Topic

No, a Tesla didn't predict an accident and brake for it

You may have seen a lot of press around a dashcam video of a car accident in the Netherlands. It shows a Tesla in AutoPilot hitting the brakes around 1.4 seconds before a red car crashes hard into a black SUV that isn’t visible from the viewpoint of the dashcam. Many press have reported that the Tesla predicted that the two cars would hit, and because of the imminent accident, it hit the brakes to protect its occupants. (The articles most assuredly were not saying the Tesla predicted the accident that never happened had the Tesla failed to brake, they are talking about predicting the dramatic crash shown in the video.)

The accident is brutal but apparently nobody was hurt.

The press speculation is incorrect. It got some fuel because Elon Musk himself retweeted the report linked to, but Telsa has in fact confirmed the alternate and more probable story which does not involve any prediction of the future accident. In fact, the red car plays little to no role in what took place.

Tesla’s autopilot uses radar as a key sensor. One great thing about radar is that it tells you how fast every radar target is going, as well as how far away it is. Radar for cars doesn’t tell you very accurately where the target is (roughly it can tell you what lane a target is in.) Radar beams bounce off many things, including the road. That means a radar beam can bounce off the road under a car that is in front of you, and then hit a car in front of it, even if you can’t see the car. Because the radar tells you “I see something in your lane 40m ahead going 20mph and something else 30m ahead going 60mph” you know it’s two different things.  read more »

Ford Fusion, Nvidia, MobilEye, HERE, Intel and other partnerships, BMW 7s in 2017 and more CES pre-news

Thursday night I am heading off to CES, and it’s become the main show it seems for announcing robocar news. There’s already a bunch.

BMW says it will deploy a fleet of 40 cars in late 2017

Bumping up the timetables, BMW has declared it will have a fleet of 40 self-driving series 7 cars, using BMW’s technology combined with MobilEye and Intel. Intel has recently been making a push to catch up to Nvidia as a chipmaker supplier to automakers for self-driving. It’s not quite said what the cars will do, but they will be trying lots of different roads. So far BMW has mostly been developing its own tech. More interesting has been their announcement of plans to sell rides via their DriveNow service. This was spoken of a year ago but not much more has been said.

Intel also bought 15% of “HERE” the company formerly known as Navteq and Nokia. Last year, the German automakers banded together to buy HERE from Nokia and the focus has been on “HD” self-driving maps.

Hyundai, Delphi show off cars

There are demo cars out there from Delphi and a Hyundai Ioniq. Delphi’s car has been working for a while (it’s an Audi SUV) but recently they have also added a bunch of MobilEye sensors to it. Reports about the car are good, and they hope to have it ready by 2019, showing up in 2020 or 2021 cars on dealer lots.

Toyota sticks to concepts

Toyota’s main announcement is the Concept-i meant to show off some UI design ideas. It’s cute but still very much a car, though with all the silly hallmarks of a concept — hidden wheels, strangely opening doors and more.

Quanergy announces manufacturing plans for $250 solid state LIDAR

Quanergy (Note: I am on their advisory board) announced it will begin manufacturing this year of automotive grade $250 solid state LIDARs. Perhaps this will stop all the constant articles about how LIDAR is super-expensive and means that robocars must be super-expensive too. The first model is only a taste of what’s to come in the next couple of years as well.

New Ford Model has sleeker design

Ford has become the US carmaker to watch (in addition to Tesla) with their announcement last year that they don’t plan to sell their robocars, only use them to offer ride service in fleets. They are the first and only carmaker to say this is their exclusive plan. Just prior to CES, Ford showed off a new test model featuring smaller Velodyne pucks and a more deliberate design.

I have personally never understood the desire to design robocars to “look like regular cars.” I strongly believe that, just like the Prius, riders in the early robocars will want them to look distinctive, so they can show off how they are in a car of the future. Ford’s carm based on the Fusion hybrid, is a nice compromise — clearly a robocar with its sensors, but also one of sleek and deliberate design.

Nvidia keeps its push

Nvidia has a new test car they have called BB8. (Do they have to licence that name?) It looks fairly basic, and they show a demo of it taking somebody for a ride with voice control, handling a lot of environments. It’s notable that at the end, the driver has to take over to get to the destination, so it doesn’t have everything, nor would we expect it. NVIDIA is pushing their multi-GPU board as the answer to how to get a lot of computing power to run neural networks in the car.

What’s coming

Announcements are due tomorrow from Nissan and probably others. I’ll report Friday from the show floor. See you there.

On voting, sampling, measurement, elections and surveys

Yesterday’s post about the flaws in the so-called “popular vote” certainly triggered some debate (mostly on Facebook.) To clarify matters, I thought I would dive a little deeper about what the two types of Presidential elections in the USA are so different they can’t be added together in a way that isn’t misleading.

These matters are studied both by statisticians, who focus on the science of measurement, particularly of things about groups, and election theorists, who also are interested in that but add the study of votes/polls which do not deliberately sample a subset of a population, but attempt to consider the will of the entire group. Both of them are highly concerned about how to deal with the fact a substantial fraction of the population may not participate.

One way to look at the difference is to consider this: An election is not supposed to be just a measurement. It is that, but more than that it is an action. It is the actual enactment of the will of the voters. While there are government officials who count the votes and report on them, a person is not put into office by those officials. Rather, it is the voters who put the candidate into office through their votes. (In Canada, it’s different. The Queen and her Governor-General technically have the legal power, and they observe how the people voted and invite the winner to form a government in the Queen’s name.)

Because voting is an act, rather than just an expression of opinion, we have come to deal with the non-participators as still acting. By not registering to vote or not showing up, they have still taken an action; they have deferred to the others to select the winner.

We tolerate this, though we don’t like it. Low turnouts reduce confidence in the results, and they also mean that election results can be more easily manipulated through “get out the vote” efforts. On the other hand, we get quite upset when people don’t vote for other reasons outside their own will, particularly if somebody else impeded their ability to vote, or manipulated them into not voting. Both voting and not voting must be acts of the free person.

Election theorists join with statisticians in some ways. All are interested in making sure that the aggregate will that comes from counting the votes most accurately reflects the aggregate will of the voters. We debate the merits of different counting systems. Many feel that multi-candidate ballots/preferential ballots do a much better job than first-past-the-post plurality systems. But in all case the counting system is simply the means of calculating the voters’ will so it can be enacted.

In the US Presidential elections, in spite of what is written on the ballot, the voters are appointing a slate of members of the electoral college. This is done independently in each state. In the swing states, all is as you would expect. Candidates campaign. Major efforts are made to woo voters and to get voters to come out. Voters go to the polls knowing and expecting that their will shall be done. They expect they might be part of the group which gets to designate the slate of electors.

In the safe states, it’s very different. In these states, who the electors will be is already well established from polls and the historical patterns of the state. The voters will picks the electors, but it’s a foregone conclusion. Nobody campaigns. There are no major efforts to get out the vote. There will be other races on the ballots which will bring out voters, who will vote within the known constraints. A decent chunk of voters will also show up because “this is how we do things” and together the knowledge that this will happen seals the fate of the state. On top of that, in the safe states, one knows that if things got so far outside the predicted norms as to make the vote actually close, then long ago the election will already have gone to the unexpected party, which in that situation will win all the swing states and victory. This is particularly true on the west coast, where the result is almost always decided before the polls close, and will certainly be decided long before that in a strange situation. If today’s California came close to going Republican, the rest of the USA would also be going so Republican that California’s shift can’t matter.

People know this, and this makes a big difference. A vote in California is technically an action, but only technically. It’s technically a vote but that’s an illusion. In reality, it can never change the result. It’s only for show. The candidates know it too. Because of that a lot of people don’t even register, and a lot stay home. The vote in California is not an election, but only a measurement. A survey. All it ever does is change the number printed in the paper.

Statisticians know all about surveys. They can be pretty good at measuring aggregate opinion if done well, but it is hard to do them well. The problem is what we call sampling bias. In an election, not voting is an implicit action. In a survey, not participating is just not participating. When there is nothing to gain or lose from participating or not participating, the motivations are different.

In 2016, the average swing state Presidential turnout was 64.6% of eligible voters. California’s turnout was 56.1%, just under the 56.6% average of the safe states. In Hawai`i, which knows the election is always decided before it votes (pretty much always for Democrats) the turnout was 41.7% A lot of people don’t show up.

This turns the safe-state votes into something closer to a self-selected survey. Millions are not voting, and those who are voting do so for other reasons than to enact their will. The self-selected survey is the most common class of what is also called the “non-scientific survey.” The name is intended to be derisive. It is easy to jump to false conclusions from a self-selected survey.

It isn’t that simple of course. The vote in safe states is a mix of actual polling and self-selection. As noted, there are people coming to vote on other races. We know how many of those there are. Turnout in off-year elections is around 40%, sometimes worse. And, as we can see, a lot of people show up because there is a Presidential race, in spite of the lack of power in their votes. Some do it from duty. Some from the excitement of a Presidential race. Many do not understand the impotence of their vote, and certainly many do not look at it the way it is described in this article, with a statistician’s eye. So many are voting as though their vote counted. Many have studied the race in detail, as though their vote counted. I can’t even vote and I study it as deeply as any.

But some vote very differently because they know their vote lacks power. Around 9 million don’t vote at all, who would have voted if they were in swing states. Almost surely many millions of those who do vote will do it differently than they might if their vote counted. But there is also no denying that a considerable majority of the voters are treating their vote as just as real, voting just as they would if it could change things. But a considerable majority is not enough. As long as a large group — even if it’s a small minority, even just 5% — are altering or withdrawing their votes, the total loses scientific validity, and has much larger error bars on it.

