Kelly Newman – Page 6

Slate Auto’s sub-$30,000 EV pickup is due next year—here’s the factory

Cars, Slate Auto / Kelly Newman / September 2, 2025

WARSAW, Indiana—The Blank Slate pickup scratches a particular itch for some, fulfilling the desire for an EV powertrain without all the bells and whistles associated with a modern vehicle. Gone is the infotainment screen, the lane-keeping assistance, and, for those concerned about surveillance, a modem. Instead, it’s an unpainted modular pickup and can be configured post-production into nearly anything the owner wants. Oh, and it’s cheap.

This Old Factory

For decades, the RR Donnelley & Sons printing plant in Warsaw, Indiana, pumped out catalogs. Glossy shopping books from JCPenney, Sears, and—my personal favorite—Radio Shack left the plant and were shipped all over the country to eager shoppers looking for their next mail-order delight. Then the Internet broke all of that.

The last employees clocked out in 2023.

A room formerly used in the printing process is filled with locals, elected officials, and journalists. The plan is to use this room in the future as a customer center and potentially a delivery location. The company is toying with the idea of allowing customers to take delivery of their pickups at the factory. No word on whether that would eliminate the delivery fee.

A woman stands at a podium in front of an audience. To her right is a small pickup truck. — Slate Auto CEO Chris Barman addresses the attendees at the factory open day. Credit: Roberto Baldwin

For now, it’s a meeting place, a way for Slate to meet with an audience at its factory. A chance in a post-EV tax incentive world to remind people that its vehicle is coming to market in “the mid twenties,” which is likely in the upper portion of that spread. ($27,500 seems like a good guess.)

Slate CEO Chris Barman took the stage and reiterated the company’s plan to start production at the 1.4 million square-foot (130,000 m2) site beginning in the fourth quarter of 2026. Barman noted that, unlike traditional pickups built with up to 6,000 parts, the Slate will be assembled with just 600 parts. Also, there’s no need for a paint shop or large stamping. The size of the facility is relatively small for vehicle assembly, but it’s apparently perfect for Slate.

Slate Auto’s sub-$30,000 EV pickup is due next year—here’s the factory Read More »

Battlefield 6 dev apologizes for requiring Secure Boot to power anti-cheat tools

Battlefield 6, EA, gaming, secure boot / Kelly Newman / August 30, 2025

Earlier this month, EA announced that players in its Battlefield 6 open beta on PC would have to enable Secure Boot in their Windows OS and BIOS settings. That decision proved controversial among players who weren’t able to get the finicky low-level security setting working on their machines and others who were unwilling to allow EA’s anti-cheat tools to once again have kernel-level access to their systems.

Now, Battlefield 6 technical director Christian Buhl is defending that requirement as something of a necessary evil to combat cheaters, even as he apologizes to any potential players that it has kept away.

“The fact is I wish we didn’t have to do things like Secure Boot,” Buhl said in an interview with Eurogamer. “It does prevent some players from playing the game. Some people’s PCs can’t handle it and they can’t play: that really sucks. I wish everyone could play the game with low friction and not have to do these sorts of things.”

Throughout the interview, Buhl admits that even requiring Secure Boot won’t completely eradicate cheating in Battlefield 6 long term. Even so, he offered that the Javelin anti-cheat tools enabled by Secure Boot’s low-level system access were “some of the strongest tools in our toolbox to stop cheating. Again, nothing makes cheating impossible, but enabling Secure Boot and having kernel-level access makes it so much harder to cheat and so much easier for us to find and stop cheating.”

Too much security, or not enough?

When announcing the Secure Boot requirement in a Steam forum post prior to the open beta, EA explained that having Secure Boot enabled “provides us with features that we can leverage against cheats that attempt to infiltrate during the Windows boot process.” Having access to the Trusted Platform Module on the motherboard via Secure Boot provides the anti-cheat team with visibility into things like kernel-level cheats and rootkits, memory manipulation, injection spoofing, hardware ID manipulation, the use of virtual machines, and attempts to tamper with anti-cheat systems, the company wrote.

Battlefield 6 dev apologizes for requiring Secure Boot to power anti-cheat tools Read More »

FTC claims Gmail filtering Republican emails threatens “American freedoms”

ftc, Gmail, Google, Policy / Kelly Newman / August 29, 2025

Ferguson said that “similar concerns have resulted in ongoing litigation against Google in other settings” but did not mention that a judge rejected the Republican claims.

“Hearing from candidates and receiving information and messages from political parties is key to exercising fundamental American freedoms and our First Amendment rights,” Ferguson’s letter said. “Moreover, consumers expect that they will have the opportunity to hear from their own chosen candidates or political party. A consumer’s right to hear from candidates or parties, including solicitations for donations, is not diminished because that consumer’s political preferences may run counter to your company’s or your employees’ political preferences.”

Google: Gmail users marked RNC emails as spam

The RNC’s appeal of its court loss is still pending, with the case proceeding toward oral arguments. Google told the appeals court in April that “the Complaint’s own allegations make it obvious that Gmail presented a portion of RNC emails as spam because they appeared to be spam…. The most obvious reason for RNC emails being flagged as spam is that Gmail users were too frequently marking them as such.”

