Kelly Newman

How strong is New York’s “illegal gambling” case against Valve’s loot boxes?

gambling, gaming, loot boxes, online gambling, Policy, steam marketplace, valve / Kelly Newman / February 27, 2026

“Calling it gambling because a user could, through several indirect steps, convert an item into cash risks stretching gambling law beyond its traditional limits,” Loiterman said. “If New York’s theory wins, it raises uncomfortable questions about things like Pokémon cards or promotional games (e.g. McDonald’s Monopoly). Courts will be cautious about going that far.”

New York also argues that Valve tacitly endorses third-party services that allow players to easily “cash out” their Steam inventories for real money. Whether Valve is culpable for the existence of those services is still an unsettled question in the law, Methenitis said, as it has been at least since he wrote about the legal implications of World of Warcraft‘s third-party gold resellers nearly two decades ago.

“I think companies have a pretty strong [legal] argument if they make some attempts to police [third-party resellers]—they obviously can’t fully control what people do outside their platform,” Methenitis said. “But if they turn a blind eye to it and allow it, I think they could be found liable.” Loiterman agreed that Valve “providing the tools that enable those [third-party] markets and tolerating them creates some degree of responsibility.”

“Judges tend to be cautious…”

In the end, the lawyers Ars spoke to were generally skeptical that courts would determine that Valve’s loot box system constitutes illegal gambling. Cases making similar arguments about other loot box systems have failed in other jurisdictions, “in part because gambling laws were drafted with casinos and lotteries in mind,” Loiterman said. “Judges tend to be cautious about breaking from an emerging consensus.”

Hoeg agreed that “the entire question [in this case] is novel, and… the courts are (small-‘c’) conservative institutions, not generally wanting to adopt novel arguments without direction from the legislative branches.” Even if Valve’s loot box system “may start to smell a bit like gambling,” Hoeg said he would “honestly be surprised if the courts went along with the characterization without a new law aimed at it.”

“I view it as a weak case offered primarily for political grandstanding/coverage over real legal effect,” Hoeg concluded. “We shall see, though.”

How strong is New York’s “illegal gambling” case against Valve’s loot boxes? Read More »

Netflix cedes Warner Bros. Discovery to Paramount: “No longer financially attractive”

acquisitions, cable, HBO Max, mergers, netflix, paramount, paramount plus, Paramount Skydance, Policy, streaming, Tech, warner bros. discovery / Kelly Newman / February 27, 2026

On Thursday, WBD’s board deemed Paramount’s revamped offer “superior,” giving Netflix four business days to match it. But that same day, Netflix, which had recently emphasized its willingness to walk away from mergers it deems overly expensive, said it would no longer pursue the acquisition.

A statement from Netflix co-CEOs Ted Sarandos and Greg Peters issued last night said:

The transaction we negotiated would have created shareholder value with a clear path to regulatory approval. However, we’ve always been disciplined, and at the price required to match Paramount Skydance’s latest offer, the deal is no longer financially attractive, so we are declining to match the Paramount Skydance bid.

The CEOs added that the WBD merger “was always a ‘nice to have’ at the right price, not a ‘must have’ at any price.”

Netflix and Paramount’s stock have continuously declined since Netflix announced its planned merger. Following yesterday’s announcement, Netflix shares rose by more than 10 percent in after-hours trading, and Paramount shares increased by 5 percent.

In a statement quoted by The Hollywood Reporter yesterday, WBD President and CEO David Zaslav said, “Once our board votes to adopt the Paramount merger agreement, it will create tremendous value for our shareholders. We are excited about the potential of a combined Paramount Skydance and Warner Bros. Discovery and can’t wait to get started working together telling the stories that move the world.”

The article was edited to correct ticking fee information.

Netflix cedes Warner Bros. Discovery to Paramount: “No longer financially attractive” Read More »

xAI spent $7M building wall that barely muffles annoying power plant noise

AI, ai data center, air pollution, Environmental Protection Agency, Policy, power plant, xAI / Kelly Newman / February 26, 2026

“Temu sound wall” not enough to quell fury over xAI’s power plant.

For miles around xAI’s makeshift power plant in Southaven, Mississippi, neighbors have endured months of constant roaring, erupting pops, and bursts of high-pitched whining from 27 temporary gas turbines installed without consulting the community.

In a report on Thursday, NBC News interviewed residents fighting to shut down xAI’s turbines. They confirmed that xAI operates the turbines day and night, allegedly tormenting residents in order to power xAI founder Elon Musk’s unbridled AI ambitions.

Eventually, 41 permanent gas turbines—that supposedly won’t be as noisy—will be installed, if xAI can secure the permitting. In the meantime, xAI has erected a $7 million “sound barrier” that’s supposed to mitigate some of the noise.

However, residents told NBC News that the wall that xAI built does little to quiet the din.

Taylor Logsdon, who lives near the power plant, said that neighbors nearby jokingly call it the “Temu sound wall,” referencing the Chinese e-commerce site known for peddling cheap, rather than high-quality goods. For Logsdon, the wall has not helped to calm her dogs, which have been unsettled by sudden booms and squeals that videos show can frequently be heard amid the turbines’ continual jet engine-like hum. Some residents are just as unsettled as the dogs, describing the noises from the plant as “scary.”

A nonprofit environmental advocacy group, the Safe and Sound Coalition, has been collecting evidence, hoping to raise awareness in the community to block xAI from obtaining permits for its permanent turbines. The group’s website links to videos documenting the noise, noise analysis reports, and public records showing how challenging it’s been to track xAI’s communications with public officials.

Safe and Sound Coalition video documents constant roars after a “loud bang” signaled “something popped off.”

For example, public records requests to the city of Southaven seeking information on xAI exemptions to noise ordinances or communications about the sound wall turned up nothing. A director overseeing the city’s planning and development claimed that the office was not “involved with the noise barrier wall” and could provide no details. Similarly, a permit clerk for the city’s building department confirmed there were no documents to share.

Asked for comment, a spokesperson for the coalition told Ars that the “absence of documentation raises transparency concerns.”

“When decisions with community impact are made without accessible records, it creates an accountability gap and limits the public’s ability to understand how those decisions were evaluated or authorized,” the spokesperson said.

An IT worker who co-founded the coalition, Jason Haley, told NBC News that xAI’s wall showed that the city could have required the company to do more to prevent noise pollution before upsetting community members.

“If you knew the noise was going to be an issue, put in a sound wall first,” Haley said. “Do some other stuff first before you torture us. That’s not that hard of an ask.”

xAI did not immediately respond to Ars’ request to comment. According to NBC News, the company has yet to make public a noise analysis that it conducted.

xAI’s turbines spark other concerns

xAI has maintained that it follows the law when rushing at breakneck speeds to build infrastructure to support its AI innovations. In Southaven, xAI was approved to operate the temporary gas turbines at the power plant for 12 months, without any additional permitting required.

Now it’s seeking permits for the permanent turbines, which residents worry could be nearly as loud, while possibly introducing more smog into an area that’s mostly homes, churches, parks, and schools, the Safe and Sound Coalition’s website said.

