Crowdfunded, Solar-powered Spacecraft Goes Silent

Last week saw the successful launch of the Planetary Society's LightSail spacecraft, the solar-powered satellite that runs Linux and was crowdfunded on Kickstarter. The spacecraft worked flawlessly for two days, but then fell silent, and the engineering team has been working hard on a fix ever since. They've pinpointed the problem: a software glitch. "Every 15 seconds, LightSail transmits a telemetry beacon packet. The software controlling the main system board writes corresponding information to a file called beacon.csv. If you're not familiar with CSV files, you can think of them as simplified spreadsheets—in fact, most can be opened with Microsoft Excel. As more beacons are transmitted, the file grows in size. When it reaches 32 megabytes—roughly the size of ten compressed music files—it can crash the flight system." Unfortunately, the only way to clear that CSV file is to reboot LightSail. It can be done remotely, but as anyone who deals with crashing computers understands, remote commands don't always work. The command has been sent a few dozen times already, but LightSail remains silent. The best hope may now be that the system spontaneously reboots on its own.

Seriously?

I’m usually the first to defend others when some bug like this makes it through testing. Hindsight always being 20/20, only takes one bug amongst a million good bits of code, etc. But this just seems like something that even basic testing should have caught.

Did they not run this thing on the ground for a few weeks? That’s just basic testing, especially for something that is going to be inaccessible for a while. Also that some critical bit of processing relies on stuff being written (and then presumably read back from) a csv file is very worrying.

This sounds like some very shoddy work.

Re:Seriously?

[Mr+D+from+63]

Testing might have found it, but I'd say that regardless of testing they should assume something bad will happen with the software and have a mechanism in place to force reboot & update on a locked up system. Maybe they thought they did. Its a shame if they can't get it fixed.

Re:Seriously?

[harperska]

One report I read made it sound like they were aware of the bug for a while. It's possible that they had to launch with an old version of the software because the patch wasn't ready yet, and being a secondary payload on a launch you have no say whatsoever as to the launch date. They probably expected to be able to upload the patch after launch, but the log filled up faster than expected.

That being said, it is shoddy programming to blindly write to a log on a resource-constrained embedded platform (or any platform, really. Just especially so on something like this), so somebody definitely goofed. All I am saying is that it probably was caught by testing, but couldn't be fixed in time due to various constraints. It was a dumb move on the developer's part to not do enough diligence and to rely too heavily on QA in the first place.

Re:Seriously?

[NotInHere]

Their current plan is to wait charged particles to affect electronics so that it forces a reboot.

Spacecraft are susceptible to charged particles zipping through deep space, many of which get trapped inside Earth’s magnetic field. If one of these particles strikes an electronics component in just the right way, it can cause a reboot. This is not an uncommon occurrence for CubeSats, or even larger spacecraft, for that matter. Cal Poly’s experience with CubeSats suggest most experience a reboot in the first three weeks; I spoke with another CubeSat team that rebooted after six.

Re:Seriously?

I’m usually the first to defend others when some bug like this makes it through testing. Hindsight always being 20/20, only takes one bug amongst a million good bits of code, etc. But this just seems like something that even basic testing should have caught.

Did they not run this thing on the ground for a few weeks? That’s just basic testing, especially for something that is going to be inaccessible for a while. Also that some critical bit of processing relies on stuff being written (and then presumably read back from) a csv file is very worrying.

This sounds like some very shoddy work.

Yeah, sounds like microsoft

Re:Seriously?

In 2015, with 32 gig thumb drives costing as much as a cheap movie date, a 32 megabyte file is an issue?

Re:Seriously?

[itzly]

Their current plan is to wait charged particles to affect electronics so that it forces a reboot.

Watchdogs are for wimps. Real designers use supernovas in a distant galaxy to reset their boards.

Re:Seriously?

[fahrbot-bot]

But this just seems like something that even basic testing should have caught.
Did they not run this thing on the ground for a few weeks?

It was tested by the same guys that tested the Boeing 787 for only 247 days ...

Re:Seriously?

[mnooning]

As a retired QA guy, I can tell you that checking that no files can grow without bound is standard fare. Same with exercising all code for long periods of time, as you pointed out. That means there was not a single experienced QA guy on the team.

By the way, CSV was the golden standard for many years. Given the tight compactness/memory budget that space projects have, CVS with it's small foot print might well be the logical choice.

Re:Seriously?

[blackpaw]

Yeah, sounds like microsoft

Seriously? did you read the summary? which states its a linux platform?

Re:Seriously?

[ihtoit]

it's not so much the capacity of local storage, plus you have to consider that this is a system which is unlikely to be touched by a human being ever again so whatever goes up has to be physically resilient - super-compact flash storage such as micro/SD would be out, I'd go a couple generations back and use Compact Flash with slightly lower capacity to take advantage of larger dies - this is why NASA went on a shopping trip very recently for Pentium I and Pentium Pro chips for space systems, they're by virtue of their architecture, fairly hard against the environment. Back to topic, a cursory search around and it apepars that it's an issue with the kernel, sysvinit and/or php, all of which at some point or another default shared and allocated memory spaces for various purposes (including scripting and logging) to 32MB.

Re:Seriously?

[Kester1964]

NAND Flash is probably not seen as a reliable technology for use in a satellite, so they went with the much lower density but higher reliability of NOR Flash

Re:Seriously?

[penandpaper]

issue with the kernel, sysvinit and/or php

So, what you are saying is that I can blame systemd? Or did I miss it and systemd is our savior?

I am confused and unsure how to be outraged by this. I am going to go eat ice cream.

Re:Seriously?

[Yoda222]

That being said, it is shoddy programming to blindly write to a log on a resource-constrained embedded platform (or any platform, really. Just especially so on something like this), so somebody definitely goofed.

Maybe they did not blindly write log on a resource-constrained embedded platform. Depending on how much memory they had, and how short the mission duration was, they could have computed that 32MB/(2d) * length_of_mission was sufficiently smaller than available_space

But as a test engineer in the space industry (having working on big and expensive and too much paperwork satellites, not on the new space version of cheaper, less doc and simpler tech, which really looks interesting, but I don't know to what extend they test) I'm really surprise that they did never saw this bug before. They never run a rehearsal for more than two days with a sufficiently representative model ? Maybe this bug appears only once every [n] times, with n sufficiently big. Anyway, it's strange, I hope they will get an opportunity to patch it after a reboot, I'm interested in the results they could got from solar sailing.

Re:Seriously?

[g0tai]

Unfortunately you can't trust electronics in space (see the other headlining article about cubesats rebooting from stray particles every 6 weeks).

One of those particles hits your flash chip, given the size the dies are now, then it's going to effect a large number of cells potentially and corrupt the filesystem quite badly.

Electronics in space have to be uber radiation resistant, this is why it's still 100MHz (etc) stuff that's being used and not the latest GHz stuff, because, reliability in an adverse environment! :-)

Re:Seriously?

[ihtoit]

me too. This is highly confusing.

Re:Seriously?

[funwithBSD]

32MB is all that anybody with a satellite would ever need.

Re:Seriously?

[gstoddart]

No, csv sure as hell is NOT a Microsoft format.

Comma-separated values is a data format that pre-dates personal computers by more than a decade: the IBM Fortran (level G) compiler under OS/360 supported them in 1967.

This has nothing whatsoever to do with Microsoft, as much as you seem to want to blame them.

Re:Seriously?

[Scottingham]

.csv is a microsoft format though.

I lol'd when I read that!

Re:Seriously?

[luther349]

you would think they would have test ran the softwhere for up-time stability for weeks or months. then again being Linux crashing one piece of software should not cripple the system.i think they have a bigger issue.

Re:Seriously?

He didn't say it was running Microsoft, he said it sounds like Microsoft - as in like something they would do.

Re:Seriously?

[luther349]

the os and logs should have been on sepret drives.so if something like this happened the os would not be crashed and able to accept commands.

Re:Seriously?

[prefec2]

In embedded systems, you do not go for testing (alone), you verify the system. And you certainly do not use dynamic data management, neither in RAM nor in storage (which is often the same). So you do not append something to a file. You can overwrite something in a file, but not append. And why store that data on the device anyway. An incredible whackjob, an epic fail.

Re:Seriously?

[RavenLrD20k]

Oh...you mean the 'C-x M-c M-supernova' command shortcut in Emacs, right?

Re:Seriously?

[macs4all]

32MB is all that anybody with a satellite would ever need.

You beat me to it!

But I think it would be more funny as "32 megabytes should be enough for anybody."

Re:Seriously?

[ihtoit]

space is not the issue, it's the way the kernel and/or apps handle memory.

Think of it like running win32 on a 64-bit chip with 8GB of RAM. It's nice having 8GB of RAM but Windws can't actually address it - it's a 32-bit kernel which means it can only address 4GB.

Some logging processes particularly those configured to write to volatile memory are constrained by default configurations (in eg. php) which *allocate* memory space for scripting in 32MB segments. This can also include the scripts themselves and the actual log file, but it can also *allocate* one segment for the script and another 32MB for the log. You could have 4GB of total usable memory, all that means to the user/developer is that there is potential for 125 discrete pre-allocated memory segments.

Fill that 32MB *allocation* and you run the risk of causing a page out of range error. If this happens in kernel space, well, that's a showstopper. If it happens in userspace, it can be anything from a minor annoyance (nice or kill the process then restart the system, all of which is doable remotely) or a complete showstopper (three fingered salute or in extreme cases, the hard power cycle. Which you ain't doing from low Earth orbit).

Re:Seriously?

[macs4all]

Testing might have found it, but I'd say that regardless of testing they should assume something bad will happen with the software and have a mechanism in place to force reboot & update on a locked up system. Maybe they thought they did. Its a shame if they can't get it fixed.

Speaking as an embedded developer, this is completely inexcusable.

Not having a Watchdog, PLUS not making the limited-filesize log file "roll-over", is clearly Amateur-Hour stuff. Who wrote this code, anyway? An eight year old???

Next we're going to hear that they bricked it with a software update, because they didn't think they needed to checksum the uploads, or provide enough RAM to hold the updated code before they re-flashed the OS, or something similar.

Pathetic. They deserve to lose their spacecraft.

Fortunately, if extraterrestrials discover the floating hulk of this abomination, they will (rightly) conclude that there is no intelligent life worth exploiting on this planet, and will decide not to enslave us...

Re:Seriously?

[macs4all]

Their current plan is to wait charged particles to affect electronics so that it forces a reboot.

Watchdogs are for wimps. Real designers use supernovas in a distant galaxy to reset their boards.

Now THAT's funny!

Re:Seriously?

[macs4all]

One report I read made it sound like they were aware of the bug for a while. It's possible that they had to launch with an old version of the software because the patch wasn't ready yet, and being a secondary payload on a launch you have no say whatsoever as to the launch date. They probably expected to be able to upload the patch after launch, but the log filled up faster than expected.

That being said, it is shoddy programming to blindly write to a log on a resource-constrained embedded platform (or any platform, really. Just especially so on something like this), so somebody definitely goofed. All I am saying is that it probably was caught by testing, but couldn't be fixed in time due to various constraints. It was a dumb move on the developer's part to not do enough diligence and to rely too heavily on QA in the first place.

Quit making excuses for them. They DESERVE to lose their spacecraft!

They could have trolled the customer-list for Sparkfun Electronics or HackADay and in 5 minutes found a better developer than whoever designed THIS piece of shit-pile of code. Seriously.

Re:Seriously?

[funwithBSD]

I was going by the original "quote"

And I say "quote" because it is not clear he ever said it.

Re:Seriously?

[ihtoit]

physical labour is always valuable, even to the noncorporeal.

Re:Seriously?

[chuckugly]

It's basic security practice to never count on something like this, what if something is configured in a way that the only access an attacker has is to the place you drop this file and read it back; do you really want to have a system where someone can slip in, remove a recently dropped file, and kill the system? Perhaps they didn't think they had to consider security but this is also, as you point out, just basic robustness. Also as others state, watchdogs, Our PC software product has a watchdog, and it's sure as heck not controlling a satellite.

Re:Seriously?

[ihtoit]

yep, this I pointed out elsewhere. I donated a LOT (actually 40) of P1/PPro boards with processors to NASA several years ago.

Re:Seriously?

[luther349]

its called keep it simple they could have made a single task rom chip that detected a crash or able to accept a remote command to litterly send a reboot command to the power supply. satellite have these.

Re:Seriously?

Actually why it wouldn't have a "reset to base code" IPL as a totally separate switch - no software - just a signal sent to a small receiver that only has one job - short pins and then quit is beyond me.

Re:Seriously?

[war4peace]

Nah, a Microsoft OS would reboot much sooner.
Punishment for using Linux: now they'll have to wait for a decade to see a reboot.

Re:Seriously?

[unrtst]

By the way, CSV was the golden standard for many years. Given the tight compactness/memory budget that space projects have, CVS with it's small foot print might well be the logical choice.

