
The Engineer’s Lament - nate
http://www.newyorker.com/magazine/2015/05/04/the-engineers-lament
======
patio11
There's a _very_ strongly held opinion in certain places in central Japan that
the Toyota sudden acceleration issue has _at no time ever_ actually been a
true statement about engineering reality, and that it has been at all times an
outright fabrication on the part of the American government to protect the
domestic auto industry which is presently owned by the American government.

I would be more skeptical of this but for the reports coming out from the NHTS
confirming "Yep, there is no there there" combined with the multi-billion
dollar fines. It has the appearance of it just _not mattering_ whether there
were any faults in the vehicles.

~~~
sjg007
There was a court case later that investigated the firmware of the drive by
wire throttle control system software. Basically, design choices in the
software implementation couldn't rule out the software as the source of
unintended acceleration. All bets are off after stack overflow and continued
execution.

Also the "brake override" wasn't a feature included at all which one could
argue should have been part of the design.

In fact, software for car control systems should go through the same rigorous
testing, documentation, control etc... (similar to what is required for FDA
medical devices).

More: [http://www.edn.com/design/automotive/4423428/Toyota-s-
killer...](http://www.edn.com/design/automotive/4423428/Toyota-s-killer-
firmware--Bad-design-and-its-consequences)

~~~
vilhelm_s
The court case showed that the throttle control programming was shoddy in
various ways, but I don't think they demonstrated any observably buggy
behavior, let alone any proof that software faults were behind any particular
accident.

I think it's also quite possible that there never were any abnormal unintended
accelerations, but the media debacle caused people to carefully investigate
the cars, at which point they discovered that the programming was bad.

~~~
pnathan
They actually demonstrated buggy behaviour, as well as the number of paths
that could lead to that behaviour (very large).

------
stillsut
My 'Bait & Switch' light turned on half way through:

The author tries to move between mech-eng analysis (under controlled
experimental conditions) - "what happens to this piece of metal in a 25 mph
crash? how about 30?" vs. social-science analysis - "what happens to crashes
when the state changes the excise tax on alcohol?"

It's not like there could be any confounding variables between states Oregon
vs. Kentucky, the 1970's vs. the 1990's etc. It's all just data and engineers,
right?

~~~
eric_h
This article was written by Malcolm Gladwell. He frequently does that sort of
thing in his books/essays.

------
chiph
The Pinto wasn't an engineering failure ("it was a two-thousand-pound car on
the road with four-thousand-pound cars. It got hit. It lit up. What do you
expect?") but a Public Relations failure.

Jason Vines was the PR guy for Ford during the Firestone/Explorer disaster.
And he had one guiding principle: Don't blame the customer. Which is what
Toyota did with the unintended-acceleration problem.

[http://www.amazon.com/What-Did-Jesus-Drive-Christianity-
eboo...](http://www.amazon.com/What-Did-Jesus-Drive-Christianity-
ebook/dp/B00O70IM1I)

"PR in a crisis cannot be cleaning up after the elephants in a parade. The PR
team needs to have a seat at the table before, during, and after a crisis."

~~~
stephengillie
The engineering failure (as told to me by a college case study) was that there
were exposed bolts directly in front of the gas tank, so a collision would
almost always lead to a puncture, especially in a rear-end collision.

The fix was a 2-ounce, $2 piece of square plastic - it would cover the bolts,
providing a flat face for the gas tank to impact the support beam. But Ford's
leadership (Iacocca?) were too sold on the "sub-2000 pound car" and didn't
allow this plastic piece, along with a ton of other features that were removed
from the design.

~~~
scarmig
The article suggests, though, that other compact cars had a similar bumper and
fuel tank design, including sharp objects near the tank. The issue wasn't
unique or exceptional. The one cherry-picked metric that came out of it was
that the Pinto experienced puncture for rear end collisions at a marginally
lower speed than other cars, and, after regulations were put in place to
increase that minimum, fatality rates were not affected at all.

