The former sentence and the latter have no relationship. Just because something hasn’t failed yet does not mean that it is 100% safe. In this life very little(if anything) is “100% safe”-Even shoelaces can be tripped over.
The Columbia’s wing damage may have made a safe reentry impossible (and a LOCV incident therefore inevitable), but the Challenger disaster, IMHO, ought not be blamed on the vehicle. Thiokol engineers knew it should not be launched in such cold water, and advocated unequivocally against it, but they were overridden by management. If the challenger launch had been postponed until temperatures were more favorable, it’s likely the overall shuttle loss rate would have only been 1:135.
The concept of more squat/broad-beamed launch vehicles and space vessels has been worked on. Just that like most of the kind, the project eventually runs out of funding when it can’t deliver whiz-bang zoom results both quick and cheap and keeping open the assembly lines of all the current contractors. Instead you go for something derived from or inspired by what you already have.
The long-skinny form aspect also lends itself well to stacking and strapping on extant-technology stages and boosters (and yes, sustaining a sunk-cost industry ecosystem inertia). Also as long as you’re anyway mostly using expendables, or dumb-drop/first-stage-only recoverables, I guess you don’t care much about reentry performance of the booster.
Collective answer: while the Saturn V had component failures both in early and manned flights, none of them was catastrophic, fatal or even injurious. I think that fits the OP question of “safe.”
This is not really true. Although it is true that the natural rubber used in the Shuttle Solid Rocket Booster (SRB) field joints was not as resilient at low temperatures, and the STS-51-L launch was being conducted at a temperature below the 58 ℉ (ambient temperature around the boosters was 28 to 29 ℉), indications of O-ring erosion and even blowby (jetting of hot gas past the O-ring seal and impinging on the so-called “backup” O-ring) had been seen on a number of previous flights, and the worst case erosion was actually seen on the highest temperature launch to that date (72 ℉ if I recall correctly). The actual area of the field joint where the O-ring failed was actually significantly below that temperature because the wind currents caused vented cold oxygen from the LOx tank to pool around that field joint, so while the ambient cold temperature may have contributed to this failure it could have happened at any ambient temperature. Even then, the blowby itself did not result in failure; had it been in a direction oriented away from the External Tank (ET), the booster would have continued to function nominally despite the leak, and in fact after the SRB broke away after the ET collapsed, it continued to function propulsively for 37 seconds while tumbling end for end until the range safety officer (RSO) initiated the flight termination system (FTS), splitting the case open and snuffing propellant grain combustion.
The real flaws of the field joint were multiple, including a designed that caused the joint to flex to an “open” position (so-called “joint rotation” removing squeeze from the O-ring), a zinc chromate potting compound known to create voids, the use of a secondary “backup” O-ring in the jet patch of the primary O-ring (which does not provide redundancy and in certain conditions can even conceal a potential issue during pre-flight leak checks), poor insulation interlock over the field joint, and of course, not being qualified to the range of temperatures that it would be called to operate in, to wit the well-below-freezing temperatures caused by pooling LOx, which is a problem that comes up again and again as designers forget that vehicles with cryogenic fluids will vent off cold gas that may create colder-than-ambient conditions. These issues were mentioned in brief in the Rogers Commission report and in more extensive form in Allan McDonald’s Truth, Lies, and O-rings. The original SRB field joint was in fact a poor design, something that Thiokol recognized even before the STS-51-L failure as they redesigned the joints during the Fiber Wound Composite SRB for the abortive Blue Shuttle program (flying out of SLC-6 at Vandenberg AFB), and implemented as design improvements for the Redesigned Shuttle Rocket Motor (RSRM) which became the new SRB propulsion element. There were also a large number (over eighty if I recall correctly) Class 1 design changes to other elements of the SRB including the thrust vector control, insulation design, and avionics which were implemented as part of the RSRM program.
