
SpaceX's Starship Mk1 just blew off its bulkhead in a pressurization accident - _Microft
https://twitter.com/NASASpaceflight/status/1197265917589303296
======
double0jimb0
I read this was a manufacturing pathfinder.

Manufacturing and assembly of high strength hardened steel is near black art.

Pathfinders do exactly what they say, they lead you through unknown territory
to the outcome of the manufacturing journey you embarked on. Often things go
boom, you find out why, add it to your corpus of black art knowledge, and keep
pathfinding until you run out of budget / succeed / change mission.

So as manufacturing pathfinder, this is what success often looks like.

~~~
CPLX
I must admit that Elon has done some fairly impressive things, and I respect
his hustle and innovation.

With that said, the cult that surrounds his projects where people say things
like "this is what success looks like" when a big metal thing blows up
unexpectedly or robot car goes flying off an exit ramp is a never ending
source of amusement.

~~~
danielbln
The cult is funny indeed, but do mind that the giant SpaceX booster rockets
exploded in giant balls of fire a LOT before they eventually (and reliably)
landed like in a sci-fi movie, on land and on a moving boat. SpaceX has earned
some benefit of the doubt.

~~~
AnIdiotOnTheNet
I don't think the issue is that a prototype didn't function as desired, it's
the re-framing of that event as a "success" that reeks of cult-like worship
mentality.

When something doesn't behave as desired, it is a failure. You can learn from
failure, that's how you get to success, but the failure itself is not a
success.

~~~
prestonh
I agree calling it a success is too rosy, but I think people are really
thinking od this as progress, not a regression like the event itself would
naively suggest, because the company relies on hardware failure to inform
design improvements.

------
boznz
"You will learn more from your failures than your successes - so embrace those
mistakes, as difficult as that sounds, and grow from them. When a project is
successful, you're never really sure why, because so many elements come into
play. However, when you fail, you always know why. That is how you learn and
grow."

Lynda Resnick

------
NamTaf
Oh dear! It looks like someone accidentally divided by 2 for the cylindrical
hoop stresses, forgetting that they're not the same equation as for spherical
stresses. :)

Less facetiously, a thin-walled cylinder's stress is a function of pressure,
radius and thickness with the equation:

sigma = P*r/t

whereas for a sphere (including the spherical end caps on a cylindrical
pressure vessel), it follows the equation:

sigma = Pr/(2t)

To me, it looked like it failed around the join between the spherical end cap
and the cylindrical body, where this transition between stress regimes occurs,
which is a common weak spot in the above analysis. This is a canonical early
engineering statics problem.

It's worth noting, though, that all of the above is almost certainly a gross
simplification and likely has very little bearing on the actual problem. It's
fun to simplify and hypothesise, though! Also, unplanned failures make for
great viewing :)

~~~
taneq
That's why you take your maximum design stress and double it, right? /s

~~~
namirez
I don't know what happened here, but if I remember correctly, in rockets,
safety factor is typically smaller than 2 or the design would be too heavy.
But I guess the safety factor for pressure testing is 4.

Source: article 6.8.2.2 of this document;
[https://www.faa.gov/about/office_org/headquarters_offices/as...](https://www.faa.gov/about/office_org/headquarters_offices/ast/reports_studies/library/media/Operational_Guidelines_for_Spaceflight_Pressure_Vessels.pdf)

Edit: I didn't see the "/s" before writing this comment.

~~~
dehrmann
> in rockets, safety factor is typically smaller than 2 or the design would be
> too heavy

Safety factors feel like p-values. Why .05? Because. What if it's not good
enough? We'll move the goal post.

~~~
NamTaf
They are, somewhat. You can theoretically make a safety factor 1.0 if you're
really absolutely certain of the input criteria.

Safety factor is really just a (somewhat blunt) method of managing risk. It's
just admitting that we don't know the true load spectra that a design is
exposed to, so we take what we believe is the max load and then slap a
multiplier on it to manage how much uncertainty we expect, be it from
estimates of that load, or dynamic factors, etc. etc.

