Slashdot Mirror
NHTSA Has No Software Engineers To Analyze Toyota
thecarchik writes "An official from the National Highway Traffic Safety Administration told investigators that the agency doesn't employ any electrical engineers or software engineers, leaving them woefully unable to investigate correctly what caused the most recent Toyota recall. A modern luxury car has something close to 100 million lines of software code in it, running on 70 to 100 microprocessors. And according to consultant Frost & Sullivan, that number will rise to 200 to 300 million lines within a few years. And the software that controls the 'drive-by-wire' accelerators of Toyota and Lexus vehicles is one potential culprit in the tangled collection of issues, allegations, and recalls of many of those vehicles for so-called 'sudden acceleration' problems."
... there is plenty of talent out there for them to hire - even if only on a project by project basis.
I think I met couple EEs at NHTSA back in the 90s...
Fuck systemd. Fuck Redhat. Fuck Soylent, too. Wait, scratch the last one.
Here comes DO-178B for cars.
I wonder what the cost is per line of code?
There are a huge number of yeast infections in this county. Probably because we're downriver from the bread factory.
Surely it would be a serious inefficiency for NHTSA to maintain on staff a large number of specialists to handle this kind of problem? Isn't that exactly what (properly qualified) consultants are for?
Al Bundy: what do you mean I can't get out?
Clerk: I'm sorry, sir, the computer controls the doors too.
Such is the cost of more complicated technology. Although, I will admit, this problem seems awfully widespread for Toyota to have not caught this at some point in their QC/QA process.
I'm reminded of the "recall" speech in Fight Club...
Living With a Nerd
If the statement in the article is true then this country is in even worse shape than I thought. It seems like rarely a handful of months can go by without the realization that yet another Federal department is completely incompetent. How in the hell does the NHTSA even do their job?! They are supposed to ensure that vehicles are safe but they don't even have the staff to do that.
What the hell is wrong with our country?
They don't need Electrial Engineers or Software Engineers. They need Computer Engineers, people who are trained to understand both sides of the hardware/software boundary.
"This mission is too important to allow you to jeopardize it." -- HAL
I find that extremely hard to believe. Jurassic Park ran on just two million lines of code. I doubt all the lifetime output of all the readers of this thread, combined, equals 100 million. I further doubt that such complexity is remotely necessary to run a car, and that it is remotely possible to debug that much complexity to the standards of, say, the airline industry. And that NHTSA could audit that code in any respectable amount of time. I hope beyond hope the number is wrong.
What exactly would the NHTSA do with a set of engineers? Audit all 100 million lines of code for each and every car they suspect has a safety issue with the computer system? Yeah, that sounds like a worthwhile endeavor. How about they do it the old fashioned way; collect the reports, identify the risk, and sanction the manufacturer to find/fix the problem. Thinking that an NHTSA coder (or a hundred) would have gotten to the bottom of this Toyota issue in any reasonable amount of time is a joke!
70 to 100 microprocessors? I imagine that this is true only if you employ a fairly broad definition of "microprocessor" and note that the vast majority are single-purpose devices in self-contained systems. I doubt that the "microprocessors" and "lines of code" that run the stereo or the climate-control system - or even the airbags - have any connection with the driveline.
Can't they just call Microsoft's toll-free number and ask someone over there to look at it?
Like the beaver, it's just Dam one thing after another
I didn't RTFA, but I've seen the comment about a modern car having something like 100 million lines of code in articles before. Now, I am not in any way qualified to say that number is to large or to small. But as an embedded systems software developer, that seems like an INSANE amount of code. I'm the manager of the engineering department at my employer (small manufacturer in US) and I have very strict requirements for comments in code. Even if you count the lines of comments in our code (probably around 50% of the file content), our largest project to date is around 35,000 lines of C code. Now I realize that since we are targeting smaller 8 bit MCU's with limited resources, this limits what we can do.
But still, 100 MILLION lines of code? Does anyone have any input on whether or not this is accurate? Or do automotive software engineers like to comment their code more than anyone else?
There are no stupid questions, only stupid people asking questions.
I don't believe it. In WHAT?
I can't come up with a list of 100 things in a car that it makes sense to have a microprocessor for.
Are they counting stuff like the radio, the gps, the dvd players in the seat backs? None of that stuff has to do keeping the engine running, and doesn't need to be considered for safety purpouses.
Why would you need more than one computer to control the car anyway? I guess you might want a seperate one to control the airbags in case the crash is caused by the main one failing, but other than that I don't see why you need more than one CPU to control the engine, check the brake fluid, tire pressure, etc.
Just look at any large software company they have people looking through the code and bugs are still found, if the bug was easy to find TOYOTA would have found it. The last thing we need in NHTSA injecting itself into the coding process.
Knowledge = Power
P= W/t
t=Money
Money = Work/Knowledge so the less you know the more you make
Well, if you don't know what you're asking for, how would you ever know if the answer they give you is even close to reality?
"Hey, I need you to investigate x, I have no idea how to even analyze x, but I trust you will investigate it exhaustively!"
"Sure, we fully investigated x and it's fine."
"Oh, ok, we'll take your word for it, thanks!"
You have to at least be able to understand what's going on to a certain degree before you can tell someone to fully investigate it _and_ then trust their results.
So yes, they should have a set of engineers who can read code well enough to know what is doing what and ask a company to exhaustively test it.
Finally, 100 million lines of code sounds like an awful lot of code for a throttle and/or braking system. I have a feeling that number is bloated to include things like when to pop on the low fuel light or seatbelt warning sounds. Pretty sure you can whittle that 100 million down at least 50 if not 95% and figure out what code actually controls the systems being reported as an issue.
In short, yes, if you're going to be educated in the field of vehicle safety, you can't claim ignorance to the _whole_ command and control system that lies in the computers that have existed in cars for more than a decade.
Seriously. How did they not see this coming. They have been hearing cases about secret codes and OBD standards and the like for quite some time now. The fact that cars are running with the added use and assistance of digital computational systems is well known. If they are not equipped to do testing for safety purposes, they are simply not equipped to do their jobs. And I'm afraid to ask about air vehicle safety testing now...
Amen!
They respond to problems, they don't reverse engineer things. Does the FDA or the Surgeon General's office have engineers to paw through the lines of code in MRI machines or CT scanners, or anesthesia machines, or respirators, or any other number of computerized medical machines? No... they get tested emperically, just like cars do. It's very difficult to prove that some of these flaws exist.... remember the Audi "sudden acceleration" problems in the late '80s that almost killed the brand? That was pre-computerized throttle and transmission, and STILL was impossible to prove. Audi made pedal spacing changes, but largely to avoid the inevitable suicide of doing 'nothing.'
Engineers or not, it's going to be quite difficult to prove that there's an actual "flaw" in the design, let alone negligence,when there are so many millions of vehicles without issue.
"No fair, you changed the outcome by measuring it!" - Professor Hubert J. Farnsworth
Who's going to identify the write said reports, and identify the risks? Are you trusting Toyota to do this in-house? Because the article shows the NHTSA has zero qualifications do any diligence on its own.
