Rivian apologizes to customers after infotainment-bricking OTA update

Some affected Rivian EVs may require physical servicing to fix the problem.

See full article...

 

[rivertrip]

Apparently you can still drive it, but without the bells and whistles, if that's a dealbreaker, that's up to the individual driver.

How is it obviously a lie?

Apparently you can still drive it, but without the bells and whistles, if that's a dealbreaker, that's up to the individual driver.

How is it obviously a lie?

I obviously made a mistake when I said "obviously". It's just not believable, in my opinion.

 

[sarusa]

Every time I hear the fat finger excuse used, I wonder... what if the guy who made the mistake is actually fat and he's just sitting in his cubicle at work now, having seen this, a lone tear quietly rolling down his face?


Also, the idea that you could 'fat-finger' this is bogus - if you can push anything but the blessed build - approved by QA - to your motor vehicles on the road you're in Elmo territory.

 

[gooseslapper]

I understand “childish noises” comments as all things in life must be super serious. Particularly when I’m in something as corporate as a car. But, as an aside, I played some of those “childish” noises for a relative that had just gone through a very depressing event in his life. It was the first time I heard a genuine belly laugh out of him in a very long time. The absurd concept of being in an expensive car with it making fart noises was just too much to handle despite his down state. So ARS, keep being all adult and such. But sometimes, just for a flash, it’s good to go back to being kid.

 

[el_oscuro]

GM recently had something over the summer with the Colorado. The software update would download but then fail to install repeatedly. It would draw down the battery and prevent the car from starting.

I wish they would allow us a choice on the software updates. I would like it if the updates would soak for a while before installing.

I'm sitting here reading this article and comments and just right this minute, my wife called and asked me why my laptop upstairs had a blue screen. Given that I haven't used it in hours and it should be in sleep node, I had no idea. I went up to check and it was in the middle of a Windows update ("0% complete. Do not turn off your computer"). I have never heard of Windows forcing an update on a computer that is in sleep mode. Hopefully it will work and my computer won't be bricked.

 

[el_oscuro]

XKCD has its own take, of course, originally in the context of computerized voting:

That turned one out to be an unusually accurate and terrifying prediction:

"Nothing is ever foolproof. But Modern Airliners are incredibly resilient. Flying is the safest way to travel."

(Boeing implements MCAS)

"I don't quite know how to put this, but our entire field is bad at what we do, and if you rely on us, everyone will die."

 

[Focher]

I'd give them a LOT more credit if the announcement included '...and we're paying for Enterprise to drop a loaner at your door that you can keep until this is resolved at our expense."

Because you can’t play music or use the built-in navigation? Seems over the top.

 

[el_oscuro]

Apart from their obvious specific mistake...there's also the mistake of pushing an untested image to production. Rivian doesn't have very many models, so it should be easy to require each notably changed image be validated (at least in passing) on every model of hardware they have.

A problem with CI/CD is the "kids" (young developers) have decided the magic build pipeline is authoritative, so there's no longer any degree of "no, this won't ship until you tested it yourself". Any version of old-school release methodology that included an actual test phase, QA, or the simplest of sanity spot-checking could prevent this kind of "can see at a glance" failure.

As someone who is IV&V, I am dealing with that CI/CD shit now. Fortunately, the devops people don't decide that a "pipeline" is authoritative. All that pipeline is is another set of scripts and products that have to be managed. Everything that comes our way is deployed by us, using whatever documentation is provided. And when that CICD breaks (because it usually does more often than traditional deployments), it gets failed and sent back for a do over, just like any other deployment.

 

[sjl]

Because you can’t play music or use the built-in navigation? Seems over the top.

Reportedly, it means that you can't see your speedometer on the built-in display.

In the state of Victoria, Australia, that means that the vehicle is not roadworthy - you aren't allowed to drive it on public roads until the fault is fixed. Doing so can result in a fine ($396, I think), and it has the potential to void your insurance.

This has big consequences, in other words; it's not some small thing that people should just gloss over.

There are reasons that I'm so harsh on the idea of putting everything onto a touch screen instead of the more traditional approaches of buttons, knobs, and task-specific indicators - this is just one of them.

