Hacker News new | ask | show | jobs
by comex 3007 days ago
Hmm, but wouldn’t his priorities be correct in the context of this crash? There hasn’t been any suggestion (so far) that the crash occurred because some hardware component stopped working; rather, it seems like the software failed to identify the pedestrian in time. So better software seems precisely what was needed. Though I can imagine that better sensors might also have helped…
1 comments
ddeck 3007 days ago
The issue is not that he wanted better software, it's that he appeared willing to compromise safety to get it faster in order to beat his competitors to market, as is clear from the remainder of that quote:

"To get to that better software faster we should deploy the first 1000 cars asap. I don't understand why we are not doing that. Part of our team seems to be afraid to ship."

And from another email:

"the team is not moving fast enough due to a combination of risk aversion and lack of urgency"

link
toast0 3006 days ago
The rest of the quote is much more powerful. It's pretty irresponsible to ship 1000 self driving cars onto public roads at this point. (Regardless of who is shipping them)

On the other hand, redundant steering and braking seem like probable overengineering. Brakes are already somewhat redudnant (dual section master cylinders were common in the 70s and are almost certainly in any modern vehicle), and better software could periodically verify they're working and if not, coast to a stop. Steering failure could be handled by engaging the brakes. Simultaneous failure is likely rare and catastrophic anyway -- losing a wheel and having the brakes pressure go with it can happen, and when it does, you put on your blinkers and hope you come to rest in a safe manner.

link
05 3006 days ago
So, dual action master cylinders are OK by you, but actuators are apparently so much more reliable you only need one of them? And the same goes for the control hardware and power supplies because you are ready to handle power loss in software? I hope you have common sense to stay away from engineering safety critical systems for the rest of your career..
link
toast0 3006 days ago
Dual (or triple? I don't know how many you want) actuators don't help very much if the software doesn't know how to activate them properly (as it seems is the case here).

You absolutely need a system to ensure a controlled stop in any type of critical failure in ability to control the system. Assuming you have that, it seems reasonable to regularly verify the controls are functional (jiggle the steering, modulate the throttle, gently tap the brakes) every so often, and rely on your controlled stop procedure in the event of failure.

I do have the common sense to avoid safety critical systems, thanks; however armchair engineering is a national sport.

link