
“Why does a car like the Tesla still have old-style fuses?” - primigenus
https://www.facebook.com/stevewoz/posts/10153145090701282
======
x0054
Because cars are not expected, under normal circumstances, to experience
abnormal amounts of current on any given circuit. Unlike a house, where you
can easily plug in something into the outlet that can overwhelm the circuit,
in a car each circuit is designed specifically for a given maximum load.

When you blow a circuit in a house, you have most likely massed up and plugged
too many things into one outlet, or your device is drawing too much power. You
learn from your mistake, unplug the device, and reset the circuit. If a car
blows a circuit, then there is something seriously wrong with some component
of the car or the wiring. You don't want the user to be able to reset the
circuit, you want someone who knows what they are doing to figure our what
went wrong.

I fix all of my own cars, and never once have I ever had a blow fuse "just
because." There always was an underlining cause which needed to be addressed.
Except once, when a 10A fuse was used in a circuit that required a 25A fuse,
on a window motor.

So, basically, in a well functioning and well designed car a fuse will not
fail just because. So why bother replacing a part that costs less then a cent
with a part that costs several dollars. I hate this attitude, just because
something CAN be complex, does NOT mean it has to be complex.

Take car modules for instance. It used to be that back in the day (the 90s)
your headlights were operated by a mechanical relay. This relay was expected
to fail at some point (though they very rarely actually did fail) and as a
result this relay was installed in an easily accessible place. If it did fail,
it would cost $10-15 to replace it plus 5 minutes of labor.

New cars nowadays have solid state switching modules to operate headlights,
and everything else in your car. These components are not expected to fail,
even though they often do. Don't believe me, talk to any mechanic. However,
because they are not expected to fail, they are often installed deep inside
the car. So, now, if your headlight module fails, it costs $400 in parts, and
several hours of labor to fix the same problem. Progress?

Stop making things needlessly complicated. Blade fuses are a fine solution to
a problem.

~~~
tzs
> These components are not expected to fail, even though they often do. Don't
> believe me, talk to any mechanic. However, because they are not expected to
> fail, they are often installed deep inside the car. So, now, if your
> headlight module fails, it costs $400 in parts, and several hours of labor
> to fix the same problem. Progress?

Hell, when the _HEADLIGHT BULB_ fails, which is something that _IS_ expected
to happen, it can be a pain in the ass to deal with on some cars. Some have
sealed headlight units that have to be replaced when a bulb dies, costing
hundreds of dollars.

Even ones where the bulb can be replaced sometimes make it ridiculously
annoying. A low beam went out on my 2006 Honda CR-V. In theory it is easy to
replace. Reach in, disconnect a cable, pull off a rubber seal, release a metal
retaining clip, and the bulb can be pulled out. Reverse those steps with the
new bulb, and you are done.

In reality, there is a bunch of stuff in the way, making it very hard to
actually reach the damn thing. On one side, I was only able to do it by
wedging my arm in, leaving it bruised and very sore for days. At least I could
actually reach the low beams. While there, I tried to reach the high beams and
could not get anywhere near them--I think when they go out I'm just going to
give up on them.

Once you are in, it goes well, with the possible exception of the retaining
clip. This is not unique to Honda, BTW. A lot of cars use the same kind of
retaining clamp. Here's a drawing of how it works [1]. It is hinged at one end
(the red circled part in that image), and it hooks under a piece of metal at
the other end. It takes a fairly large force to make it hook there.

Here's the problem. You can't see this damn thing when you are trying to
unlatch or latch it. The headlight housing is in the way. You can maybe see
the end of it that is toward the bottom, but that is not helpful because they
orient it so the hinge is on the bottom, and it is not the hinge end that
people have trouble with.

Looking at YouTube videos of people explaining how to change headlight bulbs,
and reading forums, it looks like it either latches easily, or it just won't
latch and you are in for 30 minutes of flailing.

All the car maker would have to do is flip the orientation 180 degrees, so
that the hinge is on top and the latching part on the bottom. Then you could
see the latching part, and it least know what you are trying to do. The way
they are now, you are going in blind.

I can understand that when they lay out components in the engine compartment,
they have many constraints, so I can believe that all those things that made
it hard for me to reach the bulb had to be there. I can believe that making an
opening big enough for easy bulb changing might have made them have to make
the car longer or something, that would have added a noticeable cost, and they
could reasonably decide that it wasn't worth it.

The retaining clip orientation, though, is almost certainly completely
arbitrary, and they just did not consider the effect on the ease of bulb
changing (or deliberately picked the worst orientation to encourage people to
visit a dealer instead of changing their own bulb).

[1] [http://www.suzuki-forums.com/attachments/2g-2006-grand-
vitar...](http://www.suzuki-forums.com/attachments/2g-2006-grand-
vitara/9975d1277744431-broken-retainer-clip-headlamp-replacement-
brokenpiece.png)

~~~
electromagnetic
The issue is the engine compartments for a lot of vehicles are arranged by
subcontracted firms. I know a guy who works for a company that does this for
Ford, GM and Dodge, and there's not a mechanically inclined person in the
bunch.

They're playing jigsaw with an engine compartment trying to get all the parts
in in the most compact, but still workable, way possible.

It's sad when you think about it, because not only does it squeeze a lot of
at-home maintenance out, which used to keep vehicles affordable, but now
almost everyone discussing new vehicles discusses the maintenance costs.

Honestly, I'm not surprised the domestic car market essentially failed,
because they're $40,000 printers. No one gives a crap about the up front price
anymore, because they know they're getting screwed on the after-expenses so
everyone's looking up how much their yearly maintenance expenses are going to
be to make sure they don't end up paying more than the vehicle in a decade.

~~~
ufmace
I worked in an auto shop a while back. One surprise is that a substantial part
of a mechanics' toolkit is devoted to turning bolts and screws in hard-to-
reach places. It's almost like a racket or something - auto companies put
critical bolts in weird places, tool companies build tools to turn them
anyways.

------
lylebarrere
The response from Kristin Paget at Tesla:

"So there’s a few things at play here. For context, I run the Product Security
team at Tesla and I’m safety-trained on the HV systems - I’m also working
hands-on with a small drive inverter on a hobby project right now.

First and foremost, our large drive unit pulls about 1000A at full load, and
switching that with silicon is tough. We use a bank of custom IGBTs on each of
the high/low sides of each of the 3 rotor phases in order to handle the power,
and that’s with active fluid cooling. You can switch that much current with
silicon but it ain’t cheap, and you’ll need either active cooling or a bunch
of thermal mass if you want the thing to switch more than once.
[http://www.teslamotorsclub.com/attachment.php..](http://www.teslamotorsclub.com/attachment.php..).
is a decent pic, the object on the left is a single-phase switch, you can see
6x transistors laying flat at the front for one side of the phase (the other
bank is behind).

Secondly, Model S is an AC induction motor so the current through the winding
ramps up more-or-less linearly over time until the phase switches off (or
changes direction). You’re at high power but you’re not switching the load at
zero-crossing as you would in a resonant load such as a Tesla coil, instead
you have to switch at an increasing current depending on how much power you
want to the wheels. You now don’t just have to switch a lot of power, you have
to switch it FAST so that the resistive losses in the FETs don’t blow out the
power channel due to ohmic losses. Your switch is now not just big and bulky,
it’s complicated (since you need an additional HV supply) and pretty sensitive
to things like stray capacitances. On the previous pic the big black brick on
top of the PCB is the capacitor that dumps into the IGBT gates to make them
switch fast enough.

Finally, I believe there’s a regulatory issue. I think I’m right in saying
that automotive standards around the world require that all electrical systems
are fused, and considering that there’s multiple separate power rails it’s not
inconceivable that an event could take place that leaves the HV drive rail
powered on but kills the 12V accessory rail that powers a lot of the CAN
systems. You could end up disabling your active fuse while the HV system is
still energized, and considering the amperage our lithium packs can deliver
(P85D draws up to 1.5kA) that’s not going to end well.

Woz: I would __LOVE __to put you under a Tesla NDA and then give you a _real_
tour of the vehicle - ping me at kpaget@teslamotors.com if you’re interested.
I’m curious, do you still have one of my RFID cloners on your shelf somewhere?
"

