Beta

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Should I Take Toyota's Software Update?

kdawson posted more than 4 years ago | from the no-brakes-on-the-rolling-dice dept.

Software 750

kiehlster writes "I'm a software developer, and I know that most software has bugs, but how much trust can we put in the many lines of code found in our automobiles? I have a 2009 Camry that is involved in both of the recent Toyota recalls. As part of the floor-mat issue, they're offering to install a software update that would cause 'the brake pedal to take precedence over the gas pedal if both were pressed,' or, as their latest notice states, 'would cut power to the engine if both pedals were pressed.' In the computer world, we're all taught to install firmware updates only if there is a real problem because a large percentage of firmware updates actually brick the hardware or cause other unforeseen consequences. On a base of 100 million lines of code, can I really trust a software update to work safely when it is delivered in a three-month development cycle? My driving habits don't cause the floor mat to slide much, so I see the update as overkill. What do you think? If it doesn't void the warranty, should I tell them to skip the update?"

cancel ×

750 comments

Sorry! There are no comments related to the filter you selected.

You're looking at it wrong. (5, Insightful)

Anonymous Coward | more than 4 years ago | (#31285912)

You already took the 100 million lines of code when you bought the car.

Now do you want the bug fixes, or would you rather find out what a "fatal exception" means in more physical terms?

Re:You're looking at it wrong. (1)

dainbug (678555) | more than 4 years ago | (#31286024)

I'd hope they updated the 100 million lines of code in the Jet I'm flying on.

Re:You're looking at it wrong. (5, Interesting)

Rakshasa Taisab (244699) | more than 4 years ago | (#31286038)

Good luck getting any money from Toyota or your insurance company if you _don't_ take that update.

Besides, there's not 100 million lines of code in _that_ particular part, they won't be updating your blinkenlights firmware and such at the same time.

Re:You're looking at it wrong. (1, Redundant)

Tsunayoshi (789351) | more than 4 years ago | (#31286350)

Good luck getting any money from Toyota or your insurance company if you _don't_ take that update.

+5 for this. (no mods points, sorry :( )

Re:You're looking at it wrong. (5, Informative)

0100010001010011 (652467) | more than 4 years ago | (#31286110)

It's not 100M lines of handwritten code! Every time this comes up everyone (especially those that work with embedded systems) seem to think that there are a ton of code monkeys locked away coding in C or assembly.

I'd be willing to bet that almost all of it is auto generated. Toyota (and nearly everyone else) uses Matlab & Simulink extensively.
The MathWorks tools help Toyota design for the future [mathworks.com] (PDF)

Toyota Racing Development Makes Faster and More Efficient Engineering Decisions with MATLAB [mathworks.com]

A simple PID controler with saturation and limits could easily take up 50 "lines of code".

And it's not like Toyota is Mathworks' sole customer. Boeing, GM, Chrysler, Ford, etc ALL use Mathworks.

Just like nearly everyone that works with CAN uses Vector CANape [vector.com] . Everyone that develops ICE powertrains uses AVL [avl.com]

When you start to get to specialized software like what Matlab, CANape, AVL, etc all do, there aren't a ton of options (and no open source solutions). It's cheaper for all of these companies to buy X product and use it than try to write their own.

Re:You're looking at it wrong. (2, Insightful)

e2d2 (115622) | more than 4 years ago | (#31286348)

It's still 100M lines of code friend, regardless of who or what wrote it.

Re:You're looking at it wrong. (5, Insightful)

Sir_Lewk (967686) | more than 4 years ago | (#31286428)

That's like using the LOC count of a disassembled program written in C to express the size of the original code.

Re:You're looking at it wrong. (1)

jhol13 (1087781) | more than 4 years ago | (#31286370)

I still do not believe the 100 million figure.

It is quite a lot more than KDE, Gnome, Linux, OpenOffice, a couple of SQLs, GNU utilities and compiler collection put together.

BTW, I did not even bother to check how many lines of code those have (in the ballbark "few millions", take or leave one order of magnitude).

From your example there would need to be about 2 million PID controllers ... which is a tad big figure.

Re:You're looking at it wrong. (1)

BarryJacobsen (526926) | more than 4 years ago | (#31286450)

I still do not believe the 100 million figure.

It is quite a lot more than KDE, Gnome, Linux, OpenOffice, a couple of SQLs, GNU utilities and compiler collection put together.

BTW, I did not even bother to check how many lines of code those have (in the ballbark "few millions", take or leave one order of magnitude).

From your example there would need to be about 2 million PID controllers ... which is a tad big figure.

My guess would be when they say 100 million they mean 100 million assembler instructions. I could easily see the high level code of one of those projects taking that many assembler instructions (don't forget to add in the standard libraries which would create instructions).

Disclaimer: I've done zero verification of this, nor have I even looked at the code base of any of those projects.

Re:You're looking at it wrong. (5, Interesting)

je ne sais quoi (987177) | more than 4 years ago | (#31286122)

Not to mention that there is a real chance [ieee.org] this isn't being caused by floor-mats or sticky pedals at all and that it's the software that's causing this in the first place. My gut is to say that their patch is necessary for the same reason why the phone company uses a program whose job it is to go and find memory that is allocated but not being used and free that memory. It's because the system is so complicated that they don't know what's causing the problem and can't find the answer, so this patch acts as a stop-gap to at least cure the symptom if not the disease.

I think you'd have to be nuts not to install it.

He is looking at it wrong... (4, Funny)

Oxford_Comma_Lover (1679530) | more than 4 years ago | (#31286226)

> ''the brake pedal to take precedence over the gas pedal if both were pressed' or, as their latest notice states, 'would cut power to the engine if both pedals were pressed.'

Hint: this is a feature, not a bug. And even if you're reviewing very closely, it's not something that it takes three months to avoid messing up. if(X&&Y) Z=Y;

When the two pedals work at the same time, it can result in pretty horrible accidents. Unless your driving style uses both pedals at the same time in a way that increases your safety (in which case you're James Bond and you don't ask slashdot questions), just take the update.

Re:You're looking at it wrong. (0)

commodore64_love (1445365) | more than 4 years ago | (#31286328)

>>>>would you rather find out what a "fatal exception" means in more physical terms?

No I would not, and I can't believe someone is even asking this question. Toyota cars have a KNOWN bug that, when it occurs, the car accelerates at full throttle and ignores all other signals (even shifting to neutral or pulling the emergency brake). I would RUN to my dealer to get the new code, rather than continue putting my life on the line with a known flawed/mortal program.

BTW:

This issue is making me think all my future cars will be manual shift with a mechanical linkage connecting the engine to the wheels. Like the Honda Insight Hybrid I drive now. Even if my Honda experienced the same bug as Toyotas have, I can disconnect the engine from the wheels, and coast to a stop.

First (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#31285916)

Lawl first!

huh? (4, Insightful)

pele (151312) | more than 4 years ago | (#31285924)

Are you for real?

Re:huh? (5, Informative)

wjsteele (255130) | more than 4 years ago | (#31286116)

Agreed... they've already had problems with it and NOT ACCEPTING the fix for it sounds kind of stupid to me. On second thought, maybe the GP should not accept the fix and let Darwin do his magic. Especially since the logic is so simple... if I'm pressing on the brake, don't give the engine gas. Seems like no brainer to me... I mean the fix, not the GP... on second thought, they both do.

Bill

Re:huh? (0, Troll)

IrquiM (471313) | more than 4 years ago | (#31286410)

It's because of comments like this the word retard is still in use!

Re:huh? (2, Interesting)

dziban303 (540095) | more than 4 years ago | (#31286392)

In the computer world, we're all taught to install firmware updates only if there is a real problem because a large percentage of firmware updates actually brick the hardware

You know, I've never actually bricked anything by upgrading firmware. Routers, mobile phones, DVRs, computers, televisions, even microwave ovens...never bricked anything. I don't know anyone who has bricked a device, either. Am I lucky? Are my friends lucky?

yes (4, Insightful)

samyem (664095) | more than 4 years ago | (#31285926)

yes

Re:yes (5, Insightful)

Anonymous Coward | more than 4 years ago | (#31285962)

Uh - if the dealership "bricks" your car by applying the update they will fix it for free. This question is just plain stupid - get the damn update. If something ever happens and you crash your car the first thing they will say is that you declined to apply their update and so they are not liable.

If it bricks, it's their fault. (4, Informative)

rotide (1015173) | more than 4 years ago | (#31285928)

First, this is about your safety.

Second, if the update bricks your car, that would be Toyota's fault, not yours and I'm pretty sure they would resolve the issue for you free of charge.

Or, you can keep driving a potentially unsafe vehicle on "firmware update" principles.

Re:If it bricks, it's their fault. (2, Funny)

lymond01 (314120) | more than 4 years ago | (#31286026)

What if he's modded out the car -- body kit, $5,000 rims, playstation monitors on the window blinds, booming stereo and sub bolted to the trunk. I mean, it's a Camry, and if a car is meant to be tricked out, it's that perennial family sedan. :-)

Re:If it bricks, it's their fault. (0)

Anonymous Coward | more than 4 years ago | (#31286194)

If it bricks then they have to replace the computer...

If you opt NOT to have the recall done, you actually may violate your warranty. Furthermore, you loose any legal protection in the event of an accident.

There is already one Toyota owner who's in jail because of his run-away car that slammed into someone else and killed three people. This was a year before the public knew about all of this.

Luckily for him, he now has a chance to appeal his case and get set free. Even the familys of the victums are pulling to have him retried now because of the relevation his car was one of these recalled cars.

If you "opt" not to have this issue fixed and your car goes out of control and property is damaged or life harmed, you will not have any defense and be the one that is sued and doing the jail time. Once you opt to not have the recall done, you loose the right to sue or pass blame onto Toyota.

As for firmware updates, etc. What field do you work in again where you dont apply these? Bricked systems from bad updates or firmware updates are rare. And oft times the additional or corrected functionality is much more prefered.

Are you still developing for and on Windows XP with no service packs and security updates? Please tell me what company you work for so that I know to avoid their products...

Umm... yes (5, Insightful)

Anonymous Coward | more than 4 years ago | (#31285930)

Unpatched PCs are bad enough. If I can't go outside because of morons with unpatched cars, I will be very unhappy.

Re:Umm... yes (1)

vtcodger (957785) | more than 4 years ago | (#31286248)

***Unpatched PCs are bad enough. If I can't go outside because of morons with unpatched cars, I will be very unhappy.***

Good thinking. If we brick all the Windows/Ubuntu PCs and all the Toyotas, the roads and intertubes will be free of congestion.

(But on the whole, I think I'd rather that my car wouldn't run than that the accelerator could override the brakes. OTOH, I very much doubt that is the case even without a patch).

Re:Umm... yes (2, Funny)

Archangel Michael (180766) | more than 4 years ago | (#31286418)

You want us to believe you leave your parents basement voluntarily?

