Searching \ for '[EE] How far do you go? - was: [EE] Firmware flaws' in subject line. ()
Make payments with PayPal - it's fast, free and secure! Help us get a faster server
FAQ page: www.piclist.com/techref/index.htm?key=firmware+flaws+EE%5D
Search entire site for: 'How far do you go? - was: [EE] Firmware flaws'.

Exact match. Not showing close matches.
PICList Thread
'[EE] How far do you go? - was: [EE] Firmware flaws'
2007\06\27@101125 by Dr Skip

picon face
OK, this brings up a topic I'd like to understand better... Certainly a
goal of most or all businesses is to create a 'revenue stream'. It's
turned out that the easy way to do this is to churn products - new model
each year, "new and improved" something (everyone wants to have the
latest), planned obsolescence, etc. In a lot of cases, chasing some
small improvement results in more complexity, "more ways for it to
break", and higher repair costs. In fact, the engineering process is
full of phrases that address this, like "if it ain't broke, don't fix
it", and there are always arguments between older engineers vs newer
ones, or techs vs engineers, about how some or another 'upgrade' isn't
needed or is downright foolish. The evolution of Microsoft Windows is
probably the premier case in point.

So, as engineers, where is the line drawn on when to integrate some new
technology? Internet toasters... hmmm... the old ones work well, they
last for years, and you have to be there with it since you're gonna eat
the toast, so any 'remote control' or internet connection is just silly.
However, I could see (if not done already in some models) where a PIC
might be added with sensors to determine toast 'doneness'. While the old
style is reliable and at most you might lose a few slices at first try
in finding your preferred setting, a semiconductor toaster brings with
it a whole 'nuther set of issues, like susceptibility to power surges or
line transients, limited life of the controller due to heat, more
components - higher failure rate, etc. If internet connected, then there
could be a whole list of future problems such as security (a flaw or
worm that makes it turn on and stay on without the owner knowing), or
just obsolescence because it couldn't handle IPv6 or it was 10Mb and
your net is only 100Mb+.

There's also the perspective in the decision. Imagine a condition where
a device (even a car) can enter a 'broken' state. You could design in a
soft-fail mode where it continues in limited mode until fixed, or it
could just stop until it is repaired. Let's say the soft fail product
would, based on failure analysis, cause 3 times as many units to go into
degraded mode and report an error, vs the hard fail ones. One case has a
higher statistical failure rate, but the other one has a greater impact
on the customer. From a 'numbers' point of view, hard fail is better
perhaps. From a customer view, soft fail is better. After all, the
customer only cares about his/her unit, not your statistics...

I know I've become less of an advocate for doing it a new way all the
time. Any ideas on how to decide? If going to a semiconductor based
design chops $0.05 off the cost, but makes the unit more complex, more
prone to failure from reliability or design problems (you sure you
tested it under all-day operating conditions now?), and more difficult
to repair, do you do it willingly? It's almost an engineering ethics
problem. The CEO says shave the cost - knowing replacement sales will go
up, he can shut down the repair channel perhaps (cheaper to buy a new
one for the customer since repair shops won't want to debug), and with
new designs every year, he can stop selling repair boards in a few years
and force customers to upgrade. This, vs the old design that lasted for
years with parts that are available by the 'billions' out there (small
appliance type scenario). Do you argue, or just do it? Do you have any
obligation to the customer? All this manufacturing and marketing stuff
is just the 'stuff' needed to get YOUR design into the customer's hands...

