I can make that statement because I've tried it. You put a cinder block on a Prius gas pedal and I will stop the car completely, to a standstill, with the brakes---it might not be pretty, but it'll work. Of course, it' can't do this FOREVER---someone has to turn something off eventually. :surprise:
I find it jaw-dropping, profoundly unthinkable, and startling that the Prius system allows one computer to control brakes, ignition shut-off, neutral safety with no redundancy. I can't imagine Toyota, or any manufacturer, doing this.
Not only has Toyota attempted to replicate the "Sikes" incident, but so have many others....The US government, investigative reporters, etc.
You can easily find videos of many of these tests by doing a simple Google search.
The "believers" in Toyota UA will never be convinced of the fallacy in their belief. Each time you point out a flaw in their current argument, they simply move on to another inane example of how they think things work, never admitting the flaw in their previous argument.
Its a futile effort to get them to even admit that they might be wrong in their foregone conclusion. You and I will accept a possibility of UA, but they can't possibly accept the possibility that UA doesn't exist.
Like attempting discredit a "flim-flam" man to a true believer", it just isn't going to happen.
Living in the "Bible Belt", one sees these types of behavior often. I can't explain it, and I doubt anyone else can, either.
If only the 911 tapes from either the Sikes or Saylors event had recorded the driver saying "I am shifting the transmission to neutral now and speed is still increasing ", "I have depressed the on/off button for 10 seconds without any result", or "The driver has both feet on the brake pedal and is standing on the brakes with all of his might but speed is still increasing"....
But, we don't. And, in Sikes case, he actually refused to do what he was told to do by the 911 operator.
Again. with a Prius, or any Toyota HSD design, if both processors are fully operational and in commuication with each other, the car will NOT remain WOT with the brake pedal depressed, even lightly.
So yes, in the above case with the gas pedal fully depressed you can easily brake to a stop, full stop.
But.
Disconnect the brake light switch and the brake fluid pressure switch and you will find the brake pedal totally NON-OPERATIONAL. All that depressing the brake pedal will do is compress the spring that is used to simulate braking effort for the driver, no brake fluid pressure will reach the calipers.
That can't be. That would mean that if the key is off or the battery goes dead you can't stop the car.
What HAS happened though, and is related to what you say, is a glitch in the ABS, which will cause a slight delay in braking---in other words, the ABS system interferes in the braking--which is it, under normal conditions, allowed to do.
What is the actual difference in you're wanting evidence, solid evidence, that UA does exist, and my position that I want evidence that it doesn't exist...??
And maybe Sikes knew just enough about the HSD system that he was concerned, justifiably concerned IMO, as to how the system, already WOT and OUT OF CONTROL, would react if he attempted to use neutral.
I find it jaw-dropping, profoundly unthinkable, and startling that the Prius system allows one computer to control brakes, ignition shut-off, neutral safety with no redundancy. I can't imagine Toyota, or any manufacturer, doing this.
I'd like to hear from Toyota about that as well.
You guys don't put any sense of curiosity in to the fact that Toyota is out ahead about 3 or 4 to 1 in the SUA incident category.
I far more believe that there is a God and that there is a Satan than I believe that Toyota and Ma and Pa and apple pie are all innocent and that Toyota vehicles are blameless in the UA department. Sometimes going on faith is the only way-it's what a lot of patriotic types in this Fourth of July-vers country truly believe-that there is a divine being backing America in each and every war America engages in.
They send their sons ta death in ugly grisly wars because going on faith they truly believe the war is justified and needed. Going on faith.
What is the deal then...we've already been down the path that surely buyers of Toyota's aren't all too old and crappy drivers...it's not just buyers of Toyota's that are slamming on the accelerators instead of the brakes...etc...etc...getting or catching my drift at all. Even a bit?
So to you guys we're all a bunch of....dreamers and...backers of crappy drivers...and believers in tooth fairies and Gods above. Drifting around in our own fantasy land of doubt and narrowty.
Right. :sick:
Toyota cars are suspect and Toyota as a Corporation is not only evil...they're failing right before your faithless eyes.
It's not my funeral, boys. Not a huge deal ta me. AAMOF pass me another Snicker's and I've got ta move on to something more interesting automotively ta read here.
I would like for the people who insist UA does exist to prove it does exist. Burden of proof isn't on the skeptic because the skeptic is merely saying "okay, show me".
So my bottom line is---you (whoever "you" is) rig a Prius to accelerate under control and be completely unstoppable. If you can't, then I guess I will remain a skeptic.
Toyota isn't "hiding" anything. Toyota just doesn't know IMO.
Toyota not knowing is for more harmful than Toyota knowing---just like BP not knowing is killing them.
I would like for the people who insist UA does exist to prove it does exist. Burden of proof isn't on the skeptic because the skeptic is merely saying "okay, show me".
So my bottom line is---you (whoever "you" is) rig a Prius to accelerate under control and be completely unstoppable. If you can't, then I guess I will remain a skeptic.
Toyota isn't "hiding" anything. Toyota just doesn't know IMO.
Toyota not knowing is for more harmful than Toyota knowing---just like BP not knowing is killing them.
Ditto... Only, I would say the Prius can't be tampered with in any way, by adding or removing "unnatural" components or software. It must be just like one on a showroom floor. The only modifications allowed would be those that would simulate what might be realistically seen in the real world (defective stop lite switch, broken spring, a cut wire, etc.).
Make that one experience UA and you'll have a convert.
You guys don't put any sense of curiosity in to the fact that Toyota is out ahead about 3 or 4 to 1 in the SUA incident category.
So was Audi, back in the 1980's, but not one single incident of UA was ever proven.
I far more believe that there is a God and that there is a Satan than I believe that Toyota and Ma and Pa and apple pie are all innocent and that Toyota vehicles are blameless in the UA department. Sometimes going on faith is the only way-it's what a lot of patriotic types in this Fourth of July-vers country truly believe-that there is a divine being backing America in each and every war America engages in.
Huh???
They send their sons ta death in ugly grisly wars because going on faith they truly believe the war is justified and needed. Going on faith.
As we have seen in wars quite often, that "faith" was largely misplaced and incorrectly placed.
