

Jaguar recalls 18,000 cars over major software fault - Netadmin
http://www.computerworlduk.com/news/applications/3312860/jaguar-recalls-18000-cars-over-cruise-control-software-fault/

======
vegai
It's frightening how cars' software is bloating up. I would've thought that a
product that very easily kills people if things go wrong would have been under
more scrutiny.

~~~
Nexialist
This is nothing. I work for an aircraft maintenance software company. Last
week I fixed a bug where the system would silently delete a maintenance task
if you clicked the X button on a confirmation dialog instead of "no". This had
not been fixed for three years.

~~~
rohit89
Wow, I thought programs for critical systems went through stringent testing.
Was this bug not fixed earlier because they figured that the probability of it
being responsible for a fatal error was low ?

~~~
Nexialist
The actual on-board software of an aircraft is definitely given a lot of
attention as far as testing is concerned, but unfortunately more indirect
systems, such as maintenance tracking software, is treated pretty much the
same as any other piece of software; which puts it down to the company that
made it to judge how much testing they perform.

In my company, the management puts a higher priority on putting all available
hands on rolling out new functionality than fixing bugs, in order to try and
win new contracts from potential customers. Or at least that's their excuse,
in my opinion there is no such thing as a low priority bug, no matter what
industry you're in.

------
mynegation
Automotive producers in general have pretty high standard of the source code
creation and maintenance. However - the set of guidelines that govern the code
- MISRA (Motor Industry Software Reliability Association), while better than
nothing, are pretty poor. Most of MISRA rules look like they were designed to
be easily checked by automated tools - not to check for real defects. That
situation may have been acceptable 15 years ago, but modern static and dynamic
analysis tools are capable of much more than that.

------
seclorum
My car wouldn't drive without software telling it what to do. I find it very
disturbing that I can't it. I think life-critical software should be open
source by law ..

~~~
yuvadam
Though nothing would delight me more than to be able to hack my cars open-
source firmware, I can't see that happening by a long shot.

Security-by-obscurity is still a - supposedly - valid claim nowadays.

~~~
shabble
Even with open source, I'd be doubtful (and concerned) were that an option.
There's no reason you can't have open source code (available for public
scrutiny/liability purposes), but require that on-road, cars require a
particular signed variant. Sort of the anti-GPL3.

Some sort of public bugtracker/remote update mechanism (again, given suitably
authenticated binaries) would also be nice.

Actually, it occurs to me from watching far too much Top-Gear, that a fair
number of high-end cars have a "Sport" button that does all sorts of things to
your ECU, brakes/suspension/steering controls, and (afaik) is strictly
speaking only legal for off-public-road/private racetrack usage. Having
something similar (and with a log of entry/exit times into each mode for use
in crash investigation)[1] might make it possible to experiment.

Still strikes me as pretty scary though.

[1] And a flashing bright yellow tail-light. To make sure everyone else knows
it as well :)

~~~
robin_reala
The Nissan GT-R (in Japan at least) knows from the GPS where you are and only
lets you engage sports mode at registered race tracks.

------
laluser
Interesting, I guess that's one aspect of software systems that doesn't come
to my mind right away. With the increase in the amount of microprocessors in
each car and as the code behind all that processing becomes more intelligent,
I wonder if these complexities will make cases like this more prevalent.

~~~
shabble
I'm not sure it's so much the quantity of controllers/code, but the quantity
and quality of the interfaces between them.

If I were writing something like this, there'd be a very clear demarcation of
"safety critical throttle/brakes/steering stuff" | "blinky lights and radio"

I suspect that it starts out that way when the engineers are arguing about the
liability issues of going full-throttle at random, but then it becomes
standard, everyone gets a bit blasé, and before you know it the assistant
vice-chairhorse of marketing is talking about how cool it'd be if your radio
gets louder as you speed up.

Even then, I'd be arguing in favour of something like a data diode[1]. I can't
think of any non-critical system that should have input to the cruise
control[2]

[1]
[https://secure.wikimedia.org/wikipedia/en/wiki/Unidirectiona...](https://secure.wikimedia.org/wikipedia/en/wiki/Unidirectional_network)

[2] Of course, if it did, I'd claim it was by definition now a critical
system. :)

~~~
regularfry
> If I were writing something like this, there'd be a very clear demarcation
> of "safety critical throttle/brakes/steering stuff" | "blinky lights and
> radio"

As an ex-blinky-lights-and-radio tech, I can assure you that they are clearly
separated.

Admittedly, my experience is limited to BMWs, but there's enough shared
knowledge across the industry about the Right Way to do this stuff that I'd be
surprised if Jaguar had made that mistake.

~~~
topbanana
I have heard that there are separate buses for these things, but how does
information propagate between them? For example, if my ABS fails, how does it
pop up into the service menu on iDrive?

~~~
regularfry
The instrument pack in the dashboard is connected to both buses. It needs
real-time data from the drive systems to display speed and so on, so it's used
as a hub.

------
est
In next five years could we see cars updating their system software over WiFI?

~~~
roel_v
BMW already does this (others too I guess, I don't know), although not over
WiFi, but over a GPRS connection. You pay a yearly fee for data costs, it also
transmits data on car health back to your dealer so that they know when to
call you to make an appointment for maintenance.

~~~
topbanana
I recently had a problem with the turbocharger unit in my car. The local techs
couldn't figure it out so they just patched in a remote engineer in Germany. I
was impressed.

------
eftpotrm
Stupid question time. Why couldn't the driver put the car into neutral and
coast to a safe halt to restart the system?

(Obviously though it's an issue that needs fixing!)

~~~
roel_v
Much of the shifting is done in software also; for example on my car I can't
go from 'drive' to 'reverse' if I'm driving too fast, and I'm not sure if
moving the shift stick into neutral has any mechanical effects or if that too
is just a signal to the controller who then (electronically) drives the gear
box. Which makes sense I guess from the point of preventing damage, but it
does cause the software to become a single point of failure.