We then also consider the consequence (since risk = likelihood x consequence).
If the consequence of a failure is that our balsa-wood model bridge falls
over, we shrug and keep it low. If it's that our pressure vessel undergoese a
BLEVE [1] in the middle of a population centre then you jack it right the hell
up.

There's nothing that specifically requires a safety factor. We could spend
millions of dollars and thousands of hours understanding _exactly_ the load
spectra a design experiences, but that may be prohibitively expensive in the
case of designing a bridge, so we instead accommodate more risk by
overdesigning the item. In a space application where every kg of launch mass
represents big $$$, then spending that extra time and money to understand the
load specifics in more detail makes sense.

[1]:
[https://en.wikipedia.org/wiki/BLEVE](https://en.wikipedia.org/wiki/BLEVE)

~~~
TeMPOraL
Safety factors also mitigate stupidity (your bridge is rated for load X, but
someone drives 1.1 X through it because they're in a hurry) and cascade
failures (a component upstream of yours fails and sends more load down your
way).

~~~
jefftk
Those both sound like kinds of ways the real maximum load could be higher than
what you've called your maximum load

~~~
TeMPOraL
Only as long as your "real maximum load" != "announced maximum load". For the
type of stupidity mitigation I mentioned, you want the real maximum load to be
greater than the max load you announce to the customer/users. For mitigating
cascade failures, you want the real maximum load to be greater than the
maximum load value meant to be used internally by people designing other
components in the system (though here, a smarter way would be to do a system-
wide analysis of load flows to prevent cascade failures under user stupidity;
however, here we're rapidly approaching the point at which I just talk out of
my ass, having no real expertise on the topic).

~~~
NamTaf
There's also some benefit in throwing a moderate safety factor on something if
it doesn't actually compromise the intended form or function of the component,
just as future insurance. For example, if you design a bit of equipment to
take a certain load, but there's no size or mass constraints on it, and you
can throw a 1.5x safety factor on, then it's not necessarily a bad thing. Even
if your 'true' load as measured over several years of service only ends up
being 1.2x, then the extra 0.3 or so can come in useful if a future engineer
has to make modifications to the function of the device, or if they are asked
to evaluate a life extension, etc.

In less words, I'm eternally thankful that I work in an era where much of the
older equipment I used was designed in an era of slide rule. This means
there's a bit of extra 'meat' in the designs which often means that when I do
a more precise computational analysis, I can deal with 10% material loss
through corrosion, or extend out the life by some period of time because it's
not been designed precisely to the material limits.

~~~
TeMPOraL
> _I 'm eternally thankful that I work in an era where much of the older
> equipment I used was designed in an era of slide rule._

Yes, I feel this way too. The knowledge and tooling of modern engineers is
amazing, and can do miracles when applied to tasks that seemed impossible just
a century ago. But more often than not, it's used to pinch pennies from old
designs. This makes me wish for infrastructure projects to be forced to be
designed with slide rules again - the less precise your determination of
maximum load is, the less the beancounters can "optimize" it.

This is doubly sad in our era, where matter is cheap and labor is expensive -
adding extra safety margin can be almost free, but it's an easy target for
cost reduction.

------
hsnewman
And that's why they are testing it.

~~~
lmilcin
Depends on what kind of test that was supposed to be.

If they pumped it until it explodes it would be a kind of test (also called
experiment) where it makes sense.

If you design something with a margin of safety, then pump it to working
pressure and it blows, then it means you made a mistake. If you made a mistake
it shows you don't know what is necessary to design a rocket (yet).

Seriously, they don't build skyscrapers or bridges and leave for 5 days to see
if they topple to prove the design was correct.

~~~
Retric
Rockets are designed to have a vastly lower margin of safety. If they never
fail in testing that’s a sign you’re over engineering it and sacrificing cargo
capacity, which is a bad thing. That said, these failures should be uncommon.

