I very nearly had a terrible car accident: my car almost left me stranded on the tracks of my city's light rail transit. The short version of the story is that my car started acting up, of all times, as I was on the way to the mechanic for an oil change. “Acting up” in this case meant refusing to go above 20kph (12.4mph) for …
Not fixing the fault?
That's almost certainly a failing lambda sensor.
About £20 to buy, 15 minutes to replace. And doing so will probably increase your fuel economy.
Oh, and that's OBD-2 - On Board Diagnostics. They're great fun to play with, and can be bought in Bluetooth varieties that talk to an app on an Android phone.
£20 for a Lambda! please tell me where!
They seem to have gone up a bit since I last bought one.
However, they are tens of pounds, rather than the multiple hundreds that main dealers try and charge. Here's an example at £42.60 including VAT:
They seem to have come down if you ask me..
I'm more used to seeing them for £60+ maybe that's just the type for zetecs...
(I have built a few kit cars, with engines rescued from writeoffs unfortunately scrap dealers cut the exhausts just after the manifold to extract the cats.. so I don't get the Lambdas...)
The cruise control on my Prius goes into an odd error mode every now and again. The light will flash on the dash and the computer refuses to take command of the throttle. The solution is to stop, shutdown, reboot. Simple. I don't know what causes it, but it seems to be when you have to suspend the cruise and there's some sort of differential input on the axle torque/position sensors. In a Prius, it's unnervingly obvious that the computer is in control - it can even park itself hands-off.
How do you normally drive?!
"That computer has legitimately saved my life on more than one occasion."
I wonder how many other lives your traction control has saved. My computer's allowed me to avoid a low-speed shunt on a couple of occasions, but if it ever saved my life I'd be taking a cold hard look at the way I drive.
I normally the spedx limit +/- 5%. -30% on a snowy day. But this is Edmonton. Our roads are covered in snow/ice 6 months of the year. Some times, a water main can break, and the roads become sheets of black ice that you can't see. Even at 40kph, if you are going down the hill to the underpass at 97th st and Yellowhead, you can (and almost every other week someone does) slam into the concrete pillars.
Unlike most folks, I am driving a fairly light, not-going-to-win-a-fight-with-a-concrete-pillar kind of car.
At 40kph, I'd still be dead.
That conputer has prevented a few, especially during my early years.
One of the reasons why I drive an old Land Rover
No fancy electronics, no central locking, no ABS, ESP <insert car related acronym here>, electric windows, nothing. The lights don't even come on when you open a door.
And therefore, very little to go wrong. And what does go wrong, I can fix myself as the engine is simple, there are no plastic covers hiding everything.
On the downside, it's noisy, slow and leaks (both wind and water).
But I love it.
Same with me...
Except that it's the Austrian equivalent, the Puch G. Mind you, the noise isn't a problem any more since I 'm almost deaf due to too much driving with the G ;-)
Ah, the old faithfull Landy
Which if memory serves me right is the only car you can change basically EVERY part on (including the beams in the chassis) and as long as the VIN tag stays with the "vehicle" remains the same vehicle. . . and incidently the ONLY vehicle to complete the Top Gear offroad "drive up the muddy farm track" test a few years back. . . . BMW X5 - FAIL, Merc - Fail, Mitsubishi - fail . . 1960s Landy, no prob, then again in 2WD mode . . .
On the other hand, comfort was not a design issue !
Lights coming on when you open the door? You HAVE an interior light?
Although the lights and electrics staying ON when one removes the key from the ignition is an issue which has left me requiring a jump start on at least one occasion...
"That computer has legitimately saved my life on more than one occasion"
So how plausible and accurate is the rest of the story then?
But if they save him now, they can continue to prepare for the coming biocide without the meatbags suspecting anything. Sounds plausible to me.
I didn't know they had a vehicle range as well
That computer has legitimately saved my life
I question why you are driving in such a way as to require a computer to take over and save your life. Have we really reached the point where we trust computers so much that we actively push the limits of our driving ability knowing that the computer will save us? Is that a good thing?
I can barely imagine a situation where pushing the boundaries of safe driving is warranted on public roads. I can even less imagine a situation where we would push our limits even further and trust a computer to save us when we go to far. It is ridiculous. Is our time so precious that saving a few minutes off our journeys is worth risking our lives?
