Tesla and Twitter Should be Banned as Threats to Global Security

As you may remember, I’ve explained before why and how Elon Musk constantly stands accused of enabling racism while doing absolutely nothing to help anti-racism (e.g. he’s racist).

Elon Musk increasingly has shown himself to be racist since immigrating to America from South Africa. Like many around the world he saw how being racist can still lead to a very successful career path in the United States.

Tesla is infamous for toxic racism enabled by its CEO, leading to low safety and quality. It’s an engineering nightmare with its products falling far below industry baseline.

It’s a wonder how such unsafe vehicles are allowed to operate on public roads. Uber had the good sense to terminate its entire driverless program after it killed just one pedestrian, while Tesla is so dumb it’s killing unprecedented numbers of innocent people and shows no intention to slow down. In fact, the explosion of serious safety complaints to regulators from new Tesla owners is shocking. Complaints even went up after attempting to do safety recalls, to give you some idea how bad Tesla engineers are at their job.

Tesla quickly rolled out an over-the-air update to address the issue, yet, since that recall reports of phantom or unintended braking are higher than ever. In fact, the single highest reported cases of phantom breaking analyzed by the Post occurred just one month after the recall.

Banning Tesla is the right move in any region concerned with its safety, as such a vehicle has little to no self-regulation. Such a ban will prevent easily predictable accidents and reduce serious harm.

Now we’re watching Twitter being turned into a toxic white nationalist organization, to gestate and coddle terrible ideas even worse than Tesla.

Blocking Twitter thus is the right move in any region concerned with its safety, as such a vehicle has little to no self-regulation. Such a block will prevent easily predictable accidents and reduce serious harm.

History is the right guide here. The unregulated empire of Ford (infamous for enabling racism while doing absolutely nothing to help anti-racism) very noisily bought a newspaper to spread hateful disinformation, which led directly to the rise of Nazi Germany and genocide.

Arguably Henry Ford loved to breed hate so much he created an industrial engine for it that directly influenced and aided Adolf Hitler. Source: The Dearborn Historian

For those who don’t remember Henry Ford purchased his hometown newspaper (The Dearborn Independent) in 1918 specifically to viciously spread his vision of hate (e.g. personally promote baseless political conspiracies) such as a bogus conspiracy about America being “infected” by Jews. Ford pushed nearly 100 issues of his garbage ideas, bound them all into four volumes imaginatively titled “The International Jew,” and distributed half a million copies via his own network of dealerships and subscribers, not to mention by Nazi leaders in Germany.

Speaking in 1931 to a Detroit News reporter, Hitler said he regarded Ford as his “inspiration”, explaining his reason for keeping Ford’s life-size portrait next to his desk.

Steven Watts wrote that Hitler “revered” Ford, proclaiming that “I shall do my best to put his theories into practice in Germany”…

50,000 American autoworkers and their children in 1941 protested Ford’s relationship with Hitler. Source: Wayne State University

Henry Ford the rich automobile man thus bought a media company to breed and spread hateful disinformation that otherwise would have had far less authority. His tragic history and direct role in the rise of Nazism thus brings an obvious lesson in what to do now to avert global suffering from Elon Musk.

Banning Tesla and Twitter would immediately enable the market to produce far higher quality goods, as well as protect consumers, expanding the market for more ideas at the same time as improving it with better ones.

After all, we have seen courts clearly regulate online hate speech as equivalent to physical harassment, right?

…online campaigns of hate, threats and intimidation have no place in a civil society and enjoy no protection under our Constitution.

Or more to the point of how regulation drives innovation, after America occupied Japan and Germany to explicitly ban Ford-like fascism (remove violent cheaters and liars from the market) those countries rose rapidly to produce the highest quality and most trusted cars in the world.

CVE-2022-42827 May Be Bad… But Apple Ventura has 40 CVE in Vim alone

Journalists are busying themselves to tell Apple users the sky is falling, given the quiet hint from Apple about exploitation of CVE-2022-42827…

An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.

Actively exploited?

That’s a giant flashing red light buried by Apple halfway down their security advisory page.

Meanwhile a far more interesting and crazy detail nobody is taking about is that MacOS Ventura security lists forty, that’s four zero, vulnerabilities fixed in a text editor (Vim).

CVE-2022-0261 (7.8 High)

CVE-2022-0318 (9.8 Critical)

CVE-2022-0319 (5.5 Medium)

CVE-2022-0351 (7.8 High)

CVE-2022-0359 (7.8 High)

CVE-2022-0361 (7.8 High)

CVE-2022-0368 (7.8 High)

CVE-2022-0392 (7.8 High)

CVE-2022-0554 (7.8 High)

CVE-2022-0572 (7.8 High)

CVE-2022-0629 (6.1 Medium)

CVE-2022-0685 (7.8 High)

CVE-2022-0696 (5.5 Medium)

CVE-2022-0714 (5.5 Medium)

CVE-2022-0729 (6.5 Medium)

CVE-2022-0943 (7.8 High)

CVE-2022-1381 (7.8 High)

CVE-2022-1420 (5.5 Medium)

CVE-2022-1725 (5.5 Medium)

CVE-2022-1616 (7.8 High)

CVE-2022-1619 (7.8 High)

CVE-2022-1620 (7.8 High)

CVE-2022-1621 (7.8 High)

CVE-2022-1629 (7.8 High)

CVE-2022-1674 (5.5 Medium)

CVE-2022-1733 (7.8 High)

CVE-2022-1735 (7.8 High)

CVE-2022-1769 (7.8 High)

CVE-2022-1927 (9.8 Critical)

CVE-2022-1942 (7.8 High)

CVE-2022-1968 (7.8 High)

CVE-2022-1851 (7.8 High)

CVE-2022-1897 (7.8 High)

CVE-2022-1898 (7.8 High)

CVE-2022-1720 (7.8 High)

CVE-2022-2000 (7.8 High)

CVE-2022-2042 (9.8 Critical)

CVE-2022-2124 (7.8 High)

CVE-2022-2125 (7.8 High)

CVE-2022-2126 (7.8 High)

Whoa. That’s a… giant flashing red dumpster fire buried halfway down the page.

And I don’t understand Apple’s list. It seems random at best. Why not sequential by ID or severity?

Or to say it another way, here are critical ones listed together:

  • CVE-2022-0318 (9.8 Critical): Reported Jan 18, 2022. Heap-based Buffer Overflow in vim/vim prior to 8.2. Found by @zfeixq.
  • CVE-2022-1927 (9.8 Critical): Reported May 22, 2022. Buffer Over-read in GitHub repository vim/vim prior to 8.2. Found by TDHX ICS Security @jieyongma
  • CVE-2022-2042 (9.8 Critical): Reported Jun 6, 2022. Use After Free in GitHub repository vim/vim prior to 8.2. Found by Muhammad Aldo Firmansyah @thecrott

January, then May then June… critical vulns fixed by Apple months later in October.

The scatter shot mess is detailed by Bram Moolenar who has been posting continuously on a bounty site for months while discussing fixes.

Use After Free in function did_set_string_option fix in vim / vim Sep 28

Stack-based Buffer Overflow in function win_redr_ruler fix in vim / vim Sep 27

Use After Free in function process_next_cpt_value fix in vim / vim Sep 24

Stack-based Buffer Overflow in function ex_finally fix in vim / vim Sep 24

Access violation near NULL on destination operand eval.c:2603:37 in segmentation fault fix in vim / vim Sep 22