A line-by-line audit is silly, and nobody is suggesting this. However, I can't see why the department that oversees embedded systems (automobiles) has no electrical engineering talent on hand.
Safety related functionality should have a redundant overriding mechanism that isn't subject to the vagaries of software failure. For example, if the engine computer suddenly wants to run an explode subroutine, the fuel valve should limit the outcome to chitty chitty bang bang.
Then you don't have to check every line of code, you just have to check the overrides.
Know your pads. One time pad: good for cryptography. Two timing pad: where to take your mistress.
Sure there are bugs in the code. Any code has bugs. ANY car has bugs. I have the feeling that somebody is making a black PR campaign to create panic to humble Toyota.
Same was with swine flu - somebody wanted a panic to sell more medicines. There was also SARS several years before that.
How many people died or were injured because of the claimed Toyota software bugs? Give me a number.
Slashdot, please provide a list of software-powered cars so I know which cars to avoid like the plauge.
Seriously, most software out there is so poor quality I don't want to run it outside of a VM. I really do not want my life to depend on software...
Most of that code is probably autogenerated from some control scheme in a Simulink-type toolchain. There are other ways to audit than looking straight at the microcontroller code, to that regard.
IANASE, but 100 million lines of code sounds a little over the top. Can someone verify this?
Having worked (and been) a coder, I can tell you the last thing that would be productive is for the phone to ring at Toyota and for an NHTSA software engineer to go "hey guys, check out line 213343, I think you forgot to call the destruct method on that instantiation before the function closed, I bet that's why your cars are crashing!"
One more (or a hundred more) sets of eyes isn't the solution, the solution is better coding *practices* along with better testing. In short, the NHTSA needs QA and Project Management types to sort through the steps that led up to the bug being introduced. No one seems to want to comment on how many of those they have (or what they are busy doing). There may well be an understaffing (or improper-staffing) at the NHTSA, but saying "oh god theres no coders get them some coders!!!" is *not going to help*.
I totally disagree: the NHTSA shouldn't hire engineers. NHTSA should not do the job of Toyota's engineers and testers; they were created to set policy and propose safety laws. The NHTSA should hire economists, policy makers, and maybe some scientists. But the job of ensuring the nuts and bolts of a car are safe should fall on the car-maker, with strict repercussions if they fail.
My biggest problem with all this is what people on Slashdot should already know: looking through and understanding millions of lines of code would take an engineer a few lifetimes - how many engineers are we proposing NHTSA hires? They could learn Toyota's software system, but then what about Ford cars? Or BMW? All for a government organization with 600 employees...
In cases like this, NHTSA should force Toyota to hire a third party (objective) consultant to create a technical report. Maybe a small team of engineers could remain on staff to read and understand those reports.
100 Million??? Really? What the hell is it written in, Intel 4004 assembler code?
Sometimes the light at the end of the tunnel is the headlight of an oncoming train.
Exactly -- that would be worthless. Rather, they need an advisory panel that can examine the QA practices and such.
I'm used to examining million LOC codebases -- give me or anyone else here on ./ a few days to look at their procedures, bug database, unit tests, etc., and we'll be able to tell whether this sort of problem could occur again and what was done to solve it. But I wouldn't/couldn't do the testing myself, ever.
Or, instead of what you said, we could just ask NHTSA to get with DOD and find out how they manage software (hint: IEEE 12207 or, if you're old school, MIL-STD-498).
Last time I checked, there were something like 1500 or so complaints about sudden acceleartion filed. They recalled 8 million cars, but if you include every model with the complaint, you are probably looking at 4X or 5X of that number. Even if you stick with 8 million, 1500 out if 8 million is 0.019%. Good luck trying to reproduce a problem that has a reproducible rate of 0.019%.
Am I the only computer scientist around here who thinks this number is um... suspect. Maybe after it's been compiled it prints out to 100 million lines of assembler but I'm seriously suspecting there is some serious number padding going on here...
What does this number include? Does this include all the lines of VHDL for the processors? If there are 30 processors in a car and there all the same type, do those lines VHDL code get counted 30 times?
I'm pretty sure the F-22 only has a couple million lines of code in it and it's completely fly by wire.
As for the NHTSA having no engineers to analyze, that's mildly irresponsible. There job is to set policy and make sure that a device adheres to set safety standards, i.e. when a car is going 60mph and it hits a wall the airbags should deploy properly. Delving into the code that analyzes the accelerometers and impact sensors to decide it's time to deploy the airbag is silly.
Yes Francis, the world has gone crazy.
If they waited until the cost justified the recall, they could be in trouble.
What is America seriously going to do if it is revealed that Toyota officials knew about this problem and held off on a recall based on costs? Like any other corporation, they'll probably get a slap on the wrist and a fine that's just a drop in the bucket. Noone is going to be tried for murder, and we certainly can't give Toyota the death penalty. Bar them from selling in the USA? Not likely. There would be a massive outcry against the loss of jobs for Toyota factory workers, dealers, maintenance, etc. . . I don't think Toyota is going to be in any real trouble at all, even if it is found that they knew about these problems all along.
Come on we are software people.
We all know that it is all about testing.
NHTSA engineers can work with industry to develop standardized tests for cars and subsystems.
Sure they won't be complete, but testing is never complete anyway.
Make the whole testing framework open and easy to work with so the manufacturers will want to take it home, use it for themselves, add to it, share tests (not results!) with competitors, etc.
We all know the concepts behind "many eyes". If everyone is working with the same basic tests then they will of course become more rigorous and more accurate over time.
NHTSA can run their own tests on submitted prototypes and publish the results. If everything is wide open there will be no surprises.
Maybe they do compete, but poor quality will sink all their boats together.
We have been making software for 40 years and we have lots of nice standard test frameworks.
Why is this not true in the auto industry where they have been making product for over 100 years?
It's written in ADA then...?
No sig today...
Jesus Christ, is this a suitable and proper application for the technology? There is such a thing as overengineering. If the system is too complex to safely maintain, it's too complex to deploy, end of story. I don't care what features you're touting if the failure mode for that vehicle is me and my passengers looking like Buddhist monks protesting something.
Kwisatz Haderach
Sell the spice to CHOAM
This Mahdi took Shaddam's Throne
If the number isn't wholly fictional, I'd guess the largest single component is the navigation system. (Which hopefully does NOT have input into the throttle... but nowadays, who knows?)
Unfortunately, all the actual engine control stuff DOES work together. It's not simply an doing an electronic simulation of a throttle cable.
And they said in a modern luxury car.
So that's all the code in the following computers:
Engine (controls throttle and such)
Transmission
Collision avoidance (ABS, traction control, etc. TPMS is usually here, too, because it's sometimes part of the ABS system to save costs)
Safety (airbags, seatbelt pretensioners, etc.)
Central convenience (security system, power locks, power windows, cabin illumination, in some cars even the exterior lighting goes through central convenience)
HVAC
Instrumentation (yep, there's a computer dedicated to that - and some security functions are sometimes in there)
Entertainment (navigation, stereo, DVD, etc., etc.)
And all these systems are interconnected.
You get in your car (central convenience deactivates security upon receiving the signal, and when you open the door, it illuminates the cabin, alerts the engine computer that a start is imminent, possibly starting fuel pumps, on diesel cars turning on the glow plugs, etc., etc., and notifies the instrument cluster that the door is ajar.)
