Is this way. The train have separate system for control. Nothing may touch. Car is the same. Have only simple connection of entertainment to CAN bus. Only control basic thing. Can not touch driving.
Plane use separate wire for every thing.
For all three the safety critical software is formally verify.
I remember a tesla teardown that was like “they simplified the cabling reducing how many cables are needed” and every engineer in the replies was like “ABSOLUTELY DO NOT DO THAT WTF”
I read that they daisychained each module and controller using ethernet cabling which could cause cascading failures. I don’t know if this was a rumor or if it was corrected or what
Imagine your microwave goes funny and blows a fuse. You’re upset but it’s a minor issue because the fuse is either in the socket or in the plug, or in the fuse board. The rest of the circuit or circuits continue to work. The lights still work. The other sockets still work. The kettle works.
Now imagine they’re all on one circuit with one fuse. If that first blows because you were a bit too ambitious with the microwave porridge, all the electrics will fail until you swap the fuse.
A fuse is one of the simpler things to fix, too. With code as well as other fail-points in the system, it’s only a matter of time before the whole thing breaks and becomes unfixable because (i) the fault cannot be found (ii) the fault can be found but the part can’t be replaced (iii) the fault is a minor issue but it’s prohibitively expensive to fix due to its place in the system but it can’t just be removed because it’s been designed as a critical element in the system, etc.
Reducing the cabling in a car means putting more things on fewer circuits, leading to the issues above. Problems become harder to diagnose and fix. Additional things are like if in an old car if the radiator breaks, you might be able to drive it slowly to a garage but if there’s a sensor that won’t let you drive with a faulty rad, you aren’t moving and if that sensor is on a circuit that can’t just be disconnected because it’s also tied in to the ignition, you’re still not moving. Multiple circuits let’s you minimise the kinds of faults that can bring the whole thing to a standstill.
Is this way. The train have separate system for control. Nothing may touch. Car is the same. Have only simple connection of entertainment to CAN bus. Only control basic thing. Can not touch driving.
Plane use separate wire for every thing.
For all three the safety critical software is formally verify.
I remember a tesla teardown that was like “they simplified the cabling reducing how many cables are needed” and every engineer in the replies was like “ABSOLUTELY DO NOT DO THAT WTF”
Do they use CAN for everything?
I read that they daisychained each module and controller using ethernet cabling which could cause cascading failures. I don’t know if this was a rumor or if it was corrected or what
In fairness, all can failures are also cascading and most automakers use can
i’m not an engineer why is that bad?
Imagine your microwave goes funny and blows a fuse. You’re upset but it’s a minor issue because the fuse is either in the socket or in the plug, or in the fuse board. The rest of the circuit or circuits continue to work. The lights still work. The other sockets still work. The kettle works.
Now imagine they’re all on one circuit with one fuse. If that first blows because you were a bit too ambitious with the microwave porridge, all the electrics will fail until you swap the fuse.
A fuse is one of the simpler things to fix, too. With code as well as other fail-points in the system, it’s only a matter of time before the whole thing breaks and becomes unfixable because (i) the fault cannot be found (ii) the fault can be found but the part can’t be replaced (iii) the fault is a minor issue but it’s prohibitively expensive to fix due to its place in the system but it can’t just be removed because it’s been designed as a critical element in the system, etc.
Reducing the cabling in a car means putting more things on fewer circuits, leading to the issues above. Problems become harder to diagnose and fix. Additional things are like if in an old car if the radiator breaks, you might be able to drive it slowly to a garage but if there’s a sensor that won’t let you drive with a faulty rad, you aren’t moving and if that sensor is on a circuit that can’t just be disconnected because it’s also tied in to the ignition, you’re still not moving. Multiple circuits let’s you minimise the kinds of faults that can bring the whole thing to a standstill.