Gregory's Server
@danluu Atomic updates and rollbacks seem to be foreign concepts to the car industry.
|
8 comments
 @eliasp Or even running two OS'es side by side, so the other can take over if one fails for whatever reason. If NASA can do this on Mars rovers twenty years ago, I'm sure it's not too much of an ask now. @collectifission @eliasp Even cheap motherboards for computer desktops have two bios chips in case the main one gets damaged or corrupted during a bios update. Imagine spending a $20k or more for a car that gets broken because the manufacturer couldn't spare a few cents on a backup ROM. @ElTico @collectifission @eliasp That's not always true. Only some motherboards have that feature of dual BIOS. In fact, its how I got my current motherboard for my PC for Β£20. It was 'faulty' no boot, and couldn't get into the BIOS, and didn't have the flash from usb drive feature either. I used an EPROM programmer to reflash the chip, and it booted right up. no dual BIOS to save the day. @eliasp @danluu Many faults can actually be cleared by changing the terminal 15 (switching off) or are then only historically in the fault memory. I can't say exactly what's going on here, I'm more familiar with German OEMs, but normally each control unit has its own SW. I can imagine that something in a very important unit (drive control unit/pulse inverter/battery) may have failed during the OTA update or the communication is no longer error-free. |
@eliasp @danluu it is likely that the design of the system makes it so that simply slapping on a second system partition for rollbacks is not enough. In fact it may be already present there.
The car runs a network of computers running a variety of systems. The display in the photo might be a QNX machine running an Android VM and these two systems need to coordinate their updates.
#BrokenByDesign