You insert your key into the ignition (yes, I know about push-button start,) and start the engine (engine computer starts up, after which the instrument cluster polls the RFID chip on the key. If it can't get a read, it immediately requests that the engine computer shut down.)
You decide that you want a little heat before you set off, so you use your steering wheel controls (which go through instrumentation) to set HVAC settings, and then you figure some music won't hurt (entertainment.) Then, you remember that you don't know where you're going, so you punch the address into the navigation system, and it feeds directions back to the instrument cluster.
Now, you put the car into gear. The transmission computer notifies the other computers about this, and the engine computer adjusts the idle fueling to compensate. The instrument computer reflects the gear change. The central convenience module turns on the daytime running lights. The entertainment system might prevent you from using the touchscreen interface. The safety computer may become more persistent about reminding you that you didn't put on your seat belt, and will notify the instrument cluster of this, to annoy you more.
After you put your seatbelt on, you let off the brake and pull out of your parking space. Obviously, the engine computer and transmission computer are working together here, the instrument cluster is constantly updating the status of those (and the entertainment computer, which is noting the changes in vehicle position.) After you hit 10 MPH, the engine or transmission computer sends a request to the central convenience module to lock the doors.
Now, you're going down the freeway, and right in front of you, a semi truck loses control, and flips onto its side. You jam on the brakes, which kills engine power immediately (engine computer, and the transmission computer is affected as well, and this all gets fed back to the instrument computer.) Collision avoidance computer activates ABS and (as you're attempting to swerve out of the way) stability control, and notifies the central convenience computer that you're undergoing a panic stop, and to activate the hazards.
Unfortunately, you don't have enough time and room to stop, and you hit the semi. The safety computer notices this, and fires the seatbelt pretensioners and the appropriate airbags. Once that's done, there's some less immediate concerns. It would be a bad idea to leave the engine running, so the safety computer requests an engine shutdown. The transmission computer may be requested to shift to neutral, to make moving the wreck easier. The entertainment system will be told to stop playing music, and if it's got a system like OnStar (which used to be yet another TWO separate computers off of the entertainment system,) an emergency call initiated. Instrumentation is of course updating the status of all of this. HVAC may be set to off. The collision avoidance computer will still be trying to keep t
Here comes DO-178B for cars.
The vehicle drivetrain network is very often, if not always, separate from the "entertainment" network; Audi, for example, runs two separate CAN busses for them. The original story hypes things a bit; there may be 70-100 microCONTROLLERS, but half or more of them are "body" (ie windows, sunroof, etc) or "entertainment"(audio, navigation) related and thus don't really need to be reviewed.
The vast majority of them do very, very simple things, mostly sending CAN bus messages or responding to CAN bus commands. Ie, you move the wiper stalk. The microcontroller for the steering wheel controls says "the stalk moved" either to the wiper motor interface or a 'body control' computer, which then sends a command to the wipers.
The code review for most of the modules, as a result, is extremely simple- they're just (mostly digital) I/O boxes. Some of them are things like fuel pump modules, which at most have some diagnostic capabilities (like current draw from the pump, pressure sensor, etc.)
The code review will not be very problematic for engine computers, because (gasp!) they're not made by car manufacturers. Bosch, Magnetti Marelli, Hitachi, and a couple of other companies are the primary producers. And guess what? The code is largely the same car-to-car. Parameters are changed- code doesn't, so much. And car companies share "platforms", which further simplifies things.
It's not nearly as scary as it sounds.
Please help metamoderate.
Your counter-argument appears to be based on a false assumption. I didn't say, nor mean, that any old software engineer should be directly interfacing with any car companies. I'm suggesting that you need software people who can understand what is going on under the hood.
If they are investigating an issue and they have the knowledge and access to the software, they can try to find obvious flaws or at least sets of code that relate to the problem at hand. If they have _suspicions_ the code may be at fault they can let the car company sort it out on their own and allow open communication between the NHSTA engineers and the car companies engineers.
Now, if the report comes back from the car company that totally mismatches what the NHTSA software engineers know to be true, then you know something is amiss and needs to be investigate further and/or again.
But apparently you're the expert since you've coded before. Just to point out, so have I. And anecdotally, having someone else see my code and point out a flaw is very refreshing. Another set of eyes has helped on _countless_ occasions. Of course, YMMV and apparently it does, completely.
Clinton signed the law repealing glass steagall. Whether a veto by him would have been overturned is moot, he still signed the thing. They should have called it the "let wall street and the casino bank hustlers go crackhead apeshit with your money" act. That's one of the biggees, not the only, but one, of the reasons we are in an economic mess now.
I'm a small government guy by nature, but some regulations are always in order. Pure anarchy market forces lead to monopolies and cartels, and that's about it. Because predatory crooks rise to the top levels of giving orders.. and that's business and ggovernment, both.
That's why there needs to be oversight, and why we need more pure government "kick em all out!" efforts occasionally, and why we need but don't have yet "corporate death penalities". The crooks eventually take over, it always happens, not much you can do to prevent it, so all you can do is slow them down a little. And even then, with oversight and slowing them down, they eventually get firmly entrenched at all the order giving levels, so you have no choice other than starting over again from scratch. Very broadly historically speaking of course.
Shift into neutral. I haven't seen this anywhere as part of the many Toyota-related discussions around the world, so figured I'd mention it.
Palaces, barricades, threats, meet promises
The article is complete bullshit and just more kdawson FUD. Please stop feeding the kdawson troll.
C'mon people, you're supposedly smart yet you're willing to believe regular consumer cars have millions of lines of code in them running on hundreds of processors.
Obviously you didn't read the article. If you did, you'd know it's closer to satire than reality.
I can't say I find this surprising. Anyone who has ever worked on software for a US government contractor, or US military contractor, knows the government/military has no one who can analyze the product they pay for. Nearly every software product I've seen delivered is of absurdly poor quality. It would be laughable if the implications of the software's use weren't so disturbing.
The Internet is full. Go away.
I have a seriously hard time believing that.
So.. 1 in the ECU, maybe a secondary to take care of flashing to make it unbrickable, that's two.
1 in the cruise control, ABS, radio, one or two for gauges and idiot lights... I guess the stuff with CAN on each device will have a micro, so the airbags get one (each?),
I'm having a hard time coming up with ten, and that's with liberally applying MCUs to each unit where one could do the job most likely...
Sent from my PDP-11
Your argument makes no sense.
Look at Prof. Fenynmann's diagnosis of the first shuttle disaster. One guy cut across hundreds of employees and thousands and thousands of pages of engineering documents. He found the needle in the haystack with a glass of ice water.
As a software person you must be aware that even a single person working alone can find a major exploitable flaw in a complex system.
They have been dealing with avionics and space software certification for decades.
Easy solution: The government can just sign new legislation requiring all automobile firmware to run on Microsoft WINCE or something equivalent, then there will be one standard. Should be plenty of out-of-work Windows developers out there.
