New Jaguar XJ Suffers Blue Screen of Death

An anonymous reader writes "CNET UK is reporting that it crashed a £90,000 Jaguar XJ Super Sport — one of the most technologically advanced cars on the planet today. It's not the sort of crash you'd imagine, however — An unforseen glitch somewhere within the car's dozens of separate onboard computers, hundreds of millions of lines of code, or its internal vehicular network, led to the dramatic BSOD, which had to be resolved with the use of a web-connected laptop."

Not a BSOD

[localman57]

If you RTFA, there' no mention of Windows. The Car just wouldn't start. They disconnected the battery, and reconnected it.

Re:Not a BSOD

[davmoo]

Not only is there no mention of Windows, there was apparently no actual "blue screen". The car simply didn't spring to life and the displays were blank.

Somebody obviously needed to sensationalize by using "blue screen of death" even where it wasn't.

Re:Not a BSOD

[localman57]

Exactly. A less sensational headline could have been "XJ Power button kinda flakey". This kinda stuff is what drives technical support people nuts. The technically ignorant public comandeers a technical term, such as BSOD, with a very specific meaning, then generalizes it until it's no more useful than the word "Crash". Less useful, actually, since it makes people familliar with the original meaning infer information that the ludide doesn't mean to imply. For people of this level of technical sophisticaiton (Toughbooks, OBD2 interfaces, etc) to do this is shameful.

While I'm on this rant, can we please, please, stop using the word "Literally" as an intensity modifier for metaphorical descriptions? I swear, the next person who tells me they're "Literally on fire" gets sprayed with a fire-extinguisher as an object lesson. Power or CO2, I haven't decided yet. We'll just see what feels right at the time.

Re:Not a BSOD

[TheGratefulNet]

calling a 'power button' problem is a bit surface-level, wouldn't you say?

we all can be pretty sure it was NOT the button but the cpu systems and networks behind it.

if you are going to be pedantic, get it right, at least. literally.

Re:Not a BSOD

[richie2000]

I swear, the next person who tells me they're "Literally on fire" gets sprayed with a fire-extinguisher as an object lesson. Power or CO2, I haven't decided yet. We'll just see what feels right at the time.

Much too lenient. Halon gas.

Re:Not a BSOD

Exactly. A less sensational headline could have been "XJ Power button kinda flakey". This kinda stuff is what drives technical support people nuts. The technically ignorant public comandeers a technical term, such as BSOD, with a very specific meaning, then generalizes it until it's no more useful than the word "Crash". Less useful, actually, since it makes people familliar with the original meaning infer information that the ludide doesn't mean to imply. For people of this level of technical sophisticaiton (Toughbooks, OBD2 interfaces, etc) to do this is shameful.

Yeah. They should have said that they bricked the car instead.

Re:Not a BSOD

[md65536]

Unfortunately, "literally" can literally mean "metaphorically." It's in the dictionary.

I believe this is a little trick linguists have snuck in, almost as if to say "Language is not mathematics (and this will really piss off the slashdot crowd, who like both and will go nuts trying to reconcile the two!)"

"Literal" meaning "metaphorical" is also a literal irony, which is another thing that excites linguists. I think once you get the joke, it won't be so bothersome.

Re:Not a BSOD

[X0563511]

Which is why, on all for walls in one of our halon-protected DCs, there's a big red mushroom switch that aborts the system.

You'd think that would be the EPO, but that's actually a small button with a glass molly guard (and big steel hammer chained to it) that's next to it. Unexpected, but it seems the right way to go about it :)

Re:Not a BSOD

[paeanblack]

Exactly. A less sensational headline could have been "XJ Power button kinda flakey". This kinda stuff is what drives technical support people nuts.

I stopped at "hundreds of millions of lines of code"

# find /usr/src/linux/ -name "*.[ch]" -exec cat {} \;|wc -l
11561604

A car OS beats that by twentyfold?

Re:Not a BSOD

[Barny]

From TFA

Over the minutes that followed, the software analysed every one of the car's digital systems in search of a problem. The culprit could have been any number of things -- the Bosch-supplied, Linux-based infotainment system, the Visteon-supplied virtual instrument display, a heat-ravaged processor, an errant mouse somewhere in one of the car's hundreds of miles of wiring, or the dodgy contents of a CNET UK memory key in one of the XJ's two USB ports.

I know its just sensationalism on their part, but if putting a badly formatted USB stick into the in-dash USB port is enough to kill the car, there is something seriously fucking wrong with it.

Not that surprising.

[blankinthefill]

FTFA: "Over the minutes that followed, the software analysed every one of the car's digital systems in search of a problem. The culprit could have been any number of things -- the Bosch-supplied, Linux-based infotainment system, the Visteon-supplied virtual instrument display, a heat-ravaged processor, an errant mouse somewhere in one of the car's hundreds of miles of wiring, or the dodgy contents of a CNET UK memory key in one of the XJ's two USB ports."