It is worth noting that by the normal definitions of a popular vote election, it is invalid to add the results of two distinct elections. There is no question that the Presidential elector selections of each state are distinct elections, run by the states. Even on that grounds you can’t add them and treat it as a popular vote. Because ballots replace the actual candidates (slates of electors pledged to the candidates) with the names of candidates, it makes people forget that they are two distinct elections. Thus it becomes necessary to understand how they are not just distinct because they are in different states, but because they operate on different principles as well.

This is why I wrote that, in spite of the fact that it is possible to sum up the votes cast in the 51 different electoral college contests and call it the popular vote, it is nonsensical to do so. You can’t add the totals from people who were voting with the full power of voters in a popular vote election to the totals from people who were participating in a voluntary survey. Aside from the real accuracy problems of the latter class, they are just different things. They can be added on a calculator, but to do so is to announce a misleading number, a meaningless one. You can call it “the popular vote” but it is not like a real popular vote, the kind used in all the other elections of the USA and most of the rest around the world. Calling it the popular vote makes many people — we’ve seen this — think it has a winner and a loser. They think it has meaning. They think it supports or questions the legitimacy of the winner of the electoral college. Since real popular votes are, in our modern democratic world, seen as superior to systems like the electoral college, calling it “the popular vote” implies to many people that it is superior, when in fact it’s meaningless. It would only be superior if it were an actual popular vote election like the others.

We don't know who won the US popular vote, decent chance it was Clinton

The common statistic reported after the US election was that Clinton “won the popular vote” by around 3 million votes over Trump. This has caused great rancour over the role of the electoral college and has provided a sort of safety valve against the shock Democrats (and others) faced over the Trump victory.

I’m here with concerning analysis, which I offer because it is a mistake on the part of the US left to underestimate the magnitude of Trump’s victory, or to imagine it was only because of a flaw in the system which he gamed better than Clinton.

The problem is that the US does not officially have a thing called “the popular vote.” That exists nowhere in its rules. There is no popular election of the President. Rather, there 54 elections with popular votes in 51 jurisdictions, which newspaper reporters then sum up into a number they incorrectly describe as “the national popular vote.” Of course, Clinton did win that invalid sum by around 3M votes. But bad statistical practice by the press, though it has created a common convention — for many decades — of calling that number “the popular vote,” does not make it valid. True popular votes involve all voters being free and equal, and we criticise any foreign election that pretends to call itself a popular vote when the voters are not free and equal. A popular vote, by its proper definition, is the vote total in a single election. Not 54 of them. As such, the sum is no more a popular vote total than adding the results of the 2008 and 2012 votes would get you a popular vote for or against Obama.

It’s especially invalid because it’s really summing two fairly different types of results.

  1. True Popular vote totals from “swing” states where both candidates actively campaigned, turnout was higher, and voters expected their votes to count
  2. Low-accuracy popular vote totals from “safe states” which candidates did not contest, and where voters knew their vote would not change the result

Statisticians will tell you these are two very different animals. We probably wish we knew who would have won the popular vote, if there had been a real national popular vote. Because there was no such vote, the hard answer is we don’t know what its result would be. In particular, with a statistically invalid sum like the published national popular vote, it is incorrect to say one party “won” or “lost.” There is no actual contest to win or lose, and while you can pretend that a higher total is winning, it is not a mathematically valid conclusion.

We do know that in the 16 contested regions, Trump surpassed Clinton in a simple sum by about 500,000 votes. (As you would expect, since he needed to win the swing states to win the college.) In the uncontested states, where the Presidential choice was closer to a self-selected survey than a vote, a sum of those popular votes has her about 3.4M more than Trump. While you can’t add popular votes, each popular vote is a statistic, and you can combine statistics if you follow correct statistical procedures.

There are many factors which will introduce error into the results from non-contested states, making it harder to figure out what the actual popular vote might have been.

  • Voters knew their votes didn’t matter. Many stayed home; these states had generally lower voter turnout. The states with the lowest turnout (HI, WV, TN, TX, OK, AR, AZ, NM, MS, NY, CA, IN, UT) were generally safe states with large margins. Average turnout in 16 contested states was 65%, in non-contested states 57%.
  • To get specific, a rough calculation suggests 8 to 9 million more votes would be cast in the non-contested states if they had a 65% turnout. This is a giant disenfranchisement.
  • The two candidates had the lowest approval ratings ever. Many Clinton voters were not supporting her, but were out to stop Trump. Trump’s ratings were even lower, so many of his voters were only out to stop Clinton. I suggest that in states where you know your vote will not elect or stop anybody, there is less motivation for nose-holding votes.
  • As noted, campaigns were not active in these states. In some states, like California, Clinton did campaign, though presumably to raise money rather than votes. Having only one candidate campaign skews things more.
  • More safe state voters felt comfortable voting for 3rd party choices, which they would have been less likely to do in a swing state. Many of the 4.6M votes for 3rd party candidates in safe states may have gone to major party candidates, though in what direction is unknown.
  • In some safe states, even the downballot races are predetermined, discouraging voters. In California, the election of Democrats in most down-ballot races was assured; the primary was the real contest. (However, contentious ballot propositions can counter this in some states.)

In the end, though, results from a race that everybody agreed didn’t matter are just a different animal from results in a contested race. You can’t add apples and oranges, or perhaps more correctly, oranges and lemons. Different, though not entirely. You can add them and get a total number of citrus (votes of any kind,) but you can’t call it the count of oranges (real votes.)

In spite of the frequent description of the US vote-total as a popular vote, this is at odds with common usage. The thousands of other elections in the USA are actual popular votes, as are the vast majority of elections in free countries. The US national vote sum, and similar sums published in some parliamentary elections, are the rare exception where an official and incorrect tally gets called a popular vote.

Due to much controversy about this view, I wrote up a more detailed explanation of the difference.

The 1916 election

A century ago in 1916, women could not vote for President in most of the USA — except for Illinois, which recognized women’s right to vote in Presidential elections in 1913. President Wilson did not support suffrage in 1916 but his opponent, Hughes, did, and suffragettes campaigned for Hughes as a result.

Wilson won, but Hughes won Illinois handily, in fact his margin there of 202,000 votes was his highest in any state (and 2nd highest in the land) — in part because the addition of women to the rolls meant Illinois had more voters than any other state. I have to speculate that this margin had to do with women voting for the candidate ready to defend their basic human rights.

Wilson won the college 277 to 254. And he won the so-called popular vote by 600,000 votes. But that “popular vote” in this case consisted of adding the popular vote from states like Illinois where women were human, and other states where they were less than human. Who can defend adding those totals together, cast under such different rules, and calling it “the popular vote” and declaring that Wilson “won” the popular vote in 1916.

Today, the difference between California and other states is not so dramatic as disenfranchising an entire sex. But because Californians are told their vote for President doesn’t matter, the turnout there was 56% and an average of 65% in the swing states. If California had that average, that’s 2.3 million more voters. Millions disenfranchised not because of their sex, but because the system says their vote doesn’t matter. California’s “popular vote” is a sham, and not too different a sham from that of men-only New York in 1916 or “Dear Leader of course” North Korea today. Oh sure, they have something they call the popular vote in North Korea, but the result is known in advance and nobody thinks their vote counts. (And yes, they know they could be punished if they put their ballot in the wrong box.)

You could not add the votes of Illinois and New York in 1916 and call it a true popular vote. You can’t add the results of California’s sham popular vote to Florida’s real popular vote and call it a true popular vote. I mean, people do that, but they should not.

Can we figure it out?

All this said, you could attempt to measure what the vote would have been. We may not have enough data, but we could make some estimates. We know that Clinton led Trump by 3.5% in national polls before the election, but we also know that Trump outperformed those polls by 1.5-6% in many contested states. To really do this would require much more careful analysis than you see in this paragraph, which is written only to show one extreme of what’s possible, and the difference is almost surely less than this from these two states. Full analysis would require looking at detailed voting and polling patterns and an understanding of what motivates people to stay home or vote differently in safe states. vs. swing states, and an understanding of how Trump outperformed his polls so broadly in the contested states. In the other direction, since the 8-9 million missing voters in the safe states are in states that swing Democratic, there are arguments Clinton’s total could have been even higher. However, even with that analysis we still would not really know.

My intuition is that such a result would show Clinton scoring higher than Trump, but not by 3M votes. And the margin of error would include results where Trump wins that popular vote, but this would be the outside condition. Certainly the only hard data on states that were actually contested has him win if extrapolated, but the Democratic party dominance in the big uncontested states is very strong. Also not factored in this is the effect of voter suppression techniques.

I should note to non-regular readers that I am anti-Trump. At the same time, having been shocked several times by underestimating his support, I write this because this underestimation must stop, and both sides need to come to much better understanding of how people voted for or against them, and why.

Split totals

A slightly better approach would be to publish vote totals divided between swing and safe states. Because situations differ so much in the safe states, this is still not super accurate, but it’s a lot better. (I built this from an earlier download so numbers may not match final totals exactly.)

               Clinton       Trump    Johnson       Stein  McMillin   Others
Swing Total 25,946,624  26,423,193  1,783,571     434,433   203,500  351,415
Safe Total  40,582,344  37,227,033  2,770,706   1,031,304   435,055  468,484

It is interesting to note how much better Stein did in Safe states, 130% better. Johnson did 50% better, Clinton 55% more and Trump 38% more

So what should the popular vote be?