 

[TheBrain0110]

Reportedly, it means that you can't see your speedometer on the built-in display.

In the state of Victoria, Australia, that means that the vehicle is not roadworthy - you aren't allowed to drive it on public roads until the fault is fixed. Doing so can result in a fine ($396, I think), and it has the potential to void your insurance.

This has big consequences, in other words; it's not some small thing that people should just gloss over.

There are reasons that I'm so harsh on the idea of putting everything onto a touch screen instead of the more traditional approaches of buttons, knobs, and task-specific indicators - this is just one of them.

i would not be at all surprised to find out that the knobs, buttons and other indicators for other cars are run through the software shared with the entertainment system or will be soon in upcoming models.

it is a bit unclear what info is still available in this state. If the speedometer and other safety related mandatory features are not available (it seems like they are probably not, but annoyingly no one has actually explicitly said so) then I suspect the NHTSA will have some things to say about this. Though I suppose in theory this isn’t different from your speedometer physically breaking… At the end of the day it is your responsibility to not drive if the car is not legally drivable.

Also before driving I would make sure airbags etc. are active in this state. They should be separate systems, but it would suck to find out by crashing that they aren’t. It sounds likely that the indication for if the passenger airbag is active will be missing so If the sensor that detects the passenger is broken leaving it inactive or someone too light is in the seat you won’t know it.

In highschool and college I definitely drove cars in a lot worse conditions than this (one had a fuel leak and the dashboard went blank sometimes due to electrical faults). But looking back on it that was very stupid of me. I wouldn’t drive that car today. I would drive the rivian in it’s current state, but I certainly would be annoyed about having to consider if my relatively new car is safe to drive.

I have mixed feelings about this. Mistakes happen, but Rivian’s poor software practices certainly have an Impact on safety that I don’t think should be dismissed as lightly as some are. Hopefully the bad practices are only around the certificate and not the rest of the software development stack that could fail in much more subtle and dangerous ways.

tldr: The car in this state is probably a bit riskier than normal to drive and may not be legal to drive, but I would still be willing to drive it.

 

[cru_dave]

GM recently had something over the summer with the Colorado. The software update would download but then fail to install repeatedly. It would draw down the battery and prevent the car from starting.

I wish they would allow us a choice on the software updates. I would like it if the updates would soak for a while before installing.

Exactly why I dread the day I have to have a car with OTA updates. I've seen SMETS2 meters bricked by an OTA update (I think they needed a service person to recover them, but they might have been replace - cant remember) so I can only imagine the fun to be had when updating a car.

 

[Hezio]

Why do I get the feeling that most other car manufacturers wouldn't be as honest as these folks are?

You mean like that time Ford decided it was cheaper for people to die and then settle with those who sue instead of recalling their cars?

 

[cru_dave]

Most updates have nothing to do with the car driving, it's updating infotainment and not touching the drive systems. What you're proposing is like buying a phone and never installing updates.
And there are lots of vehicle safety recalls that are resolved with an OTA update. Why go through a dealer when you don't have to?

Because as a tester, with a little embedded systems experience, that terrifies me. WHY would I ever allow my car to perform a safety critical update? Why, if it apparently has no way of forcing a rollback, would I even allow it to install a non-critical update? Even Google, on its own hardware and its own OS gets the occasional boot-loop disaster, so Im not trusting car makers, who after 100 years of experience still struggle with secure locking mechanisms and fasteners, hoses and brakes that don't require recalls to tinker with the software, especially when you consider how bad some of the UI experiences out there actually are.

 

[cru_dave]

What drives me nuts is these IoT devices are advertising wifi adhoc points by default.

My new Fridge has one
My new Washer and Dryer has one
My new EV charger has one

To my knowledge none of them are really dependent on them. But, I'm simply annoyed that they show up on any wifi scan.

I figured I could add the EV charger to my Wifi and it would go away, but it didn't. Apparently they have an always available adhoc one for reconfiguring.

Probably with a hardcoded password that was included during development and never removed.

 

[kdred]

They do soak, but the plan was to let it soak in your car.

I do not like “move fast break stuff” mentality applied to a 2000+ pound vehicle transporting me and my family down the road at 70mph.