Any fatality effect is noise compared to the other causal factors in fatal
accidents: highway design, speed, weight of the objects of collision, level of
alcohol intoxication. And even factors within Ford's control trumped the Pinto
gas tank design in importance. It's just that one particularly grisly and
tragic death makes for some really bad PR.

Disclaimer: I've got no knowledge of the Pinto case besides hearsay and what's
in this article.

~~~
sitkack
Shouldn't you have put the disclaimer first? Gladwell has cherry picked
reality to weave the narrative he wants.

~~~
hnnewguy
I trust Gladwell and his research and interview access more than I trust your
blanket, ad hominem dismissal of his work.

~~~
thaumasiotes
Unfortunately, this attitude is unjustified. Gladwell does research, but he'd
be basically as reliable if he didn't bother. He doesn't use or understand the
research he does.

------
tunesmith
This is really weird, I thought it was established that the Toyota
acceleration WAS a phenomenon brought on by faulty microprocessor design:

[http://www.edn.com/design/automotive/4423428/Toyota-s-
killer...](http://www.edn.com/design/automotive/4423428/Toyota-s-killer-
firmware--Bad-design-and-its-consequences)

Toyota's problem wasn't that they shouldn't have blamed the customer when it
was the customer's fault, their problem was that they shouldn't have blamed
the customer when it was Toyota's fault.

~~~
lambdaelite
Toyota released an independent analysis of their electronic throttle system
through their press website:

[http://toyotanews.pressroom.toyota.com/article_display.cfm?a...](http://toyotanews.pressroom.toyota.com/article_display.cfm?article_id=3593)

It's a fascinating report that includes a code review with PolySpace and
hardware-in-the-loop testing. TL;dr, Exponent didn't find any hardware or
software design defects that could cause "uncommanded acceleration". Barr's
analysis in the linked article sounds like he found problems that should have
been caught by their coding standards and design reviews, but it doesn't sound
like he found or could suggest a specific event sequence that could lead to an
UA.

~~~
TwoBit
If Toyota had anything to do with that analysis then it wasn't independent.

My recollection of the Barr analysis is that a particular failure case was in
fact described which occurs during certain conditions of memory exhaustion:

[http://embeddedgurus.com/barr-code/2013/10/an-update-on-
toyo...](http://embeddedgurus.com/barr-code/2013/10/an-update-on-toyota-and-
unintended-acceleration/)

"the team led by Barr Group found what the NASA team sought but couldn’t find:
'a systematic software malfunction in the Main CPU that opens the throttle
without operator action and continues to properly control fuel injection and
ignition' that is not reliably detected by any fail-safe."

~~~
lambdaelite
I don't see why an independent analysis commissioned by Toyota would be any
more or less credible because Toyota paid for it than an analysis by an expert
witness paid for by a plaintiff in a civil suit. I should think they deserve
equal scrutiny.

Reading the transcript of the court proceedings, it sounded like Barr Group
were able to induce a fault that could lead to an unintended acceleration, but
the evidence that this fault actually happened was circumstantial.

Also, I don't find the jury's decision against Toyota to be relevant, given
that there are so many other elements that figure into the calculus of a jury
decision. I can't fault Barr Group for trumpeting that they were a key expert
witness in a successful trial of this magnitude—it's phenomenal
advertising—but I don't see how it follows that their failure proposal is
actually what happened (nor do I think that the Barr Group would say with
certainty that it did happen).

~~~
tunesmith
How would it be anything other than circumstantial that it "actually
happened"? Those cars crashed and people died. You could make the same case
about any bug; "I duplicated the behavior, but that doesn't mean it actually
happened in the original bug report". That kind of developer comment would
raise eyebrows.

Toyota's original defense was that it was user error because unintended
acceleration couldn't happen; they blamed it entirely on driver error. They
were making a "forall" argument, and all Barr had to do was show an "exists".
He did. Toyota was completely wrong.

~~~
lambdaelite
> How would it be anything other than circumstantial that it "actually
> happened"?

