That time a JPL engineer almost killed a Mars Rover before it left Earth Engineer and astro-futurist Chris Lewicki wrote an essay this week - that would not be out of place in our Who, Me? archives - about a testing mistake that nearly transformed half a billion dollars worth of Mars Rover into spacecraft scrap. Lewicki posted the tale to his personal site, describing work on the Spirit Mars Rover …
Throwing the switch is always a stressful moment even when I have checked, double checked, triple checked, that it's not all going to end in a puff of smoke, have had others run their own checks.
He was lucky it didn't become another reminder of why it's never a good idea to have people working long hours, doing double shifts, being put under intense pressure to meet deadlines.
Throwing the switch is always a stressful moment even when I have checked, double checked, triple checked, that it's not all going to end in a puff of smoke, have had others run their own checks.
Which is why it is incumbent on others to stand quietly behind the switch thrower and make a loud "Bzzzzzzrt" noise at the psychological moment, then hand them some toilet paper.
"9,952."
"9,953."
"Hi John, you fancy a coffee?"
"No thanks. Now where was I? Um was it 9,593 or 9953? Oh bugger!"
"1"
"2"
"3"
"Hi John, you coming for dinner this evening?"
"AAAAAAARRRRRGGGGGHHHHH!!!!!!!"
---------------------
"And that, ladies and gentelmen of the jury, is why you should find my client not guilty."
And comparing the film dialogue to the actual mission control recordings can be a jarring exercise, given how the dialogue switches from being a verbatim copy of what was actually said, to then going off onto a flight of the scriptwriters fancy, before returning right on cue to the real world again. Mind you, what's even more of a jarring realisation from the recordings is realising just how much of a combined team effort it was across all of the mission control teams, whilst anyone familiar only with the film adaptation of the story would be entirely forgiven for thinking the entire mission was handled by Gene Krantz and his team.
This post has been deleted by its author
>"The monitoring multimeter I disconnected was actually completing the circuit that powered the spacecraft's ground test telemetry...."
The multimeter was almost certainly measuring current, not voltage (as alluded to higher up in the article), if disconnecting it broke continuity.
Stuff like that is why I prefer bespoke test harnesses over breakout cables. Oh, and labels, lots of labels. I've worked with too many people who count on remembering "this red wire is +12V, *that* red wire is 3.3V".
Pretty much every part of that "trundle bot" was bespoke. Might have some OTS components here and there, but NASA space-rated stuff is deliberately over-engineered. Partly for durability and uniqueness reasons, partly because NASA is a research institution, and partly because "we have a budget we must spend this year or we get less next year" like almost every other bureaucracy everywhere.
Who among us has not done something similar in our careers? I know I have, and at least once have broken something expensive.
From that experience I have developed some rules:
- Work with a buddy...they may spot something you've missed, or ask a good question.
- DO NOT work when tired. Take a break or go home and sleep.
- Obsessive labelling is not a sin
- Do respect others' test setups and give no quarter if they do not respect yours.
- Never assume, always check. Always consult the documentation before trusting your memory
- Take copious notes. Include diagrams.
- Take pictures before taking it apart (my iPhone photo stream has equal amounts of work and personal images)
Pulling an all nighter doing a migration.
It's 3am and I have an hour before the step finishes so I might as well go and upgrade that raid box I've been meaning to fix.
Type command, see red lights flash, then realize it counts slots from 1 not zero and so drive 1 was the source not the destination.
Been there, got the T-Shirt.... replaced all drives in one disk pack (of 2). Rubbish UI on the controller persuaded both self and oppo, who was checking every move becasue I knew there was ample opportunity for cockup, that we had selected the right array. Hit initialize, yes we were sure, really sure, really really sure.... until we weren't. Looked at the drive activity lights and realized the inevitable.
Went home, forgot all about it till Tuesday, came in early, initialized the correct drives and restored from backup - everyone was happy (aside from the day's down time for files that were sent to the great bit bucket in the sky).
Better than HP. In their gen8 (or maybe 9) servers, the disk caddies had a large red light on them, which if you looked closely had a big exclamation mark on it. This light indicates "Do Not Remove", however, if you don't know this, and are sent to swap the failed disk in a server with a mirror of two drives, you might well assume that the big red light is on the failed drive.
I think in the end I only caused about half an hour of downtime, but I still blame HP.
It's posts like this that make me question the education and experience of NASA "engineers" 10,000 wires point to point? I guess there are no standard methods of designing things... With that budget, can't they hire any competent, experienced electrical and mechanical engineers? It's like watching an episode of the office...
The 10,000 was hyperbole.
However, it wouldn't surprise me if a toy like this had somewhere in the range of a few thousand individual wires for the care and feeding of it's multiple disparate parts. Note that it's not really "point to point", the wires are built as a series of harnesses, which are individually tested before installing on the machine.
Yes, I know, that's a pic of Curiosity, not the much less complicated Spirit.
Make a proper cable. Test it before you use it. Always wonder "what is the worst that could happen" and assume that some day someone will do that.
We have a $10,000 piece of hardware in each test setup that will last three minutes without cooling. When we originally made the rig we used diodes to supply power to a cooling fan from the pre and post launch PSUs so that we would always know it was cooled if it was powered. Two years with no incidents. Then there was a glitch in the program, mechanical had a redesign before other teams could continue. All the other engineers were assigned to new programs. After a year my new program was done and they needed me back on the original program. To my surprise there were now 3 PSUs. The new folks thought it was more important to be able to check the voltage and current on the cooling fan before powering on. We complained. We were overruled by the new chief engineer, because she trusted the people she knew and they had told her our way was wrong. A year later we have toasted $30,000 in hard to replace hardware, because people assume the cooling is always on, and they don't check. If we have a mains failure, common where thunderstorms and snow happen, the PSUs reset to 0 Volts and Amps. So one time someone checked the PSUs and found the cooling was not on, so they enabled it. Then they powered on, but nothing happened. They recalled the power settings and tried again. Three minutes later they stopped getting data from the subsystem. Yes, the cooling was powered, with 0V and 0A.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
