[hansdieter1337]

I can confirm this. We had to install virus scanners on our self-driving car Linux boxes which are disconnected from any networks... Fun part is that the AV scanner sometimes takes so much CPU time that the pedestrian detection algorithm fails and the car has an increased chances hitting them.

[snvzz]

This is insane, and should be considered criminally negligent.

Linux is not a high assurance RTOS. It does not have adequate reliability nor can it provide any guarantee of hard realtime, and thus it should not be found anywhere near a "pedestrian detection algorithm" that's supposed to protect a car from hitting pedestrians.

There's proper operating systems[0] for this sort of scenario.

[0]: https://sel4.systems/About/seL4-whitepaper.pdf

[AnthonyMouse]

You're thinking about this in terms of deadlines rather than trade offs.

If you build a million cars, they're going to hit a certain number of pedestrians, statistically. Literally zero is the ideal but not necessarily achievable.

If you spend more computation on pedestrian detection, it will do better. If you have to spend computation on useless antivirus, it can't be spent on pedestrian detection, or some other thing that improves safety. And pedestrian detection is itself a trade off -- one algorithm might be more accurate but slower, and so give the vehicle less time to respond after detection. Using a RTOS doesn't save you -- if the CPU isn't fast enough to run both the algorithm and the antivirus then it could have to starve the antivirus of resources indefinitely, which might not be compliant. So then the presence of the antivirus requires you to use an algorithm which is faster but less accurate.

You could also use a faster processor, but that's still a trade off. It could increase the cost of the vehicle and cause some people to continue to use vehicles that are less expensive and less safe, leading to an overall cost in lives.

Any time you're making a trade off where one of the variables is human lives, any inefficiency that requires you to make the trade off in a worse way is potentially costing lives. And installing antivirus where it doesn't belong is an inefficiency.

[etimberg]

I assume they're using something like https://en.wikipedia.org/wiki/RTLinux to make it a hard RT system

[ric2b]

Clearly not, since the AV can take too much CPU time and prevent other tasks from running.

[snvzz]

RTLinux is dead, and it never had a high assurance story to begin with.

[CyanLite4]

Gotta call BS on OP here. Anything time sensitive like self-driving cars absolutely has to be built on a real-time operating system. If you’re in the U.S. there are Dept of Transportation requirements to even be allowed to test drive the thing on any road surface other than your own driveway.

[michaelt]

OP might mean "When I was a student working on a self driving car student project, which we mostly tested in simulation, occasionally on private land with a lot of extra safety precautions, and never on public roads"

[hansdieter1337]

1) It’s one of the biggest car manufacturers 2) It’s in the US 3) It’s in public roads (with a special testing permit and safety drivers)

[ironmagma]

That seems like a serious engineering ethics problem that needs to be escalated to the highest level possible and if that doesn’t work, then leaked to the media.

[onli]

That's the moment where you have to sue, sabotage the auditors, enable politicians or go to the press. There has to be a line in the sand, and that's when clueless bureaucracy like that endangers life. When (not if) that car kill someone it's not only on the auditor, it's also on you ("you" as in "the people complying").

[detaro]

Impressive how professional negligence is the "fun part" for you. If it ever goes wrong, I hope someone goes to jail for that. (yes, stupid requirements suck. but if they actually impact things that matter, "fun" is not the appropriate response)

[matkoniecz]

If that story is true, then I hope that at least some of involved in this will have substantial loses and company will go out of a business.

Before you will kill or maim someone innocent.

If you must comply with this scanner then buy 16 GB RAM and SSD (or more hardware, depending on bottleneck) rather than plan to kill people.

Also, who made self-driving car not operating as a real-time system?

[richardwhiuk]

Surely this is a troll.....

[kayodelycaon]

I highly suspect it is. Every audit I know of allows for mitigating controls. Having a system properly air-gapped would allow a system to be run without antivirus. I doubt many auditors would require antivirus on network switches.

[yodelshady]

If I may ask, says who?

I've done a little work with safety-critical systems, and that's certainly a new requirement to me both in theory and practice.

[baybal2]

I couldn't have even imagined somebody coming to that.

I don't think a company like that can really function.

My advice, leave before it implodes.

[x86_64Ubuntu]

This sounds strange because safety systems are usually hard realtime. I can't imagine those folks tolerating something that can randomly decide to eat time slices as it pleases.

[everyone]

not sure about this one. Viruses dont need a network or internet connection to spread. They used to spread just fine via floppy disks.

EDIT: Obviously the fact that the cpu cant handle virus scan + pedestrian detection at the same time is shockingly bad. ... But a self driving car with a virus that could cause it to do potentially anything is even worse.

Why not just run the scans when the car is not in motion, or when charging?

[theandrewbailey]

In another timeline:

Auditor: This internet-connected device has no floppy drive. No antivirus needed.