Keep in mind, RHEL backports and or cherrypicks commits from upstream into their kernel; so the 4.18 in RHEL8 is plus_plus and minus_minus 4.18 upstream

Just because we can MITM sms doesn't mean we should.... I'd like to at least marginally keep believing sms-based MFA is still useful and borderline secure, and I'm pretty certain we keep showing various companies and organizations keep loosing access to systems, exposing default credentials, etc.

Until we realize that building secure systems is actually really hard, and we can't just glob on security. There is more to security then making sure systems are updated regularly, audits are performed, and absurd password requirements are met. The GAO report on the SEC's systems (https://www.gao.gov/assets/690/686192.pdf) had these 2 recommendations: (1) Maintain up-to-date network diagrams and asset inventories in the system security plans for GSS and a key financial system to accurately and completely reflect the current operating environment. (2) Perform continuous monitoring using automated configuration and vulnerability scanning on the operating systems, databases, and network devices Stop rushing software and services to market, understand your software threat / overall architecture. Companies need to understand their applications, dependencies, attack space, how to actually implement security, and what having a secure system means. TLS and SSL doesn't mean anything if I can compromise an endpoint and now I (as an attacker) have access to your keys and can feed whatever I want into the pipe. Can you MITM your data access / caching layer? Where all can attacks come from and what is the impact at each level? What components are you using in the architecture? There is not a silver bullet to security. Sure, firewalls, IDS, password requirements, logging, encryption, etc. all help. They don't do anything if they aren't configured correctly, or they are bypassed, or some aspect of the system is wide open.

Was he (the passenger, and vehicle owner) keeping his hands to himself or were there also other distractions contributing to an already dangerous situation? Doesn't "insane" mode on the Tesla have to be specifically enabled? Was it enabled? Can they pull the black box and even find out if insane mode had engaged during the fatal trip?