Ok, I'm not really much of a fan of banning anything, but the continued reports of massive thefts of password databases from web sites are not slowing down. Whether the recent Hold Security report of discovering a Russian ring that got a billion account records from huge numbers of websites is true or not, we should imagine that it is.

As I've written before there are two main kinds of password using sites. The sites that keep a copy of your password (ie. any site that can e-mail you your password if you forget it) and the sites who keep an encrypted/hashed version of your password (these can reset your password for you via e-mail if you forget it.) The latter class is vastly superior, though it's still an issue when a database of encrypted passwords is stolen as it makes it easier for attackers to work out brute-force attacks.

Sites that are able to e-mail you a lost password should be stamped out. While I'm not big on banning, it make make sense that a rule require that any site which is going to remember your password in plain form have a big warning on the password setting page and login page:

This site is going to store your password without protection. There is significant risk attackers will someday breach this site and get your ID and password. If you use these credentials on any other site, you are giving access to these other accounts to the operators of this site or anybody who compromises this site.

Sites which keep a hashed password (including the Drupal software running this blog, though I no longer do user accounts) probably should have a lesser warning too. If you use a well-crafted password unlikely to be checked in a brute-force attack, you are probably OK, but only a small minority do that. Such sites still have a risk if they are taken over, because the taken over site can see any passwords typed by people logging in while it's taken over.

Don't feel too guilty for re-using passwords. Everybody does it. I do it, in places where it's no big catastrophe if the password leaks. It's not the end of the world if one blog site has the multi-use password I use on another blog site. With hundreds of accounts, there's no way to not re-use with today's tools. For my bank accounts or other accounts that could do me harm, I keep better hygene, and so should you.

But in reality we should not use passwords at all. Much better technology has existed for many decades, but it's never been built in a way to make it easy to use. In particular it's been hard to make it portable -- so you can just go to another computer and use it to log into a site -- and it's been impossible to make it universal, so you can use it everywhere. Passwords need no more than your memory, and they work for almost all sites.

Even our password security is poor. Most sites use your password just to create a session cookie that keeps you authenticated for a long session on the site. That cookie's even easier to steal than a password at most sites.

I've been musing more on the future of the city under the robocar, and many visions suggest we'll have more sprawl. Earlier I have written visions of Robocar Oriented Development and outlined all the factors urban planners should look at.

In the essay linked below, I introduce the concept of a medium density urban neighbourhood that acts like a higher density space thanks to robocars functioning like the elevators in the high-rises of high density development.

A whole raft of recent robocar news.

UK to modify laws for full testing, large grants for R&D

The UK announced that robocar testing will be legalized in January, similar to actions by many US states, but the first major country to do so. Of particular interest is the promise that fully autonomous vehicles, like Google's no-steering-wheel vehicle, will have regulations governing their testing. Because the US states that wrote regulations did so before seeing Google's vehicle, their laws still have open questions about how to test faster versions of it.

Combined with this are large research grant programs, on top of the £10M prize project to be awarded to a city for a testing project, and the planned project in Milton Keynes.

Jerusalem's MobilEye going public in largest Israeli IPO

The leader in doing automated driver assist using cameras is Jerusalem's MobilEye. This week they're going public, to a valuation near $5B and raising over $600 million. MobilEye makes custom ASICs full of machine vision processing tools, and uses those to make camera systems to recognize things on the road. They have announced and demonstrated their own basic supervised self-driving car with this. Their camera, which is cheaper than the radar used in most fancy ADAS systems (but also works with radar for better results) is found in many high-end vehicles. They are a supplier to Tesla, and it is suggested that MobilEye will play a serious role in Tesla's own self-driving plans.

As I have written, I don't believe cameras are even close to sufficient for a fully autonomous vehicle which can run unmanned, though they can be a good complement to radar and especially LIDAR. LIDAR prices will soon drop to the low $thousands, and people taking the risk of deploying the first robocars would be unwise to not use LIDAR to improve their safety just to save a few thousand for early adopters.

Chinese search engine Baidu has robocar (and bicycle) project

Baidu is the big boy in Chinese search -- sadly a big beneficiary of Google's wise and moral decision not to be collaborators on massive internet censorship in China -- and now it's emulating Google in a big way by opening its own self-driving car project.

Various stories suggest a vehicle which involves regular handoff between a driver and the car's systems, something Google decided was too risky. Not many other details are known.

Also rumoured is a project with bicycles. Unknown if that's something like the "bikebot" concept I wrote about 6 years ago, where a small robot would clamp to a bike and use its wheels to deliver the bicycle on demand.

Why another search engine company? Well, one reason Google was able to work quickly is that it is the world's #1 mapping company, and mapping plays a large role in the design of robocars. Baidu says it is their expertise in big data and AI that's driving them to do this.

