Brad Templeton is an EFF director, Singularity U faculty, software architect and internet entrepreneur, robotic car strategist, futurist lecturer, hobby photographer and Burning Man artist.
This is an "ideas" blog rather than a "cool thing I saw today" blog. Many of the items are not topical. If you like what you read, I recommend you also browse back in the archives, starting with the best of blog section. It also has various "topic" and "tag" sections (see menu on right) and some are sub blogs like Robocars, photography and Going Green. Try my home page for more info and contact data.
Studies have shown that if you leave USB sticks on the ground outside an office building, 60% of them will get picked up and plugged into a computer in the building. If you put the company logo on the sticks, closer to 90% of them will get picked up and plugged in.
USB sticks, as you probably know, can pretend to be CD-ROMs and that means on many Windows systems, the computer will execute an “autorun” binary on the stick, giving it control of your machine. (And many people run as administrator.) While other systems may not do this, almost every system allows a USB stick to pretend to be a keyboard, and as a keyboard it also can easily take full control of your machine, waiting for the machine to be idle so you won’t see it if need be. Plugging malicious sticks into computers is how Stuxnet took over Iranian centrifuges, and yet we all do this.
I wish we could trust unknown USB and bluetooth devices, but we can’t, not when they can be pointing devices and mice and drives we might run code from.
New OS generations have to create a trust framework for plug-in hardware, which includes USB and firewire and to a lesser degree even eSata.
When we plug in any device that might have power over the machine, the system should ask us if we wish to trust it, and how much. By default, we would give minimum trust to drives, and no trust to pointing devices or keyboards and the like. CD-Roms would not get the ability to autorun, though it could be granted by those willing to take this risk, poor a choice as it is.
Once we grant the trust, the devices should be able to store a provided key. After that, the device can then use this key to authenticate itself and regain that trust when plugged in again. Going forward all devices should do this.
The problem is they currently don’t, and people won’t accept obsoleting all their devices. Fortunately devices that look like writable drives can just have a token placed on the drive. This token would change every time, making it hard to clone.
Some devices can be given a unique identifier, or a semi-unique one. For devices that have any form of serial number, this can be remembered and the trust level associated with it. Most devices at least have a lot of identifiers related to the make and model of device. Trusting this would mean that once you trusted a keyboard, any keyboard of the same make and model would also be trusted. This is not super-secure but prevents generic attacks — attacks would have to be directly aimed at you. To avoid a device trying to pretend to be every type of keyboard until one is accepted, the attempted connection of too many devices without a trust confirmation should lock out the port until a confirmation is given.
The protocol for verification should be simple so it can be placed on an inexpensive chip that can be mass produced. In particular, the industry would mass produce small USB pass-through authentication devices that should cost no more than $1. These devices could be stuck on the plugs of old devices to make it possible for them to authenticate. They could look like hubs, or be truly pass-through.
All of this would make USB attacks harder. In the other direction, I believe as I have written before that there is value in creating classes of untrusted or less trusted hardware. For example, an untrusted USB drive might be marked so that executable code can’t be loaded from it, only classes of files and archives that are well understood by the OS. And an untrusted keyboard would only be allowed to type in boxes that say they will accept input from an untrusted keyboard. You could write the text of emails with the untrusted keyboard, but not enter URLs into the URL bar or passwords into password boxes. (Browser forms would have to indicate that an untrusted keyboard could be used.) In all cases, a mini text-editor would be available for use with the untrusted keyboard, from where one could cut and paste using a trusted device into other boxes.
A computer that as yet has no trusted devices of a given class would have to trust the first one plugged in. Ie. if you have a new computer that’s never had a keyboard, it has to trust its first keyboard unless there is another way to confirm trust when that first keyboard is plugged in. Fortunately mobile devices all have built in input hardware that can be trusted at manufacture, avoiding this issue. If a computer has lost all its input devices and needs a new one, you could either trust implicitly, or provide a pairing code to type on the new keyboard (would not work for mouse) to show you are really there. But this is only a risk on systems that normally have no input device at all.
For an even stronger level of trust, we might want to be able to encrypt the data going through. This stops the insertion of malicious hubs or other MITM intercepts that might try to log keystrokes or other data. Encryption may not be practical in low power devices that need to be drives and send data very fast, but it would be fine for all low speed devices.
Of course, we should not trust our networks, even our home networks. Laptops and mobile devices constantly roam outside the home network where they are not protected, and then come back inside able to attack if trusted. However, some security designers know this and design for this.
Yes, this adds some extra UI the first time you plug something in. But that’s hopefully rare and this is a big gaping hole in the security of most of our devices, because people are always plugging in USB drives, dongles and more.
Hints from the release this week of the 2014 Mercedes S-Class suggest that it doesn’t have the promised traffic jam assist. Update: Other reports suggest it might still be present.
The S-class only gets major updates infrequently, though an intermediate update will come in 2017.
A story on Auto Express quotes Mercedes as saying “We can do it now, but there are rules in place that we have to accept” but that a fully autonomous car will come before the next full-revision of the S class due in 2021.
Instead, this car features a lanekeep + ACC mode that requires your hand be “touching” the wheel, and starts complaining if you take your hands off for a while.
This is a setback on what was to be the first commercially released car. While the various state laws do not tend to cover cars that provide an autopilot that requires constant visual attention from the driver, Mercedes may have been afraid of the regulatory environment in the Europe.
In addition, there has always been a special risk to this approach. Even if you insist to the driver that they must pay attention, they will surely ignore that warning once they get away with occasional inattention — after all, they will send text messages now with no auto-driving at all. Car companies can build a lane-keeping car today, but to stop you from trusting it too much they end up with systems like “keep touching the wheel” or a gaze detector that makes sure you keep watching the road, and people don’t like these systems very much.
Will Volvo and Audi, who have also announced plans for lakekeep+ACC super-cruise cars also pull back? Cadillac, which actually uses the name super-cruise, has pulled back from their 2015 date while at the same time talking to the press about their testing program.
In other news, the hearings in the Senate yesterday had most of their focus on these early technologies, and as expected, both David Strickland of NHTSA and the various industry folks were gung-ho on DSRC for V2V and very eager to recommend that the FCC not be allowed to convert the DSRC spectrum to unlicenced as it wishes to do. Here is a summary of the meeting which was attended by only a few senators. Both Johnson and Rockefeller surprised me with their skill in the questions. While Johnson was not up on all the ADAS technologies, he was able to see through a number of the industry claims.