One might argue that in an ideal democracy, the popular vote would represent the aggregate view of all voters. Some nations make voting mandatory in order to get this. Australia gets 95% turnout using this technique, but Malta, New Zealand and several other countries get turnout around 90% without legal compulsion.

It might even be argued that a truly ideal democracy would not only have everybody vote, but have everybody study the choices to make an informed vote. We don’t get any of these ideals, and so in the USA it has come to be accepted that the popular vote is the vote totals from those who took the time to show up. The low turnout enables both voter suppression efforts and gives extreme value to successful “get out the vote” efforts, since it is far cheaper to convince a weak supporter to show up than to convince an undecided voter to swing your way.

Some election theorists have actually proposed that the best way to do elections would be to use a random sample, sometimes combined with strong incentives for members of this sample to vote, and possibly to also learn before voting. This seems strange to non-mathematicians but actually has strong validity. (In one variant, the selected electors are known weeks in advance and the campaigns and public interest groups focus their attention on “educating” them, in which case the number must be large so that truly personal targeting is not effective.) In a nation with 90% turnout these techniques make elections much cheaper but don’t affect results much. In a country with 60% turnout which switches to 99% turnout from the randomly selected electors, the result becomes a much more accurate measure of voter will than the current system.

It is also worth noting that the entire popular vote system for President is not in the US constitution, and so alternate systems, including sampling, actually are legally possible if states willed it, though politically unlikely. There are many advantages to sampling: Close to 100% turnout, more informed voters, the possible reduction of massive campaign spending and fundraising and the elimination of voter suppression. Its main disadvantage is that it doesn’t match non-mathematician’s instincts about how an election should work, and the added risk of corruption of the random selection.

In order to get a real popular vote, even one where we total the will of the 60% who show up, it is necessary to get rid of the college. The college could be nullified by a pact between California, Texas and two other large size republican safe states. If just those 4 states agreed to cast all their electors according to a popular vote result, it would be sufficient to make the college match that popular vote. Once it was known that this was the case, all voters would now know their vote counted, and all candidates would campaign in all states instead of just swing states, and we would have a true popular vote result.

DMV pulls out big guns, Uber backs off, Waymo minivans emerge & Honda next?

The California DMV got serious in their battle with Uber and revoked the car registrations for Uber’s test vehicles. Uber had declined to register the cars for autonomous testing, using an exemption in that law which I described earlier. The DMV decided to go the next step and pull the more basic licence plate every car has to have if based in California. Uber announced it would take the cars to another state.

While I’m friends with the Uber team, I have not discussed this matter with them, so I can only speculate why it came to this. As noted, Uber was complying with the letter of the law but not the spirit, which the DMV didn’t like. At the same time, the DMV kept pointing out that registering was really not that hard or expensive, so they can’t figure out why Uber stuck to its guns. (Of course, Uber has a long history of doing that when it comes to cities trying to impose old-world taxi regulations on them.)

The DMV is right, it’s not hard to register. But with that registration comes other burdens, in particular filing regular public reports on distance traveled, interventions and any accidents. Companies doing breakthrough R&D don’t usually work under such regimes, and I am speculating this might have been one of Uber’s big issues. We’ve all see the tremendous amount of press that Google has gotten over accidents which were clearly not the fault of their system. The question is whether the public’s right to know (or the government’s) about risks to public safety supersedes the developer’s desires to keep their research projects proprietary and secret.

It’s clear that we would not want a developer going out on the roads and having above-average numbers of accidents and keeping it hidden. And it may also be true that we can’t trust the developers to judge the cause of fault, because they could have a bias. (Though on most of the teams I have seen, the bias has been a safety paranoid one, not the other way around.)

Certainly when we let teens start to drive, we don’t have them make a public report of any accidents they have. The police and DMV know, and people who get too many tickets or accidents get demerits and lose licences when it is clear they are a danger to the public. Perhaps a reasonable compromise would have been that all developers report all problems to the DMV, but that those results are not made public immediately. They would be revealed eventually, and immediately if it was determined the system was at fault.

Uber must be somewhat jealous of Tesla. Tesla registered several cars under the DMV system, and last I saw, they sent in their reports saying their cars had driven zero miles. That’s because they are making use of the same exemption that Uber wanted to make use of, and saying that the cars are not currently qualifying as autonomous under the law.

Pacifica Minivans released by Waymo/Google

Waymo has unveiled its 4th generation vehicle, a fleet of 100 Chrysler Pacifica minivans. The partnership was announced in May and the new vehicle has various custom modifications

As you can see, the van still has Waymo’s custom 360 degree LIDAR dome on top, and two sensors at the back top corners, plus other forward sensors. The back sensors I would guess to be rear radar — which lets you make lane changes safely. We also see three apparent small LIDARs, one on the front bumper, and the other two on the sides near the windshield pillars with what may be side-view radars.

A bumper LIDAR makes sure you can see what’s right in front of the bumper, an area that the rooftop LIDAR might not see. That’s important for low speed operations and parking, or situations where there might be something surprising right up close. I am reminded of reports from the Navya team that when they deployed their shuttles, teens would try to lie down in front of the shuttle to find out if it would stop for them. Teens will be teens, so you may need a sensor for that.

Side radar is important for cross traffic when trying to do things like making turns at stop signs onto streets with high speed. Google also has longer range LIDAR to help with that.

The minivan is of course the opposite end of the spectrum from the 2-passenger no-steering-wheel 3rd generation prototype. That car tested many ideas for low speed urban taxi operations, and the new vehicle seems aimed at highway travel and group travel (with six or more seats.) One thing people particularly like is that like most minivans these days, it has an automatic sliding door. Somehow that conveys the idea of a robotic taxi even more when it opens the door for you! The step-in-step-out convenience of the minivan does indeed give people a better understanding of the world of frictionless transportation that is coming.

Honda Next?

Update: Also announced yesterday was a partnership between Honda and Waymo. It says they will be putting the Waymo self-driving system into Honda cars. While the details in the release are scant, this actually could be a much bigger announcement than the minivans, in which Chrysler’s participation is quite minimal. Waymo has put out the spec for the modified minivan, and Chrysler builds it to their spec, then Waymo installs the tech. A Waymo vehicle sourced from Chrysler. The Honda release suggests something much bigger — a Honda vehicle sourced from, or partnering with Waymo.

There has not been as much press about this Honda announcement but it may be the biggest one.

NPRM for DSRC and V2V

The DoT has finally released their proposed rules requiring all new cars (starting between 2020 and 2022) to come equipped with vehicle-to-vehicle radio units, speaking the DSRC protocol and blabbing their location everywhere they go. Regular readers will know that I think this is a pretty silly idea, even a dangerous one from the standpoint of privacy and security, and that most developers of self-driving cars, rather than saying this is a vital step, describe it as “something we would use if it gets out there, but certainly not essential for our vehicles.”

I will have more comment on this in the future.

Car NAS for semi-offsite backup

Everybody should have off-site backup of their files. For most people, the biggest threat is fire, but here in California, the most likely disaster you will encounter is an earthquake. Only a small fraction of houses will burn down, but everybody will experience the big earthquake that is sure to come in the next few decades. Of course, fortunately only a modest number of houses will collapse, but many computers will be knocked off desks or have things fall on them.

To deal with this, I’ve been keeping a copy of my data in my car — encrypted of course. I park in my driveway, so nothing will fall on the car in a quake, and only a very large fire would have risk of spreading to the car, though it’s certainly possible.

The two other options are network backup and truly remote backup. Network backup is great, but doesn’t work for people who have many terabytes of storage. I came back from my latest trip with 300gb of new photos, and that would take a very long time to upload if I wanted network storage. In addition, many TB of network storage is somewhat expensive. Truly remote storage is great, but the logistics of visiting it regularly, bringing back disks for update and then taking them back again is too much for household and small business backup. In fact, even being diligent about going down to the car to get out the disk and update is difficult.

A possible answer — a wireless backup box stored in the car. Today, there are many low-cost linux based NAS boxes and they mostly run on 12 volts. So you could easily make a box that goes into the car, plugs into power (many cars now have 12v jacks in the trunk or other access to that power) and wakes up every so often to see if it is on the home wifi, and triggers a backup sync, ideally in the night.  read more »

The terrible power of computer espionage in our world of shame

I have some dark secrets. Some I am not proud of, some that are fine by me but I know would be better kept private. So do you. So does everybody. And the more complex your life, the more “big” things you have done in the world, the bigger your mistakes and other secrets are. It is true for all of us. This is one of the reasons the world needs privacy to work.

The 2016 US election hack makes clear the big challenge. In a world where everybody has secret flaws, the person who can point the flashlight at their enemies, and not themselves or their friends, has a truly powerful weapon. Now that we conduct our entire lives on computers, those who can penetrate them can learn those secrets.

We’re not good at being intellectual about this. When one house has a big pile of dirty laundry in front, we know intellectually that all the other houses almost surely have a similar pile in the basement. But the smell of the exposed one is clear, and it’s bad, and we can’t keep our minds on that fact. So we can be manipulated, even though we know we are being manipulated.

In this election, we got to see exposed various flaws at the Democratic National Committee. The flaws were real (though on the scale of such things, not overwhelming.) Our gut reaction, though, is to feel, “it doesn’t matter how we learned this, it’s still bad and not to be ignored.” We feel this even though we know the information was gathered illegally, then disclosed to manipulate us. That’s because generally we do and should love whistleblowers. They are usually brave heroes. But what we learn that the whistleblower revealed the secrets not for the public good, not to expose a wrong, but instead cherry-picked what to expose to manipulate us, we must do something else we normally taught is wrong and “shoot the messenger.”

