Author name: Shannon Garcia

rfk-jr.’s-cdc-may-limit-covid-shots-to-75-and-up,-claim-they-killed-kids

RFK Jr.’s CDC may limit COVID shots to 75 and up, claim they killed kids

CDC, COVID-19, fda, health, kennedy, mRNA, vaccines / /

While some experts and health care providers had hoped that next week’s ACIP meeting would add clarity to the situation and allow healthy adults and children better access to the shots, the Post’s reporting suggests that’s unlikely. According to their sources, Kennedy’s ACIP is considering recommending the vaccines to those 75 and older, while instructing those 74 and younger to speak with their doctor about getting a shot. Another reported option is to not recommend the vaccine to people under the age of 75 at all, unless they have a preexisting condition.

Backlash

Such additional restrictions would likely intensify the backlash against Kennedy’s anti-vaccine agenda. Already, medical organizations have taken the unprecedented action to release their own evidence-based guidances that maintain COVID-19 vaccine recommendations for healthy children, particularly those under age 2, pregnant people, and healthy adults. Many medical and health organizations, as well as lawmakers, and over 1,000 current and former HHS employees have also called for Kennedy to resign.

Criticism of Kennedy’s actions has spread across party lines. Sen. Bill Cassidy (R-La.), a vaccine-supporting physician who cast a critical vote for Kennedy’s confirmation, had accused Kennedy of denying people vaccines and called for next week’s ACIP meeting to be postponed.

“Serious allegations have been made about the meeting agenda, membership, and lack of scientific process being followed for the now announced September ACIP meeting,” Cassidy said. “These decisions directly impact children’s health, and the meeting should not occur until significant oversight has been conducted. If the meeting proceeds, any recommendations made should be rejected as lacking legitimacy given the seriousness of the allegations and the current turmoil in CDC leadership.”

Meanwhile, in a clear rebuff of Kennedy’s cancellation of mRNA vaccine funding, the Republican-led House Committee on Appropriations this week passed a 2026 spending bill that was specifically amended to inject the words “including of mRNA vaccines” into a sentence about pandemic preparedness funding. The bill now reads: “$1,100,000,000, to remain available through September 30, 2027, shall be for expenses necessary to support advanced research and development, including of mRNA vaccines, pursuant to section 319L of the PHS Act and other administrative expenses of the Biomedical Advanced Research and Development Authority.”

RFK Jr.’s CDC may limit COVID shots to 75 and up, claim they killed kids Read More »

over-three-decades-later,-nintendo-remembers-the-virtual-boy-exists

Over three decades later, Nintendo remembers the Virtual Boy exists

3D, Classic, gaming, Nintendo, retro, stereoscopic, virtual boy / /

It’s been a long wait

Nintendo says 14 Virtual Boy titles will be made available to Switch Online Expansion Pack subscribers over time. The eventual software list includes cult-classic Nintendo first-party titles like Virtual Boy Wario Land and Mario’s Tennis, as well as extremely hard-to-find third-party games like Jack Bros. and Virtual Bowling, which can command hundreds or thousands of dollars for an original cartridge.

The fact that Nintendo is officially acknowledging these games at all is a bit surprising after all these years of neglect. Even the 3DS Virtual Console—which would have seemed like a natural place for a Virtual Boy resurgence—never got official support for the retro system. Instead, fans of Nintendo’s least successful console (it’s estimated to have sold fewer than 800,000 units) have either had to track down rare original hardware and software or resort to unofficial emulators (one of which recently added full-color support beyond the usual red tints displayed by the original console).

The Nintendo Switch will eventually host a large majority of the entire library of official software released for the Virtual Boy.

The Nintendo Switch will eventually host a large majority of the entire library of official software released for the Virtual Boy. Credit: Nintendo

The Switch-docking strategy Nintendo is using for stereoscopy here is more than a bit reminiscent of 2019’s Nintendo Labo VR, which slotted the original Switch into a lens-equipped cardboard sleeve for a low-resolution, bare bones introduction to the idea of VR. At the time, we called that experiment a “fine, serviceable, decent” introduction to virtual reality seemingly designed for small children.

Today’s Virtual Boy announcement, of course, comes with a hefty added dose of nostalgia and represents a long-overdue official recognition of an often-ignored part of Nintendo history. For all its faults, the Virtual Boy was a prime example of Nintendo designer Gunpei Yokoi’s philosophy of “lateral thinking with withered technology,” as Ars’ own Benj Edwards laid out in detail when contributing to a book-length treatise on the console.

