One man's mistake, missing backups and complete reboot: The tale of Europe's Galileo satellites going dark

Also organizational chaos, secrecy and self-regulation

Key details about the failure of Europe's Galileo satellite system over the summer have started to emerge – and it's not pretty.

While one key official has sought to blame a single individual for the system going dark, insiders warn that organizational chaos, excessive secrecy and some unusual self-regulation is as much to blame.

Combined with those problems, a battle between European organizations over the satellite system, and a delayed independent report into the July cock-up, means things aren't looking good for Europe's answer to America's GPS system. A much needed shake-up may be on its way.

In mid-July, the agency in charge of the network of 26 satellites, the European Global Navigation Satellite Systems Agency (EGSA), warned of a “service degradation” but assured everyone that it would quickly be resolved.

It wasn't resolved however, and six days later the system was not only still down but getting increasingly inaccurate, with satellites reporting that they were in completely different positions in orbit than they were supposed to be – a big problem for a system whose entire purpose is to provide state-of-the-art positional accuracy to within 20 centimeters.

Billions of organizations, individuals, phones, apps and so on from across the globe simply stopped listening to Galileo. It's hard to imagine a bigger mess, aside from the satellites crashing down to Earth.

But despite the outage and widespread criticism over the failure of those behind Galileo to explain what was going on and why, there has been almost no information from the various space agencies and organizations involved in the project.


In September, it was announced that there would be an independent inquiry into what happened – largely as a result of the lack of information. That inquiry's “preliminary recommendations” were due in October – last month. So far, nothing.

Then, earlier this week, the man in overall charge of the system, the EC's deputy director general in charge of space and defense industries Pierre Delsaux, broke the silence at a breakfast meeting on the EU's space policy in Washington DC no less.

In a Q&A session after the presentations, Delsaux was asked about press criticism – including from El Reg – about the lack of communication and transparency and no apparent backup for the system. He blew up, insisting that the problem had been caused by a single individual who made an error and then failed to take the right action to fix it. The error was "unacceptable", he told the audience before declaring "never again!"

Delsaux failed to address the backup question or the lack of communication or transparency. But other EC officials pushed back on that too, pointing out that a presentation had been given at a recent conference – something which led space observers scrambling to the website of the Institute of Navigation Conference and its Miami conference in September.

One of those digging into what is going on has been Bert Hubert, a DNS expert who became intrigued by the Galileo mess this summer and decided to set up an independent resource that would monitor how the system is doing. This week Hubert posted a report into what he's discovered since undertaking that project, including some of the organizational and political problems at the heart of the Galileo.

Ain't got the numbers

Among the most notable details surrounding Galileo are that of its 26 satellites in space, only 21 of them are functional – and there needs to be a minimum of 24 to achieve the accuracy that the system is designed to provide.

More satellites are due to go up next year but those launches look increasingly uncertain, especially with a bun fight going on between the European Space Agency (ESA) and the European Union (EU).

ESA built the Galileo system and is working on the updated version of the system, including new satellite additions. But thanks to European politics, made worse by the UK's Brexit process, the EU now wants to assert more control over the project.

The EU is planning to create a new European Space Agency, called EUSA, which will largely be a renaming of the existing Global Navigation Satellite System agency. Yet another space entity, GSA, will become the EU Agency for the Space Program, and the EC will soon have a new director general position in charge of the “defense industry and space.” In short, there are a lot of political maneuverings and that is causing all kinds of other problems.


In the middle of all that comes the complete failure of Europe's flagship satnav system, Galileo, with no one clearly explaining how or why it happened. Here's what we do know based on the report given at the Miami conference in September and additional details dug out by Hubert and others.

So those are the best details we have about what actually happened. But there remains precious little information about how and why it all went so wrong in the first place and why adequate recovery systems weren't in place.


It looks increasingly likely that the complex set of organizations that are responsible for operating and developing different parts of the system are a significant part of the problem. It became immediately apparent when things went wrong that clear communication within Galileo does not exist and no doubt there was a significant amount of finger-pointing among the various agencies that only made things worse.

A chart showing just some of Galileo operations & control. Pic: Bert Hubert

On top of that, there is a question over whether one organization – GMV – has an additional degree of responsibility for the whole mess. GMV runs no less than three different parts of the Galileo structure.

But most notably in this case, it runs the part responsible for generating the data that went awry in this case – called ephemerides, the Galileo Orbit Synchronization Processing Facility (OSPF). In addition to generating ephemerides, GMV was also selected as the organization responsible for independently reviewing and monitoring that same data – the Galileo Integrity Processing Facility (IPF).