The legal system figured this out long ago. It has detailed rules about how evidence can be collected and used. If those rules are violated, the system attempts to disregard the evidence in its deliberations. Everything that came from the improper evidence is to be unseen, disregarded. People we know for certain who are murderers and rapists are set free because there was something untoward about how we learned it.

The public is incapable of the logical dispassion demanded in the courts. If this can never be fixed, we are in for trouble. There will always be secrets. And now there will always be people with the tools to get at all but the most highly protected ones and selectively disclose them.

Some people believe we can get used to a more fully transparent world, and have no secrets. If we can do that, this weapon is diminished. They hope that if we all see how many secrets others have, we won’t be so ashamed of ours. I am highly doubtful. People will keep secrets. The powerful will be better at protecting them, but the even more powerful will be better at extracting them. The secrets will not be just shameful things but actually illegal things. We live in a world of so many laws that we are all breaking them regularly.

I am not sure I see a way out. This is not simply about Clinton. While everybody is bothered by fake news, this is news which is true, but not the whole truth and not misleading.

In the past I have written about extending the concept of “privilege” to information on our computers. Perhaps this form of invasion of privacy could be viewed the same way socially. That breaking into your computer to disclose your secrets would be like beating up somebody’s priest or lawyer to extract those secrets. If a news story started with, “we bugged his lawyer’s office and heard him confess this crime to his lawyer” we might still be bothered but see it in a different light, and be more bothered by those using the information.

Uber's battle in San Francisco

For a few months, Uber has been testing their self-driving prototypes in Pittsburgh, giving rides to willing customers with a safety driver (or two) in the front seat monitoring the drive and ready to take over.

When Uber came to do this in San Francisco, starting this week, it was a good step to study new territory and new customers, but the real wrinkle was they decided not to get autonomous vehicle test permits from the California DMV. Google/Waymo and most others have such permits. Telsa has such permits but claims it never uses them.

I played an advisory role for Google when the Nevada law was drafted, and this followed into the California law. One of the provisions in both laws is that they specifically exempt cars that are unable to drive without a human supervisor. This provision showed up, not because of the efforts of Google or other self-drive teams, but because the big automakers wanted to make sure that these new self-driving laws did not constrain the only things they were making at the time — advanced ADAS and “autopilot” cars which are effectively extra-fancy cruise controls that combine lanekeeping functions with adaptive cruise control for speed. Many car makers offered products like that going back a decade, and they wanted to make sure that whatever crazy companies like Google wanted in their self-driving laws, it would not pertain to them.

The law says:

“…excluding vehicles equipped with one or more systems that enhance safety or provide driver assistance but are not capable of driving or operating the vehicle without the active physical control or monitoring of a natural person.”

Now Uber (whose team is managed by my friend Anthony Levandowski who played a role in the creation of those state laws while he was at Google) wants to make use of these carve-outs to do their pilot project. As long as their car is tweaked so that it can’t drive without human monitoring, it would seem to fit under that exemption. (I don’t know, but would presume they might do some minor modifications so the system can’t drive without the driver weight sensor activated, or a button held down or similar to prove the driver is monitoring.)

The DMV looks at it another way. Since their testing regulations say you can’t test without human safety drivers monitoring and ready to take over, it was never the intent of the law to effectively exempt everything. You can’t test a car without human monitoring under the regulations, but cars that need monitoring are exempt. The key is calling the system a driver assistance system rather than a driving system.

The DMV is right about the spirit. Uber may be right about the letter. Of course, Uber has a long history of not being all that diligent in complying with the law, and then getting the law to improve, but this time, I think they are within the letter. At least for a while.

Other News

Velodyne reports success in research into solid state LIDAR. Velodyne has owned the market for self-driving car LIDAR for years, as they are the only producers of a high-end model. Their models are mechanical and very expensive, so other companies have been pushing the lower cost end of the market, including Quanergy (Where I am an advisor) which has also had solid state LIDAR for some time, and appears closer to production.

These and others verify something that most in the industry have expected for some time — LIDAR is going to get cheap soon. Companies like Tesla, which have avoided LIDAR because you can’t get a decently priced unit in production quantities, have effectively bet that cameras will get good before LIDAR gets cheap. The reality is that most early cars will simply use both cheap LIDAR and improving neural network based vision at the same time.

Google car is now Waymo

Google’s car project (known as “Chauffeur”) really kickstarted the entire robocar revolution, and Google has put in more work, for longer, than anybody. The car was also the first project of what became Google “X” (or just “X” today under Alphabet. Inside X, a lab devoted to big audacious “moonshot” projects that affect the physical world as well as the digital, they have promoted the idea that projects should eventually “graduate,” moving from being research to real commercial efforts.

Alphabet has announced that the project will be its own subsidiary company with the new name “Waymo.” The name is not the news, though; what’s important is the move away from being a unit of a mega-company like Google or Alphabet. The freedoms to act that come with being a start-up (though a fairly large and well funded one) are greater than units in large corporations have. Contrast what Uber was able to do, skirting and even violating the law until it got the law changed, with what big corporations need to do.

Google also released information about how in 2015 they took Steve Mahan — the blind man who was also the first non-employee to try out a car for running errands — for the first non-employee (blind or otherwise) fully self-driving ride on public streets, in a vehicle with no steering wheel and no backup safety driver in the vehicle. (This may be an effort to counter the large amount of press about public ride offerings by Nutonomy in Singapore and Uber in Pittsburgh, as well as truck deliveries by Uber/Otto in 2016.)

It took Google/Alphabet 6 years to let somebody ride on public streets in part because it is a big company. It’s an interesting contrast with how Otto did a demonstration video after just a few months of life of a truck driving a Nevada highway with nobody behind the wheel (but Otto employees inside and around it.) That’s the sort of radical step that startups.

Waymo has declared their next goal is to “let people use our vehicles to do everyday things like run errands, commute to work, or get safely home after a night on the town.” This is the brass ring, a “Mobility on Demand” service able to pick people up (ie. run unmanned) and even carry a drunk person.

The last point is important. To carry a drunk is a particular challenge. In terms of improving road safety it’s one of the most worthwhile things we could do with self-driving cars, since drunks have so many of the accidents. To carry a drunk, you can’t let the human take control even if they want to. Unlike unmanned operation, you must travel at the speed impatient humans demand, and you must protect the precious cargo. To make things worse, in some legal jurisdictions, they still want to consider the person inside the car the “driver,” which could mean that since the “driver” is impaired, operation is illegal.

Waymo as leader

The importance of this project is hard to overstate. While most car companies had small backburner projects related to self-driving going back many years, and a number of worthwhile research milestones were conquered in the 90s and even earlier, the Google/Waymo project, which sprang from the Darpa Grand Challenge, energized everybody. Tiny projects at car companies all got internal funding because car companies couldn’t tolerate the press and the world thinking and writing the that true future of the car was coming from a non-car company, a search engine company. Now the car companies have divisions with thousands of engineers, and it’s thanks to Google. The Google/Waymo team was accomplishing tasks 5 years ago that most projects are only now just getting to, especially in non-highway driving. They were rejecting avenues (like driving with a human on standby ready to take the wheel on short notice) in 2013 that many projects are still trying to figure out.

Indeed, even in 2010, when I first joined the project and it had just over a dozen people, it had already accomplished more complex tasks that most projects, even the Tesla autopilot that some people think is in the lead, have yet to accomplish.

Let’s see where Waymo goes.

Therapy session for somebody with real family issues

On the lighter side, the other day I was daydreaming how a conversation about her family might go with a famous character… You’ll probably guess who fairly early in, but it’s pretty strange to read it like this:

Therapist: So, I’m told you have had some serious issues with your family? I’m here to help.

Patient: You might say that.

T: Did something painful happen recently?

P: My son murdered his father, my ex.

T: You son murdered his father! Is he in prison?

P: Not going to happen, he’s too highly placed.

T: Why did he do it?

P: It’s a long story. And a bit of a pattern.

T: Others in your family have done this?

P: You might say that. There are bad stories about everybody in my family.

T: Surely you had a good relationship with your mother?

P: I never met my mother. She died just as I was born.

T: How terrible. Death in childbirth is so rare in the modern era.

P: She didn’t die in childbirth. I am told my father choked her.

T: Your father! So he went to jail?  read more »

What disability rules are right for robotaxis?

Robocars are broadly going to be a huge boon for many people with disabilities, especially disabilities which make it difficult to drive or those that make it hard to get in and out of vehicles. Existing disability regulations and policies were written without robocars in mind, and there are probably some improvements that need to be made.

While I was at Google, I helped slightly with the project to show the first non-employee getting to use the car to run errands. The subject we selected was 95% blind, and of course he can’t drive, and even using transit is a burden. It was obvious to him immediately how life-changing the technology will be.

Some background on disabled transport

There are two rough policy approaches to making things more accessible. One requires that we make everything accessible. The other uses special accommodations for the disabled.

Making everything accessible is broadly preferred by advocates. Wheelchair ramps on all public buildngs etc. Doing less than this runs a risk of “separate but equal” which quickly becomes separate and inferior. It’s also hugely expensive, and while that cost is borne by people like building owners and society, there is not unlimited budget, and there are arguments that there may be more efficient ways to spend the resources that are available. There are also lots of very different disabilities, and you need very different methods to deal with impairments in sight, mobility, hearing, cognition and the rest.

Over 50 million people in the USA have some sort of disability, so this is no minor matter.

