
NASA Pulls Off 160-Million-Mile Software Patch - akent
http://www.wired.com/wiredenterprise/2012/08/nasa-patch/
======
dmit
Related Google Tech Talk: Debugging Code from 60 Million Miles Away
[https://www.youtube.com/watch?v=_gZK0tW8EhQ&hd=1](https://www.youtube.com/watch?v=_gZK0tW8EhQ&hd=1)

Ron Garret talks about DS1, a project in the 90s where a small team used Lisp
to send an autonomous craft into space in a third of the time and at a
fraction of the cost of previous comparable projects. (Yes, I couldn't have
made up a more HN-friendly story if I tried.)

~~~
ovi256
But did it have paying customers ?

~~~
shiven
Nope. They never figured out the right pricing model for their API :)

------
SwaroopH
Impressive (even more for the geek me) but done before. Only relevant because
of comparison with hellish OTA process for non-Google Android devices.

<https://twitter.com/#!/search/realtime/android%20nasa%20ota>

~~~
noselasd
They can even patch Voyager, now at the edge of our solar system:
<http://www.spaceflightnow.com/news/n1005/11voyager2/>

They also patched the MER rovers many times; This bug caused quite a few
headlines back in the day: <http://www.nasa.gov/offices/oce/llis/1483.html>

~~~
sehugg
I seem to remember a Scientific American article from the 1980s where they
also had to rewrite code around a dead bit in RAM. They've done some pretty
drastic changes since, like using the backup computer to add image compression
on the fly (lots more detail here):
<http://history.nasa.gov/computers/Ch6-2.html>

------
sanarothe
I once nearly 'bricked' my router playing with some custom firmware. That in
itself was terrifying, let alone the prospect of 'bricking the rover.'

~~~
ahelwer
Being responsible for the update would take years off of my life. One slip up
and you've thrown away 2.5 billion dollars.

~~~
sigkill
Sure 2.5 billion dollars is a large sum of money. Imagine how you'd break this
news to the public. You've practically crushed people's hopes and dreams.
"Umm, guys, we just accidentally bricked the rover because of a firmware
upgrade gone rogue". I'd end up in tears if I had done this.

Speaking of firmwares, I'm unable to find out information if they have a dual
bios kind of system where if the boot fails it can recover from the backup
firmware.

------
skrebbel
Wait, they're doing this by _hand_? Production deployments to a computer _on a
different planet_? In the 21st century? If there's one deploy I'd want to
automate the hell of (and test, over a 2 baud network), it's this one.

It's not like these guys never did a remote software update before. So I must
be missing something.

~~~
lisper
It depends on what you my by "doing it by hand." The update process is
"automated" in the sense that it's completely scripted. Every step is known
ahead of time, and has been extensively tested on ground-based duplicates of
the flight hardware. The only aspect of the process that is done "by hand" is
"pushing the big red button" to initiate the next step of the process, and
even this is a very stylized and well rehearsed process. The only reason for
having even this step of the process be manual is so that humans can assess
the situation between steps and satisfy themselves that nothing has gone wrong
with one step before proceeding to the next. That's the real challenge in a
situation like this: your communications link is operating on the hairy edge
of the limits imposed by the laws of physics, so lots of things can go wrong
in production that worked in rehearsal.

~~~
skrebbel
i see! Thanks for the clarification. And, makes a lot of sense.

------
sktrdie
I find it weird that the rover wouldn't have enough storage to hold both the
logics of the landing and the surface mission. I mean, SSDs nowadays can hold
hundreds of gigs and are very small.

Does anybody have more details on that? A complete software update just sounds
like a really risky thing, for something that you have no physical access to.

My opinion is that they probably have really strict protocols from legacy
missions, and since they just work, they're not going to change them.

~~~
jgrahamc
Every time there's a report about Curiosity doing something that overlaps with
software or hardware that we at HN are familiar with comments like this
appear.

The bottom line is: (a) Curiosity was designed 8 years ago so the tech. on
board is old (b) everything that's on board has to be radiation hardened and
(c) NASA are conservative about 'new stuff' because they need it to work (e.g.
the thrusters on the skycrane were derived from the Viking landers).

~~~
angstrom
Now tack on the fact that it has an initial 2 year mission powered by an RTG.
[http://en.wikipedia.org/wiki/Radioisotope_thermoelectric_gen...](http://en.wikipedia.org/wiki/Radioisotope_thermoelectric_generator)

...but not just any RTG, a MMRTG: [http://en.wikipedia.org/wiki/Multi-
Mission_Radioisotope_Ther...](http://en.wikipedia.org/wiki/Multi-
Mission_Radioisotope_Thermoelectric_Generator)

It's able to supply a steady 125 W of power for 14 years, before dropping to
100W. The technology has been used reliably on multiple projects. Based on the
longevity of the previous rovers that have safely made it to Mars it's worth
considering that barring mechanical malfunctions and hardware failures (it has
two main computers) the rover could turn power off to non critical components
after 14 years and continue to run on 100W. It might not be far fetched to
think that this rover could still be running if/when humans arrive in the
2030s.

That's far cooler than what you would get running on the latest and greatest
for convenience.

~~~
felipemnoa
>> the rover could turn power off to non critical components after 14 years
and continue to run on 100W

That constant source is charging a battery. As long as the battery is still
working it would just take longer to charge the battery.

