SoylentNews

anubi writes:

Nexperia, a Chinese Semiconductor manufacturing plant, located in the Netherlands, was seized by Dutch authorities last week in response to embargo pressures.

https://www.reuters.com/world/asia-pacific/nexperia-says-it-is-negotiating-with-both-us-china-over-export-controls-2025-10-14/

Original Submission

Do you live in Australia and have an old module Samsung phone? If so, check your SMS messages as your phone may soon no longer work. Due to recent issues with triple zero and subsequent lawsuits Australian Telcos are blocking devices that cannot fallback to make calls on the national 000 number. Emergency Management Minister Kristy McBain has ruled out government assistance to Australians whose mobile phone may be unable to call triple-0. Devices affected by this block will no longer work after 26/11/2025.

The mobile devices affected by the issue are Galaxy A7 (2017), Galaxy A5 2017, Galaxy J1 2016j, Galaxy J3 2016, Galaxy J5 (2017), Galaxy S6, Galaxy S6 edge, Galaxy S6 Edge+, Galaxy S7 and Galaxy S7 Edge.

Ms McBain said the telecommunications companies were working to assess how many devices were impacted, but the number was estimated to be about 10,000.

[...] In a statement, TPG Telecom, which owns Vodafone, said it had identified a cohort of older Samsung handsets leading into the 3G network shutdown in 2024 that were unable to make triple-0 calls on the TPG/Vodafone mobile network and could not be fixed with a software upgrade.

"These devices were blocked from the Vodafone network as part of the 3G shutdown process," a spokesman said.

"Recently, we became aware that some of those same handsets that worked on other networks were unable to connect to triple-0 when only Vodafone coverage was available.

"These Samsung devices were found to be configured in way that permanently locked them to making triple-0 calls on the Vodafone 3G network even if being used with the SIM of another mobile operator and able to make triple-0 calls on their 4G network. This limitation was not previously known to TPG Telecom."

[...] An Optus spokesman earlier said during emergencies, and at times mobile phones could not connect to its regular network, phones were designed to search for another available network to reach triple-0.

"These situations relate to rare occasions when both the Optus and Telstra networks are unavailable and the phone needs to switch to Vodafone in order to contact emergency services," a spokesman said.

"This only happens under very specific conditions, but it's critically important that all devices can reach triple-0."

Is it the Year of the Linux Phone yet?

Original Submission

"Anonymouse" writes:

Cache Poisoning Vulnerabilities Found in 2 DNS Resolving Apps

The makers of BIND, the Internet's most widely used software for resolving domain names, are warning of two vulnerabilities that allow attackers to poison entire caches of results and send users to malicious destinations that are indistinguishable from the real ones.

The vulnerabilities, tracked as CVE-2025-40778 and CVE-2025-40780, stem from a logic error and a weakness in generating pseudo-random numbers, respectively. They each carry a severity rating of 8.6. Separately, makers of the Domain Name System resolver software Unbound warned of similar vulnerabilities that were reported by the same researchers. The unbound vulnerability severity score is 5.6

[...] In 2008, researcher Dan Kaminsky revealed one of the more severe Internet-wide security threats ever. Known as DNS cache poisoning, it made it possible for attackers to send users en masse to imposter sites instead of the real ones belonging to Google, Bank of America, or anyone else. With industry-wide coordination, thousands of DNS providers around the world—in coordination with makers of browsers and other client applications—implemented a fix that averted this doomsday scenario.

[...] What Kaminsky realized was that there were only 65,536 possible transaction IDs. An attacker could exploit this limitation by flooding a DNS resolver with lookup results for a specific domain. Each result would use a slight variation in the domain name, such as 1.arstechnica.com, 2.arstechnica.com, 3.arstechnica.com, and so on. Each result would also include a different transaction ID. Eventually, an attacker would reproduce the correct number of an outstanding request, and the malicious IP would get fed to all users who relied on the resolver that made the request. The attack was called DNS cache poisoning because it tainted the resolver's store of lookups.

[...] "Because exploitation is non-trivial, requires network-level spoofing and precise timing, and only affects cache integrity without server compromise, the vulnerability is considered Important rather than Critical," Red Hat wrote in its disclosure of CVE-2025-40780.

The vulnerabilities nonetheless have the potential to cause harm in some organizations. Patches for all three should be installed as soon as practicable.