~~~
mts_
The referenced link from the reply:
[http://www.teslamotorsclub.com/attachment.php?attachmentid=5...](http://www.teslamotorsclub.com/attachment.php?attachmentid=57105&d=1408646077)

And link to the comment:
[https://www.facebook.com/stevewoz/posts/10153145090701282?co...](https://www.facebook.com/stevewoz/posts/10153145090701282?comment_id=10153145854891282)

------
csirac2
Well, amateur experimental aircraft have something like this available:
[http://verticalpower.com/](http://verticalpower.com/) \- but there's a lot of
negative reactions to this kind of technology, because it introduces new
failure modes where none previously existed before.

But I think something that people forget is that generally, fuses are there to
protect wiring and fixtures (switches, connectors, etc) from fire. Preventing
the device on the circuit that you, the user, cares about from completely
melting down is just a nice bonus.

That's why building wiring codes generally spec fuses to cope with the
capacity handled by wiring and switches, rather than the loads attached to it.

EDIT: In any case you _NEVER_ want the car to silently and automatically try
to "re-set" a tripped breaker, surely. You want this kind of fault to present
itself noisily and obviously; it's a precursor to a potentially dangerous
condition.

Any automatic re-set will have to factor in some cool-down time for the wiring
in between attempts... what is the temperature of an overheating pair of
conductors in the wiring loom when the breaker tripped? What rate of heat
dissipation is there allowing them to cool down again? A wire which has
experienced overheating will have a different (higher) resistance after the
short-circuit event. Even if the wire isn't permenantly damaged, the temporary
increase in temperature will still guarantee a momentarily higher resistance.
Will the wire still have low enough resistance to trip the breaker again when
the short is applied again?

~~~
arethuza
On the point about building wiring codes, here in the UK we actually do have
both central fuses/circuit-breakers _and_ load specific fuses in the plug for
each device.

After reading your comment it did make me wonder as I plugged our coffee
machine this morning how the design substantial chunk of plastic and metal I
was holding was influenced by the aftermath of WW2.

~~~
lmm
The British plug is a marvel of good engineering. Other countries look on it
with envy (except possibly Australia, which has a similar design of its own,
IIRC).

Now of course it was "overengineered" by the standards of the time, to
compensate for our ludicrous, dangerous, and still-legally-required "ring
main" system, which as you say was due to aftermath-of-WW2 copper shortages.
But the plug design is the part we got right.

~~~
robin_reala
Australian plugs are good, but have the live pins at the top (so for example a
dropped coin will balance across them and short when the plug is pulled out),
the plug doesn’t have its own fuse and the socket isn’t shuttered with no plug
inserted.

~~~
csirac2
A few years ago they mandated the inner-most 5mm or so of the active pins be
insulated for that reason, so that by the time you have enough of the plug out
to reach exposed conductor with your fingers it's disconnected. At least
that's idea... and I can't tell you how much ebay junk is sold with the old
"illegal" exposed active pins

~~~
robin_reala
To be fair that wasn’t in the original design for the UK plugs either, sleeves
were introduced in 1984.

------
teovall
This is a perfect example of the KISS principle. Since I would never presume
to call Woz stupid, let's call it the KISW (Keep It Simple Woz) principle in
this case.

Woz is proposing that Tesla take well proven, very reliable, simple,
inexpensive fuses that are very rarely even seen by customers and replace them
with complex integrated circuits and software that will need a lot of testing,
almost certainly be more expensive, and almost certainly be less reliable. For
what? Very little benefit for a very small subset of customers.

KISW! Sometimes a small length of wire in a plastic holder is the best answer
to a problem.

~~~
danjayh
Agreed. However, adding a single CAN bus ADC to the fuse PCB (to sense no
voltage on circuits with a blown fuse) would cost almost nothing, and would
allow the computer to provide information on the blown fuse and instructions
on how to replace it. IMHO, breakers = expensive needless feature creep, but
user feedback = welcome to 2015.