Google also said that “the RNC’s own allegations confirm that Google was helping the RNC, not scheming against it… The RNC acknowledges, for example, that Google worked with the RNC ‘[f]or nearly a year.’ Those efforts even included Google employees traveling to the RNC’s office to ‘give a training’ on ‘Email Best Practices.’ Less than two months after that training, the last alleged instance of the inboxing issue occurred.”

While the RNC “belittles those efforts as ‘excuses’ to cover Google’s tracks… the district court rightly found that judicial experience and common sense counsel otherwise,” Google said. The Google brief quoted from the District Judge’s ruling that said, “the fact that Google engaged with the RNC for nearly a year and made suggestions that improved email performance is inconsistent with a lack of good faith.”

FTC claims Gmail filtering Republican emails threatens “American freedoms” Read More »

700-piece Lego G3 iMac design faces long-shot odds to get made, but I still want one

Apple, iMac, lego, Tech / Kelly Newman / August 29, 2025

I don’t usually get too excited about user-submitted designs on the Lego Ideas website, especially when those ideas would require negotiating a license with another company—user-generated designs need to reach 10,000 supporters before Lego considers them for production, two pretty high bars to clear even without factoring in some other brand’s conditions and requests.

But I’m both intrigued and impressed by this Lego version of Apple’s old Bondi Blue G3 iMac that has been making the rounds today. Submitted by a user named terauma, the 700-plus-piece set comes complete with keyboard, hockey-puck mouse, a classic Mac OS boot screen, and cathode ray tubes and circuit boards visible through the set’s transparent blue casing (like the original iMac, it may cause controversy by excluding a floppy disk drive). The design has already reached 5,000 supporters, and it has 320 days left to reach the 10,000-supporter benchmark required to be reviewed by Lego.

With its personality-forward aesthetics and Jony Ive-led design, the original iMac was the first step down the path that led to blockbuster products like the iPod and iPhone. It was the company’s first all-new Mac design after CEO Steve Jobs returned to the company in the late ’90s, and while it lacked some features included in contemporary PCs, its tightly integrated design and ease of setup helped it stand out against the beige desktop PCs of the day. Today’s colorful Apple Silicon iMacs are clearly inspired by the original design.

700-piece Lego G3 iMac design faces long-shot odds to get made, but I still want one Read More »

With recent Falcon 9 milestones, SpaceX vindicates its “dumb” approach to reuse

falcon 9, reuse, Smart, Space, spacex, ula, vulcan / Kelly Newman / August 28, 2025

As SpaceX’s Starship vehicle gathered all of the attention this week, the company’s workhorse Falcon 9 rocket continued to hit some impressive milestones.

Both occurred during relatively anonymous launches of the company’s Starlink satellites but are nonetheless notable because they underscore the value of first-stage reuse, which SpaceX has pioneered over the last decade.

The first milestone occurred on Wednesday morning with the launch of the Starlink 10-56 mission from Cape Canaveral, Florida. The first stage that launched these satellites, Booster 1096, was making its second launch and successfully landed on the Just Read the Instructions drone ship. Strikingly, this was the 400th time SpaceX has executed a drone ship landing.

Then, less than 24 hours later, another Falcon 9 rocket launched the Starlink 10-11 mission from a nearby launch pad at Kennedy Space Center. This first stage, Booster 1067, subsequently returned and landed on another drone ship, A Shortfall of Gravitas.

This is a special booster, having made its debut in June 2021 and launching a wide variety of missions, including two Crew Dragon vehicles to the International Space Station and some Galileo satellites for the European Union. On Thursday, the rocket made its 30th flight, the first time a Falcon 9 booster has hit that level of experience.

A decade in the making

These milestones came about one decade after SpaceX began to have some success with first-stage reuse.

The company first made a controlled entry of the Falcon 9 rocket’s first stage in September 2013, during the first flight of version 1.1 of the vehicle. This proved the viability of the concept of supersonic retropropulsion, which was, until that time, just theoretical.

This involves igniting the rocket’s nine Merlin engines while the vehicle is traveling faster than the speed of sound through the upper atmosphere, with external temperatures exceeding 1,000 degrees Fahrenheit. Due to the blunt force of this reentry, the engines in the outer ring of the rocket wanted to get splayed out, the company’s chief of propulsion at the time, Tom Mueller, told me for the book Reentry. Success on the first try seemed improbable.

He recalled watching this launch from Vandenberg Space Force Base in California and observing reentry as a camera aboard SpaceX founder Elon Musk’s private jet tracked the rocket. The first stage made it all the way down, intact.

With recent Falcon 9 milestones, SpaceX vindicates its “dumb” approach to reuse Read More »

Unpacking Passkeys Pwned: Possibly the most specious research in decades

Biz & IT, Security / Kelly Newman / August 28, 2025

Researchers take note: When the endpoint is compromised, all bets are off.