Original Submission

upstart writes:

It's Typhoon season...year round:

China's Salt Typhoon gang appears to have successfully attacked a European telecommunications firm, according to security researchers at Darktrace.

Salt Typhoon is an espionage gang linked to the People's Republic of China that hacked America's major telecommunications firms and stole metadata and other information belonging to "nearly every American," according to a top FBI cyber official who spoke with The Register about the intrusions.

The crew's actions against US telcos came to light last year; however, it has been active since at least 2019 using tactics including exploiting edge devices, planting backdoors for stealthy, long-term network access, and stealing sensitive data across more than 80 countries.

Today's Darktrace report is the latest indication that Salt Typhoon is still actively targeting high-value networks and using stealthy techniques to avoid being caught.

In the European telco intrusion described by Darktrace, the suspected spies exploited a buggy Citrix NetScaler Gateway appliance in the first week of July 2025 to gain access to the telecom's network, according to the AI-powered security shop's research team.

While Darktrace doesn't say which flaw(s) the suspected Chinese snoops abused to break in, Citrix had a busy summer patching security holes in its NetScaler Gateway products that had already been found and exploited by attackers.

"We didn't confirm which one," Nathaniel Jones, field CISO and VP of security and AI strategy at Darktrace, told The Register. "Given the timing, defenders were concurrently patching recent NetScaler flaws (e.g., CVE-2025-5349, CVE-2025-5777 in June)."

[...] After compromising the Citrix NetScaler appliance, the Salt Typhoon miscreants pivoted to Citrix Virtual Delivery Agent (VDA) hosts in the client's Machine Creation Services (MCS) subnet component. "Initial access activities in the intrusion originated from an endpoint potentially associated with the SoftEther VPN service, suggesting infrastructure obfuscation from the outset," Darktrace's threat hunters wrote in a Monday blog.

hubie writes:

Copilot now has its own virtual character for its voice mode:

It's been nearly 30 years since Microsoft's Office assistant, Clippy, first graced our screens as an annoying paperclip. After the Groucho-browed interruptions of Clippy came to an end in 2001 with Office XP, Microsoft tried to revive the spirit of an assistant with Cortana on Windows Phone. The technology still wasn't quite there a decade ago, but now Microsoft is ready to try again with Mico, a new character for Copilot's voice mode.

"Clippy walked so that we could run," jokes Jacob Andreou, corporate VP of product and growth at Microsoft AI, in an interview with The Verge. Microsoft has been testing Mico (rhymes with "pico") for a few months now, as a virtual character that responds with real-time expressions when you talk to it. Mico is now being turned on by default in Copilot's voice mode, where you'll also have the option to turn the bouncing orb off.

"You can see it, it reacts as you speak to it, and if you talk about something sad you'll see its facial expressions react almost immediately," explains Andreou. "All the technology fades into the background, and you just start talking to this cute orb and build this connection with it."

Mico will only be available in the US at launch, and this new Copilot virtual character will also rely on a new memory feature inside Copilot to be able to surface facts it has learned about you and the things you're working on.

Microsoft is also adding a Learn Live mode to Mico that will turn the character into a Socratic tutor that "guides you through concepts instead of just giving answers." It even uses interactive whiteboards and visual cues, and looks like it's targeted at students preparing for finals or anyone trying to practice a new language.

[...] Mico also forms a key part of Microsoft's new initiative to get people to talk to their computers. The software maker is running ads on TV marketing the latest Windows 11 PCs as "the computer you can talk to." Microsoft tried to convince people to use Cortana on Windows 10 PCs a decade ago, and that effort ended in the Cortana app being shut down on Windows 11 a couple of years ago.

Original Submission

hubie writes:

Cast-off turbines generate up to 48 MW of electricity apiece:

Faced with multi-year delays to secure grid power, US data center operators are deploying aeroderivative gas turbines — effectively retired commercial aircraft engines bolted into trailers — to keep AI infrastructure online.

According to IEEE Spectrum, facilities in Texas are already spinning up units based on General Electric's CF6-80C2 and LM6000, the same turbine cores once found on 767s and Airbus A310s. Vendors like ProEnergy and Mitsubishi Power have turned these into modular, fast-start generators capable of delivering 48 megawatts apiece, enough to support a large AI cluster while utility-scale infrastructure lags.

