Thee are a bunch of comments here asking why one would run Windows on a spacecraft.

I am a spacecraft engineer. I don’t see anything in the linked article indicating that they are actually running Windows - the BSOD claim is tongue-in-cheek, or at least that’s how I read it. I also don’t know of anyone anywhere that runs Windows on a spacecraft, with the exception of laptops used by astronauts. Typically one runs vxWorks, or maybe QNX. Some experimental (high risk, low cost) systems run Linux. Older spacecraft don't run any OS at all, everything is running on bare metal, and that may be true for a handful of current spacecraft as well.

Windows is used in some places by ground controllers, but these days they tend to be running Linux a lot more often.

Author here: I should clarify the satellite is not running Windows. Instead, it’s running its own custom OS written in C called Flight Software (FSW) specifically designed for the satellite onboard computer.

Re-reading the post, I see how the title, my analogies, and poor attempts at humor would give the incorrect description of what’s happening with the satellite when it enters safemode. I’ll amend the post soon.

Thanks for the feedback, I’ll be better next time.

You can always run Minix3 which basically keeps on running after a kernel OOPS.

Very simple: just Write the Right Stuff!

https://www.eng.auburn.edu/~kchang/comp6710/readings/They%20...

Was the spacecraft from the event described in the article an actual spacecraft in space or a simulation of a space mission on the ground?

> I think what surprised me the most was how nonchalant the response was. We had documented all of our actions, so other people had read what happened and knew something had gone on. I wasn’t expecting any fanfare but we weren’t even debriefed on what happened.

That's... Concerning. No root cause analysis? Not even an internal one?

And here I thought we were going to rehash Crowdstrike ;-)

https://www.fastcompany.com/28121/they-write-right-stuff

I would bet the schedule didn't allow much time to doing subsystem level test with on-board computer, so everyone went to the big test praying for the best.

That or inexperienced programmers were involved, assuming they were not scared of modifying memory addresses directly.

As for the safe-mode, if it happened maybe you could say you were randomly injecting errors in the memory during runtime and spacecraft entered safe mode as expected, would not be far off from the truth, just do not mention it was unintended :)

Why is it using memory-mapped stuff in the first place rather than some sort of messaging system that would allow more defensive programming?

As much as I hate writing "getter" functions for referencing global variables, I would when I knew I didn't have the right address yet. Write them first to error out loudly, then when you have the actual addresses replace the error out code.

Clickbait. Unlike british missile submarines, they are not using Windows.

[flagged]

Or you can avoid contracting with Boeing.

Step 1: Use linux

One must have balls of steel to run windows on a spaceship.