Don’t believe everything you read—especially when it’s part of a marketing pitch designed to sell security services.

The latest example of the runaway hype that can come from such pitches is research published today by SquareX, a startup selling services for securing browsers and other client-side applications. It claims, without basis, to have found a “major passkey vulnerability” that undermines the lofty security promises made by Apple, Google, Microsoft, and thousands of other companies that have enthusiastically embraced passkeys.

Ahoy, face-palm ahead

“Passkeys Pwned,” the attack described in the research, was demonstrated earlier this month in a Defcon presentation. It relies on a malicious browser extension, installed in an earlier social engineering attack, that hijacks the process for creating a passkey for use on Gmail, Microsoft 365, or any of the other thousands of sites that now use the alternative form of authentication.

Behind the scenes, the extension allows a keypair to be created and binds it to the legitimate gmail.com domain, but the keypair is created by the malware and controlled by the attacker. With that, the adversary has access to cloud apps that organizations use for their most sensitive operations.

“This discovery breaks the myth that passkeys cannot be stolen, demonstrating that ‘passkey stealing’ is not only possible, but as trivial as traditional credential stealing,” SquareX researchers wrote in a draft version of Thursday’s research paper sent to me. “This serves as a wake up call that while passkeys appear more secure, much of this perception stems from a new technology that has not yet gone through decades of security research and trial by fire.”

In fact, this claim is the thing that’s untested. More on that later. For now, here’s a recap of passkeys.

FIDO recap

Passkeys are a core part of the FIDO specifications drafted by the FIDO (Fast IDentity Online) Alliance, a coalition of hundreds of companies around the world. A passkey is a public-private cryptographic keypair that uses ES256 or one of several other time-tested cryptographic algorithms. During the registration process, a unique key pair is made for—and cryptographically bound to—each website the user enrolls. The website stores the public key. The private key remains solely on the user’s authentication device, which can be a smartphone, dedicated security key, or other device.

When the user logs in, the website sends the user a pseudo-random string of data. The authentication device then uses the private key bound to the website domain to cryptographically sign the challenge string. The browser then sends the signed challenge back to the website. The site then uses the user’s public key to verify that the challenge was signed by the private key. If the signature is valid, the user is logged in. The entire process is generally as quick, if not quicker, than logging in to the site with a password.

As I’ve noted before, passkeys still have a long way to go before they’re ready for many users. That’s mainly because passkeys don’t always interoperate well between different platforms. What’s more, they’re so new that no service yet provides accounts that can only be logged in to using a passkey and instead require a password to be registered as a fallback. And as long as attackers can still phish or steal a user’s password, much of the benefit of passkeys is undermined.

That said, passkeys provide an authentication alternative that’s by far the most resistant to date to the types of account takeovers that have vexed online services and their users for decades. Unlike passwords, passkey keypairs can’t be phished. If a user gets redirected to a fake Gmail page, the passkey won’t work since it’s bound to the real gmail.com domain. Passkeys can’t be divulged in phone calls or text messages sent by attackers masquerading as trusted IT personnel. They can’t be sniffed over the wire. They can’t be leaked in database breaches. To date, there have been no vulnerabilities reported in the FIDO spec.

A fundamental misunderstanding of security

SquareX is now claiming all of that has changed because it found a way to hijack the passkey registration process. Those claims are based on a lack of familiarity with the FIDO spec, flawed logic, and a fundamental misunderstanding of security in general.

First, the claim that Passkeys Pwned shows that passkeys can be stolen is flat-out wrong. If the targeted user has already registered a passkey for Gmail, that key will remain safely stored on the authenticator device. The attacker never comes close to stealing it. Using malware to hijack the registration process is something altogether different. If a user already has a passkey registered, Passkeys Pwned will block the login and return an error message that prompts the user to register a new passkey. If the user takes the bait, the new key will be controlled by the attacker. At no time are any passkeys stolen.

The research also fails to take into account that the FIDO spec makes clear that passkeys provide no defense against attacks that rely on the operating system, or browser running on it, being compromised and hence aren’t part of the FIDO threat model.

Section 6 of the document lists specific “security assumptions” inherent in the passkeys trust model. SA-3 states that “Applications on the user device are able to establish secure channels that provide trustworthy server authentication, and confidentiality and integrity for messages.” SA-4 holds that “the computing environment on the FIDO user device and the… applications involved in a FIDO operation act as trustworthy agents of the user.” WebAuthn, the predecessor spec to FIDO, hints at the same common-sense limitation.

By definition, an attack that relies on a browser infected by malware falls well outside the scope of protections passkeys were designed to provide. If passkeys are weak because they can’t withstand a compromise of the endpoint they run on, so too are protections we take for granted in TLS encryption and end-to-end encryption in messengers such as Signal—not to mention the security of SquareX services themselves. Further discrediting itself, Thursday’s writeup includes a marketing pitch for the SquareX platform.

“In my personal view, this seems like a dubious sales pitch for a commercial product,” Kenn White, a security engineer who works for banking, health care, and defense organizations, wrote in an interview. “If you are social engineered into adding a malicious extension, ALL web trust models are broken. I know that on the conference program committees I participate in, a submission like this would be eliminated in the first round.”

