Forgot your password?
typodupeerror
Space

Software Bug Causes Soyuz To Land Way Off 573

Posted by timothy
from the in-post-soviet-russia dept.
howhardcanitbetocrea writes "A mysterious software fault in the new guidance computer of the Soyuz TMA-1 spacecraft was the cause of the high-anxiety off-course landing over the weekend, according to NASA sources.' Which is why I will never trust the Strategic Defence Initiative - the star wars project. It only takes one line of mistyped code in what will always be a beta release."
This discussion has been archived. No new comments can be posted.

Software Bug Causes Soyuz To Land Way Off

Comments Filter:
  • Why single out SDI? (Score:5, Informative)

    by 1984 (56406) on Monday May 05, 2003 @09:57PM (#5887400)
    Which is why I will never trust the Strategic Defence Initiative - the star wars project.

    Or any software. You might want to consider the software all the weapons systems that actually exist first, or anything in a safety-related environment. Take a look at Risks Digest [ncl.ac.uk].

  • by Scoria (264473) * <slashmail@@@initialized...org> on Monday May 05, 2003 @10:22PM (#5887604) Homepage
    Yakov Smirnoff [yakov.com], a Russian comedian, established this joke as a portion of his routine:

    "In America, you find the party. In Soviet Russia, the Party finds you."
  • by Mr.Happy3050 (573052) on Monday May 05, 2003 @10:24PM (#5887619)
    Not really to nit-pick, but the current plan for SDI does not involve "lasers." The curren plan is to fire a missle at the incoming nuclear delivery system. So instead of a laser frying your house, you have to worry about a missle. Basically, the anti-missle missle will level your house and then the nuke will level the rubble that was your house.
  • by Enry (630) <(enry) (at) (wayga.net)> on Monday May 05, 2003 @10:28PM (#5887647) Journal
    Calling a fault a bug is historical.

    First computer bug [navy.mil]. You will need to scroll down to the bottom to see the it. The rest of the page talks about Grace Hopper, who helped coin the phrase.

  • by Maimun (631984) on Monday May 05, 2003 @10:48PM (#5887784)
    Nothing is perfect, of course, but after the destruction of Columbia in Feb, many were pointing out how well does the simpler design of the Soyuz capsule work, as opposed to the too-complicated shuttle.

    Well, not always. In the 70's (or early 80's ... I think the 70's) all of the Eastern block countries sent their cosmonauts to the Salyut space station (that was before Mir). The Bulgarian cosmonaut Georgi Ivanov was very close to having a deadly accident because of the Soyuz. They could not dock for some reason, spent about 24h flying by the Salyut, and finally had to re-enter using auxiliary engines, and having precisely one try to fire them. They got lucky here, the engines worked and they entered the atmosphere in so called "ballistic trajectory" (how can it be non-ballistic?), with 9-10G overload.

    I forgot to mention, there were two of them, the Russian Nikolay Rukavishnikov was the commander of the mission, G. Ivanov was the second guy.

    This spring, several weeks after Columbia broke apart, there was an interview with G. Ivanov in a Bulgarian newspaper online, when he recalled how he himself was close to having a fatal accident back then. The reason was a malfunctioning fuel pump of their Soyuz.

  • Explanation (Score:4, Informative)

    by yerricde (125198) on Monday May 05, 2003 @10:55PM (#5887832) Homepage Journal

    I'm confused.

    In Soviet Russia, joke explanation reads YOU! [slashdot.org]

  • Funny That! (Score:2, Informative)

    by Rouslan (671233) on Monday May 05, 2003 @11:07PM (#5887901)
    It's funny to notice, that in Russian newspapers the reason for this lending trouble is stated as "the American cosmonaut pushed the wrong button so the capsule started acting up..." Obviously the guy did not receive any previous training in landing procedures on this capsule, so he pushed the first familiar button, I guess. Again, interesting why they say one thing in Russia and completely different thing here??? Any ideas???
  • by SnakeStu (60546) on Monday May 05, 2003 @11:14PM (#5887947) Homepage
    There's a substantial difference between software that, when it crashes or misbehaves, mildly inconveniences you, and software that, when it crashes or misbehaves, results in the deaths of thousands or millions of people. There's a perhaps more important difference between software that has little or no political effect and software that can lead to an escalation of an arms race and just by being written could result in the deaths of millios of people.