Undoubtedly cars are safer now than they have ever been in almost every possible way. Impact protection has saved uncountable lives. I fear that dependence on technology and slowly removing driver responsibility is likely to lead to more crashes. To improve safety either completely automate our traffic systems quickly rather than this gradual implementation or invest in better training and retraining during a drivers lifetime. How can we possibly believe that someone trained at the age of 17 is still going to be a safe driver 30.. 40... 50 years down the line? There should be some kind of mandatory class every 10 years to just refresh peoples abilities and to point out areas they may wish to work on.
Could we also throw in a course: "new cars, what they can do, how they can fail, things that are different than what you learned on?" A 2005 [make/model redacted] is a heck of a lot different than the 1986 Crown Vic Police Interceptor I learned on and had for a first car! :D
It's a well-documented phenomenon known as Risk Compensation.
Basically, if you feel that you are safer (or less likely to come to harm) then you will behave in a more risky way to ultimately balance out the risks.
It's why (for example) you might see a 4x4 driver tailgating more, or driving significantly over the speed limit even though their vehicle is (ironically) considerably less safe in those conditions than a normal saloon.
5th Gear did a series of tests where they crashed 4x4s into standard saloons in a series of typical accident scenarios, in each case the crash experts said the occupants of the saloon would almost certainly be killed instantly (sounds good for the 4x4 driver, doesn't it), but they also said that the 4x4 occupants would probably die from their injuries before any emergency services managed to get to the scene (not so good after all).
> Have we really reached the point where ... we actively push the limits of our driving ability
It's called "risk balancing"; the safer we feel in an environment, the more risk our behaviour until we meet a perceived level of risk we deem appropriate. And we're not very good at judging risk.
There was an interesting study I saw a few years back, comparing driver behaviour at level crossings to the amount of train line they could see. It's a fairly obvious conclusion that them more they can see - the better appraised of the risk they are - the better they will perform.
And the study showed exactly the opposite. The more line the car drivers could see, the more they pushed their luck. Improving visibility just lead to more people going through red lights, with a dramatically increased probability of collision. I don't think there were enough actual collisions to prove an increased rate with any statistical significance, but nevertheless, the number of cars ignoring the lights increased, and the average gap between train and car in those events decreased. Neither of those figures is good.
Now if it could only have said...
"I'm sorry I can't let you do that Dave."
Had a 406 once that got confused because I put a wheel up a kerb trying to get in a junction where the person getting out was taking most of the road. Because this, the ABS light persisted.
Cured by reboot. Well, turned up to work, turned off ignition, went to go home later, ignition on, ABS light went off as normal.
I agree somewhat with other posters, you knew the car had a tendency to go into limp mode, so ideally you should've avoided those 50mph roads and avoided the level crossing. If something had happened (for example, the person behind you rammed you because you slowed from 50 to 20), the insurance company would not have been sympathetic.
For all those who work in software, think as you are about to get on your next plane, think "what if the flight control systems were built by the software company I work for"?
I'd be getting the boat! (hence AC...)
> "what if the flight control systems were built by the software company I work for"?
I can do that. I can watch supersonic fighters at air displays and wonder if they still contain my code...
An IBM engineer once told me that sometimes either the firmware gets in such a state that it gets stuck in a loop and cannot 'see' a way out. The only fix *is* a power cycle at that time. Nothing really any different from the programs running on your 'PC' but you don't think about the chips inside a device getting stuck in a loop.
While that was for a tape library the same applies to the firmware running on anything from your washing machine to the computers in a car.
That's what watchdog timers are for.
And you believed that the IBM engineer actually *knew* what the firmware was doing?
I won't knock them too hard, because a lot of them are good guys and are seriously overworked, but I often get the impression that rather than responding to a direct question about something they really don't know about with an 'I don't know', they improvise, and often end up talking complete bollocks.
Nowadays, IBM engineers are board-swappers. They get an action plan and some parts, and go through a defined procedure swapping them. If the problem is not fixed, they are *required* to call in to their escalation path, because they can be disciplined if they attempt to use their own initiative, especially if it makes the situation worse in some way.
Briefly worked for big blue.
A pensions company that buys up startups and attempts to integrate their products into it's portal. That's how I see it.
I've heard of this problem before, in this case it was somebody who had missed an exit on an temporarily empty-A road and was attempting a three point turn across the road. One of the wheels slipped and the computer crashed, leaving the car stranded in the middle of what suddenly started to become a very busy A-road. In this case that car involved was a Smart, so the computer inside was presumably Mercedes derived.
We're probably further away from making programming into a proper engineering discipline than we were in the 1990s (thanks partly to primitive web development tools). Even if we did make it a certified engineering discipline we'll never be able to guarantee 100% bug-free software - that's why embedded systems for aerospace make so much use of redundancy and other tricks.
Wherever a computer is in control of life-threatening risks, as in a car, you should be able to override it *completely* with a single big red button - that means leaving the mechanical systems intact alongside the "fly-by-wire" ones, so it fails safe. I wonder this is true of the latest generation of traction-controlled etc etc etc cars?
To be fair, there is a great big "TRAC OFF" button that kills the computer. I seriously hope ever car with a computer has one...
> I seriously hope ever car with a computer has one...
I don't. Some of those computers are needed.
Modern engines don't run without a computer; it's the only way to get enough accuracy to achieve the power/economy/emissions values we now demand.
Obviously NOT a Renault then...
cos if it was it would have simply just broken down....
or have bitched about an ABS/ESP fault In much the same way your wife does when you forget your anniversary/her birthday! ;)
or dropped to idiot/Limp home mode...
The 1st rule of stupid computer cars... UNPLUG the effin Battery (COLD REBOOT) and all the faults go away.
I have a scenic phase2 (2000 model) where I've done all sorts of silly driving in snow even took out fuse of abs to try with and without - loads a fun but nothing like having to reset it like this... the only thing have had to replace HT coils three times now it's on a set of bosch HT which seem to be fine now.
But I drive just for practice with it in snow and ice even going crazy wheelspin intentionally but not seen this behaviour as described in this article - whichever this car is it's computer is shite. Though I agree the driver should not have continued to drive and place himself in such perilous danger when he knew the car was misbehaving.
Actually, you are wrong...
... to call for turning it off and on again. This thing has so much power that it cannot be allowed to fail, so it has no excuse for getting confused.
Where we (wrongly, I think already) simply accept excessively poor performance from certain software systems we use to make (actually not very good either) general computing hardware work for us --we very clearly can do better but it's not the most dependable systems that managed to get commoditised-- that "oh let's just fix it and move on (to the next BSOD)" attitude will get you killed in a road accident. Already, at least one jaguar already managed to wrap itself around a tree due to, indeed, a genuine BSOD.
This is simply not acceptable.
In fact, I'd argue the embedded thing is no longer a computer. It's a part of the car, must be treated as such, and either must not affect handling in any way or must be part of the training for handling the apparatus. If it distracts the driver by requiring hitting switches to avoid getting killed on railway crossings, however infrequently, then that too must be part of the training.
Of course this is a weak argument to make to people who've learned to drive from friends and family on a learner's licence. Over here it's a far more formal process with actual instructors and specially modified cars (and consequently at higher expense, but I digress). Some countries even include a mandatory first aid course.
It is related to several proposed laws to put speed limiters in cars to force people to "drive safely", that inevitably will cause accidents by their inevitable kicking in at exactly the wrong moment, and to exposing inexperience in its pilots when the airbus system decides flying is too hard and let the puny humans try.
Should training not be feasible for some reason, especially then, but otherwise also, this applies: Either you make the system such that it does what it does as part of the larger thing and it does not fail, ever, on pain of liability for the manufacturer for anything the system causes, or it simply doesn't get to interfere with operating the thing in any way or form.
This brings the liability question back: If the system acts and it causes something that clearly wasn't the intention, who do you sue? People have long proposed and equally long opposed making software engineers liable for their produce. I think that is not necessarily a good idea in the general computer related case for a variety of reasons, starting with the general purpose nature of "the computing tool" and its complex intertwining of many layers written by many different people, not all of them proficient. As of yet it is not practical and would cause a lot of harm to innovation and such; it possibly would do more harm than help the state of general purpose computing.
But for a specific appliance, you can very well do that. For ABS on-board computers? Sure. They make a hash of things, it's a defect in the car as a whole and so the manufacturer is liable. If that means a massive expansion of duty to care for the software running the thing for the entire life of the car, so be it. If that makes software a lot less cost effective than previously thought, well, now we know; otherwise it'll remain a hidden cost in lives.
Manufacturers should already require every dealer to report malfunctions back to the factory and they must do something useful with those reports. I don't know whether they do, but they should.
In fact, I quite like the German approach to engineering: By law an apparatus must be signed off on by someone licensed to sign off on such things and if the thing zaps your pet and you can prove it was due to a designed-in defect, the guy who set his signature is personally liable.
This doesn't work well for general computing, perhaps due to the shoddy state of software there in general as well as the poorly-managed complexity, as well as the general nature of the setup. But for some software-run chip-for-brains that's effectively part of something with a well-defined purpose, like a car or even a toaster or something, it would work, and as soon as lives are at stake, even moreso.
In fact, medical equipment is another of those applications where appliances abound that then turn out to run a shoddy desktop environment emulator underneath that adds nothing to its functioning but does detract from its reliability, or that are sprouting things like wireless interfaces and then turn out to be influencable over it without authorisation, or to fail to ignore interference, or whatnot. It's all far less robust than we'd like to think --especially given the price paid for the fancy equipent-- and we're not trying hard enough to outright break these things so that we might improve them.
Laws may help, but attitude is even more important, and we're still far too accepting of poor performance due to software and such in things where you really don't want interference, especially not from the embedded computers running the show. This is not new; we've known for decades that this was the case, we just haven't realised it. Time we started acting on it.
Thesis submissions are next door.
At least I know you don't twit!
"at least one jaguar already managed to wrap itself around a tree due to, indeed, a genuine BSOD."
Source? I could do with a laugh..
Audi's almost certainly have a "limp mode" as well as I assume they probably share a lot of the electronics across the whole VAG range and my Skoda has gone into limp mode twice and had to go in to get coil packs replaced under warranty - turned out, according to some googling I did, that VAG had received a dodgy batch of these from Bosch - seemed that Audi customers potentially affected were called in to have a preventative install of new coil packs but at the Skoda end of the range we were left until we had a failure. Once coil pack fails then I assume unignited fuel comes out in the exhaust and the emissions sensors detect something wrong and attempt to save the planet by limiting you to 2000rpm - which is just about enough to get you to a short distance.
Had similar issue of a Vauxhall recently (7 year old Zafira, emissions warning light came on and when I took it in they determined it needed a replacement coil pack) ... but, especially as warning light came on 60 miles from home on M4, they just warn you and don't enter limp mode
Not saving the planet...
...but probably saving your catalytic converter from being poisoned by neat fuel.
"Who is to blame?"
So - aware that your car was malfunctioning, erratic, and dangerous - you continued to drive it (putting yourself and other people at risk) rather than call for roadside assistance?
They were summoned; but the only remotely safe place to stop was across those tracks. It's hard to describe without giving a thesis on the horrible design of this road/intersection, but suffice it to say that blinkers on in that intersection is more likely to get you killed than the train.
Now, stupid civic design, that's a whole other rant...
give us a streetview point / google maps then we can see exactly where u were
as per title
From the description of it, the engineers messed up on this one. If there are problematic readouts, the car might go into some kind of 'save mode', but it should never behave erratically. So some engineer failed to do his job on this one.
I once had my Mitsubishi act up on me, wouldn't go beyond 20 km/h. After having it towed, I read in the manual, that a hard reset (disconnecting the battery for a minute) "is not recommended", i.e. would have been the proper solution to the problem :).
Who is to blame?
This is clearly a system fault some of the commenters on this thread should try reading the article again. The problem developed on the journey so no-one was ignoring the "service me" warning for to long. Randomly jumping between 20kph and normal speed is not a "limp mode" and if it occurs unexpectedly on a motorway is a fantastic way to kill a lot of people. I'm also not sure how you tell if one of your wheels is parked on a patch of black ice when traction control and abs are working very hard to make sure you don't notice it at all. As for being "too feckin reliant on you cars technology" pretty much all modern cars today use embedded computers and you can't switch them off. You are forced to be reliant on the car's technology the moment you sit in the driver's seat. I do agree it would have been wiser to find a safe place to pull over as soon as the problems started however cars are used by a range of users, young and old, wise and foolish. A safety critical embedded system available to the general public should be designed with this in mind. It needs to be rugged, fault tolerant and forgiving
Speaking as software test manager with 16 years of experience I would say that the project manager and the test manager should both be answering some very hard questions. Embedded computers in cars that cover such areas as engine management, traction control and anti-lock brakes are perfect examples of safety critical systems. Such systems require a disproportionate amount of testing using very rigorous risk analysis techniques (I would definitely include FMEA amongst those techniques). These systems are supposed to operate correctly in a huge range of conditions. The idea that one wheel spinning much faster that the other because of a small patch of slippery road under one of the tyres was not catered for or that the system could be placed in the state where it was behaving so erratically is shocking.
At the end of the day, I really wish my car had an error tone – and separate error lamp – for computer-related codes. Whether the code is mechanical, electrical or computer based, my vehicle has one lamp: maintenance required. A lamp that was already on because she needed an oil change.
Not only that, but I wish I knew my car’s computer could “fail” in this mode. I mean, I know how the thing works, but typically it will kick in for 1-2 seconds with a distinctive beeping. Apparently, it only does the beeping thing when it detects a certain kind of traction loss condition. (Beeping occurs when it applies brakes, bot when it is “only” throttling down.)
Should I have known that? Hell yes! Why didn’t I? Nobody ever told me, and it wasn’t laid out in the manual. (At least not remotely so plainly.) Honestly, I wish they covered these issues in driver’s ed. I would gladly pay the money to take a course covering my model of car’s little quirks.
The entire thing was a learning experience. In hindsight, there is lots I should have done differently, many things I’d wish I’d known. But I really do think that there needs to be some serious consideration of “how much knowledge will the people using your device have? Where do they get that knowledge? How critical is that knowledge to the proper functioning of your design?”
And I’d like to meet the civil engineer who designed that intersection. I have questions about how he ever thought it was safe for someone whose car just went splork.
Additionally, for all the folks who are convinced that they'll "just know" when they have a wheel on a (likely very small) patch of black ice: get over yourselves. You won't. Ask any Canadian. The point of it being "black ice" is that you simply cannot see it or detect it beforehand. No matter how superman you think you are. Now, you have some bit of this stuff under a wheel at a red light, there is zero possibility you know that it is there.
That wheel spins out while the other doesn't? On my car, it doesn't make a different sound or provide any different feedback than "regular acceleration from stop." Indeed, it didn't "sit there for a while, then go." Nope, I pushed the pedal, she went forward. Didn't give me grief until the part of acceleration from stop where I should have surpassed 20kph.
So from a user feedback standpoint there simply was no way to know a fault had occurred other than erratic behaviour. It really isn’t a cut-and-dry situation. Thus the question: “who is to blame?” Some blame has to be mine…but how much? What should I have known, and when? Where should I have gone to learn what I needed to know? Where do those resources exist? Why didn’t I have a handly little paper detailing how I could access these vital information resources when I bought my car?
I don’t have solutions, or even a sure place to heap “blame.” Just a lot of questions, and some philosophising.
Oh, and a copy of that computer on order from an online retailer. So I can go over it in the lab with a bloody micrometer.
Let me guess, you use an apple pc?
another story of a user not fully understanding what they are dealing with and trying to push on.
Because everyone who drives a car is clearly expected to know every inch of its construction and mechanical operation, as well as having a complete printout of every line of code in every single computer!
I haven't owned a car for years...
Can't understand all this computer malarkey for a 'horseless carriage'.
Last time I serviced one (my Rover 2000) I had to use a set of feeler gauges to set the points, and adjust the distributor to get the engine running correctly.
Ask the 'yoof of today' to do that, they wouldn't have a clue.
Which is why removing the rotor arm is such a great anti-theft system. In the old days it'd foil a thief by requiring them to carry a spare - but today's ones don't even open the bonnet*.
*that's a 'hood' to you 'merkins.
Surely you mean 'used to be'
Modern cars have fully electronic ignition systems, so don't have any form of rotor arm at all!
Spark is controlled by thyristors (or are they old-hat as well), and directed to the correct cylinder without mechanical intervention. Timing is taken from a some non-moving rotational sensor looking at either one of the cam shafts, or the crank shaft.
I don't mean 'used to be' at all.
My (admittedly old) car doesn't automatically replace its components just because newer cars use a different technology. So it still does use a rotor arm.
OK, my car actually has a basic rotor as well
but it's so old that nobody in their right mind would think to steal it!