Cars that are four years old are suddenly bricking because of a code-related quirk that's burning out flash drives. Tesla does not support right to repair and has actively fought it and is not beholden to the same rules as every other auto manufacturer.
The issue is with a flash storage chip called the eMMC that is embedded on a board called the MCU1. According to experts who have studied the problem, Teslas are writing vehicle logs to this flash storage chip so much that it eventually goes bad. The issue has been known in the Tesla community since at least May, when Tesla repair YouTuber Rich Benoit spoke to another Tesla repair professional named Phil Sadow about it in a video.
"Tesla's got a problem. They create so many logs in the car, they write to [the chip] so fast that it basically burns them out. They have a finite amount of writes," Sadow said in the video. "When this burns out, you wake up to a black screen [in the car's center console.] There's nothing there. No climate control. You can generally drive the car, but it won't charge."
(Score: 1, Interesting) by Anonymous Coward on Tuesday October 15 2019, @11:55PM (6 children)
Guessing that the flash memory isn't on an SD card or USB stick. If it was, this would be a non-problem.
Oh well, I guess Elon does have some bean counters after all.
(Score: 0, Disagree) by Anonymous Coward on Wednesday October 16 2019, @12:44AM (1 child)
Tell that to the pile of brand SD cards my barely used RPis killed.
(Score: 1, Informative) by Anonymous Coward on Wednesday October 16 2019, @01:44AM
I think the parent AC means that if it was an SD card, it wouldn't be a problem because you could just pop in a new one.
(Score: 2) by wisnoskij on Wednesday October 16 2019, @12:10PM (2 children)
It's on an eMMC chip, which is a form of fast flash memory like an SD card, but far faster and more expensive. I am pretty sure the "e" does stand for external, so it should be replaceable without solder. But you will still need Tesla to image the card if you did not take a backup before yours crashed.
(Score: 0) by Anonymous Coward on Wednesday October 16 2019, @01:19PM
e is for embedded
(Score: 2) by richtopia on Wednesday October 16 2019, @01:46PM
e is fo Embedded: https://en.wikipedia.org/wiki/MultiMediaCard#eMMC [wikipedia.org]
This is the same type of storage used in smartphones, and is almost always soldered to the board.
(Score: 0) by Anonymous Coward on Wednesday October 16 2019, @07:53PM
From TFA it sounds like these chips are replacable since Jason Hughes says he has repaired twelve boards that failed due to this issue in the past month.
I'm sure Tesla is using an off the shelf part here. eMMC chips are readily available from electronics distributors... so assuming you can find one with a compatible footprint this doesn't sound like a huge deal to repair.
Sure, Tesla should get their shit together so things don't fail faster than they should but every car has parts that need replacing once in a while...
(Score: 2) by Bot on Tuesday October 15 2019, @11:55PM (3 children)
>Tesla does not support right to repair
- citizen
- what
- need money for electric car
- why
- for the environment
- well what about taking the two tonne suv out of the narrow european city streets where they make no sense whatsoever?
- electric car
- all right
- here is your new car
- cool, but it stopped working, maybe that 35 eur worth of ssd is kaputt, do you have an image so i can...
- you cannot
Account abandoned.
(Score: 1, Insightful) by Anonymous Coward on Wednesday October 16 2019, @02:20AM (2 children)
Final nail in Tesla's coffin. Why spend a small fortune (in USA) or a grteat fortune (outside USA) on a car that isn't even under your control? Random updates. Elon's kind choice to boost your range, or not. Now rubbish components that ONLY they can replace. And I though Apple were a bunch of *holes.
It is a great pity that the Leaf: i) has abysmal range ii) is made by Nissan. Where I live the official Nissan dealers don't even carry Leaf, we only get used imports from overseas (2 sources), so not the latest leading edge models. But they're everywhere.
(Score: 3, Interesting) by exaeta on Wednesday October 16 2019, @02:57AM
The Government is a Bird
(Score: 1) by nitehawk214 on Wednesday October 16 2019, @04:23PM
This is the same as most other businesses. Turning from providing products to providing services.
