Gregory's Server|
11 comments
 @kentindell @ashmueli @nuthatch @danluu I would hope a problem with actual safety while moving is the root of this. Being stranded could be a safety issue. Vehicles have been computerized for decades and have always had a limp home backup for this reason. I would regard this as a design problem. My career covered analog to bus systems. @kneworldodor @kentindell @nuthatch @danluu Exactly. It’s a design problem and, unlike, say, space flight, car designers have the option to allow for grounding the car. The question now is, what are the tradeoffs behind this particular case. @ashmueli @kentindell @nuthatch @danluu the specifics are important and I might agree with a shutdown if I knew them. I see no reason that most systems can't shut down or resort to an open loop program 99% of the time though. If it's related to protecting from electrical fields during reflash or network access so it doesn't get bricked during update then it's a stupid mistake. @kentindell @ashmueli @nuthatch @danluu nd of course this could easily be a hardware fail and AFAIK cars don;t use secondary redundant hardware and evne if they do and a primary hardware fails, you'd still ground the car when stationary  @peterainbow @ashmueli @nuthatch @danluu There is often redundancy: ECC memory, lock-step CPU cores, multiple bus paths. The silicon has fault injection for built-in tests at start to check this. @kentindell @ashmueli @nuthatch @danluu that's not the case on the older gneration of car computers, but i'm guessing things have moved on, any pointers to where i can learn more ( jst for learning sake ), finding the search engine world pretty much borked again these days lol @peterainbow @ashmueli @nuthatch @danluu Yes, search is grey goo now. But I can point you at a blog post about updating firmware in cars. https://kentindell.github.io/2023/04/18/get-your-app-to-mars/ @kentindell @ashmueli @nuthatch @danluu oh i've done some of that from pi's and webcams to printers and even connecting to FIAT ECUs, but 2000ish models did not have ECU redundancy at all, just wondering if that's changed. obviously they probabky use the backup swtchover flash system, but if something fails (hardware) then that's it and as a firmware dev there are diminishing returns in showing the end user low level error info, better to go for the don;t panic general error screen as seen above  @kentindell @peterainbow @ashmueli @nuthatch @danluu at the same time, your own blog header overlays the text underneath so the first line can't be read. Software is hard. (The blog post is super interesting in any case) @stooovie @peterainbow @ashmueli @nuthatch @danluu There’s a reason I stick to embedded systems. They have their own specific challenges but the crud piled on crud that is the modern web computing stack is a whole different thing. This is particularly why I won’t take shit from web developers who think they know how to engineer cars. |
@kentindell @nuthatch @danluu Are you saying there are no tradeoffs in engineering? Are you saying there are no tradeoffs in automotive engineering? Are you saying this screen, displaying an error message designed to fit the situation, is somehow not subject to tradeoffs in engineering?