Should I Take Toyota's Software Update? 750
kiehlster writes "I'm a software developer, and I know that most software has bugs, but how much trust can we put in the many lines of code found in our automobiles? I have a 2009 Camry that is involved in both of the recent Toyota recalls. As part of the floor-mat issue, they're offering to install a software update that would cause 'the brake pedal to take precedence over the gas pedal if both were pressed,' or, as their latest notice states, 'would cut power to the engine if both pedals were pressed.' In the computer world, we're all taught to install firmware updates only if there is a real problem because a large percentage of firmware updates actually brick the hardware or cause other unforeseen consequences. On a base of 100 million lines of code, can I really trust a software update to work safely when it is delivered in a three-month development cycle? My driving habits don't cause the floor mat to slide much, so I see the update as overkill. What do you think? If it doesn't void the warranty, should I tell them to skip the update?"
You're looking at it wrong. (Score:5, Insightful)
You already took the 100 million lines of code when you bought the car.
Now do you want the bug fixes, or would you rather find out what a "fatal exception" means in more physical terms?
Re:You're looking at it wrong. (Score:5, Interesting)
Good luck getting any money from Toyota or your insurance company if you _don't_ take that update.
Besides, there's not 100 million lines of code in _that_ particular part, they won't be updating your blinkenlights firmware and such at the same time.
Re:You're looking at it wrong. (Score:5, Insightful)
Re: (Score:3, Insightful)
Presumably they will deny his claims not just for this particular bug, but for anything he wants to claim!
Re:You're looking at it wrong. (Score:5, Insightful)
I would add that the "floor mat" excuse always sounded like BS to me. I'm guessing there is a firmware bug in there somewhere that they can't find that just registers the gas pedal as down. They'd never admit to that, as it would reduce the public perception of security of drive-by-wire systems, and might introduce expensive public testing procedures.
In that case, your only chance is the brake overriding the gas (a process which should have been true from the beginning anyway). Of course, it might be something else and you might still be screwed... unknown computer bugs are like that.
Re:You're looking at it wrong. (Score:5, Insightful)
How can I trust that that push-button ignition will still shut off the car? I know it's conceivable that even a key-start ignition might turn all ignition control over to an ECM, but who's done that?
Re: (Score:3, Interesting)
Currently, the key-start circuit cuts power to a significant portion of the engine controls. There is no way the engine can run, unless the ignition switch fails shorted. However, you are right. With modern technology, the ignition switch could be made fly-by-wire. If the car was an industrial machine, this would be a severe breach of protocol. Actually, for industrial machinery standards, the current ignition switch would not be considered a sufficient safe-disconnect device. However, it is a car. T
Re:You're looking at it wrong. (Score:4, Insightful)
If my car ever goes into hyperdrive because of a stuck throttle, I take comfort in knowing I still have a kill switch, and I grew up driving tractors and cars without power steering or power-assist braking, so I can cope.
Of course, if your car ever does go into hyperdrive, you’ll probably be several light-years away by the time you can hit the kill switch, and you’ll have hard vacuum to cope with (assuming you haven’t passed right through the core of a nearby star or planet).
Re: (Score:3, Informative)
Which is why I don't like push-button ignition. If my car ever goes into hyperdrive because of a stuck throttle, I take comfort in knowing I still have a kill switch, and I grew up driving tractors and cars without power steering or power-assist braking, so I can cope. How can I trust that that push-button ignition will still shut off the car? I know it's conceivable that even a key-start ignition might turn all ignition control over to an ECM, but who's done that?
Push-button ignition can be turned off by holding down the button (kind of like with a computer). Push-button ignition doesn't stop you from putting the car in neutral.
Re:You're looking at it wrong. (Score:5, Insightful)
Push-button ignition can be turned off by holding down the button (kind of like with a computer)...
... and waiting for the software interrupt to get picked up by the CPU, which may be in a hung state.
Re:You're looking at it wrong. (Score:5, Insightful)
Push-button ignition can be turned off by holding down the button (kind of like with a computer)...
... and waiting for the software interrupt to get picked up by the CPU, which may be in a hung state.
Not to mention that it's hard to hold a button down for three seconds while you're weaving in and out of traffic and urinating on yourself.
Re:You're looking at it wrong. (Score:5, Interesting)
Just push the power button for 5 seconds.
Yah Know.... I never really liked when computers switched to this method with the ATX revolution, Sometimes you still have to reach around and pull the plug. Sometimes it can take a minute or two.
I'd hate for this to happen in a life or death scenario. As mentioned above a hard off ala old AT cases just seams safer.
Re: (Score:3, Insightful)
EXACTLY.
1) What is your basis for claiming it is 100m lines of code.
2) Just because the recall was announced 3 months ago doesn't mean that when they started working on a fix.
3) It's not just your inability to get coverage for yourself if this "bug" affects you, you may have personal liability for others you injure in the process.
Re:You're looking at it wrong. (Score:4, Interesting)
Number 3 is a good point...
You get in an accident. You go Well it is a Toyota bug. But Toyota goes well we gave you the fix you said "I don't know if I should install it, I mean it is a patch it just may not fix the problem"
Basically if you install it, there is a problem it is Toyota fault not you... If you don't then it is your fault.
I also fail to see where this Millions of Lines of code comes from. I haven't ever see anything that has a million of lines of code. I have seen groups of software when packaged together will be millions of lines of code. Even the Linux Kernel it is broken into a bunch of smaller programs, so a fix doesn't effect millions lines of code.