Well, there are other reasons for a long L/D configuration, including manufacturability (making long slender tubes is easier that squat conical or pyramidal shapes), and similarly, it is much easier to transport such forms, whereas a large squat body would likely have to be assembled at the launch site or shipped via barge because of OTR limitations. But from a mass ratio standpoint for a vehicle with a sufficiently large payload, it makes a lot of sense conceptually even for a single use vehicle, and for a reusable vehicle such as the Chrysler Aerospace SERV it created a bluff body reentry profile and plenty of space for terminal phase propulsion systems. For a smaller vehicle with lower payloads the payoff isn’t as dramatic, and the experience with long cylindrical vehicles, based upon ICBM applications has guided most practical space launch vehicle efforts to date.
No, again, just because a system that has not yet experienced a catastrophic failure is absolutely no guarantee that it will not, and especially when the experience base of only 13 flights, several of which experienced major anomalies that could have potentially been mission ending. There is no such beast as a “100% safe” anything, and when it comes to rocket propulsion even getting past the 95% reliability hurdle requires a fairly robust design combined with a lot of sweat effort in test and integration to make certain that there are no incipient failures in the system. Our best systems top out at about 98% reliable; hence while all crewed systems (except for Shuttle) have provisions for launch abort.
Stranger
IMO it is unclear the shuttle design was needlessly fragile. The main airframe/TPS options were:
(1) A hot airframe using titanium and less stringent TPS. NASA managers & engineers discussed this directly with Kelly Johnson at Lockheed. The conclusion was titanium was too difficult to fabricate and maintain and wasn’t a good option.
(2) An aluminum airframe using metallic TPS. The available metallic TPS of that era was highly prone to oxidization, and required a protective coating. The slightest scratch on the coating would permit oxidization and a burn-though during reentry. The general feeling was metallic TPS was risky. Faget himself was afraid of metallic TPS, saying “The least little scratch in the coating, the shingle would be destroyed during re-entry” – Facing the Heat Barrier: A History of Hypersonics, by T.A. Heppenheimer. This book is available free on line:
Part 1: history.nasa.gov/sp4232-part1.pdf
Part 2: history.nasa.gov/sp4232-part2.pdf
Part 3: history.nasa.gov/sp4232-part3.pdf
(3) An aluminum airframe using silica TPS. While mechanically fragile, the silica TPS was forgiving and could tolerate significant damage – often down to the thin densified layer – without affecting safe return. This was the chosen method and it’s unclear given whether any other option available using early 1970s technology would have met the mission requirements any better.
Regarding abort modes, the shuttle system had many abort modes and these were improved over time, dramatically after the 1986 Challenger loss.
The Saturn V could not withstand a single engine failure for about the first 15 seconds of flight. If all five engines did not work perfectly, a single failure would cause the thrust/weight ratio to drop below 1:1 resulting in a pad fallback, the worst kind of disaster. The Launch Escape System would probably have saved the astronauts but it would have destroyed the launch facilities and halted the program, maybe for years.
By contrast the shuttle after the mid-1990s could theoretically withstand a triple SSME failure right off the pad – the “three out blue” case. This was due to structural reinforcement between the external tank and orbiter, plus flight software updates. The result would have been a bailout but it was supposedly survivable. Unlike the Saturn V case the pad would not have been destroyed.
It’s true the shuttle before 1986 had very limited abort capability and large “black zones” in the ascent. However the later shuttle was greatly improved. This can be seen from comparing the event/velocity chart for each shuttle version:
Shuttle contingency abort modes, pre-1986: https://photos.smugmug.com/photos/i-FtPVnXG/0/O/i-FtPVnXG.jpg
Shuttle contingency abort modes, post-2000: Misc charts - joema
In the “three out blue” abort case the shuttle actually maneuvers for the abort while the SRBs are firing, made possible since the SRB steering authority is much greater than the SSMEs. It’s true the SRBs cannot be shut down and must essentially work perfectly but as see with the Saturn V case, all five F-1 engines must work perfectly for about the first 15 seconds – they also cannot be shut down.
Viewed as a large “criticality 1” pyrotechnic device, the SRBs were no different than the dozens of other pyros on the shuttle which must all work flawlessly, else there will be a loss of vehicle and crew. At least with the SRBs you don’t have the risk of a spurious shutdown, which doomed many launch vehicles including the Soviet N1, nearly the Saturn V Apollo 6 launch, and nearly the STS-51F shuttle mission in 1985.
