Saturday, January 25th, 2025

Time	Event
1:00p	Researchers Say New Attack Could Take Down the European Power Grid An anonymous reader quotes a report from Ars Technica: Late last month, researchers revealed a finding that's likely to shock some people and confirm the low expectations of others: Renewable energy facilities throughout Central Europe use unencrypted radio signals to receive commands to feed or ditch power into or from the grid that serves some 450 million people throughout the continent. Fabian Braunlein and Luca Melette stumbled on their discovery largely by accident while working on what they thought would be a much different sort of hacking project. After observing a radio receiver on the streetlight poles throughout Berlin, they got to wondering: Would it be possible for someone with a central transmitter to control them en masse, and if so, could they create a city-wide light installation along the lines of Project Blinkenlights? The first Project Blinkenlights iteration occurred in 2001 in Berlin, when the lights inside a large building were synchronized to turn on and off to give the appearance of a giant, low-resolution monochrome computer screen. The researchers, who presented their work last month at the 38th Chaos Communication Congress in Hamburg, Germany, wondered if they could control streetlights in Berlin to create a city-wide version, though they acknowledged it would likely be viewable only from high altitudes. They didn't know then, but their project was about to undergo a major transformation. After an extensive and painstaking reverse-engineering process that took about a year, Braunlein and Melette learned that they could indeed control the streetlights simply by replaying legitimate messages they observed being sent over the air previously. They then learned something more surprising — the very same system for controlling Berlin's lights was used throughout Central Europe to control other regional infrastructure, including switches that regulate the amount of power renewable electric generation facilities feed into the grid. Collectively, the facilities could generate as much as 40 gigawatts in Germany alone, the researchers estimate. In addition, they estimate that in Germany, 20 GW of loads such as heat pumps and wall boxes are controlled via those receivers. That adds up to 60 GW that might be controllable through radio signals anyone can send. When Braunlein and Melette realized how much power was controlled, they wondered how much damage might result from rogue messages sent simultaneously to multiple power facilities in strategically designed sequences and times of day. By their calculation, an optimally crafted series of messages sent under certain conditions would be enough to bring down the entire European grid. [...] The grid security experts Ars talked to for this story said they're doubtful of the assessment. "A sudden deficit of 60 GW will definitely lead to a brownout because 60 GW is far more than [the] reserves available," said Albert Moser, a RWTH Aachen professor with expertise in power grids. "A sudden deficit of 60 GW could even lead to a blackout due to the very steep fall of frequency that likely cannot be handled fast enough by underfrequency relays (load shedding)." He wasn't able to confirm that 60 GW of generation/load is controlled by radio signals or that security measures for Radio Ripple Control are insufficient. Jan Hoff, a grid security expert, was also doubtful there'd be enough electricity dropped quickly enough to cause a brownout. "He likened the grid to the roly-poly toys from the 1970s, which were built to be knocked around but not fall over," said Ars. Read more of this story at Slashdot. (Comment on this)
3:34p	America Lags on Renewable Energy. Blame Regulations and Grid Connection Issues "For years, renewable energy proponents have hoped to build a U.S. electric grid powered by wind, solar, geothermal and — to a lesser extent — nuclear power..." writes the Washington Post. In America's power markets "the economics of clean energy are strong," with renewable energy cheaper than fossil fuel plants in many jurisdictions. But the Post spoke to the "electricity modeling" director at nonpartisan clean energy think tank Energy Innovation, who offered this assessment. "The technology is ready, and the financial services are ready — but the question nobody really put enough thought into was, could the government keep up? And at the moment, the answer is no." [R]enewable developers say that the new technologies are stymied by complicated local and federal regulations, a long wait to connect to the electricity grid, and community opposition... "The U.S. offshore wind business is at a very nascent stage versus Europe or China," Rob Barnett, a senior analyst at Bloomberg Intelligence, said in an email. "With the new permitting pause, it's doubtful much progress for this emerging industry will be made...." After the Inflation Reduction Act passed, Rhodium Group — an independent clean energy research firm — estimated that between 2023 and 2025, on average, the country would add between 36 and 46 gigawatts of clean electricity to the grid every year. Late last year, however, the group found that the country only installed around 27 gigawatts in 2023. The U.S.'s renewable growth is now expected to fall on the low end of that range — or miss it entirely. "It actually is really hard to build a lot of this stuff fast," said Trevor Houser, partner in climate and energy at Rhodium Group. As a result, Rhodium found, the country only cut carbon emissions by 0.2 percent in 2024... A significant amount of this lag has come from wind power, where problems with supply chains and getting permits and approval to build has put a damper on development. But solar construction is also on the low end of what experts were expecting... Developers point to lags in the interconnection queue — a system that gives new solar, wind or fossil fuel projects permission to connect to the larger electricity grid. According to a report from Lawrence Berkeley National Laboratory, it can now take nearly 3 years for a project to get through the queue. The grid operator that covers the Mid-Atlantic and parts of the Midwest, PJM, had over 3,300 projects in its queue at the end of 2023. The vast majority of these applications are for renewables — more than the entire number of active wind farms in the nation... There are possible solutions. Some developers hope to reuse old fossil fuel sites, like coal plants, that are already connected to the grid — bypassing the long queue entirely. The Federal Energy Regulatory Commission has instated new rules to make it easier to build transmission lines. Part of the problem is that wind and solar facilities "sometimes need to be built hundreds or even thousands of miles away" — requiring long transmission lines. Sandhya Ganapathy, CEO of EDP Renewables North America, tells the Post that in America, "The grid that we have was never designed to handle this kind of load." And yet last year just 255 miles of new transmission line were built in the U.S., according to the American Clean Power Association. And Ganapathy also complains that approval for a new renewable energy project takes "anywhere between six to eight years" — which makes developers hesitant to build. "Why are we taking a big risk of a massive investment if I will not be able to sell the electrons?" The end result? The Washington Post writes that "Experts once hoped that by the end of the decade the United States could generate up to 80 percent of its power with clean power... Now, some wonder if the country will be able to reach even 60 percent." Read more of this story at Slashdot. (Comment on this)
4:34p	Bambu Labs' 3D Printer 'Authorization' Update Beta Sparks Concerns Slashdot reader jenningsthecat writes: 3D printer manufacturer Bambu Labs has faced a storm of controversy and protest after releasing a security update which many users claim is the first step in moving towards an HP-style subscription model. Bambu Labs responded that there's misinformation circulating online, adding "we acknowledge that our communication might have contributed to the confusion." Bambu Labs spokesperson Nadia Yaakoubi did "damage control", answering questions from the Verge: Q: Will Bambu publicly commit to never requiring a subscription in order to control its printers and print from them over a home network? A: For our current product line, yes. We will never require a subscription to control or print from our printers over a home network... Q: Will Bambu publicly commit to never putting any existing printer functionality behind a subscription? Yes... Bambu's site adds that the security update "is beta testing, not a forced update. The choice is yours. You can participate in the beta program to help us refine these features, or continue using your current firmware." Hackaday notes another wrinkle: This follows the original announcement which had the 3D printer community up in arms, and quickly saw the new tool that's supposed to provide safe and secure communications with Bambu Lab printers ripped apart to extract the security certificate and private key... As the flaming wreck that's Bambu Lab's PR efforts keeps hurtling down the highway of public opinion, we'd be remiss to not point out that with the security certificate and private key being easily obtainable from the Bambu Connect Electron app, there is absolutely no point to any of what Bambu Lab is doing. The Verge asked Bambu Labs about that too: Q: Does the private key leaking change any of your plans? No, this doesn't change our plans, and we've taken immediate action. Bambu Labs had said their security update would "ensure only authorized access and operations are permitted," remembers Ars Technica. "This would, Bambu suggested, mitigate risks of 'remote hacks or printer exposure issues' and lower the risk of 'abnormal traffic or attacks.'" This was necessary, Bambu wrote, because of increases in requests made to its cloud services "through unofficial channels," targeted DDOS attacks, and "peaks of up to 30 million unauthorized requests per day" (link added by Bambu). But Ars Technica also found some skepticism online: Repair advocate Louis Rossmann, noting Bambu's altered original blog post, uploaded a video soon after, "Bambu's Gaslighting Masterclass: Denying their own documented restrictions"... suggesting that the company was asking buyers to trust that Bambu wouldn't enact restrictive policies it otherwise wrote into its user agreements. And Ars Technica also cites another skeptical response from a video posted by open source hardware hacker and YouTube creator Jeff Geerling: "Every IoT device has these problems, and there are better ways to secure things than by locking out access, or making it harder to access, or requiring their cloud to be integrated." Read more of this story at Slashdot. (Comment on this)
