While I try to keep my private life (such as it is) separate from work, we are getting a lot of hits because of the announcement of the contract I signed for an orbital flight on a Soyuz spacecraft and a visit to the International Space Station (ISS).
For the full press release see Space Adventures.
I want to re-iterate that my main focus before and after the flight remains with Intentional Software. We did not expect to make the space announcement at this time, but the story broke in Moscow so we had to scramble to get some material together. The actual flight assignment has not happened yet, but in any case the flight is not expected before the fall of 07.
I am very excited and feel privileged to participate in this adventure. The engineers and cosmonauts in the Soyuz program are truly an impressive bunch and their booster and spacecraft are marvels of system engineering, meaning that with modest means they created a reliable and still valid design. I am very fortunate to be able to study this system in detail.
Of course I could not resist looking at the components from
the Intentional point of view. Look at the following snippet from the checklist:
It has been produced by the Russians using Microsoft Word! While I am delighted of that, I can see that checklists are a very interesting domain which could be generatively connected to the actual flight software; but even just for consistency checks and other configuration reasons, an intentional encoding would be much better than a Word file.
The syntax of the notation is very strict and is used consistently in the over 200 pages of normal and off-nominal (meaning emergency) checklists. In this example, the first line means: Start the timer, turn on KVD BO-SU (docking unit pressure equalization) valve using command C3. Observe light on, if light off (the dark rectangle), we have off-nominal condition (dotted border), action is to communicate with (Dpo) ground control (UZ). The next line is to be executed 1 minute after the first line, and the same valve is turned off. As you can see, it is a very precise domain specific language.
Any idea of what the probability is of there being a typo on just *one* of those 200+ pages of super-intricate, life-or-death, mission-critical procedures?
Posted by: Reuben Harris | April 18, 2006 at 09:50 AM
Good question. There could be some typo somewhere just on a statistical basis even if it was a six sigma process (one fault in a million characters, or 500 pages of 2000 characters). But a robust system should continue working even in the presence of minor mistakes. The sequence you see is followed by another sequence checking if the pressure has been equalized (the lights just indicate the valve opening or closure command.) A failure in the process would result in delays or a degraded mission, not in loss of life. But at the end of the day, higher quality is still important because it results in much better performance as the redundancy and other costs can be brought under control.
Posted by: Charles Simonyi | April 18, 2006 at 06:24 PM
Looking forward to 2012 and the new Reusable spacecraft. A hybrid of capsule Soyuz-class and winged Buran-class vehicles.
Posted by: Kevin Corren | October 26, 2006 at 08:26 PM