Comment by jacquesm
7 months ago
It is completely insane that this is happening. I did DD on a company in the automotive space a couple of years ago and flagged that they did not check if the vehicle was stationary, motor disabled before updating. They were all surprised at how I thought that this could possibly ever lead to issues.
I have Java code running on commercial aircraft. You can’t actually run Java code on commercial aircraft because the FAA doesn’t (or at least not at the time) know how to certify it.
The entire box it’s on isn’t powered while the plane is in motion (“wheels on ground”). It’s shut off before preflight and doesn’t turn back on until the plane is on the ground. The service my code is part of is responsible for queuing updates and downlinking telemetry. Updates are manual and obviously you can’t run them while in motion if the box they are on doesn’t even have power.
Cars probably don’t have to go this far, but there’s a continuum and they’re clearly in the wrong part.
Even iPhones and windows let you schedule update times. Just the fact that a freaking MOVING MACHINE doesn’t is egregious on itself. Imagine if stellantis would manufacture industrial equipment or nuclear reactors!
I wonder how many OTA updates for cars could be left as a task for the mechanic, the way airplane updates are.
Airplanes are required by regulation to have a backup of all software to operate the plane, presumably so that a plane can’t get stranded by an emergency landing requiring system resets. What we built replaced a physical folder full of floppies or CDROMs taking up space in the cockpit. Some of my coworkers insisted it was for weight but I’m absolutely sure that pizza box server weighed more than the book.
Given the state of the software industry, it's honestly more surprising that this doesn't happen more often. Our industry is a complete joke, and somehow we've been given responsibility over people's lives.
We are really only about 60 years old as a proper profession, and we seem to be trailing behind doctors for professionalism and standard of care by about 100 years.
I don’t know what will turn out to be our penicillin, or our Joseph Lister, but in 1960 the former is something that didn’t exist when older doctors were in school, and latter had only been dead for fifty years. It may not have happened for us yet.
This is a super important point that I don't think a lot of people fully recognize. Medicine is a super interesting comparison because you honestly don't need to go all that far back to find some pretty egregious examples of doctors making things much worse due to ignorance or incompetence. My favorite example of this is the assassination of President Garfield, who most likely died not to the bullet wound itself but from the doctors rummaging around to try to find the bullet with unsanitized hands, causing infection and damaging organs...on the wrong side of his body[1].
[1]: https://en.wikipedia.org/wiki/Assassination_of_James_A._Garf...
On the topic of professions: Joseph Lister was a surgeon. Modern surgery (which I define as surgery aided by anesthesia) is a relatively recent discipline dating to the early 19th century. The introduction of anesthesia made lengthy and intricate operations possible but also ushered in novel problems and complications. Surgery as a field had to learn tough lessons over time.
1 reply →
> Given the state of the software industry, it's honestly more surprising that this doesn't happen more often.
It probably does. We just don't notice.
> Our industry is a complete joke, and somehow we've been given responsibility over people's lives.
Amen to that. kqr made some choice comments the other day in that thread about the airliner that came to within a hair of crashing due to running out of fuel. Thinking about risk is not a skill that we're born with and it is always sobering to read the 'risks digest' for a bit and to see how thin the ice really is.
It does. I have a Ford CMax from 2014. For years, when the SiriusXM radio software update would happen it would get stuck downloading. The geniuses at Ford decided the update should continue trying to complete even if the car was turned off. So once the download got stuck, it would completely drain my battery every single time. I'd rather have a car that moves that the latest SiriusXM update in my radio. The only fix was to pull the fuse if you noticed that it was happening.
I'm willing to see a difference in software standards between (say) Waymo and Jeep. One is a software company, the other is a sheet-metal company. If you just tar the whole industry you lose an ability to learn from those doing it better.
Tesla is very controversial, and they have clearly made some serious software mistakes, but they are so much better at software than any other maker I've encountered, except maybe mazda who eschew touch screens for physical buttons, but that is a ui success, not a software culture success. Tesla wrapped an electric car around a software company. They treated fit and finish and panel mating etc. as the throwaway/buy it cheap aspect (ok that is pretty harsh. It isn't that bad) and focused on the software. Where legacy makers did the opposite.
10 replies →
I’m going on a limb here because i’m not directly on the software industry but my first suspect would be metrics and the fact that you have to deliver a product at certain time “no matter what”.
According to the article, that's not what is happening. The update itself completes fine; it's the updated firmware that is buggy, and seems to cause/require a reset of the ECU while in operation. Not that that makes it any less insane, but the update process does not seem to be implicated here.
Yes, and if the update happened while at home, most people could get the error at safe speeds (most people does not live <1 min from a highway).
they did not check if the vehicle was stationary, motor disabled before updating. They were all surprised at how I thought that this could possibly ever lead to issues.
My anecdata is that my car won't update its software without the owner explicitly requesting it. And then, it will only do it if the car has something like 50% charge, hasn't been used for an hour, and nobody is inside.
I once tried to do the update while I was inside, and it refused.
That's good. You may want to list the brand here.
My BYD wants the battery over some percentage, the vehicle in park, and the hood closed. The hood one was surprising, I wonder if it's for the safety of the car or of anyone working on it.
3 replies →
I would guess that your car is quite a bit more luxurious and expensive than an american jeep.
That’s not how this problem occurred. The update happened hours before, but the bug only manifested once the driver was on the road.
Sure, but if they aren't checking the super obvious potentially dangerous cases, doesn't that say something about the likelihood of their process detecting something less direct like this?