An anonymous reader quotes a report from Electrek: In a major clean energy benchmark, wind, solar, and hydro exceeded 100% of demand on California's main grid for 30 of the past 38 days. Stanford University professor of civil and environmental engineering Mark Z. Jacobson has been tracking California's renewables performance, and he shares his findings on Twitter (X) when the state breaks records. Jacobson notes that supply exceeds demand for "0.25-6 h per day," and that's an important fact. The continuity lies not in renewables running the grid for the entire day but in the fact that it's happening on a consistent daily basis, which has never been achieved before. At the two-week record mark, Ian Magruder at Rewiring America made this great point on LinkedIn: "And what makes it even better is that California has the largest grid-connected battery storage facility in the world (came online in January ...), meaning those batteries were filling up with excess energy from the sun all afternoon today and are now deploying as we speak to offset a good chunk of the methane gas generation that California still uses overnight." On April 2, the California Independent System Operator (ISO) recommended 26 new transmission projects worth $6.1 billion, with a big number being devoted to offshore wind. In response, Jacobson predicted on April 4 that California will entirely be on renewables and battery storage 24/7 by 2035.

Read more of this story at Slashdot.

情報元へのリンク

T-Mobile employees from around the country are reportedly receiving text messages offering them cash in exchange for swapping SIMs. SIM swapping is when cybercriminals trick a cellular service provider into switching a victim's service to a SIM card that they control, essentially hijacking the victim's phone number and gaining access to two-factor authentication codes. From the Mobile Report: The texts offer the employee $300 per SIM swap, and asks the worker to contact them on telegram. The texts all come from a variety of different numbers across multiple area codes, making it more difficult to block. The text also claims they acquired the employee's number "from the T-Mo employee directory." If true, it could mean T-Mobile's employee directory, with contact numbers, has somehow been accessed. It's also possible the bad actor has live/current access to this data, though we consider that less likely due to the fact that some impacted people are former employees who have not worked at the company in months. Still, the biggest issue here is how this person (or multiple people) obtained the employee phone numbers. We're not sure yet which employees are impacted, but based on comments online it seems at least a few third-party employees are affected, and we've independently confirmed current corporate employees have also received the message. Though we can't say for certain, this likely means the information is not the same data as what was leaked during the Connectivity Source breach [from September]. We can't, however, eliminate that possibility. As mentioned, there are reports that some of the contacted people are former employees, and haven't been employed at T-Mobile for months, so the information being acted upon is likely a few months old at the very least. That being said, we're pretty confident based on corporate employees being included that this is a different source of data being used.

Read more of this story at Slashdot.

情報元へのリンク

Meta plans to "temporarily" shut down Threads in Turkey from April 29, in response to an interim injunction prohibiting data sharing with Instagram. TechCrunch reports: The Turkish Competition Authority (TCA), known as Rekabet Kurumu, noted on March 18 that its investigations found that Meta was abusing its dominant market position by combining the data of users who create Threads profiles with that of their Instagram account -- without giving users the choice to opt in. [...] In the buildup to April 29, everyone using Threads in Turkey will receive a notification about the impending closure, and they will be given a choice to either delete or deactivate their profile. The latter of these options means a user's profile can be resurrected when and if Threads is available in the country again. "We disagree with the interim order, we believe we are in compliance with all Turkish legal requirements, and we will appeal," Meta wrote in the blog post today. "The TCA's interim order leaves us with no choice but to temporarily shut down Threads in Turkiye. We will continue to constructively engage with the TCA and hope to bring Threads back to people in Turkiye as quickly as possible."

Read more of this story at Slashdot.

情報元へのリンク

Adobe is using its Firefly machine learning model to bring generative AI video tools to Premiere Pro. "These new Firefly tools -- alongside some proposed third-party integrations with Runway, Pika Labs, and OpenAI's Sora models -- will allow Premiere Pro users to generate video and add or remove objects using text prompts (just like Photoshop's Generative Fill feature) and extend the length of video clips," reports The Verge. From the report: Unlike many of Adobe's previous Firefly-related announcements, no release date -- beta or otherwise -- has been established for the company's new video generation tools, only that they'll roll out "this year." And while the creative software giant showcased what its own video model is currently capable of in an early video demo, its plans to integrate Premiere Pro with AI models from other providers isn't a certainty. Adobe instead calls the third-party AI integrations in its video preview an "early exploration" of what these may look like "in the future." The idea is to provide Premiere Pro users with more choice, according to Adobe, allowing them to use models like Pika to extend shots or Sora or Runway AI when generating B-roll for their projects. Adobe also says its Content Credentials labels can be applied to these generated clips to identify which AI models have been used to generate them.

Read more of this story at Slashdot.