Then there's the ego part. MY design or routine is so good it'll never
be hacked into. No buffer overflows here... You might not say it out
load, but it happens every day. Your toaster code may be great, but
there's a place where execution can start and leave it vulnerable on the
net if it starts randomly... You test the hardware under all conditions
and it always comes up fine and starts at the beginning. Ship it! Then,
6 months later, purchasing sources a resistor from China and it can go
so far off when warm (it's a toaster) that it causes a brownout
condition and maybe random code execution or IP vulnerability... Testing
and experience showed it worked fine without planning for that
contingency, but now it shows up in a million units. It would've cost
another $0.06 to put in protection, but that would've blown the CEO's
numbers, and your experience said it wasn't likely (but you never used
Chinese resistors before...). Look at all the recalls today vs 20-30 yrs
ago... CEOs don't know zeners. How far do you push? And in this case,
you can even spin it to put blame on hackers for anyone so hacked, so a
recall isn't in the plan. Is it the hacker's fault or Microsoft's fault
when a buffer overflow in a driver causes the system to allow remote
execution of code? Who is to blame when someone connects to your drive
and sees your files when Wndows ships with the smb port open and ready
for connections? If you say the bad guy is always to blame, remember
that most insurance cos. will not pay up if they can show you left your
car door unlocked... The bad guy did bad, but you were held responsible
for letting it happen. I digress though.

Chances are, the original freezer problem came about this way. Is it
corporate misconduct? I doubt it. You don't invest millions into a
product in order for it to be a dud. Marketing said "we need a new fancy
model". Product planning said "put in an ice maker". The engineer
said... ? While the engineer on it might have been following 'orders',
what is his responsibility for the undefined parts and to create
something usable to the many customers? Each of the bum products talked
about, from the fancy freezer to the new Honda, were engineering
'improvements' over the previous models that had worked fine. Was it
really necessary? It's the effect even a single engineer can have. The
company may facilitate the transaction, but you bought this engineer's
piece of work. Do you do the same? (rhetorical question) So what do you
do to prevent this (assuming your ego doesn't say it's perfect 'cause
you designed it ;) , AND since someone will always be inconvenienced
over some design flaw or feature, how do you minimize the impact to all?

New isn't always improved. And BTW, "you" means just the reader and
isn't a particular person or posting... ;)

-Skip

Robert Ammerman wrote:
> Maybe we really do need Internet connected toasters: for firmware updates!
>
> Bob Ammerman
> RAm Systems
>
>  

2007\06\27@125118 by Gerhard Fiedler

picon face
Dr Skip wrote:

> So, as engineers, where is the line drawn on when to integrate some new
> technology? Internet toasters...

It's the market... :)  People like it and buy it, or they don't. In the
end, what engineers do is to serve someone. Find enough who think it serves
them to make it profitable, and you have a product.

> There's also the perspective in the decision. Imagine a condition where a
> device (even a car) can enter a 'broken' state.

This state is not unknown for cars -- even since before they were
electronic :)

> You could design in a soft-fail mode where it continues in limited mode
> until fixed, or it could just stop until it is repaired.

For example automatic transmissions have a "limp-home mode". When the
conditions indicate an error that's not specifically recognized, the
transmission typically goes into 3rd gear and stays there. (The rationale
is that you can go wherever you need to go to get it fixed in 3rd gear.)

I think there are several types of firmware. There is the more
software-like firmware that's reprogrammable in the field, often by the
user. And there's the more hardware-like type that's like a piece of
hardware once it has left the factory. How to deal with it depends a lot
what type you're thinking about.

> Chances are, the original freezer problem came about this way. Is it
> corporate misconduct?

I think it's in part the difference between free market theory and actual
market. People don't have all the relevant data in their hands when buying
products. So crappy products get bought all the time -- sometimes people
could have known, sometimes not. And sometimes they know and still buy...
:)

More in the vein you were talking about, I agree that it's not really what
is commonly called misconduct. But it's often probably just plain bad (or
inadequate) organizational structures and people not doing their best to
fill the existing structures with purpose.

Gerhard

2007\06\27@183323 by alan smith

picon face
interesting example.....my tranny did go into a self protect mode,  as described my the mechanic...shifts really hard...it was pushing the pressure up to keep other things from failing I suppose...now it shifts puuurfectly....albiet $2500 later....

 
For example automatic transmissions have a "limp-home mode". When the
conditions indicate an error that's not specifically recognized, the
transmission typically goes into 3rd gear and stays there. (The rationale
is that you can go wherever you need to go to get it fixed in 3rd gear.)


---------------------------------
Get your own web address.
Have a HUGE year through Yahoo! Small Business.