Take the update (5, Insightful)

FrYGuY101 (770432) | more than 4 years ago | (#31285936)

If it bricks, the Dealer's going to be the one who has to replace it. As far as I look at it, it's zero risk, financially.

Safety wise, it fixes a known bug.

Take the update.

Re:Take the update (5, Insightful)

Goobermunch (771199) | more than 4 years ago | (#31285986)

A bug that you know about. If, by chance, you find yourself in an accident, and get sued, I doubt a jury is going to look kindly on the "I passed up on the fix for the known bug because I thought it might brick my car" defense. If you pass on the deal, you are essentially taking full responsibility for Toyota's bad code.

That's not a good choice.

--AC

Re:Take the update (1, Flamebait)

Opportunist (166417) | more than 4 years ago | (#31286078)

When it comes to court, the defense would be "I dunno about that crap, I only drive the car, didn't know that there's this ... what? "Firm ware"? Didn't even know there's a computer in my car..."

What? It works any time someone has to go to court who was stupid enough to turn his computer into a spambot! Why shouldn't it work with cars?

Re:Take the update (1)

Lunix Nutcase (1092239) | more than 4 years ago | (#31286444)

Yeah, considering how much public visibility this whole issue has you would be hard-pressed to claim you were ignorant of the patch. Especially if documentation comes out that you went in for the mat change because they will be required to also mention the software patch. Basically, he would lose.

Re:Take the update (1)

Ltap (1572175) | more than 4 years ago | (#31285994)

I second this. It's also very possible that if you didn't take it and the existing software caused a crash, they might be able to claim that you can't sue them because you refused software updates.

Re:Take the update (1)

Shadyman (939863) | more than 4 years ago | (#31286004)

This. IANAL, but I'm guessing if you decline the update and end up crashing into someone because of the faulty software, that's going to be your fault As far as updates go, the Updating-over-OBD2 is fairly foolproof.

Their new slogan (2, Funny)

Rik Sweeney (471717) | more than 4 years ago | (#31285940)

The car in front is a Toyota because the accelerator pedal is stuck down

Re:Their new slogan (1)

FauxPasIII (75900) | more than 4 years ago | (#31286182)

Mock the Week?

Re:Their new slogan (3, Informative)

megamerican (1073936) | more than 4 years ago | (#31286232)

Where was the Spanish Inquisition errr... Congress when Ford had to recall 4.5 million cars [cnn.com] a few months ago due to their cruise control causing fires?

Re:Their new slogan (1)

Singular-One (1754964) | more than 4 years ago | (#31286266)

Maybe for their new slogan they can steal an old one, or atleast repurpose it. "Follow the leader, he's on a Honda.... er Toyota.." Ahh that makes me feel old.

Are you kidding? (4, Interesting)

Spazmania (174582) | more than 4 years ago | (#31285952)

Take the upgrade. Shipping firmware always has bugs. Always. As a system administrator, the first thing I do out of the box is download and install the current firmware while it's still under warranty. And if they brick your computer they'll replace it.

Safety First (4, Funny)

Linker3000 (626634) | more than 4 years ago | (#31285970)

Yes, but make sure you drive the Toyota round a large sandbox for a few days first...maybe you live near a sandy beach or golf course with large bunkers. At a pinch, do your kids have a playpit in the garden? Cat litter tray?

I wouldn't do it (5, Funny)

BadAnalogyGuy (945258) | more than 4 years ago | (#31285976)

There's the chance that the update may turn off any jailbreaks you've already got working. Worst case scenario is that it detects a jailbreak and bricks your car, like you said.

I'd stick with the white hat hackers who are providing jailbreaking instructions and forgo any manufacturer updates.

The worst that can happen is that your car becomes susceptible to the sudden acceleration "problem" and you lose control and wipe out a family or farmer's market. But you're inside the car so you'll be fine.

Plus, you'd have to go down to the dealership and they're going to ask you if you've had any problems and a huge rigmarole just to end up with essentially the same performance you've had all along.

Too many risks and too few benefits. I'd say no.

1st bug found (0)

JoeHockey (1296697) | more than 4 years ago | (#31285982)

So if I understand what this update will do, the next time someone is tailgating you and you tap the brake pedal while still maintaining speed your car will shut itself off? That sounds much safer...

Re:1st bug found (1)

nicholasjay (921044) | more than 4 years ago | (#31286032)

Are you serious? That's not what this does at all. What would happen is that it would cut out your throttle if you are on the brakes, not shut off the car.

Re:1st bug found (0)

Anonymous Coward | more than 4 years ago | (#31286112)

So you don't understand what this update will do. You're also fucking retarded, and you can't drive if you intentionally tap the break while still pressing on the accelerator.

Re:1st bug found (1)

vtcodger (957785) | more than 4 years ago | (#31286404)

***So you don't understand what this update will do. You're also fucking retarded***

He merely read the article which you apparently didn't.

"As part of the floor-mat issue, they're offering to install a software update that would cause 'the brake pedal to take precedence over the gas pedal if both were pressed' or, as their latest notice states, 'would cut power to the engine if both pedals were pressed.'"

You might want to work on your reading comprehension. Until it improves, perhaps a bit of civility would be in order.

Now, if you want to argue that the patch ought to drop the engine back to idle while the brake is depressed, I think you may well be right. I wouldn't be surprised that the patch doesn't do exactly that unless there is some reason that would be a bad idea.

