A ransomware attack affecting a pipeline that supplies 45% of the fuel supplies for the Eastern U.S. has now led U.S. president Biden to declare a regional emergency providing "regulatory relief" to expand fuel delivery by other routes.

Axios reports: Friday night's cyberattack is "the most significant, successful attack on energy infrastructure" known to have occurred in the U.S., notes energy researcher Amy Myers Jaffe, per Politico. It follows other significant cyberattacks on the federal government and U.S. companies in recent months... 5,500 miles of pipeline have been shut down in response to the attack.
The BBC reports: Experts say fuel prices are likely to rise 2-3% on Monday, but the impact will be far worse if it goes on for much longer... Colonial Pipeline said it is working with law enforcement, cyber-security experts and the Department of Energy to restore service. On Sunday evening it said that although its four mainlines remain offline, some smaller lateral lines between terminals and delivery points are now operational...

Independent oil market analyst Gaurav Sharma told the BBC there is a lot of fuel now stranded at refineries in Texas. "Unless they sort it out by Tuesday, they're in big trouble," said Sharma. "The first areas to be impacted would be Atlanta and Tennessee, then the domino effect goes up to New York..." The temporary waiver issued by the Department of Transportation enables oil products to be shipped in tankers up to New York, but this would not be anywhere near enough to match the pipeline's capacity, Mr Sharma warned.
UPDATE (5/10): "On Monday, U.S. officials sought to soothe concerns about price spikes or damage to the economy by stressing that the fuel supply had so far not been disrupted," reports the Associated Press, "and the company said it was working toward 'substantially restoring operational service' by the weekend."

CNN reports that a criminal group originating from Russia named DarkSide "is believed to be responsible for a ransomware cyberattack on the Colonial Pipeline, according to a former senior cyber official. DarkSide typically targets non-Russian speaking countries, the source said... Bloomberg and The Washington Post have also reported on DarkSide's purported involvement in the cyberattack..."

If so, NBC News adds some sobering thoughts: Although Russian hackers often freelance for the Kremlin, early indications suggest this was a criminal scheme — not an attack by a nation state, the sources said. But the fact that Colonial had to shut down the country's largest gasoline pipeline underscores just how vulnerable American's cyber infrastructure is to both criminals and national adversaries, such as Russia, China and Iran, experts say. "This could be the most impactful ransomware attack in history, a cyber disaster turning into a real-world catastrophe," said Andrew Rubin, CEO and co-founder of Illumio, a cyber security firm...

If the culprit turns out to be a Russian criminal group, it will underscore that Russia gives free reign to criminal hackers who target the West, said Dmitri Alperovitch, co-founder of the cyber firm CrowdStrike and now executive chairman of a think tank, the Silverado Policy Accelerator. "Whether they work for the state or not is increasingly irrelevant, given Russia's obvious policy of harboring and tolerating cyber crime," he said.
Citing multiple sources, the BBC reports that DarkSide "infiltrated Colonial's network on Thursday and took almost 100GB of data hostage. After seizing the data, the hackers locked the data on some computers and servers, demanding a ransom on Friday. If it is not paid, they are threatening to leak it onto the internet... "

The BBC also shares some thoughts from Digital Shadows, a London-based cyber-security firm that tracks global cyber-criminal groups to help enterprises limit their exposure online: Digital Shadows thinks the Colonial Pipeline cyber-attack has come about due to the coronavirus pandemic — the rise of engineers remotely accessing control systems for the pipeline from home. James Chappell, co-founder and chief innovation officer at Digital Shadows, believes DarkSide bought account login details relating to remote desktop software like TeamViewer and Microsoft Remote Desktop.

He says it is possible for anyone to look up the login portals for computers connected to the internet on search engines like Shodan, and then "have-a-go" hackers just keep trying usernames and passwords until they get some to work.

"We're seeing a lot of victims now, this is seriously a big problem now," said Mr Chappell.

The New York Times reports on surprising silver linings of the global chip shortage: Even as a chip shortage is causing trouble for all sorts of industries, the semiconductor field is entering a surprising new era of creativity, from industry giants to innovative start-ups seeing a spike in funding from venture capitalists that traditionally avoided chip makers. Taiwan Semiconductor Manufacturing Company and Samsung Electronics, for example, have managed the increasingly difficult feat of packing more transistors on each slice of silicon. IBM on Thursday announced another leap in miniaturization, a sign of continued U.S. prowess in the technology race. Perhaps most striking, what was a trickle of new chip companies is now approaching a flood.

