[SystemSafety] a public beta phase ???

Les Chambers les at chambers.com.au
Thu Jul 21 01:00:42 CEST 2016


Kevin
Let's workshop this problem.
There is a fantastic product opportunity here. I wouldn't be surprised if
someone has either already done it or has it in the works. It would be a
natural extension to the product line of tom-tom or Garman or Apple or
Samsung. That is: a simple device that you throw into your glovebox pretty
much like a mobile phone that calculates your vehicle's current GPS
coordinates, speed and heading and transmits it on a wireless net to the
surrounding vehicles. A simple calculation would then be able to predict a
collision. The cheap model would just sound an alarm. The more expensive
model would be integrated into the vehicles braking system. This would have
saved the life of Joshua Brown. If that truck was carrying such a device
even if it wasn't connected to the truck's brakes the Tesla vehicle would
have been able to "see" that truck and apply its brakes. So this is the
answer to your question. If this warning device cost less than 100 dollars
it would be an affordable and really cool thing to have in your car to make
sure all these driverless vehicles avoided you. You could even throw in a
chat function (supported by a cell phone app) so the kids in the back seat
could talk to the kids in the surrounding cars. The mind boggles at the
possibilities. You could even have an IFF-like squawk transmitting your
philosophy of life: "MGB fast mover - death or glory - outa-my-way I waste
nerds" ... This would immediately cause your Tesla control system two double
the following distance.

I just bought some Netgear to extend my wireless net. It extends the two and
five gigahertz bands, has four ethernet LAN ports and one USB 3.0 port. It
cost AUD124.00. Most insurance companies would probably be overjoyed to
discount you this much on your car insurance policy if your vehicle carries
one of these devices. Alternatively Elon Musk should manufacture something
like this and give it away. That would silence all his critics including me.
Does anyone on this list know him? How can we patch this idea through?

It may even be possible to integrate such a function into a mass-market
cellphone as an extension of the Wi-Fi hotspot/Bluetooth functionality.
Though I suspect wireless net range may be a problem.

Oh and this reminds me ... someone mentioned that this AI stuff is all new
and we don't know what to do. Not so. Back in the seventies I was working on
systems fitted with what we called "abort programming". The modern tech
speech is "the kill switch" 
(
the thing Elon Musk wants to invent for out-of-control AI - remember the
famous line from 2001 a Space Odyssey?
Dave Bowman: Open the pod bay doors, HAL.
HAL: I'm sorry, Dave. I'm afraid I can't do that.
)

Well, the standard solution is: as a completely separate exercise, you task
a team to figure out unsafe states of the object under control and develop a
simple device that can disable ("kill") the complex automation system if it
starts doing dangerous things. The key is that this device must be simple
and therefore less prone to failure. This is a proven architectural solution
so we DO know what to do. In fact the device I have described above could
perform this function. It would also use diverse technology which is another
very well established solution.

I could see the bumper stickers now, "Relax. My car is kill-switch-safe"

There is also a role for government here. Government could legislate to make
carrying a kill switch compulsory.

Problem solved.

Les

-----Original Message-----
From: systemsafety
[mailto:systemsafety-bounces at lists.techfak.uni-bielefeld.de] On Behalf Of
Andreoli, Kevin (UK)
Sent: Tuesday, July 19, 2016 6:07 PM
To: systemsafety at lists.techfak.uni-bielefeld.de
Subject: Re: [SystemSafety] a public beta phase ???

I have been engrossed in this discussion but it seems to me that one point
has yet to be discussed.  It came to me again this morning on the drive to
work.  An MGB GT from the 70's pulled in front of me just before we joined a
queue of traffic at some traffic lights.   I noticed that he left twice as
much room between himself and the car in front than anyone else in the queue
and I realised that this was probably due to the specification of his
brakes.  MGB GTs did not have ABS.  (Earlier models did not have servo
assist!)

I recall when ABS was being introduced there was much discussion on the
likelihood of an increase in accidents due to the new cars with ABS being
able to stop quicker than older cars.  
("Like the moment when the brakes lock 
 And you slide towards the big truck"  - Pink Floyd)

With the introduction of self-braking, self-steering, self-... vehicles and
their much quicker reactions than the human behind the wheel of older
vehicles, are we likely to see an increase in accidents between the new and
the conventional?  Obviously the unit cost of all the automation will reduce
as more and more of the models available have the driver assist functions,
but, whilst governments can legislate to force introduction of such systems,
older vehicles will continue to be on the roads for long after such
legislation takes effect.   (I doubt the MGB GT driver will wish to scrap it
anytime soon - it will be worth much more now than when it was new)

There is also the situation that the older vehicles on the road tend to be
driven by the younger and more impetuous drivers.

Don't we live in interesting times!

Kevin
--
Usual disclaimer

-----Original Message-----
From: systemsafety
[mailto:systemsafety-bounces at lists.techfak.uni-bielefeld.de] On Behalf Of
Peter Bernard Ladkin
Sent: 19 July 2016 07:18
To: Les Chambers; 'Mike Ellims'; systemsafety at lists.techfak.uni-bielefeld.de
Subject: Re: [SystemSafety] a public beta phase ???

On 2016-07-19 04:50 , Les Chambers wrote:
> ... That's what this journalist has done. 

