Slashdot Mirror
Should I Take Toyota's Software Update?
kiehlster writes "I'm a software developer, and I know that most software has bugs, but how much trust can we put in the many lines of code found in our automobiles? I have a 2009 Camry that is involved in both of the recent Toyota recalls. As part of the floor-mat issue, they're offering to install a software update that would cause 'the brake pedal to take precedence over the gas pedal if both were pressed,' or, as their latest notice states, 'would cut power to the engine if both pedals were pressed.' In the computer world, we're all taught to install firmware updates only if there is a real problem because a large percentage of firmware updates actually brick the hardware or cause other unforeseen consequences. On a base of 100 million lines of code, can I really trust a software update to work safely when it is delivered in a three-month development cycle? My driving habits don't cause the floor mat to slide much, so I see the update as overkill. What do you think? If it doesn't void the warranty, should I tell them to skip the update?"
You already took the 100 million lines of code when you bought the car.
Now do you want the bug fixes, or would you rather find out what a "fatal exception" means in more physical terms?
Are you for real?
yes
First, this is about your safety.
Second, if the update bricks your car, that would be Toyota's fault, not yours and I'm pretty sure they would resolve the issue for you free of charge.
Or, you can keep driving a potentially unsafe vehicle on "firmware update" principles.
Unpatched PCs are bad enough. If I can't go outside because of morons with unpatched cars, I will be very unhappy.
If it bricks, the Dealer's going to be the one who has to replace it. As far as I look at it, it's zero risk, financially.
Safety wise, it fixes a known bug.
Take the update.
"If we let things terrify us, life will not be worth living."
- Seneca
The car in front is a Toyota because the accelerator pedal is stuck down
Summation 2
Take the upgrade. Shipping firmware always has bugs. Always. As a system administrator, the first thing I do out of the box is download and install the current firmware while it's still under warranty. And if they brick your computer they'll replace it.
Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
Yes, but make sure you drive the Toyota round a large sandbox for a few days first...maybe you live near a sandy beach or golf course with large bunkers. At a pinch, do your kids have a playpit in the garden? Cat litter tray?
AT&ROFLMAO
There's the chance that the update may turn off any jailbreaks you've already got working. Worst case scenario is that it detects a jailbreak and bricks your car, like you said.
I'd stick with the white hat hackers who are providing jailbreaking instructions and forgo any manufacturer updates.
The worst that can happen is that your car becomes susceptible to the sudden acceleration "problem" and you lose control and wipe out a family or farmer's market. But you're inside the car so you'll be fine.
Plus, you'd have to go down to the dealership and they're going to ask you if you've had any problems and a huge rigmarole just to end up with essentially the same performance you've had all along.
Too many risks and too few benefits. I'd say no.
So if I understand what this update will do, the next time someone is tailgating you and you tap the brake pedal while still maintaining speed your car will shut itself off? That sounds much safer...
There's a lot of cars that have the 'brake takes precedence' feature. The only real reason to not have such a feature is because of trail-braking or hell-toe shifting. Both are racing/performance driving techniques you won't be doing in your Camry. Plus, it is a pure software feature in that if it detects you braking, it will cut throttle. So there's no big issue there.
Also, cars have their computers updated all the time, and it has never been a big deal in the past. The Nissan GTR was the last example that made the news (to cut down on the RPM the launch control used). But really, cars are reflashed all the time. Its not a big deal.
Many other manufacturers have already added a similar piece of code. It really doesn't take to long to debug an interlock. Your primary failure mode will be: if the brake pressed switch fails (ie: the tail lights are stuck on), then the car won't run.
Every interlock has a strong tendency to fail into the safe state. Conversely, omitting interlocks tends to result in fail-dangerous failures, which is what Toyota is experiencing.
First off, no firmware should be between you, the engine and/or the break. That's just ridiculous. Second, the firmware update isn't for the floor mat problem. How would that even make sense? It's because the firmware is faulty to begin with and can cause the accelerator to STUCK FULLY PRESSED. Yes, you want this for your death machine.
IANAL, but if you refuse the software update and your car proceeds to have an accident caused by flaws in the old software, you'll have no legal recourse against Toyota for any deaths, injuries or property damages caused by the software malfunction.
(I.n B.efore T.he W.oz)
((surely, he will reply to story too?))
I thought they determined that this was about more than shifting floor mats; that there is a legitimate problem with the software. You could experience this problem WITHOUT floormats in your car.
I don't drive a Toyota and if I did I could not afford one new enough to have this problem anyway.
"Waitress I need two more boat-drinks..."
I'd recommend lubing the bottom of the floor mats so they do slide, that way you do have a requirement for the "firmware upgrade".
Sheesh. The 10million lines of code have been in your car since before you bought it. They didn't re-do all 10 million (or whatever the real number is) they change some that was faulty.
No worries man.
Get 'er done in the words of the "immortal" larry the cable guy.
Sent from your iPad.
Take the update. If you decline it, you are in an unfortunate legal position if you encounter this difficulty and are interested in some financial response from Toyota. IANAL.
Also, what real information do you have about their testing or development process?
Technically, end users are told not to install firmware upgrades unless told to by a representative, to correct existing problems or dangers. Ok, so most geeks don't hesitate to flash mainboard BIOS chips, and in the worst case, the mainboard boots up form a secondary BIOS to reflash the primary. The point is, mainboard updates are there to correct small issues; memory latency, support for newer CPUs, etc etc. Most of the time, a firmware "bug" will just cause minor annoyances. A firmware "bug" on a car is, potentially, a killer. I know, I'm going to extremes, but the aeronautics industry has a different view on firmware updates. If a bug is found, if a new firmware comes out (passing all the tests), they flash it, end of story. If I were in the same situation, I'd accept any firmware update that comes from a manufacturer that affects critical components. If it only affects the CD player or the wipers, I wouldn't bother, but if it affected the brake pedal, I'd personally go for it. Yes, there are risks, but I still have confidence in a computer flying me with humans "suggesting" actions to a computer every time I fly an Airbus.
The urgent is done, the impossible is on the way, for miracles expect a small delay.
From what I was told, that update is a fail safe. Basically if the throttle is wide open or near wide open and you press on the brakes, it will cause the engine to ignore the throttle position and return to idle.
Not to say that it might not have bugs but also consider that they might be silently patching other bugs they found. If part of this whole sudden acceleration thing was a software glitch, they could use this to keep that under wraps. You probably should just get the update, then at least if there is a future problem they can't point to your refusal to update the software as the cause.
Take the update.
My driving habits don't cause the floor mat to slide much, so I see the update as overkill.
Perhaps, but didn’t I read about some people who died in a Toyota, presumably from this exact bug, whose floor mat was found secure in their trunk, exactly where Toyota recommended them to put it when they thought the floor mats were causing the accelerator bug?
Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
Think of this a few different ways. First from a liability standpoint, you are considering actively refusing a fix for a known bug that has killed people. If you ever sell your car and it can be proved you actively refused this you could be on the hook both civilly and criminally. Second from a liability standpoint, Toyota is now assuming liability for this, if they brick your car, they are liable for fixing it. Third, this is a known bug that has killed people, are you bloody nuts? This is not a software bug that results in a software crash, this is a software bug that results in a real world crash!
The real answer is to find a vehicle that works MECHANICALLY, as it should. If SOFTWARE is involved in what your brake pedal does, updating it doesn't change the fact that you're trusting your life to something that at least partially works in software, which is much more prone to failure than hardware.
To hell with modern cars and their stupidity. This is why I won't buy any new cars and would rather pour my money into an older one for the little I use it. The ideal scenario is to get rid of my stupid money pit completely, but it's not realistic right now.
I hate cars.
In the computer world, we're all taught to install firmware updates only if there is a real problem because a large percentage of firmware updates actually brick the hardware or cause other unforeseen consequences.
/.
Nobody taught you that. You pulled it out of your ass so you'd sound officious and get a post on
The vast majority of firmware updates work, fix problems and don't brick devices. Much more of this shit that gets by as posts and I'll be begging for Jon Katz to come back.
"Eve of Destruction", it's not just for old hippies anymore...
So based on vague general principles without any specific knowledge of the engineering issues involved you are refusing to install a manufacturer recommended safety fix. In an accident situation this is arguably evidence of a reckless disregard for human life. Good luck with your insurance company.
Yes. Toyota's mechnical fix may not be the actual fix and the root issue may be a software based one.
The software update is a failsafe, think of it as an error catching routine. All programs can benefit from error catching routines, problem is that programmers don't have enough time to program for every error possibility. Toyota has taken the time to add one to their cars.
cc
If you don't take the patch and later have the problem you will likely have lost the ability to sue if necessary. Also, if you live in a state with the concept of "contributory negligence" in it's laws you could be found partially or fully at fault for any accidents that would have been prevented by the patch. Eventually insurance companies are going to realize that they could deny claims in accidents if the driver's car is not fully patched. So yes, take the patch
Take a look at the statistics for death causes for people under 60, and you will find almost everyone who doesn't die old dies in a car. Study why cities are large but there's lots of empty space with no people, and what causes urban sprawl, and you will find roads and parking lots fill all the space. Look at what wasted labor there is in society, and you will find that producing and maintaining one high-price high-waste transportation system per citizen is quite a bit of work when horses managed do to better than that quite some time ago, not to mention electricity and electric computer system transport. And PRT more recently. Then read about pollution, and oil wars. Then get back in your car anyway, without even writing a letter to someone.
Build your own energy sources from scratch. http://otherpower.com/
Even in the most modern car, I find this hard to believe, unless you include the entertainment/nav system in the count.
In my opinion, it doesn't count since this is typically decoupled heavily from the safety-critical components of the car.
It is usually easier to write bug-free microcontroller code (ECUs and such) than general purpose PC code. Also, the distributed nature of most automotive microcontroller code keeps code separated into nice little easily-testable modules.