When you’re in a hole, stop digging

I enumerated these criticisms in an interview with SquareX lead developer Shourya Pratap Singh. He held his ground, saying that since Passkeys Pwned binds an attacker-controlled passkey to a legitimate site, “the passkey is effectively stolen.” He also bristled when I told him his research didn’t appear to be well thought out or when I pointed out that the FIDO spec—just like those for TLS, SSH, and others—explicitly excludes attacks relying on trojan infections.

He wrote:

This research was presented on the DEFCON Main Stage, which means it went through peer review by technical experts before selection. The warnings cited in the FIDO documents read like funny disclaimers, listing numerous conditions and assumptions before concluding that passkeys can be used securely. If we stick with that logic, then no authentication protocol would be considered secure. The purpose of a secure authentication method or protocol is not to remain secure in the face of a fully compromised device, but it should account for realistic client-side risks such as malicious extensions or injected JavaScript.

Passkeys are being heavily promoted today, but the average user is not aware of these hidden conditions. This research aims to highlight that gap and show why client-side risks need to be part of the conversation around passkeys.

The Passkeys Pwned research was presented just weeks after a separate security company made—and promptly withdrew—claims that it devised an attack that bypassed FIDO-based two-factor authentication. In fact, the sites that were attacked offered FIDO as only one means for 2FA, but also allowed other, less secure forms of 2FA. The attacks attacked those other forms, not the one specified by FIDO. Had the sites not allowed fallbacks to the weaker 2FA forms, the attack would have failed.

SquareX is right in saying that passkeys haven’t withstood decades of security research the way more traditional forms of authentication have. There very possibly will be vulnerabilities discovered in either the FIDO spec or various implementations of it. For now, though, passkeys remain the best defense against attacks relying on things like credential phishing, password reuse, and database breaches.

Dan Goodin is Senior Security Editor at Ars Technica, where he oversees coverage of malware, computer espionage, botnets, hardware hacking, encryption, and passwords. In his spare time, he enjoys gardening, cooking, and following the independent music scene. Dan is based in San Francisco. Follow him at here on Mastodon and here on Bluesky. Contact him on Signal at DanArs.82.

Unpacking Passkeys Pwned: Possibly the most specious research in decades Read More »

Google’s AI model just nailed the forecast for the strongest Atlantic storm this year

AI forecasting, deepmind, Google, hurricanes, Science, science.weather / Kelly Newman / August 26, 2025

In early June, shortly after the beginning of the Atlantic hurricane season, Google unveiled a new model designed specifically to forecast the tracks and intensity of tropical cyclones.

Part of the Google DeepMind suite of AI-based weather research models, the “Weather Lab” model for cyclones was a bit of an unknown for meteorologists at its launch. In a blog post at the time, Google said its new model, trained on a vast dataset that reconstructed past weather and a specialized database containing key information about hurricanes tracks, intensity, and size, had performed well during pre-launch testing.

“Internal testing shows that our model’s predictions for cyclone track and intensity are as accurate as, and often more accurate than, current physics-based methods,” the company said.

Google said it would partner with the National Hurricane Center, an arm of the National Oceanic and Atmospheric Service that has provided credible forecasts for decades, to assess the performance of its Weather Lab model in the Atlantic and East Pacific basins.

All eyes on Erin

It had been a relatively quiet Atlantic hurricane season until a few weeks ago, with overall activity running below normal levels. So there were no high-profile tests of the new model. But about 10 days ago, Hurricane Erin rapidly intensified in the open Atlantic Ocean, becoming a Category 5 hurricane as it tracked westward.

From a forecast standpoint, it was pretty clear that Erin was not going to directly strike the United States, but meteorologists sweat the details. And because Erin was such a large storm, we had concerns about how close Erin would get to the East Coast of the United States (close enough, it turns out, to cause some serious beach erosion) and its impacts on the small island of Bermuda in the Atlantic.

Google’s AI model just nailed the forecast for the strongest Atlantic storm this year Read More »

Time is running out for SpaceX to make a splash with second-gen Starship

artemis, Commercial space, elon musk, launch, NASA, Science, Space, spacex, Starbase, starship, super heavy, texas / Kelly Newman / August 25, 2025

SpaceX is gearing up for another Starship launch after three straight disappointing test flights.

SpaceX’s 10th Starship rocket awaits liftoff. Credit: Stephen Clark/Ars Technica

STARBASE, Texas—A beehive of aerospace technicians, construction workers, and spaceflight fans descended on South Texas this weekend in advance of the next test flight of SpaceX’s gigantic Starship rocket, the largest vehicle of its kind ever built.

Towering 404 feet (123.1 meters) tall, the rocket was supposed to lift off during a one-hour launch window beginning at 6: 30 pm CDT (7: 30 pm EDT; 23: 30 UTC) Sunday. But SpaceX called off the launch attempt about an hour before liftoff to investigate a ground system issue at Starbase, located a few miles north of the US-Mexico border.