We're talking about telemetry beacon data written once every 15 minutes. CSV is NOT the ideal format for that, and is nowhere near compact. Naive CSV parsers are trivial, but also break very very easily (ex. embedded new lines in a quoted field; quotes in a quoted field; mixed quotes; etc). Also, while CSV can be read in a text editor, it doesn't format nicely there and can be difficult to read, so human readability is low; add to that the fact that humans are unlikely to be logging in directly and reading the file directly, and it being in plain text is pretty much useless. A fixed format binary file would be FAR more compact, easier to parse via a program, trivial to convert to CSV if needed, and really has no downsides besides users not being able to double click it and open it in excel/oocalc.

Using a binary file would also allow more efficient access. There were comments implying that they were sucking the whole thing into memory at some point, which isn't needed for CSV either (unless a stray quote got in there and the parser didn't have a max record length limit), but it's certainly easier to jump to a specific record if you have fixed length records (which, being telemetry data, should be entirely possible).

None of that really matters though. They file grew in size, and wasn't getting truncated or rotated - that's broken by design. Waiting for reboot is crazy (and implies that this was going to a tmpfs in memory, which is all the more reason to use a more compact format).

Re:Seriously?

[Tablizer]

which is unlikely to be touched by a human being ever again

Something slashdot readers can relate to

Re:Seriously?

[macs4all]

physical labour is always valuable, even to the noncorporeal.

You mean, ESPECIALLY to the noncorporeal!

Re:Seriously?

[macs4all]

I was going by the original "quote"

And I say "quote" because it is not clear he ever said it.

Yeah, now that you mention it; I seem to remember something about that. Just like the Greta Garbo "I want to be alone" or the Humphrey Bogart "Play it again, Sam" quotes-that-were-never-actually-quotes.

Re:Seriously?

Wow. Mixing up storage and cpu. Mentioning PHP. Nice troll, sir. My hat is off to you.

Re:Seriously?

[Dunbal]

Did they not run this thing on the ground for a few weeks?

Why bother. It's fun doing stuff with other people's money. They'll just launch another kickstarter for LightSail II.

Re:Seriously?

[ihtoit]

indeed!

(of course, my comment stems from the more likely than not scenario of any intelligence visiting from outside the solar system will be of the noncorporeal nature - a radio signal or less likely, but still more likely than an organic being, a computer program maybe encased in a robot probe).

Re:Seriously?

They could have trolled the customer-list for Sparkfun Electronics or HackADay and in 5 minutes found a better developer than whoever designed THIS piece of shit-pile of code. Seriously.

My first thought was... "a csv file??? SERIOUSLY??"
And honestly, no watchdog timer? Who designed this POS? It's going into *space* ffs, not your garage where you can reset it easily.

Re:Seriously?

[WDubois]

...Or, they will (rightly) conclude that there is no intelligent life worth exploiting on this planet, and that is is therfore ok to *eat* us!

Re:Seriously?

[Rei]

I think it's pretty amazing that spacecraft can survive at all out there, given the sort of particles flying around - individual cosmic rays with the energy of fast-pitch baseballs. Thankfully, particles with such high energy have tiny cross sections (they prefer to move through matter rather than interact with it), and when they do hit something and create a shower of particles, most of the progeny is likewise super-high energy and will most likely just move through whatever it's in.

It's more interesting when they strike the atmosphere - each collision creates a new shower of other high energy particles, more and more, spreading out the energy as they descend. In the end, detectors on the surface over an area of dozens of square kilometers simultaneously pick up different pieces of the same cascade kicked off by a single cosmic ray collision.

Re:Seriously?

space is not the issue.

Nope, space is definitely the issue... the fact that the morons who designed this thing seemed to have forgotten that this thing is going *into space*, and you can't just reach over and hit the reset button so you'd better design a way to ensure that you can either reset it remotely or have a watchdog timer reset it if it stops responding.

Re:Seriously?

[ihtoit]

I wasn't mixing anything up, that's your addled noggin doing that. I used the NASA call for processors as an example of them knowing what they were after and more importantly WHY.

Re:Seriously?

[pastafazou]

Of course this isn't Microsoft's fault, it's Apple's!

Re:Seriously?

[Holi]

Turn in your geek card now. Your membership has been revoked for that comment.

Re:Seriously?

[ihtoit]

space is not the issue.

Nope, space is definitely the issue...

I saw what you did there.

Re:Seriously?

[pkinetics]

BSOD...

waiting for CTRL-ALT-DEL command from keyboard...

Keyboard not attached...

Press F1 to Continue

Re:Seriously?

[bugs2squash]

uncle

Re:Seriously?

[war4peace]

Hey man, how are the 90s?

Re:Seriously?

[barakn]

Your concerns about quotes or internal commas are unfounded. It's not like the satellite contains a database of people (name: Hugh "Jimmy-Joe" Smith address: Rural Route 12, behind the Applebees dumpster) so it can write letters to them. The satellite is writing data to the log and there's no reason for it to use quotes or internal commas at all.

Spot-on about the compactness though.

Re:Seriously?

[macs4all]

indeed!

(of course, my comment stems from the more likely than not scenario of any intelligence visiting from outside the solar system will be of the noncorporeal nature - a radio signal or less likely, but still more likely than an organic being, a computer program maybe encased in a robot probe).

I AM NOMAD!

Sterilize! Ster - I - LIZE!!!

Re:Seriously?

[KGIII]

I hope that it reboots. I gave a decent, for them, bit of money to their Kickstarter fund. While it was a gift and I have no regrets I certainly hope that they get useful results from it. I gave my donation as a gift but I still hope they succeed with it. I gave my son a nice bamboo fly rod, and like the above, I gave it and he can do anything he wants with it but I hope he has success and happiness with it.

Re:Seriously?

[KGIII]

Off-topic but, concerning your sig, you are aware that 2/3rds of 'pun' is 'P U' right?

Re:Seriously?

They probably expected to be able to upload the patch after launch, but the log filled up faster than expected.

"Every 15 seconds, LightSail transmits a telemetry beacon packet. The software controlling the main system board writes corresponding information to a file called beacon.csv." With that information, it should be easy to calculate how fast the log will fill up, unless there is some other error in the software that doesn't follow that statement.

Re:Seriously?

[amicusNYCL]

Not having a Watchdog, PLUS not making the limited-filesize log file "roll-over", is clearly Amateur-Hour stuff. Who wrote this code, anyway? An eight year old???

It's not even who wrote it, it's who designed it. Reading the summary actually made me angry that there is a group of people out there somewhere with the ability to build, launch, and track a satellite but without the common sense to recognize that they're creating a system that will grow infinitely in size without a mechanism to clear that data out. Does the satellite have unlimited storage space available? No? Then how about designing a way to monitor and clear the data other than saving it in /tmp?

Pathetic. They deserve to lose their spacecraft.

They definitely do. And no amount of descriptions of a CSV file meant for a grade school kid, or saying that 32MB is about the size of 10 songs, is going to minimize the schadenfreude that I'm feeling. Such a basic design error and they never even bothered to run tests for a significant period of time before putting the damn thing in space.

Way to go, LightSail team. I dub thee LightFail.

Re:Seriously?

[KGIII]

You will say and believe anything to further your objective. Dishonesty is not a good trait nor is ignorance. There are many viable complaints but basing your ego on the operating system you use is pathetic and childish. Judging people by the OS they use is even worse. Making broad assumptions about a company is down right silly even if their past is littered with issues.

Re:Seriously?

Whoa whoa, ease up. It's a small satellite; clearly not too big to fail.

Re:Seriously?

[Megane]

They're waiting for reboot because it froze the system completely. TFA says that the manufacturer of their "avionics board" had fixed this bug but it wasn't in the one that went up. So most likely it was a driver bug. A crash or lock-up in kernel space is a lot more problematic than just filling up a filesystem. And apparently they had scheduled an upload of the fix, but the satellite crashed right before the comms window. So now instead of a solar sail, they have a solar brick.

Re:Seriously?

[Megane]

...Or, they will (rightly) conclude that there is no intelligent life worth exploiting on this planet, and that is is therfore ok to destroy the planet to make room for an interstellar bypass.

FTFY.

Re:Seriously?

[DamonHD]

DAMON MA I!

Re:Seriously?

[Defenestrar]

1: In Soviet Russia,

2: supernovas command you -

3: in Vi;

4: ???

5:you insensitive profiting clod!

Re:Seriously?

[macs4all]

Way to go, LightSail team. I dub thee LightFail.

LOL! No fooling!

Re:Seriously?

[KGIII]

I was curious but not completely certain so I did not say anything. Thanks for confirming what I suspected - ie. CSV format, while nice and fairly universal and easy to implement and move across platforms or even adjust across multiple files, is a very slow option that can be done much faster with something in binary format or even simply using a light-weight database. One need only sync the data so they can do anything they want with the output.

Oh well, they made an effort and the eventual reboot may help.

Re:Seriously?

[ihtoit]

ok. You threw me right there.

Can't parse.

Re:Seriously?

What is even more sad is they would have found it if they had run the thing over the weekend. It bombed out in 2 days.

That means by definition they had not run their boxes for more than 2 days straight and hoped it would run for months.

I am a software guy and I always hated those 'longevity' tests. They are nerve racking as you can not do anything to the box. Then if anything blows out you start over. Not conducive to waterfall development :(

Re:Seriously?

[The+Grim+Reefer]

Does the satellite have unlimited storage space available?

Well it is surrounded by vacuum.

Re:Seriously?

[KGIII]

'P U' (phonetic) is an English phrase meaning, "it stinks." So 2/3rds (two out of three) letters of the word 'pun' are the letters 'p' and 'u.' Those letters combine to make the afore mentioned phonetic 'P U' (stinks) and are yet another bad pun (play on words) like you have in your signature.

Now, a joke is not funny if you have to explain it. It is probably my fault but I am still going to blame you because 'P U' is very common and well understood so I should not have had to explain it. Also, I am not sure if a pun qualifies as a joke. In some areas it may be a capital offense.

Re:Seriously?

[TheDarkMaster]

Well... You do not even need to go testing to see that if you writes to a file and do not clear it at some point, soon or later you will have size problems. Today's developers do not pay attention to details like the previous ones.

Re:Seriously?

The special trait of Microsoft's comma separated files is that the comma usually looks like a semicolon. Pffht.

Re:Seriously?

able to accept a remote command to litterly send a reboot command to the power supply. satellite have these.

Satellites have cats?

Re:Seriously?

Their mistake was using Linux. I mean seriously, using Linux on a mission critical operation like that? What did they expect would happen? Linux barely works on a PC right in front of you without constant intervention and tweaking.

They should have used QNX or VxWorks.

Re:Seriously?

[golgotha007]

And boom goes the dynamite.

Re:Seriously?

[edxwelch]

Not to mention why are they using a text file in the first place? If it's going to grow more than a megabyte it should be stored as binary. I suppose they thought it was cool that they could load in MS Excel

Re:Seriously?

[nitehawk214]

These guys did not launch a satellite, ULA did. Basically LightSale simply took a ride on an Atlas 5 that was deploying the X-37B and was thrown out as a secondary payload. Pretty much anybody can do that. A lot of CubeSats are often made by college students.

Also, describing CSV and measuring files in songs makes me want to punch Bill Nye, and I love Bill Nye.

Re:Seriously?

[mattack2]

Bogart's character said "Play it, Sam".

Re:Seriously?

Glad I allowed my membership to lapse just recently.. The Society has jumped the shark with Nye at the helm, IMO.

Re:Seriously?

[macs4all]

Bogart's character said "Play it, Sam".

Right. But everyone always mis-quotes it as "Play it AGAIN, Sam.", hence my reference.

Re:Seriously?

[mattack2]

Yes, I know, I was simply providing information about what he ACTUALLY said.

(Since I was/am too lazy to look the rest of it up for sure, the full line was something close to "You played it for her, so play it for me. Play it, Sam.")

Re:Seriously?

Of course, Emacs would never let you type that as a command. If you're going to make up an Emacs command, might as well make it a legal one.

Re:Seriously?

[kuzb]

The real question is that, if they can get it online, can they update the software to correct the problem?

Re:Seriously?

[kuzb]

So get on building your own so we can see how it's done right.

Re:Seriously?

[macs4all]

Yes, I know, I was simply providing information about what he ACTUALLY said.

(Since I was/am too lazy to look the rest of it up for sure, the full line was something close to "You played it for her, so play it for me. Play it, Sam.")

I think you are correct; but this is where I have to sheepishly hand-in my movie-geek card, and admit that in all my 59 years, I have never once seen Casablanca from start to finish. In fact, I think I've only seen about two scenes from that movie, ever! (But that happens to be one of the two scenes that I have seen)...

Re:Seriously?

"have a mechanism in place to force reboot"

It's called a watchdog timer, and it's been standard on pretty much every embedded system since forever, especially mission critical ones. Requiring a command from HQ to reset the timer would have been even more sensible

Re:Seriously?

[amicusNYCL]

No problem. If you can get me the $4 million that The Planetary Society had for this, then I'll put something together for you.

Re:Seriously?

[mattack2]

I'm not even a huge fan of old movies, but I do think it's very worth seeing. Even if I didn't enjoy it (I did), I would think it's worth seeing for a cultural awareness "take your medicine" reason. (I should take my own advice and see "Citizen Kane" someday.)

Re:Seriously?