There are always exceptions, but it's very rare for a firmware update in a vehicle to cause regressions. Nearly all of the time, "bugs" in vehicular firmware are really unanticipated results of intentional design choices. For example, the Partial EMCC (PEMCC) code in early-1990s Chrysler A604 transmission firmware that slowly trashed torque converters was intended to improve fuel economy by partially engaging the torque converter lockup clutch - it turned out this wore out the clutch FAR faster than any of the mechanical engineers anticipated. In 1993 or so, this feature was removed once its contribution to premature transmission wear was discovered. (So yeah, this was a case where a bug really WAS originally a feature!)
retrorocket.o not found, launch anyway?
closed source software model so much more fascinating when there is a body count, no?
Does anyone remember the AUDI issues of the late 80s (Audi 5000s). Look it up, same thing. A bunch of mommys claimed there cars were sufforing "sudden acceleration" and running over thier children. Audi explained what they were claiming was not possible and they had just been accidently hitting the accelerator. Well once the press and 60 minutes got ahold of this it became an enormous issue (just like today) so much so that instead of trying to fight the endless and rediculous lawsuits and bad press, Audi simply pulled out of the North American market for a few years until all the nonsense calmed down.
Toyota made the misstake of trying to humour thier customers in the first place (with new floor mats and lubricating pedal linkages, etc), instead of calling them idiots who were accidentaly hitting the accelerator, which is what they actually are!
If you don't, and you have a wreck that is related to the recall, guess who is on the hook? ( one hint, it wont be Toyota or your insurance company )
---- Booth was a patriot ----
And I would say the main reason for that answer is:
If you do not take the update and get in an accident because of it the insurance company and Toyota will blame you, but if you upgrade and get in an accident because of it you are blameless (you just did what the bid company told you to do).
And we already know that the current software is buggy (that is why they are releasing the update), so trade a known problem for a potential one.
Troll is not a replacement for I disagree.
if you don't take it?
If I get hit by an out of control Toyota, and later find that the owner refused a patch, you bet I'm going after them.
100 million lines of code? Where are they getting this number? The entire Microsoft ecosystem is about that many lines of code.
Maybe they mean assembly code? I'd imagine that the microcontrollers that a car uses are probably programmed with lots of bare metal assembly coding.
Ha, I'm not surprised; this is the result of a bogus, old-dated paradigm we submitted to for the sake of backward compatibility - the processing model based on state management. Everybody knows that when the system passes a certain level of complexity it becomes unstable and highly unpredictable because its state management becomes much more harder than the programmers can handle without errors - thanks Turing :-)! So, expect to see more and more BSDs while driving your new, smart, highly expensive and highly inefficient and useless toy.
Maybe this will be another good case for refresh and start thinking from the core how we deal in our society with the dependencies on a system which is proven unsustainable ... and becomes
deadly dangerous.
I have an '09 Prius. And I'll be getting that firmware update. It's a feature they should have included in the first place. It's not the best implementation of the brake override I'd like. What I'd really like to have an electrical circuit connection between the brake pedal and the throttle fly-by-wire assembly. When the circuit is tripped, the throttle position output of the assembly drops to 0 regardless of actual pedal position or sensor position. But that would require new hardware.
I'm getting the update because if the engine does start runaway acceleration, the brakes aren't enough to overcome the hybrid system's output. I know the right thing to do would be to put the car into neutral and get it safely off the road. But I don't react well to stressful situations.
I work on HP's high end servers that also contains millions lines of firmware.
I've heard of accounts where customers simply refuse to take new firmware because of their prior experience of "bricking" the boxes, and causing days of outage waiting for new blades to be shipped to them. But those usually turn out to be cases of real bad HW defects that the newer firmware has found. But they still insist on running years old firmware that contains tons of nasty bugs.
We all know that software has bugs, and we fix hundreds of them every month. This is not as mission critical as firmware in a car, but it's the same thing. Take the update dammit!
Well, Toyota is giving hearings on capital hill, they have taken a non-trivial finical hit, and I think their president is one piece of bad news away from sepaku. Yeah, you can probably trust that they did everything in their power not to screw it up. I probably would take a potentially unknown problem on a firmware updates that is being watched by dozens of agencies and internal company auditors over a firmware that is known bad with a questionable dedication to quality. Even if their is a problem, it is a safe bet that it will be detected very early due to the number of eyes on it.
Having been inside of a company that has had to do a recall, I can say that nothing sharpens a company's overzealous safety instincts and risk avoidance mania than a major recall. Recalls, especially the type that Toyota is experiencing, are a complete disaster for the company. They are extremely expensive both in terms of cost and reputation. I am pretty sure that the internal state of Toyota right now is a safety mania that trumps all else that would make a Puppeteer proud. In fact, you can probably rest assured that Toyota is currently wildly overshooting the 'proper' levels of safety. It will probably be a few quarters before they unwind to more reasonable levels.
You need to consider it from the perspective of a manager. If you, as a manager, are in charge of a critical safety component, what is in your best interest? Yeah, you could try and cut a corner and skim an extra 2% profit that your boss might or might not notice, but if it backfires and YOU result in a safety issue, especially in the current environment, you should get a friend with a sword and a basket for your head and save the company the trouble. Right now, kudos in Toyota are earned by being a safety nut and being the one to discover and 'fix' some absurdly low probability safety concern, not for squeezing the budget a little further. Speaking as someone who has been in a company in full recall mode, if there is ever a time to trust that a company really is putting safety first, now is the time.
> ''the brake pedal to take precedence over the gas pedal if both were pressed' or, as their latest notice states, 'would cut power to the engine if both pedals were pressed.'
Hint: this is a feature, not a bug. And even if you're reviewing very closely, it's not something that it takes three months to avoid messing up. if(X&&Y) Z=Y;
When the two pedals work at the same time, it can result in pretty horrible accidents. Unless your driving style uses both pedals at the same time in a way that increases your safety (in which case you're James Bond and you don't ask slashdot questions), just take the update.
-- IANAL, this isn't legal advice, and definitely isn't legal advice for you. Also, Squee!
Now I know you just quoted an article, where it is stated that modern cars have around 100 million lines of code, but did you stop to think if this was actually true? Seriously, think about it. 100 million. And you're a software engineer, for real?
I would take the fix. Because if you dont and something happens you cant sue them because they offered a fix. Also with all the stuff going on, they are spending extra time on QA
After Toyota's recent failure, now is the best time to get updates! They're being extra vigilant now.
What possessed you to post such a fucking stupid question? "Hey, I'm a code monkey who writes shitty VB6 for a living, and based on my vast experience with fucking up motherboard BIOS upgrades thanks to my own stupidity, I know that people tend to write bad code."
Goes to show that just because somebody's smart enough to know how to program (or to "edit") doesn't mean he knows a goddamn thing about anything else.
Hail Eris, full of mischief...
E pluribus sanguinem
Has anyone here, besides me, ever run into a situation where you actually *need* to press both pedals? Crappy gas? Or change in ambient temperature, and suddenly your idle setting is too low?
I think the anti-Toyota mania is getting a little out of hand. The problem caused 34 deaths in 10 years. Given the tens (hundreds?) of millions of Toyotas on the road, it's actually not a big deal. It's an unimaginable tragedy to the people and families that died, and it should be fixed. But as a public safety issue, more people died of lightening strikes and bee stings during that period. Heart disease kills over 1,000 Americans per day. Let's keep it in perspective.
Now we don't trust their firmware updates? I think their safety record is pretty good. You're driving their car at death-defying speeds, aren't you?
The concept of a firmware update for your car is pretty interesting, though.
If that's actually the question that you are asking, and not just the result of a more coherent argument being cut apart by overly zealous editing, then I think it would be a good idea for all of us if you stopped driving altogether.
You mean you don't own a second car and set of roads for pre prod testing?
From what I can tell, no one has found a replicable cause for the "acceleration problem." I'm guessing that a few of these accidents were caused by the biological part that connects the gas pedal, seat, and steering wheel. Still, telling someone that lost four members of their family that the cause was user error just isn't good PR. Floor mats, pedal assemblies, and the firmware update are fake solutions to solve a PR problem, not an engineering problem.
"I'm not a quack, I'm a mad scientist! There's a difference." - Dr. Cockroach
What are the chances you can be harmed sitting behind the wheel of a bricked car?
What are the chances you can be harmed sitting behind the wheel of a car with known safety issues with unpatched firmware?
Right.
To illustrate my point, take a made up piece of code that takes the position of 1 sensor, and uses that to control a servo. Lets say that for whatever reason a peice of the code looks like: ServoPosition =(sensor1 + offset) * ServoOffset
Offset is used to correct for initial installation differences for the sensor, so the sensor can detect where it normally sits at idle(when not pressed) so that it can calculate its real position and not its perceived one. NOW! Lets go one step further and say the offset is suppose to be a static variable the entire time the loop is running.. but what if, WHAT IF, the code doesn't lock the offset variable, and for whatever reason the chip is restarting its program over and over again, increasing the size of the offset variable. Eventually, this could cause the sensors to detect the pedal being floored, when its not. So how do you fix that? Remove the offset variable from the part that could be ran over and over again. Be sure to always set it to 0 when you restart the loop.
And then you wonder if its safe? Really they changed less then 1% of there code you fake developer.
So basically, -1 troll/offtopic is really slashdots way of saying "I hate that you thought of something before me."
I don't know what world you live in, but I have yet to see a firmware upgrade that "bricks" most of the hardware it is applied to.
Most software updates that brick something do not actually cause it to hit a brick wall. This one might. In Soviet Russia, car has engine kill switch. In Soviet Toyota, car switch kills you!
If you willfully do not accept a safety update and you were in an accident your insurance company could make a case it was your fault for not keeping the car in a roadworthy condition.