The good ole basics, does it have gas? does it have air? Does it have spark? Now add did my car go through an update overnight? No thank you I’ll keep my sub 2020’s cars until the bugs are worked out.

Goes back to waiting for work laptop blue screen count down after waking the computer for the day.

 

[KeyboardWeeb]

I don't even allow my computer to update without my consent, usually after reviewing the updates to be done and deciding if I want to make some preparation first (or at least, put it off until I have the time/energy to deal with a possible bedshitting).

On my computers, I can image my drive, use Timeshift or System Restore, and sync my important files to elsewhere. But how the hell do I backup and restore the system in my car?

Yeah, updates make me nervous. Why do you ask?

 

[Undertortoise]

This is just a reminder that carmakers love OTA updates because then they don't have to declare recalls or admit to errors.

 

[SeanC__]

And here I am with my 12 year old car that can only do what I expect it to, reliably and without updates. Like a peasant.

 

[SweetyPetey]

This is a solved problem.

1. Use a deployment system that rolls back automatically if an error is detected.
2. Also allow the user to roll back, possibly a week later.
3. Don't deploy to everyone at once. Perhaps something like this:

• Monday 0.1% deployed
• Wednesday - bump it up to 1%
• Next Monday 5%
• Next Wednesday 25%
• Then in your third week, push it out to 50%, and then 100%.

Those are called update or deployment rings.

 

[orwelldesign]

This is exactly why I am stubbornly sticking to dumb devices for most things. I see no reason for my refrigerator or dishwasher or microwave or television screen or washer/dryer of water heater to be connected to the internet.

All that does in introduce unnecessary complexity and dependencies. I know many embrace the benefits of such advances and more power to you. But I admit to being a Luddite in this area.

So... we have a washer and drier. Probably most people posting here do.

But ours is dumb. It works pretty good, but doesn't have a bunch of features and networking and all that crap.

A few years ago, some belt broke in the washer, and we called our small appliance guy: he said "you can probably keep these running for another 50 years. If you ever decide to sell them, call me first."

The appliance repair guy doesn't want to own 'smart appliances' which tells me all I need to know about smart appliances -- the fella who literally has the job of working with them, doesn't want anything to do with them.

Guess I'm a Luddite myself.

 

[Moonscript]

I keep finding news stories that reinforce my desire to buy a 1968 VW Beetle.

My 2006 Scion xB looks better every year.

you should probably just google news stories about pictures of such vehicles being in accidents with a modern one. That will end your desire real quick...

Yeah, there is that...

 

[Deranged]

Not an issue with my Lenovo. Could it be something to do with the company's configuration?

Very possible. But even so, i dont think it’s even possible to configure a Mac so that it takes 20 secs to wake from standby.

 

[olePigeon]

Oh I forgot to mention the BEST part.

They were all in a special housing so they could do the job they were needed for, and didn't have external data ports without taking them out of the housings, which required 4 security torx screws to be removed.

It was a really, really fun time.

Oooh. Oof, that DOES sucks.

 

[madogu]

While it’ll certainly be a nightmare for many people (I’d probably rip off my steering wheel in anger…), my first thought is, “well, at least they acknowledged their mistake and are taking action to correct it”.

To follow that thought through - is it sad that I’m seeing it as a good thing for a company to recognize mistakes because other companies need to be dragged, kicking and screaming, to court over similar things (or even through the court of public opinion)? Am I so jaded and cynical and this normal behavior is now somehow special?

 

[Br.Bill]

GM recently had something over the summer with the Colorado. The software update would download but then fail to install repeatedly. It would draw down the battery and prevent the car from starting.

I wish they would allow us a choice on the software updates. I would like it if the updates would soak for a while before installing.

Exactly. I don't update my phone or computer OS for weeks or maybe a couple months even, when a new major or major.minor release comes out, until it proves itself good and stable, or until vMajor.Minor.1 releases.

 

[Akmass]

Its a Battlecar Galactica for me. No computers.

 

[Joey21]

you should probably just google news stories about pictures of such vehicles being in accidents with a modern one. That will end your desire real quick...

I have a '65 Beetle. Great car. Safety is about on par with a gas scooter. As long as you operate it with that in mind, you'll be fine.

