Tech

"One technology critical to fighting climate change is lagging," reports the Washington Post, "thanks to a combination of high interest rates, rising costs, misinformation and the cycle of home construction. Adoption of heat pumps, one of the primary ways to cut emissions from buildings, has slowed in the United States and stalled in Europe, endangering the switch to clean energy. "Heat pump investment in the United States has dropped by 4 percent in the past two years, even as sales of EVs have almost doubled, according to data from MIT and the Rhodium Group. In 13 European countries, heat pump sales dropped nearly in half in the first half of 2024, putting the European Union off-track for its climate goals." "Many many markets are falling," said Paul Kenny, the director general of the European Heat Pump Association. "It takes time to change people's minds about a heating system." Heat pumps — essentially air conditioners that can also work in reverse, heating a space as well as cooling it — are crucial to making buildings more climate-friendly. Around 60 percent of American homes are still heated with furnaces running on oil, natural gas, or even propane; to cut emissions from homes, all American houses and apartments will need to be powered by electricity... In the United States, experts point to lags in construction, high interest rates, and general belt-tightening from inflation... [Cora Wyent, director of research for the electrification advocacy group Rewiring America] added, heat pumps are still growing as a share of overall heating systems, gaining ground on gas furnaces. In 2023, heat pumps made up 55 percent of all heating systems sold, while gas furnaces made up just 45 percent. "Heat pumps are continuing to increase their total market share," she said. Homeowners may also run into trouble when trying to find contractors to install heat pumps. Barton James, the president and CEO of the Air Conditioning Contractors of America, says many contractors don't have training on how to properly install heat pumps; if they install them incorrectly, the ensuing problems can sour consumers on the technology... In the United States, low gas prices also make the economics of heat pumps more challenging. Gas is around three times cheaper than electricity — while heat pumps make up most of that ground with efficiency, they aren't the most cost-effective option for every household. The Post also spoke to the manager for the carbon-free buildings team at the clean energy think tank RMI. They pointed out that heating systems need to be replaced roughly every 15 years — and the next cycle doesn't start until 2035. The article concludes that "even with government policies and subsidies, many parts of the move to clean energy will require individual people to make changes to their lives. According to the International Energy Agency, the number of heat pumps will have to triple by 2030 to stay on track with climate goals. The only way to do that, experts say, is if incentives, personal beliefs, and technology all align." Read more of this story at Slashdot.

Slashdot reader spatwei shared this report from SC World: Nearly three dozen flaws in open-source AI and machine learning (ML) tools were disclosed Tuesday as part of [AI-security platform] Protect AI's huntr bug bounty program. The discoveries include three critical vulnerabilities: two in the Lunary AI developer toolkit [both with a CVSS score of 9.1] and one in a graphical user interface for ChatGPT called Chuanhu Chat. The October vulnerability report also includes 18 high-severity flaws ranging from denial-of-service to remote code execution... Protect AI's report also highlights vulnerabilities in LocalAI, a platform for running AI models locally on consumer-grade hardware, LoLLMs, a web UI for various AI systems, LangChain.js, a framework for developing language model applications, and more. In the article, Protect AI's security researchers point out that these open-source tools are "downloaded thousands of times a month to build enterprise AI Systems." The three critical vulnerabilties have already been addressed by their respective companies, according to the article. Read more of this story at Slashdot.

"It's that time again," writes USA Today, noting that Sunday morning millions of Americans (along with millions more in Canada, Europe, parts of Australia, and Chile) "will set their clocks back an hour, and many will renew their twice-yearly calls to put an end to the practice altogether..." Experts say the time changes are detrimental to health and safety, but agree that the answer isn't permanent DST. "The medical and scientific communities are unified ... that permanent standard time is better for human health," said Erik Herzog, a professor of biology and neuroscience at Washington University in St. Louis and the former president of the Society for Research on Biological Rhythms... Springing forward an hour in March is harder on us than falling back in November. The shift in spring is associated with an increase in heart attacks, and car accident rates also go up for a few days after, he said. But the answer isn't permanent daylight saving time, according to Herzog, who said that could be even worse for human health than the twice-yearly changes. By looking at studies of people who live at the easternmost edge of time zones (whose experience is closest to standard time) and people who live at the westernmost edge (more like daylight saving time), scientists can tell that health impacts of earlier sunrises and sunsets are much better. Waking up naturally with the sun is far better for our bodies than having to rely on alarm clocks to wake up in the dark, he said. Herzog said Florida, where [Senator Marco] Rubio has championed the Sunlight Protection Act, is much less impacted by the negative impacts of daylight saving time because it's as far east and south as you can get in the U.S., while people in a state like Minnesota would have much more time in the dark in the morning. The article also reminds U.S. readers that "No state can adopt permanent daylight saving time unless U.S. Congress passes a law to authorize it first." Nevertheless... Oklahoma became the most recent state to pass a measure authorizing permanent daylight saving time, pending Congressional approval, in April. Nineteen other states have passed laws or resolutions to move toward daylight saving time year-round, if Congress were ever to allow it, according to the National Conference of State Legislatures... Only two states and some territories never have to set their clocks forward or backward... [Hawaii and Arizona, except for the Navajo Nation.] Read more of this story at Slashdot.

