Slashdot Mirror
Safercar.gov Overwhelmed By Recall For Deadly Airbags
darylb writes "The NHTSA's safercar.gov website appears to be suffering under the load of recent vehicle recalls, including the latest recall of some 4.7 million vehicles using airbags made by Takata. Searching recalls by VIN is non-responsive at present. Searching by year, make, and model hangs after selecting the year. What can sites serving an important public function do to ensure they stay running during periods of unexpected load?" More on the airbag recall from The New York Times and the Detroit Free Press.
Is a website buckling under load? Let's publish more articles about it and drive more traffic to their site!
Scale.
It's a known problem with known solutions.
that sells your car. Talk to the garage, they will have notification.
The Kruger Dunning explains most post on
Why should the government be the main source for recall information? Shouldn't that come from the manufacturer/importer?
Pass a law saying car companies must have recall information easily accessible on the web. The extra cost for the companies (which have large splashy advertising sites already, backed by a decent server infrastructure) will be next to nothing. However, this will save the government money; they can just put up a static page with pointers to the individual manufacturer's sites.
Takata, remember when it used to be about the CRAFTMANSHIP, man? Back in the early days, you used to make airbags because you had a PASSION for it. Then the money came, and the drugs, and the women. Pretty soon, it's like you didn't even care anymore about the quality of the airbags. You were just living for the next party, the next line of coke, the next paycheck. The work suffered, man. And you chased off everyone in your life who really cared about airbag engineering and manufacturing. You just pushed them right aside, didn't you? And so now comes the crash.
It's time to rethink things.
SJW's don't eliminate discrimination. They just expropriate it for themselves.
Did the same company design this site that did the federal healthcare.gov? You'd think that after that disaster they'd be looking at ways to handle spikes of traffic.
As in, if they sold a faulty product, they have to fix it, whether it is a a set of brakes that don't work, or a window that won't open.
Basically, we end the 'buyer beware' system for new cars.
excitingthingstodo.blogspot.com
Unless things have changed dramatically*, there are rules that make it harder to use commercial cloud computing, as not all can guarantee that the services will only be hosted in the U.S.
Most agency cloud computing efforts are for internal number crunching (eg, scientific computing), not public facing websites. When they *have* gone and done it, they couldn't come up with a viable cost model for different groups to be willing to convert to the service. (Oh ... you can't tell me the price, because you need to break-even, and you don't know how many people will agree to use it? Okay, that's a decent price; it's not that much more than what we pay now ... oh wait, I have to pay for 3 VMs for prod / test / dev?)
The problem w/ building up a cluster to scale is that it means that you have inefficiencies of having idle machines; the way to get around this is to have lots of unrelated services running on the same system so that they shouldn't all need to max out at once.
In practice, it's often easier to switch to a 'low resource' version of the site when you start getting hit heavy -- drop all of the pretty images cluttering up pages, and just serve the basic content. Webserver tuning also helps dramatically ... as simple as splitting your static content off to a seperate server (so that you can repoint it at a CDN if necessary), while your local servers take the brunt of the dynamic requests. (and possibly make the site less 'interactive' in times of high load.)
* which wouldn't surprise me, as I work for a federal contractor and we seem to be the last ones to know about policy changes ... I once spent more than a year dealing with waiver paperwork only to find that by the time it had been granted that it had been allowed for 6+ months.
Build it, and they will come^Hplain.
This specific recall with air bags was expanded into areas with high humidity. The recall system with selective recalls based on the current environment is flawed. Your recall notice and letters are based on where you car is registered the day the recall becomes active. If your car spent the first 10 years on the Florida coast and you moved 1 week before the recall, if your car was 10 miles away from a state that was effected and travel into that area every day of the week for week or pleasure, if you are in the military and your car is registered in your home of record, if the car was a rental and registered in soem random state.... None of those would apply to you but your car could still have this safety issue. You won't even be notified of the potential problem. The front control arm on one of my cars failed suddenly in a way I had never seen while I was driving it. Only through luck am I still alive today. Many people were not so lucky in this exact car when it happened. Puzzled how that happened I did some research. The first site that came up was the safer.gov site with a recall that described exactly what happened to me. The kicker is the recall only applied to those cars in "salt/snow belt" states. I am 5 miles from the border of 2 salt belt states that did have the recall, I used to live in a salt belt state and had the car registered there for 5 years and I travel to friends and family that live that salt belt state frequently. Had I at least been notified of the problem I would have done the inspection myself or taken somewhere to have it inspected. This particular failure is a piece of boxed steel that rusts from the inside out so unless you knew about it or were specifically looking for it, you would never now.