Why the need to over complicate a relatively simple mechanical construct that is the car? The old adage still hold true: if it ain't broke, don't fix it. Modern fighter jets are purposely designed to be unstable for manoeuvrability or due to the effects of stealthy design and thus requires fly-by-wire capability. Cars don't need such complexity. Why would I need my steering wheel to be mechanically decoupled from the wheels or my brake pedals to the actual brake discs? This introduces more intermediate steps in the process and therefore increases the chances of failure somewhere along the line. The previous hydraulic systems worked just fine and gives fairly instantaneous feedback. What's more, you couldn't tinker with the car yourself any more and have to send them to expensive specialist mechanics. This is all just an unhealthy infatuation with technology and shoe horning them where they are not needed.
If you think that the government should not get involved in engineering.
That's the same policy they have in the US for public oil and gas, some "honor system", the pumpers tell the government what they owe..uh huh
I think that's nuts. I would rather that public oil and gas be sold at a rationed level at cost plus a little for administration and contracted refining to the US public. Or just left in the ground for future use, say there's some giant emergency and we can't get much from foreign sources. Nice to have a stash. Just bank it where it sits, in case we really need it later. Our "commons" have been sold off cheap for generations, this sucks. I mean, look what we do now, sell off cheap "on the honor system" public oil, then turn around and re-buy oil on the market and shoot it down some old salt mines for our "national oil reserve" stash. Say whut?? Ain't this kinda just retarded? How about just know there's a lot some place in some fields, have the wells already to go, then plug it up until such a time as there is an emergency. They we don't need to go buy any..because we already got it..in the ground!
The NHTSA does not need to evolve a new set of standards out there to address part of this problem. Just require that all automobiles meet the FCC Part 15, Class B standards for electromagnetic susceptibility. It is stupid that this is not done already.
There are plenty of critical pieces of equipment that cannot turn up their noses and fail because of electromagnetic interference. Medical equipment is tested to at least this standard every day. There are hundreds of testing laboratories throughout the world who manufacture products that have to meet these specifications. There are thousands of engineers who already do this type of testing.
Now lines of code and software is a different animal. In a hundred million lines of code there are certainly bugs and flaws.
Tisha Hayes
Too bad we can't give asshole points.
That memo turned ordinary one or two million dollar out of court settlements into 100 million dollar civil trail losses for Ford.
I can't believe Toyota would be stupid enough to go on record with the same thinking.
The thing about that memo is it defeats it's own conclusion.
Even if it was good business to just let people die and pay out of court you can't write it down or you will be punished.
John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
as soon as they require the code to be open to the public for inspection.
How many more people have to die before we get to look at the code?
It's all about the union-backed government lapdogs licking the union boss' boots. Eliminate the Competition
http://www.nasa.gov/centers/dryden/pdf/87891main_H-1080.pdf
"he development of the procedures and policies for the validation and certification of aircraft with an advanced electronic flight-control system will be one of the most important tasks that must be accomplished before the considerable advantages of these systems can be realized. It will be necessary to develop the validation methods as early as possible so that the designers of these advanced control systems will fully understand the reliability requirements and the means that will be available to demonstrate that reliability. The regulatory authorities will also need to be aware of what is being developed and anticipate the data and testing they will require to demonstrate compliance with the regulations. The authorities will be very reluctant to certify a new system for which there is no precedent without ample assurance that flight safety can be assured. On the other hand, airframe companies and the airline customers will be reluctant to commit to the user of an advanced system, in spite of large potential advantages, unless flight safety can be assured and there are no large risks and unreasonable costs in obtaining certification. In order to give both the users and the regulatory authorities the necessary confidence, it is necessary for the validation methods to be developed along with the development of the systems themselves."
It's a sad, sad thing that cars don't need to be certified by the NHTSA before manufacturers can sell them.
Man that sucks. Eight years in the pokey. And still in! If it comes out that toyota execs knew about this problem, and that looks to be the case more and more, that they got rehired ex regulators to help them "pass", said execs need as much prison time as this poor dude got..or more. If his car was one of the bogus ones I mean. Wonder if the car still exists to inspect?
As to hundreds of computers running cars today, with 50-100 million lines of code..maybe we should rethink that better. Just because you can, doesn't always mean you should.
Obviously, they are not using the right computer.
My wife works in the EE/CE departmant of a major University, and her students are consistently getting jobs. Not all fields are facing massive layoffs. A good EE or CE is almost guaranteed a job right now.
>>These are impressive amounts of software, yet if you bought a premium-class automobile recently, ”it probably contains close to 100 million lines of software code,” says Manfred Broy, a professor of informatics at Technical University, Munich, and a leading expert on software in cars. All that software executes on 70 to 100 microprocessor-based electronic control units (ECUs) networked throughout the body of your car.
More likely 100 million bytes, including data. Mostly data. And how much of that is critical vs entertainment/fluff?
It would be a pretty crappy car if it engaged the seat belt PREtensioners POST-impact. I'd also rather it didn't "kill engine power" every time I hit the brakes. The engine speed is controller by the throttle (in a gas car), and the power goes through a drive train of multiple components to get to the axles. None of these disengage because you hit the brakes, although "traction control" systems might retard timing if severe wheel slip is detected. And what $20,000 compact automatically turns on hazard blinkers, mutes the stereo, and opens windows?
Gamingmuseum.com: Give your 3D accelerator a rest.
When I worked for a major telecom equipment manufacturer in the 90s, we had a monolithic software build for our main switching product (class 4/5 switch), and the total lines of code were 20 million. I find it incomprehensible that a luxury car requires 5 times as much code. If it's true, they need to do a rethink as there's no way they should need that much code. And, frankly, there's no way they will test that code completely every time they update it.
linquendum tondere
One guy cut across hundreds of employees and thousands and thousands of pages of engineering documents
yeah, but that was Feynman. He could just stick his hand into the aether and pluck out answers.
Most of the financial regulators are former high level executives from Goldman Sachs...
Some are but most are demonstrably not. Many are financial industry insiders but that's by necessity. Do you really want an financial regulator who has no knowledge of the industry he/she is regulating? The only place to get people with the appropriate financial experience is from the finance industry.
I don't understand why we need so many useless regulators who are usually wolves being put in charge of the hen house when the courts could easily handle this.
While I admire your faith in the court system, in truth the courts are woefully ill-prepared to deal with the sorts of issues the SEC and other regulating bodies deal with. The court system is sloooooowww, expensive and can only effectively deal with misconduct after it has occurred. The courts are a poor monitoring system. The court system also is not heavily staffed with financial experts who understand the issues involved. Trust me, you REALLY don't want financially illiterate judges deciding financial regulations.
The reason the industry insiders often end up as regulators is precisely because they are the only ones who really understand what is going on. Finance is really, really complicated. Yes it's not perfect but that's why the regulators are accountable to other bodies including the President and Congress. If anything the problem with the regulators isn't (usually) that they do poor quality work but rather that they aren't given enough resources to really do a great job. The SEC for instance is badly understaffed given it's mandate. If you really want to keep a better watch on the finance industry, lobby congress to increase funding to the SEC and other watchdog agencies.
It's going to end up being prosecuted in a court of law anyway and not solved by some magic regulation hand-waving.