情報元へのリンク

An anonymous reader quotes a report from the Washington Post: The Biden administration marked the close of tax season Monday by announcing it had met a modest goal of getting at least 100,000 taxpayers to file through the Internal Revenue Service's new tax software, Direct File -- an alternative to commercial tax preparers. Although the government had billed Direct File as a small-scale pilot, it still represents one of the most significant experiments in tax filing in decades -- a free platform letting Americans file online directly to the government. Monday's announcement aside, though, Direct File's success has proven highly subjective. By and large, people who tried the Direct File software -- which looks a lot like TurboTax or other commercial tax software, with its question-and-answer format -- gave it rave reviews. "Against all odds, the government has created an actually good piece of technology," a writer for the Atlantic marveled, describing himself as "giddy" as he used the website to chat live with a helpful IRS employee. The Post's Tech Friend columnist Shira Ovide called it "visible proof that government websites don't have to stink." Online, people tweeted praise after filing their taxes, like the user who called it the "easiest tax experience of my life." While the users might be a happy group, however, there weren't many of them compared to other tax filing options -- and their positive reviews likely won't budge the opposition that Direct File has faced from tax software companies and Republicans from the outset. These headwinds will likely continue if the IRS wants to renew it for another tax season. The program opened to the public midway through tax season, when many low-income filers had already claimed their refunds -- and was restricted to taxpayers in 12 states, with only four types of income (wages, interest, Social Security and unemployment). But it gained popularity as tax season went on: The Treasury Department said more than half of the total users of Direct File completed their returns during the last week.

Read more of this story at Slashdot.

情報元へのリンク

Roku has made two-factor authentication (2FA) mandatory for all users following two credential stuffing attacks that compromised approximately 591,000 customer accounts and led to unauthorized purchases in fewer than 400 cases. The Register reports: Credential stuffing and password spraying are both fairly similar types of brute force attacks, but the former uses known pairs of credentials (usernames and passwords). The latter simply spams common passwords at known usernames in the hope one of them leads to an authenticated session. "There is no indication that Roku was the source of the account credentials used in these attacks or that Roku's systems were compromised in either incident," it said in an update to customers. "Rather, it is likely that login credentials used in these attacks were taken from another source, like another online account, where the affected users may have used the same credentials." All accounts now require 2FA to be implemented, whether they were affected by the wave of compromises or not. Roku has more than 80 million active accounts, so only a minority were affected, and these have all been issued mandatory password resets. Compromised or not, all users are encouraged to create a strong, unique password for their accounts, consisting of at least eight characters, including a mix of numbers, symbols, and letter cases. [...] Roku also asked users to remain vigilant to suspicious activity regarding its service, such as phishing emails or clicking on dodgy links to rest passwords -- the usual stuff. "In closing, we sincerely regret that these incidents occurred and any disruption they may have caused," it said. "Your account security is a top priority, and we are committed to protecting your Roku account."

Read more of this story at Slashdot.

情報元へのリンク

Michael Larabel reports via Phoronix: Within yesterday's Linux 6.9-rc4 release is an interesting little nugget by Linus Torvalds to battle Kconfig parsers that can't correctly handle tabs but rather just assume spaces for whitespace for this kernel configuration format. Due to a patch having been queued last week to replace a tab with a space character in the kernel tracing Kconfig file, Linus Torvalds decided to take matters into his own hand for Kconfig parsers that can't deal with tabs... Torvalds authored a patch to intentionally add some tabs of his own into Kconfig for throwing off any out-of-tree/third-party parsers that can't correctly handle them. Torvalds added these intentional hidden tabs to the common Kconfig file for handling page sizes for the kernel. Thus sure to cause dramatic and noticeable breakage for any parsers not having tabs correctly.

Read more of this story at Slashdot.

情報元へのリンク

An anonymous reader quotes a report from TechCrunch: Dropout's Dungeons & Dragons actual play show, Dimension 20, is getting pretty close to selling out a 19,000-seat venue just hours after ticket sales opened to the general public. To the uninitiated, it may seem absurd to go to a massive sports arena and watch people play D&D. As one Redditor commented, "This boggles my mind. When I was playing D&D in the early eighties, I would have never believed that there was a future where people would watch live D&D at Madison Square Garden. It's incomprehensible to me." It is indeed bizarre, albeit fun. But in this monumental moment for the actual play genre, the triumph is eclipsed by the biggest frustration that links sports, music and now D&D fans: Ticketmaster. As Federal Trade Commission chair Lina Khan said amid the Taylor Swift-Ticketmaster scandal, the company's failures "ended up converting more Gen Zers into anti-monopolists overnight than anything [she] could have done." In the case of Taylor Swift's Eras tour, fans were upset because demand was so high that Ticketmaster's system couldn't handle the traffic. For Dimension 20, the culprit is Ticketmaster's dynamic pricing. As more people try to buy tickets, the price of the tickets increase. About an hour after the Madison Square Garden tickets went on sale, the few dozen upper bowl tickets left were $800. Three hours after, these tickets are around $330, which is still very inflated. "Went onto the presale, tickets were $500+ for the worst ones, we assumed they were scalpers and that the actual sale today would have normal priced tickets $2000 for the lower bowl!? I know it's not dropout setting the price but wow is that a LOT of cash," a Redditor posted. And as a commenter astutely pointed out, thanks to dynamic pricing, Ticketmaster itself is actually the scalper. Of course, Dimension 20 fans are frustrated, especially since the show's content is overtly anti-capitalist. Despite the pricing debacle, the demand for the show is a great sign for both actual play shows and the creator economy at large.