If a part is faulty, it is faulty, safer.gov and manufacturers are not qualified to pick areas based on general weather conditions over a 5-10 year period. There are too many unknowns. You could live way outside of the salt belt or high humidity area but park your car on a gravel driveway or a dirt driveway instead of asphalt and your corrosion rates would be much higher. Same if you go skiing every year. You would never be notified and you would be at risk.
How about building your tech stack so that it can be scaled up/down on-demand? I'm using Rackspace and we have dedicated servers along with cloud servers. I can add or remove cloud servers as needed and also have the load balancers updated.
If you're just doing reads against a database, it's straightforward to add additional replicas (we use MongoDB with replica sets, don't have enough data for sharding yet). If you need to do any processing, then you should build a grid compute system where you can just add additional compute nodes. We're using RabbitMQ along with Celery. Granted, this strategy ignores issues like a saturated network, but our provider is responsible for dealing with that.
Oh, "airbags." No more buttered scones for me, I'm off to play the grand piano. Pardon me while I drive my car with airbags!
"When information is power, privacy is freedom" - Jah-Wren Ryel
What can sites serving an important public function do to ensure they stay running during periods of unexpected load?"
Not be created and run by government which has very little interest in ensuring the success of legislation which has already passed. There's the next election to think about, don't you know and those pesky Republians/Democrats [delete as applicable] are going to destroy the world if you don't vote in our slightly less scummy candidate.
The Android app still works for me even though the site seems to be down.
Hard to understood why people continue to use inherently slow and glitchy application stacks to run their sites.
Starting with java and piling on interpreters and frameworks to the point it takes a minimum of 1GB just to start tomcat stack for even trivial applications not even counting data tier something has gone terribly wrong. Once started performance running through mazes of redundant abstraction on top of redundant abstraction leaves precious little room to make up for inevitable developer laziness without maxing out available resources. Isn't just Java yet it seems to be the worst offender.
You had airbags before seatbelts?
And believe me when the day comes (for you, your partner, parents, children....) You'll be glad you had both.
And pre-tensioners, and crumple zones and ABS etc. Etc. Ever heard of security in depth?
Airbags are for your head, seat belts are for your torso. If you enjoy slamming your head into your steering wheel, go ahead and disable your airbag. Even more fun are videos of an asymmetric head-on collision that favors one side over the other. The test dummies slam their heads into the frame of the car unless you have properly working forward and side airbags.
but millions of cars are affected. Of course thousands if not millions of people will be using a web server after a U.S. government issues a safety advisory or any other government website that opened recently. Look at healthcare.gov.
Always the same thing when the engineers are pushed out of the decision process, and the bean-counters take over. Pathetic.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Am I the only one that thinks having an exploding bag in your car is a dumb idea from the beginning? No doubt they have saved some lives, but how many of those people would have been ok with just seatbelts? Also how many people were injured by airbag deployment (in properly working airbags, not these defective metal-spewing airbags!) that would have otherwise been unharmed?
I work maintaining a (non-US) government site. Web-page started as an abomination, done by third party contractor in worst days of IE 6 domination. The architecture of the system looked like something done in hurry, to conserve developers time without any regard for efficiency, and quality of code confirmed the worst of urban legends about this contractor (the most famous: “A finite number of students can replace any specialist”).
I've been asked to asses how much traffic our infrastructure can process before chocking. They gave me test environment scavenged from another government system that went permanently off line, a copy of production data and two months, I already had sources (thank gods for Java decompilers, those morons representing government side during commissioning forgot to check if sources were complete or up to date), and very good understanding of the system.
I've cut the system to bare bones: authentication, authorization, selecting data to access and presenting the data. I culled out every bell and whistle that needed communication with server, but was not necessary to fulfil essential system mission. I've moved logging to dedicated machine (which significantly reduced IO on database machine). I've also redesigned database schema, to cull out unnecessary data (it started as a snapshot of non-sensitive part of internal database kept it DMZ).
The result were astonishing. We went from tens of request per second, to the point where lack of hardware accelerated cryptography for TLS became an issue. In the process, we did what no commercial enterprise can afford, our page became a reminiscent of early days of web (single form, where user enters credentials and account number to check).
No one signed off so drastic moves, but most of less visible changes were implemented.
Lessons learned:
Do not expect first iteration of system to work well. There are many reasons: Internal users are usually opposed to introduction of the system, they treat working on requirements and testing the system, as time taken away from their main activities. External users are usually without any input into the shape of the system.
Look closely at contractors hands. You need competent people to asses quality of your contractor deliverables. Contractor will not try to get away with inadequate architecture, if he knows that someone is able to read documentation, and analyse limitations of suggested solutions. If deliverables contain sources code, then set up build system on site and use only binaries compiled from delivered sources, it saves a lot of grief when contractor goes bankrupt shortly after receiving final payment.
