Roku has made two-factor authentication (2FA) mandatory for all users following two credential stuffing attacks that compromised approximately 591,000 customer accounts and led to unauthorized purchases in fewer than 400 cases. The Register reports: Credential stuffing and password spraying are both fairly similar types of brute force attacks, but the former uses known pairs of credentials (usernames and passwords). The latter simply spams common passwords at known usernames in the hope one of them leads to an authenticated session. "There is no indication that Roku was the source of the account credentials used in these attacks or that Roku's systems were compromised in either incident," it said in an update to customers. "Rather, it is likely that login credentials used in these attacks were taken from another source, like another online account, where the affected users may have used the same credentials." All accounts now require 2FA to be implemented, whether they were affected by the wave of compromises or not. Roku has more than 80 million active accounts, so only a minority were affected, and these have all been issued mandatory password resets. Compromised or not, all users are encouraged to create a strong, unique password for their accounts, consisting of at least eight characters, including a mix of numbers, symbols, and letter cases. [...] Roku also asked users to remain vigilant to suspicious activity regarding its service, such as phishing emails or clicking on dodgy links to rest passwords -- the usual stuff. "In closing, we sincerely regret that these incidents occurred and any disruption they may have caused," it said. "Your account security is a top priority, and we are committed to protecting your Roku account."

Read more of this story at Slashdot.

Michael Larabel reports via Phoronix: Within yesterday's Linux 6.9-rc4 release is an interesting little nugget by Linus Torvalds to battle Kconfig parsers that can't correctly handle tabs but rather just assume spaces for whitespace for this kernel configuration format. Due to a patch having been queued last week to replace a tab with a space character in the kernel tracing Kconfig file, Linus Torvalds decided to take matters into his own hand for Kconfig parsers that can't deal with tabs... Torvalds authored a patch to intentionally add some tabs of his own into Kconfig for throwing off any out-of-tree/third-party parsers that can't correctly handle them. Torvalds added these intentional hidden tabs to the common Kconfig file for handling page sizes for the kernel. Thus sure to cause dramatic and noticeable breakage for any parsers not having tabs correctly.

Read more of this story at Slashdot.

An anonymous reader quotes a report from TechCrunch: Dropout's Dungeons & Dragons actual play show, Dimension 20, is getting pretty close to selling out a 19,000-seat venue just hours after ticket sales opened to the general public. To the uninitiated, it may seem absurd to go to a massive sports arena and watch people play D&D. As one Redditor commented, "This boggles my mind. When I was playing D&D in the early eighties, I would have never believed that there was a future where people would watch live D&D at Madison Square Garden. It's incomprehensible to me." It is indeed bizarre, albeit fun. But in this monumental moment for the actual play genre, the triumph is eclipsed by the biggest frustration that links sports, music and now D&D fans: Ticketmaster. As Federal Trade Commission chair Lina Khan said amid the Taylor Swift-Ticketmaster scandal, the company's failures "ended up converting more Gen Zers into anti-monopolists overnight than anything [she] could have done." In the case of Taylor Swift's Eras tour, fans were upset because demand was so high that Ticketmaster's system couldn't handle the traffic. For Dimension 20, the culprit is Ticketmaster's dynamic pricing. As more people try to buy tickets, the price of the tickets increase. About an hour after the Madison Square Garden tickets went on sale, the few dozen upper bowl tickets left were $800. Three hours after, these tickets are around $330, which is still very inflated. "Went onto the presale, tickets were $500+ for the worst ones, we assumed they were scalpers and that the actual sale today would have normal priced tickets $2000 for the lower bowl!? I know it's not dropout setting the price but wow is that a LOT of cash," a Redditor posted. And as a commenter astutely pointed out, thanks to dynamic pricing, Ticketmaster itself is actually the scalper. Of course, Dimension 20 fans are frustrated, especially since the show's content is overtly anti-capitalist. Despite the pricing debacle, the demand for the show is a great sign for both actual play shows and the creator economy at large.

Read more of this story at Slashdot.