When some one says it is millions of lines of code it is them bragging how much effort they put into making the application deployable... However if there is a bug that needs to be fixed it is normally part of a module where you need to test to make sure that it doesn't effect around 5000 lines of code.
Re:You're looking at it wrong. (Score:5, Informative)
It's not 100M lines of handwritten code! Every time this comes up everyone (especially those that work with embedded systems) seem to think that there are a ton of code monkeys locked away coding in C or assembly.
I'd be willing to bet that almost all of it is auto generated. Toyota (and nearly everyone else) uses Matlab & Simulink extensively.
The MathWorks tools help Toyota design for the future [mathworks.com] (PDF)
Toyota Racing Development Makes Faster and More Efficient Engineering Decisions with MATLAB [mathworks.com]
A simple PID controler with saturation and limits could easily take up 50 "lines of code".
And it's not like Toyota is Mathworks' sole customer. Boeing, GM, Chrysler, Ford, etc ALL use Mathworks.
Just like nearly everyone that works with CAN uses Vector CANape [vector.com]. Everyone that develops ICE powertrains uses AVL [avl.com]
When you start to get to specialized software like what Matlab, CANape, AVL, etc all do, there aren't a ton of options (and no open source solutions). It's cheaper for all of these companies to buy X product and use it than try to write their own.
Re: (Score:3, Insightful)
It's still 100M lines of code friend, regardless of who or what wrote it.
Re:You're looking at it wrong. (Score:5, Insightful)
That's like using the LOC count of a disassembled program written in C to express the size of the original code.
Re: (Score:3, Informative)
I think the point is that while in general "bugs per lines of code" is not a terribly useful metric, bugs per generated/assembly/etc lines per code is even less useful.
It seems like a scare tactic.
Re: (Score:3, Insightful)
If you stick a newline after every operator in a C program, you'll probably end up with 10x LOC, but the amount of actual code that runs is the same.
GP was merely pointing out that, for this particular question, measuring KLOC of generated C code is a meaningless metric for practically any purpose (and specifically for the purpose of estimating the likelihood of a bug).
Re: (Score:3, Informative)
The thinking is still fundamentally flawed...
You see... taking an update the yes or the no is questioned because it could cause flaws when the current version doesn't fail.
Well guess what, no-brainers; the current version is flawed.
Just take the damned update and maybe you won't cause a fscking accident. The update could cause a security fail, but it is certain version does cause it.
No sh*t, YOU are really looking at it wrong. (Score:3, Insightful)
It's still 100M lines of code friend, regardless of who or what wrote it.
When you write code and estimate its LOC size, do you also include the LOCs of the trusted libraries you use to build your apps? If you do a printf("%u\n",1), do you count this as one LOC or do you also count the LOCs in printf? When you use a GNU compiler, do you also count the thousands LOCs generated by it in assembler?
Does it really not matter *who/what* wrote it? Pretty myopictardic and useless way of software estimation if you ask me.
Re:You're looking at it wrong. (Score:5, Informative)
As a user of these software programs, I can tell you how they are Really used:
PHD Uses matlab and simulink to create their motor control algorithms. They port program to the processor of choice and test their algorithm.
Once their algorithm is proved, the firmware engineer uses that code as a template. They re-write all the code to play nicely with the other required code and to improve efficiency. (WTF? Another Memcopy? GARGH! Stop hogging all of my cycles!)
It is a great program for a rapid prototype and proof-of-concept, but it totally fails on actual implementation. I have been to a few microcontroller workshops where people have told the horror stories about the atrocious code created by these programs. In the end, it is just not production quality code.
Re:You're looking at it wrong. (Score:5, Interesting)
Then you're using it wrong.
I work for a rather large corporation that uses Simulink for all of our stuff. Nothing gets re-written. The stuff that goes into production is stuff that IS assembled by the electronics group.
Other groups that design the control algorithms do use XPC boxes [speedgoat.ch] to create strategies quickly. Once this is done a software specification is written and given to the group that actually makes the model 'their way' (fixed point, design standards, naming conventions, etc). This gets compiled and put into production ECMs that customers use.
It's really amazing how settings and maps get pulled from different databases and merged together
Re: (Score:3, Funny)
Re:You're looking at it wrong. (Score:5, Insightful)
So he's using it wrong because he optimizes it and actually evaluates the running code, and you're using it correctly because you treat it as a black box?
Interesting.
Re:You're looking at it wrong. (Score:5, Insightful)
Re:You're looking at it wrong. (Score:4, Informative)
Re:You're looking at it wrong. (Score:4, Funny)
There's a tool to write the code.
Is there a tool to write the tool that writes the code ?
And then, there's the tool who writes the tool that writes the tool that writes the code.
Re: (Score:3, Funny)
Is there a tool to write the tool that writes the code ?
If you're using Mathematica, that would be Stephen Wolfram
Re:You're looking at it wrong. (Score:5, Informative)
Ok. Case in point, here is a VERY simple switch block. (And this could really be all that they did)
Brake_Override.jpg [exstatic.org]
If brake is 1, then 0 gets sent to the throttle, otherwise what ever the throttle is gets sent to the throttle.
How many lines of code would you guess that is?
157. [exstatic.org] (including blank lines between functions).
Want to wager how many the .h file [exstatic.org] has?
901.
For that little model right there, there were almost 1000 lines of code. Now do you see how you could easily get 100M?
*This is also quick and dirty, I didn't turn on any optimizations it's just the default C generated code to make a .exe (I didn't target any specific embedded device).
