I find it concerning that one person was able to push malicious code to 'production'. To me, this suggests that Tesla, a company building highly sensitive software, does not employ basic branch policies. How is is it that these changes could have made it through a code review process and get deployed?
If a company like Microsoft or Google announced that a disgruntled employee was able to push some code that, say, stole user information, I think the general reaction would be "why was this allowed to happen?" I'm not sure why Tesla gets a pass in this regard
This is a very naive comment. There will always be a small handful of engineers that can push the button to move code into PROD or even change code in PROD live. Ideally, with mature controls, the people in this list is short. But to jump to the conclusion that Tesla doesn't use good practises is very short sighted. Who's to say that external parties didn't target this person specifically because of their role/influence.
Obviously, not all details are available, but the wording in the email suggests that the parent comment is anything but naive:
> This included making direct code changes to the Tesla Manufacturing Operating System under false usernames and exporting large amounts of highly sensitive Tesla data to unknown third parties.
This sounds like something out of the 1990s, that dark and romantic era of version control when we thought CVS was pretty cool actually and we didn't know what key-based authentication and 2FA were.
There are volunteer-ran projects that don't have this problem.
Edit: to be clear, I presume no one is debating the fact that someone with high enough credentials can push code to production. The questions that the email raises are:
1. Why can anyone, regardless of credentials, push mission-critical code without review (or, alternatively, if the changes did go through review, why did the review process not catch multiple malicious changes?)
2. Why can someone compromise several high-level credentials without anyone figuring it out (the changes were made, apparently, under "false usernames")?
Some manager asks IT multiple times over the course of a few weeks to create an account for a contractor, then give them permissions to access production type machines.
Or a contractor that was fired had their credentials appropriated by this manager, perhaps by that manager removing them from a "delete these accounts" list.
Those are a couple of mundane ways of getting a false username to a production machine. This is even easier when there is a lot of flux at the company with many people coming and going, a lot of account management happening etc.
It could have been that the accounts were local to specific machines and not managed by the company as a whole.
> Some manager asks IT multiple times over the course of a few weeks to create an account for a contractor, then give them permissions to access production type machines.
And -- keeping in mind that production type machines operate machinery that can kill -- this sounds okay to you?
Not to mention this:
> Or a contractor that was fired had their credentials appropriated by this manager, perhaps by that manager removing them from a "delete these accounts" list.
...keeping in mind that production type machines operate machinery that can kill, does it sound OK to you that anyone can get access to an account that they don't own and control it?
This particular case would be enough to have PCI certification come into question (if not for it to be revoked), and that's just about money, not life-and-death stuff.
Someone has to be responsible for managing people and organising access to the appropriate machines for them to do their job, if it isn't their manager then who is?
You can manage people and organize access without actually having the ability to gain access to their credentials. In fact, that's how it's supposed to work in safety-critical environments.
My point is, as a manager one can request that their subordinates get credentials to access systems. Therefore as a manager you could create a fictitious person (or use one that's recently left the company), and have them be given credentials to access those systems. Then you could use that fictional identity to do whatever nefarious things you want to do.
Then again it could be just as simple to create an alternate fictitious identity without going through IT but just by accessing the systems you have permission to access anyway.
In a normal company, you could absolutely not create a fictitious account that way, or re-use the credentials of someone who just left. But more important, there is a very, very long way from having created a fictitious person to being able to push stuff to production in their name.
The former restriction is maybe difficult enough to efficiently implement in an organization that it's excusable (we have a scheme for it at $work, but it unfortunately means that sometimes people show up at work and the paperwork isn't ready yet and some of the accounts they need aren't yet ready).
The latter, on the other hand, is security 101 and not implementing it on the production floor is just irresponsible. I really hope it's not what happened.
If we're talking about changes to the software that's used to manufactures vehicles that are driving on public roads, I sure as hell hope the odds are zero.
I hope so too, but then again we constantly read stories where serious industrial equipment and critical infrastructure has their computer systems opened up to the wide Internet because someone thought they would like to control it from a crappy app on their phone. Etc.
We are talking about factory floor equipment, the kind that's designed to run air-gapped and where you find lots of old unpatched Windows 2012 installs because the machine was certified with that and patching would require recertification.
And I'm not joking - recently I was asked whether something (that was designed for a clustered Linux environment) could run on Windows XP because that's what was on the machine they wanted it to run.
> 1. Why can anyone, regardless of credentials, push mission-critical code without review (or, alternatively, if the changes did go through review, why did the review process not catch multiple malicious changes?)
Why do you suppose the unauthorized party was following the company's development practices? Maybe it was from the sysadmin side, somebody who worked on the toolchain used for reviewing and pushing things to production. So he was able to sidestep the normal review process. This can happen, what is important is that such things are discovered.
> So he was able to sidestep the normal review process.
He should not have been able to sidestep the normal review process. That's the problem in the first place. Even if you're from the sysadmin side. It should not be possible to do it.
You may think that looks exaggerated but I've worked in two places where we implemented such a process, both of them far more boring than Tesla and, I suspect, far less money to burn on infrastructure.
> This can happen, what is important is that such things are discovered.
No, what is important when working with mission-critical code is that such things are mitigated. Discovering such a problem in production code is already a problem, not a solution.
You don't keep someone with wheel access from doing anything on the server. You:
1. Sign every review
2. Use the review signatures + the manufacturer's keys to sign reproducible builds of the production image (i.e. you cryptographically certify that "this image is authorized, and it includes this list of commits, that has gone through these reviews").
3. Use a secure boot scheme of your choice to ensure that only signed images can be installed on production servers
4. Keep anyone with 'wheel' access away from the image signing keys, and anyone who can generate images away from 'wheel' access.
This way, you make sure that no one who has 'wheel' access can install a sabotaged image, that any image that can be installed has gone through an auditable trail of reviews, and reduce the attack surface that a malicious developer has control over to stuff that requires root access (which is still a lot of surface, but is harder to sneak past a review).
Root access to production servers does not need to mean that you can install arbitrary code on them, and with the right systems engineering, you can ensure that it does not trivially result in arbitrary code being run on production equipment.
Edit: this is all in the context of "questions that Tesla's answer raises". For all I know, the answer might be that they hired some brilliant genius who figured out how to sneak by whatever secure boot scheme they're using. The point is -- the post that sparked all this is not naive. This is real stuff. Companies that are concerned about it can ensure that unauthorized commits are so difficult to get into production that a disgruntled employee would rather just quit than go through with it.
What are you saying? That because perfect security is impossible, we should give up and do nothing?
It's possible a sysadmin with low-level access can exploit that and a variety of zero-day exploits and escalations of privilege in the layers above to systematically compromise the boot images, steal or falsify credentials and signing keys, and circumvent the safeguards and alarm systems which should be in place to prevent malicious modifications of the source code and the compiled binaries, while hiding his actions from his co-workers, sure whatever.
And if that's what happened to Tesla, wow, sucks to be them, that's amazing.
But if there are no safeguards, no review process, no alarm bells to go off and any damn person can submit malicious code effortlessly and they were basically working off the honor system... I'm going to blame the victim a little bit.
1. It may have gone through the review process but if there is a massive pressure to ship (which there verifiably is at Tesla) then the review part of the process will be the first to degrade quality wise. Inexcusable but realistic.
Every company I've worked at had a responsible person who was the only one able to push code into production. If you allow anyone to do that you are an idiot.
> There will always be a small handful of engineers that can push the button to move code into PROD or even change code in PROD live.
There is really no reason for this to be the case. Certainly all code that actually runs on the car can be required to go through review and be verifiably built, even if server code standards are more lax.
I think you misunderstand. Even with code review policies, there is still a short list of people who can push to production without going through code review. Not from a policy standpoint but from a security and access perspective.
> It wouldn't prevent malicious code going out but at least would require a chain of cooperation between employees, which would be harder to achieve.
No, it just requires a chain of cooperation between authorized accounts. That's a very important distinction, especially here, where the email in question alleged the following:
This included making direct code changes to the Tesla Manufacturing Operating System under false usernames
As a data point, in most of the ${BIGCORP}'s I've worked there are also infrastructure roles most people don't see or think about, which have access across wider environments.
* Storage engineers: Generally have access to most storage (all of dev/test/prod) in their group. Sometimes their access is silo'd, sometimes not.
* Backup engineers: Generally have read/write access to _everything_, and all historical versions of it, as backup systems need to be able to do both read/write. Fairly often there are ways for this access to be "unlogged" too, so the actions aren't captured into any system auditing logs (otherwise it can screw things up). I've not (yet) seen access for backup engineers ever be silo-d, but some places might be doing it and I've just never seen it. :)
They pretty much always can. Sure sure you can imagine some perfect system which would mitigate it but no one - definitely not your bank - is doing that.
It very much sounds like thats the case here - production code was edited, and subsequent auditing has found what should've been deployed and what is deployed differs.
Lots of people do work really hard on mitigating this problem. It's a tough and constant battle, but that doesn't mean you have to throw your hands up and not bother working on it. I'm sure you're right that my bank isn't working to mitigate insider threat to the extent I'd like, but Tesla's code is more safety critical than my bank and I think it would be worth their while to work very hard on keeping this from happening with their computer-on-wheels.
And what stops a single member of the staging or deployment team patching the build scripts, binaries or just installing their own software to a server?
It would not require any chain of cooperation I highly doubt staging team would catch some coefficient used for particular
industrial robot being off by 0.1% in some PR.
Which indicates a different problem if the sabatuer was on that short list. And in this day and age of cryptographically signed commits, the number of people who could do this should go down even further.
Given this, I think it’s much more likely there were few or bad controls, than a person in an incredibly privileged position working in the margins.
No I understood your point. I just don't think it must be true, in the strong formulation you are using, that there must be a short list of people who can independently cause new code to run on a vehicle. I believe security and access can be set up such that no one person can accomplish that. It may be very difficult to set that up, but it seems worthwhile in this case.
> Even with code review policies, there is still a short list of people who can push to production without going through code review.
That's completely unnecessary and should not be the case. If you need something pushed quickly, you can get a colleague with review bit and get them to ack for "urgency" reasons after a quick lookover.
I wrote the policy for our company (and got it through the audit and compliance processes, including SOX404 and PCI-DSS) that specifically and intentionally allows a specific group to take whatever action they determine is appropriate in the face of a production emergency, provided they declared the emergency, their intent, and documented/published what they did afterwards.
I believe this policy, used only a few times per year, has saved us 8 figures in outage costs over a decade. (More than half of the benefit is from a clear statement and instilled sense of ownership, and only secondarily the defusing/unraveling of people would otherwise wait or insert tangles of “best practice” red tape while the website or a factory was hard down.)
I based it on 14 CFR 91.3 (in intent) which says, in part:
91.3 Responsibility and authority of the pilot in command.
(a) The pilot in command of an aircraft is directly responsible for, and is the final authority as to, the operation of that aircraft.
(b) In an in-flight emergency requiring immediate action, the pilot in command may deviate from any rule of this part to the extent required to meet that emergency.
(I made part c of the law, the reporting requirement, mandatory where it’s only on-demand in the aviation law.)
When we explain the policy to new employees, we often cite the aviation law directly, to help clearly communicate our intent.
I've seen lots of places that think they have a process in place that prevents this. I've very rarely seen places that actually had sufficient security in place to prevent someone with malicious intent from actually finding ways of bypassing it if they were prepared to break company policies and/or the law. I'm sure they exist, and more places ought to take this seriously, but part of the problem is a lot of places think they have processes in place that ensures they're not vulnerable.
Often it boils down to not taking sufficient measures against social engineering. In this case the claim is they used fake usernames - most places I've worked, successfully getting a fake account if you already work there would tend to "only" require a willingness to lie on a form or two ("fake" a contractor) and then request elevated privileges. Very few places I've done work requires sufficient checks or counter-signatures to require additional accomplices or make it harder than that. They do exist, but they're rare.
The state of security most places is quite depressing at times. Then again, most of the time it's enough.
True. It's possible that the manufacturing software could be modified in some manner to introduce some fundamental flaw in the final product though. For that reason, I would say the code should also be held to a higher set of standards
While you're absolutely right, it is far more likely that someone was able to do this because there is a lack of security in their software engineering practices. This isn't aimed at you, but I think a lot of people are blinded by their support of Elon Musk and Tesla to acknowledge that ultimately he's one man, and Tesla are just a company that makes cars. People and companies are fallable.
Fully agree. In an ideal world all of this would be locked down, but you've gotta be prerty naive to assume that everything is perfectly locked down.
There are areas that I couldn't push code willy nilly, namely in the security space. But I'd be willing to bet that a majority of teams at any bigN could have a single bad actor cause some damage... That's just the maturity of the industry.
>There will always be a small handful of engineers that can push the button to move code into PROD or even change code in PROD live.
What? Why?
Nobody on my development team has access to the production code signing keys. And nobody - at all - has the ability to remotely make a production system take an unsigned update.
Yes, but that changes the scenario from a "small handful of engineers" that can all do it unilaterally, to needing at least one person from N different teams to collaborate.
And in my specific case, the group with the singing keys is also the group paid to tell us "no" whenever a release is blocked by process reasons.
My guess is that most people with access to signing keys or prod environments would have enough skills to code in some sabotage bugs before deployment or siphon off some data, so a lone devops person with (physical) access could probably a lot of harm just by themself.
Sure, I’m just saying our commitment to process is strong enough that the technical systems are a funnel into following a reasonable process.
I got dragged into defending my technical solution, but my point was that if the ability isn’t needed, don’t have it. You can break the glass when when you need to. Good process make deviation from it more visible. Our code signing keys belong to a team we already need wet ink signatures from to release software.
I can go into the biohazard labs with shorts on easier than I can leverage our technical disaster recovery. I’ve only ever had to do the latter.
"There will always be a small handful of engineers that can push the button to move code into PROD"
I have very different experiences from a SEC regulated company. With SOX there are controls to prevent such a thing to happen. If this is a SOX breakage, Tesla is in deep trouble with the SEC.
Can you explain how Sarbanes-Oxley applies to the situation of an employee sabotaging a production line? Specifically how it would inherently imply wrongdoing on Tesla's part.
Basically, SOX would apply if the numbers Tesla announce in quarterly reports were derived from metrics taken from production-line systems. The wrongdoing is the same in every cause of SOX non-compliance: misleading investors to manipulate stock price.
So Sarbanes-Oxley came about because Enron were stating investor-facing metrics that didn't match reality. SOX compliance comes about if you:
* are publicly-listed
* announce numbers to investors
If those numbers are counted by a computer, you must show that you have procedures in place to prevent a single person from making a change to the code which would allow them to choose what number is produced.
So, if you were some web app that mentioned Monthly Active Users in your quarterly results: bam! Your release process now has to be SOX-compliant, since the MAU calculations come from analytics (from the frontend, or from access logs) which could be altered by some nefarious code.
Note that the intent of the act isn't to prevent such a thing from happening, but to make sure there is enough information for external auditors to detect it if it occurs.
I can confidently tell you that some of the largest companies in the world don't do this... Or at least don't do it to the level that an auditor could confidently say "nobody nefariously edited this code/data".
Part of Sarbanes-Oxley is to make sure IT systems are not manipulated. This includes regulating access to systems and controlling software development. Mainly this means, people who write code can't push code into production systems on their own.
One person writes a requirement, this needs to be OKed by another person, then a third person writes this code and it's pushed to production. Controls are setup - e.g. checking JIRA tickets in git logs - that no code without proper authorization (corrrect JIRA status) is pushed and deployed.
People need to be able to trace every code change to the requirement and the OK.
In the core this only applies to systems that are in one way or the other relevant to financial data (like ordering), but auditors usually want to be better safe than sorry. But Tesla might have a SOX-IT and non-SOX-IT.
> Part of Sarbanes-Oxley is to make sure IT systems are not manipulated.
I would expect that there are limits to this. If a rogue employee engages in fraudulent behaviour against you, using "false usernames" to subvert your security as this employee reportedly did, then I don't see how the organisation could be considered responsible.
I'm gonna guess they use github and this guy just pinged an admin to have a few new github users called things like "Legolas66" added to the organisation.
Many orgs don't track github usernames to real human mappings well or at all, mostly because the single sign on version of github is 3x the price.
In the financial industry part of SOX is segregation of duty.
As a developer I'm not allowed to have write access to any production system, except in an emergency via a break-glass mechanism, which is audited to the hilt and back.