Spoken like someone who has no experience whatsoever in the financial industry. I won't argue that all regulations are good or well enforced but relying on the court system alone to solve the issues that regulators deal with daily would be insanity. If you really want to screw up the financial system, get rid of the regulators. Our current financial mess is due in significant part to a lack of regulation.
Surely they have some with all the safety-critical code (e.g. from pacemakers) that must pass through their review process.
It's time:
a) for a global safety-critical standard for drive-by-wire software.
b) for an open industry standard for interfacing for servicing, fault codes, etc, to end the scam of lock-in to specific manufacturers servicing tools and dealers.
c) to open source it.
Everybody does SLOC counting differently, so who knows what that number actually represents (maybe all the lines in image and movie files for the entertainment system? :P ). I wouldn't mind seeing a breakdown of lines of code per component-- betting there's a HUGE percentage in the entertainment and navigation systems with just a tiny fraction in actual control systems.
Most embedded control systems count code lines in the thousands, I'd expect the car to be similar until you run into fancy graphics and superfluous luxuries.
+1 Disagree
The more I read this, the more I want an old car which does not have so many points of failure. Those computers are interconnected using wires, wires oxidize and may sometimes fail. It looks like it would be a lot of fun trying to find the problem with a car, when some of the interconnecting links have partially failed (a few wires on a parallel bus, too much noise on a serial bus etc).
Also, those computers just make the car more complex without actually being of much use.
In your example, slamming on the brakes would stop any car, one that has the complex electronics and one that just brakes. Airbags have to be deployed by some collision sensor so some complexity will still be there. It's not much point in turning off the radio after you crashed (in what cases would that be useful?). HVAC should stop when the engine stops (if it is a serious crash then the engine will be stopped by the object that you crashed into; if it is not that serious then you will stop the engine or the engine will stall seeing that the car may be still in gear and stopped).
See? The huge number of processors in a car is just for the sake if complexity and higher repair costs.
When Toyota has 1,000 software engineers working on something, do you think 10 or 20 or 100 more NHTSA coders, who aren't very familiar with the code in question, and whose time is divided between all of the issues the NHTSA deals with, are going to be of any practical help? That is quite the assumption. More coders is NOT THE PROBLEM, plain and simple. Better coders, better QAs, better managers. But more coders? Okay, Microsoft, whatever you say.
The car function is built in.
For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
I would be more interested in the process of how
Toyota develops/maintains code. Do they rewrite code for every car?
When they reuse code, how do they retest assertions?
How do they do code verification?
What is their culture when coding problems interfere w/deadlines ?
Is there a whole crap load of unused code in there because
they are scared shitless to remove it ?
etc.
You mean our government doesn't employ a full time expert in every conceivable and/or cutting-edge technology involved in every product, process and service? This is outrageous! This is the way it should be. Contract with an outside independent consulting firm.
It would be a pretty crappy car if it engaged the seat belt PREtensioners POST-impact.
Pretensioners are fired after the initial contact, whilst the very front of the vehicle is still crumpling away. How the hell do you think the computer knows that it has hit something otherwise? Radar? Not on your $10K cheapo. Magic? No, a little ball + spring combo live underneath your front bumper and the last thing they tell the vehicle before they are crushed in an accident is "something big is heading your way".
I'd also rather it didn't "kill engine power" every time I hit the brakes.
We're not just talking about 'every time', we're talking about the two-feet-on-the-brake-pedal-jesus-christ-I-want-to-stop-NOW kind of braking that will activate ABS. Once ABS (and it's cousin, stability control) are running the show, engine power can (and will) be modulated as they see fit in attempt to keep the vehicle going where you want it to go. If you think you can simultaneously control brake force and engine power separately to each wheel whilst in an emergency to do the same, than you go right ahead. I'll take the bus.
although "traction control" systems might retard timing if severe wheel slip is detected.
Traction control is a lot smarter than you seem to think now, and retarding timing went out of fashion about 15 years ago. Now if the traction control system wants less power it simply requests the engine computer to reduce power output by X percent and the engine computer will choose between:
- Simply closing the throttle body, if it has control of it.
- Killing fuel injection on a few cylinders to drop power.
- Dropping boost if it's a turbo'd vehicle.
- Cutting (or yes, retarding) ignition. Bit of a last resort due to unburnt fuel getting out the other side of the engine.
And what $20,000 compact automatically turns on hazard blinkers, mutes the stereo, and opens windows?
My Peugoet 307 turned on the hazards and muted the music if you hit the brakes hard enough to activate its electronic brake force assist system. I did it a couple of times in the two years I had the car, but never got into a collision to find out about the windows.
You are in a twisty maze of processor lines, all alike.
There is a lot of hype here.
Since you seem to want to keep using data you're making up. All I can say at this point is "citation needed". Just to stay on topic and add to our "discussion", I'd submit that Toyota has x amount of programmers and so far they have failed to fix the issue. One, ten, a million more coders might actually help solve the issue. Seems Toyota's engineers have patently failed in this instance.
The government doesn't have to do anything complicated. It just has to have the ability to strike fear into the hearts of the business community it's supposed to regulate.
This requires a few things: an independent media, which we don't have; a civically informed populace that takes it's democratic duties seriously, which we don't have; and a culture that values human dignity over profits, which we don't have.
In cultures that do have all of these things, government regulation works very well and fosters progress, since you don't have to constantly worry about getting screwed over, you don't have to wonder if you'll have access to medical care, or a good public school, or a good safety net to get you back on your feet if your fall ill, get in an accident, or whatever.
Clear and concise regulation with real penalties for breaking those regulations fosters competitive markets. Diminishing the government to the point where it can be bought and sold by businesses usually leads to fascism. The markets destroy themselves with greed, destabilize the economy (and eventually the whole society), and further concentrate wealth and power until you have a virtual oligarchy sprinkled with political theater.
souce http://www.thenetworkadministrator.com/ComputerVsCarindustry.htm
Computer vs car industry
Bill Gates reportedly compared the computer industry with the auto industry and stated "If GM had kept up with the technology like the computer industry has, If we would all be driving $25 cars that got 1,000 miles to the gallon."
In response to Bill's comments, General Motors issued a press release stating "If GM had developed technology like Microsoft, we would all be driving cars with the following characteristics:
l. For no reason whatsoever, your car would crash twice a day.
2. Every time they repainted the lines in the road, you would have to buy a new car.
3. Occasionally your car would die on the freeway for no reason. You would have to pull over to the side of the road, close all of the windows, shut off the car, restart it, and reopen the windows before you could continue. For some reason you would simply accept this.
4. Macintosh would make a car that was powered by the sun, was reliable, five times as fast and twice as easy to drive - but would run on only five percent of the roads.
5. The oil, water temperature, and alternator warning lights would all be replaced by a single "General Protection Fault" warning light.
6. The airbag system would ask "are you sure" before deploying.
7. Occasionally, for no reason whatsoever, your car would lock you out and refuse to let you in until you simultaneously lifted the door handle, turned the key and grabbed hold of the radio antenna.
8. Every time GM introduced a new car, car buyers would have to learn to drive all over again because none of the controls would operate in the same manner as the old car.
