Slashdot Mirror
Should I Take Toyota's Software Update?
kiehlster writes "I'm a software developer, and I know that most software has bugs, but how much trust can we put in the many lines of code found in our automobiles? I have a 2009 Camry that is involved in both of the recent Toyota recalls. As part of the floor-mat issue, they're offering to install a software update that would cause 'the brake pedal to take precedence over the gas pedal if both were pressed,' or, as their latest notice states, 'would cut power to the engine if both pedals were pressed.' In the computer world, we're all taught to install firmware updates only if there is a real problem because a large percentage of firmware updates actually brick the hardware or cause other unforeseen consequences. On a base of 100 million lines of code, can I really trust a software update to work safely when it is delivered in a three-month development cycle? My driving habits don't cause the floor mat to slide much, so I see the update as overkill. What do you think? If it doesn't void the warranty, should I tell them to skip the update?"
You already took the 100 million lines of code when you bought the car.
Now do you want the bug fixes, or would you rather find out what a "fatal exception" means in more physical terms?
Are you for real?
yes
First, this is about your safety.
Second, if the update bricks your car, that would be Toyota's fault, not yours and I'm pretty sure they would resolve the issue for you free of charge.
Or, you can keep driving a potentially unsafe vehicle on "firmware update" principles.
Unpatched PCs are bad enough. If I can't go outside because of morons with unpatched cars, I will be very unhappy.
If it bricks, the Dealer's going to be the one who has to replace it. As far as I look at it, it's zero risk, financially.
Safety wise, it fixes a known bug.
Take the update.
"If we let things terrify us, life will not be worth living."
- Seneca
The car in front is a Toyota because the accelerator pedal is stuck down
Summation 2
Take the upgrade. Shipping firmware always has bugs. Always. As a system administrator, the first thing I do out of the box is download and install the current firmware while it's still under warranty. And if they brick your computer they'll replace it.
Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
Yes, but make sure you drive the Toyota round a large sandbox for a few days first...maybe you live near a sandy beach or golf course with large bunkers. At a pinch, do your kids have a playpit in the garden? Cat litter tray?
AT&ROFLMAO
There's the chance that the update may turn off any jailbreaks you've already got working. Worst case scenario is that it detects a jailbreak and bricks your car, like you said.
I'd stick with the white hat hackers who are providing jailbreaking instructions and forgo any manufacturer updates.
The worst that can happen is that your car becomes susceptible to the sudden acceleration "problem" and you lose control and wipe out a family or farmer's market. But you're inside the car so you'll be fine.
Plus, you'd have to go down to the dealership and they're going to ask you if you've had any problems and a huge rigmarole just to end up with essentially the same performance you've had all along.
Too many risks and too few benefits. I'd say no.
There's a lot of cars that have the 'brake takes precedence' feature. The only real reason to not have such a feature is because of trail-braking or hell-toe shifting. Both are racing/performance driving techniques you won't be doing in your Camry. Plus, it is a pure software feature in that if it detects you braking, it will cut throttle. So there's no big issue there.
Also, cars have their computers updated all the time, and it has never been a big deal in the past. The Nissan GTR was the last example that made the news (to cut down on the RPM the launch control used). But really, cars are reflashed all the time. Its not a big deal.
Many other manufacturers have already added a similar piece of code. It really doesn't take to long to debug an interlock. Your primary failure mode will be: if the brake pressed switch fails (ie: the tail lights are stuck on), then the car won't run.
Every interlock has a strong tendency to fail into the safe state. Conversely, omitting interlocks tends to result in fail-dangerous failures, which is what Toyota is experiencing.
IANAL, but if you refuse the software update and your car proceeds to have an accident caused by flaws in the old software, you'll have no legal recourse against Toyota for any deaths, injuries or property damages caused by the software malfunction.
I thought they determined that this was about more than shifting floor mats; that there is a legitimate problem with the software. You could experience this problem WITHOUT floormats in your car.
I don't drive a Toyota and if I did I could not afford one new enough to have this problem anyway.
"Waitress I need two more boat-drinks..."
I'd recommend lubing the bottom of the floor mats so they do slide, that way you do have a requirement for the "firmware upgrade".
Sheesh. The 10million lines of code have been in your car since before you bought it. They didn't re-do all 10 million (or whatever the real number is) they change some that was faulty.
No worries man.
Get 'er done in the words of the "immortal" larry the cable guy.
Sent from your iPad.
Technically, end users are told not to install firmware upgrades unless told to by a representative, to correct existing problems or dangers. Ok, so most geeks don't hesitate to flash mainboard BIOS chips, and in the worst case, the mainboard boots up form a secondary BIOS to reflash the primary. The point is, mainboard updates are there to correct small issues; memory latency, support for newer CPUs, etc etc. Most of the time, a firmware "bug" will just cause minor annoyances. A firmware "bug" on a car is, potentially, a killer. I know, I'm going to extremes, but the aeronautics industry has a different view on firmware updates. If a bug is found, if a new firmware comes out (passing all the tests), they flash it, end of story. If I were in the same situation, I'd accept any firmware update that comes from a manufacturer that affects critical components. If it only affects the CD player or the wipers, I wouldn't bother, but if it affected the brake pedal, I'd personally go for it. Yes, there are risks, but I still have confidence in a computer flying me with humans "suggesting" actions to a computer every time I fly an Airbus.
The urgent is done, the impossible is on the way, for miracles expect a small delay.
From what I was told, that update is a fail safe. Basically if the throttle is wide open or near wide open and you press on the brakes, it will cause the engine to ignore the throttle position and return to idle.
Not to say that it might not have bugs but also consider that they might be silently patching other bugs they found. If part of this whole sudden acceleration thing was a software glitch, they could use this to keep that under wraps. You probably should just get the update, then at least if there is a future problem they can't point to your refusal to update the software as the cause.
Are you serious? That's not what this does at all. What would happen is that it would cut out your throttle if you are on the brakes, not shut off the car.
Take the update.
My driving habits don't cause the floor mat to slide much, so I see the update as overkill.
Perhaps, but didn’t I read about some people who died in a Toyota, presumably from this exact bug, whose floor mat was found secure in their trunk, exactly where Toyota recommended them to put it when they thought the floor mats were causing the accelerator bug?
Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
Think of this a few different ways. First from a liability standpoint, you are considering actively refusing a fix for a known bug that has killed people. If you ever sell your car and it can be proved you actively refused this you could be on the hook both civilly and criminally. Second from a liability standpoint, Toyota is now assuming liability for this, if they brick your car, they are liable for fixing it. Third, this is a known bug that has killed people, are you bloody nuts? This is not a software bug that results in a software crash, this is a software bug that results in a real world crash!
In the computer world, we're all taught to install firmware updates only if there is a real problem because a large percentage of firmware updates actually brick the hardware or cause other unforeseen consequences.
/.
Nobody taught you that. You pulled it out of your ass so you'd sound officious and get a post on
The vast majority of firmware updates work, fix problems and don't brick devices. Much more of this shit that gets by as posts and I'll be begging for Jon Katz to come back.
"Eve of Destruction", it's not just for old hippies anymore...
So based on vague general principles without any specific knowledge of the engineering issues involved you are refusing to install a manufacturer recommended safety fix. In an accident situation this is arguably evidence of a reckless disregard for human life. Good luck with your insurance company.
Yes. Toyota's mechnical fix may not be the actual fix and the root issue may be a software based one.
The software update is a failsafe, think of it as an error catching routine. All programs can benefit from error catching routines, problem is that programmers don't have enough time to program for every error possibility. Toyota has taken the time to add one to their cars.
cc
Toyota Japan knew about this problem a year before Toyota US executives claimed they heard about it, which was well before it got into the news. So it could have been brewing for 15 months.
Did you ever get the feeling the story is too damn long and in the present tense?
If you don't take the patch and later have the problem you will likely have lost the ability to sue if necessary. Also, if you live in a state with the concept of "contributory negligence" in it's laws you could be found partially or fully at fault for any accidents that would have been prevented by the patch. Eventually insurance companies are going to realize that they could deny claims in accidents if the driver's car is not fully patched. So yes, take the patch
Take a look at the statistics for death causes for people under 60, and you will find almost everyone who doesn't die old dies in a car. Study why cities are large but there's lots of empty space with no people, and what causes urban sprawl, and you will find roads and parking lots fill all the space. Look at what wasted labor there is in society, and you will find that producing and maintaining one high-price high-waste transportation system per citizen is quite a bit of work when horses managed do to better than that quite some time ago, not to mention electricity and electric computer system transport. And PRT more recently. Then read about pollution, and oil wars. Then get back in your car anyway, without even writing a letter to someone.