Pollutants could increase risks of asthma, heart attacks, stroke, and cancer, a community flyer the coalition distributed warned, urging attendance at a public meeting where residents could finally air their complaints (a meeting which NBC News’ report thoroughly documented). The flyer also suggested that the city’s main drinking water supply could be affected and perhaps tainted if the power plant’s wastewater contains toxic chemicals, since there isn’t a graywater recycling plant nearby. For residents, it’s hard to tell if things will ever get better. One noise analysis the coalition shared found that the daily sound of the turbines was higher on an “annoyance scale” than when entire neighborhoods set off New Year’s Eve fireworks.

“Our water, air, power grid, utility bills, property values, and health are all at risk,” the Safe and Sound Coalition’s website said. “We’re already facing toxic pollution and relentless industrial noise. There is no clear oversight, no transparency, and no plan to protect the people living nearby.”

The coalition expects that if enough community members protest the plant, the permitting agency will deny xAI’s permits and order any potentially dangerous turbines to be shut down. But other groups are taking a different approach, considering suing xAI if it continues operating the unpermitted gas turbines in Southaven.

Earlier this month, the Southern Environmental Law Center (SELC) joined the NAACP in sending xAI a notice of intent to sue. In that letter, groups warned that the Environmental Protection Agency (EPA) recently changed a rule that they argued now requires permits for the temporary turbines. They gave xAI 60 days to respond.

The same groups previously sent a legal threat to xAI, opposing alleged data center pollution in Memphis, Tenn. xAI eventually secured permits for some of the gas turbines sparking scrutiny there, which many locals found “devastating.” Further concerning, residents relying on drone imagery—with no other way to keep track of how many turbines xAI was running—warned that the permits only covered 15 of 24 turbines on site.

EPA shrugs off xAI permitting concerns

It’s unclear whether the SELC can win if it takes xAI to court, or whether the EPA would ever intervene if that action could be construed as delaying Trump’s order to rush permitting and build as many data centers as fast as possible to power AI.

The SELC declined Ars’ request to comment, but the EPA’s administrator, Lee Zeldin, seemed to negate that argument in an interview with Fox Business in January. Asked directly about xAI’s gas turbines, Zeldin confirmed that the EPA was working closely on permitting with local officials in Southaven and Shelby County—where xAI built a massive data center sparking protests.

Rather than suggesting that the EPA might be preparing to review xAI’s unpermitted gas turbines, Zeldin emphasized that for Donald Trump, it “is about getting permits done faster.”

“EPA has the power to slow things down; EPA also has the power to speed things up, and that’s where the Trump EPA is,” Zeldin said.

Permitting for the Southaven project’s permanent gas turbines may be approved as soon as next month, NBC News reported.

Residents skeptical second sound barrier will be better

For Southaven, xAI’s power plant—along with a planned data center, which Musk has dubbed “MACROHARDRR” to mock Microsoft—represents a chance to surge the local economy. That prospect seemingly swayed government support for the projects, which has apparently not waned in the face of mounting protests.

When Musk bought the dormant power plant, “it was the largest private investment in state history,” Tate Reeves, Mississippi’s Republican governor, claimed. Additionally, xAI’s affiliated company that’s behind the projects, MZX Tech, donated $1.38 million to the city’s police department, NBC News reported. Both the plant and the data center “are expected to bring in millions of dollars and new jobs,” Reeves said.

For Southaven residents, the only hope they have that the noise may die down any time soon is that construction on another sound barrier will be finished in the next two months, NBC News reported. Supposedly, engineers were taking time to study “what type of sound barrier would be most effective” amid complaints about the current sound barrier.

A spokesperson for the Safe and Sound Coalition told Ars that the group remains “skeptical” that the new wall will be any better than the first sound barrier.

“To our understanding, sound barriers can reduce certain frequencies under controlled conditions, but turbine noise involves low-frequency sounds and tonal components that often reach beyond barriers,” the coalition’s spokesperson said. “The most effective method for reducing industrial noise exposure is typically distance from residential areas, which is not a mitigation option in this scenario given the facility’s proximity to homes.”

The coalition urged xAI to be transparent and to share data backing mitigation claims if it wants the community to believe that the second sound barrier will make any difference.

“Without transparent modeling, validated field measurements, and independent verification, it is difficult to assess whether the barrier will meaningfully address the ongoing nuisance experienced by nearby residents,” the coalition’s spokesperson said. “Mitigation claims are only meaningful if they are supported by transparent data.”

Mayor labels protestors Musk haters

At least one city official, Mayor Darren Musselwhite, has suggested that community backlash is “political.” Although he acknowledged that the noise was a “legitimate concern,” he also claimed on Facebook that some people protesting xAI’s facility were simply Elon Musk haters, NBC News reported.

“Southaven is now under attack by all who choose to oppose Elon Musk because of his high-profile political stances,” Musselwhite wrote.

However, residents told NBC News that “their concerns have nothing to do with politics.” One person interviewed even praised Musk’s work with the Department of Government Efficiency.

Instead, they’re worried that local officials seeing dollar signs have potentially let xAI exploit loopholes to pollute communities without any warning. The community flyer from the Safe and Sound Coalition criticized what they viewed as shady behavior from local officials:

“This project was started behind our backs, with zero community input. Local officials have repeatedly downplayed concerns, spun the facts, and misled residents about the true impacts and the deals made with xAI. Many people only found out after the turbines were up and running.”

The coalition’s spokesperson told Ars that a health impact analysis published on behalf of the SELC provides “meaningful insight” into the biggest health risks. That concluded that using the EPA’s COBRA health impact model, emissions from running 41 permanent turbines at the Southaven plant “are estimated to result in $30–$44 million per year in health-related damages, including costs from premature deaths, hospital visits, and lost productivity. Over a typical 30-year operating life, these impacts would amount to approximately $588–$862 million in cumulative discounted public-health costs, borne largely by residents of Tennessee and Mississippi.”

Additionally, the largest amount of harmful pollutants increases are expected to be “concentrated in communities that are disproportionately Black, highly socially vulnerable, and have elevated baseline asthma prevalence,” the report said.

If the permits are issued, the Coalition’s spokesperson told Ars that the group expects to continue gathering reports of “firsthand experiences” from nearby residents, which will “continue to provide valuable information regarding ongoing impacts.” The group plans to continue engaging with officials and pushing for greater accountability and transparent monitoring, as well as documenting noise conditions, reviewing emissions reports, and collecting independent data where feasible.

“The Coalition’s focus is long-term community protection, which means tracking compliance, advocating for corrective action if standards are not met, and ensuring residents have access to accurate information about environmental and health impacts,” the spokesperson said. “Permit approval would not resolve community concerns; it would shift our focus toward ongoing oversight and enforcement.”

Ashley is a senior policy reporter for Ars Technica, dedicated to tracking social impacts of emerging policies and new technologies. She is a Chicago-based journalist with 20 years of experience.

xAI spent $7M building wall that barely muffles annoying power plant noise Read More »

New AirSnitch attack breaks Wi-Fi encryption in homes, offices, and enterprises

Biz & IT, Encryption, Features, Networking, Security, wi-fi / Kelly Newman / February 26, 2026

CLOWNS TO THE LEFT, JOKERS TO THE RIGHT

That guest network you set up for your neighbors may not be as secure as you think.