Today, a survey conducted by Cisco showed very high numbers of people saying, “yes, they would ride in a robocar.” 57% said yes globally, with 60% in the USA and an incredible 95% in Brazil. (Perhaps it is the trully horrible traffic in the big cities of Brazil which drives this number.) A bit more surprising was the 28% number for Japan.
When they asked people if they would put their kids in a car, the answer was lower, but only slightly lower, which surprises me, as I felt it should take a bit more trust demonstration for people do do that. The reality is that if 60% are saying yes right now, without having seen the technology at all, the real number is actually quite a bit higher.
The Japanese number is also curious, since our stereotype is that the Japanese are the people most accepting of robotics in the world.
An British Survey reported similar results, with highest desire in London — possibly also related to the amount of traffic.
Another survey from the UK asked the question “which company would you trust to improve car safety” with astonishing results. The winner was Apple, which has no announced car safety plans, with Google in 2nd place. What is shocking is that Volvo comes 3rd — really a close tie with Google, and Mercedes 4th. Volvo’s entire brand is to be the car safety leader, and Mercedes has been trying to take that status away, but I would never have guessed that the silicon valley tech companies would win this.
It’s even more surprising that Apple beats Google. While Apple certainly has a quality brand, Google is the only one known to be working on cars and safety. One has to wonder just how the questions were put to these new-car buyers.
Yesterday’s KALW radio show went pretty well, the phone-in questions were pretty reasonable. The MP3 is up on their site.
I will be a guest on Monday the 13th (correction — I originaly said the 14th) on a the “City Visions” program, produced by one of San Francisco’s NPR affiliates, KALW. The show runs at 7pm, and you can listen live and phone in (415-841-4134), or listen to the podcast later. Details are on the page about the show.
Other guests include Bryant Walker Smith of Stanford, Martin Sierhuis of the Nissan robocar lab and Bernard Soriano from the California DMV. Should be a good panel.
Here’s a roundup of various recent news items on robocars. There are now a few locations, such as DriverlessCarHQ and the LinkedIn self-driving car group which feature very extensive listing of news items related to robocars. Robocars are now getting popular enough that there are articles every day, but only a few of them contain actual real news for readers of this site or others up on the technology.
An offhand remark from Elon Musk reveals he is interested in an “autopilot” some day for Tesla models, and has spoken to Google about it. Google declined comment. Musk says he wants a cheaper, camera based system, a surprising mistake for him. (Cameras are indeed much cheaper but not yet up to the task. LIDARs are super expensive but Musk’s mistake is in not remembering that electronics technology that’s expensive in early, small volume models does not stay expensive.)
The Tesla Model S is not a good car to make into a robocar though — it’s super fun to drive, and that’s part of why you pay so much money for it. Nothing wrong with fun to drive cars, but you should automate the boring car and leave the fun car on manual, at least for now.
Shuttles driven by maps
The Cybergo made by French company Induct is a low speed robotic shuttle for campus use. Particularly interesting is that it drives using a laser and mapping for localization — a similar fashion to the Google car and other DARPA challenge cars. It is able to mingle with pedestrians by virtue of just going slow enough to be able to stop in time and be safe.
The Oregon pullback is notable because one of the cited reasons was the desire to study V2V. While I have written recently on issues with V2V this moves it out of the “mostly harmless” category. V2V efforts will be useful for robocars, but not for decades, and I strongly believe it would be extreme folly to allow V2V issues to affect the progress of robocars.
Unlike Nevada’s law, many of the other state laws do not cover unmanned operation. While the reasons for this are obvious, because it’s harder to understand unmanned operation in the context of existing law, we should not forget that unmanned operation is where most of the real benefits of robocars accrue — self-delivery, mobility on demand, parking, self-refueling, service to the elderly and disabled and much more. Not that manned operation is a slouch, offering the reduced accidents and recovery of productive time as benefits.
California’s DMV recently held hearings in Sacramento as part of their process of writing the regulations required by the California bill, passed in 2012. The regulations need to be done by 2015 but may be done sooner. The US DOT also solicited comments last month.
Google hits 500,000
I noted earlier that Google announced it had hit 500,000 miles of autonomous operation on ordinary streets. Even more notable was chief engineer Chris Urmson’s report of over 90,000 miles without a safety-critical incident. (This is an incident where the safety drivers had to take over where the vehicle would have probably caused an accident.) That’s not as good as a human yet — humans have an accident about ever 250,000 miles in the USA, but getting much closer. 500,000 miles, by the way, is more than the distance to the moon and back — Google [X] always talks about moonshots — and more than many people will drive in their lifetimes.
Cadillac & Car Companies
Cadillac has pushed back the supposedly 2015 delivery for their “super cruise” product. It now will come later in the decade. Car maker conservatism is to be expected, but other makers are pushing their dates forward. The Mercedes 2014 S Class is still on track to be first.
BMW has announced a partnership with Continental, the major auto parts supplier. Continental has been pushing their cruising car for a while — I’ve ridden in it — but BMW has its own impressive effort in ConnectedDrive Connect. Today, it is quite common for systems branded by a car maker to actually be made entirely by a supplier, who gives up the branding and limelight for money. It will be interesting to see how this collaboration works. They will be testing on the autobahn.
Car company date forecasts continue to be long term, with dates in the range of 2025 for full autonomy as cited by BMW.
Bosch, another top supplier, has been making its own announcements of advanced sensors and other tools.
A crew created a fake Google car and drove it around NYC. What’s impressive is how many people thought they were seeing the real thing.
While there have been scores of articles, I will point to my friend Virginia Postrel’s Bloomberg article on Silicon Valley and robocars since I was her prime source — so it must be good. :-)
A nice trick from Daimler which I liked — a system to be kind to pedestrians as they walk down the street near parked robocars that sense them. Their plan is to light the way for these pedestrians as a favour.
Whole magazine issue
The military magazine Mission Critical has devoted an entire issue to civilian robocars which includes an article on insurance by Guy Fraker (formerly of State Farm) and a few other items of interest.
More news to come. I have also updated my Robocar Teams page with more details on teams around the world building robocars.
You’ve probably noticed that with many of our portable devices, especially phones and tablets, a large fraction of the size and weight are the battery. Battery technology keeps improving, and costs go down, and there are dreams of fancy new chemistries and even ultracapacitors, but this has become a dominant issue.