Build your own energy sources from scratch. http://otherpower.com/
Even in the most modern car, I find this hard to believe, unless you include the entertainment/nav system in the count.
In my opinion, it doesn't count since this is typically decoupled heavily from the safety-critical components of the car.
It is usually easier to write bug-free microcontroller code (ECUs and such) than general purpose PC code. Also, the distributed nature of most automotive microcontroller code keeps code separated into nice little easily-testable modules.
There are always exceptions, but it's very rare for a firmware update in a vehicle to cause regressions. Nearly all of the time, "bugs" in vehicular firmware are really unanticipated results of intentional design choices. For example, the Partial EMCC (PEMCC) code in early-1990s Chrysler A604 transmission firmware that slowly trashed torque converters was intended to improve fuel economy by partially engaging the torque converter lockup clutch - it turned out this wore out the clutch FAR faster than any of the mechanical engineers anticipated. In 1993 or so, this feature was removed once its contribution to premature transmission wear was discovered. (So yeah, this was a case where a bug really WAS originally a feature!)
retrorocket.o not found, launch anyway?
closed source software model so much more fascinating when there is a body count, no?
If you don't, and you have a wreck that is related to the recall, guess who is on the hook? ( one hint, it wont be Toyota or your insurance company )
---- Booth was a patriot ----
And I would say the main reason for that answer is:
If you do not take the update and get in an accident because of it the insurance company and Toyota will blame you, but if you upgrade and get in an accident because of it you are blameless (you just did what the bid company told you to do).
And we already know that the current software is buggy (that is why they are releasing the update), so trade a known problem for a potential one.
Troll is not a replacement for I disagree.
100 million lines of code? Where are they getting this number? The entire Microsoft ecosystem is about that many lines of code.
Maybe they mean assembly code? I'd imagine that the microcontrollers that a car uses are probably programmed with lots of bare metal assembly coding.
Ha, I'm not surprised; this is the result of a bogus, old-dated paradigm we submitted to for the sake of backward compatibility - the processing model based on state management. Everybody knows that when the system passes a certain level of complexity it becomes unstable and highly unpredictable because its state management becomes much more harder than the programmers can handle without errors - thanks Turing :-)! So, expect to see more and more BSDs while driving your new, smart, highly expensive and highly inefficient and useless toy.
Maybe this will be another good case for refresh and start thinking from the core how we deal in our society with the dependencies on a system which is proven unsustainable ... and becomes
deadly dangerous.
I have an '09 Prius. And I'll be getting that firmware update. It's a feature they should have included in the first place. It's not the best implementation of the brake override I'd like. What I'd really like to have an electrical circuit connection between the brake pedal and the throttle fly-by-wire assembly. When the circuit is tripped, the throttle position output of the assembly drops to 0 regardless of actual pedal position or sensor position. But that would require new hardware.
I'm getting the update because if the engine does start runaway acceleration, the brakes aren't enough to overcome the hybrid system's output. I know the right thing to do would be to put the car into neutral and get it safely off the road. But I don't react well to stressful situations.
I work on HP's high end servers that also contains millions lines of firmware.
I've heard of accounts where customers simply refuse to take new firmware because of their prior experience of "bricking" the boxes, and causing days of outage waiting for new blades to be shipped to them. But those usually turn out to be cases of real bad HW defects that the newer firmware has found. But they still insist on running years old firmware that contains tons of nasty bugs.
We all know that software has bugs, and we fix hundreds of them every month. This is not as mission critical as firmware in a car, but it's the same thing. Take the update dammit!
Well, Toyota is giving hearings on capital hill, they have taken a non-trivial finical hit, and I think their president is one piece of bad news away from sepaku. Yeah, you can probably trust that they did everything in their power not to screw it up. I probably would take a potentially unknown problem on a firmware updates that is being watched by dozens of agencies and internal company auditors over a firmware that is known bad with a questionable dedication to quality. Even if their is a problem, it is a safe bet that it will be detected very early due to the number of eyes on it.
Having been inside of a company that has had to do a recall, I can say that nothing sharpens a company's overzealous safety instincts and risk avoidance mania than a major recall. Recalls, especially the type that Toyota is experiencing, are a complete disaster for the company. They are extremely expensive both in terms of cost and reputation. I am pretty sure that the internal state of Toyota right now is a safety mania that trumps all else that would make a Puppeteer proud. In fact, you can probably rest assured that Toyota is currently wildly overshooting the 'proper' levels of safety. It will probably be a few quarters before they unwind to more reasonable levels.
You need to consider it from the perspective of a manager. If you, as a manager, are in charge of a critical safety component, what is in your best interest? Yeah, you could try and cut a corner and skim an extra 2% profit that your boss might or might not notice, but if it backfires and YOU result in a safety issue, especially in the current environment, you should get a friend with a sword and a basket for your head and save the company the trouble. Right now, kudos in Toyota are earned by being a safety nut and being the one to discover and 'fix' some absurdly low probability safety concern, not for squeezing the budget a little further. Speaking as someone who has been in a company in full recall mode, if there is ever a time to trust that a company really is putting safety first, now is the time.
> ''the brake pedal to take precedence over the gas pedal if both were pressed' or, as their latest notice states, 'would cut power to the engine if both pedals were pressed.'
Hint: this is a feature, not a bug. And even if you're reviewing very closely, it's not something that it takes three months to avoid messing up. if(X&&Y) Z=Y;
When the two pedals work at the same time, it can result in pretty horrible accidents. Unless your driving style uses both pedals at the same time in a way that increases your safety (in which case you're James Bond and you don't ask slashdot questions), just take the update.
-- IANAL, this isn't legal advice, and definitely isn't legal advice for you. Also, Squee!
Now I know you just quoted an article, where it is stated that modern cars have around 100 million lines of code, but did you stop to think if this was actually true? Seriously, think about it. 100 million. And you're a software engineer, for real?
Has anyone here, besides me, ever run into a situation where you actually *need* to press both pedals? Crappy gas? Or change in ambient temperature, and suddenly your idle setting is too low?
I think the anti-Toyota mania is getting a little out of hand. The problem caused 34 deaths in 10 years. Given the tens (hundreds?) of millions of Toyotas on the road, it's actually not a big deal. It's an unimaginable tragedy to the people and families that died, and it should be fixed. But as a public safety issue, more people died of lightening strikes and bee stings during that period. Heart disease kills over 1,000 Americans per day. Let's keep it in perspective.
Now we don't trust their firmware updates? I think their safety record is pretty good. You're driving their car at death-defying speeds, aren't you?
The concept of a firmware update for your car is pretty interesting, though.
If that's actually the question that you are asking, and not just the result of a more coherent argument being cut apart by overly zealous editing, then I think it would be a good idea for all of us if you stopped driving altogether.
From what I can tell, no one has found a replicable cause for the "acceleration problem." I'm guessing that a few of these accidents were caused by the biological part that connects the gas pedal, seat, and steering wheel. Still, telling someone that lost four members of their family that the cause was user error just isn't good PR. Floor mats, pedal assemblies, and the firmware update are fake solutions to solve a PR problem, not an engineering problem.
"I'm not a quack, I'm a mad scientist! There's a difference." - Dr. Cockroach
To illustrate my point, take a made up piece of code that takes the position of 1 sensor, and uses that to control a servo. Lets say that for whatever reason a peice of the code looks like: ServoPosition =(sensor1 + offset) * ServoOffset
Offset is used to correct for initial installation differences for the sensor, so the sensor can detect where it normally sits at idle(when not pressed) so that it can calculate its real position and not its perceived one. NOW! Lets go one step further and say the offset is suppose to be a static variable the entire time the loop is running.. but what if, WHAT IF, the code doesn't lock the offset variable, and for whatever reason the chip is restarting its program over and over again, increasing the size of the offset variable. Eventually, this could cause the sensors to detect the pedal being floored, when its not. So how do you fix that? Remove the offset variable from the part that could be ran over and over again. Be sure to always set it to 0 when you restart the loop.
And then you wonder if its safe? Really they changed less then 1% of there code you fake developer.
So basically, -1 troll/offtopic is really slashdots way of saying "I hate that you thought of something before me."
I don't know what world you live in, but I have yet to see a firmware upgrade that "bricks" most of the hardware it is applied to.
If you willfully do not accept a safety update and you were in an accident your insurance company could make a case it was your fault for not keeping the car in a roadworthy condition.
I'd get the update.
