

Lightsail satellite hangs due to 32Mb CSV file - phpnode
http://www.planetary.org/blogs/jason-davis/2015/20150526-software-glitch-pauses-ls-test.html

======
ColinWright
I'm somewhat bemused by this. It's standard in embedded systems of any type
_always_ to audit every write to file to make sure the file isn't growing too
large. I wonder what sort of vetting this software went through before being
deployed.

Does anyone know more about this project, and the process it went through
before launch?

~~~
kwhitefoot
Me too.

Also, isn't there a watchdog circuit that would reboot if a heartbeat fails? I
haven't worked in embedded controllers for many years but such things used to
be common in embedded systems.

At least Atmel processors have them built in: [http://www.embedds.com/using-
watchdog-timer-in-your-projects...](http://www.embedds.com/using-watchdog-
timer-in-your-projects/)

I realize that the Lightsail is a bit more complicated but the principle
remains valid.

------
techdragon
You build a spacecraft without a watchdog. You'll soon be regretting building
a spacecraft without a watchdog.

Systems engineering 101 stuff, the watchdog is a fail safe on the software
system. For those unfamiliar with a watchdog, think of it as STONITH for a
single mode system, you design it with two copies of the operating system on
two drives or partitions and then if the watchdog doesn't get a response from
the computer it forces hard reboot and the system reboots using drive 2, and
you send instructions to it to to check drive 1 or wipe it or whatever you
want.

------
breakingcups
I would've assumed a completely seperate system listening on a different
frequency just to reboot the system would be in place in a system as complex
as this one.