Over three decades later, Nintendo remembers the Virtual Boy exists Read More »

new-pathway-engineered-into-plants-lets-them-suck-up-more-co₂

New pathway engineered into plants lets them suck up more CO₂

biochemistry, Biology, carbon dioxide, metabolism, photosynthesis, plants, Science / /

And, well, it worked remarkably well. The plants carrying all the genes for the McG cycle weighed two to three times as much as control plants that only had some of the genes. They had more leaves, the leaves themselves were larger, and the plants produced more seeds. In a variety of growing conditions, the plants with an intact McG cycle incorporated more carbon, and they did so without increasing their water uptake.

Having a two-carbon output also worked as expected. By feeding the plants radioactive bicarbonate, they were able to trace the carbon showing up in the expected molecules. And imaging confirmed that the plants were making so many lipids that their cells formed internal pockets containing nothing but fatty materials. Triglyceride levels increased by factors of 100 or more.

So, by a variety of measures, the plants actually did better with an extra pathway for fixing carbon. There are a number of cautions, though. For starters, it’s not clear whether what we’re learning using a small weed will also apply to larger plants or crops, or really anything much beyond Arabidopsis at the moment. It could be that having excess globs of fat floating around the cell has consequences for something like a tree. Plants grown in a lab also tend to be provided with a nutrient-rich soil, and it’s not clear whether all of this would apply to a range of real-world conditions.

Finally, we can’t say whether all the excess carbon these plants are sucking in from the atmosphere would end up being sequestered in any useful sense. It could be that all the fat would just get oxidized as soon as the plant dies. That said, there are a lot of approaches to making biofuel that rely on modifying the fats found in plants or algae. It’s possible that this can eventually help make biofuels efficient so they actually have a net positive effect on the climate.

Regardless of practical impacts, however, it’s pretty amazing that we’ve now reached the point where we can fundamentally rewire a bit of metabolism that has been in operation for billions of years without completely messing up plants.

Science, 2025. DOI: 10.1126/science.adp3528  (About DOIs).

New pathway engineered into plants lets them suck up more CO₂ Read More »

microsoft-dodges-eu-fine-by-unbundling-teams-from-office

Microsoft dodges EU fine by unbundling Teams from Office

competition, EU, microsoft, Microsoft Teams, Policy, syndication / /

Microsoft has avoided an EU fine after the US tech group offered concessions on how it packages together its Teams and Office products, ending a long-running antitrust investigation by the bloc’s regulators.

The probe, which began after a 2020 complaint from Slack, now part of Salesforce, accused Microsoft of abusing its market dominance by tying its video conferencing tool to its widely used suite of productivity applications.

Since the initial complaint, Microsoft has unbundled Teams from Office 365 in the EU, but critics said the changes were too narrow.

In May, the $3.7 trillion software giant promised concessions, such as continuing the Teams and Office separation for seven years.

After a market test, Microsoft has since made additional commitments, such as publishing more information on so-called “interoperability” or the ability to use its products with others made by rivals.

These new pledges have satisfied the EU’s regulator, which said on Friday that it helped to restore fair competition and open the market to other providers.

Microsoft dodges EU fine by unbundling Teams from Office Read More »

senator-blasts-microsoft-for-making-default-windows-vulnerable-to-“kerberoasting”

Senator blasts Microsoft for making default Windows vulnerable to “Kerberoasting”

Active Directory, Biz & IT, microsoft, ransomware, rc4, Security / /

Wyden said his office’s investigation into the Ascension breach found that the ransomware attackers’ initial entry into the health giant’s network was the infection of a contractor’s laptop after using Microsoft Edge to search Microsoft’s Bing site. The attackers were then able to expand their hold by attacking Ascension’s Active Directory and abusing its privileged access to push malware to thousands of other machines inside the network. The means for doing so, Wyden said: Kerberoasting.

“Microsoft has become like an arsonist”

“Microsoft’s continued support for the ancient, insecure RC4 encryption technology needlessly exposes its customers to ransomware and other cyber threats by enabling hackers that have gained access to any computer on a corporate network to crack the passwords of privileged accounts used by administrators,” Wyden wrote. “According to Microsoft, this threat can be mitigated by setting long passwords that are at least 14 characters long, but Microsoft’s software does not require such a password length for privileged accounts.”

Additionally, Green noted, the continuing speed of GPUs means that even when passwords appear to be strong, they can still fall to offline cracking attacks. That’s because the security cryptographic hashes created by default RC4/Kerberos use no cryptographic salt and a single iteration of the MD4 algorithm. The combination means an offline cracking attack can make billions of guesses per second, a thousandfold advantage over the same password hashed by non-Kerberos authentication methods.

Referring to the Active Directory default, Green wrote:

It’s actually a terrible design that should have been done away with decades ago. We should not build systems where any random attacker who compromises a single employee laptop can ask for a message encrypted under a critical password! This basically invites offline cracking attacks, which do not need even to be executed on the compromised laptop—they can be exported out of the network to another location and performed using GPUs and other hardware.

