NASA Avoids "Happy New Year" On Shuttle

ClickOnThis noted that NASA is actually avoiding a Shuttle in Space over New Years. It says "The worry is that shuttle computers aren't designed to make the change from the 365th day of the old year to the first day of the new year while in flight. NASA has never had a shuttle in space December 31 or January 1. 'We've just never had the computers up and going when we've transitioned from one year to another,' said Discovery astronaut Joan Higginbotham. 'We're not really sure how they're going to operate.'" You may notice some deja vu while reading this story. Sorry. Not much happens on Sundays :)

So....

they have a Y2* bug?

Thank you, thank you, I will be here all week. Be sure to check out our Safari bingo!

Re:

There may be problems introduced into navigation systems by setting the clocks wrong.

However: shouldn't they be able to test this in simulators?

Nasa shuttle software designed by Taco ;)

In reality isn't this a design limitation rather than a bug in the implementation?

Re:

Pfft, 365 days should be enough for anyone.

Re:

In reality isn't this a design limitation rather than a bug in the implementation?

It is. It was a deliberate choice to do things this way when the system was conceived of. Ignore the retards who keep calling this a "bug".

Every last little detail of sp

Dupe

Verdict from last time:

No they can't run linux, linux is not something you use to fly a shuttle with people in it, can't support the hardware and it was written 30 years ago.

And no, it's not easy to fix bugs in a piece of software like this.

Re:Dupe

Shhhh!! You will destroy our smug sense of superiority with your facts!

Structured code

"And no, it's not easy to fix bugs in a piece of software like this."

It is if the code is structured properly. All clock changing routine should be in one chunk, so that only one change need be make, and if you make one change, it affects the entire pr

Re:

I guess the problem is not changing the clock, but that something might go wrong if they do.

I don't thing all the software on the shuttle is one piece of code anyway.

Re:

What if some other piece of the code has a dependency on the way this code works now? You go and change it and it breaks something else. Even if the fix is simple, there's not a chance in hell it will pass NASA's QA before Dec 31.

Re:Structured code

The problem has nothing to do with how the code is structured.

In fact, they're not sure there's a problem changinge the date at all.

They're worried that something might happen. Some Windows programs, for example, use the function GetTickCount() for timing - menu delays, simple animation, etc. GetTickCount() returns a DWORD value representing the number of milliseconds since the system was booted, and a common usage is:

if (GetTickCount() > dwOldTickCount + 50) {

//do something, wait 50 milliseconds, do it again

dwOldTickCount = GetTickCount();

}

However, if GetTickCount() overflows and wraps to 0 (how quickly this happens depends on the processor architecture), it could be another month (32-bit DWORDS means 2^32 milliseconds is ~ 49.7 days) before GetTickCount() is "more" than dwOldTickCount again. Your event that was supposed to happen every 50 milliseconds is on indefefinate hiatus.

Granted, there are many better and different ways to write event code in Windows - it's kinda what the API was made for - and the space shuttle sure as hell doesn't use the Windows API, but that's not the point. It's little timing bugs like these that could pop up even in code that's been reused and debugged since God knows when.

So, since there's no reason whatsoever that they have to fly on New Year's, why risk the lives of astronauts and an expensive shuttle? I wouldn't have that much faith in some '70s programms usage of the carry flag.

It's not a problem that the "clock changing routine" that is probably some trivial count-on-one-hand number of machine language instructions is spread all over creation like a clown guts over the walls of my living room - it's that NASA doesn't want any glitches to happen in any procedure that uses the system clock like the Windows API example above. Which I'm guessing is pretty close to 99 and a half point two percent of their code.

Re:

if (GetTickCount() > dwOldTickCount + 50) { //do something, wait 50 milliseconds, do it again dwOldTickCount = GetTickCount(); } You found the slashdot comments overflow bug!

Re:

http://flightlinux.gsfc.nasa.gov/ [nasa.gov] It seems indicated that they do indeed run Linux.

Subscribe to Slashdot and see the next dupe early!

Computer Date Glitch May Limit Next Shuttle Launch [slashdot.org] - exchange Reuters article for CNN article.

