Category Archives: Security

CO Tesla Kills One by Running a Red Light

Wow, what year is this already? Hands free cross-country driving was promised by the CEO of Tesla to be solved by 2017, along with boasts of delivering the safest car on the road because it won’t even crash. And yet here’s yet another tragic red light runner death instead… going nearly 100 mph in a 40?

Aurora police said the driver of the Tesla reportedly ran a red light at South Airport Boulevard and collided with a vehicle in the northbound lane that had the right of way with a green light. The Tesla subsequently spun out and crashed into two more vehicles — one of which was an Aurora police vehicle that was stopped in the intersection.

The officer was not hurt, but two adults and four children suffered injuries, in addition to the driver of the Tesla who died on scene.

[…]

The officer conducting speed enforcement said he clocked the Tesla going 97 miles an hour in a 40 mph zone.

2026 Tesla Crashed Before 200 Miles on Odometer

Per my earlier post about Tesla safety marketing, their FSD is only able to go 200 miles (maybe 400 at the most) without an intervention. So, here’s an interesting update on a 2026 model.

Elon Musk has said his cars just won’t crash in 2025, but quantitative data says that’s a lie. And now qualitative data from the latest model proves it an even bigger lie.

This freshly delivered Tesla Model Y had just 197 miles on the odometer when it was crashed

Texas has had hundreds of Tesla appearing in junkyards with low mileage… for a while now.

Digital Wallets at Crossroads: EU Leaps Ahead in New Open Test

Two recent posts by well-known payment processing voices highlight contrasting approaches to the future of digital wallets. David Birch, a digital financial services thought-leader, and the EU Digital Wallet Consortium (EWC) have each presented very different visions of how digital wallets are developing. Birch presents commercial interests and consumer behavior as most interesting, whereas the EWC highlights a production-level success of regulatory frameworks and cross-border standardization.

Commercial Battlefields: Winner Takes All

In Birch’s March 26, 2025 post, “What Are Digital Wallets? And Why Are They A Big Deal?” he suggests digital wallets are a commercial battleground, where major tech companies are placing “their tanks on the banks’ lawn,” forcefully encroaching on financial institutions’ territory with comprehensive digital wallet offerings. This is a bit like if IBM had tried to force proprietary network protocols on financial institutions to do business (they did, look up Token Ring let alone X.25 and how and why they lost to open standards of Ethernet and TCP/IP).

What Birch doesn’t fully emphasize is that this isn’t just tech companies versus banks—it’s also tech giants fiercely competing against each other to eliminate competition entirely. Apple Wallet and Google Wallet are engaged in an existential struggle for total market dominance, with each seeking to establish their own ecosystem as the default standard with no reason or expectation that they would settle with competition existing in any form or fashion.

There’s no cooperation seen or perceived, which is obvious to anyone in any group with an Apple and Google device trying to compare and share wallets. The commercial enemies are fighting a zero-sum game where increased adoption of one wallet likely comes at the direct expense of the other.

With this in mind Birch defines the strategic value of wallets not just in holding financial data but in identity management tied to that data (like a driver’s license for your credit card): “Ultimately, then, wallets are about organising identity, not money.” This perspective positions digital wallets as foundational for commercially-controlled movement and access within society, far beyond the exchange of goods or services related to such movements. Imagine oligarchs eager to force you to live only inside their hamster wheel, where they make a penny every step you take.

The commercial vision Birch presents is of course one where he believes competition drives innovation, with wallet providers fighting for a slice of a rapidly growing pie—”digital transactions grow from $9 trillion in 2023 to an estimated $16 trillion over the next five years,” according to his cited research. His views reflect a common American misbelief, one that overlooks how competition success leads to rapid stagnation once market “dominance” is achieved. Innovation really is the inverse to competition, it is the child of regulation that spurs people to collaborate instead of crush ideas that might challenge dominance.

Innovations from Regulations: Collaboration Through Standards

Consider therefore, in stark contrast, the EU Digital Wallet Consortium’s post from two weeks ago that announces a milestone achievement: “First Real Payment Using the EU Digital Identity Wallet.” This post celebrates a successful cross-border transaction using an EU-sanctioned digital identity wallet, where a Romanian bank’s Visa card was used to purchase a Greek ferry ticket through the iGrant.io wallet.

The EWC’s vision is fundamentally regulatory-driven innovations, emphasizing standardization, interoperability, and cross-border functionality within Europe’s distributed and representative regulatory landscape. Their announcement focuses on proving that “specifications developed by the EWC payment task force work in a production environment.”

Two Contrasting Approaches

Birch’s Commercial Vision EWC’s Regulatory Vision
Foundation Built for commercial advantage and market capture Built on identity verification and public interest
Competition Model Zero-sum game with tech giants seeking to eliminate rivals Collaborative development with multiple stakeholders
Innovation Source Claims market competition drives innovation Positions regulation as the true driver of innovation
End Goal Market consolidation around a single dominant player Interoperable ecosystem serving citizens across borders

Is There an Innovation Paradox?

Birch’s position represents a common Silicon Valley ideology that competition naturally produces innovation. Yet history tells a different story, especially when you consider there would never have been a Silicon Valley without unlimited federal dollars pouring into it during WWII to create a tech industry. Once market dominance is achieved by a corporation, technology often stagnates as dominant players see more value in protecting a position and squeezing consumers for margins rather than investing or continuing to innovate.

Microsoft’s monopolistic efforts to exert unnatural browser dominance led to years of stagnation in web standards until Firefox and Chrome emerged as competitors, thanks to regulations, and rulings against Microsoft.