More than 11 months after announcing its plans to deprecate RC4/Kerberos, the company has provided no timeline for doing so. What’s more, Wyden said, the announcement was made in a “highly technical blog post on an obscure area of the company’s website on a Friday afternoon.” Wyden also criticized Microsoft for declining to “explicitly warn its customers that they are vulnerable to the Kerberoasting hacking technique unless they change the default settings chosen by Microsoft.”

Senator blasts Microsoft for making default Windows vulnerable to “Kerberoasting” Read More »

one-of-google’s-new-pixel-10-ai-features-has-already-been-removed

One of Google’s new Pixel 10 AI features has already been removed

AI, Artificial Intelligence, Google, Google Pixel, pixel 10, Tech / /

Google is one of the most ardent proponents of generative AI technology, as evidenced by the recent launch of the Pixel 10 series. The phones were announced with more than 20 new AI experiences, according to Google. However, one of them is already being pulled from the company’s phones. If you go looking for your Daily Hub, you may be disappointed. Not that disappointed, though, as it has been pulled because it didn’t do very much.

Many of Google’s new AI features only make themselves known in specific circumstances, for example when Magic Cue finds an opportunity to suggest an address or calendar appointment based on your screen context. The Daily Hub, on the other hand, asserted itself multiple times throughout the day. It appeared at the top of the Google Discover feed, as well as in the At a Glance widget right at the top of the home screen.

Just a few weeks after release, Google has pulled the Daily Hub preview from Pixel 10 devices. You will no longer see it in Google Discover nor in the home screen widget. After being spotted by 9to5Google, the company has issued a statement explaining its plans.

“To ensure the best possible experience on Pixel, we’re temporarily pausing the public preview of Daily Hub for users. Our teams are actively working to enhance its performance and refine the personalized experience. We look forward to reintroducing an improved Daily Hub when it’s ready,” a Google spokesperson said.

One of Google’s new Pixel 10 AI features has already been removed Read More »

spotify-peeved-after-10,000-users-sold-data-to-build-ai-tools

Spotify peeved after 10,000 users sold data to build AI tools

AI, AI models, Artificial Intelligence, decentralized ai, Features, Policy, solo ai, Spotify, unwrapped, vana, wrapped / /

Spotify sent a warning to stop data sales, but developers say they never got it.

For millions of Spotify users, the “Wrapped” feature—which crunches the numbers on their annual listening habits—is a highlight of every year’s end, ever since it debuted in 2015. NPR once broke down exactly why our brains find the feature so “irresistible,” while Cosmopolitan last year declared that sharing Wrapped screenshots of top artists and songs had by now become “the ultimate status symbol” for tens of millions of music fans.

It’s no surprise then that, after a decade, some Spotify users who are especially eager to see Wrapped evolve are no longer willing to wait to see if Spotify will ever deliver the more creative streaming insights they crave.

With the help of AI, these users expect that their data can be more quickly analyzed to potentially uncover overlooked or never-considered patterns that could offer even more insights into what their listening habits say about them.

Imagine, for example, accessing a music recap that encapsulates a user’s full listening history—not just their top songs and artists. With that unlocked, users could track emotional patterns, analyzing how their music tastes reflected their moods over time and perhaps helping them adjust their listening habits to better cope with stress or major life events. And for users particularly intrigued by their own data, there’s even the potential to use AI to cross data streams from different platforms and perhaps understand even more about how their music choices impact their lives and tastes more broadly.

Likely just as appealing as gleaning deeper personal insights, though, users could also potentially build AI tools to compare listening habits with their friends. That could lead to nearly endless fun for the most invested music fans, where AI could be tapped to assess all kinds of random data points, like whose breakup playlists are more intense or who really spends the most time listening to a shared favorite artist.

In pursuit of supporting developers offering novel insights like these, more than 18,000 Spotify users have joined “Unwrapped,” a collective launched in February that allows them to pool and monetize their data.

Voting as a group through the decentralized data platform Vana—which Wired profiled earlier this year—these users can elect to sell their dataset to developers who are building AI tools offering fresh ways for users to analyze streaming data in ways that Spotify likely couldn’t or wouldn’t.

In June, the group made its first sale, with 99.5 percent of members voting yes. Vana co-founder Anna Kazlauskas told Ars that the collective—at the time about 10,000 members strong—sold a “small portion” of its data (users’ artist preferences) for $55,000 to Solo AI.

While each Spotify user only earned about $5 in cryptocurrency tokens—which Kazlauskas suggested was not “ideal,” wishing the users had earned about “a hundred times” more—she said the deal was “meaningful” in showing Spotify users that their data “is actually worth something.”