Because the fault could trigger a DTC. Barr's argument was that the right kind
of bit flip event could cause a fault and it would not be logged as a DTC. The
beauty of Barr's theory is that it leaves no evidence if it was the cause of a
real-world accident. The plaintiffs successfully argued that Barr's theory was
the most plausible explanation for the accident, not that it was the cause.

> You could make the same case about any bug; "I duplicated the behavior, but
> that doesn't mean it actually happened in the original bug report".

I think this analogy is misplaced, here, there would be no bug report other
than "the system crashed" (no pun intended). In which case, your statement
would be accurate and proper.

> Toyota's original defense was that it was user error because unintended
> acceleration couldn't happen; they blamed it entirely on driver error. They
> were making a "forall" argument, and all Barr had to do was show an
> "exists". He did. Toyota was completely wrong.

Toyota's defense was that user error was the most likely explanation; the
plaintiff via Barr argued that a software defect was the most likely. The
plaintiff prevailed, but that has no bearing on what actually (or likely)
happened.

------
angersock
This is a great example of the difference in mindset between software
developers in modern companies doing non-embedded work, and folks in more
traditional mechanical or chemical engineering roles. Very, very different
calculus.

EDIT:

Interestingly, we've got potentially _much_ better instrumentation and
analytics on our side...note how long it took to get those accidents reported,
and then think how long it takes to do that kind of analysis on your
production systems of what users have had problems when.

------
tailrecursion
There's a crucial decision the Toyota engineers made, as described by the
article, which was that if the stuck accelerator was not preventing the driver
from using the brake and slowing the vehicle, then the stuck accelerator is
acceptable (we're talking about a small number of reports) and no fix should
be made.

It's not easy to understand why they would make that decision. I imagine a
stuck pedal is likely to cause confusion in a driver. It would take some time
before a driver will process what is happening, and realize that the accel
pedal is indeed stuck. It seems like surely it would cause accidents.

Furthermore, it's not a tough problem to design a pedal that moves back and
forth in high humidity or high temperatures that a car interior is going to
see. And it's not expensive.

But we're seeing this fault in isolation. The engineers are likely thinking,
"Suppose we fix this problem. That's fixed, and it cost $2 per car. Now, what
are the 1000 other items that could fail and cause a similar moment of
confusion, of the kind that might contribute, or seem to contribute to an
accident? What will it cost to fix all of them, because fixing just one
doesn't solve the problem."

~~~
eridius
But they _did_ fix the problem. They just didn't recall the existing cars.
According to the article, they fixed the pedal for subsequent models of the
car.

> _Furthermore, it 's not a tough problem to design a pedal that moves back
> and forth in high humidity or high temperatures that a car interior is going
> to see. And it's not expensive._

According to the article, the problem was that the material of the pedal was
unexpectedly degrading in that environment, causing it to become stuck. This
isn't a matter of it being expensive to produce a better pedal, it's simply a
matter of an unforeseen interaction (which would argue that it _is_ in fact
hard to design a pedal that works flawlessly in that environment). And so they
fixed it on subsequent models. But fixing it on all the existing cars out
there would amount to an expensive recall that seemed to be rather
unnecessary.

> _I imagine a stuck pedal is likely to cause confusion in a driver. It would
> take some time before a driver will process what is happening, and realize
> that the accel pedal is indeed stuck. It seems like surely it would cause
> accidents._

According to the article, at the time when the issue first cropped up, there
were no known cases of an accident caused by the stuck accelerator (note: I
don't know if any happened later). Furthermore, the natural reaction to "my
car is unexpectedly accelerating" is to slam on the brakes. I could easily see
someone panicking, but a panicking person doesn't forget that the brake pedal
exists, especially since all drivers have been conditioned to understand that
pressing the brake pedal is how you stop the car.

Based on this, their response seems pretty straightforward. Yes, there's a
relatively rare issue with a stuck accelerator, but (at least at the time)
there's no known cases of this leading to an accident, and the natural
response by a driver upon encountering the problem, which is to hit the
brakes, is sufficient to neutralize the issue. Therefore, no expensive recall
is necessary.

That said, they obviously had a PR problem. And it was magnified by the
media's propensity to hype up situations like this, turning it into a
newsworthy story (because that gets more viewers). It seems the vast majority
of incidences of unexpected acceleration were not even caused by the stuck
accelerator, they were either caused by poorly-fitting third-party floor mats,
or by people inadvertently pressing the accelerator when they meant to press
the brake, both of which are issues that are not unique to Toyota cars (in
point of fact, to the best of my knowledge, every incidence of someone unable
to stop the car by pressing the brake pedal was in fact pedal confusion, where
they were pressing the accelerator thinking it was the brake, and therefore
not caused by this defect at all).

Ultimately, I think Toyota had the right engineering response, they just
needed to fix their PR response. Don't let the engineers dictate communication
to the customers. Understand that reality and public perception are often at
odds with each other, and that public perception is just as important as
reality. That's not to say that they should have issued a recall, because they
shouldn't (if anything, that would have reinforced public perception that the
cars were dangerous). But they should have realized that they needed to
communicate with the public in a different fashion.

------
josu
This is the whole idea behind the article:

>“The Toyota guy explained this to the panel,” Martin went on. “He said,
‘Here’s our process.’ So I said to him, ‘What do you imagine the people are
thinking? They’re shaking like a leaf at the side of the road and after that
whole experience they are told, “The car’s fine. Chill out. Don’t make
mistakes anymore.” Of course they are not going to be happy. These people are
scared. What if instead you sent people out who could be genuinely empathetic?
What if you said, “We’re sorry this happened. What we’re worried about is your
comfort and your confidence and your safety. We’re going to check your car. If
you’re just scared of this car, we’ll take it back and give you another,
because your feeling of confidence matters more than anything else.” ’ It was
a sort of revelation. He wasn’t a dumb guy. He was an engineer. He only
thought about doing things from an engineer’s standpoint. They changed what
those teams did, and they started getting love letters from people.”

