The Software-Defined Car

Developers are starting to talk about the software-defined car.

For decades, features have accumulated like cruft in new vehicles: a box here to control the antilock brakes, a module there to run the cruise control radar, and so on. Now engineers and designers are rationalizing the way they go about building new models, taking advantage of much more powerful hardware to consolidate all those discrete functions into a small number of domain controllers.

The behavior of new cars is increasingly defined by software, too. This is merely the progression of a trend that began at the end of the 1970s with the introduction of the first electronic engine control units; today, code controls a car’s engine and transmission (or its electric motors and battery pack), the steering, brakes, suspension, interior and exterior lighting, and more, depending on how new (and how expensive) it is. And those systems are being leveraged for convenience or safety features like adaptive cruise control, lane keeping, remote parking, and so on.

And security?

Another advantage of the move away from legacy designs is that digital security can be baked in from the start rather than patched onto components (like a car’s central area network) that were never designed with the Internet in mind. “If you design it from scratch, it’s security by design, everything is in by design; you have it there. But keep in mind that, of course, the more software there is in the car, the more risk is there for vulnerabilities, no question about this,” Anhalt said.

“At the same time, they’re a great software system. They’re highly secure. They’re much more secure than a hardware system with a little bit of software. It depends how the whole thing has been designed. And there are so many regulations and EU standards that have been released in the last year, year and a half, that force OEMs to comply with these standards and get security inside,” she said.

I suppose it could end up that way. It could also be a much bigger attack surface, with a lot more hacking possibilities.

Tags: cars, cybersecurity, hacking

Posted on June 5, 2023 at 7:14 AM • 36 Comments

Comments

Morley • June 5, 2023 10:16 AM

Hard to imagine secure software from companies. Someone will root their car and publish custom software on GitHub. Insurance companies might check if car was running official software after an incident. I wonder if custom code will be legal on public roads.

Ted • June 5, 2023 10:17 AM

European friends, when regulators issue a “type approval” for a product (rather than having automakers self-certify) does this relinquish liability from the auto manufacturers? Virtual testing of the software sounds a bit tricky, but I don’t know how else it would be done.

I’ll be keeping my eyes out for cars using Volkswagen Group’s new PPE (Premium Platform Electric) architecture, including Audi’s Q6 e-tron, an electric SUV, the A6 e-tron and the next Porsche Macan.

Clive Robinson • June 5, 2023 10:56 AM

@ ALL,

Re : Duck, cover, and run, whilst you can…

“If you design it from scratch, it’s security by design, everything is in by design; you have it there.”

Somebody has not got a clue.

That is a truck load of bovine fertilizer, as anyone who has worked in even a “Fast Moving Consumer Electronics”(FMCE) can tell you.

Back thirty or more years ago when you had to use “Masked Programed” ROM and Microcontrolers, you spent something like 50% of a year “knocking the bugs out” of as little of 4k Bytes of ROM program.

That’s unacceptable by todays standards of 250k code knocked out from maybe 10weeks work bolting unknown library code together with a bit of glue…

From importantly a “moving goal post” specification, with the libraries not just unknown but inadequately tested or documented.

Whilst the lower level code might be written by those who take an “engineering aproach” much of the code will be written by those you would not want putting a web site together…

Few people writing code these days actually have the experience to write something even close to “secure code”… And managment are not going to stump up the resorces required to get even close to minimal testing of the final system.

Which brings us to one “truism” of the Software industry,

“… keep in mind that, of course, the more software there is in the car, the more risk is there for vulnerabilities, no question about this”

But missed is the point that the reason for “more software” is “more functionality” which means a larger more poorly written specification riddled by inconsistances and marketing fantasies.

But hey how would I know… I’ve only spent a third of a century involved with developing systems from electronic wallets, most types of communications systems, medical systems and industrial control, with some “flight approved” for payloads and all manner of Intrinsically safe and fail safe systems for use in some of the most hazardous environments known to mankind… Having to fight managment at almost every step…

I’m sure there are other engineers out there who on reading this will groan at the naive optimism of it…

JonKnowsNothing • June 5, 2023 11:10 AM

@All

There were a lot of mechanical controllers that worked very well on machinery and cars, like brake systems.

