Expectations were high for the Mars Climate Orbiter as it approached Mars in September of 1999. It was one of NASA's low cost missions that came out of the failure of the billion dollar plus Mars Observer earlier in the decade along with the spiraling costs and lack of mission of the International Space Station. The new mantra was simple, fast and cheap.
Cheap is a relative thing. The MCO mission was still spendy at a third of a billion dollars, but the mission had gone smoothly and soon it would near Mars at a low enough altitude to use a bit of the Martin atmosphere to slow it down into a proper orbit with minimal fuel use. But it turns out there was an issue.
A space probes trajectory is never perfect and mid course corrections are executed along the way. Tiny thrusters are fired at a known thrust for a measured amount of time to determine what the effect of the little force will be. Since the distances traveled are so great small corrections can be made burning very little fuel and still have a significant impact. But there was this problem.
In high school physics you may have puzzled through the difference between mass and weight as well as different measurement systems. Pounds are an English unit and measure force. Kilograms are metric and measure mass. To figure out the weight in metric units (weight is a force), you need to include the acceleration of gravity and the appropriate units are newtons.1 It would be nice if everyone used the same system, and if the convention used was actually correct, but the history of technological development and adoption is neither linear or clean.
The MCO's software expected metric units. Specifically a force times the time the force was applied by the thruster - newton seconds. The commands were sent to the spacecraft in the English pound-seconds. The result of this mismatch was an approach about 170 kilometers lower than anticipated and the spacecraft broke up in the Martian atmosphere.
Subsequent analysis showed assumptions were made by different software teams and full integration tests weren't performed for a variety of reasons - including the time and cost required.
It would be nice if the software compiler was "smart" enough to include units and flag likely errors. To my knowledge no mainstream language supports units, but they all allow the programmer to enter a {quantity, unit} pair. If you do this it isn't a big deal to build in a unit detection capability, but for a variety of social and technical reasons no one does it. If you are lucky you'll see a reference to the expected units in a comment
But this is just the tip of the iceberg when you are trying to build reliable and efficient software that interfaces with machines. It turns out the goals are very different from those of the Internet application and server world. Rather than making the programmer more efficient by throwing computational horsepower courtesy of Moore's Law at the task, it makes sense to have very efficient systems (particularly for systems with sensors with power constraints) and very robust compile time checks. It turns out that new tools and programmers with different education backgrounds are likely to be required. The objectives are fundamentally different from current programming.
But it gets worse. We're trying to deal with sensors - devices which make measurements, but have accuracy and reliability issues that may be hidden to the programmer tasked with writing code that supports them. The programmer may be completely unfamiliar with the quirks of the sensor and it is very easy to trust questionable information streams.
GE is talking about an "Industrial Internet" -- it is really machine to machine communication making use of some of the information produced and processed by a system that allows people or other machines to make informed decisions that would be very difficult to come by using more spartan information streams. It is a grand idea, but the devil is into details.
There need to be specialized tools to deal with the different notion of software design, a deep understanding of the system being built, people who have deep and rich experience with high reliability systems of sensors. Conventional system designers and coders aren't enough, although historically this has been done.2 This is the sort of thing at which JPL, the experimental particle physics community, and a few other science based organization excel - consider the effort required to sort out the experimental design and data analysis from a CERN experiment.3
For the GE approach to work, and ultimately the world will need a lot of this class of programming, computation and analysis, they are going to have to create multidisciplinary teams who fundamentally understand as many of the issues involved as necessary. My guess is they aren't poking around the right areas to find some of the people - you aren't going to do this without a lot of help from the physical science community. I'm pretty sure the old Bell Labs could have made a major impact, but we don't have one of those collaborative, multi-disciplinary organizations in industry anymore.... My suspicion is something not as robust will be produced and then one has to ask the question of what is good enough.4 It will be essential to be able to accurately calculate confidence levels for any critical application!
(I have some other worries about the GE's effort that I won't detail here as I just wanted to talk about the need for a need for a different class of system design... there are other issues. I also recognize their press releases and other documents I've seen are very high level for public consumption and they have a deep appreciation for the critical issues involved.)