Lots of systems running together, in a very rugged environment (for a computer, anyways)... I don't think it's terribly surprising that this could happen. In fact, the only surprising fact here is that it doesn't happen MORE often than it does.

Re:Not that surprising.

[localman57]

Nobody said it was the Linux system. It could have been whatever ECM monitored the Power Button. Normally, you hit the button, and it sends out a message across a bus, typically CAN (or FlexRay in the most modern systems) which tells the other systems to "wake up", and typically also energizes the ignition wire for non-connected systems. If that one ECM was locked up, the car is pretty much hosed until you can reset it. Could well have been a $5 microcontroller imbedded in the dash, and running a fore-ground/background loop, and no real OS.

Re:Not that surprising.

[TJamieson]

Three words -- Body Control Module. I don't know a damned thing about Jaguars, but with GM vehicles in general they all have a Body Control Module installed. Anything that isn't directly related to the powertrain is controlled by the BCM (incidentally, the powertrain is controlled by the Powertrain Control Module). In many GM vehicles, the BCM can be communicated with via the radio; this is to set certain user options like how long the headlamps will remain illuminated after exiting the vehicle. In the event that something goes wrong with the BCM, the radio will lock because it gets put into an anti-theft state, and typically the car will not start. All because a single capacitor on a shitty little Motorola board got cooked, for example.

Then, even if you get a used BCM with the same option codes as the one you're replacing, the radio will remain in an anti-theft state because the thinking of the designers (I guess) was that people would start swapping BCMs just to steal radios -- dumb.

GM, of course, has a tool to reprogram BCMs, but even they say there's a 50/50 shot their programming will render the BCM unusable. From my limited research of the boards they use, it seems there is little if any CRC done in any shape or form, so it sounds like the board will happily write bad or invalid data to the PROM.

Again, I don't know how a Jaguar design works, but there are vehicles where the radio does indeed affect other parts of the vehicle, much to the dismay of owners and dealers alike.

Re:Not that surprising.

[Alien+Being]

It sounds like this cat needs a watchdog.

Re:Not that surprising.

[Beyond_GoodandEvil]

For instance, before GM had the Passkey system the Camaro was the most stolen car year after year. Once Passkey was introduced it completely dropped off the list.
GM also stopped making the Camaro from 2002-2010, that will help reduce the number stolen.

Re:Yay!

[Fwipp]

They're not, though. The car didn't BSOD, and TFA makes no mention of them running any Microsoft software. They did, however, mention Linux.

Yo Slashdot,

I heard you like car analogies, so we put a computer in your car so you can crash when you crash.

Wait, that's not actually an analogy.

Not a BSOD - No Microsoft here

[wowbagger]

In fairness, the title is misleading: Blue Screen of Death implies Microsoft Windows, and there is no Microsoft Windows involved in this story (at least, not in the car). Indeed, the only OS mentioned in the story is Linux.

I despise Microsoft and Windows, but I do so for REAL reasons, which this story IS NOT. The summary should be fixed to note this wasn't a BSOD, that Windows was not at fault, etc., just to be fair and consistent.

As it stands, the summary is just prejudiced and misleading.

(oh, sorry. forgot where I was for a moment.)

Why?

[Pentium100]

I still don't get it - why cars need so much software? Older cars worked quite well with just mechanical controls, so why there are so many computers in new cars?

Non-essential systems do not count - if the radio/usb player fails, I'll be annoyed (and I can replace the player with a simpler tape deck if I want to), if the steering or brakes fail, I'll be injured or dead.

So, why the millions of lines of code? Are they really necessary for the system to do the job what simpler (and more reliable) mechanical linkages did in the past (steering, brakes, throttle, clutch, gear selector)? Mechanical devices fail, but they usually give "notice" before doing so - you can see the rusty rod or the cracked link before it fails. Oh, and you still need the mechanical device (the wheels somehow have to turn in the direction that the user turned the steering wheel). Also, people seem to be able to design mechanical devices that work as intended, while software is almost always buggy.

My 28 year old car somehow seems to be able to work and get me from point A to point B even though the tape deck has more complex electronics (well, it has a RDS decoder, Dolby B and C NR, logic controls, LCD display, ability to control CD and MD changers etc) and the electronics of the car itself consist of a few relays.

Re:Why?

Diagnostics is the first reason. The amount of information you can get on any car the past 10-15 years is absolutely amazing. Acceleration levels, fuel usage levels, break levels, even tire pressure levels, and logs of many of these functions. It dramatically reduces the cost and time to check a car for problems and unusual behaviour when you have very small very simple computers monitoring all the essential systems on your car. The software also usually permits altering a lot of parameters - useful when finetuning the car in question. The logs in particular are frequently used to assess crashes - which is for example how we have discovered that vast majority of crashes the driver either does not brake at all, or only applied a small amount of braking force. This information is why a lot of manufacturers are now looking at into installing systems into cars that will automatically apply the brakes if a crash is inevitable (to get down the speed and reduce the damage and danger of the crash).