Tesla wants it both ways. All the up-front cash from a sale with all of the recurring revenue and lock-in of a lease.
"Don't you ever miss the days when you used to be nostalgic?" -Loiosh
(Score: 4, Interesting) by Rosco P. Coltrane on Wednesday October 16 2019, @12:19AM (8 children)
They're both great, expensive, someone else pushes software on them without your knowledge, they collects data on you, they can't be opened and repaired, and they're not designed to last.
I still have a cheap, reliable dumb phone. Can you guess what type of car I drive? :)
(Score: 4, Interesting) by anubi on Wednesday October 16 2019, @12:34AM (2 children)
If you are like me, I drive an old Ford diesel, International Harvester 7.3L IDI engine. Purely mechanical.
No computer. Everything gear driven. It's all rods and gears all the way to the tires. The transmission is electronically assisted, but can be dropped to control via toggle switch if need be.
I will build my own Arduino for it later. Just to do things like fuss at me if I turn the engine off and I didn't put it in PARK first.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 3, Interesting) by dry on Thursday October 17 2019, @05:30AM (1 child)
Yep, I had a diesel Nissan truck, previous owner had replaced the kill solenoid with a cable, so given a hill to start it on, didn't need a battery to run, though to be legal it did. As a kid, my Dad acquired his first car, a '37 Morris and couldn't afford a battery for 6 months. With a generator instead of an alternator and a crank start, it was fine, though the lights were dim at idle.
(Score: 1) by anubi on Thursday October 17 2019, @10:18PM
Sure gives you an appreciation for simplicity and elegant design. One guy used a 4WD variant if this design, with an an air snorkel, in jungle areas. It would run underwater if it had to.
Just make sure no water got in the intake. Diesels hydrolock easily. High compression engine. Not much clearance.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 2) by coolgopher on Wednesday October 16 2019, @07:02AM (4 children)
I too had hoped to stick with a "real" car for many years, but some eggnog asshat hooned into it while it was parked on the street, and it got written off. So now I've reluctantly got a car with too much electronics. At least it has a regular OBD-II interface, so I can get at those bits should I need to. And paying five bucks for the interface adapter didn't break the bank. Time will tell how much the electronics fails though.
(Score: 0) by Anonymous Coward on Wednesday October 16 2019, @07:53PM
if it were me and money was not an issue i would just change all the sensors every 100-150k.
(Score: 1) by anubi on Thursday October 17 2019, @10:27PM (2 children)
"I too had hoped to stick with a "real" car for many years, but some eggnog asshat hooned into it while it was parked on the street, and it got written off. "
Oh man, that's gotta hurt.
Old worn out cars no one wants aren't worth much.
But a loved car is extremely valuable to the one who loves it.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 2) by coolgopher on Friday October 18 2019, @12:46AM (1 child)
So much this. My old car was worth far more to me than it was possible to insure it for. Cheap and reliable, and the only issue I ever had was a flat battery a couple of times when i hadn't driven it for a few months.
Oh well, here hoping the replacement holds up just as well. Not enamoured with the auto transmission, but apparently just about nobody has been buying manuals lately.
(Score: 1) by anubi on Saturday October 19 2019, @01:20AM
I certainly understand.
I adopted my old Ford Diesel for similar reasons.
It has a solid family history of being reliable, inexpensive, and ability to take on damn near anything. This will be the last vehicle I ever own. By now, I have come to my own conclusions as to what is important, and what is not.
Theatrics and Presentation don't rank very high.
Predictability and reliability are at the top.
It's a huge beast, comfortable, kinda noisy, rides like a cow. And I know it will get me there and back. In one piece. My biggest fear is when I get there, where do I park it?
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 3, Interesting) by anubi on Wednesday October 16 2019, @12:23AM (3 children)
This was my first personal experience with how many times flash memory could be overwritten.
It made a profound impact of how I code around flash memory.
This is only one of the seasonings that make up an experienced Craftsman of the art.
