Tesla has made a series of catastrophic management decisions that have rendered its “automation” hardware and software the worst in the industry.

Removing radar and lidar sensors to leave only low grade cameras and repeatedly forcing qualified staff into dead-ends then replacing them with entry-level ones who wouldn’t disagree with their CEO… shouldn’t have been legal for any company regulated on public road safety.

“Lord of the flies” might be the best way to describe a “balls to the wall” fantasy of rugged individualism behind an unregulated yet centrally dictated robot army of technocratic “autonomy”.

Now even the most loyal Tesla investors with the product, who have sunk their entire future and personal safety into such a fraud, are forced to reveal a desperate and declining status of the company.

According to a Reddit forum chat, FSD 12.4 is unusable because so obviously unsafe.

This idea “they will fix it soon” is from the same user account that just posted a belief that Tesla’s vaporware “robotaxi” strategy is real. They believe, yet they also can’t believe, which is behavior typical of advance fee fraud victims.

Musk’s erratic leadership played a role in the unpolished releases of its Autopilot and so-called Full Self-Driving features, with engineers forced to work at a breakneck pace to develop software and push it to the public before it was ready. More worryingly, some former Tesla employees say that even today, the software isn’t safe for public road use, with a former test operator going on record saying that internally, the company is “nowhere close” to having a finished product.

Notably, the Tesla software continues to “veer” abruptly on road markings, which seems related to its alarmingly high rate of fatalities.

Big jump in the wrong direction. Removed constraints that prevented deaths. Training to cause harms.

Here’s a simple explanation of the rapid decline of Tesla engineering through expensive pivots, showing more red flags than a Chinese military parade:

First dead end? AI trained on images. They discovered what everyone knew, that the more a big neural network ingested the less it improved. It made catastrophic mistakes and people died.

Restart and second dead end? A whole new real-world dataset for AI training on video. After doing nearly 500 KLOC (thousand lines of coke code) they discovered what everyone knew, Bentham’s philosophy of the minutely orchestrated world was impossibly hard. Faster was never fast enough, while complex was never complex enough. It made catastrophic mistakes and people died.

Restart and soon to be third dead end? An opaque box they can’t manage and don’t understand themselves is being fed everything they can find. An entirely new dataset for a neural net depends on thoughts and prayers, because they sure hope that works.

It doesn’t.

This is not improvement. This is not evolution. They are throwing away everything and restarting almost as soon as they get it to production. This is privilege, an emperor with no clothes displaying sheer incompetence by constantly running away from past decisions. The longer the fraud of FSD (Lord of the Flies) continues unregulated, the worse it gets, increasing threats to society.

Update three days later: View from behind the wheel. This is NOT good.

Elon Musk is rolling out some of the most obvious self-dealing censorship controls in history.

Here is how the supposed “top story” looks now on Twitter, reminiscent of weak leaders who fraudulently heap praise upon themselves to appear like something they are not.

That’s pure disinformation.

Out of all the news in the world, this is the propaganda Twitter is now pushing. Allegedly generated by “AI”, automating such text is arguably worse than anything I’ve seen in 40 years of studying the problem.

A petty, cruel and corrupt African dictator, in bed with Russia and China, is what Musk seems to emulate, and how he will be remembered… or perhaps why he will be quickly forgotten like the C Squadron of Rhodesia.

For what it’s worth, Musk (as exposed by new fraud allegations) has literally described himself as the emperor, one who sits on top of a pyramid.

Meanwhile on Reddit, an army of “moderators” are busy erasing speech that challenges Musk’s elephantine fraud. Given Musk is obsessively online curating his following, it’s reasonable to assume at least some of the moderator accounts on his subreddits are actually him.

For example, when Musk worried publicly how a high profile conviction for fraud in America means that Musk also could be convicted of crimes…

The database vendor isn’t mentioned in the report but I think we can probably all guess the name.

Aside from that important fact, this report is about the dangers of centralizing biometrics into a singular place where a single mistake harms practically everyone in society. Not all, but some, and that’s more than enough to worry.

The publicly exposed database contained 1,661,593 documents with a total size of 496.4 GB. I saw documents containing: facial scan images, finger prints, signatures (in English and Hindi), identifying marks such as tattoos or scars, and much more. There were also scans of documents such as birth certificates, testing and employment applications, diplomas, certifications, and other education related files. Among the most concerning files were what appeared to be the biometric data of individuals from the police and military in verification documents. Upon further investigation, I saw documents indicating the records belonged to two separate entities which suggests they operate under the same ownership: ThoughtGreen Technologies and Timing Technologies, each of which provide application development, analytics, development outsourcing, RFID technology, and biometric verification services.

Fingerprints are public yet distributed very widely, in other words, if you think about how often and where you have been leaving yours… like on a glass at a restaurant.

However, having your fingerprints grabbed by someone pulling over 1.5 million other people’s fingerprints at the same time (due to a single database vendor on the Internet failing to achieve authentication) is a different issue.

Related:

Here’s a very similar story, where hacking the data service vendor Snowflake just led to a massive leak from many of their customers.

