[AR] Re: Quiet times, so OT question

From: Henry Spencer <hspencer@xxxxxxxxxxxxx>
To: Arocket List <arocket@xxxxxxxxxxxxx>
Date: Mon, 19 Dec 2022 18:25:10 -0500 (EST)

On Mon, 19 Dec 2022, Matthew JL wrote:

That’s exactly the idea - propellant is a low-risk, highly fungible commodity and the kind of vehicles that might exclusively ship it can accept a low reliability and thus a low cost.

I've never been able to buy this. In practice, the costs of a failure go well beyond just the loss of the cargo, and the tolerable failure rate is therefore lower than you might at first think. (Exception: some types of military hardware *in wartime*.)

Moreover, I don't know how to design a vehicle with (say) 80% reliability. If you don't get the design and manufacturing basically right, the number will be variable and unpredictable and could easily go much lower than that. If you *do* get the basics right, the number will generally be rather higher than that. Only when you start chasing the second or third digit, do you get into the regime where expensive things like multiple redundancy make significant contributions.

We have, um, I think it's 45 satellites in orbit now. (Depends on how you count a few cases where we didn't build the whole thing.) 43 got off the launcher intact, all of those worked, and almost all are still working. Our first, MOST, with a three-year design life, finally died in its 16th year. Almost all of them have been almost all single-string, with redundancy in only a few places where it didn't cost much or seemed especially desirable. Those bits of redundancy did lengthen MOST's life, but they haven't been relevant to AISSat-1 (still in operational service in its 13th year). They've come in handy in, um, I think one or two cases other than MOST.

Despite what some antiquated reliability-estimation methods implicitly claim, most failures are *not* random component failures -- they are design defects of one kind or another. Those can give you a 50% failure rate just as easily as a 0.5% failure rate, and they can easily affect all copies of a redundant system. Clean them out, getting up into the range where random component failures and semi-random weird happenstances actually matter, and you're probably well above 90% reliability already. The idea that you can save lots of money by setting your sights lower than that seems like sheer fantasy.

Henry

Follow-Ups:
- [AR] Re: Quiet times, so OT question
  - From: Alain Fournier

References:
- [AR] Quiet times, so OT question
  - From: Troy Prideaux
- [AR] Re: Quiet times, so OT question
  - From: Henry Spencer
- [AR] Re: Quiet times, so OT question
  - From: Ross Borden
- [AR] Re: Quiet times, so OT question
  - From: roxanna Mason
- [AR] Re: Quiet times, so OT question
  - From: Henry Spencer
- [AR] Re: Quiet times, so OT question
  - From: roxanna Mason
- [AR] Re: Quiet times, so OT question
  - From: Matthew JL
- [AR] Re: Quiet times, so OT question
  - From: Alexander Mikhailov
- [AR] Re: Quiet times, so OT question
  - From: Matthew JL
- [AR] Re: Quiet times, so OT question
  - From: roxanna Mason
- [AR] Re: Quiet times, so OT question
  - From: Matthew JL
- [AR] Re: Quiet times, so OT question
  - From: roxanna Mason
- [AR] Re: Quiet times, so OT question
  - From: Robert Steinke
- [AR] Re: Quiet times, so OT question
  - From: Matthew JL

[AR] Re: Quiet times, so OT question

Other related posts: