> these changes just introduce needless risk of complex failure for no real gain
Analog speedometers are more complex and can’t be patched OTA. Eliminating them from the fleet means one less part to procure and inventory for manufacturing and service. Given the downside is losing precise speed awareness (you should still be able to judge rough speed visually—that’s the back-up), this seems like a fair trade-off.
Contrast that with e.g. brake lines, where digital systems can add redundancy. (That doesn’t mean they always do.) Or physical mirrors, which add critical redundancy to cameras.
Why do cars need to be patched OTA? Why isn't the code for something as mission critical as a car not written right before it was shipped? I never needed an ECU update on a car before? And my infotainment rarely needed one to the point where the handful of times it did get a firmware update it was handled during servicing just fine.
> Why isn't the code for something as mission critical as a car not written right before it was shipped?
We OTA spacecraft. We update planes’ software as part of maintenance. We have never written software once. We just accepted the bugs and defects as part of the product’s basket of tradeoffs, marvelling when the occasional manufacturer got it right in the first manufacturing runs.
> never needed an ECU update on a car before?
There were always weird bugs associated with models that you learned to deal with, or a tendency towards certain failure modes. In extreme cases we recalled.
> We update planes’ software as part of maintenance
We don't OTA plane software updates.
> We OTA spacecraft.
Because we can't realistically bring them back and there's an incredible amount of work that goes into make those updates flawless. Spacecraft are not a mass produced consumer product driven by profits and are less likely to have corners cut.
Sure. We still update the software. The tool which airlines use to create update blobs is even online [1].
> Because we can't realistically bring them back
We couldn’t always OTA spacecraft. Back then we just lost them.
The point is in even high-stakes games we don’t write flawless software. Now software in cares is doing more. There will be bugs. Pretending there won’t is delusional.
What we can do is minimise safety-critical bugs by forcing standardisation and certifciation in those components, even if that slows down innovation, and ensuring timely patches. That’s easier with digital than analog, which in turn makes manufacturers more willing to admit they made a mistake.
They don't need to be patched OTA. It's ridiculous. The terrible product design practices from other parts of life have unfortunately seeped into automaking.
Analog speedometers are more complex and can’t be patched OTA. Eliminating them from the fleet means one less part to procure and inventory for manufacturing and service. Given the downside is losing precise speed awareness (you should still be able to judge rough speed visually—that’s the back-up), this seems like a fair trade-off.
Contrast that with e.g. brake lines, where digital systems can add redundancy. (That doesn’t mean they always do.) Or physical mirrors, which add critical redundancy to cameras.