In the conversation with Hudson Rock, the threat actor reveals that there is much more to the story than these two breaches, and that additional major companies suffered a similar fate, allegedly including:

— Anheuser-Busch
— State Farm
— Mistubishi
— Progressive
— Neiman Marcus
— Allstate
— Advance Auto Parts

Further explaining the source of the hack, the threat actor adds that all of these breaches stem from the hack of a single vendor — Snowflake. […] To put it bluntly, a single credential resulted in the exfiltration of potentially hundreds of companies that stored their data using Snowflake, with the threat actor himself suggesting 400 companies are impacted.

When a single employee can be compromised to give access to hundreds or thousands of customers, the Snowflake response probably shouldn’t be that context is needed.

Even worse is when they start saying that Snowflake wasn’t involved in any way with the massive theft of customer data from Snowflake. Uh huh.

Here’s what they allegedly are trying to snow reporters with:

On may 31st, Snowflake released a statement in which they claim that they are investigating an industry-wide identity-based attacks that have impacted “some” of their customers.

Industry-wide is another way of saying baseline.

What Snowflake inadvertently is saying is they fell below an acceptable baseline while being trusted to NOT do exactly that.

Watch the “who me, am I the baddie” Snowflake now try to point the finger at its customers, a known horrible idea and safety anti-pattern. Like blaming bank customers for the vault being robbed of their money. Or blaming Tesla owners for being killed by the Autopilot.

That’s very bad news for some, even if not every single customer. It’s a lot more bad news than if Snowflake had done more to prevent a single employee compromise affecting so many customers, let alone turning a blind eye to widespread known threats that would very predictably harm their customers.

Negligence? Due diligence? You make the call. Every Snowflake customer now should be planning to exit that vendor to find better care, not least of all because of how Snowflake is responding.

Should an ISP be to blame for the insecurity of their routers? Or the router manufacturer? Or the router customer? You be the judge.

It’s 2023-Oct-25 at 7:16 pm. An ISP customer in Ohio posts a complaint about their ActionTec T3200 suddenly offline with a solid red LED.

So, I wonder what happened. A poison pill? My neighbor and I both have an Actiontech T3200 router. His internet service went down last night. Mine went down this morning. We both did a routine reboot – power off / on. We both had the reboot fail after about 10 seconds. The routers now just sit there with a steady red light on the front. They won’t even respond to a RESET. He was able to get through last night and get a new router sent out. I repeatedly try live chat and get sent to the phone number, due to the backlog. The phone number is so backlogged, that it tells you to go back to chat, and ends the call. Windstream Direct has not been looked at since yesterday. Very strange.

Poison pill was right. But how did it get in?

A new report from Lumen Technologies’ Black Lotus Labs (try saying that five times fast) reveals that attackers moved quickly to destroy as many routers as possible, expanding to 600K, perhaps due to weak credentials or a backdoor.

At this time, we are unsure of the exploit used to gain initial access. When searching for exploits impacting these models in OpenCVE for ActionTec, none were listed for the two models in question, suggesting the threat actor likely either abused weak credentials or exploited an exposed administrative interface.

WindStream was the affected ISP, and their own documentation of the ActionTec router insists they made credentials random.

Password: The password is located on a sticker on the side of the modem. This password is different on every single T3200/T3260/T3280/T4220 modem.

Different passwords doesn’t mean true entropy, nor strength. The passwords could lack variety and repeat a pattern, for example, or maybe not even be different at all. This is easily verified.

And, assuming we verify passwords are different and strong, we have to next consider a likelihood of a backdoor (weakness in an “exposed administrative interface”).

Notably, the ActionTec T3260ws user manual lists an admin GUI interface and Telnet. Who the #$%@#$ still offers a Telnet service option?! But I digress… Telnet seems to get disabled by default, thank FSM, while an admin GUI sits enabled with a port open and default “root” user.

Lumen has an excellent and detailed report (with IOC) of what happened once the attackers had control of the router. And it concludes with this shout out to historians:

…this campaign resulted in a hardware-based replacement of the affected devices, which likely indicates that the attacker corrupted the firmware on specific models. The event was unprecedented due to the number of units affected – no attack that we can recall has required the replacement of over 600,000 devices.

Challenge accepted!

Here’s my activedefence / hackback / defendforward — whatever you want to call it — presentation at CONSEGI from 2012 where I explained how and why 4.5 million vulnerable ISP hardware devices had to be upgraded.

Ok, you might say, but there was a plausible software fix in this case that brought the final tally down to 300K devices. Fine, it’s true there was software to the rescue. I would say the ActionTec perhaps could also be rescued with a flash or whatever, but let’s not get into semantics.

Instead, consider the 2016 BrickerBot, which seemingly was named and done entirely for attention seeking purposes.

In an interview this spring, the Janitor explained that he refers internally to BrickerBot as “Internet Chemotherapy” and that he created the malware as a way to sabotage vulnerable devices before they were infected with the Mirai malware, which a hacker had used in the autumn of 2016 to launch some of the biggest DDoS attacks known to date.

How successful, I mean awful, was the BrickerBot? Let’s just say this quote comes from an article titled “BrickerBot Author Retires Claiming to Have Bricked over 10 Million IoT Devices“.

Ten. Million. Devices. Bricked.

That’s just a wee tad over the 600K devices needing upgrades, as claimed by Lumen as unprecedented.

And perhaps someone from NIST can remember more clearly than me how many devices were “accidentally” bricked in crazy early days of over-zealously pushing “hardened” configs? It was a lot, although far too many people want to forget 1990s hey days and probably now have lost records of mistakes made.