“I think this is what shows how these pools of data really act like a labor union,” Kazlauskas said. “A single Spotify user, you’re not going to be able to go say like, ‘Hey, I want to sell you my individual data.’ You actually need enough of a pool to sort of make it work.”

Spotify sent warning to Unwrapped

Unsurprisingly, Spotify is not happy about Unwrapped, which is perhaps a little too closely named to its popular branded feature for the streaming giant’s comfort. A spokesperson told Ars that Spotify sent a letter to the contact info listed for Unwrapped developers on their site, outlining concerns that the collective could be infringing on Spotify’s Wrapped trademark.

Further, the letter warned that Unwrapped violates Spotify’s developer policy, which bans using the Spotify platform or any Spotify content to build machine learning or AI models. And developers may also be violating terms by facilitating users’ sale of streaming data.

“Spotify honors our users’ privacy rights, including the right of portability,” Spotify’s spokesperson said. “All of our users can receive a copy of their personal data to use as they see fit. That said, UnwrappedData.org is in violation of our Developer Terms which prohibit the collection, aggregation, and sale of Spotify user data to third parties.”

But while Spotify suggests it has already taken steps to stop Unwrapped, the Unwrapped team told Ars that it never received any communication from Spotify. It plans to defend users’ right to “access, control, and benefit from their own data,” its statement said, while providing reassurances that it will “respect Spotify’s position as a global music leader.”

Unwrapped “does not distribute Spotify’s content, nor does it interfere with Spotify’s business,” developers argued. “What it provides is community-owned infrastructure that allows individuals to exercise rights they already hold under widely recognized data protection frameworks—rights to access their own listening history, preferences, and usage data.”

“When listeners choose to share or monetize their data together, they are not taking anything away from Spotify,” developers said. “They are simply exercising digital self-determination. To suggest otherwise is to claim that users do not truly own their data—that Spotify owns it for them.”

Jacob Hoffman-Andrews, a senior staff technologist for the digital rights group the Electronic Frontier Foundation, told Ars that—while EFF objects to data dividend schemes “where users are encouraged to share personal information in exchange for payment”—Spotify users should nevertheless always maintain control of their data.

“In general, listeners should have control of their own data, which includes exporting it for their own use,” Hoffman-Andrews said. “An individual’s musical history is of use not just to Spotify but also to the individual who created it. And there’s a long history of services that enable this sort of data portability, for instance Last.fm, which integrates with Spotify and many other services.”

To EFF, it seems ill-advised to sell data to AI companies, Hoffman-Andrews said, emphasizing “privacy isn’t a market commodity, it’s a fundamental right.”

“Of course, so is the right to control one’s own data,” Hoffman-Andrews noted, seeming to agree with Unwrapped developers in concluding that “ultimately, listeners should get to do what they want with their own information.”

Users’ right to privacy is the primary reason why Unwrapped developers told Ars that they’re hoping Spotify won’t try to block users from selling data to build AI.

“This is the heart of the issue: If Spotify seeks to restrict or penalize people for exercising these rights, it sends a chilling message that its listeners should have no say in how their own data is used,” the Unwrapped team’s statement said. “That is out of step not only with privacy law, but with the values of transparency, fairness, and community-driven innovation that define the next era of the Internet.”

Unwrapped sign-ups limited due to alleged Spotify issues

There could be more interest in Unwrapped. But Kazlauskas alleged to Ars that in the more than six months since Unwrapped’s launch, “Spotify has made it extraordinarily difficult” for users to port over their data. She claimed that developers have found that “every time they have an easy way for users to get their data,” Spotify shuts it down “in some way.”

Supposedly because of Spotify’s interference, Unwrapped remains in an early launch phase and can only offer limited spots for new users seeking to sell their data. Kazlauskas told Ars that about 300 users can be added each day due to the cumbersome and allegedly shifting process for porting over data.

Currently, however, Unwrapped is working on an update that could make that process more stable, Kazlauskas said, as well as changes to help users regularly update their streaming data. Those updates could perhaps attract more users to the collective.

Critics of Vana, like TechCrunch’s Kyle Wiggers, have suggested that data pools like Unwrapped will never reach “critical mass,” likely only appealing to niche users drawn to decentralization movements. Kazlauskas told Ars that data sale payments issued in cryptocurrency are one barrier for crypto-averse or crypto-shy users interested in Vana.

“The No. 1 thing I would say is, this kind of user experience problem where when you’re using any new kind of decentralized technology, you need to set up a wallet, then you’re getting tokens,” Kazlauskas explained. Users may feel culture shock, wondering, “What does that even mean? How do I vote with this thing? Is this real money?”

Kazlauskas is hoping that Vana supports a culture shift, striving to reach critical mass by giving users a “commercial lens” to start caring about data ownership. She also supports legislation like the Digital Choice Act in Utah, which “requires actually real-time API access, so people can get their data.” If the US had a federal law like that, Kazlauskas suspects that launching Unwrapped would have been “so much easier.”