It's a shame that Tesla did not have anyone on staff that knew about this.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 0) by Anonymous Coward on Wednesday October 16 2019, @12:28AM (2 children)
It was designed to fail near the end of warranty so Teslalala could squeeze more money out of the suckers that bought it.
(Score: 1) by anubi on Wednesday October 16 2019, @12:58AM (1 child)
I'll wait till it's carcasses litter the junkyards, then from those scraps, build something that works more reliably than its predecessor ever did.
But, for now, let the men of the suit buy flashy unreliable stuff and make pretty junk. The rest of us can't afford it. Not do we trust it. When one gets that high up, they often seem to think they are above the laws of physics. Statistics eventually puts them in their place. It sickens me to see how much waste and woe we bring upon ourselves by both greed and ignorance.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 2) by fraxinus-tree on Wednesday October 16 2019, @07:44PM
>I'll wait till it's carcasses litter the junkyards, then from those scraps, build something that works more reliably than its predecessor ever did.
That's how the Real Men get their cars anyway.
(Score: 5, Interesting) by Anonymous Coward on Wednesday October 16 2019, @12:54AM (4 children)
OB DISC: I work in the car industry (electric, not Tesla).
I see lots of logs being written (daemons run in verbose mode, compiled in that way) at my company and I've called them on it, to no avail. Yes, flash will wear out and we do replace the ECUs that wear out (so far).
I'm betting its junior 'app' developers who are leaving verbose debug on. Sadly, its a low-margin industry and they are all cheap (all the car companies), so they tend to hire young, inexperienced coders. On linux, they can enable verbose mode and they don't 'get it' that they should not do that on production code.
Sad truth, this is about the whole new generation car companies, not just T.
(Score: 5, Funny) by Anonymous Coward on Wednesday October 16 2019, @01:04AM (3 children)
If the auto industry had developed technology like Microsoft did software, we would all be driving cars with the following characteristics:
1. For no reason whatsoever, your car would crash twice a day.
2. Every time they repainted the lines in the road, you would have to buy anew car.
3. Occasionally your car would die on the freeway for no reason. You would have to pull to the side of the road, close all of the windows, shut off the car, restart it, and reopen the windows before you could continue. For some reason you would simply accept this.
4. Occasionally, executing a maneuver, such as a left turn, would cause your car to shut down and refuse to restart, in which case you would have to reinstall the engine.
5. Macintosh would make a car that was powered by the sun, was reliable, five times as fast and twice as easy to drive - but would run on only five percent of the roads.
6. The oil, water temperature, and alternator warning lights would all be replaced by a single "This Car Has Performed an Illegal Operation" warning light.
7. The airbag system would ask "Are you sure?" before deploying.
8. Occasionally, for no reason whatsoever, your car would lock you out and refuse to let you in until you simultaneously lifted the door handle, turned the key and grabbed hold of the radio antenna.
9. Every time a new car was introduced, car buyers would have to learn how to drive all over again because none of the controls would operate in the same manner as the old car.
10. You'd have to press the "Start" button to turn the engine off.
(Score: 3, Insightful) by choose another one on Wednesday October 16 2019, @08:20AM
>10. You'd have to press the "Start" button to turn the engine off.
You can tell how old the recycled satire is by which bits have turned into reality. In a modern car you do of course push the "start" button to stop the engine as well, and no one thinks it's weird or funny or even cares ('cept for a few Luddites like me who damn well want a physical key). Windows was actually just ahead of it's time, for once.
https://mycardoeswhat.org/safety-features/push-button-start/ [mycardoeswhat.org]
(Score: 0) by Anonymous Coward on Wednesday October 16 2019, @04:57PM
Sooooooo... a Jaguar?
(Score: 2) by istartedi on Wednesday October 16 2019, @07:52PM
11. The car would have a motor capable of generating 2000 hp, but would barely be able to keep up on the freeway. Why? Because building good transmissions is a hard problem so we'll just throw more hardware at it.
Appended to the end of comments you post. Max: 120 chars.
(Score: 4, Interesting) by Anonymous Coward on Wednesday October 16 2019, @01:02AM (12 children)
What is this, amateur hour?
It's disturbing to hear this. This is a well known issue that you can burn up most flash storage cells quite quickly due to "logs" or more specifically, incessant writing. TRIM doesn't seem to make much difference and using an over provisioned larger capacity unit is like trying to fix a memory leak by 'just adding more RAM' --you only slightly slow down the problem. This is why so many 'embedded systems' don't enable logging by default, because duh. The majority of the plain consumer SSDs I've used that have died in servers, was due to high volume of incessant logging, so it's not like this is uncommon. I've had to either disable local logging, or revert back to mechanical spinning rust, etc. Of course, no salvation for RAID-1, because mathematically, duh. In the case of a car (I mean, these fucking computers on wheels), both transmitting raw logs over a network or mechanical HDDs is equally a terrible idea, but writing out a high volume of logs to flash storage may be worse. For as much fucking money as those damn things cost, this not just an engineering fail, but shitty business as well.
(Score: 5, Insightful) by Anonymous Coward on Wednesday October 16 2019, @01:55AM (2 children)
Quality is down across all industries.
Agile! Minimum Viable Product. Don't goldplate. Fuck upfront design, JUST HACK SOMETHING TOGETHER! You can fix it in a later iteration... if anyone notices... and did I mention, Don't goldplate! The definition of quality is delivering functionality the customer can use immediately. Don't spend time creating functionality the customer didn't ask for.
This is the bullshit messaging we received at the latest company all-hands. The technical staff was overwhelmingly still in school or a couple years out. They don't know any better than to believe this is actually anything other than a corporate commandment to shovel shit out the door.
I work in the tech industry, but apparently Elon runs his car company like that.
(Score: 3, Interesting) by Anonymous Coward on Wednesday October 16 2019, @02:32AM
They also refuse to return replaced parts to the customer, which they are
required to do if you're in California.
(Score: 1) by anubi on Saturday October 19 2019, @01:37AM
That's the reason the modern business leadership types want us old goats out of the workplace.
We have personally tasted the fruit of poor workmanship, especially at the design level, and the common decency ingrained in many of us makes us see this business model as repugnant.
Whatever you do, do it right. As far as I am concerned, doing crap work is a major sin. Sin against God, Sin against my fellow man, even Sin against the Earth, committing perfectly good resources to waste.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 2) by sjames on Wednesday October 16 2019, @02:53AM (8 children)
They must be doing crazy verbose logging. Sure flash has a limited number of erase cycles, but I have found that even on test systems where I haven't made much effort to minimize logs (but didn't maximize them either), the flash will last many years without issue. I have a number of old Linux boxes running on flash where I really didn't do anything special that have been running longer than 4 years, even without wear leveling. That's with no-name flash.
Of course, I knew very well that isn't the right way, but they're test devices for internal use, not expensive consumer products, and I'll bet that if one actually does wear out, it'll be easier to swap out than a Tesla's flash.
(Score: 1, Interesting) by Anonymous Coward on Wednesday October 16 2019, @05:30AM
We had this slip one of the departments once. The damn things shipped with "set -x" as well as "-d" and "-v" arguments passed to a couple of programs. Turns out, someone fixed a bug with all the logging on, and then committed the image with all those still turned on. Then, because it was a release blocker close to the ship date, the commit was approved without the reviewers noticing either. So much more expensive when production had to be stopped, everything retested, replaced, reflashed, and then production restarted. I can't really describe how much money that commit cost us and a 15-second review could have saved.
Part of the problem was compounded by the verbose logging takes up more room, which causes more disk pressure and write amplification, even with rotation.
(Score: 3, Informative) by Immerman on Wednesday October 16 2019, @02:00PM (6 children)
Logging has another unusual property compared to most file I/O: if you're doing it properly, you're flushing the cache after pretty much every write - otherwise any software crash will wipe out the last many log outputs before they're actually recorded to permanent storage, rendering the log all but useless for locating some of the most challenging debugging issues.
Combine that with the fact that logging is typically a sequence of very small writes of a few tens of bytes at a time, and that flash memory can only write an entire cell of usually a few kB at a time, and you can easily get a hundred-fold write amplification for logging versus recording the exact same data via more typical file I/O operations.
Now, a good modern logging library should probably have an option to disable the constant cache-flushing to avoid that problem when used on flash storage systems, especially with embedded systems, but it's not exactly an obvious problem. Far less so than someone having left verbose logging enabled.
(Score: 3, Interesting) by sjames on Wednesday October 16 2019, @06:11PM (5 children)
Really, if extensive logging is needed and it's important that entries be committed immediately, a more custom solution is called for. Flash has the characteristic that erasing is only needed to change a 0 to a 1. If you only need to write existing 1s to 0s, you need not erase first. I know that nor flash devices such as those used as boot ROMS support that, not sure about MMC.
(Score: 2) by Immerman on Thursday October 17 2019, @02:11PM (4 children)
What are you suggesting?
Due to hardware limitations you can only write the entire block at once, and you have no control over which block you're recording to (eMMC implements wear leveling) about the only thing that you can be sure of is that if you try to write a single bit, that what you'll actually do is copy the entire block to a new block, with one bit difference.
Even if you use something without hardware wear leveling (SD, most USB keys, etc), I think you'd be fighting a losing battle. You could try to design your logging so that it's encoded in a "mostly 1's" format, but that doesn't help with the bits that end up being zero many times in succession. And once one bit in a cell goes bad, then your problem becomes much more challenging.
I think a better solution would be battery-backed hardware cache - even just a few cells worth of cache would eliminate the 100x write amplification.
Come to think of it, I'm not sure if normal hardware cache is flushed by a typical software-cache flush. I'd guess probably not, which makes my entire point way off-base.
Still, I would say that the proper solution if you need to do a whole lot of logging to flash, is make sure that the inevitable flash failure won't cause problems for the rest of the system (e.g. use a separate, easily replaceable flash drive for logging, and make sure write failures don't cause problems with the rest of the system), and if you need longevity, make sure that old logs are cleaned out regularly so that the drive is always mostly empty (to minimize write amplification from moving data around for wear leveling). Logging generally doesn't need anything high-performance, so that's unlikely to cause major cost problems.
(Score: 2) by sjames on Thursday October 17 2019, @06:38PM (3 children)
A more custom solution would be a flash that allows more low level control than an eMMC. For example, a NOR flash such as you would find as a boot rom in a PC WILL allow new writes to a block that hasn't been erased.
I implemented such a set-up (but not for logging), on a NOR flash where the erase block was 1MB in size. I logically divided the flash into 16 byte paragraphs with chained metadata. The first byte specified status and a paragraph count. The value 0xff "just happened' to be the flag for unused. If the top bit was zero, then bits 0-5 was a paragraph count and the following 3 bytes specified an ID number. To 'delete' a record, but 6 could be cleared.
That allowed new records (considerably smaller than the erase size) to be freely appended and old records to be 'deleted' without an erase. When an erase block was fully written and the last record deleted, the block could be reclaimed by erasing it.
It MAY be possible to do something similar with NAND flash, but it would require replacing the state machine on an eMMC with a custom one that wouldn't do the blind copy and erase of the whole block.
Cache details are processor specific. Some embedded processors don't do write-back caching at all, others either require a special write-through opcode or in cases like x86, setting an MTRR for the flash region to write-through or uncachable.
In the case I worked with, there would be few enough erase cycles that bad cells were extremely unlikely. In a case where there would be more, a solution looking a lot like either the bad block mechanism in the original FAT filesystem (back when all HDs had visible defects) or sector re-allocation like newer drives implement.
Battery backed static RAM would be another potential solution. Probably easier and cheaper to implement but less robust against physical damage.
Failing all that, a separate logging SD card would have been good. Add the ability to detect when a blank is inserted and automatic formatting so anyone could do the swap-out.
(Score: 2) by Immerman on Friday October 18 2019, @06:24AM (2 children)
Intriguing. For log files, where you never alter data after it's recorded, you could get even simpler - designate 0xff as the "end of file" character and just keep appending new data. That could eliminate the write amplification entirely.
I suspect though that for the price of such custom flash you might be able to buy a much larger mainstream flash chip - quite possibly large enough to overwhelm the write amplification through sheer capacity.
(Score: 2) by sjames on Friday October 18 2019, @09:25AM (1 child)
I got curious and checked some datasheets (example [cypress.com].
It looks like the solution wouldn't need to be so custom. The example at least suggests that that family of devices can be convinced to perform the necessary re-write without erase. It didn't take a lot of effort to find it, I just picked the first device I came across at Mouser that offered a datasheet.
It was so easy that it suggests Tesla's problem was an insufficiently experienced engineer jumping to the new shiny, not knowing how to manage the hardware, or not knowing what to do without an existing filesystem to manage the metadata.
(Score: 0) by Anonymous Coward on Friday October 18 2019, @08:11PM
I've done it for products containing embedded microcontrollers (Cortex M4's from ST, also from Cypress).
It's not complicated, but you do have to roll your own equivalent of a file system.
(Score: 0) by Anonymous Coward on Wednesday October 16 2019, @05:26AM (6 children)
All cars have problems. Tesla problems seem to make headlines more often. Is this because they are "bad", or because they make better click-bait?
(Score: 4, Interesting) by ledow on Wednesday October 16 2019, @07:44AM (5 children)
Generally, I find the class of problems that Tesla exhibits much more worrying.
One guy hacked the infotainment system to run arbitrary code, that could also control the steering. That just shouldn't be possible.
The flash here controls the battery charging - flash dies, no more car. Imagine how that's gonna hit the second-hand market for these things. And again, a design flaw that just shouldn't be possible... the charging should be able to continue even without the flash working.
More minor ones are that the boot (trunk) of some models literally just empties any rainwater straight into the boot, for example.
But it's the class of problem that's most telling - that the steering control is accessible from the infotainment system (that contains a web browser!). That the computer is inherently linked to the most basic charging capability - which makes me question what happens if the battery ever does really go flat after being in storage a long time (of course, they'll say "That can't happen"). That nobody has ever got the car wet and checked the seals are operational (or just doesn't care).
By comparison, my own 2016-model car has been recalled twice... once for a one-in-a-million possibility that if you totally abuse the gearbox for years on end and destroy it, then ignore all the warning noises, then keep driving hard, that it *might* catch fire. That's not something you can combat in a design easily, and it doesn't show an inherent design flaw, as such - they fix it by warning you when it detects a destroyed gearbox and telling you to not be a prat. The other was that if after-market batteries leak and form a copper-sulphate path all the way down to the metal battery shelf (some six inches), it might short onto a component below it beyond a fuse. They fix it by moving the fuse location so that area is fused. Small things, coping with extraordinary situations, that aren't the fault of the original manufacturer, and are easily resolved in 5-10 minutes.
Tesla's classes of problems suggest to people like myself that they have "designed" it like Apple is "designer" (i.e. shipping boxes without any fingerholes, placing iPads screen-up on the very top of unprotected shipped boxes, constant iCloud prompts if anything goes wrong that you just can't stop or do anything else while they're appearing, iMacs that have a flat, un-feel-able power button on the rear of the unit, etc.) Not "design" as in "we have tried to make this work well, fit into its intended use and environment, and operate in a way that users understand".
(Score: 4, Interesting) by choose another one on Wednesday October 16 2019, @10:29AM (4 children)
Not juts Tesla.
My 2000-model car (nearly 200k on the clock) has never been recalled for anything, it's now about to be scrapped because relatively expensive things (e.g. DMF) are starting to fail, I'm not a car mechanic and paying to get it fixed up again just doesn't make economic sense. That era of cars is about the peak for longevity and maintainability according to my mechanic, and I believe him. Stuff built in the last decade has been cost-cut and value-engineered on every single component and tweaked to the max for emissions over reliability: "falling apart as soon as they come out of warranty, or even before" (the words of the guy who fixes them).
