> On my drive home I abruptly had absolutely no acceleration, the gear indicator on the dash started flashing, the power mode indicator disappeared, an alert said shift into park and press the brake + start button, and the check engine light and red wrench lights came on. I was still able to steer and brake with power steering and brakes for maybe 30 seconds before those went out too. After putting it into park and pressing the brake and start button it started back up and I could drive it normally for a little bit, but it happened two more times on my 1.5 mi drive home.
If that happened on the highway I could easily see people being killed.
On a reasonably well constructed car, loss of power steering at highway speeds is barely noticeable. Loss of power brakes is a different story. An inability to actually get all the way off the highway before running out of speed could also be quite dangerous, and a loss of power steering can indeed make it quite difficult to maneuver at low speeds.
I'm shocked (literally) to see there are production vehicles with steer-by-wire. Couple that with OTA updates and you have a vehicle I'd refuse to ride in, much less purchase.
Its wild to me that any car manufacturer would push an OTA update while the vehicle is in motion, or hell, even push one at all instead of having it be user initiated. They didn’t bother to put a simple check in place to make sure the vehicle wasn’t being driven before updating?
And then these manufacturers wonder why people just want them to have a dumb head unit with carplay/android auto. Because they absolutely suck at software and have shown no desire to improve outside of charging people subscriptions for hardware features that are already in the car.
It's impossible on my Tesla. You get a notice to install and a warning that you won't be able to drive for up to 45 minutes. You cannot click install unless the car is in park. You can always decide never to install an update.
This isn't exceptional design on the part of Tesla. It is absolutely baseline common sense. I can't believe it isn't the defacto rule. I guess it might need to be regulated because apparently some companies are THAT untrustworthy.
The Cybertruck is basically the only vehicle with true steer by wire. Infiniti offered cars for a brief time which had clutched steering columns (a truly baffling worst of all worlds solution). Otherwise what people mean is electrical power steering, where a power-off failure means you need to turn the wheel harder (a power-on failure can be very bad and there are a lot of safety systems to limit applied torque so a driver can always override the input).
I think most recently developed large commercial passenger aircraft are completely fly by wire with most controls lacking any physically interlinked backup.
Hopefully I am not too naive, but I think aircraft safety redundancy remains above retail car standards. Also, in aircraft they "have time to solve some problems", versus freeway bumper cars.
More to the point, FAS regulations would absolutely forbid any such event. They probably mandate testing of the updates before returning to airplane to service.
In service to the pun, there is a relatively famous demo of using erlang for embedded development where they show off hot code reloading of a drone's flight software while it's in flight.
Also people say "oh what if fly-by-wire fails" well what if traditional hydraulic controls fail, which has happened plenty in the history of commercial aviation
Everything can and will fail at some point
No redundancy is redundancy enough in some %0.xx of cases. You can always reduce the number, but never make it 0
I work for a medical device manufacturer, and software absolutely can be designed to be just as reliable as physical systems, but the development and testing process looks completely different than a developing a mobile app. Things slow WAY down: if you want to change one line of code, it'll take literally weeks before it makes it to a production environment because of all the testing, documentation, justification, and human approvals. I imagine flight safety systems are subject to a similar level of rigor.
Large planes are all fly by wire. In a commercial airplane, you're talking about moving maybe a quarter-ton of metal for the rudder alone, and against high wind speeds. There is no way to move those without powerful servo motors.
I'm still stunned by Captain Haynes's grace under pressure:
Sioux City Approach: "United Two Thirty-Two Heavy, the wind's currently three six zero at one one; three sixty at eleven. You're cleared to land on any runway."
Haynes: "[laughter] Roger. [laughter] You want to be particular and make it a runway, huh?"
"The contamination caused what is known as a hard alpha inclusion, where a contaminant particle in a metal alloy causes the metal around it to become brittle. The brittle titanium around the impurity then cracked during forging and fell out during final machining, leaving a cavity with microscopic cracks at the edges. For the next 18 years, the crack grew slightly each time the engine was powered up and brought to operating temperature. Eventually, the crack broke open, causing the disk to fail."
The cybertruck steer by wire IIRC has dual redundant everything including power supplies (the redundant one is powered by a DC-DC converter from the HV battery)
Multi-version approaches to developing software aren't as good at reducing common-mode failures as many people expect[1].
[1] J. C. Knight and N. G. Leveson, “An experimental evaluation of the assumption of independence in multiversion programming,” IIEEE Trans. Software Eng., vol. SE-12, no. 1, pp. 96–109, Jan. 1986, doi: 10.1109/TSE.1986.6312924.
All the electrical steering columns designs I've seen have used redundant sensors (often groups of them) specifically for that reason. The physical steering wheel to the shaft is still a SPOF, but it's also a "dumb" part where the only failure cases are mechanical. Eliminating failures there is straightforward engineering.
Yeah, I should have spent an extra 10 seconds thinking of the problem here and I'd have realised you can have multiple sensors going to different software on one steering column...
You might need to stop dealing with cars made recently then. While steer-by-wire isn't so common, the number of cars with entirely digital drive-by-wire throttles would likely bother you.
Honda: "all Honda models use Drive-by-Wire technology" (for the accelerator pedal).
While throttle/acceleration isn't steering, if you're uncomfortable with the underlying concept of a potentiometer and a microcontroller and a small motor on the other end being used to control a vehicle and consider it unproven technology, then you'd need to avoid most new cars in order to be logically consistent.
Well, at some point you won't have a choice. The government is going to ban ICE vehicles, tax the existing ones, and all the electrics will be everything by wire.
I for one cannot wait for my nuclear powered steering mechanism. The reactor is of course used to generate steam pressure to actuate the steering arms, the car is powered by normal batteries.
Not steer-by-"wire" exactly but in the 1970s and 1980s Citroën had cars with "DIRAVI" steering. In normal operation there was no direct mechanical link between the steering wheel and road wheels. The whole thing was a big hydraulic servo, with "resistance" applied to the steering wheel using a heart-shaped cam, a big spring, and a small hydraulic piston that had progressively more pressure behind it based on road speed.
If you let the steering wheel go it would spring back to the middle even with the car at a standstill because of the resistance cam.
If it lost hydraulic pressure while you were driving there was still generally enough in the system to allow you to pull over safely, and you could drive for much longer distances if you could cope with about a quarter of a turn of "play" in the steering wheel. With no pressure at all, turning the steering wheel would move the shuttle valve in the steering controller until it bottomed out and then the linkage would just turn the pinion on the steering rack, which was normally used for servo feedback. Uncomfortable, but acceptable for "get off the road" situations.
The hydraulic system also worked the self-levelling suspension, the fully-powered braking system (similar to the WABCO systems on a lot of more modern vehicles), and on some manual gearbox models the clutch.
Not really "drive by wire", because it's not electronic, but it really is a system where the steering rack could be fully decoupled from the steering wheel.
You are being downvoted and the replies so far aren't helping you understand why your statement is very wrong.
"Steer by wire" means there is nothing but copper signal wires between your steering wheel and the front wheels. Your steering wheel is essentially a video game controller.
This has nothing to do with the car's mode of propulsion though, and both EVs and ICE cars can have steer by wire controls. So far, it's only the cybertruck that has this paradigm, all other EV's all have normal power steering.
For normal power steering systems there are two types: hydraulic and electric. Both types have a solid steel shaft between your steering wheel and the front wheels. You can remove the engine/motor completely, and you'll still be able to steer the car. The hydraulic or electric motor merely helps you turn the wheel, nothing more. Hydraulic is being phased out for electric in both EVs and ICE vehicles.
Steer shafts are being phased out. Electronic power steering has nothing to do with what I'm talking about. Manufacturers want fully electric, fully autonomous cars. If the computer is driving the car 99% of the time, they'll argue that having a steering shaft is totally unnecessary.
For whatever reason, manufacturers aren't trying to make fully autonomous ICE vehicles.
> Well, at some point you won't have a choice. The government is going to ban ICE vehicles, tax the existing ones, and all the electrics will be everything by wire.
Driving forces could be interpreted as wrong, but they’re probably correct about orders and outcome:
Step 1 is policy/goal for California [1].
Step 2 decades old policy in Europe (and recently canceled in Canada?), as vehicle carbon tax. There’s also EV tax credits of course, which are practically identical, from the purchasing perspective - “If I buy ice, I pay this much more in taxes”.
I’ve really enjoyed it on mine. Steer by wire enables progressive steering. Having to turn the wheel over and over in other cars to maneuver in parking lots seems laughably primitive now in comparison.
I think there are only a couple of cars that are steer-by-wire.
The Infinity Q50, QX50, QX55 and QX60 (with backup that connects upon electric failure).
Without backup, but triple redundancy, can be found in the Tesla Cybertruck. But I'd take that redundancy with a grain of salt as they don't have the best track record telling you the truth.
That said, I really with companies would go back to the good old hydraulic steering. I don't need self-parking. But self-parking needs at least electric steering (with our without steering column).
I've lost power steering on my dad's F250 once. It was incredibly noticeable, since I had to crank the wheel like a ship from the age of sail in order to get onto the shoulder.
I guess you could argue that it wasn't a reasonably well constructed car.
I lost power steering every day during the winter in my old car, when the engine stalled while coasting through a particular intersection, and I was busy re-starting it and negotiating the turn.
It's amazing how much more reliable cars have gotten. You used to be always on the alert for some critical function to fail spontaneously, and also listening for warning signs.
I had flaky power steering on an old Lexus LS400, and it would stop working for minutes at a time, more or less at random. At 40mph, I could generally tell that it wasn’t working but there was no meaningful extra difficulty when steering. At 15-20mph it was quite a bit harder to steer. At 5mph, it took some real force to steer. At parking speeds, it was very hard to make the large wheel movements needed to park. At a full stop it was almost impossible.
In general, this wasn’t especially hazardous, since I rarely needed to move the wheel very far while moving at very low speed in a place where other cars could be a hazard.
(Yes, I got this fixed. And the old LS400 cars were extremely well designed and built.)
My comment was explicitly about how physically difficult it was to turn the wheel. I had to crank it over far as well, in order to get off the highway.
The amount you turn the wheel is identical [0] with or without power steering, unless perhaps you have one of the weird variable turn ratio systems. In a conventional power steering system, the steering wheel is linked to the wheels, and the power steering applies torque to help you turn the wheel but does not change the relationship between the steering wheel and the wheels.
[0] Almost identical. The steering has some flex, and the amount it flexes is related to how much torque you apply. But this is a tiny effect.
Losing power steering would be no big deal. Anything that caused a sudden loss in forward velocity worries me.
There's construction on the Interstate highway in my area with lanes that have no "breakdown" space ("contraflow" lanes). I would be terrified to lose power in that lane. I would be worried about getting rear-ended and / or causing a pile-up.
Lost power steering at highway speeds in my '91 Corolla a couple of decades back. Didn't notice on the highway (belt just made a loud pang and I thought "What the heck was that?"), but as soon as I took an exit and had to turn at the light, I seriously had to muscle the wheel over. Good learning experience about what power steering offers.
It did happen on the highway to my sister. She was in the middle lane but luckily had the space to get to the side. Managed to start it again and get off the highway where it did it again and wouldn’t start after that.
I suspect it did happen on the highway for some people, that would explain the disabled Jeep sitting on the (minimal in construction zone) left shoulder of an expressway that I drove past yesterday. I just figured there'd been a fender bender in the already terrible construction traffic and the second vehicle hadn't moved on yet.
My assumption is that the HN audience is not perfectly gaussian distribution of the population but probably not extremely far from it.
So can someone who owns a modern car please help me understand why you would buy a car that has the mere capability to be remotely shut off?
A vehicle is a personal safety device, that allows for independent travel away from bad things and towards safe things. That is one of the most critical aspects of a vehicle.
Assuming that one of the most critical times you might need a vehicle is fleeing oppression, having a remote switch off as a possible vector to impede your escape is an existential threat and basically makes one of the core reasons to have a vehicle moot.
My assumption is that most people are not thinking about their vehicle as one of the most critical tools for freedom.
Having traveled the world and lived in war zones, vehicles are life savers and it’s insane to me that anyone would allow a possibility for someone else, specifically corporations and governments with major power levers, to even have the ability to stop that remotely.
If one wants to buy a modern car, and one cares about preserving disconnected functionality, one just needs to research if there's a workable fallback mechanism.
Or, you know, deal with the 20mpg but a vehicle that will last until the heat death of the universe #2uzfeClub
It’s only a sophie’s choice if you’re really bad at math, if not you’ll take your chances with the kill switch thing that’s never been confirmed to hurt anyone over the thing that kills tens of thousands of Americans a year.
There is a UK company that puts engines with mechanical fuel pumps in newer cars. Particularly newer landrovers. £10k ugrade, and the last car you need ever buy.
Don't buy modern cars. There is a real movement to keep driving cars from circa 2010. This was around peak car for me. You could still block off the egr valve, remove the cat and any dpf nonsense. No 'driving aids' to distract and infuriate me. No touch screens to distract and infuriate me. No software updates. Can still get over 50mpg. My car is going to keep being fixed as long as it is viable.
If I tested my emissions using UK MOT standards before and after removing the cat and egr, and showed both an improvement and a pass, would that still be problematic for you?
I am not sure everyone is speaking the same language here. A UK gallon is 25% bigger than a US gallon, so UK mpg is correspondingly higher. Also the testing is presumably different, so numbers measured in the UK are not comparable with US numbers even taking account gallon size differences.
I assume the questioner is asking about US mpg? The Prius was there for sure in US mpg (just, at 51mpg), not sure about others.
* The 2010 Toyota Prius had 51 mpg.
* Volkswagen Golf TDI Bluemotion (Diesel, around 62 mpg)
* Volkswagen Polo Bluemotion (also Diesel, closer to 71 mpg)
* Peugeot 3008 Hybrid4 (Diesel, around 68 mpg, some tests speak about 74 mpg when driven with some sense.)
Can you point me to the directive/regulation that states that? I am in the EU and I'm not aware of any such thing. I have two cars that are 2006-2008 models and I am not planning on replacing them.
There are EU-wide mandatory air quality standards that get stricter as time passes and that are being enforced through low emissions zones which practically make diesel cars illegal. This may not be the case in your country yet but it will arrive with time.
Regarding driving aids, some cities in my European country are looking to make them mandatory in the city centre.
Overall this is being done to keep poor people from driving.
My nearly 30-year-old Range Rover is fully ULEZ compliant nearly everywhere in Europe except Paris, because it can run on propane which only really emits water and warm carbon dioxide when it burns - no "smog", no NOx, no HC, no CO, none of that.
Annoyingly in post-Brexit Britain I need to wait two years until is *is* 30 years old to drive in ULEZ zones. It was fine until Brexit kicked in - yet another Conservative disasterpiece.
1. They don’t know that can happen. The salesman doesn’t point it out.
2. They figure all cars will be that way soon so why worry about it.
3. It’s never happened to anyone before so why worry about it.
4. We don’t know anyone who has ever had to flee from oppression in their car so why worry about it. And this is America, if that’s what we’re worried about we’ll stock up on ammo.
> So can someone who owns a modern car please help me understand why you would buy a car that has the mere capability to be remotely shut off?
In practice, getting t-boned at an intersection where I have the right of way is a much greater risk to me than my car getting shut off, so it makes sense to optimize for safety in the former case.
You’ve got me thinking. I drive a Chinese made EV. If China ever had a nuclear war with the west they would definitely brick all of the cars they’ve sold us. Also it doesn’t have to be China that issues the command. Remote shutoff of cars is a great cyber warfare target.
I’ve looked at the fuse box for my car and found the fuse that powers the Ariel Module. Removing this fuse breaks GPS and all cellular connectivity. Hopefully it breaks automatic updates. I am tempted to leave it disconnected to see if my car skips an update.
The rest of the car works fine. If the political situation heats up then I can remove this fuse to isolate my car from the internet.
Some people connect a toggle switch in place of this fuse so they can leave the car disconnected from the internet when they are not using online functions.
I would be surprised if simply removing a fuse voids my warranty.
Like smart TVs, the only possible alternative is buying a 10 year old model on the secondhand market. Vehicles without these features have not been produced in a long time
Of course they're not mass-market and will be lacking on some other bullet point features, but if you really care about your TV not turning into an ad billboard in 2 years, they're the way to go.
Or never wire the tv. Thats what I did. Everything runs through my Apple TV (admittedly captured by my years of employment there) but could just as well run through a Kodi instance
Realistically I would be cycling out of my city because if there was anyone else except me running from oppression, we would be all caught in the same traffic jam.
I happen to live on the outskirts, but there are several choke points where it would be really easy to set up a barrier. Those choke points apply to cars mostly.
> So can someone who owns a modern car please help me understand why you would buy a car that has the mere capability to be remotely shut off?
That’s not what is going on here. These cars are not being intentionally shut down remotely. Instead, a software update for some computerized components of the car was pushed down to the cars and installed with the owners permissions, but that update apparently has severe bugs that should have been caught by QA.
This is a distinction without a difference. Intentional or not, these vehicles were disabled remotely.
Even if the owner gave permission to install the update, I would strongly wager that they did not give concurrent permission for the update to change the behavior of the vehicle.
Of course, I sincerely doubt the EULA offers any way to separate those permissions; you are all in, or you are all out. Assuming that you even have an option to opt out.
And that’s exactly why these cars can never be trusted under any circumstances, ever.
if you really mean help you understand why and that wasn't a rhetorical exageration, it's not hard to understand.
Most people have a variety of things they are looking for in a car they want to purchase, and other factors are more important to them than this one, which they figure probably won't happen anyway. There may be few options that aren't updateable over the air, and those options don't meet their other criteria -- if they even get that deep into considering it, which they probably don't, they just aren't really thinking about it. But even if they did. you don't have the option of buying your perfect fantasy car. I'd like to buy a car with manual mechanical controls instead of touch screen controls, but there aren't that many options for that either, and they may not meet my other needs.
Same reason people buy most things these days: convenience. Do you own a cell phone? It can be remotely updated (and even shut down by malicious actors), yet most people own one and don't think twice about it.
> So can someone who owns a modern car please help me understand why you would buy a car that has the mere capability to be remotely shut off?
Because afaik, all the modern cars have this as a 'feature', but there's lots of other nice features they have.
The best of both worlds right now is an earlier modern car where the 2g/3g modem can no longer connect to the outside world. Even better if you can pull the modem, but they're usually up behind a lot of trim.
Wouldn't it make sense to keep your prepper car in the garage (next to the welder) and low-mileage? Use the one with fancy electronics as a daily driver and hope the revolution doesn't happen during your commute.
Don’t even have to push a button nowadays. That convenience is apparently worth the risks. It’s really nice to not have to have keys or worry about turning the car off or on.
> why you would buy a car that has the mere capability to be remotely shut off
One answer to this I would presume is: there are no other new cars for sale without this flaw.
Why there aren't regulations or forced options in the market without these functions (as well as with physical control knobs instead of touch surfaces) is a good question too. There is huge demand for cars without most of this nonsense, yet I don't see that demand being met.
I doubt anyone wants a car whose infotainment system can be improperly updated to cause catastrophic power and engine failure while driving, if given this information and a choice to avoid it.
The more cynical/conspiratorial among us (myself included) have come to the conclusion that this demand isn't being met because powerful people want it this way.
I think most “techies” know in their gut what causes this and where it’s heading - I remember doing PC repair post first dot com crash (first bankruptcy) and the amount of shit shovelled onto consumer PCs (every device manufacturer had its own weird set of drivers, drivers installers, app), every piece of software put something in there, let alone what MSFT started you out with. All of it trying to be “user friendly” whilst achieve it the opposite
We are going to see this play out in every device (car, fridge, TV) that is not locked down by the OEM (apple gets a lot of kudos and knocks for this)
Cars are going to be the front line of this war- it’s not a “right to repair” it’s “a right to have good defaults” and “no upselling opportunities” (I think of it as there are no commercial businesses anymore - just utilities who give clearly defined service that have clear APIs and endpoints.
Sadly I think the world will head towards a point where I will make a fortune selling Augmented vision glasses that remove the adverts reality …
It should be a "right to not have product forced on you." When I buy a device, whether it is a car, a refrigerator, or an application, I want that thing that I saw in the store, as it exists on the store shelf, including the features and capabilities. I do not expect that I am going to maintain some kind of ongoing relationship with the manufacturer where they get to modify my device at their whim over the air.
Manufacturers should feel free to offer updates. If the user feels the tradeoffs make sense, then they should be free to accept updates. But this business where the manufacturer thinks they are somehow entitled to mess around with a product you've already purchased from them has got to end. It's not their product anymore, it's yours.
> It should be a "right to not have product forced on you."
Even better, a "right to modify everything you own, in any way you like". Don't you like the micro-controller installed by the manufacturer? Buy another one, with the correct firmware programmed from scratch, and swap it off.
We are already well into a new era of software, in which software can be programmed by itself, especially Rust. What is missing is money transactions for software companies and their employees located everywhere in the world.
"Devices with no surprises". Retail shops in conjuction with electronics engineers put new controllers in everything and re-sell it. Open source software, auditable by anyone and modified at will.
Programs for every car, every refrigerator etc cannot be programmed by a company located in one place, not even 10 places. It has to be a truly global company.
In other words, I want your device, I don't want your closed source software.
Are you willing to indemnify the manufacturer from any liability for anything that might go wrong on the car from then on? No factory warranty once you make changes. Potentially losing access to recall repairs because of the changes you made. In this age of software the entire car is increasingly designed holistically. The engineer might decide to use a particular grade of aluminum on a control arm knowing that the controller software is designed to never exceed certain limits.
> Are you willing to indemnify the manufacturer from any liability [..] No factory warranty once you make changes.
Car manufacturers have figured out how to make expensive cars with good materials and very safe as well. The problem is cheap cars, which can be much more defective and dangerous to drive.
There is a solution to that though. 10-50 people combining their buying power, getting an expensive car and time sharing their usage of it. A mix between public transportation, robo-taxi and personal ownership.
> The engineer might decide to use a particular grade of aluminum on a control arm [..]
That's a problem indeed, a 3d printer for example might be off by some millimeters in some dimension, the manufacturer accounts for that in software and it prints well afterwards. What kind of materials are used is important for sure, but the properties of metals used in the car can be made public, especially if the manufacturer is paid premium and just sold an expensive car instead of a cheap one.
The thing with software though, is that it can be infinitely extended and modified. I can have ten thousand programs more running in my computer tomorrow, with no change to anything physical. Physical stuff need to be manufactured, transported, warehoused, so there is always a limit.
Consumers want always more stuff, if 10 programs are available they want 10 programs. If 100 programs are available they want 100 programs. It never ends. Proprietary software is not ideal there.
Problem with that is that if it's an online product then the manufacturer also _must_ provide updates to keep the device secure so that it continues to do whatever they sold you in the first place.
Also, adding features on its own is great, but obviously stuff like what happened here can't be allowed to happen, and those Samsung or LG smart fridges that became advertising boards is obviously also not acceptable...
Easy to call the bullshit out, hard to actually define the responsibilities of a manufacturer in a law.
The manufacturer must offer updates to keep the devices secure, but it should never be able to force those updates onto already-purchased devices. The choice should always be with the user.
I don't disagree, but if we end up in a situation where users are negatively affected because they chose not to update for fear of shit like this happening, that's not a great position either.
Its the CFAA for you and me, but not for corporate thee.
Sony was the first mass application of "lol nope, we sold a feature we decided to remove. Too bad". If our government cared about citizenry, this should have been a criminal and civil case both, under computer fraud and abuse act. But no criminal anything was done, and users go what, $20, 10 years after the fact?
If I did this, I'd be rotting in a jailcell for 20 years.
I think the end customer shares some of the blame for the current state of things. Cars have gotten worse and worse reliability wise since 2010. Yet sales only continue to increase. People don't own cars any more, they simply see them as a $500 a month payment and once they get too annoyed with it, they just go and get a different one. I don't know about other manufacturers, but with everything GMC, all dealer repair shops are independent. GM does not make any money off of those, therefore they are only interested in giving you another car and another payment plan. How many times of you heard someone trash talking a specific model? "That car was a POS! I took it back to the dealer and got a different one" Yea you sure showed them....
It's not quite that. It's features you never asked for being forced upon you by the market with hardly any uncompromised alternatives without these misfeatures.
I live in a city so I don't need a car, but if I had to buy one, "it should not have a network interface" would be my most important requirement. "It should not have a video display" would be a secondary one. If I had to buy a car with a network interface, I would do my best to neutralize it to make sure it stays 100% offline.
At least if you open a "smart" fridge/dishwasher/washer/dryer/etc, it's basically the same old cost-optimized bare-bones design (maybe one or two extra sensors for special marketing bullet point features), and then all of the "smarts" is on a control board that could mostly just be replaced (ECM motors seem to be the exception to this, and even those are straightforward to design a circuit to drive).
Whereas the problem is that cars have had computers for a long time (eg ECU, ABS, entertainment), then those started getting connected together locally via CAN, then finally they added an Internet connection for surveillance and control. So the centralizing proprietary software tentacles go deep into the car in a way that's not easy to remove or replace.
There is the black box approach of disabling network interfaces, but I could even see that going away - cannot contact network -> car cannot be sure that warranty recalls have been done in a timely fashion -> disable itself after a month until you "take it to a dealer" (or reconnect the cell backhaul).
I didn't say it was a good enough option. It's just one of the only self-help options we have. And my point was that it is even less applicable to cars.
> Roslin: It tells people things like where the restroom is, and-
> Adama: It's an integrated computer network, and I will not have it aboard this ship.
> Roslin: I heard you're one of those people. You're actually afraid of computers.
> Adama: No, there are many computers on this ship. But they're not networked.
> Roslin: A computerized network would simply make it faster and easier for the teachers to be able to teach-
> Adama: Let me explain something to you. Many good men and women lost their lives aboard this ship because someone wanted a faster computer to make life easier. I'm sorry that I'm inconveniencing you or the teachers, but I will not allow a networked computerized system to be placed on this ship while I'm in command. Is that clear?
If it's not user recoverable at the time, and it renders the product as useless as a brick, then it seems like the most accurate word to use, from the customer perspective. Some people will prefer stricter semantics, sure. It was later still able to download and apply updates over the air to undo the problem, so it was a milder form of bricking.
I've had some pretty nasty brickings of devices, like overwriting the bootloader, that I've been able to recover from by getting it into some barely documented system on chip mode with a special cable, booting a new bootloader into RAM via the cable, and reflashing that way. One could go to the extreme and say any flash storage chip where all software bits are directly writable by a factory tool is technically unbrickable. But the customers won't see it that way.
It's also not literally a brick, regardless of future functionality. The ability to metaphorically compare it to a brick doesn't seem to hinge critically on whether the metaphorical brick is a permanent metaphorical brick or a temporary metaphorical brick.
Sure. I’m not going to nitpick exactly how long or how severely something has been rendered inoperable. If somebody wants to refer to their phone as a brick because they’re camping and forgot the charger, that doesn’t bother me.
I’m just pushing back on the idea that “bricked” is some random word with no meaning whatsoever.
Hard to imagine unrecoverable device. Maybe physically melting it into the brick will do the job. In any other case it is recoverable: you can replace whole memory with a bootloader, other corrupted modules and recover device.
I think this may have more to do with a combination of insufficient imagination and fault-tolerant manufacturing.
There are plenty of devices that can be rendered inoperable via non-physical destruction. There used to be more of them, but manufacturers try to make it impossible because it’s a support nightmare.
If you can desolder and replace a few ball grid array ICs and then get Linux running on it, it was never True Scotsman's fired clay brick bricked. It was only Lego brick bricked.
I've "bricked" many automotive systems where they weren't truly unrecoverable, but doing so involved another team disassembling them. The parts were cheaper to throw out instead.
Being strict about the word "bricked" and limiting it to the truly unrecoverable situations just makes it nigh-on useless.
Very few things can make a modern system truly unrecoverable if one is willing to pour unreasonable resources into them. It's incredibly common to be in a situation where a system is unrecoverable by you though. There's no practical difference between these two except that one depends on the surrounding context.
There are a thousand ways to describe this without misusing and ruining a word like “bricked”.
Being strict about a word makes it more useful, not useless. A useless word is one with no identifiable meaning, one which requires copious clarifications, or one which invites confusion and debate instead of delivering meaning.
I actually think your first sentence is a spot on definition for 'bricked'. However, this specific scenario does not meet the criteria you've defined. Nobody is throwing out their car because it was only temporarily disabled. Another OTA update fixed it minutes later.
Most automotive systems would be bricked by this definition. Very little of the tooling is open source/publicly available, reprogramming is usually a specific, non-default mode gated by passwords or cryptography and inaccessible to end users.
How about "catastrophic"? Or "total failure"? Or "we can't find the word to convey the severity"?
Anything else than words that already have existing meanings. With that motivation, they could have said "... update that exploded all ..." since it's a really severe situation, but obviously we/they should use words that has the right meaning instead.
"Jeep just pushed an update that was catastrophic to all 2024..."
"Jeep just pushed an update that was a total failure to all 2024..."
Idk... Doesn't have a very good ring, because "catastrophic" and "total failure" in the realm of tech usually means something that if you try again it could possibly work.
As I said, I agree that "brick" is a good word, I just don't think any of the alternatives are any better.
> A brick (or bricked device) is an electronic device, specially consumer electronics (such as a mobile device, game console, computer, etc.) that is no longer functional.
This is why I don't want auto-updates in most of the things I own.
It's just a crutch for manufacturers to ship half-baked products, and an attack vector for the next generation of shitty engineers they hire to damage my property.
> For anyone that incurred a towing cost or a diagnostic fee (or any other related expense), we will assist in reimbursing or canceling any fees. This will commence on Monday.
"we will assist" - a guarantee so lukewarm, you could put it in an icebox to keep your food fresh for a week.
Jeep is horrible. I was gifted a 2007 Jeep Commander, which was Jeep's "answer" to the Hummer. This was in like 2017, so it was 10 years old at that point. Anyways, it wouldn't shift into 4x4 mode, and after some internet sleuthing I found out there was a (now second) firmware update the dealership could do to hopefully fix the issue. I don't remember the exact details, but basically there was a hardware flaw in the module controlling the transfer case, and when it failed the vehicle would go into neutral, which obviously could be quite dangerous depending on where you were parked / what you were doing.
Instead of fixing the actual hardware issue, they did a recall that was some sort of black magic with a firmware update to "fix" the issue. According to the internet, this fix temporarily worked, with pretty much all of them failing again, conveniently after the vehicle was out of warranty.
Anyways, there was a second firmware update, that I had done 10 years after the vehicle was made, that more or less actually "fixed" the issue. Apparently the issue (according to Jeep forums, so take with a grain of salt) was due to some traces being undersized on the PCB, so the fix was to drop the voltage and/or current being sent, and then more or less disabling the safety sensors that would complain about low voltage. After the second firmware update, it would shift into 4x4 about 1 out of 4 attempts (otherwise just failing with "couldn't shift into 4x4" on the screen), and that was the final thing that could be done.
It took Jeep about 4 or 5 years to issue that final firmware update, probably to try and avoid a class action lawsuit over 90% of the vehicles 4x4 system failing just outside of the warranty period!
Allowing owners to choose when to install updates would address many issues. Most updates are uneventful, but I’d prefer to install them when I’m at home in my driveway rather than while road-tripping in a rural area, 90 miles from the nearest dealer, or rushing to meet a nonrefundable hotel reservation.
My new Audi lets me turn off telemetry (at least it claims it does), but it complains every single time I turn the car on and makes me confirm two "no, I don't want to turn it back on" dialogs each time. It will also sometimes (I haven't figure out a pattern) tell my phone to auto-load the Audi app when I get in the car, for no useful reason, and then the app complains that it can't get the data it wants because I turned the data off. It's exceedingly obnoxious.
Mazda claims that they will disable telemetry via the TCU, but when I asked the dealership about it they looked at me like I was speaking a different language. I couldn’t get anyone who knew anything about it and ended up leaving. It’s insane to me that I have to go through hoops to OPT OUT of this stuff, and I had no choice to even opt in.
You might need to dig around for the codes, but with tools like OBDeleven, I've found that on my Audis most of the things that are like that can be turned off. I've done all sorts of things, from adding a gauge sweep (even though it's digital, I like the effect) to turning off the seatbelt warning (my partner unbuckles when we get in the cul-de-sac) to customizing the keyfob (in summer I can open the sunroof with a long press of one of the buttons), etc.
A very very minor contribution to my choice to buy a VW ID.4 is that a number of people reported that pulling the modem's (user-accessible) fuse is fine, and just disables remote connectivity as you'd expect.
(I haven't actually done that, but I abstractly like the option being available)
In my current car, if I disconnect the modem I lose the left front speaker and the microphone for the infotainment unit. Just noting for context, on this "I will just do XYZ theory."
This is why I bought a fiesta. There is nearly no "smart" stuff in it. Everything is still mostly analog and very user friendly. Plus the ST is one of the most fun cars you can drive.
To me there's a difference between an offline ECU that just locally monitors sensors and controls components, and a connected modem and software updates. The former seems perfectly reasonable, and necessary for things like abs, which is obviously a good thing.
Can confirm and they were shit. The transmission control module died on mine which means the car is dead. The TCM also died on everybody else's fiesta and fusion for a multi-year model span. I could not get a new one for 8 months while it sat in a garage.
The parent has a Fiesta ST which has never included a TCM.
The powershift dual clutch transmissions had many shoddy model years, but the manual Fiestas were pretty reliable. I drove my 2011 model until earlier this year without any major problems.
Would you? I think that EU mandates a mobile connect for emergency services (eCall), but can you point out a legislation which forbits the owner to disable it in the vehicle they own?
The EU-wide "911 eCall" system records your location at all times and has a cellular modem connected to government systems. It is illegal to disable this system. If you still do so, there are fines, and your insurance is no longer considered fully valid in case of an accident.
You asked for specific legislation. For the Netherlands and our "APK" system, the relevant rule is under "Geluidssignaalinrichtingen en eCall", article 5.2.71 of the APK handboek, issued by our Rijksdienst voor het Wegverkeer.
In the EU, automatic surveillance cameras on the side of the road enforce this APK system, so if you do disable the eCall system, you will fail your APK, and you will automatically receive a fine. Even if you don't leave your driveway, the government is working hard to keep you safe; government camera surveillance cars drive around constantly, scanning your license plates, cross-referencing surveillance images with other government databases to automatically issue fines if you step out of line.
I really don't think there's anything to worry about, though; to quote another comment of mine:
>Thankfully, we're safe. Car software is notoriously high quality and rarely hacked. All governments are fully trustworthy, especially around espionage and privacy, and have a perfect track record of never lying to the public.
>Look, the European Commission stated that it cannot be hacked; "hackers cannot take control of it", from ec.europa.eu. They built an unhackable device. I am not sure what you could be worried about. If the government tells you something cannot be hacked, then it cannot be hacked. Furthermore, none of the EU member states have been found using other infrastructure to violate privacy laws.
They'll have to find you first, which (without a cell modem and GPS) would be an undertaking. The cell antenna "accidentally" falling off or the cable developing a fatigue break after the connector might be easier to explain. A Faraday bag comes to mind, as well.
I'd like to laugh about this because it's one of the things I love about my 2010 Camaro which wound up in a fairly sweet spot of having the basic tech I want (Bluetooth to the radio) without a lot of the nanny stuff I don't, but I once upgraded the operating system with two USB keys containing a bunch of C# from a stranger on the Internet who said he worked at GM. You had to open the driver side door between the first and second USB keys to make the process work.
In Time is a 2011 American science fiction action film written, co-produced, and directed by Andrew Niccol. Justin Timberlake and Amanda Seyfried star as inhabitants of a society that uses time from one's lifespan as its primary currency, with each individual possessing a clock on their arm that counts down how long they have to live.
I’m a huge car guy (race spec Miata, have 7 cars, etc etc).
You will never EVER catch me in a car connected to the internet (this includes all the precious new EVs). Especially a Chrysler product. Look up how they were hacked in 2015…
There's this video [1] linked in the Twitter post, showing how the problem manifests itself and with other (presumably also) Jeep 4xe owners commenting that they had experienced the exact same issue.
Disturbing — this kind of progress sucks! I want reliable things that I own that are under my own control. We should all stop immediately buying this out-of-our-own-control stuff!
No attack suspected here. Nonetheless, it exposes an often under appreciated attack vector. It is scary how easy it will be for a motivated actor to cause chaos by just bricking stuff en masse.
I assume this is related to the new feature that lets you start the engine without being able to drive the car (it’s called “lock start” or something like that).
And the Wrangler is the only Stellantis brand that still has some value. Yet somehow, they’re finding a way to ruin even that.
Jeep parts and frames and cabs are plentiful in the right circles, you can still build out a good wrangler (2.4 or 2.5 or 3L) for less money than a new car, and know your computer is planted firmly under the driver's seat and not connecting to anything.
The American Heritage Museum in Massachusetts is raffling off a 1944 Ford GPW jeep in fully restored condition. Pretty sure there are no computers in that one! But sorry, floor mounted Browning 50 cal machine gun is a replica.
Cars have been using software since the 90s, hence 'electronic' fuel injection. Really the only thing different these days is stupid over the air updates that can brick shit. Otherwise you'd have to carry it into the dealer to get flashed or a new module put in.
> A wrangler using software just does not "compute" to me.
In the case of this Jeep bug causing engine shutoff and power failure, it was an update to the infotainment system! It's easy to compute that these infotainment systems run software; what's crazy is updates to them can cause catastrophic failure to powering the car and ability of the car to drive.
Tried to buy from amazon.fr recently, had feeling like it is designed and developed by people never used online shopping. It's almost impossible to find products.
And if you try to set English language it simply cannot show list with products. Ridiculous for their billions.
In a past life I had a Wall of Shame of headlines on firmware update fails.
The lesson was you built firmware updates upfront and right into your development process so it became a non-event. You put in lots of tests, including automatic verification and rollback recovery. You made it so everyone was 100% comfortable pushing out updates, like every hour. It wasn't this big, scary release thing.
You did binary deltas so each update was small, and trickle download during down-time. You did A/B partitions, or if you had flash space, A/B/C updates (current firmware, new update, last known good one). Bricking devices and recalls are expensive and cause reputational damage. Adding OTA requires WiFi, BLE, or cell, which increases BOM cost and backend support. Trade-off is manual updates requiring dealership visits or on-site tech support calls with USB keys. It doesn't scale well. For consumer devices, it leads to lots of unpatched, out-of-date devices, increasing support costs and legal risk. OTA also lets you push out in stages and do blue-green deployment testing.
For security, you had on-device asymmetric encryption keys and signed each update, then rolled the keys so if someone reverse-engineered the firmware, it wouldn't be a total loss. Ideally add a TPM to the BOM with multiple key slots and a HW encryption engine. Anyone thinking about shipping unencrypted firmware, or baking symmetric encryption keys into firmware should be publicly flogged.
You also needed a data migration system so user-customizations aren't wiped out. My newish car, to this day, resets most user settings when it gets an OTA. No wonder people turn off automatic updates.
The really good systems also used realistic device simulators to measure impact before even pushing things out. And you definitely tested for communication failures and interruptions. Like, yoink out a power-line mid-update and then watch what happens after power is back on. Yes, it's costly and time-consuming, but consider the alternatives.
The ones that failed the most were when they spent months or years developing the basic system, then tacked on update at the end as part of deployment. Since firmware update wasn't as sexy as developing cool new tech, this was doled out to lower-tier devs who didn't know what they were doing. Also, doing it at the end of the project meant it was often the least-tested feature.
The other sin was waiting months before rolling out updates, so there were lots of changes packed into one update, which made a small failure have a huge blast radius.
These were all technical management failures. Designing a robust update system should be right up-front in the project plan, built by your best engineers, then including it in the CI/CD pipeline.
Just for context, the worst headline I had was for update failure in a line of hospital infant incubators.
I was driving 65 on the left lane of the highway when my car started slowing down. It started saying to put it into P and to push to start. The car was off and I couldn’t accelerate! I almost crashed trying to get onto the right lane shoulder. 4 lanes over before it completely stopped and caused a huge accident They are saying it’s something with an update jeep is doing and the cars are just stopping! There were 4 jeep wranglers on the side of the highway as I tried driving to the nearest dealership 25min. It turned off 3 times
Will Jeep reimburse me if I get a loaner while my car is at the dealership? My dealership doesn’t provide loaner vehicles
If vehicles always still had to go back to the dealer for any type of recall, I would say that might have maintained a higher standard of what is supposed to pass for finished goods coming out of a factory.
The safety implications in this case really drive that home.
The forum thread is more chilling. It seems they released a fix that they pushed silently. You can't verify if you installed the silent update yourself the support rep needs to use your vin in an internal tool to check if the fix is applied. "Park your car in an area with good cell coverage. Wait 10 minutes and do a reboot." After that I can try driving my car and hope the update went through?
Absolutely insane.
some poor bastard owns a jeep, an amazon tv and samsung fridge and phone, and is stuck at home bieng force fed adds for jeeps on his tv fridge and phone
Asking for proof is not complaining. Back in my day, being able to request and see verification of claims was considered a benefit of communicating via internet.
Following this logic, everything posted to HN should have someone commenting asking for "proof" because a single article isn't "verified". Do you see how pointless this is?
It's literally a complaint so you're wrong, not that there's anything inherently wrong with complaining.
But it's dumb he called the poster on another website a complainer for daring to be upset about his car shutting off. There's no moral superiority for posting (complaining) here rather than there.
What kind of proof can be shown that'll be accepted by most people as proof of a bricked car after an automated software update? No matter what's shown, I can easily think of alternative explanations.
There is absolutely no way an OTA update should be able to impact anything powertrain related, it should be limited to the infotainment system and accessories. PCM updates should require a hard connection to the vehicle's OBD port at the dealership/mechanic (or a home user with the appropriate software and cable). NHTSA should investigate this.
Tesla has been doing these OTA powertrain updates for over a decade. It's totally fine when you follow best practices and do good QA. Stellantis doesn't QA.
This reads like an OTA to the infotainment that messed up powertrain somehow. Plenty of manufacturers successfully OTA powertrain these days by using A/B flashing (the B flash programs while the car drives, next key cycle swaps to B and flashes A in background, next key cycle back to A, done).
My suspicion is that this was either a CAN saturation issue (ie - infotainment started sending a high priority message which could reach powertrain CAN) or a state management issue (ie - infotainment sent a “put modules to sleep” or “wake modules” message which was not handled correctly and caused one or more modules to transition to an invalid state for driving).
> My suspicion is that this was either a CAN saturation issue (ie - infotainment started sending a high priority message which could reach powertrain CAN) or a state management issue (ie - infotainment sent a “put modules to sleep” or “wake modules” message which was not handled correctly and caused one or more modules to transition to an invalid state for driving).
The fact that this possible proves the point: OTA updates are dangerous and should be banned.
I don’t agree that OTA should be banned, but I do think that additionally restricting in-motion OTA could be reasonable. OTA which is always opt in and modal is no different from diagnostic port updates except that it cuts out the need for a dealer visit. This seems fine to me.
Yeah I am fine with OTA updates affecting anything as long as they are explicitly opt-in. I'd support mandating a physical switch that controls the power to the modem to be present.
I didn't read too deeply but I bet the drivetime failures were because the issue manifested after the vehicle started operating. A rolling FOTA update seems like it would not be certified and would be harder to implement anyway.
This would also mean the A/B failover would need to identify the problem as a bad update rather than a bug that pops up minutes later.
This update was for the infotainment system. To your point, that system should somehow be air-gapped from affecting the engine and power. There's way too much coupling of all this software and electrical components.
For the sake of answering you: through dedicated physical switches (such as Ferrari's famous manettino).
What I really think: my car shouldn't have any bullshit "modes" to select from. Tune it once at the factory to some reasonable compromise, and perhaps make certain settings writable through the OBD port, and that will be it.
I suppose you could have independent, air-gapped cockpit drive control systems and infotainment systems. It's probably less ecomomical and automatic e911 would be harder to do.
At a bare minimum any EV driver is going to want two power delivery modes. Jeep people surely don't want to plug in an OBD dongle when they go off road.
This is chilling (from https://www.jlwranglerforums.com/forum/threads/2024-4xe-loss...):
> On my drive home I abruptly had absolutely no acceleration, the gear indicator on the dash started flashing, the power mode indicator disappeared, an alert said shift into park and press the brake + start button, and the check engine light and red wrench lights came on. I was still able to steer and brake with power steering and brakes for maybe 30 seconds before those went out too. After putting it into park and pressing the brake and start button it started back up and I could drive it normally for a little bit, but it happened two more times on my 1.5 mi drive home.
If that happened on the highway I could easily see people being killed.
On a reasonably well constructed car, loss of power steering at highway speeds is barely noticeable. Loss of power brakes is a different story. An inability to actually get all the way off the highway before running out of speed could also be quite dangerous, and a loss of power steering can indeed make it quite difficult to maneuver at low speeds.
If its drive-by-wire steering, then isn't loss of power steering the same as loss of all steering?
I'm shocked (literally) to see there are production vehicles with steer-by-wire. Couple that with OTA updates and you have a vehicle I'd refuse to ride in, much less purchase.
Its wild to me that any car manufacturer would push an OTA update while the vehicle is in motion, or hell, even push one at all instead of having it be user initiated. They didn’t bother to put a simple check in place to make sure the vehicle wasn’t being driven before updating?
And then these manufacturers wonder why people just want them to have a dumb head unit with carplay/android auto. Because they absolutely suck at software and have shown no desire to improve outside of charging people subscriptions for hardware features that are already in the car.
It's impossible on my Tesla. You get a notice to install and a warning that you won't be able to drive for up to 45 minutes. You cannot click install unless the car is in park. You can always decide never to install an update.
This isn't exceptional design on the part of Tesla. It is absolutely baseline common sense. I can't believe it isn't the defacto rule. I guess it might need to be regulated because apparently some companies are THAT untrustworthy.
All regulations are written in blood.
Car could have been updated before trip, and some stackoverflow error can happen same time later while in traffic.
The Cybertruck is basically the only vehicle with true steer by wire. Infiniti offered cars for a brief time which had clutched steering columns (a truly baffling worst of all worlds solution). Otherwise what people mean is electrical power steering, where a power-off failure means you need to turn the wheel harder (a power-on failure can be very bad and there are a lot of safety systems to limit applied torque so a driver can always override the input).
> The Cybertruck is basically the only vehicle with true steer by wire.
It really is "The Homer" of cars isn't it.
I think most recently developed large commercial passenger aircraft are completely fly by wire with most controls lacking any physically interlinked backup.
Thinking of this somehow reminded me of the most harrowing aircraft disaster that I've ever read about: https://en.wikipedia.org/wiki/United_Airlines_Flight_232
It's both tragic because half of the passengers were killed but also miraculous that anyone survived at all.
Hopefully I am not too naive, but I think aircraft safety redundancy remains above retail car standards. Also, in aircraft they "have time to solve some problems", versus freeway bumper cars.
I also don't believe they install OTA updates while in flight.
More to the point, FAS regulations would absolutely forbid any such event. They probably mandate testing of the updates before returning to airplane to service.
Completely unlike the safety standards for cars.
Although if they did it would give a fantastic new meaning to "over the air" :-)
In service to the pun, there is a relatively famous demo of using erlang for embedded development where they show off hot code reloading of a drone's flight software while it's in flight.
https://www.youtube.com/watch?v=XQS9SECCp1I
Yeah
Also people say "oh what if fly-by-wire fails" well what if traditional hydraulic controls fail, which has happened plenty in the history of commercial aviation
Everything can and will fail at some point
No redundancy is redundancy enough in some %0.xx of cases. You can always reduce the number, but never make it 0
The reliability of software is so bad this is an absurd comparison.
This is a safety standards issue not a "software" issue. Standards for airplane software are very high
Most planes have been fly-by-wire for decades and aren't regularly falling out of the sky
I work for a medical device manufacturer, and software absolutely can be designed to be just as reliable as physical systems, but the development and testing process looks completely different than a developing a mobile app. Things slow WAY down: if you want to change one line of code, it'll take literally weeks before it makes it to a production environment because of all the testing, documentation, justification, and human approvals. I imagine flight safety systems are subject to a similar level of rigor.
Indeed, but read the link I posted above if you're interested in a fascinating case of failed redundancy.
Engaging version by the incredible Admiral Cloudberg:
https://admiralcloudberg.medium.com/fields-of-fortune-the-cr...
Large planes are all fly by wire. In a commercial airplane, you're talking about moving maybe a quarter-ton of metal for the rudder alone, and against high wind speeds. There is no way to move those without powerful servo motors.
They use hydraulics, not necessarily fly-by-wire and servos. But when they lose the engines, then they lose hydraulic pressure.
There's APU and/or RAT to fallback on in case of the rare dual engine failure.
I'm still stunned by Captain Haynes's grace under pressure:
Sioux City Approach: "United Two Thirty-Two Heavy, the wind's currently three six zero at one one; three sixty at eleven. You're cleared to land on any runway."
Haynes: "[laughter] Roger. [laughter] You want to be particular and make it a runway, huh?"
And here's a truly excellent long form article on the crash by the always excellent Admiral Cloudberg: https://admiralcloudberg.medium.com/fields-of-fortune-the-cr...
"The contamination caused what is known as a hard alpha inclusion, where a contaminant particle in a metal alloy causes the metal around it to become brittle. The brittle titanium around the impurity then cracked during forging and fell out during final machining, leaving a cavity with microscopic cracks at the edges. For the next 18 years, the crack grew slightly each time the engine was powered up and brought to operating temperature. Eventually, the crack broke open, causing the disk to fail."
The cybertruck steer by wire IIRC has dual redundant everything including power supplies (the redundant one is powered by a DC-DC converter from the HV battery)
That's great, but are they also running redundant, independently-developed software stacks? Because software failure seems to be the issue here.
Multi-version approaches to developing software aren't as good at reducing common-mode failures as many people expect[1].
[1] J. C. Knight and N. G. Leveson, “An experimental evaluation of the assumption of independence in multiversion programming,” IIEEE Trans. Software Eng., vol. SE-12, no. 1, pp. 96–109, Jan. 1986, doi: 10.1109/TSE.1986.6312924.
Disregard me, I'm dumb.
All the electrical steering columns designs I've seen have used redundant sensors (often groups of them) specifically for that reason. The physical steering wheel to the shaft is still a SPOF, but it's also a "dumb" part where the only failure cases are mechanical. Eliminating failures there is straightforward engineering.
Yeah, I should have spent an extra 10 seconds thinking of the problem here and I'd have realised you can have multiple sensors going to different software on one steering column...
Whats so shocking? Did you ever study them? Any ideas of their design and failsafe modes?
Or are you just posting just for engagement?
You might need to stop dealing with cars made recently then. While steer-by-wire isn't so common, the number of cars with entirely digital drive-by-wire throttles would likely bother you.
Honda: "all Honda models use Drive-by-Wire technology" (for the accelerator pedal).
https://www.hondainfocenter.com/Shared-Technologies/Engines/...
Subaru's used it in a bunch of vehicles for decades: https://www.ultimatesubaru.org/forum/topic/70486-what-year-d...
Most new Toyotas, Ford, etc.
While throttle/acceleration isn't steering, if you're uncomfortable with the underlying concept of a potentiometer and a microcontroller and a small motor on the other end being used to control a vehicle and consider it unproven technology, then you'd need to avoid most new cars in order to be logically consistent.
Well, at some point you won't have a choice. The government is going to ban ICE vehicles, tax the existing ones, and all the electrics will be everything by wire.
There is literally no relationship between propulsion tech and steering mechanism.
I for one cannot wait for my nuclear powered steering mechanism. The reactor is of course used to generate steam pressure to actuate the steering arms, the car is powered by normal batteries.
Which ICE vehicles are completely steer by wire?
Not steer-by-"wire" exactly but in the 1970s and 1980s Citroën had cars with "DIRAVI" steering. In normal operation there was no direct mechanical link between the steering wheel and road wheels. The whole thing was a big hydraulic servo, with "resistance" applied to the steering wheel using a heart-shaped cam, a big spring, and a small hydraulic piston that had progressively more pressure behind it based on road speed.
If you let the steering wheel go it would spring back to the middle even with the car at a standstill because of the resistance cam.
If it lost hydraulic pressure while you were driving there was still generally enough in the system to allow you to pull over safely, and you could drive for much longer distances if you could cope with about a quarter of a turn of "play" in the steering wheel. With no pressure at all, turning the steering wheel would move the shuttle valve in the steering controller until it bottomed out and then the linkage would just turn the pinion on the steering rack, which was normally used for servo feedback. Uncomfortable, but acceptable for "get off the road" situations.
The hydraulic system also worked the self-levelling suspension, the fully-powered braking system (similar to the WABCO systems on a lot of more modern vehicles), and on some manual gearbox models the clutch.
Not really "drive by wire", because it's not electronic, but it really is a system where the steering rack could be fully decoupled from the steering wheel.
You are being downvoted and the replies so far aren't helping you understand why your statement is very wrong.
"Steer by wire" means there is nothing but copper signal wires between your steering wheel and the front wheels. Your steering wheel is essentially a video game controller.
This has nothing to do with the car's mode of propulsion though, and both EVs and ICE cars can have steer by wire controls. So far, it's only the cybertruck that has this paradigm, all other EV's all have normal power steering.
For normal power steering systems there are two types: hydraulic and electric. Both types have a solid steel shaft between your steering wheel and the front wheels. You can remove the engine/motor completely, and you'll still be able to steer the car. The hydraulic or electric motor merely helps you turn the wheel, nothing more. Hydraulic is being phased out for electric in both EVs and ICE vehicles.
Steer shafts are being phased out. Electronic power steering has nothing to do with what I'm talking about. Manufacturers want fully electric, fully autonomous cars. If the computer is driving the car 99% of the time, they'll argue that having a steering shaft is totally unnecessary.
For whatever reason, manufacturers aren't trying to make fully autonomous ICE vehicles.
> Well, at some point you won't have a choice. The government is going to ban ICE vehicles, tax the existing ones, and all the electrics will be everything by wire.
Crackpot uncle level of conspiratorial thinking.
Driving forces could be interpreted as wrong, but they’re probably correct about orders and outcome:
Step 1 is policy/goal for California [1].
Step 2 decades old policy in Europe (and recently canceled in Canada?), as vehicle carbon tax. There’s also EV tax credits of course, which are practically identical, from the purchasing perspective - “If I buy ice, I pay this much more in taxes”.
Step 3 is a potential market driven eventuality.
[1] https://www.reuters.com/sustainability/california-sets-goal-...
2035 in the EU, if nothing changes, will be the end of sale of new ICE passenger cars. It's not that far.
(Technically they will not be banned, there will only be a huge fine for the manufacturer for each one sold.)
What do you mean? Many places are already banning or heavily taxing new ICE vehicles.
If its drive-by-wire steering…
Which it isn’t. What production passenger vehicles have no steering column? (EDIT: oh, yeah, forgot about Cybertruck.)
Cybertruck for one. I searched and found several, some without any manual backup. That's crazy to me.
There are many passenger vehicles with brake-by-wire, but only one I'm aware of with steer-by-wire: cybertruck
Tesla Cybertruck, Lexus RZ 450e, Nio ET9, Toyota bZ4X
https://en.wikipedia.org/wiki/Steer-by-wire
E.g. the cybertruck. It will also be more common as vehicles become more automated.
The cyber truck, tragically.
I’ve really enjoyed it on mine. Steer by wire enables progressive steering. Having to turn the wheel over and over in other cars to maneuver in parking lots seems laughably primitive now in comparison.
I think there are only a couple of cars that are steer-by-wire.
The Infinity Q50, QX50, QX55 and QX60 (with backup that connects upon electric failure).
Without backup, but triple redundancy, can be found in the Tesla Cybertruck. But I'd take that redundancy with a grain of salt as they don't have the best track record telling you the truth.
That said, I really with companies would go back to the good old hydraulic steering. I don't need self-parking. But self-parking needs at least electric steering (with our without steering column).
> self-parking needs at least electric steering
You can control a hydraulic system automatically. That's literally what ABS braking is on the same cars already.
Which vehicles other than the Cybertruck have drive by wire steering? To my knowledge it's the only one without a physical steering column...
I've lost power steering on my dad's F250 once. It was incredibly noticeable, since I had to crank the wheel like a ship from the age of sail in order to get onto the shoulder.
I guess you could argue that it wasn't a reasonably well constructed car.
I lost power steering every day during the winter in my old car, when the engine stalled while coasting through a particular intersection, and I was busy re-starting it and negotiating the turn.
It's amazing how much more reliable cars have gotten. You used to be always on the alert for some critical function to fail spontaneously, and also listening for warning signs.
Is that more or less dangerous than being complacent with a vehicle that 'never goes wrong', then suddenly fails, I wonder?
I'm pretty sure that driving a car that has to be restarted in the middle of an intersection is more dangerous.
I'd look at the accident stats, which I honestly don't know. But my hunch is that the newer cars are safer.
I had flaky power steering on an old Lexus LS400, and it would stop working for minutes at a time, more or less at random. At 40mph, I could generally tell that it wasn’t working but there was no meaningful extra difficulty when steering. At 15-20mph it was quite a bit harder to steer. At 5mph, it took some real force to steer. At parking speeds, it was very hard to make the large wheel movements needed to park. At a full stop it was almost impossible.
In general, this wasn’t especially hazardous, since I rarely needed to move the wheel very far while moving at very low speed in a place where other cars could be a hazard.
(Yes, I got this fixed. And the old LS400 cars were extremely well designed and built.)
In most situations a rudder is very, very gentle on the hands. You rarely have to crank down hard.
Did you mean tiller? These are hardly found on larger ships. I still like them for how much better you feel sail balance.
I think the comment was about how noticeably _far_ they needed to turn the wheel not how hard it was to turn it.
My comment was explicitly about how physically difficult it was to turn the wheel. I had to crank it over far as well, in order to get off the highway.
The amount you turn the wheel is identical [0] with or without power steering, unless perhaps you have one of the weird variable turn ratio systems. In a conventional power steering system, the steering wheel is linked to the wheels, and the power steering applies torque to help you turn the wheel but does not change the relationship between the steering wheel and the wheels.
[0] Almost identical. The steering has some flex, and the amount it flexes is related to how much torque you apply. But this is a tiny effect.
Losing power steering would be no big deal. Anything that caused a sudden loss in forward velocity worries me.
There's construction on the Interstate highway in my area with lanes that have no "breakdown" space ("contraflow" lanes). I would be terrified to lose power in that lane. I would be worried about getting rear-ended and / or causing a pile-up.
Loss of power steering is definitely noticeable. Especially when it comes to getting off the freeway.
Lost power steering at highway speeds in my '91 Corolla a couple of decades back. Didn't notice on the highway (belt just made a loud pang and I thought "What the heck was that?"), but as soon as I took an exit and had to turn at the light, I seriously had to muscle the wheel over. Good learning experience about what power steering offers.
It did happen on the highway to my sister. She was in the middle lane but luckily had the space to get to the side. Managed to start it again and get off the highway where it did it again and wouldn’t start after that.
Very scary.
I suspect it did happen on the highway for some people, that would explain the disabled Jeep sitting on the (minimal in construction zone) left shoulder of an expressway that I drove past yesterday. I just figured there'd been a fender bender in the already terrible construction traffic and the second vehicle hadn't moved on yet.
If I owned a Jeep I'd be dumping it off at CarMax first thing Monday morning.
I’d keep it and consult my lawyer first.
My assumption is that the HN audience is not perfectly gaussian distribution of the population but probably not extremely far from it.
So can someone who owns a modern car please help me understand why you would buy a car that has the mere capability to be remotely shut off?
A vehicle is a personal safety device, that allows for independent travel away from bad things and towards safe things. That is one of the most critical aspects of a vehicle.
Assuming that one of the most critical times you might need a vehicle is fleeing oppression, having a remote switch off as a possible vector to impede your escape is an existential threat and basically makes one of the core reasons to have a vehicle moot.
My assumption is that most people are not thinking about their vehicle as one of the most critical tools for freedom.
Having traveled the world and lived in war zones, vehicles are life savers and it’s insane to me that anyone would allow a possibility for someone else, specifically corporations and governments with major power levers, to even have the ability to stop that remotely.
Given the increasing computerization of modern cars, how could you possibly verify that this wasn’t possible on *any* car you buy?
The only way I can think of is “don’t buy a car made within the last 25 years”
This is why some hardcore folks go ‘trad diesel’. Just glowplugs and mechanical parts!
Notably, you have to go back to 70’ish era to get that kind of equipment. Almost everything else has some kind of ECU.
Cellular connections didn’t start becoming somewhat common until the late 90’s-early 2000’s though.
So, either a modern safe car with a remote killswitch or a deathtrap car that will kill you in many exciting ways. Sophie's choice of cars.
Or something that's engineered in such a way as to be modifiable into a desired disconnected state.
E.g. 5th gen Toyota 4Runners: https://www.4runners.com/threads/how-to-disconnect-the-track...
If one wants to buy a modern car, and one cares about preserving disconnected functionality, one just needs to research if there's a workable fallback mechanism.
Or, you know, deal with the 20mpg but a vehicle that will last until the heat death of the universe #2uzfeClub
It’s only a sophie’s choice if you’re really bad at math, if not you’ll take your chances with the kill switch thing that’s never been confirmed to hurt anyone over the thing that kills tens of thousands of Americans a year.
I was being facetious, I'd take the remote killswitch car over the deathtrap any time.
There is a UK company that puts engines with mechanical fuel pumps in newer cars. Particularly newer landrovers. £10k ugrade, and the last car you need ever buy.
https://dieselpumpuk.com/
I have a 92 civic it certainly can’t be remotely shut off.
I also have 2008 mazda3. Great reliable car. Also no connectivity whatsoever.
You can usually delete the modem on your car.
Correct
I will not buy a post patriot act vehicle
Don't buy modern cars. There is a real movement to keep driving cars from circa 2010. This was around peak car for me. You could still block off the egr valve, remove the cat and any dpf nonsense. No 'driving aids' to distract and infuriate me. No touch screens to distract and infuriate me. No software updates. Can still get over 50mpg. My car is going to keep being fixed as long as it is viable.
Deleting the cat is straight up delinquency.
As is disabling the EGR system.
EGR makes emissions worse. It was the wrong fix for the wrong problem.
Diesel vehicles now have SCR and AdBlue, which fixes the problem properly, but they still have the EGR defect.
If I tested my emissions using UK MOT standards before and after removing the cat and egr, and showed both an improvement and a pass, would that still be problematic for you?
OK, I'll bite. Name 2 or more cars from 2010 that got better than 50mpg. I'll wait.........
I am not sure everyone is speaking the same language here. A UK gallon is 25% bigger than a US gallon, so UK mpg is correspondingly higher. Also the testing is presumably different, so numbers measured in the UK are not comparable with US numbers even taking account gallon size differences.
I assume the questioner is asking about US mpg? The Prius was there for sure in US mpg (just, at 51mpg), not sure about others.
Pretty much anything with a 1600cc-ish diesel engine, from Europe.
Ford Transit Connect, for example, which could just about do 60mpg on a steady 70mph motorway run.
* The 2010 Toyota Prius had 51 mpg. * Volkswagen Golf TDI Bluemotion (Diesel, around 62 mpg) * Volkswagen Polo Bluemotion (also Diesel, closer to 71 mpg) * Peugeot 3008 Hybrid4 (Diesel, around 68 mpg, some tests speak about 74 mpg when driven with some sense.)
Unfortunately increasingly illegal in the EU because of the ULEZs, mandatory driving aids, etc.
Buying a car from 2010 is a guarantee that you won't be able to drive it in 5-10 years..
Can you point me to the directive/regulation that states that? I am in the EU and I'm not aware of any such thing. I have two cars that are 2006-2008 models and I am not planning on replacing them.
There are EU-wide mandatory air quality standards that get stricter as time passes and that are being enforced through low emissions zones which practically make diesel cars illegal. This may not be the case in your country yet but it will arrive with time.
Regarding driving aids, some cities in my European country are looking to make them mandatory in the city centre.
Overall this is being done to keep poor people from driving.
My nearly 30-year-old Range Rover is fully ULEZ compliant nearly everywhere in Europe except Paris, because it can run on propane which only really emits water and warm carbon dioxide when it burns - no "smog", no NOx, no HC, no CO, none of that.
Annoyingly in post-Brexit Britain I need to wait two years until is *is* 30 years old to drive in ULEZ zones. It was fine until Brexit kicked in - yet another Conservative disasterpiece.
> Assuming that one of the most critical times you might need a vehicle is fleeing oppression
That's a hell of an assumption.
If we're talking about population distributions, I would argue that "having lived in war zones" puts you well outside the center of the curve.
It is extremely far from it in the US, I promise.
But direct answers:
1. They don’t know that can happen. The salesman doesn’t point it out.
2. They figure all cars will be that way soon so why worry about it.
3. It’s never happened to anyone before so why worry about it.
4. We don’t know anyone who has ever had to flee from oppression in their car so why worry about it. And this is America, if that’s what we’re worried about we’ll stock up on ammo.
Etc
> So can someone who owns a modern car please help me understand why you would buy a car that has the mere capability to be remotely shut off?
In practice, getting t-boned at an intersection where I have the right of way is a much greater risk to me than my car getting shut off, so it makes sense to optimize for safety in the former case.
You’ve got me thinking. I drive a Chinese made EV. If China ever had a nuclear war with the west they would definitely brick all of the cars they’ve sold us. Also it doesn’t have to be China that issues the command. Remote shutoff of cars is a great cyber warfare target.
Disable brakes and set acceleration to max, on all of them simultaneously, would have rather bigger impact than switching them off.
I’ve looked at the fuse box for my car and found the fuse that powers the Ariel Module. Removing this fuse breaks GPS and all cellular connectivity. Hopefully it breaks automatic updates. I am tempted to leave it disconnected to see if my car skips an update.
The rest of the car works fine. If the political situation heats up then I can remove this fuse to isolate my car from the internet.
Some people connect a toggle switch in place of this fuse so they can leave the car disconnected from the internet when they are not using online functions.
I would be surprised if simply removing a fuse voids my warranty.
Like smart TVs, the only possible alternative is buying a 10 year old model on the secondhand market. Vehicles without these features have not been produced in a long time
Dumb TVs are still being made. I bought this Sharp commercial TV just last year: https://www.amazon.com/dp/B0CCMXNRFH
Of course they're not mass-market and will be lacking on some other bullet point features, but if you really care about your TV not turning into an ad billboard in 2 years, they're the way to go.
Or never wire the tv. Thats what I did. Everything runs through my Apple TV (admittedly captured by my years of employment there) but could just as well run through a Kodi instance
Realistically I would be cycling out of my city because if there was anyone else except me running from oppression, we would be all caught in the same traffic jam.
I happen to live on the outskirts, but there are several choke points where it would be really easy to set up a barrier. Those choke points apply to cars mostly.
> So can someone who owns a modern car please help me understand why you would buy a car that has the mere capability to be remotely shut off?
That’s not what is going on here. These cars are not being intentionally shut down remotely. Instead, a software update for some computerized components of the car was pushed down to the cars and installed with the owners permissions, but that update apparently has severe bugs that should have been caught by QA.
This is a distinction without a difference. Intentional or not, these vehicles were disabled remotely.
Even if the owner gave permission to install the update, I would strongly wager that they did not give concurrent permission for the update to change the behavior of the vehicle.
Of course, I sincerely doubt the EULA offers any way to separate those permissions; you are all in, or you are all out. Assuming that you even have an option to opt out.
And that’s exactly why these cars can never be trusted under any circumstances, ever.
"Do you want to update? Yes or later". And blocks semi-critical stuff so you must address it.
"Do you want to update? Yes or later". And blocks semi-critical stuff so you must address it.
"Do you want to update? Yes or later". And blocks semi-critical stuff so you must address it.
"Update now. You cannot refuse since you said no 3 times"
Or, other parodies, "Just say MAYBE LATER to drugs"
if you really mean help you understand why and that wasn't a rhetorical exageration, it's not hard to understand.
Most people have a variety of things they are looking for in a car they want to purchase, and other factors are more important to them than this one, which they figure probably won't happen anyway. There may be few options that aren't updateable over the air, and those options don't meet their other criteria -- if they even get that deep into considering it, which they probably don't, they just aren't really thinking about it. But even if they did. you don't have the option of buying your perfect fantasy car. I'd like to buy a car with manual mechanical controls instead of touch screen controls, but there aren't that many options for that either, and they may not meet my other needs.
Same reason people buy most things these days: convenience. Do you own a cell phone? It can be remotely updated (and even shut down by malicious actors), yet most people own one and don't think twice about it.
> So can someone who owns a modern car please help me understand why you would buy a car that has the mere capability to be remotely shut off?
Because afaik, all the modern cars have this as a 'feature', but there's lots of other nice features they have.
The best of both worlds right now is an earlier modern car where the 2g/3g modem can no longer connect to the outside world. Even better if you can pull the modem, but they're usually up behind a lot of trim.
I'm buying a reliable and comfortable way to travel around the home town, not into warzone.
Yes, I want it to be connected to the app, to conveniently see fuel level, location, etc.
You can usually remove the fuse that powers the 5G antenna. That will probably isolate your car from kill switch software updates.
Agreed that most people don’t think about this. I’m a preper and I hadn’t thought about this.
Wouldn't it make sense to keep your prepper car in the garage (next to the welder) and low-mileage? Use the one with fancy electronics as a daily driver and hope the revolution doesn't happen during your commute.
They generally just don’t think about or even know it’s a thing.
Most people push button, aim steering wheel, and voila.
Don’t even have to push a button nowadays. That convenience is apparently worth the risks. It’s really nice to not have to have keys or worry about turning the car off or on.
> why you would buy a car that has the mere capability to be remotely shut off
One answer to this I would presume is: there are no other new cars for sale without this flaw.
Why there aren't regulations or forced options in the market without these functions (as well as with physical control knobs instead of touch surfaces) is a good question too. There is huge demand for cars without most of this nonsense, yet I don't see that demand being met.
I doubt anyone wants a car whose infotainment system can be improperly updated to cause catastrophic power and engine failure while driving, if given this information and a choice to avoid it.
The more cynical/conspiratorial among us (myself included) have come to the conclusion that this demand isn't being met because powerful people want it this way.
So would do a flat tyre and myriad of other things. Is software supposed to be perfect?
I think most “techies” know in their gut what causes this and where it’s heading - I remember doing PC repair post first dot com crash (first bankruptcy) and the amount of shit shovelled onto consumer PCs (every device manufacturer had its own weird set of drivers, drivers installers, app), every piece of software put something in there, let alone what MSFT started you out with. All of it trying to be “user friendly” whilst achieve it the opposite
We are going to see this play out in every device (car, fridge, TV) that is not locked down by the OEM (apple gets a lot of kudos and knocks for this)
Cars are going to be the front line of this war- it’s not a “right to repair” it’s “a right to have good defaults” and “no upselling opportunities” (I think of it as there are no commercial businesses anymore - just utilities who give clearly defined service that have clear APIs and endpoints.
Sadly I think the world will head towards a point where I will make a fortune selling Augmented vision glasses that remove the adverts reality …
It should be a "right to not have product forced on you." When I buy a device, whether it is a car, a refrigerator, or an application, I want that thing that I saw in the store, as it exists on the store shelf, including the features and capabilities. I do not expect that I am going to maintain some kind of ongoing relationship with the manufacturer where they get to modify my device at their whim over the air.
Manufacturers should feel free to offer updates. If the user feels the tradeoffs make sense, then they should be free to accept updates. But this business where the manufacturer thinks they are somehow entitled to mess around with a product you've already purchased from them has got to end. It's not their product anymore, it's yours.
> It should be a "right to not have product forced on you."
Even better, a "right to modify everything you own, in any way you like". Don't you like the micro-controller installed by the manufacturer? Buy another one, with the correct firmware programmed from scratch, and swap it off.
We are already well into a new era of software, in which software can be programmed by itself, especially Rust. What is missing is money transactions for software companies and their employees located everywhere in the world.
"Devices with no surprises". Retail shops in conjuction with electronics engineers put new controllers in everything and re-sell it. Open source software, auditable by anyone and modified at will.
Programs for every car, every refrigerator etc cannot be programmed by a company located in one place, not even 10 places. It has to be a truly global company.
In other words, I want your device, I don't want your closed source software.
Are you willing to indemnify the manufacturer from any liability for anything that might go wrong on the car from then on? No factory warranty once you make changes. Potentially losing access to recall repairs because of the changes you made. In this age of software the entire car is increasingly designed holistically. The engineer might decide to use a particular grade of aluminum on a control arm knowing that the controller software is designed to never exceed certain limits.
> Are you willing to indemnify the manufacturer from any liability [..] No factory warranty once you make changes.
Car manufacturers have figured out how to make expensive cars with good materials and very safe as well. The problem is cheap cars, which can be much more defective and dangerous to drive.
There is a solution to that though. 10-50 people combining their buying power, getting an expensive car and time sharing their usage of it. A mix between public transportation, robo-taxi and personal ownership.
> The engineer might decide to use a particular grade of aluminum on a control arm [..]
That's a problem indeed, a 3d printer for example might be off by some millimeters in some dimension, the manufacturer accounts for that in software and it prints well afterwards. What kind of materials are used is important for sure, but the properties of metals used in the car can be made public, especially if the manufacturer is paid premium and just sold an expensive car instead of a cheap one.
The thing with software though, is that it can be infinitely extended and modified. I can have ten thousand programs more running in my computer tomorrow, with no change to anything physical. Physical stuff need to be manufactured, transported, warehoused, so there is always a limit.
Consumers want always more stuff, if 10 programs are available they want 10 programs. If 100 programs are available they want 100 programs. It never ends. Proprietary software is not ideal there.
I think we can just lean on the Magnuson–Moss framework for all of those concerns.
https://en.wikipedia.org/wiki/Magnuson–Moss_Warranty_Act
Yes freedom means having to consider tradeoffs and possibly making mistakes. That's not a reason to give up on freedom though.
Problem with that is that if it's an online product then the manufacturer also _must_ provide updates to keep the device secure so that it continues to do whatever they sold you in the first place.
Also, adding features on its own is great, but obviously stuff like what happened here can't be allowed to happen, and those Samsung or LG smart fridges that became advertising boards is obviously also not acceptable...
Easy to call the bullshit out, hard to actually define the responsibilities of a manufacturer in a law.
The manufacturer must offer updates to keep the devices secure, but it should never be able to force those updates onto already-purchased devices. The choice should always be with the user.
I don't disagree, but if we end up in a situation where users are negatively affected because they chose not to update for fear of shit like this happening, that's not a great position either.
We've lost this game ages ago.
Its the CFAA for you and me, but not for corporate thee.
Sony was the first mass application of "lol nope, we sold a feature we decided to remove. Too bad". If our government cared about citizenry, this should have been a criminal and civil case both, under computer fraud and abuse act. But no criminal anything was done, and users go what, $20, 10 years after the fact?
If I did this, I'd be rotting in a jailcell for 20 years.
I think the end customer shares some of the blame for the current state of things. Cars have gotten worse and worse reliability wise since 2010. Yet sales only continue to increase. People don't own cars any more, they simply see them as a $500 a month payment and once they get too annoyed with it, they just go and get a different one. I don't know about other manufacturers, but with everything GMC, all dealer repair shops are independent. GM does not make any money off of those, therefore they are only interested in giving you another car and another payment plan. How many times of you heard someone trash talking a specific model? "That car was a POS! I took it back to the dealer and got a different one" Yea you sure showed them....
It's not quite that. It's features you never asked for being forced upon you by the market with hardly any uncompromised alternatives without these misfeatures.
I live in a city so I don't need a car, but if I had to buy one, "it should not have a network interface" would be my most important requirement. "It should not have a video display" would be a secondary one. If I had to buy a car with a network interface, I would do my best to neutralize it to make sure it stays 100% offline.
At least if you open a "smart" fridge/dishwasher/washer/dryer/etc, it's basically the same old cost-optimized bare-bones design (maybe one or two extra sensors for special marketing bullet point features), and then all of the "smarts" is on a control board that could mostly just be replaced (ECM motors seem to be the exception to this, and even those are straightforward to design a circuit to drive).
Whereas the problem is that cars have had computers for a long time (eg ECU, ABS, entertainment), then those started getting connected together locally via CAN, then finally they added an Internet connection for surveillance and control. So the centralizing proprietary software tentacles go deep into the car in a way that's not easy to remove or replace.
There is the black box approach of disabling network interfaces, but I could even see that going away - cannot contact network -> car cannot be sure that warranty recalls have been done in a timely fashion -> disable itself after a month until you "take it to a dealer" (or reconnect the cell backhaul).
Replacing the control board is going to cost $400. That’s most of the price of the device.
Requiring a control board swap to lose the “smarts” / lockdown isn’t really a good enough option.
I suppose the emergence of the GNU Washing Machine Control Software would be a wonderful thing, but are we there now?
I didn't say it was a good enough option. It's just one of the only self-help options we have. And my point was that it is even less applicable to cars.
> Roslin: It tells people things like where the restroom is, and-
> Adama: It's an integrated computer network, and I will not have it aboard this ship.
> Roslin: I heard you're one of those people. You're actually afraid of computers.
> Adama: No, there are many computers on this ship. But they're not networked.
> Roslin: A computerized network would simply make it faster and easier for the teachers to be able to teach-
> Adama: Let me explain something to you. Many good men and women lost their lives aboard this ship because someone wanted a faster computer to make life easier. I'm sorry that I'm inconveniencing you or the teachers, but I will not allow a networked computerized system to be placed on this ship while I'm in command. Is that clear?
> Roslin: Yes, sir.