It also means we're not allowed to deploy software to production systems. This has to happen via a specific chain development > regression / user acceptance testing > production.
All those environments need to be physically seperated with very specific access requirements.
The deployment process needed to be signed off by outr auditors.
I can't speak for other banks, but they probably need to implement the same -, or a similar system.
Neither can I speak for SOX requirements regarding software fo car manufacturing.
I think it's your comment that's naive. Mature organizations have strict separation of duties, and a great deal of oversight over code reviews and code deployment. It is becoming obvious that Tesla's focus is on execution speed and other aspects (in this case internal security) are suffering.
You mean all the mature organizations that have security breaches announced every day?
Most companies do not have good security. Even when they do, it's hard to get it right, especially for internal attacks. Don't underestimate what a single individual can do when they're already inside and well-informed.
No, not for a company doing what Tesla does. In the environment I used to work in, that would have been flat out impossible. No change would have been allowed that did not follow process unless an explicit and documented exception was made.
Even if you did manage to commit code to the release trunk without review, every single change to the codebase was checked before the release process started in order to verify that the right process was followed. If we ever found a change that no one could find paperwork for, it would be reverted.
So, yeah, it's possible if you want to do it badly enough.
You're describing how websites work, but that's not how embedded systems work, especially those were lives are it risk. If this happened then it can only be because good practices were not followed.
A good system will ensure that others are notified when this happens. For critical stuff you could also require 2 keys to push code to production so no one individual can do it alone.
Code review is a policy. If there's automated enforcement, it's through software written by someone, configured by someone, on a server that someone has root access to, in a room that someone has physical access to. If you have code signing, someone set up and patches the code signing server. Someone configures the code signing enforcement plane on the target devices. Someone gets to provision new accounts and enroll new keys.
Code reviews are a thing, but physical/mathematical assurance that zero people in your organization can bypass them are not. However amazing your tower of automation and policy may be, there's at least one sysadmin underneath it all, and at least one guy with keys to the cabinet underneath him. That only starts to diverge when you're running on FIPS 140-2 Level 3+ HSMs and you need to assemble a quorum of operators to do anything. And those are quite easy to sabotage - just trip the tamper protection mechanisms.
This++. Even at large, serious organizations with certifications and important government contracts, there are inevitably dozens of people who are/were involved at various levels of the security infrastructure and who happen to know of some aspect of one of the "base turtles" that is secretly a shit show amounting to "this set of people is special." We used to like to play "where's the bullshit" in security design review, because you know there's always something in there with a big fat TBD at some level, and the folks who know what they're doing will readily own up to it and have a future plan for mitigation (often something which will always be a "future" plan). In my experience, the best designs are the ones that don't try to be 100% impossible to subvert, but at least can be audited. Meaning you may be able to come up with a way to push your code into the production line, but the stakes are high because you're probably gonna get caught after the fact.
There may have been. The article speaks of the employee using "false usernames". Code review may stop some foolish person pushing broken code, but it's not going to prevent a determined saboteur who's masquerading as other authorised users.
I'm baffled at your lack of imagination, but: keyloggers, unlocked terminals, API token sniffing from cookies, reactivated old accounts, changing the reviewing account id in the database, …
At Facebook, you could alter code even after somebody had given the OK for code review. I know some people specifically kept some small commits open after being approved, just so they could quickly make changes without needing approval if they ever needed to.
I guess my thinking is if the disgruntled employee was so upset over not getting a promotion to cause so much damage they must have been in a high enough position already to warrant such a disposition, and "high enough" might mean high enough to have push access themselves.
Edit: see closeparens comment above. Complicated systems can always be subverted when trust is broken.
That's all good and nice but in most cases, this is a matter of policy. If someone actively tries to circumvent the policy or the process, odds are that most software shops would fall victim to the same thing. Especially in the case of internal software. Even if you have a system that attempts to enforce the process, odds are that the system isn't without flaw and is not too hard to circumvent.
Most businesses who's primary money maker is not defense or security related... are not running their operation with a focus on defending themselves from themselves.
> If someone actively tries to circumvent the policy or the process, odds are that most software shops would fall victim to the same thing.
Too often the focus is entirely on outside attacks, with little consideration given to insider attacks. Previous job was at a cyber security firm. We'd routinely come under attack from criminal and, we believed, occasional nation state attacks as our researchers attributed a few "Axis-of-Evil" nation-state operations.
Then you'd come back from lunch and find the mantrap doors propped open, or someone left a workstation unlocked with root access to something important, or random guests just wandering around. It's a miracle we never were compromised by a disgruntled employee (of which there were many).
New job, new industry, same behavior. Folks leaving "secure" doors open, workstations unlocked with root access, and all that jazz. They're happy to cite a vague SEC regulation that may have applied at their last job, but doesn't apply to ours and even then, it's not like an attacker would ever give a flying fuck about what the SEC thinks.
I'm starting to wonder if this isn't all a comically bad dream.
> Then you'd come back from lunch and find the mantrap doors propped open, or someone left a workstation unlocked with root access to something important, or random guests just wandering around. It's a miracle we never were compromised by a disgruntled employee (of which there were many).
Maybe not the most technical solution to this, but one of my previous employers had a workplace culture of setting the desktop background to a rainbow with unicorns if someone left their computer unlocked. Sometimes even teams of two would work together to pwn some of the more alert members, by temporarily keeping them distracted while the other "attacker" did the business.
3 or more fails and the background bumped up to something pretty gross that nobody wanted, simply as a practical matter.
I actually thought gamifying it made it pretty fun, and at least for workstation locking, we were elite. Even today I'm sharp about it. Maybe it could be extended to physical access to areas as well.
Yup, we had two approaches. You could send out an "I love purple flowers" email to everyone, or the victim would be "Hoffed." That meant setting the desktop background to that picture of David Hasselhoff, nude with strategically-placed pups.
I worked at a place that did something similar. If you walked away from your unlocked computer, when you came back you might find you'd sent an email to everyone in the office saying that you're buying lunch today.
Yeah, this is funny, but a bad idea. You getting on somebody elses workstation, under their login - what happens if they are doing bad shit to the company? Now you have to explain why you were seen on their workstation.
We used to do this at LAN parties in the 90s... of course goatse was the preferred background. People quickly learned never to leave their seats for more than 30 seconds. Most people would just do a 5-10 minute power-nap in their chairs.
Doesn't even need to use unicorns or something gross, the simple fact that the person was perceived as a "he got caught" is enought. Yes, shaming has its uses...
Not sure if you've tried lately, but when you pay cash for a burner phone, most retail outlets require a driver license to scan your information into their system. When you activate it, you need quite a bit of personal information.
It used to be really easy, but law enforcement is cracking down on the ability to buy and activate these anonymously for obvious reasons.
Are there ways around these? Sure, but it's not nearly as easy as you're proposing.
> I find it concerning that one person was able to push malicious code to 'production'.
Production line software is almost certainly handled separately from the software that runs their vehicles, and isn't "production" in the usual web sense of being customer facing. This sounds more like someone messed with their factory automation setup.
Are you trying to us that less stringent controls on manufacturing software is in any way acceptable?
Manufacturing process (including mfg software tools) are a huge potential source of product failure. I don't know about automotive QMS specifically, but I work in embedded software for safety critical systems. If an unreleased procedure or unreleased software is used to build the hardware, or unreleased software is run on the hardware, it's not even suitable for QA (let alone going to the field).
>> Production line software is almost certainly handled separately from the software that runs their vehicles, and isn't "production" in the usual web sense of being customer facing.
> Are you trying to us that less stringent controls on manufacturing software is in any way acceptable?
Yes.
It is simply uneconomical to develop all software in a no-bugs-allowed NASA style process. One of the classes of software that can easily be placed in a lower scrutiny bucket is industrial software where the the result of the industrial process will be separately checked by a quality control process.
This is in dramatic contrast to safety critical software in cars, for example the battery management software or the fly-by-wire systems. Defects in these systems, in contract to industrial software, are much more difficult to discover by inspection, and failures are much more costly.
Yeah, in that case the controls are moved from the development process to the downstream verification. Sorry if I wasn't clear, I originally had some wording about how known unknowns are handled in my post, but it was getting unnecessarily long and felt like a diversion from the hypothetical I was responding to. I was focused more on documentation are repeatability of process than the quality of the tool themselves.
>> I find it concerning that one person was able to push malicious code to 'production'.
>Production line software is almost certainly handled separately [...] This sounds more like someone messed with their factory automation setup.
For a production line, I would still expect a level of control over exactly what software was running and how it was configured, even if it was SOUP.
edit: SOUP not SOAP. I need to stop posting in the morning.
No one is saying "no bugs" NASA level code is required. Basic SQA must however be conducted- factory automation software is not something where you can settle for low quality as you seem to imply. Something tells me you've never worked in factory / production environments. There are critical safety requirements that must be checked, especially in environments where machinery is operating in proximity to workers. Not only that, but there are huge financial incentives in place to ensure high quality. A bug in an early step of a manufacturing process can cause massive amounts of rework or even scrap, leading to huge losses.
Chill out. Every system that relies on human input can be fooled and broken. How do we know this employee wasn’t the one responsible for loading new code into the machines once validated? Anyone looking to spend years infiltrating a place for a goal will do whatever it takes to circumvent security measures.
Yes. It's not "manufacturing software" (if I'm right about it being the factory control system), it's more like glue code tying all of the different bits and bobs of the assembly line together. This kind of system is usually built in ladder logic or function block diagrams rather than as source code, is typically a whole lot of very simple bits side by side, and often needs to be tweaked in realtime during production. It's likely that quite a few people (definitely more than 2-3) have direct access to modify this sort of code and are probably monitoring and fine tuning it continually.
It's not really comparable to your work where you're writing the OS or system code for a safety PLC or something, and you quite rightly have to maintain a very strict process where everything is fully documented and triple-checked so you can prove that it meets your target performance level. All of the stuff that does need that kind of precision is locked away into modules (like the aforementioned safety PLC) which just gets plugged together like Lego by most of the controls team.
(All this is kind of moot, though, because it says that the culprit used a few different logins to make their mischief. Depending on the permissions set for those logins they could have bypassed pretty much any formal workflow, at least temporarily.)
That may indeed be the case, but I can still see Tesla ship "damaged" cars, that could lead to crashes, because of something like this.
Furthermore, what if Tesla has the same kind of "security" in the software division, too? Can just about anyone in the Tesla team develop and push malicious code to the Autopilot?
I've always thought that Tesla has "better than most" software security for its cars, but I've never thought even that was "good enough". I don't think any carmaker has the kind of extensive security measures put in place that should be required for something that drives you to places on its own at high-speed, can be accessed remotely, and receives OTA updates.
> To me, this suggests that Tesla, a company building highly sensitive software, does not employ basic branch policies.
Are they building highly sensitive software?
I would suggest that the factory automation systems would be sensitive to downtime more than anything else, and the ability to respond quickly with changes would be very valuable. Merging policies would only slow this down.
I would also suggest that there are many other internal tools, from machine learning infrastructure to small internal webapps, or supply chain management software that really aren't sensitive, and where the whole dev team having the _ability_ (whether that's used often or not) to push to master is advantageous.
Where is it not appropriate? Customer databases, HR tools, the autonomous driving software, perhaps?
Different development teams can work in areas with wildly different sensitivities and priorities, and in many cases it creates a better culture, faster delivery and more ownership to have developers able to push to master. Not always appropriate, but worth striving for when it is.
> I would suggest that the factory automation systems would be sensitive to downtime more than anything else
If somebody pulls some shenanigans on the sofware, which is responsible for actually building the cars I'd wager that such software is even more critical than the software in the cars.
Just imagine some twiddling with the break systems being manufactured.
So I don't believe downtime is the major concern. Security of the final product, which is directly derived from such software, is.
Sure, changing factory automation in a way that might affect the quality of the finished product would be sensitive. I don't know how much of an opportunity there is to do that – I'd expect it's much more "it works or it doesn't" with factory automation, but I honestly don't know.
This was factory automation SW, not car SW. Robots could kill people also, but afaik those robots are protected from people there, so it's only economical sabotage.
And to those were wondering about robots sabotaging security sensitive car equipment: This should not be possible. In such situations you'll always two independent chains of control, one in HW and one in SW. In the car. HW breaks down eventually and SW is always partially broken.
I know in Microsoft it would be relatively easy to push destructive code changes. It depends on the product though. I was able to connect to production machines.
From my experience on the O365 team, it would have been difficult to push code without approval because it would have voilated a number of the compliance requirements that area of the business has to meet.
But yeah, I suppose there are other areas of the company that might have more relaxed requirements
I disagree on the o365 team, since most of the programmers are WiPro and TaTa and shuffle in and out.
While I was on the Enterprise services team, looking upon IRadaS for something that broke after a push we always debated was it malicious or incompetence.
You can enforce it on your git server. My experience is with Bitbucket but I'm sure Github has the same options. You could set up something like: nobody can push to master except through the PR UI, all PRs must have a reviewer, no PR can be merged to master without being approved by all reviewers. That way you guarantee that everything on master can be tracked to a dev + a reviewer giving sign off.
Sure but who admins the git server? At work it's actually me (and my team) - we have backend access to the git repos as a necessary result of that. While it would be tricky to hide changes, if people only merge via PR it would be easy to bury a few extra commits no one worries about provided they don't break anything.
>I know in Microsoft it would be relatively easy to push destructive code changes.
So why did it never happen? Or if it did, why did Bill Gates not leak an email saying they found the culprit, and that they believe he was hired by those unscrupulous companies, Lotus or Oracle?
I would say it's like the difference between China and America having a major environmental accident - we treat developing economies and businesses differently from established ones.
Judging from their username, tslathrowaway31, this could be an insider who knows more than what's in the memo.
Regardless, I think configuration should be treated as code (use version control and reviews, write tests), since the damage you can do through misconfiguration is often as great as anything you can do with code.
As the under-handed C contest (http://www.underhanded-c.org/) demonstrates it's perfectly possible to write code that both looks innocent and apparently is innocent when run in a testing environment. You cannot produce a set of tests that show 'this code never causes anything bad to happen' so a sufficiently skilled malicious programmer could certainly write something that could cause issues that would pass stringent code review, testing and other quality control processes (especially when they have an in-depth understanding of those processes themselves).
I have no idea what has happened at Tesla, it's perfectly possible they lack processes they really should have, but you cannot prove that from the information available.
And even if they do lack review processes, it can't be said that putting in even the strictest of review procedures would stop a determined attacker.
It's almost childs play to hide a security vulnerability into a large 1000 line PR, down some error path, through a use after free, hidden deep in a library, a buffer overflow, a debug handler, or anything else really.
> How is is it that these changes could have made it through a code review process
Most companies allow you to add on code and then push it after it has already been approved (mainly to account for small nitpick changes)
> get deployed?
I would assume through the normal process? You don't have to immediately try and blow up everything causing an immediate rollback. If you are smart, you'll pull a stuxnet [0] and carefully fuck up the machinery to try and make it go unnoticed.
Because it wasn't code pushed out to users. It was code pushed to the factory.
Codereview is a methodology to get high quality code you can stand behind and put your brand to.
Maverick engineers making hodgepodge changes and knocking things together quickly with no oversight is the way you get a proof of concept prototype working fast.
For the factory, I take it they're still in (or have returned to) the latter methodology.
If they really had access to credentials for multiple accounts, then I don't see why they could not +2 their own code commits. Provided the code still builds and passes basic functional tests, I doubt anyone would see this.
Could it be that folks started looking at code commits when vehicles started behaving badly?
At the very least you would expect these images to be signed. There's no way code should be injectable on the floor. The boot loader would simply not accept it. And you would expect any signed images to be code reviewed, regression tested, and system tested. Still, no way for sabotage on the floor.
Ok, but we are trusting this 'young and rambunctious' company to produce software for self driving cars, where lack of appropriate policy controls could result in serious consequences if another "disgruntled employee" decides to sabotage the codebase
Really, the most worrisome aspect of this story isn't the alleged sabotage: it's that a single unauthorized employee was able to make such widespread changes to the software.
Says horrible things about Tesla's security policies, especially for a company claiming that it will unleash true self-driving sometime in the next 6 months.
I have no problem believing that a disgruntled employee sabotaged part of the production line. But I do have a problem believing that all of the problems since the Model 3 started production were caused by sabotage.
I also have no problem believing that the disgruntled employee simply wanted to take revenge by sabotaging his/her employer -- that's not uncommon, and it should not be difficult to prove if it really happened. Musk is going a bit too far in suggesting that other forces are involved unless he has credible evidence, and he should share it if he has it.