Every device seems to have a different battery. Industrial designers work very hard on the design of their devices, and they don’t want to be constrained by having to standardize the battery space. In many devices, they are even giving up the replaceable battery in the interests of good design. The existing standard battery sizes, such as the AA, AAA and even the AAAA and other less common sizes are just not suitable for a lot of our devices, and while cylindrical form factors make the most sense for many cell designs they don’t fit well in the design of small devices.
So what’s holding back a new generation of standardization in batteries? Is it the factors named above, the fact that tech is changing rapidly, or something else?
I would propose a small, thin modular battery that I would call the EStick, for energy stick. The smaller EStick sizes would be thin enough for cell phones. The goal would be to have more than one b-stick, or at least more than one battery in a typical device. Because of the packaging and connections, that would mean a modest reduction in battery capacity — normally a horrible idea — but some of the advantages might make it worth it.
There are several reasons to have multiple sticks or batteries in a device. In particular, you want the ability to quickly and easily swap at least one stick while the device is still operating, though it might switch to a lower power mode during the swap. The stick slot would have a spring loaded snap, as is common in many devices like cameras, though there may be desire for a door in addition.
Swapping presents the issue that not all the cells are at the same charge level and voltage. This is generally a bad thing, but modern voltage control electronics has reached the level where this should be possible with smaller and smaller electronics. It is possible with some devices to simply use one stick at a time, as long as that provides enough current. This uses up the battery lifetime faster, and means less capacity, but is simpler.
The quick hot swap offers the potential for indefinite battery life. In particular, it means that very small devices, such as wearable computers (watches, glasses and the like) could run a long time. They might run only 3-4 hours on a single stick, but a user could keep a supply of sticks in a pocket or bag to get arbitrary lifetime. Tiny devices that nobody would ever use because “that would only last 2 hours” could become practical.
While 2 or more sticks would be best for swap, a single stick and an internal battery or capacitor, combined with a sleep mode that can survive for 20-30 seconds without a battery could be OK. read more »
I have prepared a large new Robocar article. This one covers just what will happen when the first robocars are involved in accidents out on public streets, possibly injuring people. While everybody is working to minimize this, perfection is neither possible nor the right goal, so it will eventually happen. As such, when I see public discussion of robocars and press articles, people are always very curious about accidents, liability, insurance and to what extent these issues are blockers on the technology.
This article comes in part from having attended the “We Robot” conference in April at Stanford University. While it was generally about robots and the law, robocars were probably the most popular topic. Several of the papers in the proceedings are well worth it for those interested in the law of robotics. (The real law, not the silly Asimov laws.)
In a curious coincidence, last week saw an unusual robocar accident in Brazil that caused minor injuries — on live TV no less. On a Brazilian TV show, professor Alberto Ferreira do Souza from the Federal University of Espirito Santo has just shown TV Presenter Ana Maria Braga their robocar, which features the smaller 32-line Velodyne LIDAR on the roof and various other sensors. After the successful demo, he reaches into the car to turn off the system and restore the car to manual. Unfortunately, the car has stopped on an incline, and in doing so from outside the car, this releases the hold on the brakes that their drive-by-wire system had and the car starts rolling down the hill, and the open door whacks Braga hard, though fortunately with only minor injuries. Here is a video and Here’s the story in Portuguese with a different video clip. I have no idea why a puppet parrot is commenting on the accident.
As you can surmise, the self-driving software was not directly at fault here, but rather bad human judgement in turning it off. Curiously, this is not the first time we’ve seen serious problems with humans not correctly handling turning systems on and off. I routinely show a video of my friend Anthonly Levandowski, who built a motorcycle for the DARPA grand challenge and forgot to turn on an important system just before the race, causing his bike to tip over right out of the starting gate. Volvo also had the “press demo from hell” when their crash-prevention system did not operate. It was reported that a battery had discharged by mistake, and that in recharging it they had disabled the collision system.
There have been several small robocar accidents. Just about every team in the DARPA Grand Challenges had a car go awry during early development and testing, and a few even had accidents during the challenge, with one small car to car fender bender and a fairly hard hit on concrete barriers. Google has also reported their car has been rear-ended while stopped at a light during testing — a situation where blame is always placed on the rear car.
I follow the Hugo awards closely, and 20 years ago published the 1993 Hugo and Nebula Anthology which was probably the largest anthology of currently released fiction ever published at the time.
The Hugo awards are voted by around 1,000 fans who attend the World SF Convention, so they have their biases, but over time almost all the greats have been recognized. In addition, until the year 2000, in the best novel Hugo, considered the most important, the winner was always science fiction, not fantasy even though both and more were eligible. That shifted, and from 2001 to 2012, there have been 6 Fantasy winners, one Alternate History, and 5+1 SF. (2010 featured a tie between bad-science SF in the Windup Girl and genre-bending political science fiction in The City & The City.)
That’s not the only change to concern me. A few times my own pick for the best has not even been nominated. While that obviously shows a shift between my taste and the rest of the fans, I think I can point to reasons why it’s not just that.
The 2013 nominees I find not particularly inspiring. And to me, that’s not a good sign. I believe that the Hugo award winning novel should say to history, “This is an example of the best that our era could produce.” If it’s not such an example, I think “No Award” should win. (No Award is a candidate on each ballot, but it never comes remotely close to winning, and hasn’t ever for novels. In the 70s, it deservedly won a few times for movies. SF movies in the mid and early 70s were largely dreck.)
What is great SF? I’ve written on it before, but here’s an improvement of my definition. Great SF should change how you see the future/science/technology. Indeed, perhaps all great literature should change how you view the thing that is the subject matter of the literature, be it love, suffering, politics or anything else. That’s one reason why I have the preference for SF over Fantasy in this award. Fantasy has a much harder time attaining that goal.
I should note that I consider these books below as worth reading. My criticism is around whether they meet the standard for greatness that a Hugo candidate should have.
2312 by Kim Stanley Robinson
This is the best of the bunch, and it does an interesting exploration into the relationship of human and AI, and as in all of Stan’s fiction, the environment. His rolling city on Mercury is a wonder. The setup is great but the pace is as glacial as the slowly rolling city and the result is good, but not at the level of greatness I require here. read more »
Last year, I met Oliver Kuttner, who led the team to win the Progressive X-Prize to build the most efficient and practical car over 100mpg. Oliver’s Edison2 team won with the VLC (Very Light Car) and surprised everybody by doing it with a liquid fuel engine. There was a huge expectation that an electric car would win the prize, and in fact the rules had been laid out to almost assure it, granting electric cars an advantage over gasoline that I thought was not appropriate.