Galileo, Galileo, Galileo, where to go? Navigation satellite signals flip from degraded to full TITSUP* over span of four days


Did the fact that the same company was monitoring itself in part responsible for the collapse of the Galileo system?

As for public communication, no one in the satellite of organizations around Galileo felt they were authorized to talk about what was going on, leaving it up to EC officials – none of whom knew what was going on either. In other words, a classic clusterfuck of communication.

We still don't know exactly what happened but hopefully the independent inquiry will make its report available soon. It is supposed to be finished by the end of the year.

In the meantime, a dangerous amount of political maneuvering means all the engineers are keeping their heads down. Which is a shame because by all accounts, there is a lot of good work going on, not helped by organizational silos.

In short, Galileo is a classic European venture: a great idea with talented people that has turned into a bureaucratic mess in which no one wants to take the blame for problems caused by unnecessary organizational complexity. ®

Send us news

SSD belonging to Euro-cloud Scaleway was stolen from back of a truck, then turned up on YouTube

Has since been recovered, and Scaleway now ships disks with GPS trackers

It sounds like a "dog ate my homework" excuse for the cloud age, but Euro-cloud Scaleway says one of its solid-state disks was stolen from a truck, turned up in the hands of a YouTuber, and has now made its way back home.

A Saturday post by CEO Yann Lechelle revealed that over a year ago, a disk was stolen while in transit between two Scaleway data centres.

The disk disappeared, and Scaleway warned clients about the incident.

Continue reading

Private cryptocurrencies make lousy national currencies: International Monetary Fund

But the idea of blockchain-powered money is worth government consideration

The International Monetary Fund has called on nations to consider using blockchain tech to improve financial services, but warned that dabbling with private cryptocurrencies is vastly risky.

A Monday post titled Cryptoassets as National Currency? A Step Too Far opens by stating "New digital forms of money have the potential to provide cheaper and faster payments, enhance financial inclusion, improve resilience and competition among payment providers, and facilitate cross-border transfers."

But the post notes that some nations are considering they could access those benefits with the shortcut of adopting cryptoassets as either legal tender, or even "a second (or potentially only) national currency".

Continue reading

Apple patches zero-day vulnerability in iOS, iPadOS, macOS under active attack

Characteristically mum about details

Apple on Monday patched a zero-day vulnerability in its iOS, iPadOS, and macOS operating systems, only a week after issuing a set of OS updates addressing about three dozen other flaws.

The bug, CVE-2021-30807, was found in the iGiant's IOMobileFrameBuffer code, a kernel extension for managing the screen frame buffer that could be abused to run malicious code on the affected device.

CVE-2021-30807, credited to an anonymous researcher, has been addressed by undisclosed but purportedly improved memory handling code.

Continue reading

Bezos offers to knock $2bn off his bill to NASA to stay in the running for Moon contract

It's not a bribe when it's a payment waiver

Blue Origins supremo Jeff Bezos has offered NASA a $2bn discount to keep his dream alive of transporting the next American man and first woman to the Moon's surface.

Earlier this year, the contract for the Human Landing System (HLS), the craft that will put a crew on the Moon as part of NASA’s lunar Artemis program, was solely awarded to SpaceX. Blue Origin and Dynetics complained to the US Government Accountability Office (GAO) that this was unfair: in their mind, NASA was reneging on a promise to keep the process of selecting a lander competitive by just defaulting to SpaceX.

NASA later retracted its decision to side just with Elon Musk's SpaceX. Blue Origin essentially wants to stay in the race to produce a lander for the Moon mission, and has made a bunch of offers to NASA to make that happen.

Continue reading

Dell won't ship energy-hungry PCs to California and five other US states due to power regulations

Energy efficiency rules appears to be limiting the availability of gaming rigs

Dell is no longer shipping energy-hungry gaming PCs to certain states in America because they demand more energy than local standards allow.

Customers seeking to purchase, for example, an Alienware Aurora Ryzen Edition R10 Gaming Desktop from Dell's website and have it shipped to California are now presented with a message that tells buyers they're out of luck.

"This product cannot be shipped to the states of California, Colorado, Hawaii, Oregon, Vermont or Washington due to power consumption regulations adopted by those states," the website says. "Any orders placed that are bound for those states will be canceled."

