CTRL+ALT+DEL?

False analogy. An automobile is not a deck of cards or the proverbial fair coin. Its components do not fail by chance or in random distributions. They fail due to actual, physical defects which can be identified. So naturally, the cars do not have an equal possibility of failure. The cars which have the defect are fully capable of the failure, and responsible for 100 percent of the true incidence rate, while the cars without the defect are absolutely incapable of the failure, and responsible for 0 percent, regardless of the so-called "odds."




The odds of what being the question. Far more valid to employ relevant data, obviously. NHTSA, for example, can employ the data you suggest to determine there is a potential problem, but it is useless to Toyota in actually locating the defect. Also useless to Toyota owners in assessing their individual risk. For the owners of some years and models the risk is far, far greater than the so-called odds indicate, as you can see.

Complexity is not the issue for me. By my totally personal measure, SBW is oh, perhaps half as complex as the typical electronic transmission, hardware at least. However, it is meaningless to compare their potential failure rates as the consequences are very different. With a catastrophic failure of the transmission at 70 mph, the car rolls to a stop at the side of the road. With SBW... well, it's going to be big. The complexity of the system does not scare me nearly as much as the utter simplicity of a failure. Ground wire falls off. Right then, we'll put on two. The comparison to air bags also fails. When an air bag fails it simply stops working. When SBW fails, it simply stops wor...oops. There is no safe default.

More than complexity I am concerned about competence. The industry does not have the skill, discipline, or judgement to design, manufacture, and service SBW. It's not easier to do than say, aviation fbw systems. It's actually a hell of a lot harder.

I do not profess to understand all the advanced QC stuff but may I just give two analogies to try to add something to the discussion

1) when Burt Rutan built Spaceship One he stuck with mechanical flight controls rather than fly by wire as his team viewed FBW as too demanding and resource intensive for the project. They also discovered a strange phenonomen in that the GPS system they did use for navigation failed at high altitudes since the vehicle was in such a position 62 miles up versus the GPS satellites that it lost satellite tracking and had to be rebooted. Now if you think about it afterwards that could beunderstood a failure mode but the problem is thinking before note afterwards. It could have been fatal if FBW was linked in any way to the GPS under auto linkage.

2) In an entirely different situation once upon a time the Bank for International Settlements (BIS) which lays down many global banking rules had a set of rules called Basle 1. This basically said all commercial banks had to keep tier one ( real equity ) funds of at least 8% of all loans ( assets). Then the BIS spent years in the 1990's coming up with Basle II which said that if big banks had sophisticated internal risk analysis tools they could go below the 8% safety limit ( i.e lend out more funds versus their own capital so to increase their ROI). As the biggest and best banks like RBS in the UK and Citi in the US etc. had masses of maths Ph.d's doing very clever risk modelling they would be free to increase risk becuase their models would make that "safe".

History has now shown that the models didnt work well and the credit crunch was partially a result of using models to "justify" higher risk. Now Basle III will go back to basics!.

I think the point is that in 1) Rutan decided he didnt know everything and already had a lot of risk with a limited budget so used KISS. In the case 2 of the banks they convinced themselves that they were so clever that they could push the envelope, the problem was that they did not have the actual database to prove the models would work at the limits of testing and , guess what, they did not work.

Going back to Toyota they have a lot of clever engineers, are the biggest and best etc. but somewhere they missed something critical, so I can respect FMEA analysis etc. but I also suspect it has limitations so sometimes the engineers should say "NO" we are not infallible so lets not try it ( per Rutan's decision).

Not only can we identify it but we can quantify it.

If Toyota's reported failures represented only 12% of the total reports to the NHTSA rather than 40%, their sales would not have declined by 15%.

