The infotainment system should be completely isolated from the driving system.
Also, batteries may need to be preconditioned if too hot or cold. A lot of EVs let you set your ideal departure time in a widget as opposed to using a remote though.
It can be started just like all the other gas cars.
Although even with full EVs, there's a reasonable concept of a "start". Some even let you essentially unlock and allow driving remotely, even if the local driver doesn't have a key. That's useful sometimes.
I can also put the car into valet mode so it won’t go fast. If I forget the valet mode password I am told I have to buy a very expensive replacement because it can’t be unlocked by a dealer.
This is a OTA vehicle update. It has the ability to update the infotainment, ECU, ECM, TCM, and BCM. Multiple manufacturers have been able to release recalls that fix major vehicle defects (safety, reliability, and performance). That wouldn't be possible without OTA updates that update core vehicle computer systems.
Unclear where this idea that OTA = Infotainment came from. I'd go as far as to say that most manufacturers can do this in 2025.
What does that have to do with OP's comment? And their point is still valid, and OTA update should not be able to brick a vehicle, regardless of the system receiving the update. And regardless if "they all can do it".
If OTA updates can update core vehicle computer systems, in ways that can correct safety, performance, and reliability problems then they can also brick that vehicle.
The manufacturer has the ability to push an update that reprograms computers that control how physical components behave in a vehicle. By the very nature of that; they can push good or evil updates.
You misunderstood what OP was saying. They claimed that an update to the infotainment system shouldn’t be able to brick the other systems in the car. The response points out the car’s OTA update subroutine has access to update every critical system in the car by design. It’s flawed logic to assume that OTA updates only affect the infotainment system.
Because to some people, the idea of an OTA update being allowed to change mission critical parts of a machine automatically without a solid rollback system is absurd, and the best way to do that is to never do OTA updates of mission critical parts at all.
First trip the repairman replaced all of the defroster parts and sensors. It failed again with the same code 18 hours later. The second time he replaced the main board and at least one other part. It now works great and I have effectively a new fridge aside from the compressor for less than $400.
Compressor still has three years of warranty left and we expect to move before then. It can (hopefully) be someone else's problem.
Main idea was locking updates to once or twice a year and resort to HomeAssistant.
It's at 33% execution stage so no idea on the feasibility.
Unusable devices are technically the most secure ones.
> The automaker pushed out a telematics update for the Uconnect infotainment system that evidently wasn't ready
Just like dosage can be the difference between medicine and poison, OTA updates that can fix major safety, reliability, and performance problems can also cause them. The power is too great, and simply shouldn’t be allowed.
Why wouldn't it be possible without OTA? It would just require someone to go somewhere, or do something, to get this installed.
While their assumption is incorrect, your conclusion is incorrect.
Now with hybrid or electrical drives, a motor controller is basically a package that runs its own software, which then interfaces with the rest of the car. And OTA updates can overwrite its firmware.
The only manufacturer that has avoided most issues is Toyota, since they have been doing hybrids for quite some time. Other companies are just starting on this path and to catch up, they can't be bothered to do software deep dives and figure shit out.
> The buggy update doesn't appear to brick the car immediately. Instead, the failure appears to occur while driving—a far more serious problem.
It's not worth it, but it's necessary.
That is what I surmised from listening to the "don't do this until we fix it please" notice from Stellantis from this weekend.
> or something
Maybe do some research into the problem you're confidently asserting was trivial / read the article you're commenting on:
"...others claim to have experienced a powertrain failure at highway speeds."
https://www.reddit.com/r/Jeep/comments/1o47064/jeep_4xe_shut...
There's a reason their slogan is "(you don't understand), It's a jeep thing"
They're a lifestyle product and have been for decades. Most of Stellantis is.
Hah, curious to think that cars now have bootloaders...
Because they work fine without them.
If any car could be the champion of OpenSource, it is a Jeep Wrangler, but they're using an OS made by SiriusXM for some reason.
I don't know that anyone has broken the head unit firmware though.
My Mazda 3 (2018) just had a class action lawsuit for its infotainment system which, completely at random after years of normal operation, starts clicking on menu items and scrolling about the settings (only to stop and not do it again for a couple of months). It can get so bad you just have to disconnect any devices and drive in silence/with the AM/FM radio.
With cars, you don't get to get a new device, it has to be consistent and keep working and you had better make it all work with a skeleton crew.
Gotta remember that the car radio has always been a cheap gimme.
