Enlarge (credit: Google)

Google says it has patched a nasty loophole in the Android TV account security system, which would grant attackers with physical access to your device access to your entire Google account just by sideloading some apps. As 404 Media reports, the issue was originally brought to Google's attention by US Sen. Ron Wyden (D-Ore.) as part of a "review of the privacy practices of streaming TV technology providers." Google originally told the senator that the issue was expected behavior but, after media coverage, decided to change its stance and issue some kind of patch.

"My office is mid-way through a review of the privacy practices of streaming TV technology providers," Wyden told 404 Media. "As part of that inquiry, my staff discovered an alarming video in which a YouTuber demonstrated how with 15 minutes of unsupervised access to an Android TV set-top box, a criminal could get access to private emails of the Gmail user who set up the TV."

The video in question was a PSA from YouTuber Cameron Gray, and it shows that grabbing any Android TV device and sideloading a few apps will grant access to the current Google account. This is obvious if you know how Android works, but it's not obvious to most users looking at a limited TV interface.

Enlarge (credit: Getty Images)

Hackers are assailing websites using a prominent WordPress plugin with millions of attempts to exploit a high-severity vulnerability that allows complete takeover, researchers said.

The vulnerability resides in WordPress Automatic, a plugin with more than 38,000 paying customers. Websites running the WordPress content management system use it to incorporate content from other sites. Researchers from security firm Patchstack disclosed last month that WP Automatic versions 3.92.0 and below had a vulnerability with a severity rating of 9.9 out of a possible 10. The plugin developer, ValvePress, silently published a patch, which is available in versions 3.92.1 and beyond.

Researchers have classified the flaw, tracked as CVE-2024-27956, as a SQL injection, a class of vulnerability that stems from a failure by a web application to query backend databases properly. SQL syntax uses apostrophes to indicate the beginning and end of a data string. By entering strings with specially positioned apostrophes into vulnerable website fields, attackers can execute code that performs various sensitive actions, including returning confidential data, giving administrative system privileges, or subverting how the web app works.

Enlarge (credit: US EIA)

On Thursday, the US Department of Energy released its preliminary estimate for the nation's carbon emissions in the previous year. Any drop in emissions puts us on a path that would avoid some of the catastrophic warming scenarios that were still on the table at the turn of the century. But if we're to have a chance of meeting the Paris Agreement goal of keeping the planet from warming beyond 2° C, we'll need to see emissions drop dramatically in the near future.

So, how is the US doing? Emissions continue to trend downward, but there's no sign the drop has accelerated. And most of the drop has come from a single sector: changes in the power grid.

Off the grid, on the road

US carbon emissions have been trending downward since roughly 2007, when they peaked at about six gigatonnes. In recent years, the pandemic produced a dramatic drop in emissions in 2020, lowering them to under five gigatonnes for the first time since before 1990, when the EIA's data started. Carbon dioxide release went up a bit afterward, with 2023 marking the first post-pandemic decline, with emissions again clearly below five gigatonnes.

Enlarge (credit: Discord)

Spy Pet, a service that sold access to a rich database of allegedly more than 3 billion Discord messages and details on more than 600 million users, has seemingly been shut down.

404 Media, which broke the story of Spy Pet's offerings, reports that Spy Pet seems mostly shut down. Spy Pet's website was unavailable as of this writing. A Discord spokesperson told Ars that the company's safety team had been "diligently investigating" Spy Pet and that it had banned accounts affiliated with it.

"Scraping our services and self-botting are violations of our Terms of Service and Community Guidelines," the spokesperson wrote. "In addition to banning the affiliated accounts, we are considering appropriate legal action." The spokesperson noted that Discord server administrators can adjust server permissions to prevent future such monitoring on otherwise public servers.

Enlarge (credit: Getty Images | NurPhoto)

TikTok owner ByteDance is preparing to sue the US government now that President Biden has signed into law a bill that will ban TikTok in the US if its Chinese owner doesn't sell the company within 270 days. While it's impossible to predict the outcome with certainty, law professors speaking to Ars believe that ByteDance will have a strong First Amendment case in its lawsuit against the US.

One reason for this belief is that just a few months ago, a US District Court judge blocked a Montana state law that attempted to ban TikTok. In October 2020, another federal judge in Pennsylvania blocked a Trump administration order that would have banned TikTok from operating inside the US. TikTok also won a preliminary injunction against Trump in US District Court for the District of Columbia in September 2020.

"Courts have said that a TikTok ban is a First Amendment problem," Santa Clara University law professor Eric Goldman, who writes frequent analysis of legal cases involving technology, told Ars this week. "And Congress didn't really try to navigate away from that. They just went ahead and disregarded the court rulings to date."

Enlarge / A DOS prompt.

Microsoft has open-sourced another bit of computing history this week: The company teamed up with IBM to release the source code of 1988's MS-DOS 4.00, a version better known for its unpopularity, bugginess, and convoluted development history than its utility as a computer operating system.

The MS-DOS 4.00 code is available on Microsoft's MS-DOS GitHub page along with versions 1.25 and 2.0, which Microsoft open-sourced in cooperation with the Computer History Museum back in 2014. All open-source versions of DOS have been released under the MIT License.

Initially, MS-DOS 4.00 was slated to include new multitasking features that allow software to run in the background. This release of DOS, also sometimes called "MT-DOS" or "Mutitasking MS-DOS" to distinguish it from other releases, was only released through a few European PC OEMs and never as a standalone retail product.

Enlarge / A 2014 Tesla Model S driving on Autopilot rear-ended a Culver City fire truck that was parked in the high-occupancy vehicle lane on Interstate 405. (credit: Culver City Firefighters Local 1927 / Facebook)

Tesla's lousy week continues. On Tuesday, the electric car maker posted its quarterly results showing precipitous falls in sales and profitability. Today, we've learned that the National Highway Traffic Safety Administration is concerned that Tesla's massive recall to fix its Autopilot driver assist—which was pushed out to more than 2 million cars last December—has not actually made the system that much safer.

NHTSA's Office of Defects Investigation has been scrutinizing Tesla Autopilot since August 2021, when it opened a preliminary investigation in response to a spate of Teslas crashing into parked emergency responder vehicles while operating under Autopilot.

In June 2022, the ODI upgraded that investigation into an engineering analysis, and in December 2023, Tesla was forced to recall more than 2 million cars after the analysis found that the car company had inadequate driver-monitoring systems and had designed a system with the potential for "foreseeable misuse."

Enlarge / The slide-on Joy-Con connection point shown in the center of the image may be a thing of the past on the Switch 2

The iconic slide-in "click" of the Switch Joy-Cons may be replaced with a magnetic attachment mechanism in the Switch 2, according to a report from Spanish-language gaming news site Vandal.