~~~
sfifs
That's basically been the conventional thinking about rocketry historically -
scientists and engineers looked at the tyranny of the rocket equation and
choose to maximize payload per launch because they were largely funded by
government or quasi government "cost plus" types of contracts. The design
philosophy of working close to margins comes from this thinking.

SpaceX's greatest contribution has been to look at rocketry from the point of
view of economics of running a rocket launching business as opposed to a "per
launch cost plus" model realizing that fuel cost for launching a rocket is
close to trivial compared to the facrication cost of making a rocket.

So their entire design philosophy is around reusability and reusability seems
to push costs down low enough that you can get more payload up by simply doing
more launches. While SpaceX is famous for not filing patents and instead
protecting their IP using the trade secret approach and fabricating everything
in-house, you can bet they'll be operating with more engineering headroom to
get reliability and reusability.

Evidence for their bet having been right is the fact that they have grabbed
virtually 100% of commercial and quasi-governmental launches and some part of
US government launches. Other players in this space now almost entirely depend
on defence contracts or national prestige contracts to survive.

~~~
garmaine
Doesn't matter. If you take the conservative assumptions that go into
manufacturing, say, a car and apply those to a rocket, you'll get something
that won't even lift off the ground, much less make orbit.

Any rocket HAS to be very close to the limits of what materials used allow,
and not the +50% margin of error you routinely seen in other fields. What you
say about SpaceX is true, but only relative to the rocket industry as a whole.
E.g. SpaceX uses cheap, available materials and simple designs over exotic
composites and complex mechanisms. But they still operate close to the
margins, as they have to in order to have any payload capacity at all. In
fact, the move to steel probably reduced their mass margins even further.

EDIT: Actually maybe I shouldn't have used a car as an example:
[https://www.youtube.com/watch?v=pJdrlWR-
yFM](https://www.youtube.com/watch?v=pJdrlWR-yFM)

~~~
sfifs
The video is hilarious! Thanks for sharing!

~~~
garmaine
My favorite part is the look on the engineer's faces when they're asked to
turn a Robin Reliant into a Space Shuttle.

"Have you got a spare billion dollars?"

"No. That's why we came to you."

------
cracker_jacks
Is the Starship Mk1 more structurally sound than it looks? From a first glance
and having no knowledge of its design, it looks like an empty soda can that
would deform at the slightest disturbance. And the way it crumpled in the
video doesn't seem far off from what I would expect.

~~~
roywiggins
Rockets are actually pretty easy to poke holes in. They're meant to keep stuff
in, not out. A dropped torque wrench blew up a Titan.

[https://en.m.wikipedia.org/wiki/1980_Damascus_Titan_missile_...](https://en.m.wikipedia.org/wiki/1980_Damascus_Titan_missile_explosion)

~~~
contravariant
It's somewhat impressive that the actual nuclear warhead didn't so much as
leak. Which is what's supposed to happen but still you don't usually design
something to withstand a botched missile launch capable of 'catapulting' a 740
ton door.

~~~
missosoup
There wouldn't be much to 'leak'. The nuclear material in weapons is
relatively safe to handle as long as you don't ingest it. It's the post-
explosion fission products that are nasty.

Also with nuclear weapons, as much engineering has gone into safety as into
weapon design itself. It's astronomically improbable for a modern nuclear
weapon to detonate prior to arming even if the explosive lens is set off.

The reentry vehicle is designed to come down at circa mach 14 so a little bit
of heat and jostling isn't going to bother it.

Cool video about some of the engineering involved:
[https://www.youtube.com/watch?v=97t7Xj_iBv0](https://www.youtube.com/watch?v=97t7Xj_iBv0)

~~~
ncmncm
The word "safety" in connection with nukes has been redefined to mean "it
blows when you push the button". So the DOE's responsibility to maintain the
"safety" of the arsenal sounds much better than it is.

Not blowing up when you don't push the button doesn't have a name.

When they actually dropped a pair by accident from a B-52, both got very far
into their ignition sequence before something failed. Questions were Asked,
after. So it is probably better now. Here. Russia? Israel? India? No telling.

