1. 13
  1.  

  2. 10

    A question we’ve all been wondering, which unfortunately went unanswered:

    What’s it take to get the display software certified? It’s an electron application, right? Most people in aerospace that I know would balk at the idea of allowing a garbage collected runtime in something like a real time aircraft display, let alone bundling a full browser into the application. What’s the difference here? Is a display in a rocket not necessary for crew safety in lieu of some other backup? – /u/JameslsaacNeutron

    1. 8

      The astronauts are cargo and aren’t required for flight - Dragons have autonomously resupplied the ISS many times - so the screens and their associated stuff are not in the loop in any meaningful sense. This has been a tension in the astronaut corps since the earliest days of spaceflight (Yeager famously described astronauts as “Spam in a can”).

      Where astronauts are actually pilots (not technologically necessary but via political victory, such as with the Space Shuttle) the interface is completely different - no touch screens to be seen (and yes they were an option even back then) because they’re extremely unwise for safety-critical controls and interfaces. The level of autonomy in the dragon means that most mental models we have about ‘pilots’ ‘flying’ the spaceship are not relevant, and the displays are a retrofit on top of the existing hardware and are not deeply embedded into the control system. Much like your HTML monitoring dashboard for your server farm.

      Mission control on the ground is as much in the loop as the astronauts, and better placed to deal with most issues that would arise that you might thinking would be an occasion for astronauts to do manual interventions. And all that is quite well debugged by now.

      Source: friends on the inside.

      1. 1

        Did you ever read about this disaster? If you didn’t have friends on the inside, I would say your post is likely accurate based solely on the linked story. Touch Screens are awful interfaces if you actually want people in control.

      2. 5

        I cannot imagine it is certified as safe software. So it must be properly isolated and unnecessary. Isolation is easy. Unnecessary in terms of input comes from the fact that there are also physical buttons. What is left open for me is the output: How can you be confident that the information shown to the astronauts is correct with a big block of unsafe software in between? Is there redundancy somewhere?

        1. 1

          In addition to what balloonatic said about the astronauts being more like cargo these days, I suspect this is a key piece of the answer as well.

          You’ll also notice in certain images too that there still exist some hardware buttons in the capsule right below the displays; this is also ensure that in case the displays are unusable for whatever reason, the astronauts can still use hardware buttons to initiate critical actions, such as responding to a fire in the cabin. - Wendy

        2. 2

          So, tons of C++. But I didn’t see which compiler they use and what their plans are for certifying future updates for something which failures are so expensive in life and money.

          1. 0

            Let’s be real here. One exploding rocket costs 3 lives. Maybe more, maybe less.

            If one wishes to save lives and get value for money, there are much much much better places to spend. Given how so many die for so much less, when they don’t have to.

            1. 7

              The cost to train those three astronauts is on the order of 50 million each.

              1. 1

                So the real question is how much spaghetti? Is McCabe enforced in space? Though on many levels I have a hard time believing that the code in my Tesla’s are compliant.

                I see a lot of projects these days with complexity exceeding 89. These concepts exist for a reason, both readability and correct output. This is actually a driving force in my concern of my own infrastructure. The pathway through the code that is possible? I struggle to debug and the only way to correct it? Write it myself sanely. I’m a hardass though especially since I’m building a life support system for plants. Zero tolerance for error and catastrophic losses I’m blink of eye if incorrect response.

                So I ask, why is it acceptable to explode something? Ohh it’s a government contract so it’s not a big deal? They just get money anyway? That’s the only valid response I can find.