**Now in real production these would pull from sensors and it'd probably use a few more lines of code. (You have to read from the A/D, etc)
Re: (Score:3, Informative)
I hope they didn't use your simple (and informative) example, because if you're stopped at the top of a steep hill (see: San Francisco, city of) you need to use both brakes and accelerator even with an automatic transmission.
As far as I can tell in my re-flashed Camry, hitting the brakes while pressing the accelerator does *not* cut the engine RPM. Of course, I haven't tried this at runaway speeds.
I can't believe I'm wading in to this... (Score:3, Insightful)
KDE, Gnome, Linux, OpenOffice, etc. ARE written in assembly language, for the purposes of this bizarre argument.
The media is taking what's in essential a high-level language (MATLAB and/or other code builders) and counting the source lines it creates to get a huge number.
When we write in C or Java, it creates source lines at a level below that (assembly or VM opcodes). And YES, YES, all those programs are in at least only off the 100 million lines of code by one order of magnitude.
But let's just say one op
Re:You're looking at it wrong. (Score:5, Interesting)
I think you'd have to be nuts not to install it.
Re:You're looking at it wrong. (Score:5, Insightful)
I doubt the primary motivation is because of a suspected software problem. I'd say the primary motivation is because Toyota is the one (or one of the few) car manufacture that didn't have a brake-override feature in their fly-by-wire vehicles. After all of the publicity about the raw away cars, they are pulling out the stops to prevent it from getting worse.
I think it was Car and Driver who did a test of vehicles which had fly-by-wire throttle systems to see how they handled under runaway conditions. They basically took the cars up to certain speeds (20, 40 and 60 MPH IIRC), kept the throttle depressed, and then tried to stop the car with brakes and emergency breaks. Every vehicle with the brake override system, the engines immediately went down to idle power when the brakes where pressed even with the thottle held down. It was very easy to bring the vehicle to a controlled stop.
The Toyotas w/o the brake override system could be stopped if you were at slow speeds with a lot of effort on the brakes and emergency brake. At higher speeds, the breaks where not enough to stop the vehicle with only the brakes. They also tried turning the vehicles off which would stop the vehicle, but the driver had to manhandle the vehicle w/o benefit of power steering and power brakes.
Side note: The Toyota Prius has a surprising amount of power at full ouput. That's when the gas engine is driving the wheels, teh eletric drive motor is drawing off teh traction battery to drive the wheels, and the gas engine is driving a secondary motor/generator to creating electricity which is feed to the eletric drive motor. The secondary motor/generator is normally used to recharge the traction battery when the car is operating in usual conditions.
I was doing 65-75 MPH up the foothills in Arizona and Southern California. I was outdoing a lot of other vehicles with power engines. My cruise control kept at the set speed and didn't slow down at all. Unfortunately the Prius can only maintain that kind of output as the traction battery charge lasts. And the gas milage really sucks in that mode.
Re:You're looking at it wrong. (Score:5, Informative)
Which articles were that?
The one I saw was this:
http://www.caranddriver.com/features/09q4/how_to_deal_with_unintended_acceleration-tech_dept [caranddriver.com]
The speed where brakes+full throttle didn't eventually stop the car was 120mph.
And their conclusion:
http://www.caranddriver.com/news/car/10q1/toyota_recall_scandal_media_circus_and_stupid_drivers-editorial [caranddriver.com]
Re: (Score:3, Interesting)
The last article is bollocks since not only is the gear also fly-by-wire, but there's also witness reports of the care being set in neutral/reverse with no effect.
Rhonda Smith's story smells fishy (Score:5, Interesting)
Rhonda Smith's story of six miles of interstate terror, as her Lexus suddenly zoomed to 100 miles per hour, will set the mood Tuesday for the first congressional hearing on Toyota's acceleration problems.
Yes and if you read more about it you'll find several [thetruthaboutcars.com] interesting bits of info. One is that upon inspection there was no evidence that the brakes had been applied, including the MECHANICAL emergency brake. She also claimed under oath that she had complained about the problem to Toyota but the only record Toyota has is for an oil change. She also sold the car to a family member (not something you'd think she'd do if it really were unsafe) and according the the Wall Street Journal the car is still on the road [wsj.com].
Frankly I think there are a lot of people making up stories hoping to get money in a lawsuit, much the same way people made up stories about Audi a few decades ago. Yes, there appear to be some actual problems but there are a lot of liars out there too.
Its a nice feature, but Toyota's brakes can stop (Score:3, Interesting)
the car even with the throttle wide open.
Motor Trend's own test of a Camry found that even with the accelerator wide open the brakes can overcome the engine, easily in fact. Better yet, it still stopped shorter than the Taurus with no accelerator problems!
http://forums.motortrend.com/70/8007011/the-general-forum/c-d-toyota-dealing-with-unintended-acceleration-te/index.html [motortrend.com]
so take the update, its not like your car hasn't already have a program, one declared defective.
Re:You're looking at it wrong. (Score:5, Informative)
My background is as an RF engineer, and I have a reasonable familiarity with EMI engineering.
The utter fucking cluelessness of that article scares me.
"Professor Liu, the story says, compares it to the problem with the jamming of signals on military aircraft.
"The problem is, the expertise for preventing signal jamming rests in the Department of Defense, not the automakers or their suppliers,' Professor Liu says. "
There's a MASSIVE difference between trying to prevent jamming of communications/radar signals, and basic EMI protection engineering of wired electronic circuits. There is PLENTY of experience with the latter in the civilian world, especially within the automotive industry.