It’s still a cringe that someone decided that brake systems sb software driven and altered the very system of control needed to .. well brake the car.

You might push on the break pedal, but the software decides if your car is going to stop.

Having this put into a tumbler of self-selected automated options, does not reduce the cringe level one iota.

Winter • June 5, 2023 11:30 AM

Electrical cars are driving computers anyway, so why not do it right. Which obviously is the problem here: Do it right. You cannot make an electrical car that isn’t a computer so it has to be done.

The current crop of cars has its huge problems, from MS run cars that won’t open to Tesla’s that suddenly lose all battery capacity (or run straight into trucks or pedestrians).

As with everything car related, the safety entirely depends on regulations, from safety belts to car hoods that do not kill cyclists and pedestrians (we are still waiting for them)

‘https://www.theatlantic.com/ideas/archive/2021/12/suvs-trucks-killing-pedestrians-cyclists/621102/

4nsicht • June 5, 2023 11:39 AM

… can’t detect any bottomline/point to this “The Software-Defined Car” — seems justa vague unsuccessful attempt to say something of substance

Martin • June 5, 2023 11:47 AM

SDCs (software defined cars) are such a beautiful innovation.
They allow turning features taken for granted into specially licensed goodies.
Speed-up is something, that car owners already can unlock for a one-time or annual fee.
But opening and closing windows could be paid per occasion.
Car manufacturers can stage bonus weeks, e.g. open and close the window in June ten times and you can open the boot for free!
The future for car (non-)owners looks golden!

(And I’m very happy, that I only have a bicycle with almost no electronics at all: hub dynamo and LED lights!)

modem phonemes • June 5, 2023 11:54 AM

Can the software defined car be affordably built to the standard used in commercial large airplanes? Not that they are perfect …

Peter A. • June 5, 2023 12:09 PM

@Winter: “You cannot make an electrical car that isn’t a computer” – well, you can. A couple of serial commutated DC motors, a resistor bank, a complicated rotary switch and a lead-acid battery – but it will not beat the economy of microprocessor-controlled variable frequency drive which synthetizes three-phase AC to power induction motor(s); or even more complicated systems that I am not aware of at the moment. And the Li-Ion battery requires microprocessor-controlled charging circuit.

@Clive: While it may be entirely possible to make a well engineered VFD controller for an electric vehicle’s motor, or an injection/ignition controller for an internal combustion vehicle’s motor, or anti-skid controller that does not disable braking when out, etc. etc. as isolated units, the trend is to have “one controller to rule ’em all” from brakes to entertainment, or at least have everything connected with bidirectional links, which is the actual problem with complexity and therefore security AND safety AND freedom AND …

Clive Robinson • June 5, 2023 12:16 PM

@ Morely, ALL,

“I wonder if custom code will be legal on public roads.”

That depends on local legislation and regulation.

However in many places “insurance of a vehicle” is an absolute requirment for it to be on “public roads” and much in the way of insutance is void if a vehicle is modified even slightly.

Boy racers can discover the hard way, that the fact they fit “chrome tail pipe covers” can invalidate their insurance. Which means they are breaking the law driving the vehicle on the public roads, even if it does not make the vehicle any less safe.

The insurance company reason for invalidation is often not due to safety, but “because it is more likely to be stolen” or “more likely to be involved in an accident”. Both of which appear from their published figures to be true (and down to driver “life style” issues).

I have a friend who’s retiredd now but used to run an insurance company, and can tell you all sorts of odd facts, that the UK Government would rather you did not know…

Such as back last century, statistically the drivers most likely to have accidents were not boy racers in black Golf GTI’s –which is what the UK Government whated you to think– but married Indian/Pakistani women with two or more children in an often red base model Datsun/Nissan Cherry, or worse another woman of the same age or older they were related to… Scarily something like fourty years after they went out of production you can still see them clunking along on UK roads with plenty of “dents and dings” in them.