What is the deal then...we've already been down the path that surely buyers of Toyota's aren't all too old and crappy drivers...it's not just buyers of Toyota's that are slamming on the accelerators instead of the brakes...etc...etc...getting or catching my drift at all. Even a bit?
Not yet...Pleas enlighten us.
So to you guys we're all a bunch of....dreamers and...backers of crappy drivers...and believers in tooth fairies and Gods above. Drifting around in our own fantasy land of doubt and narrowty.
Right.
Huh?, again ...
Toyota cars are suspect and Toyota as a Corporation is not only evil...they're failing right before your faithless eyes.
I agree, in that Toyota cars ARE suspect. I can also say they need a huge improvement in their QC and PR departments.
Evil? I guess it depends how one defines evil. Toyota itself is inanimate, so can an inanimate object be either good or evil?
It's not my funeral, boys. Not a huge deal ta me. AAMOF pass me another Snicker's and I've got ta move on to something more interesting automotively ta read here.
It might be. IF a Toyota or any other make/model happens to plow into you while experiencing UA, it might well indeed be your funeral.
I would even accept RIGGING it, as long as there wasn't a manual shut-off of any system (i.e., you can't plug a hydraulic line or flip a switch that you added into a circuit).
If someone could reprogram a Prius to do that, I'd be impressed.
I'm gonna borrow a friend's Prius next week and shut it completely off while it's moving to see if the brakes work.
No, there appears to be yet another back up system that has to fail for UA with no braking. The tech literature says there's a backup Power Supply consisting of 28 capacitors independent of the 12V battery, that will supply the ECB with sufficient power for emergency braking.
So to simulate a run-away UA with no braking, we'd have to somehow defeat the capacitor system while keeping the 12V system (otherwise we'd have no ignition for UA), while defeating the neutral safety system and defeating the ignition shut-off AND engaging the cruise control to WOT.
Then, we'd have to erase all memory of these events in the car's trouble code/events system, and the car would have to return to perfectly normal operation after the incident.
So to simulate a run-away UA with no braking, we'd have to somehow defeat the capacitor system while keeping the 12V system (otherwise we'd have no ignition for UA), while defeating the neutral safety system and defeating the ignition shut-off AND engaging the cruise control to WOT.
Then, we'd have to erase all memory of these events in the car's trouble code/events system, and the car would have to return to perfectly normal operation after the incident.
So.... Doesn't that place us back into the spot where "And then a miracle happens!..."?
The tech literature says there's a backup Power Supply consisting of 28 capacitors independent of the 12V battery, that will supply the ECB with sufficient power for emergency braking.
I hadn't heard about that. But, the problem with capacitive storage systems is that they can only supply energy for so long, depending of the storage capacity of the capacitor system (how many joules can it store) and the energy drain of whatever the storage system is powering. I can discharge to zero ANY capacitive storage system, given enough time and a high enough load.
The point here is that the backup system may be designed to power the ECB for emergency braking for (say), 10 seconds, or 30 seconds. If for whatever reason, braking is required beyond that point, the system can't provide it.
I'm not saying this is what happened, just that backup power systems have their own (design) limitations also.
But, the problem with capacitive storage systems is that they can only supply energy for so long, depending of the storage capacity of the capacitor system (how many joules can it store) and the energy drain of whatever the storage system is powering. I can discharge to zero ANY capacitive storage system, given enough time and a high enough load.
The point here is that the backup system may be designed to power the ECB for emergency braking for (say), 10 seconds, or 30 seconds. If for whatever reason, braking is required beyond that point, the system can't provide it.
I'm not saying this is what happened, just that backup power systems have their own (design) limitations also.
Agreed.
No system is 100% foolproof, so systems are designed to meet the EXPECTED challenges in the environment, not simply ANY challenge.
However, I suspect at some point, this conversation is going to move back towards the Sikes incident.
And, there's little question that in that incident, brakes were indeed applied. And, there was no evidence of power loss to the braking system in that incident, either.
And, have there been any claims of "no brakes" on Prius models?
I know of only slow reaction times in braking being reported. A different animal, altogether.
There is a "delay" issue with Prius brakes caused by the ABS, about a one second hesitation or less, and that has apparently been addressed already.
True, a capacitor system is limited but it's sure good enough to bring a Prius to a complete halt with WOT, at least until one can shut the engine off or put 'er in neutral.
I think if it were a '63 Chevy, and the car went WOT (which they used to do, due to broken motor mounts), then a driver would simply shut the key off or put it in neutral---true it might rev up and destroy the engine, in the latter scenario, but that's way better than running into a brick wall.
I'm gonna borrow a friend's Prius next week and shut it completely off while it's moving to see if the brakes work.
I'll save you the time and trouble but I'll guess that your personal verification will be far more satisfying.
Long time owner of a Prius so when all this 'stuff' hit the fan I followed the suggestions over at priuschat....
I've taken my Prius up to 90+ mph... 1. ...and shifted to Neutral ( see bwilson's various posts ). The car goes into Neutral and it slows to a stop due to friction and drag. Hit the brakes and you'll eat the steering wheel. The rev-limiter protects the PSD and both MG's.
2. ...and hit the PARK button !!!!! The engine turns off but the brakes work perfectly and the car comes to a screeching halt.
3. ...and hit the REVERSE button !!!! The engine turns off but the brakes work perfectly and the car comes to a screeching halt.
3. ... shift left and up into REVERSE ( obviously there's no button ). The engine turns off but the brakes work perfectly. You'll come to a screeching halt or a controlled stop as you wish.
"The Japanese carmaker’s critics, including two scientists who testified before the committee in March, have cast doubt on Toyota’s claim that the unintended acceleration problem can be fixed by inserting a metal shim on the accelerator or by ensuring that floor mats are properly positioned to avoid jamming the accelerator.
The two scientists supporting this view have acknowledged being paid by law firms representing plaintiffs in class-action lawsuits against Toyota."
The U.S. Department of Transportation has analyzed dozens of data recorders from Toyota Motor Corp. vehicles involved in accidents blamed on sudden acceleration and found that at the time of the crashes, throttles were wide open and the brakes were not engaged, people familiar with the findings said.