Get the Flash (5, Informative)

nicholasjay (921044) | more than 4 years ago | (#31285984)

There's a lot of cars that have the 'brake takes precedence' feature. The only real reason to not have such a feature is because of trail-braking or hell-toe shifting. Both are racing/performance driving techniques you won't be doing in your Camry. Plus, it is a pure software feature in that if it detects you braking, it will cut throttle. So there's no big issue there.

Also, cars have their computers updated all the time, and it has never been a big deal in the past. The Nissan GTR was the last example that made the news (to cut down on the RPM the launch control used). But really, cars are reflashed all the time. Its not a big deal.

Re:Get the Flash (1)

Nick Number (447026) | more than 4 years ago | (#31286178)

The only real reason to not have such a feature is because of trail-braking or hell-toe shifting.

And you can get reimbursed if something happens during the latter.

Just wait for the dealership to announce that there'll be hell-toe pay.

Re:Get the Flash (1)

mdarksbane (587589) | more than 4 years ago | (#31286240)

You'd be surprised how many camrys I see at auto-cross. I know I'd be mad as hell at any car that decided to cut my engine because I hit the brakes.

Of course, if the OP were into cars or racing he probably wouldn't be asking the question here.

Re:Get the Flash (1)

nicholasjay (921044) | more than 4 years ago | (#31286354)

Very true. People race what they have. How this could be implemented is with a timeout. The car also brake/throttle overlap for a set time, and then if it goes over that time, cut the throttle. That system wouldn't impact heel-toeing at all, and not trail braking either (I guess it depends on the specific corner).

But then you would have people saying that the delay in cutting throttle may cost lives. Somebody with an out-of-control car would have (say) 4 seconds less to get back in control.

Re:Get the Flash (0)

Anonymous Coward | more than 4 years ago | (#31286286)

I thought this was common with all electronic throttles. The VW and BMW closed the throttle if the brake was pressed. I know BMW had electronic throttles on some cars back in 87 (750.)

Apply the update (4, Informative)

Cassini2 (956052) | more than 4 years ago | (#31285990)

Many other manufacturers have already added a similar piece of code. It really doesn't take to long to debug an interlock. Your primary failure mode will be: if the brake pressed switch fails (ie: the tail lights are stuck on), then the car won't run.

Every interlock has a strong tendency to fail into the safe state. Conversely, omitting interlocks tends to result in fail-dangerous failures, which is what Toyota is experiencing.

That is a stupid question! (0)

Anonymous Coward | more than 4 years ago | (#31285992)

First off, no firmware should be between you, the engine and/or the break. That's just ridiculous. Second, the firmware update isn't for the floor mat problem. How would that even make sense? It's because the firmware is faulty to begin with and can cause the accelerator to STUCK FULLY PRESSED. Yes, you want this for your death machine.

Not a Smart Move to Turn Down The Upgrade (1, Interesting)

Anonymous Coward | more than 4 years ago | (#31285998)

IANAL, but if you refuse the software update and your car proceeds to have an accident caused by flaws in the old software, you'll have no legal recourse against Toyota for any deaths, injuries or property damages caused by the software malfunction.

IBTW (0)

Anonymous Coward | more than 4 years ago | (#31286012)

(I.n B.efore T.he W.oz)

((surely, he will reply to story too?))

Fully informed? (1)

Coreigh (185150) | more than 4 years ago | (#31286014)

I thought they determined that this was about more than shifting floor mats; that there is a legitimate problem with the software. You could experience this problem WITHOUT floormats in your car.

I don't drive a Toyota and if I did I could not afford one new enough to have this problem anyway.

sliding floor mats (1)

Em Emalb (452530) | more than 4 years ago | (#31286018)

I'd recommend lubing the bottom of the floor mats so they do slide, that way you do have a requirement for the "firmware upgrade".

Sheesh. The 10million lines of code have been in your car since before you bought it. They didn't re-do all 10 million (or whatever the real number is) they change some that was faulty.

No worries man.

Get 'er done in the words of the "immortal" larry the cable guy.

Liability (0)

Anonymous Coward | more than 4 years ago | (#31286022)

Take the update. If you decline it, you are in an unfortunate legal position if you encounter this difficulty and are interested in some financial response from Toyota. IANAL.

Also, what real information do you have about their testing or development process?

Re:Liability (1)

cedricfox (228565) | more than 4 years ago | (#31286096)

Toyota Japan knew about this problem a year before Toyota US executives claimed they heard about it, which was well before it got into the news. So it could have been brewing for 15 months.

Go for it (1)

JLangbridge (1613103) | more than 4 years ago | (#31286028)

Technically, end users are told not to install firmware upgrades unless told to by a representative, to correct existing problems or dangers. Ok, so most geeks don't hesitate to flash mainboard BIOS chips, and in the worst case, the mainboard boots up form a secondary BIOS to reflash the primary. The point is, mainboard updates are there to correct small issues; memory latency, support for newer CPUs, etc etc. Most of the time, a firmware "bug" will just cause minor annoyances. A firmware "bug" on a car is, potentially, a killer. I know, I'm going to extremes, but the aeronautics industry has a different view on firmware updates. If a bug is found, if a new firmware comes out (passing all the tests), they flash it, end of story. If I were in the same situation, I'd accept any firmware update that comes from a manufacturer that affects critical components. If it only affects the CD player or the wipers, I wouldn't bother, but if it affected the brake pedal, I'd personally go for it. Yes, there are risks, but I still have confidence in a computer flying me with humans "suggesting" actions to a computer every time I fly an Airbus.

