whitex
Well-Known Member
A properly designed system would have 2 layers of protection against this:Still very scary that a server issue can disable crucial (taken for granted) safety features like emergency braking or forward collision warning.
- any kind of an update system should check whether the update loaded correctly and revert to the old version of data (or worst case to no data) if it fails
- any failure to load exception should be caught and the system should go to "no auto-pilot/safety features only" mode, rather than crash disabling all functionality
Tesla should really clearly label all safety features as indefinite Beta, not just EAP, because they are all tied together and one can screw up the other (which is why there was no EAB or auto-wipers before AP computer software was ready).