Kenyan news excitedly tells us that they may have the crucial explanation so far of the border conflict in Europe.
Ambassador Martin Kimani, Kenya’s Permanent Representative to the United Nations, outlined the country’s position on the Ukraine-Russia conflict during an emergency Security Council meeting on Monday, February 21.
Kimani delivers a fantastic speech, the best I’ve seen so far on the topic, and allegedly already has other nations backing Ukraine against Russian divisiveness and military aggression.
A Samsung-built ship “specialized” to carry luxury European cars to America is reportedly a smoldering wreck in the Atlantic, after catching on fire 90 nautical miles (170 km) southwest of the island Faial.
Thousands of Porsches, Audis, and Lamborghinis were marooned on an unmanned burning cargo ship in the middle of the Atlantic Ocean Thursday. […] The ship was still burning and billowing out clouds of white smoke as a Portugal navy ship inspected whether it was in danger of sinking, officials said.
Luke Vandezande, a spokesperson for Porsche, said the company estimates around 1,100 of its vehicles were among those on board Felicity Ace at the time of the fire.
My first guess would still be that a Lamborghini started the blaze. Here’s just a thought. Someone was in a Lambo revving the engine with nowhere to go. This is a common thing for people who like to play loud noises but don’t understand when the car doesn’t move to let heat dissipate (including excessive waste, such as flaming exhaust), then at some point flames engulf the body.
In an ironic twist for their manufacturer (regulations cheating Volkswagen) one easily could argue that diesel vehicles (even Porsche) shipped to Americans would have been far less likely to cause such an environmental disaster.
3 F83 AUDI E-TRON
24 GEA AUDI E-TRON SPORTBACK
1 GEA AUDI E-TRON SPORTBACK
5 GEN AUDI E-TRON
30 F4B AUDI Q4 E-TRON
29 F4B AUDI Q4 E-TRON
1 F83 AUDI E-TRON
Also of note on the boat is a 2016 FORD MUSTANG VIN: 1FA6P8CF6G5283818 consigned to 313 AMBER JILL COVE KILLEEN, TX 76549. I don’t see anyone writing about that, let alone a 2018 HARLEY DAVIDSON FAT BOB VIN: 1HD1YLK12JC022519 consigned to 820 GARZA JONES LANE LAREDO, TX 78045.
An odd development in Massachusetts was picked up by eagle-eyed lawyers and a federal judge, that car makers are easily complying with a law they say they can’t possibly achieve:
Last week, according to court transcripts, the federal judge in Alliance for Automotive Innovation v. Healy said he was close to a verdict but that he needed more information from the Alliance as to why it did not disclose that the new Subaru and Kia vehicles complied with the ”right to repair” technical requirements that the complaint claimed are impossible to follow. Judge Douglas Woodlock said, “We will ask whether we are dealing with concerted ignorance, willful blindness or simply ‘don’t ask, don’t tell.’” The Alliance claims that it did not find out about the Subaru and Kia vehicles until after the evidence was presented to the judge last fall. Judge Woodlock said he was “trying to figure out why I should be as irritated as I am.”
Very interesting to see such a long tail instead of the usual up and down audience curve. Anyone have a guess why this vulnerability is getting so much more audience?
Apple, per usual, is very tight-lipped about their emergency security patch, which has been credited to an anonymous researcher.
Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Description: A use after free issue was addressed with improved memory management.
Alleged so far is that this marks a 0-day in Apple devices (exploited in the wild before the patch was released), easily hacked by clicking on just one link (1-click) or perhaps even less (0-click through waterholes, cross-site scripting, man-in-the-middle, captive portal, etc). It would be hard to allege anything higher risk, and that is surely generating attention.
It’s also probably safe to say that a 15.3.1 minor release just two weeks after ten major security fixes are announced in the 15.3 release (including in-the-wild 0-day patch of CVE-2022-22587 — code execution with kernel privileges)… all means this patch is even more unusually important.
Worth noting is that malware researchers are pulling the “UPDATE NOW” alarm, and CISA is similarly saying “we’ve added one more” the next day after publishing their latest “Known Exploited Vulnerabilities Catalog”.
…evidence that threat actors are actively exploiting the vulnerability… remediation due date: 2/25/2022 [only two weeks from Apple’s patch release]
Highly unusual to have a critical patch announcement dropped almost immediately on top of a critical patch announcement, forcing everyone in the US government to patch Apple devices basically right now instead of whatever else they have to think about. It doesn’t get any more serious than this one.
As a laugh I also have to give credit where due, as The Register apparently published on this vulnerability all the waaaay back in 1970!
Source: VulMon
Leave it to a vulnerability reporting site to have an obvious integrity flaw sitting out in the open like that.
And as another laugh, that Register article cites a ex-Google guy now a Microsoft browser program manager throwing stones from inside his glass house
Imagine, if you can, a world where installing an alternative browser as your default actually had a chance of protecting you from [a software company’s] shocking underinvestment in security
Indeed. Chrome on Google and Edge on Microsoft should be your last choice, given what we know about WebKit on Apple having issues. Another Google guy cited by The Register wants you to worry about Apple based on the following analysis:
Apple’s average repair time for iOS bugs is more or less the same and Google’s average repair time for Android – 70 and 72 days respectively. …”WebKit is the outlier in this analysis, with the longest number of days to release a patch at 73 days,” wrote Project Zero researcher Ryan Schoen.
“Outlier” seems rather strongly worded when looking at a spread of 70, 72 and 73. Confusingly, Ryan here is being represented as saying because Chrome is patched on a 30 day average then iOS should have its Webkit patched faster. That’s like comparing bananas and Apples.
Average Fix Time:
Android (72 days) versus iOS (70 days)
Chrome (30 days) versus Webkit (73 days)
The answer to why Webkit is slower than Chrome is really just a matter of how program managers are pushing releases, which Google admits in their analysis of Microsoft.
For Microsoft, we suspect that the high time to fix and Microsoft’s reliance on the grace period are consequences of the monthly cadence of Microsoft’s “patch Tuesday” updates, which can make it more difficult for development teams to meet a disclosure deadline. We hope that Microsoft might consider implementing a more frequent patch cadence for security issues, or finding ways to further streamline their internal processes to land and ship code quicker.
Related is the fact that Google security telling Google engineering to fix things faster under Google’s dubious business model is fundamentally different than when Google’s security team admits they don’t get how Microsoft and Apple do business (hint: it doesn’t involve *cough* anymore *cough* screwing customers with terrible safety).
And one big reason more people don’t flip to a Chrome security team’s ivory tower thinking of over-privileged control with its constant and rapid-release mentality is because of an old (perhaps wise and considerate) sentiment that you shouldn’t need to constantly fix things if you try to design them for some degree of stability that serves the needs of others.
This is expressed simply in the Linux community as a sliding spectrum from “daily” builds to “long term support” (LTS). Sometimes LTS will have an urgent patch, yet for most of the time it skips all the daily nonsense such as patches for patches that were just patched.
Of course I am not saying here that it’s somehow inherently right to — *gasp* — expect one month to go by without having to absorb cost of an update, but there does exist a world where you CAN’T update faster due to many environmental conditions well-known to scientists who care a lot about predictability and stability (e.g. launching exploratory missions into uncontrolled spaces).
