"Remarkably this driver has claimed unintended acceleration...."
You mean "unremarkably"?
They're coming out of the woodwork now..... questionable claims of unintended acceleration - just had one in the local news here....
Every twit that slams into the plate glass of the convenience mart is now going to start claiming straytrons in the accelerator..... Sadly predictable.
The problem with a single die is that there is exactly a 1/6 probability of any face coming up with a single roll. So you can easily create a statistical probability of how many trials and the number is fairly small to get to 95% or 99% or higher confidence.
The case here is more like you have six dice and you have to determine if every die has at least one six. The rules are simple - roll one at a time. If the current one rolls 6, get another die and roll it, If it doesn't, start over by putting all the dice back in the cup and shaking it. How long before you know if all six dice have one face with a six?
The variables are NOT independent. A lot of the software involves sequencing, counters, etc. so the conditions may have to occur in a particular order.
Also in the assumption is that things are DC. But I suspect it will act very differently if I ramp things up at 0.01v/sec v.s. sending a 10Mhz sine wave into an input. If the input jumps from 0 to 3 volts, it doesn't mean internally the next cycle will read 3 volts. If it is averaging, we might need to do a single 12v spike, three zeros, then a constant 3.
So the condition isn't "input is at X volts", it may be "input is ramping up at X volts/sec", or "input is accelerating at X volts/sec-squared".
As I tried to point out, it isn't a linear function where y=mx+b, or even y=f(x). It is a hideously complex equation that involves history (even a simple FIR filter or PID control and don't tell me that they aren't anywhere in the code).
There are simple electronic circuits with only a few transistors that can't be characterized or examined easily. I can also take a really simple microcontroller chip, a Pot and LED and suspect I could put an intentional bug that no one would be able to cause the LED to turn on with a test-setup, but I could make it happen on-demand because I would have access to the code.
I don't want to speculate. I want to examine the code. So do others. I will do so under a proper NDA if required (I need to be able to report general quality observations and if I find unhandled fault and failure paths) and Edmunds wants to arrange it with Toyota.
"the same vehicle had an SUA problem three days before and it went unreported."
This argument just goes around and around.
The proponents of "straytron theory" always leave out the fact (conveniently) that the cops vehicle had a runaway prior to his use of it. The motorist that had the loaner (previously) ascertained it was the floormat and wrestled the vehicle back into control.
It was actually reported but the dealership never followed up on it - shame on them.
Then the argument goes on with "How can you possibly believe a highly skilled police officer could not control...." yada yada yada....
Hey, even the Captain of the Titanic had a really bad day a long time ago with negative variables that were known but ignored. Even highly skilled professionals can have a bad day.
However, neither article discussed how the errors were first detected nor the early history of the devices in question. They picked up at the point where the software was being examined.
While it is certainly possible to get a court order to force a manufacturer to show the operating software without backup (relatively few things are totally/absolutely impossible), I would think that some proof had to be shown at some point (at a minimum showing some discrepency between the system in question) as compared to a known system (ie, competitor's product, blood test, etc.) before they got to the point of software examination.
Again, not being very familiar with the issue, I'm not able to adequately respond further.
But, think about it... Without requirement of proof, If a company wanted to trash their competition, simply start a campaign of rumors about how buggy their product is, demand an examination, and even if the code is deemed perfect, a significant amount of damage has been done to the competitor's image.
We live in an extemely complex world, often one where the legal ramifications can far outweigh the actual damages done by the operational shortcomings of a product's design.
Image is everything. Consider Betamax .vs. VHS. Betamax actually had a slightly better recording method, but VHS advertising made it look inferior because VHS had a 6 hour recording capability and Betamax had 5...nevermind that few users acturally recorded 4 hours at a time.
As I said before, I do think Toyota has a self-inflicted wound (if the code actually is free of issues) by not allowing outside examination, but if not.... see the comment a couple of paragraphs back. Maybe part of it relates to Japanese culture.
I understand your point regarding the die.
The only point I was attempting to make was that - when doing testing (ie, rolling the die) and not knowing all possible outcomes (not having the ability of examining the die before you roll it), regardless how many times you roll it, you can never be completely sure how many sides have a six on it. Yes, you can approach 100% as you roll the die more and more, but until you completely examine the die,, you can never be 100% sure.
I'm sure we can all agree that ECM software is more complex than rolling a few dice, but again, unless one is familiar with Toyota's software development, he/she can't say how many times Toyota "rolled the dice"...
"brake and throttle should have at least a complete second backup system.." They do have backup systems - it is utterly ridiculous to claim they don't.
The thing is, that while GM, VW, and others do have such systems, the Toyota design is not 100% redundant. They cut corners, and maybe it matters, and maybe it doesn't, but it's worrying. Hopefully the system shuts down in the event of a problem, but it's just as likely to jam in its last state.
The problem Busiris is having is that he's thinking of it as simple electronics and not as a problem of "what happens when there is a physical (destructive) fault or critical failure?" Any good engineer designs with this question in mind. Fault-tolerance should be a given with something as critical as a throttle or brake, if it is computer controlled.
And why shouldn't they? Is it unreasonable to expect excess moisture, dirt, power surges, and so on in a vehicle? Just open the hood of any ten year old car and check out the amount of grime everywhere. Everyone is concentrating on sensor errors and computers and so on and has not addressed MY concern here, which is the following scenario:
- Assume that the vehicle has suffered a critical component fault from an external source(dirt/water/em surge/whatever). The computer crashes as a result. Q: what happens to the vehicle in such a scenario?
Without access to the code, we simply don't know how to predict what happens when the computer dies while the vehicle is still running.
I started out as a circuit design engineer and eventually became a Program Manager. All the items being managed , there is only one, where adding additional personnel or funding will not speed anything up. Developing lines of code. The original designer will take short cuts and personally do it a specific way. No one does it the same way. So adding more people doesn't speed it up. So it is unlikely that having the original lines of code would be meaningful without the designer to explain it.
Without access to the code, we simply don't know how to predict what happens when the computer dies while the vehicle is still running. A 10 year old car with grime under the hood probably would not run when the computer dies. I would cost more to repair than it's worth. Computers will not still be supported. I had a new Dell that was no longer supported 11 months after I got it.
The problem Busiris is having is that he's thinking of it as simple electronics and not as a problem of "what happens when there is a physical (destructive) fault or critical failure?" Any good engineer designs with this question in mind. Fault-tolerance should be a given with something as critical as a throttle or brake, if it is computer controlled.
No, the real problem here is that you have already made the determination that a software design error/fault condition exist, or that a system crash (the same ECU that ultimately determines ALL engine functions) can cause UA, but you can't reproduce a single case of UA. Do YOU know that the Toyota engineers didn't do exactly what you claimed (building in fault tolerance)?
If so, how do you know? Please, tell us.
You have made a set of very big assumptions. Any FAA crash investigator will most likely tell you always keep an open mind.
Now, you may indeed be correct. There may be a software issue. But, before you start going down that yellow brick road very far, you might want consider other possibilities.
I haven't seen any poster over the last several pages (I haven't gone back to the beginning) make an overt statement that there is absolutely NO FAULT with the software or and sensor on the cars in question.
Why are you so hung up on "It HAS to be software?"
I will admit this... No one is a more ardent supporter of the use of Hi-tech machinery in cars. If one needs convincing, do yourself a favor and spend a day at a driving school similar to the one BMW offers at its Performance Center in Spartanburg, SC. You will see hi-tech gadgetry do things that humans could NEVER hope to do in controling a vehicle.
That said, I did cringe a little the other day when a friend was showing me his new VW Passat, with the electronic push-button parking brake. I was thinking to myslef that, if this guy's car starts acting like Stephen King's Christine, then he's done for...
I'm a bit surprised that no one seemed to have posted this while I was away exercising my cruise control for a few days:
"In a late 2009 demonstration at a decommissioned airfield in Blaine Washington, they hacked into a test car's electronic braking system and prevented a test driver from braking a moving car -- no matter how hard he pressed on the brakes."
He and co-researcher Tadayoshi Kohno of the University of Washington, describe the real-world risk of any of the attacks they've worked out as extremely low. An attacker would have to have sophisticated programming abilities and also be able to physically mount some sort of computer on the victim's car to gain access to the embedded systems. But as they look at all of the wireless and Internet-enabled systems the auto industry is dreaming up for tomorrow's cars, they see some serious areas for concern
So, really, this is simply a software version of Dr. Gilbert's test, which really didn't demonstrate anything more than expected output can change if unlikely input is entered into the system.