~~~
apalmer
Thats a double edged sword. The thing is, it was not their job to make people
feel better, it was their job to evaluate the situation. There is a good and a
bad side of that trade off...

------
douche
Yep. The exceptional error gets the grease, even though its a one-in-a-million
event. Invoke the feels, and the majority of people lose their shit. Give them
data, and their brains turn off.

BUT THINK ABOUT THE CHILDREN!

~~~
tat45
"BUT EMOTE ABOUT THE CHILDREN!"

FTFY. =)

------
scarmig
An interesting paper. "The Myth of the Ford Pinto Case":

[http://www.pointoflaw.com/articles/The_Myth_of_the_Ford_Pint...](http://www.pointoflaw.com/articles/The_Myth_of_the_Ford_Pinto_Case.pdf)

~~~
nilved
PDF warning

------
mcguire
This is a brilliant quote:

" _Surely this is why Jimmy Carter remains the most puzzling American
President in recent times. We have too often insisted on trying to understand
him using the default modes of identity politics: as a white, Southern born-
again Christian. But Carter was by profession and training an engineer—a
disciple of the greatest and most influential engineer in the history of the
U.S. Navy, Admiral Hyman Rickover. Rickover, Carter once said, had more
influence on him than anyone except his parents. In his literalness, his
relentless candor, his practicality, Carter was the Toyota engineer by the
side of the road doggedly lecturing us on how to drive the car. Carter’s true
nature is puzzling only if we remain rooted in the fantasy that the world we
inherit somehow matters more than the world that we chose for ourselves—and
that surrounds us, from nine to five, every working day of our adult lives._ "

~~~
clebio
I thought it was abrupt and reaching. It felt like the author has this tidbit
about Carter laying around that he'd been holding on to, but wasn't sure where
to use it. He thought it could maybe fit here, but it just was jarring. Not to
mention that Carter isn't quite recent enough for me to really have any
context about the comparison (what policy decisions set Carter apart?).
Finally, the injection of race and religion in this otherwise unrelated
article was just out of the blue.