EDIT: I was thinking of the 12V accessory fuses. In light of the reply from
Tesla, I can imagine where if the drivetrain fuse blew you might not want an
average user replacing it ... and I imagine that for something like that, it
probably already throws a code that gives you an idea of what's wrong.

~~~
agoetz
Adding a new sensor to monitor the fuses would not be cheap:first off, you
have to have signal conditioners for the a/ds that can handle esd transients,
and >60 v load shed events. In addition, the existing design probably just has
fuse holders physically mounted to the holder packaging, which means now your
paying for microcontroller, can transceiver, and pcb. This doesn't include NRE
costs including development and testing.

Suddenly your "inexpensive" adc had become a $200 ecu that merely tells the
driver wheat part of the car isn't functioning, right before they check the
most common cause of the problem.

------
upofadown
The fuse is also protecting the wire. So in a car you have a big fuse (fusible
link) protecting the big wire to the fuse box. Then you have a bunch of little
fuses protecting the wire on each branch circuit. All these fuses are intended
to last for the life of the vehicle. The only time they would blow would be on
the type of fault that would require further troubleshooting. It is unlikely
that you could produce an electronic current limiter that would be cheaper and
more reliable than a single use fuse.

My father the mechanic used to like to tell me about an exception to the rule
as an object lesson about the trade off between risk and reliability. Back in
the days of breaker ignitions the ignition circuit was almost never fused. A
blown fuse in the ignition circuit could strand people out in the middle of
nowhere. The extra risk was acceptable to eliminate the situation where the
fuse blew when the ignition might of been able to continue to work in some
sort of degraded mode. It was OK that that degraded mode might involve smoke
and flame.

------
venomsnake
Even before seeing it was Woz that posted - the answer in my head was "because
they work". And he made no compelling argument to have something else.

I don't believe in smartness for smartness' sake. For a fuse to fail you need
1) wrong fuse 2) physical damage to the fuse (not sure if there is a case in
which this would cause it to not break the circuit), different set of laws of
physics.

------
spiritplumber
I've replaced most of the easily blown fuses in my car (accessories, etc.)
with PTCs. Now I joke that turning the car off and then on again fixes the
problem. However, I wouldn't do that with a vital system (starter motor, etc.)
because a blown fuse generally informs you of a deeper problem, rather than
being the problem itself.

[http://en.wikipedia.org/wiki/Resettable_fuse](http://en.wikipedia.org/wiki/Resettable_fuse)
They make these in automotive format, or you can go to Digikey, get a PTC of
the current you like, and solder it onto a blown fuse.

PTCs have the advantage of being straight replacement, and if you want, you
can add a Hall sensor to see if current is flowing without creating paths to
ground or other problems.

Anyone knows how to add this answer to Woz's thread? The "awesome power of
social networks" isn't that awesome, since I can't answer on the thread
linked...

------
sokoloff
The short answer is cost and that fuses are perfectly sufficient.

Blade fuses are 100 for a dollar. PTCs are a handful for a dollar. Infineon
ProFETs are a couple dollars per.

When's the last time you blew a fuse on your car? For most of us, it's never.
For those of us who have, there was almost certainly an electrical fault that
was the root cause.

~~~
ArkyBeagle
When a panel fuse on a car has actually gone out, it's an indication that
Something's Gone Terribly Wrong and simply pushing a button on a popup isn't
the right move. Tow it to the shop.

I say "actually" because I presume it's possible to have a false failure now
and again - there may be a nonzero number of times in which the fuse just
pops, that fuses just wear out.

------
al2o3cr
Short answer (pun only somewhat intended): interrupting high-current DC is not
as straightforward as it looks. For instance, deactivating a set of relay
contacts tends to cause an arc if any amount of current is being interrupted
(inductive loads make this worse). For AC, this is manageable since the
waveform will hit a zero-crossing in a a handful of milliseconds worst-case,
terminating the arc. For DC, no such luck. In extreme cases, the arc can
actually WELD the contacts together.