Yes, cell phones can cause EMI problems with unshielded equipment, especially GSM phones. The critical systems in a vehicle are without any doubt *shielded*. More details on that later...
Satellite radios are RECEIVERS. (With the exception of satphones - these are incredibly rare.) They can be jammed, but you have to SERIOUSLY fuck up for one of them to interfere with something else. Same for GPS receivers. The most likely way for either of these systems to affect a car negatively is for them to short out and pull excessive current from their power supply. That's what fuses are for.
Large restaurant microwaves are subject to the same restrictions from the FCC as home microwaves. Yeah they can leak a little and they'll jam 2.4 GHz communications, but you could most likely take the magnetron from a microwave oven, point it at a car, and no adverse effects to critical systems would happen.
Why? Because the ignition system within a car is typically the #1 source of interference to anything in or near a car. A malfunctioning ignition system (old spark plug wires, loose spark plug wire connections) is tantamount to a high power spark gap transmitter. Automotive engineers have been dealing with internally generated EMI since the beginning of their industry.
Re:You're looking at it wrong. (Score:5, Interesting)
IT is not THE fix. it is a failsafe for THE fix.
The REAL problem is the reading from the toyota ECM when the two redundant APP (accln pedal position) signal circuits are shorted together (main and sub), From the toyota camry VSRM :
DESCRIPTION
This ETCS (Electronic Throttle Control System) does not use a throttle cable. The Accelerator Pedal Position (APP) sensor is mounted on the accelerator pedal bracket and has 2 sensor circuits: VPA (main) and VPA2 (sub). This sensor is a non-contact type, and uses Hall-effect elements, in order to yield accurate signals, even in extreme driving conditions, such as at high speeds as well as very low speeds. The voltage, which is applied to terminals VPA and VPA2 of the ECM, varies between 0 V and 5 V in proportion to the operating angle of the accelerator pedal (throttle valve). A signal from VPA indicates the actual accelerator pedal opening angle (throttle valve opening angle) and is used for engine control. A signal from VPA2 conveys the status of the VPA circuit and is used to check the APP sensor itself. The ECM monitors the actual accelerator pedal opening angle (throttle valve opening angle) through the signals from VPA and VPA2, and controls the throttle actuator according to these signals.
FAIL-SAFE
The accelerator pedal position sensor has two (main and sub) sensor circuits. If a malfunction occurs in either of the sensor circuits, the ECM detects the abnormal signal voltage difference between the two sensor circuits and switches to limp mode. In limp mode, the functioning circuit is used to calculate the accelerator pedal opening angle to allow the vehicle to continue driving. If both circuits malfunction, the ECM regards the opening angle of the accelerator pedal as being fully closed. In this case, the throttle valve remains closed as if the engine is idling.
If a pass condition is detected and then the ignition switch is turned off, the fail-safe operation stops and the system returns to a normal condition.
VPA and VPA2 are coming from the PCM with .5-1.1v at one of the sensors and 1.2-2.0v at the other when the pedal is at its relaxed position. When there's force at the pedal, one sensor will operate between 2.6-4.5v and the other at 3.4-5.0v.
Toyota specs normal voltage for both the VPA sensors between between .4-4.8v for VPA, and .5-4.8v for VPA2 with a .2v deviation between the 2 sensors. Anything out of those ranges will trigger a DTC
An internal short could occur within one or more of the paths from the circuits leading to the ecm. That could lead to a situation where the computer cannot detect its own failure.Therefore, when the system gets conflicting information, it arbitrarily ignores half the conflicting information. It does not know which of the circuits are lying or if they both are lying and shorted together. different resistance values will lead to arbitrary acceleration. Having the brake override it is a stopgap, but ixing the real problem (perhaps with a third circuit in voting mode which will require replacing the entire circuit path) is the REAL FIX. I suspect 2012 and onwards toyotas would have a third path and faraday cage/denso replacement for the magnet assembly in the plastic accelerator pedal (which is another problem with EMI which might lead to acceleration) which i am not going to go into here.
So, YES OP you should definitely install the update. Its the only thing standing between you and death if both the APP circuits short.
Re: (Score:3, Interesting)
That's very detailed information. Where are you getting this from? I see that ETCS issues are mentioned in a lawsuit against Toyota [findlaw.com], but you're specifying that the unintended acceleration in Toyota's may be the result of a simple short across the 2 APP sensors? That's pretty big news, and if so, it's a hardware issue with a potential software workaround, as you've detailed above.
Is this something you've determined personally, or do you have a source link for it?
Re: (Score:3, Insightful)
Just why is it that we need to do away with a physical throttle cable anyway? There was nothing wrong with throttle cables. They have been giving us reliable acceleration (and provided a means of "brute forcing" deceleration in "sticky" situations more or less since the dawn of automobiles.
Drive-by-wire (DBW) systems enable many features of modern cars. Stability control, throttle response control, direct injection, knock detection, and some variable valve timing systems require DBW. It provides more fine grained control of the throttle and fuel system than a traditional cable drive. As the driver of a modified turbocharged car, I appreciate the advantages of DBW. But I can understand your trepidation. Leaving control of critical functions to a computer introduces risk.
If you are avers
He is looking at it wrong... (Score:5, Funny)
> ''the brake pedal to take precedence over the gas pedal if both were pressed' or, as their latest notice states, 'would cut power to the engine if both pedals were pressed.'