~~~
dunmalg
Yeah, the Carter bit made no sense. I remember Carter, and a lot of his bad
decisions were very much NOT the result of "engineer thinking". One that comes
immediately to mind is his executive order outlawing breeder reactors, which
has basically saddled us with being unable to cleanly reprocess reactor waste
back into usable fuel. Never mind the fact that only a very specific type of
breeder reactor produces weapons-grade plutonium, and never mind that as a
nuclear enginner he SHOULD have known this, he still banned them in a bizarre
attempt to ingratiate himself with the 70's "disarmament/anti nuke" movement
that never seemed to fully grasp the distinction between nuclear WEAPONS and
nuclear POWER.

------
MoOmer
The most ridiculous fix to a serious car problem, to me, was that with the GM
Cobalt et al. cars: [http://engineeringethicsblog.blogspot.com/2014/06/the-
switch...](http://engineeringethicsblog.blogspot.com/2014/06/the-switch-from-
hell-gms-barra-and.html)

Anyone can see that the 'fix' was half-baked. This is a weird analogy, but it
popped into my mind to fit the unbelievable situation:

It's like designing a traveling laptop-cooling station where the laptop sits
on a strainer, which is almost touching a pool of water. The fix was to
increase the gap between the strainer and the water by 1cm. Surprisingly,
laptops would still get wet after the fix.

~~~
MichaelGG
What's more bizarre is that turning the key should completely devastate the
car. Faulty switch or not, that sounds pointlessly hazardous. I'm hoping
there's a good reason for this, but it sounds really terrible.

Do "keyless" cars immediately shut off when you press the stop button while
driving?

------
baddox
There is an entertaining video of Milton Friedman discussing the same issues
with an audience member:

[https://www.youtube.com/watch?v=jltnBOrCB7I](https://www.youtube.com/watch?v=jltnBOrCB7I)

~~~
BoardsOfCanada
Very interesting. I was amazed that the video seemed to be uploaded with the
intent of showing what a disgusting human being Friedman is, when in fact his
points (in this particular discussion) are quite uncontroversial.

~~~
tim333
Yeah though his point that if consumers want to pay $13 less for a Pinto
without the plastic block they should be free to do so is impractical from the
point of view of consumers being able to analyse that stuff. (4m55)

------
ableal
I find it strange that the shadow, or wake, of the 1960s Ralph Nader case (
[http://en.wikipedia.org/wiki/Unsafe_at_Any_Speed](http://en.wikipedia.org/wiki/Unsafe_at_Any_Speed)
) is not mentioned.

Rather large elephant.

------
bariumbitmap
> Also in part because of that, the F.A.A. has close to fifty thousand

> employees—an order of magnitude more employees than we do. We have six
> hundred.

Am I missing something? 50,000 vs 600 is two orders of magnitude difference.

Perhaps the person quoted was speaking colloquially, but I would argue such a
quotation should have a [sic] in it.

~~~
PhantomGremlin
One thing you're missing is that 25,000 of the FAA employees are Air Traffic
Controllers. There is no equivalent function that NHTSA does that would
require that many employees.

This whole comparison grated on me. Either the NHTSA guy is an idiot or
Gladwell is an idiot or both, likely both. Or they're deliberately
prevaricating and hoping that most people won't notice. I can't stand sloppy
"factoids" like that. Context is essential.

------
sgt101
In physical engineering two principle tools are used to control projects :
specifications and tolerances.

I software we have a kind of specification (generally dimensioned and rather
fuzzy) but no concept of tolerance.

But also software quality seems to me to be more fundamentally about
perception than anything else.

~~~
learc83
The problem with software is that the software is the specification. Any
sufficiently detailed software spec will need to be written in a formal
language that might as well be code.

~~~
mtVessel
I know that's received wisdom in some parts, but is it actually true? Is it
true for other engineering disciplines? Is it true for hardware design? If
not, what makes software special?