~~~
missosoup
You're talking about an incident involving a mark-39 bomb which was built in
the 1950s, the same time period when USA ran reactors with a man wielding an
axe to cut rope to drop control rods as an emergency shutdown measure.

We have come a long, _long_ way since then in nuclear safety both in weapons
and reactors.

~~~
ncmncm
Who is "we"?

Does it include Rick Perry? You are aware that the supposed secret "nuke
launch code" was seventeen zeroes?

~~~
missosoup
The code you're talking about is the final step in a long sequence of events
that requires positive authorisation from 6+ individuals from the president
down.

By the time you've punched in the code, whether it's an OTP or seventeen
zeroes, you've already committed a missile to a target and you're already 100%
going to go through with the launch because two missile combat crew members
turned their keys.

Russia doesn't even bother with these kinds of codes. Their second strike
capability is fully autonomous and will launch even if all of c&c infra is
destroyed.

This also has absolutely nothing to do with the mechanical intrinsic safety of
the actual nuclear weapon during a fire or the RV that carries it. Which is
the original topic at hand. The code is just an extra step to arm the weapon.
The physical safeties are there to 99.999% guarantee that the weapon will not
detonate unless armed. Even if you try really really hard to detonate it.

More thinking has gone into each tiny element of this process including the
kind of paint used on bombs, than you have given to the topic as a whole.

------
_Microft
It looks as if not only the bulkhead got separated but also the top-most ring
where it was attached. I don't remember right now how that section looked, but
maybe it was not the bulkhead at a fault but the seam between the first and
second ring from the top.

~~~
SECProto
I agree that's what it looks like. Interestingly, during fabrication, the
bulkhead was attached to the ring, and then the whole ring was lifted up and
welded on. Maybe there was interaction of the heat affected area from the two
welds? The bulkhead was welded only ~100mm up from the bottom of the ring.

------
perspective1
During prototype tests you don't have to target 6-sigma, obviously, but I hope
we get a post-mortem without spin.

~~~
vkou
When their entire business depends on very carefully managing their PR, you're
not going to get a public post-mortem without spin.

If a government regulator runs the investigation, you might. I don't know if a
regulator's going to get involved in this, though.

~~~
senectus1
> When their entire business depends on very carefully managing their PR

You really think this? My perception is that their PR is fairly blunt and
upfront. while they may not tell you _everything_ they dont seem to be trying
to "spin" anything

~~~
Rebelgecko
>they dont seem to be trying to "spin" anything

Compare their statements about the cause of the CRS-7 explosion to NASA's.

~~~
Diederich
I dug around and didn't find an official SpaceX statement. The cause was a
poorly constructed struct they bought from a 3rd party company.

> Compare their statements about the cause of the CRS-7 explosion to NASA's.

Did NASA's and SpaceX's statements differ in content?

~~~
Rebelgecko
SpaceX statement:
[https://www.spacex.com/news/2015/07/20/crs-7-investigation-u...](https://www.spacex.com/news/2015/07/20/crs-7-investigation-
update)

NASA accident investigation report:
[https://www.nasa.gov/sites/default/files/atoms/files/public_...](https://www.nasa.gov/sites/default/files/atoms/files/public_summary_nasa_irt_spacex_crs-7_final.pdf)

TBF the NASA report came much later than the SpaceX explanation. However it
might be of interest to compare:

SpaceX explanation of why looking at the right telemetry is hard vs "Technical
Finding 4" from NASA.