Equity investors for years viewed semiconductor companies as too costly to set up, but in 2020 plowed more than $12 billion into 407 chip-related companies, according to CB Insights. Though a tiny fraction of all venture capital investments, that was more than double what the industry received in 2019 and eight times the total for 2016. Synopsys, the biggest supplier of software that engineers use to design chip, is tracking more than 200 start-ups designing chips for artificial intelligence, the ultrahot technology powering everything from smart speakers to self-driving cars. Cerebras, a start-up that sells massive artificial-intelligence processors that span an entire silicon wafer, for example, has attracted more than $475 million. Groq, a start-up whose chief executive previously helped design an artificial-intelligence chip for Google, has raised $367 million.

"It's a bloody miracle," said Jim Keller, a veteran chip designer whose resume includes stints at Apple, Tesla and Intel and who now works at the A.I. chip start-up Tenstorrent. "Ten years ago you couldn't do a hardware start-up...."

More companies are concluding that software running on standard Intel-style microprocessors is not the best solution for all problems. For that reason, companies like Cisco Systems and Hewlett Packard Enterprise have long designed specialty chips for products such as networking gear. Giants like Apple, Amazon and Google more recently have gotten into the act. Google's YouTube unit recently disclosed its first internally developed chip to speed video encoding.

And Volkswagen even said last week that it would develop its own processor to manage autonomous driving.

A new printer called Forust is using scrap wood to 3D print wooden objects that are as structurally sound as regular carved wood. Created by Andrew Jeffery and a team of researchers at Desktop Metal, the printer prints using fine sawdust that is formed into solid objects. Gizmodo reports: The printer works similarly to an inkjet printer and squirts a binding agent onto a layer of sawdust. Like most 3D printers, the object rises out of the bed of sawdust and then, when complete, can be sanded and finished like regular wood. Jeffrey sees the system as a way to save trees. "Two years ago we started looking into how we might be able to 3D print in new material," he said. "Wood waste was one of the materials we started with early on and realized it could be repurposed and upcycled with 3D printing technology. From there, we focused on building out the process using wood byproducts in order to create real wood-crafted results. We formed the company really to save forests."

An anonymous reader shares a report: Every decade is the decade that tests the limits of Moore's Law, and this decade is no different. With the arrival of Extreme Ultra Violet (EUV) technology, the intricacies of multipatterning techniques developed on previous technology nodes can now be applied with the finer resolution that EUV provides. That, along with other more technical improvements, can lead to a decrease in transistor size, enabling the future of semiconductors. To that end, today IBM is announcing it has created the world's first 2 nanometer node chip. Just to clarify here, while the process node is being called '2 nanometer,' nothing about transistor dimensions resembles a traditional expectation of what 2nm might be. In the past, the dimension used to be an equivalent metric for 2D feature size on the chip, such as 90nm, 65nm, and 40nm. However with the advent of 3D transistor design with FinFETs and others, the process node name is now an interpretation of an 'equivalent 2D transistor' design.

Some of the features on this chip are likely to be low single digits in actual nanometers, such as transistor fin leakage protection layers, but it's important to note the disconnect in how process nodes are currently named. Often the argument pivots to transistor density as a more accurate metric, and this is something that IBM is sharing with us. Today's announcement states that IBM's 2nm development will improve performance by 45% at the same power, or 75% energy at the same performance, compared to modern 7nm processors. IBM is keen to point out that it was the first research institution to demonstrate 7nm in 2015 and 5nm in 2017, the latter of which upgraded from FinFETs to nanosheet technologies that allow for a greater customization of the voltage characteristics of individual transistors. IBM states that the technology can fit '50 billion transistors onto a chip the size of a fingernail.' We reached out to IBM to ask for clarification on what the size of a fingernail was, given that internally we were coming up with numbers from 50 square millimeters to 250 square millimeters. IBM's press relations stated that a fingernail in this context is 150 square millimeters. That puts IBM's transistor density at 333 million transistors per square millimeter (MTr/mm^2).