SpaceX didn’t immediately confirm when it might try again to launch Starship, but it could happen as soon as Monday evening at the same time.

It will take about 66 minutes for the rocket to travel from the launch pad in Texas to a splashdown zone in the Indian Ocean northwest of Australia. You can watch the test flight live on SpaceX’s official website. We’ve also embedded a livestream from Spaceflight Now and LabPadre below.

This will be the 10th full-scale test flight of Starship and its Super Heavy booster stage. It’s the fourth flight of an upgraded version of Starship conceived as a stepping stone to a more reliable, heavier-duty version of the rocket designed to carry up to 150 metric tons, or some 330,000 pounds, of cargo to pretty much anywhere in the inner part of our Solar System.

But this iteration of Starship, known as Block 2 or Version 2, has been anything but reliable. After reeling off a series of increasingly successful flights last year with the first-generation Starship and Super Heavy booster, SpaceX has encountered repeated setbacks since debuting Starship Version 2 in January.

Now, there are just two Starship Version 2s left to fly, including the vehicle poised for launch this week. Then, SpaceX will move on to Version 3, the design intended to go all the way to low-Earth orbit, where it can be refueled for longer expeditions into deep space.

A closer look at the top of SpaceX’s Starship rocket, tail number Ship 37, showing some of the different configurations of heat shield tiles SpaceX wants to test on this flight. Credit: Stephen Clark/Ars Technica

Starship’s promised cargo capacity is unparalleled in the history of rocketry. The privately developed rocket’s enormous size, coupled with SpaceX’s plan to make it fully reusable, could enable cargo and human missions to the Moon and Mars. SpaceX’s most conspicuous contract for Starship is with NASA, which plans to use a version of the ship as a human-rated Moon lander for the agency’s Artemis program. With this contract, Starship is central to the US government’s plans to try to beat China back to the Moon.

Closer to home, SpaceX intends to use Starship to haul massive loads of more powerful Starlink Internet satellites into low-Earth orbit. The US military is interested in using Starship for a range of national security missions, some of which could scarcely be imagined just a few years ago. SpaceX wants its factory to churn out a Starship rocket every day, approximately the same rate Boeing builds its workhorse 737 passenger jets.

Starship, of course, is immeasurably more complex than an airliner, and it sees temperature extremes, aerodynamic loads, and vibrations that would destroy a commercial airplane.

For any of this to become reality, SpaceX needs to begin ticking off a lengthy to-do list of technical milestones. The interim objectives include things like catching and reusing Starships and in-orbit ship-to-ship refueling, with a final goal of long-duration spaceflight to reach the Moon and stay there for weeks, months, or years. For a time late last year, it appeared as if SpaceX might be on track to reach at least the first two of these milestones by now.

The 404-foot-tall (123-meter) Starship rocket and Super Heavy booster stand on SpaceX’s launch pad. In the foreground, there are empty loading docks where tanker trucks deliver propellants and other gases to the launch site. Credit: Stephen Clark/Ars Technica

Instead, SpaceX’s schedule for catching and reusing Starships, and refueling ships in orbit, has slipped well into next year. A Moon landing is probably at least several years away. And a touchdown on Mars? Maybe in the 2030s. Before Starship can sniff those milestones, engineers must get the rocket to survive from liftoff through splashdown. This would confirm that recent changes made to the ship’s heat shield work as expected.

Three test flights attempting to do just this ended prematurely in January, March, and May. These failures prevented SpaceX from gathering data on several different tile designs, including insulators made of ceramic and metallic materials, and a tile with “active cooling” to fortify the craft as it reenters the atmosphere.

The heat shield is supposed to protect the rocket’s stainless steel skin from temperatures reaching 2,600° Fahrenheit (1,430° Celsius). During last year’s test flights, it worked well enough for Starship to guide itself to an on-target controlled splashdown in the Indian Ocean, halfway around the world from SpaceX’s launch site in Starbase, Texas.

But the ship lost some of its tiles during each flight last year, causing damage to the ship’s underlying structure. While this wasn’t bad enough to prevent the vehicle from reaching the ocean intact, it would cause difficulties in refurbishing the rocket for another flight. Eventually, SpaceX wants to catch Starships returning from space with giant robotic arms back at the launch pad. The vision, according to SpaceX founder and CEO Elon Musk, is to recover the ship, quickly mount it on another booster, refuel it, and launch it again.

If SpaceX can accomplish this, the ship must return from space with its heat shield in pristine condition. The evidence from last year’s test flights showed engineers had a long way to go for that to happen.

Visitors survey the landscape at Starbase, Texas, where industry and nature collide. Credit: Stephen Clark/Ars Technica

The Starship setbacks this year have been caused by problems in the ship’s propulsion and fuel systems. Another Starship exploded on a test stand in June at SpaceX’s sprawling rocket development facility in South Texas. SpaceX engineers identified different causes for each of the failures. You can read about them in our previous story.