Read more of this story at Slashdot.

情報元へのリンク

The U.S. government is warning that smart locks securing entry to an estimated 50,000 dwellings nationwide contain hard-coded credentials that can be used to remotely open any of the locks. Krebs on SecurityL: The lock's maker Chirp Systems remains unresponsive, even though it was first notified about the critical weakness in March 2021. Meanwhile, Chirp's parent company, RealPage, Inc., is being sued by multiple U.S. states for allegedly colluding with landlords to illegally raise rents. On March 7, 2024, the U.S. Cybersecurity & Infrastructure Security Agency (CISA) warned about a remotely exploitable vulnerability with "low attack complexity" in Chirp Systems smart locks. "Chirp Access improperly stores credentials within its source code, potentially exposing sensitive information to unauthorized access," CISA's alert warned, assigning the bug a CVSS (badness) rating of 9.1 (out of a possible 10). "Chirp Systems has not responded to requests to work with CISA to mitigate this vulnerability." Matt Brown, the researcher CISA credits with reporting the flaw, is a senior systems development engineer at Amazon Web Services. Brown said he discovered the weakness and reported it to Chirp in March 2021, after the company that manages his apartment building started using Chirp smart locks and told everyone to install Chirp's app to get in and out of their apartments.

Read more of this story at Slashdot.

情報元へのリンク

Top takeaways from Stanford's new AI Index Report [PDF]: 1. AI beats humans on some tasks, but not on all. AI has surpassed human performance on several benchmarks, including some in image classification, visual reasoning, and English understanding. Yet it trails behind on more complex tasks like competition-level mathematics, visual commonsense reasoning and planning. 2. Industry continues to dominate frontier AI research. In 2023, industry produced 51 notable machine learning models, while academia contributed only 15. There were also 21 notable models resulting from industry-academia collaborations in 2023, a new high. 3. Frontier models get way more expensive. According to AI Index estimates, the training costs of state-of-the-art AI models have reached unprecedented levels. For example, OpenAI's GPT-4 used an estimated $78 million worth of compute to train, while Google's Gemini Ultra cost $191 million for compute. 4. The United States leads China, the EU, and the U.K. as the leading source of top AI models. In 2023, 61 notable AI models originated from U.S.-based institutions, far outpacing the European Union's 21 and China's 15. 5. Robust and standardized evaluations for LLM responsibility are seriously lacking. New research from the AI Index reveals a significant lack of standardization in responsible AI reporting. Leading developers, including OpenAI, Google, and Anthropic, primarily test their models against different responsible AI benchmarks. This practice complicates efforts to systematically compare the risks and limitations of top AI models. 6. Generative AI investment skyrockets. Despite a decline in overall AI private investment last year, funding for generative AI surged, nearly octupling from 2022 to reach $25.2 billion. Major players in the generative AI space, including OpenAI, Anthropic, Hugging Face, and Inflection, reported substantial fundraising rounds. 7. The data is in: AI makes workers more productive and leads to higher quality work. In 2023, several studies assessed AI's impact on labor, suggesting that AI enables workers to complete tasks more quickly and to improve the quality of their output. These studies also demonstrated AI's potential to bridge the skill gap between low- and high-skilled workers. Still, other studies caution that using AI without proper oversight can lead to diminished performance. 8. Scientific progress accelerates even further, thanks to AI. In 2022, AI began to advance scientific discovery. 2023, however, saw the launch of even more significant science-related AI applications -- from AlphaDev, which makes algorithmic sorting more efficient, to GNoME, which facilitates the process of materials discovery. 9. The number of AI regulations in the United States sharply increases. The number of AIrelated regulations in the U.S. has risen significantly in the past year and over the last five years. In 2023, there were 25 AI-related regulations, up from just one in 2016. Last year alone, the total number of AI-related regulations grew by 56.3%. 10. People across the globe are more cognizant of AI's potential impact -- and more nervous. A survey from Ipsos shows that, over the last year, the proportion of those who think AI will dramatically affect their lives in the next three to five years has increased from 60% to 66%. Moreover, 52% express nervousness toward AI products and services, marking a 13 percentage point rise from 2022. In America, Pew data suggests that 52% of Americans report feeling more concerned than excited about AI, rising from 37% in 2022.

Read more of this story at Slashdot.

情報元へのリンク

Ubisoft has come under fire from players who claim the company has revoked access to a game they had previously purchased. Users attempting to launch "The Crew" on Ubisoft Connect are met with a message stating, "You no longer have access to this game. Why not check the Store to pursue your adventures?" The game has also been moved to a separate "inactive games" section in players' libraries. While the game can still be launched, it reportedly only plays a limited demo version. Ubisoft has yet to comment on the matter, but some speculate that the decision may be related to the game's reliance on servers that are no longer operational. The incident has sparked concerns among gamers about the control platform holders have over digital purchases. Ubisoft's subscription boss, Philippe Tremblay, recently stated that players will need to get "comfortable" with not owning games.

Read more of this story at Slashdot.

情報元へのリンク