Sure, but he seems very eager to steer the thing towards external interests and sabotage rather than this being an isolated incident. Sounds to me that he is fishing for scapegoats in general...
I read it as a general motivational tactic. Everyone else is out to get us. We need to pull together. They want us to fail, let's prove them wrong. From coaches or CEOs. This is essentially newspaper clippings in the locker room.
Yeah I find it too coincidental. There was a news article if I'm not mistaken about how Tesla put in a lot of work into trying to automate making cars that failed. A lot of big car manufacturers commented how they tried the same and he didn't learn from their mistakes.
This might be the language put there among other things to encourage employees to be vigilant (us vs evil them is an effective way to motivate people).
> I have no problem believing that a disgruntled employee sabotaged part of the production line. But I do have a problem believing that all of the problems since the Model 3 started production were caused by sabotage.
No such claim was made. So your entire post begs of fear mongering.
You have no problem believing a sabateur who exported data to an unknown third party when he says he acted alone out of spite? All that was said in an internal email is that it's possible that other forces were at play and it's something they're investigating.
> But I do have a problem believing that all of the problems since the Model 3 started production were caused by sabotage.
So, uh, where exactly is that said? In the email, or anywhere for that matter? On my monitor, the email doesn't claim any influence on Model 3 production problems, much less "all".
> suggesting that other forces are involved
"Investigation" and "be extremely vigilant" are a mite different from "suggesting".
You might want to consider talking about what is actually written.
Did you see this paragraph in Musk's email? It is pretty suggestive:
> As you know, there are a long list of organizations that want Tesla to die. These include Wall Street short-sellers, who have already lost billions of dollars and stand to lose a lot more. Then there are the oil & gas companies, the wealthiest industry in the world — they don't love the idea of Tesla advancing the progress of solar power & electric cars. Don't want to blow your mind, but rumor has it that those companies are sometimes not super nice. Then there are the multitude of big gas/diesel car company competitors. If they're willing to cheat so much about emissions, maybe they're willing to cheat in other ways?
> You might want to consider talking about what is actually written.
You might want to consider that the author knows full well that the implication is what really matters, and that people who only think about the literal written words are missing the point.
Oil and gas companies have a far easier, and legal way to destroy Tesla: they could simply buy up its outstanding debt and call it in. That would immediately bankrupt Tesla.
As it so happens, a number of the oil and gas companies have recognized that oil and gas are the past, and have transitioned to calling themselves "energy" companies and are spending billions on alternative energy industries.
Also even if they did...Tesla can issue new debt to fund it - which would be more valuable to the debt holders because the'd now know there's a good chance they can sell it on.
The market can remain irrational a lot longer then you can remain solvent - and no one company is big enough to ignore this.
They could try to issue new debt. But who would want to acquire debt in a company that is about to be forced into bankruptcy by its creditors?
The second round of debt would be subordinated to the original round of debt, meaning that new debtholders would make back pennies on the dollar, if that.
Why? Nothing about the valuation has changed in this scenario - the valuation has in fact gone up because a large player has moved into the market and is (1) buying up all the debt instruments (so their value is going up and up and up) and (2) if you're an original investor, you still believe you'll make your money back on Tesla, so all you do is sell your holdings to Big Oil, and then offer the exact same terms again to Tesla to payback the original instrument. And it means you've already made your original money back, so you've got the cash to spare to do it.
Have participated in corporate debt structuring before.
Standard terms allow for debtholders to call in a debt before it matures if they have reason to believe the debtor will be unable to pay back the loan at the end of the term. With Tesla's long-standing liquidity concerns, it would be absolutely shocking (and could even constitute legal malpractice for the debtors' lawyers) if the debtors didn't have the right to call in the debt under such circumstances.
If you look at the charts they provide, nearly half of Tesla’s own and SolarCity-inherited debt is in the form of convertible bonds. To the best of my knowledge, convertible bonds trade off debt seniority for the potential upside of an equity vehicle.
It seems that the rest of their debt is in the form of “vanilla” long term bonds. Very little comes from a revolving credit facility or other short term bank financing.
To the best of my knowledge, there is no such thing as a call provision exercisable by a bond holder. This would seem to defeat the entire purpose of issuing a bond from the issuer’s perspective in the first place; namely, access to capital for a finite amount of time in exchange for a fixed interest payment. Some bonds are certainly callable by the original issuer, at a premium to market price, but I struggle to think of a single publicly traded bond that gives the kinds of debt covenant style call provisions that you’re referring to.
Protecting a company against sabotage is a CEO's job and competitors enticing/inducing employees into acts of sabotage is a plausible threat, in this light an internal leaked memo is not a public accusation and so reasonable.
Hardly. Stating that something is a possibility that is worth looking into is not anything close to implying that that thing is necessarily the case. This is basic critical thinking 101.
I think that he is probably playing up threats like that in order to distract from what appear to be systemic problems at Tesla.
But, to be blunt, I've seen what organized activists in the bay area are both willing and able to do, and so I'm not comfortable with writing off the idea of sabotage as _absolutely_ impossible
I definitely don't put it past him as others do this, I get that. It's a different level about what message tesla wants to send if he either sent an email to be leaked vs. saying this in a interview vs. saying this to share holders vs. putting this out as a formal statement.
Everyone's reaction to this seems to be "He is crazy / paranoid". He gave very specific examples of things this person did. If you were someone with a large position against Telsa, or a competing manufacturer, or an oil / gas company finally picking things up after a terrible oil price collapse, yeah maybe it makes sense to go mess things up subtly enough that the company slips a little bit closer to bankruptcy? I'm not saying I 100% believe this theory, but when you're working at this level as CEO I feel like you have to at least consider the possibility.
>Everyone's reaction to this seems to be "He is crazy / paranoid".
He also investigated "sabotage" when a SpaceX rocket exploded in 2016.
>or a competing manufacturer, or an oil / gas company finally picking things up after a terrible oil price collapse
This is borderline ridiculous. Are you really convinced that Tesla is on the verge of upending the entire energy world? That any minute now they are going to put Big Oil out of business? Companies like Exxon and BP are doing far more R&D into renewables than Tesla is. They aren't even thinking about Tesla. Other auto manufacturers are spending more on R&D and working hard to get cars out. They are behind, but they are succeeding.
Outside of the coastal elites or tech junkies, Tesla is practically unknown and is a rounding error to competitors. The data shows they aren't "growing like gangbusters". Model S/X are stagnating, SolarCity is installing far less per quarter (and essentially laid everyone off recently). Read the financials.
There are tons of competitors in both renewables and cars, but they all decided to pick on Tesla, did they?
>but when you're working at this level as CEO I feel like you have to at least consider the possibility.
So you say it in an email and leak it to the press before any investigation is done?
I called this a long time ago, on these forums: if/when Tesla blows up, everyone is going to point to some conspiracy, rather than lack of execution. Silicon Valley has completely lost touch with reality.
And, of course, BMW and Mercedes are simply incapable of competing with Tesla on quality engineering and streamlined manufacturing processes, so the only option they have left is sabotage.
It is very hard to connect electric motors to laptop battery packs and to replace the dashboard with an android tablet.
Nissan’s LEAF famously struggled with battery degradation over time.
You can shade Tesla’s execution/financial performance/etc., but the battery technology improvements they’ve made are real. They’re going to be the first battery manufacturer to deliver costs of lower than $100/kWh, not to mention effectively doubling global production of lithium ion batteries.
A BMW is my most driven car, and I’ve test driven the i3, but it’s quite glib to suggest that BMW and Mercedes could come out with an electric car at any point in time. Tesla’s batteries have degradation performance like this: https://www.digitaltrends.com/cars/tesla-batteries-last-long.... BMW only offers a warranty on the i3 battery to 80% capacity after 100k miles.
One last thing: clean infotainment software is not a given. BMW iDrive was terrible until 2016. The Mercedes interface is still ugly. Neither maker has touchscreens standard.
I agree that was glib, but some of the statements made by Tesla fans (speaking as a former somewhat Tesla fan myself) are just asking for it.
—
I don't want to dismiss Tesla, they did achieve a lot. However, it would be a mistake to think that there's some technological breakthrough that they possess that makes them unbeatable or even the most likely winner in the upcoming electric car competition.
Among the reasons why, I would say there are many — engineering culture (and part of that is quality control and standards), haphazard management, brain leak (because of the competition poaching employees, unclear financials, and the management), financials (not making a profit and burning through money like crazy), dismissive approach to the competition and other company's engineering efforts and solutions (stupid robots everywhere, autopilot with the freaking webcams, when everyone said it's a bad idea).
I think the reason why we see that BMW, Mercedes, Audi and others are not building the electric cars with the same favorable characteristics as Tesla, and without similar fanfare, is because they have a bottom line that they'd like to stay in the black.
They have to know that electric car market is a very small niche right now, and they are letting Tesla to be the one who makes customers intrigued and creates some pressure for bringing up at least a little bit of infrastructure for the charging.
Imagine the daily commute in the big city, how many cars are driving through the main city artery? How many cars are pumping gas in any given 30 minutes? How many supercharger stations are needed to accommodate for this? I think you can create a societal collapse right now if 5% of the drives in US would switch to electric cars. People wouldn't find a place to charge their car, electric grid would become unstable and overloaded from all these people who hooked up Tesla to their 200 amp residential fuse box, while having dishwasher, washing maching, drier, TVs, computers and a ton of lights running. For fun, you can also imagine superchargers with enormous lines, with people reserving spots and selling them to those who are in a rush.
I'm sure that the blunt of BMW's and alikes engineering resources are spent right now in different areas, because they just can't afford building this perfect electric car which only 1% of their customers would want to buy. That's how you get bankrupt. Remember Apple Newton?
It could certainly be that the German automakers are more concerned about present profitability. That could easily turn into falling victim to the classic innovator's dilemma. It seems that by year end, both the Model S and Model 3 will have taken significant market share from their European competitors: http://europe.autonews.com/article/20180220/ANE/180219831/te.... The cannibalization is real, and that's why luxury automakers like BMW have announced plans for 12 fully-electric models by 2025 (https://www.theglobeandmail.com/globe-drive/news/industry-ne...).
Your points about electrical infrastructure are definitely thought-provoking ones. I'd agree that the infrastructure as of today doesn't exist for widespread adoption. At the same time, the market that Tesla and the luxury European automakers compete for today doesn't hit that 5% threshold (http://www.wsj.com/mdc/public/page/2_3022-autosales.html#aut...). Add up the market share of car (not truck) sales from BMW, Mercedes, Audi, Porsche, and you're looking at a ~3% market share.
I think this section of the video from Sandy Munro is worth a watch: https://youtu.be/CpCrkO1x-Qo?t=1730. Munro has been a huge critic of the build quality of the Model 3, but that everything "below the skateboard [the floor]" is seriously impressive. The cells in Tesla's battery pack have a maximum of a 0.2 milliamp difference between cells.
Say that I accept your premise that the German automakers today are biding their time, and could spend their R&D money on electric cars if they so chose. Who will they source their battery packs from? Will they try to build their own supply chain for the raw materials? What competence have they demonstrated in creating electric powertrains that deliver the acceleration and speed that we expect from luxury cars?
Lastly, I think your "market size estimation" here is dramatically off. BMW last year delivered 2.4 million total cars. They sold 103k "electric" vehicles last year, with 31k of the i3, and the rest probably being comprised of hybrid versions of their existing 3 and 5 series sedans. (https://www.press.bmwgroup.com/latin-america-caribbean/artic...) This was 65.6% year over year growth. For 2018, they expect "high two-digit growth" to continue. The demand is there, even from their own existing customers.
From the standpoint of anyone trying to sabotage Tesla, the risk/reward ratio is extremely high. To claim that someone is trying to do so is an extraordinary claim, and we all know the saying about extraordinary claims...
Elon says that the person claimed he did it because he didn't get a promotion he wanted. That's probably true because it would be the least extraordinary possibility. But it doesn't hurt to consider and prepare for extraordinary circumstances.
That was my initial reaction to that assessment as well. Normally the risk-reward ratio is high, but with the largest short position of the market (at some point inthe last couple months, possibly still currently) at above $10 billion, that's a lot of potential reward that might be capable of being paid out, even when we consider that much of it is small individual positions.
People at Tesla are working incredibly hard, they just had a FTE mass layoff and are relying heavily on 'associates'.
This reminds me of the darker days at Zappos with their holocracy business model and all powerful vanity CEO. It's not hard to imagine the disgruntled moving fast and breaking things in frustration
There's no evidence that the guy was paid to sabotage Tesla by any competitor or anything other than a purely personal grudge. That an upset worker intentionally sabotages a production line isn't the extraordinary claim; that your competition is paying some workers to sabotage your production lines is.
There is no evidence for any of the the claims being made. Unless we see a criminal investigation and charges this is nothing more than pr.
Musk does sound a bit like a paranoid crack head but the pr gambit is to distract from the recent string of tesla crashes and spontaneous combustions by floating the idea of sabotage.
Of course they cant directly allege sabotage because it is absurd but if you put the idea out there then people infer it.
This is the crazy thing about the stock market in general, it incentivizes you to cheat and get dirty in a lot of ways when a large amount of your money is in it.
If anything, the stock market discourages this, because without it, people with a lot of money invested into things wouldn't be able to liquidate it at any price (before the investment matures), so they'd be more motivated to deploy illegal means to protect their wealth.
> In 2007, a comprehensive study of markets around the world found that ones where short selling was legal and common were more efficient than ones where it was not. And a 2012 study concluded simply, “Stock prices are more accurate when short sellers are more active.”
Short selling is a _good thing_. Blaming the short sellers is the practices of companies like Enron, AIG and Lehman. Elon is not covering himself in glory here.
Pointing out that short sellers have an incentive to meddle with a company's performance is definitely fair play. Sure short selling by itself is not harmful for overall market performance but, generally, it's a lot easier for third party to affect a company's downside than their upside. That's just a fact of life.
Agreed. In many cases, short sellers do a better job of identifying, researching, and flagging illegal behavior than government agencies charged with enforcing the rules.
Its also true of long investors: they also do a better job of identifying, researching and flagging top-performing companies than government agencies charged with the task.
The key thing is, motivation. Both long and short investors have motivations to cull the herd.
I'd argue neither side is "good". It's good that we have both opposing sides. Both can be exploited for bad, but each time it happens there is an opportunity for the other side to gain something. And a smart investor certainly keeps open eyes for both directions.
I concede it's possible that saboteurs are operating within Tesla, but lashing out at invisible enemies sends a strong "crazy" signal. Elon has been sending a lot of crazy signals lately...
I think the boogeyman is whoever the guy was exporting data too, since they found data exportation features. Because why have data exportation unless you are doing it too somewhere.
I read "exporting data" as "took home a sql dump and now plans to sell email and related data on the darknet". Standard small blackhat stuff, not industrial espionage, but I doubt tesla will publicly say what happened in this case
The problem with this is that absent any other information he could have been sending data to literally anyone, including his mother's raspberry pi, the New York Times, a foreign government, a competitor, a nefarious trader, an FTP server he set up the day before, or anywhere else in the world. Jumping to conclusions is indicative of having already made your mind up, which itself could indicate some paranoia.
This was a major plot arc in the show Billions - a hedge fund that was short a company (Ice Juice) so they paid some shady characters who sabotaged it to ensure that the hedge fund won their bed.
The idea was that if you needed things done and you had enough money there was a surplus of characters in NYC who could get those things done.
(This season a Russian oligarch character proposes murder in order to ensure his returns.)
I am unsure if they were referencing reality in the Ice Juice sabotage scenario in that or just dreaming up absurd scenarios for entertainment value.
> "NEXT!! NEXT QUESTION!! This question is boring. No more boring questions. No more questions based on facts or analysis of Tesla. Please focus all questions on space travel, the mars colony, big data, SpaceX, with leading questions to imply a merger with SpaceX. If you dont have futuristic questions that defer reality, at least ask questions that let me assure you that I took physics in college and can now ignore basic battery physics in my press releases and stock promotion scam. Now someone pass the cocaine so I can make it through this call. Where’s that kid from YouTube with the fun questions??"
> Looking forward to having a great week with you as we charge up the super exciting ramp to 5000 Model 3 cars per week!
This was actually the most surprising part to me -- it appears that they believe that they will actually make the 5K/week goal by the end of this quarter.