Credit: Getty Image | BlackJack3D

It’s hard to overstate the role that Wi-Fi plays in virtually every facet of life. The organization that shepherds the wireless protocol says that more than 48 billion Wi-Fi-enabled devices have shipped since it debuted in the late 1990s. One estimate pegs the number of individual users at 6 billion, roughly 70 percent of the world’s population.

Despite the dependence and the immeasurable amount of sensitive data flowing through Wi-Fi transmissions, the history of the protocol has been littered with security landmines stemming both from the inherited confidentiality weaknesses of its networking predecessor, Ethernet (it was once possible for anyone on a network to read and modify the traffic sent to anyone else), and the ability for anyone nearby to receive the radio signals Wi-Fi relies on.

Ghost in the machine

In the early days, public Wi-Fi networks often resembled the Wild West, where ARP spoofing attacks that allowed renegade users to read other users’ traffic were common. The solution was to build cryptographic protections that prevented nearby parties—whether an authorized user on the network or someone near the AP (access point)—from reading or tampering with the traffic of any other user.

New research shows that behaviors that occur at the very lowest levels of the network stack make encryption—in any form, not just those that have been broken in the past—incapable of providing client isolation, an encryption-enabled protection promised by all router makers, that is intended to block direct communication between two or more connected clients.

The isolation can effectively be nullified through AirSnitch, the name the researchers gave to a series of attacks that capitalize on the newly discovered weaknesses. Various forms of AirSnitch work across a broad range of routers, including those from Netgear, D-Link, Ubiquiti, Cisco, and those running DD-WRT and OpenWrt.

AirSnitch “breaks worldwide Wi-Fi encryption, and it might have the potential to enable advanced cyberattacks,” Xin’an Zhou, the lead author of the research paper, said in an interview. “Advanced attacks can build on our primitives to [perform] cookie stealing, DNS and cache poisoning. Our research physically wiretaps the wire altogether so these sophisticated attacks will work. It’s really a threat to worldwide network security.” Zhou presented his research on Wednesday at the 2026 Network and Distributed System Security Symposium.

Paper co-author Mathy Vanhoef, said a few hours after this post went live that the attack may be better described as a Wi-Fi encryption “bypass,” “in the sense that we can bypass client isolation. We don’t break Wi-Fi authentication or encryption. Crypto is often bypassed instead of broken. And we bypass it ;)” People who don’t rely on client or network isolation, he added, are safe.

Previous Wi-Fi attacks that overnight broke existing protections such as WEP and WPA worked by exploiting vulnerabilities in the underlying encryption they used. AirSnitch, by contrast, targets a previously overlooked attack surface—the lowest levels of the networking stack, a hierarchy of architecture and protocols based on their functions and behaviors.

The lowest level, Layer-1, encompasses physical devices such as cabling, connected nodes, and all the things that allow them to communicate. The highest level, Layer-7, is where applications such as browsers, email clients, and other Internet software run. Levels 2 through 6 are known as the Data Link, Network, Transport, Session, and Presentation layers, respectively.

Identity crisis

Unlike previous Wi-Fi attacks, AirSnitch exploits core features in Layers 1 and 2 and the failure to bind and synchronize a client across these and higher layers, other nodes, and other network names such as SSIDs (Service Set Identifiers). This cross-layer identity desynchronization is the key driver of AirSnitch attacks.

The most powerful such attack is a full, bidirectional machine-in-the-middle (MitM) attack, meaning the attacker can view and modify data before it makes its way to the intended recipient. The attacker can be on the same SSID, a separate one, or even a separate network segment tied to the same AP. It works against small Wi-Fi networks in both homes and offices and large networks in enterprises.

With the ability to intercept all link-layer traffic (that is, the traffic as it passes between Layers 1 and 2), an attacker can perform other attacks on higher layers. The most dire consequence occurs when an Internet connection isn’t encrypted—something that Google recently estimated occurred when as much as 6 percent and 20 percent of pages loaded on Windows and Linux, respectively. In these cases, the attacker can view and modify all traffic in the clear and steal authentication cookies, passwords, payment card details, and any other sensitive data. Since many company intranets are sent in plaintext, traffic from them can also be intercepted.

Even when HTTPS is in place, an attacker can still intercept domain look-up traffic and use DNS cache poisoning to corrupt tables stored by the target’s operating system. The AirSnitch MitM also puts the attacker in the position to wage attacks against vulnerabilities that may not be patched. Attackers can also see the external IP addresses hosting webpages being visited and often correlate them with the precise URL.

Given the range of possibilities it affords, AirSnitch gives attackers capabilities that haven’t been possible with other Wi-Fi attacks, including KRACK from 2017 and 2019 and more recent Wi-Fi attacks that, like AirSnitch, inject data (known as frames) into remote GRE tunnels and bypass network access control lists.

“This work is impressive because unlike other frame injection methods, the attacker controls a bidirectional flow,” said HD Moore, a security expert and the founder and CEO of runZero.

He continued:

This research shows that a wireless-connected attacker can subvert client isolation and implement full relay attacks against other clients, similar to old-school ARP spoofing. In a lot of ways, this restores the attack surface that was present before client isolation became common. For folks who lived through the chaos of early wireless guest networking rollouts (planes, hotels, coffee shops) this stuff should be familiar, but client isolation has become so common, these kinds of attacks may have fallen off people’s radar.

Stuck in the middle with you

The MitM targets Layers 1 and 2 and the interaction between them. It starts with port stealing, one of the earliest attack classes of Ethernet that’s adapted to work against Wi-Fi. An attacker carries it out by modifying the Layer-1 mapping that associates a network port with a victim’s MAC—a unique address that identifies each connected device. By connecting to the BSSID that bridges the AP to a radio frequency the target isn’t using (usually a 2.4GHz or 5GHz) and completing a Wi-Fi four-way handshake, the attacker replaces the target’s MAC with one of their own.

The attacker spoofs the victim’s MAC address on a different NIC,

causing the internal switch to mistakenly associate the victim’s address with the attacker’s port/BSSID. As a result, frames intended for the victim are

forwarded to the attacker and encrypted using the attacker’s PTK. Credit: Zhou et al.

In other words, the attacker connects to the Wi-Fi network using the target’s MAC and then receives the target’s traffic. With this, an attacker obtains all downlink traffic (data sent from the router) intended for the target. Once the switch at Layer-2 sees the response, it updates its MAC address table to preserve the new mapping for as long as the attacker needs.

This completes the first half of the MitM, allowing all data to flow to the attacker. That alone would result in little more than a denial of service for the target. To prevent the target from noticing—and more importantly, to gain the bidirectional MitM capability needed to perform more advanced attacks—the attacker needs a way to restore the original mapping (the one assigning the victim’s MAC to the Layer-1 port). An attacker performs this restoration by sending an ICMP ping from a random MAC. The ping, which must be wrapped in a Group Temporal key shared among all clients, triggers replies that cause the Layer-1 mapping (i.e., port states) to revert back to the original one.

“In a normal Layer-2 switch, the switch learns the MAC of the client by seeing it respond with its source address,” Moore explained. “This attack confuses the AP into thinking that the client reconnected elsewhere, allowing an attacker to redirect Layer-2 traffic. Unlike Ethernet switches, wireless APs can’t tie a physical port on the device to a single client; clients are mobile by design.”