Hint: this is a feature, not a bug. And even if you're reviewing very closely, it's not something that it takes three months to avoid messing up. if(X&&Y) Z=Y;
When the two pedals work at the same time, it can result in pretty horrible accidents. Unless your driving style uses both pedals at the same time in a way that increases your safety (in which case you're James Bond and you don't ask slashdot questions), just take the update.
Re: (Score:3, Informative)
You are currently modded funny, but I would prefer not to purchase a car that prohibited me from pressing the brake and throttle at the same time and expecting power and braking. You don't need to be James Bond to do left-foot braking, you just need to understand when it is to be used (on the racetrack only). Obviously this situation doesn't apply to a Camry, and I don't know if any of their high performance cars have this same issue. If purchasing a high performance car I would expect the brake and throttl
Re: (Score:3, Informative)
Sometimes folks step on both pedals to start up steep inclines. You can use the emergency brake as an alternative though.
Doing it wrong.
And yes, I drive a manual.
Re: (Score:3, Informative)
>Manual transmission drivers don't have three feet, they can't hold the break, clutch and gas at the same time.
No, but they can use the handbrake, which is what I do for hill starts on steep hills.
Re:He is looking at it wrong... (Score:5, Informative)
Heel-and-toe shifting (Score:3, Informative)
Manual transmission drivers don't have three feet, they can't hold the break, clutch and gas at the same time.
You've never done a heel-and-toe [wikipedia.org] shift I guess. Not really disagreeing with your main point (regarding rollback) - just being pedantic and pointing out that it is quite possible for two feet to control three pedals at once. In fact before synchronized transmissions [wikipedia.org] became common it was nothing unusual to need to engage in some fancy footwork. Some race cars still do.
Re:You're looking at it wrong. (Score:5, Funny)
Heh. Yeah, that’s about the same response that I have.
The current firmware has a known bug which randomly transforms your car into a flying brick, with you trapped inside, moving at freeway speeds.
Updating the firmware involves the risk that your car will be transformed into a stationary brick, with you nowhere around, and with your dealer on the hook to get it fixed.
Let me see... how long does the cost vs. benefit analysis take on this one?
Re: (Score:3, Insightful)
Lovin' my manual-shift Jetta TDI even more, for the same reason. It would take a truly odd and scary set of circumstances that would prevent me from disengaging the engine from the wheels in the extremely unlikely event of the go pedal getting stuck on 11.
Having said that, my reaction to this letter would be to stop whatever it is that I am doing and head straight to my Toyota dealership, and politely request that the software patch be installed immediately if not sooner. Whatever else this bug fix could
huh? (Score:4, Insightful)
Are you for real?
Re:huh? (Score:5, Informative)
Bill
Re:huh? (Score:4, Insightful)
Wow, self-referential AND accurate. Amazing!
yes (Score:4, Insightful)
Re:yes (Score:5, Insightful)
Uh - if the dealership "bricks" your car by applying the update they will fix it for free. This question is just plain stupid - get the damn update. If something ever happens and you crash your car the first thing they will say is that you declined to apply their update and so they are not liable.
If it bricks, it's their fault. (Score:5, Informative)
First, this is about your safety.
Second, if the update bricks your car, that would be Toyota's fault, not yours and I'm pretty sure they would resolve the issue for you free of charge.
Or, you can keep driving a potentially unsafe vehicle on "firmware update" principles.
Re: (Score:3, Funny)
What if he's modded out the car -- body kit, $5,000 rims, playstation monitors on the window blinds, booming stereo and sub bolted to the trunk. I mean, it's a Camry, and if a car is meant to be tricked out, it's that perennial family sedan. :-)
Re: (Score:3, Funny)
Then he is a tasteless idiot?
Umm... yes (Score:5, Insightful)
Unpatched PCs are bad enough. If I can't go outside because of morons with unpatched cars, I will be very unhappy.
Re: (Score:3, Funny)
You want us to believe you leave your parents basement voluntarily?
Take the update (Score:5, Insightful)
Safety wise, it fixes a known bug.
Take the update.
Re:Take the update (Score:5, Insightful)
A bug that you know about. If, by chance, you find yourself in an accident, and get sued, I doubt a jury is going to look kindly on the "I passed up on the fix for the known bug because I thought it might brick my car" defense. If you pass on the deal, you are essentially taking full responsibility for Toyota's bad code.
That's not a good choice.
--AC
Re: (Score:3, Insightful)
I dunno about that crap, I only drive the car, didn't know that there's this ... what? "Firm ware"? Didn't even know there's a computer in my car...
Considering you don't install the firmware, that would be an interesting response to "why didn't you take your car to the dealership for the safety recall when you received the notice?"
Their new slogan (Score:3, Funny)
The car in front is a Toyota because the accelerator pedal is stuck down
Re:Their new slogan (Score:4, Informative)
Where was the Spanish Inquisition errr... Congress when Ford had to recall 4.5 million cars [cnn.com] a few months ago due to their cruise control causing fires?
Re:Their new slogan (Score:5, Insightful)
Where was the Spanish Inquisition errr... Congress when Ford had to recall 4.5 million cars a few months ago due to their cruise control causing fires?
Agreed. This has the feel of a smear campaign to put GM back on top.
Re: (Score:3, Funny)
Are you kidding? (Score:5, Interesting)
Take the upgrade. Shipping firmware always has bugs. Always. As a system administrator, the first thing I do out of the box is download and install the current firmware while it's still under warranty. And if they brick your computer they'll replace it.