Let me make it clear - software reliability is improving, which is a good thing as human society has become dependent on our computational systems. But the complexity of system - particularly those festooned with sensors - is increasing at a rapid rate and our ability to comprehend them is not. The development of the m2m Internet may well be the beginning of a very different branch of programming and systems analysis. One that is not only required, but in some sense is back to the future.
Ugh - three hours!
This is is the third time I have approached this piece and the only omenti posting that has required more than one pass (but I didn't proof this one). The first pass included a few pages of pseudocode examples of why conventional programming techniques won't work and the second pass was way too technical. I'm happy to discuss at greater detail, but hope this gives a sense of the issues you have to consider to do an adequate job.
__________
1 I weigh about 156.5 pounds. My mass is about 71 kilograms. Technically my mass is not a weight, but since most of us walk around on the surface of the Earth and don't worry too much about slight changes in the acceleration of gravity, it is common to call a kilogram a unit of weight. My metric weight is measured in newtons ... in my case I weight about 696 newtons ... 1 pound of force is about 4.45 newtons. So your average supermodel weighs well over 500 newtons.
2 The same could be said for AT&T during the old days when switches in the phone network were to have no more than two hours of downtime in forty years of service including time down from natural disasters. It was impossible to move the design at a rapid pace given this requirement and ultimately the needs of the end user proved to be less demanding, but it did work. It would be overkill to do this for conventional business computing, human interfaces and Internet coding and it has largely vanished.
3 Consider tracking down the loose fiber optic cable issue in the OPERA collaboration that created the impression that neutrinos could travel faster than the speed of light and then note that it is unusual for a major error of this type to stand at the time of preprint.
4 There are many areas where noisy answers are probably fine, but some that will have major financial or even life an death impacts.
__________
Recipe corner
I'm starting to work out Christmas main courses and desserts. Jheri sent a really interesting looking spice cake recipe from a dinner party she was at in Copenhagen and I modified it a bit. Use whatever topping you like - I threw together a cream cheese frosting because there was extra cream cheese in the 'fridge. The cake is very good at room temperature and also great after chilling in a refrigerator.
The cardamom is very Scandinavian and reminds me of the birthday cakes our Swedish neighbor made for her Danish husband (yes - a mixed marriage)
A note on cookies and cakes - really fresh ingredients make a lot of difference. If your flour and sugar packages have been opened and are more than a month old, I would use something fresher. I grind most of my spices.
Christmas Spice Cake
Ingredients
° 240 g (2 cups) all-purpose flour
° 170 g (heaping 3/4 cup) sugar
° 100 g (1/2 cup) brown sugar
° 1 tbl baking powder
° 1/2 tsp non-iodized salt
° 1-1/2 tsp ground cinnamon
° 1 tsp ground ginger
° 1/2 tsp ground cardamom
° 1/2 tsp of ground cloves
° 2 large eggs
° 160 g (scant 2/3 cup) whole milk
° 115 g (8 tbl) unsalted butter, melted and cooled slightly
Technique
° Preheat oven to 350°F.
° In a large bowl, mix together all dry ingredients. In another bowl, mix together eggs and milk. Add wet mixture to the dry ingredients and mix well. Add the melted butter gradually. The batter should be smooth.
° Transfer the batter into a buttered and floured round 9" cake pan (or in a fancy heart-shaped mold:-). Bake for 35 to 40 minutes or until a toothpick comes out clean.
° Let cool for about half an hour then de-pan and transfer to a cake rack. Frost it, spread with whipped cream, top with jam or whatever you like.
Cream Cheese Frosting
The amounts shown are very approximate - you can't go wrong. I like to sprinkle a coating of coarsely chopped almonds, walnuts or pecans on top - but didn't on the pictured cake.
Ingredients
° 60 g unsalted butter softened
° 110 g cream cheese softened (don't use the low fat here - go for it)
° 220 g confectioner's sugar
° a bit of milk
° 1/2 tbl vanilla extract
° a pinch of salt
Technique
° mix all ingredients and whip up by hand or in a mixer
° spread over the top of the cake with a spatula and let a bit flow over the sides
I found it very readable, Steve, so thank you for making the third effort.
Posted by: Jean Russell | 12/14/2012 at 01:29 PM