9. You'd have to press the "Start" button to turn the engine off.
This drive-by-wire stuff is very serious. I seriously doubt that any car manufacturer validates their computer software and hardware as rigorously as the Dept of Defense; in fact they probably don't do compiler or chip logic validation at all. I bet the aviation industry could give them guidance in this arena.
BMW has had drive by wire throttles in production since 1988 750iL V12. Slowly migrated down to cheaper models over the years. Not much in the way of serious problems. Stepper motors running the throttle can fail, but this is more of an annoying expense than a safety disaster. My MINI Cooper has drive by wire and works fine. Makes it easy to implement cruise control and traction control. Throttle control is by dual redundant pots that "vote" on throttle opening. If something acts screwy, it goes into limp-home mode. The only throttle control problems I've had were with cars with mechanical linkage that got bound up from rust/old age.
Sorry, but gray text on gray background is making my eyes bleed.
This list only covers models made in Japan, the NHTSA has huge lists of US manufacturer recalls and the AA europe has lists of European manufacturers. As someone who works with car recalls and these lists as a matter of course I must warn that these lists are usually updated with new recalls about 5 years after they happen so for the average number of recalls that happen per year you need to look at 2005 or before.
My point is that though the recent Toyota debacle might have illustrated the shortcomings of the NHTSA's recall evaluation capabilities this is a problem that has been around for years and the massive media attention this particular recall is getting seems at best somewhat hypocritical, and at worst a deliberate smear campaign against Toyota and by extension Japan's entire automotive industry.
For additional hilarity see if you can find the rolls royce who's doors would explode when you hit the window switch, or the large number of models who had problems with seat warmers malfunctioning and catching fire.
The lion share of budget in most organizations goes to make payroll. The NHTSA's budget comes to $1.26 Million per employee. That ratio seems a little high, even for a government agency.
That's not the phrase you want to hear when talking about real-time safety critical software.
Tom Clancy posts on /. Who knew?
The way it is supposed to work is that technically responsible people write requirements that when followed correctly lead to acceptable results. This is what ISO-9001 is all about. It does not mandate "you must do procedure X"; it mandates that you must have a system that defines what processes you employ, and how you verify that they have been followed. In theory, your process could be throwing darts at paper target, and by retaining the target as an "artifact" you can show you followed your process. In the real world there are "best practices", and a lot of meetings and reviews and "artifacts".
The organizational issue is having a group of people who understand the processes and independently evaluate the results. If the the results are not acceptable they say so, and the problems are fixed. This requires:
1. Technical domain competence
2. Independence
3. Authority
Obviously, the evaluators are at odds with the people doing the project, because there job is to stop things from being completed. They are the spoilers.
When the evaluators are part of the organization, it is easier for them to be underfunded and ignored. It is also hard to get the best people to do this work, because it tends to be low status and also tends to pay less.
The best solution is to have an independently funded group with a separate chain of command that reports outside the regular channels: like the NTSB being outside the FAA. Their major weakness is lack of authority, because the FAA can, and does, ignore them. Typically it takes a spectacular high fatality preventable accident for change to occur.
An example in a different area is public prosecutors in our legal system. They are (supposedly) independent and follow the law, not the dictates of any particular group. (In practice, not so much. At the local level then are aligned with law enforcement, which is why cops are almost never caught or conviced of crimes.)
Now some real world failures from today's news. Literally today.
Toyota They used pressure tactics and out maneuvered the regulators. This whole discussion is about the failure to have technical expertise on the part of the regulator.
Nuclear Regulatory Commision In Vermont it was just revealed that tritium leaks were unreported starting in 2005, although leaks were also reported later. The plant operator lied. The NRC has a relative small number of inspectors, and they count on operators to follow all the rules and self report. I guess they also believe in the Tooth Fairy.
FDA The diabetes drug Avandia is responsible for hundred of heart attacks per month. This has been systematically under reported in the medical press and critics have been pressured and given the run around. The FDA knows about it, and had a review/whitewash session last year. During the Bush years the revolving door and payments from drug companies to "independent" research groups became a lucrative way of life. So hundreds of people die every month http://www.examiner.com/x-32805-Norfolk-Healthy-Living-Examiner~y2010m2d23-Major-Medical-Alert-Diabetes-drug-Avandia-responsible-for-monthly-heart-attacks-and-heart-failures. Who cares when Big Pharma is raking in the cash.
SEC/Bank of America/Merrill Lynch The judge just approved a $150 million fine for B of A for lying to stockholders about their merger with Merrill Lynch. The judge called the settlement "paltry" and "half baked justice", but had to approve it under existing law. http://www.consumeraffairs.com/news04/2010
Why is Snark Required?
Unfortunately, there's no brake function to go along with it.
"If a nation expects to be ignorant and free in a state of civilization, it expects what never was and never will be."
When I worked at a contractor, the government had a 3rd party company re-inspect every product that was delivered.
A giant engine off switch seems like more of a liability than a benefit in an automobile. Accidentally hitting it would cause you to lose power steering, power braking, traction control, etc.
Having the brake pedal override the accelerator is both more intuitive and less dangerous.
And safety, not peformance.
Instead of testng code, evaluating the design process, pretending the NHTSA can even begin to become expert in software design, how about applying the old standards to the new systems?
For instance, braking safety. I was listening to and reading the testimony from Rhonda Smith, where she even describes shifting her Lexus into neutral. Neutral?
A simple test, and I'm not an engineer, but shouldn't a car come to a stop with 'maximum' brake effort, despite the acclerator position? This is solvable in software - if the brakes are going into lock, and ABS is engaged, engine power and/or transmission state have to be compelled to answer the driver's command to stop. Traction control is already being used in many cars; NHTSA should be able to make a test capable of verifying that even multiple malfunctions are overcome.
Crap, my wife's 1995 Saab 900SE has a mode where the ECU shuts down the fuel pump if the engine stops running, on the assumption that something is terribly wrong, and spewing gas to a stopped engine is pointless if not dangerous. How do I know this? Her car developed a habit of stalling at stops. The real cause was a defective vapor recovery canister, causing loss of vacuum and low RPMs, and the ECU saw that as a stopped engine and made sure it stopped.
Certainly there are other states that can be tested for performance and safety, not some quality of performance standard. Most cars have 'safe' or 'cripple' modes to protect the drivetrain if something seems wrong, like the transmission in a gear that should not permit the indicated speed. My '95 Explorer does that, and it's only an OBD-I system. Acclerator position, wheel speed, and transmission mode should all correlate, and if something is wrong the system needs to cripple - slow down, set a max speed, etc.
Aircraft flight control systems are held out as an example of safety and reliability. Most of these, if not all, have to at least ensure the aircraft doesn't exceed the flight envelope and exceed safety limits. This is the sort standard and evaluation the NHTSA needs to focus on.
Maybe NHTSA needs to borrow a few investigators from the FAA and the military? They should be looking to Boeing, McDonnell, Electric Boat, General Dynamics for expertise in verifying safety in vehicles. Maybe even some NASA people. At least NASA seems to have turned the Shuttle program around a little too late. They certainly have a cautionary tale to tell, and a jaundiced eye towards the assurances of the 'experts' and trusting management.