In transportation, there is a general goal to make public transit accessible. To supplement that, or where that is not done, there are the paratransit rules. Paratransit offers people who meet certain tests an alternate ride (usually in a door to door van) for themselves and a helper for no more than twice the cost of a regular bus ticket. That sounds great until you learn you also have to schedule it a day in advance, and have a one-hour pickup window (which the disabled hate) and it’s hugely expensive, with an average cost per ride of over $30, which cities hate. (In the worst towns, it is $60/ride.) In some cities it approaches half the transit budget. Some cities, looking at that huge cost, let some disabled customers just use taxis for short trips, which provide much better service and cost much less. (Though to avoid over-use they put limitations on this.)

There are Americans with Disabilities Act rules for taxis. Regular sedan taxis are not directly regulated though there can be no discrimination of disabled customers who are capable of riding in a sedan. Any new van of up to 8 seats has to been accessible, which often means things like wheelchair lifts. In addition, once a taxi fleet has accessible vans, it has to offer “equivalent service” levels. This might mean that if it has 200 sedans, it can’t buy just one van because there would be much longer wait times to get that van. To get around this, a lot of companies use a loophole and purchase only used vans. The law only covers the use of new vans. Companies like Uber and Lyft don’t own vehicles at all, and so are not governed in the same way by fleet requirements, though they do offer accessible vehicle services in some cities.

When Uber and similar companies move to offering robotaxi service with vehicles they own, these laws would apply to them. Unlike some companies, the used van loophole will also be difficult since most robotaxis will be custom built new.

New Types of Vehicles

Robotaxi service offers the promise of a vehicle on demand, and it offers the potential of a vehicle well fitted to the trip. Mostly I talk about things like the ability to use a small and inexpensive one person vehicle for solo urban trips (which are 80% of trips, so this is a big deal) but it also means sending an SUV when 3 people want to go skiing, or a pickup-truck for a work run, or a van designed for socializing when a group of people want to travel together.

It also offers the ability to create vehicles just for people with certain disabilities. One example I find quite interesting is the Kenguru — a small, single person vehicle which is hollow, and allows a user in a wheelchair to just roll in the back and steer it with hand controls. For wheelchair users with working arms, this is hugely superior to designs that require you to get out of your chair into a car seat, or which involve the time delays of using a wheelchair lift. Especially with nobody to assist. Roll-in, roll-out can match the convenience of the able-bodied. The current Kenguru is to be steered, but a self-driving vehicle like this could handle even those in power chairs, and offer a fold-down bench for an able-bodied companion.

Being computerized, these vehicles will also offer accessible user interfaces. Indeed, they may mostly rely on the user’s phone, which will already be customized to their needs.

Custom-designed to meet particular disabilities, these vehicles will both serve the disabled better and frankly be not that useful for others. As such, regimes that require adapting all vehicles to handle both types of customers may have the right spirit, but provide inferior service.

Another key benefit of robotaxi service for the disabled will be the low price. Reduced job prospects drive many with disabilities into poverty. Service that is naturally low in price will be enabling.

Equivalent service or Separate but Superior

Providing “equivalent” service is difficult with traditional taxis, particularly for smaller fleets. Robotaxis, which don’t mind waiting around because no human driver is waiting, make this easier to do. The service level of a robotaxi service is based on the density of currently unused vehicles in your area. Increase fleet size with the same demand, and service level goes up. As long as fleet size is not way overblown, so that vehicles still wear out by the mile rather than by the year, increasing fleet size is not nearly as expensive as it is for regular cars or human driven taxis.

This means you can, fairly readily, offer equivalent or even superior service at a pretty reasonable cost. As long as disabled-designed vehicles are made in decent quantities to keep their costs low, the cost should be close to the cost of regular vehicles. In the public interest, regular vehicle customers might subsidize the slightly higher cost of these lower volume vehicles.

With increased fleets, service levels would generally be superior to the regular fleets, but not always. The law generally allows this, but the disabled community will need to understand a few unequal things that probably will happen:

  • Slightly more advanced notice of rides will often make it possible to provide service at lower cost. Regular vehicles will naturally be present on every block. Disabled vehicles might be present with less density during high use times, but the ability to reposition lets even slight advance notice do a lot.
  • For those in groups, it may not be easy to carry a person in a wheelchair along with several non-wheelchair passengers. This might mean the wheelchair passenger goes in their own vehicle (with videoconference link.) This is not as good, but is much more cost effective than requiring every van to have a wheelchair lift.
  • To increase service levels, it is likely competing companies would cooperate on serving the disabled, and pool fleets. Until the disabled become a profitable market rather than one done to meet goals of public good, companies will prefer to work together. As such if you call for an Uber, you might often get a Lyft or other small fleet car.
  • Low cost disabled transport may mean that accessible public transit and paratransit slowly fade. Public transit which has its own tracks will continue to be accessible as it offers a speed advantage which may not be met on the roads, but otherwise it may be much cheaper to offer private robotaxis than to make all transit accessible. This would mean a group of people might not be able to ride transit together if it’s not accessible.
  • Small electric vehicles may be allowed to enter buildings, dropping passengers right at elevator lobbies or other destinations.

The biggest trade-off will be the loss of social group experiences. There certainly will be buses and vans with lifts which allow groups of mixed-ability passengers to travel together, but it is unlikely these would be so common as to offer the same service level as ordinary vans. With advance notice of just 10 minutes, they could probably be available.

Thank you, United, for finally charging for the overhead bin

I’ve seen many enraged notes from friends on how United Airlines will now charge for putting a bag in the overhead bin. While they aren’t actually doing this, my reaction is not outrage, but actually something quite positive. And yours should be to, even when other airlines follow suit, as they will.

I fly too much on United. I have had their 1K status for several years, this year I logged over 200,000 miles, so I know all the things to dislike about the airline. Why is it good for them to do this?

Strictly speaking, what they are doing is creating a new fare class, which is extra discount, and it includes no bin space and no assigned seat before departure. They claim the new class will cost less than existing fares, and you can still buy the regular economy fare which comes which bin space and a seat assignment. Naturally, we can suspect they will soon raise the price. The other reason people can complain is that when you comparison shop, you tend to look for the cheapest price, and it’s annoying when the products are not similar. (To fix this, shopping sites will need to start having options so you can ask for a comparison of what you really want to buy.)

The reason it’s good is that it means it’s more likely that I will get bin space when I show up late, and more likely I will get a tolerable seat when I book late. Airlines that give those things to all passengers, even the ones who don’t care that much about them, do not serve their more frequent flyers well. If I have to pay for seat assignment and bin space, it’s great, because I truly need them and will not have a better chance of getting them. Of course, as a super-elite, I won’t have to pay directly, I pay by all the other money I have given the airline, which is even better for me.

I need bin space because I am a photographer who carries a lot of cameras and lenses. Even if I check a bag, I still bring along a big carry-on, and everything in it is too fragile to go in the hold. If they tell me they need to gate check it, I will either talk them out of it, or if that ever fails to work I may take another flight. Of course, elite flyers board first, so we don’t have a bin space problem, but sometimes we need to get to a flight late, or have a short connection, and then we can find ourselves with no bin space today.

I won’t take a middle seat because I’m big. My fault or not, it’s the way it is. Sometimes I need to book last minute, or change flights or even go standby. This can mean a flight with nothing but middle seats. If it’s a flight of any duration, this is also just not an option anybody wants. Since in today’s system, everybody gets a seat based on when they bought, the guy with the discount ticket who bought 3 months ago has the aisle, and the elite flyer who paid a lot more for their ticket (possibly even downgraded from business class due to changes) is in the middle seat. Not the way you want to serve your better customers. (Since the airline will assign seats on day of flight, it will only help this moderately.)

But the point is the same — I would rather pay for what I really need than have it come by default and end up not being available to me because a lot of people didn’t actually want it that much. People who don’t need a big carry-on. People who are small and can tolerate a middle seat easily and would rather do that than pay money. An airline that charges for these things is the airline I want. In fact, I would even be OK if they charged a bit more for aisles and less for windows and middles, even on the day of the flight. And yes, elites sometimes solve all these problems with a business class upgrade, but on the big popular routes, that is far from certain. United has gotten too good at filling its planes, and other airlines are also getting good.

The overhead bag problem is partly a result of the charges for checked bags. Those do me no good (though again, elites don’t pay them.) There is no shortage of hold space, so charging for bags is just pure money for the airline, and that’s why they all started doing it. The problem, of course, is it makes people carry bigger carry-on bags, not for the reason that I or other frequent flyers do, but because they want to avoid the bag charge. I would be very pleased if they made sure the overhead charge is larger than the checked bag charge, or if they charged you to gave you the choice — either an overhead space or a bag in the hold, but not both.

There is another good reason for this — bigger overhead bags from those doing it simply to avoid charges slow down security lines. Leave the overhead bins for those who truly need them, because they have lots of fragiles, or because they value their time more than money and don’t want the delays of bag checking. (I continue to show up for flights quite late, another reason I don’t want to check a bag and be forced to meet the deadlines for that. But I notice I am almost always alone — everybody else listens to the crazy advice about showing up 60, 90 or even 120 minutes before flights. I’m glad everybody else listens; but in reality this has not caused me to miss flights, so I will continue to not listen. And if you fly enough, that time makes a big difference.

In the end, all airlines face the problem that on full planes, there is not enough room for everybody to put a big bag in the overhead bins. So the only question is who it will be that get the space? Today, it’s “who boarded first?” which is tolerable to many (until you have a late connection or other factors make you on time but later than others.) United now wants to make it “Those who didn’t give up the space for a discount” which seems pretty fair to me.