Re:Why?

[KwKSilver]

I still don't get it - why cars need so much software?

To drive up the price and profit margins. Silly goose.

Re:Why?

[demonlapin]

A 2010 Toyota Camry gets 268 hp from a V6 engine while still getting 20 mpg around town. Let's see a 1982 model do that.

Re:Why?

[hcdejong]

Engine management is a lot more sophisticated than a mechanical carburettor can ever hope to be. Between environmental regulations (cleaner air), diagnostics (cutting down on repair time) and performance (getting more from a smaller, lighter engine without compromising reliability) it's gotten quite complicated. Then there's the chassis, with ABS, ESP and other electronic driver aids. Miles of wiring have been replaced by a lighter, more reliable bus system for all electric functions in the car.
Some of this is down to ever-tighter regulation (emissions, safety). Others are due to the competitive nature of car sales: ever more features get tacked on.
Thanks to electronics, cars have gotten a lot more reliable over time. The last few years, car companies have overstepped, though, offering new features before they were ready, and not doing enough testing for proper integration.

Re:Why?

[RoFLKOPTr]

It dramatically reduces the cost and time to check a car for problems and unusual behaviour when you have very small very simple computers monitoring all the essential systems on your car.

And yet repair shops still charge you $85 to plug a machine into the OBD port and tell you that you can pay them to fix it.... hmmmm.....

Re:Why?

[Achromatic1978]

Yeah, because 4 ton land yachts that require a honking great V8 to get 0-60 in 10-15 seconds, all the while getting a good 2-3mpg, are such a better investment...

The days of 9' wide Buicks were 40 years ago, spud.

Re:Why?

[winwar]

"A 1982 model could move itself with just 70 hp and many could get 50 mpg on the highway compared to the Camry's 29. Sounds like we're advancing in the wrong direction to me."

And the 1982 model would not be legal for sale today. In any case, you can buy an entry level Toyota which will get very good mileage and be superior in pretty much every way to that 1982 car (safety, emissions, reliability, performance). Or buy a Prius.

What's your point again?

Re:Unsafe at *almost* any speed?

[zippthorne]

It did fail safe. It didn't let the car even start. "Parked" is about as safe as you can get, for a car.

Too much eminem

[LoRdTAW]

I was going to read the article, until I reached this line:
"Our first instinct was that we'd exhausted the car's battery by watching too much Eminem on its integrated DVD player"

Then I figured out their problem. The car simply could not take take it anymore and once it realized they were going to load an 8 mile DVD, committed suicide.

and to think...

[WiglyWorm]

I got called crazy when I brought up this site's anti-MS pro-linux slant yesterday. The thing was running Linux and it's stillbeing blamed on Microsoft!

Should have used QNX.

[LikwidCirkel]

It's a Bosch dash running Linux for the infotainment. I much prefer Harman dashes that run QNX like Audi, BMW, and a number of other car makers use... totally more reliable IMO. I've actually worked hands-on with some of this stuff, and I must admit, I trust QNX much more for mission-critical applications, like automobiles.

Re:Should have used QNX.

[LoRdTAW]

That is pretty much the realm of QNX, a real-time embedded mission critical operating system. I once met a guy who wrote software for QNX used on communications satellites. So yea its pretty damn reliable. They used to offer a free desktop OS (Neutrino RTOS) around the same time Be Inc released BeOS R5 PE. I still have a download kicking around too. Before that (1999 ish) they offered a single floppy image that booted your PC and even provided a few small and simple demo programs and even a game. Its amazing feature was a web browser and Ethernet card drivers. Pretty amazing stuff for its time.

Insufficient paranoia

[Animats]

Many years ago, I was at Ford Aerospace, where we had some slight involvement with the Ford EEC IV engine control module. The designers of that were paranoid about a failure of the module making the car immobile. So they did the following:

• The device was designed for a 30 year life span. (Many 1980s Fords are still running with EEC IV modules, so they did it.)
• The program for the device was etched into the silicon of the CPU. There is no way to change it without replacing the entire module. Huge amounts of effort were put into getting this small program right, including some proof of correctness work. It was successful; there's never been a recall.
• There is a removable module with a ROM that has engine parameters. (The format is known; people have made their own for racing purposes.) It's just tables, no code. It's a bulky metal-cased plug-in module, hard to damage.
• The device starts from a clean ground state at power-up. There is no persistent state that can prevent startup.
• There's a dumb backup mode in the program. If the complex engine control algorithm fails, it reverts to a simple backup mode. Performance isn't very good.
• There's a second hardware backup mode in the ignition controller. This was referred to internally as "limp-home mode". If a timer in the ignition controller detects that the EEC isn't responding, it drops into a mode where the spark fires each time a pulse from the crankshaft position sensor comes in. In this mode, there's no spark advance, no smart fuel injection, no active emissions control, no engine/transmission coordination, and top speed is about 25MPH. You can still drive the car.