Which would go a long way to reinstating a somewhat adversarial relationship between the regulators and the industry. There should be some tension there. Hiring your industry's former employees is not the way to go.
We can do so much better. We just need to solve the real problems.
deleting the extra space after periods so i can stay relevant, yeah.
I'm a bit dense sometimes, but was that a joke? Rubber meets road types know that process doesn't add quality. It decreases quality by providing the ever present excuse "but I followed process, so we must need to fix ours". Perhaps some amount of process could force quality, but I don't think a human could design such a thing. Accountability works wonders though.
refactor the law, its bloated, confusing and unmaintainable.
For a few years now, the throttle hasn't been mechanically connected to anything. It's just two potentiometers.
And, any VW today does all of that.
Here's some recent data about the resources available to the DoT, the parent agency of the NHTSA: When the recession started, the Transportation Department had only one person earning a salary of $170,000 or more. Eighteen months later, 1,690 employees had salaries above $170,000. Plus the juicy benefits and pension plan. I'll bet all those managers and supervisors raking in the big bucks would agree that their agencies are "resource starved" and that if they only had more money and more power, they could hire two or three software engineers (for the cost of one manager).
Q: What does the "B." in Benoit B. Mandelbrot stand for? A: Benoit B. Mandelbrot
I don't deny that simplicity is good - my car has two computers.
One is connected to the throttle body (for idle air control,) an air mass meter, four fuel injectors, and two coilpacks.
The other is connected to a piece of explosives aimed at my face, and a couple crash sensors.
If you can count the crappy CD/WMA/MP3 player head unit, there's a third, I guess. None of them are interconnected, other than being ultimately connected to the same +12VDC and the same ground.
(And, much of the stuff that I mention in that post isn't even possible in my car. There's no ABS, no traction control, no stability control, no tire pressure monitoring. Just a limited slip diff, and that works by using a non-Newtonian fluid, IIRC, not a computer. The "navigation" is a couple dead trees with some plastic melted onto them (Google Maps printouts,) and if it really gets rough, I break out my phone and fire up Google Maps on that. Locks and windows are manual, and lights are wired either directly or through relays, so no central convenience. Manual transmission, so no transmission computer. Seatbelts have a purely mechanical locker, which isn't as good as a pretensioner, but it means there's not any explosives within close proximity of my ass. ;))
You're wrong, just so wrong. My car doesn't have a navigation system!
Bear with me for a second here...
The three laws of robotics:
1. A robot may not injure a human being or, through inaction, allow a human being to come to harm.
2. A robot must obey any orders given to it by human beings, except where such orders would conflict with the First Law.
3. A robot must protect its own existence as long as such protection does not conflict with the First or Second Law.
I know that a car is not a robot. But the same rules should apply for ANY computer system that, in case of a serious bug, could result in any of those 3 laws being broken.
This computer literally controls a rather large piece of metal that can travel at speeds sufficient to kill someone. So why is there no subroutine that ensure that brake pedal input will ALWAYS override the gas pedal input? It seems that even on the absolute most basic of level, adding this extremely basic concept could seriously mitigate these issues. Not to mention all of the legal responsibilities, public outcry, and other consequences of not having software or hardware with these "basic" concepts built in.
Even when making a car and using this system on a test site somewhere. Wouldn't you want to have LOADS of extra code in there to make sure a bug in the software doesn't kill the driver at the test site? It seems to me Toyota's definition of "safety" is practically non-existent.
Honestly, when seeing something like this, I have to question what kind of work ethic Toyota has and how much they value me as a customer.
Barring the aftermarket radio, there's not a digital signal or microprocessor in my car (1984 300D). It required no special anything to register.
"Gold still represents the ultimate form of payment in the world." - Alan Greenspan, 1999
I use my call phone with an external bluetooth GPS (no internal one) receiver for navigation.
Still, the remote lock is probably convenient, as long as it is an extra feature instead of the only way to unlock the car. I know one car that does not have the regular locks on the door, instead you can only lock/unlock it with the remote control that is on the key. You still need the key to start the car. So, what can go wrong with this system?
1.Car battery dies (for any reason)
or
2.The battery in the key dies
or
3.The key gets wet and the water goes into the transmitter
or
4.The receiver fails
and you have no way of getting into the car. While you could replace the battery on the key assuming you were near a shop that sells them, you will have problems if the car battery dies. How much would it cost to have a regular lock at least as backup.
Oh, an on this car, you can only open the trunk by pressing a button on the drivers side door. People usually open the trunk if they want to take things out or put things in it. To do those actions, you need to be near the trunk, so you can put the key in the lock and open it that way. This way is even less convenient - open driver side door, press the button, go to the trunk, open it. Oh, and the button does not always work when it's cold.
Another (older) car has both options of unlocking the door, but also has unnecessary complexity. To open the trunk, you need to unlock it with the key (or unlock by remote control with the rest of the car), press the button and then it actually unlocks and a handle slides out. So, if the battery dies, you won't be able to open the trunk, at least you will have problems. Oh, and the battery is conveniently placed in the trunk.
ONE HUNDRED MILLION LINES? Excuse me, but that seems excessive. At the previous job I worked on a CAD software suite for windows for a company that rhymes with "desk" and that was only 12 million lines of code. Even if counting the real-time OS, which shouldn't need to have any UI or that much other stuff, I think you'd be far off from 100 million. Sure the operations are complex but 100 million and you are talking about a dev team that rivals the army that Microsoft has and that's for each model on the market. Sorry, I don't think that is realistic.
He knew shit about coding, too. There are Feynman's Lectures on Computation -- I bet very few slashdotters knew about that.
He was coding in some shape or form throughout his life, starting with Manhattan project. He was, in essence, the top coder
at the project, although he did have input from quite bright teenagers, too. I'd say they thought up and experimentally validated
many common optimizations done by compilers and CPUs these days. Even done stuff that's ahead of the state of the art today,
like correcting what amounts to single event upsets, in a retroactive fashion -- they did data flow analysis by hand, and did shuffle
the data in real time as the electromechanical systems were running. Obviously the error was detected once it has propagated into
many memory locations (dozens or hundreds -- a memory "location" back then was a punched card).
Surprised no one scoffed at the "100 million lines of code" bit. Thats ludicrous for a car application. Probably a 100MB *system image* more likely.
It's not a race condition, is it?
I can't believe I'm the first one on this thread to make that joke. I'm not even a programmer.
You should all be ashamed of yourselves.
Finally had enough. Come see us over at https://soylentnews.org/
'Software based safety system' is a contradicion in terms in my experience as a EE who has implemented software based safety systems for offshore platforms. You can prove that the system fails gracefully under normal conditions. What you can't predict are the variety of power glitches amongst multiple distributed nodes, hoping that there won't be a common mode failure that went unanalyzed. For instance when a bettery voltage gets low at the end of life, has that been adequately tested or simulated ? There are race conditions that scare the hell out of me and the Toyota glitch caused by a simple short circuit was a power glitch scenario obviously NOT anticipated nor tested.