Use After Free in function movemark fix in vim / vim Sep 21

Use After Free in function getcmdline_int fix in vim / vim Sep 17

Heap-based Buffer Overflow in function utfc_ptr2len fix in vim / vim Sep 16

Null Dereference in vim_regcomp() fix in vim / vim Sep 7

Use After Free in function do_tag fix in vim / vim Sep 5

Use After Free in function do_cmdline fix in vim / vim Sep 2

Use After Free in Function qf_buf_add_line( ) fix in vim / vim Aug 29

Use After Free in function get_next_valid_entry fix in vim / vim Aug 27

Use After Free in function qf_fill_buffer fix in vim / vim Aug 24

NULL Pointer Dereference in function do_mouse fix in vim / vim Aug 24

Use After Free in function vim_vsnprintf_typval fix in vim / vim Aug 22

NULL Pointer Dereference in function sug_filltree fix in vim / vim Aug 21

Use After Free in function find_var_also_in_script fix in vim / vim Aug 18

NULL Pointer Dereference in function generate_loadvar fix in vim / vim Aug 17

use after free in function generate_PCALL fix in vim / vim Aug 16

Heap-based Buffer Overflow in function latin_ptr2len fix in vim / vim Aug 16

Buffer Over-read in function utf_head_off fix in vim / vim Aug 16

Use After Free in function string_quote fix in vim / vim Aug 14

Out-of-bounds read in function check_vim9_unlet in vim/vim fix in vim / vim Aug 14

Heap-based Buffer Overflow in function compile_lock_unlock in vim/vim fix in vim / vim Aug 14

Undefined behavior in diff_write_buffer() fix in vim / vim Jul 30

Out-of-bounds Read in function utf_ptr2char fix in vim / vim Jul 29

heap-buffer-overflow occurs in function eval_string ./vim/src/typval.c:2226 fix in vim / vim Jul 29

Heap-based buffer overflow in function vim_iswordp_buf fix in vim / vim Jul 28

Heap-based Buffer Overflow in function ins_compl_infercase_gettext() fix in vim / vim Jul 23

Heap Use After Free in function skipwhite fix in vim / vim Jul 7

Heap-based buffer overflow in function ins_compl_add fix in vim / vim Jul 7

Heap-based Buffer Overflow in function ins_compl_add fix in vim / vim Jul 7

Stack-based Buffer Overflow in function spell_dump_compl fix in vim / vim Jul 4

Heap Use After Free in function ex_diffgetput fix in vim / vim Jul 2

Out-of-bound write in function parse_command_modifiers fix in vim / vim Jul 2

Out-of-bound read data in function suggest_trie_walk() abusing array byts fix in vim / vim Jul 1

