1,500 Tesla Powerwall Owners Have Already Joined the New Virtual Power Plant In California

PG&E announced that more than 1,500 Tesla Powerwall owners have already decided to joined the new virtual power plant it launched in partnership with Tesla in California. Electrek reports: A virtual power plant (VPP) consists of distributed energy storage systems, like Tesla Powerwalls, used in concert to provide grid services and avoid the use of polluting and expensive peaker power plants. Last year, Tesla launched a test VPP in California, where Powerwall owners would join in voluntarily without compensation to let the VPP pull power from their battery packs when the grid needed it. Last month, Tesla and PG&E, a large electric utility company in Northern California, announced the launch of a new commercial VPP where homeowners with Powerwalls would get compensated for helping the grid with the energy in their battery packs.

PG&E has now released an update on the virtual power plant and said that more than 1,500 Tesla Powerwall owners have already joined the program: “On June 22, Tesla invited approximately 25,000 PG&E customers with Powerwalls to join the VPP and help form the world’s largest distributed battery. In the first two weeks of the new program, more than 3,000 customers have expressed interest in enrolling, with more than 1,500 customers officially in the program.” With an average of two Powerwalls per customer, the VPP most likely already has a 13 MW load capacity. PG&E says that if all eligible Powerwall owners join, the VPP would have the available megawatts equivalent to “the energy generated by a small power plant.” Tesla Powerwall owners can join through the Tesla app and receive $2 per kWh that they send back to the grid during emergency events. “Enabling Powerwall customers to support the grid and their community is a necessary and important part of accelerating the transition to sustainable energy,” said Drew Baglino, senior vice president of Powertrain and Energy Engineering at Tesla. “We seek to partner with utilities and regulators everywhere to unlock the full potential of storage to bring more renewable, resilient, and less costly electricity to everyone.”

Read more of this story at Slashdot.

Microsoft Moves To New Windows Development Cycle

Microsoft is shifting to a new engineering schedule for Windows which will see the company return to a more traditional three-year release cycle for major versions of the Windows client, while simultaneously increasing the output of new features shipping to the current version of Windows on the market. Zac Bowden writes via Windows Central: The news comes just a year after the company announced it was moving to a yearly release cadence for new versions of Windows. According to my sources, Microsoft now intends to ship “major” versions of the Windows client every three years, with the next release currently scheduled for 2024, three years after Windows 11 shipped in 2021. This means that the originally planned 2023 client release of Windows (codenamed Sun Valley 3) has been scrapped, but that’s not the end of the story. I’m told that with the move to this new development schedule, Microsoft is also planning to increase the output of new features rolling out to users on the latest version of Windows.

Starting with Windows 11 version 22H2 (Sun Valley 2), Microsoft is kicking off a new “Moments” engineering effort which is designed to allow the company to rollout new features and experiences at key points throughout the year, outside of major OS releases. I hear the company intends to ship new features to the in-market version of Windows every few months, up to four times a year, starting in 2023. Microsoft has already tested this system with the rollout of the Taskbar weather button on Windows 11 earlier this year. That same approach will be used for these Moments, where the company will group together a handful of new features that have been in testing with Insiders and roll them out to everyone on top the latest shipping release of Windows. Many of the features that were planned for the now-scrapped Sun Valley 3 client release will ship as part of one of these Moments on top of Sun Valley 2, instead of in a dedicated new release of the Windows client in the fall of 2023.

Read more of this story at Slashdot.

Some Beijing Travelers Asked To Wear COVID Monitoring Bracelets

Some Beijing residents returning from domestic travel were asked by local authorities to wear COVID-19 monitoring bracelets, prompting widespread criticism on Chinese social media by users concerned about excessive government surveillance. Reuters reports: According to posts published on Wednesday evening and Thursday morning on microblogging platform Weibo, some Beijing residents returning to the capital were asked by their neighborhood committees to wear an electronic bracelet throughout the mandatory home quarantine period. Chinese cities require those arriving from parts of China where COVID cases were found to quarantine. Authorities fit doors with movement sensors to monitor their movements but until now have not widely discussed the use of electronic bracelets.

The bracelets monitor users’ temperature and upload the data onto a phone app they had to download, the posts said. “This bracelet can connect to the Internet, it can definitely record my whereabouts, it is basically the same as electronic fetters and handcuffs, I won’t wear this,” Weibo user Dahongmao wrote on Wednesday evening, declining to comment further when contacted by Reuters. This post and others that shared pictures of the bracelets were removed by Thursday afternoon, as well as a related hashtag that had garnered over 30 million views, generating an animated discussion on the platform.

A community worker at Tiantongyuan, Beijing’s northern suburb, confirmed to state-backed news outlet Eastday that the measure was in effect in the neighbourhood, though she called the practice “excessive.” A Weibo post and a video published on the official account of Eastday.com was removed by Thursday afternoon. Weibo user Dahongmao wrote on Thursday afternoon his neighbourhood committee had already collected the bracelets, telling him that “there were too many complaints.”