Not really. Some of the hardware that you could get in the 1950s-1970s timeframe was great. Heavy chrome knobs and bezels, permeability-tuned front ends with separate RF stages... electromechanical mechanisms that seemed like witchcraft when I took them apart as a kid, and would still be cool to play with today.
I know software and embedded systems well enough to know all of the issues I found were preventable, if anyone cared.
The car seems well built in many other respects. It doesn't look like the problem is engineering ability.
(See also: Set-top box GUIs that are painfully slow to render menus, scroll, search etc. on hardware that I know can render 10-100x faster when programmed to.)
But it was still a surprise to see this a lack of attention to detail in the infotainment system, in a car where the brand itself is all about giving a lot of attention to detail in everything else that's visible, the comfortable mouldings, pleasant interior lighting, different kinds of cup holders, nice place to wirelessly charge your phones, seat controls and sensors, etc.
Tesla was revolutionary because they actually had inhouse software developers, who could build software.
Our OTAU architecture uses A/B system updates [1]. Core idea is that both the kernel and the rootfs (read-only) partitions had 2 different bootslots in storage, and the OTAU would only write to the bootslot that is unused. Hence, if something went wrong, the system would automatically fallback to the previous version by just switching the bootslot used. Over the numerous years that that architecture was used, I couldn't find a single post-mortem that resulted in devices being bricked. Something to note is that the rootfs partition was overlaid with a writable partition for persisting state data etc.
Now that was a $two-figure USD device, not a $5/6-figure USD electric SUV. Is this a cost-cutting measure? At those price levels, doubling your NAND size is not even half of a percent of the total cost of the vehicle.
Unless there was a serious issue that the used bootslot corrupted the unused bootslot, then I don't see how this could have happened.
It's saddening that car manufacturers are so unserious about the code they're deploying.
I'm curious if failing to do that opens Jeep up to legitimate lawsuits.
It's totally possible that the update corrupted the other bootslot as well. If those blocks aren't off-limits to the updater program, it's just an off-by-one error waiting to happen. Slot 0 or slot 1?
Another possibility is that the updated version booted up just enough not to trigger the automatic fallback, and then got stuck in a loop.
Could just be a competence and priorities problem. If it's cost cutting, it feels way more likely that some PM cut some story from a sprint to hit a deadline (and objections were either not raised or ignored), than they did some engineering analysis and explicitly decided to save $3 per vehicle by cutting the NAND size.
Edit: Actually, I don't think that technique would have helped, the problem wasn't a botched update, but a seriously buggy one. From the OP:
> The buggy update doesn't appear to brick the car immediately. Instead, the failure appears to occur while driving—a far more serious problem.
That and combined with general refusal of new automotive bootloaders to downgrade. You can go only up in versioning. So even that you could have working version on second partition, it will never get loaded because it has lower version than currently one you are running.
The only American-made vehicle that sold in any volume outside the US was Tesla and that is already over.
What could easily have happened is that the negotiators didn't include A/B updates in their spec, or they only specced A/B updates at 1GB OTA size.
They do their usual hammering on price, and the head unit or ECU manufacturer gave them some savings by cutting storage space to the bone.
Maybe it was still enough for A/B updates, until the usual software bloat took the updates past the critical limit.
They could still do a safe update by doing an A/B/A update (where B is a shrunken, update-only OS), but that requires development time, and the engineers should already be working on the next vehicle.
(Most computers in a car don't need duplicate partitioning because they can be bootstrapped from a central computer)
We just never bothered to develop a new term. Maybe 'soft-bricked?' 'Semi-bricked?' I would like journalists at least to start using more accurate terms, but 'bricked' I imagine gets a lot more engagement and ad impressions, so here we are.
https://en.wikipedia.org/wiki/Brick_(electronics)#Soft_brick
The big auto OEMs are just as sensitive to absolute BOM cost optimization, regardless of the percentage increases. I don't think this was a bootslot issue though, regardless of the word "bricked". Even as backwards and ill-advised as auto software can be, generally accepted practice is that updates are impossible while the vehicle is in motion. This is usually enforced by systems shared across multiple OEMs through the tier system.
The situation sounds more like a disastrously buggy new firmware.
I wouldn't put either past stellantis though. The auto industry already scrapes the bottom of the proverbial barrel sometimes, and stellantis isn't exactly known for their top of market compensation.
How has your experience been?
There are some minor annoyances with the software, but their infotainment system is better than most. I was surprised when I test drove some other brands and the UIs in NEW cars were visibly dropping frames.