> Adama: Thank you. 'Scuse me.
https://www.youtube.com/watch?v=OPKGbg16ulU
Basically me when talking about cars I'll buy.
I wish people would stop using the term “bricked” for fully recoverable failure conditions.
Jeep has already confirmed they’ve pushed out a fix. That is not bricked.
If it's not user recoverable at the time, and it renders the product as useless as a brick, then it seems like the most accurate word to use, from the customer perspective. Some people will prefer stricter semantics, sure. It was later still able to download and apply updates over the air to undo the problem, so it was a milder form of bricking.
I've had some pretty nasty brickings of devices, like overwriting the bootloader, that I've been able to recover from by getting it into some barely documented system on chip mode with a special cable, booting a new bootloader into RAM via the cable, and reflashing that way. One could go to the extreme and say any flash storage chip where all software bits are directly writable by a factory tool is technically unbrickable. But the customers won't see it that way.
I would love to read the essay that proves the word "bricked" has a highly specific technical meaning that excludes recoverable failure.
The entire premise is that you’ve turned the device into a brick. If the failure is recoverable, it’s not a brick.
It's also not literally a brick, regardless of future functionality. The ability to metaphorically compare it to a brick doesn't seem to hinge critically on whether the metaphorical brick is a permanent metaphorical brick or a temporary metaphorical brick.
Sure. I’m not going to nitpick exactly how long or how severely something has been rendered inoperable. If somebody wants to refer to their phone as a brick because they’re camping and forgot the charger, that doesn’t bother me.
I’m just pushing back on the idea that “bricked” is some random word with no meaning whatsoever.
Hard to imagine unrecoverable device. Maybe physically melting it into the brick will do the job. In any other case it is recoverable: you can replace whole memory with a bootloader, other corrupted modules and recover device.
I think this may have more to do with a combination of insufficient imagination and fault-tolerant manufacturing.
There are plenty of devices that can be rendered inoperable via non-physical destruction. There used to be more of them, but manufacturers try to make it impossible because it’s a support nightmare.
If you can desolder and replace a few ball grid array ICs and then get Linux running on it, it was never True Scotsman's fired clay brick bricked. It was only Lego brick bricked.
Apparently for some people the update makes it worse.
https://www.jlwranglerforums.com/forum/threads/2024-4xe-loss...
Not even two weeks after going all-in on enterprise vibe coding including for "engineering workflows".
> [Stellantis'] determination to apply AI across every part of the enterprise
https://www.stellantis.com/en/news/press-releases/2025/octob...
I've "bricked" many automotive systems where they weren't truly unrecoverable, but doing so involved another team disassembling them. The parts were cheaper to throw out instead.
Being strict about the word "bricked" and limiting it to the truly unrecoverable situations just makes it nigh-on useless.
Very few things can make a modern system truly unrecoverable if one is willing to pour unreasonable resources into them. It's incredibly common to be in a situation where a system is unrecoverable by you though. There's no practical difference between these two except that one depends on the surrounding context.
There are a thousand ways to describe this without misusing and ruining a word like “bricked”.
Being strict about a word makes it more useful, not useless. A useless word is one with no identifiable meaning, one which requires copious clarifications, or one which invites confusion and debate instead of delivering meaning.
I actually think your first sentence is a spot on definition for 'bricked'. However, this specific scenario does not meet the criteria you've defined. Nobody is throwing out their car because it was only temporarily disabled. Another OTA update fixed it minutes later.
The first sentence is an example that also conflicts with a strict definition of "bricked", not something comparable to the situation in the article.
The definition I was offering just appends "by you" to the strict definition and encompasses both in some contexts.
I think the reasonable extent of "bricked" is: can you plug in a USB cord and use publicly available software to fix it? Or wireless equivalent.
Most automotive systems would be bricked by this definition. Very little of the tooling is open source/publicly available, reprogramming is usually a specific, non-default mode gated by passwords or cryptography and inaccessible to end users.
Speaking of terminology, though, "crashed" really takes on an ominous meaning. I am really glad not to write software for safety-critical systems.
I agree, but I can't think of another term that would convey the severity of this offending update.
How about "catastrophic"? Or "total failure"? Or "we can't find the word to convey the severity"?
Anything else than words that already have existing meanings. With that motivation, they could have said "... update that exploded all ..." since it's a really severe situation, but obviously we/they should use words that has the right meaning instead.
"Jeep just pushed an update that was catastrophic to all 2024..."
"Jeep just pushed an update that was a total failure to all 2024..."
Idk... Doesn't have a very good ring, because "catastrophic" and "total failure" in the realm of tech usually means something that if you try again it could possibly work.
As I said, I agree that "brick" is a good word, I just don't think any of the alternatives are any better.
> As I said, I agree that "brick" is a good word, I just don't think any of the alternatives are any better.
As I said, "brick" is as good of a choice as "explosive", but you do you.
If we are allowed to move the goal posts anywhere we want then nothing is ever bricked unless it is smashed to a powder.
Wikipedia says
> A brick (or bricked device) is an electronic device, specially consumer electronics (such as a mobile device, game console, computer, etc.) that is no longer functional.
These jeeps are no longer functional.
ffs. really? the clickbait headlines need to stop - I'm for full banishment of people who post them and the publications they came in on.
As a former owner of a Fiat, this is exactly the kind of stupidity I’d expect from ~FCA~ Stellantis.
(I lemon lawed mine. Got nearly all my money back!)
It's like somebody decided to take all the mediocre car brands and pool them together to create something worse than all its parts.
This owner shared the experience on YouTube: https://www.youtube.com/watch?v=neGY6JWhHiU
- Vehicle randomly stalls every couple of minutes requiring shutdown and restart
- Shifter doesn't switch out of Park
- Dashboard lights including check engine/drive to dealer etc
Dealer response: "That's normal, they all do that."
This is why I don't want auto-updates in most of the things I own.
It's just a crutch for manufacturers to ship half-baked products, and an attack vector for the next generation of shitty engineers they hire to damage my property.
Looks like it's been acknowledged/fixed:
https://www.4xeforums.com/threads/wrangler-4xe-ota-update-10...
> For anyone that incurred a towing cost or a diagnostic fee (or any other related expense), we will assist in reimbursing or canceling any fees. This will commence on Monday.
"we will assist" - a guarantee so lukewarm, you could put it in an icebox to keep your food fresh for a week.
Jeep is horrible. I was gifted a 2007 Jeep Commander, which was Jeep's "answer" to the Hummer. This was in like 2017, so it was 10 years old at that point. Anyways, it wouldn't shift into 4x4 mode, and after some internet sleuthing I found out there was a (now second) firmware update the dealership could do to hopefully fix the issue. I don't remember the exact details, but basically there was a hardware flaw in the module controlling the transfer case, and when it failed the vehicle would go into neutral, which obviously could be quite dangerous depending on where you were parked / what you were doing.
Instead of fixing the actual hardware issue, they did a recall that was some sort of black magic with a firmware update to "fix" the issue. According to the internet, this fix temporarily worked, with pretty much all of them failing again, conveniently after the vehicle was out of warranty.
Anyways, there was a second firmware update, that I had done 10 years after the vehicle was made, that more or less actually "fixed" the issue. Apparently the issue (according to Jeep forums, so take with a grain of salt) was due to some traces being undersized on the PCB, so the fix was to drop the voltage and/or current being sent, and then more or less disabling the safety sensors that would complain about low voltage. After the second firmware update, it would shift into 4x4 about 1 out of 4 attempts (otherwise just failing with "couldn't shift into 4x4" on the screen), and that was the final thing that could be done.
It took Jeep about 4 or 5 years to issue that final firmware update, probably to try and avoid a class action lawsuit over 90% of the vehicles 4x4 system failing just outside of the warranty period!
Allowing owners to choose when to install updates would address many issues. Most updates are uneventful, but I’d prefer to install them when I’m at home in my driveway rather than while road-tripping in a rural area, 90 miles from the nearest dealer, or rushing to meet a nonrefundable hotel reservation.
If I ever buy a newer car, first thing I plan to do is find and remove or disconnect the modem.
My new Audi lets me turn off telemetry (at least it claims it does), but it complains every single time I turn the car on and makes me confirm two "no, I don't want to turn it back on" dialogs each time. It will also sometimes (I haven't figure out a pattern) tell my phone to auto-load the Audi app when I get in the car, for no useful reason, and then the app complains that it can't get the data it wants because I turned the data off. It's exceedingly obnoxious.
Mazda claims that they will disable telemetry via the TCU, but when I asked the dealership about it they looked at me like I was speaking a different language. I couldn’t get anyone who knew anything about it and ended up leaving. It’s insane to me that I have to go through hoops to OPT OUT of this stuff, and I had no choice to even opt in.
See if it has a dedicated modem fuse and isn't smart enough to nag when that is pulled.
You might need to dig around for the codes, but with tools like OBDeleven, I've found that on my Audis most of the things that are like that can be turned off. I've done all sorts of things, from adding a gauge sweep (even though it's digital, I like the effect) to turning off the seatbelt warning (my partner unbuckles when we get in the cul-de-sac) to customizing the keyfob (in summer I can open the sunroof with a long press of one of the buttons), etc.
A very very minor contribution to my choice to buy a VW ID.4 is that a number of people reported that pulling the modem's (user-accessible) fuse is fine, and just disables remote connectivity as you'd expect.
(I haven't actually done that, but I abstractly like the option being available)
In my current car, if I disconnect the modem I lose the left front speaker and the microphone for the infotainment unit. Just noting for context, on this "I will just do XYZ theory."
Is it a Subaru? If so, I seem to remember a bypass harness you can buy.
This is why I bought a fiesta. There is nearly no "smart" stuff in it. Everything is still mostly analog and very user friendly. Plus the ST is one of the most fun cars you can drive.
RIP Fiesta model. Too amazing for your own good.
Believe me that there's at least two dozen computers doing their thing in your "mostly analog" Fiesta.
Consumers tend to heavily underestimate the point in time from which cars started absolutely relying on modern electronics.
To me there's a difference between an offline ECU that just locally monitors sensors and controls components, and a connected modem and software updates. The former seems perfectly reasonable, and necessary for things like abs, which is obviously a good thing.
Can confirm and they were shit. The transmission control module died on mine which means the car is dead. The TCM also died on everybody else's fiesta and fusion for a multi-year model span. I could not get a new one for 8 months while it sat in a garage.
The parent has a Fiesta ST which has never included a TCM.
The powershift dual clutch transmissions had many shoddy model years, but the manual Fiestas were pretty reliable. I drove my 2011 model until earlier this year without any major problems.
You would be breaking the law in Europe.
Would you? I think that EU mandates a mobile connect for emergency services (eCall), but can you point out a legislation which forbits the owner to disable it in the vehicle they own?
The EU-wide "911 eCall" system records your location at all times and has a cellular modem connected to government systems. It is illegal to disable this system. If you still do so, there are fines, and your insurance is no longer considered fully valid in case of an accident.
You asked for specific legislation. For the Netherlands and our "APK" system, the relevant rule is under "Geluidssignaalinrichtingen en eCall", article 5.2.71 of the APK handboek, issued by our Rijksdienst voor het Wegverkeer.
In the EU, automatic surveillance cameras on the side of the road enforce this APK system, so if you do disable the eCall system, you will fail your APK, and you will automatically receive a fine. Even if you don't leave your driveway, the government is working hard to keep you safe; government camera surveillance cars drive around constantly, scanning your license plates, cross-referencing surveillance images with other government databases to automatically issue fines if you step out of line.
I really don't think there's anything to worry about, though; to quote another comment of mine:
>Thankfully, we're safe. Car software is notoriously high quality and rarely hacked. All governments are fully trustworthy, especially around espionage and privacy, and have a perfect track record of never lying to the public.
>Look, the European Commission stated that it cannot be hacked; "hackers cannot take control of it", from ec.europa.eu. They built an unhackable device. I am not sure what you could be worried about. If the government tells you something cannot be hacked, then it cannot be hacked. Furthermore, none of the EU member states have been found using other infrastructure to violate privacy laws.
the earlier comment I made: https://news.ycombinator.com/item?id=43958991
Why would it be legal to drive a car where you have tempered with safety equipment?
Why would it be legal to drive a car where the manufacturer can remotely tamper with safety equipment while in motion
It is not. Obviously a car with that behavior would never have been homologated.
Because it's your car and your safety.
Unless vehicle tracking is intended as something other than a safety feature?
They'll have to find you first, which (without a cell modem and GPS) would be an undertaking. The cell antenna "accidentally" falling off or the cable developing a fatigue break after the connector might be easier to explain. A Faraday bag comes to mind, as well.
Immediately the check engine light would come on and it would automatically pull over if you tried to drive it, I'd guess.
It used to be that when you get an update, software would get better. New functionality (remember Windows Service Packs?).
Now when there is an update they either change the UI (for certain people to remain relevant), or they add more ads.
I'd like to laugh about this because it's one of the things I love about my 2010 Camaro which wound up in a fairly sweet spot of having the basic tech I want (Bluetooth to the radio) without a lot of the nanny stuff I don't, but I once upgraded the operating system with two USB keys containing a bunch of C# from a stranger on the Internet who said he worked at GM. You had to open the driver side door between the first and second USB keys to make the process work.
