Möfu
Dan Luu"Unfortunately, a recent software update was not successful. Your vehicle cannot be driven.
Please call customer support"
Tony Printezis
Elias Probst@danluu Atomic updates and rollbacks seem to be foreign concepts to the car industry.
bttk@eliasp @danluu it is likely that the design of the system makes it so that simply slapping on a second system partition for rollbacks is not enough. In fact it may be already present there.
The car runs a network of computers running a variety of systems. The display in the photo might be a QNX machine running an Android VM and these two systems need to coordinate their updates.
Emil Jacobs - Collectifission@eliasp Or even running two OS'es side by side, so the other can take over if one fails for whatever reason. If NASA can do this on Mars rovers twenty years ago, I'm sure it's not too much of an ask now.
El Tico@collectifission @eliasp Even cheap motherboards for computer desktops have two bios chips in case the main one gets damaged or corrupted during a bios update. Imagine spending $20k or more for a car that gets broken because the manufacturer couldn't spare a few cents on a backup ROM.
Jeremiah C. Foster 🇸🇪🇺🇸🍥
Lesley M 🏴 🇪🇺@ElTico @collectifission @eliasp That's not always true. Only some motherboards have that feature of dual BIOS. In fact, its how I got my current motherboard for my PC for £20. It was 'faulty' no boot, and couldn't get into the BIOS, and didn't have the flash from usb drive feature either. I used an EPROM programmer to reflash the chip, and it booted right up. no dual BIOS to save the day.
Still, your point is valid, car should have multiple fail safe from broken updates.
Still, your point is valid, car should have multiple fail safe from broken updates.
Account has moved!@eliasp @danluu Many faults can actually be cleared by changing the terminal 15 (switching off) or are then only historically in the fault memory. I can't say exactly what's going on here, I'm more familiar with German OEMs, but normally each control unit has its own SW. I can imagine that something in a very important unit (drive control unit/pulse inverter/battery) may have failed during the OTA update or the communication is no longer error-free.
SW dev. is often rushed and lacks testing...
SW dev. is often rushed and lacks testing...
zen3ger
John Francis@danluu Found On Road Dead
@johnefrancis @danluu Program received signal SIGROADKILL
Kale @bttk @johnefrancis @danluu just like a polish train company
https://badcyber.com/dieselgate-but-for-trains-some-heavyweight-hardware-hacking/
https://badcyber.com/dieselgate-but-for-trains-some-heavyweight-hardware-hacking/
Ángela Stella MatutinaFork Over Repair Dough.
(More at https://jalopnik.com/the-ten-cars-with-the-most-nicknames-5840926)
Isho'ye@johnefrancis @danluu Flash Onboard ROM Disaster
Corey Taylor
Peter Bindels@danluu That has to be a photoshop right? Or a joke?
kira :3@danluu right into the garbage
stephen ryner jr. 🦉@danluu looks like a Ford Mach E
Why are car manufacturers so bad at software? Why are almost all hardware makers terrible at software?
@danluu are hardware makers also terrible at hardware but it’s just harder for the average person to tell 🤔
Jacob Christian Munch-Andersen
Passenger
Scott Michaud@passenger @nuthatch @danluu Yeah I was going to say that my "I need a walk" moments with third-party code doesn't seem to correlate with whether or not they're a hardware company.
@scottmichaud @nuthatch @danluu
In fairness, the worst software I've ever used, without exception, has been internal-only stuff.
John M@passenger @nuthatch @danluu What we're really bad at is testing code. I see that screen, and the first thing I think is "someone didn't let QA do their job."
😀🚲@fulminata @passenger @nuthatch @danluu if you need QA people to find something like this, that's a design failure at multiple levels and someone just didn't do their job.
Imran Nazar ~ عمران نزر
Thread Tree@Two9A Your thread has been unrolled! You can view the full conversation at: https://threadtree.xyz/111646195333106181
Grandpa Don@enobacon @fulminata @passenger @nuthatch @danluu
Of course. The whole reason there is (supposed to be) QA is people fuck up. Anything QA cartches should have been caught in design, but there ARE obscure use cases. Unit and system test should have caught it. But QA is the last stop and probably was shortchanged.
This is a good point and I'll concede it.
For a lot of consumer software, testing is very difficult because you can't possibly test for every device and every configuration that the consumer may be using, and so things do slip through. However, this is not an excuse that the car above has.
Óscar Morales Vivó@danluu the dealer offered this guy a $30 Lyft card good job everyone
antipode77
AT-AT Assault 🏳️⚧️
uisThey aren't bad at software, they are good at making an excuses for getting more your money.
RAK@nuthatch @danluu: In the current environment of software development, those who are good at it are outweighed heavily by those who aren't. And the latter are infiltrating into the automotive software industry as well.
The problem is that quick, slapdash approaches to software are being encouraged over longer development cycles and actual testing.
Robots can be gay deal with it
Gabriel Pettier@danluu the future is awesome.
(full, i mean full).
Obscuredavid
Pyperkub@danluu We have bricked your car. Pray we don't brick it further!
Andrew Feeney
Ellen Teapot 🇨🇦🏳️⚧️
Joe Fabisevich 
Kee Hinckley@danluu Very very early in the history of TiVo, they put out an update and bricked the boxes. Fortunately there were not a lot out there (hundreds?) and all in the Bay Area. So they ended up going to every house and fixing them.
Needless to say, that never happened again.
Also, that was decades ago. There’s really no excuse now.
Peggy Heinkel-Wolfe
Kevin P. Fleming@nazgul @danluu A similar thing happened recently in Europe, where an update pushed to some in-home built-in appliances was for the wrong type of device, and required an onsite visit to reprogram the bricked units.
The important question of course is why the units even had the proper keys/certs to verify an update intended for a different type of device in the first place.
Taco Dave
Charles J Gervasi ⚡🛡️🥥@danluu "Press and hold the brake pedal and accelerator pedal all the way down." 🤣
It had me going for a second.
It had me going for a second.
Shimrra Shai@danluu This is *excessive* computerization. A car from 50 years ago was *literally* more functional than this in the most basic of aspects.
Whiskers 🇦🇺
mike805@danluu Did it prompt for the update? Or just decide to do it without asking?
I do not want any car with a built-in cellular transceiver.
If the car has multiple computers, they should boot over the CAN bus from a central source. That would ensure you cannot brick the whole car, as only that one source has to have A and B partitions.
Robert "Szkodnix" 
@danluu It is fake, right?
@stevewfolds@danluu Friends hybrid bricked by itself while parked last week “Catastrophic brake failure. Call a tow truck.” Dealer said we’ll have time next week.
@stevewfolds @danluu Did they also have a Kia?
Jake in the desert@danluu this is NOT the future we want
Niko@danluu Most reasonable modern tech product
n3wjack@danluu Holy crap. I'll never run a car update again when I'm not at home now ffs.
Martin Vermeer FCD