As to the allegations... the email doesn't say much, but it sounds like a disgruntled employee grabbing data to me, and perhaps modifying some OS code in order to achieve that (eg: backdoor).
If there had been actual, Stuxnet-style sabotage of plant machinery and the like, I would have expected the email to address this instead of leaving every employee in the dark as to why things around them are breaking.
What if that communication was an attempt at discovering the leak source? Maybe there is an uniquely identifiable token or wording in the original mail(s) (per division, or team). Did any one counted the spaces or looked for invisible Unicode characters?
They could also find a few places where synonyms can be substituted without sounding weird, a few places where a comma is optional or can be replaced with a dash, ... much more likely to survive a journalist doing the responsible thing and retyping the e-mail.
For example:
His {stated, claimed} motivation {is, was} that he {wanted a promotion that he did not receive, did not receive a promotion he wanted}. {In light of, Given} {these, his} actions, not promoting him was definitely the right {move, choice}.
This can be detected by people comparing two e-mails, but the unicode trick can often be found just by looking at one of them, so I wouldn't say one is more stealthy than the other.
I don't know if you've worked in a large corporation, but during my time in one we would constantly get senior management talking about how we were doing really well and going to do great things and we were making history.... whilst goals and deadlines were missed constantly and everyone knew we had no chance of meeting them. We had a product delayed by 4 years and when it finally shipped the head of software sent out an email congratulating everyone on their hardwork on that final push to get it out before the EOY deadline (the original deadline was EOY 4 years earlier). It's just what senior management does, don't read into it.
Yeah but in this case, this is not a goal, but the goal everyone both inside and outside has been monitoring closely now.
It could be bullshit, it could be a PR stunt... but to what end? We're going to find out the real number on August 1st anyway, when TSLA reports their Q3 data.
Shorts in volume should do the opposite and act as a drag on the price because they represent shares sold today vs. in the future. That creates downward pressure on demand as the more people who sell today, fewer remain who are willing to buy at the same price.
That may be the case when the short volume is increasing, but at this point, with the stock price rising, traders should be looking to exit their short position.
If anything, with such a large volume short, a short squeeze is a serious likelihood in the near future.
> There's $10B in TSLA short positions, when the numbers get this big its not unthinkable
Yes, it's unthinkable. If a $10 billion short were to even marginally pay off, regulators would dig deep. Anyone with that kind of cash on hand is savvy enough to know that. Sabotaging a visible company, with lots of stockholders and lenders and bankers standing to benefit from the company's success, to pay off a short is something that sounds plausible in fiction but is boneheadedly moronic in real life.
You seem to have a great deal of faith in regulators. In most cases, they're under resourced, outgunned by corporate lawyers, and may have a bunch of different incentives to look the other way. Even if they do find egregious wrongdoing, many times bad actors will get a slap on the wrist or it'll be blamed on a single individual.
If you're curious, read Fooling Some People All of the Time by David Einhorn, who ironically, is short Tesla.
Why would they dig deep? Tesla has had many documented, self-inflicted execution issues with nearly every single one of its mass-produced cars. Tesla's done far more damage to itself than a single saboteur ever could.
Whenever an outsized high-risk position pays off, multiple regulators--at the SRO, state and federal levels--investigate. Mostly for insider trading. Sometimes in response to investor complaints or broker arbitration proceedings.
These are well-paid professionals at the SEC, CFTC, FINRA, state financial services regulators, Federal Reserve, OCC, Treasury, and a bajillion other acronym agencies. Some of them are there while they wait for something better in industry. Many eye an administration appointment or political office. These are motivated people with comprehensive data across multiple markets, all tied to the natural persons behind accounts.
Corollary: One will notice that most insider trading busts happen to mid-level employees at publicly-traded companies. Not traders or hedge fund managers. A large part of this comes down to the general public having no idea how competent securities regulators are. So while someone in the industry would never e.g. text about insider trading before buying out of the money options in a relative's name, Midwestern CFO's daughter sees nothing risky about that.
I don't think "outsized" is a factor here. How invested is the plurality shorter here? Maybe $10 million? One-thousandth, even one-hundredth, of a market position doesn't sound like an "outsized" investment to me.
I originally criticized the notion of a short seller sabotaging Tesla to make money. The moment you reach the scale where it makes sense, it also becomes easily discoverable.
Serious question: would the penalty for sabotage be greater if it came with a short-sale payoff? Is sabotage somehow considered insider trading? I can see some kind of vague fraud charge, but is there a specific law that punishes sabotage more harshly if one financially benefits from it?
> I can see some kind of vague fraud charge, but is there a specific law that punishes sabotage more harshly if one financially benefits from it?
Not sure. My point is one's odds of being caught go way up if the sabotage is twinned with securities transactions.
Nobody scans for sabotage. Many agencies scan for insider trading. After a corporate event, e.g. an earnings revision or surprise, thousands of automated systems look for trades that were unusually (a) profitable and/or (b) large.
To make sabotage worth it, one would need to enter into trades that are (a) small and unusually profitable or (b) large and usually profitable. Those trades will get flagged by systems designed to catch insider trading. That, in turn, will result in a human trained to spot unusually-clairvoyant trades reviewing the case.
There are many reasonable motivations for sabotage. But for all of them, the gains must outweigh the operation's cost and risk. Short-selling gains don't make the balance.
>There's $10B in TSLA short positions, when the numbers get this big its not unthinkable.
Once again, much of the short interest is not naked shorting, but is in fact people and institutions hedging their long bet on a stock that is very volatile.
> This included making direct code changes to the Tesla Manufacturing Operating System under false usernames and exporting large amounts of highly sensitive Tesla data to unknown third parties.
How do "false usernames" work in a modern development environment where all commits are tied to a single real-world user?
Are we really saying that Tesla, a company building highly sensitive software, is not employing basic branch policies? How is it that these changes could have made it through a code review process and deployed to 'production'?
What I take away from this is that one malicious actor was able to single handedly deploy malicious code and that there were no processes in place to stop this. That is a far more worrying issue
Not sure if it changes your point at all, but the changes were to the manufacturing operating system, not the car OS. I'm not familiar with manufacturing but I imagine there are a ton of different systems and perhaps not all are as secure as the other. I recall reading they needed some paint improvements, so perhaps they changed something there. I don't imagine they would have software controlling paint totally locked down.
Most manufacturing machines run G-code. Simply changing one of the G-code values (text editing) would cause the machine to make parts incorrectly, and this would screw up things down the line. https://en.wikipedia.org/wiki/G-code
on my Haas mill, the code is directly editable by the operator. On my robots, the code is 'taught' by moving the arm and telling the machine that the new location is the updated. It is routine to have to adjust minor things in the robots, the operator would have to have access to do their job.
I had a welder put a washer under a sensor on my robot one time, making every weld 1 mm in the wrong spot. We couldn't figure it out and ended up reprogramming the entire setup, 8 hours, to fix it. A week later I noticed the washer, put there by a guy who I fired for bad attitude a week before. Once I had found the washer, I had the choice of going back to the old code, or leaving it with the new code.
I left it with the new code. I didn't have another 8 hours to waste to fix the fix.
Even tiny companies like mine can have sabotage. Why not Tesla?
"Are we really saying that Tesla, a company building highly sensitive software, is not employing basic branch policies?"
I suspect they aren't. They're trying to hit a number. Elon is on site personally stepping on anything that might impede that goal. They're in desperation mode, running a car company like a startup, erecting tents to house parts of the plant, firing contractors left and right. Are some of their coders banging in changes with little to no review and pushing to "production" -- such as it is -- right off master? Would not surprise me at all.
I don't know what to believe. On one hand Elon claims they've got some sort of admission from someone. On the other I remember the theories he entertained when a Falcon 9 blew up on the pad; “We literally thought someone had shot the rocket.” I tried to explain how infeasible that would be but people don't want to hear it; lots irrational thinking around all things Musk/Telsa.
Anyhow, sabotage isn't uncommon in big plants. Grievances emerge and people sometimes pull some Bolt Weevil stunts to hit back. Usually manufacturers deal with the problem as quietly as possible. Elon, knowing perfectly well his email would leak, decided to make a splash instead. Maybe looking to line up some excuses if they miss the number. Who knows...
"That is a far more worrying issue"
Not for me. We have filled the world with safety; everyone playing by Marquess of Queensberry rules. Nice to see an exception. Yes, even if it costs a few lives.
My company only allows authenticated users to commit changes. Even pull requests on our public repos get scanned and reviewed before human review. And pull requests are infrequent enough that unknown users usually involve some interaction.
It seems like if an organization is allowing randos to push changes, they would also allow randos with valid pgp to push changes as well. So the investigation would change to “Who the fudge is B8956DBFEE7C105C?” instead of “Who the fudge is Bob Goodguy?”
What you might not realise is that the author of a commit is not related to the (authenticated) user who pushes.
You couldn’t merge changes from multiple people otherwise.
Signed commits do fix this although you have to be careful about your threat model. Lots of software (e.g. gitlab) will prevent alice from pretending to be bob but will not protect you against server compromise (because public key directory and signing enforcement are done on the server).
Working at an org which does signed commits, it doesn’t buy us quite as much as we would like.
Also, if you enforce signing you can’t mash a server-side “merge” button anymore because that commit would need to be signed...
This complicates the pr/mr workflow for teams and increases resistance from those who don’t see the value in signing.
What I mean is that making fake author accounts and then merging with an authenticated account shouldn’t help a malicious actor. Any competent project will be interested in the accounts contributing.
Maybe my org is just simple but if “John Doe” started submitting pull requests and prepend merged them, it’s me on the hook and there are people interested in who John Doe is. And in my org, even John Doe needs a network credential so even their local git instance (which I’ve never seen anyone use) would need a credential.
> but will not protect you against server compromise (because public key directory and signing enforcement are done on the server)
Which is why it's important for the security team to directly manage and be responsible for the code repository server. Usually the server also stores all the git repositories in some filesystem directory, meaning that server compromise would allow an attacker to remove all the company's code, regardless of permissions set for those repositories, and potentially leak it.
I don't know about at the infrastructure level, but seems possible to use false name and email on git. I mention infrastructure because I presume that commits should be reviewed, and that it shouldn't be possible to update software outside of an automated/controlled structure that relies on only pulling code from authorised branches.
The code review systems I’m familiar with give you the opportunity to submit code that’s different than what was approved. The assumption in these systems is that the developer is acting in good faith.
There's something really sad about all the people who are claiming that Musk has developed deep psychological problems in recent months.
Do they really think these claims are going to stop people from buying his cars, or stop big companies from hiring SpaceX to launch their satellites into orbit? Or that it will cause the megafactory to be a total failure?
I think what we are seeing here is speculators who have bet deeply on Tesla's stock crashing and are about to be wiped out. They are desperately trying anything they can to undermine the company, even though they know it is very unlikely to succeed.
To those who are so critical of Musk I ask, what is your prediction about how the company will be doing in 6 months or a year? And give us some specific reasons, not just some vague claims about Musk's mental state.
I think TSLA is a great company that makes great products, but I also think their stock price is over valued right now. It would be a miracle if they hit the 5k cars/week target (I hope they do).
You hit it on the head. It's either just not real, Musk is actually developing some issues, or people have learned to use bots (duh) to persuade public opinion (where have we heard this before??)
I think the real story here is what does a person do when they've accomplished so much, that the jealousy levels around them are so damn high?
I mean, I read this thread to gain some insight into what other technology/innovation people do when it comes to dealing with subterfuge and sabotage - and so far, there's nothing in this thread besides jealousy, vitriol and intolerance.
Its very telling when a technologically-inclined in-group starts to eat its heroes. We truly are cannibalistic, as a species, at heart.
Jealousy/envy, distrust, degradation: these seem to be far more powerful forces than sabotage and subterfuge. I wonder if there is any concerted effort to foment such? Sure seems like it.
Perhaps they should have better security measures?
If I understand correctly, Tesla cars can be updated OTA including critical functions, so someone who manages to insert a malicious software update might be able to kill everyone driving a Tesla at some moment, plus numerous bystanders.
It's enough money to make someone amplify global warming concerns in the media. Then, every news article about climate change - and even very hot days - become an advertisement for the product.
I'm sorry but Musk's email is ridiculous and unprofessional, and the defenses here are extremely concerning.
By ArsTechnica's count this is the 5th fire in the plant. 5th. That's insane. Report after report is that things continue to not go well and the email sent out reeks of paranoia and combined with other comments made recently are quite clearly dishonest. They aren't failing at the details of ramping a manufacturing line...they are failing at the basics of running a factory. To use a restaurant analogy, he's presenting this like a giant conspiracy to throw salt in his special new desert, all the while their walkin freezer is at room temperature. It is a distraction.
Here is the full email as reported by CNBC:
>From: Elon Musk
>To: Everybody
>Subject: Some concerning news
>June 17, 2018
>11:57 p.m.
>I was dismayed to learn this weekend about a Tesla employee who had conducted quite extensive and damaging sabotage to our operations. This included making direct code changes to the Tesla Manufacturing Operating System under false usernames and exporting large amounts of highly sensitive Tesla data to unknown third parties.
>The full extent of his actions are not yet clear, but what he has admitted to so far is pretty bad. His stated motivation is that he wanted a promotion that he did not receive. In light of these actions, not promoting him was definitely the right move.
>However, there may be considerably more to this situation than meets the eye, so the investigation will continue in depth this week. We need to figure out if he was acting alone or with others at Tesla and if he was working with any outside organizations.
>As you know, there are a long list of organizations that want Tesla to die. These include Wall Street short-sellers, who have already lost billions of dollars and stand to lose a lot more. Then there are the oil & gas companies, the wealthiest industry in the world — they don't love the idea of Tesla advancing the progress of solar power & electric cars. Don't want to blow your mind, but rumor has it that those companies are sometimes not super nice. Then there are the multitude of big gas/diesel car company competitors. If they're willing to cheat so much about emissions, maybe they're willing to cheat in other ways?
>Most of the time, when there is theft of goods, leaking of confidential information, dereliction of duty or outright sabotage, the reason really is something simple like wanting to get back at someone within the company or at the company as a whole. Occasionally, it is much more serious.
>Please be extremely vigilant, particularly over the next few weeks as we ramp up the production rate to 5k/week. This is when outside forces have the strongest motivation to stop us.
>If you know of, see or suspect anything suspicious, please send a note to [email address removed for privacy] with as much info as possible. This can be done in your name, which will be kept confidential, or completely anonymously.
>Looking forward to having a great week with you as we charge up the super exciting ramp to 5000 Model 3 cars per week!
>Will follow this up with emails every few days describing the progress and challenges of the Model 3 ramp.
>Thanks for working so hard to make Tesla successful,
>Elon
It is one thing to report details or a broad explanation of the incident and request vigilance. It is another entirely to speculate about the source, especially to continue to place your company as the victim of conspiracies...ESPECIALLY when IN THE SAME EMAIL you make clear that the motive had nothing to do with any of those sources. He comes off as having a serious Martyr complex.
He said it was about promotion, why the speculation and the paranoia? The first 3 paragraphs are fine, they need ot be there. 4,5, and 6 look to me like planting excuses and leaking them through your employees. This email reads to me like it was written to leak. It was written to be PR sexy. I think it was written this way to get the 'sabotage' story press coverage.
This is a precursor to them missing 5k again. As others have reported they may not have the permitting necessary to even paint the number of cars they are targeting. They have 3 assembly lines trying to collectively produce 5k/cars a week, something other plants do with 1. Yesterday Musk talked about the short's eating their words because the stock price blipped...and now this. Shorts aren't in it for the short haul, look at Enron, look at the housing bubble. When a spaceX rocket blew up, he claimed sabotage. He made a PR show of 'moving into the Tesla factory' why? what is he going to do? Turn a wrench?
Taken individually none of these things are individually 'proof' he's losing it. Taken collectively, the preponderance of evidence is becoming increasingly damning. Occam's razor comes into play here. I've worked in big factories...I led lean task forces at two factories. All of these issues look to me like a lack of planning and an unawareness of how to execute on manufacturing mechanical things at scale. You can't rush a ramp, but you can speed it up. Getting management off the floor and getting them to empower engineers rather than manage engineers is a strong step towards it. Having the CEO living in the factory isn't anywhere in the Lean playbook that has let Toyota absolutely crush other companies in terms of manufacturing. And remember [edit: Toyota offered to help them do this and Musk burned that bridge].
Tesla's greatest enemy at this point is the cult of Elon Musk, and the cult's leader, Elon Musk.