Read more of this story at Slashdot.

Base Model MacBook Air With M2 Chip Has Slower SSD Speeds In Benchmarks

According to The Verge’s review of the new MacBook Air with the M2 chip, the $1,199 base model equipped with 256GB of storage has a single NAND chip, which will lead to slower SSD speeds in benchmark testing. MacRumors reports: The dilemma arises from the fact that Apple switched to using a single 256GB flash storage chip instead of two 128GB chips in the base models of the new MacBook Air and 13-inch MacBook Pro. Configurations equipped with 512GB of storage or more are equipped with multiple NAND chips, allowing for faster speeds in parallel. In a statement issued to The Verge, Apple said that while benchmarks of the new MacBook Air and 13-inch MacBook Pro with 256GB of storage “may show a difference” compared to previous-generation models, real-world performance is “even faster”:

“Thanks to the performance increases of M2, the new MacBook Air and the 13-inch MacBook Pro are incredibly fast, even compared to Mac laptops with the powerful M1 chip. These new systems use a new higher density NAND that delivers 256GB storage using a single chip. While benchmarks of the 256GB SSD may show a difference compared to the previous generation, the performance of these M2 based systems for real world activities are even faster.” It’s unclear if Apple’s statement refers explicitly to real-world SSD performance or overall system performance.

Read more of this story at Slashdot.

Google Files a Lawsuit That Could Kick Tinder Out of the Play Store

Google has counter-sued Match seeking monetary damages and a judgement that would let it kick Tinder and the group’s other dating apps out of the Play Store, Bloomberg has reported. Engadget reports: Earlier this year, Match sued Google alleging antitrust violations over a decision requiring all Android developers to process “digital goods and services” payments through the Play Store billing system. Following the initial lawsuit in May, Google and Match reached a temporary agreement allowing Match to remain on the Play Store and use its own payments system. Google also agreed to make a “good faith” effort to address Match’s billing concerns. Match, in turn, was to make an effort to offer Google’s billing system as an alternative.

However, Google parent Alphabet claims that Match Group now wants to avoid paying “nothing at all” to Google, including its 15 to 30 percent Play Store fees, according to a court filing. “Match Group never intended to comply with the contractual terms to which it agreed… it would also place Match Group in an advantaged position relative to other app developers,” the document states. Match group said that Google’s Play Store policies violate federal and state laws. “Google doesn’t want anyone else to sue them so their counterclaims are designed as a warning shot,” Match told Bloomberg in a statement. “We are confident that our suit, alongside other developers, the US Department of Justice and 37 state attorneys general making similar claims, will be resolved in our favor early next year.”

Read more of this story at Slashdot.

Lenovo Patches UEFI Code Execution Vulnerability Affecting More Than 70 Laptop Models

Lenovo has released a security advisory to inform customers that more than 70 of its laptops are affected by a UEFI/BIOS vulnerability that can lead to arbitrary code execution. SecurityWeek reports: Researchers at cybersecurity firm ESET discovered a total of three buffer overflow vulnerabilities that can allow an attacker with local privileges to affected Lenovo devices to execute arbitrary code. However, Lenovo says only one of the vulnerabilities (CVE-2022-1892) impacts all devices, while the other two impact only a handful of laptops. “The vulnerabilities can be exploited to achieve arbitrary code execution in the early phases of the platform boot, possibly allowing the attackers to hijack the OS execution flow and disable some important security features,” ESET explained. “These vulnerabilities were caused by insufficient validation of DataSize parameter passed to the UEFI Runtime Services function GetVariable. An attacker could create a specially crafted NVRAM variable, causing buffer overflow of the Data buffer in the second GetVariable call,” it added.

Lenovo has also informed customers about Retbleed, a new speculative execution attack impacting devices with Intel and AMD processors. The company has also issued an advisory for a couple of vulnerabilities affecting many products that use the XClarity Controller server management engine. These flaws can allow authenticated users to cause a DoS condition or make unauthorized connections to internal services.

Read more of this story at Slashdot.

Weed Killer Glyphosate Found In Most Americans’ Urine

An anonymous reader quotes a report from U.S. News & World Report: More than 80% of Americans have a widely used herbicide lurking in their urine, a new government study suggests. The chemical, known as glyphosate, is “probably carcinogenic to humans,” the World Health Organization’s International Agency for Research on Cancer has said. Glyphosate is the active ingredient in Roundup, a well-known weed killer. The U.S. National Nutrition Examination Survey found the herbicide in 1,885 of 2,310 urine samples that were representative of the U.S. population. Nearly a third of the samples came from children ages 6 to 18.

Traces of the herbicide have previously been found in kids’ cereals, baby formula, organic beer and wine, hummus and chickpeas. In 2020, the EPA determined that the chemical was not a serious health risk and “not likely” to cause cancer in humans. However, a federal appeals court ordered the EPA to reexamine those findings last month, CBS News reported. In 2019, a second U.S. jury ruled Bayer’s Roundup weed killer was the cause of a man’s cancer. It was only the second of some 11,200 Roundup lawsuits to go to trial in the United States. Another California man was awarded $78 million (originally $289 million) in the first lawsuit alleging a glyphosate link to cancer.

A study published around the same time as those rulings found that glyphosate “destroys specialized gut bacteria in bees, leaving them more susceptible to infection and death from harmful bacteria.”

Further reading: ‘It’s a Non-Party Political Issue’: Banning the Weedkiller Glyphosate (The Guardian)

Read more of this story at Slashdot.

TikTok Hits Pause On Its Most Controversial Privacy Update Yet

Early last month, TikTok users across Europe were told that, starting July 13th, the platform would begin using their on-app data to serve up targeted ads, even if those users didn’t consent to the practice. Now, less than a day before that change would have rolled out European Union-wide, it looks like the company’s reconsidering things a bit. Gizmodo reports: A company spokesperson told TechCrunch on Tuesday that TikTok is “pausing” the update while it “engage[s] on the questions from stakeholders,” about the way it handles personalized ads. And needless to say, there are quite a lot of questions about that right now — from data protection authorities in the EU, from lawmakers in the US, and from privacy experts pretty much everywhere.

For context: until this point, European users that opened the TikTok app needed to offer express consent to let the company use their data for targeted ads. This update planned to do away with the need for that pesky consent by on a legal basis known as “legitimate interest” to target those ads instead. In a nutshell, the “legitimate interest” clause would let TikTok process people’s data, consent-free, if it was for a purpose that TikTok deemed reasonable. This means the company could say, for example, that because targeted ads bring in more money than their un-targeted equivalent, it would be reasonable to serve all users — consenting or otherwise — targeted ads. Reasonable, right?

Read more of this story at Slashdot.

New Working Speculative Execution Attack Sends Intel and AMD Scrambling

Some microprocessors from Intel and AMD are vulnerable to a newly discovered speculative execution attack that can covertly leak password data and other sensitive material, sending both chipmakers scrambling once again to contain what is proving to be a stubbornly persistent vulnerability. Ars Technica reports: Researchers from ETH Zurich have named their attack Retbleed because it exploits a software defense known as retpoline, which was introduced in 2018 to mitigate the harmful effects of speculative execution attacks. Speculative execution attacks, also known as Spectre, exploit the fact that when modern CPUs encounter a direct or indirect instruction branch, they predict the address for the next instruction they’re about to receive and automatically execute it before the prediction is confirmed. Spectre works by tricking the CPU into executing an instruction that accesses sensitive data in memory that would normally be off-limits to a low-privileged application. Retbleed then extracts the data after the operation is canceled. […] The ETH Zurich researchers have conclusively shown that retpoline is insufficient for preventing speculative execution attacks. Their Retbleed proof-of-concept works against Intel CPUs with the Kaby Lake and Coffee Lake microarchitectures and AMD Zen 1, Zen 1+, and Zen 2 microarchitectures.

In response to the research, both Intel and AMD advised customers to adopt new mitigations that the researchers said will add as much as 28 percent more overhead to operations. […] Both Intel and AMD have responded with advisories. Intel has confirmed that the vulnerability exists on Skylake-generation processors that don’t have a protection known as enhanced Indirect Branch Restricted Speculation (eIBRS) in place. “Intel has worked with the Linux community and VMM vendors to provide customers with software mitigation guidance which should be available on or around today’s public disclosure date,” Intel wrote in a blog post. “Note that Windows systems are not affected given that these systems use Indirect Branch Restricted Speculation (IBRS) by default which is also the mitigation being made available to Linux users. Intel is not aware of this issue being exploited outside of a controlled lab environment.” AMD, meanwhile, has also published guidance. “As part of its ongoing work to identify and respond to new potential security vulnerabilities, AMD is recommending software suppliers consider taking additional steps to help guard against Spectre-like attacks,” a spokesman wrote in an email. The company has also published a whitepaper.

[Research Kaveh Razavi added:] “Retbleed is more than just a retpoline bypass on Intel, specially on AMD machines. AMD is in fact going to release a white paper introducing Branch Type Confusion based on Retbleed. Essentially, Retbleed is making AMD CPUs confuse return instructions with indirect branches. This makes exploitation of returns very trivial on AMD CPUs.” The mitigations will come at a cost that the researchers measured to be between 12 percent and 28 percent more computational overhead. Organizations that rely on affected CPUs should carefully read the publications from the researchers, Intel, and AMD and be sure to follow the mitigation guidance.

Read more of this story at Slashdot.