undefined | Better HN

0 pointsddeck8y ago0 comments

The issue is not that he wanted better software, it's that he appeared willing to compromise safety to get it faster in order to beat his competitors to market, as is clear from the remainder of that quote:

"To get to that better software faster we should deploy the first 1000 cars asap. I don't understand why we are not doing that. Part of our team seems to be afraid to ship."

And from another email:

"the team is not moving fast enough due to a combination of risk aversion and lack of urgency"

0 comments

toast08y ago

The rest of the quote is much more powerful. It's pretty irresponsible to ship 1000 self driving cars onto public roads at this point. (Regardless of who is shipping them)

On the other hand, redundant steering and braking seem like probable overengineering. Brakes are already somewhat redudnant (dual section master cylinders were common in the 70s and are almost certainly in any modern vehicle), and better software could periodically verify they're working and if not, coast to a stop. Steering failure could be handled by engaging the brakes. Simultaneous failure is likely rare and catastrophic anyway -- losing a wheel and having the brakes pressure go with it can happen, and when it does, you put on your blinkers and hope you come to rest in a safe manner.

058y ago

So, dual action master cylinders are OK by you, but actuators are apparently so much more reliable you only need one of them? And the same goes for the control hardware and power supplies because you are ready to handle power loss in software? I hope you have common sense to stay away from engineering safety critical systems for the rest of your career..

toast08y ago

Dual (or triple? I don't know how many you want) actuators don't help very much if the software doesn't know how to activate them properly (as it seems is the case here).

You absolutely need a system to ensure a controlled stop in any type of critical failure in ability to control the system. Assuming you have that, it seems reasonable to regularly verify the controls are functional (jiggle the steering, modulate the throttle, gently tap the brakes) every so often, and rely on your controlled stop procedure in the event of failure.

I do have the common sense to avoid safety critical systems, thanks; however armchair engineering is a national sport.

j / k navigate · click thread line to collapse

0 pointsddeck8y ago0 comments

"To get to that better software faster we should deploy the first 1000 cars asap. I don't understand why we are not doing that. Part of our team seems to be afraid to ship."

And from another email:

"the team is not moving fast enough due to a combination of risk aversion and lack of urgency"

0 comments

toast08y ago

The rest of the quote is much more powerful. It's pretty irresponsible to ship 1000 self driving cars onto public roads at this point. (Regardless of who is shipping them)

058y ago

toast08y ago

Dual (or triple? I don't know how many you want) actuators don't help very much if the software doesn't know how to activate them properly (as it seems is the case here).

I do have the common sense to avoid safety critical systems, thanks; however armchair engineering is a national sport.

j / k navigate · click thread line to collapse