This week's Ubuntu Summit 2024 was attended by Lproven (Slashdot reader #6,030). He's also a FOSS correspondent for the Register, where he's filed this report: One of the first full-length sessions was presented by David Morin, executive director of the Academy Software Foundation, introducing his organization in a talk about Open Source Software for Motion Pictures. Morin linked to the Visual Effects Society's VFX/Animation Studio Workstation Linux Report, highlighting the market share pie-chart, showing Rocky Linux 9 with at some 58 percent and the RHELatives in general at 90 percent of the market. Ubuntu 22 and 24 — the report's nomenclature, not this vulture's — got just 10.5 percent. We certainly didn't expect to see that at an Ubuntu event, with the latest two versions of Rocky Linux taking 80 percent of the studio workstation market... What also struck us over the next three quarters of an hour is that Linux and open source in general seem to be huge components of the movie special effects industry — to an extent that we had not previously realized. There's a "sizzle reel" showing examples of how major motion pictures used OpenColorIO, an open-source production tool for syncing color representations originally developed by Sony Pictures Imageworks. That tool is hosted by a collaboration between the Linux Foundation with the Science and Technology Council of the Academy of Motion Picture Arts and Sciences (the "Academy" of the Academy Awards). The collaboration — which goes by the name of the Academy Software Foundation — hosts 14 different projects The ASWF hasn't been around all that long — it was only founded in 2018. Despite the impact of the COVID pandemic, by 2022 it had achieved enough to fill a 45-page history called Open Source in Entertainment [PDF]. Morin told the crowd that it runs events, provides project marketing and infrastructure, as well as funding, training and education, and legal assistance. It tries to facilitate industry standards and does open source evangelism in the industry. An impressive list of members — with 17 Premier companies, 16 General ones, and another half a dozen Associate members — shows where some of the money comes from. It's a big list of big names. [Adobe, AMD, AWS, Autodesk...] The presentation started with OpenVBD, a C++ library developed and donated by Dreamworks for working with three-dimensional voxel-based shapes. (In 2020 they created this sizzle reel, but this year they've unveiled a theme song.) Also featured was OpenEXR, originally developed at Industrial Light and Magic and sourced in 1999. (The article calls it "a specification and reference implementation of the EXR file format — a losslessly compressed image storage format for moving images at the highest possible dynamic range.") "For an organization that is not one of the better-known ones in the FOSS space, we came away with the impression that the ASWF is busy," the article concludes. (Besides running Open Source Days and ASWF Dev Days, it also hosts several working groups like the Language Interop Project works on Rust bindings and the Continuous Integration Working Group on CI tools, There's generally very little of the old razzle-dazzle in the Linux world, but with the demise of SGI as the primary maker of graphics workstations — its brand now absorbed by Hewlett Packard Enterprise — the visual effects industry moved to Linux and it's doing amazing things with it. And Kubernetes wasn't even mentioned once. Read more of this story at Slashdot.