I'd get the update.
"In the computer world, we're all taught to install firmware updates only if there is a real problem [...]" This is the best way to have a lot of problems. Let see this scenario. A system is in production since 3 years, never got any firmware updates. Someday, a raid controller breaks. A service call is open to get a replacement part. Of course, the replacement part has been flashed with the latest firmware level from the manufacturer. Try to install the new controller, failed. Why? Because the firmware level of the motherboard is too old. Result? You have to upgrade your firmware level in a catastrophic situation where you can't perform a lot of test/validation. Here are the policies I’ve put in place. Rule #1) Firmware must never get older than 1 year except if it's the latest stable available (this ensure we never have catastrophic updates to do in a critical situation because we are never "Too old") Rule #2) Firmware must never be installed in the first month of its release (this leave time to the manufacturer to publish fixes in case of a major problem in the firmware). Keep in mind that in case of hardware failure, you may have to be at a recent firmware level. You can decide if you do the update in a proactive manner or in the middle of a major outage.
A "software developer" is concerned that a software update could mess up their car (a consequence which, as mentioned by smart Slashdotters here, Toyota is liable for). Have they ever updated their operating system on their computer? Probably so. Why did they do that given the risks of bricking the computer? There lies the answer to the question.
Sounds like this update would prevent using heel and toeing. http://en.wikipedia.org/wiki/Heel-and-toe
But I don't suppose there are many owners taking manual transmission Toyotas to the track.
And to address the question: yes, take the update.
Some of the SW guys at my work are becoming convinced the whole problem was in software to begin with. Maybe this is a bug fix posing as something else.
If you do trust them, then install the update and use the vehicle.
But using a car with a known flaw without fixing it is just plain STUPID.
One easy way to do these things is to ask yourself "What would I tell the jury?" What if you are driving a friend home and you get into an accident. Some insurance company sues someone. What would tell the jury? How do you think they would react to your "I didn't trust the update" crap.
If you don't trust the company, get rid of their product. If you do trust them, obey their instructions on fixing their flawed product.
excitingthingstodo.blogspot.com
I like it, from this day forward, I will stick with the unknowns I currently don't know, rather than the unknowns I could potentially not know.
I mean, better the devil you don't know now, than the devil you might not know when and if something happens, that's the saying right?
My stomach hurts, I don't know how serious it is but I won't fix it though, because fixing it could lead to other problems.
Something of my code doesn't work as expected, hell, at least I know what might go wrong instead of all the possible wrongs I could meet from fixing it.
Hell, i can't believe I've been living my life so wrecklessly!
If you have had a main dealer service. You will probably have had an ECU upgrade at the same time.
Why worry about something that has happened before.
Drive-by-wire !!
Yours In Ashgabat,
K. Trout
would cut power to the engine if both pedals were pressed.
Don't take the update! You won't be able to do brake-stands in your Camry anymore!
I find it very unlikely any car has more than about 5k lines of code. Probably more like 1k We are not talking Rocket Science here the engine only track about 40 parameters. I had an extra ECM for my 2001 Chrysler Concord it only had a 2k rom in it. The BCM and TCM probably even less.
Most cars all run the same software anyway.
Linux modi 2.6.26-2-parisc
...bricked doesn't mean what you think it does. To claim a "large percentage of firmware updates actually brick the hardware" is pretty silly. To think you can brick a car is even sillier. At the very least, the back seat has uses, even if the car doesn't run.
A similar (though admittedly less severe) thing used to happened all the time on my old Sonata. The solution was to simply throw away the floor mat.
Slashdot is not a game, Slashdot is not a game. Crap, I just lost points.
Here's how you should determine whether or not you really need the software upgrade: test your car pre-update. Take your car someplace safe, get up to 75 miles an hour, then floor both the gas and the brake pedal at the same time. See what happens. Because of brake fade, this test should actually be run one more time.
I saw this done in a car magazine recently, and if I recall correctly, the Camry did not fare well at all.
I know what you're thinking--"I'm a fast thinker--I would just throw the car into neutral." Good luck thinking of that when you're doing 75 miles an hour and your car is accelerating toward the car in front of you without your consent.
a large percentage of firmware updates actually brick the hardware
Actually, the percentage of firmware updates to "brick" hardware is tiny. Also, as it has been previously noted on /., the term "brick" is being over use by peopled that don't understand the term. You "Mr Software Developer" fall into this category of uninformed people.
or cause other unforeseen consequences.
You think the original firmware is 100% clear of bugs?
My driving habits don't cause the floor mat to slide much
Until that faithful day you have a problem. Meh, your genes are better outside of the pool.
... and if you sign this document I'll be happy to take your case in the unfortunate event of your demise due to a poorly implemented software upgrade!
At first, I thought that a lot of the thing about the Toyotas was a lot of hype. I thought about all the things you can do if things go wrong. Shift into neutral, turn off the car, brakes, emergency brakes, and so forth.
Well, at the congressional hearing a gal was explaining the problem she had, and she had tried ALL of that. The car wouldn't downshift, couldn't be turned off, and when it eventually did slow down and stop and was shut off, dash lights and radio were still on. When the car was put into neutral for the tow truck to load it, the car tried to start itself.
To me, this says there is a major serious bug in the code. With this in mind, I would STRONGLY suggest getting that update. Woz has even chimed in saying he's been able to replicate it and he says there is no doubt in his mind that it's software.
> "can I really trust a software update to work safely when it is delivered in a three-month development cycle? My driving habits don't cause the floor mat to slide much, so I see the update as overkill. What do you think?"
Apparently your concept of software development is kind of skewed. The update was not done in 3 month development period. It was done in maintenance period. It took more than one year between the incident report and the fix. It was a slow response to an ESCALATION, a high severity and a high priority one at that.
If your floor mat does not slide much but slides just a little, the law of averages is bound to catch up. This is what I think.
Might be a little worrisome if the new code kills the engine and the power steering "power" at the same time? I'm sure they've thought of this, right?
My $0.02 and experience on this...
Several years ago, I refused an update to a 2003 Nissan. To sum it up, the engine could stall due to a poorly-made crank position sensor (CPS). Nissan determined it was cheaper to issue a firmware update than replace the all of the sensors. The update lets the PCM cope with bad CPS signals, so that it does not stall, but other side effects (tach stops working, etc) remain because the root cause (CPS) went unaddressed. I declined the update, as I had already taken the initiative to replace the bad CPS with the updated sensor myself. It resolved all issues.
Fast forward a couple years. Due to other mechanical design/manufacturing defects the engine failed (QR25DE - prone to pre-cat failure and power-valve screw ingestion, causing scoured cylinder walls then ring failure) @ 59K miles. The vehicle was well-cared for, unmodified, etc. When it came time to make a warranty claim, several dealers flat-out refused to help me, many citing the unaddressed firmware update.
That might not have been legal, moral, or business-smart (retain me as customer) but point is - if you care about your warranty, refusing an update is opening the door for future hassle, should something (even unrelated, like my issue) happen. Apparently being an informed/educated/opinionated owner isn't an advantage.
First, buy a second car. Install the update to make sure it works. Be sure to test all components to make sure there are no unintneded impacts. Include several parallel tests also. Maybe even some regular parking tests. Once all tests are completed, schedule the install during non-prime hours and have a backout plan.
I rarely read replies, it's my opinion and if you thought about your opinion a little more, I'm OK with that.
If firmware affects airworthiness. There's plenty of stuff that doesnt get installed.
Besides, error corrections in avionics can be deadly.
No.
What he is saying is that the next time some Toyota owner parks on the slope of a hill, with the car facing the upward direction, he is going to have fun.
Or better yet, the next time some Toyota owner stops at a traffic light on the slope of a hill, with the car facing the upward direction, he is going to have even more fun.
He has to release the brake for 1 to 2 seconds so that the car recognizes the brake pedal has been released before it allows the Gas pedal to apply any acceleration to the engine when you start moving.
During that 1 to 2 seconds before the car allows your engine and transmission to push the car upward against a little thing called gravity, it should only uncontrollably roll backwards a short distance before it impacts the car in the lane or immediate area directly behind him, or whatever is behind him (pedistrian, his garage door, garbage cans, fences or half a billion objects he had not desire or want to damage)
( oh wait was that a little old lady or mother with an infant in a stroller two cars back trying to walk between the cars to get to the driver side you just pushed a vehicle into, crushing them?)
Good luck Toyota Owners in San Francisco and Seattle, as well any city or suburb or road with a hill or sloping roadway.
Hey can we apply that well thought out solution to Dump Trucks and Garbage trucks as well?
I mean the solution comes from a car manufacturer, so it must have been test, as much as it has been thought out? (ha ha ha ha) 8-)
Good luck trying to sell your used Toyota, by the way I have some swamp land you can market for me.
the car even with the throttle wide open.
Motor Trend's own test of a Camry found that even with the accelerator wide open the brakes can overcome the engine, easily in fact. Better yet, it still stopped shorter than the Taurus with no accelerator problems!
http://forums.motortrend.com/70/8007011/the-general-forum/c-d-toyota-dealing-with-unintended-acceleration-te/index.html
so take the update, its not like your car hasn't already have a program, one declared defective.
* Winners compare their achievements to their goals, losers compare theirs to that of others.
No brake and gas at the sametime? That majorly sucks. Albeit, not usually needed but there are situations where you need to press both, besides when doing a burnout on a RWD ...
Drive By Wire in itself is a bit stupid idea ... Servos break more easily tha hydraulic cylinders or legs. Electric connections get loose easier than hydraulic sealings start to leak. Nevermind the lost feeling of brake, gas and clutch pedals.
I drove once a drive by wire car, and i seriously couldn't use it during the winter: I had to take my shoes of to feel the pedals enough to know how much i'm pressing brake or acceleration.
