[14]

I think this falls under the idea that we need to reach perfectionism before we deploy something. That simply isn't true in my opinion. Many accidents already happen every day. If this system reduces that dramatically it's a win. Even if there are some failures along the way they will be noticed and improved upon.

[setr]

Failure due to the inevitable limitations of a system is one thing; failure because a hackjob, working 90% of the time, and catastrophically failing otherwise, was deployed? Thats just criminally negligent.

Even if total fatalities drop, if the reason for the remaining deaths is that your car will arbitrarily lie with no justification, then you’ll lose trust in the whole thing.

Systems that require trust should be reasonably perfect, so as to maintain that trust. Otherwise you’re really only going to get away with it by forcing it down the consumer’s throat, by top-down approaches (gov regulation, contracts with the ceo, etc).

And when you’re doing that, who cares what the failure scenario and rate is? Lies to you 20% of the time, and its still on your head. 30%? 80%? The only group that needs to trust it at this point is management; they’re n steps removed from the issue, so as long as you can keep them from looking too hard, you can go as awful and shitty as you want.

Trust takes years to build, seconds to break, and forever to repair. Or you just take it to management.

Your website doesn’t need much trust, and your text editor needs some but not much. But your car? It most certainly does

[adamb]

Nothing about my comment advocates for perfectionism.

My point is that V2V systems and research papers I've seen just don't make meaningful claims about safety. They instead make claims about convenience and efficiency, which are not substitutes for safety.

We know to test vehicles for crash safety before putting them on the road.

While I believe there are certainly ways to make use of V2V communication that increase overall safety, I haven't seen anything remotely resembling a crash test for V2V systems.

Creating a system that relies on the correct behavior of all components is not a recipe for safety or reliability. This is especially true as the number of components increases (this happens when a car exchanges messages with all the cars around it).

We need V2V systems that rely only on correct behavior of any component and allow for malicious behavior of some components.

The idea that a protocol version mismatch from some rolling deploy can cause injuries in cars made by other manufacturers is the sort of thing that I haven't seen a single person point out. How would something like this even be caught and debugged?

Advocating for an ecosystem where these things are likely but neither addressed nor considered is just plain irresponsible.

[_ea1k]

I agree with you. It has always been my hope that these oversights are a direct result of the projects struggling to find a baseline level of value rather than any underlying lack of forethought.

The level of security and approach to security will largely correlate to the types of messages that such a system ultimately needs. This sounds obvious, but I think it really isn't. In a world of self-driving vehicles with lidar + optical sensors, how much v2v communication is required beyond the sensor data?

Until that question is answered, it might not make sense to primarily focus on the security and reliability of said data.

[adamb]

I think there is something romantic about the siren's song that is "we don't need object detection or velocity estimation if all objects self-report their location, velocity, and intent".

I hope you're right and that once we establish best case utility, as a community we refocus on handling component failures more gracefully.

Although it's unclear if the second and third order system effects in our financial system will ever get that sort of treatment. So let's hope driving gets a bit closer to flying (and farther from wall street) in terms of attitude towards safety.

EDIT: clarity

[neuralRiot]

It depends of the function of the system, it's not the same having yor infotainment freezing and losing the music than your drive-by-wire system crashing and engaging your parking brake at70Mph.

[908087]

"Move fast and break people" isn't an acceptable way forward.