"In the computer world, we're all taught to install firmware updates only if there is a real problem [...]" This is the best way to have a lot of problems. Let see this scenario. A system is in production since 3 years, never got any firmware updates. Someday, a raid controller breaks. A service call is open to get a replacement part. Of course, the replacement part has been flashed with the latest firmware level from the manufacturer. Try to install the new controller, failed. Why? Because the firmware level of the motherboard is too old. Result? You have to upgrade your firmware level in a catastrophic situation where you can't perform a lot of test/validation. Here are the policies I’ve put in place. Rule #1) Firmware must never get older than 1 year except if it's the latest stable available (this ensure we never have catastrophic updates to do in a critical situation because we are never "Too old") Rule #2) Firmware must never be installed in the first month of its release (this leave time to the manufacturer to publish fixes in case of a major problem in the firmware). Keep in mind that in case of hardware failure, you may have to be at a recent firmware level. You can decide if you do the update in a proactive manner or in the middle of a major outage.
A "software developer" is concerned that a software update could mess up their car (a consequence which, as mentioned by smart Slashdotters here, Toyota is liable for). Have they ever updated their operating system on their computer? Probably so. Why did they do that given the risks of bricking the computer? There lies the answer to the question.
***So you don't understand what this update will do. You're also fucking retarded***
He merely read the article which you apparently didn't.
"As part of the floor-mat issue, they're offering to install a software update that would cause 'the brake pedal to take precedence over the gas pedal if both were pressed' or, as their latest notice states, 'would cut power to the engine if both pedals were pressed.'"
You might want to work on your reading comprehension. Until it improves, perhaps a bit of civility would be in order.
Now, if you want to argue that the patch ought to drop the engine back to idle while the brake is depressed, I think you may well be right. I wouldn't be surprised that the patch doesn't do exactly that unless there is some reason that would be a bad idea.
You can't see ANYTHING from a car, You've got to get out of the goddamned contraption and walk...Edward Abbey
Okay, this isn’t personal experience, but I’ll carefully draw out the connection: My dad’s friend, who is a car dealer (buys cars at auctions, fixes them himself, and sells them), told me this story about another friend of his, who was also into the car business.
It happened quite a while back (no, this problem isn’t just on the new models like people claim). His daughter (typical blond 17-year-old girl) claimed that her brakes randomly went out on her small Toyota. He looked it over, determined that there was nothing wrong with the braking system, and laughed it off assuming that she was a typical blond 17-year-old mistaken girl. She insisted, though; so to prove there was nothing wrong with the car, he traded her cars and drove it for a week or so. It worked perfectly fine until he was about ready to trade her back and tell her she was wrong. Then one day, approaching a stop sign at an intersecting highway, he hit the brakes and nothing happened. He rolled right out onto the highway and got T-boned by a semi. He died and was resuscitated 3 or 4 times on the way to the hospital, according to what I was told.
Are you going to tell him that not only was his daughter wrong, but he’s also an idiot who hit the accelerator instead of the brakes while actually testing the vehicle to make sure the brakes worked?
Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
Sounds like this update would prevent using heel and toeing. http://en.wikipedia.org/wiki/Heel-and-toe
But I don't suppose there are many owners taking manual transmission Toyotas to the track.
And to address the question: yes, take the update.
Some of the SW guys at my work are becoming convinced the whole problem was in software to begin with. Maybe this is a bug fix posing as something else.
If you do trust them, then install the update and use the vehicle.
But using a car with a known flaw without fixing it is just plain STUPID.
One easy way to do these things is to ask yourself "What would I tell the jury?" What if you are driving a friend home and you get into an accident. Some insurance company sues someone. What would tell the jury? How do you think they would react to your "I didn't trust the update" crap.
If you don't trust the company, get rid of their product. If you do trust them, obey their instructions on fixing their flawed product.
excitingthingstodo.blogspot.com
I like it, from this day forward, I will stick with the unknowns I currently don't know, rather than the unknowns I could potentially not know.
I mean, better the devil you don't know now, than the devil you might not know when and if something happens, that's the saying right?
My stomach hurts, I don't know how serious it is but I won't fix it though, because fixing it could lead to other problems.
Something of my code doesn't work as expected, hell, at least I know what might go wrong instead of all the possible wrongs I could meet from fixing it.
Hell, i can't believe I've been living my life so wrecklessly!
I find it very unlikely any car has more than about 5k lines of code. Probably more like 1k We are not talking Rocket Science here the engine only track about 40 parameters. I had an extra ECM for my 2001 Chrysler Concord it only had a 2k rom in it. The BCM and TCM probably even less.
Most cars all run the same software anyway.
Linux modi 2.6.26-2-parisc
...bricked doesn't mean what you think it does. To claim a "large percentage of firmware updates actually brick the hardware" is pretty silly. To think you can brick a car is even sillier. At the very least, the back seat has uses, even if the car doesn't run.
A similar (though admittedly less severe) thing used to happened all the time on my old Sonata. The solution was to simply throw away the floor mat.
Slashdot is not a game, Slashdot is not a game. Crap, I just lost points.
... and if you sign this document I'll be happy to take your case in the unfortunate event of your demise due to a poorly implemented software upgrade!
Might be a little worrisome if the new code kills the engine and the power steering "power" at the same time? I'm sure they've thought of this, right?
My $0.02 and experience on this...
Several years ago, I refused an update to a 2003 Nissan. To sum it up, the engine could stall due to a poorly-made crank position sensor (CPS). Nissan determined it was cheaper to issue a firmware update than replace the all of the sensors. The update lets the PCM cope with bad CPS signals, so that it does not stall, but other side effects (tach stops working, etc) remain because the root cause (CPS) went unaddressed. I declined the update, as I had already taken the initiative to replace the bad CPS with the updated sensor myself. It resolved all issues.
Fast forward a couple years. Due to other mechanical design/manufacturing defects the engine failed (QR25DE - prone to pre-cat failure and power-valve screw ingestion, causing scoured cylinder walls then ring failure) @ 59K miles. The vehicle was well-cared for, unmodified, etc. When it came time to make a warranty claim, several dealers flat-out refused to help me, many citing the unaddressed firmware update.
That might not have been legal, moral, or business-smart (retain me as customer) but point is - if you care about your warranty, refusing an update is opening the door for future hassle, should something (even unrelated, like my issue) happen. Apparently being an informed/educated/opinionated owner isn't an advantage.
First, buy a second car. Install the update to make sure it works. Be sure to test all components to make sure there are no unintneded impacts. Include several parallel tests also. Maybe even some regular parking tests. Once all tests are completed, schedule the install during non-prime hours and have a backout plan.
I rarely read replies, it's my opinion and if you thought about your opinion a little more, I'm OK with that.
If firmware affects airworthiness. There's plenty of stuff that doesnt get installed.
Besides, error corrections in avionics can be deadly.
“Cut power to the engine” doesn’t mean turn it off. It means reduce the engine power to idle and slip it into neutral, exactly as you suggested, and exactly as anyone would expect it should do if you pressed the brakes.
Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
So when someone is tailgating you, you tap the break down while pressing down on the accelerator?
the car even with the throttle wide open.
Motor Trend's own test of a Camry found that even with the accelerator wide open the brakes can overcome the engine, easily in fact. Better yet, it still stopped shorter than the Taurus with no accelerator problems!
http://forums.motortrend.com/70/8007011/the-general-forum/c-d-toyota-dealing-with-unintended-acceleration-te/index.html
so take the update, its not like your car hasn't already have a program, one declared defective.
* Winners compare their achievements to their goals, losers compare theirs to that of others.
No brake and gas at the sametime? That majorly sucks. Albeit, not usually needed but there are situations where you need to press both, besides when doing a burnout on a RWD ...
Drive By Wire in itself is a bit stupid idea ... Servos break more easily tha hydraulic cylinders or legs. Electric connections get loose easier than hydraulic sealings start to leak. Nevermind the lost feeling of brake, gas and clutch pedals.
I drove once a drive by wire car, and i seriously couldn't use it during the winter: I had to take my shoes of to feel the pedals enough to know how much i'm pressing brake or acceleration.
Nevermind the fact that using traditional systems you apply force mostly directly to the brakes, and there can't be any software bugs.
I just wish in 20 years time i can still find "oldschool" cars which does not have drive by wire and issues it may cause, and rather has hard lines.
Did you think about the fact that this "floor mat" issue might not exist if there was traditional pedals with the amount of force being needed to press than in older cars? Not only will you actually feel the throttle position, but it wouldn't so easily be pressed by accident.