Nevermind the fact that using traditional systems you apply force mostly directly to the brakes, and there can't be any software bugs.
I just wish in 20 years time i can still find "oldschool" cars which does not have drive by wire and issues it may cause, and rather has hard lines.
Did you think about the fact that this "floor mat" issue might not exist if there was traditional pedals with the amount of force being needed to press than in older cars? Not only will you actually feel the throttle position, but it wouldn't so easily be pressed by accident.
Pulsed Media Seedboxes
Exactly how long have you been in the software industry? I've never had a problem with firware upgrades, and your statement: "because a large percentage of firmware updates actually brick the hardware or cause other unforeseen consequences." points out your inexperience. Define large percentage - I'd put it at well under 1% of all firmware upgrades, likely well under 0.0001%, is that a "large percentage"?
This software was developed and tested, deployed in a world where EVERYTHING Toyota does is under Federal Scrutiny and Class Action lawyers salivating at the prospect of suing Toyota for any inor glitch. This software update likely is among the most scrutinized code in recent history (excepting the staggering review military aircraft and space ship software undergoes). You trust their earlier software more than this new code?
Ken
The interlock, presuming it is the same as Audi has had for a decade, is that if you press the brake while the gas is on it cancels the gas. But, if you press the gas while the brake is on, the gas comes on normally.
So it doesn't prevent brake torquing, it doesn't prevent heel-toe, since both of those have you pressing the gas while the brake is down, not the brake while the gas is down.
I am not sure as to what you two think trail braking is. Trail braking is simply applying the brake after you have already started to turn into the corner instead of the standard way of braking, then turning. It doesn't have to do with having the gas and brake on at the same time at all. So it shouldn't be affected either.
Get the flash.
http://lkml.org/lkml/2005/8/20/95
I have disassembled all the code in my Camry - including the latest update. Not to worry, it looks real good to me. I hope to have a fully commented listing available for download in the near future.
do you update your pc software when your os or driver software demands or not? if yes then update your car cause a car crash is alot more hazerdous than a personal computer crashes
I hate toyotas and their drivers. They drive slow. The drivers do not use turn signals and talk on the cell phone. If the turning signal is used, it stays on for miles-on-end. When it rains here in Florida, they put the hazards on -- perfect now I don't know when you're coming into my lane! Get the fuck away you god damn toyota I tell them.
God Damn Mother Fucking Toyotas...and Over Priced Toyotas (Lexus -- all made in the same factory).
If you don't get the update and hit someone, you can always blame the software and get off scogt free. However, if you get the update and hit someone, you've only yourself to blame! Would you rather have them suing you, or big-pockets Toyota when you run over someone and kill them?
I've abandoned my search for truth; now I'm just looking for some useful delusions.
How much do you like not being dead?
Read my blog.
or the UAW will come and break your legs and disappear your family...
I know someone who has a Lexus that started revving the engine while he was getting onto an expressway. He said the brake pedal was stuck up and would not even allow him to press it down. If the computer is pushing the pedal up (for some sort of feedback or something) will it even detect that you are trying to brake for the fix to work? They have some serious issues and the floor mats are not a part of the problem.
-- ssoorrrryy,, dduupplleexx sswwiittcchh oonn.. -Quote found on actual fortune cookie.
I assume these problems are all/only in cars w/ automatic transmissions?
A routine which always cuts throttle when the brake is depressed is a very bad thing in a manual - this prevents heel-and-toe rev-matching, which is a perfectly normal and easy-to-learn practice - I do it dozens of times a day w/out thinking about it, and I'm very far from being any kind of hot-s##t driver.
IANAL but if you ever need to take part in a lawsuit against them, you may not want to be on record as not accepting the fix when they presented it to you. If you're truly that concerned about it, then you probably shouldn't be driving a Toyota or, as the most extreme, be driving a car with many electronic components.
Sometimes folks step on both pedals to start up steep inclines. You can use the emergency brake as an alternative though.
Also sometimes folks step on both pedals to dry out brakes after driving through puddles. Granted this was more of an issue with shoe brakes than disk brakes, but folks get in the habit and the results could be unfortunate if the behavior is changed......
LedgerSMB: Open source Accounting/ERP
Firstly, the 100 million "lines of code" is in "70 to 100 microprocessors". I would bet that is not lines of C source, but at least assembler instructions, and probably bytes of software. Someone has summed all the roms in all the microprocessors to get this value. Several of those microprocessors are likely to be identical (e.g. the ABS on each wheel). And, given that problems rise geometrically, the software on any one processor is likely to be a lot less frightening than the total.
Also, you need to distinguish between development releases and debug releases. Development releases are much more risky, because people are trying to add new features. If something is a pure debug release, then it is pretty likely to be safe to upgraded it.
"Bricking" something is actually a function mostly of consumer devices. The device is not actually destroyed, it is just that the cost of repairing it is greater than the cost of a new device - a small number of hundreds of dollars. And usually, behind the bricking there is usually some form of Rights Management, whether it is the RIAA keeping you off music or Apple keeping you from jailbreaking phones. This means that programming can only be done bu software in the device, and if you overwrite that software, you are lost, An in-car component is unlikely to have these features; it is much more likely that a car is reprogrammed by going straight to the programmable device by a hardware port
such as JTAG or I2C
I would not judge car software by consumer software. While not as safety-conscious as the aerospace people, they are in a different league from consumer devices. Hence the fact that car electronics lag consumer electronics by about five years at new model introduction, and far more as the model ages.
Consciousness is an illusion caused by an excess of self consciousness.
In the computer world, we're all taught to install firmware updates only if there is a real problem because a large percentage of firmware updates actually brick the hardware or cause other unforeseen consequences.
I take issue with your basic premise that firmware updates are bad.
Blades, blade chassis, SAN, tape library, etc. When there is a problem one of the top 10 questions will be "Is your firmware up to date?"
I regularly update firmware as hardware moves through it's lifecycle. The one exception I have is on some Raritan IP KVMs, where the
manufacturer advised me not to update the firmware unless I'm having an issue. But again that is the exception, not the rule.
An update to "cause 'the brake pedal to take precedence over the gas pedal if both were pressed'"?
How then would I be able to:
- Practice fst brake pedal pressing
- Exercise my feet muscles
- Stretch my legs
- Scrape mud off my shoe
- Get confused in one leg and not the other
- Pretend to be a tap dancer
while driving down the highway at 80mph?
I would imagine that you would want to cut (most of the) power from the engine in the event that both the brake and gas pedals are pressed. Cutting power to the engine doesn't make sense to me as the engine should stay running to help with power-assisted steering and braking. Probably I'm making too much of this.
would cut power to the engine if both pedals were pressed
So anyone who starts from a stop on a steep incline by slowly depressing the brake while simultaneously pressing the gas to avoid rolling back into the vehicle behind them will now stall their vehicle?
The accidents that have occurred as a result of this are tragic. But adding quirky behavior as a stop-gap measure seems ridiculous and sets a bad precedent. Is there anything out there to make sure vehicle behavior is reasonably consistent across different vehicles (or even vehicle firmware versions)? Or are we going to have to be aware of all the different firmware ins and outs between different models and firmware versions.
I've been especially surprised at the fact that so many people seem to think that sudden acceleration is unstoppable. If you're driving a vehicle that suddenly accelerates and you cannot prevent the acceleration PUT THE VEHICLE IN NEUTRAL OR DOWNSHIFT (and yes you can downshift with automatics)! How people can get their driver's license while thinking the only way to slow/stop a vehicle is to press the brake is beyond me. I know panic can set in and can make reacting to unexpected dangerous situations difficult, but isn't that why you had a learner's permit first? My father took me to an empty lot and had me practice reacting to different situations that you can encounter which can be dangerous if you panic (ie: sliding, hydroplaning, slamming on brakes, etc.). Perhaps drivers education courses should focus more on these kinds of situations rather than merely how to obey traffic laws.
Faith is a willingness to accept something w/o complete proof and to act on it. Reason allows you to correct that faith.
On the bright side, if you don't allow them to install the software update and some horrible horrible accident happens occurs, you'll certainly be a candidate for the Darwin Awards.
"If it ain't broke, it doesn't have enough features yet"
You're pretty naive if you blindly accept that the floor mats are the real and/or only issue. Same, too, if you believe the only thing in the firmware update is the addition of the functionality you describe and not some quiet bug fixes, too.
That is the question. Although this failure occurs, relatively speaking rarely, I'm not so sure that Toyota has determined the root cause(s) of the failure. The number of combinations of inputs are huge, and the subset of those that can cause catastrophic failure is small. How can we be even reasonably sure that they have isolated those causes? In my opinion, as a software engineer with almost 30 years experience in embedded, real-time, large-scale, and high-reliability systems design and implementation I have to believe that this is not a coding error per se, but a design flaw in the system itself. Properly designed, safety critical systems will "fail safe". This is not happening. So, who knows if the changes made will make the system, over all, more or less safe? Without a complete model and access to ALL source code and the tool chain used to implement these systems, one cannot say.
Bottom line? There is no way to say that updating the software/firmware will make the system more, or less, reliable. Personally, I think it's a crap shoot. So, do the update. The results probably won't be more dire than the current situation, and may reduce the solution set for catastrophic failure scenarios.
Sometimes, real fast is almost as good as real-time.
u can get reimbursement. refer this video: http://www.youtube.com/user/toyotausa?blend=2&ob=4#p/c/A7E3573E524159D4/0/63Jux4hngWc
The fact that this question is even being asked indicates that not much thought has really been put into it. The patch fixes a problem you haven't run into yet, and may never run in to. Maybe patching it will be inconvenient or ultimately unnecessary. But when the consequences of running into the problem that the patch fixes include injuring or killing yourself and others, where's the debate? If the consequences of running into the bug only ran a risk of you killing yourself, with no possible harm to others, then and only in that case would I recommend against installing the patch.
http://ask.slashdot.org/comments.pl?sid=1564476&cid=31286192 just that we are too few and the others are too many :-); also, the *many* ones give no shit on your long term vision or risk assessment 'cause they can't grasp it - literally;
this is the perfect blend for continuing the status quo of the energy*car&war industry. The blend can brake only when the variable 'the *many* ones' will gets changed to be defined
by individuals having a different thinking pattern. are you betting on seeing this change? me not,
How do I do a burnout if I can't use the brake and gas at the same time?
