For the purposes of information security, the nameplate capacity is the correct number to consider for a very simple reason: we must defend as if hackers will pick the absolute worst moment to attack the grid. That is the moment when the sun is shining and it's absolutely cloudless across Netherlands, California, Germany, or wherever their target grid is.
At that moment, the attacker will not only blast the grid with the full output of the solar panels, but they will also put any attached batteries into full discharge mode as well, bypassing any safeties built into the firmware with new firmware. We must consider the worst case, which is that the attacker is trying to not only physically break the inverters, but the batteries, solar panels, blow fuses, and burn out substations. (Consider that if the inverters burn out and start fires, that's a feature for the attacker rather than a bug!)
So yes, not only is it 25 medium sized nuclear power plants, it's probably much higher than that! And worse, that number is growing exponentially with each year of the renewable transition.
This was probably the scariest security expose in a long time. It's much much worse than some zero-day for iphones.
A bad iPhone bug might kill a few people who can't call emergency services, and cause a couple billion of diffuse economic damage across the world. This set of bugs might kill tens of thousands by blowing up substations and causing outages at thousands to millions of homes, businesses, and factories during a heat wave. And the economic damage will not only be much higher, it will be concentrated.
> Getting the grid back online is a laboreous manual process which will take (a lot of) time. Think...
It would be even more laborious and take more time to bring things back online if the attacker manages to damage or destroy equipment with an overload like the GP describes.
The "turning the grid up to 11" attack isn't really possible. I know it seems like it is, but the inverters will only advance frequency so much before they back off, the inverters will only increase voltage so much. Etc. Sounds scary, isn't practical.
Turning everything off when the panels are at peak output? That lets frequency sag enough that plants start tripping offline to protect themselves and the grid and it'll cascade across the continent in just a few minutes. Then you have a black start which might take months.
Would love to know more about this. How would that happen? What's the process to bring it back up so fast?
The video has a lot of good info and seems compelling. During the Texas freeze many power company officials said the exact same thing, if the Texas grid went down it would have taken weeks to bring everything back online.
It's called black start (https://en.wikipedia.org/wiki/Black_start), and power companies plan for it, and the necessary components are regularly tested. It's not a fast process, it can take many hours to bring most of the grid back up. We had last year a large-scale blackout here in Brazil, and a area larger than Texas lost power; most of it was back in less than a day.
> if the Texas grid went down it would have taken weeks to bring everything back online.
The trick word here is "everything". Every time there's a large-scale blackout, there's some small parts of the grid which fail to come back and need repairs. What actually matters is how long it takes for most of the grid to come back online.
Inverters may be protected against changing settings, but if you can replace the firmware it can likely cause permanent hardware damage. Which the manufacturer, perhaps under pressure from its government, can do.
The risk is not turning all solar installations "on maximum". That happens nearly every summer day between 1 and 2pm. Automatic shutoff when the grid voltage is rising can be disabled, but more than 9 out of 10 consumer solar installations in the Netherlands deliver their maximum output on such a day for most of the summer, not running into the maximum voltage protections.
The big risk is turning them all off at the same time, while under maximum load. That will cause a brown-out that no other power generator can pick up that quickly. If the grid frequency drops far enough big parts of the grid will disconnect and cause blackouts to industry or whole areas.
It will take a lot of time to recover from that situation. Especially if it's done to the neighbouring grids as well so they can't step in to pick up some of the load.
Not if we have grid scale batteries. Solar shuts off, oh no. Sometime in the next four hours we need to get that fixed or something else up. Also flattens out the demand curve and allows arbitrage between the peak and valley.
What makes you think we're in the later stages of the battery S-curve currently? More generally technology-wise, what makes you think energy technology in general is an S-curve? Many situations are stacked S-curves. Global energy consumption, for example, looks like an exponential (no flattening yet) [1] if you plot it starting 1800.
Also, the start of an S-curve can be described by an exponential function, right? So it is an exponential.
My point more generally was to not underestimate processes which increase exponentially. Even if they flatten at some point, they can drastically change the world and fast. For example, iPhones and computer chips took off slowly, but once they started moving they took over the world. (Or do you not have multiple smartphones and computer chips in your house right now?)