Although regulations like Utah’s law could serve as a harbinger of a sea change, Kazlauskas noted that Big Tech companies that currently control AI markets employ a fierce lobbying force to maintain control over user data that decentralized movements just don’t have.

As Vana partners with Flower AI, striving, as Wired reported, to “shake up the AI industry” by releasing “a giant 100 billion-parameter model” later this year, Kazlauskas remains committed to ensuring that users are in control and “not just consumed.” She fears a future where tech giants may be motivated to use AI to surveil, influence, or manipulate users, when instead users could choose to band together and benefit from building more ethical AI.

“A world where a single company controls AI is honestly really dystopian,” Kazlauskas told Ars. “I think that it is really scary. And so I think that the path that decentralized AI offers is one where a large group of people are still in control, and you still get really powerful technology.”

Photo of Ashley Belanger

Ashley is a senior policy reporter for Ars Technica, dedicated to tracking social impacts of emerging policies and new technologies. She is a Chicago-based journalist with 20 years of experience.

Spotify peeved after 10,000 users sold data to build AI tools Read More »

flush-door-handles-are-the-car-industry’s-latest-safety-problem

Flush door handles are the car industry’s latest safety problem

Cars / /

China to the rescue?

In fact, the styling feature might be on borrowed time. It seems that Chinese authorities have been concerned about retractable door handles for some time now and are reportedly close to banning them from 2027. Flush-fit door handles fail far more often during side impacts than regular handles, delaying egress or rescue time after a crash. During heavy rain, flush-fit door handles have short-circuited, trapping people in their cars. Chinese consumers have even reported an increase in finger injuries as they get trapped or pinched.

That’s plenty of safety risk, but what about the benefit to vehicle efficiency? As it turns out, it doesn’t actually help that much. Adding flush door handles cuts the drag coefficient (Cd) by around 0.01. You really need to know a car’s frontal area as well as its Cd, but this equates to perhaps a little more than a mile of EPA range, perhaps two under Europe’s Worldwide Harmonised Light vehicles Test Procedure.

If automakers were that serious about drag reduction, we’d see many more EVs riding on smaller wheels. The rotation of the wheels and tires is one of the greatest contributors to drag, yet the stylists’ love of huge wheels means most EVs you’ll find on the front lot of a dealership will struggle to match their official efficiency numbers (not to mention suffering from a worse ride).

China’s importance to the global EV market means that, if it follows through on this ban, we can expect to see many fewer cars arrive with flush door handles in the future.

Flush door handles are the car industry’s latest safety problem Read More »

ai-vs.-maga:-populists-alarmed-by-trump’s-embrace-of-ai,-big-tech

AI vs. MAGA: Populists alarmed by Trump’s embrace of AI, Big Tech

AI, AI regulation, big tech, MAGA, Policy, syndication / /

Some Republicans are still angry over the deplatforming of Trump by tech executives once known for their progressive politics. They had been joined by a “vocal and growing group of conservatives who are fundamentally suspicious of the benefits of technological innovation,” Thierer said.

With MAGA skeptics on one side and Big Tech allies of the president on the other, a “battle for the soul of the conservative movement” is under way.

Popular resentment is now a threat to Trump’s Republican Party, warn some of its biggest supporters—especially if AI begins displacing jobs as many of its exponents suggest.

“You can displace farm workers—what are they going to do about it? You can displace factory workers—they will just kill themselves with drugs and fast food,” Tucker Carlson, one of the MAGA movement’s most prominent media figures, told a tech conference on Monday.

“If you do that to lawyers and non-profit sector employees, you will get a revolution.”

It made Trump’s embrace of Silicon Valley bosses a “significant risk” for his administration ahead of next year’s midterm elections, a leading Republican strategist said.

“It’s a real double-edged sword—the administration is forced to embrace [AI] because if the US is not the leader in AI, China will be,” the strategist said, echoing the kind of argument made by Sacks and fellow Trump adviser Michael Kratsios for their AI policy platform.

“But you could see unemployment spiking over the next year,” the strategist said.

Other MAGA supporters are urging Trump to tone down at least his public cheerleading for an AI sector so many of them consider a threat.

“The pressure that is being placed on conservatives to fall in line… is a recipe for discontent,” said Toscano.

By courting AI bosses, the Republican Party, which claims to represent the pro-family movement, religious communities, and American workers, appeared to be embracing those who are antithetical to all of those groups, he warned.

“The current view of things suggests that the most important members of the party are those that are from Silicon Valley,” Toscano said.

Additional reporting by Cristina Criddle in San Francisco.

© 2025 The Financial Times Ltd. All rights reserved. Not to be redistributed, copied, or modified in any way.