Safety First (Score:5, Funny)
Yes, but make sure you drive the Toyota round a large sandbox for a few days first...maybe you live near a sandy beach or golf course with large bunkers. At a pinch, do your kids have a playpit in the garden? Cat litter tray?
I wouldn't do it (Score:5, Funny)
There's the chance that the update may turn off any jailbreaks you've already got working. Worst case scenario is that it detects a jailbreak and bricks your car, like you said.
I'd stick with the white hat hackers who are providing jailbreaking instructions and forgo any manufacturer updates.
The worst that can happen is that your car becomes susceptible to the sudden acceleration "problem" and you lose control and wipe out a family or farmer's market. But you're inside the car so you'll be fine.
Plus, you'd have to go down to the dealership and they're going to ask you if you've had any problems and a huge rigmarole just to end up with essentially the same performance you've had all along.
Too many risks and too few benefits. I'd say no.
Get the Flash (Score:5, Informative)
There's a lot of cars that have the 'brake takes precedence' feature. The only real reason to not have such a feature is because of trail-braking or hell-toe shifting. Both are racing/performance driving techniques you won't be doing in your Camry. Plus, it is a pure software feature in that if it detects you braking, it will cut throttle. So there's no big issue there.
Also, cars have their computers updated all the time, and it has never been a big deal in the past. The Nissan GTR was the last example that made the news (to cut down on the RPM the launch control used). But really, cars are reflashed all the time. Its not a big deal.
Apply the update (Score:5, Informative)
Many other manufacturers have already added a similar piece of code. It really doesn't take to long to debug an interlock. Your primary failure mode will be: if the brake pressed switch fails (ie: the tail lights are stuck on), then the car won't run.
Every interlock has a strong tendency to fail into the safe state. Conversely, omitting interlocks tends to result in fail-dangerous failures, which is what Toyota is experiencing.
Seriously? (Score:5, Informative)
Take the update.
My driving habits don't cause the floor mat to slide much, so I see the update as overkill.
Perhaps, but didn’t I read about some people who died in a Toyota, presumably from this exact bug, whose floor mat was found secure in their trunk, exactly where Toyota recommended them to put it when they thought the floor mats were causing the accelerator bug?
Re: (Score:3, Informative)
Citations would have been good. Here they are for reference. There could be more.
Absolutely (Score:5, Insightful)
Jane, you ignorant slut... (Score:4, Insightful)
Nobody taught you that. You pulled it out of your ass so you'd sound officious and get a post on
The vast majority of firmware updates work, fix problems and don't brick devices. Much more of this shit that gets by as posts and I'll be begging for Jon Katz to come back.
Re: (Score:3, Insightful)
Ah, never thought I'd miss JonKatz, but kdawson makes me wonder sometimes...
Re: (Score:3, Informative)
While I disagree with the 'large percentage of firmware updates actually brick' bit, he's correct that it's pretty common practice not to update firmware unless there's a known bug that -is- affecting you.
However, that applies to non-mission-critical appliances like home routers and not to death machines like cars or any device that could cost someone a -lot- of money if it goes down.
And you should never do the firmware update on a 'live' system for the same reason. So if he's actually driving the car whil
Re:Jane, you ignorant slut... (Score:5, Funny)
I believe, truely and honestly, that the submitter thinks that he's expected to go to www.toyota.com, click on 'support,' 'downloads,' 'firmware,' 'by make and model,' and download a binary file which goes onto a USB key.
I believe that the submitter then thinks there will be instructions like 'pop the cover on the fuse panel, and insert the USB key containing the firmware upgrade in the USB slot. Start the car while holding both the 'rear window defroster' and 'left turn signal' down. The car will start in firmware upgrade mode and automatically start upgrading the firmware. DO NOT POWER OFF THE CAR DURING THIS TIME.'
Re:Jane, you ignorant slut... (Score:4, Interesting)
no shortage of reckless idiots (Score:3, Insightful)
So based on vague general principles without any specific knowledge of the engineering issues involved you are refusing to install a manufacturer recommended safety fix. In an accident situation this is arguably evidence of a reckless disregard for human life. Good luck with your insurance company.
it is an error catching routine (Score:3, Insightful)
Yes. Toyota's mechnical fix may not be the actual fix and the root issue may be a software based one.
The software update is a failsafe, think of it as an error catching routine. All programs can benefit from error catching routines, problem is that programmers don't have enough time to program for every error possibility. Toyota has taken the time to add one to their cars.
cc
If you don't (Score:5, Insightful)
Take the subway - or campaign for one to exist. (Score:3, Funny)
Nice fact free sound bite (Score:3, Informative)
Take a look at the statistics for death causes for people under 60, and you will find almost everyone who doesn't die old dies in a car.
Nonsense. [wikipedia.org] Yes, motor vehicle accidents are the leading cause of death in the US for those between the ages of 15 and 34 (peaking at around 1 out of 3 deaths for the 15-24 age group) but it is nowhere close to "almost everyone" no matter what age group you choose. But don't let actual data get in the way of a good sound bite.
Look at what wasted labor there is in society, and you will find that producing and maintaining one high-price high-waste transportation system per citizen is quite a bit of work when horses managed do to better than that quite some time ago...
If horses were actually more efficient economically, we would still be using horses. If you think horses are cheap as a means of transportation, you clearly have never tried to use t
100 million LOC (Score:3, Insightful)
Even in the most modern car, I find this hard to believe, unless you include the entertainment/nav system in the count.