Basically, a test case of electronic Tylenol tampering.
I really don't think any manufacturer should be held liable for malicious tampering with their product.
If I cut my head off with a skill saw by removing the safety guard and trigger lock-out mechanism and try to shave with it, is that really the saw maufacturer's problem?
To hack the cars, they needed to learn about the Controller Area Network (CAN) system, mandated as a diagnostic tool for all U.S. cars built, starting in 2008. They developed a program called CarShark that listens in on CAN traffic as it's sent about the onboard network, and then built ways to add their own network packets.
Step-by-step, they figured out how to take over computer-controlled car systems: the radio, instrument panel, engine, brakes, heating and air conditioning, and even the body controller system, used to pop the trunk, open windows, lock doors and toot the horn.
Well, that kind of rules out the necessity of having source code to determine how things function. If anything, this shows absolute proof that the system, at least in the car they tested, can be understood functionally without source code availability.
And, the CAN mandate once again demonstrates the saying "The road to hell is paved with good intentions". A device designed for the common good is transformed into a "hacker" gateway.
It also gives the manufacturers another significant legal excuse to keep their source code confidental. Don't want to make it any easier for the hackers...
It is an interesting, if not totally surprising story, though. Certainly, it demonstrates the value of locking one's car doors while it is unattended.
Like every technology, there are good, and bad, uses of it. Get ready to pay an annual anti-virus fee to Symantic for your car! Terminator 3 has arrived!
See, I don't have to PROVE anything. What we have here is a scenario similar to where we are compiling statistics(since you claim to be an expert it it) where two of the three dice are hidden. Well, we're not wrong to point this out and expect to see the other dice, are we? How else can we make a determination if there is a problem or not with only 1/3 of the data?
I don't have to show proof of anything about Toyota or UA to know how simple ICs and processors behave when they crash. It's an entirely reasonable conclusion on my part to suspect a computer freeze or crash given the accounts of it not being repeatable once the car's ignition has been cycled or it has been restarted. This is entirely consistent with rebooting embedded and simple electronic devices after a crash.
How often has your cell phone crashed? Your car stereo when it hits a bad CD? What about your computer? What is the "cure" 99% of the time?
The best example and why it's a good theory, is your browser you are using to read this. Does it crash? Quite often. Does it crash in exactly the same way? In what ways does it crash? I can give you a short list, but it's really not necessary. Everyone here knows the answers - it's unpredictable and not always the same - sometimes it hangs, sometimes, it runs slow, sometimes it freezes for 4-5 seconds, and sometimes is bricks the entire OS along with it. Sometimes running the same code on it doesn't crash it, and sometimes doing nothing seems to crash it as well.
But reboot the machine or restart your session and it works again. Absent a crash log, you never would know that it had ever crashed before once it restarts.(or unless the thing is designed to notice and tell you the fact/restore the sessions/etc)
We don't have access to the code and the entire system is controlled BY this code. Since we haven't found any simple sensor malfunctions to date, this leaves the code and nothing else as a possible culprit. Toyota won't cough it up, so of course we are right to suspect a corporate cover-up.
Doubly so since they appear to have altered recent vehicle codes to have the brake override the accelerator at all times. Why the software "fix" if it wasn't a software problem?
"Doubly so since they appear to have altered recent vehicle codes to have the brake override the accelerator at all times. Why the software "fix" if it wasn't a software problem? " Plecto post 710
I believe this is an admission of a software glitch which they are aware of. My post 697
I think we arrived at the same conclusion for the same reason. Toyota made software changes. I was poo- pooed because some thought it was to keep you from hitting both pedals at once. I use my right foot for both accelerator and for the brake. I don't think that is out of the ordinary. The accelerator on my Camry is below the level of the brake. Again, I think this is typical of most cars with automatic transmissions. I am more likely to hit the higher brake trying to hit the lower accelerator, than vice versa. So hitting both pedals at once is extremely unlikely for most drivers. I think this a safety feature to keep drivers from hitting both pedals at once. Surely Toyota engineers did this on purpose. Then they make a software change. It had to be to fix a software problem.
Q: what happens to the vehicle in such a scenario?
A: The dirt and water will leave clear evidence. By analysis of the dirt and water evidence you duplicate the circumstances and record the affects, find the faulty part and fix or replace it.
It is completely unreasonable to expect an automotive engineer or car company to design a system to meet conditions that have never ocurred in the real world.
And hacking a computer system proves what exactly? That it can be hacked? Thanks for the news flash I never would have guessed. To date there is no real world proof whatsoever that SUA has been linked to faulty computer systems only the hypothesis that it is possible. Start looking for the real world example of it.
The theory has been stated thousands of times but never once with an automotive example associated with it let alone a Toyota or SUA example
Truth7, Which do, personally think is the most likely cause of unintended acceleration , a software problem or a floor mat problem ? Or more to the point, do you think Toyota is being honest or deceptive about the causes of the untended acceleration ?
The floor mat problem is a real problem and has been used as an excuse 24 years ago by Audi as one of the reasons foir SUA - I consider it a valid excuse by any manufacturer. The Smart team has found up to eight mats piled on top of one another in some of their investigations. I'm certain up to this point in time (maybe in the future) that there has been no component or system failures of any kind that have resulted in Toyotas SUA complaints. I have offered $2250 since February for faulty parts or systems on my carquestions channel on Youtube and have had no takers or fakers.
I do think however that Toyota is not being as truthful as they could be. I'm certain they and other manufacturers know the cause and are extremely unlikely to tell the public for fear of crashing sales company wide.
The thing is, that while GM, VW, and others do have such systems, the Toyota design is not 100% redundant. They cut corners, and maybe it matters, and maybe it doesn't, but it's worrying. Hopefully the system shuts down in the event of a problem, but it's just as likely to jam in its last state.
But, all I asked was how you know this to be fact...
See, I don't have to PROVE anything.
No, you don't. It is, after all, an opinion forum.
But, if you wish to be taken seriously, then you should be able to back up your "factual sounding" claims with some real evidence. Simply making the statement that "X has this" and "Y doesn't" in no way changes reality...except, maybe in your own mind.
Your choice not to produce evidence is fine with me,
IMO, that just makes you sound like one with a grudge against Toyota.
The most surprising part of this is that evidently, this is news to people.
If any communicating network can be hacked, and the automobile has an internal network, why shouldn't it be able to be hacked?
Not long ago, there was a story on the local news about a car chase. The police were able to reference the auto vehicle ID from cross-referencing it through DMV and its tag number, and was able to get GM Onstar to disable the vehicle ignition remotely.
The thieves were astounded when they found out how they were caught.
Big Brother? Maybe.
Like any technology, it has good and potentially bad applications.
Surely Toyota engineers did this on purpose. Then they make a software change. It had to be to fix a software problem.
You may indeed be correct....or, not.
As cars have developed over the years, dozens of safety features have been added, well before software issues were even around. And, they were simply added as safety features, not as a "fix" to eliminate what would be called "safety liability issues". In fact, simply by not adding them could be construed as making an unsafe product.
Never discount the legal ramifications when it comes to safety issues. I say again, read the safety labels on household products around your home.
Its just as plausible that Toyota added this feature as a marketing ploy in order to make potential as well as existing customers feel better about buying a Toyota.
Personally, I wouldn't be quite so quick to jump on the "this proves it was a software problem" hayride yet.
We may see that UA events still occur beyond this "fix", which, if they do occur will clearly give support to operator error (thinking the brake is being applied when the accelerator pedal is the one depressed).
I doun't think any software system is totally free from being hacked.
To hack the cars, they needed to learn about the Controller Area Network (CAN) system, mandated as a diagnostic tool for all U.S. cars built, starting in 2008.
Funny... The standardized requirements of the CAN port access may actually be the gateway where hackers get into the system. If that is the case, you really can't hold the manufacturer liable for complying with the laws.
As they said in Britain during WWII, regardless how much effort was applied, a bomber would always get through.
Busiris - statistically speaking driver error vs product defect what do you calaculate the odds at if you look at what is known about the whole issue? Toyota has put 40 million vehicles on the road with ETC and there are far more if you count in other manufacturers. Driver error is one of the known causes of SUA whereas faulty parts have never been proven to be associated with SUA - yet. And by SUA I mean sudden unintended acceleration that occurs without any driver input and the brakes fail at the same time such as has been claimed in the average complaint.