The U.S. government is warning that smart locks securing entry to an estimated 50,000 dwellings nationwide contain hard-coded credentials that can be used to remotely open any of the locks. Krebs on SecurityL: The lock's maker Chirp Systems remains unresponsive, even though it was first notified about the critical weakness in March 2021. Meanwhile, Chirp's parent company, RealPage, Inc., is being sued by multiple U.S. states for allegedly colluding with landlords to illegally raise rents. On March 7, 2024, the U.S. Cybersecurity & Infrastructure Security Agency (CISA) warned about a remotely exploitable vulnerability with "low attack complexity" in Chirp Systems smart locks. "Chirp Access improperly stores credentials within its source code, potentially exposing sensitive information to unauthorized access," CISA's alert warned, assigning the bug a CVSS (badness) rating of 9.1 (out of a possible 10). "Chirp Systems has not responded to requests to work with CISA to mitigate this vulnerability." Matt Brown, the researcher CISA credits with reporting the flaw, is a senior systems development engineer at Amazon Web Services. Brown said he discovered the weakness and reported it to Chirp in March 2021, after the company that manages his apartment building started using Chirp smart locks and told everyone to install Chirp's app to get in and out of their apartments.

Read more of this story at Slashdot.

Top takeaways from Stanford's new AI Index Report [PDF]: 1. AI beats humans on some tasks, but not on all. AI has surpassed human performance on several benchmarks, including some in image classification, visual reasoning, and English understanding. Yet it trails behind on more complex tasks like competition-level mathematics, visual commonsense reasoning and planning. 2. Industry continues to dominate frontier AI research. In 2023, industry produced 51 notable machine learning models, while academia contributed only 15. There were also 21 notable models resulting from industry-academia collaborations in 2023, a new high. 3. Frontier models get way more expensive. According to AI Index estimates, the training costs of state-of-the-art AI models have reached unprecedented levels. For example, OpenAI's GPT-4 used an estimated $78 million worth of compute to train, while Google's Gemini Ultra cost $191 million for compute. 4. The United States leads China, the EU, and the U.K. as the leading source of top AI models. In 2023, 61 notable AI models originated from U.S.-based institutions, far outpacing the European Union's 21 and China's 15. 5. Robust and standardized evaluations for LLM responsibility are seriously lacking. New research from the AI Index reveals a significant lack of standardization in responsible AI reporting. Leading developers, including OpenAI, Google, and Anthropic, primarily test their models against different responsible AI benchmarks. This practice complicates efforts to systematically compare the risks and limitations of top AI models. 6. Generative AI investment skyrockets. Despite a decline in overall AI private investment last year, funding for generative AI surged, nearly octupling from 2022 to reach $25.2 billion. Major players in the generative AI space, including OpenAI, Anthropic, Hugging Face, and Inflection, reported substantial fundraising rounds. 7. The data is in: AI makes workers more productive and leads to higher quality work. In 2023, several studies assessed AI's impact on labor, suggesting that AI enables workers to complete tasks more quickly and to improve the quality of their output. These studies also demonstrated AI's potential to bridge the skill gap between low- and high-skilled workers. Still, other studies caution that using AI without proper oversight can lead to diminished performance. 8. Scientific progress accelerates even further, thanks to AI. In 2022, AI began to advance scientific discovery. 2023, however, saw the launch of even more significant science-related AI applications -- from AlphaDev, which makes algorithmic sorting more efficient, to GNoME, which facilitates the process of materials discovery. 9. The number of AI regulations in the United States sharply increases. The number of AIrelated regulations in the U.S. has risen significantly in the past year and over the last five years. In 2023, there were 25 AI-related regulations, up from just one in 2016. Last year alone, the total number of AI-related regulations grew by 56.3%. 10. People across the globe are more cognizant of AI's potential impact -- and more nervous. A survey from Ipsos shows that, over the last year, the proportion of those who think AI will dramatically affect their lives in the next three to five years has increased from 60% to 66%. Moreover, 52% express nervousness toward AI products and services, marking a 13 percentage point rise from 2022. In America, Pew data suggests that 52% of Americans report feeling more concerned than excited about AI, rising from 37% in 2022.

Read more of this story at Slashdot.