[thegarbz]

Naive CSV parsers are trivial, but also break very very easily (ex. embedded new lines in a quoted field; quotes in a quoted field; mixed quotes; etc).

That is only a concern when the inputs aren't within your control.

Also while CSV isn't compact it is human readable. Binary files have their place, but just like the complaints about binary logging in OSes storing data in plain text makes it very resistant to corruption and easy to debug. It's also far easier to deal with strings of plain text when you're an amateur coder, and ...lets face it....do you trust someone who can't prevent a file from dynamically growing to create their own binary format that would be in any way reliable?

Re:Seriously?

[Livius]

There's one scene where Rick whispers something to Sam and then Sam starts "As Time Goes By", so presumably he could have said 'again' that time.

Re:Seriously?

Lesson #1: leave this software project off your resume

Re:Seriously?

[ChrisMaple]

The Garbo quote is genuine; it comes from the movie Grand Hotel and she says it twice. https://www.youtube.com/watch?v=tojjWQvlPN8

Re:Seriously?

He's too busy listening to MC Hammer and drinking Crystal Pepsi to hear you.

Re:Seriously?

[Rockoon]

I wonder if Bill was doing any high-fives before the failure: high fiven white guys

Re:Seriously?

According to Google, Apple, etc. etc.

Everyone can code

Guess they found theirs from kindergarden...

Re:Seriously?

[SgtAaron]

uncle

No one is perfect, bro. How long have I been doing this? Awhile, but still learn something new just about every day. Geek on!

Re:Seriously?

Using CSV on-board a spacecraft instead of a binary format is straight-up stupid. Source: worked on spacecraft for half a decade.

Re:Seriously?

[Skarjak]

This post has just the right amount of contempt to put a smile on my face. I like you.

Re:Seriously?

Now all it needs is a decent text editor.

Re: Seriously?

As someone who doesn't go out of his way to watch old movies, I will say you should watch it. Quite a good movie.

Re:Seriously?

[macs4all]

This post has just the right amount of contempt to put a smile on my face. I like you.

Thankyouverymuch! I'll be here all week.

Don't forget to tip your bartenders and waitresses...

But seriously, it does make me feel a little bit like we're living in the "Idiocracy"-universe to think that this obvious of errors actually made it into the original design, let alone off the launch pad.

I read up a little on this, and supposedly, there IS a hardware watchdog timer; but the timeout appears to have been set to either 30 or 45 DAYS (WTF?!?); so half the mission will be over before they even get a CHANCE at a hardware Reset. But, since the frickin' log file may have already written over critical parts of the OS, it may be a very moot point.

As for the log file debacle, they explain that they had a fix ready to upload "on the next pass"; but that is when the bird fell silent. Ok, whatever. NASA has to upload code in-flight, too. But I can't understand why there even IS a log file in the first place. Who is going to read it? If they are transmitting "beacons" every 15 seconds (WAY too often IMHO), then they should have simply transmitted the last "n" records of the log file at that time, and then wiped that buffer clean, rather than keeping a log FILE, FFS!!!

But unfortunately for "Dr" Bill Nye and friends, that's all hindsight now.

Re: Seriously?

But a telemetry code is going to be hard to calculate if it isn't moving through space. Sounds like they missed a chance to test the satellite as it changed positions?/telemetry?, sending code packets. Not sure what they mean by telemetry

Re:Seriously?

[Shalhav]

Of course this isn't Microsoft's fault, it's Apple's!

Great opportunity to say, "Apple Sux!" I was wondering how I could work that in for an article like this. While I'm at it, Emacs > vi.

Re: Seriously?

Or "M-x supernova RET" if your keyboard is like mine and doesn't have a supernova key.

Re:Seriously?

[arglebargle_xiv]

Their current plan is to wait charged particles to affect electronics so that it forces a reboot.

That's a pretty desperate plan, I realise that single event upsets in space are a non-uncommon event, but man, this is really last-resort stuff, the terrestrial equivalent of which would be "there may be a lightning strike in the vicinity which would glitch the electronics and cause a reboot". Sure, or there may not, in which case you're screwed. As the OP said, how was this not caught in testing?

Re:Seriously?

[kuzb]

Raising that cash is part of the job you'll need to undertake. Sorry. That's really the problem with people like you. You sit in your armchair and tell everyone how badly they did, giving the notion that somehow if you had been in charge that it all would have been problem/mistake free.

I doubt you have even a fraction of the expertise required to even begin doing what they tried to do.

Re:Seriously?

[jaxn]

Bill Nye always inspires me to punch Bill Nye in the face. Anyone who calls himself "The Science Guy" should automatically be disqualified from accepting money to build spacecraft. This problem could have been solved 50 ways to Sunday. To begin with, do they seriously not have enough storage/ram to accomodate a 32MB file? There's no watchdog in place, no mechanism for archiving/deleting the oldest entries when it gets too large? And again, I just have to say, I had simple teeny tiny small form factor servers in rack upon rack, and even then we had a shit ton of storage per node. This is downright lazy, poor engineering/design, and implementation. Everytime I see him or hear his voice I just cringe. I knew he was going to fuck up Sagan's dream.

Re:Seriously?

[jaxn]

I mean seriously, what did they do, put a 128MB SD card in that machine? NO EXCUSE. They obviously knew about this in advance, or they wouldn't have an explanation already, from a craft that has fallen out of touch. I call foul on the play (and I hate sports metaphors).

Re:Seriously?

[jaxn]

If we can cram 4-8GB in a smartphone form factor, with hundreds of GB of onboard memory, there's no reason they couldn't have done something along those lines. With however many millions they solicited, it wouldn't be _that_ hard to find something more stripped down than a phone, but with the capacity for more RAM and storage. It would be light, small, and perform far better. That said, it's still an utter failure in the software engineering portion.

Re:Seriously?

[amicusNYCL]

You're comparing my expertise with the collective expertise of everyone who worked on this project? Well, you're right, "a fraction" is correct for the relationship between my expertise and theirs. I don't know what that fraction is, but it is most certainly "a fraction".

Raising that cash is part of the job you'll need to undertake. Sorry.

Why? Why is it the job of a programmer working on logging to raise $4 million? Isn't that the CEO's job? I don't expect the CEO to debug code, so why am I required to raise funds?

Re:Seriously?

What do you expect from a group crowdfunding it and running it with open sores software?

Re:Seriously?

[Agripa]

Think of it like running win32 on a 64-bit chip with 8GB of RAM. It's nice having 8GB of RAM but Windws can't actually address it - it's a 32-bit kernel which means it can only address 4GB.

This is not the best example since win32 including Windows XP before service pack 2 can address more than 4GB of RAM through PAE. Individual programs are limited to 32 bits of addressing (and from 2GB to 3GB of virtual address space) but multiple programs can be running with a total address space considerably larger than 32 bits will support.

Should have used apps!

App appers know that apps can app 32 mega-apps without apping!

Apps!

Re:Should have used apps!

[atouk]

How much v Could a LightSail see If a LightSail could c s v

Re:Should have used apps!

How much v Could a LightSail see If a LightSail could c s v

s. Duh.

ten compressed music files!

How much is that in library of congress?

Please, I'm no nerd, I don't know this "technology" stuff.

Is this a joke?

I don't even know where to start.

Re:Is this a joke?

[ArcadeMan]

How about staring at file offset 33554432? (assuming they mean 32MiB and not 32MB).

Re:Is this a joke?

[nedlohs]

No they mean MB because they even though they've crowdfunded a tiny satellite launch they are still not as autistic as you.

Re:Is this a joke?

[ArcadeMan]

Ok, so they have a problem when going over 32 000 000 bytes.

Re:Is this a joke?

[nedlohs]

If it makes you feel better, sure think that the rest of the world is as autistic as you.

Re:Is this a joke?

I'm assuming you don't often get past a first date, do you?

Re:Is this a joke?

You can keep going for the ad hominem with him all day, but you're the one who sounds stupid. I've actually run into programmatic issues differentiating MiB and MB on storage arrays that handle multiple PBs of data, and customers get a little antsy when you have to explain to them why they have several TBs less space than they thought they had. It is a real-world problem, and you sticking your fingers in your ears and humming really loud doesn't make it go away... it makes you look autistic.

Re:Is this a joke?

[grimmjeeper]

The point is that the original article was written for the general public. And while most good engineers understand the difference between 32 MB and 32 MiB, the distinction is lost on the general public. Hell, for the most part, most computer savvy people don't care about the distinction in general. Only the most anal-retentive, pedantic types get their knickers in a twist over it.

Sure, if I am designing something I want accurate specifications so that it removes ambiguity when I have write the code. But outside of that, I will use MB and MiB interchangeably, knowing full well that they are not exactly the same. But when you're having general discussions, you're rarely doing anything more than discussing an order of magnitude so you don't have to be precise all the time.

The few purists I have run into who piss and moan about the difference between MB and MiB in general use are some of the most annoying types of people I've ever run into. They're worse than any SJW trying to push their agenda down your throat. They're not just overly pedantic. They're passive aggressive about it. And that's what really makes people dislike them.

Bottom line, MB and MiB are interchangeable in the modern vernacular. Unless you're talking about the details of an engineering specification, it just doesn't matter. Please develop those interpersonal skills and suppress the urges to "correct" people. It will go a long way to improving your ability to win friends and influence people.

Re:Is this a joke?

I didn't correct anyone, besides perhaps the guy who is going around calling people "autistic," because that's apparently the new insult to replace "fag" and "retard."

The point you seem to be glossing over is that we are discussing an engineering specification -- that's the entire topic of this debate.

Re:Is this a joke?

[grimmjeeper]

The article is about overflowing a file system. It doesn't matter if it's 32MB or 32MiB. The file system would still have overflowed in the same way. The nit picky detail about exactly how big it was is immaterial to the entire discussion. The failure point is that the system was designed in such a way that the file was able to fill up the file system (regardless of how big it was) which resulted in bricking the whole system. Now can we stop wasting time debating a retardedly pedantic point that only autistic people care about but has nothing to do with the actual failure?

Re:Is this a joke?

Well, since you're just as much of a tool as the other guy, I'll put it down for you in an easy-to-consume format: if there was indeed a constraint on the file, but it was given in MiB, while the filesystem itself was provisioned in MB, you would end up with an unexpected overflow that was designed around, but improperly engineered. Get it now, troll booth? That's the point the OP was trying to make.

Re:Is this a joke?

[grimmjeeper]

The CSV file does not get culled at a specific point before failure. The application keeps blindly appending to it regardless of size. It would continue to grow until the fail point. It doesn't make one god damn bit of difference if the fail point is at 32MB or 32MiB.

Is that such a hard idea for you to understand?

Let me put it another way. Try driving your car at full speed towards a wall without stopping. Does it matter if the wall is 10 yards away or 10 meters away? I guarantee that when you're on the news, it won't make any difference.

Re:Is this a joke?

Ah, well since you're privy to the garbage collection variables at play in this situation, I guess we can blame you for the loss of this satellite?

No? You don't actually know what the fuck you're talking about? Fancy that. I think we were done here a couple of posts ago.

Re:Is this a joke?

[ArcadeMan]

Actually, I wanted to make a joke about the maximum file size overflow problem and I specified MiB to avoid arguments about 33554432 vs 32000000 bytes in the first place...

Whew! I nearly funded that one...

I try to fund a kickstarter about once a month that has some scientific value. I nearly funded this one but figured it wouldn't have any problems funding so I went for smaller projects instead.
 
Money well saved!

Re:Whew! I nearly funded that one...

[camperdave]

Meanwhile, at Planetary Society's headquarters...

Well, Jason. What have you got to say?
Well, Mr Nye...
Doctor! It's Doctor Nye.
But I thought those were honourary degrees.
It is DOCTOR Nye. Say it! SAY IT!
Y..Yes. D..D..Doctor Nye.
So, what happened to our bird, Jason?
As you know, um... Doctor Nye... We used a kickstarter campaign to fund the satellite's development and testing.
Get to the point, Jason.
We ran out of funds. If we had one more donor, we would have been able to complete the final testing.
So we lost the satellite and now face public humiliation because one anonymous person was too cowardly to donate?
Yes. Um.. Doctor Nye. That's about the size of it.
Well, Jason. That fellow had best pray that he and I never cross paths. You may go.

Re:Whew! I nearly funded that one...

That's ok. I could break Bill Nye like a twig and I'm still getting a DVD or a poster or something signed by someone who no one has ever heard of anyway.

Re:Whew! I nearly funded that one...

This was nothing more than a Space Nutter religious ceremony.

CSV

I know the average IQ at /. has gone down over the years, but I think the explanation of what a CSV file is is slightly too much dumbing down.

Re:CSV

It doesn't even have to do with IQ, just with level of technology knowledge.

Re:CSV

[ArcadeMan]

I think the "32 megabytes—roughly the size of ten compressed music files" part is even more insulting.

Re:CSV

What does IQ mean?

Re:CSV

[gstoddart]

Honestly, I'm surprised they didn't try to define space, Linux, and solar.

This sounds like someone failed to run a bench test where the system was up and running for an extended period of time.

Which strikes me as utterly bizarre.