TimH • June 5, 2023 12:42 PM

Under GDPR, can Europeans insist that car telemetry is disabled, rejecting both surveillance and OTA firmware upgrades?

Clive Robinson • June 5, 2023 12:51 PM

@ Ted,

“Virtual testing of the software sounds a bit tricky, but I don’t know how else it would be done.”

Virtual testing is almostvaleays a bad idea for systems that function in the real world.

The way most often done is with a hierarchical structurec of “all states verified” “state machines”.

The downside is such systems are infficient and expensive. However they tend to be tightly coupled to the actuator / component they control which makes their safety and security very much increased.

@ Peter A.,

“the trend is to have “one controller to rule ’em all” from brakes to entertainment, or at least have everything connected with bidirectional links, which is the actual problem with complexity”

Having designed flight ready payloads in the past I can tell you some real horror stories (I’ve mentioned some indirectly in the past).

For instance I keep banging on about “Errors and Exceptions” and how alleged “one-way” communications through the likes of “Data Diodes”.

I’ve yet to meet a “software designer” who understands the implications or in many cases have even heard of point to point data comms issues of,

1, Data flow control.
2, Data synchronisation.
3, Data verification.
4, Error Correction.
5, Timing transparancy.
6, Reverse channels.
7, Channel blocking.
8, Covert Channels.

To name but some of the more obvious issues (lets not get into multi-drop issues).

Yes software,developers can vaguely talk about “data serialisation” issues but pass it off onto a non specified library. But complex as serialisation can be, in most cases it’s comparatively dead easy to test for and eliminate from a system to the other comms issues.

If anyone ever tells you “Data Diodes” give you either issolation, or one way flow or non-blocking, just start laughing hysterically and leave the room, your sanity will very probably depend on it.

K.S. • June 5, 2023 2:15 PM

Re: “There were a lot of mechanical controllers that worked very well”.

Lets not rewrite history. There were also a lot of mechanic controllers that did not work well. Bosch Jetronic (https://en.wikipedia.org/wiki/Jetronic) is one example of something that was vastly improved once digital controllers were implemented.

lurker • June 5, 2023 3:34 PM

@K.S.

Jetronic could hardly be described as a “mechanical controller”. It had a mechanical sensor, and mechanical injectors, but in between was a bunch of analogue electronics. Back at that time I was having @Clive’s problems trying to tell management that an automotive engine compartment was a dumb and difficult place to put analogue electronics.

iAPX • June 5, 2023 3:54 PM

About car homologation and software.

One of my car had its engine curve changed on firsts gears after being sold, as an “update” that was in fact a downgrade. I wasn’t consulted before nor informed thereafter. Homologation wasn’t changed. Surprise!

Tesla modified its software post-homologation for the Model 3, changing the brake reactions for instance, and nobody reacted.
It also modified its “autopilot”, going to the extreme of pushing beta version to the open road.

Even if we don’t consider the software security in itself, there are incredible abuses and danger for the consumer and for every road users.
The software security is the icing on the cake, were a bug on the infotainment could now disable your brakes, or a remote hacker might take control of your vehicle, giving another meaning to “driving at breakneck speed”.

There was a reason for great engineers to create independent systems that communicate through a very simple bus, limiting attack surface and allowing to ensure a degraded mode even while attacked: security.

Stephen Cobb • June 5, 2023 4:56 PM

Based on historical precedent and my observations of human behavior, my money is on “bigger attack surface, with a lot more hacking possibilities.”

Clive Robinson • June 5, 2023 7:30 PM

@ Stephen Cobb, ALL,

‘my money is on “bigger attack surface, with a lot more hacking possibilities.”’

Only “a lot more”?

It’s clear that currently our only commercially accepted “update security” is by Internet pull “Code Signing” and as I point out from time to time it’s not much better than near usless for a number of reasons.

