Better safe than sorry

One of the problems that I commonly run into in the space business is over-optimization. When you are facing, as in our case, unique observation opportunities whose price is very hard to establish, the requests from the scientist is "simple": take as many images as you can. The fact is that Moore's law has left the space communication systems a little bit behind: while most processing systems, including communication over land lines and even the infamous 5G have continued to increase in speed at dizzying rates, deep space communications are still anchored in the 1960s technology of Ka-band microwaves: there have been quantitative improvements from the original binary phase shift key (BPSK) to the quadrature (QPSK) or eight phase shift key (8PSK), doubling the transmission speed in each case, but still far below the promised exponential growth. The result is that transmission speeds for this kind of missions are limited, in the most favorable case to approximately 256 Kb per second, which is half the speed your mobile connection falls back when you run out of data plan at the end of the month.

Photo: CEphoto, Uwe Aranas

Under this circumstances we find ourselves in the surprising situation that we are indeed able to take an image in a second or two, but then it takes about one minute to come down to Earth. That means that, from a theoretical point of view, I could command the instrument to take 1800 images every hour, but since we can only bring down 60 images per hour I would have to find a way to filter out the most interesting ones and erase the rest. In the end, the actual approach is that we end up taking roughly 180 images per hour, compressing them by a factor between 2 and 3 (the images will have different compression depending on the content) and sending as many as we can in that hour, normally between 140 and 160. The advantage of this approach is that we are able to use every single second of transmission that we have without forcing the onboard systems to take a lot of unnecessary images. This is the so-called operational factor of safety, because it ensures that there will be no wasted time in the operation of the instrument: if we acquired less images, we could run out of things to transmit.

Similar factors are built essentially into every building, every tool, every object, even every procedure that is designed, because there are a lot of uncertainties in life and nobody likes running unnecessary risk: road lanes are significantly wider than the cars and the trucks to account for their occasional involuntary side movement, the number of shopping carts in supermarkets normally exceeds the amount that could safely be driven into the store to account for the ones that could be left in far away stations, and buildings can always hold a lot of people in a room than the official occupancy in case there is a party. However this margins are not free: every additional centimeter on the road means additional asphalt and additional work, the shopping carts have to be bought and the additional resistance of the building requires more concrete than strictly necessary.

Of course, in all these cases the margin is not a lot bigger than the nominal needs, and we gladly pay for the added safety. But there is one type of devices where the nominal need is zero: emergency devices. In an ideal world, there would be no need for ambulances, fire extinguishers, police departments or spare tires, because accidents would not happen. However, if you want to be reasonably sure that an ambulance or a fire truck is going to be available when you need it, it is essential to have a sufficient number sitting idle most of the time. Of course, they can do training, maintenance, paperwork and all sorts of non-urgent things in that time, but the fact is that they are not being involved in emergencies. And it is good that the systems are properly sized.

I have come to think about this topic today because a friend of mine has been hired for database maintenance at a health care provider and he is starting to feel like an impostor: he gets a task that can take him two or three days and then sits idle (or doing minor maintenance tasks) for another week. He is an engineer, so he understands a design intended to hold peak load, not average load, and yet he is unhappy for not having enough work. I have also pointed out that all the maintenance he does in the background (most of which his boss never asked for, and even does not hear about once it is done) is actually contributing to the data systems running smoothly, so he is working all along. It is also good that he will be able to drop what he is doing if ever something breaks down, because that is the kind of emergency work where he will be desperately needed.

So next time you come by the fire department just think how good it is to see the trucks in their bays: it means that there are no fires going on. Have a nice evening.