Anvils are pretty hardy.
They put a manhole in orbit once. Close enough to an anvil reliability wise.
I’ve often thought of space tourism (five or so people pay tens to hundreds of thousands of dollars to experience orbital or sub-orbital weightlessness for a short amount of time) to be roughly as risky as climbing Mount Everest, as least for the foreseeable future. I’m curious if you agree with that statement or not.
I think is this is an underappreciated point. A low diameter is immensely easier to manufacture in numerous ways. Consider just the painting step–a narrow cylinder can be fed through a small spray booth, while a squat (possibly irregular) shape requires a much higher volume. Or just basic work on the outside–a man on a modest ladder can comfortably access every external point on the rocket just by rotating the cylinder in place. A larger diameter requires a large gantry, uncomfortable working conditions (working on stuff directly above you), and so on.
.jpg){kind=link}
Put another way, the gains from horizontal manufacturing and integration (which aren’t trivial) are lost when all dimensions of the vehicle are roughly equal.
When I refer to the “fragility” of the Shuttle architecture, I’m not just specifically highlighting the TPS but rather the entire system, and specifically the design compromises made to get high cross range (which was necessary for the Blue Shuttle application, notwithstanding that by and large the Air Force did not want to use the STS) while maintaining an adequate payload mass. This resulted in a large but rather delicate compound delta wing structure which was dead mass and aerodynamic drag during ascent and only had real utility in the last phases of return. A much more compact lifting body design, or a bluff-base capsule like the SERV, although providing only minimal cross range (and therefore not capable of once around and return mission profiles) would have not had many of the design compromises that required the large solid rocket boosters, ascent in a supine orientation, and so forth. Since the cross range capability was never exercised and the retrieval capability was used infrequently, the large wing surface was an unnecessary design choice, albeit unknown to the engineers designing the Orbiter Vehicle to meet the cross range requirement.
As for abort modes, while it is true that NASA made the effort to improve crew survivability during abort throughout the life of the Shuttle program, none of those methods were ever well-tested, and much of them, like the absurd Inflight Crew Escape System (ICES) were really just a political fop. The reality is that the system had a moderate tolerance to propulsive failures in the SSMEs, and none at all in the SRBs until SRB separation, with no viable escape modes from liftoff until after two minutes into ascent. Fortunately, the Shuttle SRBs are one of the most reliable propulsion systems ever developed; even in the case of Challenger, the SRB continued to functional nominally in a propulsive sense (albeit unguided tumbling end-over-end) until deliberately terminated.
At the current state of the art, I’d opine that “space tourism” is more risky than climbing Mount Everest, at least insofar as a climber has some measure of control and judgment about the risks they are taking. A passenger in a crewed vehicle that has not been rigorously qualified really has no idea what the operational margins are, what undetected vulnerabilities may lay in the system, and so forth. You are basically placing your life into the hands of self-promoting buffoons like Richard Branson who have made their fortunes by adopting great risk and often failing, and therefore do not understand the utility of being risk-adverse, as one should in dealing with an industry in which public hazard is at issue. (I once interviewed with a company that was interested in getting into the space tourism business; when I was asked what was more important, “Getting there first or being safest?”, I answered that the engineering reliability had to come first to ensure the best possible degree of reliability from both and ethical and business standpoint. The look on the interviewer’s face indicated that he didn’t care for the answer, but at that point, I wasn’t terribly interested in the job.)
I personally think that space tourism is kind of a horribly unsustainable industry because it encourages this sort of fantasy view about the utility and surity of space travel as being a kind of novelty instead of a serious endeavor to advance the technical capability for the benefit of the public at large rather than a handful of Internet tycoons. The reality is that there are very good reasons to send instruments into space (Earth observation, solar weather prediction, meteor hazard abatement, telecommunications, planetary exploration, and astronomy free of the haze of Earth’s atmosphere), and by doing so, we will inevitably develop the kind of reliability and technical capability to send people, not just to see the stars for a few minutes or visit in a tin can for a few weeks but to live in habitats built from space materials which provide a safe, terrestrial-like environment. The leap from something like the ISS to habitats, however, is just too large, expensive, and hazardous for people do it by themselves, much less from suborbital tourism. If we’re going to build habitats, explore interplanetary space with more than just the occasional probe, and eventually move outbound from our system, we will absolutely need automated and remote capability to perform all of the tasks that we are ill-suited to do. Space tourism does absolutely nothing to advance any of that any more than “eco-tourism” combats global climate change.