Designers today are not being sufficiently paranoid. They're assuming that the entire system stays up and that tow trucks are easily available.

same reason as your thermostat

[YesIAmAScript]

Why aren't thermostats the round Honeywell mechanical jobs anymore? They worked.
Why are egg timers in your kitchen all electronic now? Mechanical timers worked.
Why does your washing machine have electronic controls now instead of the big mechanical dial with 4 modes on it?
Why is your electricity meter an electronic counter now instead of the mechanical spinning thing with 5 dials?
Why does the tape deck in your car have an electronic tuner instead of a dial, variable capacitor and a string loop with a needle on it to indicate the station?
Why are watches electronic (quartz) now instead of complex movements?

The answer is the same in all cases. It's because software and electronics are cheaper and do the job better than the old mechanical device did. Your washing machine can have more flexible modes, like the ability to extend the rinse cycle in increments, or even add a 3rd rinse. Your thermostat can have a setback mode to save energy when you aren't there. Your egg timer can be set to beep 5 minutes before the timer expires. Your electricity meter can count daytime electricity different than nighttime electricity. Your tape deck's tuner can select stations more accurately, have simpler preset stations (ever see how the 5 preset buttons on a radio with a tuner know worked? very complex) and is much smaller. Quartz watches keep time more accurately than mechanical watches, last longer and can have chronographs and other functions without adding a lot of cost.

And in the end, it's really the flexibility of software that wins out. Software can be programmed to do a lot more complex things and can be reprogrammed to do it slightly differently very cheaply, no need to change tooling as you would to change mechanical parts.

Remember what mechanical adding machines and cash registers looked like? What they worked like? A mechanical cash register had to have far more buttons (10 for each digit) and was limited in what it could do. Want to put in 5 identical items? You had to pull the lever or push sum 5 times. Meanwhile electronic cash registers don't just add. Sure they can calculate different tax rates on different items, that's just the beginning! You don't just put prices of items into the cash register, you put it items. And the cash register knows the price of the item, knows whether it has a special tax rate (like groceries sometimes do) and knows if you get a discount for buying 5 of them. And it also does inventory control, it sends info back to the central computer at the store to indicate they've sold 10 widgets. At the end of the day, the system figures out you've sold over 80% of the widgets in stock and the system suggests you order more widgets from your supplier.

That kind of "behind the scenes" stuff also takes place in cars. A modern car like this Jaguar emits fewer trace emissions in a year than your car does in a day and this is due to the tight engine control possible with a sensor package and control software.

A modern car knows if you're in the car. It unlocks the door if you're outside and pull the handle, it just senses your key (which is more of a fob) in your pocket. It auto locks when you get out. When you're inside, all you have to do to start it is touch a button, since it knows the key is inside, you don't have to insert it into a lock (and mechanical locks wear out, as I'm sure you with a 30 year old car can attest). When you touch the button, it cranks the car until it starts, no less, no more. No need to hold down the button until the engine catches. And if the car is already running it doesn't try to start the car and make a screeching sound. While its running, if your turn on the A/C and it puts more idle load on the engine, it applies more idle throttle to the engine so that it doesn't stall. If you let out the clutch a little too fast, it applies throttle to prevent a stall there too. If you put the clutch in and the gas at the same time, it will cut the engine off at 4,000 rpm to prevent over rev damage. You have an electronic parking brak

Re:But from a Use Case perspective ...

[dgatwood]

My guess would be a separate power management controller somewhere that was wedged with everything in a powered down state. They couldn't talk to the main computer (ECU, maybe?) to reset it, which probably means that the main computer itself wasn't getting properly powered up by the power button. You wouldn't typically leave a computer system running off the car battery (even with the displays powered down) while the car is shut off. It would consume too much power.

Either way, I agree that it probably can't have been the button itself, or else the power cycle wouldn't have fixed it. Well, I suppose it could be a self-resetting fuse somewhere, or (maybe) a stuck latching relay, but odds are, it's a power management controller or similar.

In the grand scheme of things, this probably calls for the addition of a power management reset feature, e.g. two extra sets of switch contacts and a 555 timer IC wired up as a pulse delay circuit so that if you hold the power button down for ten seconds, the chip's power gets momentarily interrupted by a depletion-mode MOSFET. You know, something so simple that it is almost guaranteed not to fail in the lifetime of the vehicle.