Wouter,

On Sun, 15 Apr 2007 10:05:42 +0200, wouter van ooijen wrote:

> > I think that the software used to upload a parameter to such 
> > an expensive device should have a bit more safety built in, 
> > so that it is /really/ difficult to write to a wrong 
> > location. An operator should not have to enter any addresses 
> > manually at all. This is considered bad design on devices 
> > that cost $200...  
> 
> In the end the operator must always specify (and address, or a name, or
> whatever) and he can do that wrong. With this kind of equipment you want
> to have a full-controll option, and you can't have full control without
> full opportunity for errors...

The fact that the wrongly-addressed parameter overwrote half of one field and half of another implies that an 
address was used, since it didn't align with any genuine parameters.  This should have been checked *somewhere* - of 
the onboard software didn't check it, the ground software sending it should have done so.  Even if it only flagged it as 
a warning: "You're writing over parameter boundaries".  And while full-control is necessary, making it the standard 
interface is a bad thing.  I can adjust the ignition timing on my car, but not while I'm driving it (this used to be the case 
in the early days of internal combustion engines) and I shouldn't have to.  The standard interface should be restricted 
to predictable operations, so the possible range of mistakes is limited.  The raw full control interface (typing addresses 
etc) should only be used in emergencies and checking of these operations should be given much more emphasis.

As for whether the spacecraft was worth saving by spending more on reducing proneness to error, I think this is a 
"when are you going to stop beating your wife" question - there is no correct answer!  :-)

Cheers,


Howard Winter
St.Albans, England


-- 
http://www.piclist.com PIC/SX FAQ & list archive
View/change your membership options at
http://mailman.mit.edu/mailman/listinfo/piclist