And yes your point that it's all an s-curve is theoretically correct. But I think it's a semantic discussion. Next time I'll say "never underestimate the first half of an S-curve."
You're taking exponential improvements for granted. Only one human endeavour (ever) has made exponential gains for a long period, that of silicon lithography. And even that ended in the last decade.
The reason I say "always underestimate" is the obvious one. The easy problems are solved first, then the harder ones take longer because they're harder.
So that's fantastic that battery production scaled up. Only a fool would expect - would plan on - it continuing like that.
That’s not true. Exponentials are everywhere. They can often go for a long time. Even silicon is still going strong if you focus on FLOPS per dollar.
Other examples are cruise ship sizes, US GDP per capita, or Microsoft stock price.
The point really is this: go back in time to some of these things a few decades years ago. You would say: “How is this even possible? This is crazy. This will probably plateau soon. This can’t continue.”
But it did. Cruise ships went from 20, to 100, to 200 and now 365 meters in length.
And the same will probably happen for batteries. People say “ah well this is crazy. It will probably plateau soon”. My point is maybe it won’t. Once these exponentials (starts of s-curves) go, they go. Standing at the bottom of an s-curve and predicting the plateau soon can lead to a massive misprediction. Like the IBM CEO who said there will never be a market for more than 10 computers. He was off by about a billion.
Fyi, monetary values of things, like US GDP or stock prices, can be exponential forever, if we wanted, because they're socially constructed.
I am talking about real things. Cruise ship sizes improved dramatically but... actually linearly? There won't be 1,000,000 GT cruise ships in 2050. Or 60.
You have to use specific measurements like FLOPS/$ to keep moore's law alive, because the focus has been only on a certain kind of FLOP (the fp32 MAC for graphics, or perhaps the INT8/FP8 in recent years). Because in general, it's dead. It's more performance, for more money. Because lithography is really hard, harder now than ever (and water is wet).
> We must consider the worst case, which is that the attacker is trying to not only physically break the inverters, but the batteries, solar panels, blow fuses, and burn out substations.
Power transformers have a loooooooot of thermal wiggle room before they fail in such a way and usually have non-computerized triggers for associated breakers, and (at least if done to code, which is not a given I'll admit) so do inverters and every other part. If you try to burn them out, the fuses will fail physically before they'll be a fire hazard.
This is true, especially for low frequency (high mass) inverters. The inverters that are covered here are overwhelmingly high frequency (low mass) inverters. We hope that they practiced great electrical engineering and layered multiple layers of physical safeguards on top of the software based controls built into the firmware.
Of course a company that skimped to the point of total neglect on software security would never skimp anywhere else, right? Right?
:crossed-fingers: <- This is what we are relying on here.
And even if they did all the right things with their physical safety, the attackers can still brick the inverters with bad firmware and make them require a high skill firmware restore at a minimum and turn them into e-waste and require an re-install from a licensed electrician at a maximum.
> Of course a company that skimped to the point of total neglect on software security would never skimp anywhere else, right? Right?
At least in Europe, product safety organizations and regulatory agencies have taken up work to identify issues with stuff violating electrical codes (e.g. [1] [2]) and getting it recalled/pulled off the market.
Sadly there is no equivalent on the software side - it's easy enough to verify if a product meets electrical codes, but almost impossible to check firmware even if you have the full source code.
> high skill firmware restore at a minimum and turn them into e-waste and require an re-install from a licensed electrician at a maximum.
Well not even high skill - for "security" reasons and to prevent support issues as well as to skimp on testing needed informations are often only accessible to a chosen few.
Paradoxically the effect of thes "security" concerns often mean that there are plenty of easily exploited methods in devices like that. And the only people that have them are the ones that you need to worry about instead of some 16 year old teenager finding it and playing blinkenlights with his friends parents house causing trouble for him but getting the hard coded backdoor taken out after the media got wind of it.
If I was dictator of infrastructure I would ban any non-local two way communication and would mandate all small grid storage solutions run off a curve flattening model thats uniform and predictable. Basically they would store first and only be allowed to emit a fraction of their storage capacity to the grid afterwards. Maybe regulated by time of day.
This is wildly overstating the issue. Hackers are not going to break into hundreds of separate sites, compromise inverters, compromise relay protection, compromise SCADA systems, and execute a perfectly timed attack. Even if they did, these are distributed resources, they don't all go through a single substation and I doubt any one site could cause any major harm to any one substation.