The site notes that this new design could make direct Switch 2 backward compatibility with existing Switch Joy-Cons "difficult." Even so, we can envision some sort of optional magnetic shim that could make older Joy-Cons attachable with the new system's magnetic connection points. Current Switch Pro Controllers, which do not physically attach to the Switch, should be fully compatible with the Switch 2, according to the report.

Vandal cites several unnamed accessory and peripheral makers who reportedly got to touch the new console inside of an opaque box, which was used to balance design secrecy with the need to provide general knowledge of the unit's dimensions. According to those sources, the Switch 2 will be "larger than the Switch, although without reaching the size of the Steam Deck."

Enlarge (credit: Getty | Jeffrey Greenberg)

The Food and Drug Administration reported late Thursday that about 20 percent of retail milk samples from around the country tested positive for genetic fragments of the bird flu, aka highly pathogenic avian influenza (HPAI) virus H5N1. While retail milk is still considered to be safe, the finding suggests that the spread of the virus in cows is more extensive than is currently known.

The FDA used a test called quantitative polymerase chain reaction (qPCR), which can only detect the presence of genetic fragments. In pasteurized retail milk, it is highly likely that those genetic snippets are merely remnants of virus particles destroyed during pasteurization. The FDA is currently conducting additional testing using egg inoculation tests, a gold standard for detecting a live virus, to confirm the effectiveness of pasteurization. Meanwhile, the director of the National Institute of Allergy and Infectious Diseases, Jeanne Marrazzo, told reporters Wednesday that tests at the agency's federal labs so far did not identify live virus from any of its sampling. Additionally, several previous studies have found that pasteurization of eggs—which is done at a lower temperature than it is for milk—was effective at destroying H5N1.

While experts are largely unconcerned with the safety of commercial milk, the potential for wide, unrecognized spread of bird flu in dairy herds is alarming. To date, the US Department of Agriculture has only confirmed infections in 33 herds in eight states. The FDA acknowledged that of its positive samples, "a greater proportion of positive results [are] coming from milk in areas with infected herds." But with tens of thousands of dairy herds in the US, the finding suggests that infections are being missed. It does not necessarily suggest that 20 percent of all cows are affected, since milk is pooled for commercial distribution. But 33 herds alone are unlikely to explain the high prevalence.

Enlarge / A newly revealed research proposal from 1971 shows that Richard Nixon’s science advisors embarked on an extensive analysis of the potential risks of climate change. (credit: Oliver Atkins/National Archives)

In 1971, President Richard Nixon’s science advisers proposed a multimillion dollar climate change research project with benefits they said were too “immense” to be quantified, since they involved “ensuring man’s survival,” according to a White House document newly obtained by the nonprofit National Security Archive and shared exclusively with Inside Climate News.

The plan would have established six global and 10 regional monitoring stations in remote locations to collect data on carbon dioxide, solar radiation, aerosols and other factors that exert influence on the atmosphere. It would have engaged five government agencies in a six-year initiative, with spending of $23 million in the project’s peak year of 1974—the equivalent of $172 million in today’s dollars. It would have used then-cutting-edge technology, some of which is only now being widely implemented in carbon monitoring more than 50 years later.

But it stands as yet another lost opportunity early on the road to the climate crisis. Researchers at the National Security Archive, based at the George Washington University, could find no documentation of what happened to the proposal, and it was never implemented.

Enlarge / The flight hardware core stage for Europe’s new rocket, Ariane 6, is moved onto the launch pad for the first time this week. A launch is possible some time this summer. (credit: ESA-M. Pédoussaut)

Welcome to Edition 6.41 of the Rocket Report! As I finish up this edition I'm listening to the post-Flight Readiness Review news conference for Boeing's Crew Flight Test. It sounds like everything remains on track for a launch attempt on May 6, at 10:34 pm ET. It's exciting to see this important milestone for Boeing and the US human spaceflight program so near to hand.

As always, we welcome reader submissions, and if you don't want to miss an issue, please subscribe using the box below (the form will not appear on AMP-enabled versions of the site). Each report will include information on small-, medium-, and heavy-lift rockets as well as a quick look ahead at the next three launches on the calendar.

Shetland spaceport advancing toward launch. SaxaVord Spaceport in Scotland is on track to launch the United Kingdom’s first vertical rocket into orbit, the BBC reports. The Civil Aviation Authority has granted a range license to the Scottish spaceport, which will allow the company to control the sea and airspace during launch. Previously, the site received a spaceport license in December 2023. Ambitiously, the facility aims to launch up to 30 rockets every year.

Enlarge / A meeting of the UN Security Council on April 14. (credit: Fatih Aktas/Anadolu via Getty Images)

Russia vetoed a United Nations Security Council resolution Wednesday that would have reaffirmed a nearly 50-year-old ban on placing weapons of mass destruction into orbit, two months after reports Russia has plans to do just that.

Russia's vote against the resolution was no surprise. As one of the five permanent members of the Security Council, Russia has veto power over any resolution that comes before the body. China abstained from the vote, and 13 other members of the Security Council voted in favor of the resolution.

If it passed, the resolution would have affirmed a binding obligation in Article IV of the 1967 Outer Space Treaty, which says nations are "not to place in orbit around the Earth any objects carrying nuclear weapons or any other kinds of weapons of mass destruction."

Enlarge / Tech brands love hollering about the purported thrills of AI these days. (credit: Getty)

Logitech announced a new mouse last week. A company rep reached out to inform Ars of Logitech’s “newest wireless mouse.” The gadget’s product page reads the same as of this writing.

I’ve had good experience with Logitech mice, especially wireless ones, one of which I'm using now. So I was keen to learn what Logitech might have done to improve on its previous wireless mouse designs. A quieter click? A new shape to better accommodate my overworked right hand? Multiple onboard profiles in a business-ready design?

I was disappointed to learn that the most distinct feature of the Logitech Signature AI Edition M750 is a button located south of the scroll wheel. This button is preprogrammed to launch the ChatGPT prompt builder, which Logitech recently added to its peripherals configuration app Options+.

Enlarge / Drops of the blood going onto an HIV quick test. (credit: Getty | BRITTA PEDERSEN)

Trendy, unproven "vampire facials" performed at an unlicensed spa in New Mexico left at least three women with HIV infections. This marks the first time that cosmetic procedures have been associated with an HIV outbreak, according to a detailed report of the outbreak investigation published today.

