Comment by close04
12 hours ago
The article and comment aren't debating whether the fuse plays an essential role. There's no reason to make the process of fixing the issue after a minor incident expensive, extremely convoluted, and very prone to error.
Making it a very complicated and expensive fix isn't what's saving your rescuer or mechanic from getting electrocuted while working around your car.
> There's no reason to make the process of fixing the issue after a minor incident expensive, extremely convoluted, and very prone to error.
Yes there is. Either nobody is engineering towards that aspect or it is a conscious decision, deliberating between two different buckets: bill-of-material cost per unit and estimated impact on your warranty & goodwill budget. Whatever is deemed to be cheaper will win.
Source: I work at an automotive OEM and one of my first projects almost two decades ago was how to anchor after-sales requirements into the engineering process. For example, we did things like introducing special geometry into the CAD models representing the space that needs to be left free so a mechanic can fit his hands with a tool inside. These would then be considered in the packaging process. If you consider these are two completely different organizations, it becomes a very tricky problem to solve.
It's like the manufacturer discovering to their complete surprise they are building a car. :-D
> BMW refuses to provide training access for ISTA usage
Refusing access to training isn't a BoM issue by any means. Neither is a repair process that's so error prone that it can do even more damage to the car. We are surrounded by evidence that manufacturers in every field are taking decisions that are hostile towards their customers in the chase for profits. With the rise of EVs with far fewer moving parts needing constant maintenance, the manufacturers had to shift to different revenue streams, like killing repairability and locking everything behind manufacturer approval.
This is a professional shop voicing the complaints, not a random guy trying to do a fix on the side of the road.
Imagine someone told you they work for Apple and the reason everything is soldered, glued, stacked in a way it will never survive disassembly, and every bit of software and hardware in the device needs the manufacturer's blessing to be replaced or just keep running is because it was cheaper and safer this way.
> it becomes a very tricky problem to solve.
It was a solved problem for everything mechanical where locking it down or preventing people from learning wasn't really an option. How did it become tricky again just now when we deal with far more flexible software and possibility to lockdown?
I likely did not communicate clearly enough: it is tricky because of organizational reasons, not technical. There are many trade-offs that have to be made and it involves different business units with their own targets and incentives.
To take a few examples from the article with likely causes (note I don't work for BMW, so this is pure speculation based on my own experience):
> BMW has over-engineered the diagnostic procedure to such a level that even their own technicians often do not know the correct replacement process.
The ECU, diagnostic procedures and service methods are being developed by a different org-units. One is engineering, which works towards their own development use cases. They might develop the on-board diagnostic interfaces. The service unit develops their own tester and have to develop their own procedures.
Engineering is usually late with providing real hardware & software samples, let alone a fully integrated car. The service unit might only get a working test car very late in the process and discover that the procedure is super complicated. By that point the car development is already too far along for major changes. Remember that most components have been specified and awarded to suppliers years ago by this point.
> And it gets worse: the original iBMUCP module, which integrates the pyrofuse, contactors, BMS and internal copper-bonded circuitry, is fully welded shut. There are no screws, no service openings, and it is not designed to be opened, even though the pyrofuse and contactors are technically replaceable components.
Engineering is not concerned with these issues, it's usually the service unit which needs to bring in maintenance requirements. A judgement call is being made whether an assembly that you source as a single part needs to be split up further. For example, if you split it up further, you now have more parts to manage. You need to provide logistics and must allocate space in your spare parts warehouses for these new parts.
That usually makes sense for expensive components. Here's another fact: the manufacturer allocates a warranty & goodwill budget for each car line, because the manufacturer has to pay dealers for these repairs if it falls into the warranty period or is judged to fall under good will. It's usually not in the interest of the manufacturer to have expensive repairs because of that.
It might also be that the repair is being deemed to dangerous, because it is a high-voltage component. Opening it up and tinkering with it might increase the risk of an electrical fire in the battery. It might be that this risk was judged to be higher than the repair cost.
> Additionally, the procedure requires flashing the entire vehicle both before and after the replacement, which adds several hours to the process and increases risk of bricked components which can increase the recovery cost by factor 10x.
No service unit wants these long flashing times, because it blocks a repair bay in the workshop. But it's usually because the EE integration has been developed in this way. It might need coding, calibration or just bringing up everything to the latest release.
Vehicle SW is super regulated, you need to fulfill a staggering amount of regulations. Look up UNECE-R156 SUMS as an example. It might be that the new parts comes with a newer SW version, which has only been verified and approved in combination with newer SW in the other components. This would require flashing ancillary ECUs as well even if they have not been changed to ensure release compliance.
> Even after we managed to open the unit and access everything inside, we discovered that the Infineon TC375 MCU is fully locked.
Look up UNECE-R155. Things like these are mandated, if not directly in the regulation then indirectly by making the manufacturer liable for any modification that somebody did to their car. It is practically required to lock it down.
Just a few points off the top of my head, the comment got too long anyway.
1 reply →
You seem to be ignoring the fact that the battery pack status after a crash is essentially unknown. It should go through a thorough and competently conducted safety inspection or it may kill someone in the future. Of course, this doesn't excuse extra red tape tacked into the procedure, but the core idea of an inspection is just unavoidable.
> Of course, this doesn't excuse extra red tape tacked into the procedure
That's exactly it. I understand the importance of safety but reading the list of complaints I just cannot believe that safety is the key driver for the design decisions.
> ISTA’s official iBMUCP replacement procedure is so risky that if you miss one single step — poorly explained within ISTA — the system triggers ANTITHEFT LOCK.
> Meaning: even in an authorised service centre, system can accidentally delete the configuration and end up needing not only a new iBMUCP, but also all new battery modules.
> BMW refuses to provide training access for ISTA usage
Everything about this screams greed driven over-engineering. Since when are error prone processes and lack of access to information better for safety?
We live in a world where everyone justifies taking user hostile actions with some variation of "safety". Software and hardware are locked down, backdoored, need manufacturer approval to operate even when original parts are used, etc.
I won't go into details about 'training access for ISTA usage' - cause I don't know what exactly Vanja means by this - but generally speaking in EU BMW provides the easiest access from all OEMs for aftermarket repair. Everyone has to provide it by law, but BMW has the most straightforward way of registering/paying/using it. For sure not ideal, but far from really being problematic IMHO.
But other than that I mostly agree, I don't think that the over-engineering is greed driven - but the EU Manufacturers (but honestly, even other ones) have a really hard time with anything software based. Be it in car or outside of it. But BMW is far from the worst on that front.
P.S: VW ODIS original diagnostic is based on Eclipse :D