The Edison2 team made their focus on weight, though they far from ignored drag. Everybody made an aerodynamic car, but what they realized was that making the car light was key. And batteries are heavy, heavier than efficient liquid fuel engines. Hybrid systems, with both batteries and two motors are even heavier than what they built. They also developed a new type of suspension which was much lighter and allowed a simpler car.
Since the X prize, they have built electric cars as well — their techniques still work there, even if that’s not where they found the greatest X-prize results — and recently showed of their latest 1,400lb model which seats 4. (Though I can’t say I think it’s comfortable with 4.) Equally impressive, Oliver reports they have done succesful forward offset collision tests, and done well at them, contradicting a popular impression that small, light cars must be death traps on the road.
This bodes well for robocars. As I wrote 2 weeks ago, I think the small, light car is the future of transportation if we want it to be efficient, and the robocar can, by delivering such vehicles for people making shorter solo or 2 person trips — ie. the vast majority of all trips — make this happen.
Earlier, I brought Oliver in to give a talk at Google in the Greeen@Google series. Here is a video where I host him describing the car and their thinking around it. His thinking on cars is fresh and while it’s very challenging to start a new car company, here’s somebody who might just do it.
We’ve often said that in the most distant future, when car accidents are very rare, we will be able to make our cars lighter because over 30% of the weight of a modern vehicle goes into safety features. I think we can get those light vehicles even sooner.
Bitcoin is having its first “15 minutes” with the recent bubble and crash, but Bitcoin is pretty hard to understand, so I’ve produced this analogy to give people a deeper understanding of what’s going on.
It begins with a group of folks who take a different view on several attributes of conventional “fiat” money. It’s not backed by any physical commodity, just faith in the government and central bank which issues it. In fact, it’s really backed by the fact that other people believe it’s valuable, and you can trade reliably with them using it. You can’t go to the US treasury with your dollars and get very much directly, though you must pay your US tax bill with them. If a “fiat” currency faces trouble, you are depending on the strength of the backing government to do “stuff” to prevent that collapse. Central banks in turn get a lot of control over the currency, and in particular they can print more of it any time they think the market will stomach such printing — and sometimes even when it can’t — and they can regulate commerce and invade privacy on large transactions. Their ability to set interest rates and print more money is both a bug (that has sometimes caused horrible inflation) and a feature, as that inflation can be brought under control and deflation can be prevented.
The creators of Bitcoin wanted to build a system without many of these flaws of fiat money, without central control, without anybody who could control the currency or print it as they wish. They wanted an anonymous, privacy protecting currency. In addition, they knew an open digital currency would be very efficient, with transactions costing effectively nothing — which is a pretty big deal when you see Visa and Mastercard able to sustain taking 2% of transactions, and banks taking a smaller but still real cut.
With those goals in mind, they considered the fact that even the fiat currencies largely have value because everybody agrees they have value, and the value of the government backing is at the very least, debatable. They suggested that one might make a currency whose only value came from that group consensus and its useful technical features. That’s still a very debatable topic, but for now there are enough people willing to support it that the experiment is underway. Most are aware there is considerable risk.
Update: I’ve grown less fond of this analogy and am working up a superior one, closer to the reality but still easy to understand.
Bitcoins — the digital money that has value only because enough people agree it does — are themselves just very large special numbers. To explain this I am going to lay out an imperfect analogy using words and describe “wordcoin” as it might exist in the pre-computer era. The goal is to help the less technical understand some of the mechanisms of a digital crypto-based currency, and thus be better able to join the debate about them. read more »
Today and Tomorrow I am at the We Robot conference at Stanford, where people are presenting papers puzzling over how robots and the law will interact. Not enough technology folks at this iteration of the conference — we have a natural aversion to this sometimes — but because we’re building big moving things that could run into people, the law has to be understood.
On Wednesday is the Robot Block Party, also at Stanford, and always fun, with stuff for kids.
Thursday has the xconomy robot conference which looks good though I probably won’t be there.
After the Phoenix APM event on the 21st I will be at Asilomar attending two conferences simultaneously. One is MLove, where I will join a session on connected cars. In a strange coincidence, MLove is located at the same conference center as another invite-only conference I attend annually for old-time (and new-time) microprocessor hackers. The odd thing was that normally when I get an invite that conflicts with a conference I am at, I have to say no — but if they are nice enough to do it at the same conference center on the same days, things can change. Both conferences are lots of fun, and it’s actually annoying to have them overlap since I would like to go to most of both of them.
A few Singularity U events are coming up, but most are sold out are invite-only in the coming month.
Last night I gave a short talk at the 3rd “Personal Clouds” meeting in San Francisco, The term “personal clouds” is a bit vague at present, but in part it describes what I had proposed in 2008 as the “data deposit box” — a means to acheive the various benefits of corporate-hosted cloud applications in computing space owned and controlled by the user. Other people are interpreting the phrase “personal clouds” to mean mechanisms for the user to host, control or monetize their own data, to control their relationships with vendors and others who will use that data, or in the simplest form, some people are using it to refer to personal resources hosted in the cloud, such as cloud disk drive services like Dropbox.
I continue to focus on the vision of providing the advantages of cloud applications closer to the user, bringing the code to the data (as was the case in the PC era) rather than bringing the data to the code (as is now the norm in cloud applications.)
Consider the many advantages of cloud applications for the developer:
You write and maintain your code on machines you build, configure and maintain.
That means none of the immense support headaches of trying to write software to run on mulitple OSs, with many versions and thousands of variations. (Instead you do have to deal with all the browsers but that’s easier.)
It also means you control the uptime and speed
Users are never running old versions of your code and facing upgrade problems
You can debug, monitor, log and fix all problems with access to the real data
You can sell the product as a service, either getting continuing revenue or advertising revenue
You can remove features, shut down products
You can control how people use the product and even what steps they may take to modify it or add plug-ins or 3rd party mods
You can combine data from many users to make compelling applications, particuarly in the social space
You can track many aspects of single and multiple user behaviour to customize services and optimize advertising, learning as you go
Some of those are disadvantages for the user of course, who has given up control. And there is one big disadvantage for the provider, namely they have to pay for all the computing resources, and that doesn’t scale — 10x users can mean paying 10x as much for computing, especially if the cloud apps run on top of a lower level cloud cluster which is sold by the minute.
