A Samsung-built ship “specialized” to carry luxury European cars to America is reportedly a smoldering wreck in the Atlantic, after catching on fire 90 nautical miles (170 km) southwest of the island Faial.
Thousands of Porsches, Audis, and Lamborghinis were marooned on an unmanned burning cargo ship in the middle of the Atlantic Ocean Thursday. […] The ship was still burning and billowing out clouds of white smoke as a Portugal navy ship inspected whether it was in danger of sinking, officials said.
Luke Vandezande, a spokesperson for Porsche, said the company estimates around 1,100 of its vehicles were among those on board Felicity Ace at the time of the fire.
My first guess would still be that a Lamborghini started the blaze. Here’s just a thought. Someone was in a Lambo revving the engine with nowhere to go. This is a common thing for people who like to play loud noises but don’t understand when the car doesn’t move to let heat dissipate (including excessive waste, such as flaming exhaust), then at some point flames engulf the body.
In an ironic twist for their manufacturer (regulations cheating Volkswagen) one easily could argue that diesel vehicles (even Porsche) shipped to Americans would have been far less likely to cause such an environmental disaster.
3 F83 AUDI E-TRON
24 GEA AUDI E-TRON SPORTBACK
1 GEA AUDI E-TRON SPORTBACK
5 GEN AUDI E-TRON
30 F4B AUDI Q4 E-TRON
29 F4B AUDI Q4 E-TRON
1 F83 AUDI E-TRON
Also of note on the boat is a 2016 FORD MUSTANG VIN: 1FA6P8CF6G5283818 consigned to 313 AMBER JILL COVE KILLEEN, TX 76549. I don’t see anyone writing about that, let alone a 2018 HARLEY DAVIDSON FAT BOB VIN: 1HD1YLK12JC022519 consigned to 820 GARZA JONES LANE LAREDO, TX 78045.
An odd development in Massachusetts was picked up by eagle-eyed lawyers and a federal judge, that car makers are easily complying with a law they say they can’t possibly achieve:
Last week, according to court transcripts, the federal judge in Alliance for Automotive Innovation v. Healy said he was close to a verdict but that he needed more information from the Alliance as to why it did not disclose that the new Subaru and Kia vehicles complied with the ”right to repair” technical requirements that the complaint claimed are impossible to follow. Judge Douglas Woodlock said, “We will ask whether we are dealing with concerted ignorance, willful blindness or simply ‘don’t ask, don’t tell.’” The Alliance claims that it did not find out about the Subaru and Kia vehicles until after the evidence was presented to the judge last fall. Judge Woodlock said he was “trying to figure out why I should be as irritated as I am.”
Very interesting to see such a long tail instead of the usual up and down audience curve. Anyone have a guess why this vulnerability is getting so much more audience?
Apple, per usual, is very tight-lipped about their emergency security patch, which has been credited to an anonymous researcher.
Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Description: A use after free issue was addressed with improved memory management.
Alleged so far is that this marks a 0-day in Apple devices (exploited in the wild before the patch was released), easily hacked by clicking on just one link (1-click) or perhaps even less (0-click through waterholes, cross-site scripting, man-in-the-middle, captive portal, etc). It would be hard to allege anything higher risk, and that is surely generating attention.
It’s also probably safe to say that a 15.3.1 minor release just two weeks after ten major security fixes are announced in the 15.3 release (including in-the-wild 0-day patch of CVE-2022-22587 — code execution with kernel privileges)… all means this patch is even more unusually important.
Worth noting is that malware researchers are pulling the “UPDATE NOW” alarm, and CISA is similarly saying “we’ve added one more” the next day after publishing their latest “Known Exploited Vulnerabilities Catalog”.
…evidence that threat actors are actively exploiting the vulnerability… remediation due date: 2/25/2022 [only two weeks from Apple’s patch release]
Highly unusual to have a critical patch announcement dropped almost immediately on top of a critical patch announcement, forcing everyone in the US government to patch Apple devices basically right now instead of whatever else they have to think about. It doesn’t get any more serious than this one.
As a laugh I also have to give credit where due, as The Register apparently published on this vulnerability all the waaaay back in 1970!
Source: VulMon
Leave it to a vulnerability reporting site to have an obvious integrity flaw sitting out in the open like that.
And as another laugh, that Register article cites a ex-Google guy now a Microsoft browser program manager throwing stones from inside his glass house
Imagine, if you can, a world where installing an alternative browser as your default actually had a chance of protecting you from [a software company’s] shocking underinvestment in security
Indeed. Chrome on Google and Edge on Microsoft should be your last choice, given what we know about WebKit on Apple having issues. Another Google guy cited by The Register wants you to worry about Apple based on the following analysis:
Apple’s average repair time for iOS bugs is more or less the same and Google’s average repair time for Android – 70 and 72 days respectively. …”WebKit is the outlier in this analysis, with the longest number of days to release a patch at 73 days,” wrote Project Zero researcher Ryan Schoen.
“Outlier” seems rather strongly worded when looking at a spread of 70, 72 and 73. Confusingly, Ryan here is being represented as saying because Chrome is patched on a 30 day average then iOS should have its Webkit patched faster. That’s like comparing bananas and Apples.