Velodyne has a new LIDAR

The Velodyne 64 plane LIDAR, which is seen spinning on top of Google's cars and most of the other serious research cars, is made in small volumes and costs a great deal of money -- $75,000. David Hall, who runs Velodyne, has regularly said that in volume it would cost well under $1,000, but we're not there yet. He has released a new LIDAR with just 16 planes. The price, while not finalized, will be much higher than $1K but much lower than $75K (or even the $30K for the 32 plane version found on Ford's test vehicle and some others.)

As a disclaimer, I should note I have joined the advisory board of Quanergy, which is making 8 plane LIDARs at a much lower price than these units.

Nissan goes back and forth on dates

Conflicting reports have come from Nissan on their dates for deployment. At first, it seemed they had predicted fairly autonomous cars by 2020. A later announcement by CEO Carlos Ghosn suggested it might be even earlier. But new reports suggest the product will be less far along, and need more human supervision to operate.

FBI gets all scaremongering

Many years ago, I wrote about the danger that autonomous robots could be loaded with explosives and sent to an address to wreak havoc. That is a concern, but what I wrote was that the greater danger could be the fear of that phenomenon. After all, car accidents kill more people every month in the USA than died at the World Trade Center 13 years ago, and far surpass war and terrorism as forms of violent death and injury in most nations for most of modern history. Nonetheless, an internal FBI document, released through a leak, has them pushing this idea along with the more bizarre idea that such cars would let criminals multitask more and not have to drive their own getaway cars.

I have many more comments pending on my observations from the recent AUVSI/TRB Automated Vehicles Symposium, but for today I would like to put forward an observation I made about two broad schools of thought on the path of the technology and the timeline for adoption. I will call these the aggressive and conservative schools. The aggressive school is represented by Google, Induct (and its successors) and many academic teams, the conservative school involves car companies, most urban planners and various others.

It's a big week for Robocar conferences.

In Berkeley, yesterday I attended and spoke at the "Robotics: Science and Systems" conference which had a workshop on autonomous vehicles. That runs to Wednesday, but overlapping and near SF Airport is the Automated Vehicles Symposium -- a merger of the TRB (Transportation Research Board) and AUVSI conferences on the same topic. 500 are expected to attend.

Yesterday's workshop was pretty good, with even a bit of controversy.

Yesterday saw:

In the last few months, I have found myself asked many times about a concept for solar roadways. Folks from Idaho proposing them have gotten a lot of attention with FHWA funding, a successful crowdfunding and even an appearance at Solve for X. Their plan is hexagonal modules with strong glass, with panels and electronics underneath, LED lights, heating elements for snow country and a buried conduit for power cables, data and water runoff. In addition, they hope for inductive charging plates for electric vehicles.

Everybody knows about bitcoin, but fewer know what goes on under the hood. Bitcoin provides the world a trustable ledger for transactions without trusting any given party such as a bank or government. Everybody can agree with what's in the ledger and what order it was put there, and that makes it possible to write transfers of title to property -- in particular the virtual property called bitcoins -- into the ledger and thus have a money system.

Satoshi's great invention was a way to build this trust in a decentralized way. Because there are rewards, many people would like to be the next person to write a block of transactions to the ledger. The Bitcoin system assures that the next person to do it is chosen at random. Because the winner is chosen at random from a large pool, it becomes very difficult to corrupt the ledger. You would need 6 people, chosen at random from a large group, to all be part of your conspiracy. That's next to impossible unless your conspiracy is so large that half the participants are in it.

How do you win this lottery to be the next randomly chosen ledger author? You need to burn computer time working on a math problem. The more computer time you burn, the more likely it is you will hit the answer. The first person to hit the answer is the next winner. This is known as "proof of work." Technically, it isn't proof of work, because you can, in theory, hit the answer on your first attempt, and be the winner with no work at all, but in practice, and in aggregate, this won't happen. In effect, it's "proof of luck," but the more computing you throw at the problem, the more chances of winning you have. Luck is, after all, an imaginary construct.

Because those who win are rewarded with freshly minted "mined" bitcoins and transaction fees, people are ready to burn expensive computer time to make it happen. And in turn, they assure the randomness and thus keep the system going and make it trustable.

Very smart, but also very wasteful. All this computer time is burned to no other purpose. It does no useful work -- and there is debate about whether it inherently can't do useful work -- and so a lot of money is spent on these lottery tickets. At first, existing computers were used, and the main cost was electricity. Over time, special purpose computers (dedicated processors or ASICs) became the only effective tools for the mining problem, and now the cost of these special processors is the main cost, and electricity the secondary one.

Money doesn't grow on trees or in ASIC farms. The cost of mining is carried by the system. Miners get coins and will eventually sell them, wanting fiat dollars or goods and affecting the price. Markets, being what they are, over time bring closer and closer the cost of being a bitcoin miner and the reward. If the reward gets too much above the cost, people will invest in mining equipment until it normalizes. The miners get real, but not extravagant profits. (Early miners got extravagant profits not because of mining but because of the appreciation of their coins.)