RealNeoMorpheus writes: Arm pioneer Hermann Hauser has once again criticized Nvidia's plan to acquire the semiconductor design company, with The Telegraph reporting Sunday that he believes Nvidia is "clearly showing it will compete unfairly" if the deal is approved. Hauser's concerns reportedly centered on the Grace processor Nvidia announced at GTC 2021. The company's first Arm-based CPU will connect to high-end GPUs via NVLink, which purportedly offers data transfer speeds up to 900 GBps. That's significantly faster than other technologies -- it's also exclusively available to Nvidia.

This is why Hauser told The Telegraph that he believes using a proprietary interface like NVLink could end up "locking customers into [Nvidia] products," which "clearly shows that they will compete unfairly with other Arm-based server companies such as Amazon and Fujitsu," rather than retaining Arm's neutrality. [...] Nvidia told The Telegraph that Hauser "does not understand what Grace will do or its benefits to Arm" and that "we have been working on Grace using off-the-shelf Arm technology, available to all Arm licensees, long before we agreed to acquire Arm."

iFixit has ripped apart Apple's recently-released AirTag, a small battery-powered tag that will allow you to track your items within Apple's "Find My" app on iOS. An anonymous reader shares an excerpt from an Ars Technica article: Like with most Apple products, it looks like some serious engineering went into the $29 tracker. The device is barely larger than the user-replaceable CR2032 battery that powers it, putting competing devices like the Tile and Samsung Galaxy SmartTags to shame with their comparative bulk. Inside, a single circuit board uses a unique donut-shaped design that crams all the components into a ring under the battery. The hole in the middle of the circuit board lets Apple pack in a surprisingly huge voice coil speaker. The speaker is just for playing ringtones so you can find your AirTagged thing when you lose it, but apparently, the ringtones will be super high quality.

The other very Apple-like quality of the AirTag is that it almost seems designed to sell accessories. The most popular use for these trackers is to help find your car keys, but out of the box, there is no way to attach a keychain to an AirTag. Instead, Apple has enabled a wide ecosystem of AirTag cases ranging from a $13 keyring holder to a $449 (yes, that's four hundred forty-nine dollars) Hermes' luggage tag. iFixit's solution to the much-demanded keyring hole is -- what else -- a power drill! The teardown experts found some suitable dead space inside the AirTag that somehow isn't blocked by either the battery, speaker, or circuit board, and after some careful drilling, iFixit's AirTag now has a keychain hole with the least possible bulk. "The AirTag survived the operation like a champ and works as if nothing happened," the site says. iFixit went on to note that the sound profile "didn't seem to change much," but the IP67 dust and water resistance rating is now greatly compromised.

The Austin-American Statesman reports that Samsung "lost at least $268 million due to damaged products after its semiconductor fabrication plant in Austin was shutdown during the February's Texas freeze, according to the company." Samsung executives said the company's semiconductor business saw profits fall in the first quarter, mainly due to disruptions and product losses caused by the shutdown. Samsung's Austin fab was offline for more than a month after it was shut down due to power outages during the freeze... About 71,000 wafers were affected by production disruptions, said Han Jinman, executive vice-president of Samsung's memory chip business. He estimated the wafer loss is equivalent to $268 million to $357 million.

Semiconductor fabs are typically operational 24 hours a day for years on end. Each batch of wafers — a thin slice of semiconductor used for the fabrication of integrated circuits — can take 45 to 60 days to make, so a shutdown of any length can mean a loss of weeks of work. Restoring a fab is also a complicated process, and even in the best of circumstances can take a week... NXP Semiconductors was also among the facilities that were shut down in February, as its two Austin fabrication facilities were offline for nearly a month. In March, the company estimated the shutdown would result in a $100 million loss in revenue and a month of wafer production...

Jinman said Samsung is working with the state, municipal government and local utility companies to find solutions to prevent similar shutdowns in the future.

Something remarkable happened last weekend, according to a climate change newsletter by the Los Angeles Times.

California, the world's fifth-largest economy, hit nearly 95% renewable energy. Sort of... There are several caveats. For one thing, Saturday's 94.5% figure — a record, as confirmed to me by the California Independent System Operator — was fleeting, lasting just four seconds. It was specific to the state's main power grid, which covers four-fifths of California but doesn't include Los Angeles, Sacramento and several other regions. It came at a time of year defined by abundant sunshine and relatively cool weather, meaning it's easier for renewable power to do the job traditionally done by fossil fuels.