Instead, they're going to get a few guys with guns and shoot some step of transformers and drive away.
The problem with infosec people is they tend to wildly overestimate cyber attack potential and wildly underestimate the equivalent of the 5 dollar wrench attack.
They don't need to break into separate sites though - the issue at hand is that a single failure in the centralised "control plane" from the vendor (i.e. the API server that talks to consumers' apps) can be incredibly vulnerable.
Here's a recent example where a 512-bit RSA signing key was being used to sign JWTs, allowing a "master" JWT to be signed and minted, giving control of every system on that vendor's control system.
A lot of utilities have their own fibre since they own poles/towers and need it for tele protection anyway so they can have secure a real private network between control room and significant power plants
I’d expect the opposite. All companies controlling equipment that is part of the “Bulk Electric System” have to be NERC CIP compliant and are audited regularly with large fines for non-compliance. Doesn't guarantee perfect (or even good security) but it’s more likely to be a priority.
It also perverts incentives such that no utility will communicate perhaps helpful information to other utilities or government when said information can leave them liable for fines.
Until there's some kind of hold-harmless agreement, the various industry & government security information sharing groups can only be of limited effectiveness.
The management at the utility doesn’t want to be recognized for being a deficient operator that doesn’t meet standards, so they hire employees to ensure they are compliant
A fine is a black eye for a utility where people pride themselves on the reliability of the service they provide
Hurray! I have experience that may shed some insights. I worked on SCADA software (3 different ones), for about 15 years, started off as a Systems Engineer for an Industrial Power Metering company (but writing software), built drivers for various circuit breakers and other power protection devices, and wrote drivers and other software for IEC61850 (substation modelling and connectivity standard). I’ve been the technical director of one of these SCADA systems, and in charge of bringing the security to “zero trust”. I’ve been on the phone with the FBI (despite not being an American or in America), and these days I design and lead the security development at a large software company.
I’ve been out of the Power Industry/SCADA game for about 6 years now, and never had huge involvement with solar farms, so please take this with a large grain of salt, but here is my take. 15 years ago, all anyone would say about industrial networks was “air gap!”. Security within SCADA products was designed solely to prevent bad operators from doing bad things. Security on devices was essentially non-existent, and firmware could often be updated via the same connectivity that the SCADA system had to the devices (although SCADA rarely supported this; it was still possible). In addition, SCADA systems completely trusted communication coming back from the devices themselves, making it relatively simple for a rogue device to exploit a buffer overrun in the SCADA. After Stuxnet + a significant push from the US government, SCADA systems moved from “defensive boundary, trust internally” to “zero trust”. However, devices have a long, long service life. Typically they would be deployed and left alone for 10+ years, and generally had little to no security. Security researches left this space alone, because the cost of entry was too high, but anytime they did investigate a device, there were always trivial exploits.
Although SCADA (and other industrial control software), will be run on an isolated network, it will still be bridged in multiple places. This is in order to get data out of the system, but also to get data into the system (via devices, and off-site optimisation software). The other trend that happened over time was to centralize operations in order to have fewer operators controlling multiple sites. That means that compromising one network gives you access to a lot of real world hardware.
Engineers never trusted SCADA (wisely), and all of these systems would be well built with multiple fail-safes and redundancies and so on. However, if I were to be a state-actor, I’d target the SCADA. If you compromise that system, you have direct access to all devices and can potentially modify the firmware to do whatever you want. If there is security, the SCADA will be authorized.
I don’t think the security risks are overblown (they are overblown in what they think the real problems are). I think that as the systems have gotten ever more complex; we have such complicated interdependencies that it is impossible to deterministically analyse them completely. The “Northeast blackout of 2003” (where a SCADA bug lead to a cascade failure), was used as a case-study in this industry for many years, but if anything, I think the potential for intentional destruction is much higher.
I’m in this space, but plc io networks from Schneider and Rockwell are still “trust internally”, and some HMI or scada has to have read/write to them. At least Rockwell you could specify what variables were externally writeable whereas Schneider was essentially DMA from the network.