Good question. My answer is...I don't know enough of the actual statistics to hazard even a rough guess.
Something that srs49 said a couple of pages back has stayed with me over the last few days...
It was in reference to what you said above. When we hear about a few UA cases over a relatively short period of time, its natural to think there's a big problem, But, as he said, like you, one must analyze other factors, such as number of units in the field and millions of UA-free miles per "event".
I think he probably is on to something. We can't see the millions of aggregate miles or the total number of cars, but we can see every complaint.
Overall, in the grand scheme, I think the possibility of a single (or extremely few) vehicle UA(s) is probably better than zero, but does it approach 100%?
I simply don't know. And, as I said earlier in a previous comment, when does one stop testing and put the product out into the field? No product is absolutely 100% safe, all the time, in every single circumstance.
There is little doubt in my mind that in some vehicle, somewhere, made by some manufacturer, that a condition can arise that eludes the best intentions and tightest coding of software. As I said before, there is simply NO foolproof system, because no one can adequately anticipate every single change in the operating environment.
Laws of probability tell us that if one takes a million dice, and throws them enough times, eventually he will get every single one to come up with "six". Not likely on any particular roll, but it can happen. Sooner or later, somebody wins the lottery.
But, as an old stat professor taught me years ago, quite often, the simplest solution to a problemis also the best solution. And, a few points on a graph (out of millions of points) doesn't necessarily constitute a trend.
I'm sure its no comfort to anyone who has experienced vehicle UA, but in my opinion, all but a few are most likely operator error. As you discussed (I think it was you) the case regarding the woman that testified about her UA experience before Congress, someone else got the car and hasn't had a single issue in, what was it...30K miles?
What would a rational person deduce from that statistic in that particular case?
The thing is, that while GM, VW, and others do have such systems, the Toyota design is not 100% redundant. They cut corners, and maybe it matters, and maybe it doesn't, but it's worrying. Hopefully the system shuts down in the event of a problem, but it's just as likely to jam in its last state. ****
But, all I asked was how you know this to be fact...
Read the first ten or so pages of this forum. Analysis of the system(so far) by engineers who are intimately familiar with fail-safe systems and their applications (that posted in this thread) is that Toyota's system has a few critical faults in it that make it not pass such a test. But read it yourself if you want to.
Busiris don't bother, its a wild goose chase. Plekto is asking you to remember for him when he could just use the search feature and find it himself. If he is using quotes from people he's asking you to find, can't himself remember or identify it tells you his research abilities are less then rigourous and his statements are unverifiable. The definition of useless
For the record Plekto - nobody in any of the pages says they are automotive electrical engineers and that they know Toyota systems have critical faults.
Unless someone here has direct involvement with Toyota (or any make, for that matter), the best thay can do is to surmise how the vehicle's internal systems work, as well as what, if any, safeguards are present within those systems.
As for me, I don't have that experience. All I was asking for was a valid and reliable source that described that condition. It wasn't a challenge... at least, I didn't intend it to be one. I certainly don't mind someone else's different conclusions from data than mine (I doubt one would have to search very long to find someone much more intelligent on just about any matter than me).
I simply think its common courtesy to quote one's sources so that others have the chance to examine their data and arrive at some conclusion, whether they agree or disagree with the analysis. That's how we learn things....
But, in one of my first comments here, I said that every forum always has a few on it with some sort of axe to grind.
Post #32 in this thread is just one example out of many. While the poster of that response may or may not be an automotive electrical engineer, I can guarantee that he has some scientific or engineering background based upon his posts that he has had here at Edmunds so far. Also, other sites online show the pedal and sensor mechanisms taken apart and it's clear that it's not properly fail-safe.
Redundant, yes. But simple mechanical redundancy isn't the same thing as fail-safe for Hall Effect sensors. I suggest you read about the technology mentioned in response #32 and then get back to us here before going on about this any more. Oh, and as far as I know, none of the other manufacturers design theirs properly, either. It might be that they don't want to pay the patent fees to this company, or it might be that they don't deem it to be a big enough problem to spend the time and money on. Based upon the numerous cost and corner-cutting examples in a typical vehicle if you start looking at it closely, I suspect the latter.
Now, that's understandable and forgivable to a point, even. After all, it is a simple commodity item at this point and mistakes do happen. What I think is getting people upset is Toyota's response is sounding exactly like it was lifted from GM or Ford's playbook . Thee is no problem. The problem's not our fault. Now go away/blow smoke and avoid it as much as possible.
They need to admit they cut corners and design it properly. Whether it's the cause in this case or not, there needs to be a proper doubly-redundant fail-safe on the controls of a vehicle. VW (one poster mentioned his nearly 20 year old VW doing it correctly) and others have done it correctly with other sensor types, so it's not an impossible engineering problem, either. I certainly won't purchase any vehicle that doesn't have that level of protection. Even if it's not likely required, I still want it to be there.
I knew I could get you to provide your source. Turns out your source (cbrechlin) is just rehashed theories from posts on our own forum. Turns out your source cbrechlin never does mention what he does in any of his posts.
And it turns out he's just like you - given to dogmatic statements based on someone else's stories that are completely baseless.
Here is one of his quotes as an example of the guy you used as proof;
"both the competition and the Toyota software are fundamentally defective"
Before I forget, I'd like to point out your incomplete sentence; "Toyota's response is sounding exactly like it was lifted from GM, Ford's and Audi's playbook except Audi was the only one who claimed they were innocent of unfounded accusations being leveled at it by the conspiracy theorists of the day and were proven right by independent sources years later.
I don't understand the comment "around and around"
Some argue electronics with the runaway Lexus in San Diego and simply refuse to include the floormat problem reported by the previous motorist in any context of their argument because it.... Doesn't fit in with their argument.
They want it to be straytrons (electronics), and desperately so.
If you look back at horrific accidents and incidents in human history, it wasn't the machinery.... It was human error.
The Titanic. Exxon Valdez Eastern Airlines/Everglades Colgan Air in Buffalo, a recent one.... the list goes on and on.
Aviation is rampant with "pilot error" with specific and detailed training involved but yet we have no "driver error" in the Toyota debate?
You're joking right?
The digital age dawns and people want to start blaming the machines.... again - just like the dawn of the industrial revolution.
It's not the machine, it's the operator. Post no. 32 is mentioned as a fantastic post illustrating fail safe pursuit but yet the human was STILL able to bypass the technological block created for safety.
I stand by my original point that the modern "hyper consumer" that believes all risk is engineered out of a product is either extremely gullible or a complete idiot.
I like the term 3000 lb. bullet..... Very fitting.
Before I forget, I'd like to point out your incomplete sentence;
No, I specifically mentioned ONLY GM and Ford because they both have had a long history of cover-ups of defects, recalls, and a total inability to come clean unless there is literally a smoking gun thrown at their feet as evidence.
I couldn't care less what Audi did in the past - I never even brought them up. Other people did, though, which has no bearing on this case.
It's not my place to provide data and resources and articles for you in this forum. Get up and do some research yourself. It's clear that none of the newer drive-by-wire systems are properly redundant. Any college engineering student can tell you that almost none of the systems in a vehicle are designed that way, in fact. (It's actually rare TO find redundancy in a vehicle outside of the brakes and a few areas where it has been mandated by law to do so)
It's not my place to provide data and resources and articles for you in this forum. Get up and do some research yourself
I agree. One only need do that if they wish to be taken seriously.
Making unfounded accusations don't require any sources at all. Neither does whining and complaining.
While the poster of that response may or may not be an automotive electrical engineer, I can guarantee that he has some scientific or engineering background based upon his posts that he has had here at Edmunds so far.
Or, maybe he just stayed at a Holiday Inn Express last night.
I liked your term..."straytrons". It would have been a great Star Trek technical term...
I stand by my original point that the modern "hyper consumer" that believes all risk is engineered out of a product is either extremely gullible or a complete idiot.
Nothing is ever completely safe. But, in America, blaming something else for our shortcomings coupled with a large amount of money can make risk irrelevant.
From post #32...
The "absoluteness", or guarantee of this type configuration was demonstrated back in the 1980's when a female operator of one of Schneider-Senator's machines cut off both hands of that operator. Safety regulators shut down all machines of its type for three months while the Fail-Safe system on that machine was continuously run and challenged to default again, never, ever possibly failing. The final conclusion was the one offered first, (though it certainly was a worthwhile test regardless), that the small woman habitually reached her thin arms under the infrared light barriers to violate the safety system during automatic operation.