In my opinion, it doesn't count since this is typically decoupled heavily from the safety-critical components of the car.
It is usually easier to write bug-free microcontroller code (ECUs and such) than general purpose PC code. Also, the distributed nature of most automotive microcontroller code keeps code separated into nice little easily-testable modules.
There are always exceptions, but it's very rare for a firmware update in a vehicle to cause regressions. Nearly all of the time, "bugs" in vehicular firmware are really unanticipated results of intentional design choices. For example, the Partial EMCC (PEMCC) code in early-1990s Chrysler A604 transmission firmware that slowly trashed torque converters was intended to improve fuel economy by partially engaging the torque converter lockup clutch - it turned out this wore out the clutch FAR faster than any of the mechanical engineers anticipated. In 1993 or so, this feature was removed once its contribution to premature transmission wear was discovered. (So yeah, this was a case where a bug really WAS originally a feature!)
Well (Score:3, Insightful)
100 million lines of code? Where are they getting this number? The entire Microsoft ecosystem is about that many lines of code.
Maybe they mean assembly code? I'd imagine that the microcontrollers that a car uses are probably programmed with lots of bare metal assembly coding.
I will be getting that firmware update (Score:5, Insightful)
I have an '09 Prius. And I'll be getting that firmware update. It's a feature they should have included in the first place. It's not the best implementation of the brake override I'd like. What I'd really like to have an electrical circuit connection between the brake pedal and the throttle fly-by-wire assembly. When the circuit is tripped, the throttle position output of the assembly drops to 0 regardless of actual pedal position or sensor position. But that would require new hardware.
I'm getting the update because if the engine does start runaway acceleration, the brakes aren't enough to overcome the hybrid system's output. I know the right thing to do would be to put the car into neutral and get it safely off the road. But I don't react well to stressful situations.
Re: (Score:3, Insightful)
Putting the car in neutral should also disconnect the throttle fly-by-wire assembly. Unless someone likes constantly revving their engine in neutral (this is for the automatic transmission style only) it wouldn't cause anyone any real grief.
As we get more and more involved with electronics in cars though, there's also the issue that the ECM could ignore the fact that you put the car in neutral. My wife's car has a gear selector that I know is electronic; couple that with electric throttle and push-button
Known Bad vs Unknowns (Score:3, Interesting)
Well, Toyota is giving hearings on capital hill, they have taken a non-trivial finical hit, and I think their president is one piece of bad news away from sepaku. Yeah, you can probably trust that they did everything in their power not to screw it up. I probably would take a potentially unknown problem on a firmware updates that is being watched by dozens of agencies and internal company auditors over a firmware that is known bad with a questionable dedication to quality. Even if their is a problem, it is a safe bet that it will be detected very early due to the number of eyes on it.
Having been inside of a company that has had to do a recall, I can say that nothing sharpens a company's overzealous safety instincts and risk avoidance mania than a major recall. Recalls, especially the type that Toyota is experiencing, are a complete disaster for the company. They are extremely expensive both in terms of cost and reputation. I am pretty sure that the internal state of Toyota right now is a safety mania that trumps all else that would make a Puppeteer proud. In fact, you can probably rest assured that Toyota is currently wildly overshooting the 'proper' levels of safety. It will probably be a few quarters before they unwind to more reasonable levels.
You need to consider it from the perspective of a manager. If you, as a manager, are in charge of a critical safety component, what is in your best interest? Yeah, you could try and cut a corner and skim an extra 2% profit that your boss might or might not notice, but if it backfires and YOU result in a safety issue, especially in the current environment, you should get a friend with a sword and a basket for your head and save the company the trouble. Right now, kudos in Toyota are earned by being a safety nut and being the one to discover and 'fix' some absurdly low probability safety concern, not for squeezing the budget a little further. Speaking as someone who has been in a company in full recall mode, if there is ever a time to trust that a company really is putting safety first, now is the time.
Toyotaphobia getting out of hand (Score:5, Insightful)
I think the anti-Toyota mania is getting a little out of hand. The problem caused 34 deaths in 10 years. Given the tens (hundreds?) of millions of Toyotas on the road, it's actually not a big deal. It's an unimaginable tragedy to the people and families that died, and it should be fixed. But as a public safety issue, more people died of lightening strikes and bee stings during that period. Heart disease kills over 1,000 Americans per day. Let's keep it in perspective.
Now we don't trust their firmware updates? I think their safety record is pretty good. You're driving their car at death-defying speeds, aren't you?
The concept of a firmware update for your car is pretty interesting, though.
I call shanagans. (Score:4, Insightful)
To illustrate my point, take a made up piece of code that takes the position of 1 sensor, and uses that to control a servo. Lets say that for whatever reason a peice of the code looks like: ServoPosition =(sensor1 + offset) * ServoOffset
Offset is used to correct for initial installation differences for the sensor, so the sensor can detect where it normally sits at idle(when not pressed) so that it can calculate its real position and not its perceived one. NOW! Lets go one step further and say the offset is suppose to be a static variable the entire time the loop is running.. but what if, WHAT IF, the code doesn't lock the offset variable, and for whatever reason the chip is restarting its program over and over again, increasing the size of the offset variable. Eventually, this could cause the sensors to detect the pedal being floored, when its not. So how do you fix that? Remove the offset variable from the part that could be ran over and over again. Be sure to always set it to 0 when you restart the loop.
And then you wonder if its safe? Really they changed less then 1% of there code you fake developer.
