Software Bug Causes Soyuz To Land Way Off

howhardcanitbetocrea writes "A mysterious software fault in the new guidance computer of the Soyuz TMA-1 spacecraft was the cause of the high-anxiety off-course landing over the weekend, according to NASA sources.' Which is why I will never trust the Strategic Defence Initiative - the star wars project. It only takes one line of mistyped code in what will always be a beta release."

In Soviet Russia...

[TheVidiot]

ahhh... it's just too obvious!

Re:In Soviet Russia...

[Scoria]

No, it isn't. I haven't ever observed this joke. Is this intended to be humorous? In Soviet Russia, what? I'm confused. :-)

Re:In Soviet Russia...

[Jeremiah+Cornelius]

"Soviet Russia" references may be the obvios start for a thread here... But this is a site for Nerds.

Did any one other than myself notice that the Soyuz module is named TMA-1?
If I'm not mistaken, that was the name of the spooky monument site in Clarke's "2001, a Space Odyssey".
Tycho Magnetic Anomaly One...

Mysterious?

[handy_vandal]

Software faults are not mysterious -- people are ignorant.

Re:Mysterious?

[1u3hr]

They don't have to worry, by their logic, bugs in the software for the ICBM's will cause them to land so far off course that the SDI won't have to knock em' down anyway ;-)

I see the smiley, but I'll respond seriously anyway: ICBMs work, they've been tested for decades. SDI needs to intercept 100% of incoming warheads, and also cope wth countermeasures such as dozens of dummy "warheads", chaff, simultaneous attacks on the observation satellites, etc. If 100 warheads were launched with 100 megaton warheads, and only one or two got through, you'd lose at least 10 milion people. If 10 got through prepare to live in Mad Max country.

Re:Mysterious?

[1u3hr]

If other nations knew they had to build hundreds of missiles, countermeasure systems, etc., to plausibly threaten the United States, we might have a lot less of them trying to build those 10.

Anyone who does can spend an extra 10% on measures to defeat SDI. For instance metallic balloons the same shape as warhead look exactly the same on radar and cost pocket change.

Actually, at the present and for the foreseeable future, NOBODY (new; not including China and Russia who already have the capability) is trying to build a strategic missile force that threatens the US. This isn't something that you can do in the Dr Evil fashion, it's not something you can do in secret any more. The CIA had no credible threats on their reports till the Republicans changed the terms of reference to include the most unlikely threats that had been previously discounted. Thus the military-industrial complex gets an enormous porkbarrel to gorge on for decades to come.

If the US spent 5% of what it is proposed to spend on this futile SDI on altruistic aid programs they would eliminate enemies and threats much more reliably and permanently than engaging in another arms race and escalating tensions. Isolationism behind an impenetrable magic shield is just a fantasy.

No national leader is going to launch a ballistic missile attack now, for the same reason no one did in the last 50 years, because it's at best a Pyrrhic victory. Saddam didn't use his "WMD", if he ever had any, even though he was in the most desperate situation imaginable. Kim Jong Il is playing games to get food, everyone know that. Terrorists would use other methods. You can deliver a bomb on a cargo ship, have it detonate in a harbour and goodbye NY, SF, LA, etc.

Why single out SDI?

[1984]

Which is why I will never trust the Strategic Defence Initiative - the star wars project.

Or any software. You might want to consider the software all the weapons systems that actually exist first, or anything in a safety-related environment. Take a look at Risks Digest.

Re:Why single out SDI?

[FredThompson]

Yeah, well, the computer chip in your car would make the engine blow up while you're driving at high speed on a crowded road. THE FUCKING ROAD!!! A traffic signal could go wrong and you could get in an accident. A FUCKING ACCIDENT!!! The guidance system on an airplane could have a glitch and you crash. A FUCKING AIRPLANE!!! The registers in the supermarket use lasers to determine your bill. FUCKING LASER BEAMS!!!

You're being FUCKING STUPID!!!

Re:Why single out SDI?

[Doppler00]

Which is why I will never trust the Strategic Defence Initiative

And yet, you think I would want to put all my trust the sanity of other world leaders to not fire nuclear weapons at the U.S.?