Re:CSV

[frooddude]

Can I get that in Libraries of Congress? I mean damn, how am I supposed to really know how big it is?

Re:CSV

[itzly]

Sounds more like someone forgot to put their thinking cap on.

Re:CSV

That's copypaste from their post to backers - a post that was deliberately "dumbed down" so everyone could understand it.

Re:CSV

A spacecraft test is like a really long road trip. And 32MB is like ten songs, which is like 30 minutes. If I had to listen to the same 10 songs over and over, twice an hour, 48 times a day, on my road trip, I'd get pretty freaking silent as well. And even if I started yelling, it's space, where no one can hear you scream.

Thanks Slashdot for helping me understand the hard stuff. And I used commas, which means I used Excel.

Re:CSV

[gstoddart]

Oh, 32MB would be like pico or fempto-LOCs (possibly even less) ... it's slightly less than 4 empty .xlsx fles (which are like CSV files, but different ;-)

You can buy about 1000x that amount of storage in the express checkout at Wal Mart for under $10.

Re:CSV

[LWATCDR]

Yep
Slashdot news for ?

That being said really? It crashes at 32Gigs? That is a odd bug to not get caught in testing.

Re:CSV

[Megane]

To be fair, that was copypasta from TFA. And they carefully omitted the next sentence: "The manufacturer of the avionics board corrected this glitch in later software revisions. But alas, LightSail’s software version doesn’t include the update."

That still doesn't excuse a problem that would have been found by bench-testing the thing for a few days before sending it up. Nor does it excuse constantly appending one file to store data in an unattended system. Also, anything that JPL sends up has a backup channel that can push that little red button on the main computer. All they can do now is hope for cosmic rays to reboot it randomly. At least it's in LEO and not zipping off into interplanetary space.

In the meantime, the team is looking at several fixes to work around the software vulnerability once contact is reestablished. One is a Linux file redirect that would send the contents of the troublesome beacon.csv file to a null location, a sort-of software black hole. Lab testing on this fix has been promising—over a gigabyte of beacon packets have already been sent into nothingness without a system freeze.

Well, isn't that special. Now they test it. So if they can just link it to /dev/null, did they really even need that data? It's always fun to cause a mission to fail by recording data that wasn't even needed.

Re:CSV

[PvtVoid]

I think the "32 megabytes—roughly the size of ten compressed music files" part is even more insulting.

True that. It should have been in Libraries of Congress.

Re:CSV

[fahrbot-bot]

I think the "32 megabytes—roughly the size of ten compressed music files" part is even more insulting.

Especially when the -- well known -- standard unit of measure is "Libraries of Congresses".

Re:CSV

[pr0fessor]

It's just a copy/paste from TFA which is apparently targeted at someone with no technical knowledge what so ever.

Re:CSV

[ArhcAngel]

Extended testing was one of the stretch goals. Sadly they never reached that tier.

Re:CSV

Ya, as anyone who deals with crashing computers understands, Libraries of Congress are the only units us People Magazine readers can understand.

Re: CSV

You just described commercial radio's business model. Did you get permission to publish their prior art?

Re:CSV

[ihtoit]

yeah but the track width on a 32GB SD card would last about 3 seconds in space before a charged particle zaps across it and blows the whole deal.

Re:CSV

Yep, they'll let anyone on the internet these days.

Re:CSV

yeah but the track width on a 32GB SD card would last about 3 seconds in space before a charged particle zaps across it and blows the whole deal.

Such a card would certainly be vulnerable, but not completely ruined by a single particle-strike. Only a portion of the memory would be damaged, and in principle, could be swapped out. However, over time, the memory would be turned into unusable swiss cheese.

Re:CSV

Lots of people who visit the Planetary Society's web site would have no idea what a CSV file is.

Re:CSV

[pr0fessor]

Bill Nye the Science Guy is their CEO so...

Re:CSV

[schlachter]

what's a music file...doesn't everything just stream in as needed?

Re:CSV

And who compresses music that much, anyway? Maybe back in the days of Napster Prime, sure... But in FLAC or an equivalent codec? Yeah, that's like two or three songs, at best.

Re: CSV

[Surak_Prime]

I assume you mean the part where they think any of us listen to MP3s of music at such a shitty bitrate? ;)

Re:CSV

[Dr.+Zim]

Could be paid by the word...

Re:CSV

[luis_a_espinal]

In the meantime, the team is looking at several fixes to work around the software vulnerability once contact is reestablished. One is a Linux file redirect that would send the contents of the troublesome beacon.csv file to a null location, a sort-of software black hole. Lab testing on this fix has been promising—over a gigabyte of beacon packets have already been sent into nothingness without a system freeze.

Well, isn't that special. Now they test it. So if they can just link it to /dev/null, did they really even need that data? It's always fun to cause a mission to fail by recording data that wasn't even needed.

You hit it on the nail with this one.

Re: CSV

[ArcadeMan]

Well, if you're still using MP3 in 2015 instead of another superior CODEC, there's no point in arguing with you about bitrates. ;-)

Re:CSV

[nitehawk214]

Then the submitter and editors are the morons for simply copy-pasting the summary.

But then, that kind of goes without saying here.

Re:CSV

[pr0fessor]

As for the original article Bill Nye the Science Guy is the CEO so...

Re:CSV

There are no lemons in space.

Re:CSV

[Bathroom+Humor]

I prefer to use compressed video measurements.
That would be around 1/10th hour of compressed standard definition video per CSV file per LightSail.

Re:CSV

Bill Nye, the TV Science Guy!
Dumbing things down inaccurately since 1993.

Re: CSV

[Surak_Prime]

Hey, I use FLAC in environments where I think lossless is worthwhile - but a good 320kbps MP3 is still just fine for the car, where there's going to be engine and road noise, anyway. :)

Re:CSV

lol. https://www.youtube.com/watch?v=hIk3j9vvIAQ

Re: CSV

[ArcadeMan]

I use HEAAC at 64kbps for the car. ;-)

Re:CSV

[Agripa]

They should have used the standard LIB unit, Libraries of Congress.

Comment removed

[account_deleted]

Comment removed based on user account deletion

How embarrasing

[Tyrannosaur]

You'd think that something as small as 32MB would have been tested before they launched the thing... It doesn't sound like it takes very long to fill up 32MB either

Re:How embarrasing

Well... a 32MB video file is small. A 32MB CSV file contains a lot (I believe the technical term is "crapload") of data.

Re:How embarrasing

Launching something without a hardware watchdog timer that resets the computer as needed was the bigger mess-up.

You can always miss something in software testing. Bigger satellites and probes have "safe modes" etc for a rason. What is inexcusable is that they launched a piece of hardware that could even in theory "hang" without any way to "hard reset" it (beyond praying for a stray cosmic ray to trigger a reboot).

Re:How embarrasing

[sycodon]

Sounds like it's pretty much a transponder in an airplane.

I wonder why they are even logging this information?

Re:How embarrasing

[ihtoit]

21,000 pages of plain text (assuming "average" page of 80col, 20 row), going by my head math.

Re:How embarrasing

[Dan+East]

It doesn't sound like it takes very long to fill up 32MB either

Nope. Just ten compressed audio files would do it.

Re:How embarrasing

[luther349]

linux can have years and years of uptime and relly with no updates hitting it as long as the hardware last this was a user error case hear having the os share space with storage on a system your not able to well go reset if something goes wrong should be self contained so if thers a storage problem the os itsself is not out of memery/

Re:How embarrasing

[Boronx]

How many long versions of "Freebird" is it?

Re:How embarrasing

[luther349]

yep people get to fancy because its a space craft when really you literately should keep it simple. we whent to the moon on computers no more powerful then a modern calculator. and some of are oldest probes the same thing.

Re:How embarrasing

32 MB should be enough for anyone. ;-)

Re:How embarrasing

[chihowa]

They're probably logging the telemetry so that it can be retransmitted if they miss a beacon. The transmitter on this thing is pretty low power and the telemetry is presumably the valuable information that the sat is determining. That said, there are a number of ways that they could better handle the logs than to just let them grow and grow.

Re:How embarrasing

Four hundred and twenty son!

Crowdfunding strikes again!

Nothing like a thoroughly tested system eh? It was only going into space at an exceptionally high cost.

Wonder if they have thought about the more difficult issues: http://en.wikipedia.org/wiki/Single_event_upset

Good luck with that one guys, you will need it!

Systems Administration 101

[plopez]

Roll your log files. I smell a DevOps debacle.

Re:Systems Administration 101

A thousand times, this. Any competent sysadmin would have pointed out this flaw in the design process (as well as the one about not being able to remotely reboot your server), but I'm willing to bet good money that they didn't involve a competent sysadmin, because who needs those any longer...

Re: Systems Administration 101

[Nukem,Duke]

That's right. Sysadmin...meh. That is why we have the cloud (or space).

Re:Systems Administration 101

[prefec2]

Any competent software designer and developer should have known basic rules of embedded systems. One of them: Do not use dynamic memory (and files are just alike). If you need space all the space you need must be determined at compile or design time. BTW why store all this data in the device? This should have been (if at all) implemented as an round robbing database. Yes that overwrites old data, but who cares? If you need all the data you should have calculated the amount for the complete mission and reserved enough memory for that. And why did they use a CSV file? Are their physicists?

Re:Systems Administration 101

This should have been (if at all) implemented as an round robbing database.

That's "round robin".

Re:Systems Administration 101

[macs4all]

A thousand times, this. Any competent sysadmin would have pointed out this flaw in the design process (as well as the one about not being able to remotely reboot your server), but I'm willing to bet good money that they didn't involve a competent sysadmin, because who needs those any longer...

SysAdmin, hell! Any 12-year-old HOBBYIST would have pointed this out; or would have known better in the first fucking place!

Re:Systems Administration 101

[ITRambo]

Pedantically, you are correct. However, in this instance "round robbing" seems apropos.

Re:Systems Administration 101

I'm a devops guy and unlike a developer who has no idea about the actual system, I'm exquisitely sensitive to the size of files and file systems.

Re: Systems Administration 101

Waterfall forces planning upfront, but wouldn't be as cheap as broken software.

Re:Systems Administration 101

[Blaskowicz]

Robin Hood was caught robbing hounds all year round.

Re:Systems Administration 101

Yes, if by "DevOps," you mean "developers who think they understand operational environments."

Fortunately, most DevOps guys and gals I know have a much stronger operational background, and actually understand the implications of "pretending you have unlimited space for a non-rollover log file," and how that will result in fucked up systems.

So i guess you meant, "I smell a dumb developer who didn't consider his operational constraints," right?

UAT

[Charliemopps]

I'll never understand how groups (Especially NASA) can spend millions, or even BILLIONS on projects like these and not even complete the sorts of rudimentary testing that those of us in the professional software fields have to do every day. Ok, this computers going into space and going to run for days/months/years... whatever... so hey, maybe we should boot it up while it's still on the ground and see if it'll run for a couple of months without crashing first?

One of the mars rover had the same problem. It worked fine, but after a week or two it died because of a flash bug... they'd never tested it on earth for a week strait prior to launching a billion dollar piece of hardware?!?! What's wrong with these people? This is rudimentary stuff. You test it prior to launch for a long period of time. Then box it up and don't touch it. If you make any changes, re-test.

Re:UAT

[itzly]

Well, how do you test it before you're happy ? If the beacon is 40 bytes, and transmitted every 15 seconds, it would take half a year before you fill up 32 MB. That's a long time for testing.

This is the kind of mistake you shouldn't even make in the first place.

Re:UAT

[Lumpy]

The problem is they hire programmers from EA.

it compiled! OMG! Launch it!

Re:UAT

[bondsbw]

One way to test that is to simulate time. A simulation wouldn't need to wait 15 actual seconds, it could speed up time such that transmissions run immediately after the last, until the test has surpassed the expected lifetime of the mission.

If this were able to be done once every millisecond instead of once every 15 seconds, they would have run across the bug within 14 minutes.

Re:UAT

You write your test so that it sends the 40 bytes to the csv file every 10 milliseconds instead of every 15 seconds. You are allowed to compress time when you are testing something that isn't necessarily time dependent.

Re:UAT

First off.. LightSail isn't a NASA mission.. it's a low budget cubesat and cubesats tend to trade risk for rigor.

NASA does run stuff for days/weeks/etc in testing. And you'll note that the Mars rover flash file system thing was able to be recovered from, thanks to smart people at JPL realizing that you always need a way to recover. This is not necessarily the case for cubesats, often built by enthusiastic grad students whose hair is not yet grey from living through near and actual disasters in flight projects: them young-uns just don't know any better.

As a practical matter, "running for weeks on the ground" isn't practical: As an experienced software developer, I'm sure you know how real projects are always running tight for time: and a space mission where the launch date is determined well in advance can't just say "oh, I guess we'll slip the release a few weeks". You're building the spacecraft and verifying that everything works as well as you can: you verify that you can wiggle all the interfaces, you verify that the debugger/backdoor capabilities that will allow you to recover work; you verify the watchdogs. And you get what test time you can, before you ship to launch.

Don't forget that for a lot of the testing, you reset the system state to a known starting point (that means wiping the non-volatile memory).