The results suggest that some drivers who said their Toyota and Lexus vehicles surged out of control were mistakenly flooring the accelerator when they intended to jam on the brakes. But the findings don't exonerate Toyota from two known issues blamed for sudden acceleration in its vehicles: sticky accelerator pedals and floor mats that can trap accelerator pedals to the floor.
and Toyota is well on the way to fixing those issues, the re-shaping of the accelerator pedals and the re-designing of the floor mats. So this information, though not the final end-all in examining and fixing the SUA problem, is actually positive information in that it pins the blame squarely on the drivers of these out-of-control cars. Interesting and almost heartwarming.
"So to you guys we're all a bunch of....dreamers and...backers of crappy drivers...and believers in tooth fairies and Gods above. Drifting around in our own fantasy land of doubt and narrowty. - Right"
IT'S TIME TO MAN-UP, APOLOGIZE AND ACCEPT THE FACT YOU WERE WRONG. and yes thousands of old ladies do lie and make mistakes. Some even tried to get away with murder. And no, there was no gamma rays, sun spots, faulty computer programs, corrosion, shorts, etc. etc.
Not a surprise. If there really was a software UA issue or design flaw, the laws of probability demonstrate that it would require almost daily reports/experiences of UA, due to the number of potential events. You pointed that out well before I did.
Of course, like every other wild conspiracy theory out there, a few will say an absence of events proves nothing. Indeed, nothing will convince them.
Certainly people are entitled to their opinion on this subject, or any subject which has an unknown attached to it, but the argument ends when it drifts into conspiracy theory, because one of the basic principles of conspiracy theory is that when evidence to the contrary is presented, it is very easy to merely "widen" the conspiracy, to include the person presented the damning evidence.
Not all criticism is "conspiracy theory" by any means. There are, for instance, at least 3 plausible theories as to why dinosaurs went extinct, and at this point, any of the 3 might turn out to be true.
But the point is that each of the 3 theories is quite plausible, and each presents hard evidence (open to interpretation, but "hard" nonetheless).
Certainly people are entitled to their opinion on this subject, or any subject which has an unknown attached to it, but the argument ends when it drifts into conspiracy theory, because one of the basic principles of conspiracy theory is that when evidence to the contrary is presented, it is very easy to merely "widen" the conspiracy, to include the person presented the damning evidence.
Not all criticism is "conspiracy theory" by any means. There are, for instance, at least 3 plausible theories as to why dinosaurs went extinct, and at this point, any of the 3 might turn out to be true.
But the point is that each of the 3 theories is quite plausible, and each presents hard evidence (open to interpretation, but "hard" nonetheless).
Agreed. And, in the case of dinosaurs, there is proof that they DID exist, in fossils found around the world. And, I'm open to any plausable idea...one based upon real world possibilities.
So far, that kind of evidence seems to be lacking in Toyota UA, other than the floor mat & pedal design-construction issues.
That's always the problem with anecdotal evidence. The person presenting it really believes it, but has no way to prove it other than saying "I think it happened this way".
Yes, someone sees a bright light in the sky. Is it a UFO? Lightning? A plane? All we know is that something happened and was observed....but how *accurately* is the question.
if it's not the faulty accelerator pedals, nor the faulty floor mats, then, since no automotive engineer from Toyota (or bought and paid for by Toyota) can prove that the ECU is or has even the slightest propensity to go nut-so, then it must not be the drive control software, in any manner or way.
Right. Listen to yourselves. You've Perry-Automotive-Mason-ed away Toyota in your own private court(s) and absolved them (Toyota) of any or all responsibilities in this huge safety issue. Any type of software that controls acceleration or braking in any way is now considered by Toyota supporters and lovers as being free of fault or defect. You want it to be, but car nuts, it is just not. It's not over.
As long as there's swinging doors to this bar leading to the free world of thinking outside, there's still an unresolved Toyota problem here. And I think that you really know there is, too, but, perhaps you've bought and are either paying for a Toyota product or you've paid cash fully-completely for a Toyota product and it's a huge embarrassment for you to admit you've bought damaged (or, to be fair, potentially damaged) goods. Very expensive goods...goods that we expect bugs like this software bug or faulty electrical switch that might take an electrical signal and carry it somewhere else, or whatever it is that is going wrong inside Toyota acceleration engineering design, to free of fault and work safely when they're out there sitting on the lot waiting to be purchased.
Remember, car nuts, Toyota sells more cars that go bonkers and suddenly accelerate out of control with a mind of their own by a 4 ta 1 margin industry-wide. This live ongoing problem is one reason that Toyota is imploding un-to themselves and are not the safe worldwide car producer any longer. To believe that would be contrary to the laws of physics and common sense and financial good sense. Lots of very big and very large problems going on at your Toyota of today, fellow car nuts.
The problem is how that crash data was recorded. I'm quite sure the ECU didn't think the brake pedal was depressed. But that is the whole point. You are taking the same complex software system as if it cannot ever make errors in reading, interpreting, or recording.
I've asked if a metallurgist could examine the actual brake surfaces to see if they reached a high temperature or other signs of heavy pressure before the crash. No one has taken me up on that. If they weren't on those same cars then I would completely agree with "driver error".
But I think some here would take a video of a car with glowing rotors and smoke coming out of the wheel wells and say they couldn't be pressing the brake because the ECU said it didn't see the brake being depressed.
No, I don't trust ECUs that I haven't examined the source or design since I don't know what it actually does including what it is recording. I doubt they have 10 seconds with every bus message saved.
Conversely, does anyone have access to the raw data from the ECUs showing the brake and WOT? What was the engine RPM, load, gear, and the rest of the parameters? That too could convince me if the raw data as a whole is consistent with driver error.
The deal-breaker for me was that after these "defective" cars accelerated wildly out of control, they then revert back to impeccable behavior, and despite rigorous re-testing, never does this again for anyone else, nor leaves any evidence that it did it in the first place.
Just like a million personal computer crashes every day.
The big difference in this example is that those same computers usually continue crashing time and time again.
While I have certainly had my share of computer issues, I have NEVER had a system crash once for no identify-able reason and then never crash again. Once it started, it usually continued until the problem was identified and rectified.
I've previously discussed the Therac-25 issue on this very thread. The problems were reproduced several times. Unfortunately, several deaths were related to these machines.