The only bummer is that they're more oldschool than brands like Tesla/Rivian when it comes to software updates. When a new generation of the vehicle comes out, older cars don't get feature parity with the new software, just maintenance updates. There's a few inexplicable bugs that have never been fixed in my car and most likely never will. None of them are show stoppers, just irritating.
> When a new generation of the vehicle comes out, older cars don't get feature parity with the new software, just maintenance updates.
That would be nice yes, wouldn't it? A man can dream..
1) Total cost of the vehicle does not matter. What does matter is the operating margin. Half a percent of the total cost of the vehicle will move them from 2% margin to 1.5% margin. (Ford has operating margin of 2% as an example)
In other words an increase in 0.5% cost of total vehicle will reduce their profits by 25%.
That’s a huge number now! Note also that car manufacturers are in a bad spot because their volumes are fairly low (smartphone = 1M/yr, car = 40k/yr) and have harsher requirements for chips, driving the cost way up.
2)AB updates are great, but they can still fail or get soft locked. Especially important around code when you configure the slot to be good and when bad.
It's also more dynamic than your presentation. They have a little bit of pricing power, so a small increase doesn't all come out of the margin.
I’m not sure on the pricing power. If they had more leeway on making car more expensive why not set it to that point in the first place?
It definitely reduces the risk of updates, but it absolutely doesn't eliminate it.
The A/B updater itself is a surface area - especially if the logic is complex and there are other child devices that are updated at the same time (likely for cars). In that case you're not just coordinating between two independent partitions, you're coordinating between 2 * N partitions, half of which have dependencies on each other.
Also, the key bit of the mechanism is that upon successful boot the new partition is flagged as "good", which causes flags to be set to assert that the update was successful and the backup partition is no longer needed. That logic can (and does) fail - if your failure point occurs after this checkpoint you're hosed still because you're past the point of no return.
Making that worse is that in most systems you want the "it's all good" checkpoint to occur early - you don't want to, for example, wait multiple minutes for all user services to come up. But that also means that if a critical failure happens in said services, you're past the checkpoint.
That's the hard part though.
It's shockingly common in my experience to have an A/B boot setup, but no actual logic in the userspace application to switch back to the other partition if something goes wrong. It's just a defense against somebody pulling the plug during the OTA, it doesn't protect against software bugs at all.
They implemented a dual redundant system similar like the dual BIOS for motherboard since 1999.
https://teslamotorsclub.com/tmc/threads/tesla-software-updat...
Even if every software update was perfect, you would see individual stories like the one you linked to. There are millions of Teslas in the world, and they all get updates frequently, so a hardware failure will sometimes coincide with a software update. If a bad update were shipped to customers, it would be a story similar to this Jeep issue: thousands of cars affected at once, lots of furious customers, and news articles about the failure.
Luckily we were near a location of the rental car company—rather than deep in the middle of nowhere where we were headed—and exchanged it for another of the same model, which was all they had available. The next 1000-something miles we drove were filled with endless weird glitches:
- When a passenger plugged in their Steam Deck in the back, the entire infotainment system cut out and went black, including the instrument panel, and then started glitching in and out until they unplugged it.
- When parking, the driver's seat would retract slightly to make it easier to get out, but it never moved forward again, so the seat would get further back at each stop until it was manually repositioned.
- The entire drive the system flashed an un-dismissable error about a rear seat latch, which seemed completely functional.
- The TPMS light went on and off periodically as it seemingly lost and then regained signal from one wheel or another.
- The system flashed errors related to the automated cruise control being unavailable/broken at random times.
- The electronic parking brake kept applying itself while briefly paused in parking lots.
- There was something inscrutably wrong with the climate control that we never really figured out where sometimes it'd just get hot inside the car despite no change to the AC settings.
When we got back I found tons of people online talking about similar (often worse) issues. Incredibly terrible for any new vehicle, never mind one that costs $80k.
Still there is no excuse for how terrible the electronics are in Jeep / Dodge (I'm assuming all Chrysler) vehicles. And it's been that way for decades.
I have a somewhat bad back and want something that I can occasionally work from, so a big space, comfy middle seats, a wide center console. Car makers for some reason refuse to make essentially a Tahoe but shorter wheelbase / 2 row which would be ideal. Instead you have to go with the full size to get full-width.
But out of those, only American brands seem to understand the utility of blocky interiors. Armada and all the Japanese and Korean large SUVs always use swooping rounded edges which really reduce utility.
