It’s official: Tesla makes some of the least safe or reliable cars

Feynman participated in the commission investigating the causes of the Challenger disaster. He harshly criticized a decision-making process used to launch in the face of warnings from engineers who knew the system best. Previous missions had evidence of joints between the sections of the solid rocket boosters escaping hot gasses, with a worse problem in cold weather. Expert recommendations to postpone the launch were ignored.

Tesla promised bulletproof glass. Then their chief designer Franz von Holzhausen gently threw a small metal ball as a demonstration… and smashed it. Tesla also said this model would arrive “late 2021”; it’s now November and delivery hasn’t yet started.

I’ve written far too many times on this blog already about the abysmal engineering management practices of Tesla.

It really is an example of how not to run a company, given its atrocious safety record and sub-par quality compared to other brands.

Explanations are very easy to come by… for one thing the CEO is a serial liar. A complete lack of integrity is always bad for quality control.

Second, consider that the CEO repeatedly flaunts and ignores science. He recently sent an email to all workers that distractions should be enjoyed even when they affect focus on safety.

An associate just sent me a note asking if we could have one ear bud for music so the other ear can listen for safety-related issues. That sounds fine to me.

What problem do you think the CEO is trying to solve here?

OSHA smacked down this line of thinking in 2020…

The reason for not allowing employees to listen to music while working should be crystal clear, OSHA says. “Listening to music may produce a safety hazard by masking environmental sounds that need to be heard…” […] Even in the absence of a specific regulation regarding use of headphones, employers still could face enforcement actions if OSHA finds that they have violated the General Duties Clause, which requires all employers to maintain safe workplaces. “The key takeaway from the letter is that employers must address employee use of headphones to listen to music on the worksite, even if there is not a specific OSHA standard prohibiting it…”

You should probably read the CEO email as thumbing his nose at OSHA (“Tesla Had 3 Times as Many OSHA Violations as the 10 Largest US Plants Combined”).

It’s subtle encouragement to flaunt safety to juice the rate of vehicles made while ignoring more safety-related issues. The only problem the CEO really seems to care about is preventing slow down in production, nothing else. He has literally said a trip in one of his vehicles should be marketed as something that will isolate and then kill you (“risk of fatality will be high“) like a trip backwards into South African apartheid.

Musk has used the medium of dreaming and exploration to wrap up a package of entitlement, greed, and ego. He has no longing for scientific discovery, no desire to understand…

That means measuring only raw numbers shipped, regardless of harms to workers or consumers, because that means easy thoughtless profits short term while totally overlooking long-term fundamentals like recalls, deaths and all the reality of problems engineers are meant to care about solving.

Hint: Tesla’s deaths are astronomically higher than other vehicles.


Their newest model is literally killing an unheard of average of 30 people per year! (Pinto infamously destroyed Ford’s brand with just 27 deaths total).

Well, allow me to step aside now as Consumer Reports officially declares Tesla bottom of the pile.

Tesla’s Model S, Model Y, and Model X all got below-average reliability scores…. Tesla’s quality issues have been well-documented over the years as the company has raced — perhaps too quickly at times — to accelerate production and deliver more vehicles.

Consumer Reports also dropped a hammer on those trying to gin up weak excuses.

“There’s no reason fully electric cars can’t be as reliable or even more reliable than traditional vehicles with internal combustion engines,” Fisher said. “It’s how they implement the technology.” Electric drivetrains weren’t the problem. Instead, Fisher blamed unnecessary high-tech bells and whistles. “For EV introductions, there is a tendency to just add so much tech that is not necessary,” Fisher said.

That’s a subtle criticism of the fact that Tesla focuses almost entirely on tech that is not necessary, and not at all on real engineering issues.

…the firmware is now competing with logs for space on the eMMC… definitely some kind of oversight in general that was missed in the engineering… newer cars are at higher risk of [media control unit] problems than the older ones… every MCUv1 has high probability of failure.

To put it another way, Tesla makes a lot of unnecessarily dumb engineering mistakes and isn’t very good at solving problems.

It’s unclear whether they will get the falcon wing doors right ever.

Consumer Reports even emphasized that the hardest engineering is being done by other brands and yet producing the most reliable and safest cars, further driving home the rudimentary failures of Tesla.

“What stood out is that the most reliable was actually compact hybrids and plug-in hybrids,” Fisher said. “This may be counterintuitive. They are probably the most complex when it comes to the powertrain.”

Tesla is, to put it simply, a dangerous scam.

The car is not only dangerous to workers and customers, though; it’s dangerous to anyone in or around a Tesla.

It’s easy to find numerous examples of the even the latest Tesla software failing to avoid oncoming traffic (failing to navigate turns, failing to stay in lane), which foreshadows tragic news like this November 7, 2021 crash in Florida:

Police say around 7:30 a.m., Philip Henkin, 58, was driving his Tesla northbound in the southbound lane of Lizards Tail Road near Park Center Drive at a high rate of speed. While Henkin was steering along a curve, officers say he hit a bicyclist head-on before crashing into a tree.

And that comes not long after a September 14, 2021 crash in Florida:

Coral Gables police Officer Kelly Denham said the driver of the Tesla crashed the car into a tree. Cellphone video taken after the crash shows the vehicle engulfed in flames. Denham confirmed that two people inside the car were killed.

And that comes not long after a September 4, 2021 crash in Florida:

…heading north on Manning Road in a 2021 Tesla Model S Plaid at a high speed when the driver failed to stop at a stop sign…hit the embankment while going through the intersection, launching the car in the air before it crashed into a house on Caird Way, going through the home’s exterior rear walls. […] The FHP said the car hit and killed one of the three residents at the home, a 69-year-old woman.

Killed a cyclist on the opposite side of the road. Killed a passenger. Killed a woman sitting in her home….

Here’s a simple graph I made months ago to illustrate how tragic stories like this keep piling up more and more under the Tesla brand.


To be clear, other brands had the safest records in history, improving at the same time that Tesla’s record is getting worse and worse.

A GM electric car sold 150K units and averaged a death rate of less than ONE person each year over a decade (again, I must reiterate that Tesla’s newest model in just its first three years has been killing an average of 30 people each year).

Volvo continues to speak about a goal of ZERO deaths even while selling more cars than Tesla and switching their fleet to electric. Tesla is like night compared to the sunlight of other car manufacturers.

So here is what the Tesla graph looks like today (each bar updates as more and more news reports are found, even from past years).


Nature cannot be fooled. Tesla is a scam.

American Honey Locust Bean Stew

When I grew up on the American prairie there were edible plants everywhere.

However, there also was a trend among ranchers and farmers (driven by overly technology-focused agriculture investors — like what Bill Gates is doing today) to see only the worst of native species instead of the best.

Take the honey locust (Gleditsia triacanthos) for just one example.

Here’s how the U.S. government’s National Park service describes them:

Imagine walking through a forested area alongside the Missouri and discovering one of these – a honey locust tree. It’s very possible the men of the Corps did come face-to-face with these nasty thorns, especially in today’s Missouri, Iowa, Nebraska and southeastern South Dakota. But if anyone was injured by them, it didn’t get recorded in the journals.

One of the times honey locusts are mentioned is by John Ordway on July 3, 1804: “The land is Good high bottom pine Timber & black wallnut honey locas oak &C.”

In nature honey locusts grow in both thornless and thorned forms, with spikes growing up to 12″ long. Many regions in the South once referred to the trees as Confederate pin trees because those thorns were used to pin uniforms together during the Civil War. Others claim the thorns have been used throughout history as nails.

And here’s the image the NPS wants you to see.

Source: NPS

Nasty thorns. Any guesses why nobody on the expedition recorded being injured by them? My bet is because it didn’t deserve any more mention than any other thorns.

And I have found zero evidence to support any such idea that Confederate soldiers used tree thorns to “pin” their uniforms. Nada. Zilch.

Or let me put it this way: the alleged phrase “pin tree” appears exactly never in an exhaustive search of literature from the 19th Century.

Any guesses why nobody ever recorded the phrase “pin tree”? My bet is because it never happened.

To be fair to the NPS perspective of today, these trees do have a lot of thorns on them. Yet so do roses and raspberries, and how many people go around describing those two beloved plants as nasty?

Instead of focusing just on the thorns of a branch or trunk, let’s talk about delicious edible beans of the locust tree for a minute.

They get the name “honey” from the fact that they in fact have a tasty orange “goo” between seeds in a pod.

And their beans seem to be a high protein source easily grown in the wild (member of the legume family, like lentils and garbanzo).


  • 4 Tbsp oil or fat
  • 1 Tbsp locust beans
  • 1 small chopped onion
  • 2 small tomatoes
  • Handful of dried and seasoned meat (e.g. fish, fowl)
  • Pinch of seasonings (e.g. salt, pepper)


  1. Depod the locust beans (clean, soak/boil for tenderness, wash and remove hull)
  2. Chop and mix onions and tomatoes
  3. Put pan on fire and pour in oil or fat to heat for 2 minutes
  4. Add prepared chopped mix to the oil/fat, stir and cover for 2 minutes
  5. Add seasonings, prepared locust beans, stir and cover for 5 minutes
  6. Add prepared meat, stir and cover for 5 minutes

Of course the younger green pods of the tree could be cooked like a green bean. And of course the hard seeds of a mature (dry, brown) pod could be ground into a flour. There are many options, so this is just one to give you an idea of why the NPS focus on the thorns in a story about exploration seems… not very exploratory.

What is truly unfortunate and bizarre is how nobody anywhere seems to have collected traditional recipes from the people who lived on locust bean for generations — Native Americans.

A few years back the President of the National Cattleman’s Beef Association (NCBA) paid me a visit in Silicon Valley.

Very purposefully I took him out for a nice sushi dinner and ordered edamame.

“Soy beans” he exclaimed! “We are supposed to eat livestock feed” he stated flatly albeit genuinely.