Pulsed Media Seedboxes
Exactly how long have you been in the software industry? I've never had a problem with firware upgrades, and your statement: "because a large percentage of firmware updates actually brick the hardware or cause other unforeseen consequences." points out your inexperience. Define large percentage - I'd put it at well under 1% of all firmware upgrades, likely well under 0.0001%, is that a "large percentage"?
This software was developed and tested, deployed in a world where EVERYTHING Toyota does is under Federal Scrutiny and Class Action lawyers salivating at the prospect of suing Toyota for any inor glitch. This software update likely is among the most scrutinized code in recent history (excepting the staggering review military aircraft and space ship software undergoes). You trust their earlier software more than this new code?
Ken
Huh??? Are you in the habit of pressing the brake and the accelerator at the same time when you drive? If so, please go back to driver's ed.
FOXTROT UNIFORM CHARLIE KILO
The interlock, presuming it is the same as Audi has had for a decade, is that if you press the brake while the gas is on it cancels the gas. But, if you press the gas while the brake is on, the gas comes on normally.
So it doesn't prevent brake torquing, it doesn't prevent heel-toe, since both of those have you pressing the gas while the brake is down, not the brake while the gas is down.
I am not sure as to what you two think trail braking is. Trail braking is simply applying the brake after you have already started to turn into the corner instead of the standard way of braking, then turning. It doesn't have to do with having the gas and brake on at the same time at all. So it shouldn't be affected either.
Get the flash.
http://lkml.org/lkml/2005/8/20/95
do you update your pc software when your os or driver software demands or not? if yes then update your car cause a car crash is alot more hazerdous than a personal computer crashes
If you don't get the update and hit someone, you can always blame the software and get off scogt free. However, if you get the update and hit someone, you've only yourself to blame! Would you rather have them suing you, or big-pockets Toyota when you run over someone and kill them?
I've abandoned my search for truth; now I'm just looking for some useful delusions.
How much do you like not being dead?
Read my blog.
I know someone who has a Lexus that started revving the engine while he was getting onto an expressway. He said the brake pedal was stuck up and would not even allow him to press it down. If the computer is pushing the pedal up (for some sort of feedback or something) will it even detect that you are trying to brake for the fix to work? They have some serious issues and the floor mats are not a part of the problem.
-- ssoorrrryy,, dduupplleexx sswwiittcchh oonn.. -Quote found on actual fortune cookie.
IANAL but if you ever need to take part in a lawsuit against them, you may not want to be on record as not accepting the fix when they presented it to you. If you're truly that concerned about it, then you probably shouldn't be driving a Toyota or, as the most extreme, be driving a car with many electronic components.
Sometimes folks step on both pedals to start up steep inclines. You can use the emergency brake as an alternative though.
Also sometimes folks step on both pedals to dry out brakes after driving through puddles. Granted this was more of an issue with shoe brakes than disk brakes, but folks get in the habit and the results could be unfortunate if the behavior is changed......
LedgerSMB: Open source Accounting/ERP
Firstly, the 100 million "lines of code" is in "70 to 100 microprocessors". I would bet that is not lines of C source, but at least assembler instructions, and probably bytes of software. Someone has summed all the roms in all the microprocessors to get this value. Several of those microprocessors are likely to be identical (e.g. the ABS on each wheel). And, given that problems rise geometrically, the software on any one processor is likely to be a lot less frightening than the total.
Also, you need to distinguish between development releases and debug releases. Development releases are much more risky, because people are trying to add new features. If something is a pure debug release, then it is pretty likely to be safe to upgraded it.
"Bricking" something is actually a function mostly of consumer devices. The device is not actually destroyed, it is just that the cost of repairing it is greater than the cost of a new device - a small number of hundreds of dollars. And usually, behind the bricking there is usually some form of Rights Management, whether it is the RIAA keeping you off music or Apple keeping you from jailbreaking phones. This means that programming can only be done bu software in the device, and if you overwrite that software, you are lost, An in-car component is unlikely to have these features; it is much more likely that a car is reprogrammed by going straight to the programmable device by a hardware port
such as JTAG or I2C
I would not judge car software by consumer software. While not as safety-conscious as the aerospace people, they are in a different league from consumer devices. Hence the fact that car electronics lag consumer electronics by about five years at new model introduction, and far more as the model ages.
Consciousness is an illusion caused by an excess of self consciousness.
In the computer world, we're all taught to install firmware updates only if there is a real problem because a large percentage of firmware updates actually brick the hardware or cause other unforeseen consequences.
I take issue with your basic premise that firmware updates are bad.
Blades, blade chassis, SAN, tape library, etc. When there is a problem one of the top 10 questions will be "Is your firmware up to date?"
I regularly update firmware as hardware moves through it's lifecycle. The one exception I have is on some Raritan IP KVMs, where the
manufacturer advised me not to update the firmware unless I'm having an issue. But again that is the exception, not the rule.
I would imagine that you would want to cut (most of the) power from the engine in the event that both the brake and gas pedals are pressed. Cutting power to the engine doesn't make sense to me as the engine should stay running to help with power-assisted steering and braking. Probably I'm making too much of this.
Your dad's friend has a friend who's daughter had a problem with her car...
Did I ever tell you about my friend, who knows a guy that went on vacation in the islands for a few days, and when he got back found a photo on his camera of his toothbrush sticking handle-out of a black man's butt? It's true, I swear!
Ken
would cut power to the engine if both pedals were pressed
So anyone who starts from a stop on a steep incline by slowly depressing the brake while simultaneously pressing the gas to avoid rolling back into the vehicle behind them will now stall their vehicle?
The accidents that have occurred as a result of this are tragic. But adding quirky behavior as a stop-gap measure seems ridiculous and sets a bad precedent. Is there anything out there to make sure vehicle behavior is reasonably consistent across different vehicles (or even vehicle firmware versions)? Or are we going to have to be aware of all the different firmware ins and outs between different models and firmware versions.
I've been especially surprised at the fact that so many people seem to think that sudden acceleration is unstoppable. If you're driving a vehicle that suddenly accelerates and you cannot prevent the acceleration PUT THE VEHICLE IN NEUTRAL OR DOWNSHIFT (and yes you can downshift with automatics)! How people can get their driver's license while thinking the only way to slow/stop a vehicle is to press the brake is beyond me. I know panic can set in and can make reacting to unexpected dangerous situations difficult, but isn't that why you had a learner's permit first? My father took me to an empty lot and had me practice reacting to different situations that you can encounter which can be dangerous if you panic (ie: sliding, hydroplaning, slamming on brakes, etc.). Perhaps drivers education courses should focus more on these kinds of situations rather than merely how to obey traffic laws.
Faith is a willingness to accept something w/o complete proof and to act on it. Reason allows you to correct that faith.
On the bright side, if you don't allow them to install the software update and some horrible horrible accident happens occurs, you'll certainly be a candidate for the Darwin Awards.
"If it ain't broke, it doesn't have enough features yet"
That is the question. Although this failure occurs, relatively speaking rarely, I'm not so sure that Toyota has determined the root cause(s) of the failure. The number of combinations of inputs are huge, and the subset of those that can cause catastrophic failure is small. How can we be even reasonably sure that they have isolated those causes? In my opinion, as a software engineer with almost 30 years experience in embedded, real-time, large-scale, and high-reliability systems design and implementation I have to believe that this is not a coding error per se, but a design flaw in the system itself. Properly designed, safety critical systems will "fail safe". This is not happening. So, who knows if the changes made will make the system, over all, more or less safe? Without a complete model and access to ALL source code and the tool chain used to implement these systems, one cannot say.
Bottom line? There is no way to say that updating the software/firmware will make the system more, or less, reliable. Personally, I think it's a crap shoot. So, do the update. The results probably won't be more dire than the current situation, and may reduce the solution set for catastrophic failure scenarios.
Sometimes, real fast is almost as good as real-time.
u can get reimbursement. refer this video: http://www.youtube.com/user/toyotausa?blend=2&ob=4#p/c/A7E3573E524159D4/0/63Jux4hngWc
The fact that this question is even being asked indicates that not much thought has really been put into it. The patch fixes a problem you haven't run into yet, and may never run in to. Maybe patching it will be inconvenient or ultimately unnecessary. But when the consequences of running into the problem that the patch fixes include injuring or killing yourself and others, where's the debate? If the consequences of running into the bug only ran a risk of you killing yourself, with no possible harm to others, then and only in that case would I recommend against installing the patch.
http://ask.slashdot.org/comments.pl?sid=1564476&cid=31286192 just that we are too few and the others are too many :-); also, the *many* ones give no shit on your long term vision or risk assessment 'cause they can't grasp it - literally;
this is the perfect blend for continuing the status quo of the energy*car&war industry. The blend can brake only when the variable 'the *many* ones' will gets changed to be defined
by individuals having a different thinking pattern. are you betting on seeing this change? me not,
How do I do a burnout if I can't use the brake and gas at the same time?