But the American brands are all less reliable and struggle with consistent quality.
I rented a Jeep Liberty or Compass circa 2018 whose headlights were permanently in DRL mode: couldn’t turn them off or on. Fortunately I didn’t need to drive at night.
In 2017, rented a 300 with 500 miles on it; the infotainment was completely broken, which hosted the controls for the seat heaters and temperature setting. It was well below zero in Minneapolis but we had to drive around with our windows down because the fancy climate system defaulted to max heat blast + max heated seats based on ambient temperature.
Long ago I had a 1996 Neon where the wiring harness started to fail, and the speedometer would stop working. Later on the oil light would come on despite oil pressure being fine. Eventually the entire car just quit running at all at random - nothing but a dim oil light. I sold the car for scrap for $65 since I got tired of being randomly stranded.
So what I’m saying is that it sounds like Chrysler has managed to actually keep doing the same thing for 29 years: electrically unreliable vehicles.
The point is that stable ground connections are notoriously hard on something that by design shakes, rattles, and rolls with all of the vibrating and bouncing on our "modern" streets. It's also a very easy thing to misdiagnose unless you're a mechanic that specializes in automotive electrical systems. It also takes time for new year models to display their warts enough that non-dealer mechanics gain experience repairing them.
Back in the day I was buying these, around 2005' or so, for $300-400 non stop and repairing that, the dash that cracked and misc cosmetics.
They were great cars, the R/T model in manual was fantastic in gas, reliability and safety (sadly crashed it.) but boy was 16-20yr old me happy with these neons. Can't believe they sold shy of $9,999 when new (for base of course)
Just reading your post took me back 2 decades, wow.
In late 2000s, the problem was finally fixed by Dodge switching to a multi-layer steel head gasket. They had previously used a cheaper option. No more oil leaks.
Gotta love penny pinching.
Absolute dogshit cars. Mine ran better when you first started it up in the dead of winter at -10f because then the tolerances were actually good! Once it warmed back up it ran like shit again.
They handled outright abuse very well though. My sister drove it up state to deliver it to me for 400 miles with zero oil and she does not drive slow. It once threw the alternator belt while I was driving and I couldn't understand why the electrics were acting so weird, at least until I turned off the windshield wipers and headlights and CD player and things worked better. The OEM belt we bought to replace it basically did not fit and we had to move the alternator to the absolute extent of its travel to make it work. But work it did. It also never ran on more than 3 cylinders except in the freezing cold.
Probably one of the best "For your young child" cars ever produced. That was before everyone had to armor up little Timmy in a Pershing Tank though, so now we all suffer from worse roads, more expensive cars, and lack of tiny car market. It was weirdly good in the snow, which is funny because the tires were $34 at walmart, but it weighed almost nothing so it didn't need traction.
This is AWESOME.
October is SPOOKY month for Stellantis software, apparently.
Overall it sounds like changes were applied, internally, and not reverted - as if they changed something in the Transaction handling for multi-step car systems updates.
You mention something about it continuously getting hotter ..
> it'd just get hot inside the car despite no change to the AC settings
.. which is also f'in nuts.
So of course every hour when the boys weren't paying attention POP the driver would unlatch their seats and headrests lmao
Horrible safety guardrails but a good time was had by all.
- As of Monday 8am ET, zero legitimate communication from any Jeep-related accounts on any social media platform, or any other form of acknowledgement from the company (unless I've missed something?)
- I only found out about the issue after finally searching a few Jeep groups on Facebook (of all places) to see if anyone else was experiencing the weird failure mode I was after the update.
- The only remotely-official info was from a 'JeepCares' account (which is ran by Jeep) on some random off-roading forum? We were seriously all living off of screenshots from this forum, and the advice coming from the JeepCares accounts was contradictory: they claimed that the Uconnect update was separate from the telematics update, and that there was no way to stop the telematics update if the vehicle received it. Later they gave advice to defer the Uconnect update, making it sound like they were coupled.
- Due to the lack of info from Jeep, people were coming up with all kinds of "if you reboot Uconnect while the Jeep's in ACC mode, it clears the check engine light". This probably did clear the CEL but didn't fix the fault.
- There is no way to tell if you received the bad update.
- There is no way to tell if you received the 'fix' either.
- Dealerships have literally no idea what is going on.
- You're basically at risk of your Jeep going limp (power loss, unable to safely make it to the shoulder) and being stranded on the highway, even as I write this.