The Washington Post reports that a former Etsy CEO remodeled their home into what's known as a passive house. It's "designed to be as energy efficient as possible, typically with top-notch insulation and a perfect seal that prevents outside air from penetrating the home; air flows in and out through filtration and exhaust systems only." Their benefits include protection from pollution and pollen, noise insulation and a stable indoor temperature that minimizes energy needs. That translates to long-term savings on heating and cooling. While the concept has been around for about 50 years, experts say that the United States is on the cusp of a passive house boom, driven by lowered costs, state-level energy code changes and a general greater awareness of — and desire for — more sustainable housing... Massachusetts — which alongside New York and Pennsylvania is one of the leading states in passive house adoption — has 272 passive house projects underway thanks to an incentive program, says Zack Semke [the director of the Passive House Accelerator, a group of industry professionals who aim to spread lessons in passive house building]. Consumer demand for passive houses is also increasing, says Michael Ingui, an architect in New York City and the founder of the Passive House Accelerator... The need to lower our energy footprint is so much more top-of-mind today than it was 10 years ago, Ingui says, and covid taught us about the importance of good ventilation and filtered fresh air. "People are searching for the healthiest house," he says, "and that's a passive house...." These days, new passive houses are usually large, multifamily apartment buildings or high-end single-family homes. But that leaves out a large swath of homeowners in the middle. To widen passive house accessibility to include all types of people and their housing needs, we need better energy codes and even more policies and incentives, says In Cho, a sustainability architect, educator and a co-founder of the nonprofit Passive House for Everyone! Passive houses "can and should serve folks from all socioeconomic backgrounds," she says. Using a one-two punch of mandates for energy efficient buildings and greater awareness to the public, that increased demand for passive houses will lead to more supply, Cho says. And we're already seeing those changes in the market. Take triple-pane windows, for example, which are higher performing and more insulating than their double-pane counterparts. Even just 10 to 20 years ago, the difference in price between the two was high enough to make triple-pane windows cost-prohibitive for a lot of people, Cho says. Over the years, as the benefits of higher performing windows became more well-known, and as cities and states changed their energy codes, more companies began producing better windows. Now they're basically at price parity, she says. If we keep pushing for greater awareness and further policy changes, it's possible that all of the components of passive house buildings could follow that trend. "For large multifamily projects, we're already seeing price parity in some cases, Semke says... "But as it stands, single-family passive houses are still likely to cost a margin more than non-passive houses, he says. This is because price parity is easier to achieve when working at larger scales, but also because many of the housing policies and incentives encouraging passive house buildings are geared toward these larger projects." Read more of this story at Slashdot.

GM's president of global markets says their EV portfolio "is growing faster than the market," according to Investopedia, "because we have an all-electric vehicle for just about everybody, no matter what they like to drive." The headline at Barrons? "Don't Look Now, but GM's EV Sales Are on Fire." GM delivered almost 32,000 all-electric vehicles in the third quarter — a record — and up about 58% from a year earlier. The more affordable Chevy Equinox, which starts at about $35,000 before any federal tax credit, helped boost sales. GM delivered almost 10,000 of the new EVs, up from 1,013 in the second quarter, when they first went on sale. EV penetration of total GM car sales was about almost 5%, up almost two percentage points year over year. EVs accounted for 19.4% of Cadillac sales, up about 11 percentage points year over year. Year to date, GM has delivered just over 70,000 all-electric cars. GM originally planned to manufacture 200,000 EVs in 2024. That still looks aggressive, but the strong third-quarter showing makes 120,000 possible, which would be up almost 60% year over year — a respectable outcome. More important to investors than EV sales right now might be dealer inventories. GM said there were about 627,000 vehicles on dealer lots at the end of September. That's a little better than what Wolfe Research analyst Emmanuel Rosner expected. It indicates GM dealers have roughly 60 days worth of sales on their lots. That's a safe level. Lower dealer inventories reduce presure to reduce prices. They also reduce the need to cut production because dealer lots are full... GM expects to generate a full-year operating profit of about $14 billion. Meanwhile, Stellantis "slashed its financial guidance recently, partly because it needs to dramatically reduce its U.S. inventories," according to the article. For example, its Jeep dealers ended August with roughly 122 days worth of sales on their lots, while its Dodge dealers "had almost 150 days of inventory." And Investopedia argues that while GM's EV sales growth is "soaring," Ford's is showing "only modest gains." [W]hile Ford's overall U.S. sales were 0.7% higher at 504,039, it had just a 12% gain in EVs to 23,509.3 In the second quarter, Ford's EV sales had soared 61% to 23,957. Sales growth was more than three times higher for Ford's hybrid models, with President of Ford Blue and Ford Customer Service Division Andrew Frick arguing that the company has "listened to customers to offer them vehicles with powertrains to meet their specific needs." Ford is hoping to boost EV sales by offering buyers a free home charger and installation. Read more of this story at Slashdot.

"AI-driven 0-day detection is here," argues a new blog post from ZeroPath, makers of a GitHub app that "detects, verifies, and issues pull requests for security vulnerabilities in your code." They write that AI-assisted security research "has been quietly advancing" since early 2023, when researchers at the DARPA and ARPA-H's Artificial Intelligence Cyber Challenge demonstrated the first practical applications of LLM-powered vulnerability detection — with new advances continuing. "Since July 2024, ZeroPath's tool has uncovered critical zero-day vulnerabilities — including remote code execution, authentication bypasses, and insecure direct object references — in popular AI platforms and open-source projects." And they ultimately identified security flaws in projects owned by Netflix, Salesforce, and Hulu by "taking a novel approach combining deep program analysis with adversarial AI agents for validation. Our methodology has uncovered numerous critical vulnerabilities in production systems, including several that traditional Static Application Security Testing tools were ill-equipped to find..." TL;DR — most of these bugs are simple and could have been found with a code review from a security researcher or, in some cases, scanners. The historical issue, however, with automating the discovery of these bugs is that traditional SAST tools rely on pattern matching and predefined rules, and miss complex vulnerabilities that do not fit known patterns (i.e. business logic problems, broken authentication flaws, or non-traditional sinks such as from dependencies). They also generate a high rate of false positives. The beauty of LLMs is that they can reduce ambiguity in most of the situations that caused scanners to be either unusable or produce few findings when mass-scanning open source repositories... To do this well, you need to combine deep program analysis with an adversarial agents that test the plausibility of vulnerabilties at each step. The solution ends up mirroring the traditional phases of a pentest — recon, analysis, exploitation (and remediation which is not mentioned in this post)... AI-driven vulnerability detection is moving fast... What's intriguing is that many of these vulnerabilities are pretty straightforward — they could've been spotted with a solid code review or standard scanning tools. But conventional methods often miss them because they don't fit neatly into known patterns. That's where AI comes in, helping us catch issues that might slip through the cracks. "Many vulnerabilities remain undisclosed due to ongoing remediation efforts or pending responsible disclosure processes," according to the blog post, which includes a pie chart showing the biggest categories of vulnerabilities found: 53%: Authorization flaws, including roken access control in API endpoints and unauthorized Redis access and configuration exposure. ("Impact: Unauthorized access, data leakage, and resource manipulation across tenant boundaries.") 26%: File operation issues, including directory traversal in configuration loading and unsafe file handling in upload features. ("Impact: Unauthorized file access, sensitive data exposure, and potential system compromise.") 16%: Code execution vulnerabilities, including command injection in file processing and unsanitized input in system commands. ("Impact: Remote code execution, system command execution, and potential full system compromise.") The company's CIO/cofounder was "former Red Team at Tesla," according to the startup's profile at YCombinator, and earned over $100,000 as a bug-bounty hunter. (And another co-founded is a former Google security engineer.) Thanks to Slashdot reader Mirnotoriety for sharing the article. Read more of this story at Slashdot.

Former FTX executive Nishad Singh was ordered to forfeit $11 billion, reports CNBC — and is subject to three years of supervised release, making him "the fourth ex-employee of the collapsed crypto exchange to be punished." But while he'd faced a maximum sentence of 75 years, he'll serve no time, according to this report from the Associated Press: Singh, the company's former engineering director, was sentenced in Manhattan by Judge Lewis A. Kaplan, who said his cooperation was "remarkable." The judge noted that Singh did not learn of the billions of dollars that were misappropriated from FTX customer accounts and investors until two months before the fraud unraveled... Singh, 29, testified a year ago at Bankman-Fried's trial, saying he was "blindsided and horrified" when he saw the extent of the fraud behind the once-celebrated and seemingly pioneering firm. At sentencing, Singh said he was "overwhelmed with remorse" for his role in the fraud. "I strayed so far from my values, and words can't express how sorry I am," he said.... The sentencing came a month after Caroline Ellison, another key witness at Bankman-Fried's trial and a former top executive in his cryptocurrency empire, was sentenced to two years in prison. At the time, Kaplan praised her cooperation but said it wasn't a get-out-of-jail-free card. On Wednesday, Kaplan drew a distinction between the cooperation by Ellison and Singh's work with prosecutors, saying Ellison had participated in the fraud "from the beginning" and had been aware of all the wrongdoing for years... [Defense attorney Andrew Goldstein] said leniency would encourage future cooperators in other criminal cases to come forward. Assistant U.S. Attorney Nicolas Roos credited Singh with providing information within weeks of the fraud being publicly revealed, saying he helped prosecutors learn about crimes they might otherwise have never discovered, including his own. Roos said, for instance, that Singh told prosecutors about campaign finance violations that occurred as FTX executives made tens of millions of dollars in donations to political candidates. The prosecutor also said Singh revealed private conversations with Bankman-Fried that strengthened the government's case and enabled it to bring charges more quickly against multiple people. Singh gave prosecutors "documentary evidence the government did not have and likely never would have had," Roos said. Bankman-Fried, of course, began a 25-year sentence last November. And three weeks ago FTX executive Ryan Salame made an update on his LinkedIn profile. "I'm happy to share that I'm starting a new position as Inmate at FCI Cumberland!" "His post quickly went viral," notes CNN, "prompting Salame to joke on X: "Today I learned people still use LinkedIn." Read more of this story at Slashdot.

The Washington Post reports that America's Consumer Financial Protection Bureau (or CFPB) "is considering legal action against Meta over allegations that it improperly used financial data obtained from third parties in its highly-lucrative advertising business..." The article says a Meta securities filing Thursday revealed it had received a formal notification about the federal investigation last month. The filing said only that the inquiry relates to "advertising for financial products and services on our platform." A spokesperson for Meta declined to comment on the investigation. "We disagree with the claims," the company's filing said, "and believe an enforcement action is unwarranted...." The CFPB's probe underscores its aggressive recent focus on Big Tech. In recent years, major companies including Apple, Amazon, Facebook and Google have launched a wave of new financial services, including credit cards and apps that help users send money to friends... Under its current director, Rohit Chopra, the CFPB has also sought to ensure that tech giants adhere to the same safeguards that have long applied to their brick-and-mortar banking predecessors. The bureau formalized its tech crackdown in 2021, when Chopra ordered companies including Facebook to turn over records related to their payment apps and other financial service offerings. At the time, he expressed fear that these giants already possessed troves of customer data and could solidify their dominance if they gained greater insight into users' purchasing and spending habits. "This data can be monetized by companies that seek to profit from behavioral targeting, particularly around advertising and e-commerce," Chopra said in a statement announcing the review. "That many Big Tech companies aspire to grow in this space only heightens these concerns." Since then, the watchdog agency has proposed new rules that could treat Apple, Google and PayPal-owned Venmo more like banks, opening the door for federal regulators to inspect some of their operations in a bid to protect users' deposits. The rules, which have not been finalized, have sparked fierce lobbying opposition from major tech companies. Read more of this story at Slashdot.

While Amazon, Google, and other companies build new data centers — sometimes for their AI projects — parts of America "are facing higher electric bills," reports the Washington Post: The facilities' extraordinary demand for electricity to power and cool computers inside can drive up the price local utilities pay for energy and require significant improvements to electric grid transmission systems. As a result, costs have already begun going up for customers — or are about to in the near future, according to utility planning documents and energy industry analysts. Some regulators are concerned that the tech companies aren't paying their fair share, while leaving customers from homeowners to small businesses on the hook. In Oregon, electric utilities are warning regulators that consumers need protections from rising rates caused by data centers. From Virginia to Ohio and South Carolina, companies are battling over the extent of their responsibility for increases, attempting to fend off anger from customers. In the Mid-Atlantic, the regional power grid's energy costs shot up dramatically, and data centers are cited as among root causes of rate increases of up to 20 percent expected in 2025... The tech firms and several of the power companies serving them strongly deny they are burdening others. They say higher utility bills are paying for overdue improvements to the power grid that benefit all customers. In some cases, they said in response to criticism from consumer and business advocates that they are committed to covering additional costs. But regulators — and even some utilities — are growing skeptical. A jarring example of fallout on consumers is playing out on the Mid-Atlantic regional power grid, called PJM Interconnection, which serves 13 states and D.C. The recent auction to secure power for the grid during periods of extreme weather and high demand resulted in an 800 percent jump in the price that the grid's member utilities had to pay. The impact will be felt by millions by the spring, according to public records. Power bills will increase as much as 20 percent for customers of a dozen utilities in Maryland, Ohio, Pennsylvania, New Jersey and West Virginia, regulatory filings show. That includes households in the Baltimore area, where annual bills will increase an average of $192, said Maryland People's Counsel David Lapp, a state appointee who monitors utilities. The next auction, in 2025, could be more painful, Lapp said, leaving customers potentially "looking at increases of as much as $40 to $50 a month...." Advocates cite another source of cost-shifting onto consumers: discounted rates that power companies and local government officials use to entice tech companies to build data centers... Google worked out a deal with Dominion Energy, blessed by regulators, to pay 6 cents per kilowatt hour for its power. That is less than half of what residential customers pay, as well as substantially less than is paid by businesses... The article points out that in Pennsylvania, "Amazon's novel plan to fuel a data center from a reactor at the nearby Susquehanna nuclear plant is now in jeopardy, after regulators blocked it Friday. They cited potential impact on consumers as among their concerns. The plan threatens to leave other ratepayers stuck with a bill of $50 million to $140 million, according to testimony from [power utility] AEP and utility conglomerate Exelon." And meanwhile, one Virginia retiree complained about a proposed $54 million transmission line and substation for an Amazon data center. "They are already making money hand over fist, and now they want us to pay for this? Read more of this story at Slashdot.