Stupid nanny cars.
Take a look at the statistics for death causes for people under 60, and you will find almost everyone who doesn't die old dies in a car.
Nonsense. Yes, motor vehicle accidents are the leading cause of death in the US for those between the ages of 15 and 34 (peaking at around 1 out of 3 deaths for the 15-24 age group) but it is nowhere close to "almost everyone" no matter what age group you choose. But don't let actual data get in the way of a good sound bite.
Look at what wasted labor there is in society, and you will find that producing and maintaining one high-price high-waste transportation system per citizen is quite a bit of work when horses managed do to better than that quite some time ago...
If horses were actually more efficient economically, we would still be using horses. If you think horses are cheap as a means of transportation, you clearly have never tried to use them. Yes there is a cost to modern infrastructure but there is a bigger (economic) cost to lacking it. The biggest obstacle to the growth of many nations (India is a good example) is a poor quality road infrastructure.
not to mention electricity and electric computer system transport. And PRT more recently.
You think a PRT is seriously a solution which makes sense for more than a few high density urban areas? Nice for airports but it isn't going to be much use on a farm.
Then read about pollution, and oil wars.
Yep, there is a downside to fossil fuels. Fossil fuels have serious problems in need of serious solutions. However there is a huge upside too which I note you are conveniently forgetting. I'd also like you to point out the magical technology you think will eliminate pollution. Solar and wind come closest but even they pollute. (you didn't think the steel in that turbine came without an environmental cost did you?)
I can't believe you're worried about bricking your car's ECU. It's not like you're getting a firmware file and flashing it yourself... it's done AT THE DEALER - if the ECU/ECM bricks, they HAVE to replace it free of charge.
My spider sense tell me that you don't fix a sliding floor mat with a software upgrade; you fix it with a grommet.
Yes.
sense of security, like pockets jingling...
3 2 1 woz appears!
If you really are afraid of computers running cars then it's time to sell the car and buy an older car that has no computer in it. At least then you won't have to worry about your car, just everyone else.
~~ Behold the flying cow with a rail gun! ~~
My pads for my disc brakes are quite stiff and have immense stopping power under high load. High temperature pads are great that way. The downside: nothing sucks the feeling out of your heart like dropping the pedal to the floor and having a delay while the water evaporates off the brakes enough that they can heat up and begin really stopping the car.
Summer tire to winter tire transitions are also rather annoying...
SIG: HUP
Um, what about revving the engine when you are stopped on a hill?
Consider that you are stopped on a steep hill (stopsign, stoplight, etc) and someone pulled right behind you. Typically in this situation you engage both the brake and gas pedal.
Even in the most modern car, I find this hard to believe, unless you include the entertainment/nav system in the count.
I'd suggest that it probably isn't terribly shocking. The amount of electronics in a modern car is pretty impressive. There are dozens (sometimes hundreds) of sensors, drive by wire, diagnostics systems, engine control, ABS, traction control, and much more. Frankly diagnostics these days almost requires a OBD-II scanner. All of this without even getting into the climate controls, entertainment systems and other stuff for fun and comfort.
Bear in mind that this explosion in electronics is a relatively recent thing. Cars even 15 years ago had FAR less electronics than today's cars.
I really don't mind these new fangled cars, but, geez, STAY OFF MY LAWN, patio, living room etc
rewriting history since 2109
If you've been following the story at all, you should already know that the floor mat isn't even a part of the problem, though I'm not so sure that little aluminum wedge is even a part of the fix for the real problem.
Not accepting the update could not only get you in trouble with your insurance company in the event of an accident, but could conceivably get you put in jail if you kill someone in the process and your 'negligence in performing required repairs' became known.
Don't just think about the potential problems of accepting this update, think also about the potential problems of ignoring it. Most times an update is meant to fix existing problems; rarely does it go so far as to introduce new ones. Based on other reports, there's almost 10 man-years of effort put into this 3-calendar-month update.
In the computer security world, we craft effigies of people like you and burn them for not installing the patch that causes the security failure. Lets see if I can follow the logic:
.: I should:
1)The patch that prevents me from dying might break my car.
2)My car is under warranty.
3)My dealer will install the patch, and therefore accept liability for breaking my car.
a) Not accept the patch, and risk DYING.
b) Let the dealer install the patch, understanding that he must fix the car that he breaks while doing the warranty repair work, and accept the consequences, up to and including the dealer providing a new car for breaking my car.
Can anyone help me to understand the argument against installing the update?
Confidentiality, Integrity, Availability: without Availability the other two are assured, as is Bankruptcy.
Any car that doesn't pass the following test should be taken off the road immediately.
Drive any speed you feel safe at.
Press both the gas pedal and the brake pedal as hard as you can at the same time.
If the brakes are not strong enough or don't have the thermal stamina to eventually bring the car to a stop then your car fails the test.
All cars (including incredibly powerful ones) made in the era of disc brakes should pass this test easily.
The number of deaths due to this problem is about the same as the Ford Pinto "bursting into flames" issue from the late 1970's. Toyota is hitting a perfect storm of screwed over this. If this had been 4 years ago coming out(and it could have if Toyota weren't so damn arrogant), then there wouldn't have been the political pressure from the UAW to screw Toyota. Historically the UAW has spent their political capital pushing the regulators to go after the companies they work for; they would use that as another lever in their bargaining. Now that they own a couple car companies, they're using that muscle against their competition. Toyota used to get away with not recalling cars over issues, because the regulators weren't being pushed to go after them. GM/Ford/Chrysler had no such luck. Sucks for Toyota that the playing field level has shifted against them now instead of for them.
Rhonda Smith's story of six miles of interstate terror, as her Lexus suddenly zoomed to 100 miles per hour, will set the mood Tuesday for the first congressional hearing on Toyota's acceleration problems.
Yes and if you read more about it you'll find several interesting bits of info. One is that upon inspection there was no evidence that the brakes had been applied, including the MECHANICAL emergency brake. She also claimed under oath that she had complained about the problem to Toyota but the only record Toyota has is for an oil change. She also sold the car to a family member (not something you'd think she'd do if it really were unsafe) and according the the Wall Street Journal the car is still on the road.
Frankly I think there are a lot of people making up stories hoping to get money in a lawsuit, much the same way people made up stories about Audi a few decades ago. Yes, there appear to be some actual problems but there are a lot of liars out there too.
It's still 100M lines of code friend, regardless of who or what wrote it.
When you write code and estimate its LOC size, do you also include the LOCs of the trusted libraries you use to build your apps? If you do a printf("%u\n",1), do you count this as one LOC or do you also count the LOCs in printf? When you use a GNU compiler, do you also count the thousands LOCs generated by it in assembler?
Does it really not matter *who/what* wrote it? Pretty myopictardic and useless way of software estimation if you ask me.
The racing team used Matlab to figure out that the accelerator needs to be full on to WIN!
Firstly, it's not the floormats. Even Toyota has backed away from that as an explanation. The current theory is that it's the accelerator pedal sticking, but that doesn't jibe well with all of the incident reports either. Given that, I wouldn't count on your driving habits or removing the floormats to solve the problem.
You should also consider that if you have a problem later and the update hasn't been done, guess what they'll blame?!
In general, the modification sounds like a very good idea. If for whatever reason your car decides to go full throttle against your wishes, I'm sure you'd like one extra chance to convince it otherwise.
As others have pointed out, you have already accepted 100 million lines of their code without knowing anything about their software practices.
Nice try, but if the sensor is bad (shorted?), or if the high bit in the memory cell where ServoPosition is stuck high [and they aren't using ECC) you're still in trouble with your fix.
It's like not wanting to install a security patch to cover a security hole just because there was a security hole that shouldn't have been in the first place (there was an error before, there must be an error in the patch). No sane sysadmin would operate that way. So why would you, with your car and your life?
"...because a large percentage of firmware updates actually brick the hardware or cause other unforeseen consequences..."
I'd love to see the statistical data to back up this claim.
Categorizing this as a "bugfix" is inaccurate at best. Nobody has identified a piece of code that tells the engine to run full throttle and changed it here. This is an added routine, which simply says if A + B are true, do A - A being brake pedal pressed, B being gas pedal pressed. Personally, I think that is a simple enough condition to identify and the decision tree is small enough to get right in 3 months of development. I like the commenter's post on "fatal exception"
If a large number of firmware updates are bricking your devices, you are buying bad gear. I've never had a firmware update brick anything. Buy better gear.
Pretending firmware doesn't exist is not a solution. It's there because it needs to be updated sometimes.
You have to patch that car due to liability if nothing else. If you get into an accident, the other party's lawyer could make hay with the fact you're driving an unpatched Toyota.
Manual transmission drivers don't have three feet, they can't hold the break, clutch and gas at the same time.
The usual use is different, but apparently you have never heard of heel and toe shifting. It is certainly possible to press the accelerator, clutch and BRAKE (not "break") pedals simultaneously.
www.clarke.ca
They are fixing an issue that ciould kill you. Take the damn patch.
Yes software has bugs, but automotive software is designed, tested, and built like software should be, i.e. engineered.
Software engineering is substantially different then 'programming'.
The Kruger Dunning explains most post on
Pop it into neutral.
I mean WTF? Have people really forgotten that automatics have a fucking neutral gear and if your accelerator pedal is stuck, pop the damn thing into neutral and then apply the brakes?