However in classic Jeep style they just can't get reliability down, and the PHEV part seems too complicated for them.
If it was just reliable it would still be the best selling PHEV in America, they let that go.
There is no sign of the 2026 Wrangler 4XE it might be canceled like the Gladiator version...
The times that I have been given a jeep rental while on vacation or work trips have always left me disappointed with the vehicle.
I really like the vehicle, it has served me well and taken me many interesting places across the country, along with daily driving. I tow it with a RV and its one the few that can do so now days, plus its extremely capable offroad.
The 4XE is very alluring, much more fun to drive (I have rented one) and I could charge it off home solar and still tow with RV (the only PHEV thats possible to do so). If only it was reliable...
I have no idea what I’ll buy when my 11 year old toyota finally retires.
I worked in an auto supplier years ago and there where several protections in place to prevent the risk of update corruption on safety related components. One of the simplest one the UDS programming session having entry protections related to vehicle speed, vehicle driving mode, etc.
I believe crowdstrike's update was on a Friday night as well.
Unless its a serious security bug, it can wait for not only for better QA testing but also for next Tuesday. Read-on Fridays need to be an industry-wide thing.
The working class lately seems more focused on 'culture war' issues and not economic or material or consumer or worker's rights issues anyway, so we're probably as far from any kind of regulation reform in software as possible. I remember a couple decades ago FOSS as an ideal seemed stronger and you had people like Lessig pushing hard for IP reform and Swartz and others for 'information must be free' honest-to-goodness mainstream movements and all of that seems to have went nowhere and is somewhat to very unpopular today. When was the last time you saw a populist movement towards liberal tech reform like this? Outside of some edge cases like medicine or power generation, the regulations here are purposely kept weak because that's what the wealthy desire.
Maybe our kids or grandkids will have this after the pendulum swings back, shrug.
But the whole point is, regulator wont have teeth. They have teeth when politicians back them. And as of now, politicians back billionaires and deregulation. Wall street hates regulators, billionaires hate regulators and sizable part of population prefers people dying if it means they cam hurt libs and ennemies.
They are doing to cars what electronics manufacturers did to TVs - taking an already-solved UX problem and destroying it with poorly made software in the name of progress.
This seems extraordinary.
I was going to ask: Are you really saying they kill the vehicle's power system, effictively the engine, while the vehicle is being driven on the highway?
But no need to ask, the article says yes, that's what is reported:
> Instead, the failure appears to occur while driving—a far more serious problem. For some, this happened close to home and at low speed, but others claim to have experienced a powertrain failure at highway speeds.
Wow.
It seems that the ability to trivially roll back any update would be a better choice, at least for this. (But I'm sure there are downstream effects I haven't thought about if that were implemented.)
Giving user’s control over when the update runs allows them to be in a safe and secure setting when that update happens. Allowing them time, gives them and Jeep the ability to slow roll the update so they can halt it if initial feedback is negative.
I say this as a Mac user who does not allow auto updates for MacOS. I wait a week or so until the chatter validates it as non-breaking. They pushed an OS update several years ago that broke a few things I rely on. So I don’t trust them now, but these things just happen on OS’s with third party software. I expect it. But, I also don’t want to be forced to deal with the headaches immediately. I’d rather let the third parties run updates and advise how to deal, before I have to dive into fixing things. With car firmware, there’s really no excuse for this except poor engineering / processes.
FTFA:
> The buggy update doesn't appear to brick the car immediately. Instead, the failure appears to occur while driving — a far more serious problem
And from the GP upthread:
> There is no way to tell if you received the bad update.
> There is no way to tell if you received the 'fix' either.
Many security compliances require auto-updates to be on. It's thought of to be a lesser evil, because many (most) users never update their OS/browsers, which is worse.
If there are security related updates where the risk is severe then they may auto update.
This does not fix any QA process that is broken. And frankly you should not need to update any control unit firmware after it is sold. The fact that they're even doing this is broken.
Unless your Mac is somehow attached to 5000 pounds of metal going 65 on the highway, the same standards should probably not apply.
Oh you sweet summer child
The NASA space probes are constantly uploaded with new software that has greatly increased the scope of their mission.
If they didn't make "safety" right from the first time, why do you think they will do it better the second time, when the fixes are more expensive and the time pressure is enormous ?