Re:

I thought the "computer date glitch" was when you meet some hot little 20-something on match.com but she turns out to be an overweight 45 year old named "Bruno"

because it's too damned hard to ....

...sit in one on the ground and have it turned on that night. What the hell is wrong with NASA? They dont have any shuttles sitting where they can have some CS guys sitting in it over the new years event to see what happens?

That is absolutely insane that

Re:

Freakin, spin the clock ahead to Dec 31, 2999 and see what happens.

Re:because it's too damned hard to ....

sit in one on the ground and have it turned on that night.

I agree with you but it's not even that hard to do. I mean, they should have test cases and simulation already to test the software, you'd think they could devote some of their time to have someone simply set all the clocks on all the hardware for the time of that night's transition ... or point the software at an NTP server and set that to the time it transitions.

No need to make some poor souls work on New Years ...

You really shouldn't even need to sit one on the ground given you've got thorough enough testing and integration set up. I would certainly hope they do. If there's ever been a time to actually follow the book on testing, it's when human lives hang in the balance while the software's in action (pacemakers, nuclear power plants, etc).

Re:

you'd think they could devote some of their time to have someone simply set all the clocks on all the hardware for the time of that night's transition

This requires resources (time, money, and effort.) A lot of federal agencies, NASA included, don't have

Re:because it's too damned hard to ....

It's probably a little harder than you think. If the space shuttle were MS Notepad, your idea would probably work without a hitch. We'd start it up, wait for the new year to roll over, and then test to see if we could still type and a save and open documents. Test done.

The space shuttle is monumentally complicated. It's controlled by multiple computers. Test cases aren't just typing some stuff in and clicking on a few menus. The computers are hooked up to instruments and relays and motor controllers, and all of that would probably have to be convincingly "faked" for the test to be rigorous.

Re:

I don't think it's as simple as the whole system crashing when passing new year. More like if some course correction rocket is fired a millisecond before midnight, and is never turned off.

Re:

"course correction rocket"

That would be a maneuvering thruster. Sorry for sloppy writing.

Like, shouldn't they have tested this years ago?

What would it have taken them to run on the ground with the computer set to December 31st and see what happens?

The second test would be for a leap year. February 29

The last test for December 31st on a leap year. Set the clock to December 30th and then le

Re:Like, shouldn't they have tested this years ago

My guess is the systems are based upon days - ie the mission is 14 days long, if the day counter rolls backwards as others have suggested passing a negative delta into certain functions could fuck it up and just testing one day either side would not necess

Re:Like, shouldn't they have tested this years ago

They could have tested this on the ground, but then again the /. editors could have checked that this news story hadn't already been posted about. I mean cut them some slack, they're only human.

Re:Like, shouldn't they have tested this years ago

Actaully they should have just done this as Day 1, Day 2, Day 3... Since a shuttle mission is ALWAYS less than 1 year. Then a simple offset from base date is all that was needed.

That is 70's tech, when the shuttle's code was written in the first place.

Re:Like, shouldn't they have tested this years ago

It's not like they even have to wait for new years. I mean, they can set the date on the thing right? They could go find out right now.

Re:Like, shouldn't they have tested this years ago

I'm sure they have. What they haven't done and can't do is test every possible combination of inputs and outputs of the system in ground testing. In the words of Mr. Rumsfeld, it isn't the known knowns, or the known unknowns, but the unknown unknowns tha

When am I?

1999 called, and it wants its computer problems back.

Re:

1995 called, and it wants its slang back.

Wait, so this means that...

... if you've got one of those pens that work in space, you can't use them to write any time on New Years Day?

In 25 years of Shuttle Operations

In 25 years of Shuttle Operations, NASA has never had a real shuttle computer or simulator run over the transition to a New Year? Is this a Government beuracracy thing (e.g. Everyone on Holiday?).

I find this particularly difficult to believe.

I dub thee...

I dub thee the "Y++ bug", sir software defect.

I've worked for NASA...

...and I can tell you NASA is far from perfect. This is no different from any other organization, governmental or otherwise. I do have a certain empathy for them now though, because working there does give you a certain insight into why they do things the way they do. Given their limited resources, it's amazing how successful they are, most of the time.