> When a spaceX rocket blew up, he claimed sabotage.
That is false. All they said was that they were looking at all option, he mentioned sabotage as an offhand example of what they were investigating and he explicitly said in that very first comment that they had no evidence.
After that the press and twitter got hold of it and blew up story.
SpaceX insisted again there was no sabotage and announced that the problem was about COPV tanks.
It was absolutely the initial implication. Musk bent over backwards to downplay that possibility of sabotage at the very first news conference. He also tweeted that it was unlikely and publicly joked about it: https://twitter.com/elonmusk/status/783567161402888192
Why would it be a sure thing? A short isn't just a position that the company will underperform--it's a position that the company will underperform during the time period the trader can maintain the short.
Elon Musk has built up a really uncomfortable cult of personality in my opinion and I think it results in an incredibly horrendous environment to work in.
The way he's been behaving over the past few weeks (incl. his since-deleted reference to a cult site) does not exactly help his credibility when he's making broad claims like this. He's been blaming everyone else but himself for every single little mistake and I can't imagine him lasting very long like that if not for the cult surrounding him propping up his ego.
> He's been blaming everyone else but himself for every single little mistake
Really? I guess you glossed over him personally accepting responsibility for pushing Model X's falcon wing doors even though it was a mistake; and personally accepting responsibility for automating too much of the Model 3's assembly line which has caused massive delays.
And those are just the two examples that spring to mind of him apologizing personally and acknowledging the weaknesses of his personality, multiple times, in public.
Where was that personal responsibility when he started slinging mud at the media for reporting on the issues his company has been very publicly going through? Or when he started insulting people in the Tesla earnings call? Or during the fatal autopilot crash?
Or him linking to, again, a literal cult website and calling it good journalism.
I don't share your absolutism, but you're absolutely right that at least lately, Musk has been sending a lot of signals that he's becoming unhinged.
I wonder if, in trying to compete with people like Bezos, including by trying to become more macho, that he has overdosed on testosterone lately.
He used to be circumspect in his public comments. Now he seems to be increasingly paranoid and grandiose in his thinking, and bitter towards the "fake news" media that made him a celebrity in the first place.
And his proposals and estimates are likewise getting more detached from reality. He claimed rockets could be a good form of intercontinental travel, and his video showed a rocket outside a city with passengers boarding.
We can't put rocket ships outside of cities. His proposed BFR system would have about as much explosive potential as a Hiroshima nuke, and there'd be constant sonic booms and extremely loud engine blasts. One mix up, and you could incinerate Manhattan.
I do like his present goals of electric cars, reusable launch vehicles, solar power, and cheaper tunnels. But maybe take a chill pill. Ease up on the steroids or whatever.
If you think Musk has a cult, why do the media get a free pass? There's nothing honourable about the media that means they aren't susceptible to the same impulses that the Musk cult manifest.
Or, is the media some sort of holy institution that can do no wrong?
Of course none of this ever happened. Musk has repeatedly accepted responsibility for many of the problems at Tesla around excessive automation. But try to understand the sort of psychology at work when somebody projects a fantasy onto a figure like Musk. In this thread alone we have people attributing quotes to Musk that he never said ("unfair", "witch hunt") and others insisting Musk is paranoid in response to finding an actual saboteur. Frankly, Musk isn't a real person to these people, he's a puppet trapped in some made up morality play.
True that. Plus, there is a great deal of jealousy involved in Musk criticism these days. He has pushed things far further than a lot of anyone in this particular crowd ever will, and there is no indication that the Musk event horizon has any end.
So yeah, this particular crowd here on HN has the potential to let jealousy override rationality, and the more banal human emotions come to play instead.
Personally, I think Elon Musk is an exceptional human being, who has somehow not let himself be limited in his actions by jealousy, hatred, intolerance, and so on. This is bound to make a lot of people upset - after all, humans have a long and sordid history with cutting down the taller poppies.
I suspect that if we were living and had easy access to information about any number of people from the past that had a large influence on history, we would find the opinion of the time much less one sides than it becomes after they are gone and their legacy (whether good or bad) has been largely decided by the culture.
There's a whole literature category devoted to taking the caricatures of historical people and expanding them into much more complex and realistic depictions of the people in question. Frankly I think it's amazing that so many people can't imagine a complex person with competing goals and motivations when considering public personas, when this is true of literally everyone alive.
I totally agree with you. There is an occlusion of the collective will in all of these arguments.
Its like, a surefire way to win any argument is to invoke the collective against an individual, since the collective whole is greater than the individual unit.
But, there's also the fact that the collective holds itself back willingly and utterly, whereas individual desire seems to be unlimited in our species. I guess the mores of one over the other, drive the cycle forward, endlessly.
Personally, I'm very glad that people such as Elon Musk exist, and on a more basic level, I hope to see Musk succeed in all of his endeavours. The collective sure isn't doing much of any interest, in the meantime...
Musk has every incentive to play up this incident, as long as it's concluded. A single bad event in the past can now be used to explain any number of problems. I trust him enough to believe there's a kernel of truth here, but the degree to which the sabotage actually affected operations is going to be presented in the greatest possible light.
I can't really put my finger on why, but this looks like a quite stupid move. Usually in such situations this person gets fired and sued and then the top management tries to put silence over that topic. An email to the whole staff is the opposite of that and makes me wonder if Elon tries to cover some own missteps. Any hints in that direction?
This doesn't make sense. If there is/was a saboteur then you would expect Musk to stay quiet until after a criminal investigation. Especially if there are alleged co-conspirators. Electric cars are a given now. The tech is proven. The AI autopilot is still open but that's a NTSB issue.
Even if it's true I doubt the wisdom of publicizing it. It could derail any internal investigation, not to mention potentially looking like bullshit excuse-making.
Industrial espionage is real. I've heard plenty of stories. Usually it's handled very quietly and internally for exactly these reasons.
The paranoid minds here are too much. Consider the likelihoods of each explanation. Elon Musk didn’t get to where he is now by orchestrating bizarre excuses.
I can't stand it, I know you planned it
I'mma set it straight, this Watergate
I can't stand rockin' when I'm in here
'Cause your crystal ball ain't so crystal clear
So while you sit back and wonder why
I got this fuckin' thorn in my side
Oh my god, it's a mirage
I'm tellin' y'all, it's sabotage
So, so, so, so listen up, 'cause you can't say nothin'
You'll shut me down with a push of your button
But, yo, I'm out and I'm gone
I'll tell you now, I keep it on and on
'Cause what you see, you might not get
And we can bet, so don't you get souped yet
Scheming on a thing, that's a mirage
I'm trying to tell you now, it's sabotage
Why
Our backs are now against the wall
Listen all y'all, it's a sabotage
Listen all y'all, it's a sabotage
Listen all y'all, it's a sabotage
Listen all y'all, it's a sabotage
I can't stand it, I know you planned it
I'mma set it straight, this Watergate
But I can't stand rockin' when I'm in this place
Because I feel disgrace because you're all in my face
But make no mistakes and switch up my channel
I'm Buddy Rich when I fly off the handle
What could it be, it's a mirage
You're scheming on a thing, that's sabotage
Thanks for working so hard to make Tesla successful,
Elon
At the risk of sounding like a conspiracy theorist, perhaps a short-seller paid an employee to sabotage. It is not out of the realm of possibility, especially since $TSLA is at a whopping 33% float short.
According to the email from the article, the person has admitted to it and claimed it was due to promotional reasons.
"The full extent of his actions are not yet clear, but what he has admitted to so far is pretty bad. His stated motivation is that he wanted a promotion that he did not receive. In light of these actions, not promoting him was definitely the right move."
> In light of these actions, not promoting him was definitely the right move
that's pretty short sighted cheesy hollywood movie reply.
you can just get from this dismissing statement how much they care about their employees. a better reply would've been "we'll launch a review to see how it got to this point / what made this person behave this way".
Why is it the company’s responsibility to rehabilitate someone over probably-criminal action? I agree that promoting someone unstable enough to commit sabotaging changes to a company would be the wrong move. It’s not like he is forcing anyone to work there.
I’m not saying he should be promoted now or before. I’m saying company culture is to blame for this or at least should be the first thing to review instead of blaming the employee immediately. what if the next person that doesn’t get promoted suicides?
You're conflating two issues here. The company is not responsible for the decisions of its employees relating to promotions. It is the employee that chooses to do something irrational for whatever reason. I agree that a company should reflect on any given incident to determine whether there internal factors that may have contributed to its outcome, however ensuring the personal lives of employees are in tip-top shape is not something a company should ever be responsible for.
Nobody is entitled to a promotion. One is promoted based on merit. And the promotee is not the judge of merit. If someone commits suicide because they didn't get a promotion then I'd argue that person is likely to unstable to be working.
everybody has a breaking point. some lower than others. if they don’t review the culture how would they know if it’s just this person or many more close to the breaking point? not getting promotion might be just one contributing factor. overwork could be another. harassment, discrimination others. they picked one that is convenient
There are fewer promotions than people who want promotions at virtually every company. The vast majority of people don't behave criminally out of spite when they are passed over. At what point does personal responsibility play a role in a person's actions? I'm genuinely curious. If the culture is the first thing that should be reviewed, that seems to imply that it is more to blame than the individual.
I would say that would be an HR responsibility more than a CEO’s responsibility. It’s hard to judge Tesla’s HR philosophy based on a passing comment by Musk.
>"This included making direct code changes to the Tesla Manufacturing Operating System under false usernames and exporting large amounts of highly sensitive Tesla data to unknown third parties."
What in here indicates ex-CIA operative to you? Theres no need to add any conspiracy around it. Adding a commit with a different username is incredibly trivial to anyone who can run commit with the command line, i.e. 99% of software engineers. As for exporting data to unknown third parties, I have seen interns do this by accident. Its not complicated or needs rare skills to do a lot of damage internally.
If Tesla runs fast and loose with ideas like their PR pieces suggest, I doubt their security is incredibly top notch in terms of locking down internal threats either
What matters is motivation. A person who is trained in sabotage, is used to doing it, and is being well-paid to do it is a lot more likely to so behave than a regular person who knows they will likely go to jail if they get caught. And there are lots of actors out there who have both the funds and motivation to hire such a person.
Not that anyone cares or asked what I think but I wouldn't be surprised if Elon ends up surpassing Crazie Eddie Antar [0] as far as fraud goes. (I have no idea whether he is a fraud. He just strikes me as likely a fraud.)
I see a lot of resentment and "hate" on HN about Elon and quite honestly I don't understand where it is coming from. Where are the facts that Elon/Tesla is one gigantic fraud? Where is the scientific proof?
For me, personally, I strongly dislike the Hyperloop and Loop proposals. I can provide lots of details about why these systems suck as public transit options (and I've done so in the past several times), but there has tended to be an annoying cohort that rejects any and all criticism, no matter how reasoned it is. While I don't particularly pay attention to Tesla and Space X, I've noticed that there is similarly a very vocal cohort that responds to criticism by attacking detractors as shills for short sellers/Big Oil/Big Auto/Big Space, which certainly fuels schadenfreude for me and make me want to root against Tesla just to see that vocal cohort shut up.
It should also be pointed out that there was recently a very public revelation about a Silicon Valley startup that made big noise about disrupting a stagnant industry whose technology was accused as being impossible which turned out to be a massive fraud. Tesla is a company which has certainly failed to meet many of its projected milestones, and whose public stature is partially based on a major technology which has failed to deliver so far (Autopilot). Undoubtedly, many people are liable to find the comparison too similar for comfort.
Personally speaking I’ve been a fan of Musk’s endeavors simply because they tend to actually move where other options creep along painstakingly slowly, get stalled, or are canned entirely.
Focusing on the loop stuff specifically, even if it’s not the optimal transport solution it’s better than the alternative “better” solution that will be in a state of decay by the time it’s finished or never see the light of day at all. Musk doesn’t let the perfect be the enemy of the good and I think that’s important in an age where it’s more normal for major infrastructure projects to collapse on themselves or otherwise get gummed up indefinitely than it is for them to succeed.
I don’t endorse his behavior on Twitter lately but I do feel that the efforts of his companies have merit.
I'm not at all interested in the Musk cult factor, but I think that all the critics are far too easily blinded by their own position and fail to see the incredible results that have already been attained, in spite of incredible odds against.
Musk may tweak peoples jealousy buttons - and I truly think that jealousy of him personally is behind a lot of the criticism - but on the other hand, there is so much progress behind him that its almost ridiculous to hear the critics pulling hard on whatever loose strings they can find.
I mean, the criticism may be warranted - but I think a great deal of respect and honest attribution is warranted, too. The statistics as to what has been accomplished as a result of Musks' crazy ideals demonstrate that, sometimes it seems, to push the human species forward you have to be a little crazy, outside the norms of the collective. ITT, people who haven't yet recognised this fact ..
> Undoubtedly, many people are liable to find the comparison too similar for comfort.
That seems a very strained comparison. Theranos lied about how their core technology worked. Tesla has already designed, manufactured and shipped multiple models of cars, and we're really discussing whether they can hit quarterly shipping goals, not whether they can delivery a specific product. This is just a matter of scale (and thus to some degree price), not a matter of whether their product is vaporware.
Autopilot is the closest to being somewhat related to the Theranos debacle, but it's not the most compelling portion of Tesla by far (as evidenced by how popular they were before it was released). That said, it also is actually released, and it's just a matter of how well it functions, not whether it functions. It's not like Tesla hired a bunch of people to remotely control cars as drones when autopilot is used and then represented that as some form of self-driving.
There are valid criticisms to be leveled at Tesla and Musk, but likening it to Theranos, whose CEO is now facing criminal charges, is not one of them (at least yet), so I hope there aren't too many people doing so.
The media's opinion of Elon has turned sour lately due to his criticism of bloggers and tabloid articles (ie Daily Beast). That is starting to shape the minds of those who follow the media very closely.
Just because the media has turned doesn't mean his criticism of them is invalid or incorrect. Negatively in news is at absurd levels... Peddling outrage sells.
Let me guess, if you had a BMW with similar interior, and similar production quality, you won't be a fan of it?
Tesla fandom is based on futurism. Take regular driver assistance, call it autonomous self driving driverless cars and make a cult of personality around Elon musk. If BMW sold substandard cars at a higher price than comparative cars, and had fanboys buying it, and yet be rewarded by the stock market for making losses, BMW would be making Model S/X all year long.
Certainly older than Tesla. Or Apple, for that matter.
By the way, any feature phone is much better than iPhone as... a phone, you know, to call people and stuff. Even as smartphones Apple products aren't unicorn magic. Neither are Teslas. Riding in one, they can barely compete with a mid-range Hyundai.
By that logic, McDonald's burgers are so magic, Jobs would have dropped his reality distortion field and ran home crying. And Osteria Franciscana must be selling complete crap because they will never achieve sales not only of McD but even of White Castle!
For which ones? Like smartphones I can install any software I want on, or cars that do not actively try to kill me? Or we could just settle on a car that has build standard slightly higher than a used Yugo (although Tesla might need to stretch quite a bit to rise to Yugo quality level)?
What are the chances of this being FUD pushed by Musk to cover up for failing to meet expected deliveries and/or possibly other obstacles Tesla's been hitting recently?
I had heard from a third party vendor on the site that Profibus issues (for communication to drives) was one of the major issues at site. I wonder if that was accurate or still true if so.
Profibus is a generic protocol for sensors and machines talking to each other (analog to JSON for web resources) so that essentially means they had problems with systems integration, e.g. getting machines integrated into the production lines.
Pretty surprising actually, I thought their problems were beyond that hurdle (e.g. the automation already works but has reliability problems).
Thanks for posting that. Great article. I was blown away at the open access Ford grants to visitors and media at its most advanced production facility. ("Most advanced" is my assumption given that this plant produces Ford's highest margin vehicles.)
I don't want to be the conspiracy guy, but if I read the email the opposite way, I found out that the message is the sabotage first (yes), but the second point about ramping up the production to 5k is the second subject. I'm asking the question if this email could be a stunt to inform the investors their production state, to inform about the delays, etc. ? Simply wondering.
I very often notice how Musk will write or tweet in an ambiguous enough way that most people will read different messages out of him.
My own speculation is that he does this intentionally not to lie, but to catch people out with "gotchas". It's a hedge against both failure and success.
I caution against over-interpreting anything he says until the details are made very specific.