“Wait until you see the bill. We’re paying $5 a bowl” I sat back and replied with a wide grin.

Then I helped him off the floor and back into his chair as he said “what in the… we get barely $5 a bushel for our damn soy beans!”

If only he had explored what was all around him the whole time; tried harvesting honey locust beans growing naturally (literally falling from the tree).

Who knows what could have happened if he had ever thought about packaging honey locust beans for human consumption…

Source: freshola

NETGEAR meltdown: CVE-2021-34991 “Pre-Authentication Buffer Overflow”

A serious and fresh vulnerability discovered in September led to a notice in November from NETGEAR. As you might expect, that company “strongly recommends that you download the latest firmware as soon as possible”.

Fine. That sounds normal until you consider the totality of vulnerable products versus the ones getting updates (those models under active firmware maintenance are fixed, other models are… uh-oh):

Source: GRIMM

Note that big caveat/footnote from the researcher that a previous NETGEAR fix “broke” GRIMM’s exploit code. An odd perspective on something being fixed for users, calling it “inadvertently broken” for adversaries…

Speaking of perspective, it’s worth noting that perhaps GRIMM smelled blood in the water after NETGEAR had to disclose major issues in March and June.

I mean this kind of attention gathering could help explain why summer months turned into two additional unique September disclosures (1 and 2) before now.

To be fair, 2020 was an even noisier vulnerability banner year for NETGEAR disclosures with 22 unique CVE assigned (mostly XSS).

Source: CVE Details

As bad as all this year’s unauthenticated bypass disclosures sound, still we’re talking UPnP in the latest one. Thus it’s also worth mentioning that Shodan probes give a clear “honeypot” warning for those scanning the globe right now.

Source: Shodan

Palo Alto zero-day (CVE-2021-3064) used for a year by Randori before disclosure

This timeline is published by Randori itself, disclosing “authorized use” of a zero-day in Palo Alto products.

  • 2020-10-26: Randori began initial research on GlobalProtect.
  • 2020-11-19: Randori discovered the buffer overflow vulnerability.
  • 2020-11-20: Randori discovered the HTTP smuggling capability.
  • 2020-12-01: Randori began authorized use of the vulnerability chain as part of Randori’s continuous and automated red team platform.
  • 2021-09-22: The buffer overflow vulnerability was disclosed by Randori to PAN.
  • 2021-10-11: The HTTP smuggling capability was disclosed by Randori to PAN.
  • 2021-11-10: PAN released patches and a security bulletin assigning the vulnerability CVE-2021-3064.
  • 2021-11-10: This report was published.
Source: Randori

CVE-2021-3064 is a buffer overflow that occurs while parsing user-supplied input into a fixed-length location on the stack. The problematic code is not reachable externally without utilizing an HTTP smuggling technique. Exploitation of these together yields remote code execution under the privileges of the affected component on the firewall device. The smuggling capability was not designated a CVE identifier as it is not considered a security boundary by the affected vendor. In order to exploit this vulnerability, an attacker must have network access to the device on the GlobalProtect service port (default port 443). As the affected product is a VPN portal, this port is often accessible over the Internet.

What does this mean? While it’s tempting to focus on the ethics of Palo Alto for “authorizing” behavior, or for the ethics of that behavior… the reality on the ground is Randori has painted a very large target on themselves as a suspicious repository of zero-day information.

In related news of very large targets, even though this sounds like a headline from a decade ago, Sky admits just now that it left 6 million consumer network devices vulnerable for 1.5 years.

…researchers say it took Sky 18 months to address. The vulnerability could have affected anyone who had not changed the router’s default admin password.

The BBC headline really should have been “The Sky is failing” as in Sky was “failing to meet numerous deadlines they set themselves”.

How Gaining Knowledge Violates the U.S. First Amendment

Here is an excellent lecture by legal scholar Robert C. Post on why speech must be regulated for an environment to encourage free speech.

Research, Post said, is ultimately based in the notion that not everyone has equal knowledge of a given topic and that expert knowledge is created through disciplinary study. “When we are talking about university research and expanding knowledge, it is resting on a disciplinary hierarchy, which is exactly opposite of the democratic equality on which freedom of speech rests,” he said.

Therefore, in order to perform research and to advance it, he said, universities must discriminate on content, make judgments that some ideas are better than others and compel professors and researchers to speak in order to communicate their knowledge. Though these actions further the mission of a university, he said, they violate the rules of the First Amendment.

In other words (pun not intended) improving knowledge using a process of evaluation with measured results, where some inputs can be judged by an authorized process, violates a political framework designed to maintain power (rights) of ignorance.

This is hardly different than saying a moving environment should be regulated based on science of physics (e.g. dismissing the political controversy about seat belts given basic economics of safety) for society to be more physically safe.

Post continues:

“Any teacher knows that students who are threatened or assaulted don’t listen,” he said. “They don’t learn. So you have to create the conditions under which learning is possible, and you have to regulate the speech in order to advance that goal.” Again, he said, these requirements of good teaching and learning necessarily violate the rules of the First Amendment.


the poetry of information security