The back-and-forth flipping of the MAC from the attacker to the target, and vice versa, can continue for as long as the attacker wants. With that, the bidirectional MitM has been achieved. Attackers can then perform a host of other attacks, both related to AirSnitch or ones such as the cache poisoning discussed earlier. Depending on the router the target is using, the attack can be performed even when the attacker and target are connected to separate SSIDs connected by the same AP. In some cases, Zhou said, the attacker can even be connected from the Internet.

“Even when the guest SSID has a different name and password, it may still share parts of the same internal network infrastructure as your main Wi-Fi,” the researcher explained. “In some setups, that shared infrastructure can allow unexpected connectivity between guest devices and trusted devices.”

No, enterprise defenses won’t protect you

Variations of the attack defeat the client isolation promised by makers of enterprise routers, which typically use credentials and a master encryption key that are unique to each client. One such attack works across multiple APs when they share a wired distribution system, as is common in enterprise and campus networks.

In their paper, AirSnitch: Demystifying and Breaking Client Isolation in Wi-Fi Networks, the researchers wrote:

Although port stealing was originally devised for hosts on the same switch, we show that attackers can hijack MAC-to-port mappings at a higher layer, i.e., at the level of the distribution switch—to intercept traffic to victims associated with different APs. This escalates the attack beyond its traditional limits, breaking the assumption that separate APs provide effective isolation.

This discovery exposes a blind spot in client isolation: even physically separated APs, broadcasting different SSIDs, offer ineffective isolation if connected to a common distribution system. By redirecting traffic at the distribution switch, attackers can intercept and manipulate victim traffic across AP boundaries, expanding the threat model for modern Wi-Fi networks.

The researchers demonstrated that their attacks can enable the breakage of RADIUS, a centralized authentication protocol for enhanced security in enterprise networks. “By spoofing a gateway MAC and connecting to an AP,” the researchers wrote, “an attacker can steal uplink RADIUS packets.” The attacker can go on to crack a message authenticator that’s used for integrity protection and, from there, learn a shared passphrase. “This allows the attacker to set up a rogue RADIUS server and associated rogue WPA2/3 access point, which allows any legitimate client to connect, thereby intercepting their traffic and credentials.”

The researchers tested the following 11 devices:

Netgear Nighthawk x6 R8000
Tenda RX2 Pro
D-LINK DIR-3040
TP-LINK Archer AXE75
ASUS RT-AX57
DD-WRT v3.0-r44715
OpenWrt 24.10
Ubiquiti AmpliFi Alien Router
Ubiquiti AmpliFi Router HD
LANCOM LX-6500
Cisco Catalyst 9130

As noted earlier, every tested router was vulnerable to at least one attack. Zhou said that some router makers have already released updates that mitigate some of the attacks, and more updates are expected in the future. But he also said some manufacturers have told him that some of the systemic weaknesses can only be addressed through changes in the underlying chips they buy from silicon makers.

The hardware manufacturers face yet another challenge: The client isolation mechanisms vary from maker to maker. With no industry-wide standard, these one-off solutions are splintered and may not receive the concerted security attention that formal protocols are given.

So how bad is AirSnitch, really?

With a basic understanding of AirSnitch, the next step is to put it into historical context and assess how big a threat it poses in the real world. In some respects, it resembles the 2007 PTW attack (named for its creators Andrei Pyshkin, Erik Tews, and Ralf-Philipp Weinmann) that completely and immediately broke WEP, leaving Wi-Fi users everywhere with no means to protect themselves against nearby adversaries. For now, client isolation is similarly defeated—almost completely and overnight—with no immediate remedy available.

At the same time, the bar for waging WEP attacks was significantly lower, since it was available to anyone within range of an AP. AirSnitch, by contrast, requires that the attacker already have some sort of access to the Wi-Fi network. For many people, that may mean steering clear of public Wi-Fi networks altogether.

If the network is properly secured—meaning it’s protected by a strong password that’s known only to authorized users—AirSnitch may not be of much value to an attacker. The nuance here is that even if an attacker doesn’t have access to a specific SSID, they may still use AirSnitch if they have access to other SSIDs or BSSIDs that use the same AP or other connecting infrastructure.

Yet another difference to the PTW attack—and others that have followed breaking WPA, WPA2, and WPA3 protections—is that they were limited to hacks using terrestrial radio signals, a much more limited theater than the one AirSnitch uses. Ultimately, the AirSnitch attacks are broader but less severe.

Also unlike those previous attacks, firewall mitigations may be more problematic.

“We expand the threat model showing an attacker can be on another channel or port, or can be from the Internet,” Zhou said. “Firewalls are also networking devices. We often say a firewall is a Layer-3 device because it works at the IP layer. But fundamentally, it’s connected by wire to different network elements. That wire is not secure.”

Some of the threat can be mitigated by using VPNs, but this remedy has all the usual drawbacks that come with them. For one, VPNs are notorious for leaking metadata, DNS queries, and other traffic that can be useful to attackers, making the protection limited. And for another, finding a reputable and trustworthy VPN provider has historically proven to be vexingly difficult, though things have improved more recently. Ultimately, a VPN shouldn’t be regarded as much more than a bandage.

Another potential mitigation is using wireless VLANs to isolate one SSID from another. Zhou said such options aren’t universally available and are also “super easy to be configured wrong.” Specifically, he said VLANs can often be implemented in ways that allow “hopping vulnerabilities.” Further, Moore has argued why “VLANs are not a practical barrier” against all AirSnitch attacks

The most effective remedy may be to adopt a security stance known as zero trust, which treats each node inside a network as a potential adversary until it provides proof it can be trusted. This model is challenging for even well-funded enterprise organizations to adopt, although it’s becoming easier. It’s not clear if it will ever be feasible for more casual Wi-Fi users in homes and smaller businesses.

Probably the most reasonable response is to exercise measured caution for all Wi-Fi networks managed by people you don’t know. When feasible, use a trustworthy VPN on public APs or, better yet, tether a connection from a cell phone.

Wi-Fi has always been a risky proposition, and AirSnitch only expands the potential for malice. Then again, the new capabilities may mean little in the real world, where evil twin attacks accomplish many of the same objectives with much less hassle.

Moore said the attacks possible before client isolation were often as simple as running ettercap or similar tools as soon as a normal Wi-Fi connection was completed. AirSnitch attacks require considerably more work, at least until someone writes an easy-to-use script that automates it.

“It will be interesting to see if the wireless vendors care enough to resolve these issues completely and if attackers care enough to put all of this together when there might be easier things to do (like run a fake AP instead),” Moore said. “At the least it should make pentesters’ lives more interesting since it re-opens a lot of exposure that many folks may not have any experience with.”

Dan Goodin is Senior Security Editor at Ars Technica, where he oversees coverage of malware, computer espionage, botnets, hardware hacking, encryption, and passwords. In his spare time, he enjoys gardening, cooking, and following the independent music scene. Dan is based in San Francisco. Follow him at here on Mastodon and here on Bluesky. Contact him on Signal at DanArs.82.