Ars reported on the cluster last year when state health officials announced they were still identifying cases linked to the spa despite it being shut down in September 2018. But today's investigation report offers more insight into the unprecedented outbreak, which linked five people with HIV infections to the spa and spurred investigators to contact and test nearly 200 other spa clients. The report appears in the Centers for Disease Control and Prevention's Morbidity and Mortality Weekly Report.

The investigation began when a woman between the ages of 40 and 50 turned up positive on a rapid HIV test taken while she was traveling abroad in the summer of 2018. She had a stage 1 acute infection. It was a result that was as dumbfounding as it was likely distressing. The woman had no clear risk factors for acquiring the infection: no injection drug use, no blood transfusions, and her current and only recent sexual partner tested negative. But, she did report getting a vampire facial in the spring of 2018 at a spa in Albuquerque called VIP Spa.

• 

  The HMD Pulse base model. [credit: HMD ]

HMD has been known as the manufacturer of Nokia-branded phones for years now, but now the company wants to start selling phones under its own brand. The first is the "HMD Pulse" line, a series of three low-end phones that are headed for Europe. The US is getting an HMD-branded phone, too—the HMD Vibe—but that won't be out until May.

Europe's getting the 140-euro HMD Pulse, 160-euro Pulse+, and the 180-euro Pulse Pro. If you can't tell from the prices, these are destined for Europe for now, but if you convert them to USD, that's about $150, $170, and $190, respectively. With only $20 between tiers, there isn't a huge difference from one model to the next. They all have bottom-of-the-barrel Unisoc T606 SoCs. That's a 12 nm chip with two Cortex A75 Arm cores, two A55 cores, an ARM Mali-G57 MP1, and it's 4G only. Previously, HMD used this chip in the 2023 HMD Nokia G22. They also all have 90 Hz, 6.65-inch, 1612×720 LCDs, 128GB of storage, and 5,000 mAh batteries.

As for the differences, the base model has 4GB of RAM, a 13 MP main rear camera, an 8 MP front camera, and 10 W wired charging. The Plus model upgrades to a 50 MP main camera, while the Pro model has 6GB of RAM, a 50 MP main camera, 50 MP front camera, and 20 W wired charging. There is a second lens camera on the back, but it appears to be only a 2 MP "depth sensor" on all models.

Enlarge (credit: Getty Images)

In the world of AI, what might be called "small language models" have been growing in popularity recently because they can be run on a local device instead of requiring data center-grade computers in the cloud. On Wednesday, Apple introduced a set of tiny source-available AI language models called OpenELM that are small enough to run directly on a smartphone. They're mostly proof-of-concept research models for now, but they could form the basis of future on-device AI offerings from Apple.

Apple's new AI models, collectively named OpenELM for "Open-source Efficient Language Models," are currently available on the Hugging Face under an Apple Sample Code License. Since there are some restrictions in the license, it may not fit the commonly accepted definition of "open source," but the source code for OpenELM is available.

On Tuesday, we covered Microsoft's Phi-3 models, which aim to achieve something similar: a useful level of language understanding and processing performance in small AI models that can run locally. Phi-3-mini features 3.8 billion parameters, but some of Apple's OpenELM models are much smaller, ranging from 270 million to 3 billion parameters in eight distinct models.

Enlarge / The Q*Bert's so bright, I gotta wear shades. (credit: Aurich Lawson | Getty Images | Gottlieb)

For years now, video game preservationists, librarians, and historians have been arguing for a DMCA exemption that would allow them to legally share emulated versions of their physical game collections with researchers remotely over the Internet. But those preservationists continue to face pushback from industry trade groups, which worry that an exemption would open a legal loophole for "online arcades" that could give members of the public free, legal, and widespread access to copyrighted classic games.

This long-running argument was joined once again earlier this month during livestreamed testimony in front of the Copyright Office, which is considering new DMCA rules as part of its regular triennial process. During that testimony, representatives of the Software Preservation Network and the Library Copyright Alliance defended their proposal for a system of "individualized human review" to help ensure that temporary remote game access would be granted "primarily for the purposes of private study, scholarship, teaching, or research."

Enlarge / Ubuntu has come a long way over nearly 20 years, to the point where you can now render 3D Ubuntu coffee mugs and family pictures in a video announcing the 2024 spring release. (credit: Canonical)

History might consider the most important aspect of Ubuntu 24.04 to be something that it doesn't have: vulnerabilities to the XZ backdoor that nearly took over the global Linux scene.

Betas, and the final release of Ubuntu 24.04, a long-term support (LTS) release of the venerable Linux distribution, were delayed, as backing firm Canonical worked in early April 2024 to rebuild every binary included in the release. xz Utils, an almost ubiquitous data-compression package on Unix-like systems, had been compromised through a long-term and elaborate supply-chain attack, discovered only because a Microsoft engineer noted some oddities with SSH performance on a Debian system. Ubuntu, along with just about every other regularly updating software platform, had a lot of work to do this month.

What is actually new in Ubuntu 24.04, or "Noble Numbat?" Quite a bit, especially if you're the type who sticks to LTS releases. The big new changes are a very slick new installer, using the same Subiquity back-end as the Server releases, and redesigned with a whole new front-end in Flutter. ZFS encryption is back as a default install option, along with hardware-backed (i.e., TPM) full-disk encryption, plus more guidance for people looking to dual-boot with Windows setups and BitLocker. Netplan 1.0 is the default network configuration tool now. And the default installation is "Minimal," as introduced in 23.10.

Enlarge (credit: Getty Images)

A now-abandoned USB worm that backdoors connected devices has continued to self-replicate for years since its creators lost control of it and remains active on thousands, possibly millions, of machines, researchers said Thursday.

The worm—which first came to light in a 2023 post published by security firm Sophos—became active in 2019 when a variant of malware known as PlugX added functionality that allowed it to infect USB drives automatically. In turn, those drives would infect any new machine they connected to, a capability that allowed the malware to spread without requiring any end-user interaction. Researchers who have tracked PlugX since at least 2008 have said that the malware has origins in China and has been used by various groups tied to the country’s Ministry of State Security.

Still active after all these years

For reasons that aren’t clear, the worm creator abandoned the one and only IP address that was designated as its command-and-control channel. With no one controlling the infected machines anymore, the PlugX worm was effectively dead, or at least one might have presumed so. The worm, it turns out, has continued to live on in an undetermined number of machines that possibly reaches into the millions, researchers from security firm Sekoia reported.

Enlarge / This Toyota factory in Indiana is getting a $1.4 billion investment so it can assemble a new three-row electric SUV for the automaker. (credit: Toyota)

US electric vehicle manufacturing got a bit of a boost today. Toyota has revealed that it is spending $1.4 billion to upgrade its factory in Princeton, Indiana, in order to assemble a new three-row electric SUV. That will add an extra 340 jobs to the factory, which currently employs more than 7,500 workers who assemble the Toyota Sienna minivan and the Toyota Highlander, Grand Highlander, and Lexus TX SUVs.