Crap! That sucks! (Score:3, Insightful)
No brake and gas at the sametime? That majorly sucks. Albeit, not usually needed but there are situations where you need to press both, besides when doing a burnout on a RWD ...
Drive By Wire in itself is a bit stupid idea ... Servos break more easily tha hydraulic cylinders or legs. Electric connections get loose easier than hydraulic sealings start to leak. Nevermind the lost feeling of brake, gas and clutch pedals.
I drove once a drive by wire car, and i seriously couldn't use it during the winter: I had to take my shoes of to feel the pedals enough to know how much i'm pressing brake or acceleration.
Nevermind the fact that using traditional systems you apply force mostly directly to the brakes, and there can't be any software bugs.
I just wish in 20 years time i can still find "oldschool" cars which does not have drive by wire and issues it may cause, and rather has hard lines.
Did you think about the fact that this "floor mat" issue might not exist if there was traditional pedals with the amount of force being needed to press than in older cars? Not only will you actually feel the throttle position, but it wouldn't so easily be pressed by accident.
Flawed Fix (Score:4, Insightful)
would cut power to the engine if both pedals were pressed
So anyone who starts from a stop on a steep incline by slowly depressing the brake while simultaneously pressing the gas to avoid rolling back into the vehicle behind them will now stall their vehicle?
The accidents that have occurred as a result of this are tragic. But adding quirky behavior as a stop-gap measure seems ridiculous and sets a bad precedent. Is there anything out there to make sure vehicle behavior is reasonably consistent across different vehicles (or even vehicle firmware versions)? Or are we going to have to be aware of all the different firmware ins and outs between different models and firmware versions.
I've been especially surprised at the fact that so many people seem to think that sudden acceleration is unstoppable. If you're driving a vehicle that suddenly accelerates and you cannot prevent the acceleration PUT THE VEHICLE IN NEUTRAL OR DOWNSHIFT (and yes you can downshift with automatics)! How people can get their driver's license while thinking the only way to slow/stop a vehicle is to press the brake is beyond me. I know panic can set in and can make reacting to unexpected dangerous situations difficult, but isn't that why you had a learner's permit first? My father took me to an empty lot and had me practice reacting to different situations that you can encounter which can be dangerous if you panic (ie: sliding, hydroplaning, slamming on brakes, etc.). Perhaps drivers education courses should focus more on these kinds of situations rather than merely how to obey traffic laws.
It's not the floormats! (Score:3, Informative)
Firstly, it's not the floormats. Even Toyota has backed away from that as an explanation. The current theory is that it's the accelerator pedal sticking, but that doesn't jibe well with all of the incident reports either. Given that, I wouldn't count on your driving habits or removing the floormats to solve the problem.
You should also consider that if you have a problem later and the update hasn't been done, guess what they'll blame?!
In general, the modification sounds like a very good idea. If for whatever reason your car decides to go full throttle against your wishes, I'm sure you'd like one extra chance to convince it otherwise.
As others have pointed out, you have already accepted 100 million lines of their code without knowing anything about their software practices.
Take the update. I got it for my 2009 Camry. (Score:4, Informative)
1) Chopped off about 4cm from the end of the gas pedal. It looks like they did it with a hack saw. The air near the brake pedal smelled like hard plastic that has just been cut.
2) Replaced the old floormat with looked like this:
+-----------+
| |
| |
| |
| |
| |
| |
+-----------+
To one that looks like this:
+---+
| |
+---+ +---+
| |
| |
| |
| |
+-----------+
That way there is a lower chance of the gas pedal touching the floormat. It also means, that the carpet underneath your gas and clutch pedals will get soiled.
3) Updated the firmware. After the update, I did a test where I got the car going 30Mph, and then pressed and held the accelerator. While the accelerator was depressed, I applied the brake with my left foot. After about 1.5 seconds, the engine RPM went down to idle speed. I repeated this test 2 more times. Same result each time.
The firmware update appears to work at least in 3/3 of my test cases.
Trust your automaker (Score:3, Insightful)
If you have to bet between your judgement and that of your auto manufacturer, I'd suggest that unless you really know what you're talking about, bet on the auto manufacturer. They're the experts.
Likewise, if you're some independent thinker and have an idea how something works, but the scientific community has significant work in the field, you should generally bet on them rather than you.
Re: (Score:3, Informative)
He has to release the brake for 1 to 2 seconds so that the car recognizes the brake pedal has been released before it allows the Gas pedal to apply any acceleration to the engine when you start moving.
Citation needed. According to the press release,
Nowhere does it say that you have to let the brakes up for 1-2 seconds before you can use the accelerator.
Re: (Score:3, Insightful)
Yes, people do it all the time when someone is tailgating them.
He drives much too slowly, and then when someone is following him, wishing he would speed up and drive the same speed as everyone else, he taps his brakes.
Of course, tailgating someone so they'll accelerate to my desired speed is also a "stupid asshole tactic". Probably a better bet when encountering someone driving "too slowly" for your tastes is to either pass (if possible) or suck it up, Nancy. Maybe even give them more distance, not less. Even if they are driving so slowly as to create a traffic hazard (not just an inconvenience). Especially then. Because if someone is unintentionally creating a nuisance or a hazard, you ought to keep your distanc
Re: (Score:3, Informative)
"Older" as meaning before mid-1970s.
Even those late 70s / early 80s automobiles that seem sans of computers very likely have at least one or more to help meet emission requirements.
Ron