I wanted to give everyone else a shot at this one but no one volunteered so here's what's wrong with it. The wipers can be manipulated by hand because many newer wiper motors do not employ the classic worm gear and thus the mechanism is reversible. That part is normal operation. Meanwhile, this is a permanent magnet motor. When you rotate the armature it becomes, voila, a permanent magnet generator. With the ignition switch is turned off and the wiper switch on, when the driver works the wiper arm by hand, a current is backfed to the starter relay and the truck tries to run over his foot. Which tends to have a negative impact on customer satisfaction, needless to say, but fortunately there is a very simple fix: a ten-cent diode in the line.

Now here is the interesting thing about this problem: Did the designers ever foresee that the vehicle would exhibit this behavior? Hell, no. Obviously not. Can we reasonably expect they should have? Not really. Could the potential for this malfunction ever appear on an FMEA spreadsheet? Pwah. Could the testing and signoff process uncover the problem having never seen it before? Not a chance in a million. Once the vehicle was in production, did the ongoing quality control process capture this anomaly and wrestle it to the ground? No evidence of that. When confronted with the problem, was the Isuzu dealer able to offer any information or assistance? No, they were as amazed as anyone.

And this is the simplest of systems -- a wiper motor. And we are going to build vehicles with fly-by-wire steering? Really?

In a way, it makes me think of the old thermostat system.

In the G.O.D.s they used a bellows thermostat, which failed open; now they use a wax pellet system which fails shut. Which is fail safe?

My race mechanice, and a damn good mechanic too, used to whip the thermotats out of every car he owned, drill a few holes in the periphery to allow some flow when the thermostat was closed, at the cost of a slighly slower warming-up. He never blew an engine. But my Toyota Camry (funny about that) I had two thermostats fail in a remarkably short time, fortunately the engine itself was tough enough to survive despite steam venting wildly (did I mention the actual thermostat and temperature gauge sensor are in the bottom, inlet coolant pipe to the motor instead of the top where it's hottest? I got exactly no warning that the engine was boiling.)

Fail safe. Repeat after me. Fail safe.

EDIT: Due to that last can of beer in the six-pack my typing is a touch dodgy. The other five were no problem.

The shuffled deck of cards is usually not random either, if you think about it. It's just a result of some card manipulations, and yet we have no problem with assuming that the cards are in random order and applying probability theory to them.

The key insight is that no one knows how the cards came to be shuffled, so it's not fallacious to assume that the order of cards is random as far as we're concerned. The ace of spades had to have been put in one particular spot by all those shuffling manipulations, but you have no good reason to assume that it's in one place with any more likelihood than it is in any other place. I'm going to let you work out how that translates to the question at hand regarding one's own risk of having a lemon Toyota.

Of course, it shouldn't be the end-all be-all for the engineers. Their job is to find explanations for events that at present appear to be random and unpredictable, so that they could control more of their environment. However, before the apparent randomness is explained, it's perfectly valid to assume that it is indeed random, because no individual has a valid reason to assume that their "true odds" are worse or better than average.

No Ray Bell your account may most certainly be truthful, but wasn't the SUA experienced by your sister and she in turn narrated the story to you? Or is your entire family cursed with spontaneously accelerating Toyotas? AFAIK your sister did not even bother registering a proper complaint and escalating the matter suitably. The acceleration(s) experienced by her are not even part of any statistical database (aka 41 complaints in USA alone, Australia.....?).



The police investigation was already concluded and the man read about it in news. He then came forward and admitted that he, too, had experienced a stuck pedal situation in the very same car. Really, learn to read.

I would respond to other people who have issues with my earlier post, but really, it would be like discussing finer aspects of English literature with kids who have barely learnt to scribble their ABCs and think they know it all; bunch of illiterates who have already diagnosed that the ECU and software is the 'core' problem. I could point out their wrongs all day long and at every step they would come up with even worse assertions. Sometimes you have to let people be wrong on the internet. United by your appalling ignorance I am sure a lot of you feel purposeful for the very first time in your lives.

Aside from this Prius situation (which can be easily fixed, and really is not so much a programming error but an issue of 'tuning' given the amount of variables it is juggling while decelerating), no other Toyotas have any ECU or software issues, no matter how fervently some might wish.