Code signing weaknesses have clearly attracted attackers of various forms, and as our host @Bruce has pointed out attacks do not get less successful with time.

So the more code that gets added to vehicles, the larger the attack surface as a given. But also the greater the number of patches needed to secure it. This will make code signing over the Internet about the only way to keep on top of patching. What many don’t realise is that each time a patch is released the less secure the code signing process becomes due to amoungst other things “human failings”.

So imagine the potential carnage of a full on ransomware attack with time delayed payload activation on a popular make of car that gets triggered at peak road usage time…

It’s difficult to see how such a senario could be prevented, or stopped once in progress…

But another thought… Larger code needs greater resources, which means the greater likelyhood of chip or electronic circuit vulnerabilities…

But the real scary thing is the easier it becomes fpr an attacker to get physical agency to turn cars into effectively “Drone Kinetic Weapons”…

Erdem Memisyazici • June 5, 2023 9:31 PM

I personally will stick to cars built without the Internet in mind since we’re doing such a great job with IoT. Last thing I want to hear is my car driving away from my house in the middle of the night because someone stole an encryption key in Malaysia.

Sydney Australia • June 5, 2023 10:59 PM

Is internet access the broadest point of vulnerability for the Tesla toy? Take away the internet and everything stops?
Nicholas Nassim Taleb states he will not operate a bicycle anywhere there are vehicles around. My rule is never in this lifetime get into a Tesla toy

It is very disheartening to witness everyone fall for the marketing.
The CEO has no experience in automobile manufacturing. There are processes that the legacy brands have perfected through experience. Meanwhile the CEO thinks he can streamline and revolutionise manufacturing- and the doors, literally, fall off. Usually at high speed

There are people who love you. Express your appreciation by not travelling in a Tesla toy

I imagine in a couple decades the Tesla manufacturing manuals and software code will only be found on Project Gutenburg

Jon • June 5, 2023 11:08 PM

@ ALL

The solution, of course, is financial (and possibly criminal) liability for those vulnerabilities.

If your car drives itself away because someone in Malaysia has figured out the unlock code, then the car manufacturer owes you a new car.

Of course, the manufacturers will fight this; tooth and nail and claw and lawyer, and will probably win.

But as long as they can get away with ‘oops, my bad, might (or might not) fix it someday’, then these problems will always be with us.

Arclight • June 5, 2023 11:47 PM

The real intent of “baked in security “ will be to limit the options consumers have for third party repair. If everything from the brake caliper to the window motor have a cryptographic key that must be installed from the factory or initialized at an authorized dealer, then you get to keep replacement parts and services out of the hands of the great unwashed.

I predict that this is the only part of the security vision that car makers will put real effort into.

Dave • June 5, 2023 11:51 PM

Another advantage of the move away from legacy designs is that digital security can be baked in from the start rather than patched onto components

You bring the popcorn, I’ll bring the beer.

Dave • June 6, 2023 12:16 AM

@Clive Robinson: It really depends on how it’s done, the essential control systems will be coded to e.g. MISRA standards and, as you say, have several years of effort devoted to getting them right. It’s the gigabytes of higher-level gunk that’s the problem. And that’s another reason why this is a pure pipedream, you can never put ASIL D functionality anywhere next to Bluetooth music streaming. The way to make it secure is to compartmentalise the critical stuff away from the gunk, not to put everything into one big clusterf— unit where your ABS control is running alongside your back-of-seat gaming.

I was at a presentation on this everything-on-one-system idea from a big automotive CPU manufacturer a few years ago and thought “yeah, you guys are just seeing this from the point of view of selling newer/faster/bigger SoCs and nothing much else…”.

Dave • June 6, 2023 12:18 AM

@Peter A: Even better, if you’re Joseph Lucas you can make a car without electrics.

Dave • June 6, 2023 12:25 AM

@Clive Robinson: It’d be great to hear some of these stories, maybe on a blog somewhere else, unlike the field of security there’s very little published on actual experience with high-reliability/safety-critical systems, almost all the publications are long catalogues of prescriptive requirements rather than illustrative war stories.