An aside for example, one time I told a customer "I'll see what I can do" - what they heard though was closer to "ok I'll sort it out for you", and weren't too pleased when later on we weren't able to resolve it in time for them.
Isn't this the plot in one of the episodes of Billions? If you are short a stock and a billion dollars is on the line, there are people you can pay who will "ensure" that a company fails and you win your B+ bet.
"His stated motivation is that he wanted a promotion that he did not receive. In light of these actions, not promoting him was definitely the right move."
Yeah right, first employee sabotages them and another employee shares email from Elon to public. And choose CNBC. Someone needs to lower the stock price.
We need to figure out if he was acting alone or with others at Tesla and if he was working with any outside organizations.
As you know, there are a long list of organizations that want Tesla to die. These include Wall Street short-sellers, who have already lost billions of dollars and stand to lose a lot more. Then there are the oil & gas companies, the wealthiest industry in the world — they don't love the idea of Tesla advancing the progress of solar power & electric cars. Don't want to blow your mind, but rumor has it that those companies are sometimes not super nice. Then there are the multitude of big gas/diesel car company competitors. If they're willing to cheat so much about emissions, maybe they're willing to cheat in other ways?
Wow, the level of paranoia he's going into is impressive.
And amazing how close his speech is moving (in form) to Trump's: it is all about "rumors", "alleged", "witch hunt", "unfair"...
It doesn't strike me as paranoia. Thinking that industrial espionage doesn't happen seems naive.
What they have is an admitted saboteur and code that exports data to third parties. It quacks like a duck. A disgruntled employee succumbed to or sought out people who wished to do harm to Tesla.
There's plenty of evidence of similar things happening. (edit to fix words)
If you work in the defense industry you get things like this drilled into you as regular required training. It's not paranoia, it happens regularly.
He's a bit odd in how he addresses the problem, and calling out potential threats was perhaps an unusual choice, but not unwarranted.
American companies have overthrown governments to benefit their business, stealing secrets and sabotaging a competitor isn't exactly out of the ordinary.
I'm not trying to be mean here, but: you never wondered why so many people in Iran hated the US enough to call it the "Great Satan"? I know we've had a generation or so of leaders over here who just prattle on about "they hate us for our freedom", but I'm kind of boggled by the idea that people don't get curious and wonder what really set off the level of virulent hatred of the US (and European powers) that existed and still exists in various parts of the world.
So much of the turmoil and violence around the world today is fallout from meddling by western powers over the last couple centuries. Want to understand the modern middle east? Got to dig into the US overthrow of Iran's government, the background of the British rise to prominence (WWI and the Sykes-Picot agreement), etc. Want to understand trouble in just about any part of Africa? Dig back to what the European colonizers did to the place, and hoo boy wait till you learn the truth about Belgium.
You really cannot even begin to pretend to have a hint of a grasp on modern world politics and conflicts without understanding this stuff.
You can also have a look at Hypernormalization, a documentary by Adam Curtis where he draws the origin of suicidal terrorism to the meddlings of Kissinger in Assad’s (senior) Syria.
You could really write a couple doctoral theses just doing a review of the stuff necessary to understand contemporary middle-eastern conflicts and politics. I tried to pick a couple things as examples rather than write those theses :)
True. I only mentioned it because of it's significance in relation to the long running war over oil in the Middle East. The ME has however held importance as a trading route since the beginnings of what became the silk road.
I may be betraying ignorance (I always love to learn—thanks!), but before today, I assumed that had to do with the US being Israel’s closest ally, since Iran from the beginning has hated Israel for what I assumed were religious reasons, and the fact that a non-Islamic country has (parts of) Jerusalem after over 1000 years of wars over who gets to have it (many of which were at least partly religiously motivated — or at least that’s how it was spun to gain support).
That and an impression that Iran “wants to do bad things” (like human rights violations and irresponsible ownership of nuclear weapons), and doesn’t like world powers keeping those plans at bay.
You can Google around for articles on what places like Iran and Afghanistan used to look like. They're instructive. Then read up on the history of those countries, and how things went wrong.
It's also instructive to pay attention to the names. Some of them are going to jump out at you, and at least a couple times you're going to think "wait, isn't he the bad guy" when, once upon a time, some recognizable name was "on our side" (but really was on his own side all along, and willing to play at doing a major power's bidding in order to get funded/armed/maintained in power/etc.).
And some of the names of the foreign-policy wonks are going to get eerily repetitive, and you'll wonder how these guys managed to stay cozy with administration after administration despite their track record of literally leaving desolation around the world. Worse: you're going to read their bios and find out some of them are still in positions of power and being taken seriously today.
There also issues of regime change which a nice way of putting a list of unsavory tactics and how regions of the middle east used to be quite progressive and modern before these tactics over the years had taken their toll on the region.
Read a good article, or even Wikipedia, on Leopold II of Belgium, his "Congo Free State", and the aftermath.
Leopold's Congo was so horrifying that when he gave up personally ruling it and let it be turned into "just" an ordinary colony where the colonizing government and its companies worked hand-in-glove to ruthlessly exploit the place at the expense of the locals... that was actually better than it had been under Leopold's direct rule. Under personal rule by Leopold, estimates of the death toll in the Congo range at least into the millions and possibly over ten million.
There is an astounding level of ignorance about Western meddling in foreign countries among Westerners; for instance, I don't think many Americans know of CIA-backed coups in socialist-leaning countries.
An interesting case is the US driving Colombia out of Panama when the Colombian senate refused to approve the Panama Canal. The war is considered to have been engineered by the New Panama Canal Company including Bunau-Varilla and William Nelson Cromwell.
It is precisely because we cannot trust the US government, that those of us still living outside of the purview of the 5-eyes nations are utterly unwilling to put up with the heinous powers granted the NSA, which services its 'customers' with near-impunity and utter lack of civil oversight. If you thought UFC is bad (it was) and if it is the only example you know, consider what the NSA is currently capable of doing, with regards to corporate espionage, and who it works for ...
If you read Noam Chomsky's "Who rules the world?", you will find plenty of examples of the USA overthrowing a government to bring "peace and prosperity". It's pretty common actually.
It’s so upsetting to me that there’s a clothing store with that name. It seems like it’s mocking the people whose countries have been overthrown for someone’s profit. This from a store that sells clothes made by people who could never afford them.
Much of U.S. Mideast activity is aimed at securing the oil supply. There is another, very serious reason for those actions (I'm not saying it justifies them): Securing the world's energy supply, without which the world economy would stumble and fall. But the activities also benefit U.S. oil companies, and who can say what is necessary for which purpose. Also note that a former oil company CEO was U.S. Secretary of State until recently.
The first example that comes to mind is the influence of United Fruit in Central and South American military policy in the last century. See https://en.m.wikipedia.org/wiki/Banana_Wars for instance.
There's a $10+ billion short position against TSLA, constituting over 25% of outstanding shares. Anyone working at Tesla should be paranoid. Remember Enron? People invested deeply in something do criminally reprehensible things.
Much more importantly, Musk made very concrete allegations, the truth of which should come to light in short order. I remember the insinuation SpaceX made during the 2016 incident, which was much more circumspect. If this allegation proves false I don't think people will be as forgetful about the attempt at blame shifting.
Your Enron example is worthwhile for the opposite reason you intended: there was a massive short position against Enron too, and corporate management accused the shorts of all manner of conspiracy, and the shorts were right.
"People invested deeply in something" describes the management of fraudulent companies far more than it does short sellers. There's a quote from David Einhorn's book (that I think he attributes to Warren Buffet) that is something to the effect of: "When you're short a fraudulent company, you'll be surprised at the ends they'll go to defend themselves. Because to you this is 5% or whatever of your portfolio, but to them it is everything."
"Her questions were so pointed that Enron's chief executive, Jeffrey K. Skilling, called her unethical for failing to do more research. Three Enron executives flew to New York in an unsuccessful effort to convince her editors that she was wrongheaded. Enron's chairman, Kenneth L. Lay, called Fortune's managing editor, Rik Kirkland, to complain that Fortune was relying on a source who stood to profit if the share price fell."
The thing about the sniper was addressing paranoia and reassuring staff that every suggestion is being taken seriously, and besides following a lead that is easy to dismiss means you get an early cheap win: a great way to relieve stress.
It's educated guessing, from analysts, according to what I've seen.[1] That said, it's not just a large short position, it's the largest (recently surpassing Apple shorts). Given that Apple's market cap is 15 times that of Tesla, that's quite a lot.
Nothing paranoid about this. Data exfiltration and corporate sabatoge is very real. There are entire departments at large companies dedicated to protecting against things like this.
So many industries that were threatened or upended went though similar exercises. Tobacco being one of the best examples. We also went through a huge mid-century renaissance in public transit that was abruptly put to an end due largely to gas and car companies. Trains got replaced by buses because tire and oil companies felt threatened. Remember the EV1?
I wouldn't suggest this to be paranoia. It's simply reality. Wall Street profits from the stock cratering right now. Its not unfathomable that some hedge fund would go to extreme lengths to embed a mole into the Tesla team to cause sabotage.
There's a (mediocre) documentary on Netflix about Bill Ackman's famous Herbalife short. In there they detail the hundreds of $1000 spent just defending his short position through hiring former Herbalife people, funding legal campaigns, funding support groups. If you're short to the tune of a few $100 million - a few $100k is pocket change for these guys.
> the hundreds of $1000 spent just defending his short position through hiring former Herbalife people, funding legal campaigns, funding support groups
You are describing entirely legal actions. Sabotage and (this form of) industrial espionage are very much illegal. There's quite a difference there.
> a few $100k is pocket change for these guys
But a few billion dollars of market cap and a few years of jail time are the price of being found guilty of what Musk is insinuating.
But a few billion dollars of market cap and a few years of jail time are the price of being found guilty of what Musk is insinuating.
If I stood to lose $100M, I wouldn't do the dirty work myself, I'd hire someone else to do it for whom taking that risk for $100K (or whatever) is worth the risk - that could be several years (tax-free) pay for some people.
I'd use several levels of anonymization or maybe redirection to try to keep my identity hidden (and I doubt I'd be successful, but it takes a certain level of arrogance to hire someone to sabotage a company because you bet against it and might be losing)
I expect that's how most industrial espionage happens; some company employs the services of some third party research firm to investigate a competitor's product and doesn't explicitly ask for anything illegal. Maybe that third party hires other contractors, and so on. The actionable information bubbles up through the chain, and the original company that funded the "research" has no idea where it came from. They might not even have had any intention of causing a crime to be committed, but ignorance is bliss.
It would be a lot harder to plausibly deny paying some third party for explicit sabotage; as far as I know, companies don't normally pay third parties to cause harm to a competitor for legitimate business reasons.
Jail time? The SEC will just do the “this individual/corporation is important to the economy” thing and fine them some pocket change. The downside is far more limited than you might hope.
No, because corporate sabotage is outside of their remit. They would only look at it within the realms of market manipulation and insider trading, for which the punishment is a) usually light and b) usually deflected onto a fall guy.
In terms of the actual espionage end of things, it’s covered by EEA 1996 - and the prosecutions there have always gone for the hand, not the head, and the fines have been in the thousands, not millions, of dollars range.
You started by questioning jail time, then brought in the SEC. Now you're stating the SEC doesn't deal with industrial sabotage and talking about fines, which no one else mentioned.
As for actual jail time, here [1] is a single engineer in California (same jurisdiction as Tesla, presumably) that was sentenced to 15 years. Also, $28 million in fines, which is what he earned for his espionage. Another engineer got 2.5 years for the same incident [2]. And this was the very first instance of people being convicted under the Economic Espionage Act you mentioned. Further reading: [3].
There's a great big world out there. Just because you work in hedge funds doesn't mean you've seen everything.
Had a friend high up in Bear Stearns tech department, all the way until the end, that had the exact opposite experience of you. His experience evokes an ethos of "get ahead at all costs".
No doubt there are more Billions-esque shady practices out there in the wild than you know.
Fifteen years ago Echelon, NSA's email surveillance program, was considered a wild conspiracy on par with chemtrails. I think this kind of 'paranoia' is absolutely justified in today's world.
No, the logic is that just calling something a conspiracy theory doesn't make it any less true. The term "conspiracy theory" has been socially engineered to automatically produce an 'ok, no need to think about it any more then' reaction, which is precisely the opposite of what needs to be done, in many cases, when enough evidence is gathered to the point that such theories are being formulated... especially when it involves known-nefarious actors and agents, such as the US government, top-secret military-industrial-complex inner societies, and so on.. too often, the general public is dissuaded by critical thought with a mere phrase or two. "Conspiracy theory" is one of those phrases that has been intentionally propagated in modern society to shut down attention.
The CIA coined the term conspiracy theory (and the media used it) to discredit people who didn't believe the governments version of the Kennedy Assassination.
He's pointing that calling someone a conspiracy theorist is an example of an ad hominem attack. Which it is and was and always will be. Calling someone a conspiracy theorist is talking about a person, not the ideas they are expressing.
According to Paul Graham in his article How to Disagree an ad hominem attack is the second weakest form of disagreement, only a little better than calling someone mean names.
However, in the case of calling someone a conspiracy theorist, I would argue that it actually is an example of name calling as well. It is a negatively charged word. Name calling, according to Paul Graham, is the weakest form of disagreement.
From a logical fundamentals perspective, calling someone a conspiracy theorist has never held water. It can't hold water, unless talking about the character of a person, because it tries to attack the character of a person, rather than refuting their ideas.
Wikipedia, citing conspiracy theory as an example of ad hominem:
It is an error of logic to support that the fact that an ad hominem attack doesn't hold weight means that a thing is right or wrong. The entire point of understanding fallacy is to realize that there is a disconnection between ground truth and any claims reached via their use.
In this particular case, people are talking about Elon being a conspiracy theorist, because he suspects there might be outside actors involved on the basis of known data exportation, known sabotage, and profit motives. These are examples of things tied directly to the question of whether Tesla is experiencing corporate espionage.
Not exactly. Calling someone a "conspiracy theorist" can certainly be an ad hominem attack akin to calling someone a "wacko", but it can also be shorthand for "your argument is structured like a conspiracy theory", and conspiracy theories tend to be logically unsound because they are unfalsifiable. (Broadly speaking, the conspiracy theorist can always explain away evidence contrary to their claims by suggesting that it, too, is part of the conspiracy.)
9/11 truthers, birthers, JFK assassination theorists, Illuminati/Satanist/New World Order types, pizzagaters, ZOG-believing antisemites, flat earthers, hollow earthers, etc. all have common rhetorical tactics and modes of argumentation that are distinctly "conspiracy theorist".
Good point, though I'm really just trying to get across that 'since some conspiracy theories have turned out to be true, all conspiracy theories are likely true' is not a good summation of the motivations which produced rplst8 statement. When I apply the principle of charity to what rplst8 said, I'm forced to ascribe to him beliefs which maximize the correctness of his views. In doing so, I have to take the position that he is referring to conspiracy theorist as applied as a label to a person, rather than used as shorthand to discuss the structure of someone's argument. This is especially a truth maximizing necessity, because the conversation he is replying to is discussing cases where conspiracy theories turned out to be true; not just unfalsifiable rhetoric.
I think what they meant was that the label "conspiracy theory" is often used to discredit the truth, At this stage we have so many examples of conspiracy theories turning out to be straight up conspiracies that you would be unwise to not look further for yourself when you hear someone roll-out the conspiracy theory label.
I disagree with "often," "so many," and the general idea that anything more than a small percentage of things labeled conspiracy theories have ever turned out to be true.
Conspiracy theories tend to be unfalsifiable claims without counter-explanations, while later-revealed conspiracies have tended to unravel based on credible counter-explanations from the beginning. Yes, the US government imported drugs into inner cities, just as the San Jose Mercury News spelled out, and it's a tragedy that the government then hounded that journalist to suicide before finally admitting it was all true.
In the meantime, hundreds or thousands of claims have been made that have no basis in reality, nothing other than "the world ought to make more sense than it does."
Our planet isn't flat because the US government tested drugs on poor black people without telling them. The latter was consistent with known facts all along, while the former is the result of Dunning-Kruger nonsense.
That oil companies and auto manufacturers are sabotaging Tesla, while competing rocket companies sabotaged SpaceX, is not impossible. It is, however, far less likely than that production is difficult, and that employees treated as Tesla employees are reported to be treated sometimes become disgruntled. So I won't be surprised if there does turn out to be evidence worth charging somebody with, but I think reason suggests that it's less likely than Musk is claiming.
