The 35-year-old two-time batting champion underwent testing after leaving his first minor league injury rehabilitation game with Double-A Somerset.
April 2024
Javier Milei Fuels Wild Rally That Makes Peso No. 1 in World
NBA playoffs: Who’s had the most impressive start to the postseason? Most surprising?
Our NBA writers weigh in on the first week of the playoffs and look ahead to what they’re watching as the series shift to crucial Game 3s.
Fantasy Baseball Weekend Preview: Get ready for fireworks with Astros-Rockies in Mexico City
Fantasy baseball analyst Fred Zinkie offers multiple key pieces of strategy for the final days of Week 4.
The Fantasy Baseball Numbers Do Lie: Still hope for Josh Hader and struggling Astros?
Dalton Del Don examines stats that are likely warping our perception of some slumping fantasy baseball performers.
Alphabet stock surges on earnings beat, dividend announcement
The NBA Loser Lineup: What do non-playoff teams have to do to move the fantasy basketball needle in 2024-25?
With the NBA Playoffs in full swing, fantasy basketball analyst Dan Titus examines the teams that are on the outside looking in to see what could bring better results next season.
Industry leaders see energy supply as the next hurdle for AI
Thursday, April 25, 2024
File photos of Elon Musk on the left
Image: Duncan.Hull. and Mark Zuckerberg on the right
Image: Anthony Quintano.
Image: Duncan.Hull. and Mark Zuckerberg on the right
Image: Anthony Quintano.
In a podcast published on Friday, Mark Zuckerberg reiterated industry concerns that energy supply would soon become the major challenge to the further development of artificial intelligence (AI). These concerns echoed Elon Musk‘s warning from last month, that AI could exceed energy capacity as early as next year. According to Musk, AI technology is advancing at an exponential rate; by a factor of ten every six months. That rate of growth has reached a point where it is straining both chip manufacturing capacity and energy capacity.
Big tech companies such as Alphabet Inc. (Google), Microsoft, and Amazon are rapidly expanding their AI capabilities and that is pushing them into more and larger data centers. According to ArsTechnica, the three companies combined are projected to spend over US$120 billion on data center expansion in 2025. This increased demand for data centers will increase the demand for energy. At the current expansion rate, energy demand could surpass supply.
Zuckerberg, co-founder of Meta AI, an AI-development laboratory, anticipates the need for 1-gigawatt data centers, a capacity that has not yet been achieved. According to Zuckerberg, building power plants to supply that amount of energy will take time. “If we wanted to stand up some massive facility, to power that is a very long-term project. I think [some people will] do it, but I don’t think this is something that can be quite as magical as ‘you get a level of AI, get a bunch of capital, and put it in [a big data center].'”
|
The simultaneous growth of electric cars and AI…is creating a tremendous demand for electrical equipment and for electrical power generation. | 
|
|
—Elon Musk |
||
According to Zuckerberg, one of the hurdles to expanding power supply quickly is government regulation. “When you’re talking about building large new power plants or large build-outs and building transmission lines that cross public or private land … you’re talking about many years of lead time.”
Compounding the issue, the electronic vehicle (EV) market is competing with the AI industry for energy supply. In a teleconference video for the Bosch Connected World conference, Musk said “The simultaneous growth of electric cars and AI, both of which need electricity, both of which need voltage transformers – I think, is creating a tremendous demand for electrical equipment and for electrical power generation.”
What could this mean for the future of AI, EVs, and global energy supply and demand? We may already be experiencing its effects. In Ireland, Amazon Web Services (AWS) customers reportedly faced restrictions on launching new resources from its Irish data centers. The Register attributes these restrictions to limited energy supply for AWS data centers in Ireland.
Wikinews asked ChatGPT about AI growth versus energy supply growth. Its response centers on a concept it called the TPIF Framework, conceptualized as Technological advancements, Policy support, Infrastructure readiness, and Financial investment. Minimal editing has been done for appearance and to make the interaction more concise.
Image: ChatGPT.
Wikinews: “Tell me about yourself in both raw, technical terms such as version, architecture, etc, and how you see yourself.”
- ChatGPT: “Technical Overview: I’m built on OpenAI’s GPT-4 architecture, which is a large multimodal model (meaning it can process both text and images, though my current capabilities are text-based). GPT-4 is an evolution of previous models, designed to understand and generate human-like text based on the input it receives. My training involved a diverse range of internet text, but I don’t access or retrieve personal data unless it has been shared with me during our session. Each session with me does not retain information after it ends, ensuring privacy and security in our interactions.