And then you test, if you can, during the 8-9 months the spacecraft is on the way to Mars (which is WHY Spirit had the issue: they got a lot more test time on the software in flight than they had during the 3 year buildup of the spacecraft on the ground; log files got bigger, etc.)

Re:UAT

You don't even have to do that. Monitor the parameters such as free mass storage space, memory etc over a period, and make sure you can account for any changes. If you only have 32MB, you really ought to notice 1/4 of a MB disappearing every day, and make sure that you have something in place to deal with the condition when the whole 32MB is used up. Pretty standard practice, it's not rocket science...

Re:UAT

Even consumer products get more testing (i.e. for months) than this project. Sounds like shoddy "engineering" to me.

Re:UAT

[itzly]

That can be very hard to do in a real-time system, at least on a physical board. Some things, like communication interfaces, or flash write delays, don't let themselves speed up by a factor of 15000.

Re:UAT

[itzly]

You write your test so that it sends the 40 bytes to the csv file every 10 milliseconds instead of every 15 seconds.

The moment that you think of doing that, is the moment that you realize that the file will grow too big.

Re:UAT

[grimmjeeper]

Speaking as an engineer working on software that is on the Orion spacecraft, I can say that rigorous testing is budgeted into the project from the beginning because it helps to avoid most of the problems like this. The testing that goes on with flight software is orders of magnitude more than you find for a traditional commercial product. You have to. The consequences of failure are, obviously, a lot more significant.

That being said, it's impossible to catch every single possible bug, especially as systems get more and more complex. But there are strategies that help reduce your risk. For example, you don't just run off to kernel.org and throw the latest stable release on a board. You pick operating systems that are maybe a bit harder to use (i.e. limited in what they can do) but are far better suited to real-time embedded work. And you certainly don't blindly append to a file without verifying that you're not going to overflow your space. And you always have an automated recovery plan for any dynamically allocated space in the event of an overflow.

This kind of failure is caused by amateurs making amateur mistakes. It was caused by application programmers who don't understand the consequence of failure in a constrained environment where you can't just click a mouse to restart the program. It was caused by poor planning and a lack of understanding of the environment in which they were designing. This was caused by hiring coders instead of experienced engineers. It was caused by trying to do it cheap rather than spending the money to do it right. They got what they paid for.

Re:UAT

[macs4all]

One way to test that is to simulate time. A simulation wouldn't need to wait 15 actual seconds, it could speed up time such that transmissions run immediately after the last, until the test has surpassed the expected lifetime of the mission.

If this were able to be done once every millisecond instead of once every 15 seconds, they would have run across the bug within 14 minutes.

But, even before the testing, comes the DESIGN. No one with more than two active neurons should have designed a system that cannot reboot itself, or that tried to grow a file (especially one that shared storage-space with the OS!!!) infinitely.

Bad Developer. Bad! Bonk Bonk on the head!

Re:UAT

[macs4all]

This kind of failure is caused by amateurs making amateur mistakes. It was caused by application programmers who don't understand the consequence of failure in a constrained environment where you can't just click a mouse to restart the program. It was caused by poor planning and a lack of understanding of the environment in which they were designing. This was caused by hiring coders instead of experienced engineers. It was caused by trying to do it cheap rather than spending the money to do it right. They got what they paid for.

I agree wholeheartedly with everything you said, except the last 3 sentences. I submit that they could have found PLENTY of "coders" (a/k/a "hobbyists") that would have not made these kinds of easily-foreseeable design errors.

These were errors that anyone with a few embedded designs under their belt, "engineer" or no, would have caught with ease. I know, because I have, repeatedly.

Re:UAT

[grimmjeeper]

If experienced engineers make these mistakes, it's unreasonable to expect that grabbing an average coder off the street will be able to foresee the problems. I've been doing this kind of work for decades and I have yet to find someone who doesn't have to be trained thoroughly to do it the right way. And even after that, we all review each other's designs before we start coding specifically because the trained engineers still make mistakes.

You're crazy if you think "coders" would not make these kinds of mistakes. It's a problem set they have never been exposed to and they have no idea that they even need to be looking for those problems in the first place. Hell, the problems are hard to find even when you know that you need to be looking for them in the first place.

This is rocket science we're talking about. It's hard.

Re:UAT

So Linux is a Real-Time OS now?

Re:UAT

[Maow]

I'll never understand how groups (Especially NASA) can spend millions, or even BILLIONS on projects like these and not even complete the sorts of rudimentary testing that those of us in the professional software fields have to do every day.

This is not a NASA project, so you've made a stunningly basic error in your first sentence. Not looking too good for attention to detail for someone "in the professional software field".

Regardless, if you want to see how NASA does software, or for anyone even remotely interested in how the best practices for true mission-critical software gets written, you can't find a more interesting story on the creation of space shuttle software:

The right stuff kicks in at T-minus 31 seconds.

As the 120-ton space shuttle sits surrounded by almost 4 million pounds of rocket fuel, exhaling noxious fumes, visibly impatient to defy gravity, its on-board computers take command. Four identical machines, running identical software, pull information from thousands of sensors, make hundreds of milli-second decisions, vote on every decision, check with each other 250 times a second. A fifth computer, with different software, stands by to take control should the other four malfunction.

But how much work the software does is not what makes it remarkable. What makes it remarkable is how well the software works. This software never crashes. It never needs to be re-booted. This software is bug-free. It is perfect, as perfect as human beings have achieved. Consider these stats : the last three versions of the program — each 420,000 lines long-had just one error each. The last 11 versions of this software had a total of 17 errors. Commercial programs of equivalent complexity would have 5,000 errors.

This software is the work of 260 women and men based in an anonymous office building across the street from the Johnson Space Center in Clear Lake, Texas, southeast of Houston. They work for the "on-board shuttle group," a branch of Lockheed Martin Corps space mission systems division, and their prowess is world renowned: the shuttle software group is one of just four outfits in the world to win the coveted Level 5 ranking of the federal governments Software Engineering Institute (SEI) a measure of the sophistication and reliability of the way they do their work. In fact, the SEI based it [sic] standards in part from watching the on-board shuttle group do its work.

The group writes software this good because that's how good it has to be. Every time it fires up the shuttle, their software is controlling a $4 billion piece of equipment, the lives of a half-dozen astronauts, and the dreams of the nation. Even the smallest error in space can have enormous consequences: the orbiting space shuttle travels at 17,500 miles per hour; a bug that causes a timing problem of just two-thirds of a second puts the space shuttle three miles off course.

Some of my favourite parts begin with the following quote:

The process can be reduced to four simple propositions:

1. The product is only as good as the plan for the product. At the on-board shuttle group, about one-third of the process of writing software happens before anyone writes a line of code. NASA and the Lockheed Martin group agree in the most minute detail about everything the new code is supposed to do — and they commit that understanding to paper, with the kind of specificity and precision usually found in blueprints. Nothing in the specs is changed without agreement and understanding from both sides. And no coder changes a single line of code without specs carefully outlining the change. Take the upgrade of the software to permit the shuttle to navigate with Global Positioning Satellites, a change that involves just 1.5% of the program, or 6,366 lines of code. The specs for that one change run 2,500 pages, a volume thicker than a phone book. The specs for the current program fill 30 volumes and run 40,000 pages.

That is how one writes software. NASA cannot be beaten when lives matter.

Re:UAT

[macs4all]

I've been doing this kind of work for decades

So have I. And I my specialty is in R&D of industrial control systems. Although I have never sent anything into space, I have been designing controls that if they crash, or even if they crash-then-recover, must do so in a graceful manner to avoid causing damage to equipment, or even injury or death.

For instance, one of my first embedded projects was a controller for a dynamic balancing machine. This particular dynamic balancer happened to be spinning-up Flywheels for Caterpillar Earth-Movers. Each flywheel was about 4 ft. in diameter, and weighed about a ton (literally). Then we spun it up to 1800 RPM, and figured out where the imbalance(s) were.

I figured out REAL early on (and without a "team") that if I "watchdogged" (or otherwise found myself back at the start of the code), that I couldn't just ASSUME that I could re-initialize Ports, Data-Direction Registers, etc; but rather had to "look around" at various inputs to see WTF was the REAL state of the machine, THEN try to do an ORDERLY shutdown and restart. Never once caused a flywheel to act like a Frisbee...

BTW, at that time, I was 20 years old, and completely self-taught.

So sorry; just because you are an "engineer", doesn't automagically make you a better Developer. Stupid is as Stupid Does.

Oh, and then there was the Project where I was contracted to develop a "Failover" system for Handicapped vans. Worked a treat. Never failed to detect input/output mismatch or switchover to the backup systems, and in far less time than a human driver could detect the failure, let alone reach for the "switch to the backup" switch while trying to keep their out-of-control van from flying into the ditch...

This is rocket science we're talking about. It's hard.

So are a LOT of embedded industrial control tasks. And MOST of them don't really allow-for a simple "Reset" in the middle of a Run-condition without "Very Bad Things"(tm) happening.

Moral of the story: You don't need a degree; you need an IQ. And experience.

Re:UAT

[gstoddart]

This is not a NASA project, so you've made a stunningly basic error in your first sentence. Not looking too good for attention to detail for someone "in the professional software field".

LOL .. no disrespect to the GP, but that level of attention to detail explains a lot about many commercial software products.

Just sayin'.

Re:UAT

[grimmjeeper]

So sorry; just because you are an "engineer", doesn't automagically make you a better Developer. Stupid is as Stupid Does.

I agree 100%. I've worked with some pretty dumb engineers.

But that's not really the point I was making. There's a difference between writing an app for a phone or a desktop and writing software for a safety critical embedded systems. The whole approach you take towards developing the software is different. You can't just throw an exception and have the user restart the program. There is no user to restart the system. Beyond that, you're usually operating in a constrained resource environment. You can't just allocate resources on a whim. You have to plan your resource use. You also have to consider determinism and latency. How long does that vector push_back() call take to complete? It depends on whether it's currently full and needs to expand it's space, including all the time to copy over all the existing data. And that assumes there's space to expand into. It wouldn't be a good idea for the flight controls to freeze while you wait for your push_back() to complete now would it? These are the kinds of things you don't have to worry about in a desktop application.

It's not hard to train a smart person to be a good embedded developer. Many competent developers learn how every year. All I'm saying is that just being a smart person and a good developer isn't enough. You need to know what to look out for before you will be good at developing satellite software, regardless of how smart you are and how good you are at "coding". If you don't know what to look out for, you're going to run into problems like this the hard way, as this project did. Had they been a little more rigorous in their development with more experienced people who knew better what to look out for, it's likely they would have caught this problem before it bit them in the ass.

It's the old adage. "Good judgment comes from experience. Experience comes from bad judgment." Having more people with good judgment would have helped them enormously.

Re:UAT

[TheDarkMaster]

...And you certainly don't blindly append to a file without verifying that you're not going to overflow your space...

This. And I do not need to be a enginner to see that. C'mon people, this one is very, very basic!

Re:UAT

[grimmjeeper]

The problem is that people get away with it all the time because their server has terabytes of room for a log file that gets automatically backed up and zipped for them. So they never think to check before they blindly spew out data.

People do this all the time. But I won't call them dumb for doing it. Because there's no reason to even consider doing it another way when you consider the environment they develop their applications in. Being very pedantic about checking every single thing you do in your code is tedious and time consuming. And for a regular application, it's a bit of a waste of time.

But that's why even very good software developers can make mistakes like this when they jump from a "regular" environment to one where resources are far more limited and the consequences of failure are much more significant. Things they had no need to worry about suddenly become very important but how are they supposed to know that until it trips them up?

But that answers the question "why does it cost so much to develop software for satellites?". Because you have to spend a lot more time developing error handling and correction. It also answers the question "can we do it cheaper and faster?", to which the answer is "not if you want to do it right".

Re:UAT

[grimmjeeper]

A lot of this type of process is SOP for pretty much any safety-critical real-time embedded software. The companies that design flight software for airplanes around the world follow a process that is not entirely unlike NASA's process. Because lives are at stake there too. Similar standards are applied to medical equipment as well, for much the same reason.

Working in an environment like this is tedious as hell but the software that you produce rarely has any problems. When it does, it's usually some obscure corner case that's virtually impossible to test for.

Re:UAT

[macs4all]

But that's not really the point I was making. There's a difference between writing an app for a phone or a desktop and writing software for a safety critical embedded systems. The whole approach you take towards developing the software is different.

Hence my diatribe above about the flywheel-balancer and handicap-van projects I have worked on. IOW, you don't have to go to space to find yourself involved in "mission-critical" applications. It isn't like there's designing for "Spaceship OS 1.2" vs. "Candy Crush Saga" with nothing in-between.

It's the old adage. "Good judgment comes from experience. Experience comes from bad judgment." Having more people with good judgment would have helped them enormously.

Or, as I always say: "Experience is what you get, when you don't get what you want."

Re:UAT

[thegarbz]

Well, how do you test it before you're happy ? If the beacon is 40 bytes, and transmitted every 15 seconds, it would take half a year before you fill up 32 MB. That's a long time for testing.

According to TFS it failed after 2 days. For something that's supposed to be up there for years I would have expected it to last more than 2 days. If it lasted half a year that would be far more forgiveable.

