The official predicated catastrophic failure rate for the Shuttle has been about 3% per launch from the time that the design was finalized. Various upgrades to improve safety haven't changed this number, since the "unknown unknowns" the dominant failure mode.<p>This failure rate, of course, was close to what we observed in experience.<p>What's funny about this is they were planning about 50 launches a year at the beginning, which, if they believed their own numbers, would have mean the loss of a vehicle and crew every year, and the complete destruction (or replacement?) of the Shuttle fleet on the time scale of five years or so.<p>The first failure (much like Three Mile Island) could be dismissed as a fluke, a problem which could be fixed. The second failure (like Fukushima) represented a typical failur e mode -- there was a lot of hand-wringing over the ceramic tiles on the first few shuttle flights, and after a few flights without a disaster, NASA assumed there was nothing to worry about, and that was wrong. The shuttle program was ended because there's no way to make the ceramic tiles safe.<p>Now, Fukushima is an extreme case of a failure -- it was probably the worst built nuclear power plant in the most dangerous location, but it represents the most likely LWR failure mode: not a stuck valve or simple operator error, but a major catastrophe that prevents cooling of the core and spent fuel. Unlike the shuttle, we can make that a lot less likely.
"Only realistic flight schedules should be proposed—schedules that have a reasonable chance of being met. If in this way the government would not support NASA, then so be it. NASA owes it to the citizens from whom it asks support to be frank, honest, and informative, so that these citizens can make the wisest decisions for the use of their limited resources. For a successful technology, reality must take precedence over public relations, for Nature cannot be fooled."<p>Great guy. Also: <a href="http://www.haveabit.com/feynman/14002" rel="nofollow">http://www.haveabit.com/feynman/14002</a>
<p><pre><code> There is not enough room in the memory of the main line computers
for all the programs of ascent, descent, and payload programs in
flight, so the memory is loaded about four time from tapes, by the
astronauts.</code></pre>
<p><pre><code> There are perpetual requests for changes as new payloads and new demands
and modifications are suggested by the users. Changes are expensive because
they require extensive testing. The proper way to save money is to curtail
the number of requested changes, not the quality of testing for each.
</code></pre>
Preach it.
It must have been great to be the software team when this report hit. It's the only part of the engineering Feynman thinks is really good:<p>"To summarize then, the computer software checking system and attitude is of the highest quality."<p>And this is a good example of Conway's Law too, that software grows to resemble its organization. You can imagine that the software team at NASA during this time was the very bleeding edge of software - it was a somewhat new field, and they were doing the most dangerous stuff. I bet they recruited bright people, and those people's only assumption was that failure was not an option. They were probably used to their software failing all the time - they planend for the worst, and expected the worst, and had no preconceptions about their own abilities.<p>Compare that to the hardware side of things, probably filled with old-school aviation engineers who had been around the world a few times. The managers making the 1 in 100 calculations were probably hardware guys in the past too, because there weren't too many 45 year old programmers when this report came out.<p>And so they go in, with experience that says airplanes don't crash very much, and a space shuttle is just a big airplane. Cue the bureaucrats with their deadlines and budgets, and mix that with the arrogance of once-technical aviation engineer managers, and a 3% failure rate still sounds pretty rosy.
"When playing Russian roulette the fact that the first shot got off safely is little comfort for the next."<p>Love the quote, and something to bear in mind when evaluating less drastic forms of hazard. Anyone care to comment on Tufte's take on the graphics used by the Thiokol engineers? See<p><a href="http://www.asktog.com/books/challengerExerpt.html" rel="nofollow">http://www.asktog.com/books/challengerExerpt.html</a>