And fossil fuels actually were doing part of the job — more than the 94.5% figure might suggest. California was producing enough clean power to supply nearly 95% of its in-state needs, but it was also burning a bunch of natural gas and exporting electricity to its Western neighbors. It's impossible to say exactly how much of the Golden State's own supply was coming from renewables.

That said, what happened on Saturday is definitely a big deal.... The 94.5% record may have been fleeting, but it wasn't some isolated spike. Most of Saturday afternoon, the renewables number topped 90%, with solar and wind farms doing the bulk of the work and geothermal, biomass and hydropower facilities making smaller contributions. Add in the Diablo Canyon nuclear plant — which isn't counted toward California's renewables mandate — and there was enough climate-friendly power at times Saturday to account for more than 100% of the state's electricity needs...

The important thing now is making sure the puzzle pieces of the grid fit together on hot summer evenings, like the ones last August when insufficient supplies after sundown led to rolling blackouts.

Barcelona city council has installed Spain's first photovoltaic pavement as part of the city's drive to become carbon neutral by 2050. The Guardian reports: The 50 sq meters of non-slip solar panels, installed in a small park in the Glories area of the city, will generate 7,560kWh a year, enough to supply three households. The city has contributed 30,000 euros towards the cost, the remainder being met by the manufacturer. The viability of the scheme will be assessed after six months. "We'll have to assess the wear and tear because obviously it's not the same as putting panels on a roof, although they are highly resistant," says Eloi Badia, who is responsible for climate emergency and ecological transition at Barcelona city council.

"As for cost benefits, with a pilot scheme like this it's difficult to know yet how much cheaper it would be if it were scaled up. We're keen to install more on roofs and, if this scheme is successful, on the ground, to power lighting and other public facilities." However, he points out that Barcelona's high population density means it would be difficult to generate enough electricity within the city limits to become self-sufficient. "If we're going to reach a target of zero emissions, we're going to have to think about supplying electricity to blocks of flats, but we'll also have to think of using wind and solar parks outside the city," Badia says. "But installations on the ground like this open up new possibilities, and not just for Barcelona."

The New York Police Department said this week that it will stop using the "Digidog," a four-legged robot occasionally deployed for recon in dangerous situations. NYPD officials confirmed in a statement it had terminated its contract and will return the dog to vendor Boston Dynamics. Last December, the agency leased the Digidog, nicknamed Spot, for $94,000. From a report: John Miller, the police department's deputy commissioner for intelligence and counterterrorism, told The New York Times that the contract was "a casualty of politics, bad information, and cheap sound bites." Miller bemoaned the role of bad press in the backlash, but in many ways the NYPD's own actions were a blueprint for how not to introduce new tech. And, for activists, how to effectively agitate for banning unwanted technologies.

In truth, it wasn't just sound bites that doomed Spot. New Yorkers didn't want it. In February, the NYPD used Spot to defuse a hostage situation in the Bronx. When video of the device went viral, its flexible legs and camera-for-a-head design spooked people. The robot is quadrupedal but doesn't actually look like a dog. A more immediate comparison is the armed robots featured in a postapocalyptic episode of Black Mirror. This comparison spread rapidly on social media. The NYPD's secrecy worked against it: There was no public comment process for Spot, and residents hadn't known to expect to see robot-dogs respond to hostage situations. The NYPD had exactly this opportunity, months earlier, when it had to disclose both the price and governing policies for all surveillance devices as defined by the city's Public Oversight of Surveillance Technology (POST) Act. Instead, the agency included a passing reference to Spot in a larger section on "situational awareness cameras," with no images.

An anonymous reader quotes a report from PC Gamer: The Oculus Quest 2 is a hell of a lot of hardware for $299. In fact, we're convinced that Facebook is making a loss on each unit sold. Even so, that pricing is one of the main reasons it's the most popular headset on Steam and our pick as the best VR headset. Well, that and the ease of use. [...] The thing is, that price seems too good to be true, with no other manufacturer's VR headset close to the specs list of the Quest 2 -- in either tethered or standalone form -- hitting the same low, low price. That money gets you a robust virtual reality headset with 6GB of RAM, a Qualcomm Snapdragon XR2 CPU, 64GB of storage, 1832x1920 per eye display and a pair of controllers. [...]