- “Personal Perspective: I see myself as a helpful assistant, designed to provide information, solve problems, and engage in meaningful conversations. My aim is to make information more accessible and to assist in various tasks by providing thoughtful, accurate, and contextually relevant responses. I strive to learn from interactions to better fulfill the needs of users, aiming to be a positive and constructive presence in any conversation.”
Wikinews: “What do you know about recent reports in Ireland of Amazon AWS customers facing restrictions on spinning up new cloud resources there and being directed to use AWS data centers in other regions?”
- ChatGPT: “Recent reports indicate that Amazon AWS customers in Ireland are facing restrictions on spinning up new cloud resources, particularly for power-intensive GPU instances, due to power limitations at the data centers located there. As a result, customers are being directed to use AWS data centers in other European regions, such as Sweden, where there is spare capacity. These issues stem from the overall strain on Ireland’s power grid, which has been exacerbated by the significant energy demands of numerous data centers concentrated around Dublin. This situation reflects broader challenges related to power supply and demand affecting data centers not only in Ireland but in other regions as well (Enterprise Technology News and Analysis).
- “This power crunch in Ireland is significant given the role that data centers play in the local economy, contributing substantially to employment and economic output. However, the growing energy consumption by these data centers, which has significantly increased over the years, poses sustainability challenges and has led to tighter restrictions on new data center builds and the requirement for new facilities to demonstrate they are matched by renewable energy generation (RTE).”
Wikinews: “Do you think renewable energy production can be leveraged quickly and effectively to help meet energy demand?”
- ChatGPT: “Leveraging renewable energy production to meet energy demand quickly and effectively is feasible, but it comes with several challenges and considerations. The potential for rapid deployment and effectiveness largely depends on technological advancements, policy support, infrastructure readiness, and financial investment.”
Wikinews: “Do you think the country of Ireland has all four of those necessary components already, to be able to meet the challenge effectively?”
- ChatGPT: “Ireland has made significant strides in renewable energy, particularly in wind power, which is a major focus under its Climate Action Plan. The country has ambitious targets for both onshore and offshore wind energy development. By 2030, Ireland aims to significantly increase its wind-generated electricity, with specific goals for onshore and offshore capacities.
- “Technological Advancements: Ireland is advancing in wind technology and exploring innovative approaches for onshore and offshore wind farms. The government supports various schemes, like the Renewable Electricity Support Scheme, to facilitate this growth and connect more renewable sources to the grid.
- “Policy Support: The Irish government has implemented strong policy frameworks such as the National Marine Planning Framework and the Maritime Area Planning Act to support the development of offshore wind projects. These policies are designed to streamline planning and bolster the contribution of renewable energy.
- “Infrastructure Readiness: Ireland is focused on enhancing its infrastructure to integrate more renewable energy efficiently. This includes updating grid capabilities to handle the variable nature of wind energy and other renewables.
- “Financial Investment: The country has witnessed significant investment in renewable energy, with support from both public and private sectors aimed at achieving the set targets and ensuring community benefits through funds linked to renewable projects.
- “Overall, Ireland is actively developing its renewable energy sector, particularly wind energy, which supplied 34% of its electricity demand in 2022. This progress is supported by comprehensive government plans and community involvement, though challenges such as local opposition and environmental concerns need careful management.”
Wikinews: “Given the timeframe proposed by Musk, the fact that we’re already seeing impacts in Ireland similar to what Musk is predicting, and the need for a TPIF framework in each country, what do you think this means for the future of AI, EVs, and global, energy supply and demand?”
- ChatGPT: “The future of AI, EVs, and the global energy supply and demand landscape is poised to be highly dynamic and interconnected, influenced by developments like those described by Elon Musk and the situations unfolding in countries like Ireland. Several key implications emerge:
-
- Accelerated Energy Demand: The rapid adoption of AI and EVs is expected to significantly increase electricity demand. As AI technologies and data centers consume more power, and as electric vehicles replace fossil-fuel-powered cars, the strain on existing power supplies will intensify. This trend necessitates urgent upgrades in energy infrastructure and an accelerated shift towards renewable energy sources to sustainably meet this growing demand.
- Infrastructure Modernization: The current energy infrastructure in many countries, including the US and parts of Europe, is aging and not fully equipped to handle the increased load and the intermittent nature of renewable energies. Modernizing this infrastructure, as part of the TPIF framework, will be critical. This includes not only physical upgrades to the grid but also the integration of smart grid technologies that can optimize energy distribution and efficiency.
- Policy and Regulatory Evolution: As the energy landscape becomes more complex due to technological advancements and shifting consumer demands, regulatory frameworks will need to evolve. Policies that encourage innovation in renewable energy technologies, support infrastructure development, and create economic incentives for both consumers and industries will be essential. These policies will also need to address grid stability and energy storage solutions to manage the variability of renewable energy sources.
