Comment by DebtDeflation
7 months ago
There is absolutely no way an OTA update should be able to impact anything powertrain related, it should be limited to the infotainment system and accessories. PCM updates should require a hard connection to the vehicle's OBD port at the dealership/mechanic (or a home user with the appropriate software and cable). NHTSA should investigate this.
Tesla has been doing these OTA powertrain updates for over a decade. It's totally fine when you follow best practices and do good QA. Stellantis doesn't QA.
Why would my powertrain need an update? What new laws of physics relating to torque and gear reduction have been discovered since my car was produced?
The laws of physics that dictate power, range, efficiency, safety, etc. Go read about this.
This reads like an OTA to the infotainment that messed up powertrain somehow. Plenty of manufacturers successfully OTA powertrain these days by using A/B flashing (the B flash programs while the car drives, next key cycle swaps to B and flashes A in background, next key cycle back to A, done).
My suspicion is that this was either a CAN saturation issue (ie - infotainment started sending a high priority message which could reach powertrain CAN) or a state management issue (ie - infotainment sent a “put modules to sleep” or “wake modules” message which was not handled correctly and caused one or more modules to transition to an invalid state for driving).
> My suspicion is that this was either a CAN saturation issue (ie - infotainment started sending a high priority message which could reach powertrain CAN) or a state management issue (ie - infotainment sent a “put modules to sleep” or “wake modules” message which was not handled correctly and caused one or more modules to transition to an invalid state for driving).
The fact that this possible proves the point: OTA updates are dangerous and should be banned.
I don’t agree that OTA should be banned, but I do think that additionally restricting in-motion OTA could be reasonable. OTA which is always opt in and modal is no different from diagnostic port updates except that it cuts out the need for a dealer visit. This seems fine to me.
3 replies →
This update was for the infotainment system. To your point, that system should somehow be air-gapped from affecting the engine and power. There's way too much coupling of all this software and electrical components.
Uh how would you change vehicle performance settings?
For the sake of answering you: through dedicated physical switches (such as Ferrari's famous manettino).
What I really think: my car shouldn't have any bullshit "modes" to select from. Tune it once at the factory to some reasonable compromise, and perhaps make certain settings writable through the OBD port, and that will be it.
1 reply →
connect to the OBD2 port or something? there are lots of alternatives
1 reply →
Why? Requiring physical updates just makes pushing fixes harder.
Obviously no vehicle should be updated while in operation and all patches should be signed.
I think that's the crux of it.
Obviously, "software update while traveling at highway speeds" is just rolling too many drama dice.
OTA is fine. Ideally parked, or minimally A/B on the firmware, new version only run on next startup.
I didn't read too deeply but I bet the drivetime failures were because the issue manifested after the vehicle started operating. A rolling FOTA update seems like it would not be certified and would be harder to implement anyway.
This would also mean the A/B failover would need to identify the problem as a bad update rather than a bug that pops up minutes later.
1 reply →
Why? If the system only updates with user consent, what is the difference between ota and taking the car to a dogshit dealership?