I think it only _seems_ true because of the amount of money people are willing
to invest in software development, relative to other ventures.

~~~
learc83
It's just a property of the artifact you're building. You're designing a
process instead of a product. The artifact you produce is a description of
that process--code.

The closet thing I can think of is anyone who works on processes instead of
products. If you look at disciplines that design processes, the larger the
scope of the process, the less exact the methods to design them (mainly
because the number of variables grows too large).

At one end, industrial engineers who design assembly lines have very rigorous
design methodologies backed by math and empirical data. At the other extreme
you have politicians designing the process of running a country, and their
methodologies are almost never based on math or empirical evidence.

One way I've heard it described is kind of midway between an industrial
engineer and a politician--When designing a large scale software system, you
should be like an urban planner. You decide what kind of zoning you need--
residential over here, commercial over there. Then you build the roads and
other infrastructure that connects the various districts.

~~~
mtVessel
I agree with your analogies, but I think that there are at least a few
intermediate levels between high-level process description and code that
benefit from some sort of spec. Good specs fill the gaps between the zoning
and the pavement.

------
tbrownaw
_He argues for overturning the deeply held—and, in his view,
irrational—proscription against two-foot driving. If drivers used one foot for
the accelerator and the other foot for the brake, he says, they would be far
less likely to mistake one pedal for the other._

...? I've always driven that way, except when I was practicing on a stick
shift (which I _did not like_ , because it had more pedals than I have feet).

Do people seriously not like doing this for some reason?

~~~
ChuckMcM
Historically people who drive with one foot on each pedal go through brake
pads faster as a function of overlap between the application of throttle and
brake.

When I was taking Drivers Education (way back when) my teach asserted that
from a neurological perspective it was faster for the brain to use one foot
than two, because using two introduced an additional step in the process of
deciding which part of the body to active. His claim (and I don't recall him
providing direct evidence of this) that having go/stop be a choice of two
movements of a single limb, allowed you to react faster than picking which of
two limbs to activate for the desired behavior.

~~~
jdbernard
I would think that this would be true as you are learning, but once you have
been performing the two-foot motion for several thousand miles I would think
the action would be so ingrained in your muscle-memory as to remove entirely
that cognitive decision. At some point you stop thinking about which foot and
just automatically _know_ brake=left foot.

~~~
jameshart
As a lifelong manual card driver with a left-foot clutch, it takes about, oh,
ten seconds of sitting in a go-kart with left foot brake and right foot
accelerator to get used to it and adapt. There seems to be no real difficulty
in switching which leg does what.

------
digi_owl
What i find most worrying about this article is the change in thinking once
one has been with a organization for some time.

That in turn brings to mind the Challanger debacle, and the claim that it
happened because the CEO of the company making the o-rings shifted his
thinking from engineer to management during the go/no-go conference call. And
subsequently changed his stance from a initial no-go (engineering) to a go
(management)...

------
markbnj
Absolutely fascinating and very insightful into the differences in perspective
between engineering and other disciplines.

------
TwoBit
Toyota's problem was real, and the author hot it wrong:
[http://embeddedgurus.com/barr-code/2013/10/an-update-on-
toyo...](http://embeddedgurus.com/barr-code/2013/10/an-update-on-toyota-and-
unintended-acceleration/)

~~~
tim333
Gladwell doesn't say there was no problem. He says "[in the Pinto case] two
dozen of their occupants were killed by fires from rear collisions. The number
of deaths linked to the Toyota sudden-acceleration complaints was about the
same." And then points out that number is small compared the number of lives
that could be saved many other ways.

------
0xdeadbeefbabe
> Only the engineer tries to solve the problem.

Wrong! The Ophthalmologist, and Priest were also trying to solve the problem.
That joke, which is old because it is so good, has a deeper message.

~~~
nmyk
In fact, the three of them don't even agree on what the problem is.

Priest: We're frustrated.

Ophthalmologist: The firefighters are blind.

Engineer: The golf course is running inefficiently.