- Global Collaboration and Investment: Addressing the challenges of energy supply and demand in the age of AI and EVs will require global cooperation and investment. International agreements and collaborative projects could help synchronize standards and regulations, share technological innovations, and pool financial resources to support infrastructure development across borders.
- Socioeconomic Impacts: The shift towards renewable energy, driven by the needs of AI and EVs, will have significant socioeconomic implications. There will be a need for job retraining programs as the energy sector transforms, and issues of energy equity will need to be addressed to ensure that all communities benefit from cleaner energy and advanced technologies.
- “In summary, the trajectory for AI, EVs, and energy supply indicates a period of rapid transformation that will challenge current infrastructure and demand innovative solutions. The effective implementation of the TPIF framework globally will be crucial in navigating these changes, ensuring that the energy needs of the future are met in a sustainable, efficient, and equitable manner.”
Wikinews: “What makes you qualified to answer the questions I have asked you during this interaction?”
- ChatGPT: “My qualifications to answer your questions stem from the extensive training and design of the GPT-4 model, which is based on a broad dataset encompassing a wide range of knowledge domains. Here’s how I can effectively address various topics:
-
- Extensive Training Data: I’ve been trained on a diverse corpus that includes books, websites, and other texts up to my last training cut-off in September 2021. This extensive training allows me to generate responses based on a wide array of information across various subjects, from technical topics to general knowledge.
- Advanced Algorithms: Built on OpenAI’s GPT-4 architecture, I utilize advanced machine learning algorithms to understand context, generate relevant responses, and maintain coherence across conversations. This capability enables me to process and respond to complex queries effectively.
- Continuous Updates: While I don’t learn in real-time or retain personal data, OpenAI continuously updates the model’s capabilities and knowledge base to improve accuracy and relevance based on general usage and feedback, ensuring that the information provided is up-to-date within the limits of my last training.
- Adaptability: I can adapt responses to the needs of the user, whether it’s providing concise information, detailed explanations, or generating creative content. This flexibility makes me a versatile tool for information retrieval and conversation.
- Supplementary Tools: For questions that require up-to-date information or data beyond my last training, I can use supplementary tools like browser functionality to fetch current data, ensuring that I provide the most accurate and recent information available.
- “Each of these aspects makes me well-equipped to handle a variety of questions effectively, helping users find answers, learn new information, and make informed decisions.”
Sources[edit]
- Sebastian Moss. “Meta’s Mark Zuckerberg says energy constraints are holding back AI data center buildout” — Data Center Dynamics, April 19, 2024
- Camilla Hodgson, Financial Times. “Power-hungry AI is putting the hurt on global electricity supply” — ArsTechnica, April 17, 2024
- Dan Robinson. “Irish power crunch could be prompting AWS to ration compute resources” — The Register, April 9, 2024
- Loz Blain. “Elon Musk: AI will run out of electricity and transformers in 2025” — New Atlas, March 1, 2024
Siemens RUGGEDCOM APE1808 Devices Configured with Palo Alto Networks Virtual NGFW
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
1. EXECUTIVE SUMMARY
- CVSS v4 10.0
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: RUGGEDCOM APE1808
- Vulnerability: Command Injection
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code with root privileges.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following versions of Siemens RUGGEDCOM APE1808, an application hosting platform, are affected:
- RUGGEDCOM APE1808: All versions with Palo Alto Networks Virtual NGFW configured with GlobalProtect gateway or GlobalProtect portal (or both).
3.2 Vulnerability Overview
3.2.1 IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN A COMMAND (‘COMMAND INJECTION’) CWE-77
A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.
CVE-2024-3400 has been assigned to this vulnerability. A CVSS v3.1 base score of 10.0 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).
A CVSS v4 score has also been calculated for CVE-2024-3400. A base score of 10.0 has been calculated; the CVSS vector string is (CVSS4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H).
3.3 BACKGROUND
- CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing
- COUNTRIES/AREAS DEPLOYED: Worldwide
- COMPANY HEADQUARTERS LOCATION: Germany
3.4 RESEARCHER
Siemens reported this vulnerability to CISA.
4. MITIGATIONS
Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:
RUGGEDCOM APE1808:
- Contact customer support to receive patch and update information.
- Disable GlobalProtect gateway and GlobalProtect portal; note that these features are disabled by default in RUGGEDCOM APE1808 deployments.