Ubisoft has come under fire from players who claim the company has revoked access to a game they had previously purchased. Users attempting to launch "The Crew" on Ubisoft Connect are met with a message stating, "You no longer have access to this game. Why not check the Store to pursue your adventures?" The game has also been moved to a separate "inactive games" section in players' libraries. While the game can still be launched, it reportedly only plays a limited demo version. Ubisoft has yet to comment on the matter, but some speculate that the decision may be related to the game's reliance on servers that are no longer operational. The incident has sparked concerns among gamers about the control platform holders have over digital purchases. Ubisoft's subscription boss, Philippe Tremblay, recently stated that players will need to get "comfortable" with not owning games.

Read more of this story at Slashdot.

The UK is starting to draft regulations to govern AI, focusing on the most powerful language models which underpin OpenAI's ChatGPT, Bloomberg News reported Monday, citing people familiar with the matter. From the report: Policy officials at the Department for Science, Innovation and Technology are in the early stages of devising legislation to limit potential harms caused by the emerging technology, according to the people, who asked not to be identified discussing undeveloped proposals. No bill is imminent, and the government is likely to wait until France hosts an AI conference either later this year or early next to launch a consultation on the topic, they said. Prime Minister Rishi Sunak, who hosted the first world leaders' summit on AI last year and has repeatedly said countries shouldn't "rush to regulate" AI, risks losing ground to the US and European Union on imposing guardrails on the industry. The EU passed a sweeping law to regulate the technology earlier this year, companies in China need approvals before producing AI services and some US cities and states have passed laws limiting use of AI in specific areas.

Read more of this story at Slashdot.

Abstract of a paper on Nature: Music is ubiquitous in our everyday lives, and lyrics play an integral role when we listen to music. The complex relationships between lyrical content, its temporal evolution over the last decades, and genre-specific variations, however, are yet to be fully understood. In this work, we investigate the dynamics of English lyrics of Western, popular music over five decades and five genres, using a wide set of lyrics descriptors, including lyrical complexity, structure, emotion, and popularity. We find that pop music lyrics have become simpler and easier to comprehend over time: not only does the lexical complexity of lyrics decrease (for instance, captured by vocabulary richness or readability of lyrics), but we also observe that the structural complexity (for instance, the repetitiveness of lyrics) has decreased. In addition, we confirm previous analyses showing that the emotion described by lyrics has become more negative and that lyrics have become more personal over the last five decades. Finally, a comparison of lyrics view counts and listening counts shows that when it comes to the listeners' interest in lyrics, for instance, rock fans mostly enjoy lyrics from older songs; country fans are more interested in new songs' lyrics.

Read more of this story at Slashdot.

An anonymous reader shares a report: Shakeeb Ahmed, a cybersecurity engineer convicted of stealing around $12 million in crypto, was sentenced on Friday to three years in prison. In a press release, the U.S. Attorney for the Southern District of New York announced the sentence. Ahmed was accused of hacking into two cryptocurrency exchanges, and stealing around $12 million in crypto, according to prosecutors. Adam Schwartz and Bradley Bondi, the lawyers representing Ahmed, did not immediately respond to a request for comment. When Ahmed was arrested last year, the authorities described him as "a senior security engineer for an international technology company." His LinkedIn profile said he previously worked at Amazon. But he wasn't working there at the time of his arrest, an Amazon spokesperson told TechCrunch. While the name of one of his victims was never disclosed, Ahmed reportedly hacked into Crema Finance, a Solana-based crypto exchange, in early July 2022.

Read more of this story at Slashdot.

Senator Elizabeth Warren (D-MA) has written a letter to the Federal Trade Commission, saying that TurboTax "continues to relentlessly upsell" customers while also directing them away from services that would otherwise be free. From a report: As noted in the letter, Warren's staff analyzed TurboTax's services using a sample taxpayer and found that the company attempted to upsell the customer eight times during the tax filing process. Warren writes that in "several cases," these solicitations "appear to be efforts to mislead customers into thinking that they must pay the extra fees in order to file their taxes when that is not the case." Some show up as full-screen prompts, forcing users to scroll to the bottom to deny the upgrade. In one instance, Warren's team found that TurboTax highlighted its $89 tax filing package as "the right option" for their sample taxpayer, leaving the free option at the bottom of the page. After choosing just one upgrade, Warren's staff found that their sample taxpayer with "simple" filing requirements had to pay an extra $69 to report her unemployment income and educator expenses, plus $64 to file Massachusetts state tax returns. That makes for a grand total of $133 -- a sum people wouldn't have to pay through the IRS's free Direct File service, Warren argues.