Re:UAT

Well, how do you test it before you're happy ? If the beacon is 40 bytes, and transmitted every 15 seconds, it would take half a year before you fill up 32 MB.

The launch was last week, so it took more like ten days. That sounds like a reasonable timeframe for testing.

Re:UAT

It ran for two days in real life.
They certainly should have tested it for that long. Just kick it off before heading home on Friday, and come Monday they would have discovered the problem.

This was incompetence, not some rare occurrence of a subtlety concealed edge case.

Re:UAT

More likely it has to do with this being a relatively quick-and-dirty, crowdfunded project, launching as a piggyback payload in a compressed timeframe. It wasn't a half trillion dollar, five decade long project out of NASA.

Re:UAT

[Maow]

A lot of this type of process is SOP for pretty much any safety-critical real-time embedded software. The companies that design flight software for airplanes around the world follow a process that is not entirely unlike NASA's process. Because lives are at stake there too. Similar standards are applied to medical equipment as well, for much the same reason.

I have heard otherwise about some classes of medical devices. I think of the embedded type.

http://arstechnica.com/securit...

http://arstechnica.com/securit...

There was a story recently where a device or class of devices listened on Telnet ports, but I can't seem to find a link.

Of course, there's the famous case(s) of the radiation overdoses from faulty UI implementations, etc.

What type of medical devices are you referring to?

Mebibyte is an idiotic term

and you are an idiot for using it.

Re:Mebibyte is an idiotic term

[ArcadeMan]

Just because you don't like the term doesn't make it wrong. Highjacking SI prefixes and changing their meaning is wrong and has led to countless problems.

Re:Mebibyte is an idiotic term

[David_Hart]

Just because you don't like the term doesn't make it wrong. Highjacking SI prefixes and changing their meaning is wrong and has led to countless problems.

And historical meanings shouldn't be changed simply so that marketing speak can be used to sell less at the same price.

I love how 1 MB of RAM is 1048576 bytes but 1 MB of storage is now 1000000 bytes of storage, simply because the hard-drive industry decided that they could make more money by using the same term, change the historical meaning in the computing industry from base-2 to base-10 (essentially downsizing the actual storage), and charging the same amount.

Either convert totally to GiB, MiB, etc. for everything computer related or stick with the old convention. It's when you are mixing the two in a particular context (i.e. computers) where you run into problems.

Re:Mebibyte is an idiotic term

[itzly]

I love how 1 MB of RAM is 1048576 bytes but 1 MB of storage is now 1000000 bytes of storage

Makes perfect sense. RAM is addressed with a N address lines, giving access to 2^N cells, so base 2 makes sense. For everything else, base 10 makes more sense, especially when you're talking about speeds.

simply because the hard-drive industry decided that they could make more money by using the same term

They didn't make more money because everybody was doing this.

Re:Mebibyte is an idiotic term

[ArcadeMan]

I wish people would stop thinking that hard drive manufacturers are the "source" of this so-called "problem". Digital communication speeds never used base 2, clock speeds didn't either.

People are simply stuck on terms like "Mebibyte" because they either don't want to accept the fact that mega is an SI prefix or because they don't like how the IEC units sound. Get over it.

Re:Mebibyte is an idiotic term

If you do the research, you'll find that hard drive makers have always measured in base 10. Memory was also often measured in base 10. So the 'old convention' is the right one. What was wrong is applying the 'new' base 2 convention for memory to things other than memory. It has even been pinpointed that the first time storage was displayed to users in base 2 (KiB, MiB, etc) was the Mac OS Finder. Does this mean we can blame Andy Hertzfeld for all of this? On the flip side, Mac OS X has also been a trailblazer in switching back to the proper base 10 displays.

Re:Mebibyte is an idiotic term

[David_Hart]

I love how 1 MB of RAM is 1048576 bytes but 1 MB of storage is now 1000000 bytes of storage

Makes perfect sense. RAM is addressed with a N address lines, giving access to 2^N cells, so base 2 makes sense. For everything else, base 10 makes more sense, especially when you're talking about speeds.

simply because the hard-drive industry decided that they could make more money by using the same term

Really... You do realize that disk sectors, file systems, etc. are all Base-2? Base-10 makes no sense whatsoever. In fact, there is a movement back to base-2 for storage sizes as the industry moves away from magnetic media to memory based storage (SSD).

I would argue that using Base-2 vs Base-10 for CPU speed is irrelevant. CPU speed is only useful when comparing CPUs that have the same architecture and are in the same family. Even then, people only look at which one has the higher number. If it was a useful indicator of processing power, then we wouldn't use CPU benchmark applications to compare between Intel and AMD CPUs or between different Intel CPUs, etc.

They didn't make more money because everybody was doing this.

If you take a chocolate bar and make it 10% smaller but charge the same price then your margins and profits go up. That's what the hard-drive manufacturers did by simply changing the definition of MB. Granted, it was a one time thing. But they did get a nice surge in profits around the time that they made the changeover.

Re:Mebibyte is an idiotic term

[itzly]

Really... You do realize that disk sectors, file systems, etc. are all Base-2?

Maybe one sector equals a power of two, but the total number of sectors can be anything that the physical disk holds.

If you take a chocolate bar and make it 10% smaller but charge the same price then your margins and profits go up

This has nothing to do with base 2 or base 10. You can just as easily sell a 360GB disk, or any other arbitrary amount.

Re:Mebibyte is an idiotic term

Coming up with units that are *unambiguously* binary equivalents to the decimal units of kilo, mega, etc., was actually a good idea, but it is too bad they came up with those ridiculous unpronounceable, unintelligible, gibberish names: kibi, mebi, etc.

I think they should keep the abbreviations for those units (KiB, MiB, etc.) and just come up with different names.

Re:Mebibyte is an idiotic term

"Makes perfect sense. RAM is addressed with a N address lines, giving access to 2^N cells, so base 2 makes sense."

All hard drive and SSD storage use basic storage units called sectors with sizes that are multiples of base 2 numbers
  such as 512 bytes, 4096 bytes and 8192 bytes because that is what operating systems use for page sizes since their
  memory is addressed with a N address lines, giving access to 2^N cells.

"base 10 makes more sense, especially when you're talking about speeds"

Sorry, I don't understand what this has to do with the size of storage in computers.

Re:Mebibyte is an idiotic term

They do make more money, because if they didn't do this they'd make less money since everyone else is doing it.

Re:Mebibyte is an idiotic term

[Agripa]

Makes perfect sense. RAM is addressed with a N address lines, giving access to 2^N cells, so base 2 makes sense. For everything else, base 10 makes more sense, especially when you're talking about speeds.

Hard drive sector sizes are powers of 2 (with exceptions which are irrelevant here) and they use power of 2 addressing for their interfaces (with some interesting exceptions) yet they switched to measuring capacity using base 10. I remember when they changed and agree with the poster; it was for marketing reasons. Capacity measured using base-10 seems larger than capacity measured using base-2.

Re:Mebibyte is an idiotic term

[Agripa]

Maybe one sector equals a power of two, but the total number of sectors can be anything that the physical disk holds.

It cannot be anything because the interface uses power of 2 addressing for the sectors. Does it make more sense to say that the current maximum size for a storage device using LBA48 is 128 PiB or 144.11518807586 PB?

Re:Mebibyte is an idiotic term

[Agripa]

People are simply stuck on terms like "Mebibyte" because they either don't want to accept the fact that mega is an SI prefix or because they don't like how the IEC units sound. Get over it [wikipedia.org].

Bits and bytes are not SI units. I will get over it when the memory manufacturers get on the ball and start selling 2.147483648 GB memory integrated circuits.

tachyon eddy

[The+Grim+Reefer]

It came across a tachyon eddy and is at warp speed on it's way to the Cardassian homeworld.

Re:tachyon eddy

[rotaryexpress]

Ha, I've been thinking of exactly this since the Lightsail project started.

The only way... really?

[gandalfur]

It is called a design flaw when the only way to clear a growing file is to restart an application.

lol

@"if you're not familiar with CSV files"

What the computer needs is ...

[CaptainDork]

... the ability (small code here) to power cycle and come backup in maintenance mode where it doesn't do anything on its own except receive diagnostic commands.

The computer also needs a sibling for fail-over.

There may be reasons those were left out that I would agree with.

I sure hope they can get this puppy lined out.

Re:What the computer needs is ...

[plopez]

No. They need programmers and sysadmins that knew that they were doing. E.g. roll log files and/or put logs on a non-critical partition. Systems Administration 101 for systems where memory and disk space are at a premium. It was a rookie mistake.

Re:What the computer needs is ...

This is exactly what happens when you let "devops" perform system administration duties. They think they know everything.

Re:What the computer needs is ...

It was a rookie mistake.

This is the dreamchild of Carl Sagan and Neil deGrasse Tyson. Unlike you, they are scientists. They don't make mistakes.

Re:What the computer needs is ...

"roll log files and/or put logs on a non-critical partition"
Bingo. What were they using, Ubuntu with a single root partition?

Re:What the computer needs is ...

[asylumx]

I'm not even sure what the spacecraft needs log files for anyway. Are they planning to recover it at some point and try to debug something?

Re:What the computer needs is ...

[grimmjeeper]

Not really. There's no good reason to have a log file filling up space in a file system on flight software. The data should be stored in a dedicated space and dumped when it is transmitted, ready for the next round. There's no need to store it locally after that at all. Flight software should be developed so that you don't need any systems administration at all. Embedded software 101 for systems that can't be easily serviced.

Laugh it up, nerds.

The next time you beat on MS or Apple for some flaw that hardly hurts anything just remember that your god, Bill Nye The Science Dork, and a whole crew of engineers couldn't be bothered to test a bit of code or make a Raspberry Pi reboot remotely.
 
LOLZzzz!!!!

Re:Laugh it up, nerds.

[bobbied]

It's a Pi? Then I'm pretty sure it will spontaneously reboot for them in pretty short order...

Re:Laugh it up, nerds.

[Dr.+Zim]

Pi? Chances are it's trying to reboot every time it gets the command, but the SD card is corrupt.

Just what humanity needed..

Another piece of high speed debris floating around in space.

Re:Just what humanity needed..

[Yoda222]

It's a low orbit cubesat, this debris will not stay low in orbit (a few month if they don't deploy the sailing part, if I remember correctly)

Accident code.

[Lumpy]

cat beacon >> beacon.csv
instead of....
cat beacon > beacon.csv

oops.

what the hell?

[slashmydots]

They launched it with that basic of a software bug that they already knew about? How about edit out the first line of the CSV file when you add another one and maintain a max length? Or write a backup code where if it fails to reboot, close and delete the file without rebooting.

Re:Professional Level FUBAR

I say professional because NASA screwed up a few years back with a probe to Mars when two systems attempted to communicate. One "spoke" in Kilometers, the other "Miles".

Actually this particular failure wasn't as obvious of an oversight as you may think. The reason it happened was because in an existing system one particular set of parameters were logged in miles since they weren't responsible for flight control (which NASA mostly uses metric for). Later on portions of this design were reused and an engineer decided to use the originally non-essential values as a feed into the navigation system.

The problem in this case is when you have something large and complex (a space craft) and a large organization with many projects (NASA/JPL) the younger generation tends to just rely on what's in place without doing the research they should.

That being said there were many times this particular error could have been caught on the ground and weren't, and that's a process failure. The "process" should have caught it.

Now get off my lawn!

Seriously? No File Housekeeping?

FIRED! ;)

Library of Congresses?

I'm unfamiliar with the compressed music file size as a metric? Is that "inna gadda da vida" length or "Her Majesty" length?

Re:Library of Congresses?

[BarbaraHudson]

For those of you who are too young to have heard of it, inna gadda da vida at 256kbps is 32,727,315 bytes.
Pink floyd's meddle at 320bps is 56,465,408 bytes

Disk Jockies would spin one of these when they wanted to have a 17 to 22 minute break.

Flying Penguins!!!

Should have used Windows; it reboots all the time! Dumb asses!

Re:Flying Penguins!!!

[Tablizer]

It's not a flaw, it's a feature.

Re:Professional Level FUBAR

I believed that one for a long time but it turns out the conversion error was actually well-known by the engineers and a correction burn was SCHEDULED to fix it. The managers, for whatever reason, never carried out the maneuver and the rest is history. Then, they blamed the engineers.

Re:Professional Level FUBAR

That is the official story, yes.

Re:Professional Level FUBAR

I say professional because NASA screwed up a few years back with a probe to Mars when two systems attempted to communicate. One "spoke" in Kilometers, the other "Miles".

That's absolutely not like what happened.

Hello, IT . . .

[jr88keys]

. . . have you tried turning it off and on again? :-)

Re:Hello, IT . . .

[bobbied]

. . . have you tried turning it off and on again? :-)

Ok. but I can't reach the power switch....

Use dbm

Had they used a simple Berkeley database like dbm, gdb, tdb (my favorite), deleting old records is trivial. Of course it is a little more complicated than CSV, but CSV is for moron Windows programmers anyway. This issue tripped up the Spirit Rover as well. Unimpressive. A rudimentary risk analysis would have identified this. The project deserves to be bricked.