Once again, a once-thought-to-be-absolute-safe-system is proven to be outwitted by a human with very little effort on the human's part.
No system is absolutely 100% safe, 100% of the time, in 100% of the circumstances. In complex machinery (a car certainly qualifies in that regard), there is simply no substitute for a good understanding of the machine's functions.
I like the term 3000 lb. bullet.
Once again, I agree. Unfortunately, every state I have ever lived in requires far more to get a handgun permit that a permit to drive a 3000 lb guided bullet on wheels.
When the story about the Prius and Sykes first came out, I actually thought that finally, we had a "smoking gun". At least, until I saw a recorded interview in which he responded to the question "Why didn't you move the transmission to neutral?" and he responded "Because I thought the car might flip over...".
I can't say how others perceived that comment, but I'm pretty sure that ruined his credibility from the viewpoint in most serious investigator's eyes.
One would think that those who really do feel that they have experienced vehicle UA would be the first ones out to debunk the frauds. After all, its very much like a woman crying assault and subsequent rape, knowing full well she was consenting (here is upstate SC we have had 2 cases of that very thing over the last few months, and both females finally admitted the claim was false). Those that attempt this type fraud just make it all the more difficult to take the issue of UA as seriously as is should be taken.
No one wants to admit that they made a mistake and depressed the wrong pedal.
I wonder how many examples there are of truely unexplained UA that don't get reported, due to the "ridicule" factor.
I can't remember the last time I heard of a case where someone drove into a building/store and openly admitted it was their fault. Nope... The car did it all on its own...
That amounts to a statistical improbability.
I would love to see a valid and reliable survey showing just how many auto owners read the car's owner's manual completely.
One corollary would be that the software wasn't fault tolerant since it was hackable.
I disagree. Almost any networked system, or product, except some of those specially designed for the military, can be hacked if one has physical access to the system.
Companies, mine included, spend millions of dollars to secure their IT systems from outside intrusions. This includes firewalls, deep packet inspection of Internet traffic, intrusion detection systems, email monitoring, web site monitoring, data encryption, along with other techniques. All these aimed at keeping the bad guys out.
But, they are totally useless against someone who has physical access to their network, through a work computer for instance. Our email system prohibits - strips out - any email attachments with a .zip extension because .zip files have been known to carry malware. But that protection is useless should someone bring in an infected .zip file on a USB drive for instance, copies it to his PC,and opens up the file.
Keep in mind that the experiment performed did not reprogram the ECU, at least I could not find any reference to that being done. The researchers just found a particular sequence of CAN messages that would fool some of the car's electronics. That really shouldn't surprise anyone.
No one wants to admit that they made a mistake and depressed the wrong pedal.
I said this before, but it's relevant here. Keep in mind this is strictly anecdotal.
In the upper mid west, moose are very common. One thing you almost never want to do is hit a 1000 lb+ moose while driving 50 mph on a secondary road. Far better to go off the road and take you chance with the trees or a ditch.
That being the common wisdom, nobody ever runs off the road because they were drinking, or because there were distracted on the cell phone, or because they fell asleep behind the wheel. It's always "I was avoiding a moose" :P .
Back to the business at hand - For better or worse we have main two avenues of investigation. 1. Faulty car, 2. Faulty driver. Speaking of the latter only I'm not making this up when I say I personally watched all the 60 minutes stuff on this 24 years ago including the original Ed Bradley piece. I have contacted CBS and they will not sell a copy of the "Out of control" Audi episode. The unit manager of the CBS News Archive Ann M. Fotiades told me - "Out of Control is on Legal Hold and cannot be released" .
I do recall another show I saw and for the life of me can't remember the title or network only the details of the show. This is what I need a little help with. This "mystery show" was a research study conducted by a university or the DOT that proved driver error in SUA. As I remember it they profiled the Audi owners and determined that most had previously owned a large American car, where mostly female, over the age of 45 etc.etc. They then advertised they were conducting research into drunk driving and asked for participants, they picked ones that matched their profile. Next, they asked them to drink a syrup, put them in an Audi with a research assistant (white jacket, clipboard). They rig the car with an underseat camera and microphone and seperate hidden accelerator/brake controls for the research assistant in the front passenger seat. They start the test by slowly driving around pylons and then the assistant secretly flips a switch and the car accelerates out of control. What they learned was approx 8 out of 10 properly stopped the car within a short period time. The other 2 had difficulty and had stepped on the gas. The 20% had always claimed when asked by the equally surprised assistant that they had stepped on the brake. The proof was in the video, all the fumble footed ones incorrectly believed strongly that they had stepped on the brake instead of the gas - but the camera and microphone didn't lie.
My question is this - has anyone else ever heard of this piece? Does anyone know where I can get a copy of it. Seems to me to be a valid piece of research but that was more than 20 years ago - If my memory is correct it would stand as a very powerful proof.
I once owned a 1986 Ford E150. One day at a stop light, my E150 suddenly went to full throttle. I could NOT shift it of anything but "Drive". I kept my foot on the brake and turned it off. I had it towed to a mechanic at a gas Station whom I trusted. He called and told me a motor mount had failed, my engine tipped and pulled the throttle cable on full. When he called Ford for the new motor mount, he found out the parts were free. Ford knew about the problem and did a "silent" recall. You had to experience a failure before Ford acknowledged it. If I had not been at a stop light, the results may have been a disaster and attributed to"driver error." That was the last Ford I will ever own.
My Camry Hybrid has a Smart Key sytem. With my key in my pocket, I can open the doors or trunk without taking the key out. To start the car, I have to put my foot on the brake and hit the Start/ Stop button. When I get to my destination, I have to shift to Park and push the button to turn the car off. Now suppose I have UA and for some reason, I can't shift to neutral.; It will not permit it to be shifted to Park if moving To turn the car of by pushing the Stop button, I have to hold it in for 3 minutes. If I am going 90 mph, that is 132 feet per second. 3 minutes at 90 is 4.5 miles. I would have to drive with one hand, while I held the button with the other. Sounds like a sure case of driver error in the making.
But - physical access? If I can remotely hack a computer via, say, an open wireless access point, that's not exactly physical
Technically, it is physical access.
If you have access, you are on the protected side of the "firewall", even if you don't have a direct wired connection.
There's no difference from hacking a computer via wired or wireless access, once one has usurped all the security measures.
Of course, not having anything but a direct wired connection gives more security than a wireless connection. No different than a system with a single wired access terminal is, in theory, safer from hacking than the same system with 100 wired access terminals.
Regardless, once I am "in the system" beyond all protective measures, the systems I can access don't care how I got there....wired, wireless or even ESP...
As for the "running off the road" story, several years ago I was with a very attractive (and VERY well endowed) lady-friend, waiting to cross the street at a high-traffic crosswalk. I kindly asked her to position herself behind me while we waited to cross. She thought I was being chivalrous....until I explained that I didn't want to be run down by some dude with his eyes glued upon her!
The old Audis were all short events - under 10 seconds.
The two in San Diego were over a period of MINUTES and over several miles while on the phone with 9/11 where it is being recorded.
Either it is a set of hoaxes, or it would be hard to believe that multiple people would simply press the accelerator pedal down hard for several minutes in error, or even trying to pump it (without any decelleration?) mistaking it for the brake every time.
There was no recall just four separate investigations (and lots of complaints) EA87002, EA87019, EA87017, EA87054 - there is no documents on file concerning these investigations so all you get is the numbers. It would appear Ford didn't want additional complaints to NHTSA so they quietly kept complaints artificially low by filling such parts requests - no complaint or paper trail
Both Sandiego cases have been well investigated by Toyota, NHTSA, DOT and police. All reached identical conclusions;
Saylor Lexus - floor mat - no suggestion of faulty computer or other parts
Jim Sikes Prius - NHTSA, Toyota, SDPD, Congress Reps, - all reached the same conclusion - no faulty parts or systems - driver error strongly suspected. Funny how a computer code would correct itself when an unexpected police officer showed up beside you and started yelling instructions.
Now suppose I have UA and for some reason, I can't shift to neutral.; It will not permit it to be shifted to Park if moving
Correct. And, if the system jams and won't respond, how do you "reboot" it? In a newest Prius, you have two options. 1 - yank the fuses to the computer(while moving!) or literally throw the key out the window and get it out of range(there is an override when that happens to stop carjackers)
Then you have to find the computer-chip encoded one-of-a-kind key if you want to REstart your car anytime soon.