Stupid nanny cars.
Take a look at the statistics for death causes for people under 60, and you will find almost everyone who doesn't die old dies in a car.
Nonsense. Yes, motor vehicle accidents are the leading cause of death in the US for those between the ages of 15 and 34 (peaking at around 1 out of 3 deaths for the 15-24 age group) but it is nowhere close to "almost everyone" no matter what age group you choose. But don't let actual data get in the way of a good sound bite.
Look at what wasted labor there is in society, and you will find that producing and maintaining one high-price high-waste transportation system per citizen is quite a bit of work when horses managed do to better than that quite some time ago...
If horses were actually more efficient economically, we would still be using horses. If you think horses are cheap as a means of transportation, you clearly have never tried to use them. Yes there is a cost to modern infrastructure but there is a bigger (economic) cost to lacking it. The biggest obstacle to the growth of many nations (India is a good example) is a poor quality road infrastructure.
not to mention electricity and electric computer system transport. And PRT more recently.
You think a PRT is seriously a solution which makes sense for more than a few high density urban areas? Nice for airports but it isn't going to be much use on a farm.
Then read about pollution, and oil wars.
Yep, there is a downside to fossil fuels. Fossil fuels have serious problems in need of serious solutions. However there is a huge upside too which I note you are conveniently forgetting. I'd also like you to point out the magical technology you think will eliminate pollution. Solar and wind come closest but even they pollute. (you didn't think the steel in that turbine came without an environmental cost did you?)
Why would you tap the breaks while holding the accelerator? That's just foolish, and if you're holding the break for any period of time when you do it you're putting incredible wear on your breaks. I really wouldn't recommend it.
The breakcheck is far, far more effective against tailgaters if you actually slow down when you do it - it freaks them out and they back off. If they still keep tailgating, take your foot off the gas and let it coast and see how long it takes them to find a way around you. Be warned that that really really pisses them off, so if you're in an area known for road rage I wouldn't recommend the second technique. The first usually works great though.
Security is mostly a superstition... Avoiding danger is no safer in the long run than outright exposure. - Helen Keller
If you really are afraid of computers running cars then it's time to sell the car and buy an older car that has no computer in it. At least then you won't have to worry about your car, just everyone else.
~~ Behold the flying cow with a rail gun! ~~
My pads for my disc brakes are quite stiff and have immense stopping power under high load. High temperature pads are great that way. The downside: nothing sucks the feeling out of your heart like dropping the pedal to the floor and having a delay while the water evaporates off the brakes enough that they can heat up and begin really stopping the car.
Summer tire to winter tire transitions are also rather annoying...
SIG: HUP
Even in the most modern car, I find this hard to believe, unless you include the entertainment/nav system in the count.
I'd suggest that it probably isn't terribly shocking. The amount of electronics in a modern car is pretty impressive. There are dozens (sometimes hundreds) of sensors, drive by wire, diagnostics systems, engine control, ABS, traction control, and much more. Frankly diagnostics these days almost requires a OBD-II scanner. All of this without even getting into the climate controls, entertainment systems and other stuff for fun and comfort.
Bear in mind that this explosion in electronics is a relatively recent thing. Cars even 15 years ago had FAR less electronics than today's cars.
I really don't mind these new fangled cars, but, geez, STAY OFF MY LAWN, patio, living room etc
rewriting history since 2109
In the computer security world, we craft effigies of people like you and burn them for not installing the patch that causes the security failure. Lets see if I can follow the logic:
.: I should:
1)The patch that prevents me from dying might break my car.
2)My car is under warranty.
3)My dealer will install the patch, and therefore accept liability for breaking my car.
a) Not accept the patch, and risk DYING.
b) Let the dealer install the patch, understanding that he must fix the car that he breaks while doing the warranty repair work, and accept the consequences, up to and including the dealer providing a new car for breaking my car.
Can anyone help me to understand the argument against installing the update?
Confidentiality, Integrity, Availability: without Availability the other two are assured, as is Bankruptcy.
The number of deaths due to this problem is about the same as the Ford Pinto "bursting into flames" issue from the late 1970's. Toyota is hitting a perfect storm of screwed over this. If this had been 4 years ago coming out(and it could have if Toyota weren't so damn arrogant), then there wouldn't have been the political pressure from the UAW to screw Toyota. Historically the UAW has spent their political capital pushing the regulators to go after the companies they work for; they would use that as another lever in their bargaining. Now that they own a couple car companies, they're using that muscle against their competition. Toyota used to get away with not recalling cars over issues, because the regulators weren't being pushed to go after them. GM/Ford/Chrysler had no such luck. Sucks for Toyota that the playing field level has shifted against them now instead of for them.
Rhonda Smith's story of six miles of interstate terror, as her Lexus suddenly zoomed to 100 miles per hour, will set the mood Tuesday for the first congressional hearing on Toyota's acceleration problems.
Yes and if you read more about it you'll find several interesting bits of info. One is that upon inspection there was no evidence that the brakes had been applied, including the MECHANICAL emergency brake. She also claimed under oath that she had complained about the problem to Toyota but the only record Toyota has is for an oil change. She also sold the car to a family member (not something you'd think she'd do if it really were unsafe) and according the the Wall Street Journal the car is still on the road.
Frankly I think there are a lot of people making up stories hoping to get money in a lawsuit, much the same way people made up stories about Audi a few decades ago. Yes, there appear to be some actual problems but there are a lot of liars out there too.
It's still 100M lines of code friend, regardless of who or what wrote it.
When you write code and estimate its LOC size, do you also include the LOCs of the trusted libraries you use to build your apps? If you do a printf("%u\n",1), do you count this as one LOC or do you also count the LOCs in printf? When you use a GNU compiler, do you also count the thousands LOCs generated by it in assembler?
Does it really not matter *who/what* wrote it? Pretty myopictardic and useless way of software estimation if you ask me.
Firstly, it's not the floormats. Even Toyota has backed away from that as an explanation. The current theory is that it's the accelerator pedal sticking, but that doesn't jibe well with all of the incident reports either. Given that, I wouldn't count on your driving habits or removing the floormats to solve the problem.
You should also consider that if you have a problem later and the update hasn't been done, guess what they'll blame?!
In general, the modification sounds like a very good idea. If for whatever reason your car decides to go full throttle against your wishes, I'm sure you'd like one extra chance to convince it otherwise.
As others have pointed out, you have already accepted 100 million lines of their code without knowing anything about their software practices.
Nice try, but if the sensor is bad (shorted?), or if the high bit in the memory cell where ServoPosition is stuck high [and they aren't using ECC) you're still in trouble with your fix.
It's like not wanting to install a security patch to cover a security hole just because there was a security hole that shouldn't have been in the first place (there was an error before, there must be an error in the patch). No sane sysadmin would operate that way. So why would you, with your car and your life?
"...because a large percentage of firmware updates actually brick the hardware or cause other unforeseen consequences..."
I'd love to see the statistical data to back up this claim.
If a large number of firmware updates are bricking your devices, you are buying bad gear. I've never had a firmware update brick anything. Buy better gear.
Pretending firmware doesn't exist is not a solution. It's there because it needs to be updated sometimes.
You have to patch that car due to liability if nothing else. If you get into an accident, the other party's lawyer could make hay with the fact you're driving an unpatched Toyota.
Manual transmission drivers don't have three feet, they can't hold the break, clutch and gas at the same time.
The usual use is different, but apparently you have never heard of heel and toe shifting. It is certainly possible to press the accelerator, clutch and BRAKE (not "break") pedals simultaneously.
www.clarke.ca
They are fixing an issue that ciould kill you. Take the damn patch.
Yes software has bugs, but automotive software is designed, tested, and built like software should be, i.e. engineered.
Software engineering is substantially different then 'programming'.
The Kruger Dunning explains most post on
Manual transmission drivers don't have three feet, they can't hold the break, clutch and gas at the same time.
You've never done a heel-and-toe shift I guess. Not really disagreeing with your main point (regarding rollback) - just being pedantic and pointing out that it is quite possible for two feet to control three pedals at once. In fact before synchronized transmissions became common it was nothing unusual to need to engage in some fancy footwork. Some race cars still do.