AI vs. MAGA: Populists alarmed by Trump’s embrace of AI, Big Tech Read More »

hands-on-with-apple’s-new-iphones:-beauty-and-the-beast-and-the-regular-looking-one

Hands-on with Apple’s new iPhones: Beauty and the beast and the regular-looking one

Apple, IPhone, iphone 17, iphone 17 pro, iphone air, Tech / /

i have touched the new phones

A new form-vs.-function spectrum emerges as Apple’s phone designs diverge.

The iPhone Air. Credit: Andrew Cunningham

The iPhone Air. Credit: Andrew Cunningham

CUPERTINO, Calif.—We’re a long way from the days when a new iPhone launch just meant one new phone. It shifted to “basically the same phone in two sizes” a decade or so ago, and then to a version of “one lineup of regular phones and one lineup of Pro phones” in 2017 when the iPhone 8 was introduced next to the iPhone X.

But thanks to Apple’s newly introduced iPhone Air, the iPhone 17 lineup gives new phone buyers more choices and trade-offs than they’ve ever had before. Apple’s phones are now available in a spectrum of sizes, weights, speeds, costs, and camera configurations. And while options are great to have, it also means you need to know more about which one to pick.

We’ve gone hands-on with all four of Apple’s new phones, and while more extensive tire-kicking will be required, we can at least try to nail down exactly what kind of person each of these phones is for.

The iPhone Air: Designed for first impressions

There’s no more iPhone mini, and there’s no more iPhone Plus. Now we have an iPhone Air, and it is very much its own thing.

The phone is just over two-thirds the thickness of the iPhone 17, not counting what Apple now calls a “camera plateau” that stretches across the top of the device. It’s 0.22 inches thick and weighs 5.82 ounces, compared to 0.31 inches thick and 6.24 ounces for the iPhone 17. You have to go back to the iPhone 12 (5.78 ounces) to find a full-size iPhone that’s equally light, and that one had a 6.1-inch screen instead of the Air’s more expansive 6.5 inches.

Those don’t look like huge numbers on paper, but when you’re holding the iPhone Air, it does make a substantial difference. While the camera plateau makes it look top-heavy in photos, in reality, it’s light, and that weight is distributed evenly enough that it feels as well-balanced as any of the other iPhones.

The combination of a large-ish screen and light weight created a strong perception of lightness, compared to the iPhone 17 or especially the 7.27-ounce iPhone 17 Pro. I also found that the shiny titanium frame, while a fingerprint magnet, did slide around in my hand less than an aluminum finish.

It’s a phone built to make a strong first impression, whether you’re holding it in an Apple Store or just after an Apple event in a throng of YouTubers who are all throwing elbows so that they can film each individual phone in the hands-on area for 20 minutes apiece. But I do worry that living with the Air would be frustrating in the long haul, specifically because of battery life.

Again, on paper, the numbers Apple is quoting aren’t so far apart. The Air is rated for 27 hours of local video playback, compared to 30 hours for the iPhone 17 and 33 hours for the 17 Pro. But there’s a bigger gap between the numbers for streaming video—22 hours, 27 hours, and 30 hours for the Air, 17, and 17 Pro, respectively—that suggests that any activity that’s actively using the A19 Pro chip or wireless communication is going to drain the battery even faster.

Extrapolate that out two years, when your battery is going to be operating at somewhere between 80 and 90 percent of its original capacity, and a midday charge starts to sound like an inevitability. It’s telling that a thickness-and-weight-increasing external battery accessory was announced in the same breath as the iPhone Air.

The iPhone Air’s $99 MagSafe battery accessory. Credit: Andrew Cunningham

Apple’s official acknowledgement of and solution to the battery life issue is a $99 external battery that attaches with MagSafe and charges the phone wirelessly; by Apple’s estimates, it adds roughly 13 hours of runtime on top of what you get from the internal battery.

Doesn’t this defeat the purpose of having an iPhone Air, I hear you asking? Maybe so! But it is at least a better aesthetic match for the iPhone than a chunky third-party brick, and one that’s pretty easy to detach and put away once it has done its job and charged your phone. It has its own separate USB-C port for charging, and a small status light (orange when charging, green when charged) below the Apple logo. The magnetic connection feels sturdy enough that it would be hard to dislodge the battery by accident, but I can’t say that it absolutely couldn’t fall off if you were trying to jam the phone into a pocket or bag and caught the battery on something.

I can say that the iPhone Air probably isn’t for me, because the main things I want from a phone are more battery life and better cameras—I can appreciate something smaller and lighter, but only if it doesn’t compromise that other stuff (I got exactly this kind of upgrade when I jumped from an iPhone 13 Pro to a 15 Pro). That’s fine—when you introduce four phones at once, you don’t need to appeal to every iPhone user with every one of them. But I do wonder whether people will find the Air more convincing than they apparently found the now-departed iPhone mini and iPhone Plus.