Oh, guess where the fuses are in a Prius? Under the hood. Oops. Normally, you would open a panel near the steering wheel and yank the biggest fuse(usually #1 or #2) with your fingers. But some cars put them in places like under the hood, the bottom of the foot well, or require you to un-do screws and such to get at them.
What I would do is wire up a 20 or 30 amp toggle switch to the main computer fuse and run it to underneath the dash. If you need to turn the car off, hit the switch and there you go. It also makes for a great anti-theft device. Another option, though, slower and a bit safer is to go old-school airplane/boat and have the toggle switch control the fuel pump.
*Click* "Fuel pump on... check...
Cut the fuel and your problem is solved every time. Great low-tech afternoon project as well, since anyone can do it as all it requires is a switch, 10-12ft of wire, a few fasteners, and some heat-shrink tubing.
or literally throw the key out the window and get it out of range(there is an override when that happens to stop carjackers)
Your source for this info is who/what exactly?
I've tried just that on an 10 Venza personally and it did nothing the car keeps running and driving.
You forgot to mention holding the start/stop button down for three seconds or longer - kind of important when passing on this information you get it correct.
There's no difference from hacking a computer via wired or wireless access, once one has usurped all the security measures.
Ok, I've lost the thread of this thread.
So, if a stray electron comes out of nowhere and confuses the software or firmware, does it really matter if it's a nefarious attempt to hack the system or is it just one of those hard to reproduce situations that just happens to result in a stuck throttle and inability to shift a transmission out of neutral?
For those talking about the two California cases that are either dubious or just a floor mat issue, remember that there's the Sevierville Lexus and the Colorado Prius cases plus the couple that drove off the cliff in California (don't recall the model of that car). And the other 50 odd reports that the various law firms and NHTSA say they have collected.
Maybe we should pick one and dissect it? The Sevierville case is probably the next most reported one after the Saylor case.
Comments
You mean "unremarkably"?
They're coming out of the woodwork now..... questionable claims of unintended acceleration - just had one in the local news here....
Every twit that slams into the plate glass of the convenience mart is now going to start claiming straytrons in the accelerator..... Sadly predictable.
The case here is more like you have six dice and you have to determine if every die has at least one six. The rules are simple - roll one at a time. If the current one rolls 6, get another die and roll it, If it doesn't, start over by putting all the dice back in the cup and shaking it. How long before you know if all six dice have one face with a six?
The variables are NOT independent. A lot of the software involves sequencing, counters, etc. so the conditions may have to occur in a particular order.
Also in the assumption is that things are DC. But I suspect it will act very differently if I ramp things up at 0.01v/sec v.s. sending a 10Mhz sine wave into an input. If the input jumps from 0 to 3 volts, it doesn't mean internally the next cycle will read 3 volts. If it is averaging, we might need to do a single 12v spike, three zeros, then a constant 3.
So the condition isn't "input is at X volts", it may be "input is ramping up at X volts/sec", or "input is accelerating at X volts/sec-squared".
As I tried to point out, it isn't a linear function where y=mx+b, or even y=f(x). It is a hideously complex equation that involves history (even a simple FIR filter or PID control and don't tell me that they aren't anywhere in the code).
There are simple electronic circuits with only a few transistors that can't be characterized or examined easily. I can also take a really simple microcontroller chip, a Pot and LED and suspect I could put an intentional bug that no one would be able to cause the LED to turn on with a test-setup, but I could make it happen on-demand because I would have access to the code.
I don't want to speculate. I want to examine the code. So do others. I will do so under a proper NDA if required (I need to be able to report general quality observations and if I find unhandled fault and failure paths) and Edmunds wants to arrange it with Toyota.
"the same vehicle had an SUA problem three days before and it went unreported."
This argument just goes around and around.
The proponents of "straytron theory" always leave out the fact (conveniently) that the cops vehicle had a runaway prior to his use of it. The motorist that had the loaner (previously) ascertained it was the floormat and wrestled the vehicle back into control.
It was actually reported but the dealership never followed up on it - shame on them.
Then the argument goes on with "How can you possibly believe a highly skilled police officer could not control...." yada yada yada....
Hey, even the Captain of the Titanic had a really bad day a long time ago with negative variables that were known but ignored. Even highly skilled professionals can have a bad day.
However, neither article discussed how the errors were first detected nor the early history of the devices in question. They picked up at the point where the software was being examined.
While it is certainly possible to get a court order to force a manufacturer to show the operating software without backup (relatively few things are totally/absolutely impossible), I would think that some proof had to be shown at some point (at a minimum showing some discrepency between the system in question) as compared to a known system (ie, competitor's product, blood test, etc.) before they got to the point of software examination.
Again, not being very familiar with the issue, I'm not able to adequately respond further.
But, think about it... Without requirement of proof, If a company wanted to trash their competition, simply start a campaign of rumors about how buggy their product is, demand an examination, and even if the code is deemed perfect, a significant amount of damage has been done to the competitor's image.
We live in an extemely complex world, often one where the legal ramifications can far outweigh the actual damages done by the operational shortcomings of a product's design.
Image is everything. Consider Betamax .vs. VHS. Betamax actually had a slightly better recording method, but VHS advertising made it look inferior because VHS had a 6 hour recording capability and Betamax had 5...nevermind that few users acturally recorded 4 hours at a time.
As I said before, I do think Toyota has a self-inflicted wound (if the code actually is free of issues) by not allowing outside examination, but if not.... see the comment a couple of paragraphs back. Maybe part of it relates to Japanese culture.
I understand your point regarding the die.
The only point I was attempting to make was that - when doing testing (ie, rolling the die) and not knowing all possible outcomes (not having the ability of examining the die before you roll it), regardless how many times you roll it, you can never be completely sure how many sides have a six on it. Yes, you can approach 100% as you roll the die more and more, but until you completely examine the die,, you can never be 100% sure.
I'm sure we can all agree that ECM software is more complex than rolling a few dice, but again, unless one is familiar with Toyota's software development, he/she can't say how many times Toyota "rolled the dice"...
The thing is, that while GM, VW, and others do have such systems, the Toyota design is not 100% redundant. They cut corners, and maybe it matters, and maybe it doesn't, but it's worrying. Hopefully the system shuts down in the event of a problem, but it's just as likely to jam in its last state.
The problem Busiris is having is that he's thinking of it as simple electronics and not as a problem of "what happens when there is a physical (destructive) fault or critical failure?" Any good engineer designs with this question in mind. Fault-tolerance should be a given with something as critical as a throttle or brake, if it is computer controlled.
And why shouldn't they? Is it unreasonable to expect excess moisture, dirt, power surges, and so on in a vehicle? Just open the hood of any ten year old car and check out the amount of grime everywhere. Everyone is concentrating on sensor errors and computers and so on and has not addressed MY concern here, which is the following scenario:
- Assume that the vehicle has suffered a critical component fault from an external source(dirt/water/em surge/whatever). The computer crashes as a result.
Q: what happens to the vehicle in such a scenario?
Without access to the code, we simply don't know how to predict what happens when the computer dies while the vehicle is still running.
Developing lines of code. The original designer will take short cuts and personally do it a specific way. No one does it the same way. So adding more people doesn't speed it up.
So it is unlikely that having the original lines of code would be meaningful without the designer to explain it.
A 10 year old car with grime under the hood probably would not run when the computer dies. I would cost more to repair than it's worth. Computers will not still be supported.
I had a new Dell that was no longer supported 11 months after I got it.
No, the real problem here is that you have already made the determination that a software design error/fault condition exist, or that a system crash (the same ECU that ultimately determines ALL engine functions) can cause UA, but you can't reproduce a single case of UA. Do YOU know that the Toyota engineers didn't do exactly what you claimed (building in fault tolerance)?
If so, how do you know? Please, tell us.
You have made a set of very big assumptions. Any FAA crash investigator will most likely tell you always keep an open mind.
Now, you may indeed be correct. There may be a software issue. But, before you start going down that yellow brick road very far, you might want consider other possibilities.
I haven't seen any poster over the last several pages (I haven't gone back to the beginning) make an overt statement that there is absolutely NO FAULT with the software or and sensor on the cars in question.
Why are you so hung up on "It HAS to be software?"