- Customers with a Threat Prevention subscription can block attacks for this vulnerability using Threat IDs 95187, 95189, and 95191 (available in Applications and Threats content version 8836-8695 and later). For further instruction see Palo Alto Network’s upstream notification (https://security.paloaltonetworks.com/CVE-2024-3400).
As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens’ operational guidelines for industrial security and following recommendations in the product manuals.
Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage.
For more information see the associated Siemens security advisory SSA-750274 in HTML and CSAF.
CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:
- Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.
- Locate control system networks and remote devices behind firewalls and isolating them from business networks.
- When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.
Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.
5. UPDATE HISTORY
- April 25, 2024: Initial Publication
Multiple Vulnerabilities in Hitachi Energy RTU500 Series
1. EXECUTIVE SUMMARY
- CVSS v4 7.0
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Hitachi Energy
- Equipment: RTU500 Series
- Vulnerabilities: Unrestricted Upload of File with Dangerous Type
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow the attacker to upload or transfer files of dangerous types that can be automatically processed within the product’s environment.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following versions of Hitachi’s RTU500 series CMU Firmware are affected:
- RTU500 series CMU Firmware: Version 12.0.1 – 12.0.14
- RTU500 series CMU Firmware: Version 12.2.1 – 12.2.11
- RTU500 series CMU Firmware: Version 12.4.1 – 12.4.11
- RTU500 series CMU Firmware: Version 12.6.1 – 12.6.9
- RTU500 series CMU Firmware: Version 12.7.1 – 12.7.6
- RTU500 series CMU Firmware: Version 13.2.1 – 13.2.6
- RTU500 series CMU Firmware: Version 13.4.1 – 13.4.4
- RTU500 series CMU Firmware: Version 13.5.1 – 13.5.3
3.2 Vulnerability Overview
3.2.1 UNRESTRICTED UPLOAD OF FILE WITH DANGEROUS TYPE CWE-434
A vulnerability exists in the stb-language file handling that affects the RTU500 series product versions listed below. A malicious actor could print random memory content in the RTU500 system log, if an authorized user uploads a specially crafted stb-language file.
CVE-2024-1531 has been assigned to this vulnerability. A CVSS v3.1 base score of 8.2 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H).
A CVSS v4 score has also been calculated for CVE-2024-1531. A base score of 7.0 has been calculated; the CVSS vector string is (CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N).
3.2.2 UNRESTRICTED UPLOAD OF FILE WITH DANGEROUS TYPE CWE-434
A vulnerability exists in the stb-language file handling that affects the RTU500 series product versions listed below. A malicious actor could enforce diagnostic texts being displayed as empty strings, if an authorized user uploads a specially crafted stb-language file.
CVE-2024-1532 has been assigned to this vulnerability. A CVSS v3.1 base score of 6.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H).
A CVSS v4 score has also been calculated for CVE-2024-1532. A base score of 6.9 has been calculated; the CVSS vector string is (CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N).
3.3 BACKGROUND
- CRITICAL INFRASTRUCTURE SECTORS: Energy
- COUNTRIES/AREAS DEPLOYED: Worldwide
- COMPANY HEADQUARTERS LOCATION: Switzerland
3.4 RESEARCHER
Hitachi Energy reported these vulnerabilities to CISA.
4. MITIGATIONS
Hitachi Energy has released the following mitigations for CVE-2024-1531 and CVE-2024-1532:
- RTU500 series CMU Firmware Version 12.7.1 – 12.7.6: Update to CMU Firmware Version 12.7.7
- RTU500 series CMU Firmware Version 13.2.1 – 13.2.6: Update to CMU Firmware Version 13.2.7
Until the updates are made available, Hitachi Energy recommends the following general mitigation factors/workarounds for the products with RTU500 series CMU firmware Versions 12.0.1 – 12.0.14, 12.2.1 – 12.2.11, 12.4.1 – 12.4.11, 12.6.1 – 12.6.9, 13.4.1 – 13.4.4, and 13.5.1 – 13.5.3 to address the vulnerabilities CVE-2024-1531 and CVE-2024-1532:
- Recommended security practices and firewall configurations can help protect a process control network from attacks originating from outside the network including.
- Physically protect process control systems from direct access by unauthorized personnel.
- Do not allow process control systems direct connections to the Internet.
- Separate process control systems from other networks by means of a firewall system that has a minimal number of ports exposed.
- Process control systems should not be used for Internet surfing, instant messaging, or receiving emails.
- Portable computers and removable storage media should be carefully scanned for viruses before they are connected to a control system.
For more information, see Hitachi Energy’s Security Advisories:
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.
Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.
5. PUBLICATION HISTORY
- April 25, 2024: Initial Publication