There is nothing unsafe about a defensive nuclear missle. The key term here is "defence initiative". If the worst case scenerio happens that a weapon is fired at the U.S. at least there is some better chance of attacking the missle before it reaches the U.S. instead of sitting back watching the light show.

I don't understand why people doubt the technological capability of scientists and engineers to create a defensive system. With the amazing advancements in computers and science, this is just another advancement in technology.

Re:Why single out SDI?

[budgenator]

By the way, how can a chip in your car make the engine blow up?
1. shut off electric fan for radiator.
2. run engine excessively lean to over heat
3. leave transmition in first gear
4. run engine at 9,000 rpm's
5. continue until engine goes boom crunch, bang bang bang and the connecting rods come out the side of the engine block, and the crankshaft falls on to the pavement.

Dave?, What are you doing Dave?, you're not mad at me are you Dave? No HAL I'm not mad at you

Re:Why single out SDI?

[FredThompson]

Sigh...ok...here's how I know.

I've been a missile launch officer and worked on design of these systems while stationed at an agency that Hollywood seems to think is a bunch of hotshot secret agents performing martial arts moves Bruce Lee couldn't have perfected.

The 6 sigma (or whatever it is) analysis that goes into Space Shuttle stuff doesn't compare to the level of analysis/oversight for these types of systems.

Major weapons systems include, at least in the U.S. military, design elements commonly referred to as positive control and assurance. Well, similar terms depending on the weapons system.

These are to make sure the people/systems issuing a comand are the proper ones and also that what is commanded happens.

There are so many layers of hardware and procedure involving split knowledge, time-sensitive authorization, and configuration compliance that it is nigh impossible for any major system to be activated improperly or on a whim.

A LOT of thought and attention goes into these systems. Real Genius, War Games, Top Gun, Spies Like Us, etc. were fictional movies. Those don't represent the way things really are any more than Alias shows what the CIA and NSA are really like.

Sub-systems are tested for everything, just as they are for other major endeavors like a new car design.

There certainly comes a time of first use for any system. ALL our weapons systems are thoroughly tested before they're actually used. The missiles whose keys I controlled as a laungh officer were the same type that were test-launched from Vandenberg AFB a number of times. Had we ever launched one directly at some Soviet base to see if it would really work? No. Does that mean it wouldn't? No.

The basic premise that because something hasn't been done it is inherently impossible to predict what will happen just doesn't make sense. Every day the overwhelming majority of things you do have never happened before in the histoyr of human existance. (You've never put that pen to that piece of paper in exactly that manner, etc.)

Having said all of that, I agree that ICBMs and, to a lesser extent, SLBMs are not the most likely form of attack. A space-based system DOES, however, provide a focussed developmental environment for a huge number of technologies that would be very helpful for any kind of strategic interception.

Don't forget, the race to put a man on the moon didn't yield any direct economic profit (we're not selling lunar masonry products, for example) nor does basic research.

Re:Why single out SDI?

[broken_bones]

I think it would be unfair to single out the United States in the way you suggest. If Britain, Russia (USSR), France, Germany or Japan had possed nuclear weapons during the second world war do you think they would have hesitated to use them? We must remember that the human carnage in WWII was imense. Russia alone lost literally millions of people. Given that do you think they really would have cared about killing a few hundred thousand of the enemy's citizens? When Japan or Germany were facing their ultimate demise do you think that they would have hesitated to use a nuclear weapons if they had them?

Debating whether using the bomb was the right thing to do or not is fine. However I don't think that a case can be made that the US is somehow "worse" or "different" than anyone else for using nuclear weapons. Had any other nation possesed the bomb at that time I don't think they would have hesitated to use it.

Re:Why single out SDI?

[Vicegrip]

The best nuclear weapon shield will be hard put at defending itself against an attack that uses brute force to overcome it.

I couldn't believe my ears a few weeks ago when I heard Richard Perle making the amazing claim that the U.S. would always be safe having a shield because no other country in the world would ever have the technology/money to build one themselves.

It is an act of stupid arrogance to believe that the U.S. will always have superior technology compared to the other powers in the word-- I'm sure the Romans thought their military engines would protect them forever too.