I will admit this... No one is a more ardent supporter of the use of Hi-tech machinery in cars. If one needs convincing, do yourself a favor and spend a day at a driving school similar to the one BMW offers at its Performance Center in Spartanburg, SC. You will see hi-tech gadgetry do things that humans could NEVER hope to do in controling a vehicle.
That said, I did cringe a little the other day when a friend was showing me his new VW Passat, with the electronic push-button parking brake. I was thinking to myslef that, if this guy's car starts acting like Stephen King's Christine, then he's done for...
"In a late 2009 demonstration at a decommissioned airfield in Blaine Washington, they hacked into a test car's electronic braking system and prevented a test driver from braking a moving car -- no matter how hard he pressed on the brakes."
Car hackers can kill brakes, engine, and more (Business Week)
More ammo for the bad software theory?
That reminds me - we haven't heard anything lately from the Woz and his SUA problem with his 2010 Prius.
He and co-researcher Tadayoshi Kohno of the University of Washington, describe the real-world risk of any of the attacks they've worked out as extremely low. An attacker would have to have sophisticated programming abilities and also be able to physically mount some sort of computer on the victim's car to gain access to the embedded systems. But as they look at all of the wireless and Internet-enabled systems the auto industry is dreaming up for tomorrow's cars, they see some serious areas for concern
So, really, this is simply a software version of Dr. Gilbert's test, which really didn't demonstrate anything more than expected output can change if unlikely input is entered into the system.
Basically, a test case of electronic Tylenol tampering.
I really don't think any manufacturer should be held liable for malicious tampering with their product.
If I cut my head off with a skill saw by removing the safety guard and trigger lock-out mechanism and try to shave with it, is that really the saw maufacturer's problem?
To hack the cars, they needed to learn about the Controller Area Network (CAN) system, mandated as a diagnostic tool for all U.S. cars built, starting in 2008. They developed a program called CarShark that listens in on CAN traffic as it's sent about the onboard network, and then built ways to add their own network packets.
Step-by-step, they figured out how to take over computer-controlled car systems: the radio, instrument panel, engine, brakes, heating and air conditioning, and even the body controller system, used to pop the trunk, open windows, lock doors and toot the horn.
Well, that kind of rules out the necessity of having source code to determine how things function. If anything, this shows absolute proof that the system, at least in the car they tested, can be understood functionally without source code availability.
And, the CAN mandate once again demonstrates the saying "The road to hell is paved with good intentions". A device designed for the common good is transformed into a "hacker" gateway.
It also gives the manufacturers another significant legal excuse to keep their source code confidental. Don't want to make it any easier for the hackers...
It is an interesting, if not totally surprising story, though. Certainly, it demonstrates the value of locking one's car doors while it is unattended.
Like every technology, there are good, and bad, uses of it.
Get ready to pay an annual anti-virus fee to Symantic for your car! Terminator 3 has arrived!
I don't have to show proof of anything about Toyota or UA to know how simple ICs and processors behave when they crash. It's an entirely reasonable conclusion on my part to suspect a computer freeze or crash given the accounts of it not being repeatable once the car's ignition has been cycled or it has been restarted. This is entirely consistent with rebooting embedded and simple electronic devices after a crash.
How often has your cell phone crashed? Your car stereo when it hits a bad CD? What about your computer? What is the "cure" 99% of the time?
The best example and why it's a good theory, is your browser you are using to read this. Does it crash? Quite often. Does it crash in exactly the same way? In what ways does it crash? I can give you a short list, but it's really not necessary. Everyone here knows the answers - it's unpredictable and not always the same - sometimes it hangs, sometimes, it runs slow, sometimes it freezes for 4-5 seconds, and sometimes is bricks the entire OS along with it. Sometimes running the same code on it doesn't crash it, and sometimes doing nothing seems to crash it as well.
But reboot the machine or restart your session and it works again. Absent a crash log, you never would know that it had ever crashed before once it restarts.(or unless the thing is designed to notice and tell you the fact/restore the sessions/etc)
We don't have access to the code and the entire system is controlled BY this code. Since we haven't found any simple sensor malfunctions to date, this leaves the code and nothing else as a possible culprit. Toyota won't cough it up, so of course we are right to suspect a corporate cover-up.
Doubly so since they appear to have altered recent vehicle codes to have the brake override the accelerator at all times. Why the software "fix" if it wasn't a software problem?
I believe this is an admission of a software glitch which they are aware of.
My post 697
I think we arrived at the same conclusion for the same reason.
Toyota made software changes.
I was poo- pooed because some thought it was to keep you from hitting both pedals at once.
I use my right foot for both accelerator and for the brake. I don't think that is out of the ordinary.
The accelerator on my Camry is below the level of the brake. Again, I think this is typical of most cars with automatic transmissions.
I am more likely to hit the higher brake trying to hit the lower accelerator, than vice versa.
So hitting both pedals at once is extremely unlikely for most drivers. I think this a safety feature to keep drivers from hitting both pedals at once.
Surely Toyota engineers did this on purpose. Then they make a software change.
It had to be to fix a software problem.
A: The dirt and water will leave clear evidence. By analysis of the dirt and water evidence you duplicate the circumstances and record the affects, find the faulty part and fix or replace it.
It is completely unreasonable to expect an automotive engineer or car company to design a system to meet conditions that have never ocurred in the real world.
http://hackaday.com/2010/05/18/modern-car-data-systems-lack-security/
The theory has been stated thousands of times but never once with an automotive example associated with it let alone a Toyota or SUA example
Which do, personally think is the most likely cause of unintended acceleration , a software problem or a floor mat problem ?
Or more to the point, do you think Toyota is being honest or deceptive about the causes of the untended acceleration ?
I do think however that Toyota is not being as truthful as they could be. I'm certain they and other manufacturers know the cause and are extremely unlikely to tell the public for fear of crashing sales company wide.
as well what is Straytron theory" exactly?
But, all I asked was how you know this to be fact...
See, I don't have to PROVE anything.
No, you don't. It is, after all, an opinion forum.
But, if you wish to be taken seriously, then you should be able to back up your "factual sounding" claims with some real evidence. Simply making the statement that "X has this" and "Y doesn't" in no way changes reality...except, maybe in your own mind.
Your choice not to produce evidence is fine with me,
IMO, that just makes you sound like one with a grudge against Toyota.
But, hey...We all have our faults.
If any communicating network can be hacked, and the automobile has an internal network, why shouldn't it be able to be hacked?
Not long ago, there was a story on the local news about a car chase. The police were able to reference the auto vehicle ID from cross-referencing it through DMV and its tag number, and was able to get GM Onstar to disable the vehicle ignition remotely.
The thieves were astounded when they found out how they were caught.
Big Brother? Maybe.
Like any technology, it has good and potentially bad applications.
One corollary would be that the software wasn't fault tolerant since it was hackable.
It had to be to fix a software problem.
You may indeed be correct....or, not.
As cars have developed over the years, dozens of safety features have been added, well before software issues were even around. And, they were simply added as safety features, not as a "fix" to eliminate what would be called "safety liability issues". In fact, simply by not adding them could be construed as making an unsafe product.
Never discount the legal ramifications when it comes to safety issues. I say again, read the safety labels on household products around your home.
Its just as plausible that Toyota added this feature as a marketing ploy in order to make potential as well as existing customers feel better about buying a Toyota.
Personally, I wouldn't be quite so quick to jump on the "this proves it was a software problem" hayride yet.
We may see that UA events still occur beyond this "fix", which, if they do occur will clearly give support to operator error (thinking the brake is being applied when the accelerator pedal is the one depressed).
To hack the cars, they needed to learn about the Controller Area Network (CAN) system, mandated as a diagnostic tool for all U.S. cars built, starting in 2008.
Funny... The standardized requirements of the CAN port access may actually be the gateway where hackers get into the system. If that is the case, you really can't hold the manufacturer liable for complying with the laws.
As they said in Britain during WWII, regardless how much effort was applied, a bomber would always get through.
Busiris - statistically speaking driver error vs product defect what do you calaculate the odds at if you look at what is known about the whole issue? Toyota has put 40 million vehicles on the road with ETC and there are far more if you count in other manufacturers. Driver error is one of the known causes of SUA whereas faulty parts have never been proven to be associated with SUA - yet. And by SUA I mean sudden unintended acceleration that occurs without any driver input and the brakes fail at the same time such as has been claimed in the average complaint.