If there is to be a honest, genuine enquiry -and not a political witchhunt against Toyota- then the investigation must go both ways: the product and the people who operate them. Not just for Toyota, not just for Audi, but for every such complaint against every car manufacturer.

Now that Toyota has accepted fault with their pedals and floor mats, can most SUA complaints in database be explained by the pedals and mats? Of the few that cannot: What was the mental state of the person who filed the complaint? What is their present mental state? Have they also registered such complaints about other cars? Did they previously work for a Toyota dealership? How many of those who experienced SUA have a UAW family member? Did they have a father or grandfather who fought the 'Japs'?

That's not the issue. The tiresome problem that appears again and again: failure to understand the risk.

For one thing, calculating the failure rates is an exercise in absurdity when you don't know what is breaking. (The old causation vs. incidence thing.) We have read here about "99.9998 percent reliability." Let me assure you: We're not that good. Such numbers do not represent anything real, not in the auto industry. The automakers do not even know where their cars are to that degree of accuracy, let alone how the cars are doing or if they are even still on the road. How could they? In any company-customer interaction, be it a survey or even a recall as serious as those discussed here, a significant portion (couple percent always) of owners never respond. They have died, enrolled in prison, moved to Australia (or from Australia), changed their names and/or gender, etc. If the vehicle has been traded in, often they will simply throw the letter away. From there maybe the company can track the VIN through state registrations to the current owner and maybe it can't.

So no, the automakers don't know their failure rates on anything to anything like four decimal places. That's silly. Doesn't exist. Despite frequent allusions here to the contrary, quality control is not really a statistical process. It's certainly not an actuarial process. By the time a trend has emerged that is large enough to recognize, it's often too late. It's already a full-blown problem. The only rate at which defects can be successfully managed is zero. That in part is the basis for zero scrap/zero defect manufacturing.

When a drug company launches a new pill, it invariably finds that x percent of the patients suffer an adverse reaction. This is not due to any defect or variance in the drug but to variations in human physiology/pathologies. However, risk/benefit analysis has determined that the benefit outweighs the risk and the drug is marketed. When an automotive component suffers an x percent failure rate, that simply means that x percent of the parts are no good. There is no benefit, nor were the bad parts born out of any necessity. They are just bad parts. And it's not like x percent of the vehicles suffered a reaction and rejected the component. Someone or something screwed up.

Perhaps you should have drilled a few holes in the bottom, Terry!

Thanks for that, McGuire, I'll come back when there's another mystery to unravel...

One thing you got wrong though. It would have been a Holden dealer.

And to primer:

My sister did 'register' the problem. On the last occasion she had the car towed to the dealer. She would not drive it again... ever. And it was the same car, I don't know if you picked up on that. Bought by my father, he died and my sister took it over.

He had removed the floormats. I believe this was because he'd experienced the problem, been told it was the mats and was in the process of proving "...it wasn't the bloody mats!" when he died.

My sister is 'escalating' the issue, don't worry. She sees the danger of the whole episode and is keen it doesn't continue happening to others.

As to the Australian 'complaint database', it would appear to me that thus far Toymotor has kept the lid on things here. But they are now starting to allow complaints to come in, it seems, after a long period of total denial and patting the customer on the back and telling them they really knew it was the mats all along.

I would also suggest to you that the police investigation you mention wasn't complete within the time period you've concluded. It's probably still not complete.

The balance of your post is getting close to slander... you are basically accusing everyone who complains about UA in a Toymotor of being somehow biased against the make or something. Remember, primer, by and large these are the people who went to the dealer and bought that make.

Thanks, I didn't know that. This is due to no Isuzu dealer organization in AU, Holden distribution only I take it?

Isuzu had a dealer network in the USA until a year or two ago. I think the mid-sized trucks (COE diesels) are still sold here but I don't know through what channel. Isuzu was pretty hot here in the '90s with the Pup, Trooper, and Rodeo but cooled off as these models grew long in the tooth. I had an Isuzu Impulse for a short time (horse trade, long story). The Giugiaro design, pretty thing but gutless.