It is a fail safe (1)

oracleguy01 (1381327) | more than 4 years ago | (#31286030)

From what I was told, that update is a fail safe. Basically if the throttle is wide open or near wide open and you press on the brakes, it will cause the engine to ignore the throttle position and return to idle.

Not to say that it might not have bugs but also consider that they might be silently patching other bugs they found. If part of this whole sudden acceleration thing was a software glitch, they could use this to keep that under wraps. You probably should just get the update, then at least if there is a future problem they can't point to your refusal to update the software as the cause.

Seriously? (4, Informative)

clone53421 (1310749) | more than 4 years ago | (#31286036)

Take the update.

My driving habits don't cause the floor mat to slide much, so I see the update as overkill.

Perhaps, but didn’t I read about some people who died in a Toyota, presumably from this exact bug, whose floor mat was found secure in their trunk, exactly where Toyota recommended them to put it when they thought the floor mats were causing the accelerator bug?

Absolutely (4, Insightful)

onyxruby (118189) | more than 4 years ago | (#31286042)

Think of this a few different ways. First from a liability standpoint, you are considering actively refusing a fix for a known bug that has killed people. If you ever sell your car and it can be proved you actively refused this you could be on the hook both civilly and criminally. Second from a liability standpoint, Toyota is now assuming liability for this, if they brick your car, they are liable for fixing it. Third, this is a known bug that has killed people, are you bloody nuts? This is not a software bug that results in a software crash, this is a software bug that results in a real world crash!

What? (0)

Anonymous Coward | more than 4 years ago | (#31286062)

The real answer is to find a vehicle that works MECHANICALLY, as it should. If SOFTWARE is involved in what your brake pedal does, updating it doesn't change the fact that you're trusting your life to something that at least partially works in software, which is much more prone to failure than hardware.

To hell with modern cars and their stupidity. This is why I won't buy any new cars and would rather pour my money into an older one for the little I use it. The ideal scenario is to get rid of my stupid money pit completely, but it's not realistic right now.

I hate cars.

Jane, you ignorant slut... (4, Insightful)

HotNeedleOfInquiry (598897) | more than 4 years ago | (#31286082)

In the computer world, we're all taught to install firmware updates only if there is a real problem because a large percentage of firmware updates actually brick the hardware or cause other unforeseen consequences.

Nobody taught you that. You pulled it out of your ass so you'd sound officious and get a post on /.

The vast majority of firmware updates work, fix problems and don't brick devices. Much more of this shit that gets by as posts and I'll be begging for Jon Katz to come back.

Re:Jane, you ignorant slut... (2, Insightful)

Nimey (114278) | more than 4 years ago | (#31286338)

Ah, never thought I'd miss JonKatz, but kdawson makes me wonder sometimes...

Re:Jane, you ignorant slut... (0)

Anonymous Coward | more than 4 years ago | (#31286366)

Um, have you ever heard of GMP? Have you ever been in manufacturing. Some factories (and for very good reason) will _not_ update firmware on sensors and controllers. Why? Because they have developed and tested a process around the existing firmware. If something is _different_ then process safety could be compromised.

Imagine a sensor that had code that always presented the temperature as 20 C degrees too high. So, the engineer tells the heater to turn off when the sensor reads 110 C (and the process is at 90 C). Everything is fine. Now the firmware is updated and it presents the correct temperature. Now the process is at 110 C, water boils and some poor employee is scalded.

No, this does not brick the hardware (which is a much easier problem to solve because you _know_ something went wrong). It is much much worse.

Yes, this is an extreme example. But, when lives are at stake (safety, drug manufacturing) or lots of money (a small factory may cost $100,000 an hour to operate whether it is producing scrap, shut down due to an accident, or manufacturing $200,000 an hour in product) people get very conservative.

no shortage of reckless idiots (3, Insightful)

Anonymous Coward | more than 4 years ago | (#31286092)

So based on vague general principles without any specific knowledge of the engineering issues involved you are refusing to install a manufacturer recommended safety fix. In an accident situation this is arguably evidence of a reckless disregard for human life. Good luck with your insurance company.

Re:no shortage of reckless idiots (0, Flamebait)

Nimey (114278) | more than 4 years ago | (#31286214)

It's a self-correcting problem, at least - the poster may end up removing himself from the gene pool, though one hopes without inconveniencing anybody else.

it is an error catching routine (3, Insightful)

computerchimp (994187) | more than 4 years ago | (#31286094)

Yes. Toyota's mechnical fix may not be the actual fix and the root issue may be a software based one.

The software update is a failsafe, think of it as an error catching routine. All programs can benefit from error catching routines, problem is that programmers don't have enough time to program for every error possibility. Toyota has taken the time to add one to their cars.

cc

If you don't (4, Insightful)

cmiller173 (641510) | more than 4 years ago | (#31286100)

If you don't take the patch and later have the problem you will likely have lost the ability to sue if necessary. Also, if you live in a state with the concept of "contributory negligence" in it's laws you could be found partially or fully at fault for any accidents that would have been prevented by the patch. Eventually insurance companies are going to realize that they could deny claims in accidents if the driver's car is not fully patched. So yes, take the patch

Take the subway - or campaign for one to exist. (3, Funny)

h00manist (800926) | more than 4 years ago | (#31286106)

Take a look at the statistics for death causes for people under 60, and you will find almost everyone who doesn't die old dies in a car. Study why cities are large but there's lots of empty space with no people, and what causes urban sprawl [wikipedia.org] , and you will find roads and parking lots fill all the space. Look at what wasted labor there is in society, and you will find that producing and maintaining one high-price high-waste transportation system per citizen is quite a bit of work when horses managed do to better than that quite some time ago, not to mention electricity and electric computer system transport. And PRT [wikipedia.org] more recently. Then read about pollution, and oil wars. Then get back in your car anyway, without even writing a letter to someone.