Root causes A commission has concluded [1] that the primary reason should be attributed to the bad software design and development practices, and not explicitly to several coding errors that were found. In particular, the software was designed so that it was relatively impossible to test it in a clean automated way.
Researchers who investigated the accidents found several contributing causes. These included the following institutional causes:
AECL did not have the software code independently reviewed. AECL did not consider the design of the software during its assessment of how the machine might produce the desired results and what failure modes existed. These form parts of the general techniques known as reliability modeling and risk management. The system noticed that something was wrong and halted the X-ray beam, but merely displayed the word "MALFUNCTION" followed by a number from 1 to 64. The user manual did not explain or even address the error codes, so the operator pressed the P key to override the warning and proceed anyway. AECL personnel, as well as machine operators, initially did not believe complaints. This was likely due to overconfidence.[4] AECL had never tested the Therac-25 with the combination of software and hardware until it was assembled at the hospital. The researchers also found several engineering issues:
The failure only occurred when a particular nonstandard sequence of keystrokes was entered on the VT-100 terminal which controlled the PDP-11 computer: an "X" to (erroneously) select 25MV photon mode followed by "cursor up", "E" to (correctly) select 25 MeV Electron mode, then "Enter", all within eight seconds.[1] This sequence of keystrokes was improbable, and so the problem did not occur very often and went unnoticed for a long time.[3] The design did not have any hardware interlocks to prevent the electron-beam from operating in its high-energy mode without the target in place. The engineer had reused software from older models. These models had hardware interlocks that masked their software defects. Those hardware safeties had no way of reporting that they had been triggered, so there was no indication of the existence of faulty software commands. The hardware provided no way for the software to verify that sensors were working correctly (see open-loop controller). The table-position system was the first implicated in Therac-25's failures; the manufacturer revised it with redundant switches to cross-check their operation. The equipment control task did not properly synchronize with the operator interface task, so that race conditions occurred if the operator changed the setup too quickly. This was missed during testing, since it took some practice before operators were able to work quickly enough for the problem to occur. The software set a flag variable by incrementing it. Occasionally an arithmetic overflow occurred, causing the software to bypass safety checks. The software was written in assembly language that might require more attention for testing and good design. However the choice of language by itself is not listed as a primary cause in the report. The machine also used its own operating system.
And, your reference to Heisenbugs is a reference to a symptom, not an specific issue. Given enough samples, these bugs are almost always found.
As srs49 and I have stated, there have been literally billions of event possibilities for UA to occur in a vehicle such as the Toyota models being reviewed. Anytime the car in running and in gear, it has the potential for UA...As soon as its in gear, and the entire time its in gear, until its taken out of gear.
Funny...next to no reports if US in standard shift models, only automatics.
What does that tell you?
How many billion s of times do you think the Therac-25 was in use before they isolated the problem?
So, relatively impossible to test it in a clean automated way, personnel did not believe complaints, no way for the software to verify that sensors were working correctly, never tested until assembled. Sounds rather familiar.
So, relatively impossible to test it in a clean automated way, personnel did not believe complaints, no way for the software to verify that sensors were working correctly, never tested until assembled. Sounds rather familiar.
Only to the uninformed. And, if you don't see the differences between automobile manufacturing and how the Therac-25 was manufactured, then you meet the criteria of being truly uninformed.
I have never seen ANY auto assembeled at the dealer's showroom. Most arrive in that condition.
The real irony is how people in general think about probabilities. As an example...
As only about 3 percent of Salmonella cases are officially reported nationwide, and many milder cases are never diagnosed, the true incidence is undoubtedly much higher (Mead, 1999). The CDC estimates that 1.4 million cases occur annually (CDC, 2005, October 13). Approximately 600 deaths are caused by Salmonella infections in the U.S. every year, accounting for 31 percent of all food-related deaths (CDC, 2005, October 13; MMWR Weekly, 2001).
Less than 100 deaths have even been POSSIBLY linked to Toyota UA since 2002.
One is far more likely to expire from the undercooked hamburger at the fast food joint than from UA on the way there and back. And, for the most part, Salmonella infections are almost 100% preventable in food related infections.
In other news, "the final bill expected to emerge from Congress does delineate standards that govern the design of pushbutton ignition systems that eliminate traditional keys, the layout of automatic transmission shift gates and calls for the inclusion of an override system to cut engine power in the event both the accelerator and brakes are applied simultaneously."
It appears the source of the WSJ story is none other than Toyota itself. NHTSA is saying they still have months of work to do and have NOT come to any conclusions yet.
Links were great to Academy of Sciences meeting. Sure wish something more than speaker discussion overheads were available. Really looking for actual full transcript for each speaker.
Did refind this info and had forgotten about this. Clarence Ditlow's Testimony - info in document. I hope this is not still going on. -----. This example was caught. Others?
"The single best example of a NHTSA private meeting occurred in the Chrysler minivan liftgate investigation. In September 1993 a young girl in Virginia was killed when the rear liftgate latch failed on her family's Dodge Caravan, the liftgate opened and she was ejected from the rear. NHTSA opened a Preliminary Evaluation which got upgraded to a Engineering Analysis in January 1994. By October 1994 30 children had died, and many more had been permanently injured due to the minivan liftgate latch and seat system safety defects, which were well-known inside Chrysler. Paul Sheridan, the head of Chrysler’s Minivan Safety Leadership Team had already made several major presentations to upper Chrysler management recommending that the minivan be recalled and the safety defects be repaired at no charge to minivan families. On November 17, 1994, NHTSA held a private meeting with Chrysler at which NHTSA showed Chrysler its low speed crash tests showing the tailgate popping open and child dummies flying out. NHTSA told Chrysler “The latch failure is a safety defect that involves children.” Yet at that meeting NHTSA agreed not only to drop its request for a safety recall but also to deny any FOIA requests for the crash tests predicting it would be months before the tests could be pried loose. Yet there is nothing in the public investigatory about the agreement. Instead it was revealed in the attached internal Chrysler memo produced in discovery in a lawsuit and released from protective order when the case went to trial. These meetings are not about data submissions by manufacturers. They are about secret deals to close investigations without recalls that ultimately result in deaths and injuries to consumers.