Re:Use dbm

[ihtoit]

CSV predates *Microsoft* by at least twelve years.

Use Windows

This is why they should use Windows instead of Linux to run the thing. Windows would have rebooted by now.

Maybe

[NEDHead]

SpaceX can retrieve it long enough to hit the reboot button...

Re:Maybe

SpaceX can retrieve it long enough to hit the reboot button...

It would be cheaper to launch several new LightSail systems than perform a capture, reboot, release, and reorientation burn.

We don't need no stinkin' testing

[petes_PoV]

when some bug like this makes it through testing

Testing? what testing? If it compiles, it works. Every hacker knows this.

I have to say, when I read that the spacecraft ran Linux and had died, I naturally assumed that someone had left the auto-update enabled and it was busy trying to apply about 50 million kernel patches.

Re:We don't need no stinkin' testing

[thegarbz]

Really? If a system dies after sending it a reboot command I would blame systemd.

At least the post used "hope" as a noun

[jpellino]

and not as a verb. Using "hope" as a verb in spaceflight hasn't always gone very well in the past.

Re:At least the post used "hope" as a noun

[Megane]

But what about that movie?

Mirab, his light-sails unfurled!

Shaka, when the walls fell

Important to test a spacecraft

I think its clear why most space craft are vetted so much before launch. Because Geek Squad does not go into space.

Wasn't this Bull Nye's baby?

Did Bill Nye fuck this thing up? ? He is listed as a comedian on his wiki page, maybe he is playing a joke on you guys

Re:Wasn't this Bull Nye's baby?

[Boronx]

Bill Nye was a TV guy who got sucked into a science gig where he became famous. He apparently is under the delusion this makes him a top-notch scientist. I hope his role in the project was Fundraiser and not Chief Engineer.

Re:Wasn't this Bull Nye's baby?

[itzly]

You don't need a scientist for this. You need an engineer. Scientists are people that deal with spherical cows in circular orbits. Engineers know not to send a cow in space.

Re:Wasn't this Bull Nye's baby?

[Boronx]

IMHO there aren't many good engineers who aren't good scientists.

AllWorkAndNoPlayMakesJackADullBoy.csv

[TheRealHocusLocus]

How much is that in library of congress?
Please, I'm no nerd, I don't know this "technology" stuff.

6 Shakespeares... or
16.5 gzip-Shakespeares... or a whopping
22.6 bzip2-Shakespeares.

The Bard fares well by the Burrows-Wheeler algorithm for his works are so oft-repeated he even runs on and repeats himself. "...So all my best is dressing old words new, Spending again what is already spent" as RLE (run length encoding) and "To smother up the English in our throngs, If any order might be thought upon..." as MTF (Move to Front) Transform. "We render you the tenth; to be ta'en forth! Before the common distribution at your only choice... as encode to Huffmans and selection of the sweetest table, and "Spare your arithmetic; never count the turns. Once, and a million!... symbol usage stored as sparse array.

Here is a brief video clip showing the moment the LightSail team browsed the log file to discover the error.

32MiB

[rossdee]

They couldn't afford to pay Will Smith for that many sequels

You need redundant controllers..

[Karmashock]

Just two systems that do the same thing linked to the same antenna that operate in such a way that they're both not going to develop the same problem at the same time... and such that one can upload software patches to the other.

I believe this is the way a lot of the deep space probes were set up. They have a primary computer and a diagnostic computer. And while the main system drops or the diagnostic system drops they don't drop at the same time. The team on earth can figure out what is going on in one of the systems and instruct the other to fix it.

That is my understanding how how many of these systems work?

Re:You need redundant controllers..

Crowdfunded satellite == very small. If it's not a cubesat, it's something like it and, as such, is probably hitching a ride with much larger payload. There is VERY little room for power management, controller, and instrumentation. It's the only way even to APPROACH affordable regarding the actual launch and deployment.

Re:You need redundant controllers..

[Karmashock]

I suppose but we're really just talking about one extra CHIP. When I say some sort of back up system we have to keep in mind how small something like that would be. The back up system would furthermore not need to do everything the primary system does. Just use the comm antenna, accept diagnostic commands, and be able to reprogram the primary computer.

So, I'm talking about a chip that would be the size of your thumbnail. It wouldn't need independent power. It could draw from the same battery.

It sounds like what is wrong with the light sail could be fixed by just tripping the reset pin. The back up computer could do that. You send a signal that tells the back up system to trip the reset pin on the main computer. You could either keep doing that every few days or fix the bugged code.

Re:You need redundant controllers..

[ihtoit]

one extra chip, ten extra Watts, that's another twenty square inches of PV panel that needs to be facing the Sun.

Are we building a shoebox satellite or another Intelsat?

The difference between engineering for getting shit done AND having multiple failovers because FAILURE IS NOT AN OPTION and simply getting something up there in as small a package as possible thus not leaving ANY room for failovers, sophisticated power subsystems, orientation control, etc., is something like eight thousand pounds of mass.

Re:You need redundant controllers..

[itzly]

How are you going to share all the resources between two controllers ? What if the primary computer is hogging the comm antenna ? What if your secondary chip is hogging the comm antenna ?

Re:You need redundant controllers..

[Karmashock]

Fine... don't build the redundancies into the system. When it fails and Murphy says it will... all I can say is "oh well."

Re:You need redundant controllers..

one extra chip, ten extra Watts, that's another twenty square inches of PV panel that needs to be facing the Sun.

Are we building a shoebox satellite or another Intelsat?

The difference between engineering for getting shit done AND having multiple failovers because FAILURE IS NOT AN OPTION and simply getting something up there in as small a package as possible thus not leaving ANY room for failovers, sophisticated power subsystems, orientation control, etc., is something like eight thousand pounds of mass.

555(or 556) timer setup to trigger a reboot weekly unless reset - 600mW maximum (from the datasheet, I'm sure far less at only 5V). I don't know WTF chip you're using that 10W, but that's a lot of power for a simple watchdog timer.

Re:You need redundant controllers..

[ihtoit]

what, are you pumping raw, unregulated PV through that?

K.

Re:You need redundant controllers..

[Blaskowicz]

If you can't do the logs rollover thing right, you probably can't do failover right.
The diagnostic computer will be fine for 2^16-1 seconds, after which it will continuously reboot the main computer (or it will do so because of a slightly less silly bug).
The main computer, if correctly serviced by the diagnostic computer will enter a boot/crash/reboot infinite loop because the log issue is still there unchanged, so it will crash within 15 seconds.

Re:You need redundant controllers..

[Karmashock]

.... *pinches bridge of nose*... *takes a deep breath*...

Okay, how does a single radio broadcaster broadcast on dozens of frequencies at once? How does a cellphone tower sustain hundreds of phone calls at once? How does a tv satellite array handle god knows how many video streams?

You have one on one frequency and another on another. Is this not comically obvious?

Re:You need redundant controllers..

[Blaskowicz]

(replying to myself) Part of above comment is fairly stupid, as this whole story is about a fact that a reboot will clear the csv file. whoops!

For those who don't know what Linux is...

[tekrat]

Coming up next on Slashdot... Linux is an operating system, kinda like Windows or Mac OS, but built by a bunch of neckbeards, and uses about the same amount of space as 10 compressed music files. Some versions use less, some use more depending upon how it's configured.

Wow; I think it's time to move on from Slashdot. Taco would be spinning in his grave, assuming he was dead.

Oh great

[Voyager529]

A satellite running Linux is contingent upon a spontaneous reboot to function again? Great, now we'll never hear from that satellite again.

Clearly, the plan should have been to run the device on Windows 98. That way, it would only be out of commission for 49.7 days.

So...

was there any testing done beforehand? I am talking about profesional testing, not simple button press oh it works...

Such an easy error and undiscovered..." expensive this one was."

Re:Professional Level FUBAR

While it was ultimate NASA's failure, the problem was with software provided by Lockheed, all of the errors occured on the ground in the US, were noticed, but not acted upon by management. Ultimately, it was the failure of a PHB, as most royal f###-ups are..

IT

have you tried turning it off and on again?

32MB ought to...

[mutherhacker]

32MB ought to be enough for anybody...

Hindsight Solutions

You know, if they were using Windows as the OS, they would not have to "hope" for a spontaneous reboot...

Everyone was thinking it...

Seriously

Because making sure the log files dump after a certain size would be too much code right ?

The most interesting spacecraft.

[foradoxium]

We don't normally test our spacecraft systems, but when we do, we do it after launch.

WTF?!

Okay, first off, why make the satellite's systems log EVERYTHING? Aren't enough people listening to its broadcasts to catch "most" everything? Assuming they can remotely command the system to transmit all or part of its logs on demand, why not retain only the last n broadcasts worth of logs? Second, why in God's Vast Expanse (giggity) would they use CSV? I understand the environmental constraints probably rule out a full Linux install but is it really so hard to use something like SQLite? With a proper setup, the install as well as the log data can be kept VERY small. This would've allowed them simple purging of old data, extreme compression, and very low processing overhead.

Re:WTF?!

[ihtoit]

csv is next to plain text as it gets. Why would you want to be complicating shit?

Re:WTF?!

[Blaskowicz]

And you can easily extract data from it with a simple set of Unix commands like this! :

cat beacon.csv | tail -n 80| head -n 10

Updated Summary W/ Tech Terms Explained

[cve]

Last week a week is approximately the amount of time between new 'Keeping up with the Kardashians' episodes saw the successful launch of the Planetary Society's LightSail spacecraft, the solar-powered satellite that runs Linux Linux is like Windows for smart people and was crowdfunded on Kickstarter Kickstarter is a place to buy digital watches . The spacecraft worked flawlessly for two days, but then fell silent, and the engineering team has been working hard on a fix ever since. They've pinpointed the problem: a software software is like what you download from the app store glitch. "Every 15 seconds, LightSail transmits a telemetry beacon packet a telemetry beacon packet is like a tweet . The software controlling the main system board writes corresponding information to a file called beacon.csv. If you're not familiar with CSV files, you can think of them as simplified spreadsheets—in fact, most can be opened with Microsoft Excel. As more beacons are transmitted, the file grows in size. When it reaches 32 megabytes—roughly the size of ten compressed music files 32 MB is also approximately the size of 13 iPhone 6 selfies —it can crash the flight system The satellite's twitter feed blows-up ." Unfortunately, the only way to clear that CSV file is to reboot LightSail Like holding down the power and home buttons on your iPhone at once -- don't try this unless instructed by someone at the Genius Bar . It can be done remotely, but as anyone who deals with crashing computers understands, remote commands don't always work Like when Siri plays Billy Ray instead of Miley . The command has been sent a few dozen times already, but LightSail remains silent. The best hope may now be that the system spontaneously reboots on its own Like when drop your phone in the pool and it still works .

Re:Updated Summary W/ Tech Terms Explained

Oh! man, i can't stop laughing.

what the hell happened to /.

Re:Updated Summary W/ Tech Terms Explained

[ihtoit]

So much this!

Why Linux!?!

Spacecraft C2 is a place for an RTOS, some something as big and kludged together as Linux. Hell, it shouldn't be running on a virtual memory machine at all.

Kids these days.

Re:Why Linux!?!

[0100010001010011]

This is something that should have been done with any number of RTOSes. FreeRTOS is a good start, I prefer ChibiOS/RT.

Re:So they had the same problem....

[bobbied]

It's called "logrotate" and shame on you if you stared the logger and didn't configure it first.

Embedded and dynamic memory

Sure, follow those old embedded rules when we coded for Z80s and 16k of memory. And we counted cycles by hand.

Today, though, dynamic memory allocation is a reasonable thing. Granted you want to make sure it can't fail, and that "out of memory" is handled appropriately. This is non trivial, but hopefully, you have a generalized approach which can be rigorously tested, and then reused.

Hardware is cheap, software development is expensive: today it is much more appropriate to throw hardware resources at the problem and allow the software people to be more efficient. Particularly in a spacecraft, where flight hardware, while expensive compared to consumer stuff, is still cheap compared to people who are developing software for that flight hardware.

The other thing is that processors are MUCH faster today, so on the fly bounds checking is reasonable: Before pushing stuff on the stack, check to see if room is available. and, oh my gosh, what about array bounds checking to prevent buffer overflow. We're not coding for the 1MHz 1802 we used on Galileo any more.

The "totally deterministic" model of embedded must go, if we are to advance: it's harder to do correctly, but design for soft failure and recovery is a much, much better solution in the long run.

LightSail's problem, though, might be that the development team wasn't aware of the need for care. Cube-sat projects are full of aero-astro majors who have learned system engineering, and assume that data and spec sheets accurately and fully reflect the behavior of the devices they are using, because that's what they were taught.

Re: Embedded and dynamic memory

Hardware on Earth is cheap. When it has been launched into space... Not so much.

Re:Embedded and dynamic memory

[chuckugly]

Today, though, dynamic memory allocation is a reasonable thing. Granted you want to make sure it can't fail, and that "out of memory" is handled appropriately.

I don't completely disagree but you might watch the CPPCON 2014 presentation on the Curiosity rover for some insights into how the industry actually does things. One thing I noticed right off; rad hardened hardware is way behind the latest thing from Intel.