This isn't hundreds of separate sites that have to be hacked individually. This is fewer than 10 clouds with no security to speak of and the ability to push evil firmware to millions of inverters worldwide, where in a few years at the current rate of manufacturing growth, it will be 10s, and then 100s of millions of inverters.
Yeah, the potato cannon filled with aluminum chaff or medium caliber semi-automatic rifle can take down a substation. But this is millions of homes and businesses, which can all have an evil firmware that triggers within seconds of each other. (There will inevitably be some internal clocks that are off by days/months/years, so it's not like it will happen without warning, but noticing the warning might be difficult.)
Would the switch on the transformer possibly be software controlled? (By software, I am wondering about firmware on a device reading a sensor, as opposed to a physical mechanism). I don’t know enough about the internals of these things, but I wonder if you could maliciously overwrite firmware, whether certain protections could be made to fail.
I’m going to assume this kind of thing is likely covered in FMEA and such, so is unlikely.
While I agree that the important metric to consider is peak output and not average output, I would still guess that in a country like the Netherlands that peak output is nowhere near nameplate capacity.
You can get close to peak output just about anywhere, assuming the panels are angled rather than laying flat. You just can’t get it for very long in most locations.
The new method this past year that appears to be highly beneficial is to use various compass orientations of _vertically_ mounted panels. The solar cells got so cheap that every penny we spend on mounting hardware and rigid paneling now stings, and posts driven vertically into the ground which string cables tight between them are cheaper than triangles, way easier to maintain (especially in places with winter), and trade a lower peak (or even a bimodal peak) for a much wider production curve.
Not sure if you count insects into your moral calculus, but silk farming only involves caterpillars and mulberry trees. It's warmer, softer, lighter, and way less smelly than plastic, so it doesn't need as much washing, so less environmental impact. I can wear a silk t-shirt for about a week before it gets smelly, most of the time, whereas plastic shirts sometimes need to be washed twice after a single wearing to get the smell out!
The fibers are stronger than polyester, so if you get a thick silk fabric, it will last a lifetime. Unfortunately, it's absurdly expensive, so even though the total cost of ownership isn't terrible if you get a thick fabric because it will last forever, it's a ton of money up front. Additionally, most places sell super thin silk to keep the price down, which means it doesn't last, so you have to shop around and find the good thick stuff.
I love silkliving.com's 100% silk line, which even includes a fleece hoodie! I'm not associated with them other than as a satisfied customer that paid full price.
Nothing is going to hit the price/warmness combo of plastic based fleeces, but I find the smelliness factor on synthetics to be worth paying extra for high quality natural fibers. Plastic clothing just ends up smelling gross and needs 2x-3x the washing!
Some alternatives I've found. (I'm not associated with any of these, other than as a full price paying satisfied customer):
1) Silkliving.com is a New Zealand company that sells a 100% silk fleece. It's AMAZING to wear, and has a price to match. Pretty hard wearing, but I wouldn't wear it as my outer layer and then do construction or rock climbing or whatever. This fleece is as warm as plastic or wool, weighs less than plastic, is comfy over a wider range of temps, and just literally the best fleece money can buy for anything other than activities where it will get abraded. Sadly, only comes in black. I'm hoping if you all buy one, they will justify more colors because I want to buy more of these.
2) Minus33 is a New Hampshire, USA company (minus33.com) that makes a hard wearing 100% merino wool fleece. Their "expedition" weight is heavy, but WARM. I have two of these.
3) Arms of Andes (armsofandes.com) make Alpaca wool clothing. Alpaca fiber is hollow and smaller than merino wool, so it will be lighter (or the same weight but warmer) and slightly softer than merino. It's not as soft or light as silk though, and you might not notice the difference, whereas you will DEFINITELY notice silk vs. merino. They don't have a full zip hoodie, which is unfortunate, but they do offer non-toxic plant based dyes, which is nice! Remember, you are breathing that fiber in and swallowing it, so while it's an upgrade to go from plastic to natural fibers, it's also an upgrade to move away from to old school nasty heavy metal based dyes.
I have a few items from Arms of Andes that are really great. Highly recommend.
I ran into a similar situation as you after wearing synthetic clothing at the gym. It led me to create unwraplife.co as a database for plastic free clothing (no kickbacks here or anything shady, just a database).