I think the worst one is when there are no apparent differences between government and corporation, which we apparently have now with the the Fed/treasury/casino banks. It's one entity, and the same guys run things, just jump around into different divisions and job titles within that corporacracy. And in that sphere it is a monopoly, and it's illegal to compete, and it looks to me way more it was created from private corrupting the public, getting their monopoly that way.
I'll agree with you on over/mis-regulation..I did preface saying that I am by nature a small government guy. A few good quality tools can be better than a box full of crappy tools that don't do what they are designed to do and break easy.
Doubleplusungood Amerikan vehicles 'compete' again! Proles are so easily led.
This is just typical of a government-run "authority". Another way to look at it is the Peter Principle: People rise to their own level of incompetence. This bloated money-pit agency doesn't employ real engineers yet they have the authority to screw Toyota over. It's no different that some brain-dead congressman telling an automotive engineer that they should "repeal the laws of thermodynamics". And people are willing to trust this same government with their healthcare decisions? F*ck that and the horse they rode in on.
How are those poor software jocks about to be hired by Highway Safety going to do their coding analogies now?
"Ummm, the Toyota braking software is like a car that is braking with braking software that is like...."
https://app.box.com/WitthoftResume Code: https://github.com/cellocgw
http://gaming.nv.gov/tech_main.htm
Just goes to show the government *can* develop competence with technology if they consider the issue important enough.
Self-driving cars will be another aspect of car safety soon. As I wrote here:
http://groups.google.com/group/openmanufacturing/msg/a7bb1aa3d05ec7c6
referencing my essay here from ten years ago. The relevant excerpt:
"On Funding Digital Public Works"
http://www.pdfernhout.net/on-funding-digital-public-works.html
"""
Consider again the self-driving cars mentioned earlier which now cruise some
streets in small numbers. The software "intelligence" doing the driving was
primarily developed by public money given to universities, which generally
own the copyrights and patents as the contractors. Obviously there are
related scientific publications, but in practice these fail to do justice to
the complexity of such systems. The truest physical representation of the
knowledge learned by such work is the codebase plus email discussions of it
(plus what developers carry in their heads).
We are about to see the emergence of companies licensing that publicly
funded software and selling modified versions of such software as
proprietary products. There will eventually be hundreds or thousands of paid
automotive software engineers working on such software no matter how it is
funded, because there will be great value in having such self-driving
vehicles given the result of America's horrendous urban planning policies
leaving the car as generally the most efficient means of transport in the
suburb. The question is, will the results of the work be open for inspection
and contribution by the public? Essentially, will those engineers and their
employers be "owners" of the software, or will they instead be "stewards" of
a larger free and open community development process?
"""
A 21st century issue: the irony of technologies of abundance in the hands of those still thinking in terms of scarcity.
Remember that the entertainment system will have a horrendously bloated GUI, on a luxury car.
Oh, and on a luxury car, central convenience will also have control over seat massagers and such. HVAC and central convenience will have control together over seat heating and cooling. Entertainment will talk to the safety computer to control suspension settings.
It goes on and on.
This is yet another fine example of capitalism. Toyota did this to save money. That's right boys and girls, a corporation using the market to get even more money. If we had communism then this would not have happened. COMMUNISM FTW, CAPITALISM IS FOR FUCKWARDS AND SHOULD BE ELIMINATED LIKE ANY OTHER DISEASE!!!!
First thing they'd do was call bullshit on 100 million lines of code. I highly doubt any claim that a car has twice as much code in it as Windows Vista. Hell, I'd bet my life that there is no production car on the road with more than 5 million lines of assembly code (not resources like text and images that might be in a rom dump, actual executable code).
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
I'd just like to point out an article linked in another post which said:
So ... regardless of how you look at it, that luxary car doesn't have a reason to have more code than any of those machines, which all do everything that the luxary car does, and more, most of the time they do everything the car does in triplicate for safety reasons, and they have to communicate and arbitrate what to do when 1 of 3 systems disagrees with the other.
Anyone who thinks any car on the road has 100 million lines of code in it knows nothing about programming at all.
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
Occasionally, YES. There are many times when an outsider is far more effective than an insider, contrary to conventional wisdom.
Agreed but it's rare and usually pointless. When it comes to finance you WANT someone in charge who knows where the bodies are could be buried (so to speak) when it comes to finance. I'm a certified accountant and I've had to figure out instances of fraud myself. Someone who didn't know finance would never be able to do it.
It is usually FAR too easy for outsiders to be taken advantage of. Even insiders can have a hard time of it. Worse, the outsider has a high chance of screwing up things they don't really understand. If I say "Collateralized Debt Obligation" and you have to go to Wikipedia to know what they are used for, you are screwed my friend. There is no chance you'll not be run over by the finance pros.
Yes, hiring insiders can cause an agency problem sometimes. If solving the agency problem were easily done by hiring a different group it would have already been done.
If we were allowed to tar and feather the bastards who manage billions of dollars and fuck it up, then the world would be a slightly different place.
So your solution is to eliminate actual laws and just go to a lynch mob. Nice. Remind me never to work anywhere near you.
You want good regulation? For ever dollar you loss of someone elses money, they get to hit you once.
Congratulations, your argument just lost any thin shred of credibility you might have had. Thanks for playing. You don't happen to work for some "nice Italian gentlemen" by any chance do you?
The mob was safer and more trustworthy of a business partner than anyone on Wall Street, at least they didn't fuck you over THEN come take your house because they lost all your money.
I guess you DO work for those "nice Italian gentlemen"...
They don't fire, they 'engage'. They also disengage if not needed.
Accelerometers. They have nothing to do with actual impacts and will engage the pretensioners before an impact occurs, which is when they are most useful. You can trigger the pretensioners on your car in most cases by slamming the brakes at sufficient speed.
Yes, except now the common method is to simply use the ABS to control traction on individual wheels, I'm unaware of a car that actually retards power output, please show me a car that does otherwise, I'm interested in seeing more info about its performance. Retarding engine power is in general a bad idea due to the number of subsystems that it powers directly, retarding engine power in an emergency situation is just as likely to get you in an accident as it is to get you out of one. More accidents are caused by going to slow than too fast, you simply don't get into an accident if you aren't there when it happens.
If you think this is a good feature, you probably shouldn't be driving. I do not want my car making decisions for me. In an emergency situation, unexpected changes can cause more problems than they solve. They draw focus away from whats happening outside the car to inside the car, where it doesn't belong. Do you have any idea how many airline crashes have been caused simply because the aircraft did something on its own, for safety (which is fine by itself) and the pilots were unaware or didn't expect it and the result was lives lost? They run out of fuel because the computer says 'this si wrong, do this to fix it' and end up dumping their fuel in the ocean, or they end up passing out due to lack of oxygen because the alarm that started going off drug them away from their take off checklist, which would have had them fix the cabin pressure settings that the service guy forgot to put back. They run into another aircraft because a cabin alarm drowns out the radio chatter alerting them of a fouled runway and go around in bad weather.
The tiny value added by muting the radio and turning on your hazards is entirely outweighed by the fact that its likely going to cause you to change your focus at a critical moment when you need every bit of that focus.
Doing things with computers because you can, and not because you should tends to cause a lot more problems than it solves, slashdot is full of examples.
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager