Posted by BeauHD from Slashdot
From the new-reality department: An anonymous reader quotes a report from Electrek: In a major clean energy benchmark, wind, solar, and hydro exceeded 100% of demand on California's main grid for 30 of the past 38 days. Stanford University professor of civil and environmental engineering Mark Z. Jacobson has been tracking California's renewables performance, and he shares his findings on Twitter (X) when the state breaks records. Jacobson notes that supply exceeds demand for "0.25-6 h per day," and that's an important fact. The continuity lies not in renewables running the grid for the entire day but in the fact that it's happening on a consistent daily basis, which has never been achieved before.
At the two-week record mark, Ian Magruder at Rewiring America made this great point on LinkedIn: "And what makes it even better is that California has the largest grid-connected battery storage facility in the world (came online in January ...), meaning those batteries were filling up with excess energy from the sun all afternoon today and are now deploying as we speak to offset a good chunk of the methane gas generation that California still uses overnight." On April 2, the California Independent System Operator (ISO) recommended 26 new transmission projects worth $6.1 billion, with a big number being devoted to offshore wind. In response, Jacobson predicted on April 4 that California will entirely be on renewables and battery storage 24/7 by 2035.
Posted by BeauHD from Slashdot
From the deal-or-no-deal department: T-Mobile employees from around the country are reportedly receiving text messages offering them cash in exchange for swapping SIMs. SIM swapping is when cybercriminals trick a cellular service provider into switching a victim's service to a SIM card that they control, essentially hijacking the victim's phone number and gaining access to two-factor authentication codes. From the Mobile Report: The texts offer the employee $300 per SIM swap, and asks the worker to contact them on telegram. The texts all come from a variety of different numbers across multiple area codes, making it more difficult to block. The text also claims they acquired the employee's number "from the T-Mo employee directory." If true, it could mean T-Mobile's employee directory, with contact numbers, has somehow been accessed. It's also possible the bad actor has live/current access to this data, though we consider that less likely due to the fact that some impacted people are former employees who have not worked at the company in months.
Still, the biggest issue here is how this person (or multiple people) obtained the employee phone numbers. We're not sure yet which employees are impacted, but based on comments online it seems at least a few third-party employees are affected, and we've independently confirmed current corporate employees have also received the message. Though we can't say for certain, this likely means the information is not the same data as what was leaked during the Connectivity Source breach [from September]. We can't, however, eliminate that possibility. As mentioned, there are reports that some of the contacted people are former employees, and haven't been employed at T-Mobile for months, so the information being acted upon is likely a few months old at the very least. That being said, we're pretty confident based on corporate employees being included that this is a different source of data being used.
Posted by BeauHD from Slashdot
From the so-far-so-good department: An anonymous reader quotes a report from the Washington Post: The Biden administration marked the close of tax season Monday by announcing it had met a modest goal of getting at least 100,000 taxpayers to file through the Internal Revenue Service's new tax software, Direct File -- an alternative to commercial tax preparers. Although the government had billed Direct File as a small-scale pilot, it still represents one of the most significant experiments in tax filing in decades -- a free platform letting Americans file online directly to the government. Monday's announcement aside, though, Direct File's success has proven highly subjective.
By and large, people who tried the Direct File software -- which looks a lot like TurboTax or other commercial tax software, with its question-and-answer format -- gave it rave reviews. "Against all odds, the government has created an actually good piece of technology," a writer for the Atlantic marveled, describing himself as "giddy" as he used the website to chat live with a helpful IRS employee. The Post's Tech Friend columnist Shira Ovide called it "visible proof that government websites don't have to stink." Online, people tweeted praise after filing their taxes, like the user who called it the "easiest tax experience of my life."
< This article continues on their website >
Posted by BeauHD from Slashdot
From the better-late-than-never department: Roku has made two-factor authentication (2FA) mandatory for all users following two credential stuffing attacks that compromised approximately 591,000 customer accounts and led to unauthorized purchases in fewer than 400 cases. The Register reports: Credential stuffing and password spraying are both fairly similar types of brute force attacks, but the former uses known pairs of credentials (usernames and passwords). The latter simply spams common passwords at known usernames in the hope one of them leads to an authenticated session. "There is no indication that Roku was the source of the account credentials used in these attacks or that Roku's systems were compromised in either incident," it said in an update to customers. "Rather, it is likely that login credentials used in these attacks were taken from another source, like another online account, where the affected users may have used the same credentials."
All accounts now require 2FA to be implemented, whether they were affected by the wave of compromises or not. Roku has more than 80 million active accounts, so only a minority were affected, and these have all been issued mandatory password resets. Compromised or not, all users are encouraged to create a strong, unique password for their accounts, consisting of at least eight characters, including a mix of numbers, symbols, and letter cases. [...] Roku also asked users to remain vigilant to suspicious activity regarding its service, such as phishing emails or clicking on dodgy links to rest passwords -- the usual stuff. "In closing, we sincerely regret that these incidents occurred and any disruption they may have caused," it said. "Your account security is a top priority, and we are committed to protecting your Roku account."
Posted by BeauHD from Slashdot
From the would-you-look-at-that department: An anonymous reader quotes a report from TechCrunch: Dropout's Dungeons & Dragons actual play show, Dimension 20, is getting pretty close to selling out a 19,000-seat venue just hours after ticket sales opened to the general public. To the uninitiated, it may seem absurd to go to a massive sports arena and watch people play D&D. As one Redditor commented, "This boggles my mind. When I was playing D&D in the early eighties, I would have never believed that there was a future where people would watch live D&D at Madison Square Garden. It's incomprehensible to me." It is indeed bizarre, albeit fun. But in this monumental moment for the actual play genre, the triumph is eclipsed by the biggest frustration that links sports, music and now D&D fans: Ticketmaster. As Federal Trade Commission chair Lina Khan said amid the Taylor Swift-Ticketmaster scandal, the company's failures "ended up converting more Gen Zers into anti-monopolists overnight than anything [she] could have done."
< This article continues on their website >
Posted by msmash from Slashdot
From the security-woes department: The U.S. government is warning that smart locks securing entry to an estimated 50,000 dwellings nationwide contain hard-coded credentials that can be used to remotely open any of the locks. Krebs on SecurityL: The lock's maker Chirp Systems remains unresponsive, even though it was first notified about the critical weakness in March 2021. Meanwhile, Chirp's parent company, RealPage, Inc., is being sued by multiple U.S. states for allegedly colluding with landlords to illegally raise rents. On March 7, 2024, the U.S. Cybersecurity & Infrastructure Security Agency (CISA) warned about a remotely exploitable vulnerability with "low attack complexity" in Chirp Systems smart locks.
"Chirp Access improperly stores credentials within its source code, potentially exposing sensitive information to unauthorized access," CISA's alert warned, assigning the bug a CVSS (badness) rating of 9.1 (out of a possible 10). "Chirp Systems has not responded to requests to work with CISA to mitigate this vulnerability." Matt Brown, the researcher CISA credits with reporting the flaw, is a senior systems development engineer at Amazon Web Services. Brown said he discovered the weakness and reported it to Chirp in March 2021, after the company that manages his apartment building started using Chirp smart locks and told everyone to install Chirp's app to get in and out of their apartments.
The Nintendo Switch has been around the block. To hammer that point home, Nintendo’s ultra-successful console celebrated its seventh release anniversary just last month. The little console that is still widely loved for its innovative controllers and portable form factor, so much so the long-speculated Nintendo Switch… 
Dawntrail—the next expansion for Square Enix’s masterfully designed MMORPG Final Fantasy XIV—doesn’t release until July 2, but fans can get a taste of what’s to come right now. The official benchmark for the game is available as of April 14, and will let players experience some of the expansion’s most anticipated… 
Blizzard’s customer service is in hot water after a series of exchanges about Overwatch 2’s profanity rules caught the attention of the community and subsequently went viral. Apparently, profanity of any kind is considered against the hero shooter’s code of conduct, and if someone reports it, seemingly regardless of… 
The similarities between Nier: Automata and Shift Up’s upcoming PlayStation 5 exclusive, Stellar Blade, are evident—and not just because the former inspired the latter. Both games center women piecing together a world at its collapse, which makes the two sisters of a sort. And as it does between sisters, jealousy… 
After helping my childhood friend, Cloud, through a reality-bending experience to reclaim his identity, I listen as he apologizes for his worst actions and explains to a room full of people why he misled everyone. Yes, his mind was under the influence of an invasive presence, but this confession comes from a place of… 
Ubisoft’s decision to keep a mission featuring everyone’s favorite intergalactic crime lord, Jabba the Hutt, behind the most eye-wateringly expensive versions of Star Wars Outlaws caused widespread internet panic in recent days. Given how much of the game’s promotion has featured the grumpy space worm, was the key… 
What makes a good video game adaptation? For some, it’s a rock solid story set in a well-known world, but for a very vocal group of gamers, it’s a faithful, beat-by-beat recreation of beloved source material. Those who fall into that latter school of thought are the same people who are angry that Master Chief had sex… 
Fun fact: The standard North American NAD83 coordinate system is misaligned from the actual Earth, off-center by about 7 feet. Someone knows where I am, and I'm in the wrong place. 
Destiny 2 is back on the menu thanks to a brilliant new horde mode called Onslaught. As players return to the sci-fi shooter MMO in droves following the free Into The Light update that’s been showering them with loot, a lot of you are no doubt behind on the latest top gear. Fortunately, Apex Predator is arguably the… 