"Indiana and Toyota share a nearly 30-year partnership that has cultivated job stability and economic opportunity in Princeton and the surrounding southwest Indiana region for decades," said Governor Eric Holcomb.

"Toyota's investment in the state began with an $800 million commitment and has grown to over $8 billion. Today's incredible announcement shows yet again just how important our state’s business-friendly environment, focus on long-term success, and access to a skilled workforce is to companies seeking to expand and be profitable far into the future. Indiana proudly looks forward to continuing to be at the center of the future of mobility,” Holcomb said.

Enlarge / Imaging setup for a charred ancient papyrus recovered from the ruins of Herculaneum; 30 percent of the text has now been deciphered. (credit: CNR – Consiglio Nazionale delle Ricerche)

Historical accounts vary about how the Greek philosopher Plato died: in bed while listening to a young woman playing the flute; at a wedding feast; or peacefully in his sleep. But the few surviving texts from that period indicate that the philosopher was buried somewhere in the garden of the Academy he founded in Athens. The garden was quite large, but archaeologists have now deciphered a charred ancient papyrus scroll recovered from the ruins of Herculaneum, indicating a more precise burial location: in a private area near a sacred shrine to the Muses, according to Constanza Millani, director of the Institute of Heritage Science at Italy's National Research Council.

As previously reported, the ancient Roman resort town Pompeii wasn't the only city destroyed in the catastrophic 79 AD eruption of Mount Vesuvius. Several other cities in the area, including the wealthy enclave of Herculaneum, were fried by clouds of hot gas called pyroclastic pulses and flows. But still, some remnants of Roman wealth survived. One palatial residence in Herculaneum—believed to have once belonged to a man named Piso—contained hundreds of priceless written scrolls made from papyrus, singed into carbon by volcanic gas.

The scrolls stayed buried under volcanic mud until they were excavated in the 1700s from a single room that archaeologists believe held the personal working library of an Epicurean philosopher named Philodemus. There may be even more scrolls still buried on the as-yet-unexcavated lower floors of the villa. The few opened fragments helped scholars identify various Greek philosophical texts, including On Nature by Epicurus and several by Philodemus himself, as well as a handful of Latin works. But the more than 600 rolled-up scrolls were so fragile that it was long believed they would never be readable, since even touching them could cause them to crumble.

Enlarge / Federal Communication Commission Chairwoman Jessica Rosenworcel, then a commissioner, rallies against repeal of net neutrality rules in December 2017. (credit: Getty Images | Chip Somodevilla)

The Federal Communications Commission voted 3–2 to impose net neutrality rules today, restoring the common-carrier regulatory framework enforced during the Obama era and then abandoned while Trump was president.

The rules prohibit Internet service providers from blocking and throttling lawful content and ban paid prioritization. Cable and telecom companies plan to fight the rules in court, but they lost a similar battle during the Obama era when judges upheld the FCC's ability to regulate ISPs as common carriers under Title II of the Communications Act.

"Consumers have made clear to us they do not want their broadband provider cutting sweetheart deals, with fast lanes for some services and slow lanes for others," FCC Chairwoman Jessica Rosenworcel said at today's meeting. "They do not want their providers engaging in blocking, throttling, and paid prioritization. And if they have problems, they expect the nation's expert authority on communications to be able to respond. Because we put national net neutrality rules back on the books, we fix that today."

Enlarge / Honda is investing CAD$15 billion (US $11 billion) to expand EV manufacturing in North America with four sites in Ontario, Canada. (credit: Honda)

Honda announced today that it will spend $11 billion to expand its electric vehicle manufacturing presence in North America. The Japanese automaker already has a number of factories in the US, Mexico, and Canada, and it's this last one that will benefit from the expansion, with four EV-related plants planned for Ontario.

Honda says it has begun evaluating requirements for what it's calling an "innovative and environmentally responsible" EV factory and a standalone EV battery plant in Alliston, Ontario, which is already home to Honda's two existing Canadian manufacturing facilities.

Additionally, the automaker wants to set up another two sites as joint ventures. One will be a plant that processes cathode active materials and their precursors—the various elements like nickel and manganese that are combined with lithium in lithium-ion batteries—set up in a partnership with POSCO Future M, a South Korean battery material and chemical company. (POSCO is already working with General Motors on another joint venture battery precursor material facility in Betancour, Quebec, that is supposed to become operational in 2026.)

Enlarge (credit: Getty Images)

On Thursday, Baltimore County Police arrested Pikesville High School's former athletic director, Dazhon Darien, and charged him with using AI to impersonate Principal Eric Eiswert, according to a report by The Baltimore Banner. Police say Darien used AI voice synthesis software to simulate Eiswert's voice, leading the public to believe the principal made racist and antisemitic comments.

The audio clip, posted on a popular Instagram account, contained offensive remarks about "ungrateful Black kids" and their academic performance, as well as a threat to "join the other side" if the speaker received one more complaint from "one more Jew in this community." The recording also mentioned names of staff members, including Darien's nickname "DJ," suggesting they should not have been hired or should be removed "one way or another."

The comments led to significant uproar from students, faculty, and the wider community, many of whom initially believed the principal had actually made the comments. A Pikesville High School teacher named Shaena Ravenell reportedly played a large role in disseminating the audio. While she has not been charged, police indicated that she forwarded the controversial email to a student known for their ability to quickly spread information through social media. This student then escalated the audio's reach, which included sharing it with the media and the NAACP.

Enlarge (credit: Jose A. Bernat Bacete)

Today, the US Environmental Protection Agency announced a suite of rules that target pollution from fossil fuel power plants. In addition to limits on carbon emissions and a tightening of existing regulations on mercury releases, additional rules target coal ash waste left over from power generation and contaminants in the water used during the operation of power plants. While some of these regulations will affect the operation of plants powered by natural gas, most directly target the use of coal and will likely be the final nail in the coffin for the already dying industry.

The decision to release all four rules at the same time goes beyond simply getting the pain over with at once. Rules governing carbon emissions are expected to influence the emissions of other pollutants like mercury, and vice versa. As a result, the EPA expects that creating a single plan for compliance with all the rules will be more cost-effective.

Targeting carbon

The regulations that target carbon dioxide emissions have been in the works for roughly a year. The rules came in response to a Supreme Court decision in West Virginia v. EPA, which ruled that Clean Air Act regulations had to target individual power plants rather than giving states flexibility regarding how to meet broader standards. As a result, the new rules target carbon dioxide the only way they can: Plants can either switch to burning non-fossil fuels such as green hydrogen, or they can capture their carbon emissions.