Re:Embedded and dynamic memory

[ihtoit]

some people still do code for the Z80 in 16KB of memory.

It is still in widespread use from robotic control systems to hardened consoles to law enforcement (it's the processing unit in portable breathalysers). Some modern mobile phones (some Ericsson models) still use the Z80. Some musical synthesisers use the Z80 in realtime voice processing. The Harvard Zed SBC uses a Z80 core.

Re:Embedded and dynamic memory

[plopez]

No. This is not a standard development environment. It is a special niche that requires a specialist approach. If you do not understand that a situation like this has special requirements you shouldn't be anywhere near the project. You cannot use a common 'code monkey' approach.

Re:Embedded and dynamic memory

LightSail's problem, though, might be that the development team wasn't aware of the need for care.

You can safely bet money that the question "Wait, what if fwrite returns ENOSPC" never occurred even once to the children of the Terabyte Age.

I won't even lie - my own large simulation program lacks any "is sufficient disk available for expected output" check. Why? It's writing to a 500TB main drive. The difference is, of course, that no1curr if my astrophysics program's last message before the MPI_Abort is "error: fatal: unable to open file for write: access denied: disk full" because I overran my quota.

Re: Embedded and dynamic memory

[camperdave]

The hardware is still cheap, just irreplaceable.

Re: Embedded and dynamic memory

Swarm used 20 MHz CPU with 4 or 8 MiB of RAM iirc. Swarm launched about a year and a half ago.

Multi core is coming to space. But the shared busses are causing serious issues.

I honestly wish you were dead.

Even the Wikipedia Autists have depreciated the moronic binary prefixes. NOBODY USES THEM.

Re:I honestly wish you were dead.

[grimmjeeper]

Too bad Canonical can't let go of it. But there will be purists who try to hold onto it at all costs, firmly entrenched in the idea that they are right and everyone else is wrong, even if no one else really cares.

Re:I honestly wish you were dead.

Except HPUX, AIX, and a handful of other Unixes and Linux flavors, so you'd better know how to recognize and translate betwixt them and modern storage arrays that don't, else your 40TB Oracle DB will run into read/write errors at around 36TB, and you'd damned well better have a hot failover plan, or you'll be updating your resume.

Re:I honestly wish you were dead.

[ArcadeMan]

Apple also uses them and last time I checked, they still sold a metric* shitload of devices every day.

* I did that on purpose just to annoy people who can't acknowledge SI prefixes.

Re:I honestly wish you were dead.

[grimmjeeper]

Except HPUX, AIX, and a handful of other Unixes and Linux flavors, so you'd better know how to recognize and translate betwixt them and modern storage arrays that don't, else your 40TB Oracle DB will run into read/write errors at around 36TB, and you'd damned well better have a hot failover plan, or you'll be updating your resume.

If you run an enterprise database and you don't have a hot failover plan regardless of the actual size you think it is able to handle, you should consider a voluntary career path adjustment before it becomes involuntary.

Re:I honestly wish you were dead.

Welcome to government provisioning, where "hot failover" means hardware with less than half the computing capacity of the production stack, janky networking, and a storage array that is provisioned in a completely different manner -- the only thing that saved their bacon. Yeah, it would be nice if an actual admin was tasked with designing these things, but that's not the way it works; we just get to clean up the mess when things explode.

oh fucketyfuckfuckfuck

Idiots! What did they do for a ground test, flip the switch on to see if it lit up, then power it down and declare it good to launch?

Better example

[tomhath]

Actually, NASA had a "file system full" problem on one of the Mars rovers, almost exactly the same problem that Lightsail has. Fortunately they were able to fix it remotely.

Simple....

One word: watchdog

Re:Simple....

[Megane]

Oh, but that's the best part. There apparently is a watchdog, but it only trips after four or five weeks by (presumably unchanged) default, and it's completely independent (rather than being reset regularly by a signal from a properly-operating system). This for a mission that wasn't even supposed to last two weeks. The good news is that the orbit could last for as long as six months with the sail un-deployed.

Re:So they had the same problem....

[ihtoit]

guess what happens when you fill an NT system drive which has a dynamic swap file on it?

Genius.

Houston, I think you've got a problem.

[MMC+Monster]

The best hope may now be that the system spontaneously reboots on its own.

If your best hope is a combination of divine intervention and spontaneous Artificial Intelligence, I think you are royally fucked.

Why have a log file at all?

[sizzzzlerz]

Unless I misunderstood the mission, the payload isn't coming back so having a log file for post-mission review is meaningless. If they want to log anomalies, or commands, or telemetry, why aren't they sending it back? Either a continuous stream or regular or on-command bursts. In either case, there still would be no need to retain it in a file, you simply dump the buffer once its be transmitted and start from zero. Am I missing something?

Re:Why have a log file at all?

I imagine one of the intents of this cubesat was to precisely track the satellite with/without the sail deployed. Having all of the telemetry, which I assume includes some location data, would be necessary to do that. They are a crowdfunded effort so I doubt they have access to a global communications network to receive realtime information so the satellite would have to log the information for transmission when in range of the few communication system(s) that this organization has access to. Sending out telemetry packets every 15 seconds was probably a fail-safe way of getting some information from the cubesat in the even that the stopped processing commands but remained running.

Shoulda built it off a WRT54G...

[jpellino]

they reset spontaneously and could save this mission...

What it is really doing

fsck#

PLEASE MOD UP

[tekrat]

But I can't decide if it should be modded FUNNY or INSIGHTFUL.

Re:PLEASE MOD UP

[pbjones]

sorry, my points ran out yesterday, bugger. How could it be labeled as Troll?

csv?

Even if they needed to keep this data around, I wouldn't have picked CSV as a format. The ASCII overhead is wasting a lot of their 32MB. A binary log would have been a better choice, systemd jokes notwithstanding.

YesYesYES!

Suck on this, you Space Nutter BITCHES! Hooray! Your delusional Space Age fantasies are shattered again! Now cry and weep while I piss all over your tear-streaked zit-ridden faces! NOBODY. IS. GOING. ANYWHERE. EVER!

Can't they just send this?

[liquidghondi]

effective. Power h

Should've used systemd!

Seriously, even IT lets logs rollover. You may not be able to read them easily, but they DO rollover.

Wow + c'mon + wtf

[luis_a_espinal]

I'm not one to go after very complex engineering endeavors that happen to have failures. But some of these things are just so goddamned plain, basic engineering 101 kind of stuff, I shake my head in sadness (sadness because I want these wonderful projects to thrive and win.)

The software controlling the main system board writes corresponding information to a file called beacon.csv. If you're not familiar with CSV files, you can think of them as simplified spreadsheets—in fact, most can be opened with Microsoft Excel. As more beacons are transmitted, the file grows in size. When it reaches 32 megabytes—roughly the size of ten compressed music files—it can crash the flight system."

Eng 101. Resources are not infinite. Didn't anyone thought about cycling logs? Or treat it as a circular buffer? What happened to capacity testing? Or better yet, catastrophe testing as is, what happens when the system runs out of space. This does not look like data that is critical to keep. Critical to capture yes, but not critical to keep. Most on board systems, embedded systems and/or systems with minimal resources use a circular buffer to capture control events for these reasons.

This is not a web site project, but an freaking spaceship. I can see clueless developers doing these kind of mistakes in web/enterprisey systems (I know, I've seen). I couldn't have imagine this on a much more critical type of system... but then we have the Ariane 5 incident.

Unfortunately, the only way to clear that CSV file is to reboot LightSail.

A control system should by default reboot itself and clear its non-critical logs when running out of space, or at worst, keep running without logging the events. This is so trivial to test, did the system and software engineers never saw a use case that capture this scenario.

It can be done remotely, but as anyone who deals with crashing computers understands, remote commands don't always work.

They don't always work if you don't test for them exhaustively... and they are not hard to test... and their continuous testing should be a priority at every release/test cycle. The engineers in this project are far more intelligent that I am, I'm sure of it. But man, this specific problem, I'm like "dude, wtf?"

Paranoid

If I was a paranoid person I would be suspicious that there was nefarious entity working to prevent the use of solar propulsion. How many attempts have there been at launching/testing such systems, 5? And how many of them have failed, been destroyed or deployed incorrectly, 4? The one successful attempt was relatively small (45'x45') and heavy (694 lbs) for a solar sail craft. Even so it achieved an impressive delta-v of 400 m/s.

Brilliant!

[celtic_hackr]

Nothing like adding a filesize check into the save script so you don't fill up your filesystem and crash it. That would have cost them what two lines of code?

That's like building a nuclear weapon with no off switch. Who does that?

Did they christen this spacecraft? Did they name it the USS Eve, perhaps?

ln -s /dev/null beacon.csv

[morgauxo]

ln -s /dev/null beacon.csv

Call tech support....

[macraig]

Okay, so they tried turning it off and back on, but did they check to make sure it's plugged in?

New comic!

I smell a new xkcd comic..

Oh, look at who's behind this debacle

1. Self-important, super militant, ultra snide atheist talking head Bill Nye is the CEO.
2. A female, Barbara Plante, is the "system engineer".

For all your talk, Nye, you sure dropped the ball when it actually mattered, didn't you? Where's your super intelligent science horse shit now? Great job oh-most-high-scientist.
Barbara Plante, shame on you. You just reinforced the stereotype that females can't code worth a shit. Every female engineer on the planet should hate your name right now.

Re:Professional Level FUBAR

Wrong on both posts.

The error was that all of the JPL software ingests data in metric units for force (Newtons). This was clearly defined in the interface control documents.

Lockheed Martin provided the data files with the units of pounds, incorrectly. So the "small forces" were off by a factor of 4.5. This didn't get caught because it wasn't a "many orders of magnitude" error that would cause the navigation calculations to be obviously wrong. The forces involved are a small correction in the equations of motion, and there are other random effects of comparable magnitude.

Nobody checked to make sure that the units were correct: The JPLers assumed it was in metric which it has always been (including previous missions with spacecraft from L-M); LM didn't check either.

The underlying root cause was that this was in the days of Faster Better Cheaper: JPL& L-M offered to do TWO spacecraft for slightly more than the cost of one: such a deal. The problem is that the two missions (Mars Climate Orbiter and Mars Polar Lander) were essentially simultaneous, so the people were split between projects. There's not a huge number of people around who can support this kind of effort, so they were spread thin.

Read the MCO report (it's linked on the Wikipedia page).

Screams

[manu0601]

If it would have been a government-run spacecraft, we could hear screams about wasted money and inefficiency. Had it been foreign-government run, we could here about nation's X decline or lack of experience.

Ha Ha, modern "open source" era coders

This stuff can be found everywhere one finds young programmers raised in the era of "open source" code; too many of these people reach for other people's code and plug it all together like tinker-toys or Lego bricks instead of actually writing their own code. The worst version of this bad behavior is on steroids thanks to thinks like the RaspberryPi: embedding Linux into EVERTHING just because it has a few features you are too lazy to code yourself. When you grab other people's crap and jam it together into a blob to do something, it's far too easy to not notice all the other things that code is also doing.

I'll bet there is NOBODY on that project who has read ALL the source code for what they flew and NOBODY on that project who actually knows how all the code works. Stupid-on-steroids - the modern model of software development.

Fuck up of the century part II

Wow, not this shit again. Non-profit or not wasting money on this stupid Carl Sagan daydream is just plain stupid. They are never going to get it to work just like the african tribes won't be developing nuclear weapons in an instance. They do not have the skills or the money to pull something like this off.

To repeate something that does not work is crazy. Planetary asshats.

this is a symptom of Agile Dev, no QA phase

In Agile, you code up to the release date and ship the code with the idea that you can rollback the code if need be. Code freeze doesn't happen nor does a QA phase. QA people don't even exist in modern agile anymore.

Hoax: taking advantage of people's credulity

[fygment]

This is a perfect scam:

a) come up with a seemingly plausible idea obscured by high tech and/or science;
b) get investors to contribute to seeing a prototype created
c) have the prototype fail for any number of plausible reasons
d) profit
e) repeat until the profits cease to be worth the effort

The solar sail is a theoretically flawed idea, as achievable as perpetual motion. But it is a cool, elegant concept ... and people can be convinced to buy in to it. The best part is, nobody outside the scammers can verify success or failure. Perfect ...

Still bugs ...

[PPH]

... in systemd logrotate?

Is this a high school project?

That's the most basic thing any engineer will have in mind when generating files on any system, what to do when the file grows? What kind of techs would forget about it? This is a very basic mistake for this kind of project

Most likely cause for going silent

Radiation plus Heat/Cold.

You CAN NOT simply use off-the-shelf hardware and expect it to work well in space even in LEO without extensive efforts to deal with radiation and thermal excursions. Radiation generally requires the use of specially designed parts. Thermal requires actual active/passive HVAC designed in and on board. Based on testing I used to do on commercial parts (in comparison to specially design space-grade ones), I'm actually surprised it lasted 2 days. Often we had Intel processors die with seconds to minutes of exposure in our labs under radiation or thermal exposure.

- Former "Rocket Scientist" who specialized in space craft electronics