the silly internet joke "The chance is 50/50, either it happens or it doesn't."
>But my point was you cannot look at a historical event and say "Well this happened, so that was the chance."
If the event happens repeatedly, you absolutely can! If someone attempts something 20 times, and it works 10 of them, you can conclude that there's an approximately 50% chance of success. You have a sample size! The exact same thing is true for a statement like "the chance of an astronaut dying is approximately 1 in 25". We have the sample size to show that.
>That's the basis for the silly internet joke "The chance is 50/50, either it happens or it doesn't."
No, that's totally different. That's a misunderstanding of priors. What you're doing is more like forgetting that the law of large numbers is a thing.
I’m not forgetting anything. The actual shuttle missions were not a statistical experiment or a consistent action where you can say “well this is what happened so that was the chance of death on an individual shuttle flight.”
It only means that’s your chance if you have the technology from quantum leap (the tv show) and you randomly land in the body of one of the participants.
as I said already the shuttle and everything around it evolved. The crews changed. Trying to say “the actual chance of death was this based on how many people died.” is silly.
>It only means that’s your chance if you have the technology from quantum leap (the tv show) and you randomly land in the body of one of the participants
No, then the event already happened, so you know the outcome with certainty.
> The actual shuttle missions were not a statistical experiment or a consistent action where you can say “well this is what happened so that was the chance of death on an individual shuttle flight.”
Indeed there are confounding factors that make the error nontrivial. This doesn't invalidate the entire experiment.
>Trying to say “the actual chance of death was this based on how many people died.” is silly.
Its exactly as silly as saying "the actual chance of getting heads is based on how many heads you get". The problem with your argument is that that isn't silly. To calculate how likely getting heads is, you flip the coin a bunch of times, see how many heads you get, and then you have your answer (and a confidence level). Its the opposite of silly.
In other words, there's no big difference between "We'll flip a bunch of coins to see how likely we are to pull heads" and "we'll launch a bunch of people into space to see how likely they are to end up dead". The second isn't as rigorously controlled as the first, but that's fine as long as you account for it.
I think the difference is the scope of the problem. A coin flip is a deterministic, known event with two possible answers in most situations.
A rocket or space shuttle launch is like a thousand coin flips, where any one result, sequence of results or other combination of events results in death. As an added bonus, any number of unknown external events, from
Ambient temperature, to bird strike, to sabotage can render the model useless and kill you in some unforeseen way.
The scope is different, but the principle is the same.
Say you launch your rocket 50 times, out of which 3 times it explodes - first time because of a bird, second time because of the legendary ULA Sniper, third time because of internal problems. That 3/50 is still closer to the truth than just assuming "I really don't know" (1/2) or refusing to answer the question - it has huge error bars, but implicitly captures some of the phenomena that make launches go wrong.
My perspective was probably a little impacted from spending the first truly beautiful day of the summer dealing with a failed "high availability" system. :)
If statistics didn't converge to probabilities in the high-n limit then science would be impossible. In the 15:5 coin example, the conclusion is skewed by a massive prior that coins are fair. When we're talking about things like space shuttle launches, it's not reasonable to expect our understanding of the system to be so good that we can boldly forge through with estimates that disagree with results.
> If I flip a coin 20 times and happen to end up with a 15:5 split that doesn’t mean the chance of heads is 3:1.
Isn't it the best you can say, though? 20 is a small number but when it's all you have, there's nothing you can do about it. Of course we know the "real" probability is a 1/2 because we know how coin tosses work, but if we didn't know it and coin tosses were black boxes, we'd have to go with this 3:1 chance.
The chance of heads being 3:1 is the maximum likelihood estimate, which indeed is the best we can do if we don't know anything else. But usually we do have an idea of reasonable values.
I didn't say it was a probability. Quite literally, if you look at how many people flew and how many of those died, 1 in 25 died. There was a 100% 'chance' of 1 in 25 dying on the shuttle because that's what actually happened. There's no probability there.
I believe he is right though. You are considering future probability chance, and are right, but he is considering past average. In this case his factual outcome trumps your potential forecast.
That's one very twisted way of computing the chance of dying on the shuttle. If you launched the same crew over and over again they would all have died. If you used 'fresh' people for every launch then the chance according to your computation would have been lower.
And yet, through all of that the underlying machinery would be identical and that is the thing we're trying to evaluate here.
So even though you can compute that particular number it is not a very useful number to calculate.
A better way would be to look at the 2/135 number to determine vehicle safety and to use the number of astronauts on board to get to a generic figure and for each individual astronaut to use the 2/135 multiplied by the number of flights they took to figure out their chances.
Of course these are still very low numbers and the error bars will therefore be large.
