The Wall Street Journal reported on Feb. 24, 2010 that the Lexus owned by witness Rhonda Smith, which surged out of control to 100 mph over several minutes, was resold to a happy buyer who has since put 27,000 trouble-free miles on it.
Oops!
I have read that some engineer did get a Toyota Avalon to do a UA, but that he works for the consortium of 5 law firms suing Toyota. I also read that Toyota did the same thing to a Honda. I have no real details on either story, as it was "on the Internet".
I don't think it's the same, because there is no conspicuous possibility of human error in breast implants, (on the part of the patient I mean) while there is major conspicuous room for human error in UA.
Actually, I seem to remember that tactic being used by the defense, as women getting brest implants (in general) were also more likely to live a, shall we say, riskier lifestyle, thereby causing said "side effects".
It isn't a conspiracy theory - the code (or more properly the whole system) is a mathematical expression and is either correct or incorrect, and if incorrect, it is so in such a way that could produce the behavior or not.
Cases aren't granted summary judgment until after discovery, and I also pointed out months ago that the Breathalyzers - where people go to jail - had significant software bugs so were likely not to yield an accurate result.
The only thing I am asking is for someone who is independent to look inside the box. Maybe there is nothing to see. But saying "trust me, there is metaphysical certainty that there could be nothing wrong inside the box" - is not merely laughable, but utterly stupid unless they are coding using standards similar to what the railroads or medical devices use, or a language something like haskell I would accept it if they would state under oath that their engineering is done and supervised so as to meet such standards.
Otherwise shouldn't I assume based on statistics, and industry practice I know about (heard of SAE J2534?) that the code running the modules is the standard abysmal patchwork hack?
Cases aren't granted summary judgment until after discovery
Probably depends on the jurisdiction but I don't think that's a blanket statement. One reason to file it would be to cut the case short and save on deposition costs and the like. (Wikipedia). Sometimes you just lose motions, like Toyota did when they asked the California court to dismiss the class action.
What "coding" standard might one use to overcome, detect, a flaw in the target microprocessor's ROM control store, microcode...? Years ago, we designed a 1.2 micron CMOS microprocessor that inadvertently didn't have quite enough ground ties internally. As a result it would "burp" once in a blue moon and only when multiplying certain variable value ranges.
But the barn is locked anyway so we don't know what is inside.
The micro is probably a commercially mass produced version that would have errata if there were problems, and it would be producing many random faults, not just this.
I can assume the normal automotive qualification and ISO 9000 stuff so the components and circuit boards should normally be fine, but the design of the hardware and/or software I have no knowledge of.
If the code is an abomination like most projects, I would expect the critical defect to be there, whether or not the other chips may have problems.
And you may remember the Pentium bug that gave it a problem with division.
It would be nice if that were the case in that there would be a myraid of uses it would be put to use and a somewhat complete errata sheet would be available via user, WIDE user, feedback.
But every Japanese control module I have disassembled has had narrow branding components, mostly NipponDenso, for which there seems to be no public documentation available.
I can assume the normal automotive qualification and ISO 9000 stuff so the components and circuit boards should normally be fine, but the design of the hardware and/or software I have no knowledge of.
What! WHAT! You mean NipponDEnso is not CMMI Level 5 certified for their software development processes? I'm shocked! Just SHOCKED :P: !!!
I sent an email to the contest team suggesting the 12/31 deadline be extended. It likely is that anyone who has the cause would have had it leaked. Edmunds also suggests to let it be known once you enter if it can prevent accidents. Perhaps there is an idea submitted that has merit and the NASA/NESC team found out and thus extended their testing originally to be done by "late fall". See http://www.businessweek.com/news/2010-11-30/toyota-review-still-finishing-loose-- ends-u-s-says.html
Looks like Toyota is going to fork over a settlement on one of the UA cases, but without admission of any guilt. Not sure why exactly they did this. Toyota seems to be blaming the dealer who lent out the loaner car.
Now we know something's fishy for sure. They just handed over several million dollars to keep things quiet.
One thing doesn't make them guilty. But after half a dozen suspicious things by them, it's clear that something is going on that they don't want to admit or come clean about.
"They just handed over several million dollars to keep things quiet. "
I think there is one aspect to this whole UA thing that should be considered. It worked for Audi, Honda (with their airbags) and it will probably work for Toyota now. Surely some of you have considered, that if Toyota assists the value loss in its stock shares, that once they get low enough they can repurchase their own shares, and reap huge profits from that in the future when all's well that ends well. Like I say, this exact strategy worked for Audi many years ago, and much more recently with Honda. Both, extremely rich companies to this day.
"What Toyota fails to mention is that the same official reports note that electronic components and mechanical causes may have been involved and causes of the accident, but could not be properly evaluated due to the extensive nature of the damage," [an attorney for the dealership] said in a statement.
It appears entirely possible that Saylor encountered 2 instances of SUA that day. Let's assume the first one was caused by the floor mat, does anyone think it possible that Saylor would have pulled back out, accelerating WOT, onto the HIGH SPEED lane without first having determined the initial cause..?
It would have been a rather simple matter to quickly throw the floor mat into the trunk, or out into the grass as I would have likely done.
So I think the dealer stands on good solid legal ground in this case. Not by any means excusing the stupidity of using the RXes floor mat in a "Camry".
Then is the additional matter of Saylor shifting into neutral or not, or even trying to shut off the engine ignition. Under the circumstances I can understand the argument that Saylor likely did not try the ignition PB, but I find it extremely hard to accept that he did not try to shift into neutral, unsuccessfully.
Why do you find it hard to accept? Might this be more about our image of the competence of law enforcement officers to handle emergencies? Probably...but then pilots, police, firefighters, soldiers, doctors....all make tragic mistakes, and more often than we'd like to think.
I'm not a law enforcement officer by any means, but I have had 2 SUA incidents in the past 10 years or so. The first was during a test drive of a new Miata. The dealer had installed cardboard carpet protectors, "floor mats", so the carpet wouldn't be soiled for the eventual buyer.
Spirited driving was the name of the day often requiring a serious level of braking. I returned the Miata to teh dealer with the carboad floor mat removed and advised them of my problem. I had soon realized that with HARD braking the engine would up rev. So I pulled to the shoulder of I90, safe side, and quickly determined the cause. The floor mat had crept up behind the brake pedal but over the top of the gas pedal so each time I seriously depressed the brake pedal the floor mat would inturn depress the gas pedal.
The second event, years later, involved a Mazda minivan, but this time it involved the actual floor mat that was not properly attached to the restraining hook(s).
So, even an average joe such as I would NOT long drive a car with SUA having occurred. Not without having determined and corrected the cause. Had I not been able to quickly determine the cause I would NOT have continued to drive the vehicles.
Have flown many hours GA (General Aviation) I will readily attest to pilots making many tragic mistakes. Luckily none of "mine" were in the tragic class. When we flew with my wife on board, or wife and off-spring, I wasn't trusted to be PIC so I always hired someone "professional" to occupy the left seat.
In all those hours with someone else being PIC I NEVER hesitated to point out errors in judgement or oversight on the part of the PIC. Only a few of those had the potential to become a serious matter, but yes, even well trained pilots make mistakes, moreso than YOU might think.
I know of one 737 pilot who made excuses to remain "idling" on the taxi-way long enough for the 30 minute loop voice recorder to overwrite a mistake made on final approach.
But in order for Saylor's SUA(s..?) to have been SOLELY the result of the floor mat just how many "mistakes", corrective action oversights, would he have had to make, some apparently repetively...?
These SUA's have almost disappeared but will probably tick up now that Toyota has paid out 10 Mil. A lot of desperate people out there wanting to cash in.
Didn't see that in police report - brakes were toasted. Would e-brake do anything compared to standing on brake pedal with both feet? Perhaps the brakes worked for a while when he was seen going slowly on the berm - but then took off again.
I'm working with an outsourced CMMI level 5 certified team now. As far as I can tell, it means they are supposed to perform the rituals or liturgy correctly because the code itself is a horrible mess (I took it over and quickly said maybe we can release it but 2.0 will require a rewrite).
Certified Mediocrity, Mendacity, Insanity.
Sort of like ISO 9000 stuff can certify a cement floatation device - life vest, as long as each one is manufactured to tolerance and the cement is from an ISO 9000 source.
Right now over at Linked-In in their Real Time embedded discussion group they have a "What is your favorite debugging story", and many involve where procedures were followed and the code was technically correct but still broken.
In an earlier post I noted Railroad software (and hardware!) has the thorough process and procedural checks to insure failsafe. I believe medical devices are also subject to similar hard requirements. CMMI doesn't achieve this level of reliability.
I asked about the code, but there should be nothing under NDA about their software development processes - Is it a bunch of interns, CMMI, or do they have some actual validation process for the software?
I don't see how any Prius hybrid or Camry hybrid driver could fail to know that it takes 3 seconds to shut off the ignition, since you have to do it every day you drive. I'm not sure if it's the same amount of time that you press the power button when it is at idle vs. at speed, but the instinctual move to that power button should have been entrenched.
I mean, tell me, on your computer, if the button fails to respond to your immediate touch, what do you do?
I don't see how any Prius hybrid or Camry hybrid driver could fail to know that it takes 3 seconds to shut off the ignition, since you have to do it every day you drive. I'm not sure if it's the same amount of time that you press the power button when it is at idle vs. at speed, but the instinctual move to that power button should have been entrenched.
I mean, tell me, on your computer, if the button fails to respond to your immediate touch, what do you do?
I've been trying to read the 2009 Lexus ES 350 owner's manual online but Lexus doesn't make it easy. Anyone got a manual (and don't tell me Saylor was in a different model!)?
Here's some quotes:
"Stopping the engine Shift the shift lever to P and press the “ENGINE START STOP” switch as you normally do when stopping the engine." (page 412)
This was also interesting:
"The steering wheel locks when the “ENGINE START STOP” switch is in OFF" (page 9)
And on page 110:
"Do not under any circumstances shift the shift lever to P, R or N while the vehicle is moving. Doing so can cause significant damage to the transmission system and may result in a loss of vehicle control.
"Do not shift the shift lever to N while the vehicle is moving. Doing so may cause the engine brake to not operate properly and lead to an accident"
Page 111:
"Be careful not to shift the shift lever with the accelerator pedal depressed. This may lead to unexpected rapid acceleration of the vehicle that may cause an accident and result in death or serious injury"
Page 118:
"Stopping the engine in an emergency If you want to stop the engine in an emergency while driving the vehicle, push and hold the “ENGINE START STOP” switch for more than 3 seconds. However, do not touch the “ENGINE START STOP” switch while driving except in an emergency. If the engine stops while the vehicle is being driven, this could lead to an unexpected accident."
Page 121:
"Downshifting restrictions warning buzzer (in the S mode) To help ensure safety and driving performance, downshifting operation may sometimes be restricted. In some circumstances, downshifting may not be possible even when the shift lever is operated. (The warning buzzer will sound twice.)"
Well, your comment that "I don't see how any Prius hybrid or Camry hybrid driver could fail to know that it takes 3 seconds to shut off the ignition, since you have to do it every day you drive" doesn't appears to apply to the Lexus that Saylor was driving. I didn't see anything about 3 seconds for a normal shutdown.
So maybe Saylor knew how to shut off his Lexus when he put it in park, but not while the engine was running?
The paragraph saying "Be careful not to shift the shift lever with the accelerator pedal depressed. This may lead to unexpected rapid acceleration" was a bit disconcerting as well.
Well even, more puzzling why he didn't just shut the car off with the key then. It's either key or button---I'm sure he drove cars with either one or the other.
I haven't changed my mind on this---if no one can repeat the fault in experiments, then it doesn't exist. This is the very basis of all scientific inquiry.
Yes, absolutely. The e-brake along with standard braking would have likely been strong enough to bring the rear wheels to a complete and full stop. While the front braking had to overcome both the momentum and the engine DRIVE.
Someone correct me if this is wrong but I seem to remember that when Mrs. Smith used the e-brake the car slowed enough that she felt safe pulling onto the grass roadside. At that point the DRIVING wheels would have likely lost enough traction that the e-brake became the deciding factor.
Well even, more puzzling why he didn't just shut the car off with the key then. It's either key or button---
I thought it was a button in this case. A normal shut-off is to put the car in park and hit the button. I don't think you have to hold it - just press it.
So, if Saylor tried to shut the car off while going down the highway, just pressing the button wouldn't have done it. And as someone said, 3 seconds is a long time in that situation.
And apparently there are times when an accelerating engine won't let you shift into a lower gear or neutral or park, if I'm reading that section of the owner's manual right. Who knows if he was in Sport mode instead of normal Driving mode though. And I don't know why, if he was in Sport mode, he didn't just move the shifter to the right a bit back into normal Driving mode and then shift to neutral or park.
Interesting in that at least one Australian railway system is currently running on code initially compiled for the DEC PDP-11. And how about the London Underground still running on code compiled years ago for the HP1000 series.
Yes, there might be some of that to consider, especially in a FWD vehicle. But I'm pretty sure that in this case the downshift disable is to prevent the engine from going too high in RPM due to an inadvertently WRONG downshift.
"..As for damaging the engine or transmission...who cares,..."
YOU DO.
Now comes the question of intentional or inadvertent....
How does the "car" distinguish between two.
How many engines do you think might have been destroyed via an inadvertent, WRONG, MANUAL transmission downshift...?
Besides which with a WOT the transaxle would have most likely already been in the lowest appropreate gear ratio. So any commanded downshift would have been ignored.
No, I wouldn't care at all if I blew up an engine while attempting to stop a runaway vehicle--in fact, it might be a great way to stop it.
Nothing in the manual prevents you from shifting into neutral---just do that, and when the car stops, just hop out and let it rev itself to destruction.
If this mystery bug also prevents the gearshift from going into neutral, then I'm going to start rolling my eyes....
I have no doubt that should a "livelock" type of bug be eventually found to be the cause it would easily be able to disable the shifter function, the PB off, etc, etc.
"Downshifting restrictions warning buzzer (in the S mode) To help ensure safety and driving performance, downshifting operation may sometimes be restricted. In some circumstances, downshifting may not be possible even when the shift lever is operated. (The warning buzzer will sound twice.)"
This means that the entire gear selector mechanism is under the direct control of the computer as most of us suspected.
If the thing crashes gets stuck in a loop, I suspect none of the buttons will actually do anything.
Why do you find it hard to accept? Might this be more about our image of the competence of law enforcement officers to handle emergencies? Probably...
IMO, the driving ability of the typical law enforcement person is grossly overstated. Around here, more are killed in traffic accidents than in shootouts with bad guys.
I don't see how any Prius hybrid or Camry hybrid driver could fail to know that it takes 3 seconds to shut off the ignition, since you have to do it every day you drive.
3 seconds - is that really how long the push button has to be depressed? On my 2009 G37, it only takes a fraction of a second to turn off the engine, at least at idle.
Isn't this the one with the very long cell phone 911 conversation? The lack of a true kill switch is an issue (pulling the key-fob should be sufficient or something else with instant action). He does not sound like he is panicked into insanity.
In any case we are not talking about a senior citizen with failing abilities, nor a newbie teen.
Have cars become so complex as to be dangerous if you don't spend the better part of an hour reviewing the controls before taking off?
I would have to assume (and apparently the brakes confirm) that he hit the brakes - not mistaking the accelerator - for what should have been long enough to invoke whatever safety system and/or stop the car if the engine was not at WOT.
Perhaps he was intending suicide and to take his family with him and the call was just so it wouldn't appear so, but I can make up all kinds of fantastic stories.
I'm all for testing. Find three of his colleagues, and put them on a test track and see what they do.
I'm for passing a law that says cop cars CANNOT EXCEED 65MPH under any circumstances. Car chases, let alone shoot-outs, almost always lead to a crash which oftentimes, more times that otherwise, result in injury or death to Innocent bystanders.
Okay "make him" a only a "john Q Public" and tell me what difference that makes. You have your wife, daughter, and brother-in-law in the car that wants to go over 100 MPH. So what all might John Q public do..?
Listen to Mrs. Smith's statement before the US Congress for clues.
Now we know something's fishy for sure. They just handed over several million dollars to keep things quiet
Companies do that all that time - fork over money without admitting any guilt. It's a business decision. And to a company with Toyota's resources, it's like you or me losing a buck in a soda machine.
In today's WSJ, there's an article about fraudulent debt collection actions by a company called Portfolio Recovery Associates Inc. According to the article, they used/forged a dead woman's name/signature on thousands of debt papers. Problem is, the woman died back in 1995! The article goes on to say that after being sued by the state of Montana, Portfolio Recovery Associates agreed to settle the Montana suit, and that while terms of the deal weren't disclosed, the company's spokeswoman said it admitted no wrongdoing.
Comments
Oops!
I have read that some engineer did get a Toyota Avalon to do a UA, but that he works for the consortium of 5 law firms suing Toyota. I also read that Toyota did the same thing to a Honda. I have no real details on either story, as it was "on the Internet".
Actually, I seem to remember that tactic being used by the defense, as women getting brest implants (in general) were also more likely to live a, shall we say, riskier lifestyle, thereby causing said "side effects".
Or a proximity to high voltage power lines and birth defects.
Or about a relationship between cell phone usage and brain tumors.
Well, that's the USA.
Something bad happens, its someone else's fault, and some amount of $$$ will make everything all ok.
Can you imagine what it would look like if we licensed our doctors and engineers the same way we do drivers here?
Or they could just run it through a tool designed to find problems, e.g. coverity
http://www.coverity.com/products/
It isn't a conspiracy theory - the code (or more properly the whole system) is a mathematical expression and is either correct or incorrect, and if incorrect, it is so in such a way that could produce the behavior or not.
Cases aren't granted summary judgment until after discovery, and I also pointed out months ago that the Breathalyzers - where people go to jail - had significant software bugs so were likely not to yield an accurate result.
The only thing I am asking is for someone who is independent to look inside the box. Maybe there is nothing to see. But saying "trust me, there is metaphysical certainty that there could be nothing wrong inside the box" - is not merely laughable, but utterly stupid unless they are coding using standards similar to what the railroads or medical devices use, or a language something like haskell I would accept it if they would state under oath that their engineering is done and supervised so as to meet such standards.
Otherwise shouldn't I assume based on statistics, and industry practice I know about (heard of SAE J2534?) that the code running the modules is the standard abysmal patchwork hack?
Probably depends on the jurisdiction but I don't think that's a blanket statement. One reason to file it would be to cut the case short and save on deposition costs and the like. (Wikipedia). Sometimes you just lose motions, like Toyota did when they asked the California court to dismiss the class action.
Haskell - there's one I've never heard of.
The micro is probably a commercially mass produced version that would have errata if there were problems, and it would be producing many random faults, not just this.
I can assume the normal automotive qualification and ISO 9000 stuff so the components and circuit boards should normally be fine, but the design of the hardware and/or software I have no knowledge of.
If the code is an abomination like most projects, I would expect the critical defect to be there, whether or not the other chips may have problems.
And you may remember the Pentium bug that gave it a problem with division.
It would be nice if that were the case in that there would be a myraid of uses it would be put to use and a somewhat complete errata sheet would be available via user, WIDE user, feedback.
But every Japanese control module I have disassembled has had narrow branding components, mostly NipponDenso, for which there seems to be no public documentation available.
What! WHAT! You mean NipponDEnso is not CMMI Level 5 certified for their software development processes? I'm shocked! Just SHOCKED :P: !!!
http://www.businessweek.com/news/2010-11-30/toyota-review-still-finishing-loose-- ends-u-s-says.html
The only disqualification for an extension would be if the idea was some nebulous computer "single event" glitch instead of a specific error found and tested. The NASA/TEAM may find it but that is doubtful. See:
http://www.oregonsae.org/Meetings/misra_C.pps
http://abcnews.go.com/Technology/wireStory?id=9950797
TOYOTA SETTLES 2009 CASE
One thing doesn't make them guilty. But after half a dozen suspicious things by them, it's clear that something is going on that they don't want to admit or come clean about.
"They just handed over several million dollars to keep things quiet. "
I think there is one aspect to this whole UA thing that should be considered. It worked for Audi, Honda (with their airbags) and it will probably work for Toyota now. Surely some of you have considered, that if Toyota assists the value loss in its stock shares, that once they get low enough they can repurchase their own shares, and reap huge profits from that in the future when all's well that ends well. Like I say, this exact strategy worked for Audi many years ago, and much more recently with Honda. Both, extremely rich companies to this day.
excerpt from:
http://kansascity.injuryboard.com/defective-and-dangerous-products/toyota-pays-1- 0-million-in-sudden-acceleration-lawsuit.aspx?googleid=287080
The Lexus dealership that loaned the vehicle to the Saylor family continues to point the finger at Toyota. The Lexus dealership notes that official report found that the floor mat did not cause the full throttle acceleration.
"What Toyota fails to mention is that the same official reports note that electronic components and mechanical causes may have been involved and causes of the accident, but could not be properly evaluated due to the extensive nature of the damage," [an attorney for the dealership] said in a statement.
It appears entirely possible that Saylor encountered 2 instances of SUA that day. Let's assume the first one was caused by the floor mat, does anyone think it possible that Saylor would have pulled back out, accelerating WOT, onto the HIGH SPEED lane without first having determined the initial cause..?
It would have been a rather simple matter to quickly throw the floor mat into the trunk, or out into the grass as I would have likely done.
So I think the dealer stands on good solid legal ground in this case. Not by any means excusing the stupidity of using the RXes floor mat in a "Camry".
Then is the additional matter of Saylor shifting into neutral or not, or even trying to shut off the engine ignition. Under the circumstances I can understand the argument that Saylor likely did not try the ignition PB, but I find it extremely hard to accept that he did not try to shift into neutral, unsuccessfully.
Spirited driving was the name of the day often requiring a serious level of braking. I returned the Miata to teh dealer with the carboad floor mat removed and advised them of my problem. I had soon realized that with HARD braking the engine would up rev. So I pulled to the shoulder of I90, safe side, and quickly determined the cause. The floor mat had crept up behind the brake pedal but over the top of the gas pedal so each time I seriously depressed the brake pedal the floor mat would inturn depress the gas pedal.
The second event, years later, involved a Mazda minivan, but this time it involved the actual floor mat that was not properly attached to the restraining hook(s).
So, even an average joe such as I would NOT long drive a car with SUA having occurred. Not without having determined and corrected the cause. Had I not been able to quickly determine the cause I would NOT have continued to drive the vehicles.
In all those hours with someone else being PIC I NEVER hesitated to point out errors in judgement or oversight on the part of the PIC. Only a few of those had the potential to become a serious matter, but yes, even well trained pilots make mistakes, moreso than YOU might think.
I know of one 737 pilot who made excuses to remain "idling" on the taxi-way long enough for the 30 minute loop voice recorder to overwrite a mistake made on final approach.
But in order for Saylor's SUA(s..?) to have been SOLELY the result of the floor mat just how many "mistakes", corrective action oversights, would he have had to make, some apparently repetively...?
2013 LX 570 2016 LS 460
http://autos.aol.com/gallery/Saylor-crash-report
Also no one seemed to know the kill switch (keyless) had to be held for 3 seconds with tranny in drive.
Dealership lawsuit should be interesting.
Unfortunately 3 seconds would seem an eternity under those horrific conditions.
2021 Kia Soul LX 6-speed stick
Certified Mediocrity, Mendacity, Insanity.
Sort of like ISO 9000 stuff can certify a cement floatation device - life vest, as long as each one is manufactured to tolerance and the cement is from an ISO 9000 source.
Right now over at Linked-In in their Real Time embedded discussion group they have a "What is your favorite debugging story", and many involve where procedures were followed and the code was technically correct but still broken.
In an earlier post I noted Railroad software (and hardware!) has the thorough process and procedural checks to insure failsafe. I believe medical devices are also subject to similar hard requirements. CMMI doesn't achieve this level of reliability.
I asked about the code, but there should be nothing under NDA about their software development processes - Is it a bunch of interns, CMMI, or do they have some actual validation process for the software?
I mean, tell me, on your computer, if the button fails to respond to your immediate touch, what do you do?
That's right, 99% of us press HARDER and LONGER.
I think the poor guy totally freaked out.
I mean, tell me, on your computer, if the button fails to respond to your immediate touch, what do you do?
That's right, 99% of us press HARDER and LONGER.
I think the poor guy totally freaked out.
That's my assessment as well.
Here's some quotes:
"Stopping the engine
Shift the shift lever to P and press the “ENGINE START STOP” switch as you normally do when stopping the engine." (page 412)
This was also interesting:
"The steering wheel locks when the “ENGINE START STOP” switch is in OFF"
(page 9)
And on page 110:
"Do not under any circumstances shift the shift lever to P, R or N while the vehicle
is moving.
Doing so can cause significant damage to the transmission system and may result
in a loss of vehicle control.
"Do not shift the shift lever to N while the vehicle is moving.
Doing so may cause the engine brake to not operate properly and lead to an
accident"
Page 111:
"Be careful not to shift the shift lever with the accelerator pedal depressed.
This may lead to unexpected rapid acceleration of the vehicle that may cause an
accident and result in death or serious injury"
Page 118:
"Stopping the engine in an emergency
If you want to stop the engine in an emergency while driving the vehicle, push and
hold the “ENGINE START STOP” switch for more than 3 seconds.
However, do not touch the “ENGINE START STOP” switch while driving except in
an emergency. If the engine stops while the vehicle is being driven, this could lead to an unexpected accident."
Page 121:
"Downshifting restrictions warning buzzer (in the S mode)
To help ensure safety and driving performance, downshifting operation may sometimes be restricted. In some circumstances, downshifting may not be possible even when the shift lever is operated. (The warning buzzer will sound twice.)"
As for damaging the transmission or engine, I mean who cares, if you are hurtling out of control into a bridge abutment?
So maybe Saylor knew how to shut off his Lexus when he put it in park, but not while the engine was running?
The paragraph saying "Be careful not to shift the shift lever with the accelerator pedal depressed. This may lead to unexpected rapid acceleration" was a bit disconcerting as well.
I haven't changed my mind on this---if no one can repeat the fault in experiments, then it doesn't exist. This is the very basis of all scientific inquiry.
2013 LX 570 2016 LS 460
Yes, absolutely. The e-brake along with standard braking would have likely been strong enough to bring the rear wheels to a complete and full stop. While the front braking had to overcome both the momentum and the engine DRIVE.
Someone correct me if this is wrong but I seem to remember that when Mrs. Smith used the e-brake the car slowed enough that she felt safe pulling onto the grass roadside. At that point the DRIVING wheels would have likely lost enough traction that the e-brake became the deciding factor.
I thought it was a button in this case. A normal shut-off is to put the car in park and hit the button. I don't think you have to hold it - just press it.
So, if Saylor tried to shut the car off while going down the highway, just pressing the button wouldn't have done it. And as someone said, 3 seconds is a long time in that situation.
And apparently there are times when an accelerating engine won't let you shift into a lower gear or neutral or park, if I'm reading that section of the owner's manual right. Who knows if he was in Sport mode instead of normal Driving mode though. And I don't know why, if he was in Sport mode, he didn't just move the shifter to the right a bit back into normal Driving mode and then shift to neutral or park.
Most puzzling.
Interesting in that at least one Australian railway system is currently running on code initially compiled for the DEC PDP-11. And how about the London Underground still running on code compiled years ago for the HP1000 series.
Time proven code reliability.
Yes, there might be some of that to consider, especially in a FWD vehicle. But I'm pretty sure that in this case the downshift disable is to prevent the engine from going too high in RPM due to an inadvertently WRONG downshift.
"..As for damaging the engine or transmission...who cares,..."
YOU DO.
Now comes the question of intentional or inadvertent....
How does the "car" distinguish between two.
How many engines do you think might have been destroyed via an inadvertent, WRONG, MANUAL transmission downshift...?
Besides which with a WOT the transaxle would have most likely already been in the lowest appropreate gear ratio. So any commanded downshift would have been ignored.
Nothing in the manual prevents you from shifting into neutral---just do that, and when the car stops, just hop out and let it rev itself to destruction.
If this mystery bug also prevents the gearshift from going into neutral, then I'm going to start rolling my eyes....
I have no doubt that should a "livelock" type of bug be eventually found to be the cause it would easily be able to disable the shifter function, the PB off, etc, etc.
"Downshifting restrictions warning buzzer (in the S mode)
To help ensure safety and driving performance, downshifting operation may sometimes be restricted. In some circumstances, downshifting may not be possible even when the shift lever is operated. (The warning buzzer will sound twice.)"
This means that the entire gear selector mechanism is under the direct control of the computer as most of us suspected.
If the thing crashes gets stuck in a loop, I suspect none of the buttons will actually do anything.
IMO, the driving ability of the typical law enforcement person is grossly overstated. Around here, more are killed in traffic accidents than in shootouts with bad guys.
3 seconds - is that really how long the push button has to be depressed? On my 2009 G37, it only takes a fraction of a second to turn off the engine, at least at idle.
In any case we are not talking about a senior citizen with failing abilities, nor a newbie teen.
Have cars become so complex as to be dangerous if you don't spend the better part of an hour reviewing the controls before taking off?
I would have to assume (and apparently the brakes confirm) that he hit the brakes - not mistaking the accelerator - for what should have been long enough to invoke whatever safety system and/or stop the car if the engine was not at WOT.
Perhaps he was intending suicide and to take his family with him and the call was just so it wouldn't appear so, but I can make up all kinds of fantastic stories.
I'm all for testing. Find three of his colleagues, and put them on a test track and see what they do.
And.... That would "prove" what?
Yes... That does appear to be the 800 lb gorilla in the living room.
Listen to Mrs. Smith's statement before the US Congress for clues.
Companies do that all that time - fork over money without admitting any guilt. It's a business decision. And to a company with Toyota's resources, it's like you or me losing a buck in a soda machine.
In today's WSJ, there's an article about fraudulent debt collection actions by a company called Portfolio Recovery Associates Inc. According to the article, they used/forged a dead woman's name/signature on thousands of debt papers. Problem is, the woman died back in 1995! The article goes on to say that after being sued by the state of Montana, Portfolio Recovery Associates agreed to settle the Montana suit, and that while terms of the deal weren't disclosed, the company's spokeswoman said it admitted no wrongdoing.