    Trusting the software of National Missile Defense (NMD, what used to be called SDI/"Star Wars") is fundamentally different from trusting software that Joe/Jane Public generally has access to. Even accepting that the software is written is in an entirely different realm than accepting the presence of, say, Windows or GNU/Linux or Grand Theft Auto or WordPerfect or RotoTexter or...

    Of course, there's more reading [abolishnukes.com] (and charts, etc.) about NMD (and related topics) for those who are so inclined, without going too far astray from the topic here.

  • by nihilogos (87025) on Monday May 05, 2003 @11:22PM (#5887997)
    I believe most critical software like this is formally verified. I know nothing about formal verification other than the basic idea which is to mathematically "prove" that software will work as intended.

  • Not a bug (Score:5, Informative)

    by Anonymous Coward on Monday May 05, 2003 @11:26PM (#5888022)
    Actually, they don't know if it was a software bug. At this point that is pure (though somewhat educated) speculation.

    The only thing known for certain, is that the backup guidance system took over and landed the craft safely.

    It is possible that pilot error caused the switch to backup, or mechanical failure, or a software design error, or a software bug.
  • by Hentai (165906) on Monday May 05, 2003 @11:29PM (#5888042) Homepage Journal
    In this context, "ballistic" probably means "unpowered". A ballistic trajectory is a trajectory acted on only by gravitational forces - as opposed to aerodynamic or self-motive forces.
  • Re:Great... (Score:4, Informative)

    by sean23007 (143364) on Monday May 05, 2003 @11:31PM (#5888055) Homepage Journal
    From the Moscow Times:
    The Energia engineer noted that one of the astronauts "pushed a wrong button" while the capsule was still in orbit, but he insisted that this could not have affected the descent. He said Mission Control noticed the error and corrected it before it could have done any damage.
    So it really wasn't the astronaut's fault, at least according to the Russians.
  • by ColaMan (37550) on Monday May 05, 2003 @11:52PM (#5888186) Homepage Journal
    They build them strong - snipped from an entry for soyuz 5 :

    "Volynov remained behind for what was undoubtedly the most unbelievable re-entry ever survived. The PAO service module of the Soyuz failed to separate after retrofire. While this had occurred on various Vostok and Voskhod flights, and on one Mercury flight, it was a much more serious problem for Volynov, where the module was much larger than a small retropack. Furthermore, once it started reaching the tendrils of the atmosphere, the combined spacecraft sought the most aerodynamically stable position - nose forward, with the heavy descent module with its light metal entry hatch at the front, the less dense service module with its flared base to the back. Volynov at once appraised the situation and considered all possibilities and realised that there was nothing he could really do.

    The spacecraft was re-entering air-lock forward and with every minute the G forces increased. Volynov did his duty with all of his strength but this became increasingly difficult since he was hanging in the straps of his seat with the G forces assailing him in the opposite direction from what planned. Soon a strong smell penetrated the cabin - the rubber gaskets of the hermetic seal of the hatch were burning. The hatch had a light covering of heat protective resins, but at the last moment these could not hold out and the vaporised into fumes that immediately spread throughout the cabin. Volynov could remain conscious for only a few seconds after this.