~~~
exelius
Which is exactly why the first rule of good problem solving is to re-state the
problem. :)

------
MichaelCrawford
Every Engineer's Solemn Duty

[http://www.warplife.com/ethics/duty.html](http://www.warplife.com/ethics/duty.html)

~~~
sanderjd
I think this is like a lot of things; the theory is sound, but the hard part
is figuring out when it applies. It can be misapplied at both the low and high
ends, and there's a vast murky middle.

~~~
MichaelCrawford
"vast murky middle".

I eagerly enrolled in Ethics my first term at UCSC, in hopes of learning The
Answers To All Of Life's Great Questions.

Instead I learned how to make tedious, hair-splitting arguments. While I
readily agreed that the philosophy prof who taught the class had valid
arguments, they were so complex that I didn't think they would do anyone any
real good.

The one thing I took away from the class was the concept of "The Minimally-
Sufficient Samaritan". A Good Samaritan will risk their life for that of
another; a bad Samaritan won't. A Minimally-Sufficient Samaritan will only do
enough that they are regarded as ethical.

~~~
mcguire
I took a class called "Contemporary Moral Problems" from a professor who
suspiciously resembled Captain Kangaroo. In it, I found my favorite statement
from philosophy:

"I find it plausible to believe that I have a moral duty not to wantonly
slaughter my neighbors."

(How many wishy-washy terms can _you_ find in it?)

The Minimally-Sufficient Samaritan is entering my lexicon. Thanks!

------
wiggumz
It's a little annoying to see the author retell the story of Toyota's prius
acceleration problem as if it were a defect with the peddle.

We know now that it was a problem with spaghetti code firmware, lack of
testing, & poor system design.

See here [http://www.edn.com/design/automotive/4423428/Toyota-s-
killer...](http://www.edn.com/design/automotive/4423428/Toyota-s-killer-
firmware--Bad-design-and-its-consequences)

------
d4rkph1b3r
I'm actually shocked at this article's underlying message, which seems to be
implying that since engineering perfection is unobtainable, good enough within
the given time and material constraints is acceptable and these recall issues
were more of a PR problem.

Ford and Toyota are companies that generates _billions_ of dollars in profit.
Think about that. It in no way realistically ran into any constraints that
were not arbitrary. You can hire more engineers. You can hire better
engineers. This is not a question of a scrappy start up needing to release
something or go bust.

I'm not anti-capitalism. I understand companies run into actual, real
constraints that prevent perfection. But do we care that the defects and
safety issues are dwarfed by poor driving? How are these self imposed
'constraints' on engineering anything but maximizing shareholder value at the
expense of public safety?

~~~
msandford
> which seems to be implying that since engineering perfection is unobtainable

It is unobtainable. Full stop. The end.

No amount of money thrown at a problem can absolutely, positively, 100%
guarantee safety. Even if you had a car that cost $1b it still wouldn't be
perfect. It might have a perfect safety record but that's because there would
only be 500 drivers on the road worldwide and at that kind of a very, very
sparse distribution cars might only pass one another a few times per day. It
might take years or decades for enough car-to-car interactions to take place
to find the remaining weak spots in the billion dollar car to ensure that it
didn't accidentally kill someone.

But in the mean time you'd make millions if not billions of people poorer for
not having the ability to drive cars which exist in the realm of
affordability. Nearly everything is always about time and material (and
monetary) constraints. If it wasn't we'd all own skyscrapers and have private
yachts and vacation all the time and etc, etc, etc.

> Ford and Toyota are companies that generates billions of dollars in profit.

And? Ford has $53b of "property, plant and equipment" and on that $53b it made
a profit of $5b in 2012, $7b in 2013 and $3b in 2014. That averages out to $5b
or a little under 10% annualized yield. Since automobile design and
manufacturing is a little more complicated than real estate, so it shouldn't
be surprising that the yield is higher.