Re:Take the subway - or campaign for one to exist. (0)

Anonymous Coward | more than 4 years ago | (#31286342)

Well actually.. lots of car accident deaths involve being thrown from the car or dying in the ambulance so dies in a car is a bit of a misnomer.

100 million LOC (2, Insightful)

Andy Dodd (701) | more than 4 years ago | (#31286118)

Even in the most modern car, I find this hard to believe, unless you include the entertainment/nav system in the count.

In my opinion, it doesn't count since this is typically decoupled heavily from the safety-critical components of the car.

It is usually easier to write bug-free microcontroller code (ECUs and such) than general purpose PC code. Also, the distributed nature of most automotive microcontroller code keeps code separated into nice little easily-testable modules.

There are always exceptions, but it's very rare for a firmware update in a vehicle to cause regressions. Nearly all of the time, "bugs" in vehicular firmware are really unanticipated results of intentional design choices. For example, the Partial EMCC (PEMCC) code in early-1990s Chrysler A604 transmission firmware that slowly trashed torque converters was intended to improve fuel economy by partially engaging the torque converter lockup clutch - it turned out this wore out the clutch FAR faster than any of the mechanical engineers anticipated. In 1993 or so, this feature was removed once its contribution to premature transmission wear was discovered. (So yeah, this was a case where a bug really WAS originally a feature!)

I will say this (2, Interesting)

rubycodez (864176) | more than 4 years ago | (#31286124)

closed source software model so much more fascinating when there is a body count, no?

There is nothing wrong with your toyota (0)

Anonymous Coward | more than 4 years ago | (#31286130)

Does anyone remember the AUDI issues of the late 80s (Audi 5000s). Look it up, same thing. A bunch of mommys claimed there cars were sufforing "sudden acceleration" and running over thier children. Audi explained what they were claiming was not possible and they had just been accidently hitting the accelerator. Well once the press and 60 minutes got ahold of this it became an enormous issue (just like today) so much so that instead of trying to fight the endless and rediculous lawsuits and bad press, Audi simply pulled out of the North American market for a few years until all the nonsense calmed down.

Toyota made the misstake of trying to humour thier customers in the first place (with new floor mats and lubricating pedal linkages, etc), instead of calling them idiots who were accidentaly hitting the accelerator, which is what they actually are!

Re:There is nothing wrong with your toyota (1)

clone53421 (1310749) | more than 4 years ago | (#31286406)

Okay, this isn’t personal experience, but I’ll carefully draw out the connection: My dad’s friend, who is a car dealer (buys cars at auctions, fixes them himself, and sells them), told me this story about another friend of his, who was also into the car business.

It happened quite a while back (no, this problem isn’t just on the new models like people claim). His daughter (typical blond 17-year-old girl) claimed that her brakes randomly went out on her small Toyota. He looked it over, determined that there was nothing wrong with the braking system, and laughed it off assuming that she was a typical blond 17-year-old mistaken girl. She insisted, though; so to prove there was nothing wrong with the car, he traded her cars and drove it for a week or so. It worked perfectly fine until he was about ready to trade her back and tell her she was wrong. Then one day, approaching a stop sign at an intersecting highway, he hit the brakes and nothing happened. He rolled right out onto the highway and got T-boned by a semi. He died and was resuscitated 3 or 4 times on the way to the hospital, according to what I was told.

Are you going to tell him that not only was his daughter wrong, but he’s also an idiot who hit the accelerator instead of the brakes while actually testing the vehicle to make sure the brakes worked?

Liability (1)

nurb432 (527695) | more than 4 years ago | (#31286132)

If you don't, and you have a wreck that is related to the recall, guess who is on the hook? ( one hint, it wont be Toyota or your insurance company )

Yes (1)

wisnoskij (1206448) | more than 4 years ago | (#31286144)

And I would say the main reason for that answer is:
If you do not take the update and get in an accident because of it the insurance company and Toyota will blame you, but if you upgrade and get in an accident because of it you are blameless (you just did what the bid company told you to do).

And we already know that the current software is buggy (that is why they are releasing the update), so trade a known problem for a potential one.

What are the legal liabilities... (0)

Anonymous Coward | more than 4 years ago | (#31286150)

if you don't take it?

If I get hit by an out of control Toyota, and later find that the owner refused a patch, you bet I'm going after them.

Well (2, Insightful)

ShooterNeo (555040) | more than 4 years ago | (#31286176)

100 million lines of code? Where are they getting this number? The entire Microsoft ecosystem is about that many lines of code.

Maybe they mean assembly code? I'd imagine that the microcontrollers that a car uses are probably programmed with lots of bare metal assembly coding.

Welcome to the world of BSDs of computerized cars (1)

The Abused Developer (1730734) | more than 4 years ago | (#31286192)

Ha, I'm not surprised; this is the result of a bogus, old-dated paradigm we submitted to for the sake of backward compatibility - the processing model based on state management. Everybody knows that when the system passes a certain level of complexity it becomes unstable and highly unpredictable because its state management becomes much more harder than the programmers can handle without errors - thanks Turing :-)! So, expect to see more and more BSDs while driving your new, smart, highly expensive and highly inefficient and useless toy. Maybe this will be another good case for refresh and start thinking from the core how we deal in our society with the dependencies on a system which is proven unsustainable ... and becomes deadly dangerous.