All of this is true from a normal launch vehicle manufacturing perspective, but it also highlights all of that which is limiting about the way we build launch vehicles, e.g. as delicate devices requiring high performance. However, we build sea-going vessels of all sorts of dimensions and shapes with no substantial difficulty. They are, of course, build to looser tolerances and since they are built in dry docks near a harbor we don’t have to worry about transporting them over the road. Could we launch something built like a sea vessel into space? With enough propellant volume, you can launch most anything, even if your performance ratio is kind of poor, and the larger and more squat you make a vessel the easier it becomes to get a more favorable mass ratio. Bob Truax certainly believed and promoted the concept in the form of the Sea Dragon. I have a toy model of a launch vehicle I’ve worked on over the years that, while ostensibly land based could be launched from a semi-submerged sea platform, and with sufficient scaling can achieve almost SSTO performance, allowing a large first stage booster to essentially launch a small second stage boost vehicle into an orbital trajectory. And with projected improvements in continuous wave detonation engines, a relatively inexpensive and low carbon footprint fuel like dimethyl ether could be used instead of more costly RP-1 or troublesome LH[SUB]2[/SUB].
So, while there are genuine reasons why the industry sticks with long cylindrical vehicles, there are also good reasons and workarounds to the problems for using squat conical or pyramidal configurations.
Stranger
This is a frequently repeated story. However the actual historical account is different.
In the CAIB hearings Bob Thompson (Space Shuttle Program Manager from 1970 to 1981) said: “NASA did not put cross range in the vehicle because the Air Force forced us to. NASA put cross range in the vehicle because we thought that was the right way to build the vehicle and it just happened to give the Air Force some capability they wanted. But we wanted it for abort capability during the launch and we wanted to start flying the vehicle right at entry. We didn’t want to keep the thing above stall all the way down to landing area and then flip it around. So the myth that the Air Force made us do something we didn’t want to do is absolutely a myth.” http://caib1.nasa.gov/events/public_hearings/20030423/transcript_am.html
This was reiterated by Charles Donlan, acting director of the shuttle program office, who said “high cross range was ‘fundamental to the operation of the orbiter.’ It would enhance its maneuverability, greatly broadening the opportunities to abort a mission and perhaps save the lives of astronauts. High cross range would also provide more frequent opportunities to return to Kennedy Space Center in the course of a normal mission…Delta wings also held advantages that were entirely separate from cross range. A delta orbiter would be stable in flight from hypersonic to subsonic speeds, throughout a wide range of nose-high attitudes. The aerodynamic flow over such an orbiter would be smooth and predictable, thereby permitting accurate forecasts of heating during re-entry and giving confidence in the design of the shuttle’s thermal protection. In addition, the delta vehicle would experience relatively low temperatures of 600 to 800 ° F over its sides and upper surfaces…This combination of aerodynamic and operational advantages led Donlan to favor the delta for reasons that were entirely separate from those of the Air Force.” – History of Hypersonics
The Chrysler SERV was a paper design, and we can’t tell much about the ultimate feasibility from that. VentureStar also looked good on paper before someone had to physically design it, fabricate it and make it work.
However it is obvious the SERV was very complicated and would have entailed extreme technical risk. It required new aerospike engines, sliding protective doors to cover those during reentry, twenty-eight to forty (!!) turbojet lift engines for landing propulsion, JP4 fuel and support systems for those (including yet more sliding intake doors for the jets), and it would have required SSTO performance when no SSTO before or since has ever been demonstrated even on a small scale. It would have also used ablative thermal protection which would have required extensive servicing after each flight. For more details see Jenkins’ book.