Read more of this story at Slashdot.

Sony is getting ready to release a more powerful PS5 console, possibly by the end of this year. After reports of leaked PS5 Pro specifications surfaced recently, The Verge has obtained a full list of specs for the upcoming console. From the report: Sources familiar with Sony's plans tell me that developers are already being asked to ensure their games are compatible with this upcoming console, with a focus on improving ray tracing. Codenamed Trinity, the PlayStation 5 Pro model will include a more powerful GPU and a slightly faster CPU mode. All of Sony's changes point to a PS5 Pro that will be far more capable of rendering games with ray tracing enabled or hitting higher resolutions and frame rates in certain titles. Sony appears to be encouraging developers to use graphics features like ray tracing more with the PS5 Pro, with games able to use a "Trinity Enhanced" (PS5 Pro Enhanced) label if they "provide significant enhancements." Sony expects GPU rendering on the PS5 Pro to be "about 45 percent faster than standard PlayStation 5," according to documents outlining the upcoming console. The PS5 Pro GPU will be larger and use faster system memory to help improve ray tracing in games. Sony is also using a "more powerful ray tracing architecture" in the PS5 Pro, where the speed here is up to three times better than the regular PS5. "Trinity is a high-end version of PlayStation 5," reads one document, with Sony indicating it will continue to sell the standard PS5 after this new model launches. Sony is expecting game developers to have a single package that will support both the PS5 and PS5 Pro consoles, with existing games able to be patched for higher performance.

Read more of this story at Slashdot.

An anonymous reader shares a report: Over the weekend, developer Mattia La Spina launched iGBA as one of the first retro game emulators legitimately available on the iOS App Store following Apple's rules change regarding such emulators earlier this month. As of Monday morning, though, iGBA has been pulled from the App Store following controversy over the unauthorized reuse of source code from a different emulator project. iOS 8.1 plugs security hole that made it easy to install emulators Shortly after iGBA's launch, some people on social media began noticing that the project appeared to be based on the code for GBA4iOS, a nearly decade-old emulator that developer Riley Testut and a partner developed as high-schoolers (and distributed via a temporary security hole in the iOS App store). Testut took to social media Sunday morning to call iGBA a "knock-off" of GBA4iOS. "I did not give anyone permission to do this, yet it's now sitting at the top of the charts (despite being filled with ads + tracking)," he wrote. GBA4iOS is an open source program released under the GNU GPLv2 license, with licensing terms that let anyone "use, modify, and distribute my original code for this project without fear of legal consequences." But those expansive licensing terms only apply "unless you plan to submit your app to Apple's App Store, in which case written permission from me is explicitly required."

Read more of this story at Slashdot.

AT&T, Charter, Comcast and Verizon are quietly trying to weaken a $42.5 billion federal program to improve internet access across the nation, aiming to block strict new rules that would require them to lower their poorest customers' monthly bills in exchange for a share of the federal aid. From a report: In state after state, the telecom firms have blasted the proposed price cuts as illegal -- forcing regulators in California, New York, South Carolina, Tennessee, Virginia and elsewhere to rethink, scale back or abandon their plans to condition the federal funds on financial relief for consumers. The lobbying campaign threatens to undermine the largest burst of money to upgrade the country's internet service in U.S. history. Enacted by President Biden as part of a sprawling 2021 infrastructure law, the funds are intended to deliver speedy and affordable broadband to the final unserved pockets of America by 2030 -- a goal that the White House likens to the federal campaign nearly a century ago to electrify the nation's heartland.

Read more of this story at Slashdot.

Apple has lost its spot as the world's biggest mobile phone seller after a steep sales drop as South Korean rival Samsung retook the lead in the global market share. From a report: Samsung had been the biggest seller of mobile phones for 12 years until the end of 2023, when sales of Apple's iPhone models overtook it. Global smartphone shipments increased by 8% to 289.4m units during January-March, according to research firm IDC. Samsung won a 20.8% market share, beating Apple's 17.3% share, which has been dented by slowing sales in China. IDC said that Apple shipped 50.1m iPhones in the first quarter, down from the 55.4m units it shipped in the same period last year. It was the biggest drop in iPhone sales since Covid-19 lockdowns caused global supply chain chaos in 2022. The drop in Apple sales, despite a growing global market, was partly ascribed to difficulties in China. Local rivals including Xiaomi and Huawei have put pressure on Apple and Samsung. At the same time, China's government has moved to ban devices made by foreign companies from workplaces.