...all of which is just an excuse to show this great picture of Margaret Hamilton [1] lead developer on the Apollo guidance system standing next to (and slightly shorter than) the printouts of the source code https://en.wikipedia.org/wiki/File:Margaret_Hamilton_-_resto...
[1] Who was admittedly quite short apparently
I've worked on some interesting software with lives on the line as well and the amount of test code absolutely dwarfed the functional part. I wonder whether at the time of the effort you linked that was already common practice and if it was what the fraction of that code was tests.
Assuming she's 1.65 meters tall and 66 lines per page (quite common back then), at 0.2 mm thickness per page that's 8K pages times 66 lines / page is ~550K lines. Pretty impressive!
The idea that one can create complex bug-free software is a fantasy. The correct mindset is to learn how to deal with failure. (This is how airliners are designed.)
As for cost, surely you can ask Ford's lawyers who worked there in the 70s to give you a good calculation on life vs recall costs.
That is why Samsung push update to disable note 7 even after recalling them.
In Germany we let the Kraftfahrtbundesamt handle this. You are required by law to keep your address updated with the authorities, and all vehicles have to be registered to get a license plate. When a recall for safety reasons happens, the Kraftfahrtbundesamt writes a notification letter, and if you do not respond in time with evidence of having the recall issue remediated by a qualified shop (or doing it yourself and getting a sign-off from a licensed inspector), eventually they write to your local DMV office that can ban your vehicle from the roads, and if you miss that the police shows up at your home and physically removes the license sticker from the table.
And heaven forbid you get actually caught driving the car after having gotten the notification letter from your local DMV. That's automatically felony territory. Our authorities really, really do not mess around.
[1] https://www.kba.de/DE/Themen/Marktueberwachung/Rueckrufe/rue...
No. You test it. And release it if and when it is fully tested. (you know, V-cycle). But we are Agile now and testing is expensive.
Let’s not let perfection obstruct progress.
Yup, my test is not perfect, but "Let’s not let perfection obstruct progress".
In all scenarios, tricky bugs will happen. Something inconceivable will go untested. But that’s not what happened here. This is basically functionality being lost that very obviously should have been tested.
In that sense, they could have made progress. Nobody is expecting perfection. You seem to be hung up on the distinction
I would bet most updates, especially from a company this bumbling, will be more along the lines of increasing telemetry or pointless UI changes than releasing actually useful features and bug fixes.
I certainly wouldn’t accept one while I was still driving the car!
The solution here is that the manufacturer needs to test their damn update before any of their customers get them.
Huh ? What a stoopid idea. Who would protect your security ? Who will protect the children ? /s
OTA software updates should be a convenience, not a requirement, never be automatic, and be otherwise treated just like a visit to a car repair shop.
Similarly, no manufacturer should be able to tell you "oh, but it's a software problem" if your thing doesn't work as expected (I had Apple tell me this, for example).
In this case, it appears somehow that an infotainment system update impacted the drivetrain. In my fully "fly by wire" computerized vehicle from 1999 (M-B E300), even if it somehow could receive OTA updates, these systems are physically separate. The ABS system is a different module from the transmission controller, which is different from the engine controller. They all communicate over CAN, but the only way one could crash another is if somehow it responds poorly to incorrect CAN messages.. And even if these computers crash the mechanical components they control will probably keep working more or less.. What has happened in the intervening quarter century that made it possible for this failure to happen?
Well, they should if they provided you with the hardware and you got the software from someone else. But that's the other problem: They prevent you from doing that, and then if their software is crap or they decide to turn off the servers, what do you do?
Watch for some carmaker to try to say that the car only had a 10 year warranty and then brick them by turning off some servers after they're over 10 years old, or just go out of business with the same result. It's a travesty that people even put up with that for electronics.
I do not see reason, why CEOs of big companies should be exempt from this!
If bus driver makes mistake, or someone drives drunk.... They get punished. This is the same thing!
The current regulations are written for a time where cars didn't have rolling computers in them. And even then, the regulations don't account for Tesla-style linked systems. So I say we do need new regulations.
No way. Testing is expensive. /s
This has happened to me twice with a Nissan Leaf. I paid money to get a read out from the computer system, and there were no timestamps on the screens of data.
Modern cars "computers on wheels" are dreadful.
Is it possible to disconnect the power from the radios used for "over the air" nonsense? Then at least they would be stable.
I've read online that for some cars, you have to dig deep inside to disconnect the cellular antenna.
I'm a little more lucky. On my car, you can pop out the SIM card from a slot in the ceiling, behind the rear-view mirror.
