Very nicely executed device with a good price point. Of course it's an utter nightmare with regards to privacy and I'd be very nervous regarding security and safety when I'd hand over the controls of my car to basically an android phone. Maybe I skimmed over it but I'd be interested in knowing which phones they use exactly.
So I applaud the engineering but it's not a device I'd buy (and yes I do own and carry around a cell phone).
My main concern would be that the architecture of an OTS Android system does not offer any guarantees regarding real-time i.e. hard deadlines.
Ever had an android app or even the whole phone locking up? Even if it is only for a second or two, I don't want this to happen to a device that feeds live data into my car's controller.
Even if this is only level 2 driver assist. If a car would get a bogus "you are crossing a divider line" signal for e.g. 2 seconds, it would start to steer quite persistently (even if with limited force) in a certain direction and you would have to counter that action.
I think thats the ultimate plan, but if you listen to GeoHotz talk about it, he really wants an economical self driving solution. E.g. waymo cars cost 100k+ and thus isn't economical.
It's also opensource so I think the end game is to have manufactures adopt this and go through the whole song and dance of getting it full validated on their vehicles.
Also likely selling access to the ml model and/or training data.
Openpilot is accruing many trips/miles for their dataset, the model and data isn't open-source.
That appears to be where the gold is stashed to my eyes.
If the software is open source and works very well, comma will still have a long lead in developing a great self driving model for which the bricks are miles driven down the road in normal commutes and trips by real drivers in real world conditions.
This system is meant for cars without level 2 driver assist, so not for Teslas.
Further, the system has no control over what "disengages" in the car itself - it is sending bogus sensor inputs to elicit a reaction according to level 2 driver assistance. Thus, if it sends such bogus inputs and fails at doing this "reliably", it will result in misbehaving steering, breaking, etc. which it does not control itself.
Further, if it was in control, my argument would stay: If your controlling device has left the building (crashed), it can also not disengage anything any more reliably.
Openpilot uses an embedded controller that is connected to the phone via usb to control communication on the CAN busses. It is what enforces the disengagement, and the code on it follows the MISRA standard. The phone can send random commands and you should still be able to maintain control of the vehicle.
The driving model runs on the modified android OS (NEOS), but the safety critical code runs separately real-time on a SIL2 STM32 microcontroler. Comma strives for ISO26262 compliance.
The next comma hardware will ditch android and phones though.
I'm much less worried about privacy with an open-source solution. At least I can inspect the various ways in which they spy on me, and if I'm super extra motivated I could stop that. Tesla, on the other hand, is the real nightmare.
Can I even buy a new car in the U.S. these days that isn't a rolling Orwellian nightmare?
Honda's cars (which are compatible with OpenPilot) don't connect to the internet unless you really want software updates, and those can be transferred via USB easily (or you can just not update it, since it's a car).
So I applaud the engineering but it's not a device I'd buy (and yes I do own and carry around a cell phone).