from Hacker News

How to avoid a BSOD on your 2B dollar spacecraft

by linebeck on 9/25/24, 6:40 PM with 152 comments

  • by linebeck on 9/25/24, 8:48 PM

    Author here: I should clarify the satellite is not running Windows. Instead, it’s running its own custom OS written in C called Flight Software (FSW) specifically designed for the satellite onboard computer.

    Re-reading the post, I see how the title, my analogies, and poor attempts at humor would give the incorrect description of what’s happening with the satellite when it enters safemode. I’ll amend the post soon.

    Thanks for the feedback, I’ll be better next time.

  • by GlenTheMachine on 9/25/24, 8:06 PM

    Thee are a bunch of comments here asking why one would run Windows on a spacecraft.

    I am a spacecraft engineer. I don’t see anything in the linked article indicating that they are actually running Windows - the BSOD claim is tongue-in-cheek, or at least that’s how I read it. I also don’t know of anyone anywhere that runs Windows on a spacecraft, with the exception of laptops used by astronauts. Typically one runs vxWorks, or maybe QNX. Some experimental (high risk, low cost) systems run Linux. Older spacecraft don't run any OS at all, everything is running on bare metal, and that may be true for a handful of current spacecraft as well.

    Windows is used in some places by ground controllers, but these days they tend to be running Linux a lot more often.

  • by pif on 9/26/24, 2:08 PM

  • by jesprenj on 9/25/24, 11:18 PM

    Was the spacecraft from the event described in the article an actual spacecraft in space or a simulation of a space mission on the ground?

  • by PoignardAzur on 9/26/24, 5:56 AM

    > I think what surprised me the most was how nonchalant the response was. We had documented all of our actions, so other people had read what happened and knew something had gone on. I wasn’t expecting any fanfare but we weren’t even debriefed on what happened.

    That's... Concerning. No root cause analysis? Not even an internal one?

  • by rdist on 9/25/24, 8:08 PM

    And here I thought we were going to rehash Crowdstrike ;-)

  • by taspeotis on 9/26/24, 3:36 AM

  • by jwrallie on 9/26/24, 2:33 AM

    I would bet the schedule didn't allow much time to doing subsystem level test with on-board computer, so everyone went to the big test praying for the best.

    That or inexperienced programmers were involved, assuming they were not scared of modifying memory addresses directly.

    As for the safe-mode, if it happened maybe you could say you were randomly injecting errors in the memory during runtime and spacecraft entered safe mode as expected, would not be far off from the truth, just do not mention it was unintended :)

  • by LorenPechtel on 9/26/24, 1:20 AM

    Why is it using memory-mapped stuff in the first place rather than some sort of messaging system that would allow more defensive programming?

  • by joelkevinjones on 9/26/24, 1:27 AM

    As much as I hate writing "getter" functions for referencing global variables, I would when I knew I didn't have the right address yet. Write them first to error out loudly, then when you have the actual addresses replace the error out code.

  • by egberts1 on 9/28/24, 2:37 PM

    You can always run Minix3 which basically keeps on running after a kernel OOPS.

  • by bronlund on 9/26/24, 12:45 PM

    Clickbait. Unlike british missile submarines, they are not using Windows.

  • by farceSpherule on 9/25/24, 8:06 PM

    Or you can avoid contracting with Boeing.

  • by dangoodmanUT on 9/25/24, 8:53 PM

    Step 1: Use linux

  • by sharpshadow on 9/25/24, 7:38 PM

    One must have balls of steel to run windows on a spaceship.