I'm unsure myself - personally I want to know exactly what traits are being changed. There are times where using both pedals at the same time can be useful. Admittedly in a passenger car on the road it's a lot less frequent than going off road or rock crawling in a 4x4.
Specifically, I want to know what criteria need to be met for it to trigger. Does the change cause the engine shutdown (or return to idle? presumably return to idle) at any point when both the brake and gas are pushed at any speed, or only if the vehicle is traveling over 10-20 mph, or only if the accelerator pedal is pressed more then X%?
Odds are I'll end up getting it regardless, just for overall safety in general. Though i'll be pretty annoyed if it is a simple if gas and brake then stall.
. 62,400 repetitions make one truth -- Brave New World, Aldous Huxley
He has to release the brake for 1 to 2 seconds so that the car recognizes the brake pedal has been released before it allows the Gas pedal to apply any acceleration to the engine when you start moving.
Citation needed. According to the press release,
Nowhere does it say that you have to let the brakes up for 1-2 seconds before you can use the accelerator.
Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
Last week I took my 2009 Camry into the dealer. Here is what they did:
1) Chopped off about 4cm from the end of the gas pedal. It looks like they did it with a hack saw. The air near the brake pedal smelled like hard plastic that has just been cut.
2) Replaced the old floormat with looked like this:
+-----------+
| |
| |
| |
| |
| |
| |
+-----------+
To one that looks like this:
+---+
| |
+---+ +---+
| |
| |
| |
| |
+-----------+
That way there is a lower chance of the gas pedal touching the floormat. It also means, that the carpet underneath your gas and clutch pedals will get soiled.
3) Updated the firmware. After the update, I did a test where I got the car going 30Mph, and then pressed and held the accelerator. While the accelerator was depressed, I applied the brake with my left foot. After about 1.5 seconds, the engine RPM went down to idle speed. I repeated this test 2 more times. Same result each time.
The firmware update appears to work at least in 3/3 of my test cases.
I hope that if you refuse the software update, that Toyota makes note of that. That way if you get into an accident because of the problem the software is supposed to fix, YOU are held responsible because you refused to get the problem with your car fixed!
When end users do their own firmware updates, bricking happens because of many configuration variations out in the real world. I have never heard of any device you had to send in for a firmware update from the maker being returned to the customer bricked.
If you take your car in to get fixed, and the reapir place (any repair place) breaks a window, the repair place must fix the window for free. They can't return it to you with a broken window and expect you to pay for damage they caused.
I know that if you refuse the update, and you kill one of my friends of family...
Either I will make SURE you are procuted to the FULLEST EXTENT OF THE LAW as if it was a murder.
or
I will be the one going to prison because you will be 6 feet under.
Yes, people do it all the time when someone is tailgating them.
He drives much too slowly, and then when someone is following him, wishing he would speed up and drive the same speed as everyone else, he taps his brakes. This has several effects: it pisses the person behind him off even further, because it seems like he’s slowing down even more. It could cause an accident, if the person behind him thinks he’s stopping and slams on the brakes to avoid rear-ending him and is subsequently himself rear-ended. And it usually dose give him a little more room, because the person behind him thought he was slowing down and did likewise, which opens some space.
Of course, to avoid getting rear-ended in this stupid asshole tactic, he also has to use the accelerator to avoid slowing down when he taps the brake.
Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
fixed that for you.
KDE, Gnome, Linux, OpenOffice, etc. ARE written in assembly language, for the purposes of this bizarre argument.
The media is taking what's in essential a high-level language (MATLAB and/or other code builders) and counting the source lines it creates to get a huge number.
When we write in C or Java, it creates source lines at a level below that (assembly or VM opcodes). And YES, YES, all those programs are in at least only off the 100 million lines of code by one order of magnitude.
But let's just say one opcode is one byte. It's not, but let's say that for yucks that it is, then OpenOffice would need to be 100 megabytes to possibly have that many lines. OpenOffice writer is only 7MB, but we know it uses libraries and other packages, and so, adding all that crap in willy nilly, we probably get up to at least 100MB, and thus (in silly-think) 100 million lines of code.
But let's step back a second. Let's ask ourselves (and I KNOW that there are people who read this who know the answer) "how big is the PROM/ROM/CMOS RAM whatever on the Toyota car computer?" If it's 128MB then this silliness is (for what it's worth) correct-ish. If it's 64MB, it's INSANE. If it's a lot less, it's just mindlessly wrong.
I think where this is ultimately headed is to require DO-178B like testing for Automobiles, just like we require it for Airplanes.
Dear Nimey,
While many here agree with the basic argument you made, the way you presented has led the overwhelming majority of us to the same conclusion: You need to switch to decaf.
csm
If you have to bet between your judgement and that of your auto manufacturer, I'd suggest that unless you really know what you're talking about, bet on the auto manufacturer. They're the experts.
Likewise, if you're some independent thinker and have an idea how something works, but the scientific community has significant work in the field, you should generally bet on them rather than you.
For every problem, there is at least one solution that is simple, neat, and wrong.
Don't take the update if you Heel & Toe your Camry while driving.
also- if you use your Camry for Rock Climbing and need to Heel & Toe you will find yourself at a tremendous disadvantage to the others.
I like microcars
Last week on Slashdot, we had a discussion about how people with more than two years of coding experience were unnecessary.
Today we're talking about how unmanageable and buggy code is literally killing people.
Am I the only one who wishes that the code that controls whether or not my car crashes and burns was written by a guy with decades of experience?
He put his boots up on the table and made a face. "The sig," he smirked. "You can waste your life in search of the sig."
So when someone is tailgating you, you tap the break down while pressing down on the accelerator?
I just use the e-brake so the taillights don't give 'em any warning.
I am not a crackpot.
Luckily, you’ll still be able to apply mascara (or shave), eat your double cheeseburger with fries, read the paper, smack the noisy kid in the backseat, and talk on your phone.
Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
"In the computer world, we're all taught to install firmware updates only if there is a real problem"
No actually you're supposed to install firmware updates when they're released if you don't want your machines to become part of botnets. If a firmware update from a manufacturer bricks your device they'll generally send you a new one. If dd-wrt does that's a different matter. You're not still running IE6 are you?
Yes, people do it all the time when someone is tailgating them.
He drives much too slowly, and then when someone is following him, wishing he would speed up and drive the same speed as everyone else, he taps his brakes.
Of course, tailgating someone so they'll accelerate to my desired speed is also a "stupid asshole tactic". Probably a better bet when encountering someone driving "too slowly" for your tastes is to either pass (if possible) or suck it up, Nancy. Maybe even give them more distance, not less. Even if they are driving so slowly as to create a traffic hazard (not just an inconvenience). Especially then. Because if someone is unintentionally creating a nuisance or a hazard, you ought to keep your distance to avoid making an accident even more likely. And if they're doing it intentionally, it's an even better idea. In no event is tailgating the "offending driver" going to make things better. If you wreck your car to make some kind of point, well, you've still got a wrecked car.
Naturally this doesn't apply to operators of trucks over 1 1/2 ton, who are specifically permitted by most rural and southern states to "run over his slow ass". Yes, mods, that sentence was "sar-cas-tic".
I am not a crackpot.
The Toyotas w/o the brake override system could be stopped if you were at slow speeds with a lot of effort on the brakes and emergency brake. At higher speeds, the breaks where not enough to stop the vehicle with only the brakes. They also tried turning the vehicles off which would stop the vehicle, but the driver had to manhandle the vehicle w/o benefit of power steering and power brakes.
That doesn't appear to be the story I read. No, e-brake did not have to be used, and you didn't have to press on the brakes REALLY REALLY hard as you put it. Read the quote from Car&Driver below:
"With the Camry's throttle pinned while going 70 mph, the brakes easily overcame all 268 horsepower straining against them and stopped the car in 190 feet--that's a foot shorter than the performance of a Ford Taurus without any gas-pedal problems and just 16 feet longer than with the Camry's throttle closed. From 100 mph, the stopping-distance differential was 88 feet--noticeable to be sure, but the car still slowed enthusiastically enough to impart a feeling of confidence. We also tried one go-for-broke run at 120 mph, and, even then, the car quickly decelerated to about 10 mph before the brakes got excessively hot and the car refused to decelerate any further. So even in the most extreme case, it should be possible to get a car's speed down to a point where a resulting accident should be a low-speed and relatively minor event."
The only time brakes didn't work well is if they got really hot and started to fade. If you let your car accelerate to 120 mph before hitting the brakes, that's not good. So basically, it's possible to stop it if you press on the brake and keep holing it.