The iPhone 17 Pro: Industrial design

If you look at the iPhone Air and you say, “I would actually take a thicker, heavier phone if it had a bigger battery in it,” Apple does already make that phone for you.

The iPhone 17 Pro and Pro Max are more of a design departure from the standard iPhones than they have been in years past, with a distinctive aluminum unibody design and a gigantic camera plateau that replaces the old (and already substantial) three-lens camera bump on the older Pros.

Frankly, I’m not in love with the look of this new design—the aluminum unibody design may be good for durability, but it requires Apple to leave cutouts for other wireless-permeable materials all over the phone’s body, and the result is a two-tone design and a lumpy profile that gives the impression that form follows function on this one. It’s the iPhone equivalent of a polished concrete floor—utilitarian with a trendy veneer. It’s a phone I would be happy to put in a case.

It’s also a bit disappointing that the iPhone 17 Pro continues the Pro phones’ drift back upward in weight—we went from 7.27 ounces to 6.6 ounces from the iPhone 14 Pro to the 15 Pro, then to 7.03 ounces for the 16 Pro, and now right back to 7.27 ounces again. But weight is obviously incidental to other features for many Pro users, and the 17 Pro does at least do cool things that make the increased weight worth it.

The two-toned design, festooned with cutouts, makes the phone look a bit uneven to me. Andrew Cunningham

The one feature that’s easy to wrap your arms around in just a few minutes with the new phone is the upgraded telephoto camera lens, which shifts to a 48MP sensor that enables Apple’s Fusion Camera functionality for telephoto shots for the first time.

If you don’t know, the Fusion Camera system shoots 48MP images and then shrinks them to 12 or 24MP, depending on the phone you’re using—benefiting from the extra detail captured by the 48MP sensor, but keeping photo sizes manageable. To create “optical zoom,” the camera instead crops a native-resolution 12MP image out of the center of that sensor. Quality is reduced somewhat because you lose the benefits of the “pixel binning” process that is used to turn 48MP shots into 12MP or 24MP shots, but you’re still capturing native-resolution images without digital zoom.

Adding that to the telephoto lens for the first time doubles the amount of zoom Apple can offer—it starts at 4x zoom, and can go as high as 8x before you start relying on digital zoom.

Standard lens, iPhone 15 Pro. Andrew Cunningham

We were able to do a bit of shooting with the iPhone 17 Pro’s telephoto camera on the Apple Park campus. Compared to my iPhone 15 Pro and its 3x telephoto lens, the default 4x zoom on the iPhone 17 Pro already gets us a little closer, and the 8x zoom option gets you a lot closer. Zoom all the way in to the orange “hello” and you’ll notice some fuzziness and less-than-tack-sharp details, but for photo prints or sharing digitally the results are impressive.

The extra weight and unfinished look of the iPhone 17 Pro don’t make as good a first impression as the iPhone Air did, but I suspect iPhone Pro users (myself included) will find its larger battery and better camera to be acceptable trade-offs. It will be the easier phone to live with in the long term, in other words.

The iPhone 17: Still the default

The iPhone 17: It’s an iPhone! Credit: Andrew Cunningham

In between the industrial chic aesthetic of the iPhone 17 Pro and the lightness of the iPhone Air is the regular iPhone, which looks a whole lot like last year’s but might actually get the most noticeable functional upgrades of all three of them.

I’m mainly talking about the ProMotion screen, a 120 Hz OLED display panel with a dynamic refresh rate that can go as low as 1 Hz when the phone isn’t being used. Both ProMotion and the always-on screen feature that it enables have been exclusive to the iPhone Pro for years, even as higher-refresh-rate screens have spread through midrange and budget Android phones.

That extra smoothness is tough to give up once you’ve gotten used to it, and it pairs especially well with the extra motion and bounciness present in Apple’s new Liquid Glass interface. Fitting 6.3 inches of screen into a phone the same size as the 6.1-inch iPhone 16 also heightens the edge-to-edge screen effect. And both ProMotion and the larger screen help put some space between the iPhone 17 and the iPhone 16e, Apple’s current “budget” offering that comes in at just $200 under the price of the regular iPhone.

From the back: Still an iPhone! Credit: Andrew Cunningham

The other major functional upgrade for people who just walk into the store (or log on to their carrier’s website) and buy the default iPhone is that the base model has been bumped up to 256GB of storage, a reasonably generous allotment that should keep you from having too much trouble with gigantic movie files or years-old gigabytes-large iMessage conversations that you just can’t bear to delete.

This looks like an iPhone, and it feels like an iPhone, and there’s not a lot to convey from a quick hands-on session other than that. In this case, a lack of surprises is a good thing.