I am curious as to just how they will enforce this. I know some airlines tag cabin baggage, does this actually work? Passengers not using the overhead bin also do not stand in the aisle loading it, though they do often stand there pulling things out of the bag they will be putting under the seat. One way to enforce would be to have the no-bin folks board last, though it causes a problem when people together have different boarding groups. Some airlines, I think, give you tags for overhead bags and under-seat bags.

So while I don’t usually like how United does it, this one’s an exception. (Their new business class redesign also looks good, if long overdue.)

App stores need offline interfaces

Here’s the situation: You’re in a place with no bandwidth or limited bandwidth. It’s just the place that you need to download an app, because the good apps, at least, can do more things locally and not make as much use of the network. But you can’t get to the app store. The archetype of this situation is being on a plane with wifi and video offerings over the wifi. You get on board and you connect and it says you needed to download the app before you took off and got disconnected.

There’s an obvious answer. The app stores should allow segments of themselves to be cached offline. This means that the app market app (such as iTunes or Google Play) should allow you to use a cached version of the store, as long as everything is signed and not too old. Then the plane’s server could keep copies of things like the airline app or video playing app in the cache, along with games and entertainment they want to make available to you. Mostly free stuff, though you could also allow payment with cached transactions (with a bit of trust) if need be.

Same experience for the user. They could go to the app store, search for and find the airline app, and download and install it, all without a network connection. Only if they tried to get a non-cached app would they get told they were offline.

As I wander the world, I get reminded all the time how we get a bit spoiled in our land of fast wifi and LTE phone data. You even get to understand why Google started de-ranking pages that don’t support mobile well in their mobile search results. Even as we move to having internet from drones, balloons or satellites everywhere we go, until we have gigabits everywhere, we need to design for lower connectivity environments.

Of course, the airlines could, on Android, offer you an APK file that you can manually install, but you have to check boxes and take security risks to do so, because the certification systems are centralized.

What if the city ran Waze and you had to obey it? Could this cure congestion?

I believe we have the potential to eliminate a major fraction of traffic congestion in the near future, using technology that exists today which will be cheap in the future. The method has been outlined by myself and others in the past, but here I offer an alternate way to explain it which may help crystallize it in people’s minds.

Today many people drive almost all the time guided by their smartphone, using navigation apps like Google Maps, Apple Maps or Waze (now owned by Google.) Many have come to drive as though they were a robot under the command of the app, trusting and obeying it at every turn. Tools like these apps are even causing controversy, because in the hunt for the quickest trip, they are often finding creative routes that bypass congested major roads for local streets that used to be lightly used.

Put simply, the answer to traffic congestion might be, “What if you, by law, had to obey your navigation app at rush hour?” To be more specific, what if the cities and towns that own the streets handed out reservations for routes on those streets to you via those apps, and your navigation app directed you down them? And what if the cities made sure there were never more cars put on a piece of road than it had capacity to handle? (The city would not literally run Waze, it would hand out route reservations to it, and it would still do the UI and be a private company.)

The value is huge. Estimates suggest congestion costs around 160 billion dollars per year in the USA, including 3 billion gallons of fuel and 42 hours of time for every driver. Roughly quadruple that for the world.

Road metering actually works

This approach would exploit one principle in road management that’s been most effective in reducing congestion, namely road metering. The majority of traffic congestion is caused, no surprise, by excess traffic — more cars trying to use a stretch of road than it has the capacity to handle. There are other things that cause congestion — accidents, gridlock and irrational driver behaviour, but even these only cause traffic jams when the road is near or over capacity.

Today, in many cities, highway metering is keeping the highways flowing far better than they used to. When highways stall, the metering lights stop cars from entering the freeway as fast as they want. You get frustrated waiting at the metering light but the reward is you eventually get on a freeway that’s not as badly overloaded.

Another type of metering is called congestion pricing. Pioneered in Singapore, these systems place a toll on driving in the most congested areas, typically the downtown cores at rush hour. They are also used in London, Milan, Stockholm and some smaller towns, but have never caught on in many other areas for political reasons. Congestion charging can easily be viewed as allocating the roads to the rich when they were paid for by everybody’s taxes.

A third successful metering system is the High-occupancy toll lane. HOT lanes take carpool lanes that are being underutilized, and let drivers pay a market-based price to use them solo. The price is set to bring in just enough solo drivers to avoid wasting the spare capacity of the lane without overloading it. Taking those solo drivers out of the other lanes improves their flow as well. While not every city will admit it, carpool lanes themselves have not been a success. 90% of the carpools in them are families or others who would have carpooled anyway. The 10% “induced” carpools are great, but if the carpool lane only runs at 50% capacity, it ends up causing more congestion than it saves. HOT is a metering system that fixes that problem.  read more »

The Electoral College: Good, bad or Trump trumper, and how to abolish it if you want

Many are writing about the Electoral college. Can it still prevent Trump’s election, and should it be abolished?

Like almost everybody, I have much to say about the US election results. The core will come later — including an article I was preparing long before the election but whose conclusions don’t change much because of the result, since Trump getting 46.4% is not (outside of the result) any more surprising than Trump getting 44% like we expected. But for now, since I have written about the college before, let me consider the debate around it.

By now, most people are aware that the President is not elected Nov 8th, but rather by the electors around Dec 19. The electors are chosen by their states, based on popular vote. In almost all states all electors are from the party that won the popular vote in a “winner takes all,” but in a couple small ones they are distributed. In about half the states, the electors are bound by law to vote for the candidate who won the popular vote in that state. In other states they are party loyalists but technically free. Some “faithless” electors have voted differently, but it’s very rare.

I’m rather saddened by the call by many Democrats to push for electors to be faithless, as well as calls at this exact time to abolish the college. There are arguments to abolish the college, but the calls today are ridiculously partisan, and thus foolish. I suspect that very few of those shouting to abolish the college would be shouting that if Trump had won the popular vote and lost the college (which was less likely but still possible.) In one of Trump’s clever moves, he declared that he would not trust the final results (if he lost) and this tricked his opponents into getting very critical of the audacity of saying such a thing. This makes it much harder for Democrats to now declare the results are wrong and should be reversed.

The college approach — where the people don’t directly choose their leader — is not that uncommon in the world. In my country, and in most of the British parliamentary democracies, we are quite used to it. In fact, the Prime Minister’s name doesn’t even appear on our ballots as a fiction the way it does in the USA. We elect MPs, voting for them mostly (but not entirely) on party lines, and the parties have told us in advance who they will name as PM. (They can replace their leader after if they want, but by convention, not rule, another election happens not long after.)

In these systems it’s quite likely that a party will win a majority of seats without winning the popular vote. In fact, it happens a lot of the time. That’s because in the rest of the world there are more than 2 parties, and no party wins the popular vote. But it’s also possible for the party that came 2nd in the popular vote to form the government, sometimes with a majority, and sometimes in an alliance.

Origins of the college

When the college was created, the framers were not expecting popular votes at all. They didn’t think that the common people (by which they meant wealthy white males) would be that good at selecting the President. In the days before mass media allowed every voter to actually see the candidates, one can understand this. The system technically just lets each state pick its electors, and they thought the governor or state house would do it.

Later, states started having popular votes (again only of land owning white males) to pick the electors. They did revise the rules of the college (12th amendment) but they kept it because they were federalists, strong advocates of states’ rights. They really didn’t imagine the public picking the President directly.  read more »

Comma One goes Open Source, Robocars in New Zealand Earthquakes and more

There have been few postings this month since I took the time to enjoy a holiday in New Zealand around speaking at the SingularityU New Zealand summit in Christchurch. The night before the summit, we enjoyed a 7.8 earthquake not so far from Christchurch, whose downtown was over 2/3 demolished after quakes in 2010 and 2011. On the 11th floor of the hotel, it was a disturbing nailbiter of swaying back and forth for over 2 minutes — but of course swaying is what the building is supposed to do; that means it’s working. The shocks were rolling, not violent, and in fact we got more violent jolts from aftershocks a week later when we went to Picton.

While driving around that region, we encountered this classic earthquake scene on the road:

There were many like this, and in fact the main highway of the South Island was destroyed long-term not too far away, cutting off several towns. A scene like this makes you wonder just what a robocar would do in such situations. I already answered this question in a blog post on how to handle a tsunami. Fortunately there was only a mild tsunami for this quake. A tsunami will result in a warning in the rich world, and the car will know the elevation map of the roads and know how to get to high ground. In some places, like Japan,t here is also an advanced earthquake warning system that tells you quakes are coming well before they hit you, since electrons go much faster than seismic waves. With such a system, robocars should receive a warning and come to a stop unless they need to evacuate a tsunami zone. Without such a warning, we still could imagine the road cracking and collapsing in front of you as might have happened on this road. Of course the cones and signs that warned me days later would not be present.

The answer again lies in the fact that pictures like mine will be used to create situations like this in simulator, and all car developers will be able to test their systems with simulated quake damage to make sure they do the right thing. I’ve spoken since 2010 on the value of a shared simulator environment and I think if government agencies like NHTSA want to really help development, providing funding and tools for such an environment would be a good step. NHTSA’s proposal that all developers share their logs of all incidents would clearly make such a simulator better, but there is pushback because of the proprietary value of those logs. When it comes to strange situations like earthquakes, I doubt there would be much pushback on having an open and shared simulator environment.