Enlarge / "5ario" here won't be on the Garry's Mod Steam Workshop for long. (credit: Steam / LmaoSPW)

The popular long-running Source-engine physics sandbox Garry's Mod has begun to take down Nintendo-related items from the game's Steam Workshop page, following an apparent takedown request from Nintendo.

In a Steam Community news post, mod creator Garry Newman writes that some items have already been taken down as part of an "ongoing process, as we have 20 years of uploads to go through." Indeed, combing through the over 1.8 million Garry's Mod Steam Workshop add-ons to find all of Nintendo's copyrighted content is sure to be a significant task. A simple search for Pokemon Thursday morning turns up nearly 3,000 seemingly copyright-infringing results on its own.

"If you want to help us by deleting your Nintendo-related uploads and never uploading them again, that would help us a lot," Newman jokes in the announcement post.

Enlarge / The author tries not to crash a lunar rover. (credit: Eric Berger)

As a SpaceX engineer working on the Starship program about five years ago, Jaret Matthews could see the future of spaceflight quite clearly and began to imagine the possibilities.

For decades everything that went to space had to be carefully measured, optimized for mass, and serve an extremely specialized purpose. But Starship, Matthews believed, held the potential to change all that. With full reusability, a barn-size payload fairing, and capability to loft 100 or more metric tons to orbit in a single throw, Starship offered the tantalizing prospect of a world in which flying into space was not crazy expensive. He envisioned Starships delivering truckloads of cargo to the Moon or Mars.

Matthews spent a decade working on robots and rovers at NASA's Jet Propulsion Laboratory before coming to SpaceX in 2012. He began to suggest that the company work on a system that could unload and distribute cargo from Starship, like the cranes and trucks that offload cargo from large container ships in port. However, he didn't get far, as SpaceX was focused on developing the Starship transportation system.

Enlarge (credit: Qualcomm)

Qualcomm’s Snapdragon X series of chips promises to be the company’s first that can go toe-to-toe with Apple Silicon, and the PC ecosystem is reacting accordingly. Microsoft reportedly plans for the Arm version of its next Surface tablet to be the flagship, and major apps like Chrome and Dropbox have recently released Arm-native Windows versions for the first time.

Ahead of the chips' launch late this year, Qualcomm announced a new lower-end model destined for cheaper devices. Dubbed the Snapdragon X Plus, it shares a lot in common with the flagship Snapdragon X Elite.

The Snapdragon X Plus includes 10 CPU cores instead of the Elite’s 12, though the more noticeable change is its lack of support for clock-speed boosting; the chip’s 3.4 GHz base frequency is as fast as it goes, where the Elite chips can boost two cores to 4.2 GHz and one core up to 4.3 GHz, depending on the specific model. Qualcomm also rates the X Plus’ integrated GPU at 3.8 TFLOPs, down from the X Elite’s maximum of 4.6 TFLOPs. Aside from those high-level FLOP numbers, we still know very little about how the GPU will be configured; we also don’t know the ratio of “big” and “little” CPU cores.

Enlarge (credit: Aurich Lawson)

“Gadgets aren’t fun anymore,” sighed my wife, watching me tap away on my Palm Zire 72 as she sat on the couch with her MacBook Air, an iPhone, and an Apple Watch.

And it’s true: The smartphone has all but eliminated entire classes of gadgets, from point-and-shoot cameras to MP3 players, GPS maps, and even flashlights. But arguably no style of gadget has been so thoroughly superseded as the personal digital assistant, the handheld computer that dominated the late '90s and early 2000s. The PDA even set the template for how its smartphone successors would render it obsolete, moving from simple personal information management to encompass games, messaging, music, and photos.

But just as smartphones would do, PDAs offered a dizzying array of operating systems and applications, and a great many of them ran Palm OS. (I bought my first Palm, an m505, new in 2001, upgrading from an HP 95LX.) Naturally, there’s no way we could enumerate every single such device in this article. So in this Ars retrospective, we’ll look back at some notable examples of the technical evolution of the Palm operating system and the devices that ran it—and how they paved the way for what we use now.

Enlarge (credit: Getty)

Reddit has made it clear that it’s an ad-first business. Today, it expanded on that practice with a new ad format that aims to sell things to Reddit users. Simultaneously, Reddit has marketers who are interested in pushing products to users through seemingly legitimate accounts.

In a blog post today, Reddit announced that its Dynamic Product Ads are entering public beta globally. The ad format uses "shopping signals," aka, discussions with people looking to try a product or brand, machine learning, and advertiser product catalogs in order to post relevant ads. Reddit shared an image in the blog post that shows ads, including with products and pricing, that seem to relate to a posted question. User responses to the Reddit post appear under the ad.

• 

  A somewhat blurry depiction of the new type of ads Reddit is testing. [credit: Reddit ]

Reddit's Dynamic Product Ads can automatically show users ads "based on the products they’ve previously engaged with on the advertiser’s site" and/or "based on what people engage with on Reddit or advertiser sites," per the blog.

• 

  The Polestar Phone. Someday it will unlock your Polestar car. [credit: Polestar ]

Polestar, the Volvo offshoot EV company, has made a smartphone. It's called, predictably, the Polestar Phone, and it's only available in China. There have been a lot of car-branded smartphones out there (it's often Lamborghini), but usually, these are licensing deals that the car company ignores. Polestar seems to be proud of this phone, though, making it a bit more involved than the usual car-brand licensing deal. Just look at the new navigation drawer on the polestar.cn site, which has four main items: "Polestar 2," "Polestar 3," "Polestar 4," and now "Polestar Phone."

Why would a niche EV brand make a phone? Maybe all that work on the Android Automotive OS made Polestar's engineers really enthusiastic about Android device development. The website, through machine translation, promises the phone was "jointly designed by the Polestar global design team and the Xingji Meizu team in Gothenburg, Sweden, and is decorated with Swedish gold details that symbolize high performance." "Decorated" is probably the best way you could describe Polestar's contributions to this phone, since it seems to be a bog-standard Meizu 21 Pro with some Polestar branding. It does look beautiful, with a no-nonsense minimal rectangular design and all-screen front, but the same can be said for the Meizu phone this is based on.

So, how exactly is the Polestar Phone related to a Polestar car? Well, both run Android and have all-electric power systems. The phone has a slightly smaller battery than the EV, at only 5,050 mAh (that's something like 18 Wh) compared to the 100 kWh battery of something like a Polestar 4. The car also has the phone beat on screen size, with the phone packing a pocketable 120 Hz 6.79-inch, 3192×1368 OLED screen and the Polestars all sporting big tablet screens.