I will be getting that firmware update (4, Insightful)

urulokion (597607) | more than 4 years ago | (#31286198)

I have an '09 Prius. And I'll be getting that firmware update. It's a feature they should have included in the first place. It's not the best implementation of the brake override I'd like. What I'd really like to have an electrical circuit connection between the brake pedal and the throttle fly-by-wire assembly. When the circuit is tripped, the throttle position output of the assembly drops to 0 regardless of actual pedal position or sensor position. But that would require new hardware.

I'm getting the update because if the engine does start runaway acceleration, the brakes aren't enough to overcome the hybrid system's output. I know the right thing to do would be to put the car into neutral and get it safely off the road. But I don't react well to stressful situations.

Take the update (1)

Deflatamouse! (132424) | more than 4 years ago | (#31286206)

I work on HP's high end servers that also contains millions lines of firmware.

I've heard of accounts where customers simply refuse to take new firmware because of their prior experience of "bricking" the boxes, and causing days of outage waiting for new blades to be shipped to them. But those usually turn out to be cases of real bad HW defects that the newer firmware has found. But they still insist on running years old firmware that contains tons of nasty bugs.

We all know that software has bugs, and we fix hundreds of them every month. This is not as mission critical as firmware in a car, but it's the same thing. Take the update dammit!

Known Bad vs Unknowns (2, Interesting)

Shihar (153932) | more than 4 years ago | (#31286220)

Well, Toyota is giving hearings on capital hill, they have taken a non-trivial finical hit, and I think their president is one piece of bad news away from sepaku. Yeah, you can probably trust that they did everything in their power not to screw it up. I probably would take a potentially unknown problem on a firmware updates that is being watched by dozens of agencies and internal company auditors over a firmware that is known bad with a questionable dedication to quality. Even if their is a problem, it is a safe bet that it will be detected very early due to the number of eyes on it.

Having been inside of a company that has had to do a recall, I can say that nothing sharpens a company's overzealous safety instincts and risk avoidance mania than a major recall. Recalls, especially the type that Toyota is experiencing, are a complete disaster for the company. They are extremely expensive both in terms of cost and reputation. I am pretty sure that the internal state of Toyota right now is a safety mania that trumps all else that would make a Puppeteer proud. In fact, you can probably rest assured that Toyota is currently wildly overshooting the 'proper' levels of safety. It will probably be a few quarters before they unwind to more reasonable levels.

You need to consider it from the perspective of a manager. If you, as a manager, are in charge of a critical safety component, what is in your best interest? Yeah, you could try and cut a corner and skim an extra 2% profit that your boss might or might not notice, but if it backfires and YOU result in a safety issue, especially in the current environment, you should get a friend with a sword and a basket for your head and save the company the trouble. Right now, kudos in Toyota are earned by being a safety nut and being the one to discover and 'fix' some absurdly low probability safety concern, not for squeezing the budget a little further. Speaking as someone who has been in a company in full recall mode, if there is ever a time to trust that a company really is putting safety first, now is the time.

100 million? More like 1 million (1)

NoSleepDemon (1521253) | more than 4 years ago | (#31286238)

Now I know you just quoted an article, where it is stated that modern cars have around 100 million lines of code, but did you stop to think if this was actually true? Seriously, think about it. 100 million. And you're a software engineer, for real?

I would take it (0)

Anonymous Coward | more than 4 years ago | (#31286242)

I would take the fix. Because if you dont and something happens you cant sue them because they offered a fix. Also with all the stuff going on, they are spending extra time on QA

No Question (0)

Anonymous Coward | more than 4 years ago | (#31286246)

After Toyota's recent failure, now is the best time to get updates! They're being extra vigilant now.

kdawson sucks (0, Troll)

Nimey (114278) | more than 4 years ago | (#31286282)

What possessed you to post such a fucking stupid question? "Hey, I'm a code monkey who writes shitty VB6 for a living, and based on my vast experience with fucking up motherboard BIOS upgrades thanks to my own stupidity, I know that people tend to write bad code."

Goes to show that just because somebody's smart enough to know how to program (or to "edit") doesn't mean he knows a goddamn thing about anything else.

Both pedals? (1)

CAFED00D (1337179) | more than 4 years ago | (#31286292)

Has anyone here, besides me, ever run into a situation where you actually *need* to press both pedals? Crappy gas? Or change in ambient temperature, and suddenly your idle setting is too low?

Toyotaphobia getting out of hand (4, Insightful)

guanxi (216397) | more than 4 years ago | (#31286300)

I think the anti-Toyota mania is getting a little out of hand. The problem caused 34 deaths in 10 years. Given the tens (hundreds?) of millions of Toyotas on the road, it's actually not a big deal. It's an unimaginable tragedy to the people and families that died, and it should be fixed. But as a public safety issue, more people died of lightening strikes and bee stings during that period. Heart disease kills over 1,000 Americans per day. Let's keep it in perspective.

Now we don't trust their firmware updates? I think their safety record is pretty good. You're driving their car at death-defying speeds, aren't you?

The concept of a firmware update for your car is pretty interesting, though.

Ummmmm... (1)

Minwee (522556) | more than 4 years ago | (#31286304)

"My car was recently targeted by a massive recall after five people died and many more were injured due to serious problems with the control software. Since my car has good floor mats I somehow think that I am safe from this and would like to ignore this recall and keep driving despite the danger. Do you all think this is a good idea?"