Read more of this story at Slashdot.

An anonymous reader shared this report from the Los Angeles Times: A network of air monitors installed in Northern California has provided scientists with some of the first measurable evidence quantifying how much electric vehicles are shrinking the carbon footprint of a large urban area. Researchers from UC Berkeley set up dozens of sensors across the Bay Area to monitor planet-warming carbon dioxide, the super-abundant greenhouse gas produced when fossil fuels are burned. Between 2018 and 2022, the region's carbon emissions fell by 1.8% each year, which the Berkeley researchers concluded was almost exclusively owed to drivers switching to electric vehicles, according to a study published in the journal Environmental Science & Technology. In that time, Californians purchased about 719,500 zero-emission or plug-in hybrid vehicles, more than triple the amount compared to the previous five years, according to the California Department of Energy. The Bay Area also had a higher rate of electric vehicle adoption than the state as a whole. While the findings confirm the state's transition to zero-emission vehicles is substantially lowering carbon emissions, it also reveals these reductions are still not on pace to meet the state's ambitious climate goals. Emissions need to be cut by around 3.7% annually, or nearly twice the rate observed by the monitors, according to Ronald Cohen, UC Berkeley professor of chemistry. Although cars and trucks are the state's largest source of carbon emissions, it underscores the need to deploy zero-emission technology inside homes and for the power grid. "I think what we see right now is evidence of strong success in the transportation sector," Cohen said. "We're going to need equally strong success in home and commercial heating, and in the [industrial] sources. We don't yet see significant movement in those, but policy pushing on those is not as far ahead as policy on electric vehicles." Although cities only cover roughly 3% of global surface area, they produce about 70% of carbon emissions.

Read more of this story at Slashdot.

A monthslong "Star Wars"-themed festival called Season of the Force is now happening at Disneyland — including John Williams compositions in the Star Wars: Galaxy's Edge land during the park's fireworks. SFGate reports: Before the show starts, a voice rings through the land. "Black Spire Outpost has a long and colorful history of heroes and legends, Jedi and Sith, royalty and resistance," it says. "Those who would rule and those who refuse to bow. Here we celebrate that fiery spirit tonight." Then as the first fireworks fly into the sky, the majestic "Star Wars" music begins... During the day, the land is overrun with tiny robots. Season of the Force also includes daily appearances from the new BDX Droids, cute little "explorer companions," per Disneyland, designed to assist with "exploration and research." These new audio-animatronics interact with guests, clicking and whirring with a surprising amount of personality. Sabine Wren from "Ahsoka" is also making appearances in Galaxy's Edge during Season of the Force, and there are specialty food offerings in the land like the Celto Slush (a green, pandan-flavored horchata cold brew coffee drink) and the return of Dewback Chili Noodles (spicy fettuccine with ginger-spiced ground pork, broccolini stems and shredded red cabbage). For the event, Disneyland's long-running Star Tours ride now includes appearances from the Mandalorian (and Grogu), Ahsoka, and Cassian Andor, according to the article. "Also back this year is Hyperspace Mountain, the seasonal overlay of Space Mountain that puts riders into an intergalactic fight between the Resistance and the First Order."

Read more of this story at Slashdot.

As oft stated, the specification governing email addresses is complicated, and isn't really well suited for regular expressions. You can get there, but honestly, most applications can get away with checking for something that looks vaguely email like and call it a day.

Now, as complicated as the "accurate" regex can get, we can certainly find worse regexes for validating emails. Morgan did, while on a contract.