Apparently they did forget. Idiot drivers that have time to get on a cell phone and CALL for help with their car steadily climbing to 100mph+ and then crash and die...Put the fucking phone down and put the car in neutral and brake! How the hell these toyota drivers made last calls to their families before they crashed and yet didn't think about putting it into neutral is beyond me.
OP, yes, get the damn update.
Manual transmission drivers don't have three feet, they can't hold the break, clutch and gas at the same time.
You've never done a heel-and-toe shift I guess. Not really disagreeing with your main point (regarding rollback) - just being pedantic and pointing out that it is quite possible for two feet to control three pedals at once. In fact before synchronized transmissions became common it was nothing unusual to need to engage in some fancy footwork. Some race cars still do.
I'm unsure myself - personally I want to know exactly what traits are being changed. There are times where using both pedals at the same time can be useful. Admittedly in a passenger car on the road it's a lot less frequent than going off road or rock crawling in a 4x4.
Specifically, I want to know what criteria need to be met for it to trigger. Does the change cause the engine shutdown (or return to idle? presumably return to idle) at any point when both the brake and gas are pushed at any speed, or only if the vehicle is traveling over 10-20 mph, or only if the accelerator pedal is pressed more then X%?
Odds are I'll end up getting it regardless, just for overall safety in general. Though i'll be pretty annoyed if it is a simple if gas and brake then stall.
. 62,400 repetitions make one truth -- Brave New World, Aldous Huxley
He has to release the brake for 1 to 2 seconds so that the car recognizes the brake pedal has been released before it allows the Gas pedal to apply any acceleration to the engine when you start moving.
Citation needed. According to the press release,
Nowhere does it say that you have to let the brakes up for 1-2 seconds before you can use the accelerator.
Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
How about not hiring 16 years olds to do the programming? How about not letting Walt the janitor be the tester?
Forget Toyota. Buy American.
Last week I took my 2009 Camry into the dealer. Here is what they did:
1) Chopped off about 4cm from the end of the gas pedal. It looks like they did it with a hack saw. The air near the brake pedal smelled like hard plastic that has just been cut.
2) Replaced the old floormat with looked like this:
+-----------+
| |
| |
| |
| |
| |
| |
+-----------+
To one that looks like this:
+---+
| |
+---+ +---+
| |
| |
| |
| |
+-----------+
That way there is a lower chance of the gas pedal touching the floormat. It also means, that the carpet underneath your gas and clutch pedals will get soiled.
3) Updated the firmware. After the update, I did a test where I got the car going 30Mph, and then pressed and held the accelerator. While the accelerator was depressed, I applied the brake with my left foot. After about 1.5 seconds, the engine RPM went down to idle speed. I repeated this test 2 more times. Same result each time.
The firmware update appears to work at least in 3/3 of my test cases.
I hope that if you refuse the software update, that Toyota makes note of that. That way if you get into an accident because of the problem the software is supposed to fix, YOU are held responsible because you refused to get the problem with your car fixed!
When end users do their own firmware updates, bricking happens because of many configuration variations out in the real world. I have never heard of any device you had to send in for a firmware update from the maker being returned to the customer bricked.
If you take your car in to get fixed, and the reapir place (any repair place) breaks a window, the repair place must fix the window for free. They can't return it to you with a broken window and expect you to pay for damage they caused.
I know that if you refuse the update, and you kill one of my friends of family...
Either I will make SURE you are procuted to the FULLEST EXTENT OF THE LAW as if it was a murder.
or
I will be the one going to prison because you will be 6 feet under.
fixed that for you.
KDE, Gnome, Linux, OpenOffice, etc. ARE written in assembly language, for the purposes of this bizarre argument.
The media is taking what's in essential a high-level language (MATLAB and/or other code builders) and counting the source lines it creates to get a huge number.
When we write in C or Java, it creates source lines at a level below that (assembly or VM opcodes). And YES, YES, all those programs are in at least only off the 100 million lines of code by one order of magnitude.
But let's just say one opcode is one byte. It's not, but let's say that for yucks that it is, then OpenOffice would need to be 100 megabytes to possibly have that many lines. OpenOffice writer is only 7MB, but we know it uses libraries and other packages, and so, adding all that crap in willy nilly, we probably get up to at least 100MB, and thus (in silly-think) 100 million lines of code.
But let's step back a second. Let's ask ourselves (and I KNOW that there are people who read this who know the answer) "how big is the PROM/ROM/CMOS RAM whatever on the Toyota car computer?" If it's 128MB then this silliness is (for what it's worth) correct-ish. If it's 64MB, it's INSANE. If it's a lot less, it's just mindlessly wrong.
Rewrite the entire code line yourself.
I think where this is ultimately headed is to require DO-178B like testing for Automobiles, just like we require it for Airplanes.
"In the computer world, we're all taught to install firmware updates only if there is a real problem because a large percentage of firmware updates actually brick the hardware or cause other unforeseen consequences."
This is common thought from the mid-90s. In todays environment, this is no longer true and in some cases vendors require firmware to be installed to maintain support contracts. Most firmware updates are released to improve performance and reliability issues. A major reason hardware is much faster is because work that used to be compelted in software is moving to hardware layers, greatly adding to complexity.
If you have to bet between your judgement and that of your auto manufacturer, I'd suggest that unless you really know what you're talking about, bet on the auto manufacturer. They're the experts.
Likewise, if you're some independent thinker and have an idea how something works, but the scientific community has significant work in the field, you should generally bet on them rather than you.
For every problem, there is at least one solution that is simple, neat, and wrong.
Don't take the update if you Heel & Toe your Camry while driving.
also- if you use your Camry for Rock Climbing and need to Heel & Toe you will find yourself at a tremendous disadvantage to the others.
I like microcars
Last week on Slashdot, we had a discussion about how people with more than two years of coding experience were unnecessary.
Today we're talking about how unmanageable and buggy code is literally killing people.
Am I the only one who wishes that the code that controls whether or not my car crashes and burns was written by a guy with decades of experience?
He put his boots up on the table and made a face. "The sig," he smirked. "You can waste your life in search of the sig."
"In the computer world, we're all taught to install firmware updates only if there is a real problem"
No actually you're supposed to install firmware updates when they're released if you don't want your machines to become part of botnets. If a firmware update from a manufacturer bricks your device they'll generally send you a new one. If dd-wrt does that's a different matter. You're not still running IE6 are you?
I'm not taking the upgrade....
The Toyotas w/o the brake override system could be stopped if you were at slow speeds with a lot of effort on the brakes and emergency brake. At higher speeds, the breaks where not enough to stop the vehicle with only the brakes. They also tried turning the vehicles off which would stop the vehicle, but the driver had to manhandle the vehicle w/o benefit of power steering and power brakes.
That doesn't appear to be the story I read. No, e-brake did not have to be used, and you didn't have to press on the brakes REALLY REALLY hard as you put it. Read the quote from Car&Driver below:
"With the Camry's throttle pinned while going 70 mph, the brakes easily overcame all 268 horsepower straining against them and stopped the car in 190 feet--that's a foot shorter than the performance of a Ford Taurus without any gas-pedal problems and just 16 feet longer than with the Camry's throttle closed. From 100 mph, the stopping-distance differential was 88 feet--noticeable to be sure, but the car still slowed enthusiastically enough to impart a feeling of confidence. We also tried one go-for-broke run at 120 mph, and, even then, the car quickly decelerated to about 10 mph before the brakes got excessively hot and the car refused to decelerate any further. So even in the most extreme case, it should be possible to get a car's speed down to a point where a resulting accident should be a low-speed and relatively minor event."
The only time brakes didn't work well is if they got really hot and started to fade. If you let your car accelerate to 120 mph before hitting the brakes, that's not good. So basically, it's possible to stop it if you press on the brake and keep holing it.
However, this was under controlled conditions. In the case of crashes, it was reported that the brake didn't work very well, which could be related to absence of vacuum needed to operate the brakes. This could be ECM-related.
I'm refusing to get this update for my Toyota.. How will I do brake stands and burn outs If the engine returns to idle every time I step on the brake??
No Thanks!
don't fix it.
That's very detailed information. Where are you getting this from?
Reread the second line of Zurk's post:
From the toyota camry VSRM
The Vehicle Service Repair Manual - the manual Toyota has produced that tells people how to diagnose and repair the car and how its systems work.
If you're at all technical and interested in how things work, reading the factory repair manual for your car can be hours of fun. There's all kinds of trivia in there. Most people don't know that the engine computer in many GM cars won't let the engine exceed 4000 RPM if the car's in reverse, for example.
Putting moderation advice in your
Great, how are people supposed to brake torque their Toyotas now!? Seriously though, there are situations where "spirited" drivers actually want to apply the brakes and throttle at the same time. It probably doesn't happen often in a Camry or Prius; but I'd rather have the car drop to idle if the e-brake is engaged (light is illuminated) or actually respond correctly to any other number of inputs (transmission selector, ignition position).
grep -iw skynet
The real problem is not known yet, so if it turns out that Toyota has an electronical problem that hasn't been identified yet, then you'll still be susceptible of going Mach 10 into a random object. I'd either not drive much or get rid of my recalled vehicle in the interest of self preservation.
That's great if the car is being driven by someone with strong legs.
Many people can't (or won't) press the brake pedal hard enough to stop their car if the throttle is held wide-open.
Years (15 or more) ago there was a problem with the cruise control on some Ford cars where if one of the wires got shorted to ground the cruise module would pull the throttle wide-open. Some Ford engineers had looked into the problem and instrumented a car's brake pedal with a scale so they could tell how hard the driver was pushing down on the brake pedal. It took 275 pounds of pressure to bring a car to a stop.
There are many older people and others who can't do 275 lbs on the leg-press.