Average Fix Time:
Android (72 days) versus iOS (70 days)
Chrome (30 days) versus Webkit (73 days)
The answer to why Webkit is slower than Chrome is really just a matter of how program managers are pushing releases, which Google admits in their analysis of Microsoft.
For Microsoft, we suspect that the high time to fix and Microsoft’s reliance on the grace period are consequences of the monthly cadence of Microsoft’s “patch Tuesday” updates, which can make it more difficult for development teams to meet a disclosure deadline. We hope that Microsoft might consider implementing a more frequent patch cadence for security issues, or finding ways to further streamline their internal processes to land and ship code quicker.
Related is the fact that Google security telling Google engineering to fix things faster under Google’s dubious business model is fundamentally different than when Google’s security team admits they don’t get how Microsoft and Apple do business (hint: it doesn’t involve *cough* anymore *cough* screwing customers with terrible safety).
And one big reason more people don’t flip to a Chrome security team’s ivory tower thinking of over-privileged control with its constant and rapid-release mentality is because of an old (perhaps wise and considerate) sentiment that you shouldn’t need to constantly fix things if you try to design them for some degree of stability that serves the needs of others.
This is expressed simply in the Linux community as a sliding spectrum from “daily” builds to “long term support” (LTS). Sometimes LTS will have an urgent patch, yet for most of the time it skips all the daily nonsense such as patches for patches that were just patched.
Of course I am not saying here that it’s somehow inherently right to — *gasp* — expect one month to go by without having to absorb cost of an update, but there does exist a world where you CAN’T update faster due to many environmental conditions well-known to scientists who care a lot about predictability and stability (e.g. launching exploratory missions into uncontrolled spaces).
Someone clearly thought it was important to very publicly call out a notoriously low-integrity American “news” source for being aligned with foreign military intelligence.
…officials said Zero Hedge, which has 1.2 million Twitter followers, published articles created by Moscow-controlled media that were then shared by outlets and people unaware of their nexus to Russian intelligence…
A tone-deaf response was then published by Zero Hedge, cited in the same article, which confirmed they knew they were spreading anti-American propaganda — as if an attack on truth (intentional lying) is a legitimate “side” for Zero Hedge to be on.
…publish a wide spectrum of views that cover both sides of a given story…
Wide spectrum? 2+2=5 is part of a “wide” spectrum. And “both sides” is a concept that invalidates “wide spectrum”, which I will explain in a minute.
First, this is like Zero Hedge saying “let’s hear from someone who denies basic math” as if that person needs help to spread obvious nonsense, increasing the cost of communication. Nobody really wants to hear 2+2=5 in their “spectrum” of news.
Someone who is actively doing wrong, someone who spreads intentional disinformation as part of a targeted military intelligence campaign, is being brought into the conversation because… why?
Second, in a spectrum you have many sides. However, if you cite “both sides” you negate the spectrum and force a binary. That’s a tactic to try to bring in a view that has been rejected, validate a side that doesn’t exist.
It is in fact a dog-whistle going back to at least the Civil War (if not WWII), which tries to promote obvious criminals and losers as deserving a voice and give them a chance to win after losing so obviously.
Let’s look at the Civil War for example. When Woodrow Wilson very clearly tried to re-write history, he claimed that the pro-slavery states starting a war to expand slavery weren’t doing the exact thing they had announced they were doing.
It was necessary [for the United States defending itself] to put the South at a moral disadvantage by transforming the contest from a war waged against states fighting for their independence into a war waged against states fighting for the maintenance and extension of slavery.
The “states fighting for their independence” wanted independence specifically “for the maintenance and extension of slavery.”
The South was at a moral disadvantage because it aspired to be nothing more than a white police state that profited almost exclusively from human trafficking.
Woodrow Wilson was a ruthless anti-American propagandist, evidenced by things like how he solicited Black votes to become President and then used his power to remove all Blacks from government and dilute or remove their voting rights.
Kind of similar to what Andrew Jackson did 100 years earlier, and kind of similar to what George Washington did 100 years before that. See the problem with “both sides” being an invitation to regression and mass casualties?
The opposite of the “both sides” propaganda of Woodrow Wilson was President Grant’s famous campaign slogan “Let Us Have Peace“, which asserted there was a proven right and moral side to American victory over its enemy in war.
In other words… stop saying maintenance and extension of slavery has any “sides” or arguments worth hearing. It is beyond the spectrum of acceptable views.
Both the ballot box and the battle field have settled the argument. Let us have peace.
Grant won his 1868 campaign for President in a huge landslide, defeating a “side” that literally ran on a platform called “this is a white man’s country”, which in retrospect obviously was not a side at all.
Logically speaking a “both sides” claim also floats towards a form of the “tu quoque” (you too, appeal to hypocrisy) logical fallacy. Instead of presenting a logical argument, “both sides” misdirects using false statements (e.g. alleging to be interested in a “wide spectrum of views” when in fact shifting attention to a very narrow and intentionally wrong one) to obfuscate and distract from accountability of making such false statements.