Further, one only needs see how just how sensitive and volatile high tech has been in the last few years during times of economic difficulty. Our innovation is tightly tied to economic growth. In three years we've seen massive reversals in the tech industry. Is it not incomprehensibly foolish to fail to consider the possiblity that one day the U.S. won't be the world's bastion of growth or technological progress?

Indeed, the pillars of today's technology: IBM, Microsoft, Sun etc... already farm out technological work to 3rd world countries around the world-- ideed, the U.S. doesn't even manufacturer a large part of the electronic components it uses.

I despair that, even though the U.S. absolutely crushed an army once ranked 5th in the world, we're still getting told we need more military protection, more spending in weapons research, and a big shield to protect us from their nasty missles--- this when arms races have universally shown themselves to be precursors to major warfare throughout the history of mankind.

We don't need more military. We need competent politicians of principle and vision who can think beyond warfare to solve the problems of the world.

Re:Why single out SDI?

[FredThompson]

yoru first comment, I can't be too direct about this but I'll try to explain with an example you can test yourself. Some ATM machines have a time delay mechanism when they eject the user's card. If the card sits in the reader too long, it is pulled back in and the account locked until a bank person resets everything. That's an example of hardware enforcing procedure. Initiating a national asset weapons includes a series of steps, personal actions and hardware requirements that must be done in a specific order for it to work.

Uh...which generation of Pattiot? Do you know what it was originally designed to do? Scud-busting was an admitted quick hack.

The current generation, used in Iraq the past month, did do what it was supposed to. The jets it knocked down failed IFF interrogation so that makes them targets.

wrt, falling debris. Well, duh. Why wouldn't that exist and have a potential to create soem kind of damage? If something's in the air and it blows up, pieces fall down. That's true of everything. Heck, I shot a duck once and shot came back to Earth, so did the dead duck.

The assumption that "SDI" is only effective during what is considered a boost phase only makes sense if you think it's impossible to detect/track/target/destroy MIRVs. As far as being more difficult to destroy during the re-entry phase, why? Wouldn't they be generating a lot of heat? Might be easier to detect then?

Why assume a missile would be an alley-oop, over the top lob and not a low-flying cruise?

wrt test firings of ICBMs, sure LAUNCH was tested under very controlled conditions. Those only flew a short distance, were unarmed, and flew west from the California coast. Find a map that shows magnetic anomalies. AFAIK, none have been fired over the North Pole. That's a heck of a lot different than crews in the field knowing they have real weapons and the only launch orders that come in that environment are real. So...they haven't been "tested" as much, in that regard, as you might think.

SDI, the term, is a little outdated and if you try to limit it to 20-year-old concepts and technologies, you'll be misleading yourself.

Everything about the moon program was NOT civilian and was NOT publicly available. It still isn't.

There were some intercepts that were faked during the Reagan era. Heck of a payoff those had, huh? Soviet Union collapsed because they knew they couldn't compete. In that regard, the system WAS successful. (Sun Tzu: the goal is to get the enemy to surrender without having to fight...) Same with those $600 toilet seats. ("Komrade, they have these huge money scandals and still completely outclass us, we can't compete.")

I'm not excusing graft, just trying to illustrate a point.

Lots of things were screwed up on the Bradley project, too. (There's a really cool movie about that, forget the name.) As I recall, the M-16 was also a real mess at first.

Your conclusion has a number of statements for which you have no validation. It's based on a hypothetical future condition so, by definition, there's no way to state what the outcome will be. history has shown the exact opposite of what you claim to be true. Surface mount electronics, GPS, fiber optics, etc., etc., etc. all come from technologies the military needed. Why would anything based in space be different?

FWIW, and I know this will irk anyone who has a dogmatic hatred of the military, the first real historic use machining tools and practices was to make uniform firearms. Everything came from that. So, basically, all the quality controla nd manufacturing processes we use, outside hand operations, trace their roots to military needs.

ah, right

[MattW]

It only takes one line of mistyped code in what will always be a beta release.

That's right. Better to have never tried at all than to try and fail, I always say.

Re:ah, right

[Ian+Bicking]

The point is you can never test SDI, because you are working against an opponent that is consciously trying to work around your system. You can never predict how the attack with occur. Then you can never simulate the attack, even as you might predict it -- you can never launch empty missiles at a realistic target. Instead at best you do tests over the ocean. That's why it will always be in beta, which is not a useful status for a safeguard.