Actually, primer accused folks of being mentally unstable, having an axe to grind, and/or being racist. I have no idea what's caused the SUA - a Canadian-manufactured pedal, floormats, firmware, the right combination of component batches in the ECU with the right iteration of firmware... Who knows. Primer's vehement defence of the firmware makes me wonder what his connection to it might be.

He just needs a hug

In Australia at the moment we now have both Holden and Isuzu selling the same product.
They used to be sold as Holdens at Holden dealers but now that GM has sold their shares in Isuzu to Toyota there are Izuzu franchises opening all over the place.
My local Ford dealer is also the Isuzu dealer!

Is that right?

I knew that maybe ten or twelve years ago there were separate Isuzu dealers for the truck range, but one of those I knew was a Holden dealer as well.

Not being anything like a new car buyer, I don't keep track of these things...

rally drivers and "left foot breakers" would really hate that idea..

No one breaks my left foot and gets away with it...

To confuse things, there are two separate Isuzu companies operation in Australia, there is Isuzu Trucks which according to their website is...

And Isuzu Ute Australia...

The Isuzu truck dealers were usually Holden dealers or related to Holden dealers, most of these truck dealers are still selling Isuzu trucks.
Now Isuzu has nothing at all to do with GM apart from supplying the Holden Colorado commercial vehicle range which is made alongside the Isuzu D-Max range in Thailand.

No the Holden Colorada is a generic Thai built body that looks [and is] virtually the same. But it uses the torqeless alloytec Commodore V6, whereas the Isuzu is a D Max with the very torquey [and thirsty] Isuzu V6. With basically the same generic body.

Rally drivers maybe. No harm in alerting the left foot brakers if they are riding the brake pedal while at WOT.

We have that vehicle in North Anerica badged as the Chevrolet Colorado and GMC Canyon. Engines here are I4, I5, and LS 5.3L V-8. The Hummer H3 is based on this platform (GMT 355) but reskinned.

The Isuzu cab-over diesel trucks, sold with either GM or Isuzu badging, are well-regarded here.

If you're driving a street legal car on a rally, you're going to be uncompetitive. If you're driving like a rally on the road, you should have your license revoked.

There's no need to drop a common sense safety feature to keep some boy racers happy. Needs of the many outweigh the needs of the few and all that.

No left feet were broken in the making of this thread.

More semi-useless aviation info.

You might find this hard to believe but the fly-by-wire Airbuses have two non-connected joysticks, one on each side for the piloting types. Everyone knows that. But what you may not have known is that the two sticks are not mechanically connected, like the control columns on a Boeing, and so can be independently moved in any direction at the same time. And yes, each stick feeds an equal input into the Flight Control Computers, and yes the computers average out the stick positions.
So while it may sound odd, you really can literally simultaneously push one stick all the way forwards and pull the other all the way back and nothing will happen. Or one hard left and the other hard right, etc.
The only thing that happens is a loud 'BONG' from the panel and the 'DUAL INPUT' light on the panel lights up.

Whilst I used to be a card-carrying Airbus hater, when I got the job with Qantas in Sydney as an A330 I simply put my pre-conceived notions behind me and learned the aeroplane & the systems as best I could. And I have to say A lot of what I thought was wrong or daft with the plane wasn't correct and I have become a bit of a fan of them. But I have NOT swung over to the unconnected sticks nor will I ever I suspect.
All the Airbus guys I talk to reckon it works fine and I'm sure it does, but I love asking them if the rudder pedals are also independent left/right sides - "no of course not!"
Uh-huh .....