Tomorrow (April 4) I will give a very short talk at the meeting of the personal clouds interest group. As far as I know, I was among the first to propose the concept of the personal cloud in my essages on the Data Deposit Box back in 2007, and while my essays are not the reason for it, the idea is gaining some traction now as more and more people think about the consequences of moving everything into the corporate clouds.
My lighting talk will cover what I see as the challenges to get the public to accept a system where the computing resources are responsible to them rather than to various web sites.
On April 22, I will be at the 14th International Conference on Automated People Movers and Automated Transit speaking in the opening plenary. The APM industry is a large, multi-billion dollar one, and it’s in for a shakeup thanks to robocars, which will allow automated people moving on plain concrete, with no need for dedicated right-of-way or guideways. APMs have traditionally been very high-end projects, costing hundreds of millions of dollars per mile.
The best place to find me otherwise is at Singularity University Events. While schedules are being worked on, with luck you see me this year in Denmark, Hungary and a few other places overseas, in addition to here in Silicon Valley of course.
Many of the more interesting consequences of a robotic taxi “mobility on demand” service is the ability to open up all sorts of new areas of car design. When you are just summoning a vehicle for one trip, you can be sent a vehicle that is well matched to that trip. Today we almost all drive in 5 passenger sedans or larger, whether we are alone, with a single passenger or in a group. Many always travel in an SUV or Minivan on trips that have no need of that.
The ability to use small, light vehicles means the ability to make transportation much more efficient. While electric cars are a good start (at least in places without coal-based electricity) the reality is today’s electric cars are still sedans and in fact are heavy due to their batteries. As such they use 250 to 350 watt-hours/mile. That’s good, but not great. At the national grid average, 300 wh/mile is around 3000 BTUs/mile or the equivalent of 37mpg. Good, and cleaner if from natural gas, but we can do a lot more.
Half-width vehicles have another benefit — they don’t take up much room on the road, or in parking/waiting. Two half-width vehicles that find one another on the road can pair up to take only one lane space. A road that’s heavy with half-width vehicles (as many are in the developing world) can handle a lot more traffic. Rich folks don’t tend to buy these vehicles, but they would accept one as a taxi if they are alone. Indeed, a half-width face-to-face vehicle should be very nice for 2 people.
The problem with half-width vehicles (about 1.5m or 4.5 feet if you’re going to fit two in a 12’ lane using robotic precision) is that a narrow stance just isn’t that stable, not at decent speeds. You like a wide stance to corner. One answer to that is the ability to bank, which two-wheeled vehicles do well, but which requires special independent suspension to do with 3 or 4 wheels. 2 wheels is great for some purposes, but 3 and 4 have a better grip on the road, particularly if a wet or slippery patch is encountered.
There are quite a number of 3 and 4 wheelers with independently adjustable wheels made. Consider the recent concept I-road by Toyota which exemplifies this well. There are however a number of vehicles that are not concepts, and this (rather long) Gizmag video provides a summary of a variety of real and concept vehicles in this space, as well as enclosed motorcycles and scooters, including the Nissan Landglider, the VW 1L, the Twizzy, the Tango, the Lumeno Smera and many others. Skip to about 13 minutes to see many of the 3-wheelers. Another vehicle I like is the Quadro — Watch this video of the 4 wheel version. These vehicles are aimed more at the motorcycle market and are open, while I suspect the single person robocar will be an enclosed vehicle.
I also wrote earlier about efforts on two wheels, like the concept vehicle the Twill. Other recent efforts have included the gyro-stabilized Lit Motors C-1 which can be fully enclosed on two wheels because you don’t have to stick your legs out.
I suspect the 4 wheeled bankable vehicles are the ideal solution, and the technology is surprisingly far along. Many companies prefer to make 3 wheeled vehicles because those currently get classed as motorcycles and require far less work to meet regulations. These exemptions are reportedly ending soon, and so the effort can shift to 4 wheels which should have the most stability.
The ability to bank is important not just to stay stable with a narrow stance. Banking also means you can tilt the passenger to make turns more comfortable in that the force vector will be mostly up and down, rather than side to side. In a turn it feels more like getting heavy and light rather than being shifted. Some people, however, will have trouble with motion sickness if they are not themselves looking out the window and feeling part of the banking move. Being able to tilt forward and back can have value so that starts and stops also produce more up and down force vectors rather than forward and back. While this is not yet demonstrated, it may be possible to make vehicles which provide minimal discomfort to many passengers when doing things like turns, stops and the roundabout. Roundabouts seem like a great idea for robocars in many ways, since you don’t need to have stop signs or lights, and robocars should be able to insert themselves into gaps in traffic with precision and confidence. Frequent roundabouts, however, would be disconcerting with all the turning and speed changes, to the point that many would prefer just a straight road with timed traffic lights, so that a clever car that knows the timing never hits a red.
Another entry in the narrow vehicle field that got a lot of attention is the autonomous driving Hitachi Ropits. The Ropits — here is a video — is a narrow vehicle with small wheels, and is able to be autonomous because it is super-slow — it only goes 3.7mph — you can keep up to it with a brisk walk — and is meant to go on sidewalks and pedestrian lanes, more of a mobility for the aged than a robocar. However, it is a new entry in the autonomous vehicle pantheon from a new player.
The big question that remains about these vehicles is crash safety. As motorcycles they are not receiving the same sort of testing. In a world that is mostly robocars, one could argue that you don’t need the same levels of crash safety, but we aren’t there yet. All is not lost, however. Recently I sat in a prototype of the Edison2 Very Light Car. The VLC is a 4-seater with a narrow body but a wide stance, for handling. This vehicle has been crash tested with good results, and it could be made with independent suspension and banking and a narrower stance if the market wanted that.
Small vehicles, just 4.5 feet wide and 10-12 feet long can make a huge difference. First of all, they are inherently (except the Tango) going to be light, and light is the most important thing in making them efficient. But they will also take up less space on the road, able to go 2 to a lane (or even lane split in some places.) They will also take up much less space parking. The combination of their small size (about 1/3 of a typical car) and their ability to pack close together “valet style” as robocars means you will be able to fit 4 or 5 of them in the same amount of parking lot area that today fits a single car in a non-valet lot. As noted, while many robocars will not be parking at all because they will be taxis that head off to get their next fare, those that do wish to park will be able to do it at vastly greater densities than we have today, and the consequences of that are big.