New Zealand’s government is taking a very welcoming approach to robocars. They are not regulating for a while, and have invited developers to come and test. They have even said it’s OK to test unmanned vehicles under some fairly simple rules. NZ does not have any auto industry, and of course it’s quite remote, but we’ll see if they can attract developers to come test. Their roads feature something you don’t see much in the USA — tons and tons of one-lane bridges and other one-lane stretches of highway. Turns out that robocars, with a little bit of communication, can make very superhumanly efficient use of one-lane two-way roads, and it might be worth exploring.

Open Source Comma One box

Speaking of Open, today Comma.ai, which previously had declared they were giving up on their neural network autopilot due to NHTSA threats today announced they have open sourced their software, along with hardware designs and case designs. NHTSA did not want them making an autopilot, and said they could not simply rely on the fact that drivers were told they must be diligent, it will be very interesting to see how NHTSA reacts to the release of open designs that anybody can then install on their car.

The automotive industry has had a long history of valuing the tinkerer. All the big car companies had their beginnings with small tinkerers and inventors. Some even died in the very machines they were inventing. These beginnings have allowed people to do all sorts of playing around in their garages with new car ideas, without government oversight, in spite of the risk to themselves and even others on the road. If a mechanic wants to charge you for working on your car, they must be licenced, but you are free to work on it yourself with no licence, and even build experimental cars. You just can’t sell them. And even those rights have been eroded.

Clearly far fewer people will have the inclination to build an autopilot using the comma.ai tools by themselves. But it won’t be that hard to do, and they can make it easier with time, too. One could even imagine a car which already had the necessary hardware, so that you only needed to download software to make it happen.

In recent times, there has been a strong effort to prevent people with tinkering with their cars, even in software. One common area of controversy has been around engine tuning. Engine tuning is regulated by the EPA to keep emissions low. Car vendors have to show they have done this — and they can’t program their car to give good emissions only on the test while getting better performance off the test as VW did. But owners have been known to want to make such modifications. Now we will see modifications that affect not just emissions but safety. Car companies don’t want to be responsible if you modify the code in your car and there is an accident involving both their code and yours. As such, they will try to secure their car systems so you can’t change them, and the government may help them or even insist on it. When you add computer security risks to the mix — who can certify the modified car can’t be taken over and used as a weapon? — it will get even more fun.

I will also point out that I suspect that comma’s approach would not know what to do about the collapsed road, because it would never have been trained in that situation. It might, however, simply sound an alert and kick out, not being able to find the lane any more.

Regulatory pushback

Regular readers will have seen my strong critique of the NHTSA rules. The other major news during my break was the pushback from major players in the public comment on the regulations. In some ways the regulations didn’t do enough to give vendors the certainty they need to make their plans. At the same time, they were criticsed for not giving enough flexibility to vendors. In addition, as expected, they resist giving up their proprietary data in the proposed forced sharing. I predict continued ambivalence on the regulations. Big players actually like having lots of regulations, because big players know how to deal with that and small players don’t.

If you built "Westworld" (or other robot sex) it would probably be with VR

HBO released a new version of “Westworld” based on the old movie about a robot-based western theme park. The show hasn’t excited me yet — it repeats many of the old tropes on robots/AI becoming aware — but I’m interested in the same thing the original talked about — simulated experiences for entertainment.

The new show misses what’s changed since the original. I think it’s more likely they will build a world like this with a combination of VR, AI and specialty remotely controlled actuators rather than with independent self-contained robots.

One can understand the appeal of presenting the simulation in a mostly real environment. But the advantages of the VR experience are many. In particular, with the top-quality, retinal resolution light-field VR we hope to see in the future, the big advantage is you don’t need to make the physical things look real. You will have synthetic bodies, but they only have to feel right, and only just where you touch them. They don’t have to look right. In particular, they can have cables coming out of them connecting them to external computing and power. You don’t see the cables, nor the other manipulators that are keeping the cables out of your way (even briefly unplugging them) as you and they move.

This is important to get data to the devices — they are not robots as their control logic is elsewhere, though we will call them robots — but even more important for power. Perhaps the most science fictional thing about most TV robots is that they can run for days on internal power. That’s actually very hard.

The VR has to be much better than we have today, but it’s not as much of a leap as the robots in the show. It needs to be at full retinal resolution (though only in the spot your eyes are looking) and it needs to be able to simulate the “light field” which means making the light from different distances converge correctly so you focus your eyes at those distances. It has to be lightweight enough that you forget you have it on. It has to have an amazing frame-rate and accuracy, and we are years from that. It would be nice if it were also untethered, but the option is also open for a tether which is suspended from the ceiling and constantly moved by manipulators so you never feel its weight or encounter it with your arms. (That might include short disconnections.) However, a tracking laser combined with wireless power could also do the trick to give us full bandwidth and full power without weight.

It’s probably not possible to let you touch the area around your eyes and not feel a headset, but add a little SF magic and it might be reduced to feeling like a pair of glasses.

The advantages of this are huge:

  • You don’t have to make anything look realistic, you just need to be able to render that in VR.
  • You don’t even have to build things that nobody will touch, or go to, including most backgrounds and scenery.
  • You don’t even need to keep rooms around, if you can quickly have machines put in the props when needed before a player enters the room.
  • In many cases, instead of some physical objects, a very fast manipulator might be able to quickly place in your way textures and surfaces you are about to touch. For example, imagine if, instead of a wall, a machine with a few squares of wall surface quickly holds one out anywhere you’re about to touch. Instead of a door there is just a robot arm holding a handle that moves as you push and turn it.
  • Proven tricks in VR can get people to turn around without realizing it, letting you create vast virtual spaces in small physical ones. The spaces will be designed to match what the technology can do, of course.
  • You will also control the audio and cancel sounds, so your behind-the-scenes manipulations don’t need to be fully silent.
  • You do it all with central computers, you don’t try to fit it all inside a robot.
  • You can change it all up any time.

In some cases, you need the player to “play along” and remember not to do things that would break the illusion. Don’t try to run into that wall or swing from that light fixture. Most people would play along.

For a lot more money, you might some day be able to do something more like Westworld. That has its advantages too:

  • Of course, the player is not wearing any gear, which will improve the reality of the experience. They can touch their faces and ears.
  • Superb rendering and matching are not needed, nor the light field or anything else. You just need your robots to get past the uncanny valley
  • You can use real settings (like a remote landscape for a western) though you may have a few anachronisms. (Planes flying overhead, houses in the distance.)
  • The same transmitted power and laser tricks could work for the robots, but transmitting enough power to power a horse is a great deal more than enough to power a headset. All this must be kept fully hidden.

The latter experience will be made too, but it will be more static and cost a lot more money.

Yes, there will be sex

Warning: We’re going to get a bit squicky here for some folks.

Westworld is on HBO, so of course there is sex, though mostly just a more advanced vision of the classic sex robot idea. I think that VR will change sex much sooner. In fact, there is already a small VR porn industry, and even some primitive haptic devices which tie into what’s going on in the porn. I have not tried them but do not imagine them to be very sophisticated as yet, but that will change. Indeed, it will change to the point where porn of this sort becomes a substitute for prostitution, with some strong advantages over the real thing (including, of course, the questions of legality and exploitation of humans.)  read more »

Comma.ai cancels comma-one add-on box after threats from NHTSA

Comma.ai, the brash startup attempting to make a self-driving system entirely from a neural network has announced it will cancel the “comma one” add-on box it has planned to sell to owners of certain Honda vehicles. The box stuck on the rear-view mirror and used the car’s own bus commands to provide an autopilot similar to those offered by car makers, with lane-keeping and adaptive cruise control.

Of particular importance is the letter from NHTSA to comma.ai which I suggest you read. This letter creates several big issues:

  1. There are many elements of this letter which would also apply to Tesla and other automakers which have built supervised autopilot functions.
  2. Of particular interest is the paragraph which says: “it is insufficient to assert, as you do, that the product does not remove any of the driver’s responsibilities” and “there is a high likelihood that some drivers will use your product in a manner that exceeds its intended purpose.” That must be very scary for Tesla.
  3. I noted before that the new NHTSA regulations appear to forbid the use of “black box” neural network approaches to the car’s path planning and decision making. I wondered if this made illegal the approach being done by Comma, NVIDIA and many other labs and players. This may suggest that.
  4. We now have a taste of the new regulatory regime, and it seems that had it existed before, systems like Tesla’s autopilot, Mercedes Traffic Jam Assist, and Cruise’s original aftermarket autopilot would never have been able to get off the ground.
  5. George Hotz of comma declares “Would much rather spend my life building amazing tech than dealing with regulators and lawyers. It isn’t worth it. The comma one is cancelled. comma.ai will be exploring other products and markets. Hello from Shenzhen, China.”

To be clear, comma is a tiny company taking a radical approach, so it is not a given that what NHTSA has applied to them would have been or will be unanswerable by the big guys. Because Tesla’s autopilot is not a pure machine learning system, they can answer many of the questions in the NHTSA letter that comma can’t. They can do much more extensive testing that a tiny startup can’t. But even so a letter like this sends a huge chill through the industry.

It should also be noted that in Comma’s photos the box replaced the rear-view mirror, and NHTSA had reason to ask about that.

George’s declaration that he’s in Shenzen gives us the first sign of the new regulatory regime pushing innovation away from the United States and California. I will presume the regulators will say, “We only want to scare away dangerous innovation” but the hard truth is that is a very difficult thing to judge. All innovation in this space is going to be a bit dangerous. It’s all there trying to take the car — the 2nd most dangerous legal consumer product — and make it safer, but it starts from a place of danger. We are not going to get to safety without taking risks along the way.