Fuses will, barring ludicrous overload (putting a 12V fuse in a 10kV DC
circuit), fail open - a definite positive for a safety measure.

Using fuses makes sense in a lot of applications because they are (as noted
above) safer, cheaper, and more reliable. It probably doesn't hurt that a fuse
is easier to diagnose; control circuits can intermittently fail but an
"intermittently blown" fuse would be an odd thing indeed.

------
sfeng
Having fuses as a last-ditch safety measure can be a really good idea, as
often the alternative to a fuse blowing is a fire. That said, they should
probably be using self-resetting circuit breakers rated to trip before the
fuses blow. It's possible they do and his car has a legitimate short.

~~~
Dylan16807
I don't understand; is there a benefit to having a fuse on top of a circuit
breaker?

~~~
mixmastamyk
CB doesn't need to be replaced.

------
davidbanham
To me the interesting part of this was how social media is sometimes
absolutely amazing. Woz idly poses a question about the fuses in his car and
has an engineer from the manufacturer write a detailed response in short
order. That is incredible.

~~~
sillysaurus3
That's less social media and more Woz asking a question.

Or rather, this is the internet at work, not social media. The only thing
social media has done is reduce the time between question and answer. And
that's impressive, but it's not the fundamental shift the internet itself was.

~~~
rkangel
Social media does mean that we all see the answer, not just Woz.

------
Too
In a way what he is proposing is already used for some systems of a car,
although far from everything and mostly for lower currents. Some ecus are
capable of delivering enough power from their own I/O pins to drive other
components, if any of these outputs are shorted the ecu can detect this, power
off the output and enter appropriate failure mode(diagnostics code + disable
other functions). When the short is gone it will automatically activate again
if considered safe.

------
Animats
He's talking about fuses for the low-current auxiliary circuits. From the
title, I thought he was talking about fuses in the battery and propulsion
system. Fuses very rarely blow for random reasons today. There's been some
progress since the "Lucas, Prince of Darkness" era.

The high-power system uses fuses because, if things overload there, you want
power disconnected reliably and you want it to stay off. Lithium batteries do
not handle overloads well. Not at all.

------
lnanek2
Can't say I've ever seen a fuse in a car blow that didn't come from a short
that had to be fixed anyway. Having a circuit breaker or software solution
some end user would just flip again would damage the system even more and risk
fires. Maybe Woz is smart about computers, but doesn't know anything about
cars?

------
antidaily
"What's the problem?" "Car won't start." "Did you try restarting it?"

~~~
rcxdude
No joke, I have seen a car which would occasionally refuse to start (with no
indication of an error: the dash was basically blank) until you disconnected
the battery, waited a few minutes, and then reconnected it.

~~~
wiredfool
Disconnecting the battery and waiting is how to clear the fault flag on ODB-1
era GM cars/trucks (at least, probably others as well.) And if you short two
pins on the ODB connector, then power on, it will flash trouble codes on the
check engine light.

And apparently some of them have 160 or 8192 baud serial on that connector,
with really expensive cables, unless you're handy with an arduino or similar.
Now that the truck is working, I'm not sure I need to do this... yet.

------
raverbashing
Well, even planes use CB today instead of fuses (and remote CBs on top of
that, meaning they can be turned on/off electronically)

I think WOZ is suggesting an active current control that, while doable, is
probably too risky (and you really don't want to blow the expensive parts)

~~~
tzs
> Well, even planes use CB today instead of fuses (and remote CBs on top of
> that, meaning they can be turned on/off electronically)

If you have something drawing too much current in a plane, and so it is a fire
risk, it still might be overall safer to continue to use it. For instance, if
it is something involved in lowering the landing gear you might decide it is
safer to risk a small fire in order to get the gear down than to do a gear up
landing. Something resettable, like a circuit breaker, therefore makes a lot
of sense in a plane.

With a car you are almost never in that kind of situation.