But more concerning is the fact that despite their effort they cannot pass even their minimal tests, and resort to fraud instead. We have tried, and failed. The whole thing is military graft -- money being sent down a pit to profit defense companies. They probably hope to cover up the failure of the system by avoiding any real-world test of the system, though certainly avoiding having missiles launched at the US is a good goal regardless.

Re:ah, right

[Rolo+Tomasi]

Judging from the PATRIOT III missile system we used in Kuwait recently, the technology is just getting better and better.

Yeah, those British blokes in their Tornado never knew what hit them.

Great...

[DCowern]

Now we have frikken astronauts beating up on poor anonymous software developpers... quoth the article

There was also the real possibility of crew error, and on Sunday, the head of the corporation that builds and operates the Soyuz spacecraft, Yuriy Semyonov, suggested that "one of the Americans" had pushed the backup-mode activation button. Bowersox was the only American who had any active role in the descent (it was astronaut Donald Pettit's job to follow the checklists), and he denied touching the button -- which, he joked, was being guarded carefully by Russian cosmonaut Nikolai Budarin. "We don't think we did anything to cause that to happen," he later said to a NASA press official.

Yeah... right... if I had a nickle for every time I heard an end user say something similar to that ("I swear I didn't touch anything... it just... crashed..." or "The files just... disappeared! Gone! Disappeared! I didn't do anything!") I'd have...well...a lot of nickles...

/me mumbles bittlerly and goes back into his development hole :P

How did you bring SDI into this?

[helix400]

Talk about your flaming articles

Its fine to discuss a bug in a new Russian guidance system...but to immediately jump into a hot political topic like the SDI star wars system and then vastly overgeneralize it with "It'll never work, because it relies on computers" shouldn't have any place in this story.

Re:How did you bring SDI into this?

[WegianWarrior]

"We" are not the Russians. We don't hold airlocks shut with a c-clamp, for example.

If it is stupid and it works... it ain't stupid. While many people joke about the apperantly lowtech russian spaceprogram, they seem to forget a few things.. like the fact that the russians operate on a shoe-string budget, that they have, for a lot less money, spendt a lot more time in space, that Mir - which a lot of people seem to dis these days - was up there there and operating for more than twice its intended lifespan...

But you're right... "we" (or rather you) are not the russians - but you might learn a few things from them when it comes to operations in space.

Destructive Testing

[peacefinder]

"Which is why I will never trust the Strategic Defence Initiative - the star wars project. It only takes one line of mistyped code in what will always be a beta release."

Well, let's hope it stays in beta. Real world testing would be a major bummer!

Re:Lower cost to consumer?

[Badge+17]

TMA-1? (Must suppress Arthur C. Clarke-inspired giggle).

Maybe the problem was in that gigantic magnetic field wiping some data... (TMA stands for Tycho Magnetic Anomaly, aka the monolith in 2001)

I think the next spacecraft (TMA-2) should be nicknamed "big brother."

Bugs = "Spoilage" in Japan

[handy_vandal]

What we in the West call "bugs", the Japanese call "spoilage". I find this nomenclature honest and refreshing. "Bug" implies that the problem is some independent agent, when in fact the problem is the "spoiled" code itself.

Re:Bugs = "Spoilage" in Japan

[Enry]

Calling a fault a bug is historical.

First computer bug. You will need to scroll down to the bottom to see the it. The rest of the page talks about Grace Hopper, who helped coin the phrase.

Re:space agencies make some big mistakes

[s20451]

You'd think that in such operations, where you only ever get one chance, they would have the most error free systems possible.

They do go to great lengths to remove the errors. In fact the Challenger investigation singled out the methods used for validating the shuttle's software as a model for the other parts of the program to follow in improving safety. Also, the article said that the backup system kicked in automatically and led to a safe, albeit off-target, landing. So in fact the overall system worked as expected.

And as for the "big mistakes", it's very easy to point fingers afterward and boil a problem down to a catch phrase. However, engineers aren't idiots; almost all accidents involving spacecraft are a result of a long string of seemingly innocuous miscommunications, coincidences, and bad luck. Consider the story of the Ariane 5, which was destroyed because of an overlooked feature in a piece of code reused from a smaller rocket. No software engineer can say that they haven't made a similar mistake.