> Minus33 is a New Hampshire, USA company (minus33.com) that makes a hard wearing 100% merino wool fleece. Their "expedition" weight is heavy, but WARM. I have two of these.
When looking for a good 100% Merino wool beanie, I came across these guys, but sadly they barely retail in Europe and the international shipping they charge makes it absolutely not worth it.
I have a few pieces from loow.com (Wool backwards.) They are out of EU, and what I have from them, I like! (Not associated, just a satisfied customer that paid full price.)
What was your experience washing the various things you got from these places? Did it come out ok?
I'm used to doing cold water washes and hang drying everything, but even with that, some wool stuff... it seems you just look at it wrong and it shrinks in weird ways.
Alpacas are cute animals - there are a few ranches near where I live
I wash wool and silk using a ph balanced detergent with no protease. I use cold water, minimum spin, and a super long soak. Then I hang dry. It's more work to wash this way, but they last longer, never smell, and 100% silk and wool only need washing 1/3rd to 1/5th as often anyway, so the total work is lower than with plastic clothing. The brand of detergent I use is literally called "Soak," and I get it on Amazon.
> Plastic clothing just ends up smelling gross and needs 2x-3x the washing!
Yeah, I got some plastic based tee shirts that supposedly are composed in part from recycled bottles, which is cool, but they soak up armpit stank way more easily than shirts of other fabrics. Spray N' Wash works really well for that, though.
Are you sure you're washing the clothing sufficiently, and that the detergent is working? I dry all my clothes on an indoor drying rack that gets zero direct sunlight, including 100% cotton items. I don't have any problems with washed items still smelling. Is the water chlorinated? Admittedly it's usually not tropical-level humidity here most of the time.
In high humidity environments you need the sunlight to help dry the clothing quickly enough so that bacteria doesn't start to form in the cotton weave. Because even if it gets dry, the minute you begin to sweat wearing that item, it'll stink.
In low humidity your cotton clothing will dry quickly enough that this doesn't happen.
Some of my stuff can take quite a while to dry still though. Particularly if the drying rack is very full and it's cold in the apartment. For everything to fully dry sometimes takes 24 hours.
We have some pretty good ideas about just how "lumpy" the explosion of the big bang should have been. And yes, the best theories in cosmology disagree with the recent observations highlighted in this article. On the other hand, those cosmological theories are rooted in extremely strong physics which does things like predict various attributes of particles that have been measured extremely precisely and were predicted correctly. So the Hubble tension is real. My money is on the theory needing revising, but how? There are no great candidates for something to replace the standard model and our best theories in cosmology. There are plenty of candidates, but no obvious methods to choose a best one. This is science! Remember, the most exciting words in science are, "huh, that's odd." The Hubble tension is extremely odd!
This result confirms that the "hubble tension" is real. In other words, two methods for measuring the expansion of the universe disagree, but we can't figure out why and have new and really strong evidence that the "cosmic ladder" method is correct. (The other method is based on the cosmic microwave background radiation and our best theories of physics, so we're caught between a rock and a hard place here: strong experimental evidence one way, and throwing out a ton of what we think we know about the universe with no obvious replacement the other way.)
No. This confirms that the "hubble tension" is real. In other words, two methods for measuring the expansion of the universe disagree, but we can't figure out why and have new and really strong evidence that the "cosmic ladder" method is correct. (The other method is based on the cosmic microwave background radiation and our best theories of physics, so we're caught between a rock and a hard place here: strong experimental evidence one way, and throwing out a ton of what we think we know about the universe with no obvious replacement the other way.)
I stopped reading at paragraph 4. What idiot is buying lead acid batteries in 2023 for solar storage systems?
4 12V 200AH deep cycle lead acid batteries cost $1552 on Amazon and hold as much energy in practice as a 100AH 48V LFP battery which last 15 years, minimum, and only costs about 6% more up front. (Not linking to specific batteries in order to not shill for them, but do a little searching for 100AH 48V 4U server rack LFP batteries on youtube, and you will find dozens of tutorials.) Quality inverters last 30 years, not 10.
Are these people TRYING to light money on fire? Are they fronting for someone by trying to make solar look impractical? Or are they just stupid?