Bur as mentioned above, there's really no reason why Joe Average on the road needs to use both pedals at once so to cater for the common masses yes I'd agree that some simple system of either killing the engine and/or a warning light & buzzer may well be a good thing.

a common sense safety feature would be an engine off switch that actually works without 50 electronic interlocks, and brake material that can actually stop the car 5 times from 100 mph in succession without overheating..... With all this adjusting of vehicle safety systems to cater for every last one idiot behind the wheel that shouldn't drive in the first place (and I am not talking about unfortunate toyota WOT victims here) we are ending up with overly complicated, unsafe, breakdown prone vehicles...

in my 10 years as an off and on automotive journalist.. I have seen electric steering servos break down, BMW's active steering breakdown, performance cars which overheat their brakes after only a couple of heavy applications, diesels that switch off by themselves, cars that lower their windows by themselves in the middle of an automatic car wash... etc..

You left out the Diesels that will not shut off, central locks that lock the driver into the car, sun roofs that decapitate kids (or cats in a pseudo-ad) etc etc

Although I think that the biggest nut (and risk factor) is still the one behind the wheel, I am a huge fan of the K.I.S.S. principle....

And yes, an FME©A can only cover the cases that people think of beforehand. Just like any simulation is only as good as the underlying model.

Zoe

...and brakes that have to stop a speeding vehicle with the engine on full power and auto transmission. Does any test include that?

According to a statement of Germany's biggest automobile club, this is indeed the case. I have my doubts though....but what do I know?

Zoe

Guarantee a Chrysler Royal's brakes won't...

But they don't have fly by wire throttle. Or anything else, for that matter, even if the gears are selected via a cable.

On a lighter note - early GN's had wire-and-bobbin steering. Apparently it was not unknown for the service department to re-wind the cable, then stand outside the workshop and watch the proud owner drive off down the road, at the end of which he had to turn right...
Apologies to anyone who knows the story in greater detail...

A legitimate use for using brake and throttle together is for moving off in an auto on a steep slope such as a clay dam. The park brake alone is not sufficient to hold the car, so you have to use the footbrake. If you were to release the footbrake and then apply the throttle you'll slide back down to the bottom. The same would apply on wet grass slopes and the like, not that we have any of those at the moment.

The 4wd course we use has exactly this feature, personally i think it is the best argument for manual 4wds if you really go offroad very much.

So, on 2wd cars I can see an interlock preventing simultaneous brake and throttle coming in very soon.

That doesn't normally require WOT. Also the interlock could include a vehicle speed input to eliminate activation at very low speeds for those that want to do burnouts and such.

UA can happen with far less than WOT, and be just as deadly.

Set a threshold. A friend of mine used to refer to "Large Throttle" meaning significant amounts. A software interlock can't protect against all dangerous situations but can readily be programmed to detect incompatible inputs eg a demand for "significant levels" of engine power simultaneous with aggressive braking. (Delete the word "aggressive" on cars not equipped to detect brake force)

Yep, that seems like a sensible approach. Any modern car has ABS so it does have a fair idea of how hard the pedal is being pushed.. Of course we are then adding more complexity to the software, which is kind of where we came in. Incidentally a Mercedes has 20 times as many lines of code as an F22.

but why oh why>????? wouldn't an additional switch that indicates closed position of the throttle pedal be just as effective... ?

Wouldn't help in the case of pedal assy stiction or floor mat interference.

Since a lot of people left foot brake for whatever reason another piece of electrical GARBAGE to stop people doing so would be stupid.
Since this thread is about Toyotas [and others] that escape with dodgy pedals, floormats [and ECUs] and stupid wanker type pushbutton start buttons that do not allow the driver to turn the car off maybe we should go back to the main gist of the thread.
Which is no more electronic marvels so as to stop the driver driving the car, but to make them safe for the average driver to use with ease.

Does it have to be either/or? I think the important thing is to consider the average driver first and always, and then design as many electronic marvels as you want from there.

good point.... I had a floor mat interference situation once.. My mother's Fiat uno was left at WOT untill I switched the darn engine off.. luckily, no pushbutton starters..

We should then agree on what is an "average driver" these days. Looking at your average Mcdonalds outlet, an average driver doesn't realise a cup of cofee just might be HOT...

