|
Great stuff. Thanks for commenting. 
It's an interesting story. Software crashes like this just get a lot of attention since they are so obviously catastrophic. Other problems occur and people do not hear about them but they happen everywhere in software.
|
|
|
|
|
Like comments on this post? 
|
|
|
|
|
Hmm... the post was edited. There was an entire comment about what had happened. Interesting.
|
|
|
|
|
Proper strong static typing...
If they were using Ada with appropriate data typing (that domain is what Ada was designed for...), F# with 'units of measure' or even C++ with a suitable units library (in which all the checking and overhead is at compile time, not runtime), they'd have been fine...
...or a proper, robust design, which documented the units in use...
NASA are generally very good with the process and design parts of software development, especially when the target is safety critical - maybe this was 'just' an unmanned probe, so the same rigour didn't get applied...
Java, Basic, who cares - it's all a bunch of tree-hugging hippy cr*p
|
|
|
|
|
raddevus wrote: Space probes tend to be both memory and compute limited, so the engineers—just as essentially everyone else in their situation has done—decided to keep track of the units themselves (in their heads, in the comments, and
in the documentation).
While this is true, and one of the reasons for extensive and exhaustive testing of spacecraft software, in the case of Mars Climate Orbiter (as also noted in the original post) :
raddevus wrote: ... root cause for the loss of the MCO spacecraft was the failure to use metric units in the coding of a ground software file...
(My re-bolding)
While not excusing the failure, which was a result of insufficient testing and other related issues, in this case it wasn't due to memory limitations of the on-board computers, or people "keeping track of units in their heads...". Anyway, source code isn't uploaded and compiled on a spacecraft, so type-safety and better languages shouldn't have any impact on the size of the executables.
While I'm sure Stroustrup means well, and intends the use of this failure as a lesson in the advantages of more strongly typed languages and methods, I think he's misrepresenting the actual situation. I'd recommend reading the actual reports on what happened for more details :
Mars Climate Orbiter Failure Board Releases Report which also contains a link to the full, PDF, report.
m (in spacecraft test systems engineer mode  )
Days spent at sea are not deducted from one's alloted span - Phoenician proverb
|
|
|
|
|
Yeah, I'm sure there is much more to it.
I think Stroustrup was just attempting to show an analogy about how programming languages can help us or provide no extra help. Kind of like a hand saw versus a chainsaw.
At times a newbie believes that because they just because he has the newest chainsaw he is a professional.
A person with vast experience can use hand tools and _process_ and do far more than some newbie with a chainsaw. However, when the experienced person with process then begins to use a power tool a leap of an order of magnitude may be made because the person can think at a different level.
Great discussion.
|
|
|
|
|
Reminds me of the Hubble telescope mirror problem. Perkin Elmer was contracted to create the large reflecting mirror for the Hubble telescope, and NASA was not allowed to review the process, visit the factory, nor check off the various milestones. NASA was only allowed to accept delivery when the mirror was complete. Then on delivery, NASA didn’t even do a thorough QA check of the mirror. Unfortunately, the mirror was so badly flawed, that after it was installed and used, everything the telescope saw was blurred. Useless data was collected. NASA had to order another manned mission to fix the problem at a good cost to the American taxpayer.
Thus, it pays to have constant checks and quality reviews by the customer.
|
|
|
|
|
Exactly right. Everything in that report says bad or insufficient systems engineering process (which was encouraged under the Faster, Better, Cheaper mantra). As a result, missions with approximately the same capability are now back to costing three or more times as much.
His quoted cost for the program is ridiculous as well.
(not a spacecraft test system engineer, but have read a great deal on it)
|
|
|
|
|
Nope, nope, nope.
There's no need for a different language. While some languages make certains things easier, in the end language is irrelevant. This team needed 3 things:
1) Correctly written specification and design. Doesn't have to be the Encyclopedia Britanica, but has to cover the major points, e.g., all units are metric.
2) Code review. Other people looking the code to ensure it makes sense.
3) Real testing. "It compiles and it runs" is not testing. Real testing includes validation that the results match the expectation. If this had been done the error would not have made it to production.
Don't get me wrong, I prefer strongly typed languages and IDEs that flag errors and all the goodies of "modern" programming. However, this debacle was caused by process, not programming.
The job of professional developers is not to design applications and write code. Our job is to solve someone else's business problem. Coding is a tiny part of that.
|
|
|
|
|
BryanFazekas wrote: Our job is to solve someone else's business problem. Coding is a tiny part of that.
I agree 100%.
I also really enjoyed your post, however, one thing to keep in mind is that programming languages are something analogous to power tools.
Hand Saw
The person using the hand saw can definitely say he is better off because he is "closer to the wood" and he's been cutting down trees for years like this and everything is good.