John Naughton is primarily a systems engineer and academic. I sent him the
link to the List archives.

> He says it's okay 33,000 people are killed every year. 

I read the following

[begin quote]
 Even a decade means a further 330,000 avoidable deaths in the US and
corresponding numbers in other countries. ..... do not the potential
benefits [of road-vehicle automation, RVA] outweigh the costs of the current
carnage on our roads?
[end quote]

as saying, very clearly, that he's not OK with those figures. I wonder how
you can have missed that?

What I am missing from your notes, Les, is any suggestion of criteria which
would make RVA of various sorts acceptable for you. I take it that some RVA
is acceptable, because I don't (yet) see you arguing against ABS or ESP.

And there is a lot of RVA around. Phil made the point that sophisticated RVA
is now routinely available in road vehicles of all sorts, not just Tesla
cars.

Martyn and Michael have made the point that there are sophisticated moral
questions of agency involved in some RVA features. Some of them are already
known and have been well discussed for half a century, in the branch of
moral philosophy known as trolleyology. There are other features such as ABS
which apparently don't worry us (I have seen no discussion here expressing
reservations about the value of a correctly-functioning ABS). I think it's
time to say what is worrisome and what not.
Here's a classification which might help.

[begin classification]

1. There is the question as to whether the kit does what the manufacturer
wants it to do. Think Toyota unintended acceleration, the "kitchen sink"
task and Michael Barr's demonstration via fault injection that the task
doesn't always do what Toyota claimed.

2. There is the question whether what the manufacturer wants the kit to do
is appropriate. ABS is apparently OK. ESP is apparently also OK. Automated
full control with driver supervisory control is apparently not.

2a. There has been a criterion around for some time in RVA that
driver-assistance is OK, but automated driving is not. So, cruise control
whereby the vehicle maintains a set speed is OK.
Systems to recover traction in a wheel which has lost it during braking or
cornering are OK.

2b. Then there are functions which interpret driver intent to some extent.
ESP helps with some kinds of manoeuvres in which it is presumed general
driver intent is clear, but it does perform uncommanded actions in the
vehicle control chain (braking a wheel where no brake command has been
issued by the driver).

2c. Then there are functions which perform uncommanded actions for which no
driver intent has been indicated. Such as systems which maintain separation
from other vehicles, in particular which will apply brakes when separation
to the same-direction preceding vehicle reduces quickly, even when the
driver has indicated no intent to brake. Or, systems which maintain the
vehicle within a specific lane on a highway; which will steer to hold the
lane even when the driver has not indicated a steering action.

2d. Then there are more sophisticated functions, all the way to automated
driving, such as exhibited by Google self-driving cars at low speed, and
Tesla cars at higher speeds.

[end classification]

The notion of "driver intent" is malleable. The Ford Max-S presumably
interprets "driver intent" as wishing to stay within the posted speed
limits. A driver driving such a vehicle could well put pedal to the metal at
a traffic light in town in a 30kph zone and should not thereby register an
intent to accelerate to 160kph, although in other vehicles that would be an
appropriate interpretation of the action. Similarly, a failure to command
braking when traffic ahead slows down should not necessarily be interpreted
as a desire to perpetrate an auffahr accident; and, even were a driver to
have such intent, there are very good general grounds for inhibiting its
execution (the health of the people in front, for example).

Some functions are more important for road safety than others. There are a
couple of fatal or near-fatal accidents per week on the A2 motorway as it
passes by Bielefeld (on the way from Rotterdam to Moscow). A significant
proportion of these are caused when truck drivers fail to slow when traffic
in the lane ahead slows or stops, and ram the end of the line (an auffahr
accident). An automatic same-lane separation-maintenance function installed
on all trucks travelling on German motorways, even if not perfectly
implemented, would avoid most of these accidents. There is talk of mandating
it for trucks, in a similar manner to which truck performance recorders and
toll-registration devices are mandated. I think the argument for it is good.

Let me mention again some experiences bicycling in Bielefeld.

In over 60 years of cycling I have had four collisions with cars. All have
been in Bielefeld; all have been when I have been on a marked cycle path or
lane and cars have violated that lane.

We drive on the right. On one occasion this year, I was almost killed by a
driver overtaking me on the left as I was performing a left turn (he
subsequently went around the wrong side of a traffic island). Last Saturday,
in town in a 30kph zone, I signalled and manoeuvred to perform a left turn
while travelling at 28-30 kph, and the following car tried to overtake me on
the left (and then decided not to).

All six of these dangerous manoeuvres would have been inhibited by simple
lane-following functions, and the last two also by speed-inhibiting
functions.

According to the police, a significant proportion of serious road accidents
involve violation of posted speed limits. There is a prima facie safety case
for such a function to be mandated on all vehicles.

PBL

Prof. Peter Bernard Ladkin, Bielefeld, Germany MoreInCommon Je suis Charlie
Tel+msg +49 (0)521 880 7319  www.rvs-bi.de





********************************************************************
This email and any attachments are confidential to the intended
recipient and may also be privileged. If you are not the intended
recipient please delete it from your system and notify the sender.
You should not copy it or use it for any purpose nor disclose or
distribute its contents to any other person.
********************************************************************

_______________________________________________
The System Safety Mailing List
systemsafety at TechFak.Uni-Bielefeld.DE




More information about the systemsafety mailing list