My objection is on the ever lowering driving standards on the roads these days. As a consequence, your average driving standard goes down, fatalities go up, the state decides that speed limit should go down and penalties up... Next, we have mandatory ESP, our cars are built like tanks, and we try to salvage what is left of fuel economy by installing overly complex, expensive and heavy hybrid drivetrains...

For roughly a retail price of OE cruise control we (meaning us in europe) can get a basic drivers training, with wet skidpad , emergency lane change, braking, etc.. which, for me, is far more valuable than ESP...

as for the WOT issue... my vote goes to a engine cut off switch that is simple enough to actually work... for example a fuel pump cut off... that way, if you get stuck at WOT, you have a bit of engine braking, your hydraulic and electrical systems work so that you can stop the car in a safe manner..

- Not another piece of electronics. Just some sensible additional code to detect dangerous failure modes in the existing system.

- Not for the purpose of stopping people from left foot braking either - when you left foot brake do you need to use large throttle & heavy braking simultaneously?

Me too. . . . .plus a pedal/mats that don't stick . . . plus software that detects failure modes . . . plus better driver training . . . plus anything else that makes cars safer in a cost effective manner.

That is of no concern to us. The cards may be sufficiently shuffled to produce an effectively random deal, or they may not. In probability analysis we assume they are, so all that is irrelevant here. Vehicle failures do not occur in random distributions. They occur only when something breaks or malfunctions. No breakage or malfunction, no failure.

When routine maintenance uncovers a cracked rudder in a passenger jetliner, they don't do a statistical analysis of recent air catastrophes and then proclaim problem solved as the incidence rate shows no problem. They say holy shit, let's get the rest of the airplanes in here and get a look at them. And this points to the basic problem facing both car owners and the manufacturer.

A sensible car owner realizes that some cars will be subject to the failure while some are not. His problem: he has no absolutely way to know which flavor he has in the driveway. So in these cases, the anxiety rate runs much greater than the actual risk rate, for totally rational and logical reasons that have nothing to do with mass hysteria or consumer paranoia. (Amazing to me that technical people don't grasp this.)

And if the company is attempting to diagnose the problem via statistical analysis of its consumer fleet, or by taking random cars and gaming their throttle systems to replicate the failure in various ways, or attempting to imitate the failure in the tube with simulations and modeling, they greatly increase the time and decrease their potential for finding the trouble. This approach can also generate the theory, "this failure is impossible, it can't happen." Really it only demonstrates the limits of their imaginations, along with the difficulty in finding a needle in a haystack. The quickest and most effective way to run this problem to ground is to get their hands on as many known-problem cars as it can identify.

So what. If x percent of a Toyota model will exhibit the problem, x is the likelyhood that the car in driveway has the problem. The next player in a game of Russian roulettte will also exhibit anxiety in excess of the 1:6 probability that he has spun a loaded chamber. That doesn't mean the game doesn't follow the simple rules of probability. Likewise a particular vehicle failure or defect will also occur in a random distribution.

Might I suggest you discuss this with an actuary.

I guess that's my point. Actuarial analysis has no place here or in the auto industry. If owning a car is a round of Russian roulette, buyers will find another game. Cars do not fail in random distributions. That's nuts. Cars fail only when their parts break or their systems malfunction. It only looks like a random distribution to some dipshit standing off to the side with a clipboard who doesn't know how cars work.

Your x group is a false set. The owner of a car that contains the defect is not the owner of a car in the set. He owns a car in the subset of cars with the defect. Statistically-based quality quotas are constantly abused in this manner. On Friday the plant manager learns that 200 of his 5700 units have bad transmissions. He runs the numbers, rolls the dice and ships them, knowing even if he is caught, he still comes in under his quality quota. What he doesn't realize or acknowledge is that ~100 percent of 200 car buyers are going to suffer an adverse consumer experience. The consumer didn't buy 5700 cars or 200 cars. He bought one car and 100 percent of them broke.

Ok, so car failures are caused by part failures. Let's move on to part failures then. Is there a random distribution associated with part failures?

Care to back that up?