Thanks for the detailed reply, Bdale! Indeed, I would definitely think twice before touching a flight-tested firmware, you never know where regressions might creep up with unexpected/disastrous results... I'll continue thinking about the whole thing,
Ed On Sat, Nov 11, 2017 at 7:16 AM, Bdale Garbee <[email protected]> wrote: > Edouard Lafargue <[email protected]> writes: > > > I understand that once the unit is in Pad mode, it becomes pretty much > > fully autonomous and won't take commands anymore, which I assume is a > good > > security feature. > > That was, indeed, the primary motivation for being transmit-only in pad > mode and during flight. > > > That said, there can be situations where it would be > > useful to revert back to a "safe" or "idle" mode in case launch is > > aborted. > > Yep, we agree. > > > Is there any way this can be done on the Telemetrum? > > So there are two problems. I suspect neither is insurmountable, but > Keith and I haven't ever come up with a good solution. > > The first is that once in pad mode, the most important task is detecting > launch. Anything that detracts from that is a problem. Since we're > using a multi-tasking system, it's entirely possible that we could check > for a ground command from time to time between telemetry bursts without > compromising launch detection. But since our radios are half duplex, > any time we spend listening for commands is time we can't be sending > telemetry, etc. And with increasing complexity comes greater risk, > which translates into a need for more testing every time we touch > anything in the firmware to make sure we haven't broken essential > operation. > > The second is that once you've handed control over the LCO, anything that > might cause the airframe to become *not* ready to launch remotely opens > up the possibility of an airframe being launched that would not fly > safely. There's no way for our boards to know, for example, whether the > launch system has been put in a safe mode and/or the igniter has been > pulled such that it's "safe" to go out of waiting-for-launch state. > > We have, therefore, just accepted the fact that once you're in pad mode, > you can't get back to idle using only radio. > > If anyone has both strong feelings about this *and* and explicit > suggestion about how to add the feature in a way that mitigates > risk... feel free to let us know! > > Bdale >
_______________________________________________ altusmetrum mailing list [email protected] http://lists.gag.com/mailman/listinfo/altusmetrum