There are a few other options for increased stability with normally narrow stance. These might include:
Low center of gravity — this is what the Tango does, filling the very bottom with lead-acid batteries. Passengers might sit lower — some vehicle designs involve lowering after the passenger gets in.
Variable stance: a possible ability to widen the stance with an extendable axle so the vehicle takes a whole lane when in places that need that cornering ability and stability.
Extra wheel: The ability to temporarily deploy an extra wheel (probably not a drive wheel) to one side or both to temporarily increase stability. This wheel might take all the weight on that side, or balance with the others. Vehicles side-by-side could even coordinate to still fit in a lane but that sounds risky.
Just go slow: Narrow stance vehicles might just be used in lower speed urban routes, and take corners fairly slow.
Gyroscopes, under robotic control.
It’s important to consider that the risk of instability in a narrow vehicle is mostly one for human drivers, who are used to wide stances and may make errors on the physics. A robocar, with full knowledge of the vehicle’s characteristics and the shape of the road simply won’t try any turn that would tip it, and it won’t pick routes that have turns that would require the vehicle go so slowly as to impede traffic. Knowledge of road traction can complete this sort of analysis.
Earlier in part one I examined why it’s hard to make a networked technology based on random encounters. In part two I explored how V2V might be better achieved by doing things phone-to-phone.
For this third part of the series on connected cars and V2V I want to look at the potential for broadcast data and other wide area networking.
Today, the main thing that “connected car” means in reality is cell phone connectivity. That began with “telematics” — systems such as OnStar but has grown to using data networks to provide apps in cars. The ITS community hoped that DSRC would provide data service to cars, and this would be one reason for people to deploy it, but the cellular networks took that over very quickly. Unlike DSRC which is, as the name says, short range, the longer range of cellular data means you are connected most of the time, and all of the time in some places, and people will accept nothing less.
I believe there is a potential niche for broadcast data to mobile devices and cars. This would be a high-power shared channel. One obvious way to implement it would be to use a spare TV channel, and use the new ATSC-M/H mobile standard. ATSC provides about 19 megabits. Because TV channels can be broadcast with very high power transmitters, they reach almost everywhere in a large region around the transmitter. For broadcast data, that’s good.
Today we use the broadcast spectrum for radio and TV. Turns out that this makes sense for very popular items, but it’s a waste for homes, and largely a waste for music — people are quite satisfied instead with getting music and podcasts that are pre-downloaded when their device is connected to wifi or cellular. The amount of data we need live is pretty small — generally news, traffic and sports. (Call in talk shows need to be live but their audiences are not super large.)
A nice broadcast channel could transmit a lot of interest to cars.
Timing and phase information on all traffic signals in the broadcast zone.
Traffic data, highly detailed
Alerts about problems, stalled vehicles and other anomalies.
News and other special alerts — you could fit quite a few voice-quality station streams into one 19 megabit channel.
Differential GPS correction data, and even supplemental GPS signals.
The latency of the broadcast would be very low of course, but what about the latency of uploaded signals? This turns out to not be a problem for traffic lights because they don’t change suddenly on a few milliseconds notice, even if an emergency vehicle is sending them a command to change. If you know the signal is going to change 2 seconds in advance, you can transmit the time of the change over a long latency channel. If need be, a surprise change can even be delayed until the ACK is seen on the broadcast channel, to within certain limits. Most emergency changes have many seconds before the light needs to change.
Stalled car warnings also don’t need low latency. If a car finds itself getting stalled on the road, it can send a report of this over the cellular modem that’s already inside so many cars (or over the driver’s phone.) This may take a few seconds to get into the broadcast stream, but then it will be instantly received. A stalled car is a problem that lasts minutes, you don’t need to learn about it in the first few milliseconds.
Indeed, this approach can even be more effective. Because of the higher power of the radios involved, information can travel between vehicles in places where line of sight communications would not work, or would actually only work later than the server-relayed signal. This is even possible in the “classic” DSRC example of a car running a red light. While a line of sight communication of this is the fastest way to send it, the main time we want this is on blind corners, where LoS may have problems. This is a perfect time for those longer range, higher power communications on the longer waves.
Most phones don’t have ATSC-M/H and neither do cars. But receiver chips for this are cheap and getting cheaper, and it’s a consumer technology that would not be hard to deploy. However, this sort of broadcast standard could also be done in the cellular bands, at some cost in bandwidth for them.
19 megabits is actually a lot, and since traffic incidents and light changes are few, a fair bit of bandwidth would be left over. It could be sold to companies who want a cheaper way to update phones and cars with more proprietary data, including map changes, their own private traffic and so on. Anybody with a lot of customers might fight this more efficient. Very popular videos and audio streams for mobile devices could also use the extra bandwidth. If only a few people want something, point to point is the answer, but once something is wanted by many, broadcast can be the way to go.
What else might make sense to broadcast to cars and mobile phones in a city? While I’m not keen to take away some of the nice whitespaces, there are many places with lots of spare channels if designed correctly.
Last week, I began in part 1 by examining the difficulty of creating a new network system in cars when you can only network with people you randomly encounter on the road. I contend that nobody has had success in making a new networked technology when faced with this hurdle.
This has been compounded by the fact that the radio spectrum at 5.9ghz which was intended for use in short range communications (DSRC) from cars is going to be instead released as unlicenced spectrum, like the WiFi bands. I think this is a very good thing for the world, since unlicenced spectrum has generated an unprecedented radio revolution and been hugely beneficial for everybody.
But surprisingly it might be something good for car communications too. The people in the ITS community certainly don’t think so. They’re shocked, and see this as a massive setback. They’ve invested huge amounts of efforts and careers into the DSRC and V2V concepts, and see it all as being taken away or seriously impeded. But here’s why it might be the best thing to ever happen to V2V.
The innovation in mobile devices and wireless protocols of the last 1-2 decades is a shining example to all technology. Compare today’s mobile handsets with 10 years ago, when the Treo was just starting to make people think about smartphones. (Go back a couple more years and there weren’t any smartphones at all.) Every year there are huge strides in hardware and software, and as a result, people are happily throwing away perfectly working phones every 2 years (or less) to get the latest, even without subsidies. Compare that to the electronics in cars. There is little in your car that wasn’t planned many years ago, and usually nothing changes over the 15-20 year life of the car. Car vendors are just now toying with the idea of field upgrades and over-the-air upgrades.