New AirSnitch attack breaks Wi-Fi encryption in homes, offices, and enterprises Read More »

Badge engineering could be worse than this: The 2026 Subaru Uncharted

car review, Cars, First drive, Subaru Uncharted, Toyota bZ / Kelly Newman / February 26, 2026

In reality, much of life with the Uncharted reminded me of Toyota. Subaru may have programmed the AWD system’s power delivery or tuned the suspension, but the large 14-inch multimedia touchscreen features far more advanced software than a 2026 Crosstrek or Forester. All the plastics inside, the dash texture, the nifty shift knob, the dual smartphone charging pads, the minimalist gauge cluster screen—these are a bunch of classic (modern) Toyota parts. In fact, under the hood, almost everything bore Toyota stickers, right down to the 12 V battery.

Subaru Uncharted interior — A good number of functions are controlled by discreet buttons but you’ll need to use the touchscreen to interact with the climate controls. Credit: Subaru

Toyota will build the Uncharted, and deliveries should begin this spring shortly after C-HR customers begin to receive cars. From a stylistic standpoint, telling the two apart will require a close eye. The Subaru has a bulkier front end with more unpainted plastics but a slightly cleaner rear that better displays the branding (written out, no more Pleiades logo). The advantages of EV powertrain packaging come into play, even if the more angular design departs somewhat from the Solterra (and certainly from the gas-powered lineup).

Overall, the Uncharted measures 1.4 inches (35.5 mm) longer than a Crosstrek but offers about 10 percent more cargo volume—great for transporting gear to the trail.

Subaru also quoted a survey that reported 35 percent of current owners might consider an EV for their next car purchase. Will that percentage overlap with the 25 percent who take their Subarus off-roading? It seems more likely to fit into the 50 percent who highlight range as their most important consideration when buying an EV.

In this light, the FWD Uncharted, which provides a few more miles and a lower price tag, seems better for the urban Subaru owner. Leave the adventures to the gas-powered and hybrid models with symmetric AWD—after all, the Uncharted’s rear motor acts more like a helper than a truly balanced powertrain.

The fact that Toyota decided against building a FWD version of the C-HR, leaving that lower price point and improved range to Subaru, may well come into play. Subaru’s reps seemed generally surprised by the decision, which appears to stem from Toyota’s reluctance to impinge on a more significant FWD hybrid lineup. So the return of FWD may end up being the defining detail that sets the otherwise competent (if not outstanding) Uncharted apart in a crowded market segment.

Badge engineering could be worse than this: The 2026 Subaru Uncharted Read More »

The Galaxy S26 is faster, more expensive, and even more chock-full of AI

AI, android, Galaxy s26, samsung, smartphones, Tech / Kelly Newman / February 25, 2026

Samsung’s Galaxy S26 series is available for preorder today and ships on March 11.

The Galaxy S26 lineup doesn’t change much on the outside. Credit: Samsung

There used to be countless companies making flagship Android phones, but a combination of factors has narrowed the field over time. Today, Samsung is the undisputed king of the Android device ecosystem with its Galaxy S line. So we can safely assume today’s Unpacked has revealed the most popular Android phones for the next year—the Galaxy S26 Ultra, Galaxy S26+, and Galaxy S26.

Samsung didn’t swing for the fences this time around, producing phones with a few cosmetic tweaks and upgraded internals. Meanwhile, Samsung is investing even more in AI, saying the S26 series includes the first “Agentic AI phones.” Despite limited hardware upgrades, the realities of component prices in the age of AI mean the prices of the two cheaper models have gone up by $100 this year. The Ultra remains at an already eye-watering $1,300.

Faster and more private

Looking at the Galaxy S26 family, you’d be hard-pressed to tell them apart from last year’s phones. The camera surround is different, and the measurements of the smallest and largest phone are ever so slightly different. You probably won’t be able to tell just by looking, but the S26 Ultra has regressed from titanium to aluminum, a reversion Apple also made with its latest high-end phones. This phone also retains its S Pen stylus.

Specs at a glance: Samsung Galaxy S26 series
	Galaxy S26 ($900)	Galaxy S26+ ($1,100)	Galaxy S26 Ultra ($1,300)
SoC	Snapdragon 8 Elite Gen 5 (3 nm)	Snapdragon 8 Elite Gen 5 (3 nm)	Snapdragon 8 Elite Gen 5 (3 nm)
Memory	12GB	12GB	12GB, 16GB
Storage	256GB, 512GB	256GB, 512GB	256GB, 512GB, 1TB
Display	6.3-inch OLED, 10-bit color, 2340×1080, 1-120Hz	6.7-inch OLED, 10-bit color, 3120×1440, 1-120Hz	6.9-inch OLED, 10-bit color, 3120×1440, 1-120Hz, S Pen support
Cameras	50MP primary, f/1.8, 1.0 μm; 12MP ultrawide, f/2.2, 1.4 μm, 10MP 3x telephoto, f/2.4, 1.0 μm; 12MP selfie, f/2.2, 1.12 μm	50MP primary, f/1.8, 1.0 μm; 12MP ultrawide, f/2.2, 1.4 μm, 10MP 3x telephoto, f/2.4, 1.0 μm; 12MP selfie, f/2.2, 1.12 μm	200MP primary, f/1.4, 0.6 μm; 50MP ultrawide, f/1.9, 0.7 μm; 10MP 3x telephoto, f/2.4, 1.12 μm; 50MP 5x telephoto, f/2.9, 0.7 μm; 12MP selfie, f/2.2, 1.12 μm
Software	Android 16	Android 16	Android 16
Battery	4,300 mAh	4,900 mAh	5,000 mAh
Connectivity	Wi-Fi 7, Bluetooth 5.4, USB-C 3.2, Sub6 5G	Wi-Fi 7, Bluetooth 5.4, USB-C 3.2, Sub6 and mmWave 5G	Wi-Fi 7, Bluetooth 5.4, USB-C 3.2, Sub6 and mmWave 5G
Measurements	71.7×149.6×7.2 mm, 167g	75.8×158.4×7.3 mm, 190g	78.1×163.6×7.9 mm, 214 g

These phones will again have the latest Snapdragon flagship processor (in North America, Japan, and China) with customizations exclusive to Samsung. The Snapdragon 8 Elite Gen 5 for Galaxy is a 3 nm chip with third-gen Oryon CPU cores, an Adreno 840 GPU, and a powerful Hexagon NPU for on-device AI processing. Samsung promises double-digit performance gains across the board, which is what we hear every year.

Samsung flagship phones have extremely fast hardware, so they benchmark well. However, they also tend to heat up and throttle quickly during sustained use. Perhaps that won’t be as much of a problem with the S26 series. Samsung says it has implemented its largest vapor chamber ever to better control temperatures.

The batteries have also been redesigned for greater efficiency and charging speed, but the base model is the only one that saw a capacity boost (4,000 to 4,300 mAh). Charging speeds have gotten a much-needed increase at the Ultra level. Samsung has only said you can now get a 75 percent charge in 30 minutes using its most expensive phone—it peaks at 60 W, up from 45 W for the last Ultra.

Samsung has been using the same camera sensors for a few cycles now, and it’s not changing anything major this time around. The Ultra still has four cameras (including two telephotos) that top out with the 200 MP primary, and the S26+ and base model still have three cameras with a 50 MP primary. The apertures on the Ultra sensors are a bit wider to allow for brighter photos in challenging conditions. More interesting, though, is the option to record high-quality 8K video directly to an external drive. The S26 also brings support for the Advanced Professional Video (APV) codec.