[http://finance.yahoo.com/q/bs?s=F+Balance+Sheet&annual](http://finance.yahoo.com/q/bs?s=F+Balance+Sheet&annual)

[http://finance.yahoo.com/q/is?s=F+Income+Statement&annual](http://finance.yahoo.com/q/is?s=F+Income+Statement&annual)

~~~
Spooky23
That's a cop out argument.

Gas pedals and ignition switches are things that have existed for decades. Why
are they screwing around with materials that don't perform well for a part as
universal as a gas or brake pedal? Why not leave the damn thing alone?

~~~
lambdaelite
In part because throttle and ignition control are increasingly eschewing
mechanical linkages in favor of electronics. IIRC, the Camry in question had
an electronic throttle, and the pedal part that experienced accelerated wear
was an acetal bearing surface that was supposed to mimic the feel of a
traditional throttle control. I don't know the details of this case, but
acetal isn't uncommon for bearing applications.

As to why move to electronic throttle, it's mostly due to regulatory
compliance.

~~~
msandford
> In part because throttle and ignition control are increasingly eschewing
> mechanical linkages in favor of electronics.

I would go further than this. I would guess that at least 50% of the cars on
the road today have electronic-only throttles and that fully 99% of cars sold
in the last year have had electronic-only throttles.

Drive-by-wire is basically the standard these days, even on very inexpensive
cars. Emissions standards have basically forced it.

~~~
Spooky23
So you have a safety critical component that was redesigned (with a floor mat
recall) in the last decade, and modified after a series of incidents.

Sounds like an engineering failure to me.

~~~
lambdaelite
Parts are changed all the time over the production run of a car. How does that
constitutes an "engineering failure"?

~~~
Spooky23
The materials degrade and fail, and the design of the physical environment
around the pedals makes it easy for OEM or aftermarket floor mats to create
fatal conditions.

The physical properties of pedals are well-known. Material failure of a pedal
in the 21st century is a complete fuckup. Floor mats are known quantities as
well. Perhaps design elements beyond weakly anchored plastic hooks embedded in
the rug would make it more difficult for a sliding piece of rug or rubber to
kill the occupants of the car.

Well engineered products should work in the environment that they operate in.
These cars didn't perform in a variety of typical conditions, putting human
life at risk. The "obvious" workarounds presented by the engineers aren't
things that drivers are trained to do and aren't obvious to drivers in
emergency situations.

That pretty much defines failure in my mind.

~~~
lambdaelite
> aftermarket floor mats

How is it reasonable to hold a car manufacturer responsible for what could
happen with aftermarket parts, unless those parts are designed to be an exact
duplicate of an OEM part?

> Well engineered products should work in the environment that they operate
> in.

Completely agree. Toyota has produced a lot of cars, and only a minuscule
subset seems to have actually been affected.

> These cars didn't perform in a variety of typical conditions, putting human
> life at risk.

Human life is at risk whenever a person is driving in a car, regardless of
manufacturer. I think the proper question is do the Toyota designed cars
present an _unacceptable risk_?

> The "obvious" workarounds presented by the engineers aren't things that
> drivers are trained to do and aren't obvious to drivers in emergency
> situations.

Stomping on the brakes seems like a reasonable response to an unintended
acceleration event for an untrained person, and was experimentally shown in
Toyotas to be sufficient to stop the car with an open throttle in a reasonable
distance. If Toyota has a proper risk management plan in place (and I don't
know of any evidence that they lack one), it would incorporate risk mitigation
for an unintended acceleration. How an untrained driver would react, or a
driver who didn't read the instruction manual, would be considered in the risk
management plan.

As to driver training, I personally was taught that applying full brakes,
handbrake, placing the transmission into neutral, and killing the engine are
all options, in addition to the downsides of all of these. I am certain that
many drivers don't know this, but to say that all drivers aren't trained on
remedies is not wholly accurate.

As I see it, a true engineering failure is if there isn't a corrective process
in place to replace affected parts and if there isn't a process to incorporate
design process changes to prevent these problems from occurring in the future;
clearly, there is a quality system in place. If Toyota produced new cars that
had floor mats or pedals that had the previous problems that would be a clear
engineering failure. What actually happened was that the cars were produced
under the constraints of a realistic budget and acceptable defect rate.