Apart from testing the heat shield, the goals for this week’s Starship flight include testing an engine-out capability on the Super Heavy booster. Engineers will intentionally disable one of the booster’s Raptor engines used to slow down for landing, and instead use another Raptor engine from the rocket’s middle ring. At liftoff, 33 methane-fueled Raptor engines will power the Super Heavy booster off the pad.

SpaceX won’t try to catch the booster back at the launch pad this time, as it did on three occasions late last year and earlier this year. The booster catches have been one of the bright spots for the Starship program as progress on the rocket’s upper stage floundered. SpaceX reused a previously flown Super Heavy booster for the first time on the most recent Starship launch in May.

The booster landing experiment on this week’s flight will happen a few minutes after launch over the Gulf of Mexico east of the Texas coastline. Meanwhile, six Raptor engines will fire until approximately T+plus 9 minutes to accelerate the ship, or upper stage, into space.

The ship is programmed to release eight Starlink satellite simulators from its payload bay in a test of the craft’s payload deployment mechanism. That will be followed by a brief restart of one of the ship’s Raptor engines to adjust its trajectory for reentry, set to begin around 47 minutes into the mission.

If Starship makes it that far, that will be when engineers finally get a taste of the heat shield data they were hungry for at the start of the year.

This story was updated at 8: 30 pm EDT after SpaceX scrubbed Sunday’s launch attempt.

Stephen Clark is a space reporter at Ars Technica, covering private space companies and the world’s space agencies. Stephen writes about the nexus of technology, science, policy, and business on and off the planet.

Time is running out for SpaceX to make a splash with second-gen Starship Read More »

Developer gets 4 years for activating network “kill switch” to avenge his firing

cybercrime, developer, kill switch, malicious code, Policy / Kelly Newman / August 23, 2025

“The defendant breached his employer’s trust by using his access and technical knowledge to sabotage company networks, wreaking havoc and causing hundreds of thousands of dollars in losses for a U.S. company,” Galeotti said.

Developer loses fight to avoid prison time

After his conviction, Lu moved to schedule a new trial, asking the court to delay sentencing due to allegedly “surprise” evidence he wasn’t prepared to defend against during the initial trial.

The DOJ opposed the motion for the new trial and the delay in sentencing, arguing that “Lu cannot establish that the interests of justice warrant a new trial” and insisting that evidence introduced at trial was properly disclosed. They further claim that rebuttal evidence that Lu contested was “only introduced to refute Lu’s perjurious testimony and did not preclude Lu from pursuing the defenses he selected.”

In the end, the judge denied Lu’s motion for a new trial, rejecting Lu’s arguments, siding with the DOJ in July, and paving the way for this week’s sentencing. Giving up the fight for a new trial, Lu had asked for an 18-month sentence, arguing that a lighter sentence was appropriate since “the life Mr. Lu knew prior to his arrest is over, forever.”

“He is now a felon—a label that he will be forced to wear for the rest of his life. His once-promising career is over. As a result of his conduct, his family’s finances have been devastated,” Lu’s sentencing memo read.

According to the DOJ, Lu will serve “four years in prison and three years of supervised release for writing and deploying malicious code on his then-employer’s network.” The DOJ noted that in addition to sabotaging the network, Lu also worked to cover up his crimes, possibly hoping his technical savvy would help him evade consequences.

“However, the defendant’s technical savvy and subterfuge did not save him from the consequences of his actions,” Galeotti said. “The Criminal Division is committed to identifying and prosecuting those who attack US companies whether from within or without, to hold them responsible for their actions.”

Developer gets 4 years for activating network “kill switch” to avenge his firing Read More »

US military’s X-37B spaceplane stays relevant with launch of another mission

Boeing, falcon 9, laser communications, launch, military space, quantum sensing, Science, Space, spaceplane, spacex, US Space Force, X-37b / Kelly Newman / August 23, 2025

“Quantum inertial sensors are not only scientifically intriguing, but they also have direct defense applications,” said Lt. Col. Nicholas Estep, an Air Force engineer who manages the DIU’s emerging technology portfolio. “If we can field devices that provide a leap in sensitivity and precision for observing platform motion over what is available today, then there’s an opportunity for strategic gains across the DoD.”

Teaching an old dog new tricks

The Pentagon’s twin X-37Bs have logged more than 4,200 days in orbit, equivalent to about 11-and-a-half years. The spaceplanes have flown in secrecy for nearly all of that time.

The most recent flight, Mission 7, ended in March with a runway landing at Vandenberg after a mission of more than 14 months that carried the spaceplane higher than ever before, all the way to an altitude approaching 25,000 miles (40,000 kilometers). The high-altitude elliptical orbit required a boost on a Falcon Heavy rocket.

In the final phase of the mission, ground controllers commanded the X-37B to gently dip into the atmosphere to demonstrate the spacecraft could use “aerobraking” maneuvers to bring its orbit closer to Earth in preparation for reentry.