This bug is just an early release of a future feature.
https://youtu.be/T1Rpo8BRwYg
In Time is a 2011 American science fiction action film written, co-produced, and directed by Andrew Niccol. Justin Timberlake and Amanda Seyfried star as inhabitants of a society that uses time from one's lifespan as its primary currency, with each individual possessing a clock on their arm that counts down how long they have to live.
A couple more rubber duckies on the dash should sort that right out
I’m a huge car guy (race spec Miata, have 7 cars, etc etc).
You will never EVER catch me in a car connected to the internet (this includes all the precious new EVs). Especially a Chrysler product. Look up how they were hacked in 2015…
As an aside to the discussions of the implications of how OTAs work / how they’re tested / etc:
I saw this post while sitting in a 2024 4xe which was not bricked, so it doesn’t appear to be all of them.
Never heard of this guy. Would be nice to have some reliable validation this is true...
He's clearly a real person and reliable, because the thread is inundated with all sorts of . . . people pushing weird agendas.
There's this video [1] linked in the Twitter post, showing how the problem manifests itself and with other (presumably also) Jeep 4xe owners commenting that they had experienced the exact same issue.
[1] https://www.youtube.com/watch?v=neGY6JWhHiU
Disturbing — this kind of progress sucks! I want reliable things that I own that are under my own control. We should all stop immediately buying this out-of-our-own-control stuff!
I’m holding out with a very old petrol car which I would really like to upgrade. But this all seems like hell.
I’d love an electric car - but I want a dumb one that can’t call home and never gets updates. Just this pedal go fast. This pedal go slow.
No attack suspected here. Nonetheless, it exposes an often under appreciated attack vector. It is scary how easy it will be for a motivated actor to cause chaos by just bricking stuff en masse.
I assume this is related to the new feature that lets you start the engine without being able to drive the car (it’s called “lock start” or something like that).
And the Wrangler is the only Stellantis brand that still has some value. Yet somehow, they’re finding a way to ruin even that.
What happened with Jeep is why Linus gets so upset about some submitted changes.
Fiat mode enabled.
Flash It Again, Tony
Feeble Italian Attempt at Technology
It's important to understand this update caused power failure and engine shutoff while driving!
Updates need to be illegal while a vehicle while in use. It should only be allowed while parked and after prompting the user to OK the update.
Right. This bricked cars in middle of deadly situations.
A wrangler using software just does not "compute" to me. But I guess this is our new world.
I drove a CJ for many years until it rusted out from under me and the engine seized, but I thought it was great, I went everywhere with it.
I would like to have a wrangler but it is too expensive, too many bells and whistles and to large, I would never get one.
Now I an driving an 18 year auto and hope to keep it going for another 18 :)
Jeep parts and frames and cabs are plentiful in the right circles, you can still build out a good wrangler (2.4 or 2.5 or 3L) for less money than a new car, and know your computer is planted firmly under the driver's seat and not connecting to anything.
This reminds me if Radar mailing a jeep home a piece at a time.
The Johnny Cash song, “One Piece At a Time” along those lines is a classic.
Ugh.
This is a rabbit hole that beckons.
The American Heritage Museum in Massachusetts is raffling off a 1944 Ford GPW jeep in fully restored condition. Pretty sure there are no computers in that one! But sorry, floor mounted Browning 50 cal machine gun is a replica.
https://www.tapkat.org/american-heritage-museum/lkaKb5?promo...
Cars have been using software since the 90s, hence 'electronic' fuel injection. Really the only thing different these days is stupid over the air updates that can brick shit. Otherwise you'd have to carry it into the dealer to get flashed or a new module put in.
It's an EV hybrid. It needs software to not explode.
> A wrangler using software just does not "compute" to me.
In the case of this Jeep bug causing engine shutoff and power failure, it was an update to the infotainment system! It's easy to compute that these infotainment systems run software; what's crazy is updates to them can cause catastrophic failure to powering the car and ability of the car to drive.
Well, in fairness, it's informational and entertaining to everybody who doesn't have one of the cars.
I think the biggest problem with cars these days is that the software has been written by people who have never driven a car.
Tried to buy from amazon.fr recently, had feeling like it is designed and developed by people never used online shopping. It's almost impossible to find products.
And if you try to set English language it simply cannot show list with products. Ridiculous for their billions.
what makes you make this very broad and general statement which is most likely untrue
insane take. these are the same problems that all other modern software has.
Which are because the developers themselves don't use the software.
In a past life I had a Wall of Shame of headlines on firmware update fails.
The lesson was you built firmware updates upfront and right into your development process so it became a non-event. You put in lots of tests, including automatic verification and rollback recovery. You made it so everyone was 100% comfortable pushing out updates, like every hour. It wasn't this big, scary release thing.
You did binary deltas so each update was small, and trickle download during down-time. You did A/B partitions, or if you had flash space, A/B/C updates (current firmware, new update, last known good one). Bricking devices and recalls are expensive and cause reputational damage. Adding OTA requires WiFi, BLE, or cell, which increases BOM cost and backend support. Trade-off is manual updates requiring dealership visits or on-site tech support calls with USB keys. It doesn't scale well. For consumer devices, it leads to lots of unpatched, out-of-date devices, increasing support costs and legal risk. OTA also lets you push out in stages and do blue-green deployment testing.
For security, you had on-device asymmetric encryption keys and signed each update, then rolled the keys so if someone reverse-engineered the firmware, it wouldn't be a total loss. Ideally add a TPM to the BOM with multiple key slots and a HW encryption engine. Anyone thinking about shipping unencrypted firmware, or baking symmetric encryption keys into firmware should be publicly flogged.
You also needed a data migration system so user-customizations aren't wiped out. My newish car, to this day, resets most user settings when it gets an OTA. No wonder people turn off automatic updates.
The really good systems also used realistic device simulators to measure impact before even pushing things out. And you definitely tested for communication failures and interruptions. Like, yoink out a power-line mid-update and then watch what happens after power is back on. Yes, it's costly and time-consuming, but consider the alternatives.
The ones that failed the most were when they spent months or years developing the basic system, then tacked on update at the end as part of deployment. Since firmware update wasn't as sexy as developing cool new tech, this was doled out to lower-tier devs who didn't know what they were doing. Also, doing it at the end of the project meant it was often the least-tested feature.
The other sin was waiting months before rolling out updates, so there were lots of changes packed into one update, which made a small failure have a huge blast radius.
These were all technical management failures. Designing a robust update system should be right up-front in the project plan, built by your best engineers, then including it in the CI/CD pipeline.
Just for context, the worst headline I had was for update failure in a line of hospital infant incubators.
Reddit post from yesterday:
"Jeep 4xe shut off mid highway
I was driving 65 on the left lane of the highway when my car started slowing down. It started saying to put it into P and to push to start. The car was off and I couldn’t accelerate! I almost crashed trying to get onto the right lane shoulder. 4 lanes over before it completely stopped and caused a huge accident They are saying it’s something with an update jeep is doing and the cars are just stopping! There were 4 jeep wranglers on the side of the highway as I tried driving to the nearest dealership 25min. It turned off 3 times
Will Jeep reimburse me if I get a loaner while my car is at the dealership? My dealership doesn’t provide loaner vehicles
Does anyone know what’s going on?"
https://www.reddit.com/r/Jeep/comments/1o47064/jeep_4xe_shut...
If vehicles always still had to go back to the dealer for any type of recall, I would say that might have maintained a higher standard of what is supposed to pass for finished goods coming out of a factory.
The safety implications in this case really drive that home.
Imagine if Microsoft started making cars...
so Jeep have adopted agentic AI?
The forum thread is more chilling. It seems they released a fix that they pushed silently. You can't verify if you installed the silent update yourself the support rep needs to use your vin in an internal tool to check if the fix is applied. "Park your car in an area with good cell coverage. Wait 10 minutes and do a reboot." After that I can try driving my car and hope the update went through? Absolutely insane.
some poor bastard owns a jeep, an amazon tv and samsung fridge and phone, and is stuck at home bieng force fed adds for jeeps on his tv fridge and phone
This is the enshittification of cars.
sucks. any more proof than twitter complainer?
A quick google search gave me https://www.4xeforums.com/threads/wrangler-4xe-ota-update-10...
This should be the URL for TFA, not some random Twitter post.
yes, following the several links and reading led to confirmation by dozens of sources.
You cannot see replies to the linked tweet without an account.
The Twitter OP cannot put links into his main tweet because the algorithm will downrank him.
Isn't it just great?
The proof is people's engines being shut off while driving:
https://youtu.be/neGY6JWhHiU?si=63fqYc5u6foH0w8p
https://www.reddit.com/r/4xe/comments/1o3if9y/loss_of_power_...
https://www.4xeforums.com/threads/wrangler-4xe-ota-update-10...
Any problem with this evidence, or are you just a HN complainer?
Asking for proof is not complaining. Back in my day, being able to request and see verification of claims was considered a benefit of communicating via internet.
Following this logic, everything posted to HN should have someone commenting asking for "proof" because a single article isn't "verified". Do you see how pointless this is?
It's literally a complaint so you're wrong, not that there's anything inherently wrong with complaining.
But it's dumb he called the poster on another website a complainer for daring to be upset about his car shutting off. There's no moral superiority for posting (complaining) here rather than there.
designers are known to gaslight the end user, so
Perhaps the users were just holding the Jeep wrong.
What kind of proof can be shown that'll be accepted by most people as proof of a bricked car after an automated software update? No matter what's shown, I can easily think of alternative explanations.
Im yet to comprehend why a car needs a software update.
To streamline sales and minimize production costs.
There is absolutely no way an OTA update should be able to impact anything powertrain related, it should be limited to the infotainment system and accessories. PCM updates should require a hard connection to the vehicle's OBD port at the dealership/mechanic (or a home user with the appropriate software and cable). NHTSA should investigate this.
Tesla has been doing these OTA powertrain updates for over a decade. It's totally fine when you follow best practices and do good QA. Stellantis doesn't QA.
Why would my powertrain need an update? What new laws of physics relating to torque and gear reduction have been discovered since my car was produced?
The laws of physics that dictate power, range, efficiency, safety, etc. Go read about this.
This reads like an OTA to the infotainment that messed up powertrain somehow. Plenty of manufacturers successfully OTA powertrain these days by using A/B flashing (the B flash programs while the car drives, next key cycle swaps to B and flashes A in background, next key cycle back to A, done).
My suspicion is that this was either a CAN saturation issue (ie - infotainment started sending a high priority message which could reach powertrain CAN) or a state management issue (ie - infotainment sent a “put modules to sleep” or “wake modules” message which was not handled correctly and caused one or more modules to transition to an invalid state for driving).
> My suspicion is that this was either a CAN saturation issue (ie - infotainment started sending a high priority message which could reach powertrain CAN) or a state management issue (ie - infotainment sent a “put modules to sleep” or “wake modules” message which was not handled correctly and caused one or more modules to transition to an invalid state for driving).
The fact that this possible proves the point: OTA updates are dangerous and should be banned.
I don’t agree that OTA should be banned, but I do think that additionally restricting in-motion OTA could be reasonable. OTA which is always opt in and modal is no different from diagnostic port updates except that it cuts out the need for a dealer visit. This seems fine to me.
Yeah I am fine with OTA updates affecting anything as long as they are explicitly opt-in. I'd support mandating a physical switch that controls the power to the modem to be present.
There’s usually a fuse you can pull for the telematics/modem unit
Why? Requiring physical updates just makes pushing fixes harder.
Obviously no vehicle should be updated while in operation and all patches should be signed.
I think that's the crux of it.
Obviously, "software update while traveling at highway speeds" is just rolling too many drama dice.
OTA is fine. Ideally parked, or minimally A/B on the firmware, new version only run on next startup.
I didn't read too deeply but I bet the drivetime failures were because the issue manifested after the vehicle started operating. A rolling FOTA update seems like it would not be certified and would be harder to implement anyway.
This would also mean the A/B failover would need to identify the problem as a bad update rather than a bug that pops up minutes later.
You're right, and I should not have implied homicidal negligence on the part of the engineers involved.
Assuming the best, it might just be an extremely rare corner case that was unknown and inadequately covered in QA.
This stuff can get complicated, and cars are the most dangerous technology that is sold to retail customers.
Why? If the system only updates with user consent, what is the difference between ota and taking the car to a dogshit dealership?
This update was for the infotainment system. To your point, that system should somehow be air-gapped from affecting the engine and power. There's way too much coupling of all this software and electrical components.
Uh how would you change vehicle performance settings?
For the sake of answering you: through dedicated physical switches (such as Ferrari's famous manettino).
What I really think: my car shouldn't have any bullshit "modes" to select from. Tune it once at the factory to some reasonable compromise, and perhaps make certain settings writable through the OBD port, and that will be it.
I suppose you could have independent, air-gapped cockpit drive control systems and infotainment systems. It's probably less ecomomical and automatic e911 would be harder to do.
At a bare minimum any EV driver is going to want two power delivery modes. Jeep people surely don't want to plug in an OBD dongle when they go off road.
connect to the OBD2 port or something? there are lots of alternatives
A diagnostic port for a Jeep to switch from city to offroad? Or power mode to econ?