Power Drills For Felling Trees
Along comes, newbie with his power drill and says he, "I can fell this tree way faster than you can with my new power tool," and away he goes.
Hand saw guy has his tree down much quicker and better.
Hand-saw guy with knows the newbie is using the wrong tool and laughs.
Grey-beard Tree Feller
Finally, along comes Grey-Beard Tree Feller.
Hand-saw guy is like, "Another idiot with a power tool."
Grey-beard was a hand saw user for many years before chain saws were invented.
Now Grey-beard takes his new chain saw and drops the tree in seconds and hand saw guy says, "well, even idiots get lucky sometimes."
Grey-beard knows that once you understand process, you can use power tools appropriately.
A merge of the best of both worlds.
|
|
|
|
|
Perhaps the USA should just adopt metric like the rest of the world - problem solved. 
|
|
|
|
|
I second the motion. But, the US government has too many other problems to solve.
|
|
|
|
|
Yes ... and now, picture hundreds of "self-driving" cars hurtling at each other ...
(Wifi error)
"(I) am amazed to see myself here rather than there ... now rather than then".
― Blaise Pascal
|
|
|
|
|
The real issue was bad, or woafully understaffed, systems engineering on a program that was underfunded with a process where some documents issued by the managing organization weren't part of the contractual requirements and were directly in conflict of the actual contractual documents. The fact that units were involved is secondary or tertiary. It could have been any other data type that was passed between the two completely independent software organizations that didn't share any top level organizations.
Also that cost is so stupidly and grossly overestimated that the person should be put on charges or at least sued for libel.
Mars '98 Fact Sheet (Orbiter)
[^]
According to this the entire spacecraft development (including managing organization involvement) was $327 million for two spacecraft.
|
|
|
|
|
Didn't Algol68 include unit arithmetic? I don't have any near-complete Algol68 reference at hand, but I have a slight memory that it did.
Then: To claim that Algol68 ever was a widespread language would be a lie. You may question whether it was spread at all...
But then #2: In any modern OO language supporting generics, you could easily implement a "NumberAndUnit" class associating a unit with any number, implementing the appropriate arithmetic for the unit part. I can't claim to have seen any library supporting this, but I'd actually be suprised if none at all are available.
Of course: That won't help the NASA guys as long as they don't use such a library.
Sidetrack/historic: In my first job after completing my studies (long ago!), I worked with at text processing system where the basic unit was an AH, labeled after the initials of the developer who introduced it. One AH was 1/86400 of an inch. For the "modern" point definition, 1/72 of an inch, there was no roundoff errors. For the "traditional" pica points or didot points, the roundoff errors were significantly smaller than the precision of any of the peripherals we handled-
|
|
|
|
|
Member 7989122 wrote: Sidetrack/historic:
That's an interesting story. Thanks for sharing.
|
|
|
|
|
I used to be an aerospace engineer on the Space Shuttle External Tank, and before that the Delta rocket. Our units were always inch, pound (force) and the mass being the unit that gets accelerated at 1 in/sec2 by a force of 1 pound (about 386 pounds (mass)) - and being that I was in structural dynamics, it was important to get that mass correct.
The error here was that some paper-pusher whose job it was to change the parameters screwed up. Of course, it's ridiculous that the USA still uses non-metric units, but U-S-A, U-S-A!
|
|
|
|
|
The old "we have detected faults with your router" scam again.
They don't like it when you say "How did you come in on this number? The traceback says you are in India."
"click".
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
What I find interesting about all of these scammer calls is that they are still obviously making enough money (or whatever) to make it worth their while....still. 
|
|
|
|
|
Wages in India for scammers reading from a cheat sheet are very low: the minimum wage in India is Rs 160 per day - about £1.80, or $2.50 - so a successful scam that raises more than a tenner has paid for the "worker" for the week.
That's assuming they even pay minimum wage: given that what they do is illegal, immoral, and the act of scum I doubt they pay even that much.
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
It is a sad state. When I read the thread topic on the CP home page, I thought to ask you if they had an Indian accent. I was pretty sure the answer would be yes before I came to the thread. 
I am not the one who knocks. I never knock.
In fact, I hate knocking.
|
|
|
|
|
Oh yes! And loads of Indian voices in the background.
All female, so I assume they get paid even less than the men ...
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
In my experience, they are not always female. I'd say it is about 50:50 nowadays.
|
|
|
|
|
Do not trust these wicked impostors. If you have a problem, call me!
... such stuff as dreams are made on
|
|
|
|
|
But ... but ... they have spotted the problem from so far away, with only a crib sheet and a telephone! You haven't even done that! 
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
General 
News 
Suggestion 
Question 
Bug 
Answer 
Joke 
Praise 
Rant 
Admin 
Submit an article or tip