Enlarge / M82, the site of what's likely to be a giant flare from a magnetar. (credit: NASA, ESA and the Hubble Heritage Team)

Gamma rays are a broad category of high-energy photons, including everything with more energy than an X-ray. While they are often created by processes like radioactive decay, few astronomical events produce them in sufficient quantities that they can be detected when the radiation originates in another galaxy.

That said, the list is larger than one, which means detecting gamma rays doesn't mean we know what event produced them. At lower energies, they can be produced in the areas around black holes and by neutron stars. Supernovae can also produce a sudden burst of gamma rays, as can the merger of compact objects like neutron stars.

And then there are magnetars. These are neutron stars that, at least temporarily, have extreme magnetic fields—over 10¹² times stronger than the Sun's magnetic field. Magnetars can experience flares and even giant flares where they send out copious amounts of energy, including gamma rays. These can be difficult to distinguish from gamma-ray bursts generated by the merger of compact objects, so the only confirmed magnetar giant bursts have happened in our own galaxy or its satellites. Until now, apparently.

Enlarge (credit: Getty Images)

Hackers backed by a powerful nation-state have been exploiting two zero-day vulnerabilities in Cisco firewalls in a five-month-long campaign that breaks into government networks around the world, researchers reported Wednesday.

The attacks against Cisco’s Adaptive Security Appliances firewalls are the latest in a rash of network compromises that target firewalls, VPNs, and network-perimeter devices, which are designed to provide a moated gate of sorts that keeps remote hackers out. Over the past 18 months, threat actors—mainly backed by the Chinese government—have turned this security paradigm on its head in attacks that exploit previously unknown vulnerabilities in security appliances from the likes of Ivanti, Atlassian, Citrix, and Progress. These devices are ideal targets because they sit at the edge of a network, provide a direct pipeline to its most sensitive resources, and interact with virtually all incoming communications.

Cisco ASA likely one of several targets

On Wednesday, it was Cisco’s turn to warn that its ASA products have received such treatment. Since November, a previously unknown actor tracked as UAT4356 by Cisco and STORM-1849 by Microsoft has been exploiting two zero-days in attacks that go on to install two pieces of never-before-seen malware, researchers with Cisco’s Talos security team said. Notable traits in the attacks include:

Enlarge (credit: Getty Images)

On Friday, a federal judicial panel convened in Washington, DC, to discuss the challenges of policing AI-generated evidence in court trials, according to a Reuters report. The US Judicial Conference's Advisory Committee on Evidence Rules, an eight-member panel responsible for drafting evidence-related amendments to the Federal Rules of Evidence, heard from computer scientists and academics about the potential risks of AI being used to manipulate images and videos or create deepfakes that could disrupt a trial.

The meeting took place amid broader efforts by federal and state courts nationwide to address the rise of generative AI models (such as those that power OpenAI's ChatGPT or Stability AI's Stable Diffusion), which can be trained on large datasets with the aim of producing realistic text, images, audio, or videos.

In the published 358-page agenda for the meeting, the committee offers up this definition of a deepfake and the problems AI-generated media may pose in legal trials:

(credit: Getty Images | eccolo74)

The US Chamber of Commerce and other business groups sued the Federal Trade Commission and FTC Chair Lina Khan today in an attempt to block a newly issued ban on noncompete clauses.

The lawsuit was filed in US District Court for the Eastern District of Texas. The US Chamber of Commerce was joined in the suit by Business Roundtable, the Texas Association of Business, and the Longview Chamber of Commerce. The suit seeks a court order that would vacate the rule in its entirety.

The lawsuit claimed that noncompete clauses "benefit employers and workers alike—the employer protects its workforce investments and sensitive information, and the worker benefits from increased training, access to more information, and an opportunity to bargain for higher pay."

Enlarge (credit: Getty Images)

"Early Access" was once a novel, quirky thing, giving a select set of Steam PC games a way to involve enthusiastic fans in pre-alpha-level play-testing and feedback. Now loads of games launch in various forms of Early Access, in a wide variety of readiness. It's been a boon for games like Baldur's Gate 3, which came a long way across years of Early Access.

Early Access, and the "Advanced Access" provided for complete games by major publishers for "Deluxe Editions" and the like, has also been a boon to freeloaders. Craven types could play a game for hours and hours, then demand a refund within the standard two hours of play, 14 days after the purchase window of the game's "official" release. Steam-maker Valve has noticed and, as of Tuesday night, updated its refund policy.

"Playtime acquired during the Advanced Access period will now count towards the Steam refund period," reads the update. In other words: Playtime is playtime now, so if you've played more than two hours of a game in any state, you don't get a refund. That closes at least one way that people could, with time-crunched effort, play and enjoy games for free in either Early or Advanced access.

Enlarge (credit: Getty Images)

Will Chrome, the world's most popular browser, ever kill third-party cookies? Apple and Mozilla both killed off the user-tracking technology in 2020. Google, the world's largest advertising company, originally said it wouldn't kill third-party cookies until 2022. Then in 2021, it delayed the change until 2023. In 2022, it delayed everything again, until 2024. It's 2024 now, and guess what? Another delay. Now Google says it won't turn off third-party cookies until 2025, five years after the competition.

A new blog post cites UK regulations as the reason for the delay, saying, "We recognize that there are ongoing challenges related to reconciling divergent feedback from the industry, regulators and developers, and will continue to engage closely with the entire ecosystem." The post comes as part of the quarterly reports the company is producing with the UK’s Competition and Markets Authority (CMA).

Interestingly, the UK’s CMA isn't concerned about user privacy but instead is worried about other web advertisers that compete with Google. The UK wants to make sure that Google isn't making changes to Chrome to prop up its advertising business at the expense of competitors. While other browser vendors shut down third-party cookies without a second thought, Google said it wouldn't turn off the user-tracking feature until it built an alternative advertising feature directly into Chrome, so it can track user interests to serve them relevant ads. The new advertising system, called the Topics API and "Privacy Sandbox," launched in Chrome in 2023. Google AdSense is already compatible.

Enlarge (credit: boonchai wedmakawand)

California's electric grid, with its massive solar production and booming battery installations, is already on the cutting edge of the US's energy transition. And it's likely to stay there, as the state will require that all passenger vehicles be electric by 2035. Obviously, that will require a grid that's able to send a lot more electrons down its wiring and a likely shift in the time of day that demand peaks.

Is the grid ready? And if not, how much will it cost to get it there? Two researchers at the University of California, Davis—Yanning Li and Alan Jenn—have determined that nearly two-thirds of its feeder lines don't have the capacity that will likely be needed for car charging. Updating to handle the rising demand might set its utilities back as much as 40 percent of the existing grid's capital cost.