Out-of-bounds Read in function ins_bytes fix in vim / vim Jul 1

Integer Overflow in function del_typebuf fix in vim / vim Jul 1

Heap-based Buffer Overflow in function utfc_ptr2len fix in vim / vim Jul 1

Heap-based buffer overflow in function inc fix in vim / vim Jun 30

Out-of-bound read in function msg_outtrans_special fix in vim / vim Jun 29

Null pointer dereference in function skipwhite fix in vim / vim Jun 27

Out-of-bound write in function ml_append_int fix in vim / vim Jun 26

Null pointer dereference in function diff_check fix in vim / vim Jun 26

Heap-based buffer overflow in function ins_bs fix in vim / vim Jun 26

Out-of-bound read in function msg_outtrans_attr fix in vim / vim Jun 25

Out-of-bounds Read in function get_lisp_indent fix in vim / vim Jun 22

Heap-based Buffer Overflow in function utf_ptr2char fix in vim / vim Jun 22

Buffer Over-read in function put_on_cmdline fix in vim / vim Jun 22

Memory leaks in function vim_strsave fix in vim / vim Jun 21

Out-of-bounds write in function vim_regsub_both fix in vim / vim Jun 18

Out-of-bounds Read in function suggest_trie_walk fix in vim / vim Jun 18

Heap-based Buffer Overflow in function get_lisp_indent fix in vim / vim Jun 18

Buffer Over-read in function current_quote fix in vim / vim Jun 18

use after free in skipwhite fix in vim / vim Jun 9

Out-of-bounds write in function append_command fix in vim / vim Jun 6

Use After Free in function utf_ptr2char fix in vim / vim
Jun 1

Heap-based Buffer Overflow in function vim_regsub_both fix in vim / vim May 30

Buffer Over-read in function utf_ptr2char fix in vim / vim May 28

Use After Free in function find_pattern_in_path fix in vim / vim May 26

Out-of-bounds write in function vim_regsub_both fix in vim / vim May 26

Heap-based Buffer Overflow in function utf_head_off fix in vim / vim May 25

Out-of-bounds read in function gchar_cursor fix in vim / vim May 24

heap-use-after-free in function find_pattern_in_path fix in vim / vim May 18

And the list goes on and on… which begs the question of whether a “bounty” system is over-inflating results for enrichment instead of efficiencies.

Take for example, these two entries listed as separate and distinct each with their own bounties.

The description of the first is “CVE-2022-2343:Heap-based buffer overflow in function ins_compl_add at insexpand.c:751” and the second is “CVE-2022-2344: Heap-based Buffer Overflow in function ins_compl_add at insexpand.c:751”

What’s the diff?

Why not one have one CVE? Why not have a single bounty? Maybe it’s a mistake.

Was Operation Mincemeat Fashioned After The Millner’s Hat Mystery?

Some have suggested to me recently that British fashioned their Operation Mincemeat in WWII after details in the book “The Millner’s Hat Mystery” (by Sir Basil Thomson, published 1937).

Thomson (1861-1939) was a solicitor who had worked for British Intelligence and in the Foreign Service.

During WWI he served as an Assistant Commissioner to the Metropolitan Police.

Such credentials definitely give a detailed and grounded approach to his writing.

The story-line of this book, a seventh title out of eight books about a particular investigator, kicks off with a couple people who duck into a barn during a storm and find a dead man.

The death is reported as murder because of a fatal wound by gunshot without any sign of the weapon. However the victim’s identity is a total mystery, challenging the protagonist.

This search for meaning in a discovered body could have been a reference for some aspects of Mincemeat. However, the operation wouldn’t have worked if identification of the victim had not been intentionally made very easy (disinformation). That’s basically the opposite of a mystery.

Thus it seems more accurate to say the methods pioneered in WWI, such as the Haversack Ruse for Beersheba, had set an overall objective of disinformation that was used successfully in WWII Operation Mincemeat. If anything, the book could have been based on intelligence from WWI, just like Mincemeat.

Scientists Test “Intelligent” Robot Lasers To Kill Cockroaches

The title of the paper published 21 September October 2022 is ominous:

Selective neutralisation and deterring of cockroaches with laser automated by machine vision

The abstract is even more chilling

…we present a laser system automated by machine vision for neutralising and influencing the behaviour of insect pests. By performing experiments on domiciliary cockroaches, Blattella germanica, we demonstrate that our approach enables the immediate and selective neutralisation of individual insects at a distance up to 1.2 m. We further show the possibility to deter cockroaches by training them not to hide under a dark shelter through aversive heat conditioning with a low power-laser. Parameters of our prototype system can readily be tuned for applications in various situations and on different pest species like mosquitoes, locusts, and caterpillars.

Targets can be trained to not hide, so they come into field of view for “neutralisation”, and applications may include a wide variety of “species”.

The authors explain the risks they considered, but seem rather… superficial.

…we envisioned major health and safety risks that could be triggered by the use of high laser power, such as eye damage and fire ignition, which prevented the large-scale expansion of our prototype.

When I think of major risks, the first thing that comes to mind is incorrect targeting, like killing the wrong target as opposed to just injuring property or witnesses nearby. I mean data integrity should be top of every machine learning risk list, no? Very disappointed to find it missing here.

Algorithm of the laser operation for the neutralisation of cockroaches.