2007\06\27@191533 by Gerhard Fiedler

picon face
alan smith wrote:

> interesting example.....my tranny did go into a self protect mode,  as
> described my the mechanic...shifts really hard...it was pushing the
> pressure up to keep other things from failing I suppose...now it shifts
> puuurfectly....albiet $2500 later....

This is a different type of "limp-home mode". The fluid pressure in an
automatic transmission controls, among other things, how hard the clutches
grip. For comfort, they should grip softer, but if they grip too soft, they
can burn up. That's why in case of trouble the safe way out is to put the
pressure at its maximum: less comfort, but at least no burnt clutches.

Gerhard

2007\06\27@214302 by Jinx

face picon face
> interesting example.....my tranny did go into a self protect mode,
> as described my the mechanic...shifts really hard...it was pushing
> the pressure up to keep other things from failing I suppose...now
> it shifts puuurfectly....albiet $2500 later....

A NZ company has developed a "new replacement for synchromesh.
The new device provides seamless shifts with improved acceleration,
economy and emissions"

http://www.zeroshift.com/

There's a "How it works" animation

Footage shown on TV last night showed a drag between two
performance cars (Mustangs), one with a conventional gearbox
and one with a Zeroshift. The Zeroshift won because there was
no decceleration between gear changes

www.tv3.co.nz/Programmes/NewsandCurrentAffairs/CampbellLive/StoryArch
ive/tabid/239/Default.aspx

Gears are button-selected, not flappy-paddle. I don't know
how similar this is to race-car pre-selection


2007\06\27@221238 by David VanHorn

picon face
> > There's also the perspective in the decision. Imagine a condition where a
> > device (even a car) can enter a 'broken' state.
>
> This state is not unknown for cars -- even since before they were
> electronic :)

When I worked for a vending company, my boss gave me his definition of
a broken vending machine:  "It's broken if it won't take money".

2007\06\27@222418 by peter green

flavicon
face
David VanHorn wrote:
>>> There's also the perspective in the decision. Imagine a condition where a
>>> device (even a car) can enter a 'broken' state.
>>>      
>> This state is not unknown for cars -- even since before they were
>> electronic :)
>>    
>
> When I worked for a vending company, my boss gave me his definition of
> a broken vending machine:  "It's broken if it won't take money".
>  
I'd think the cost of handling those who ring up asking for refunds and
the bad word of mouth would dwarf the money gained that way.


2007\06\28@065615 by Michael Rigby-Jones

picon face


>-----Original Message-----
>From: spam_OUTpiclist-bouncesTakeThisOuTspammit.edu [.....piclist-bouncesKILLspamspam@spam@mit.edu]
>On Behalf Of Jinx
>Sent: 28 June 2007 02:42
>To: Microcontroller discussion list - Public.
>Subject: Re: [EE] How far do you go? - was: [EE] Firmware
>flaws andfacelesscorporations
>
>
>http://www.zeroshift.com/
>
>There's a "How it works" animation
>
>Footage shown on TV last night showed a drag between two
>performance cars (Mustangs), one with a conventional gearbox
>and one with a Zeroshift. The Zeroshift won because there was
>no decceleration between gear changes
>

I can remember reading about this a couple of years back, and cringing at the thought of it going wrong!  Essentialy the system selects two gears at once, but there is some lost motion in the system and the first gear is deselected before this slack is "used up".

Regards

Mike

=======================================================================
This e-mail is intended for the person it is addressed to only. The
information contained in it may be confidential and/or protected by
law. If you are not the intended recipient of this message, you must
not make any use of this information, or copy or show it to any
person. Please contact us immediately to tell us that you have
received this e-mail, and return the original to us. Any use,
forwarding, printing or copying of this message is strictly prohibited.
No part of this message can be considered a request for goods or
services.
=======================================================================

2007\06\28@082946 by Alan B. Pearce

face picon face
> You could design in a soft-fail mode where it continues in limited mode
> until fixed, or it could just stop until it is repaired.

Volvo did that with their ECU, and have resulted in some near death
situations on motorways when it failed and went into 'limp mode' while
barreling down the outside lane - more than once in the UK. Situation has
been well covered by the BBC program 'Watchdog'.

http://www.bbc.co.uk/consumer/tv_and_radio/watchdog/reports/index.shtml and
click the drop down box for "Volvos electronic throttle module".