Re:SDI funds basic research too

[cranos]

I hate to say this but Military Research has led to some of the biggest break throughs in our life time. Without the V1 and V2 rockets we wouldn't have had Saturn 5, Satelites, Velcro, Microwave ovens, High Strenght Materials, Computers, the Internet all can be traced back to military research.

Soyuz is not perfect...

[Maimun]

Nothing is perfect, of course, but after the destruction of Columbia in Feb, many were pointing out how well does the simpler design of the Soyuz capsule work, as opposed to the too-complicated shuttle.

Well, not always. In the 70's (or early 80's ... I think the 70's) all of the Eastern block countries sent their cosmonauts to the Salyut space station (that was before Mir). The Bulgarian cosmonaut Georgi Ivanov was very close to having a deadly accident because of the Soyuz. They could not dock for some reason, spent about 24h flying by the Salyut, and finally had to re-enter using auxiliary engines, and having precisely one try to fire them. They got lucky here, the engines worked and they entered the atmosphere in so called "ballistic trajectory" (how can it be non-ballistic?), with 9-10G overload.

I forgot to mention, there were two of them, the Russian Nikolay Rukavishnikov was the commander of the mission, G. Ivanov was the second guy.

This spring, several weeks after Columbia broke apart, there was an interview with G. Ivanov in a Bulgarian newspaper online, when he recalled how he himself was close to having a fatal accident back then. The reason was a malfunctioning fuel pump of their Soyuz.

Re:Soyuz is not perfect...

[Hentai]

In this context, "ballistic" probably means "unpowered". A ballistic trajectory is a trajectory acted on only by gravitational forces - as opposed to aerodynamic or self-motive forces.

Better Question

[Wyatt+Earp]

Does the sawed-off shotgun in the Souyz capsule to fight off wolves violate the provisions that demiliterize space?

http://www.cnn.com/2003/TECH/space/05/05/soyuz.l an dings.ap/index.html

"In 1976, a Soyuz spacecraft came down in a freezing squall and splashed into a lake; the crew spent the night bobbing in the capsule.

Eleven years before that, two cosmonauts overshot their touchdown site by 2,000 miles and found themselves deep in a forest with hungry wolves. That's when Russian space officials decided to pack a sawed-off shotgun aboard every spacecraft."

If they can launch a shotgun hundreds of times, then why can't the US launch some lasers?

Explanation

[yerricde]

I'm confused.

In Soviet Russia, joke explanation reads YOU!

Fail-safe design

[fname]

It's actually a clever piece of work. Basically, software has to make calculations in order to provide a "soft" entry, 5 Gs approximately. If there is an error, the module goes into a ballistic entry mode, and it is more like 7-8 Gs, rougher but survivable.

On (nearly) every manned spacecraft ever flown, every system has a hot-backup that kicks in if the first one fails. The exceptions are systems for which it is basically impractical to have a backup-- can't really have redundant heat shields, as the weight is too much. But for electronics and software, this is standard. This story would have gone practically unnoticed if Soyuz had notified Star City that they were doing a "ballistic" entry, in which case they would have been located much sooner.

This landing showed that the Soyuz has a robust design; if Endeavour enters the atmosphere at the wrong angle, could it recover? What if the flight landing computer failed? NASA has a lot of these things covered; for many problems it is probably more robust than Soyuz, for others it is less robust. Soyuz has the advantage of much more flight experience; I doubt that it's a coincidence that this anomaly happened on a flight with a newly upgraded Soyuz.

SDI

[MickyJ]

As everyone knows, SDI cannot stop terrorists from flying planes into buildings, using suitcase nuclear weapons, launching missiles from off-shore platforms, etc, etc.

But, SDI is really another way to spend billions on research (just like the space race used to be the research money hole). There is no doubt good things will come from it, but at a very high cost.

Not a bug

Actually, they don't know if it was a software bug. At this point that is pure (though somewhat educated) speculation.

The only thing known for certain, is that the backup guidance system took over and landed the craft safely.

It is possible that pilot error caused the switch to backup, or mechanical failure, or a software design error, or a software bug.