6:34p	EV Maker Canoo 'Goes Belly-Up After Moving to Texas' 2021: "Automotive Startup Canoo Debuts a Snub-Nosed Electric Pickup" 2025: Canoo "Goes Belly-Up After Moving to Texas" "Its production volumes paled in comparison to Canoo's rate of cash burn, which was substantial, with net losses in 2023 totaling just over $300 million..." reports AutoWeek. "It was able to deliver small batches of vans to a few customers, but apparently remained distant from anything approaching volume production." "Back in 2020, electric vehicle maker Canoo snagged a $2.4 billion valuation before it had shipped a single car," remembers SFGate. "Now, just months after yanking its headquarters from Los Angeles County to Texas, the company has gone belly-up." In its four-year span as a public company, Canoo battled investor lawsuits, Securities and Exchange Commission charges, executive departures and a mixed reception of its cars. Auto tech blogger Steven Symes recently likened Canoo's cargo-style van to an "eraser on wheels." "Canoo is the latest EV startup to go bankrupt after merging with a special purpose acquisition company (SPAC) as a shortcut to going public," notes TechCrunch. "Electric Last Mile Solutions was the first in June 2022. But since then, Fisker, Lordstown Motors, Proterra, Lion Electric, and Arrival all filed for different levels of bankruptcy protection in their various home countries." In the years since it went public, [Canoo] made a small number of its bubbly electric vans and handed them over to partners — some paying — willing to trial the vehicles. The U.S. Postal Service, Department of Defense, and NASA all have or had Canoo vehicles. Read more of this story at Slashdot. (Comment on this)
8:34p	Heat Pumps Are Now Outselling Gas Furnaces In America CleanTechnicareports that last year Americans "bought 37% more air source heat pumps than the next most popular heating appliance — gas furnaces." And Americans bought 21% more heat pumps than they did in 2023. Canary Media is quick to point out that in many homes, more than one heat pump is required, so that data should be interpreted with that in mind. Typically, a home uses only one furnace. Nevertheless, the trend for heat pumps is up. Russell Unger, the head of decarbonizing buildings at RMI, said, "There's just been this long term, consistent trend." It's easy to understand why heat pumps are gaining in popularity. In addition to providing heated air in the winter and cool air in the summer, they are far more efficient than conventional heat sources — delivering three to four times more heat per dollar spent than oil- or gas-fired heating equipment or old fashioned electric baseboard heat. They also create far less carbon pollution. How much less depends on the source of electricity in the local area, Thanks to long-time Slashdot reader AmiMoJo for sharing the news. Read more of this story at Slashdot. (Comment on this)
11:34p	Could New Linux Code Cut Data Center Energy Use By 30%? Two computer scientists at the University of Waterloo in Canada believe changing 30 lines of code in Linux "could cut energy use at some data centers by up to 30 percent," according to the site Data Centre Dynamics. It's the code that processes packets of network traffic, and Linux "is the most widely used OS for data center servers," according to the article: The team tested their solution's effectiveness and submitted it to Linux for consideration, and the code was published this month as part of Linux's newest kernel, release version 6.13. "All these big companies — Amazon, Google, Meta — use Linux in some capacity, but they're very picky about how they decide to use it," said Martin Karsten [professor of Computer Science in the Waterloo's Math Faculty]. "If they choose to 'switch on' our method in their data centers, it could save gigawatt hours of energy worldwide. Almost every single service request that happens on the Internet could be positively affected by this." The University of Waterloo is building a green computer server room as part of its new mathematics building, and Karsten believes sustainability research must be a priority for computer scientists. "We all have a part to play in building a greener future," he said. The Linux Foundation, which oversees the development of the Linux OS, is a founder member of the Green Software Foundation, an organization set up to look at ways of developing "green software" — code that reduces energy consumption. Karsten "teamed up with Joe Damato, distinguished engineer at Fastly" to develop the 30 lines of code, according to an announcement from the university. "The Linux kernel code addition developed by Karsten and Damato was based on research published in ACM SIGMETRICS Performance Evaluation Review" (by Karsten and grad student Peter Cai). Their paper "reviews the performance characteristics of network stack processing for communication-heavy server applications," devising an "indirect methodology" to "identify and quantify the direct and indirect costs of asynchronous hardware interrupt requests (IRQ) as a major source of overhead... "Based on these findings, a small modification of a vanilla Linux system is devised that improves the efficiency and performance of traditional kernel-based networking significantly, resulting in up to 45% increased throughput..." Read more of this story at Slashdot. (Comment on this)

<< Previous Day

2025/01/25 [Calendar]

Next Day >>