But there's one factor that could potentially offset that price -- Facebook has access to a whole lot of your data. This is something the Oculus Quest 2 is upfront about: You absolutely need a Facebook account in order to use the device and it does have its data collection policies in black and white. Although what isn't quite so obvious is how much your data is worth to Facebook. At least it isn't without a tiny bit of digging.

There is another version of the Quest 2 that isn't as discounted as the consumer version, and that's the one aimed at businesses. The actual hardware is identical, but the difference is you don't need to login in with a Facebook account in order to use it. The price for this model? $799. There's also an annual fee of $180 that kicks in a year after purchase, which covers Oculus' business services and support, but that just muddies the waters a little. The point being, the Quest 2 for business, the headset from which Facebook can't access your data directly, costs $500 more. So that's looking essentially like the value the social media giant attributes to your data, which either seems like a lot or barely anything at all, depending on your stance. The Supplemental Oculus Data Policy outlines what sort of data is actually being collected when you use the Quest 2. Such things as your physical dimension, including your hand size, how big your play area is using the Oculus Guardian system, data on any content you create using the Quest 2, as well as more obvious stuff like your device ID and IP address.

An anonymous reader quotes a report from Motherboard: The IRS is looking for help to break into cryptocurrency hardware wallets, according to a document posted on the agency website in March of this year. Many cryptocurrency investors store their cryptographic keys, which confer ownership of their funds, with the exchange they use to transact or on a personal device. Some folks, however, want a little more security and use hardware wallets -- small physical drives which store a user's keys securely, unconnected to the internet. The law enforcement arm of the tax agency, IRS Criminal Investigation, and more specifically its Digital Forensic Unit, is now asking contractors to come up with solutions to hack into cryptowallets that could be of interest in investigations, the document states.

"The decentralization and anonymity provided by cryptocurrencies has fostered an environment for the storage and exchange of something of value, outside of the traditional purview of law enforcement and regulatory organizations," the document reads. "There is a portion of this cryptographic puzzle that continues to elude organizations -- millions, perhaps even billions of dollars, exist within cryptowallets." The security of hardware wallets presents a problem for investigators. The document states that agencies may be in possession of a hardware wallet as part of a case, but may not be able to access it if the suspect does not comply. This means that authorities cannot effectively "investigate the movement of currencies" and it may "prevent the forfeiture and recovery" of the funds. "The explicit outcome of this contract is to tame the cybersecurity research into measured, repeatable, consistent digital forensics processes that can be trained and followed in a digital forensics' laboratory," the document says.

Tesla CEO Elon Musk wants to turn every home into a distributed power plant that would generate, store and even deliver energy back into the electricity grid, all using the company's products. TechCrunch reports: While the company has been selling solar and energy storage products for years, a new company policy to only sell solar coupled with the energy storage products, along with Musk's comments Monday, reveal a strategy that aims to scale these businesses by appealing to utilities. "This is a prosperous future both for Tesla and for the utilities," he said. "If this is not done, the utilities will fail to serve their customers. They won't be able to do it," Musk said during an investor call, noting the rolling blackouts in California last summer and the more recent grid failure in Texas as evidence that grid reliability has become a bigger concern.

Last week, the company changed its website to prevent customers from only buying solar or its Powerwall energy storage product and instead required purchasing a system. Musk later announced the move in a tweet, stating "solar power will feed exclusively to Powerwall" and that "Powerwall will interface only between utility meter and house main breaker panel, enabling super simple install and seamless whole house backup during utility dropouts." Musk's pitch is that the grid would need more power lines, more power plants and larger substations to fully decarbonize using renewables plus storage. Distributed residential systems -- of course using Tesla products -- would provide a better path, in Musk's view. His claim has been backed up in part by recent studies from the Massachusetts Institute of Technology, which found that the U.S. can reach a zero-carbon grid by more than doubling its transmission capacity, and another from Princeton University showing that the country may need to triple its transmission systems by 2050 to reach net-zero emissions.

The next generation of Mac processors designed by Apple entered mass production this month, Nikkei Asia reported Tuesday, citing sources, bringing the U.S. tech giant one step closer to its goal of replacing Intel-designed central processing units with its own. From the report: Shipments of the new chipset -- tentatively known as the M2, after Apple's current M1 processor -- could begin as early as July for use in MacBooks that are scheduled to go on sale in the second half of this year, the people said. The new chipset is produced by key Apple supplier Taiwan Semiconductor Manufacturing Co., the world's largest contract chipmaker, using the latest semiconductor production technology, known as 5-nanometer plus, or N5P. Producing such advanced chipsets takes at least three months. The start of mass production came as Apple introduced new iMac and iPad Pro models using the M1. The company said the M1 offers CPU performance up to 85% faster than an iMac using an Intel chipset, and graphics performance that is twice as fast.

For TSMC, being the world's largest foundry with nearly 500 customers has its peculiarities. On the one hand, the company can serve almost any client with almost any requirements. On the other hand, it has to stay ahead of everyone else both in terms of capacity and in terms of technology. As far as capacity is concerned, TSMC is unchallenged and is not going to be for years to come. From a report: As for fabrication technologies, TSMC has recently reiterated that it's confident that its N2, N3, and N4 processes will be available on time and will be more advanced than competing nodes. Early this year TSMC significantly boosted its 2021 CapEx budget to a $25-$28 billion range, further increasing it to around $30 billion as a part of its three-year plan to spend $100 billion on manufacturing capacities and R&D. [...] TSMC's N5 family of technologies also includes evolutionary N4 process that will enter risk production later this year and will be used for mass production in 2022. [...] In 2022, the world's largest contract maker of chips will roll out its brand-new N3 manufacturing process, which will keep using FinFET transistors, but is expected to offer the whole package of PPA improvements.

Jack Dorsey, the co-founder and CEO of Twitter, tweeted Wednesday that bitcoin "incentivises renewable energy." And Elon Musk responded "True."

The BBC adds that the tweets came "despite experts warning otherwise." The cyrptocurrency's carbon footprint is as large as some of the world's biggest cities, studies suggest. But Mr Dorsey claims that could change if bitcoin miners worked hand-in-hand with renewable energy firms.

One expert said it was a "cynical attempt to greenwash" bitcoin. China, where more than two-thirds of power is from coal, accounts for more than 75% of bitcoin mining around the world...

The tweet comes soon after the release of a White Paper from Mr Dorsey's digital payment services firm Square, and global asset management business ARK Invest. Entitled "Bitcoin as key to an abundant, clean energy future", the paper argues that "bitcoin miners are unique energy buyers", because they offer flexibility, pay in a cryptocurrency, and can be based anywhere with an internet connection. "By combining miners with renewables and storage projects, we believe it could improve the returns for project investors and developers, moving more solar and wind projects into profitable territory," it said.

Author and bitcoin critic David Gerard described the paper as a "cynical exercise in bitcoin greenwashing".

"The reality is: bitcoin runs on coal," he told the BBC.... "Bitcoin mining is so ghastly and egregious that the number one job of bitcoin promoters is to make excuses for it — any excuse at all."

An anonymous reader quotes a report from South China Morning Post: In a rare public appearance since retiring nearly three years ago, Morris Chang, the 89-year-old founder of the world's largest contract chip maker, said China is not yet a competitor in chipmaking and that Taiwan should defend its leadership in semiconductor manufacturing. "Mainland China has given out subsidies to the tune of tens of billions of US dollars over the past 20 years but it is still five years behind TSMC," Chang said. "Its logic chip design capability is still one to two years behind the US and Taiwan. The mainland is still not yet a competitor."

In his speech, Chang also took a swipe at US chip giant Intel, describing its recent decision to enter the contract chip making market as "very ironic" because it turned down an opportunity to invest in TSMC more than three decades ago. Contract chip makers like TSMC typically take orders from so-called fabless chip makers like Qualcomm, which design their products but outsource the manufacturing. Chang said he was rejected by Intel when he approached it for funding in 1985. "In the past, Intel was the alpha sneering at us and thought that we would never get big," he said. "They never thought the business of [outsourced] wafer fabrication would become so important today."