So, for how many years now has it been that computing on demand has existed? Enterprises use it, hobbyists use it. There is no reason public information can't be served from commercial web farms -- spin up enough instances to handle the traffic bubble, spin them down again when the panic subsides. And it's acutally pretty cheap -- cheaper than having the government maintain its own server farm. Now, there may be certain sensitive data sets that should not leave government servers -- OK, so the .gov could have it's own compute-on-demand farm someplace and agencies could use it as needed with appropriate cost-transfer bookkeeping. But when the whole purpose of a website is to disseminate public information, it's hard to argue a security need for having your own servers.
So, yeah, "be competent" is good advice. Unfortunately, procurement bureacracy is going to get in the way of even compentent IT staff getting anything accomplished in under two annual budget cycles.
OMG rush to the site! WAIT!!!1!!! Maybe ebola took down the sites! Or maybe the airbags are packed with ebola! PANIC!
Or you could just call your car's brand's local dealership and have them run your VIN.
Any critical system should run at 90% idle if it is going to handle peak demands. When the bean counters insist on scaling based on average load instead of peak usage, things always come crashing down.
The only thing worse than a Democrat is a Republican.
Doesn't appear to apply to mine but...
It came from north of Vancouver BC, in the mountains. And from the look of the underside spent half it's buried in snow. But now is in Spokane for the last 6 months after living in the mountains for 7 years. It's not that humid here so not a problem, right?!?
Not exactly comforting, all these recalls lately seem to miss me by a model year.
Airbags are for your head, seat belts are for your torso. If you enjoy slamming your head into your steering wheel, go ahead and disable your airbag. Even more fun are videos of an asymmetric head-on collision that favors one side over the other. The test dummies slam their heads into the frame of the car unless you have properly working forward and side airbags.
I used to work for an engineering society during the 1970s, and I read dozens of seat belt design papers and talked to engineers who designed them.
Those lap and shoulder belts were successfully designed so that in a collision up to at least 60 mph, the driver wouldn't hit the steering wheel, windshield, or windshield frame. These were collisions at about 60 degrees right and left, and with 2 cars offset by several feet. They proved it with computer models, crash tests and real-world studies.
It is true that lap and shoulder belts didn't provide as much protection against a side collision, but neither did airbags. Fortunately, those collisions were not as common. If another car hit the driver's seat head-on and perpendicularly, nobody had a practical way to save the driver. The side bags came after I left, and I'd like to see the studies.
A lot of the auto magazines of the time took the position that air bags added no significant safety, if you were wearing your seat belt. The only reason for requiring them was that we had a low seat belt wearing rate (and we still do).
In engineering terms, it seemed like a shame to spend $500 for complicated, falliable, single-use airbags, just because people refused to use $50 seat belts. But that's the way humans are, and you have to design for them.
I'd feel comfortable driving in a car with a well-designed seat belt and no airbags.
Stop calling it an "unexpected load".
That's bullshit. If you're operating a site that serves an entire nation, this kind of load should be expected any time there is a reason for people to be accessing your site. This shouldn't be a "holy shit, that many people own cars???" moment. This load should be completely expected. It's a peak load, not an unexpected load. Your system needs to be able to handle peak load.
And it's not limited to government sites. When the Nexus 10 was launched, it took me all day to place my order and I ended up with 2 orders because one that looked like it had died actually went thru. When the PS4 was launched, I got one at midnight. Couldn't connect to the PS Store or get my codes accepted for a couple of days. These are two big players with many years of experience who had all the time in the world to anticipate the increased load and they failed miserably.
I can only comment from personal experience. Seat belt wearing rates are very high in Australia (to the point where I don't know ANYONE who doesn't) and I always wear a seat belt.
I lost control of a mini cooper S at approx 80 kph. The car spun, then righted it self before driving off the road directly into a very large tree that didn't move a mm. I ended up with severe bruising from the seatbelt, eggs on my shins where I had kicked the underside of the dash, a burn on the inside of my right wrist from the air bag deploying and a fairly significant abrasion mark on my forehead. Apparently the burn on the inside of the wrist is common as people are death gripping the steering wheel when the air bag deploys and the mark on my head is a tell tale that I hit the airbag.
Now I don't really remember the details of where my limbs went, but my head hit something. And it may have been that without the airbag being there I wouldn't have hit anything at all but I'd rather not try again to find out.
https://www.youtube.com/watch?... shows a video of an unrestrained and then seat belts with airbag. You see the dummy hit the airbag pretty solidly.
Or be put on hold at said dealership since everyone else is doing the same thing.
> What can sites serving an important public function do to ensure they stay running during periods of unexpected load?