What this means is that the cost of operating Bitcoin is mostly going to the companies selling ASICs, and to a lesser extent the power companies. Bitcoin has made a funnel of money -- about $2M a day -- that mostly goes to people making chips that do absolutely nothing and fuel is burned to calculate nothing. Yes, the miners are providing the backbone of Bitcoin, which I am not calling nothing, but they could do this with any fair, non-centralized lottery whether it burned CPU or not. If we can think of one.

(I will note that some point out that the existing fiat money system also comes with a high cost, in printing and minting and management. However, this is not a makework cost, and even if Bitcoin is already more efficient doesn't mean there should not be effort to make it even better.)

CPU/GPU mining

Naturally, many people have been bothered by this for various reasons. A large fraction of the "alt" coins differ from Bitcoin primarily in the mining system. The first round of coins, such as Litecoin and Dogecoin, use a proof-of-work system which was much more difficult to solve with an ASIC. The theory was that this would make mining more democratic -- people could do it with their own computers, buying off-the-shelf equipment. This has run into several major problems:

• Even if you did it with your own computer, you tended to need to dedicate that computer to mining in the end if you wanted to compete
• Because people already owned hardware, electricity became a much bigger cost component, and that waste of energy is even more troublesome than ASIC buying
• Over time, mining for these coins moved to high-end GPU cards. This, in turn caused mining to be the main driver of demand for these GPUs, drying up the supply and jacking up the prices. In effect, the high end GPU cards became like the ASICs -- specialized hardware being bought just for mining.
• In 2014, vendors began advertising ASICs for these "ASIC proof" algorithms.
• When mining can be done on ordinary computers, it creates a strong incentive for thieves to steal computer time from insecure computers (ie. all computers) in order to mine. Several instances of this have already become famous.

The last point is challenging. It's almost impossible to fix. If mining can be done on ordinary computers, then they will get botted. In this case a thief will even mine at a rate that can't pay for the electricity, because the thief is stealing your electricity too.

Five years ago, I posted a rant about the excess of customer service surveys we're all being exposed to. You can't do any transaction these days, it seems, without being asked to do a survey on how you liked it. We get so many surveys that we now just reject these requests unless we have some particular problem we want to complain about -- in other words, we're back to what we had with self-selected complaints.

Some recent press and talks:

Earlier in June I sat down with "Big Think" for an interview they have titled "Robocars 101" explaining some of the issues around the cars.

So far it's been big players like Google and car companies with plans in the self-driving space. Today, a small San Francisco start-up named Cruise, founded by Kyle Vogt (a founder of the web video site Justin.tv) announces their plans to make a retrofit kit that will adapt existing cars to do basic highway cruise, which is to say, staying in a lane and keeping pace behind other cars while under a driver's supervision.

On my recent wanderings in Europe, I became quite enamoured by Google's latest revision of transit directions. Google has had transit directions for some time, but they have recently improved them, and linked them in more cities to live data about where transit vehicles actually are.

I'm in the home stretch of a long international trip -- photos to follow -- but I speak tomorrow at Lincoln Center on how computers (and robocars) will change the worlds of finance. In the meantime, Google's announcement last month has driven a lot of news in the Robocar space worthy of reporting.

25 years ago, on June 8, 1989, I announced to the world my new company ClariNet, which offered for sale an electronic newspaper delivered over the internet. This has the distinction, as far as I know, of being the first business created to use the internet as a platform, what we usually call a "dot-com" company.

I've been on the road for the last month, and there's more to come. Right now I'm in Amsterdam for a few hours, to be followed by a few events in London, then on to New York for Singularity U's Exponential Finance conference, followed by the opening of our Singularity University Graduate Studies Program for 2014.

It's not too surprising that the release of images of Google's prototype robocar have gotten comments like this:

Revolutionary Tech in a Remarkably Lame Package from Wired

A Joy Ride in Google's Clown Car says Re/Code

In what is the biggest announcement since Google first revealed their car project, it has announced that they are building their own car, a small low-speed urban vehicle for two with no steering wheel, throttle or brakes. It will act as a true robocar, delivering itself and taking people where they want to go with a simple interface. The car is currently limited to 25mph, and has special pedestrian protection features to make it even safer. (I should note that as a consultant to that team, I helped push the project in this direction.)

News from Google's project is rare, but today on the Google blog they described new achievements in urban driving and reported a number of 700,000 miles. The car has been undergoing extensive testing in urban situations, and Google let an Atlantic reporter get a demo of the urban driving which is worth a read.

Many states and jurisdictions are rushing to write laws and regulations governing the testing and deployment of robocars. California is working on its new regulations right now. The first focus is on testing, which makes sense.

Unfortunately the California proposed regulations and many similar regulations contain a serious flaw:

I wrote earlier on how we might make it easier to find a lost jet and this included the proposal that the pingers in the black boxes follow a schedule of slowing down their pings to make their batteries last much longer.

I read a lot of feeds, and there are now scores of stories about robocars every week. Almost every day a new publication gives a summary of things. Here, I want to focus on things that are truly new, rather than being comprehensive.