However, this was under controlled conditions. In the case of crashes, it was reported that the brake didn't work very well, which could be related to absence of vacuum needed to operate the brakes. This could be ECM-related.
How are you using both of those pedals with your right foot?
If you are using your left foot, I hope the following accident kills or at least maims you.
That's very detailed information. Where are you getting this from?
Reread the second line of Zurk's post:
From the toyota camry VSRM
The Vehicle Service Repair Manual - the manual Toyota has produced that tells people how to diagnose and repair the car and how its systems work.
If you're at all technical and interested in how things work, reading the factory repair manual for your car can be hours of fun. There's all kinds of trivia in there. Most people don't know that the engine computer in many GM cars won't let the engine exceed 4000 RPM if the car's in reverse, for example.
Putting moderation advice in your
Great, how are people supposed to brake torque their Toyotas now!? Seriously though, there are situations where "spirited" drivers actually want to apply the brakes and throttle at the same time. It probably doesn't happen often in a Camry or Prius; but I'd rather have the car drop to idle if the e-brake is engaged (light is illuminated) or actually respond correctly to any other number of inputs (transmission selector, ignition position).
grep -iw skynet
The real problem is not known yet, so if it turns out that Toyota has an electronical problem that hasn't been identified yet, then you'll still be susceptible of going Mach 10 into a random object. I'd either not drive much or get rid of my recalled vehicle in the interest of self preservation.
That's great if the car is being driven by someone with strong legs.
Many people can't (or won't) press the brake pedal hard enough to stop their car if the throttle is held wide-open.
Years (15 or more) ago there was a problem with the cruise control on some Ford cars where if one of the wires got shorted to ground the cruise module would pull the throttle wide-open. Some Ford engineers had looked into the problem and instrumented a car's brake pedal with a scale so they could tell how hard the driver was pushing down on the brake pedal. It took 275 pounds of pressure to bring a car to a stop.
There are many older people and others who can't do 275 lbs on the leg-press.
Putting moderation advice in your
Of course, tailgating someone so they'll accelerate to my desired speed is also a "stupid asshole tactic".
I don’t disagree, but I wasn’t talking about them.
Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
Sometimes folks step on both pedals to start up steep inclines. You can use the emergency brake as an alternative though.
Also sometimes folks step on both pedals to dry out brakes after driving through puddles. Granted this was more of an issue with shoe brakes than disk brakes, but folks get in the habit and the results could be unfortunate if the behavior is changed......
I would suggest to those people that they learn how to drive properly.
Hill starts are done with the parking brake, not the service brakes.
Drying out the brakes is a drum brake issue completely and is 100% unnecessary with disc brakes. Seriously, if you are having water-related problems with disc brakes then there's something wrong with them, or you're just imagining it.
Putting moderation advice in your
In the computer world, we're all taught to install firmware updates only if there is a real problem
Based on the news, I'd say you answered your own question.
This problem doesn't affect the manual tranmission based cars, becuase they can simply engage the clutch to avoid the problem of a runaway throttle.
Bill
It's my Sig and you can't have it. Mine! All Mine!
Valid point, but people who engage in such tactics should go back for some driver re-education. Hence, my statement is still correct ;)
FOXTROT UNIFORM CHARLIE KILO
not while you are driving.
Scientia et Potentia
It doesn't take a lawyer to realize that the potential liability incurred by willfully ignoring a recall that is tied to issues that have already caused multiple deaths is significant. Imagine hearing the lawyer representing the people who were rear-ended by your runaway Camry as he introduces "Exhibit-A. A document signed by the respondent, wherein he acknowledges that his vehicle has the potential for loss of throttle and braking control, and that said loss of control could result in the respondent or others being injured or seriously killed..."
Get your car fixed. If the update bricks your ride, it's Toyota's problem. If your ride kills people because you ignored a recall, it's your problem.
Since he died before he got to the hospital, how does anyone know that he hit the brakes and nothing happened?
Maybe he was talking on his cell phone/gazing at a pretty girl on the footpath and didn't notice an intersecting highway? Maybe his wife was being a real cow and he decided to end it all? Maybe he didn't really exist and your dad's friend is making things up?
The problems theoretically affect all cars that Toyota sells, but I'm guessing that well over 90% of their cars (at least in the US) are automatics, and manuals provide more ways to stop an unintended acceleration incident.
I know VW's implementation of a brake override only kicks in if you hit the accelerator before the brake - hitting the brake, then hitting the accelerator won't cause the accelerator to be locked out, IIRC, at least on manual cars.
Of course you should take the update. They're not pushing out a 100 million line update after three months. They're pushing out an update that maybe changed a couple of thousands to maybe a couple of hundred thousand lines of code. Totally doable and testable within a 3 month period. Obviously, it's your choice to take or not take the update but are you willing to put yourself and your family in harms way based on an unlikely 'what if' software bug when you have a KNOWN software bug currently in your system?
Anthony Papillion
Advanced Data Concepts, Inc.
"Quality Custom Software and IT Services"
That depends is it an even-numbered service pack?
While it is true that a fix/service pack/upgrade can add new errors, *usually* they fix more than they add. In this case because they are trying to fix a Critical Error, taking it to fix a know potential fatal error even though it may introduce new errors is a good bet.
Looking for a job?
Want your resume written professionally?
DON'T USE TUNAREZ!!!
It's all about liability. If you take the update and your car does something it obviously shouldn't, at least to have some legal recourse against Toyota. If you don't take the update, it's the same as absolving Toyota of all future problems you may have. All Toyota has to say is: "It's really tragic that he lost his left arm in that accident when his car sped out of control, after foolishly choosing not to take the free firmware update that would have prevented the accident, thus giving us indemnity."
Dumb ass.
Look, if you don't have a problem with your car, then don't apply the update. It's as simple as that.
If your required by your insurance agency, yes, update then.
But you trusted toyota when you bought your car, all 100 million lines of code and all. Why you aren't trusting them with the update makes NO SENSE at all.
Be seeing you...
Did you miss the part where I said he was resuscitated? Not to quibble over what it means to be “dead”, but I think you know what I meant. He was mostly dead.
Now, if he’d been all dead... well, with all dead, there’s usually only one thing that you can do...
Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
Or the hand brake especially if you have a manual and only two feet.
Seriously they are going to have to have something like the brake is depressed by at least so much say 75% for at least a certain duration say a second for this to kick in. Otherwise how would all the Toyota drivers that I see who rest their left foot on the brake get anywhere?
Since there seem to be four separate and unrelated reasons for Toyotas accelerating out of control it is difficult to speculate as to how many have a software glitch, a short circuit issue, lose floor mats, or a worn linkage.
Yes, I second the manual TDI approval and, having reprogrammed the ECU in my 2003 4 times now, A. don't fear ECU flashes and B. love the fact that by design my car disables the drive by wire throttle when the throttle and brake are applied simultaneously. I've tried it out as an experiment and it works.
Only problem for me with putting the car in neutral is the absence of a rev-limiter (it's programmed that way on purpose) but if the engine in my car runs away, it's much more likely that it is due to a turbo failure sucking all the oil into the intercooler and then the engine rather than an electronic failure of the throttle pedal confusing the ECU.
Oh yeah, and I still get 38mpg with double the hp and torque that the car started out with.
One more thing, people have no idea but their cars are frequently flashed at the dealership to fix all sorts of things, and I'd image that 95% of the time the car owner has absolutely no idea.
Ocean is land, covered with water.
And no problems figuring out which pedal I was pressing and how hard. As if a spring on the other end of a throttle cable somehow were superior in feel to a spring on the pedal down by your foot. Insane.
There is no car with brake-by-wire, the pedal always operates the brakes directly, but the computer may modulate the boost for you to change exactly how much it does it. But even if the computer craps out completely, you still have that direct hydraulic connection to the master cylinder and from there to the brake pads.
So in summary, it's in your head.
http://lkml.org/lkml/2005/8/20/95
[citation needed]
No, not really. Only a fool would install ONE sensor in such a highly critical enviroment. Example: If the pedal is at 100% throttle(as its drive by wire i believe), and someone taps the break.. that should reset the software. Or initiate a limp mode or something.
So basically, -1 troll/offtopic is really slashdots way of saying "I hate that you thought of something before me."
An internal short could occur within one or more of the paths from the circuits leading to the ecm. That could lead to a situation where the computer cannot detect its own failure.
Goodness, who is the brilliant engineer who came up with that system.
We are only a tiny design company, but now do Failure Mode Analysis on anything that could be a safety threat.