Low Tech Magazine remains a great sourcebook for an alt-history novel or role playing campaign. Its advice has increasingly diverged from efficient paths toward sustainability/decarbonization as the high tech approaches (advanced solar, wind, nuclear, batteries, electric vehicle, heat pumps...) continue to improve.
Over the past 20 years I have noticed this tendency among a subset of people people in the environmental movement. Some people loved solar power only when it was expensive and small scale. A future world powered by solar once evoked images of cozy little villages, bicycles, deglobalization, handmade wooden toys, and a slower pace of life. Now that solar power is inexpensive and scalable, it's unappealing to people who value the cozy aesthetic more than they value meeting quantifiable IPCC emissions targets.
Its notable he skipped the primary chemistry people use for storage too, LiPho. They are guaranteed to last 10 years, they are about $150 per KWH and can sustain 0.5C charge and discharge.
For me at least the storage is about 1/3 of the cost of the system and I'll likely have to replace it once (probably with Sodium Ion since that is taking off and $50 a KWH) and a new inverter and there is no way it costs even half the total system install over the lifetime.
Other than the fact that most batteries on Amazon are counterfeit garbage.
If you want something better and brand name, you'll pay more. Sometimes, significantly more.
It still doesn't make sense to use lead acid for off grid, deep cycle or not. UPS systems still use them because lead acid loves to stay charged at 100% and not drop below half, which is fine for UPS that are intended to run only during occasional power failures.
LFP batteries also last for thousands of cycles and are safe, probably safer than lead acid.
Speaking of idiots, ordering batteries on Amazon is a great way to acquire really shitty batteries. Lead-acid works fine and is maintainable. The price parity is extremely recent and supply-chain problems still mar the lithium side.
Also, where did you buy your inverters in 1993? I've used about six different brands on various deployments and ten years is about right for MTBF there. I sure wouldn't trust a fifteen-year-old inverter to handle 3500VA continuous, and god forbid there's a spike...
This is a common misunderstanding. The lithium batteries used for off-grid and RVs are not the kind you're thinking of. They are LiFePO4, and far less susceptible to thermal runaway than, for example, an average laptop battery.
Ventile is an exception to the "rule" that "cotton kills" (in the cold).
Especially great is for staying dry is double layered ventile, which is now free of flourine chemistry for extra waterproofing (older iterations used PFAS as an extra waterproofing coating.)
The cotton breathes, it's more durable than gore-tex or off-brand knockoffs (stressed PTFE), and it doesn't make annoying "swish swish" noises either, which is helpful for bird watchers and other folks that want to move quietly in nature.
There are two major disadvantages: cost and weight. A ventile garment is many times the price of a similar ptfe garment, especially now that the original gore-tex patents have expired. And it's also many times the weight.
However, let's be honest, if you can afford ventile, you probably can drop 3 pounds of fat through the additional time you will spend outside, lengthen your healthspan and lifetime, and use the garment long enough to pay for the several "waterproof" ptfe garments you would have gone through in the same time.
Only if you want a battery that will die fast. Nissan made an insane decision early on to not heat or cool their batteries, and also not go with a battery chemistry that is resistant to degradation in the heat.
10 years in, all those early LEAFs have been scrapped or needed battery swaps due to like 75%!!! range loss in some cases! Meanwhile, Tesla, while notorious for fit/finish issues, has similar vintage cars that are still on their first battery with less than 20% loss of range.
Yes, the LEAF is "reliable." It reliably goes when you step on the accelerator, and everything else is reliable as well, except for the drivetrain, which reliably loses range to the point where the car is totaled because Nissan raised battery prices just as a tidal wave of vehicles needed them.
There's a reason Tesla is outselling every other EV in North America. Part of it is that they are able to source materials, but they are the only ones with a "good enough" mix of reliability and build quality on everything but the drivetrain, a bulletproof drivetrain, and a reliable and widespread charging network. Teslas aren't perfect, and there's room for a fast follower company to beat them, especially on fit, finish, convenience, and luxurious cabins, but that would require an Apple like attention to both detail and supply chains.
Though a common misconception that comes from the Nissan Leaf being the first mass produced EV and the first to discover issues with battery degradation in hot or cold climates, this was an issue in 1st generation that is long gone, yet your out of date narrative has stuck in many minds.
The entire book falls apart because of two facts, both of which are in the book itself!
