SpaceX understands trade-offs, even if some of its critics don't.
Trading reliability off against complexity: the 33 engines of SpaceX's Starship Booster.
A long time ago, in the faculty club of a university not that far from San Francisco, a non-engineer told an engineer that the Airbus A330 was superior to the Boeing 747 because it only had two engines instead of four, hence only half the potential points of failure.
The engineer, with the tact and social grace usual of the species, told the non-engineer that when an engine fails on a 747, that removes 1/4 of the available power, but when an engine fails on an A330, that removes 1/2 the available power.1 (This quantitative statement may have been preceded by "That's really stupid!," or words to that effect.)
This kind of trade-off is common in systems that need high uptime or reliability: adding more service elements introduces more points of failure, some of which may precipitate a generalized system failure (if the engine blows up and takes the wing with it), but it also adds redundancy in case an element fails without that failure taking out the entire system.
We are reminded of this by a discussion going on regarding the large number of engines on the SpaceX’s Starship Booster, 33. An example:
Let’s illustrate the issues using some hypothetical numbers. For starters, let's say that for a mission the booster needs the nominal thrust of 30 engines, which can be also achieved by maximum thrust of 25. So, a mission can proceed as long as 25 engines are working (again, this is hypothetical and for illustration only).
For example, on the ill-fated Apollo 13 mission, the second stage inboard engine (the center of five) shut down early, but the other four engines had enough reserve thrust to compensate and keep the mission within the operational envelope. (The mission went on to have some problems, as we may recall, but engine redundancy worked as expected.)
We'll assume some probability P(fail) for individual engine failure with no further consequences other than loss of thrust, all failures to be independent events. This allows us to see the value of redundancy to reliability.
We'll also assume that there's a (much smaller) probability that a failure of some element of an engine causes mission failure (for example, takes out the pipes bringing in the fuel and oxidizer to all engines), call it P(blow); again these are independent events and also independent of the thrust failure. This allows us to see the cost of redundancy through increasing complexity.
The figure below shows the individual effects and the combined effect for P(fail)= 0.5% and P(blow) = 125 PPM or 0.0125%.
(These are hypothetical numbers, much too high, chosen to show an effect in the charts and an internal solution, i.e. to show a minimum probability of failure. For reasonable numbers, the optimal number of engines can go past 33, though at that point cost and space for them on the base of the rocket come into play.)
There, the effect is easily visible and, as expected, engineering makes sense.2
To see the power of redundancy, let’s compare two situations, one where SpaceX decides to just use the necessary 25 engines and one where they act like engineers and understand that things that can go wrong will go wrong, and therefore they include 33 engines (still being able to complete the mission with only 25 in extremis circumstances).
Plotting the probability of mission failure as a function of the probability of single engine failure, P(fail), for both cases, we can see the value of redundancy to reliability quite clearly (just by comparing the scales on the Y axis, really):
Now, once we're past this basic lesson in engineering trade-off calculation, we can look at the incentives and psychology of the discussion, for a lighter side of the post. Or maybe a darker side of humanity.
It should be more or less obvious by now that SpaceX engineers know what they're doing: they have made the greatest change in spacefaring in decades: a reusable booster on an orbital rocket that, while not as fast-reusable as an airliner, doesn't require as much rework and refurbishing as the Space Shuttle.
So, what can we read — other than ignorance, always a good explanation — in so much criticism of the design choices for the Spaceship Booster?
Possibly a combination of dislike of Elon Musk (admittedly a controversial figure) and unhappiness with the idea of private spacefaring, the other large space companies being pretty much arms of the government (part of what Eisenhower called the Military-Industrial Complex, but on a global scale).
But let's not dismiss the possibility of good old-fashioned malevolent envy: the desire that others fail for no reason other than one envies their success.
SpaceX does seem to bring out a lot of that, what will all their — hard-earned and well-deserved — successes.
Twin-engine jets are dimensioned so that they can fly on single-engine power. Twin piston-engine planes that lose one engine, as the joke goes, have enough power to fly all the way to the scene of the crash.
Note how fast the probability of a failure through lack of thrust drops (log scale); the linearity of the probability of blow-up on the number of engines has to do with the behavior of very small probabilities, where the incremental combined effect (second-order effect) is so small it doesn’t show in the chart (it’s many decimals down).