While the display specs haven’t changed much, they are home to the phone’s most notable new feature: Privacy Display. As smartphone screens have improved, they have emphasized high brightness and wide viewing angles, which is what you want most of the time. However, that also makes it easy for people nearby to see what’s on your screen. With one tap, the S26 can make it harder for shoulder surfers to see what you’re doing.

Privacy Display prevents shoulder surfers from peeking at your screen. Credit: Samsung

Privacy Display uses a technology called Black Matrix, which activates “narrow pixels.” These pixels focus light more directly on the user to limit the viewing angle. Privacy Display can be activated system-wide as you like, but it can also be activated on a per-app basis or even just in the part of the screen where notifications appear.

What is an Agentic AI phone anyway?

Unsurprisingly, AI takes the lead with the S26 launch. Part of that is just Samsung following the zeitgeist, but companies can also add new AI capabilities to fill out spec sheets without a bunch of increasingly expensive hardware upgrades. In Samsung’s words, it has sought to have “AI integrated into every layer” of the Galaxy S26 experience.

That starts with expanded awareness of screen context. The company’s Now Brief feature, which is supposed to pull together useful information from across your apps, has not been very impressive so far. With the S26, Samsung is piping notification content into Now Brief, allowing it to remind you about things even if you never added them to your calendar or to-do list. Like many of Samsung’s Galaxy AI features, this data is processed on-device and won’t go to the cloud.

A Galaxy AI Nudge that helps you select photos.

In a similar vein, Galaxy AI is also getting “Nudges,” which look similar to Google’s Magic Cue on the Pixel 10 series. The Galaxy S26 will be able to suggest content and apps based on what’s happening on the screen. For example, Galaxy AI might see you want to share images and suggest the right ones, or perhaps it will check your calendar for openings to save you from switching apps. Of course, that assumes the AI will correctly recognize the context and call the right action.

AI features will also be expanding in Samsung’s stock apps. In the Browser, Samsung has partnered with Perplexity for a new “Ask AI” feature. Rather than juggling tabs to read original sources yourself, you can have the AI do it. It basically gives you a research report like you could get from Perplexity itself (or Gemini Deep Research), but it’s integrated with the browser. Samsung’s gallery app also gets expanded AI editing tools with the S26. These capabilities will really allow you to change the substance of photos, so Samsung has added a visible watermark to label them. We’ve asked if there are AI labels in the image metadata, like you get with some other editing systems.

AI-edited photos have a visible watermark. Credit: Samsung

A major component of Samsung’s “Agentic AI phone” pitch comes from a partnership with Google. For starters, Google’s AI-powered scam detection features in the Messaging app, previously exclusive to Pixels, will launch on the S26 in preview before expanding to more devices later. Circle to Search is getting an upgrade that lets it identify multiple objects in a single image—this is in testing on both the Pixel 10 series and the Galaxy S26.

The other Google tie-in is more in keeping with the goal of agentic AI. For the first time, Gemini will be able to handle multistep tasks for you. You can watch it work if you prefer, but this can also happen entirely in the background while you do other things. It’s a bit like the recently launched Chrome Auto Browse but for apps.

The selection of apps is pretty slim during this testing period. Samsung and Google say you’ll be able to order food and groceries in apps like DoorDash and Grubhub, and there will be a tie-in with Uber for both rides and food. Google currently says you should “supervise closely” when the agent is working on your behalf. So we’ll see how that goes.

When you can get it

Samsung is accepting preorders for its new phones starting today. You can get them at every mobile carrier or directly from Samsung’s website. Carriers will offer a variety of deals with monthly credits to reduce the sting of the new, higher prices. Samsung has enhanced trade-in values right now, which is a more straightforward way to get a discount if you have an old phone to unload. It’s offering up to $900 off instantly with an S25 Ultra or Z Fold 6 trade-in. Even a phone from a couple of years ago can cut the price of a Galaxy S26 way down.

S26 colors — The Galaxy S26 comes in a variety of understated colors. Credit: Samsung

The phones are available in violet cobalt, sky blue, white, and black at all retailers. Samsung’s exclusive colors this time are silver shadow and pink gold. Devices will be on shelves and the doorsteps of preorderers on or around March 11.

Ryan Whitwam is a senior technology reporter at Ars Technica, covering the ways Google, AI, and mobile technology continue to change the world. Over his 20-year career, he’s written for Android Police, ExtremeTech, Wirecutter, NY Times, and more. He has reviewed more phones than most people will ever own. You can follow him on Bluesky, where you will see photos of his dozens of mechanical keyboards.

The Galaxy S26 is faster, more expensive, and even more chock-full of AI Read More »

Could a vaccine prevent dementia? Shingles shot data only getting stronger.

ars-health-featured, ars-health-shingles, chicken pox, dementia, health, inflammation, shingles, shingrix, vaccine / Kelly Newman / February 25, 2026

Latest data hints that benefits seen so far could be underestimates.

Shingrix, the vaccine for the shingles, is seen at a pharmacy on Friday, Jan. 18, 2019 in Cohoes, N.Y. Credit: Getty | Lori Van Buren

While lifesaving vaccines face a relentless onslaught from the Trump administration—with fervent anti-vaccine advocate Robert F. Kennedy Jr. leading the charge—scientific literature is building a wondrous story: A vaccine appears to prevent dementia, including Alzheimer’s, and may even slow biological aging.

For years, study after study has noted that older adults vaccinated against shingles seemed to have a lower risk of dementia. A study last month suggested the same vaccine appears to slow biological aging, including lowering markers of inflammation.

“Our study adds to a growing body of work suggesting that vaccines may play a role in healthy aging strategies beyond solely preventing acute illness,” study author Eileen Crimmins, of the University of Southern California, said.

Another study this month suggested the positive findings against dementia from the past may even be underestimates of the vaccination’s potential, with a newer vaccine against shingles providing even more protection.

Shingles

If the dementia protection is real, it’s a fluke. The vaccine was designed for the entirely unrelated task of keeping the varicella-zoster virus—the cause of chickenpox (varicella)—from reactivating and causing an agonizing rash.

Anyone who suffered the itchy childhood affliction carries the virus with them for the rest of their lives, largely dormant in their nerve cells. But, if it awakens, it causes a painful, itchy rash—aka shingles (herpes zoster). The rash develops fluid-filled blisters and crusts over, lasting for days to several weeks. For some, it can be intensely painful, and the pain can linger for months or even years after the rash fades. If it occurs near the eye, it can cause permanent vision damage; near the ear, it can cause permanent hearing and balance problems.

Shingles is thought to be triggered by a fault in the immune response that keeps the latent virus in check, often from age-related decline. That’s where a vaccine comes in. The first was Zostavax, released by Merck in 2006, which delivers a hefty dose of a live, but weakened, version of the varicella-zoster virus. This spurs the immune system to shore up defenses to prevent the virus from reigniting. Studies found the vaccine cut the risk of shingles by 51 percent.

In 2017, a new vaccine hit the scene: Shingrix, a recombinant, adjuvanted vaccine from GlaxoSmithKline. Instead of a whole, live virus vaccine like Zostavax, Shingrix delivers only a key protein found on the outside of the varicella-zoster virus particle (glycoprotein e) that re-primes the immune system. The shot also contains an adjuvant—an extra ingredient that stimulates the immune system—to ensure a vigorous response. Trials found that the response to Shingrix is indeed vigorous, with the vaccine being 90 to 97 percent effective at preventing shingles in adults age 50 and up.