Chang said the US is also at a disadvantage compared with Taiwan because it lacks engineers dedicated to the semiconductor manufacturing sector, adding that the "US level of dedication to manufacturing was absolutely no match for that of Taiwan." "What I need right now are capable and dedicated engineers, technicians and operators. And they have to be willing to throw themselves into manufacturing," he said. "In the US, doing manufacturing isn't popular. It hasn't been popular for decades."

According to Sacramento CBS affiliate KOVR-TV, Yana Sydnor called the police to report a possible home invasion. Turns out, it was a robovac that her son turned on before leaving for the weekend. Android Police reports: At 1 a.m., she and her 2-year-old daughter woke up to loud booms coming from her stairs disrupting her meditation music. She texted her friends about the sounds before they quickly responded, urging her to call 911. "I hear someone walking down my stairs, so it's like boom, boom, boom, boom, boom," Sydnor recalls telling the dispatcher. Desperate to exit the house and avoid a run-in with the invader, she ran to the bathroom, put her daughter in the tub, and thought about grabbing a ladder to get them both outside to ground level.

Officers arrived within 10 minutes of Sydnor's call. They rammed the front door wide open only to find a poor robovac, fresh from a tumble down a flight of stairs. "My son turned on the vacuum cleaner because he didn't want to do chores before he left for the weekend," she explained to the reporter after a moment of exasperated silence. The vacuum hadn't been used for 2 years and, even after the fall, it still works. We couldn't make out the make and model of the robovac, so we don't quite know if it could stop itself from going over the ledge much less what exactly happened in this case if it did have the ability.

chicksdaddy shares a report from The Security Ledger: Websites for customers of agricultural equipment maker John Deere contained vulnerabilities that could have allowed a remote attacker to harvest sensitive information on the company's customers including their names, physical addresses and information on the Deere equipment they own and operate, The Security Ledger reported. The researcher known as "Sick Codes" published two advisories on Thursday warning about the flaws in the myjohndeere.com website and the John Deere Operations Center website and mobile applications. In a conversation with Security Ledger, the researcher said that a he was able to use VINs (vehicle identification numbers) taken from a farm equipment auction site to identify the name and physical address of the owner. Furthermore, a flaw in the myjohndeere.com website could allow an unauthenticated user to carry out automated attacks against the site, possibly revealing all the user accounts for that site.

Sick Codes disclosed both flaws to John Deere and also to the U.S. Government's Cybersecurity and Infrastructure Security Agency (CISA), which monitors food and agriculture as a critical infrastructure sector. The information obtained from the John Deere websites, including customer names and addresses, could put the company afoul of data security laws like California's CCPA or the Personal Information Protection Act in Deere's home state of Illinois. However, the national security consequences of the company's leaky website could be far greater. Details on what model combines and other equipment is in use on what farm could be of very high value to an attacker, including nation-states interested in disrupting U.S. agricultural production at key junctures, such as during planting or harvest time.

The consolidated nature of U.S. farming means that an attacker with knowledge of specific, Internet connected machinery in use by a small number of large-scale farming operations in the midwestern United States could launch targeted attacks on that equipment that could disrupt the entire U.S. food supply chain, researchers warn. The Agriculture sector and firms that supply it, like Deere, lag other industries in cyber security preparedness and resilience. A 2019 report (PDF) released by Department of Homeland Security concluded that the "adoption of advanced precision agriculture technology and farm information management systems in the crop and livestock sectors is introducing new vulnerabilities" (and that) "potential threats to precision agriculture were often not fully understood or were not being treated seriously enough by the front-line agriculture producers."

According to a report from the U.S. Energy Information Administration (EIA), Texas will add a record 10 GW of utility-scale solar capacity by the end of 2022, compared with 3.2 GW in California. A third of all U.S. utility-scale solar capacity planned to come online in the next two years (30 GW) will be in Texas. Reuters reports: California currently has the most installed utility-scale solar capacity of any state - about 16 gigawatts (GW). One gigawatt can power about 1 million U.S. homes. But since solar power is on only about a third of the time, a gigawatt of solar can only power about 330,000 homes. Texas added 2.5 GW of solar capacity in 2020, and EIA said it expected the state to add another 4.6 GW in 2021 and 5.4 GW in 2022, bringing the state's total to 14.9 GW. Solar is expected to make up the largest share of capacity additions in Texas between 2020 and 2022, with almost half of the additions, compared with 35% for wind and 13% for gas, according to EIA projections.