Something that srs49 said a couple of pages back has stayed with me over the last few days...
It was in reference to what you said above. When we hear about a few UA cases over a relatively short period of time, its natural to think there's a big problem, But, as he said, like you, one must analyze other factors, such as number of units in the field and millions of UA-free miles per "event".
I think he probably is on to something. We can't see the millions of aggregate miles or the total number of cars, but we can see every complaint.
Overall, in the grand scheme, I think the possibility of a single (or extremely few) vehicle UA(s) is probably better than zero, but does it approach 100%?
I simply don't know. And, as I said earlier in a previous comment, when does one stop testing and put the product out into the field? No product is absolutely 100% safe, all the time, in every single circumstance.
There is little doubt in my mind that in some vehicle, somewhere, made by some manufacturer, that a condition can arise that eludes the best intentions and tightest coding of software. As I said before, there is simply NO foolproof system, because no one can adequately anticipate every single change in the operating environment.
Laws of probability tell us that if one takes a million dice, and throws them enough times, eventually he will get every single one to come up with "six". Not likely on any particular roll, but it can happen. Sooner or later, somebody wins the lottery.
But, as an old stat professor taught me years ago, quite often, the simplest solution to a problemis also the best solution. And, a few points on a graph (out of millions of points) doesn't necessarily constitute a trend.
I'm sure its no comfort to anyone who has experienced vehicle UA, but in my opinion, all but a few are most likely operator error. As you discussed (I think it was you) the case regarding the woman that testified about her UA experience before Congress, someone else got the car and hasn't had a single issue in, what was it...30K miles?
What would a rational person deduce from that statistic in that particular case?
****
But, all I asked was how you know this to be fact...
Read the first ten or so pages of this forum. Analysis of the system(so far) by engineers who are intimately familiar with fail-safe systems and their applications (that posted in this thread) is that Toyota's system has a few critical faults in it that make it not pass such a test. But read it yourself if you want to.
For the record Plekto - nobody in any of the pages says they are automotive electrical engineers and that they know Toyota systems have critical faults.
Unless someone here has direct involvement with Toyota (or any make, for that matter), the best thay can do is to surmise how the vehicle's internal systems work, as well as what, if any, safeguards are present within those systems.
As for me, I don't have that experience. All I was asking for was a valid and reliable source that described that condition. It wasn't a challenge... at least, I didn't intend it to be one. I certainly don't mind someone else's different conclusions from data than mine (I doubt one would have to search very long to find someone much more intelligent on just about any matter than me).
I simply think its common courtesy to quote one's sources so that others have the chance to examine their data and arrive at some conclusion, whether they agree or disagree with the analysis. That's how we learn things....
But, in one of my first comments here, I said that every forum always has a few on it with some sort of axe to grind.
It would seem that this thread is no different.
Redundant, yes. But simple mechanical redundancy isn't the same thing as fail-safe for Hall Effect sensors. I suggest you read about the technology mentioned in response #32 and then get back to us here before going on about this any more. Oh, and as far as I know, none of the other manufacturers design theirs properly, either. It might be that they don't want to pay the patent fees to this company, or it might be that they don't deem it to be a big enough problem to spend the time and money on. Based upon the numerous cost and corner-cutting examples in a typical vehicle if you start looking at it closely, I suspect the latter.
Now, that's understandable and forgivable to a point, even. After all, it is a simple commodity item at this point and mistakes do happen. What I think is getting people upset is Toyota's response is sounding exactly like it was lifted from GM or Ford's playbook . Thee is no problem. The problem's not our fault. Now go away/blow smoke and avoid it as much as possible.
They need to admit they cut corners and design it properly. Whether it's the cause in this case or not, there needs to be a proper doubly-redundant fail-safe on the controls of a vehicle. VW (one poster mentioned his nearly 20 year old VW doing it correctly) and others have done it correctly with other sensor types, so it's not an impossible engineering problem, either. I certainly won't purchase any vehicle that doesn't have that level of protection. Even if it's not likely required, I still want it to be there.
And it turns out he's just like you - given to dogmatic statements based on someone else's stories that are completely baseless.
Here is one of his quotes as an example of the guy you used as proof;
"both the competition and the Toyota software are fundamentally defective"
Before I forget, I'd like to point out your incomplete sentence; "Toyota's response is sounding exactly like it was lifted from GM, Ford's and Audi's playbook except Audi was the only one who claimed they were innocent of unfounded accusations being leveled at it by the conspiracy theorists of the day and were proven right by independent sources years later.
Some argue electronics with the runaway Lexus in San Diego and simply refuse to include the floormat problem reported by the previous motorist in any context of their argument because it.... Doesn't fit in with their argument.
They want it to be straytrons (electronics), and desperately so.
If you look back at horrific accidents and incidents in human history, it wasn't the machinery.... It was human error.
The Titanic.
Exxon Valdez
Eastern Airlines/Everglades
Colgan Air in Buffalo, a recent one.... the list goes on and on.
Aviation is rampant with "pilot error" with specific and detailed training involved but yet we have no "driver error" in the Toyota debate?
You're joking right?
The digital age dawns and people want to start blaming the machines.... again - just like the dawn of the industrial revolution.
It's not the machine, it's the operator. Post no. 32 is mentioned as a fantastic post illustrating fail safe pursuit but yet the human was STILL able to bypass the technological block created for safety.
I stand by my original point that the modern "hyper consumer" that believes all risk is engineered out of a product is either extremely gullible or a complete idiot.
I like the term 3000 lb. bullet..... Very fitting.
No, I specifically mentioned ONLY GM and Ford because they both have had a long history of cover-ups of defects, recalls, and a total inability to come clean unless there is literally a smoking gun thrown at their feet as evidence.
I couldn't care less what Audi did in the past - I never even brought them up. Other people did, though, which has no bearing on this case.
It's not my place to provide data and resources and articles for you in this forum. Get up and do some research yourself. It's clear that none of the newer drive-by-wire systems are properly redundant. Any college engineering student can tell you that almost none of the systems in a vehicle are designed that way, in fact. (It's actually rare TO find redundancy in a vehicle outside of the brakes and a few areas where it has been mandated by law to do so)
I agree. One only need do that if they wish to be taken seriously.
Making unfounded accusations don't require any sources at all. Neither does whining and complaining.
While the poster of that response may or may not be an automotive electrical engineer, I can guarantee that he has some scientific or engineering background based upon his posts that he has had here at Edmunds so far.
Or, maybe he just stayed at a Holiday Inn Express last night.
I stand by my original point that the modern "hyper consumer" that believes all risk is engineered out of a product is either extremely gullible or a complete idiot.
Nothing is ever completely safe. But, in America, blaming something else for our shortcomings coupled with a large amount of money can make risk irrelevant.
From post #32...
The "absoluteness", or guarantee of this type configuration was demonstrated back in the 1980's when a female operator of one of Schneider-Senator's machines cut off both hands of that operator. Safety regulators shut down all machines of its type for three months while the Fail-Safe system on that machine was continuously run and challenged to default again, never, ever possibly failing. The final conclusion was the one offered first, (though it certainly was a worthwhile test regardless), that the small woman habitually reached her thin arms under the infrared light barriers to violate the safety system during automatic operation.
Once again, a once-thought-to-be-absolute-safe-system is proven to be outwitted by a human with very little effort on the human's part.
No system is absolutely 100% safe, 100% of the time, in 100% of the circumstances. In complex machinery (a car certainly qualifies in that regard), there is simply no substitute for a good understanding of the machine's functions.
I like the term 3000 lb. bullet.
Once again, I agree. Unfortunately, every state I have ever lived in requires far more to get a handgun permit that a permit to drive a 3000 lb guided bullet on wheels.
When the story about the Prius and Sykes first came out, I actually thought that finally, we had a "smoking gun". At least, until I saw a recorded interview in which he responded to the question "Why didn't you move the transmission to neutral?" and he responded "Because I thought the car might flip over...".
I can't say how others perceived that comment, but I'm pretty sure that ruined his credibility from the viewpoint in most serious investigator's eyes.
One would think that those who really do feel that they have experienced vehicle UA would be the first ones out to debunk the frauds. After all, its very much like a woman crying assault and subsequent rape, knowing full well she was consenting (here is upstate SC we have had 2 cases of that very thing over the last few months, and both females finally admitted the claim was false). Those that attempt this type fraud just make it all the more difficult to take the issue of UA as seriously as is should be taken.