If that's actually the question that you are asking, and not just the result of a more coherent argument being cut apart by overly zealous editing, then I think it would be a good idea for all of us if you stopped driving altogether.

Pre-Prod (0)

Anonymous Coward | more than 4 years ago | (#31286308)

You mean you don't own a second car and set of roads for pre prod testing?

Placebo Fixes (1)

MrTripps (1306469) | more than 4 years ago | (#31286312)

From what I can tell, no one has found a replicable cause for the "acceleration problem." I'm guessing that a few of these accidents were caused by the biological part that connects the gas pedal, seat, and steering wheel. Still, telling someone that lost four members of their family that the cause was user error just isn't good PR. Floor mats, pedal assemblies, and the firmware update are fake solutions to solve a PR problem, not an engineering problem.

Safety first (0, Redundant)

furball (2853) | more than 4 years ago | (#31286320)

What are the chances you can be harmed sitting behind the wheel of a bricked car?

What are the chances you can be harmed sitting behind the wheel of a car with known safety issues with unpatched firmware?

Right.

I call shanagans. (3, Insightful)

moogied (1175879) | more than 4 years ago | (#31286322)

I highly doubt this guy is a developer. If he was he would understand how fixing a peice of already running software goes... especially with a known bug. Almost all patches are done in short development cycle because its an easy fix once you find what caused it.

To illustrate my point, take a made up piece of code that takes the position of 1 sensor, and uses that to control a servo. Lets say that for whatever reason a peice of the code looks like: ServoPosition =(sensor1 + offset) * ServoOffset

Offset is used to correct for initial installation differences for the sensor, so the sensor can detect where it normally sits at idle(when not pressed) so that it can calculate its real position and not its perceived one. NOW! Lets go one step further and say the offset is suppose to be a static variable the entire time the loop is running.. but what if, WHAT IF, the code doesn't lock the offset variable, and for whatever reason the chip is restarting its program over and over again, increasing the size of the offset variable. Eventually, this could cause the sensors to detect the pedal being floored, when its not. So how do you fix that? Remove the offset variable from the part that could be ran over and over again. Be sure to always set it to 0 when you restart the loop.

And then you wonder if its safe? Really they changed less then 1% of there code you fake developer.

Huh? (1)

Pokey.Clyde (1322667) | more than 4 years ago | (#31286330)

I don't know what world you live in, but I have yet to see a firmware upgrade that "bricks" most of the hardware it is applied to.

Brick (0)

Anonymous Coward | more than 4 years ago | (#31286352)

Most software updates that brick something do not actually cause it to hit a brick wall. This one might. In Soviet Russia, car has engine kill switch. In Soviet Toyota, car switch kills you!

do it for insurance reasons (1)

Madman (84403) | more than 4 years ago | (#31286374)

If you willfully do not accept a safety update and you were in an accident your insurance company could make a case it was your fault for not keeping the car in a roadworthy condition.

I'd get the update.

Firmware policies (1)

plagace (1754968) | more than 4 years ago | (#31286384)

"In the computer world, we're all taught to install firmware updates only if there is a real problem [...]" This is the best way to have a lot of problems. Let see this scenario. A system is in production since 3 years, never got any firmware updates. Someday, a raid controller breaks. A service call is open to get a replacement part. Of course, the replacement part has been flashed with the latest firmware level from the manufacturer. Try to install the new controller, failed. Why? Because the firmware level of the motherboard is too old. Result? You have to upgrade your firmware level in a catastrophic situation where you can't perform a lot of test/validation. Here are the policies I’ve put in place. Rule #1) Firmware must never get older than 1 year except if it's the latest stable available (this ensure we never have catastrophic updates to do in a critical situation because we are never "Too old") Rule #2) Firmware must never be installed in the first month of its release (this leave time to the manufacturer to publish fixes in case of a major problem in the firmware). Keep in mind that in case of hardware failure, you may have to be at a recent firmware level. You can decide if you do the update in a proactive manner or in the middle of a major outage.

something smells funny (1)

khallow (566160) | more than 4 years ago | (#31286396)

A "software developer" is concerned that a software update could mess up their car (a consequence which, as mentioned by smart Slashdotters here, Toyota is liable for). Have they ever updated their operating system on their computer? Probably so. Why did they do that given the risks of bricking the computer? There lies the answer to the question.

Hot Rod Toyota (1)

stuntpope (19736) | more than 4 years ago | (#31286434)

Sounds like this update would prevent using heel and toeing. http://en.wikipedia.org/wiki/Heel-and-toe [wikipedia.org]

But I don't suppose there are many owners taking manual transmission Toyotas to the track.

And to address the question: yes, take the update.

The bug men (1)

Quiet_Desperation (858215) | more than 4 years ago | (#31286452)

Some of the SW guys at my work are becoming convinced the whole problem was in software to begin with. Maybe this is a bug fix posing as something else.

If you don't trust them, then sell the car (1)

gurps_npc (621217) | more than 4 years ago | (#31286454)

Look, either you trust Toyota or you don't. If you don't trust them, then install the update and sell the car or just junk it if you can't find a buyer.

If you do trust them, then install the update and use the vehicle.

But using a car with a known flaw without fixing it is just plain STUPID.

One easy way to do these things is to ask yourself "What would I tell the jury?" What if you are driving a friend home and you get into an accident. Some insurance company sues someone. What would tell the jury? How do you think they would react to your "I didn't trust the update" crap.

If you don't trust the company, get rid of their product. If you do trust them, obey their instructions on fixing their flawed product.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?
or Connect with...

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>