Yanks stop hassling the Russians

Why is it all the news stories recently in the US press recently seem to have a dismissive, almost mocking, view of the Russian space programme? Words like primative, old technology, not as advanced as American keep coming up over and over again. The Russians have vastly more experience in manned space flight than the Americans and arguably a much better success ratio. It pisses me off the "American must be better" attitude you see in the western press these days. They should remember who it is keeping the whole ISS alive while the shuttle isn't around.

Re:Obvious but true...

[ColaMan]

They build them strong - snipped from an entry for soyuz 5 :

"Volynov remained behind for what was undoubtedly the most unbelievable re-entry ever survived. The PAO service module of the Soyuz failed to separate after retrofire. While this had occurred on various Vostok and Voskhod flights, and on one Mercury flight, it was a much more serious problem for Volynov, where the module was much larger than a small retropack. Furthermore, once it started reaching the tendrils of the atmosphere, the combined spacecraft sought the most aerodynamically stable position - nose forward, with the heavy descent module with its light metal entry hatch at the front, the less dense service module with its flared base to the back. Volynov at once appraised the situation and considered all possibilities and realised that there was nothing he could really do.

The spacecraft was re-entering air-lock forward and with every minute the G forces increased. Volynov did his duty with all of his strength but this became increasingly difficult since he was hanging in the straps of his seat with the G forces assailing him in the opposite direction from what planned. Soon a strong smell penetrated the cabin - the rubber gaskets of the hermetic seal of the hatch were burning. The hatch had a light covering of heat protective resins, but at the last moment these could not hold out and the vaporised into fumes that immediately spread throughout the cabin. Volynov could remain conscious for only a few seconds after this.

He remained alive when a miracle occurred - a miracle for which he could thank the designers who had included a strong titanium frame which helped the airlock hold out against the onslaught of the superheated plasma. The PAO service module finally separated from the SA re-entry vehicle. The capsule turned around to an aerodynamically stable position at hypersonic speed and the heat shield finally took the brunt of the heating as designed. The spacecraft continued on a 9 G ballistic trajectory. The damage to the capsule resulted in a failure of the soft-landing rockets. The landing was harder than usual and Volynov broke his teeth. The capsule was recovered 2 km SW of Kustani, far short of its aim point, on January 18, 1969 at 07:58 GMT. It would be seven years until Volynov flew again, on Soyuz 21. "

Re:On missile flight paths

[Guppy06]

Cruise missiles do not fly intercontinental distances, at least no sane designs intended to carry thermonuclear warheads. And while they're nowhere near as visible as missiles coming in on a ballistic arc, they are very slow (compared to spacebourne weapons) and simple for conventional anti-air defenses to hit. Realistic nuclear cruise missiles are tactical weapons designed hundreds of miles at best, and even then require some sort of air superiority in the target zone and/or an undetected firing platform (such as a nuclear submarine). And this says nothing of the required technology base to build one.

Stratiegic Defense Initiative is intended to take out stratiegic nuclear weapons, the ones that are designed to cross oceans. And the only realistic way to get a missle to fly over oceans (without a fleet of B-52s hovering just outside the target's borders) is to lob them over a sub-orbital arc. These weapons are essentially in free-fall as soon as the boosters fall away, which happens well before the warhead crosses the target's horizon.

"but I'd assume any country capable of launching nukes from a distance could setup the missiles to fly erratic flight plans."

Consider the decades of time between the development of ICBMs and cruise missiles. And again, these missiles would have trouble crossing the Atlantic Ocean, let alone the Pacific. What are these missiles going to do, hook up to a refuelling jet two or three times during its flight?

The focus on stopping ballistic missiles is both because such missiles are the easiest to build (remember that ballistic missiles were used in WWII) and the most difficult to stop. Any other form of delivery can be stopped by conventional means.

Yeah, but still no integration test

[enkidu]

What you're talking about is component level testing. Unfortunately, all that testing doesn't substitute for a true "shakedown" integration test. Look up the AEGIS cruiser system (actually sort of a mini-SDI for a ship). On it's first full integration test, it failed to shoot down 6 out of 17 targets due to software errors. Now, make the integrated platform 2 orders of magnitude more complicated than that (and at least one order of magnitude more complicated than ANY software project attempted to date) and you can see why I'm skeptical of the chances of SDI working as advertised.