An X-37B spaceplane is ready for encapsulation inside the Falcon 9 rocket’s payload fairing. Credit: US Space Force

Now, on Mission 8, the spaceplane heads back to low-Earth orbit hosting quantum navigation and laser communications experiments. Few people, if any, envisioned these kinds of missions flying on the X-37B when it first soared to space 15 years ago. At that time, quantum sensing was confined to the lab, and the first laser communication demonstrations in space were barely underway. SpaceX hadn’t revealed its plans for the Falcon Heavy rocket, which the X-37B needed to get to its higher orbit on the last mission.

The laser communications experiments on this flight will involve optical inter-satellite links with “proliferated commercial satellite networks in low-Earth orbit,” the Space Force said. This is likely a reference to SpaceX’s Starlink or Starshield broadband satellites. Laser links enable faster transmission of data, while offering more security against eavesdropping or intercepts.

Gen. Chance Saltzman, the Space Force’s chief of space operations, said in a statement that the laser communications experiment “will mark an important step in the US Space Force’s ability to leverage proliferated space networks as part of a diversified and redundant space architectures. In so doing, it will strengthen the resilience, reliability, adaptability and data transport speeds of our satellite communications architecture.”

US military’s X-37B spaceplane stays relevant with launch of another mission Read More »

Americans’ junk-filled garages are hurting EV adoption, study says

Cars, charging, EV adoption / Kelly Newman / August 22, 2025

Creating garage space would increase the number of homes capable of EV charging from 31 million to more than 50 million. And when we include houses where the owner thinks it’s feasible to add wiring, that grows to more than 72 million homes. And that’s far more than Telemetry’s most optimistic estimate of US EV penetration for 2035, which ranges from 33 million to 57 million EVs on the road 10 years from now.

I thought an EV would save me money?

Just because 90 percent of houses could add a 240 V outlet near where they park, it doesn’t mean that 90 percent of homes have a 240 V outlet near where they park. According to that same NREL study, almost 34 million of those homes will require extensive electrical work to upgrade their wiring and panels to cope with the added demands of a level 2 charger (at least 30 A), and that can cost thousands and thousands of dollars.

All of a sudden, EV cost of ownership becomes much closer to, or possibly even exceeds, that of a vehicle with an internal combustion engine.

Multifamily remains an unsolved problem

Twenty-three percent of Americans live in multifamily dwellings, including apartments, condos, and townhomes. Here, the barriers to charging where you park are much greater. Individual drivers will rarely be able to decide for themselves to add a charger—the management company, landlord, co-op board, or whoever else is in charge of the development has to grant permission.

If the cost of new wiring for a single family home is enough to be a dealbreaker for some, adding EV charging capabilities to a parking lot or parking garage makes those costs pale in comparison. Using my 1960s-era co-op as an example, after getting board approval to add a pair of shared level 2 chargers in 2019, we were told by the power company that nothing could happen until the co-op upgraded its electrical panel—a capital improvement project that runs into seven figures, and work that is still not entirely complete as I type this.

Americans’ junk-filled garages are hurting EV adoption, study says Read More »

Explaining the Internet’s obsession with Silksong, which (finally) comes out Sept. 4

gaming, hollow knight, hollow knight silksong, silksong / Kelly Newman / August 22, 2025

Hollow Knight fans found strange ways to cope with impatience and anticipation.

Hornet, the enigmatic protagonist of Hollow Knight: Silksong. Credit: Team Cherry

Hollow Knight: Silksong will be released on September 4. It will come out simultaneously on Windows, macOS, Linux, Xbox, PlayStation 4, PlayStation 5, the Nintendo Switch, and the Nintendo Switch 2.

On paper, “game gets release date” isn’t particularly groundbreaking news, and the six-year wait between the game’s announcement and release is long but nowhere near record-breaking. People have waited longer for Metroid Prime 4 (announced 2017, releasing this fall), Duke Nukem Forever (announced 1997, released 2011), the fourth BioShock game (in development for a decade at a studio that just got ravaged by layoffs), and Half-Life 3 (never actually announced, but hope springs eternal), just to name a few.

But fans of 2017’s Hollow Knight managed to make the wait for Silksong into a meme. It’s hard to explain why if you haven’t already been following along, but it’s probably got something to do with the expected scale of the game, the original Hollow Knight‘s popularity, and the almost total silence of the small staff at Team Cherry, the game’s developer.

Why does this game make people act this way?

Silksong began development as downloadable content for Hollow Knight, a gloomy Metroidvania about a silent, unnamed protagonist battling their way through the fallen insect kingdom of Hallownest. Funded via Kickstarter, Hollow Knight became a huge hit thanks to its distinctive 2D art style, atmospheric soundtrack, sharp and satisfying gameplay, memorable boss fights, and worldbuilding that gave players just enough information to encourage endless speculation about Hallownest’s rise and fall.

The expansion, first mentioned all the way back in 2014, would focus on Hornet, who fought her battles with a needle and thread. She had been an NPC in the main game but would become a fully playable character in the DLC.

By February of 2019, Team Cherry announced that the Hornet DLC had become “too large and too unique to stay a DLC” and would instead be “a full-scale sequel to Hollow Knight.”