The lithium state

Li and Jenn aren't the first to look at how well existing grids can handle growing electric vehicle sales; other research has found various ways that different grids fall short. However, they have access to uniquely detailed data relevant to California's ability to distribute electricity (they do not concern themselves with generation). They have information on every substation, feeder line, and transformer that delivers electrons to customers of the state's three largest utilities, which collectively cover nearly 90 percent of the state's population. In total, they know the capacity that can be delivered through over 1,600 substations and 5,000 feeders.

Universal Studios has been going meta with its marketing for its forthcoming action comedy The Fall Guy. Ryan Gosling and Emily Blunt are the marquee stars; Gosling plays a Hollywood stuntman trying to make a movie with his estranged ex-girlfriend (Blunt). But it's the actual stuntmen standing in for Gosling during action sequences who get the spotlight in a new promotional video for the film.

As previously reported, The Fall Guy is directed by David Leitch, who also brought us the glorious John Wick (his uncredited directorial debut with Chad Stahelski). It's a loose adaptation of the popular 1980s TV series of the same name starring Lee Majors. Per the official synopsis:

Oscar nominee Ryan Gosling stars as Colt Seavers, a battle-scarred stuntman who, having left the business a year earlier to focus on both his physical and mental health, is drafted back into service when the star of a mega-budget studio movie—being directed by his ex, Jody Moreno, played by Golden Globe winner Emily Blunt—goes missing. While the film’s ruthless producer (Hannah Waddingham), maneuvers to keep the disappearance of star Tom Ryder (Aaron Taylor-Johnson) a secret from the studio and the media, Colt performs the film’s most outrageous stunts while trying (with limited success) to charm his way back into Jody’s good graces. But as the mystery around the missing star deepens, Colt will find himself ensnared in a sinister, criminal plot that will push him to the edge of a fall more dangerous than any stunt.

In this incarnation, Gosling's Colt Seavers isn't a bounty hunter on the side; he's just a stuntman—a bit past his prime—who stumbles into solving a mystery. Blunt costars as Jody Moreno, Colt's ex-girlfriend and a former camera operator who finally gets the chance to direct her first film. Aaron Taylor-Johnson plays movie star Tom Ryder, who goes missing mid-shoot. Stephanie Hsu plays Ryder's personal assistant, and Winston Duke plays Colt's stunt coordinator and BFF. Ted Lasso's Hannah Waddingham appears as Gail, the producer of Jody's film. And OG Fall Guy Lee Majors (now in his 80s) is expected to have a cameo; perhaps he'll perform the theme song, "Unknown Stuntman," that he wrote and recorded for the original series.

Enlarge (credit: Getty Images | Chesnot )

The Senate last night approved a bill that orders TikTok owner ByteDance to sell the company within 270 days or lose access to the US market. The House had already passed the bill, and President Biden signed it into law today.

The "Protecting Americans From Foreign Adversary Controlled Applications Act" was approved as part of a larger appropriations bill that provides aid to Ukraine, Israel, and Taiwan. It passed in a 79-18 vote. Biden last night issued a statement saying he will sign the appropriations bill into law "as soon as it reaches my desk." He signed the bill into law today, the White House announced.

The bill classifies TikTok as a "foreign adversary controlled application" and gives the Chinese company ByteDance 270 days to sell it to another entity. Biden can extend the deadline by up to 90 days if a sale is in progress.

Enlarge / Players will be able to throw down a few bucks to get the Python Mk 2 starting next month. (credit: Frontier Developments)

Elite: Dangerous players will soon be able to pay real money for access to in-game ships for the first time, a major change that already has some long-time players raging about a "pay-to-win" shift for the long-running game.

Since Elite Dangerous launched over nine years ago, the game has sold ships in exchange for in-game credits earned through gameplay. The separate ARX currency, which can be purchased with real money, has been reserved for cosmetic upgrades such as paint jobs.

That's all set to change next month, though, when owners of the Odyssey expansion will be able to purchase early access to the Python Mk II variant ship for 16,250 ARX (the equivalent of about $11 to $13, depending on how much ARX is purchased in bulk). Non-Odyssey owners won't be able to purchase the Python Mk II with regular credits until three months later, on August 7. At that point, the ship will also be available as an ARX-denominated "pre-built ship package" that "allow[s] you to kickstart your career in the latest ship, including a brand-new paintjob and ship kit."

Enlarge / SpaceX landed its 300th booster on Tuesday. (credit: SpaceX webcast)

SpaceX launches have become extremely routine. On Tuesday evening, SpaceX launched its 42nd rocket of the year, carrying yet another passel of Starlink satellites into orbit. Chances are, you didn't even notice.

All the same, the cumulative numbers are mind-boggling. SpaceX is now launching at a rate of one mission every 2.7 days this year. Consider that, from the mid-1980s through the 2010s, the record for the total number of launches worldwide in any given year was 129. This year alone, SpaceX is on pace for between 130 and 140 total launches.

But with Tuesday evening's mission, there was a singular number that stood out: 300. The Falcon family, which includes the Falcon 9 and Falcon Heavy boosters, recorded its 300th successful first-stage landing.

Enlarge / Electric power has not robbed the G-Wagon of its off-road skills. If anything, it has enhanced them. (credit: Mercedes-Benz)

The Mercedes G-Wagon, a very capable off-roader typically purchased by people who never intend to take it anywhere near dirt, is getting an electric upgrade.

Unveiled in Beverly Hills—the most fitting of locations—the 2025 G 580 with EQ Technology spun its way onto the scene. The all-electric G-Wagon sports a 116 kWh capacity battery pack, four motors (one for each wheel), and a new sound system to replace the gas motor, called the G-Roar. Sadly, there's no word on price, delivery date, or range. But on paper, its impressive specs make it better than the ICE version off-road.

For serious off-roaders likely not residing in Beverly Hills, the luxury off-roader's four independent motors offer true torque vectoring and electronic differential locks. Each motor is coupled with a two-speed transmission for a reduced gear low range. The ideal use for this is rock crawling. In fact, there's an actual "Rock" crawling mode in the G 580. Mercedes is not playing.

Enlarge (credit: Getty Images)

Cyber attackers are experimenting with their latest ransomware on businesses in Africa, Asia, and South America before targeting richer countries that have more sophisticated security methods.

Hackers have adopted a “strategy” of infiltrating systems in the developing world before moving to higher-value targets such as in North America and Europe, according to a report published on Wednesday by cyber security firm Performanta.