2007\06\28@084048 by Michael Rigby-Jones

picon face


>-----Original Message-----
>From: piclist-bouncesspamKILLspammit.edu [.....piclist-bouncesKILLspamspam.....mit.edu]
>On Behalf Of Alan B. Pearce
>Sent: 28 June 2007 13:30
>To: Microcontroller discussion list - Public.
>Subject: Re: [EE] How far do you go? - was: [EE] Firmware
>flaws andfacelesscorporations
>
>
>> You could design in a soft-fail mode where it continues in limited
>> mode until fixed, or it could just stop until it is repaired.
>
>Volvo did that with their ECU, and have resulted in some near death
>situations on motorways when it failed and went into 'limp mode' while
>barreling down the outside lane - more than once in the UK.
>Situation has
>been well covered by the BBC program 'Watchdog'.

I believe the Vovlos suffered from failure of the electronic throttle module rather than the ECU.  This is part of the "drive by wire" system which I have always considered a very poor idea.  Give me a throttle cable any day of the week.

Regards

Mike

=======================================================================
This e-mail is intended for the person it is addressed to only. The
information contained in it may be confidential and/or protected by
law. If you are not the intended recipient of this message, you must
not make any use of this information, or copy or show it to any
person. Please contact us immediately to tell us that you have
received this e-mail, and return the original to us. Any use,
forwarding, printing or copying of this message is strictly prohibited.
No part of this message can be considered a request for goods or
services.
=======================================================================

2007\06\28@193245 by Robert Rolf

picon face

Gerhard Fiedler wrote:

> alan smith wrote:
>
>
>>interesting example.....my tranny did go into a self protect mode,  as
>>described my the mechanic...shifts really hard...it was pushing the
>>pressure up to keep other things from failing I suppose...now it shifts
>>puuurfectly....albiet $2500 later....
>
>
> This is a different type of "limp-home mode". The fluid pressure in an
> automatic transmission controls, among other things, how hard the clutches
> grip. For comfort, they should grip softer, but if they grip too soft, they
> can burn up. That's why in case of trouble the safe way out is to put the
> pressure at its maximum: less comfort, but at least no burnt clutches.

Too bad Chrysler Caravans didn't do this. (1991-96)
Their trany oil filters clog with use and then the torque convertor clutch
fails due to low actuation pressure. My repair tech said "We see it ALL the time.
That's why we use aftermarket clutch replacements. The piston is bigger so this failure
won't happen to you again". $2500 later as well. GRRRRRR....



2007\06\29@063557 by M. Adam Davis

face picon face
On 6/28/07, Michael Rigby-Jones <EraseMEMichael.Rigby-Jonesspam_OUTspamTakeThisOuTbookham.com> wrote:
> I can remember reading about this a couple of years back, and cringing at the thought of it going wrong!  Essentialy the system selects two gears at once, but there is some lost motion in the system and the first gear is deselected before this slack is "used up".

I imagine that many engineers similarily cringed when the first
interference engines came out...

-Adam

--
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - -
Moving in southeast Michigan? Buy my house: http://ubasics.com/house/

Interested in electronics? Check out the projects at http://ubasics.com

Building your own house? Check out http://ubasics.com/home/

2007\06\29@110653 by Herbert Graf

flavicon
face
On Fri, 2007-06-29 at 06:35 -0400, M. Adam Davis wrote:
> On 6/28/07, Michael Rigby-Jones <Michael.Rigby-Jonesspamspam_OUTbookham.com> wrote:
> > I can remember reading about this a couple of years back, and cringing at the thought of it going wrong!  Essentialy the system selects two gears at once, but there is some lost motion in the system and the first gear is deselected before this slack is "used up".
>
> I imagine that many engineers similarily cringed when the first
> interference engines came out...

Hehe, although I'm not a mech, I still cringe at the thought of what
happens if that timing belt breaks... I've seen the results, they aren't
pretty.

TTYL

More... (looser matching)
- Last day of these posts
- In 2007 , 2008 only
- Today
- New search...