Flat earth is not exactly what i had in mind when i made my comment. Let's be real here, there is an incredible amount of nefarious bullshit happening in business and politics all the time. There always has been, which if you enjoy reading history you would know. I see no evidence that it is slowing down. If anything it is accelerating.
Added to that corporate espionage and disgruntled employees are not opposites. One provides opportunity for the other.
There's a big difference between crazy conspiracy theories, like the moon hoax and stuff like that, and actual conspiracies, which can still exist, whether anyone theorises about them or not.
For example, to me it's pretty clear that Putin is trying to destabilise the West. This is a theory about a conspiracy, but it's supported by plenty of evidence from multiple sources, and it makes sense, because Putin really hates NATO. But there's no credible evidence that the moon landing was a hoax, and the theory is insane, because the USSR would have had to be in on the hoax and help the US defeat them in the space race.
So what about Tesla? Are there people and organisations that have reason to feel threatened by Tesla? Is there evidence that they're trying to sabotage Tesla? And are these cases unconnected or is there actual coordination? (Otherwise it's still not a conspiracy.)
I hold to my own metaconspiracy theory - that there is a conspiracy to create and promote conspiracy theories. It's Russians and rogue libertarians who want us to fear and hate each other and our government. I mean have you seen all the slick, high production YouTube videos describing the most ridiculous paranoid nonsense? Who's paying for all that? But I have only indirect evidence so I am only metaworried about it.
> Wow, the level of paranoia he's going into is impressive.
Exactly. It is surprising people pointing out - "Well, so many shorts etc so it's plausible". This kind of reasoning misses the bigger point - we need our leaders, political and otherwise, to refrain from actively pumping out conspiracy theories. If there is proof of malicious behavior present it instead of rumor mongering.
But given Musk's(Tesla) constant need to shift blame - car crash, negative news (Pravado), deflecting questions on financial situation of Tesla and now this, it is not looking good for Tesla.
I hope that next time there is a problem Musk stops at "we are investigating if this is a sabotage" instead of fueling the "it's Wall Street shorts" conspiracy.
There are far more people aligned against him, so it's easy for him to feel defensive. I genuinely wouldn't be surprised if there was something bad going on with their finances, but I'd ALSO easily believe that there are actors very very actively working against him and Tesla. Google and Apple can grow without restraint because until they were massive they didn't affect anyone, Tesla from day 1 flew against the grain and is upsetting hundreds of thousands of jobs from corporations to unions. His company matters if it succeeds and anyone with common sense can easily imagine a mole.
> Google and Apple can grow without restraint because until they were massive they didn't affect anyone
Microsoft in particular lost an entire industry and way of doing business, partly (or maybe mostly) because of Apple and Google. It was only about 5 years ago that the “us vs them” mindset started to dissipate.
I don't think the comparison there is entirely apt. Microsoft was really killed off by the cycle rate of desktops radically decreasing as even decade old machines started to be good enough for everything except for extremely high performance usage like gaming, and mobile starting to advance enough to work as an alternative computing platform for many purposes. For direct competition in what was their bread and butter (desktop OS) - even Apple is still completely negligible.
Musk's competition against the automotive and space industry companies has been very direct, and his competition against the petrol industry has been at most with one degree of separation. And like others have said, there is a huge short position against Tesla that has cost people an immense amount of money, but also stands to make them an immense amount of money if Tesla tanks.
>we need our leaders, political and otherwise, to refrain from actively pumping out conspiracy theories.
This was the leader of a company asking his employees to look out for a very real possibility. Corporate espionage is very real,this is not a chem-trails rant.
> But given Musk's(Tesla) constant need to shift blame - car crash, negative news (Pravado), deflecting questions on financial situation of Tesla and now this, it is not looking good for Tesla.
I agree with much of what you are saying, but this line is really out of place. He needs to shift blame for car crashes? How many crashes do his cars have per 1,000 miles vs the others?
Deflecting questions on their financial situation? Which question from the shareholders meeting really went unanswered?
I agree that the handling of this incident is strange, but the rest of your narrative isn't as clear as the negative filter would have someone believe.
>Most of the time, when there is theft of goods, leaking of confidential information, dereliction of duty or outright sabotage, the reason really is something simple like wanting to get back at someone within the company or at the company as a whole. Occasionally, it is much more serious.
Literally the next paragraph. It would be irresponsible of him not to look into the possibility.
You've got to be kidding right? One could easily create a list of 1000s of instances of corruption and corporate warfare in the US. And in China it's worse by a couple orders of magnitude, and more visible.
Millions of people have been murdered over money let alone sabotaging a company.
Lets not call others paranoid when it's actually naivety of these problems that is the issue.
Just look at the history of Congo for a continuous stream of examples starting with the colonization up to the various “humanitarian” interventions by “peacekeeping” forces.
I guess we'll see how serious they are about these accusations if they sue the employee or file criminal charges; if the industrial espionage & sabotage accusations are true, it should be easy to make them stick - and having told the whole company about them, Musk now needs to take action or else forfeit credibility & deterrence (both for not being a liar, and for punishing theft/sabotage).
My read of the email gave me the impression that the person had essentially confessed to doing the deed. So "making the accusation stick" should not be an issue right?
The fact Musk still has any credibility at all given his penchant for making wild claims that inevitably fall flat is baffling to me. How many more spurious predictions and imaginary milestones does he need to pump out before people recognise him for the huckster monorail salesman that he is?
For a huckster he’s doing a damn good job of fake shipping fake cars to fake customers who fake drive them in fake public. Excellent scam, would invest again.
Don't be so disingenuous. Nobody is claiming the cars don't exist, the point is that Musk continuously makes insane, overreaching predictions that almost never come to pass, like the ludicrous "three months maybe, six months definitely" fully autonomous driving nonsense, or promises that Model 3 production will be on track for x units per month when the actual numbers are half that, and so on.
This is so typical of any discussion about Musk - anyone who dares point out that he often just makes things up is met with derision from True Believers who are unable to accept that he isn't the superhero his PR team make him out to be.
You claimed that Elon is a huckster monorail salesman, a direct reference to an episode of the Simpsons involving a con job to sell a non functional and dangerous product to a gawping crowd.
That’s pretty much claiming that Elon is selling dodgy products that aren’t fit for purpose, and running off to Tahiti with the money. Yet we have Teslas that are widely loved by their owners, with many owners buying a second one because the other car is perceived as a punishment after driving the Tesla.
Perhaps you would be met with less derision if you weren’t out to portray Elon as a real life Lyle Lanley. I know, it’s a pretty far fetched idea to suggest that you can look at Elon’s promises as coming from an enthusiastic leader inexperienced in a particular field: he’s confident that the goals will be achieved but is extremely optimistic about time. He promised the Model 3, it is here. He promised feature parity for AP2 and it’s pretty much there. He promised ramping production and that is coming.
No other manufacturer is producing electric vehicles in the same volume as Tesla, and no other manufacturer has ensured that the infrastructure is available to support common use cases for personal vehicles.
And here you are accusing Elon of being a con artist intent on siphoning money from gullible investors, then crying victim when you don’t receive the adoring praise you were expecting.
What have you accomplished with your life while Elon has been shooting rockets to Mars, solving South Australia’s electricity problems, and weaning the transport industry off oil?
You seem too easily persuaded that Elon Musk is a con man.
Have you taken into account the massive empire he has already built - if he were truly as nefarious as you seem to imply, its hardly likely that he would've been able to effectively build rockets that land themselves, cars that drive themselves, alternatives to the oil-addiction we're all suffering under, etc.
I mean, put some balance in your argument: What has Musk done right, in your opinion? Anything at all?
Buying, or investing in, existing companies and then using his marketing skills to convince other investors (and governments) to pour billions of dollars into them is hardly the same thing as "building rockets that land themselves" - you can thank the engineers and visionaries at SpaceX for that. And his cars absolutely do not drive themselves despite his constant reassurances that they'll be able to do so Real Soon Now™.
In fact, as an aside, I would argue that Tesla's marketing is disgustingly misleading - their website loudly proclaims that all Teslas are equipped with every piece of hardware necessary for fully autonomous self-driving, and in a much smaller, much quieter voice they subtly admit that none of their cars are capable of actually doing that yet.
You may handwave that away as marketing fluff, but if you asked the average person in the street whether Teslas can drive themselves, 90% of them would say yes, of course they can, when in reality they're merely on par with other makes and models that have had the exact same driver assist features for years.
It's misleading at best, and lethal at worst - lives have been lost because drivers blindly placed their faith in autonomous driving features that simply do not work as implied. Go ahead and chalk that up to the drivers not being attentive enough, of course they share the bulk of the blame for not being in control of the vehicle they're driving, but it's hardly a surprise that many Tesla drivers have been lulled into a false sense of security by Tesla's marketing.
But again, nobody is arguing that Musk is running a straight up scam or that the products don't exist, the criticism is that he is constantly making promises and predictions he can't fulfil, constantly making claims that sound impressive until you look beneath the veneer, and whenever he is challenged to back up his assertions he either messily dodges the question or launches into yet another Twitter rant, and all the while his fans eagerly accept whatever he says without any care for objective reality.
If life were only about making claims one can fulfil, it'd be entirely boring and hardly worth any effort at all.
This predilection towards 'maximum correctness, always' seems to me to be a thinly veiled attempt at justifying totalitarianism. You don't get to the moon by doing everything you can not to break things - you get to the moon by not minding if things break, if it means you can improve conditions in life. We wouldn't have gotten to the moon, maybe, if the Apollo 1 incident didn't occur - perhaps if it hand't been so serious, it would have hamstrung the program later on in history. But, we learned from the incident, redesigned things, and radically improved the state of the art at the time.
The same is true now, of Elons' efforts - certainly he has made many big leaps in terms of projected goals and plans, but - so? Have you, with as much visor as you profess, not noticed the many, many times that Musk&co. have learned from their big mistakes, fixed things, and radically improved things as a result? How many times do there have to be big booms on the pad to satisfy your lust for self-introspection?
Nobody ever gets anywhere by saying "you know what would be good - if we just did the mundane, boring, safe things ..."
With that kind of mentality, we'd all be running Windows.
"Objective reality" is a fallacy. Objectively, we should've just stayed up in the trees. Subjectively, I'm glad there are individuals out there to push our species above the fray, all the while ignoring the sanctity of the mob.
...what on earth are you talking about? How is any of that relevant to any of the points I've made? Did I at any point state or even imply anything even remotely approaching "maximum correctness, always"? Did I advocate for "mundane, boring, safe things"? Are you going to address the actual points I made regarding Tesla's misleading marketing and the literal, actual deaths that have resulted from it?
Why is it so difficult to hold any kind of honest discussion with Muskovites on the subject of his intentionally misleading claims and absurd pie-in-the-sky overreaches? What drives you to make excuses for a loudmouthed anti-worker billionaire who has so constantly and consistently failed to live up to his promises?
By arguing that Elon is lying when he is only mis-estimating timelines, you are directly advocating maximum correctness always. Elon suggests a timeline of 6 months for self driving, turns out it will be closer to 6 years but it will still be delivered. But as far as you are concerned this is hucksterism equivalent to selling people lethal monorail carriages.
The deaths that have occurred have been due to people misusing the product, and one of those occurred in exactly the same situation as other fatalities involving vehicles being operated by attentive humans, with clearly define causes that have not been addressed by the maintainer of the roads.
The reason it is hard for you to have honest discussion with “Muskovites” is that you are intentionally exaggerating every failure and distorting every fact you touch, and making every argument an ideological statement.
Any outrageous ambition I set for myself, fail and end up achieving 10x along the way is better than routinely setting mediocre goals and succeeding all the time, but achieving way less than the prior scenario.
'Failing upwards' has been a thing for a while now.
No. Especially no when you are manager or any kind of leader. It is either called lies or irrationality or delusion. I am sick of troubled messy projects that fail precisely because management cant admit to themselves that estimates should be higher.
Rational behavior is to reward those who make ambitious but realistic goals. Not those who get support on unrealistic lies.
Just because it feels good does not mean it is any less lie.
So? You couldn't have illustrated my point any better: Musk is a showman, he's great at drumming up PR but not so great at actually running a profitable business or hitting any of the milestones he constantly promises he'll hit.
I think the point is that he's the CEO of both companies, and some of his wild claims were about building, launching and recovering rockets. Are we supposed to ignore SpaceX and just look at Tesla when considering Musk? You may consider that being a showman, and it was, but it was also showing his ability to delivery on some of his promises of rocket reusability.
Anyone basing their opinion of Musk purely on his role and publicity from one of these companies when they are both so very public is the height of confirmation bias, in either direction.
This is the closest that I've ever felt the need to call someone an idiot on the internet. Both boosters' feeds were fed from the same booster, i.e. we were seeing the same image twice. That is _not_ fake.
The footage itself was real video from a real camera, but the announcers said the footage was something different than it actually was. The YouTube _recording_ of the livestream was also edited after the fact without any mention that it no longer reflected the originally broadcast. While technically not 100% fake, I think at the very least it would be fair to call that misleading. If this is the closest you've ever come to calling someone on the internet an idiot, I applaud you for your restraint.
Everyone these days is being overloaded with an amount of information -
they will never be trained to handle
that no previous generation has ever handled
What we are watching unfold across any and every issue, are symptoms of people breaking down due to that overload.
To handle this new over saturated info environment (which up until now has been sold to everyone as a good thing) one must look to professions that are trained specifically to handle such overload. And there are many.
I agree information overload is a huge problem these days. I'd be curious for a list of the professions you had in mind (perhaps you mean librarians http://disciplineoforganizing.org/ or professionals working in the "Seven Tribes" of Intelligence https://phibetaiota.net/about/ or like Doug Engelbart worked towards with Augment/CoDIAK/OHS http://www.dougengelbart.org/about/vision-highlights.html )? Maybe Musk does need to adopt better intelligence augmentation tools for the challenges he faces? But if so, he is not alone.
Here are my own 2010 suggestion for helping deal with information overload: https://web.archive.org/web/20130514103318/http://pcast.idea...
"This suggestion is about how civilians could benefit by have access to the sorts of "sensemaking" tools the intelligence community (as well as corporations) aspire to have, in order to design more joyful, secure, and healthy civilian communities (including through creating a more sustainable and resilient open manufacturing infrastructure for such communities). It outlines (including at a linked elaboration) why the intelligence community should consider funding the creation of such free and open source software (FOSS) "dual use" intelligence applications as a way to reduce global tensions through increased local prosperity, health, and with intrinsic mutual security."
Anyway, still plugging along on all that in some of my spare time.
Another aspect of the challenge is having a mind tuned for a scarcity of something like information being having difficulty coping with an abundance of it:
https://en.wikipedia.org/wiki/Supernormal_Stimuli
"Supernormal Stimuli: How Primal Urges Overran Their Evolutionary Purpose is a book by Deirdre Barrett published ... in 2010. Barrett is a psychologist on the faculty of Harvard Medical School. The book argues that human instincts for food, sex, and territorial protection evolved for life on the savannah 10,000 years ago, not for today's densely populated technological world. Our instincts have not had time to adapt to the rapid changes of modern life. The book takes its title from Nikolaas Tinbergen's concept in animal ethology of the supernormal stimulus, the phenomena by which insects, birds, and fish in his experiments could be lured by a dummy object which exaggerated one or more characteristic of the natural stimulus object such as giant brilliant blue plaster eggs which birds preferred to sit on in preference to their own. Barrett extends the concept to humans and outlines how supernormal stimuli are a driving force behind today’s most pressing problems, including modern warfare, obesity and other fitness problems, while also explaining the appeal of television, video games, and pornography as social outlets"
"The Acceleration of Addictiveness"
http://www.paulgraham.com/addiction.html
"Already someone trying to live well would seem eccentrically abstemious in most of the US. That phenomenon is only going to become more pronounced. You can probably take it as a rule of thumb from now on that if people don't think you're weird, you're living badly."
"The Pleasure Trap"
http://web.archive.org/web/20160418155513/http://www.drfuhrm...
"Tragically, most people are totally unaware that they are only a few weeks of discipline away from being able to comfortably maintain healthful dietary habits -- and to keep away from the products that can result in the destruction of their health."
https://en.wikipedia.org/wiki/Orienting_response
"In his 2007 book The Assault on Reason, Al Gore posited that watching television affects the orienting response, an effect similar to vicarious traumatization."