This assumes you haven't given your car access to your home WiFi. (Some people do this so they don't have to pay for a data plan for their car, and it kinda sorta "syncs" when you get home.)
It will throw a perpetual "check engine" light and disable the hands-free microphone, but OVMS users have made a "dummy TCU" that gets around that annoyance.
I have the opposite problem. The specific infotainment system update I need requires a $200 visit to a dealership with a specific model of a USB 2.0 SanDisk Flash Drive (NI-52727-1). Not available OTA despite the Leaf's OTA capabilities.
Buying a modern car seems to come with too many strings attached these days.
> The buggy update doesn't appear to brick the car immediately. Instead, the failure appears to occur while driving—a far more serious problem.
> My 4xe died in my driveway on Saturday after the update.
It seems not driving bricks as well.
https://www.wired.com/2015/07/hackers-remotely-kill-jeep-hig...
A GPS update kills your entire powertrain. Appears to also engage parking for some users, super dangerous. Catbones, "Almost died on the thruway today ... with an 18-wheeler behind me. ... Jeep died, locked its hand brake and jolted so hard my face almost ended up in the steering wheel at 70mph." [1]
[1] Wrangler 4xe forum, JeepCares and Catbones accounts: https://www.4xeforums.com/threads/wrangler-4xe-ota-update-10...
Personal bet: Jeep accidentally enabled the remote kill switch for repossessing automobiles. [2] Possibly the "impaired driver" kill switch. [3]
[2] Stateline, Late Payment Kill Switch: https://stateline.org/2018/11/27/late-payment-a-kill-switch-...
[3] Trackhawk, Federal Kill Switch Law: https://trackhawkgps.com/blog/kill-switch-law
It probably does. We just don't notice.
> Our industry is a complete joke, and somehow we've been given responsibility over people's lives.
Amen to that. kqr made some choice comments the other day in that thread about the airliner that came to within a hair of crashing due to running out of fuel. Thinking about risk is not a skill that we're born with and it is always sobering to read the 'risks digest' for a bit and to see how thin the ice really is.
I don’t know what will turn out to be our penicillin, or our Joseph Lister, but in 1960 the former is something that didn’t exist when older doctors were in school, and latter had only been dead for fifty years. It may not have happened for us yet.
Like I said we are still young, so it feels sort of arrogant saying we have figured something out when I know how many things are industry standard now that almost resulted in shouting matches trying to get done even 20 years ago. Maybe our soap moment is coming up ten years from now.
But I suspect automated testing may be the wash your hands, because it represents a sort of hygiene that “we” used to just say fuck it or make a minimal effort.
[1]: https://en.wikipedia.org/wiki/Assassination_of_James_A._Garf...
I do not trust them and never will. This is the #1 reason why every car is buy is just a car. I do not trust techbros with devices that can kill you, especially cars.
"Move fast and break things" is not really a virtue when the thing moving fast is a two-ton hunk of steel and the things breaking are people's bodies. Getting the easier stuff right but then then also killing people isn't "doing better" in my opinion; sometimes it's better to have a lot of lower magnitude failures than infrequent but catastrophic ones.
Autopilot aside, though, the regular boring car software bits are rock-solid, and I've never had an issue with using it or after an update.
Citation needed.
In the early days of autopilot/FSD most of the fatalities were people doing stupid things like watching a movie or sleeping in the back seat. That's why it now has to monitor your face with a camera to detect whether or not you are watching the road - to stop people from being idiots.
However we must acknowledge that any change in the automotive space is going to lead to problems and some percentage of those are going to cause injuries. That is the nature of cars. They do not have the certification standards of aircraft nor the training of pilots. They can't and they won't.
It is also inevitable that autonomous driving is going to make different mistakes than a person would make. On a miles-driven basis it still produces fewer accidents and injuries than human drivers.
The entire box it’s on isn’t powered while the plane is in motion (“wheels on ground”). It’s shut off before preflight and doesn’t turn back on until the plane is on the ground. The service my code is part of is responsible for queuing updates and downlinking telemetry. Updates are manual and obviously you can’t run them while in motion if the box they are on doesn’t even have power.
Cars probably don’t have to go this far, but there’s a continuum and they’re clearly in the wrong part.
Airplanes are required by regulation to have a backup of all software to operate the plane, presumably so that a plane can’t get stranded by an emergency landing requiring system resets. What we built replaced a physical folder full of floppies or CDROMs taking up space in the cockpit. Some of my coworkers insisted it was for weight but I’m absolutely sure that pizza box server weighed more than the book.
