[ilyt]

More software is fine IMO. More software on critical path ain't.

Have the ECU only do the engine thing. Have the AC control just do AC control. Decouple dependencies and make it as simple as possible. Old cars already do it. Blinker switch send signal directly to light controller, not to some central box deciding what it should do with it.

If something needs config in addition to control signals, have it keep it own config and only be updated from the "config manager" (inforatinment box). If infotainment box dies, everything else still works.

Cars already are basically "microservices on a message bus". Let's just use what works with that - minimal coupling and maximum independence of "services"

> Had I been in a less complex car, a local garage could most likely have fixed the problem and sent us on our way. The sophistication and gadgets in modern cars are great until something goes wrong then they fail hard. Small local garages that used to be a life saver are next to useless now as they don't have the tools and knowledge to fix a mobile data centre.

Out of curiosity, what was the issue ?

[hghid]

According to the car, the stability control system wasn't working. Cause? Obviously a broken fuel injector. The stability control system talks to the engine ECU to control the torque if there is a lack of traction - it is notified of this by the ABS computer. Broken Injector=No ability to manage torque, hence traction control warning. Sitting here now, that makes perfect sense. In horizontal Scottish rain - less so!

[uriah]

Unless I’m missing something, it seems that this information largely invalidates the thesis of your previous post. A critical component (fuel injector) failed, the software in the car prevented it from running and causing catastrophic damage. Roadside assistance came, immediately determined it can’t be fixed on the side of the road and towed the car. Seems like a best-case scenario given the circumstances other than possibly the red herring related to the stability control.

[thescriptkiddie]

Assuming that the fuel injector wasn't stuck open, the car could simply disable the affected cylinder and continue to run (poorly) in limp mode. I had exactly this happen in a 20 year old VW and it turned out that the injector was fine and the connector had just come loose. The engine sounded awful running on 3 cylinders and wouldn't go past 3000 rpm but there was no permanent damage. The fault code in the ECU correctly identified the problem (fuel injector cylinder X open circuit) though it did also log misfires and disable traction control.

[ilyt]

Oh yeah, less computers in car wouldn't fix it.

Sure, old carbie with distributor might've just ran with 3 cylinders , but that also might damage something.

Also auto makers don't really want to give user sensible error messages or even just metrics because without experience they might just misinterpret it as different problem.

For example if car have oil pressure gauge it is either nearly fake or heavily filtered. Oil pressure changes according to load but gauge going up and down might cause user to think something is wrong with car...

[ClumsyPilot]

> Sure, old carbie with distributor might've just ran with 3 cylinders , but that also might damage something

A car is not an iPhone - if the car can move at all, it must move.

The alternative could be freezing to death. What if I am driving in rural Siberia, or Canada, and there is no phone signal to call for help?

[pas]

Not all cars are made equal. Just as you don't go to a cross-Sahara race in a car you don't know you, you don't buy a Prius to go logging in Alberta or Yakutsk.

Sure, that doesn't necessarily invalidate your argument, after all this increase in car complexity (through "electronization" and smartification of more and more components) without the increase in debuggability/repairability is IMHO a bad trade-off for many consumers.

Case in point, our second-hand 2011 Ford Focus has a problem with the electronic steering assist. Apparently it somehow experiences some kind of over-voltage and the internal system shuts down. It's likely due to humidity. (So probably it's simply a design/manufacturing/QA issue.) Okay, but there's no way to get the actual data from the integrated electronics from the steering system, but it's possible to reflash a different firmware on it. Which resets the internal data. Which basically clears this error state, and the car will happily use it.

But there's clearly a mechanical error, there's a new "bad" noise when turning the steering wheel. But it's a 10+ year car, rarely used, and replacing the steering system is about ~1000 EUR, doing the firmware flashing was ~30 EUR. (Finding the guy with the laptop, who can flash the firmware through the good old ODB port was the challenge.)

And it's basically a big (market) information asymmetry problem. The car industry wants to sell more cars. Sure they sell some parts, but the more repairability a car has the less parts it really needs, as consumers can make their own tradeoffs.

[hinkley]

My car has a button for traction control. If it’s not working I would expect it to turn itself off and ding, not just halt the vehicle.

[BenjiWiebe]

A bad fuel injector should usually be a reason to stop driving. Depending on the type of damage it would likely damage the piston and/or cylinder fairly quickly if you attempted to keep running it.

[jsmith45]

That would obviously depend on the failure mode. But there certainly are failure modes which could be quite damaging, and an ECU may have limited ability to determine what failure mode is occurring, and even if it has sensors that can indicate certain failure modes, it is not always clear if those can be trusted, as they there be additional failure modes that make sensors give misleading results.

So shutting it down certainly seems sensible.