    He remained alive when a miracle occurred - a miracle for which he could thank the designers who had included a strong titanium frame which helped the airlock hold out against the onslaught of the superheated plasma. The PAO service module finally separated from the SA re-entry vehicle. The capsule turned around to an aerodynamically stable position at hypersonic speed and the heat shield finally took the brunt of the heating as designed. The spacecraft continued on a 9 G ballistic trajectory. The damage to the capsule resulted in a failure of the soft-landing rockets. The landing was harder than usual and Volynov broke his teeth. The capsule was recovered 2 km SW of Kustani, far short of its aim point, on January 18, 1969 at 07:58 GMT. It would be seven years until Volynov flew again, on Soyuz 21. "
  • by budgenator (254554) on Monday May 05, 2003 @11:55PM (#5888209) Journal
    By the way, how can a chip in your car make the engine blow up?
    1. shut off electric fan for radiator.
    2. run engine excessively lean to over heat
    3. leave transmition in first gear
    4. run engine at 9,000 rpm's
    5. continue until engine goes boom crunch, bang bang bang and the connecting rods come out the side of the engine block, and the crankshaft falls on to the pavement.

    Dave?, What are you doing Dave?, you're not mad at me are you Dave? No HAL I'm not mad at you
  • by njchick (611256) on Tuesday May 06, 2003 @12:12AM (#5888287) Journal
    Nice troll, but I'll bite.

    Microsoft software doesn't not put your life in any danger, nor does it subject your body to extra g, unless you are stupid enough to use inadequate software when somebody's life and health are at risk.

    Most computer users don't get anything close to the training received by astronauts. It would be incredibly expensive to train secretaries for years. Neither is PC designed for reliability - it's designed to be faster than a typewriter and cheaper than a spaceship.

    Microsoft has demonstrated their ability to make money from the fact that most computer users have no previous computer experience, as well from the tolerance of the US government towards monopolies, all lawsuits notwithstanding. Microsoft may not be hiring the best programmers, but they have been so far quite good at creating value for the shareholders, and that's what they are obliged to do by law.

    If Microsoft software is inadequate for you, don't use it. If you don't like Microsoft developers, go work for another company and make a better product. If Microsoft competes with you unfairly, go to the court of law or to your elected representatives.

  • by FredThompson (183335) <<moc.gnirpsdnim> <ta> <nospmohtderf>> on Tuesday May 06, 2003 @12:26AM (#5888347)
    Sigh...ok...here's how I know.

    I've been a missile launch officer and worked on design of these systems while stationed at an agency that Hollywood seems to think is a bunch of hotshot secret agents performing martial arts moves Bruce Lee couldn't have perfected.

    The 6 sigma (or whatever it is) analysis that goes into Space Shuttle stuff doesn't compare to the level of analysis/oversight for these types of systems.

    Major weapons systems include, at least in the U.S. military, design elements commonly referred to as positive control and assurance. Well, similar terms depending on the weapons system.

    These are to make sure the people/systems issuing a comand are the proper ones and also that what is commanded happens.

    There are so many layers of hardware and procedure involving split knowledge, time-sensitive authorization, and configuration compliance that it is nigh impossible for any major system to be activated improperly or on a whim.

    A LOT of thought and attention goes into these systems. Real Genius, War Games, Top Gun, Spies Like Us, etc. were fictional movies. Those don't represent the way things really are any more than Alias shows what the CIA and NSA are really like.

    Sub-systems are tested for everything, just as they are for other major endeavors like a new car design.

    There certainly comes a time of first use for any system. ALL our weapons systems are thoroughly tested before they're actually used. The missiles whose keys I controlled as a laungh officer were the same type that were test-launched from Vandenberg AFB a number of times. Had we ever launched one directly at some Soviet base to see if it would really work? No. Does that mean it wouldn't? No.

    The basic premise that because something hasn't been done it is inherently impossible to predict what will happen just doesn't make sense. Every day the overwhelming majority of things you do have never happened before in the histoyr of human existance. (You've never put that pen to that piece of paper in exactly that manner, etc.)