Putting moderation advice in your
Sometimes folks step on both pedals to start up steep inclines. You can use the emergency brake as an alternative though.
Also sometimes folks step on both pedals to dry out brakes after driving through puddles. Granted this was more of an issue with shoe brakes than disk brakes, but folks get in the habit and the results could be unfortunate if the behavior is changed......
I would suggest to those people that they learn how to drive properly.
Hill starts are done with the parking brake, not the service brakes.
Drying out the brakes is a drum brake issue completely and is 100% unnecessary with disc brakes. Seriously, if you are having water-related problems with disc brakes then there's something wrong with them, or you're just imagining it.
Putting moderation advice in your
In the computer world, we're all taught to install firmware updates only if there is a real problem
Based on the news, I'd say you answered your own question.
You less endowed should feel awed in my presence, while driving a standard, up an incline, I keep my left foot solely for the clutch, the right foot solely for the accelerator, AND AM fortunate enough to have a large and strong enough Third lower appendage to hold the brake with. Behold my glory I am a King among men!!!!
The OP is a moron.
"In the computer world, we're all taught to install firmware updates only if there is a real problem because a large percentage of firmware updates actually brick the hardware or cause other unforeseen consequences"
Large percentage? Care to tell us how you came up with this? Oh, wait, it's straight out of your ass.
Yes, you shouldn't fix what's not broken all of the time, but the advice this guy just said....makes him seem like he was just a failed-condom child.
Using the brake with the throttle also helps on steep hill starts.
I often used the handbrake to keep the car from rolling back while engaging the clutch to have a smooth start with zero rollback.
Also useful with a heavy or powerful vehicle. Slowly add throttle until the torque converter spins up enough to overcome the gravity and gently release the brake for a nice clean takeoff. Particularly useful in low-traction situations, like rain.
If I simply went from brake to gas with enough throttle input to overcome the rollback, it is likely the vehicle would do a burnout in the rain and slide back into the yokel that stopped to close to my bumper.
Rolling the car onto and off of ramps also can benefit from simultaneous gas+brake usage.
I had a different make of car slow down to 20-30 MPH very rapidly on four occasions. Eventually they did a buy-back and exchange of collateral. I wonder about this software fix. What happens when the brake sensor messages get garbled and this erroneously signals that you are mashing the brake for more than a second when you are not and you are traveling on the highway? The same exact thing that happened to my wife, the brakes will be applied and the throttle cut and the car will brake with the semi right behind her while she tries to get slowly to the other lane. In the case of our car it was the stability control. There was a steering position sensor that was not communicating properly with a central control module and it would decide that you were trying to turn sharply at 65+ MPH. At least we were able to disable the stability control with a button until the car was replaced and sent back to the manufacture for disassembly and testing. These fancy cars should light a MIL and enter limp home mode when they detect a certain amount of bad frames, ours did detect bad frames but it was a diagnostic that only experts could see as cksum errors in memory dumps of the controller (no trouble codes).
i'm going to sue toy-haha-ta for making cars that didnt get me to the rest-room fast enough, and the resulting electric faulting that got me a date with ... (not)
a tree
not while you are driving.
Scientia et Potentia
I think its a great idea to get the update! Insurance would probly give you a break also!
It doesn't take a lawyer to realize that the potential liability incurred by willfully ignoring a recall that is tied to issues that have already caused multiple deaths is significant. Imagine hearing the lawyer representing the people who were rear-ended by your runaway Camry as he introduces "Exhibit-A. A document signed by the respondent, wherein he acknowledges that his vehicle has the potential for loss of throttle and braking control, and that said loss of control could result in the respondent or others being injured or seriously killed..."
Get your car fixed. If the update bricks your ride, it's Toyota's problem. If your ride kills people because you ignored a recall, it's your problem.
Unless you consistently find yourself using heel-toe techniques while driving your Camry (which would be pretty much completely ridiculous as I don't think they even make the thing with a manual transmission, aside from the fact that it is basically a family sized commuting utility, not a sports car), I'd say take the fix.
There are many other drive by wire cars that I would definitely not want the application of the brake to cut throttle to idle speeds, my last 4 vehicles being included in this list. However, all of these have manual transmissions where the driver can simply depress the clutch and/or put the thing in neutral.
If you've done any software engineering, this change (if brake=1, pedal =1 then shutdown) describes NEW behavior. New behavior requires a lot of real world testing, especially if it's safety related and follow-on analysis....It is not a simple user story with test result and gets slammed into the next build, and is 'beta' tested, which is appears like (since Toyota follows Lean, and the patch came out so quickly)--hence why this should be called a hack.
In the end, I see that this and related updates will be a great case study on agile vs. traditional development methods on mission critical software.
Of course you should take the update. They're not pushing out a 100 million line update after three months. They're pushing out an update that maybe changed a couple of thousands to maybe a couple of hundred thousand lines of code. Totally doable and testable within a 3 month period. Obviously, it's your choice to take or not take the update but are you willing to put yourself and your family in harms way based on an unlikely 'what if' software bug when you have a KNOWN software bug currently in your system?
Anthony Papillion
Advanced Data Concepts, Inc.
"Quality Custom Software and IT Services"
You won't be able to jailbreak/unlock your gas pedal!
and his method of handling the floor mat triggers the said bug?
That depends is it an even-numbered service pack?
While it is true that a fix/service pack/upgrade can add new errors, *usually* they fix more than they add. In this case because they are trying to fix a Critical Error, taking it to fix a know potential fatal error even though it may introduce new errors is a good bet.
Looking for a job?
Want your resume written professionally?
DON'T USE TUNAREZ!!!
It's all about liability. If you take the update and your car does something it obviously shouldn't, at least to have some legal recourse against Toyota. If you don't take the update, it's the same as absolving Toyota of all future problems you may have. All Toyota has to say is: "It's really tragic that he lost his left arm in that accident when his car sped out of control, after foolishly choosing not to take the free firmware update that would have prevented the accident, thus giving us indemnity."
Dumb ass.
Look, if you don't have a problem with your car, then don't apply the update. It's as simple as that.
If your required by your insurance agency, yes, update then.
But you trusted toyota when you bought your car, all 100 million lines of code and all. Why you aren't trusting them with the update makes NO SENSE at all.
Be seeing you...
Since there seem to be four separate and unrelated reasons for Toyotas accelerating out of control it is difficult to speculate as to how many have a software glitch, a short circuit issue, lose floor mats, or a worn linkage.
So you fell Bootloaders are not reliable? I am sure they are going to cover it if it got bricked. Or you will be on the news. "They bricked my car and will not fix it"
Two, There is something wrong with it, Balance Not updating with updating.
Yes, I second the manual TDI approval and, having reprogrammed the ECU in my 2003 4 times now, A. don't fear ECU flashes and B. love the fact that by design my car disables the drive by wire throttle when the throttle and brake are applied simultaneously. I've tried it out as an experiment and it works.
Only problem for me with putting the car in neutral is the absence of a rev-limiter (it's programmed that way on purpose) but if the engine in my car runs away, it's much more likely that it is due to a turbo failure sucking all the oil into the intercooler and then the engine rather than an electronic failure of the throttle pedal confusing the ECU.
Oh yeah, and I still get 38mpg with double the hp and torque that the car started out with.
One more thing, people have no idea but their cars are frequently flashed at the dealership to fix all sorts of things, and I'd image that 95% of the time the car owner has absolutely no idea.
Ocean is land, covered with water.
And no problems figuring out which pedal I was pressing and how hard. As if a spring on the other end of a throttle cable somehow were superior in feel to a spring on the pedal down by your foot. Insane.
There is no car with brake-by-wire, the pedal always operates the brakes directly, but the computer may modulate the boost for you to change exactly how much it does it. But even if the computer craps out completely, you still have that direct hydraulic connection to the master cylinder and from there to the brake pads.
So in summary, it's in your head.
http://lkml.org/lkml/2005/8/20/95
No, not really. Only a fool would install ONE sensor in such a highly critical enviroment. Example: If the pedal is at 100% throttle(as its drive by wire i believe), and someone taps the break.. that should reset the software. Or initiate a limp mode or something.
So basically, -1 troll/offtopic is really slashdots way of saying "I hate that you thought of something before me."
An internal short could occur within one or more of the paths from the circuits leading to the ecm. That could lead to a situation where the computer cannot detect its own failure.
Goodness, who is the brilliant engineer who came up with that system.
We are only a tiny design company, but now do Failure Mode Analysis on anything that could be a safety threat.
I can tell you now that the circuit you described above would have NO WAY of passing that review, yet it somehow got through the processes of a muti billion dollar company
There are dozens of low cost alternatives to having identical hall effect voltage sensors.
eg:
One 4-20mA, one 0-5v
One PWM, One 0-5v
Inverted curve outputs.
CAN bus output.
My design preference would be inverted curve PWM outputs. (Less change of EMI effecting a voltage/current output, mcu can verify frequency for interference, cheap to implement)
Another problem, is if you have a runaway microcontroller that happens 1 in 1^6 hours operation, it may be impossible to replicate by the engineers.
I think that means you need a redundant system that monitors the main system and has the electrical ability to cut power to the engine if it sees a safety problem
46137
The wiring diagram for a 2008 Lexus ES350 shows that the Engine Control Module controls the throttle position, but the Main Body ECU -- connected to the pushbutton ignition control -- enables power to the fuel injectors through an electrical relay under its direct control.
You say you are a developer, and ask a question like that?
And I didn't even pause to see if ANYONE asked this already. I don't care, because if you were on one of my teams and asked something like that, you'd be off my team in an instant.
"My driving habits don't cause the floor mat to slide much, so I see the update as overkill." Since when did the mechanical placement of a floor mat have ANYTHING to do with the "fly-by-wire" operation of the throttle???