Considering that we give NASA less [nasa.gov] than we give the National Park Service [nps.gov], it's utterly dumbfoundingly breathtaking what they are able to accomplish.

It also doesn't hurt that the shuttle software engineers are a totally different breed. Or more to the point, the way they write software is totally different. This is a good writeup about why. [fastcompany.com]

Not again...

To paraphrase the a late Romulan Senator...

It's a DUUUUPE.

So, to forestall any of the previous idiotic comments;

• yes, NASA has known of this for a while;
• it's considered a limitation, not a bug;
• no, none of your two second psuedo code hacks are of any value or insight,
• because the ~450,000 lines of operational software is written for 0 bugs and in HAL/S (so thanks for the quick C++ hacks, they are useless),
• calendar math is trickier than it looks; many date libs are replete with hacks and magic numbers
• you are not a better programmer than the guys and gals who write this stuff [fastcompany.com], and Lockheed has quite a bit of experience [wikipedia.org] in doing this stuff.

Oh, and for the most ridiculous of stuff: Linux is not an option for critical shuttle systems; it is not a reliable RTOS - when you are orbiting at 18,000mph, a 1 second error puts you miles off course, though Debian was used at least once in monitoring an onboard experiment.

Can we all move on?

Does the date really matter?

Set the computers on the shuttle and on the ground for like, May. I can't imagine why they would need the actual date as long as they agree on what it is.
 
Logs will be screwey? Try sed.

Say What?!

When not designed by an idiot, a system clock is a linear device that measures the elapsed time since some reference "moment in time". It doesn't know that it's Thanksgiving, New Years, or any other socially significant but otherwise irrelevant date. It has sufficient resolution to measure the smallest interval of interest and sufficient range to outlive the system.

If the shuttle system clocks use year, month, day, etc., there's a lot that should be done, not the least of which is finding whoever made the design decision and take him out to a public place where thousands of engineers and programmers will point at him and laugh.

Re:Simple!

How many places would you have to put that code in and could you be sure it will work?
How do you know the leapyear code works?
Wouldn't your code have to do a year++ line?
Does it matter which direction they are travelling, is it not possible to technically flipflop between one year and the next based on where you are flying over?
What will happen to systems if the day variable is less than the previously stored one, will it cause the ship to flip out and attempt a burn?

Too many factors, nasa is right at the moment.

Re:

Does it matter which direction they are travelling, is it not possible to technically flipflop between one year and the next based on where you are flying over?

I do not know, but I would assume the mission time is always the same time zone. Possibly GMT

Re:Simple!

if ($day >= 365 && !$leapyear) {
$day = 1;
}
 

How do you know the leapyear code works?

It doesn't, in the sample provided anyway. If $leapyear is true, $day never gets set back to one...

In any case, they already need to contend with uneven numbers of days in each of the various months anyway, and have to contend with leapyears every February 29th. So they're already (successfully) dealing with incrementing days, and months. I fail to see how they can't cope with years as well... C'mon, this is NASA and it's not the 1970's any more.

Once space travel approaches the speed of light I'll start to buy excuses about the difficulties of tracking time. Until then, sorry - No Sale.

Timestamps

``Does it matter which direction they are travelling, is it not possible to technically flipflop between one year and the next based on where you are flying over?
What will happen to systems if the day variable is less than the previously stored one, will i

Re:Simple!

Too many factors, nasa is right at the moment.

I am concerned that you think this issue is really a big problem. I am very worried if NASA thinks this is a big problem too - especially after all these years. While you don't want to underestimate potential problems like this, handling something as trivial as a date change is hardly 'rocket science' by NASA standards. Banks, financial institutions, air traffic control and military and emergency services systems handle this sort of thing just fine.

The reality is that decent testing procedures make issues like this routine to handle, and of course you set out a documented roll back procedure if something goes wrong (and list post-change checks to perform to see if something did go wrong or not). NASA have the ability to easily replicate the conditions for a test like this on the ground. If you didn't test a scenario like this on the ground and it was really a problem, there is no reason why it couldn't just as easily seem to work fine, but then only cause problems once the systems were up in the air.