JonKnowsNothing • June 6, 2023 1:05 AM

@Jon, All

re: The solution, of course, is financial (and possibly criminal) liability for those vulnerabilities.

Zho, you are going to arrest ElMuskoDude for criminal negligence or intentional homicide? His cars have already killed a fair few people due to software design flaws.

ElMuskoDude gets to keep all the lolly he can gather, because

it is way way cheaper to pay for a death, than prevent a death.

That is how the California Department of Transportation (aka Caltrans) decides which lethal highway they will fix. States, counties, cities have a similar method of determining where to spend their allocated funds for fixing dangerous things.

The calc is something like this:

A) Number of deaths & injuries per year due to X-Condition * standard actuarial settlement rates for death/dismemberment for those injuries

B) Estimated cost of altering the X-Condition. Includes every aspect, ecological, geological, seismic, material, labor, future maintenance, etc.

If A is less than B, ignore A
If A * [10yrs / 15yrs / 20yrs … 50yrs] is less than B, ignore A

Even in the case where A is greater than B, there maybe other reasons X-Condition cannot be fixed.

So financial penalties won’t do what you think, and criminal penalties don’t work for VIPs. Especially VIPs that can drop $49Bill on a company worth less than half of that.

You can check your state’s version of Workers’ compensation rate or settlement sheets to see what all the body parts are worth. It’s quite well defined.

There is the smaller overlooked problem, that when you sign all that paperwork for a car (and other products) there are specific sections of very small print that says You Cannot Sue Us For Any Reason or Defect. States and Governments can do so because they do it under a different set of rulings.

===

Search Terms

Workers’ compensation

Workers’ compensation or workers’ comp is a form of insurance providing wage replacement and medical benefits to employees injured in the course of employment in exchange for mandatory relinquishment of the employee’s right to sue his or her employer for the tort of negligence.

Note: Legal cases use such charts to determine payouts for injuries or death.

Implied warranty (USA)

In common law jurisdictions, an implied warranty is a contract law term for certain assurances that are presumed to be made in the sale of products or real property, due to the circumstances of the sale.

…

The warranty of merchantability is implied, unless expressly disclaimed by name, or the sale is identified with the phrase “as is” or “with all faults”.

…

The UCC [Uniform Commercial Code] allows sellers to disclaim the implied warranty of merchantability, provided the disclaimer is made conspicuously and the disclaimer explicitly uses the term “merchantability” in the disclaimer

Clive Robinson • June 6, 2023 1:34 AM

@ ALL,

Re : Oliver Hoffman of Audi.

I took a few moments to start looking at other words on the Internet of the man interviewed by ARS.

And I came across this from 2021, the 50th year anniversary of “Vorsprung durch Technik”,

https://www.audi.com/en/company/profile/company-management/oliver-hoffmann/interview-hoffmann-report-2021.html

Whilst it reads like it was written by ChatGPT on a marketing gig, there are,a few points to note like,

“Automated driving will be the game changer in the automotive industry. I am certain of that. It will completely transform our understanding of mobility. At the highly automated driving level, the car takes over the driving functions – depending on the situation and national laws and regulations. The driver will then no longer need to intervene within these legally defined system limits.”

So “AI in the boot” is the name of the game for “Driving Miss Daisy”,

“The customer gains the personal space for individual development. Working, relaxing and even sleeping will then be possible.”

That last bit reminds me of the old joke,

“I want to die peacfully in my sleep like G’pap did, not like the passangers on his bus as he drove it off the cliff…”

Oh and the tomb scale for this,

“It will all start for Audi with the Artemis model in the second half of the decade.”

As they say,

“There you have it from the horses mouth”…

[Which when you think about transportation and horses is a bit odd. Because the main view a carriage driver and passengers,had of a horse, was shall we politly say under the tail end.]