With its superior efficacy, the US Centers for Disease Control and Prevention and its vaccine advisors switched its recommendation in 2018, ditching Zostavax for the more effective Shingrix.

In the meantime, researchers noted that since Zostavax’s debut, vaccinated adults seemed to be at lower risk of dementia than their unvaccinated peers. But studies comparing the vaccinated to the unvaccinated raise the question of whether the data is simply pointing to a background difference between the two groups; perhaps people who seek vaccination are generally healthier—a problem called healthy-user bias.

Natural experiments

In the past few years, studies have been putting that concern to rest. Instead of comparing vaccinated versus unvaccinated, researchers took advantage of vaccine rollouts in different countries, including Australia, Canada, and Wales. The vaccine introductions created clear cutoffs for people who were suddenly eligible for the vaccine and people who were permanently ineligible. These “natural” experiments lessened the concern of people being able to self-select their group.

So far, the results of these studies have consistently supported the finding that shingles vaccination is linked to a lower risk of dementia. The study in Wales, for instance, published in Nature in April 2025, looked at outcomes in over 280,000 older people after the September 1, 2013, debut of Zostavax. At the time, people 71 to 78 years old progressively became eligible for the vaccine, while those who were 80 at the start of the rollout were ineligible and never became eligible. Researchers looked at dementia diagnoses over a seven-year follow-up period and found that vaccination among the eligible reduced the relative rate of dementia cases by 20 percent compared with the ineligible group.

That same month, researchers published a study in JAMA that followed over 18,000 older people in Australia after the November 1, 2016, rollout of Zostavax. People 70 to 79 at that date were eligible for a free Zostavax dose. But everyone age 80 or older was permanently ineligible. After a 7.4-year follow-up period, the researchers found that 5.5 percent of the ineligible people were diagnosed with dementia, while only 3.7 percent of those in the eligible category were diagnosed with the condition, a 1.8 percentage point drop.

A third natural study out this month in The Lancet Neurology found a similar 2 percentage-point drop in dementia rates in Canada after the Zostavax rollout there.

Newer vaccine

As Eric Topol, a molecular medicine expert at Scripps Research Institute, noted, if a drug were found to cut the risk of dementia by 20 percent, it would be considered a breakthrough. But data on the shingles vaccine has been met with no such fanfare.

Still, further data suggests that vaccination may be even better than it already appeared—the rosy findings so far may be an underestimate based on the now-outdated Zostavax vaccine. With Shingrix, which is significantly more effective against shingles, the protective effect against dementia may be even larger.

In 2024, researchers reported another natural experiment comparing dementia rates among over 200,000 people in the US vaccinated before or after the switch from Zostavax to Shingrix. The study, published in Nature Medicine, found that compared with Zostavax, vaccination with Shingrix was linked to a 17 percent relative increase in dementia-free time.

A study published in Nature Communications this month by researchers in California went further. They compared dementia rates among nearly 66,000 people who received the Shingrix vaccine and over 260,000 unvaccinated matched controls. The researchers found that the vaccinated group had a 51 percent lower risk of dementia compared to the unvaccinated controls.

Lingering questions

Of course, these consistent findings on dementia prevention raise the question of how exactly the vaccine is preventing cases. Unfortunately, researchers still don’t know. However, many have speculated that by fortifying immune responses against the varicella-zoster virus and preventing reactivation, the vaccine reduces overall brain inflammation that could contribute to the development of dementia.

Another lingering question from the data so far is that several studies have found that women see more benefit from the vaccine than men in terms of dementia risk. It’s unclear why this would be the case, but researchers have noted that there are some potentially related associations: Women are more likely to develop dementia than men, and they’re also more likely to get shingles.

The study published last month, looking at biological aging after shingles vaccination, tried to address some of these questions. The study, published in the Journal of Gerontology and led by Crimmins and Jung Ki Kim, looked at blood and health markers from over 3,800 adults, about half of whom were vaccinated and half not. The researchers used tests to examine markers for inflammation, immune response, cardiovascular health, signs of neurodegenerations, and gene activity. They also created a composite biological aging score for participants.

The results suggest that vaccinated people had lower signs of inflammation and molecular aging as well as better composite aging scores. The data also hinted that vaccinated women had better results on some of the molecular aging testing.

Kim noted that chronic, low-level inflammation can contribute to age-related health conditions, including cardiovascular disease and dementia. “By helping to reduce this background inflammation—possibly by preventing reactivation of the virus that causes shingles, the vaccine may play a role in supporting healthier aging,” she suggested.

Of course, additional studies will need to confirm the findings. And if they do, the results could also be even better in follow-up studies. In Kim and Crimmins’ study, the participants were vaccinated with Zostavax, the older vaccine, not the newer, more effective Shingrix.

Beth is Ars Technica’s Senior Health Reporter. Beth has a Ph.D. in microbiology from the University of North Carolina at Chapel Hill and attended the Science Communication program at the University of California, Santa Cruz. She specializes in covering infectious diseases, public health, and microbes.

Could a vaccine prevent dementia? Shingles shot data only getting stronger. Read More »

UK fines Reddit for not checking user ages aggressively enough

Policy, reddit / Kelly Newman / February 24, 2026

A UK regulator today fined Reddit £14.5 million ($19.6 million) for not verifying the ages of users. The UK Information Commissioner’s Office (ICO) alleged that the failure to check ages resulted in Reddit illegally using children’s personal information.

“Our investigation found that Reddit failed to apply any robust age assurance mechanism and therefore did not have a lawful basis for processing the personal information of children under the age of 13… These failures meant Reddit was using children’s data unlawfully, potentially exposing them to inappropriate and harmful content,” an ICO press release said.

The ICO findings are based on Reddit’s actions prior to its July 2025 rollout of a system that verifies UK users’ ages before letting them view adult content. But the ICO said it is still concerned about Reddit’s post-July 2025 system because the company relies on users to declare their ages when opening an account.

Reddit today said it will appeal the fine and criticized the ICO for demanding more collection of private information. “Reddit doesn’t require users to share information about their identities, regardless of age, because we are deeply committed to their privacy and safety,” Reddit said in a statement provided to Ars. “The ICO’s insistence that we collect more private information on every UK user is counterintuitive and at odds with our strong belief in our users’ online privacy and safety. We intend to appeal the ICO’s decision.”

Reddit pointed to its privacy policy, which says, “We collect minimal information that can be used to identify you by default. If you want to just browse, you don’t need an account. If you want to create an account to participate in a subreddit, we don’t require you to give us your real name. We don’t track your precise location. You can even browse anonymously. You can share as much or as little about yourself as you want when using Reddit.”

UK fines Reddit for not checking user ages aggressively enough Read More »

In a replay of 2019, Apple says a single desktop Mac will be manufactured in the US

Apple, Mac mini, Policy / Kelly Newman / February 24, 2026

The bulk of the supply chain for phones, tablets, computers, game consoles, and most other tech is still overwhelmingly reliant on overseas manufacturers. Most of Apple’s A- and M-series chips are still made in TSMC’s factories in Taiwan, and while TSMC is making some of its chips in the US, it has resisted efforts to bring more of its capacity to the US. Facilities for manufacturing memory, storage, and displays are also mostly located overseas. And that’s before you even start thinking about the facilities where all of these components are assembled into finished products.