To correct this, we recommend adding a section “o” to 30166 reading:
(o) Records of Meetings in Investigations. – If a manufacturer meets with representatives of the Secretary of Transportation during or in the course of an investigation, the Secretary shall keep public minutes of the meetings including records of any presentations or evidence presented by either the Secretary or the manufacturer. Any information provided to the Secretary pursuant to this subsection shall be disclosed publicly unless exempt from disclosure under section 552(b) of title 5.’’ Whistleblower Protection:
The Chrysler minivan investigation demonstrates the strong need to provide whistleblower protections for employees working in the auto and related industries who blow the whistle to NHTSA.
Paul Sheridan who is here today tried to get Chrysler to recall the minivans and fix not only the liftgate latch but also the seat back structure. Chrysler responded by disbanding Sheridan’s Safety Leadership Team. At this point Sheridan announced his intention to report his safety defect concerns, to NHTSA. Alarmed by Mr. Sheridan’s intention, Chrysler waited until the Christmas holidays to raid Mr. Sheridan’s office files, fired him without notice and obtained an ex parte “muzzle order” which threatened him with arrest if he disclosed what he knew about Chrysler safety defects. Undaunted Mr. Sheridan provided his sworn testimony to NHTSA. In an effort to intimidate him Chrysler then amended their Michigan lawsuit against him, alleging “damages” totaling $82,000,000. This amount stands as an all-time record claimed against a former employee. Chrysler unilaterally dropped its lawsuit in exchange for the court dismissing Mr. Sheridan’s state whistleblower claims but needless to say Mr. Sheridan suffered untold sums in legal expenses and personal trauma."
Below are the links where you can find Mr Ditlow's full testimony for more detail. Also provided link to the court document attachment he provided as evidence.
Comments
I find it jaw-dropping, profoundly unthinkable, and startling that the Prius system allows one computer to control brakes, ignition shut-off, neutral safety with no redundancy. I can't imagine Toyota, or any manufacturer, doing this.
I'd like to hear from Toyota about that as well.
You can easily find videos of many of these tests by doing a simple Google search.
The "believers" in Toyota UA will never be convinced of the fallacy in their belief. Each time you point out a flaw in their current argument, they simply move on to another inane example of how they think things work, never admitting the flaw in their previous argument.
Its a futile effort to get them to even admit that they might be wrong in their foregone conclusion. You and I will accept a possibility of UA, but they can't possibly accept the possibility that UA doesn't exist.
Like attempting discredit a "flim-flam" man to a true believer", it just isn't going to happen.
Living in the "Bible Belt", one sees these types of behavior often. I can't explain it, and I doubt anyone else can, either.
If only the 911 tapes from either the Sikes or Saylors event had recorded the driver saying "I am shifting the transmission to neutral now and speed is still increasing ", "I have depressed the on/off button for 10 seconds without any result", or "The driver has both feet on the brake pedal and is standing on the brakes with all of his might but speed is still increasing"....
But, we don't. And, in Sikes case, he actually refused to do what he was told to do by the 911 operator.
So yes, in the above case with the gas pedal fully depressed you can easily brake to a stop, full stop.
But.
Disconnect the brake light switch and the brake fluid pressure switch and you will find the brake pedal totally NON-OPERATIONAL. All that depressing the brake pedal will do is compress the spring that is used to simulate braking effort for the driver, no brake fluid pressure will reach the calipers.
What HAS happened though, and is related to what you say, is a glitch in the ABS, which will cause a slight delay in braking---in other words, the ABS system interferes in the braking--which is it, under normal conditions, allowed to do.
And maybe Sikes knew just enough about the HSD system that he was concerned, justifiably concerned IMO, as to how the system, already WOT and OUT OF CONTROL, would react if he attempted to use neutral.
I'd like to hear from Toyota about that as well.
You guys don't put any sense of curiosity in to the fact that Toyota is out ahead about 3 or 4 to 1 in the SUA incident category.
I far more believe that there is a God and that there is a Satan than I believe that Toyota and Ma and Pa and apple pie are all innocent and that Toyota vehicles are blameless in the UA department. Sometimes going on faith is the only way-it's what a lot of patriotic types in this Fourth of July-vers country truly believe-that there is a divine being backing America in each and every war America engages in.
They send their sons ta death in ugly grisly wars because going on faith they truly believe the war is justified and needed. Going on faith.
What is the deal then...we've already been down the path that surely buyers of Toyota's aren't all too old and crappy drivers...it's not just buyers of Toyota's that are slamming on the accelerators instead of the brakes...etc...etc...getting or catching my drift at all. Even a bit?
So to you guys we're all a bunch of....dreamers and...backers of crappy drivers...and believers in tooth fairies and Gods above. Drifting around in our own fantasy land of doubt and narrowty.
Right. :sick:
Toyota cars are suspect and Toyota as a Corporation is not only evil...they're failing right before your faithless eyes.
It's not my funeral, boys. Not a huge deal ta me. AAMOF pass me another Snicker's and I've got ta move on to something more interesting automotively ta read here.
2021 Kia Soul LX 6-speed stick
I would like for the people who insist UA does exist to prove it does exist. Burden of proof isn't on the skeptic because the skeptic is merely saying "okay, show me".
So my bottom line is---you (whoever "you" is) rig a Prius to accelerate under control and be completely unstoppable. If you can't, then I guess I will remain a skeptic.
Toyota isn't "hiding" anything. Toyota just doesn't know IMO.
Toyota not knowing is for more harmful than Toyota knowing---just like BP not knowing is killing them.
I would like for the people who insist UA does exist to prove it does exist. Burden of proof isn't on the skeptic because the skeptic is merely saying "okay, show me".
So my bottom line is---you (whoever "you" is) rig a Prius to accelerate under control and be completely unstoppable. If you can't, then I guess I will remain a skeptic.
Toyota isn't "hiding" anything. Toyota just doesn't know IMO.
Toyota not knowing is for more harmful than Toyota knowing---just like BP not knowing is killing them.
Ditto... Only, I would say the Prius can't be tampered with in any way, by adding or removing "unnatural" components or software. It must be just like one on a showroom floor. The only modifications allowed would be those that would simulate what might be realistically seen in the real world (defective stop lite switch, broken spring, a cut wire, etc.).