My anecdata is that my car won't update its software without the owner explicitly requesting it. And then, it will only do it if the car has something like 50% charge, hasn't been used for an hour, and nobody is inside.
I once tried to do the update while I was inside, and it refused.
I can't speak about other cars, but my EV has nothing you can unplug. It's not like a regular car where stuff is exposed.
All it has under the hood is a storage space for charging adapters, a first aid kit, and a cap for the windshield washer fluid.
Even accessing the regular 12V battery takes a bunch of time and tools. The manual states several times that it should never ever be used to jump start another car, though it doesn't explain why.
Under time pressure and confirmation bias they signed off on code that was giving off signs of being broken, pushed it, and now key staff are either on airplanes, out of coverage on their phones, or cannot work entirely from memory and don’t have their computers with them because vacation.
If you knew upates were occurring why didn't you stop them by not allowing internet access and or disabling the web/net hardware?
I find it very odd, I never allow any hardware unfettered internet access let alone update its firmware. Experience has taught me that that's a recipe for trouble.
https://www.stellantis.com/en/news/press-releases/2025/octob...
I own a Land Rover and their system software also ("Pivi") seems to have tons of little quirks and issues.
Sometimes the cameras won't work unless you restart Pivi. One time, the entire car wouldn't respond to locking (via the app, keyfob, in-car buttons) unless you disconnected the battery and waited ~30 mins. Many people complain that they can't even successfully upgrade between Pivi releases. It'll error out a lot of times and they have to restart the process.
(Would be interested to know the kind of tech they're using if anybody's familiar with it!)
My recollection is the hardware was intel, as they had some sort of partnership there, linux for the OS, some distribution specific to the auto industry, and the infotainment itself was just a Qt app.
[Edit: a commenter notes that Jeep’s parent has recently mandated LLM usage in development. Let’s hope these two are unrelated and that we aren’t going to start seeing more catastrophic failures like this over the next few months as people work out the limitations of this sorcery.]
Bricking a car with an over-the-air software update is stupid and unacceptable behavior. Stuff like this is why I'm actually kind of happy to be driving a 20 year old car still.
The way to deal with a bad update is to have another image of the software in ROM (so it cannot be altered) that can be switched to. This backup program may have reduced capability, but it should be able to get you home or to the dealer.
> nor does every system have a backup.
Every flight critical component and system on an airliner has an independent backup.
1. No firmware update,
2. No OTA updates, you get what you paid for;
3. No internet access;
The most important thing:
* Standard key (AU version), no keyless ignition!
As it stands now, any car that is keyless ignition can be stolen by OBD devices sold at eBay and AliExpress.
The newer the car, the worst. Toyota new cars in Australia are being stolen by drilling its passenger door which grants you access to the OBD located on the passenger side, hook the OBD device that cost less than AUD50 and you are driving an over AUD100k car away like you own it.
I am not even getting into cars systems have zero security, I remember watching in early 2000s, a hacker taking control of the reporter's car while on a highway and made the car stop. The reported had to change his underwear!! Things got a lot worse 25 years later.
Back to Jeep 4XE Hybrid cars, they are 2025 models and people bought it even after everything that is going on around Jeep. It is hard to blame only the company on this.
Me being in FREEDOM USA FREEDOM I cannot drive one of these as Suzuki isn't doing business here anymore .. since 2010.
Enjoy yours, though !!
Apart from frequent glitches and failures, the last straw was the incomprehensible logic of the seat lumbar support mechanism. It's a pneumatic bladder that you can inflate/deflate to your liking. When you stop the car, driver's lumbar support just starts deflating to 0. If you open any door or trunk, it starts inflating back again, and not to the original level, but to a seemingly random value. The front passenger's lumbar support stays as is and does not behave this way.
I bought the car with this optional extra "back doctor association approved ergonimic chairs", ironically.
The hybrid system was also glitchy as hell, turning on and off randomly. Opel claimed this is normal and there is no way around it. I had other PHEV hybrid cars after that, from different brands, and none of them behaved like that.
I will never buy any Stellantis product again.
Seems like a car company that should be avoided.
omneity•3mo ago
onei•3mo ago
[1]: https://en.wikipedia.org/wiki/MISRA_C
sosodev•3mo ago
dyingkneepad•3mo ago
CivBase•3mo ago