The Battery Watch Arduino software has expanded to about 3000 lines of code. Guess what? There are certainly bugs in this software. One of the unresolved issues about the architecture of Project Curacao is that the software on the Raspberry Pi can be updated remotely easily across the Internet. The software on the Battery Watch Arduino on the other hand, can not be updated remotely as there is no current way of updating the Arduino without plugging in a USB serial port. While we are investigating options (different boot loader, figuring a way of using the USB port on the Raspberry Pi for programming - we are looking at connecting the Pi to the Arduino while cutting the power line on the USB line and feeding power from our power subsystem via the cut line to both the Pi (from the Pi Power Subsystem) and to the Arduino from the BatteryWatchdog Power Subsystem - this actually looks promising but we haven't done it yet), we want to make our system just a bit more resilient than it currently is.
For example, last night we programmed the Pi to wake up time accidentally before the shutdown for the midnight "peek" at Curacao. The Pi went to sleep until the next midnight wake up time. This got us thinking that we could make a mistake that would eventually shutdown our Pi forever. That's not good for a unit 3,500 miles away.
So we are going to build what is called a "Dead Man Switch" in software. If the Pi has not been turned on for two days, we turn it on and send an email if the Pi does come up.
How do we do this?
1) Set an alarm for two days from the last "Pi On" command
2) Reset the alarm each time the "Pi On" command is set
3) if this timer gets triggered and Pi is Off, disable the watchdog and the other sensors (bad sensor reading making Pi go off?)
4) Power Cycle the Pi and then leave on. Send Interrupt to Pi to send email that the Dead Man switch has been triggered.
We might have a chance to contact the Pi with this, even if we have made mistakes in the code.
Another way to do this would be to build a timer in Hardware that would put the power on the Pi after two days. This would be a better way of doing it, but our schedule is tight.
Who knows? We may rue this decision.
No comments:
Post a Comment