The client side had this lovely regex for validating emails:

/* Check if a string is in valid email format. Returns true if valid, false otherwise. */ function isEmail(str) { var regex = /^[-_.a-z0-9]+@(([-_a-z0-9]+\.)+(ad|ae|aero|af|ag|ai|al|am|an|ao|aq|ar|arpa|as|at|au|aw|az|ba|bb|bd|be|bf|bg|bh|bi|biz|bj|bm|bn|bo|br|bs|bt|bv|bw|by|bz|ca|cc|cd|cf|cg|ch|ci|ck|cl|cm|cn|co|com|coop|cr|cs|cu|cv|cx|cy|cz|de|dj|dk|dm|do|dz|ec|edu|ee|eg|eh|er|es|et|eu|fi|fj|fk|fm|fo|fr|ga|gb|gd|ge|gf|gh|gi|gl|gm|gn|gov|gp|gq|gr|gs|gt|gu|gw|gy|hk|hm|hn|hr|ht|hu|id|ie|il|in|info|int|io|iq|ir|is|it|jm|jo|jp|ke|kg|kh|ki|km|kn|kp|kr|kw|ky|kz|la|lb|lc|li|lk|lr|ls|lt|lu|lv|ly|ma|mc|md|mg|mh|mil|mk|ml|mm|mn|mo|mp|mq|mr|ms|mt|mu|museum|mv|mw|mx|my|mz|na|name|nc|ne|net|nf|ng|ni|nl|no|np|nr|nt|nu|nz|om|org|pa|pe|pf|pg|ph|pk|pl|pm|pn|pr|pro|ps|pt|pw|py|qa|re|ro|ru|rw|sa|sb|sc|sd|se|sg|sh|si|sj|sk|sl|sm|sn|so|sr|st|su|sv|sy|sz|tc|td|tf|tg|th|tj|tk|tm|tn|to|tp|tr|tt|tv|tw|tz|ua|ug|uk|um|us|uy|uz|va|vc|ve|vg|vi|vn|vu|wf|ws|ye|yt|yu|za|zm|zw)|(([0-9][0-9]?|[0-1][0-9][0-9]|[2][0-4][0-9]|[2][5][0-5])\.){3}([0-9][0-9]?|[0-1][0-9][0-9]|[2][0-4][0-9]|[2][5][0-5]))$/i; return regex.test(str); }

They check a long list of TLDs to ensure that the email address is potentially valid, or accept an email address. Is the list exhaustive? Of course not. There are loads of TLDs not on this list- perhaps not widely used ones, but it's incomplete. And also, unnecessary.

But not so unnecessary that they didn't do it twice- they mirrored this code on the server side, in PHP:

function isEmail($email) { return(preg_match("/^[-_.[:alnum:]]+@((([[:alnum:]]|[[:alnum:]][[:alnum:]-]*[[:alnum:]])\.)+(ad|ae|aero|af|ag|ai|al|am|an|ao|aq|ar|arpa|as|at|au|aw|az|ba|bb|bd|be|bf|bg|bh|bi|biz|bj|bm|bn|bo|br|bs|bt|bv|bw|by|bz|ca|cc|cd|cf|cg|ch|ci|ck|cl|cm|cn|co|com|coop|cr|cs|cu|cv|cx|cy|cz|de|dj|dk|dm|do|dz|ec|edu|ee|eg|eh|er|es|et|eu|fi|fj|fk|fm|fo|fr|ga|gb|gd|ge|gf|gh|gi|gl|gm|gn|gov|gp|gq|gr|gs|gt|gu|gw|gy|hk|hm|hn|hr|ht|hu|id|ie|il|in|info|int|io|iq|ir|is|it|jm|jo|jp|ke|kg|kh|ki|km|kn|kp|kr|kw|ky|kz|la|lb|lc|li|lk|lr|ls|lt|lu|lv|ly|ma|mc|md|mg|mh|mil|mk|ml|mm|mn|mo|mp|mq|mr|ms|mt|mu|museum|mv|mw|mx|my|mz|na|name|nc|ne|net|nf|ng|ni|nl|no|np|nr|nt|nu|nz|om|org|pa|pe|pf|pg|ph|pk|pl|pm|pn|pr|pro|ps|pt|pw|py|qa|re|ro|ru|rw|sa|sb|sc|sd|se|sg|sh|si|sj|sk|sl|sm|sn|so|sr|st|su|sv|sy|sz|tc|td|tf|tg|th|tj|tk|tm|tn|to|tp|tr|tt|tv|tw|tz|ua|ug|uk|um|us|uy|uz|va|vc|ve|vg|vi|vn|vu|wf|ws|ye|yt|yu|za|zm|zw)$|(([0-9][0-9]?|[0-1][0-9][0-9]|[2][0-4][0-9]|[2][5][0-5])\.){3}([0-9][0-9]?|[0-1][0-9][0-9]|[2][0-4][0-9]|[2][5][0-5]))$/i" ,$email)); }

Bad code is even better when you have to maintain it in two places and in two languages. I suppose I should just be happy that they're doing some kind of server-side validation.

[Advertisement] Utilize BuildMaster to release your software with confidence, at the pace your business demands. Download today!

Meanwhile, in Southern California, nonprofit news site Canary Media reports that an old gas combustion plant is being replaced by a "power bank" named Nova. It's expected to store "more electricity than all but one battery plant currently operating in the U.S." The billion-dollar project, with 680 megawatts and 2,720 megawatt-hours, will help California shift its nation-leading solar generation into the critical evening and nighttime hours, bolstering the grid against the heat waves that have pushed it to the brink multiple times in recent years... The town of Menifee gets to move on from the power plant exhaust that used to join the smog flowing from Los Angeles... And the grid gets a bunch more clean capacity that can, ideally, displace fossil fuels... Moreover, [the power bank] represents Calpine's grand arrival in the energy storage market, after years operating one of the biggest independent gas power plant fleets in the country alongside Vistra and NRG... Federal analysts predict 2024 will be the biggest-ever year for grid battery installations across the U.S., and they highlighted Calpine's project as one of the single largest projects. The 620 megawatts the company plans to energize this year represent more than 4% of the industry's total expected new additions. Many of these new grid batteries will be built in California, which needs all the dispatchable power it can get to meet demand when its massive solar fleet stops producing, and to keep pace with the electrification of vehicles and buildings. The Menifee Power Bank, and the other gigawatts worth of storage expected to come online in the state this year, will deliver much-needed reinforcement. The company says it's planning "a portfolio" of 2,000 megawatts of California battery capacity. But even this 680-megawatt project consists of 1,096 total battery containers holding 26,304 battery modules (or a total of 3 million cells), "all manufactured by Chinese battery powerhouse BYD, according to Robert Stuart, an electrical project manager with Calpine. That's enough electricity to supply 680,000 homes for four hours before it runs out." What's remarkable is just how quickly the project came together. Construction began last August, and is expected to hit 510 megawatts of fully operational capacity over the course of this summer, even as installation continues on other parts of the plant. Erecting a conventional gas plant of comparable scale would have taken three or four years of construction labor, due to the complexity of the systems and the many different trades required for it, Stuart told Canary Media... That speed and flexibility makes batteries a crucial solution as utilities across the nation grapple with a spike in expected electricity demand unlike anything seen in the last few decades. The article notes a 2013 Caifornia policy mandating battery storage for its utility companies, which "kicked off a decade-long project to will an energy storage market into existence through methodical policies and regulations, and the knock-on effects of building the nation's foremost solar fleet." Those energy storage policies succeeded in jumpstarting the modern grid battery market: California leads the nation with more than 7 gigawatts of batteries installed as of last year (though Texas is poised to overtake California in battery installations this year, on the back of no particular policy effort but a general openness to building energy projects)... California's interlocking climate regulations effectively rule out new gas construction. The state's energy roadmap instead calls for massive expansion of battery capacity to shift the ample amounts of solar generation into the evening peaks. "These trends, along with the falling price of batteries and maturing business model for storage, nudged Calpine to get into the battery business, too."

Read more of this story at Slashdot.

After nearly 11 years as CNN's space correspondent, Miles O'Brien found himself in 2003 at the Kennedy Space Center in Florida covering the launch of the space shuttle Columbia: As part of the post-launch routine, NASA began sharing several replays of the launch from various cameras trained on the vehicle. And that was when we saw it. Producer Dave Santucci called me into our live truck, and said, "You got to look at this." It was kind of a grainy image of what looked like a puff of smoke, as if someone dropped a bag of flour on the ground and it broke open. We played it over and over again, and it did not look good at all. The giant orange fuel tank was filled with super cold liquid hydrogen and oxygen, so it was enveloped in insulating foam. A big piece of the foam had broken away near a strut called the "bipod," striking the leading edge of the orbiter's left wing. It was made of reinforced carbon to protect the aluminum structure of the spacecraft from the searing heat of re-entry from space. I reached out to some of my sources inside the shuttle program. Everyone had seen it, of course, but the people I spoke with cautioned me not to worry. The foam was very light, and it had fallen off on earlier missions and nothing of concern had happened as a result... I wish I hadn't taken my eye off the ball. Space was my beat, and I was uniquely positioned to put this concerning event into the public domain. Like NASA's leadership, I went through a process of convincing myself that it was going to be okay. But I had this sinking feeling. It didn't feel right. A spacecraft re-entering the atmosphere at 17,500 miles an hour — much faster than a rifle bullet — is enveloped in a glowing inferno of plasma... [As it returned to earth 16 days later] the communication between the ground and the orbiter became non-routine. Producers in the control room realized the gravity of the situation, and we cut to a commercial break to get me off the couch. As I was making my way across the newsroom, I started heaving. I knew in an instant that they were all gone. There was no survivable scenario. I was sickened. It was like a body blow. Somehow I got my act together and started talking. I felt like it was my responsibility to mention the foam strike, to get the information out there to the public. About an hour after Columbia had disintegrated, I shared with a huge global audience what I knew... "That bipod is the place where they think a little piece of foam fell off and hit the leading edge of that wing." During the mission, I could have easily done a story about the foam strike, spreading the word that some NASA engineers believed there may be some reason for concern. What if I had done that? It might have made a difference. "A rescue mission would not have been impossible," the article concludes, "and I feel certain that if NASA managers saw that gaping hole in Columbia's wing, they would've tried. "We will never know for sure, but I do know how so many of us on the ground failed to do our jobs during that mission. It still haunts me." CNN broadcasts the last two episodes of its four-part series Space Shuttle Columbia: The Final Flight tonight at 9 p.m. EST (time-delayed on the west coast until 9 p.m.PST). CNN's web site offers a "preview" of its live TV offerings here. The news episodes (along with past episodes) will also be available on-demand starting Monday — "for pay TV subscribers via CNN.com, CNN connected TV and mobile apps." It's also available for purchase on Amazon Prime.

Read more of this story at Slashdot.

A business columnist at the Los Angeles Times notes Sam Bankman-Fried's judge issued another ruling "that may have a more far-reaching effect on the crypto business. U.S. Judge Failla "cleared the Securities and Exchange Commission to proceed with its lawsuit alleging that the giant crypto broker and exchange Coinbase has been dealing in securities without a license." What's important about Failla's ruling is that she dismissed out of hand Coinbase's argument, which is that cryptocurrencies are novel assets that don't fall within the SEC's jurisdiction — in short, they're not "securities." Crypto promoters have been making the same argument in court and the halls of Congress, where they're urging that the lawmakers craft an entirely new regulatory structure for crypto — preferably one less rigorous than the existing rules and regulations promulgated by the SEC and the Commodity Futures Trading Commission... Failla saw through that argument without breaking a sweat. "The 'crypto' nomenclature may be of recent vintage," she wrote, "but the challenged transactions fall comfortably within the framework that courts have used to identify securities for nearly eighty years...." Since Congress hasn't enacted regulations specifically aimed at crypto, Coinbase said, the SEC's lawsuit should be dismissed. The judge's opinion of that argument was withering. "While certainly sizable and important," she wrote, "the cryptocurrency industry 'falls far short of being a "portion of the American economy" bearing vast economic and political significance....'" Failla's ruling followed another in New York federal court in which a judge deemed crypto to be securities. In that case, Judge Edgardo Ramos refused to dismiss SEC charges against Gemini Trust Co., a crypto trading outfit run by Cameron and Tyler Winkelvoss, and the crypto lender Genesis Global Capital. The SEC charged that a scheme in which Gemini pooled customers' crypto assets and lent them to Genesis while promising the customers high interest returns is an unregistered security. The SEC case, like that against Coinbase, will proceed.... The hangover from March continued into this month. On April 5, a federal jury in New York found Terraform Labs and its chief executive and major shareholder, Do Kwon, liable in what the SEC termed "a massive crypto fraud...." The value of UST fell in effect to zero, the SEC said, "wiping out over $40 billion of total market value ... and sending shock waves through the crypto asset community."

Read more of this story at Slashdot.