"Hands down, solar is the only renewable resource capable of matching our current societal energy demand. Not only can it reach 18 TW, it can exceed the mark by orders of magnitude." (Section 13.9)
"We would likely not be discussing a finite planet or limits to growth or climate change if only one million humans inhabited the planet, even living at United States standards. We would perceive no meaningful limit to natural resources and ecosystem services." (Section 3.5) An energy source that is thousands of times more abundant than fossil fuels is basically equivalent to having one one thousandth the population.
While I must acknowledge the truth that converting things to run on electricity will be a large engineering and logistical challenge, and that battery production must be scaled up (as well as converting some loads to run where the sun is shining), both of these challenges pale in comparison to the money part of that first quote: "exceed the mark by orders of magnitude." In other words, even if we could only store electricity at an efficiency of 1%, we'd be fine. (In actuality, we ALREADY store electricity at efficiencies over 80 times that.)
Ecosystem services, availability of raw materials, and many other challenges exist as well. However, all of them are meaningless in the face of "we would perceive no meaningful limit to natural resources." Having an energy source that is thousands to millions of times more abundant than the ones we use today lets us substitute energy for basically all of our needs. (Need clean water? Energy + dirty water = clean water. Need more steel? Dirt + energy = steel. Need to remove CO2 from the atmosphere? You can do it, at only the cost of several times the energy you got putting the CO2 into the atmosphere, which is only a few % of the future energy budget from solar. Think of it this way. In the past, we relied on cutting down forests for heat. Putting the forests back would have seemed like an insurmountable task, because our fuel came from the forests. But now that we run on fossil fuels, which are approximately 100x more abundant than forests, putting the forests back is a matter of politics and land usage discussions, not one of practicality.)
In other words, we are the only ones we have to blame if the future is not MUCH wealthier than the past, both per person and also for our total economy.
I'm not sure I understand your point. Perhaps you disagree with the author on the desirability of a future in which virtually unlimited energy is available to humankind in its current state (see the upshot on nuclear fusion p. 269, for example). His cautious take on our collective ability to manage our energetic needs[0] does not seem unwarranted to me.
Regardless, I think the book remains useful for its intended audiences as a quantitative assessment of available energy sources given our growth path.
[0] "The rookie mistake here is assuming that adults are in charge." (p. 134)
"Virtually unlimited energy" is where the argument completely falls apart. It's a myth we need to stop spreading. As I said elsewhere, we have only a bit over 200 years at our current 2.3% annual growth in energy usage before we start raising the temperature of the Earth purely from a thermodynamic perspective.
Completely blanketing the Earth in solar panels gets us a few hundred years more (thanks to the fact that that solar energy is already hitting the planet whether or not we use it for electricity), but that's assuming we've developed panels with magical levels of efficiency and we're okay with 0% of sunlight reaching the Earth's surface.
Four hundred years of sustained energy growth at current levels is the most that could happen on this planet under comically-implausible circumstances, and when we reduce the absurdity even just a bit (greenhouse gases still exist, we won't blanket the planet in perfectly-efficient solar cells), we optimistically might get two hundred years more before we hit an energy wall that cannot be overcome without a complete overthrow of thermodynamics as we understand it.
Is that still a lot of growth? Sure. But it's about the same window of time as the industrial revolution until now.
At that moment, the attacker will not only blast the grid with the full output of the solar panels, but they will also put any attached batteries into full discharge mode as well, bypassing any safeties built into the firmware with new firmware. We must consider the worst case, which is that the attacker is trying to not only physically break the inverters, but the batteries, solar panels, blow fuses, and burn out substations. (Consider that if the inverters burn out and start fires, that's a feature for the attacker rather than a bug!)
So yes, not only is it 25 medium sized nuclear power plants, it's probably much higher than that! And worse, that number is growing exponentially with each year of the renewable transition.
This was probably the scariest security expose in a long time. It's much much worse than some zero-day for iphones.
A bad iPhone bug might kill a few people who can't call emergency services, and cause a couple billion of diffuse economic damage across the world. This set of bugs might kill tens of thousands by blowing up substations and causing outages at thousands to millions of homes, businesses, and factories during a heat wave. And the economic damage will not only be much higher, it will be concentrated.