Jon • June 6, 2023 2:22 AM

@ JonKnowsNothing

A couple of minor points:

While it may be cheaper to pay for ‘a’ death than prevent ‘a’ death, when it’s paying for dozens of deaths, the math changes a bit – especially when one preventative measure works for all deaths, not merely one[1].

And you’re right, for a certain level of economic position ‘criminal penalties don’t work’ means only that they should, not that we need to just lump it with the status quo[2].

Finally, it’s exactly that sort of ‘fine print’ that software manufacturers have been getting away with for decades that needs to be stamped out if you want secure software.

[1] The classic bit of math on this being the Ford Pinto, although it’s by no means the only example.

[2] They did manage to imprison Bernie Madoff (mostly because he made the mistake of ripping off rich people), Elizabeth Holmes, and Kenneth Lay (who very conveniently died, closed-coffin funereal, and body disappeared). It’s not impossible, just difficult.

JonKnowsNothing • June 6, 2023 3:19 AM

@Jon, All

re: While it may be cheaper to pay for ‘a’ death than prevent ‘a’ death, when it’s paying for dozens of deaths, the math changes a bit …

Deaths by Scale

The airline industry selects “Pay over Prevent” in terms of mechanical failures. Even with a fully seated airplane.

Airlines pay for physical failures; unless it’s declared Act of God or Act of War.

It still maybe possible to get financial restitution, but this often requires decades of legal maneuvers and the assistance from governments who (at a given point in time) have some interest in the proceedings.

Unused Tickets by Scale

“Ticket Cancellation, Vouchers, No-Refunds, Expires in nn-days”, the airline industry does not pay.

There maybe a long, multi-national, legal issue, allowing the airlines to keep, hold and pocket funds for tickets that never were used or never able to be used. There are a lot of tickets that are in this category from the Global Lockdowns.

The same legal basis is used when you are detained after receiving a boarding pass as you pass the doors of the terminal onto the gangway. The airlines gets to pocket your funds while you get to have a chat with some security officer who thinks “your shoes are too new” so they want a chat about that.

The 7-in-10 rule applies to all delays.

Peter A. • June 6, 2023 7:29 AM

@Dave re: Joseph Lucas

I am not sure non-electric lamps (and what about turn signals?) would be legal today, at least in Europe. Anyway, you can still get an old Soviet-era diesel clunker (not for long before it gets banned) and run it on spent deep fryer oil (until you get caught). The electric system is just for lighting and convenience (as long as you are of strong enough build to crank it yourself).

On a side note, I cannot understand the trend of getting it all “safer” by mandatory inclusion of electronic systems, e.g. to monitor the driver’s attention, and simultaneously pushing attention-grabbing and worse – attention requiring! – “glass cockpit” controls!!

My previous car had all distinct, palpable, physical buttons, switches & knobs, so I could just reach them without looking to turn on heating or cooling or to direct ventilation flow or to change radio stations or to switch interior lights etc. etc. My current car has three rows of almost identical flat buttons, so it is really hard to press the right one without looking down or taking quite a time with your right hand off the steering wheel to feel them and count them like a blind. I once got a replacement car (during repairs) and I had to scroll multiple menus on the flat touchscreen (I hate them, they’re totally unpalpable) to get to the basic controls! and the screen was flashing colors during the drive to alert me I am not driving “green” enough. I had to forcibly resist an instinct to look down at it and concentrate on the road ahead.

Jon • June 7, 2023 1:14 PM

@ JonKnowsNothing

The airline industry selects “Pay over Prevent” in terms of mechanical failures. Even with a fully seated airplane.

I’d concur with you on the ‘airline’, however not so much on the aircraft manufacturer. The example I have in mind is the Boeing 737-MAX AOA[1] sensor combined with MCAS[2] that killed several hundred people.

The airlines didn’t suffer much at all, compared to Boeing, the manufacturer, whose costs may have run into the billions.

Of course, those costs weren’t payouts to the victims or their inheritors, but more ‘loss of profit’ to a corporation.

Cold comfort to those who lost their lives, and to those who lost their friends, family, and loved ones. J.