Car vendors love to sell you fancy electronics for your central column. They can get thousands of dollars for the packages — packages that often don’t do as much as a $300 phone and get obsolete quickly. But customers have had enough, and are now forcing the vendors to give up on owning that online experience in the car and ceding it to the phone. They’re even getting ready to cede their “telematics” (things like OnStar) to customer phones.
I propose this: Move all the connected car (V2V, V2I etc.) goals into the personal mobile device. Forget about the mandate in cars.
The car mandate would have started getting deployed late in this decade. And it would have been another decade before deployment got seriously useful, and another decade until deployment was over 90%. In that period, new developments would have made all the decisions of the 2010s wrong and obsolete. In that same period, personal mobile devices would have gone through a dozen complete generations of new technology. Can there be any debate about which approach would win? read more »
The blogging world was stunned by the recent announcement by Google that it will be shutting down Google reader later this year. Due to my consulting relationship with Google I won’t comment too much on their reasoning, though I will note that I believe it’s possible the majority of regular readers of this blog, and many others, come via Google reader so this shutdown has a potential large effect here. Of particular note is Google’s statement that usage of Reader has been in decline, and that social media platforms have become the way to reach readers.
The effectiveness of those platforms is strong. I have certainly noticed that when I make blog posts and put up updates about them on Google Plus and Facebook, it is common that more people will comment on the social network than comment here on the blog. It’s easy, and indeed more social. People tend to comment in the community in which they encounter an article, even though in theory the most visibility should be at the root article, where people go from all origins.
However, I want to talk a bit about online publishing history, including USENET and RSS, and the importance of concepts within them. In 2004 I first commented on the idea of serial vs. browsed media, and later expanded this taxonomy to include sampled media such as Twitter and social media in the mix. I now identify the following important elements of an online medium:
Is it browsed, serial or to be sampled?
Is there a core concept of new messages vs. already-read messages?
If serial or sampled, is it presented in chronological order or sorted by some metric of importance?
Is it designed to make it easy to write and post or easy to read and consume?
Online media began with E-mail and the mailing list in the 60s and 70s, with the 70s seeing the expansion to online message boards including Plato, BBSs, Compuserve and USENET. E-mail is a serial medium. In a serial medium, messages have a chronological order, and there is a concept of messages that are “read” and “unread.” A good serial reader, at a minimum, has a way to present only the unread messages, typically in chronological order. You can thus process messages as they came, and when you are done with them, they move out of your view.
E-mail largely is used to read messages one-at-a-time, but the online message boards, notably USENET, advanced this with the idea of move messages from read to unread in bulk. A typical USENET reader presents the subject lines of all threads with new or unread messages. The user selects which ones to read — almost never all of them — and after this is done, all the messages, even those that were not actually read, are marked as read and not normally shown again. While it is generally expected that you will read all the messages in your personal inbox one by one, with message streams it is expected you will only read those of particular interest, though this depends on the volume.
Echos of this can be found in older media. With the newspaper, almost nobody would read every story, though you would skim all the headlines. Once done, the newspaper was discarded, even the stories that were skipped over. Magazines were similar but being less frequent, more stories would be actually read.
USENET newsreaders were the best at handling this mode of reading. The earliest ones had keyboard interfaces that allowed touch typists to process many thousands of new items in just a few minutes, glancing over headlines, picking stories and then reading them. My favourite was TRN, based on RN by Perl creator Larry Wall and enhanced by Wayne Davison (whom I hired at ClariNet in part because of his work on that.) To my great surprise, even as the USENET readers faded, no new tool emerged capable of handling a large volume of messages as quickly.
In fact, the 1990s saw a switch for most to browsed media. Most web message boards were quite poor and slow to use, many did not even do the most fundamental thing of remembering what you had read and offering a “what’s new for me?” view. In reaction to the rise of browsed media, people wishing to publish serially developed RSS. RSS was a bit of a kludge, in that your reader had to regularly poll every site to see if something was new, but outside of mailing lists, it became the most usable way to track serial feeds. In time, people also learned to like doing this online, using tools like Bloglines (which became the leader and then foolishly shut down for a few months) and Google Reader (which also became the leader and now is shutting down.) Online feed readers allow you to roam from device to device and read your feeds, and people like that. read more »
A few weeks ago, in my article on myths I wrote why the development of “vehicle to vehicle” (V2V) communications was mostly orthogonal to that of robocars. That’s very far from the view of many authors, and most of those in the ITS community. I remain puzzled by the V2V plan and how it might actually come to fruition. Because there is some actual value in V2V, and we would like to see that value realized in the future, I am afraid that the current strategy will not work out and thus misdirect a lot of resources.
This is particularly apropos because recently, the FCC issued an NPRM saying it wants to open up the DSRC band at 5.9ghz that was meant for V2V for unlicenced wifi-style use. This has been anticipated for some time, but the ITS community is concerned about losing the band it received in the late 90s but has yet to use in anything but experiments. The demand for new unlicenced spectrum is quite appropriately very large — the opening up of 2.4gz decades ago generated the greatest period of innovation in the history of radio — and the V2V community has a daunting task resisting it.
In this series I will examine where V2V approaches went wrong and what they might do to still attain their goals.
I want to begin by examining what it takes to make a successful cooperative technology. History has many stories of cooperative technologies (either peer-to-peer or using central relays) that grew, some of which managed to do so in spite of appearing to need a critical mass of users before they were useful.
Consider the rise and fall of fax (or for that matter, the telephone itself.) For a lot of us, we did not get a fax machine until it was clear that lots of people had fax machines, and we were routinely having people ask us to send or receive faxes. But somebody had to buy the first fax machine, in fact others had to buy the first million fax machines before this could start happening.
This was not a problem because while one fax machine is useless, two are quite useful to a company with a branch office. Fax started with pairs of small networks of machines, and one day two companies noticed they both had fax and started communicating inter-company instead of intra-company.
So we see rule one: The technology has to have strong value to the first purchaser. Use by a small number of people (though not necessarily just one) needs to be able to financially justify itself. This can be a high-cost, high-value “early adopter” value but it must be real.
This was true for fax, e-mail, phone and many other systems, but a second principle has applied in many of the historical cases. Most, but not all systems were able to build themselves on top of an underlying layer that already existed for other reasons. Fax came on top of the telephone. E-mail on top of the phone and later the internet. Skype was on top of the internet and PCs. The underlying system allowed it to be possible for two people to adopt a technology which was useful to just those two, and the two people could be anywhere. Any two offices could get a fax or an e-mail system and communicate, only the ordinary phone was needed.