Fast, loud, and anything but elegant, these "bridging power" units come from vendors like ProEnergy, which offers trailerized turbines built around ex-aviation cores that can spin up in minutes to meet energy demand. Meanwhile, Mitsubishi Power's FT8 MOBILEPAC, which derives from Pratt & Whitney jet engines, delivers a similar output in a self-contained footprint designed for fast deployment.

While this might not be the cheapest, and certainly not the cleanest, way to power racks, it's a viable stopgap for companies racing to hit AI milestones while local substations and modular nuclear power deployments remain years away.

[...] In one of the more visible examples, OpenAI's parent group is deploying nearly 30 LM2500XPRESS units at a facility near Abilene, Texas, as part of its multi-billion-dollar Stargate project. Each unit spins up to 34 megawatts, fast enough to cold-start servers in under ten minutes.

Also see: Data Centers Look to Old Airplane Engines for Power

Original Submission

upstart writes:

New method extracts desirable elements from waste magnets using less energy and acid:

All the world's discarded phones, bricked laptops, and other trashed electronics are collectively a treasure trove of rare earth elements (REEs). But separating out and recovering these increasingly sought-after materials is no easy task.

However, a team of researchers says it has developed a way of separating REEs from waste—magnets, in this case—that is relatively easy, uses less energy, and isn't nearly as emissions and pollution intensive as current methods. The team published a paper describing this method in the Proceedings of the National Academy of Sciences.

In short, this process involves using an electric current to heat waste magnets to very high temperatures very fast, and using chlorine gas to react with the non-REEs in the mix, keeping them in the vapor phase. James Tour, one of the authors and a professor of materials science and nanoengineering at Rice University, says that the research can help the United States meet its growing need for these elements.

"The country's scurrying to try to see how we can get these [REEs]," he says. "And, in our argument, it's all in our waste... We have it right here, just pull it right back out of the waste."

In 2018, Tour and his colleagues discovered that this rapid heating process, called flash joule heating, can turn any carbon source—including coal, biochar, and mixed plastic—into graphene, a very thin, strong, and conductive material.

Building on this, in 2023, they developed a method that uses flash joule heating and chlorine. In this work, they identified the Gibbs free energy, the reactivity of a material, for the oxide form of all 17 REEs and nine common oxides found in REE waste.

Ground-up waste magnets are put on a platform made of carbon and surrounded by a glass chamber. A current runs through the platform, rapidly producing immense heat, thousands of degrees celsius in a matter of seconds. Chlorine gas is then released into the chamber, creating chlorides of unwanted elements like iron and lowering their boiling points.

Between the chlorine gas and the heat, the non-REE components vaporize and form deposits on the interior of the chamber. The REEs are left behind in oxide or oxychloride form on the carbon platform, ready to be collected.

upstart writes:

Latvian police bust European cybercrime ring and arrest seven suspects:

Latvian police have busted a major internet fraud network that has scammed thousands of victims across Europe.

Police arrested seven suspects, the EU's law enforcement agency Europol said on Friday.

To dismantle the criminal ring, law enforcement investigators from Austria, Estonia and Latvia, in partnership with the EU agencies Europol and Eurojust, teamed up.

The probe culminated in an operation that took place on 10 October.

The detained suspects are believed to be responsible for more than 1,700 individual cyberfraud cases in Austria and 1,500 in Latvia.

They are accused of having scammed victims out of nearly €5 million, of which €4.5 million were in Austria and €420,000 in Latvia.

As part of the operation, which was dubbed SIMCARTEL, police seized 1,200 SIM box devices and 40,000 active SIM cards, Europol said.

"Other offences facilitated by this criminal service include fraud, extortion, migrant smuggling and the distribution of child sexual abuse material," Europol wrote in a statement.

Original Submission

hubie writes:

"I'm about to just toss the whole thing...":

Amazon Echo Show owners are reporting an uptick in advertisements on their smart displays.

The company's Echo Show smart displays have previously shown ads through the company's Shopping Lists feature, as well as advertising for Alexa skills. Additionally, Echo Shows may play audio ads when users listen to Amazon Music on Alexa.