~~~
sokoloff
Pilot (of smallish airplanes) here. Landing gear failures are almost never
fatal unless they make the crew mismanage the airplane into a crash. (Eastern
401 or the one in the Bahamas last month (C6-REV) where the press is hailing
the pilot a hero for only killing 1 pax, when the reality is no one should
have gotten hurt or even wet if properly handled.)

For an important item, I'll reset a breaker once in flight. Nothing electrical
is that critical, and I carry portable AHRS, GPS, and handheld VHF radio.

Few things are worse than fire, so if I have any concern about the
electricals, they can all stay off and I'll extend the gear manually with the
crank system. Other planes have gear that free falls or has an N2 bottle to
blow the gear down.

I don't think any civilian aircraft have had fatalities from a simple gear-up
landing.

------
stretchwithme
I think its because fuses don't blow in a car because you plugged in one too
many things. They tend to blow because there is something that needs to be
fixed. Maybe circuit breakers make it too easy to ignore serious problems.

------
korzun
Have fun trying to troubleshoot something that uses a controller of some sort
.vs fuse system without thousands of dollars of equipment.

Really... have fun. I rather check the fuses and trace the wiring for that
part using a meter.

------
vxNsr
Someone at tesla answered the question:

Marc Rogers[0] Woz - Kristin[1] cant post to your thread but here is her
answer:

So there’s a few things at play here. For context, I run the Product Security
team at Tesla and I’m safety-trained on the HV systems - I’m also working
hands-on with a small drive inverter on a hobby project right now.

First and foremost, our large drive unit pulls about 1000A at full load, and
switching that with silicon is tough. We use a bank of custom IGBTs on each of
the high/low sides of each of the 3 rotor phases in order to handle the power,
and that’s with active fluid cooling. You can switch that much current with
silicon but it ain’t cheap, and you’ll need either active cooling or a bunch
of thermal mass if you want the thing to switch more than once.
[http://www.teslamotorsclub.com/attachment.php..](http://www.teslamotorsclub.com/attachment.php..).
is a decent pic, the object on the left is a single-phase switch, you can see
6x transistors laying flat at the front for one side of the phase (the other
bank is behind).

Secondly, Model S is an AC induction motor so the current through the winding
ramps up more-or-less linearly over time until the phase switches off (or
changes direction). You’re at high power but you’re not switching the load at
zero-crossing as you would in a resonant load such as a Tesla coil, instead
you have to switch at an increasing current depending on how much power you
want to the wheels. You now don’t just have to switch a lot of power, you have
to switch it FAST so that the resistive losses in the FETs don’t blow out the
power channel due to ohmic losses. Your switch is now not just big and bulky,
it’s complicated (since you need an additional HV supply) and pretty sensitive
to things like stray capacitances. On the previous pic the big black brick on
top of the PCB is the capacitor that dumps into the IGBT gates to make them
switch fast enough.

Finally, I believe there’s a regulatory issue. I think I’m right in saying
that automotive standards around the world require that all electrical systems
are fused, and considering that there’s multiple separate power rails it’s not
inconceivable that an event could take place that leaves the HV drive rail
powered on but kills the 12V accessory rail that powers a lot of the CAN
systems. You could end up disabling your active fuse while the HV system is
still energized, and considering the amperage our lithium packs can deliver
(P85D draws up to 1.5kA) that’s not going to end well.

Woz: I would __LOVE __to put you under a Tesla NDA and then give you a _real_
tour of the vehicle - ping me at kpaget@teslamotors.com if you’re interested.
I’m curious, do you still have one of my RFID cloners on your shelf somewhere?
[2]

[0][https://www.facebook.com/marcrogers?fref=ufi](https://www.facebook.com/marcrogers?fref=ufi)

[1]
[https://www.facebook.com/kristin.paget](https://www.facebook.com/kristin.paget)

[2][https://www.facebook.com/stevewoz/posts/10153145090701282?co...](https://www.facebook.com/stevewoz/posts/10153145090701282?comment_id=10153145854891282&offset=0&total_comments=56)

------
g8gggu89
I'd worry about this if I had a fuse blow in my car in the last 10 years.

------
ck2
So if the computer fails the car doesn't burn to the ground?