I really can't believe the justification for not doing missions over Christmas and New Year is fear of a potential technical problem, even if it is a quote from Joan Higginbotham (who is evidently very experienced and ought to know a lot more about than this than I do). I can't see any reason why they couldn't easily have tested this on the ground (and would be surprised if they hadn't tested this sort of thing as part of Y2K compliance evaluations).

I am inclined to think the real reason they don't like doing missions over the Christmas period has a lot more to with culture and staffing issues (what with everyone bound to want time off), rather than them being worried their code is that much shonkier than the software that powers our electricity grids, phone lines, air traffic control and avionics systems that all run happily over the New Year period.

I suppose another possibility is that NASA is tangled up in bureaucracy and is so risk averse now that they feel they can't do something like this without a great deal of highly formalized testing - which they don't have the budget to do.

I once had the honour of speaking briefly to an astronaut from space on Skylab 4 (he is one of NASA's ASF speakers I think, I have is details somewhere - I think it was either Gerald Carr or Edward Gibson but I couldn't be 100% certain) and I ask him a question relating to when, in his opinion, we might realistically expect to see a manned mission to Mars and where, back in the 70's, he had expected us to be now in 2001 (this was in the November after 9/11).

As I recall, he said he had expected us be on Mars already and he seemed almost annoyed and was just barely perceptibly emotional that this wasn't the case (I got the impression he response made the NASA PR representative near by unconformable because they started fidgeting). While trying to avoid being insensitive I asked him why he thought we weren't there yet, and - after pausing briefly - he said the primary reason was a lack of investment and a lack of political will, he was quite emphatic on insisting that he thought we absolutely had the ability to undertake a manned mission, if their was enough political will and sufficient investment was made.

I'd never really thought about it before, but the state of the current current space programme must be a big disappointment for those who did so much pioneering work in the 60's and 70's. We have greatly superior technology and there is plenty of money flowing around elsewhere but NASA only seem to be able to scrape by, keeping things ticking over (not that they arn't trying - stuff like the SRB separation video, the NASA TV podcast and the website are all good things IMO).

Isn't that their purpose?

What will happen to systems if the day variable is less than the previously stored one, will it cause the ship to flip out and attempt a burn?

The purpose of a space shuttle is to flip out and burn people. These rockets are so crazy and awesome that they f

Re:

Just like this quick fix [slashdot.org] huh?

Hope you guys never program anything I drive/fly!

Re:

actually not that simple more like if ($day > 365 && $leapyear = 0){ $thisday = $day - 365 }elsif($day > 366 && $leapyear = 1){ $thisday = $day - 366 }else{ $thisday = $day } Your code has every day of any year that is not the first

Now try that in assembler

Given the vintage of the Shuttle computers I suspect that they are programmed in assembler. There are all kinds of possible issues; what makes you think that the internal representation of time is anything that involves days, or how dates received from outside are translated?

All right, I realise you were trying to be funny but it is a serious point. Progress is systems design is so rapid that stuff from the 70s and 80s is like something from another world - when the Shuttle software was being written, I was working on a reasonably state of the art system in which every critical function had to be written in assembler and the compiler output had to be hand edited - even after we had upgraded the CPU specification to the point that the EMP people were complaining that the only components on the CPU board that they had in their library were the resistors.

Getting really philosophical for a moment, how about this for a sobering thought? We still have the materials and skills to maintain medieval cathedrals. We could probably, without too much trouble, crew and maintain an 18th century ship. We can easily maintain a 19th century railroad engine. We still have early 20th century motor ships in service. We can (with difficulty) keep aircraft from WW2 flying. But keeping a 1980s reusable spacecraft going is extremely difficult, and a 10 year old mobile phone is about as much use as a chocolate teapot.

Stupid post

Sorry about that stupid post. Yes of course the Shuttle computers are programmed in HAL and in fact I knew that, if I only had woken up my older brain cells.

Well, We DO Know...

...what would happen if the Shuttle is aloft during the year change. A lot of NASA employees have to work the normal shuttle work schedule, and miss their New Years parties, having probably just missed Christmas with their families.

Re:

Even more unbelievable: they can't just set the Shuttle computers' date forward to 31 December 2006 and see what happens.

Re:

``NASA has a date/time bug?''

No. They're just not assuming they don't.