“Adversaries are using developing countries as a platform where they can test their malicious programs before the more resourceful countries are targeted,” the company told Banking Risk and Regulation, a service from FT Specialist.

Enlarge / Tesla shares rose by almost 11 percent in premarket trading despite the disastrous financial results. (credit: CFOTO/Future Publishing via Getty Images)

Tesla had a terrible first quarter of 2024, according to its financial results posted yesterday. We already knew that it was a bad three months in terms of delivering cars—the automaker built tens of thousands of cars it couldn't sell as deliveries dropped by 8.5 percent year over year. If anything, the quarterly results paint an even worse picture.

The company has been engaged in a series of heavy price cuts, and that's showing up on the balance sheet. For all of Tesla CEO Elon Musk's statements about artificial intelligence being the future of the company, the vast majority of its income is still derived from automotive sales. These amounted to $16.5 billion in Q1, nearly $2.5 billion less than for Q1 2023. (Regulatory credits remain pretty steady at $442 million for the quarter.)

Total revenues were down by 9 percent year over year, with gross profits down 18 percent. But the net profit, once generally accepted accounting measures were applied, fell by 55 percent to $1.1 billion. (Non-GAAP net profit was down 48 percent.)

Enlarge (credit: Qualcomm)

Signs point to Qualcomm’s Snapdragon X Elite processors showing up in actual, real-world, human-purchasable computers in the next couple of months after years of speculation and another year or so of hype.

For those who haven’t been following along, this will allegedly be Qualcomm’s first Arm processor for Windows PCs that does for PCs what Apple’s M-series chips did for Macs, promising both better battery life and better performance than equivalent Intel chips. This would be a departure from past Snapdragon chips for PCs, which have performed worse than (or, at best, similarly to) existing Intel options, barely improved battery life, and come with a bunch of software incompatibility problems to boot.

Early benchmarks that have trickled out look promising for the Snapdragon X. And there are other reasons to be optimistic—the Snapdragon X Elite’s design team is headed up by some of the same people who made Apple Silicon so successful in the first place.

Enlarge (credit: Getty | Edwin Remsberg)

The Food and Drug Administration on Tuesday announced that genetic fragments from the highly pathogenic avian influenza virus H5N1 have been detected in the pasteurized, commercial milk supply. However, the testing completed so far—using quantitative polymerase chain reaction (qPCR)—only detects the presence of viral genetic material and cannot tell whether the genetic material is from live and infectious viral particles or merely remnants of dead ones killed by the pasteurization process.

Testing is now ongoing to see if viable, infectious H5N1 can be identified in milk samples.

So far, the FDA still believes that the milk supply is safe. "To date, we have seen nothing that would change our assessment that the commercial milk supply is safe," the agency said in a lengthy explanation of the finding and ongoing testing.

Enlarge / I have hundreds of UUIDs and I must scream. (credit: Getty Images)

The modern "smart" TV asks a lot of us. In exchange for connecting you to a few streaming services you use, a TV will collect data, show ads, and serve as another vector for bad actors. In a few reported cases, though, a modern connected TV has been blamed for attacks not on privacy, eyeballs, or passwords but on an entirely different computer.

The TV in question is a Hisense TV, and the computer is a Windows PC, specifically one belonging to Priscilla Snow, a musician and audio designer in Montreal, Quebec. Her post about her Hisense experience reads like a mystery novel. Of course, because you already know the crime and the culprit, it's more like a Columbo episode. Either way, it's thrilling in a very specific I-can't-believe-that-fixed-it kind of way.

Disappearing Settings, keyboards, remote desktops, and eventually taskbars

Snow's Windows PC had "a few hiccups over the past couple of years," Snow wrote on April 19. She couldn't open display settings, for one. A MIDI keyboard interface stopped working. Task manager would start to hang until force-closed. Video-capture cards had trouble connecting. As Snow notes, any veteran of a Windows computer that has had lots of stuff installed on it can mentally write off most of these things, or at least stash them away until the next reinstall.

Enlarge (credit: BackyardProduction/Getty Images)

True wine aficionados might turn up their noses, but canned wines are growing in popularity, particularly among younger crowds during the summer months, when style often takes a back seat to convenience. Yet these same wines can go bad rather quickly, taking on distinctly displeasing notes of rotten eggs or dirty socks. Scientists at Cornell University conducted a study of all the relevant compounds and came up with a few helpful tips for frustrated winemakers to keep canned wines from spoiling. The researchers outlined their findings in a recent paper published in the American Journal of Enology and Viticulture.

“The current generation of wine consumers coming of age now, they want a beverage that’s portable and they can bring with them to drink at a concert or take to the pool,” said Gavin Sacks, a food chemist at Cornell. “That doesn’t really describe a cork-finished, glass-packaged wine. However, it describes a can very nicely.”

According to a 2004 article in Wine & Vines magazine, canned beer first appeared in the US in 1935, and three US wineries tried to follow suit for the next three years. Those efforts failed because it proved to be unusually challenging to produce a stable canned wine. One batch was tainted by "Fresno mold"; another batch resulted in cloudy wine within just two months; and the third batch of wine had a disastrous combination of low pH and high oxygen content, causing the wine to eat tiny holes in the cans. Nonetheless, wineries sporadically kept trying to can their product over the ensuing decades, with failed attempts in the 1950s and 1970s. United and Delta Airlines briefly had a short-lived partnership with wineries for canned wine in the early 1980s, but passengers balked at the notion.

Enlarge / Night view of company logos in Nestlé Avanca Dairy Products Plant on January 21, 2019, in Avanca, Portugal. This plant produces Cerelac, Nestum, Mokambo, Pensal, Chocapic and Estrelitas, among others. (credit: Getty | Horacio Villalobos)

In high-income countries, Nestlé brand baby foods have no added sugars them, in line with recommendations from major health organizations around the world and consumer pressure. But in low- and middle-income countries, Nestlé adds sugar to those same baby products, sometimes at high levels, which could lead children to prefer sugary diets and unhealthy eating habits, according to an investigation released recently by nonprofit groups.

The investigation, conducted by Public Eye and the International Baby Food Action Network (IBFAN), says the addition of added sugars to baby foods in poorer countries, against expert recommendations, creates an "unjustifiable double standard." The groups quote Rodrigo Vianna, an epidemiologist and professor at the Department of Nutrition of the Federal University of Paraíba in Brazil, who calls added sugars in baby foods "unnecessary and highly addictive."

"Children get used to the sweet taste and start looking for more sugary foods, starting a negative cycle that increases the risk of nutrition-based disorders in adult life," Vianna told the organizations for their investigation. "These include obesity and other chronic non-communicable diseases, such as diabetes or high blood-pressure."