There are signs that more chip manufacturing, at least, is coming to the US. Apple itself says that it will buy roughly 100 million chips manufactured at TSMC’s facilities in Arizona; these 4nm factories can’t make the newest A- and M-series chips, but they can make the older Apple A16 (still used in the low-end iPad) and the Apple S10 chip used in Apple Watches. Intel, itself the beneficiary of multiple sources of external investment, is still working on new factories in Ohio and elsewhere; memory manufacturer Micron is using some of its AI-fueled profits to build domestic factories as well.

But Apple’s Mac Pro announcement in 2019 wasn’t the first step toward domestic manufacturing for the company’s biggest-selling hardware, and it’s hard to see today’s announcement ushering in a major change to Apple’s manufacturing strategy, either. The Mac mini is almost certainly more popular than the Mac Pro, but it’s not nearly as big a deal as domestic iPhone, iPad, or MacBook manufacturing would be.

In a replay of 2019, Apple says a single desktop Mac will be manufactured in the US Read More »

NASA says it needs to haul the Artemis II rocket back to the hangar for repairs

Science, Space / Kelly Newman / February 22, 2026

The helium system on the SLS upper stage—officially known as the Interim Cryogenic Propulsion Stage (ICPS)—performed well during both of the Artemis II countdown rehearsals. “Last evening, the team was unable to get helium flow through the vehicle. This occurred during a routine operation to repressurize the system,” Isaacman wrote.

The Space Launch System rocket emerges from the Vehicle Assembly Building to begin the rollout to Launch Pad 39B last month. Credit: Stephen Clark/Ars Technica

Another molecule, another problem

Helium is used to purge the upper stage engine and pressurize its propellant tanks. The rocket is in a “safe configuration,” with a backup system providing purge air to the upper stage, NASA said in a statement.

NASA encountered a similar failure signature during preparations for launch of the first SLS rocket on the Artemis I mission in 2022. On Artemis I, engineers traced the problem to a failed check valve on the upper stage that needed replacement. NASA officials are not sure yet whether the helium issue Friday was caused by a similar valve failure, a problem with an umbilical interface between the rocket and the launch tower, or a fault with a filter, according to Isaacman.

In any case, technicians are unable to reach the problem area with the rocket at the launch pad. Inside the VAB, ground teams will extend work platforms around the rocket to provide physical access to the upper stage and its associated umbilical connections.

NASA said moving into preparations for rollback now will allow managers to potentially preserve the April launch window, “pending the outcome of data findings, repair efforts, and how the schedule comes to fruition in the coming days and weeks.”

It’s not clear if NASA will perform another fueling test on the SLS rocket after it returns to Launch Pad 39B, or whether technicians will do any more work on the delicate hydrogen umbilical near the bottom of the rocket responsible for recurring leaks during the Artemis I and Artemis II launch campaigns. Managers were pleased with the performance of newly-installed seals during Thursday’s countdown demonstration, but NASA officials have previously said vibrations from transporting the rocket to and from the pad could damage the seals.

NASA says it needs to haul the Artemis II rocket back to the hangar for repairs Read More »

Microsoft gaming chief Phil Spencer steps down after 38 years with company

executives, gaming, microsoft, Phil Spencer, spencer, xbox, xbox series x / Kelly Newman / February 21, 2026

Microsoft Executive Vice President for Gaming Phil Spencer announced he will retire after 38 years at Microsoft and 12 years leading the company’s video game efforts. Asha Sharma, an executive currently in charge of Microsoft’s CoreAI division, will take his place.

Xbox President Sarah Bond, who many assumed was being groomed as Spencer’s eventual replacement, is also resigning from the company. Current Xbox Studios Head Matt Booty, meanwhile, is being promoted to Executive Vice President and Chief Content Officer and will work closely with Sharma.

In his departure note, Spencer said he told Microsoft CEO Satya Nadella last fall that he was “thinking about stepping back and starting the next chapter of my life.” Spencer will remain at Microsoft “in an advisory role” through the summer to help Sharma during the transition, he wrote.

Spencer, who got his start at Microsoft as an intern in 1988, served as a manager and executive at Microsoft Game Studios in 2003. In 2014, he took over as Head of Xbox, guiding the company through the aftermath of the troubled, Kinect-bundled launch of the Xbox One. More recently, he helped shepherd the company’s 2020 purchase of Bethesda Softworks and its $68.7 billion merger with Activision Blizzard, including the many regulatory battles that followed that latter announcement.

Meet the new boss

Sharma, who joined Microsoft just two years ago after stints at Meta and Instacart, promised in an introductory message to preside over “the return of Xbox,” and a “recommit[ment] to our core fans and players.” That commitment would “start with console which has shaped who we are,” but expand “across PC, mobile, and cloud,” Sharma wrote.

Microsoft gaming chief Phil Spencer steps down after 38 years with company Read More »

Controversial NIH director now in charge of CDC, too, in RFK Jr. shake-up

anti-vaccine, Bhattacharya, CDC, health, NIH, robert f kennedy jr, vaccine / Kelly Newman / February 20, 2026

Insiders report that, as NIH director, Bhattacharya delegates most of his responsibilities for running the $47 billion agency to two top officials. Instead of a hands-on leader, Bhattacharya has become known for his many public interviews, earning him the nickname “Podcast Jay.”

“Malpractice”

Researchers expect that Bhattacharya will perform similarly at the helm of the CDC. Jenna Norton, an NIH program officer who spoke to the Guardian in her personal capacity, commented that Bhattacharya “won’t actually run the CDC. Just as he doesn’t actually run NIH.” His role for the administration, she added, “is largely as a propagandist.”

Jeremy Berg, former director of the National Institute of General Medical Sciences, echoed the sentiment to the Guardian. “Now, rather than largely ignoring the actual operations of one agency, he can largely ignore the actual operations of two,” he said.

Kayla Hancock, director of Public Health Watch, a nonprofit advocacy group, went further in a public statement, saying, “Jay Bhattacharya has overseen the most chaotic and rudderless era in NIH history, and for RFK Jr. to give him even more responsibility at the CDC is malpractice against the public health.”

Like other commenters, Hancock noted his apparent lack of involvement at the NIH and put it in the context of the current state of US public health. “This is the last person who should be overseeing the CDC at a time when preventable diseases like measles are roaring back under RFK Jr.’s deadly anti-vax agenda,” she said.

It is widely expected that Bhattacharya will, like O’Neill, act as a rubber-stamp for Kennedy’s relentless anti-vaccine agenda items. When Kennedy dramatically overhauled the CDC’s childhood vaccine schedule, slashing recommended vaccinations from 17 to 11 without scientific evidence, Bhattacharya was among the officials who signed off on the unprecedented change.

Ultimately, Bhattacharya will only be in the role for a short time, at least officially. The role of CDC director became a Senate-confirmed position in 2023, and, as such, an acting director can serve only 210 days from the date the role became vacant. That deadline comes up on March 25. President Trump has not nominated anyone to fill the director role.

Controversial NIH director now in charge of CDC, too, in RFK Jr. shake-up Read More »

Author name: Kelly Newman