[1] Angle Of Attack
[2] Maneuvering Characteristics Augmentation System. The combination of this and the above footnote, when failure occurred, caused airliners to become uncontrollable.

Clive Robinson • June 7, 2023 4:50 PM

@ Jon, JonKnowsNothing,

“The airlines didn’t suffer much at all, compared to Boeing”

Actually they did… One estimate is 2.14billion for the top ten airlines using the 737MAX in the 2019 full year alone,

https://www.forbes.com/sites/tedreed/2019/08/10/new-report-puts-impact-of-boeing-737-max-grounding-at-41-billion/

But the thing is Boeing had never wanted to make another 737 model. It was an old out of date airframe not suited to the then “modern requirments” and manufacturing and it realy was unsutable for physically larger energy efficient engines. As their engineers had told managment and thus the board it would prove costly, and problematical (apparently there’s a paper trail showing this),

‘https://www.pbs.org/wgbh/frontline/article/what-has-happened-to-boeing-since-the-737-max-crashes/

However on particular airline was deeply unhappy, they figured the cost of “up certifing” their pilots to a new aircraft would cost them to much…

So the airline blackmailed Boeing first privately and when that did not work publically by deliberately misrepresenting things Boeing had told them.

The result was Boeing felt if it did not make what the airline wanted, no matter how ill advised (and it realy was) then they would loose market share and other customers.

So in effect it was not Boeing that designed the aircraft but the airline and if was a “Dr frankenstine’s monster” result.

In reality the 737-MAX should have been regarded not as an upgrade but as a new design as the flight characteristics had been so altered. Pilots should have been retrained and certified. But that did not happen because of detrimental changes made to the US FAA rules that several had warned about…

As we know it certainly turned out to be a disaster for Boeing but it also turned out to be the start of a series of disasters for not just the airline responsible, but quite a few other airlines, and in fact the whole industry. It was not just the loss of seat derived income, but the cost of up certifing pilots, quite a few of which don’t want to fly it.

Due to losses etc AA had to make changes to the 737-MAX8 to “cram thrm in” with exyra seats and less passenger space. That on the face of it make it a rather more uncomfortable aircraft to fly on,

‘https://upgradedpoints.com/travel/airlines/american-airlines-boeing-737-max8-first-class-review-mia-to-lga/

What is not mentioned is those changes also up the risk for passengers in many ways including significant health risks for DVT’s and heart issues/strokes.

If I was still alowed to fly I would ensure that 737-MAX would be on my “No Fly List” for that reason alone, though there are other considerations.

Note that AA has not stuck to what it said it would do about “Warning passengers of 737-MAX” flights and apparently does not have a “refund policy” as it should do…

moe • June 7, 2023 9:03 PM

@Bruces’s article
Another advantage of the move away from legacy designs is that digital security can be baked in from the start rather than patched onto components

Yea, right. It’s probably safer to trade to a 1970’s car.

Security Sam • June 8, 2023 2:38 PM

Henry Ford saw the forest for the trees
His idea was to take us from from A to B
Then along came the novel Volkswagen bug
And now we have Tesla with software bugs.

Sydney Australia • June 9, 2023 1:18 AM

Today I stopped at a red light in the heart of the CBD close to lunch time. I was second in line at the intersection. Ahead of me was a Tesla. I wanted to tell the driver: you must be going somewhere important to you. Here you are in a busy intersection with many pedestrians. What would you do if your car battery suddenly caught on fire, right now? Are you aware, the fire brigade could be called yet would most likely be incapable of doing anything- it being outside their expertise.(a fire, outside the expertise of a fire professional!)
What if a side door fell off, here at the intersection?
Or the boot popped open, permanently stuck in that open position?
What would you do?
Would it make you angry?

Jack Manson • June 9, 2023 12:59 PM

There are more security questions than answers. As mentioned above, it is really interesting to what will be the responsibility of companies for a possible hacking of a car.

The Software-Defined Car

Comments

Leave a comment Cancel reply