I sometimes ask, “Why do we let 16 year olds drive?” They are clearly a major danger to themselves and others. Driver testing is grossly inadequate. They are not adults so they don’t have the legal rights of adults. We let them drive because they are going to start out dangerous and then get better. It is the only practical way for them to get better, and we all went through it. Today’s early companies are teenagers. They are going to take risks. But this is the fastest and only practical way to let them get better and save millions.

“…some drivers will use your product in a manner that exceeds its intended purpose”

This sentence, though in the cover letter and not the actual legal demand, looks at the question asked so much after the Tesla fatal crash. The question which caused Consumer Reports to ask Tesla to turn off the feature. The question which caused MobilEye, they say, to sever their relationship with Tesla.

The paradox of the autopilot is this: The better it gets, the more likely it is to make drivers over-depend on it. The more likely they will get complacent and look away from the road. And thus, the more likely you will see a horrible crash like the Tesla fatality. How do you deal with a system which adds more danger the better you make it? Customers don’t want annoying countermeasures. This may be another reason that “Level 2,” as I wrote yeterday is not really a meaningful thing.

NHTSA has put a line in the sand. It is no longer going to be enough to say that drivers are told to still pay attention.

Black box

Comma is not the only company trying to build a system with pure neural networks doing the actual steering decisions (known as “path planning”.) NVIDIA’s teams have been actively working on this, as have several others. They plan to make commentary to NHTSA about these element of the regulations, which should not be forbidding this approach until we know it to be dangerous.  read more »

Of the SAE's robocar "levels" only level 4 will be meaningful, and only partly

It’s no secret that I’ve been a critic of the NHTSA “levels” as a taxonomy for types of Robocars since the start. Recent changes in their use calls for some new analysis that concludes that only one of the levels is actually interesting, and only tells part of the story at that. As such, they have become even less useful as a taxonomy. Levels 2 and 3 are unsafe, and Level 5 is remote future technology. Level 4 is the only interesting one and there is thus no taxonomy.

Unfortunately, they have just been encoded into law, which is very much the wrong direction.

NHTSA and SAE both created a similar set of levels, and they were so similar that NHTSA declared they would just defer to the SAE’s system. Nothing wrong with that, but the core flaws are not addressed by this. Far better, their regulations declared that the levels were just part of the story, and they put extra emphasis on what they called the “operating domain” — namely what locations, road types and road conditions the vehicle operates in.

The levels focus entirely on the question of how much human supervision a vehicle needs. This is an important issue, but the levels treated it like the only issue, and it may not even be the most important. My other main criticism was that the levels, by being numbered, imply a progression for the technology. That progression is far from certain and in fact almost certainly wrong. SAE updated its levels to say that they are not intended to imply a progression, but as long as they are numbers this is how people read them.

Today I will go further. All but level 4 are uninteresting. Some may never exist, or exist only temporarily. They will be at best footnotes of history, not core elements of a taxonomy.

Level 4 is what I would call a vehicle capable of “unmanned” operation — driving with nobody inside. This enables most of the interesting applications of robocars.

Here’s why the other levels are less interesting:

Levels 0 and 1 — Manual or ADAS-improved

Levels 0 and 1 refer to existing technology. We don’t really need new terms for our old cars. Level 2 perhaps best described as a more advanced version of level 1 and that transition has already taken place.

Level 2 — Supervised Autopilot

Supervised autopilots are real. This is what Tesla sells, and many others have similar offerings. They are working in one of two ways. The first is the intended way, with full time supervision. This is little more than a more advanced cruise control, and may not even be as relaxing.

The second way is what we’ve seen happen with Tesla — a car that needs supervision, but is so good at driving that supervisors get complacent and stop supervising. They want a full self-driving car but don’t have it, so they pretend they do. Many are now saying that this makes the idea of supervised autopilot too dangerous to deploy. The better you make it, the more likely it can lull people into bad activity.

Update: One day after I wrote this, it was revealed that NHTSA shut down comma.ai’s efforts to build an aftermarket autopilot citing these concerns, among others.

Level 3 — Standby driver

This level is really a variation of Level 4, but the vehicle needs the ability to call upon a driver who is not paying attention and get them to take control with 10 to 60 seconds of advance warning. Many people don’t think this can be done safely. When Google experimented with it in 2013, they concluded it was not safe, and decided to take the steering wheel entirely out of their experimental vehicles.

Even if Level 3 is a real thing, it will be short lived as people seek an unmanned capable vehicle. And Level 4 vehicles will offer controls for special use, even if they don’t permit a transition while moving.

Level 5 — Drive absolutely everywhere

SAE, unlike NHTSA’s first proposal, did want to make it clear that an unmanned capable (Level 4) vehicle would only operate in certain places or situations. So they added level 5 to make it clear that level 4 was limited in domain. That’s good, but the reality is that a vehicle that can truly drive everywhere is not on anybody’s plan. It probably requires AI that matches human beings.

Consider this situation in which I’ve been driven. In the African bush on a game safari, we spot a leopard crossing the road. So the guide drives the car off-road (on private land) running over young trees, over rocks, down into wet and dry streambeds to follow the leopard. Great fun, but this is unlikely to be an ability there is ever market demand to develop. Likewise, there are lots of small off-road tracks that are used by only one person. There is no economic incentive for a company to solve this problem any time soon.

Someday we might see cars that can do these things under the high-level control a human, but they are not going to do them on their own, unmanned. As such SAE level 5 is academic, and serves only to remind us that level 4 does not mean everywhere.

Levels vs. Cul-de-sacs

The levels are not a progression. I will contend in fact that even to the extent that levels 2, 3/4 and 5 exist, they are quite probably entirely different technologies.

Level 2 is being done with ADAS technologies. They are designed to have a driver in the loop. Their designs in many case do not have a path to the reliability level needed for unmanned, which is orders of magnitude higher. It is not just a difference of degree, it is one of kind.

Level 3 is related to level 4, in particular because a level 3 car is expected to be able to handle non-response from its driver, and safely stop or pull off the road. It can be viewed as a sucky version of a level 4 system. (It’s also not that different — see below.)

Level 5, as indicated, probably requires technologies that are more like artificial general intelligence than they are like a driving system.

As such the levels are not levels. There is no path between any of the levels and the one above it, except in the case of 3/4.

Level 4

This leaves Level 4 as the only one worth working on long term, the only one with talking about. The others are just there to create a contrast. NHTSA realizes this and gave the name ODD (Operational Design Domain) to refer to the real area of research, namely what roads and situations the vehicles can handle.

The distinction between 4 and 3 is also not as big as you might expect. Google removed the steering wheel from their prototype to set a high bar for themselves, but they actually left one in for use in testing and development. In reality, even the future’s unmanned cars will feature some way in which a human can control them, for use during breakdowns, special situations, and moving the cars outside of their service areas (operational domains.) Even if the transition from autodrive to human drive is unsafe at speed, it will still be safe if the car pulls over and activates the controls for a licenced driver.

As such, the only distinction of a “level 3” car is it hopes to be able to do that transition while moving, on short but not urgent notice. A pretty minor distinction to be a core element of a taxonomy.

If Level 4 is the only interesting one, my recommendation is to drop the levels from our taxonomy, and focus the taxonomy instead on the classes of roads and conditions the vehicle can handle. It can be a given that outside of those operating domains, other forms of operation might be used, but that does not bear much on the actual problem.

I say we just identify a vehicle capable of unmanned or unsupervised operation as a self-driving car or robocar, and then get to work on the real taxonomy of problems.

Our routers need to remove the "internet" from the "internet of things" to stop DDOS

I frequently say that there is no “internet of things.” That’s a marketing phrase for now. You can’t go buy a “thing” and plug it into the “internet of things.” IoT is still interesting because underneath the name is a real revolution from the way that computing, sensing and communications are getting cheaper, smaller and using less power. New communications protocols are also doing interesting things.

We learned a lesson on Friday though, about why using the word “internet” is its own mistake. The internet — one of the world’s greatest inventions — was created as a network of networks where anything could talk to anything, and it was useful for this to happen. Later, for various reasons, we moved to putting most devices behind NATs and firewalls to diminish this vision, but the core idea remains.

Attackers on Friday made use of growing collection of low cost IoT devices with low security to mount a DDOS attack on DYN’s domain name servers, shutting off name lookup for some big sites. While not the only source of the attack, a lot of attention has come to certain Chinese brands of IP based security cameras and baby monitors. To make them easy to use, they are designed with very poor security, and as a result they can be hijacked and put into botnets to do DDOS — recruiting a million vulnerable computers to all overload some internet site or service at once.

Most applications for small embedded systems — the old and less catchy name of the “internet of things” — aren’t at all in line with the internet concept. They have no need or desire to be able to talk to the whole world the way your phone, laptop or web server do. They only need to talk to other local devices, and sometimes to cloud servers from their vendor. We are going to see billions of these devices connected to our networks in the coming years, perhaps hundreds of billions. They are going to be designed by thousands of vendors. They are going to be cheap and not that well made. They are not going to be secure, and little we can do will change that. Even efforts to make punishments for vendors of insecure devices won’t change that.

So here’s an alternative; a long term plan for our routers and gateways to take the internet out of IoT.

Our routers should understand that two different classes of devices will connect to them. The regular devices, like phones and laptops, should connect to the internet as we expect today. There should also be a way to know that the connecting devices does not want regular internet access, and not to give it. One way to do that is for the devices to know about this, and to convey how much access they need when they first connect. One proposal for this is my friend Eliot Lear’s MUD proposal. Unfortunately, we can’t count on devices to do this. We must limit stupid devices and old devices too.  read more »