I can tell you now that the circuit you described above would have NO WAY of passing that review, yet it somehow got through the processes of a muti billion dollar company
There are dozens of low cost alternatives to having identical hall effect voltage sensors.
eg:
One 4-20mA, one 0-5v
One PWM, One 0-5v
Inverted curve outputs.
CAN bus output.
My design preference would be inverted curve PWM outputs. (Less change of EMI effecting a voltage/current output, mcu can verify frequency for interference, cheap to implement)
Another problem, is if you have a runaway microcontroller that happens 1 in 1^6 hours operation, it may be impossible to replicate by the engineers.
I think that means you need a redundant system that monitors the main system and has the electrical ability to cut power to the engine if it sees a safety problem
46137
You say you are a developer, and ask a question like that?
And I didn't even pause to see if ANYONE asked this already. I don't care, because if you were on one of my teams and asked something like that, you'd be off my team in an instant.
"My driving habits don't cause the floor mat to slide much, so I see the update as overkill." Since when did the mechanical placement of a floor mat have ANYTHING to do with the "fly-by-wire" operation of the throttle???
I'm still dumbfounded that anyone could confuse the two.
Dave Lawson
dot-sig.
This is a pretty simple change. The car has an E-throttle and this change simply makes it react the way the the E-throttle in almost every other manufacturer's car does. The change cuts throttle if the brake and throttle are both pressed for more than a short period of time thus allowing the car to slow more quickly.
One of the sports car magazines I receive noted that Toyota was the odd one out in the practice of NOT cutting throttle under extended braking. It showed too in their testing where they took a number of cars up to speed, stomped on the gas and brake, and measured the stopping distance. Even high HP cars like the Ford Cobra stopped in a reasonable amount of distance with the Toyota cars showing a noticeably lengthier stopping distance. Oddly - ALL cars were able to stop so these cars going for miles and miles unstoppable seems awful strange. Yes, they did test cars that have been reported to run away from Toyota...
IMO - it's a worthwhile update that will help stop your car in the event of a runaway situation...
Build it, Drive it, Improve it! Hybridz.org
If I simply went from brake to gas with enough throttle input to overcome the rollback, it is likely the vehicle would do a burnout in the rain
If it does a burnout, you applied way too much throttle, not “enough throttle to overcome the rollback”.
If it rolls backward, you didn’t apply enough throttle. If it moves forward, you applied more than enough. If the tires spin, you applied way too much.
Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
Since the update is being performed by a Toyota dealer, any problems caused by the update will be fixed at no cost by the dealer.
If the dealer installs the update and in doing so bricks the cars computer units, the dealer is obligated to fix the bricked computer units for free (especially since the update is done as part of a recall)
Even the Linux Kernel it is broken into a bunch of smaller programs, so a fix doesn't effect millions lines of code.
Wrong wrong wrong. See the following:
Radiation affects human cells.
One of the effects of radiation on human cells is the destruction of DNA.
Understand the difference now?
Comment removed based on user account deletion
Perhaps they are counting the lines of code after the preprocessor is done with it? With all the inlines being duplicated as lines of code. Macros. Built-in functions. using C++...
You own source shows Toyota obstructing the use of data from their own "black boxes".
I've read every line of the actual articles in both citations and nowhere does it say anything of the sort. Blogger comments don't count. Businessweek has a good article on the whole smelly affair.
And I'm glad you don't work for me.
The gas pedal has to be connected to a position encoder. I am aware that position encoders usually are a number of tracks around a disk, with a gray code pattern. As the disk shaft rotates, under the scan heads appears one set of codes. The gray code theory is that between adjacent shaft rotation positions, from all the tracks, only one single bit changes. But suppose there is an intermittant connection in a readhead for a track. Then all hell can break loose. If the fault is in a bad place, the encoder can indicate full pedal to the floor. -- Sudden acceleration. My guess that the acceleration problem is electromachanical, and not in the logic behind managing the fuel injector system. Putting the braking system to override the accelerator is going to cause many more problems. It is going to be hell in snowy road or icy road conditions. Imagine trying to get out from a snow bank. One has to rock the car by accelerating forward, and then backwards using the cars momentum to move the car along. One has to sort or ride the brake while using the accelerator. The fix may have a big negative impact on winter safety, and may only be acceptable if the brake pedal has to be applied to the maximum to enable the override. That means, a problem in what to do when the vehicle stops and you take your foot off the brake. Himmmm That is my opinion.
Leslie Satenstein Montreal Quebec Canada
When at a stop while driving uphill a common technique is to use the left foot to control the brake and the right to control the throttle. When the light changes to green, you don't let off the brake until the throttle has been opened sufficiently to prevent the car from rolling backwards. If you don't use this technique then, when you lift your foot from the brake, the car rolls backwards! Note that this is done only in this particular circumstance and that, in general, it is dangerous to drive using both feet. This is a rare instance where it is unsafe to drive without using both feet.
With the modified software, this will no longer be possible. So on a hillside stop your car may roll backward into following cars because any brake pedal pressure whatsoever will reduce throttle to 0. What is worse, pedestrians skipping between cars may be crushed. Please convince me I am wrong.
There are advantages to the "analog" feedback present in the drivetrain of older cars that lack software control.
I just misinterpreted it as being resuscitated N times but dieing N+1 times, given the past tense reference in the first sentence.
When I discovered the existence of automatic transmissions as a child (we Europeans primarily use the more efficient manual transmission), I asked how it stopped the engine from stalling when the brake pedal was applied. My father told me that the brake pedal was also connected to a clutch. This would obviously cut power to the engine when the brake was in use.
The force from an idling 1580cc turbodiesel, even without a stuck accelerator, extended the emergency stop distance of my learner car by a non-negligible distance, at least a couple of metres. This is why my driving lessons included engaging the clutch after the brake when performing emergency stops.
Now I have recently learned from Slashdot that, seemingly, in most automatics the brake pedal doesn't even cut the throttle. Given that many automatic cars in the US seem to be connected to 3000cc six-cylinder behemoths, I am sure this worsens the stopping distance for those cars a great deal more than a couple of metres. How many people has this particular design flaw killed over the last fifty-odd years?
I have never had any hardware "Bricked" from doing a firmware update. Either I'm just lucky or kiehlster writes with a bit'o artistic license for dramatic effect.
-Eric
PS: "Brakes"...
No sig today...
You claim to be a software engineer, but you think a sliding mat can cause bugs?
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
My mom used two footed driving as a form of control at very slow speed. The idle wasn't enough to start moving the car, but once moving it would move too fast for her comfort backing out the garage or out of a parking space. So she would drive with one foot on each.
To think: My mom had something in common with Pirrelli Jones/
Third Career: Tree Farmer Second Career: Computer Geek First Career: Teacher, Outdoor Instructor, Photographer.
Sorry, could you rephrase that with a car analogy? ... Oh, wait.
Of course it is not possible to modify any code without the possibility of introducing bugs, but they are probably putting in a relatively small amount of code which sets a flag when the brake is pushed, read by the throttle code to disable the throttle. If you don't take it, then at least follow the advice of the current pundits on this subject, and DON'T cut the engine in the case of a stuck throttle; rather shift into neutral. The engine software has speed limiting, so it won't self-destruct, and the running engine permits the power assist stuff to continue to work so you can brake and steer the car.
Mostly related to software hanging during the update process; rendering the hardware inoperable.
Once I had a brownout switching the PC off/on; not fast enough to reboot the software but enough to render it's update process to hell.
A JTAG connector is always handy in that case; if there is any on such bricked device.
A few weeks I've bricked my cellphone and got it back in order with the help of a Nokia engineer using Phoenix.
Maybe it's bad karma and I got to create some distance between me and the upgrading product.... never tried that!
--- I am known for the ones who want to find me on the net. Is that a privacy risk or a privilege? One might wonder..
On all those spaceships in the sky using warpdrive .. how not to bump into the nearest star or planet ; do their computers steer to the left/right by starmap while flying faster than light?
If so, how do they use warpdrive in unexplored areas? I wonder how trekkies have related to these questions...
--- I am known for the ones who want to find me on the net. Is that a privacy risk or a privilege? One might wonder..
When someone is tailgating me I slow down. No brakes, just foot off the accelerator. Because, firstly, I'm an arsehole, and secondly its the only remaining control I've got to make the situation safe again by giving myself enough space behind me for the speed I'm doing. Of course those few mindless idiots who realise what I'm doing and back off, I'll return to my original speed. Generally they had the shits with me in the first place for doing such horrible things as following the speed limit, which I do as I pretty much have to the way speed limits are enforced here in .au if you actually get caught