 

[the cave troll]

I have a '65 Beetle. Great car. Safety is about on par with a gas scooter. As long as you operate it with that in mind, you'll be fine.

As in, don't operate it on a road containing other drivers?

 

[ridgeguy]

With every story like this, I feel better and better about putting a new engine in my '99 4Runner last June! I've always preferred hardware updates to software.

 

[approximate_pi]

Aaaaand this is why I don't want my car getting OTA updates, ever. I'm happy to download a vetted and released firmware update to a USB thumb drive for install if it addresses something needed, that's about it. On of my main criteria for my next car is the ability disable OTA access, like pulling the fuse on the cell module

 

[ssvt]

And people still make fun of my MGB because of its Lucas electrics...

 

[garrobon]

As in, don't operate it on a road containing other drivers?

It's not going to attack them. I've had plenty of 60s era Volkswagens as daily drivers. If you understand the risks, why not. I think people are crazy for driving motorcycles on the road, but I don't feel the need to lecture them on safety.

 

[JoeDeveloper]

Reminds me of Windows BSOD.

 

[SpankyFrost]

"Press Accelerator + Brake + Horn for 10 seconds to put your car in recovery mode."

OMG! it worked!

 

[SpankyFrost]

Building and deploying software is hard. As Sork said, customers should have some control over when their systems are updated. I do applaud Rivian for their transparency. I wish Hyundai was equally communicative. Those of us who have been waiting for weeks for BlueLink connectivity to be fixed are getting pretty frustrated. Hyundai has not been forthcoming about the problem or potential solutions. At least our cars still (mostly) work.

Well, the RAM/Chrysler Uconnect infotainment system is similar to this. 99% dodge service folk are clueless to that thing in the dash. If it works, you're ok. If there are issues, you are screwed. I had a brand new top-of-the-line, loaded 2013 RAM that had serious infotainment issues. Took the service over a year to finally agree to replace the unit. What a nightmare that was...

 

[sigkill9]

Cars are safety-of-life systems, not a fucking Tamagotchi. They should not even need an OTA update, ever. We should understand any software update to be equivalent to a recall—a serious ball drop that means the company screwed the pooch on the original deliverable.

To counter that...

Infotainment systems have access to your location, driving habits and phone, are connected to the Internet more often than not these days, and in some unfortunate cases are even able to manipulate CAN signals on the busses that handle throttle, steering, brakes, etc. Most of them run Android or Linux (a few might still run QNX, but its a dying breed if they do).

How many other Android devices that you own are you happy with the idea of never getting security patches? How happy would you had to have a Samsung/Moto/Google/etc tech manually update your phone every time it needed a security patch?


Still not convinced?

OTA is also used pre-sale on production fleets and on non-saleable test fleets and to fix issues in other ECUs.

Usually the SW for any ECU in a car has to be "done" several months prior to start of production (SOP) to allow plenty of time for validation, hot fixes, etc.

The hardware design (barring unforseen part shortages and colossal fuck ups) is typically frozen well in advance of that (at least 1-2 years before the car is in consumers hands). If you've ever done embedded work of any kind, you're probably familiar with the concept of working around hardware bugs in software. This is super common with any cutting edge silicon.

So there's always shit that doesn't show up until you've manufactured a couple hundred or thousand cars... that gets fixed during these early prod phases, ideally.

It's not just components local to the infotainment system. I've seen hotfixes for errata in silicon externally connected to the radio just because it's the box that has OTA and it needs to fix something that would otherwise require a hardware spin of a different suppliers module and delay the entire vehicle launch by a hardware design cycle time.

These hotfixes get to "bake" a while in the test fleet before being folded back in to the factory release... and at a muuuuch lower expense + more reliably if it can be pushed out to everything all at once (or deliberately staggered) vs manual CAN/USB reflash.

Worst case: these bugs don't show up until actual prod cars are doing EOL tests, or worse still warranty return.

So yes, modern cars need OTA.

 

[ElCameron]

I have a '65 Beetle. Great car. Safety is about on par with a gas scooter. As long as you operate it with that in mind, you'll be fine.

that is the correct way to think about it. A small town, <5 miles from home runabout. But sadly this isn't the reality for the vast majority of americans.