Photo of Andrew Cunningham

Andrew is a Senior Technology Reporter at Ars Technica, with a focus on consumer tech including computer hardware and in-depth reviews of operating systems like Windows and macOS. Andrew lives in Philadelphia and co-hosts a weekly book podcast called Overdue.

Hands-on with Apple’s new iPhones: Beauty and the beast and the regular-looking one Read More »

software-packages-with-more-than-2-billion-weekly-downloads-hit-in-supply-chain-attack

Software packages with more than 2 billion weekly downloads hit in supply-chain attack

Biz & IT, npm, Open Source, Security, supply chain, supply chain attacks / /

Hackers planted malicious code in open source software packages with more than 2 billion weekly updates in what is likely to be the world’s biggest supply-chain attack ever.

The attack, which compromised nearly two dozen packages hosted on the npm repository, came to public notice on Monday in social media posts. Around the same time, Josh Junon, a maintainer or co-maintainer of the affected packages, said he had been “pwned” after falling for an email that claimed his account on the platform would be closed unless he logged in to a site and updated his two-factor authentication credentials.

Defeating 2FA the easy way

“Sorry everyone, I should have paid more attention,” Junon, who uses the moniker Qix, wrote. “Not like me; have had a stressful week. Will work to get this cleaned up.”

The unknown attackers behind the account compromise wasted no time capitalizing on it. Within an hour’s time, dozens of open source packages Junon oversees had received updates that added malicious code for transferring cryptocurrency payments to attacker-controlled wallets. With more than 280 lines of code, the addition worked by monitoring infected systems for cryptocurrency transactions and changing the addresses of wallets receiving payments to those controlled by the attacker.

The packages that were compromised, which at last count numbered 20, included some of the most foundational code driving the JavaScript ecosystem. They are used outright and also have thousands of dependents, meaning other npm packages that don’t work unless they are also installed. (npm is the official code repository for JavaScript files.)

“The overlap with such high-profile projects significantly increases the blast radius of this incident,” researchers from security firm Socket said. “By compromising Qix, the attackers gained the ability to push malicious versions of packages that are indirectly depended on by countless applications, libraries, and frameworks.”

The researchers added: “Given the scope and the selection of packages impacted, this appears to be a targeted attack designed to maximize reach across the ecosystem.”

The email message Junon fell for came from an email address at support.npmjs.help, a domain created three days ago to mimic the official npmjs.com used by npm. It said Junon’s account would be closed unless he updated information related to his 2FA—which requires users to present a physical security key or supply a one-time passcode provided by an authenticator app in addition to a password when logging in.

Software packages with more than 2 billion weekly downloads hit in supply-chain attack Read More »

nobel-laureate-david-baltimore-dead-at-87

Nobel laureate David Baltimore dead at 87

Biology, David Baltimore, obituary, Science / /

Nobel Prize-winning molecular biologist and former Caltech president David Baltimore—who found himself at the center of controversial allegations of fraud against a co-author—has died at 87 from cancer complications. He shared the 1975 Nobel Prize in Physiology for his work upending the then-consensus that cellular information flowed only in one direction. Baltimore is survived by his wife of 57 years, biologist Alice Huang, as well as a daughter and granddaughter.

“David Baltimore’s contributions as a virologist, discerning fundamental mechanisms and applying those insights to immunology, to cancer, to AIDS, have transformed biology and medicine,” current Caltech President Thomas F. Rosenbaum said in a statement. “David’s profound influence as a mentor to generations of students and postdocs, his generosity as a colleague, his leadership of great scientific institutions, and his deep involvement in international efforts to define ethical boundaries for biological advances fill out an extraordinary intellectual life.”

Baltimore was born in New York City in 1938. His father worked in the garment industry, and his mother later became a psychologist at the New School and Sarah Lawrence. Young David was academically precocious and decided he wanted to be a scientist after spending a high school summer learning about mouse genetics at the Jackson Laboratory in Maine. He graduated from Swarthmore College and earned his PhD in biology from Rockefeller University in 1964 with a thesis on the study of viruses in animal cells. He joined the Salk Institute in San Diego, married Huang, and moved to MIT in 1982, founding the Whitehead Institute.

Baltimore initially studied viruses like polio and mengovirus that make RNA copies of the RNA genomes to replicate, but later turned his attention to retroviruses, which have enzymes that make DNA copies of viral RNA. He made a major breakthrough when he proved the existence of that viral enzyme, now known as reverse transcriptase. Previously scientists had thought that the flow of information went from DNA to RNA to protein synthesis. Baltimore showed that process could be reversed, ultimately enabling researchers to use disabled retroviruses to insert genes into human DNA to correct genetic diseases.

Nobel laureate David Baltimore dead at 87 Read More »