Continue reading

You, too, can be a Windows domain controller and do whatever you like, with this one weird WONTFIX trick

Microsoft offers some mitigations for thwarting PetitPotam attacks

Microsoft completed a vulnerability hat-trick this month as yet another security weakness was uncovered in its operating systems. And this one doesn't even need authentication to work its magic.

The security shortcoming can be exploited using the wonderfully named PetitPotam technique. It involves abusing Redmond's MS-EFSRPC (Encrypting File System Remote Protocol) to take over a corporate Windows network. It seems ideal for penetration testers, and miscreants who have gained a foothold in a Windows network.

Specifically, security researcher Gilles Lionel found it was possible to use MS-EFSRPC to force a device, including Windows domain controllers, to authenticate with a remote attacker-controlled NTLM relay. The end result is an authentication certificate that grants the attacker domain-controller-level access to services, allowing them to commandeer the entire domain.

Continue reading

Google updates timeline for unpopular Privacy Sandbox, which will kill third-party cookies in Chrome by 2023

'The W3C doesn't get to be the boss of anyone, the decisions are going to be made at each of the browsers'

Google has updated the schedule for its introduction of "Privacy Sandbox" browser technology and the phasing out of third-party cookies.

The new timeline has split the bundle of technologies in the Privacy Sandbox into five phases: discussion, testing, implementation in Chrome (called "Ready for adoption"), Transition State 1 during which Chrome will "monitor adoption and feedback" and then the next stage that involves winding down support for third-party cookies over a three-month period finishing "late 2023."

Although "late 2023" might sound a long way off, the timeline has revealed that "discussion" of the contentious FLoC (Federated Learning of Cohorts) is planned to end in Q3 2021 – just a couple of months away – and that discussion for First Party Sets, rejected by the W3C Technical Architecture Group as " harmful to the web in its current form," is scheduled to end around mid-November.

Continue reading

Remember the bloke who was told by Zen Internet to contact his MP about crap service? Yeah, it's still not fixed

Fear not! Issue is at the 'highest level of escalation,' says ISP

A broadband customer from Leatherhead, Surrey, who was told to "speak to your MP" after his ISP failed to resolve repeated line disconnections has now been informed he can leave his contract without penalty after Openreach failed to resolve the problem.

Alan Brown, a network manager at a Russell Group University, got in touch with us in February exasperated at the poor service he was experiencing and the contradictory information he'd received from his ISP, Rochdale-based Zen Internet, and Openreach engineers.

On one day alone he told us he'd experienced no fewer than 28 breaks in service.

Continue reading

South Korea reports export boom in silicon, wireless comms, and instant noodles

Makes sense really

Newly released data suggests South Korea is having a silicon and instant noodle renaissance, both thanks to COVID-19.

The south side of the nation had a great month for exports as the daily average for the first 20 days of July grew by 32.8 percent year-on-year. Data released by the Korea Customs Service detailed a year-on-year increase in semiconductors by 33.9 per cent, wireless communication by 68.1 per cent, and industrial precision equipment by 15.1 per cent. Meanwhile, figures decreased for computer peripheral equipment by 7.8 per cent.

The increases are welcome news to many given the pandemic-related supply issues seen globally last year and this, specifically those in the semiconductor industry.

Continue reading

Brit reseller given 2022 court date for £270m Microsoft SaaS licence sueball's first hearing

End of March for ValueLicensing's jurisdictional defence

British software licence reseller ValueLicensing has a trial date for the first part of a £270m legal showdown against Microsoft after accusing the US behemoth of breaking UK and EU competition laws.

A High Court hearing of Microsoft's attempt to strike out ValueLicensing's case will take place on 30-31 March 2022, the British company announced in a statement today.

Jon Horley, founder and MD of ValueLicensing, said: "This High Court claim covers the damage to our business through Microsoft's abuse of its dominant market position, effectively destroying the pre-owned software market for desktop products. We are not the only victim to have suffered loss as a result of Microsoft's anticompetitive activity since 2016."

Continue reading

Thinking about upgrading to Debian Bullseye? Watch out for changes in Exim and anything using Python 2.x

v11 set for mid-August release

The Debian Project has set a release date of 14 August for Debian 11, also known as Bullseye.

Debian is an important distribution in its own right, but also influential since it is the basis for many others including Ubuntu, Mint, Devuan, Knoppix, Tails, Raspbian, Pop!_OS, SteamOS and more.

In a post to the developer announcements mailing list, the release team said: "We plan to release on 2021-08-14." This is a little over two years since the release of Debian 10 "Buster," which came out 6 July 2019. The testing release is now "completely frozen" other than to "emergency bug fixes."

Continue reading