The ordinary phone had it much harder. To join the phone network in the early days you had to go out and string physical wires. But anybody could still do it, and once they did it, they got the full value they were paying for. They didn’t pay for phone wires in the hope that others would some day also pay for wires and they could talk to them — they found enough value calling the people already on that network.
Social networks are also interesting. There is a strong critical mass factor there. But with social networks, they are useful to a small group of friends who join. It is not necessary that other people’s social groups join, not at first. And they have the advantage of viral spreading — the existing infrastructure of e-mail allows one person to invite all their friends to join in.
Enter Car V2V
Car V2V doesn’t satisfy these rules. There is no value for the first person to install a V2V radio, and very tiny value for the first thousands of people. An experiment is going on in Ann Arbor with 3,000 vehicles, all belonging to people who work in the same area, and another experiment in Europe will equip several hundred vehicles. read more »
You’ve probably seen the battle going on between Elon Musk of Tesla and the New York Times over the strongly negative review the NYT made of a long road trip in a Model S. The reviewer ran out of charge and had a very rough trip with lots of range anxiety. The data logs published by Tesla show he made a number of mistakes, didn’t follow some instructions on speed and heat and could have pulled off the road trip if he had done it right.
Both sides are right, though. Tesla has made it possible to do the road trip in the Model S, but they haven’t made it easy. It’s possible to screw it up, and instructions to go slow and keep the heater low are not ones people want to take. 40 minute supercharges are still pretty long, they are not good for the battery and it’s hard to believe that they scale since they take so long. While Better Place’s battery swap provides a tolerable 5 minute swap, it also presents scaling issues —
you don’t want to show up at a station that does 5 minute swaps and be 6th in line.
The Tesla Model S is an amazing car, hugely fun to drive and zippy, cool on the inside and high tech. Driving around a large metro area can be done without range anxiety, which is great. I would love to have one — I just love $85K more. But a long road trip, particularly on a cold day? There are better choices. (And in the Robocar world when you can get cars delivered, you will get the right car for your trip delivered.)
Electric cars have a number of worthwhile advantages, and as battery technologies improve they will come into their own. But let’s consider the economics of a long range electric. The Tesla Model S comes in 3 levels, and there is a $20,000 difference between the 40khw 160 mile version and the 85kwh 300 mile version. It’s a $35K difference if you want the performance package.
The unspoken secret of electric cars is that while you can get the electricity for the model S for just 3 cents/mile at national grid average prices (compared to 12 cents/mile for gasoline in a 30mpg car and 7 cents/mile in a 50mpg hybrid) this is not the full story. You also pay, as you can see, a lot for the battery. There are conflicting reports on how long a battery pack will last you (and that in turn varies on how you use and abuse it.) If we take the battery lifetime at 150,000 miles — which is more than most give it — you can see that the extra 45kwh add-on in the Tesla for $20K is costing about 13 cents/mile. The whole battery pack in the 85kwh Telsa, at $42K estimated, is costing a whopping 28 cents/mile for depreciation.
Here’s a yikes. At a 5% interest rate, you’re paying $2,100 a year in interest on the $42,000 Tesla S 85kwh battery pack. If you go the national average 12,000 miles/year that’s 17.5 cents/mile just for interest on the battery. Not counting vehicle or battery life. Add interest, depreciation and electricity and it’s just under 40 cents/mile — similar to a 10mpg Hummer H2. (I bet most Tesla Model S owners do more than that average 12K miles/year, which improves this.)
In other words, the cost of the battery dwarfs the cost of the electricity, and sadly it also dwarfs the cost of gasoline in most cars. With an electric car, you are effectively paying most of your fuel costs up front. You may also be adding home charging station costs. This helps us learn how much cheaper we must make the battery.
It’s a bit easier in the Nissan LEAF, whose 24kwh battery pack is estimated to cost about $15,000. Here if it lasts 150K miles we have 10 cents/mile plus the electricity, for a total cost of 13 cents/mile which competes with gasoline cars, though adding interest it’s 19 cents/mile — which does not compete. As a plus, the electric car is simpler and should need less maintenance. (Of course with as much as $10,000 in tax credits, that battery pack can be a reasonable purchase, at taxpayer expense.) A typical gasoline car spends about 5 cents/mile on non-tire maintenance.
This math changes a lot with the actual battery life, and many people are estimating that battery lives will be worse than 150K miles and others are estimating more. The larger your battery pack and the less often you fully use it, the longer it lasts. The average car doesn’t last a lot more than 150k miles, at least outside of California.
The problem with range anxiety becomes more clear. The 85kwh Tesla lets you do your daily driving around your city with no range anxiety. That’s great. But to get that you buy a huge battery pack. But you only use that extra range rarely, though you spend a lot to get it. Most trips can actually be handled by the 70 mile range Leaf, though with some anxiety. You only need all that extra battery for those occasional longer trips. You spend a lot of extra money just to use the range from time to time. read more »
We see it all the time. We log in to a web site but after not doing anything on the site for a while — sometimes as little as 10 minutes — the site reports “your session has timed out, please log in again.”
And you get the login screen. Which offers, along with the ability to log in, a link marked “Forget your password?” which offers the ability to reset (OK) or recover (very bad) your password via your E-mail account.
The same E-mail account you are almost surely logged into in another tab or another window on your desktop. The same e-mail account that lets you go a very long time idle before needing authentication again — perhaps even forever.
So if you’ve left your desktop and some villain has come to your computer and wants to get into that site that oh-so-wisely logged you out, all they need to is click to recover the password, go into the E-mail to learn it, delete that E-mail and log in again.
Well, that’s if you don’t, as many people do, have your browser remember passwords, and thus they can log-in again without any trouble.
It’s a little better if the site does only password reset rather than password recovery. In that case, they have to change your password, and you will at least detect they did that, because you can’t log in any more and have to do a password reset. That is if you don’t just think, “Damn, I must have forgotten that password. Oh well, I will reset it now.”
In other words, a lot of user inconvenience for no security, except among the most paranoid who also have their E-mail auth time out just as quickly, which is nobody. Those who have their whole computer lock with the screen saver are a bit better off, as everything is locked out, as long as they also use whole disk encryption to stop an attacker from reading stuff off the disk. read more »