Modern cars now go into "limp" mode at slightest sign of trouble. Exhaust filter clogs up - car won't start, 1000s to fix. Keyless entry "security" systems mean cars are easier to break in to now than in the bad old days when you just had to hook a coat hanger onto the lock button.
In EVERY (I think it's mandatory most places) modern car the infotainment system sits on the SAME bus (CAN bus) as engine, transmission, security and, yes, the steering - if steering is auto controllable, it's on the bus. CAN bus stuff isn't built to operate in insecure environment - each bit of kit just trusts the bus.
(Score: 4, Interesting) by ledow on Wednesday October 16 2019, @11:49AM (3 children)
Ford Mondeo (called Fusion in the US), 2016 to current model (and many previous models, but I actually own a 2016 model from new that I can speak of).
Infotainment is on the same circuit as aircon, and nothing else.
How I know - I pulled the whole thing out when it was faulty, car operates faultlessly, just no aircon. It went wrong while I was driving - no problem except the satnav freezing, the music stalling and the aircon turning off. You can even pull the whole infotainment box and replace it with Android, but if you want OBD on that Android, you have to plug in a cable to the OBD port separately.
The buses are isolated on any *sensible* system. OBD on my car cannot tell you anything about GPS, etc. because that's in the infotainment system. Tire pressures, engine values are on the ECU system and you can't pull them from the infotainment.
Even has two separate wiring looms to the steering wheel - left is car control (cruise control, etc.), right is infotainment (voice recognition, volume, next-track). They are entirely separate.
(Score: 2) by choose another one on Wednesday October 16 2019, @02:23PM (2 children)
It may look like separate buses (sometimes there are fast/medium/slow buses) but there is usually a gateway point tying them together - varies between mfrs. where this is.
Tesla has autopilot which steers according to where the car is, hence satnav _must_ be connected to steering. Not just "autopilot" though - "park assist" systems (definitely on other cars than Tesla) also _must_ control steering and are usually controlled _by_ the infotainment system.
Really to have the separation you desire (and it's not a bad thing) you need one set of levers/buttons/screens for "control the car" - which includes parking, navigation etc. - and one set for other stuff like phone calls entertainment and web browsing. That means when you want the music changing you ask your passenger who has access to the entertainment controls. As the driver you do not need infotainment - because you are driving the ****ing car. Good luck getting drivers to adjust to that way of doing it though.
(Score: 2) by toddestan on Thursday October 17 2019, @03:20AM
Actually, Tesla's autopilot, as far as I know, doesn't use GPS. It's more an advanced cruise control and lane keeping system. It just uses its cameras and radar to keep tabs on the lane markings and other vehicles and such and tries to maintain a set speed. Much like the very simple cruise control in my 20 year old car, it doesn't need to know or even care where it is.
That doesn't of course doesn't mean the Tesla still doesn't have a link between the steering and the infotainment system.
(Score: 2) by Immerman on Thursday October 17 2019, @02:20PM
Alternately, you need a *very* secure choke-point/firewall between the systems.
E.g. the infotainment/automated system *interface* has zero direct control over the car's primary systems - but it can still receive data from them, and send short fixed-size "command words" that can be thoroughly audited before being passed through. E.g. "turn on/off autopilot" "go to these coordinates", etc.
Of course in reality we're talking about a car that routinely downloads updates to it's entire operating system over the internet without any option for user intervention. That sets the security bar pretty low to begin with.
(Score: 0) by Anonymous Coward on Wednesday October 16 2019, @05:21PM (2 children)
People maintain old cars. I even once saw a Model T stopped at a 7-11 for gasoline.
This simply can't happen with a Tesla. You could keep one going if you replace 100% of the electrical components, but that wouldn't be a Tesla. It would be a Tesla shell worn as a costume on some other vehicle.
(Score: 0) by Anonymous Coward on Wednesday October 16 2019, @08:02PM (1 child)
I wonder if that Model T had its original engine, transmission, suspension... or if it was running something a little newer under the hood.
(Score: 2) by Luke on Thursday October 17 2019, @04:34AM
My T still has the same engine first installed in 1925...