No one wants to admit that they made a mistake and depressed the wrong pedal.
I wonder how many examples there are of truely unexplained UA that don't get reported, due to the "ridicule" factor.
I can't remember the last time I heard of a case where someone drove into a building/store and openly admitted it was their fault. Nope... The car did it all on its own...
That amounts to a statistical improbability.
I would love to see a valid and reliable survey showing just how many auto owners read the car's owner's manual completely.
Oh, well...
http://www.fox40.com/news/headlines/ktxl-news-jamessikesinvestigated0311,0,46776- - 51.story
It has the original 911 call as well as several others worth watching.
Just FYI.
I disagree. Almost any networked system, or product, except some of those specially designed for the military, can be hacked if one has physical access to the system.
Companies, mine included, spend millions of dollars to secure their IT systems from outside intrusions. This includes firewalls, deep packet inspection of Internet traffic, intrusion detection systems, email monitoring, web site monitoring, data encryption, along with other techniques. All these aimed at keeping the bad guys out.
But, they are totally useless against someone who has physical access to their network, through a work computer for instance. Our email system prohibits - strips out - any email attachments with a .zip extension because .zip files have been known to carry malware. But that protection is useless should someone bring in an infected .zip file on a USB drive for instance, copies it to his PC,and opens up the file.
Keep in mind that the experiment performed did not reprogram the ECU, at least I could not find any reference to that being done. The researchers just found a particular sequence of CAN messages that would fool some of the car's electronics. That really shouldn't surprise anyone.
I agree 95% - with one caveat, "good technology fits people, not the otherway around"
I said this before, but it's relevant here. Keep in mind this is strictly anecdotal.
In the upper mid west, moose are very common. One thing you almost never want to do is hit a 1000 lb+ moose while driving 50 mph on a secondary road. Far better to go off the road and take you chance with the trees or a ditch.
That being the common wisdom, nobody ever runs off the road because they were drinking, or because there were distracted on the cell phone, or because they fell asleep behind the wheel. It's always "I was avoiding a moose" :P .
I do recall another show I saw and for the life of me can't remember the title or network only the details of the show. This is what I need a little help with. This "mystery show" was a research study conducted by a university or the DOT that proved driver error in SUA. As I remember it they profiled the Audi owners and determined that most had previously owned a large American car, where mostly female, over the age of 45 etc.etc. They then advertised they were conducting research into drunk driving and asked for participants, they picked ones that matched their profile. Next, they asked them to drink a syrup, put them in an Audi with a research assistant (white jacket, clipboard). They rig the car with an underseat camera and microphone and seperate hidden accelerator/brake controls for the research assistant in the front passenger seat. They start the test by slowly driving around pylons and then the assistant secretly flips a switch and the car accelerates out of control. What they learned was approx 8 out of 10 properly stopped the car within a short period time. The other 2 had difficulty and had stepped on the gas. The 20% had always claimed when asked by the equally surprised assistant that they had stepped on the brake. The proof was in the video, all the fumble footed ones incorrectly believed strongly that they had stepped on the brake instead of the gas - but the camera and microphone didn't lie.
My question is this - has anyone else ever heard of this piece? Does anyone know where I can get a copy of it. Seems to me to be a valid piece of research but that was more than 20 years ago - If my memory is correct it would stand as a very powerful proof.
He called and told me a motor mount had failed, my engine tipped and pulled the throttle cable on full. When he called Ford for the new motor mount, he found out the parts were free. Ford knew about the problem and did a "silent" recall.
You had to experience a failure before Ford acknowledged it.
If I had not been at a stop light, the results may have been a disaster and attributed to"driver error."
That was the last Ford I will ever own.
the doors or trunk without taking the key out.
To start the car, I have to put my foot on the brake and hit the
Start/ Stop button. When I get to my destination, I have to shift to Park and push the button to turn the car off.
Now suppose I have UA and for some reason, I can't shift to neutral.; It will not permit it to be shifted to Park if moving
To turn the car of by pushing the Stop button, I have to hold it in for 3 minutes. If I am going 90 mph, that is 132 feet per second. 3 minutes at 90 is 4.5 miles. I would have to drive with one hand, while I held the button with the other.
Sounds like a sure case of driver error in the making.
Er, proof that the pedals were too close together for 20% of the population?
Dunno - maybe try Google Scholar or Dogpile. Stuff that old tends not to get indexed.
Srs_49 - saw a moose two days ago. :shades: But every time I run off the road, I blame it on a bee.
But - physical access? If I can remotely hack a computer via, say, an open wireless access point, that's not exactly physical.
Ummm... I think that's 3 seconds, not 3 minutes. Or, 3 times in rapid succession (at least, on some makes/models).
Technically, it is physical access.
If you have access, you are on the protected side of the "firewall", even if you don't have a direct wired connection.
There's no difference from hacking a computer via wired or wireless access, once one has usurped all the security measures.
Of course, not having anything but a direct wired connection gives more security than a wireless connection. No different than a system with a single wired access terminal is, in theory, safer from hacking than the same system with 100 wired access terminals.
Regardless, once I am "in the system" beyond all protective measures, the systems I can access don't care how I got there....wired, wireless or even ESP...
As for the "running off the road" story, several years ago I was with a very attractive (and VERY well endowed) lady-friend, waiting to cross the street at a high-traffic crosswalk. I kindly asked her to position herself behind me while we waited to cross. She thought I was being chivalrous....until I explained that I didn't want to be run down by some dude with his eyes glued upon her!
The two in San Diego were over a period of MINUTES and over several miles while on the phone with 9/11 where it is being recorded.
Either it is a set of hoaxes, or it would be hard to believe that multiple people would simply press the accelerator pedal down hard for several minutes in error, or even trying to pump it (without any decelleration?) mistaking it for the brake every time.
That is the big difference.
There was no recall just four separate investigations (and lots of complaints) EA87002, EA87019, EA87017, EA87054 - there is no documents on file concerning these investigations so all you get is the numbers. It would appear Ford didn't want additional complaints to NHTSA so they quietly kept complaints artificially low by filling such parts requests - no complaint or paper trail
Saylor Lexus - floor mat - no suggestion of faulty computer or other parts
Jim Sikes Prius - NHTSA, Toyota, SDPD, Congress Reps, - all reached the same conclusion - no faulty parts or systems - driver error strongly suspected. Funny how a computer code would correct itself when an unexpected police officer showed up beside you and started yelling instructions.
Correct. And, if the system jams and won't respond, how do you "reboot" it? In a newest Prius, you have two options. 1 - yank the fuses to the computer(while moving!) or literally throw the key out the window and get it out of range(there is an override when that happens to stop carjackers)
Then you have to find the computer-chip encoded one-of-a-kind key if you want to REstart your car anytime soon.
Oh, guess where the fuses are in a Prius? Under the hood. Oops. Normally, you would open a panel near the steering wheel and yank the biggest fuse(usually #1 or #2) with your fingers. But some cars put them in places like under the hood, the bottom of the foot well, or require you to un-do screws and such to get at them.
What I would do is wire up a 20 or 30 amp toggle switch to the main computer fuse and run it to underneath the dash. If you need to turn the car off, hit the switch and there you go. It also makes for a great anti-theft device. Another option, though, slower and a bit safer is to go old-school airplane/boat and have the toggle switch control the fuel pump.
*Click* "Fuel pump on... check...
Cut the fuel and your problem is solved every time. Great low-tech afternoon project as well, since anyone can do it as all it requires is a switch, 10-12ft of wire, a few fasteners, and some heat-shrink tubing.
Your source for this info is who/what exactly?
I've tried just that on an 10 Venza personally and it did nothing the car keeps running and driving.
You forgot to mention holding the start/stop button down for three seconds or longer - kind of important when passing on this information you get it correct.
Ok, I've lost the thread of this thread.
So, if a stray electron comes out of nowhere and confuses the software or firmware, does it really matter if it's a nefarious attempt to hack the system or is it just one of those hard to reproduce situations that just happens to result in a stuck throttle and inability to shift a transmission out of neutral?
For those talking about the two California cases that are either dubious or just a floor mat issue, remember that there's the Sevierville Lexus and the Colorado Prius cases plus the couple that drove off the cliff in California (don't recall the model of that car). And the other 50 odd reports that the various law firms and NHTSA say they have collected.
Maybe we should pick one and dissect it? The Sevierville case is probably the next most reported one after the Saylor case.