The EU approach recognizes this as more than a paradox, but rather as the logic of regulation. It’s as common sense as having referees in a football game, to ensure law and order of a fair playing field. By creating frameworks that mandate interoperability and protect consumer interests, they create space for genuine viable innovations to serve public needs rather than merely advancing unregulated and unfair corporate dominance. It’s like saying bridges should be measured as viable only when they ensure safe traffic across a gap, and not on the basis of tolls collected until it collapses.

Future of Digital Wallets

As these two approaches collide, we’re likely to see increasing tension between commercial wallet providers trying to establish walled gardens and regulatory efforts to ensure open standards. For consumers, the question becomes: do we want our digital identity controlled by a single corporate entity with the biggest tanks that won at the “wallet wars,” or managed through transparent, democratic processes that ensure no single entity becomes too powerful?

The EWC milestone suggests that regulatory-driven innovation can deliver functional solutions that prioritize user needs over corporate profits. Meanwhile, the commercial battle continues unabated, with each tech giant seeking to become the one wallet to rule them all.

What’s clear is that digital wallets are no longer just about payments—they’re about who controls the infrastructure of our digital identity. And that makes the choice between these competing visions not just a technical matter, but a profoundly political one. As digital wallets become the access points for everything from financial services to government benefits, the model we choose today will shape power dynamics in the digital economy for decades to come.

Ukraine Trains Run on Time Despite Russian Attacks on Ticketing Systems

The recent Russian cyberattack on Ukraine’s railway infrastructure demonstrates a fundamental security principle: distributed, open systems consistently prove more resilient than centralized, closed ones. This principle, though counterintuitive for some, has profound implications for how we should design critical infrastructure in an era of increasing cyber threats.

Transportation efficiency studies across Europe provide compelling evidence for this principle in practice:

  1. London and Paris focus on constant access proofs through physical and digital barriers, creating an easily broken “prevention” system overly-dependent on vendors building ever more expensive micro-movement taxation systems.
  2. Berlin’s model accepts “open door” access for system resilience and maximized throughput for low cost and high gain, based on “detection and enforcement” approaches that prioritize operational continuity.

The results speak for themselves:

  • Berlin’s system moves approximately 20-25% more passengers per hour during peak times due to fewer bottlenecks.
  • Berlin’s infrastructure costs are estimated to be 30-40% lower due to reduced need for physical barriers and monitoring systems.
  • The ROI is compelling from both economic and security perspectives.

Berlin’s distributed system principles mirror exactly what helped Ukraine’s railway system withstand a recent cyberattack, as reported by Reuters:

Blaming the cyberattack on the “enemy”, shorthand usually used by Kyiv to mean Russia, officials said rail travel had not been affected but that work was still under way to restore the online ticketing system more than 24 hours after the hack. An outage was first reported on Sunday when the rail company notified passengers about a failure in its IT system and told them to buy tickets on-site or on trains. “The latest attack was very systemic, unusual and multi-level,” rail company Ukrzaliznytsia wrote on the Telegram app.

By maintaining operational flow while ticketing availability was compromised, they exhibited resilience through distributed and redundant systems:

Oleksandr Pertsovskyi, Ukrzaliznytsia’s board chairman, said on national television that the company had handled the fallout from the attack well. “Operational traffic did not stop for a single moment. The enemy attack was aimed at stopping trains, but we quickly switched to backup systems.”

This successful response demonstrates that if they issued high-volume, low-cost monthly tickets, these attacks would be even less effective. This pattern follows documented precedents of attackers focusing on authentication systems—from the 2016 Ukrainian Power Grid credential theft to the alleged 2025 Oracle Cloud Access Manager compromise.

The Russian approach to the Ukrainian railway reveals tactical limitations that explain its ineffectiveness. Their persistent focus on centralized authentication points rather than adapting to counter distributed security models represents a strategic vulnerability, similar to deploying conventional forces against highly mobile, asymmetric defenders.

Russia’s unchanging focus remains on:

  1. Seeing freedom of movement as a function of individuals requiring tickets through centrally-controlled checkpoints rather than actual trusted privilege and distributed authority
  2. Believing a psychological impact comes from impatience in a perceived service degradation, rather than actual kinetic harms

This approach parallels historical military failures against asymmetric opponents, similar to how Ukrainian mobile units have proven effective against Russian armored columns—echoing the British information warfare methods documented in their WWI Gaza/Beersheba campaign.

What makes the Russian attack significant isn’t the technical sophistication but how it puts London, Paris, and NYC on notice for having similar strategic weaknesses—the more authoritarian the model of civilian movement, the more vulnerable to attacks by foreign authoritarian adversaries.

The successful Ukrainian response offers three critical lessons for anyone designing data storage and identity management systems:

  • Distributed Resilience: Operations continued despite authentication compromise
  • Manual Fallbacks: Ticket issuance shifted to in-person
  • Open Standards: Less dependency on proprietary authentication

This pattern of breaching systems through authentication vulnerabilities reveals predictable tactics that demand a new approach. The days of “lockout after three tries” and other simplistic Microsoft “Domain” approaches to security are clearly obsolete in today’s identity threat landscape.

Evolution of defense requires a fundamental return to first-principles of security architecture, moving away from centralized prevention toward distributed detection and resilience. Authentication systems should be designed with the assumption of compromise and logical resilience rather than the illusion of impenetrability—similar to how the 1970s “Inter-net” was designed with open protocols that could survive targeted Soviet threats.

This is the reality of modern information technology operations: authentication isn’t just another service to protect—it’s a primary battlefield that demands openness and interoperability as survival mechanisms.

Centralized systems built without distributed concepts are like a modern bridge made of poorly guarded chains instead of superior engineering in braided inexpensive wires, where any single expensive link would cause catastrophic system failure.