Make that one experience UA and you'll have a convert.
So was Audi, back in the 1980's, but not one single incident of UA was ever proven.
I far more believe that there is a God and that there is a Satan than I believe that Toyota and Ma and Pa and apple pie are all innocent and that Toyota vehicles are blameless in the UA department. Sometimes going on faith is the only way-it's what a lot of patriotic types in this Fourth of July-vers country truly believe-that there is a divine being backing America in each and every war America engages in.
Huh???
They send their sons ta death in ugly grisly wars because going on faith they truly believe the war is justified and needed. Going on faith.
As we have seen in wars quite often, that "faith" was largely misplaced and incorrectly placed.
What is the deal then...we've already been down the path that surely buyers of Toyota's aren't all too old and crappy drivers...it's not just buyers of Toyota's that are slamming on the accelerators instead of the brakes...etc...etc...getting or catching my drift at all. Even a bit?
Not yet...Pleas enlighten us.
So to you guys we're all a bunch of....dreamers and...backers of crappy drivers...and believers in tooth fairies and Gods above. Drifting around in our own fantasy land of doubt and narrowty.
Right.
Huh?, again ...
Toyota cars are suspect and Toyota as a Corporation is not only evil...they're failing right before your faithless eyes.
I agree, in that Toyota cars ARE suspect. I can also say they need a huge improvement in their QC and PR departments.
Evil? I guess it depends how one defines evil. Toyota itself is inanimate, so can an inanimate object be either good or evil?
It's not my funeral, boys. Not a huge deal ta me. AAMOF pass me another Snicker's and I've got ta move on to something more interesting automotively ta read here.
It might be. IF a Toyota or any other make/model happens to plow into you while experiencing UA, it might well indeed be your funeral.
See ya around....
If someone could reprogram a Prius to do that, I'd be impressed.
I'm gonna borrow a friend's Prius next week and shut it completely off while it's moving to see if the brakes work.
Are you taking bets?
Put me down for $100 on "yes, they still work".
Never happen, those computers NEVER sleep...
If they did PB start wouldn't work.
unplug the battery, maybe...
So to simulate a run-away UA with no braking, we'd have to somehow defeat the capacitor system while keeping the 12V system (otherwise we'd have no ignition for UA), while defeating the neutral safety system and defeating the ignition shut-off AND engaging the cruise control to WOT.
Then, we'd have to erase all memory of these events in the car's trouble code/events system, and the car would have to return to perfectly normal operation after the incident.
Then, we'd have to erase all memory of these events in the car's trouble code/events system, and the car would have to return to perfectly normal operation after the incident.
So.... Doesn't that place us back into the spot where "And then a miracle happens!..."?
I hadn't heard about that. But, the problem with capacitive storage systems is that they can only supply energy for so long, depending of the storage capacity of the capacitor system (how many joules can it store) and the energy drain of whatever the storage system is powering. I can discharge to zero ANY capacitive storage system, given enough time and a high enough load.
The point here is that the backup system may be designed to power the ECB for emergency braking for (say), 10 seconds, or 30 seconds. If for whatever reason, braking is required beyond that point, the system can't provide it.
I'm not saying this is what happened, just that backup power systems have their own (design) limitations also.
The point here is that the backup system may be designed to power the ECB for emergency braking for (say), 10 seconds, or 30 seconds. If for whatever reason, braking is required beyond that point, the system can't provide it.
I'm not saying this is what happened, just that backup power systems have their own (design) limitations also.
Agreed.
No system is 100% foolproof, so systems are designed to meet the EXPECTED challenges in the environment, not simply ANY challenge.
However, I suspect at some point, this conversation is going to move back towards the Sikes incident.
And, there's little question that in that incident, brakes were indeed applied. And, there was no evidence of power loss to the braking system in that incident, either.
And, have there been any claims of "no brakes" on Prius models?
I know of only slow reaction times in braking being reported. A different animal, altogether.
True, a capacitor system is limited but it's sure good enough to bring a Prius to a complete halt with WOT, at least until one can shut the engine off or put 'er in neutral.
I think if it were a '63 Chevy, and the car went WOT (which they used to do, due to broken motor mounts), then a driver would simply shut the key off or put it in neutral---true it might rev up and destroy the engine, in the latter scenario, but that's way better than running into a brick wall.
I'll save you the time and trouble but I'll guess that your personal verification will be far more satisfying.
Long time owner of a Prius so when all this 'stuff' hit the fan I followed the suggestions over at priuschat....
I've taken my Prius up to 90+ mph...
1. ...and shifted to Neutral ( see bwilson's various posts ). The car goes into Neutral and it slows to a stop due to friction and drag. Hit the brakes and you'll eat the steering wheel. The rev-limiter protects the PSD and both MG's.
2. ...and hit the PARK button !!!!! The engine turns off but the brakes work perfectly and the car comes to a screeching halt.
3. ...and hit the REVERSE button !!!! The engine turns off but the brakes work perfectly and the car comes to a screeching halt.
Have fun.
3. ... shift left and up into REVERSE ( obviously there's no button ). The engine turns off but the brakes work perfectly. You'll come to a screeching halt or a controlled stop as you wish.
Or some other anomalous driver behavior that did not occur to the firmware specifiers to protect against.
The two scientists supporting this view have acknowledged being paid by law firms representing plaintiffs in class-action lawsuits against Toyota."
The U.S. Department of Transportation has analyzed dozens of data recorders from Toyota Motor Corp. vehicles involved in accidents blamed on sudden acceleration and found that at the time of the crashes, throttles were wide open and the brakes were not engaged, people familiar with the findings said.
The results suggest that some drivers who said their Toyota and Lexus vehicles surged out of control were mistakenly flooring the accelerator when they intended to jam on the brakes. But the findings don't exonerate Toyota from two known issues blamed for sudden acceleration in its vehicles: sticky accelerator pedals and floor mats that can trap accelerator pedals to the floor.
WSJ Article
2021 Kia Soul LX 6-speed stick
"So to you guys we're all a bunch of....dreamers and...backers of crappy drivers...and believers in tooth fairies and Gods above. Drifting around in our own fantasy land of doubt and narrowty. - Right"
IT'S TIME TO MAN-UP, APOLOGIZE AND ACCEPT THE FACT YOU WERE WRONG.
and yes thousands of old ladies do lie and make mistakes. Some even tried to get away with murder. And no, there was no gamma rays, sun spots, faulty computer programs, corrosion, shorts, etc. etc.
Of course, like every other wild conspiracy theory out there, a few will say an absence of events proves nothing. Indeed, nothing will convince them.
Not all criticism is "conspiracy theory" by any means. There are, for instance, at least 3 plausible theories as to why dinosaurs went extinct, and at this point, any of the 3 might turn out to be true.
But the point is that each of the 3 theories is quite plausible, and each presents hard evidence (open to interpretation, but "hard" nonetheless).
Not all criticism is "conspiracy theory" by any means. There are, for instance, at least 3 plausible theories as to why dinosaurs went extinct, and at this point, any of the 3 might turn out to be true.
But the point is that each of the 3 theories is quite plausible, and each presents hard evidence (open to interpretation, but "hard" nonetheless).
Agreed. And, in the case of dinosaurs, there is proof that they DID exist, in fossils found around the world. And, I'm open to any plausable idea...one based upon real world possibilities.
So far, that kind of evidence seems to be lacking in Toyota UA, other than the floor mat & pedal design-construction issues.
Yes, someone sees a bright light in the sky. Is it a UFO? Lightning? A plane? All we know is that something happened and was observed....but how *accurately* is the question.
Right. Listen to yourselves. You've Perry-Automotive-Mason-ed away Toyota in your own private court(s) and absolved them (Toyota) of any or all responsibilities in this huge safety issue. Any type of software that controls acceleration or braking in any way is now considered by Toyota supporters and lovers as being free of fault or defect. You want it to be, but car nuts, it is just not. It's not over.
As long as there's swinging doors to this bar leading to the free world of thinking outside, there's still an unresolved Toyota problem here. And I think that you really know there is, too, but, perhaps you've bought and are either paying for a Toyota product or you've paid cash fully-completely for a Toyota product and it's a huge embarrassment for you to admit you've bought damaged (or, to be fair, potentially damaged) goods. Very expensive goods...goods that we expect bugs like this software bug or faulty electrical switch that might take an electrical signal and carry it somewhere else, or whatever it is that is going wrong inside Toyota acceleration engineering design, to free of fault and work safely when they're out there sitting on the lot waiting to be purchased.
Remember, car nuts, Toyota sells more cars that go bonkers and suddenly accelerate out of control with a mind of their own by a 4 ta 1 margin industry-wide. This live ongoing problem is one reason that Toyota is imploding un-to themselves and are not the safe worldwide car producer any longer. To believe that would be contrary to the laws of physics and common sense and financial good sense. Lots of very big and very large problems going on at your Toyota of today, fellow car nuts.
2021 Kia Soul LX 6-speed stick
No proof, no deal.
If not, then can I guess mkriley @ post #45 should win it.
I've asked if a metallurgist could examine the actual brake surfaces to see if they reached a high temperature or other signs of heavy pressure before the crash. No one has taken me up on that. If they weren't on those same cars then I would completely agree with "driver error".
But I think some here would take a video of a car with glowing rotors and smoke coming out of the wheel wells and say they couldn't be pressing the brake because the ECU said it didn't see the brake being depressed.
No, I don't trust ECUs that I haven't examined the source or design since I don't know what it actually does including what it is recording. I doubt they have 10 seconds with every bus message saved.
Conversely, does anyone have access to the raw data from the ECUs showing the brake and WOT? What was the engine RPM, load, gear, and the rest of the parameters? That too could convince me if the raw data as a whole is consistent with driver error.
There doesn't seem to be nearly as much critical thinking going on regarding UA as there is criticism...
Remarkable. :surprise:
A blue screen of death in a car really could be deadly though.
There is a highly respected scientific journal devoted to irreproducible results. Check the favorites link.
The big difference in this example is that those same computers usually continue crashing time and time again.
While I have certainly had my share of computer issues, I have NEVER had a system crash once for no identify-able reason and then never crash again. Once it started, it usually continued until the problem was identified and rectified.
From...http://en.wikipedia.org/wiki/Therac-25
Root causes
A commission has concluded [1] that the primary reason should be attributed to the bad software design and development practices, and not explicitly to several coding errors that were found. In particular, the software was designed so that it was relatively impossible to test it in a clean automated way.
Researchers who investigated the accidents found several contributing causes. These included the following institutional causes:
AECL did not have the software code independently reviewed.
AECL did not consider the design of the software during its assessment of how the machine might produce the desired results and what failure modes existed. These form parts of the general techniques known as reliability modeling and risk management.
The system noticed that something was wrong and halted the X-ray beam, but merely displayed the word "MALFUNCTION" followed by a number from 1 to 64. The user manual did not explain or even address the error codes, so the operator pressed the P key to override the warning and proceed anyway.
AECL personnel, as well as machine operators, initially did not believe complaints. This was likely due to overconfidence.[4]
AECL had never tested the Therac-25 with the combination of software and hardware until it was assembled at the hospital.
The researchers also found several engineering issues:
The failure only occurred when a particular nonstandard sequence of keystrokes was entered on the VT-100 terminal which controlled the PDP-11 computer: an "X" to (erroneously) select 25MV photon mode followed by "cursor up", "E" to (correctly) select 25 MeV Electron mode, then "Enter", all within eight seconds.[1] This sequence of keystrokes was improbable, and so the problem did not occur very often and went unnoticed for a long time.[3]
The design did not have any hardware interlocks to prevent the electron-beam from operating in its high-energy mode without the target in place.
The engineer had reused software from older models. These models had hardware interlocks that masked their software defects. Those hardware safeties had no way of reporting that they had been triggered, so there was no indication of the existence of faulty software commands.
The hardware provided no way for the software to verify that sensors were working correctly (see open-loop controller). The table-position system was the first implicated in Therac-25's failures; the manufacturer revised it with redundant switches to cross-check their operation.
The equipment control task did not properly synchronize with the operator interface task, so that race conditions occurred if the operator changed the setup too quickly. This was missed during testing, since it took some practice before operators were able to work quickly enough for the problem to occur.
The software set a flag variable by incrementing it. Occasionally an arithmetic overflow occurred, causing the software to bypass safety checks.
The software was written in assembly language that might require more attention for testing and good design. However the choice of language by itself is not listed as a primary cause in the report. The machine also used its own operating system.
And, your reference to Heisenbugs is a reference to a symptom, not an specific issue. Given enough samples, these bugs are almost always found.
As srs49 and I have stated, there have been literally billions of event possibilities for UA to occur in a vehicle such as the Toyota models being reviewed. Anytime the car in running and in gear, it has the potential for UA...As soon as its in gear, and the entire time its in gear, until its taken out of gear.
Funny...next to no reports if US in standard shift models, only automatics.
What does that tell you?
How many billion s of times do you think the Therac-25 was in use before they isolated the problem?
Only to the uninformed. And, if you don't see the differences between automobile manufacturing and how the Therac-25 was manufactured, then you meet the criteria of being truly uninformed.
I have never seen ANY auto assembeled at the dealer's showroom. Most arrive in that condition.
The real irony is how people in general think about probabilities. As an example...
As only about 3 percent of Salmonella cases are officially reported nationwide, and many milder cases are never diagnosed, the true incidence is undoubtedly much higher (Mead, 1999). The CDC estimates that 1.4 million cases occur annually (CDC, 2005, October 13). Approximately 600 deaths are caused by Salmonella infections in the U.S. every year, accounting for 31 percent of all food-related deaths (CDC, 2005, October 13; MMWR Weekly, 2001).
Less than 100 deaths have even been POSSIBLY linked to Toyota UA since 2002.
One is far more likely to expire from the undercooked hamburger at the fast food joint than from UA on the way there and back. And, for the most part, Salmonella infections are almost 100% preventable in food related infections.
In other news, "the final bill expected to emerge from Congress does delineate standards that govern the design of pushbutton ignition systems that eliminate traditional keys, the layout of automatic transmission shift gates and calls for the inclusion of an override system to cut engine power in the event both the accelerator and brakes are applied simultaneously."
Automakers, Dealers Get Good Deals in D.C. (AutoObserver)
Let's wait for their official report.
http://www.youtube.com/watch?v=m85C86VGlVE
Think NHTSA wasn't talking about the results already? guess again - check this out
http://www.trb.org/main/uastudy.aspx
http://www.trb.org/main/uastudy.aspx
Well... That's certainly awkward, isn't it?
Did refind this info and had forgotten about this. Clarence Ditlow's Testimony - info in document. I hope this is not still going on. -----. This example was caught. Others?
"The single best example of a NHTSA private meeting occurred in the Chrysler minivan liftgate investigation. In September 1993 a young girl in Virginia was killed when the rear liftgate latch failed on her family's Dodge Caravan, the liftgate opened and she was ejected from the rear. NHTSA opened a Preliminary Evaluation which got upgraded to a Engineering Analysis in January 1994. By October 1994 30 children had died, and many more had been permanently injured due to
the minivan liftgate latch and seat system safety defects, which were well-known inside Chrysler. Paul Sheridan, the head of Chrysler’s Minivan Safety Leadership Team had already made several
major presentations to upper Chrysler management recommending that the minivan be recalled and the safety defects be repaired at no charge to minivan families. On November 17, 1994, NHTSA
held a private meeting with Chrysler at which NHTSA showed Chrysler its low speed crash tests showing the tailgate popping open and child dummies flying out. NHTSA told Chrysler “The latch
failure is a safety defect that involves children.” Yet at that meeting NHTSA agreed not only to drop its request for a safety recall but also to deny any FOIA requests for the crash tests predicting it would be months before the tests could be pried loose. Yet there is nothing in the public investigatory about the agreement. Instead it was revealed in the attached internal Chrysler memo produced in discovery in a lawsuit and released from protective order when the case went to trial.
These meetings are not about data submissions by manufacturers. They are about secret deals to close investigations without recalls that ultimately result in deaths and injuries to consumers.
To correct this, we recommend adding a section “o” to 30166 reading:
(o) Records of Meetings in Investigations. – If a manufacturer meets with representatives of the Secretary of Transportation during or in the course of an investigation, the Secretary shall keep public minutes of the meetings including records of any presentations or evidence presented by either the Secretary or the manufacturer. Any information
provided to the Secretary pursuant to this subsection shall be disclosed publicly unless exempt from disclosure under section 552(b) of title 5.’’ Whistleblower Protection:
The Chrysler minivan investigation demonstrates the strong need to provide whistleblower protections for employees working in the auto and related industries who blow the whistle to NHTSA.
Paul Sheridan who is here today tried to get Chrysler to recall the minivans and fix not only the liftgate latch but also the seat back structure. Chrysler responded by disbanding Sheridan’s Safety Leadership Team. At this point Sheridan announced his intention to report his safety defect concerns, to NHTSA. Alarmed by Mr.
Sheridan’s intention, Chrysler waited until the Christmas holidays to raid Mr. Sheridan’s office files, fired him without notice and obtained an ex parte “muzzle order” which threatened him with arrest if he disclosed what he knew about Chrysler safety defects. Undaunted Mr.
Sheridan provided his sworn testimony to NHTSA. In an effort to intimidate him Chrysler then amended their Michigan lawsuit against him, alleging “damages” totaling $82,000,000. This amount stands as an all-time record claimed against a former employee. Chrysler unilaterally dropped its lawsuit in exchange for the court dismissing Mr. Sheridan’s state whistleblower claims but needless to say Mr. Sheridan suffered untold sums in legal expenses and personal trauma."
Below are the links where you can find Mr Ditlow's full testimony for more detail. Also provided link to the court document attachment he provided as evidence.
http://www.autosafety.org/sites/default/files/Senate%20Commerce%20S%203302%205-1- 9-10%20Final.pdf
http://www.autosafety.org/sites/default/files/NHTSA%20Xler%20Minivan%20Agreement- %2011-94%20%283%29.pdf
Study of Electronic Vehicle Controls and Unintended Acceleration, June 30, 2010 (pdf files)