I'm still dumbfounded that anyone could confuse the two.
Dave Lawson
dot-sig.
This is a pretty simple change. The car has an E-throttle and this change simply makes it react the way the the E-throttle in almost every other manufacturer's car does. The change cuts throttle if the brake and throttle are both pressed for more than a short period of time thus allowing the car to slow more quickly.
One of the sports car magazines I receive noted that Toyota was the odd one out in the practice of NOT cutting throttle under extended braking. It showed too in their testing where they took a number of cars up to speed, stomped on the gas and brake, and measured the stopping distance. Even high HP cars like the Ford Cobra stopped in a reasonable amount of distance with the Toyota cars showing a noticeably lengthier stopping distance. Oddly - ALL cars were able to stop so these cars going for miles and miles unstoppable seems awful strange. Yes, they did test cars that have been reported to run away from Toyota...
IMO - it's a worthwhile update that will help stop your car in the event of a runaway situation...
Build it, Drive it, Improve it! Hybridz.org
Since the update is being performed by a Toyota dealer, any problems caused by the update will be fixed at no cost by the dealer.
If the dealer installs the update and in doing so bricks the cars computer units, the dealer is obligated to fix the bricked computer units for free (especially since the update is done as part of a recall)
Even the Linux Kernel it is broken into a bunch of smaller programs, so a fix doesn't effect millions lines of code.
Wrong wrong wrong. See the following:
Radiation affects human cells.
One of the effects of radiation on human cells is the destruction of DNA.
Understand the difference now?
Comment removed based on user account deletion
Perhaps they are counting the lines of code after the preprocessor is done with it? With all the inlines being duplicated as lines of code. Macros. Built-in functions. using C++...
The SD crash that killed 4 is what brought this all to the forefront. In that case, the evidence is pretty strong it was the floor mat because of an incident just days before with the same car and its floor mat.
http://www.sdnn.com/sandiego/2009-12-09/local-county-news/lexus-dealership-on-the-defensive-after-report-finds-fault ..."The man who drove the vehicle three days prior to the fatal crash told investigators he tried several times to turn the engine off but couldn’t. His said he had put the car in neutral but the engine continued to race until he realized the mat was stuck and reached down to dislodge it." ......
Not saying this is the cause of everything, but it looks like the cause in this case.
You own source shows Toyota obstructing the use of data from their own "black boxes".
I've read every line of the actual articles in both citations and nowhere does it say anything of the sort. Blogger comments don't count. Businessweek has a good article on the whole smelly affair.
And I'm glad you don't work for me.
The gas pedal has to be connected to a position encoder. I am aware that position encoders usually are a number of tracks around a disk, with a gray code pattern. As the disk shaft rotates, under the scan heads appears one set of codes. The gray code theory is that between adjacent shaft rotation positions, from all the tracks, only one single bit changes. But suppose there is an intermittant connection in a readhead for a track. Then all hell can break loose. If the fault is in a bad place, the encoder can indicate full pedal to the floor. -- Sudden acceleration. My guess that the acceleration problem is electromachanical, and not in the logic behind managing the fuel injector system. Putting the braking system to override the accelerator is going to cause many more problems. It is going to be hell in snowy road or icy road conditions. Imagine trying to get out from a snow bank. One has to rock the car by accelerating forward, and then backwards using the cars momentum to move the car along. One has to sort or ride the brake while using the accelerator. The fix may have a big negative impact on winter safety, and may only be acceptable if the brake pedal has to be applied to the maximum to enable the override. That means, a problem in what to do when the vehicle stops and you take your foot off the brake. Himmmm That is my opinion.
Leslie Satenstein Montreal Quebec Canada
When at a stop while driving uphill a common technique is to use the left foot to control the brake and the right to control the throttle. When the light changes to green, you don't let off the brake until the throttle has been opened sufficiently to prevent the car from rolling backwards. If you don't use this technique then, when you lift your foot from the brake, the car rolls backwards! Note that this is done only in this particular circumstance and that, in general, it is dangerous to drive using both feet. This is a rare instance where it is unsafe to drive without using both feet.
With the modified software, this will no longer be possible. So on a hillside stop your car may roll backward into following cars because any brake pedal pressure whatsoever will reduce throttle to 0. What is worse, pedestrians skipping between cars may be crushed. Please convince me I am wrong.
There are advantages to the "analog" feedback present in the drivetrain of older cars that lack software control.
When I discovered the existence of automatic transmissions as a child (we Europeans primarily use the more efficient manual transmission), I asked how it stopped the engine from stalling when the brake pedal was applied. My father told me that the brake pedal was also connected to a clutch. This would obviously cut power to the engine when the brake was in use.
The force from an idling 1580cc turbodiesel, even without a stuck accelerator, extended the emergency stop distance of my learner car by a non-negligible distance, at least a couple of metres. This is why my driving lessons included engaging the clutch after the brake when performing emergency stops.
Now I have recently learned from Slashdot that, seemingly, in most automatics the brake pedal doesn't even cut the throttle. Given that many automatic cars in the US seem to be connected to 3000cc six-cylinder behemoths, I am sure this worsens the stopping distance for those cars a great deal more than a couple of metres. How many people has this particular design flaw killed over the last fifty-odd years?
I have never had any hardware "Bricked" from doing a firmware update. Either I'm just lucky or kiehlster writes with a bit'o artistic license for dramatic effect.
-Eric
PS: "Brakes"...
No sig today...
You claim to be a software engineer, but you think a sliding mat can cause bugs?
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
kdawson is merely an attention-seeking idiot. this "question" is so obviously contrived for him to be able to post something, anything...sad that hundreds of slasdotters fall for this garbage...
My mom used two footed driving as a form of control at very slow speed. The idle wasn't enough to start moving the car, but once moving it would move too fast for her comfort backing out the garage or out of a parking space. So she would drive with one foot on each.
To think: My mom had something in common with Pirrelli Jones/
Third Career: Tree Farmer Second Career: Computer Geek First Career: Teacher, Outdoor Instructor, Photographer.
Sorry, could you rephrase that with a car analogy? ... Oh, wait.
Of course it is not possible to modify any code without the possibility of introducing bugs, but they are probably putting in a relatively small amount of code which sets a flag when the brake is pushed, read by the throttle code to disable the throttle. If you don't take it, then at least follow the advice of the current pundits on this subject, and DON'T cut the engine in the case of a stuck throttle; rather shift into neutral. The engine software has speed limiting, so it won't self-destruct, and the running engine permits the power assist stuff to continue to work so you can brake and steer the car.
Mostly related to software hanging during the update process; rendering the hardware inoperable.
Once I had a brownout switching the PC off/on; not fast enough to reboot the software but enough to render it's update process to hell.
A JTAG connector is always handy in that case; if there is any on such bricked device.
A few weeks I've bricked my cellphone and got it back in order with the help of a Nokia engineer using Phoenix.
Maybe it's bad karma and I got to create some distance between me and the upgrading product.... never tried that!
--- I am known for the ones who want to find me on the net. Is that a privacy risk or a privilege? One might wonder..
On all those spaceships in the sky using warpdrive .. how not to bump into the nearest star or planet ; do their computers steer to the left/right by starmap while flying faster than light?
If so, how do they use warpdrive in unexplored areas? I wonder how trekkies have related to these questions...
--- I am known for the ones who want to find me on the net. Is that a privacy risk or a privilege? One might wonder..
My biggest concern about this whole issue is not the jammed gas pedal. It's the fact that the gas pedal can disable the brakes.
Brakes are a safety device and should be controlled by dedicated hardware. The inputs to the system should be the brake pedal and possibly some wheel rotation sensors and/or acceleration sensors. It should then calculate control signals to the brake hardware using some electronics. If the power dies, then the brakes should still function. It's no good to lose brakes due to a broken fuse. Maybe ABS and stuff wouldn't work, but the basic concept about applying brakes should.
The gas pedal is not mentioned in that line and that's because the brakes shouldn't care for the gas pedal, just like it shouldn't care if you turned on your lights or anything. Sure the brakes can give outputs to other parts of the car, but it's a one way communication.
The engine controller should then do something like:
if (braking)
set engine to idle
possibly automatic transmission signals
else
apply power based on readings from gas pedal
The railroads used a design like this for 70+ years which means by the time the first car gained any electronics then this design concept had been well tested and avoided quite a number of accidents. Why the car industry decided not to think of brakes as an important and uninterruptable safety device will remain a mystery, but failure to properly isolate brakes from the rest of the car shows that the design is no good at preventing stupid bugs like this one.
Another bug I heard of, which were due to failure to keep electronics separate was a car that when it drove uphill and the driver turned the steeringwheel to the right, then the engine turned off. This was the engine controller, which read garbage from the headlights and replacing the headlights fixed the problem.
I'm concerned with the electronic design of modern cars but it goes for all brands. I'm also concerned that it looks like the law allows selling a car where pressing both pedals at the same time seems like it could increase speed. I read that it could do that, but it was ok just as long as it would start to brake if you let go of the gas pedal. Imagine some kid running across the road and the driver floors both pedals by mistake. Sounds bad to me that it could be allowed to ignore the brake pedal in such a case.
Buy a car that has a clutch. Problems with unattended acceleration can be solved by pushing on the special pedal dedicated solely to disconnecting the engine from the drive wheels.
Here is an idea. Stop the floor mat sliding around by 1 throwing it our or 2 glueing it down. No firmware required and it takes 5 minutes.
What he is saying is that the next time some Toyota owner parks on the slope of a hill, with the car facing the upward direction, he is going to have fun.
Maybe I'm one of the few left that had to drive a stick shift to get their license. But as far as I know, that's what an emergency/hand break is for. You lock it in when you're on the hill, then start accelerating and release the break with your hand.
I've never used my break pedal up a hill before, and yes, I've driven in SF plenty of times.