And how this overload is even harder on young children, as described by Victoria L. Dunckley, M.D.:
https://drdunckley.com/reset-your-childs-brain/
"Because electronic screen media is unnaturally intense in terms of sensory, cognitive, and psychological input–designed to keep the user engaged–it tends to overstimulate nervous system. The brain interprets all this stimulating input as a form of stress. ... Over time, these changes lead to chronic stress, resulting in blood flow shifting from the more developed part of the brain (frontal lobe) to the more primitive parts of the brain. Because the frontal lobe governs emotional regulation, attention, creativity, and social behavior, any of these areas can become impaired. Chronic stress also raises cortisol levels, which complicates frontal lobe functioning even further. High cortisol impairs the hippocampus (needed for memory), disturbs sleep, and eventually causes atrophy (shrinkage) of the brain. ..."
More and more we need a browser-like tool to protect us from the web and (anti-)social media. These would be tools that are designed to work within human limitations. They would help people deal with being sprayed in the face with a firehose of information designed by highly-paid specialists to trick us and exploit our basic reflexes for someone else's gain (e.g. filtering out or summarizing news tickers or videos with scene changes every few seconds that exploit the orienting response, or summarizing those clickbait headlines tuned to exploit our primal drives, and so on).
Something like uMatrix is just the beginning. It shows where browser vendor's loyalties are (even Mozilla's) that such tools do not come built in. Very recently there is the Brave browser with some ad blocking and also Google turned on a limited default adblocker within Chrome -- but those are small steps and don't address the bigger picture of information overload even when not looking at obvious ads.
People need a whole suite of related FOSS tools for dealing with the web, email, social media, and so on -- to help filter and organize it for ourselves according to our own priorities and respecting our human limitations.
I comment from my bias as a software toolmaker though. Alternatively, a high level of self-discipline and healthy routine can also help manage information overload. And the professionals you reference probably can supply some of that (e.g. Alan Lakein's 1973 classic on setting priorities "How to Get Control of Your Time and Your Life").
Hopefully the day will come where we don't have to become grad level psycologists to handle our new info environment. The professions I was thinking about were air traffic controllers, soldiers, pilots, cops etc whose training involves coping with constant high noise environments. We have lot of lessons to learn from them and their training systems.
I have a feeling psychologists("choice architects"), socialogist etc with software experience will soon start making an impact in dismantling some of the misguided pieces of the current architecture.
Thanks for the reply and the list of professions -- make sense.
Although at least for police, there are some issues of their typical training creating excessive false positives when interrogating suspects -- as discussed in a chapter of this book:
"Mistakes Were Made (But Not by Me): Why We Justify Foolish Beliefs, Bad Decisions, and Hurtful Acts -- 2007 -- by Carol Tavris and Elliot Aronson"
https://www.amazon.com/Mistakes-Were-Made-But-Not/dp/0151010...
Some more criticism of that is here:
https://quillette.com/2018/06/04/the-trouble-with-technocrac...
"For a consumer-run media to work, mass participation is necessary. This isn’t unfeasible with the internet being so widely available. However, the quality of that participation is also important. If just anyone—troublemaker or pure hearted—can rate the news and influence the opinions of other readers, the problem of fake news is only likely to be exacerbated. Truth is not defined through consensus. There is an abundance of examples of popular opinion being incorrect.
And personal biases will certainly decide how people rate what they read. Disagree with the conclusion of an article? Downvote. Didn’t read the whole article but were offended by a particular line? Downvote. Already hate Fox News? Downvote. A culture which decides truth by way of numbers is flawed. Not everyone, and perhaps no-one, is capable of setting aside their political prejudices to make an informed critical decision on a piece of political writing. Perhaps the more polarizing and obvious forms of fake media will be suppressed by Pravda, but at what cost? ...
Pravda assumes the role of government in the age of totalitarianism—control over the media. Those who administer the website will have to decide which ratings are worthwhile and which are useless. But who will these regulators be? ..."
It's a tough challenge. And one that will likely be solved by some mix of meshwork, hierarchy, and interfaces (see Manuela De Landa) as I mention here: https://news.ycombinator.com/item?id=17366004
Robert Steele, ex-CIA Analyst and champion of "Open Source Intelligence" also has a lot to say on the general issue across what he calls "the seven tribes of intelligence": https://phibetaiota.net/about/
"This site does NOT advocate political action or any specific policy, but rather seeks to empower the public with sources and methods of what has been called in modern times Open Source Intelligence (OSINT), so that our Collective Intelligence can be applied with structured ethical diligence to produce public wisdom in the public interest. This is the heart of what is called Reflexive Practice–Professional Thinking for a Turbulent World. Since the new book, THE OPEN SOURCE EVERYTHING MANIFESTO: Transparency, Truth, & Trust was published in 2012, we have morphed into being a proponent for Open Source Everything combined with True Cost Economics and Holistic Analytics. The PUBLIC is the political body–this site seeks to serve the public by nurturing public intelligence in the public interest. We intend to help the public to eliminate information asymmetries and data pathologies, and end the rule of secrecy. We support the Collective Intelligence of the public in such as way as to create a direct democracy, collaborative economics, and a prosperous world at peace."
i thought we already solved that; it's called journalism
just read the economist or NYT or whatever you like and stfu instead of thinking you're going to somehow to a better job gathering and exploring information than that
That's not paranoia, it's realism. Also this everyone is against us tactic is a very powerful management stick. Sir Alex Ferguson was a master of using it.
He's not wrong in saying some of the major interests that have held corporate power for some 100+ years would love to see Tesla die. It would be in character for a fearful power to strike at an upstart adversary.
He does sound on edge, but there's apparently been a major breach, so... probably appropriate.
> Most of the time, when there is theft of goods, leaking of confidential information, dereliction of duty or outright sabotage, the reason really is something simple like wanting to get back at someone within the company or at the company as a whole.
I find it ironic how you relate 'alleged' and 'rumors' to Trump, given that most of his criticism is in such a form. "Anonymous sources report", "allegedly Trump is involved in", "rumours at the White House are that", "Trump may have xyz".
He might sound Trumpish, he might be paranoid, but it does sound like he has something more concrete in terms of an actual event that triggered this email than typical Trumpism.
Everyone whose speech you don't like in 2018 is "literally" Trump, says the left and its proponents. What's your point, that his paranoia should be treated and he should hand his company over to the government? Either he is too careful in his speech or he is too paranoid - you can't have it both ways.
The left is pretty screwed up these days, but not as badly as the right.
This email from Musk isn't at all the same as what we hear from the Trump camp. Sure he's talking about a conspiracy, but it's pretty reasonable, unlike the Trump conspiracies.
I was thinking the same thing. Maybe these allegations will turn out to have some merit. On the other hand, Musk has been sounding a bit like Trump lately ... and I don't just say that because I'm not a fan of either. There's a similar "I'm here to blow up the corrupt order and everything bad that happens is because of them conspiring against me" narrative at play. For Trump it's the Deep State. For Musk it's Big Oil or the Big Three or the short sellers. (BTW it's amazing how quickly several people jumped in right here with eerily similar-sounding "there are $X billion in shorts against TSLA" responses.) If Musk did have some evidence of sabotage, hinting at it but not actually revealing it would be just about the worst thing he could do, and whatever else he is he's not that stupid. It just doesn't add up.
Oh, you mean all those responses to one top level comment, half of them quoting and/or disagreeing, vs. the "$10B in shorts" replies to every top-level comment? Totally the same thing. Both sides do it.
Yeah he’s getting desperate. He’s actually a lot like trump in that all of his personal wealth is financed by debt.
And his debt is backed by Tesla shares. If he ever gets margin called on his debt he’ll lose everything as he has to sell shares to cover his debt which will drive the price down more so he’ll have to sell more etc
It depends on which part of the sentence you would like to emphasise. In this case, the _organisations_ want Tesla to die, not the _list_. Hence the plural form.
Not all collective nouns work this way, but in this case either is grammatically correct.
Ahh, the little man again. The little man has been giving Elon and Tesla problems for a long time.
Early on Musk thought Henry Fisker, who led the design on the Model S then left to start his own EV company was the little man, so he launched a lawsuit against him, but it turned out Henry wasn't the little man, and the lawsuit was meritless.
The little man talked Musk into building falcon wing doors into the Model X, and it wasn't until production had been delayed by many months fussing with those stupid doors that Musk realized he had been tricked by the little man.
Who put the little man up to this? Was it the Koch Brothers? No one knows for sure.
The little man talked Elon into putting expensive autonomous driving hardware into every new Tesla, even though the software hadn't been made yet, and most Tesla buyers weren't willing to pay for it. Don't worry, said the little man, Tesla's will be driving autonomously coast to coast by christmas 2017, and Tesla will be the greatest most futuristic company ever. But Christmas 2017 came and went and Autopilot still sucked. Damn that little man!
The little Man must be Sterling Anderson, the director of Autopilot left the company right after launching HW2, and cofounded Aurora Innovation. Musk was sure Sterling was the little man, so he launched a lawsuit against Aurora, but alas, it turned out the Little man was not Sterling Anderson, and the lawsuit was meritless.
And then there was the time the little man tricked Elon into spending $2.6 billion worth of money Tesla didn't really have on a failing, debt ridden solar panel company. Oh you little man!
The little man one night snuck into the hot tub with Elon and filled his head with visions of a highly automated production line, that the little man dubbed 'The Alien Dreadnought'. The Robots will move so fast you won't even be able to see them, said the little man. Model 3s will shoot off the assembly line like bullets out of gatling gun. Buy Grohman Engineering, said the little man. So Elon did. And many hundreds of millions of dollar later when the Alien dreadnought failed miserably, Musk realized once again he had been tricked by the little man, and all the robots had to be ripped out. Musk is determined, though. Now he has parts of the Model 3 assembly line set up in a tent in the parking lot. Elon will make it happen, even if he has to live on the factory floor. You shall not defeat me, little man!
But it bothers him every night, that little man, who put him up to this? Is it the Tesla shorts? are they the ones who put the little man up to this? Was it May Mcormack? The little man has been out there, corralling the NTSB, the NLRB, the Media, financial analysts, Moody's and the UAW all to conspire against Tesla. Now the little man is setting the paint shop on fire and changing code. I'll get you if it's the last thing I do, little man!
News flash! Achieving great things is hard and everybody makes some mistakes along the way. On the way, they meet jokers who take great pride in laughing at their mistakes, because, let's be real, jokers are sore losers. Deep down they know they can't do 1% of that shit, and so yeah, let's lift a leg and piss on that fucker. That will show him!
Being founder / CEO of one industry disruptive company would be fine. Risky proposition under anyone's helm, yes, but Musk is a great salesman so he would stand a better chance than most of probably pulling it off. But no fewer than FOUR (Tesla, SpaceX, Boring Co, SolarCity (technically under Tesla's umbrella but for all intents and purposes its own business)), it starts to strain credulity.
There is a middle ground here. He's achieved some great things for sure. No doubt about that. He's also playing fast and loose with the finances of his companies - and since they are all intertwined through various debts, any one of them faltering could be catastrophic for all of them.
I would also add that it seems that some of his business ventures are anchored on their ability to oversell the feasibility of a central idea and subsequently manage lowering the client and the public's expectations. The Boring Company is a prime example.
I think you should reconsider your thoughts about this a bit. There is a genuine revolution underway being enabled by plummeting costs of producing lithium-ion batteries at scale.
Whether or not Tesla will lead it (or even continue be part of it) is certainly up for debate, but large, real things are happening and saying "everyone ride a bike!" is ignoring a reality that isn't tainted by feelings about Tesla/Elon.
There isn't a revolution underway. Everyone switching to an electric personal automoblie won't save us from anything. We'll just be destroying the planet at a marginally slower rate. You don't get to have your cake and eat it too.
Reason is slave to the passions. Musk sells a mirage that you can be reasonable without ever having to examine your passions. Who doesn't love driving? We just want to be told a lullabye that driving can still be the right thing to do. Musk is there for you. Musk and his little man.
Thank goodness for that, or heavier than air flying machines would still not be possible. Man would have never reached the moon, and the atoms wouldn't have been split.
Big progress largely happens because of irrationality. You have to be a little stupid and stubborn to do attempt a few things. Intelligent rational people are too clever for somethings in this world.
One of the nuances that gets lost when talking about battery costs is the difference between cell-level (individual 18650 / 2170 li-ion cells) costs and pack-level (the assembled collection of thousands of those cells) costs.
Both costs are expressed as $/kilowatt-hour but comparing them is comparing apples to apple pie.
Samsung, LG and Panasonic specialize in producing individual cells and don't do a lot of EV pack-level assembly. I think LG does pack assembly for the Chevy Bolt, but that car isn't produced in very large quantities and has a stated cell cost of $145/kwh.
There are hints that Tesla can producing entire packs at a comparable cost/kwh, if not less.
The poison of the internet thrives on 140 characters or less, it facilitates lies wonderfully. The truth needs more words. Twitter is Musk's preferred medium. Trump's too.
Ask yourself, though, how often you’ve seen emails like this from other companies in the news. Probably about never? Whatever you think about his reasons, Musk is going way against standard procedure here- and this in the field of company management, not the kind of engineering problems where his weird approach has paid off.
I mean, there may well be saboteurs in Tesla. That's not my issue. What worries me is that Musk sent out a general email and announced this to the world.
Why is that worrying?
Whether it is Trump's "Deep State", Stalin's "wreckers", shadow governments, or Freemasons. Any time a leader starts publically pointing to invisible actors and demanding they be investigated and stopped, something is about to go very wrong.
What inevitably follows is leaders asserting that their failures are not due to incompetence or poor planning on their part, but are caused unseen and irrational forces who must be opposed.
How is this an unseen and irrational force? It is a seen force - assuming we trust Musk in his assertion that a specific saboteur was identified and confessed to their actions, which I personally do given his overall track record - and it is a rational force given both immediate motivations (revenge for lack of promotion) and general motivations (massive extensively-documented well-funded multi-decade effort by the fossil fuel industry to thwart adoption of alternative energy). On top of that, none of this was public by virtue of it being a leaked internal email.
> I mean, there may well be saboteurs in Tesla. That's not my issue.
Yes, but your issue is apparently issuing proclamations about responses to saboteurs. Your stance on said issue holds little ground when you either seemingly can't be bothered to look at the basic facts or mischaracterize them to fit an agenda. So, which is it? Did you not read the article or are you being deliberately misleading?
Is it possible to make money by convincing everyone to short your company and then pushing the rug in under them by making earnings projections? Musk's recent announcements have been suspiciously suspicious.
probably... 'short squeezes' do cause price spikes, and if you control the news cycle about a company, I'm sure you could benefit from the extra volatility.
Wow...I've lost all hope in HN. It's officially become worse than Reddit in terms of astroturfing. I don't know how you can take a story about someone inside Tesla sabotaging their operations and come out against Tesla in this situation, but somehow every single comment in this thread has manged to do that in different ways.
"Tesla's fault for letting this happened!"
"It's just an excuse for production delays!"
"Elon's paranoid!"
"Conspiracy theorist!"
"Blaming short sellers is what Enron did! Leave the poor short sellers alone!"
I don't trust anything I read on HN anymore. Alright bots, now down vote me into oblivion where all the pro-Tesla comments end up.
Left and right extremism seems to be taking over the conversation worldwide these days. It's creeping in everywhere. What is most scary is that it is likely going to have to get much worse before it gets better..
I love Elon, and he has been seeming a little more random lately. Shortsellers lost over $1 billion dollars in one day earlier this month, I know Elon is paranoid, but is he paranoid enough?
https://www.cnbc.com/2018/06/06/shorts-against-teslas-stock-...
Sounds like all the bad decisions about who to hire (low cost, inexperienced workers) and who to fire (higher cost, experienced workers), how long to force people to work, overuse of automation, etc., has caught up with Tesla. And now Musk wants to externalize it so Tesla doesn't look bad and loose _even_ more orders of the model 3.
I think you just have a lot of pot shots to take against Tesla (most of which seem to have no precedent??), and want to project them onto this situation. This story relates to an internal email Musk sent around, telling staff to speak up about suspicious behaviour. It's not like he brought this to a shareholders meeting.
I find it concerning that one person was able to push malicious code to 'production'. To me, this suggests that Tesla, a company building highly sensitive software, does not employ basic branch policies. How is is it that these changes could have made it through a code review process and get deployed?
If a company like Microsoft or Google announced that a disgruntled employee was able to push some code that, say, stole user information, I think the general reaction would be "why was this allowed to happen?" I'm not sure why Tesla gets a pass in this regard