SpaceX explanation of the strut's "certifications" and max load vs "Technical
Finding 1" (and the longer explanation earlier in the document, you can do a
control-f for "Where the IRT differs with SpaceX is in regards to the
initiating cause")

~~~
cbhl
"SpaceX chose to use an industrial grade (as opposed to aerospace grade) ...
cast part"

Hmm.. Isn't this a common cost-cutting strategy for Musk's companies? The
touchscreen in the Model 3s was (is?) also industrial grade, if I recall
correctly.

~~~
jacquesm
> The touchscreen in the Model 3s was (is?) also industrial grade, if I recall
> correctly.

Isn't that exactly what it should be? Or would you expect aerospace grade
material there? Or is there yet another grade in between called 'automotive'?

~~~
tomatotomato37
Yup! I think the common electronic tolerances go: commerical, industrial,
automative, military, aerospace, and then space, though I may be missing one
or two.

------
andrewflnr
If you go back a couple hours in the linked live feed you can find the event
pretty easily. Look for the big plume in the preview when you hover over the
progress bar. About 1:50 ago at this working writing. I guess it would have
been around 1540 EST.

~~~
zionic
Looks like the welds holding the bulkhead on failed.

For those who aren't keeping up with this the failure was on the Mk1
prototype. Mk2 has been build nearly in parallel with Mk1 and will take over
early flight testing (20km hop). Elon has tweeted that this team will jump to
Mk3 instead of trying to repair Mk1.

~~~
WalterBright
Airliners rarely use welds because they're very hard to make with consistent
high quality and are also very hard to inspect. Instead, they're riveted
together.

~~~
bdamm
There are airplanes constructed with chemical bonding as well, such as the
Boeing 787 Dreamliner and my personal favorite, the AA-1, released in 1967!
Welded airplanes are practically nonexistent, but there are techniques other
than riveting. And with the rise in popularity of composite materials, we're
likely to see fewer and fewer rivets on airplanes.

------
Ajedi32
Comment from Elon Musk:
[https://twitter.com/elonmusk/status/1197271943180771329](https://twitter.com/elonmusk/status/1197271943180771329)

Official SpaceX statement:
[https://twitter.com/thesheetztweetz/status/11973066177605591...](https://twitter.com/thesheetztweetz/status/1197306617760559104)

------
TheSpiceIsLife
I don’t know the specifics of this particular setup, but aren’t pressure
vessels usually tested hydrostatically.

Water, for example, can be pressurised without actually compressing, and
therefore doesn’t undergo rapid expansion when a failure occurs.

There may be reason that precluded pressure testing with a fluid tough.

~~~
AWildC182
Compared to the fuels that the vessel is designed to carry, water might as
well be liquid lead. It would easily crush the structure before you got enough
in there to do hydro testing.

Edit: correction, looks like they're using methane/LOX. Methane is 422g/L and
LOX is 1141g/L (compared to water at 1000g/L). If it was the LOX tank then
they could have probably hydro tested it. Not so much with the CH4 which is
probably the upper tank? It also bears mentioning that they would want to test
at the appropriate temperatures. Water isn't great for hydro testing at
LOX/liquid CH4 temps.

~~~
m0zg
How do you "hydro" test it at cryogenic temperatures, where physical
properties of the vessel material are markedly different?

------
MR4D
Just another test.

However...

To me there is an issue with large diameter pressured tubes - the point where
the tube connects to the top is affected by the surface area divided by the
diameter. Obviously one of those scales linearly, and the other squared.

That suggests to me (I'm definitely not a rocket scientist!) that the upper
bound might be smaller than this diameter, or the weight will have to increase
in order to beef up the strength of this point.

Pretty interesting problem to deal with now that they are this far into the
design. I'm sure there are many possible solutions, and it will be fun to see
what they come up with.

------
SergeAx
Nothing blows up means you aren't innovative enough.

------
torgian
I think it’s good. Better to find the flaws now and do a resdesign, instead of
having astronaughts being blown out into space ;)

------
jjuliano
They should opt for a single block of stainless steel carved into a rocket as
a unibody design for added strength.

~~~
weinzierl
Not the whole rocket obviously but milling the tank from a whole block has
been done.

------
killion
I haven’t seen an mention if anyone was injured. Was there someone on the
cherry picker?