I dunno...maybe ask how google and yahoo and amazon do it, instead of going with the standard government formula for developing websites, which is clearly NOT WORKING.
I think one could make a case for government website development being a parable for many, perhaps most, government supplied services. If the government doesn't directly benefit, (ie, IRS) it can't be done in reasonable time for reasonable funding.
Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
I can only comment from personal experience. Seat belt wearing rates are very high in Australia (to the point where I don't know ANYONE who doesn't) and I always wear a seat belt.
I lost control of a mini cooper S at approx 80 kph. The car spun, then righted it self before driving off the road directly into a very large tree that didn't move a mm.
Actually, many of the seat belt and auto safety studies I read were from Australia.
I'm glad that you got out of it OK and that you got a good story out of it.
I read many accident reports of collisions like yours, a front-end collision against a solid barrier at 80 kph (60 mph), where the occupants were wearing seat belts, and they survived -- before the days of air bags.
The classic study was by Nils Bohlin for Volvo. He found that nobody died in an accident up to 60 mph if they were wearing the three-pont lap and shoulder belt. As long as the passenger compartment remained intact, they survived. A car can hit a tree head-on, the engine compartment will crush like an accordion, but the passenger compartment will remain intact up to about 60 mph. Above 60 mph, the engine and transmission shell will go into the passenger compartment, the passenger compartment will collapse, and the survival declines significantly. That's consistent with your experience.
Nils I. Bohlin, (1967). "A Statistical Analysis of 28,000 Accidents with Emphasis on Occupant Restraint Value,". 11th Stapp Car Crash Conference. Society of Automotive Engineers. doi:10.4271/670925. SAE Technical Paper 670925. http://papers.sae.org/670925/
The force was enough to write the mini off when it was 3 months old, and had caused ripples in the body work right through the roof section back to the rear pillars.
Unfortunately that one was not my only, or even worst accident. Just over 12 months ago we were hit from behind by a full size semi trailer while travelling on the motorway. We had had to do an emergency stop due to debris all over the road causing every one to stop. The truck was following to closely and impacted us at over 70kph, picking us up and slamming us into the car in front. I had my wife, my 3 year old and my 3 month old in the car with me. We all managed to walk away but our car was totalled and the truck had to be towed from the scene.
The car was a 2012 E-class Mercedes and the scariest thing for me was my daughters pram had punched through the rear of the boot and into the front of the truck by close to 15 cm. Fortunately the way it folds and the way we put it in the boot meant the wheels were against the back of the seat and the tubing faced backwards. I know those seat backs are reinforced but the thought of the pram coming into the passenger area still gives me nightmares. The wheels on the pram were significantly deformed.
In that instance the baby capsule and toddler seat meant my girls were pretty much un-injured (the 3 yr old had some leg bruising). My wife though is still suffering from the after effects of that crash with compression fractures in her back.
I don't get people who don't wear seat belts in their car or ride their motorbike without a helmet (I ride as well). The force of car crashes is terrifying and sometimes there is nothing you can do to avoid one.
I read a few of the Mercedes auto safety studies. They were always the neatest, best organized papers. Everybody else used trend lines. The Mercedes engineers used probability ellipses.
I saw a report in Automotive News of a presentation by a Mercedes engineer on why they can protect a passenger up to 50 mph, but not above.
He said that the way they protect a passenger in a head-on collision was by having the front end collapse. The front end was about 50 inches long. When the car crashed into a solid barrier at 50 mph, the front end would crush, and it would take 50 inches, at 50 g, to bring the passenger compartment to a stop.
If the car was going faster than 50 mph, it couldn't stop in 50 inches, the engine would go into the passenger compartment, and the passenger compartment would begin to disintegrate.
Since the kinetic energy of the car was KE=mv^2, the KE would increase as the square of the velocity, so the 50-inch front end of the car would also have to increase as the square of the velocity. If the car was going at 70 mph, the front end would have to be 100 inches to stop the car in 100 inches at 50 g. You could make the front end stiffer, but that would make the deceleration higher, and 50 g was about the human limit.
So they designed the car to protect you by absorbing energy and getting squashed. The best accident is one in which the car is totaled and you're safe. That's the way it's supposed to work.
I knew several automotive engineers. Everyone who could afford it bought a Mercedes. Good car.
"Those lap and shoulder belts were successfully designed so that in a collision up to at least 60 mph, the driver wouldn't hit the steering wheel, windshield, or windshield frame."
You realise that that can be completely true and still have a need for airbags? Without an airbag to support the head and control deceleration, you can still get serious injuries from the whiplash.
" single-use airbags"
Seat belts should be replaced after a significant event as well. Seat belt pre-tensioners will also need to be replaced. This isn't unique to airbags.