[ClumsyPilot]

There are situations where you must run the car, even at the risk of damage, because waiting for help is dangerous to the occupants.

[Too]

Cars have a “limp-home” mode which they enter if sensors show odd yet not critical errors. Usually it restricts the acceleration and top speed to 30kmph or so. If it totally shut down it was likely a very serious error.

[danuker]

But what cash grabbing opportunity would the dealer have in that case?

[gnufx]

That sounds horribly familiar! (Old, relatively non-fancy, Ford Focus; it limped along with the failure.) The explanation makes sense, which it didn't at the time, and the traction control button didn't help. The specialist garage initially said "sensor failure", as I assumed, having lost my OBD device.

[bottled_poe]

You know what this car needs? Kubernetes.

[rurounijones]

I know you are joking but I am not sure if you are aware of how close you are to reality:

https://thenewstack.io/how-the-u-s-air-force-deployed-kubern...

[groestl]

Literally taking the software to the cloud

[cpufry]

wow this is terrifying lmao

[davnicwil]

That's a bit overengineered, come on, really it just needs docker compose.

[cztomsik]

Or Erlang... oh wait, that would actually work. We don't want that.

[yellowapple]

A car built on Erlang would break down every 11 seconds but would immediately fix itself so you never notice anything's wrong.

[hinkley]

Supervisors should set Check Engine.

[geodel]

Agree. I am not buying any car not running all software components as Spring Boot micro services in kubernetes cluster as a standard cloud native service.

If this setup can run my 95% uptime enterprise apps, I am sure as hell it can run my car too.

[ilyt]

Most infotainment is already shit code. If same people use more tools the result will just be worse, if they can't even handle a monolith

[djbusby]

Carbernetes. Now with reinvented wheel functionality.

[EntrePrescott]

and a few years later, we get Injecternetes … though I'm not sure if that will be the name of an improved fork… or the name of a security vuln exploit.

[gautamdivgi]

Lol. Reminded me of this - https://youtu.be/cfTIjuW6SWM

Fwiw - I am a kubernetes fan. Just not in cars.

[Spivak]

If you're a k8s fan but don't consider it reliable enough to do anything even next to but independent from safety critical systems then that's not exactly a glowing recommendation.

[gautamdivgi]

Different tech has different needs. I can see it being really great with server side distributed systems. I don’t really see it having any benefit for running stuff in resource constrained single purpose environments

[goodpoint]

And yet it's true. Reliability never comes from unnecessary complexity.

[kakoni]

Well Volkswagen/Cariad is certainly flirting with that idea. https://datatronic.hu/en/containerisation-in-automotive-indu...

[chubot]

Make sure to run at least 2 clusters in case one goes down

[hinkley]

Watch us slowly reimplement Erlang on top of OCI.

[Spivak]

Erlang but language independent is actually a solid pitch.

[alpaca128]

To be precise an incomplete, bug-ridden, undocumented reimplementation of Erlang.

[hinkley]

I keep having to stop myself from implementing an incomplete, bug ridden reimplementation if half of Erlang on top of NodeJS so I see the attraction there.

Worker threads have a garbage API and I keep finding myself wanting to have n processes sharing m workers and there’s just no easy way.

[birdyrooster]

I know you are joking but it’s actually not the worst thing in the world.

[vasco]

Can't wait to have to restart a kubernetes cluster to get sensor metrics from the engine to start again.

[yobert]

You'll need to replace your kubernator!

[LoganDark]

> More software is fine IMO.

A lot of software is created on powerful developer machines. But fill up a normal consumer machine with this software, and you start to notice that it maybe isn't so fine.

This is how things like Electron come to exist. I'm sure Electron works fine on developer machines, but once it trickles down to someone's cheap Celeron netbook, it runs worse than retro computers with 384KB of RAM.

Does it really have to be this way? Is more software "fine", if the same could be accomplished with much less code bloat?

P.S. As far as I've heard, one of the best ways for developers to combat this is to target your software for cheap netbooks proactively; test compiled artifacts there rather than on your powerful development machine. If you can make it fast in that situation, it'll be fast pretty much anywhere.

I once met someone who had optimized their DOOM clone using this method, and they claim to get millions of FPS on any vaguely modern machine, just through optimizing it for cheap netbooks.

[capableweb]

> More software is fine IMO. More software on critical path ain't.

Based on the story in the parent, it sounds like this was precisely a problem with software on the critical path, otherwise local mecs/breakdown service would have been able to fix it rather than give up.

[sidewndr46]

economically, this doesn't work. The cheaper cars will always be those that roll all functions into a single cost center. This is why cars wind up with a horribly awful touch screen in the center for controlling almost everything about the car's function.

[speed_spread]

The ECU wasn't doing the engine thing no more.

[Zaskoda]

graceful degradation ftw