~~~
elteto
You would never have people around when doing high pressure ops. This might
even have been a proof test, where the tank is pressurized to test for leaks
so something like this failure is a plausible scenario.

------
sfblah
Whoever gets in that thing is spam in a can /s (quote from the right stuff)

------
tus88
Does fail early apply to Space tech development?

~~~
JshWright
It's worked fairly well for SpaceX so far...

------
paraiuspau
"Was that the primary buffer panel?"

------
djohnston
for some reason i feel like im watching a 2nd grader's baking soda volcano
project. i guess it's the perspective of the camera, or im not accustomed to
the looks of prototype rockets, but to me it looks like a paper mache diorama

~~~
ohazi
Starship looks particularly shoddy because it's made from relatively small
steel plates welded together. The welding process causes each plate to warp
slightly, so the end result looks like a quilt rather than a nice uniformly
smooth cylinder. Most rockets don't look like this. Most prototype rockets
don't look like this either.

The argument has been that this is good enough to start testing structural
features, and probably also good enough to do a little bit of low-stress
flying as well. The first argument seems sound. I'm not so sure about the
second... there are a _lot_ of welds. At least a few of them are likely to be
structurally unsound, and assessing weld quality is difficult.

In any case, for the "real" Starship, they plan to use a technique similar to
the one they use on Falcon, where they roll a huge metal plate and then stir-
friction weld along the seam. This kind of tooling is difficult and expensive
to set up, and the configuration of the machinery and the material depends a
lot on the actual design, which hasn't been finalized yet.

Apparently they're using thicker steel then they plan to use on the
monolithically constructed version to compensate for weld quality, but I don't
know... weld seams are great stress concentrators, and stress concentrations
are where fractures are likely to form, and fractures on the skin of a rocket
are usually catastrophic failures. All it takes is one defect.

------
LandR
The front fell off!

------
londons_explore
Aren't pressure tests done with water?

That way, since water is non-compressible, if it fails, you just get a small
hole or buldge somewhere rather than the catastrophic damage seen here.

Perhaps they already tested with water and now needed to test with the real
fuel/oxygen to get the temperature correct?

~~~
taneq
Is it strong enough to take a full tank of water? Liquid methane weighs less
than half what water weighs.

~~~
JshWright
Liquid oxygen weighs more than water though...

~~~
taneq
True, although only slightly. Of course, it also wouldn't be trying to take
off with a full tank of water and you'd expect it to pull at least 2G during
takeoff (do we have an actual figure?) so I'm guessing the answer would be
'yes, it could take it'?

------
new_realist
This integration test is _way_ too late to be finding faults like these. This
is top down design, which is expensive an error prone. The ship should be
designed and tested in a bottom up fashion, such that the failure modes of
every individual component is already known, as per Feynman. SpaceX is
repeating the mistakes of the Space Shuttle program.

------
dehrmann
There was a post on HN a few days ago about how SpaceX got a full examination,
while Boeing more or less got a pass from Nasa. This is a different vehicle,
but it gives an idea of the maturity of SpaceX. And yes, the earlier story was
really more about trying to establish a pattern around the 737 Max failure,
but that issue was at least complicated. This is just sloppy.

[1]:
[https://news.ycombinator.com/item?id=21574080](https://news.ycombinator.com/item?id=21574080)

------
kev009
I had an unpopular opinion amongst friends that this thing looked like a total
piece of shit, like a movie prop. They were using rented lifts and cranes to
assemble it in the field. Clock right twice a day or maybe there's a reason
everything about Apollo spacecraft was meticulously assembled.

~~~
cyrux004
I wish more smart people like you worked there.

~~~
cududa
Yes because without this dude they would’ve never invented self landing
reusable rockets

