[Namaste-dev] Re: Software Defined Radio - Mars Lander daily softwarechanges

Assi Friedman assi at san.rr.com
Wed Jun 11 21:15:09 PDT 2008


Grayg,
There is no standard fault mitigation approach to spacecraft design.
Spacecraft have operational modes that are designed based on the specific
concept of operations.  Most spacecraft have a survival mode that is
commonly referred to as "safe mode" or "safe hold".  There is no standard on
what may trigger this mode.  It could be loss of attitude pointing, power
threshold, SEFI, loss of communications, and more.  The most important thing
is to have a comprehensive multi-tiered fault mitigation strategy.
I believe the Namaste effort focuses on the ground segment only, leaving the
fault mitigation to the space segment team.  Also, I believe that in this
case, we won't need much fault mitigation since the payload will be hosted
by a bus that has its own fault mitigation.  Regardless, it is safe to
assume that the space segment payload will have watchdog(s) and a command
link for software uploads & state of health telemetry.  Also, spacecraft
systems are coded in whatever the programmers fathom, even though I am not
sure I ever heard of Logo based spacecraft systems.
Assi kk7kx/4x1kx

gam ani yachol lekashkev besafot lo mukarot

-----Original Message-----
From: namaste-dev-bounces at amsat.org [mailto:namaste-dev-bounces at amsat.org]
On Behalf Of grayg ralphsnyder
Sent: Tuesday, June 10, 2008 8:22 PM
To: namaste-dev
Subject: [Namaste-dev] Software Defined Radio - Mars Lander daily
softwarechanges

I just read an article about the Mars Lander mission which helped me 
think about some things :

The data relay satellite orbiting Mars has a 'safe mode' that it goes 
into when some fault occurs or by other causes such as excessive 
radiation.  It stops what is was doing until it receives new 
instructions.  Do all satellites have this feature ?  I think it would 
be a good idea for us especially since the radio software may be updated 
for improvements, features, etc. and there may be a point where things 
'crash' and some kind of 'watch dog timer' will be needed to 'reset' the 
satellite systems.  The safe mode program would be encoded in hardware 
so the satellite could always be communicated with / through in its 
'base mode.'  If during some disaster-emergency situation the satellite 
got into this 'base mode', the ground stations should be able to fall 
back to their 'base operation mode.'  With this at least the satellite 
would remain useful and not frustrate the system's users.  There would 
have to be some mechanisms to allow the ground stations to know which 
mode the satellite was operating in - or what 'level' of software it was 
at - related to features, etc.

NASA's team of about 30 engineering and programmers change between 1000 
and 1500 lines of code each day.  This is for fine tuning the lander's 
operation to help make sure every minute and action give valuable 
results.  How well the collaborative effort works considering the 
requirements to 'get it right' each day/code change is interesting.  
Collaborative projects like Mozilla and Open Office, for example, show 
that good results can be gotten.  Of course, the repercussions for a 
screw up with the Mars Lander can be more of a disaster ... or is the 
'how bad is the disaster' in the eye of the beholder ?  So with our 
project, that is going to take a bit of management work, coordination 
and executive decision making.  What kind of team will it take ?  Will 
the entire team / labor to get this done be voluntarily or will part of 
it be paid by 'investors, etc.' ?

And "... the developers, who used the C programming language to build 
their own software for a Linux operating system."  What kind of program 
language / etc is typically used for a satellite, in particular one of 
the kind we are looking at ?

grayg - KC8SVT



More information about the Namaste-dev mailing list