And then, silence. Hollow Knight had been developed mostly out in the open, with a steady cadence of updates posted to Kickstarter about the game and its DLC. But whatever was going on with Silksong was happening behind closed doors. Status updates came, at best, once or twice a year, and usually amounted to “they’re still working on it.”

Since then, Hollow Knight has only become a bigger hit, and Silksong has only gotten more anticipated. Team Cherry said Hollow Knight had sold 2.8 million copies as of early 2019 when the Silksong announcement went out. As of today, that number is over 15 million, and almost 5 million people have come together to make Silksong into Steam’s most-wishlisted game by a margin of nearly 2:1.

The first game’s popularity, sky-high expectations for the second game, and the near-total information vacuum meant that every single scrap of Silksong news, no matter how small, was pored over and picked apart by a constellation of Reddit threads and SEO-friendly news posts. People spotted and speculated about the significance of tiny Steam database updates, new listings in digital game stores, and purported ESRB ratings, trying to divine whether the game was getting any closer to release.

People could even make news out of a lack of news, an art form perfected by a DailySilksongNews channel on YouTube with hundreds of videos and 220,000 subscribers (“There has been no news to report for Silksong today,” host Cory M. deadpans in one of the channel’s typical update videos).

*Silksong* will inherit and build upon the striking 2D art style of the original *Hollow Knight*. Credit: Team Cherry

This cottage industry’s collective frustration hit a peak in mid 2023. At an Xbox game showcase in June of 2022, Silksong gameplay footage was included in a reel of games that were meant to be released “within the next 12 months.” In the 11th month of that 12-month wait, an update came down from Team Cherry: the game wouldn’t be out in the first half of 2023 after all, and there would be no updated estimate about its release window.

Since then, Silksong fans have descended upon every livestreamed game announcement that could possibly include a Silksong reveal, spamming clown memes and joking about how the game is just around the corner. I myself changed my Discord avatar to a picture of the Knight in a clown wig and red nose, temporarily, just until Silksong came out. This was over three years ago, and at this point I worry that changing the avatar to something else will confuse the people in my servers too much. The mask has become my face.

What took so long?

Patient and impatient Silksong fans alike will find some denouement in Jason Schreier’s Bloomberg interview with Team Cherry, in which the game’s developers break their silence on why the game took so long and why they communicated so little about it.

The prolonged development apparently didn’t come down to a lack of enthusiasm, or burnout, or staffing problems, or the pandemic, or any of the other things that have delayed so many other games. Team Cherry co-founders Ari Gibson and William Pellen say that the delay has been for the most wholesome reason possible: they were having so much fun making Silksong that it was hard to stop.

“You’re always working on a new idea, new item, new area, new boss,” Pellen told Bloomberg. “That stuff’s so nice. It’s for the sake of just completing the game that we’re stopping. We could have kept going.”

“I remember at some point I just had to stop sketching,” said Gibson. “Because I went, ‘Everything I’m drawing here has to end up in the game. That’s a cool idea, that’s in. That’s a cool idea, that’s in.’ You realize, ‘If I don’t stop drawing, this is going to take 15 years to finish.'”

In addition to over 200 distinct enemies and an all-new map, Silksong will build on Hollow Knight‘s progression and exploration by adding a new quest system that will encourage re-exploration of different areas of the map. The team had conceived of this as a way to add depth to what they originally expected would be a smaller world map than Hollow Knight‘s—but instead, they added that depth and then built a huge game around it anyway. Tying all of these ideas together and applying a consistent level of polish to them also added time to the process.

The game’s katamari-like growth apparently made it difficult to estimate when it would be done, and a desire to avoid spoiling the game for its future players meant that the team just ended up not talking about it much.

“There was a period of two to three years when I thought it was going to come out within a year,” said Pellen.

In the last few months, there’s been a growing sense that the game’s release was finally coming, for real this time. An Australian museum announced that it would be showcasing the game as part of an exhibit starting in September. Silksong was listed as a playable game for Microsoft and Asus’ Xbox-themed handheld ROG Ally PC, which itself just got a mid-October release date yesterday. News of a “special announcement” about Silksong went out on August 19, and we finally got our release date today.

Gibson and Pellen have mostly ignored the weird Internet subcultures that have developed around the game, though they are aware that those intense slices of their fanbase exist.

“Feels like we’re going to ruin their fun by releasing the game,” said Pellen.

Fans who have engaged in the sport of Waiting For Silksong will still have something to look forward to. Gibson and Pellen said that they plan to keep working on the game, and Silksong should see a fair amount of post-release DLC just like the original Hollow Knight did. But some of those plans are “ambitious,” and Team Cherry isn’t ready to talk about timing yet.

That means that even the game’s release isn’t going to stop a certain type of person on the Internet from asking their favorite question: Silksong when?

Andrew is a Senior Technology Reporter at Ars Technica, with a focus on consumer tech including computer hardware and in-depth reviews of operating systems like Windows and macOS. Andrew lives in Philadelphia and co-hosts a weekly book podcast called Overdue.

Explaining the Internet’s obsession with Silksong, which (finally) comes out Sept. 4 Read More »

Author name: Kelly Newman