    Having said all of that, I agree that ICBMs and, to a lesser extent, SLBMs are not the most likely form of attack. A space-based system DOES, however, provide a focussed developmental environment for a huge number of technologies that would be very helpful for any kind of strategic interception.

    Don't forget, the race to put a man on the moon didn't yield any direct economic profit (we're not selling lunar masonry products, for example) nor does basic research.
  • Re:TMA-1? (Score:2, Informative)

    by WetCat (558132) on Tuesday May 06, 2003 @12:32AM (#5888374)
    It's not a NASA name, it's Russian name:
    First was Soyuz - ##
    Then there was Soyuz - T ##
    Then there was Soyuz - TM ##
    and then there was an "automatic" (?) version
    Soyuz -TMA-1
  • Re:Mysterious? (Score:4, Informative)

    by Wavicle (181176) on Tuesday May 06, 2003 @12:50AM (#5888454)
    assuming that a re-entry vehicle is twice that, it still leaves a pretty small radar cross-section,

    There are a few things working in our favor though:

    The launch vehicle has an enormous infrared signature. It's easy to track while the boost is on.

    Since the path of the projectile is ballistic, we can ascertain with a good degree of certainty where our radar should be looking for it.

    Upon re-entry the projectile once again has a huge spike in infrared visibility, and the path is entirely ballistic at this point.

    It's reasonable that we should be able to spot it on radar if we have a very good idea where it should show up.

    It's a hard target to hit, no doubt. But finding and tracking it should not to be the hardest part of the problem.
  • by ColaMan (37550) on Tuesday May 06, 2003 @01:03AM (#5888519) Homepage Journal
    It's very hard for an ECU to make an engine self destruct on RPM.

    As long as there's still a butterfly valve, connected to a cable, connected to an accelerator pedal, driven by *your* foot, you're fine. Mind you those new Audi's are "throttle by wire", but they're *very* redundant.

    Selecting 1st gear (via your automatic transmission ECU) whilst at 100kph will generally leave a nice compression skid and a stain on the drivers seat - and a bit of damage if you're unlucky. Picking 2 gears at once in electronically controlled autos is also a nice way to burn your transmission out.
  • by reality-bytes (119275) on Tuesday May 06, 2003 @02:01AM (#5888743) Homepage
    The crew of that Tornado GR.4 belonging to 9 Squadron RAF Marham were known for their concientious attitude towards their work along with their great experience on Tornados.

    Neither officer was reknowned for 'goofing-off' as they knew like any-other RAF crew that such behaviour leads to a court-martial in jig-time.

    It is know that they were in the right place at the right time and it might also be worth pointing out that it is highly unlikely that they would deactivate the IFF when they knew that Rapier [the-launch-pad.com] systems were deployed (You don't even know they are there till they fire).

    The current status of this 'friendly-fire' incident according to both the US and UK is that it is under investigation. you may like to read this article [itworld.com] on possible bugs in the Patriot system software.
  • Re:Mysterious? (Score:3, Informative)

    by mikerich (120257) on Tuesday May 06, 2003 @06:31AM (#5889383)
    Upon re-entry the projectile once again has a huge spike in infrared visibility, and the path is entirely ballistic at this point.

    Actually no, both the Americans and the Russians have designed warheads that can be steered off ballistic trajectories during final approach. The Americans fitted them to their Pershing missiles (which have now been withdrawn), the Russians have them on their Topol-M ICBMs.

    Best wishes,
    Mike.

  • by jarrell (545407) on Tuesday May 06, 2003 @03:29PM (#5893989)
    Yes, it was. In this case, it's not Tycho Magnetic Anomaly, but rather Transport Mir Anthropometric. The TMA's are the "large astronaut" retrofit (The US allows taller astronauts than the russians do; surprisingly few of ours fit the older soyuz, which means they could never be station crew) of the TM model, which, itself, was the unit customized to be the ferry craft for Mir from the T class transport which was supporting Soyuz...

I'd rather just believe that it's done by little elves running around.

Working...