However, reports on Reddit (examples here, here, and here) and from The Verge's Jennifer Pattison Tuohy, who owns more than one Echo Show, suggest that Amazon has increased the amount of ads it shows on its smart displays' home screens. The Echo Show's apparent increase in ads is pushing people to stop using or even return their Echo Shows.

The smart displays have also started showing ads for Alexa+, the new generative AI version of Amazon's Alexa voice assistant. Ads for the subscription-based Alexa+ are reportedly taking over Echo Show screens, even though the service is still in Early Access.

"This is getting ridiculous and I'm about to just toss the whole thing and move back to Google," one Redditor said of the "full-volume" ads for Alexa+ on their Echo Show.

[...] Amazon's Devices business famously doesn't make money, so it's not too surprising to see the company's smart displays resort to ads, something Amazon is making money on.

Expanding on its ads program for Alexa devices, which launched in 2023, Amazon ramped up efforts to sell customers' Echo Show screen space to advertisers in July when it launched a program for showing home screen ads on devices using Alexa+. Amazon recently said it may also put ads into Alexa+ conversations.

[...] After Amazon's devices launch last month, we noted that Alexa's survival hinges on users' tolerance for pricier Amazon devices. It seems people's tolerance for ads will also play a role.

Original Submission

upstart writes:

WindBorne says its balloons are compliant with all applicable airspace regulations:

The mysterious impact of a United Airlines aircraft in flight last week has sparked plenty of theories as to its cause, from space debris to high-flying birds.

However the question of what happened to flight 1093, and its severely damaged front window, appears to be answered in the form of a weather balloon.

"I think this was a WindBorne balloon," Kai Marshland, co-founder of the weather prediction company WindBorne Systems, told Ars in an email on Monday evening. "We learned about UA1093 and the potential that it was related to one of our balloons at 11 pm PT on Sunday and immediately looked into it. At 6 am PT, we sent our preliminary investigation to both NTSB and FAA, and are working with both of them to investigate further."

WindBorne is a six-year old company that seeks to both collect weather observations with its fleet of small, affordable weather balloons as well as use that atmospheric data for its proprietary artificial intelligence weather models.

Scott Manley, a popular YouTube creator and pilot, was among the first people to speculate online about the collision being caused by a WindBorne balloon, having coordinated the position of a balloon data point with the flight path of the aircraft. Asked about this by Ars, the company confirmed that its balloon likely hit the plane.

The strike occurred Thursday, during a United Airlines flight from Denver to Los Angeles. Images shared on social media showed that one of the two large windows at the front of a 737 MAX aircraft was significantly cracked. Related images also reveal a pilot's arm that has been cut multiple times by what appear to be small shards of glass.

Speculation built over the weekend after one of the aircraft's pilots described the object that impacted the aircraft as "space debris." On Sunday the National Transportation Safety Board confirmed that it is investigating the collision, which did not cause any fatalities. However, one of the pilot's arms appeared to be cut up by small shards of glass from the windshield.

hubie writes:

OpenAI researchers recently claimed a major math breakthrough on X, but quickly walked it back after criticism from the community:

It started with a now-deleted tweet from OpenAI manager Kevin Weil, who wrote that GPT-5 had "found solutions to 10 (!) previously unsolved Erdős problems" and made progress on eleven more. He described these problems as "open for decades." Other OpenAI researchers echoed the claim.

The wording made it sound like GPT-5 had independently produced mathematical proofs for tough number theory questions - a potential scientific breakthrough and a sign that generative AI could uncover unknown solutions, showing its ability to drive novel research and open the door to major advances.

Mathematician Thomas Bloom, who runs erdosproblems.com, pushed back right away. He called the statements "a dramatic misinterpretation," clarifying that "open" on his site just means he personally doesn't know the solution - not that the problem is actually unsolved. GPT-5 had only surfaced existing research that Bloom had missed.

Deepmind-CEO Demis Hassabis called the episode "embarrassing", and Meta AI chief Yann LeCun pointed out that OpenAI had basically bought into its own hype ("Hoisted by their own GPTards").

The original tweets were mostly deleted, and the researchers admitted their mistake. Still, the incident adds to the perception that OpenAI is an organization under pressure and careless in its approach. It raises questions about why leading AI researchers would share such dramatic claims without verifying the facts, especially in a field already awash in hype, with billions at stake. Bubeck knew what GPT-5 actually contributed, but still used the ambiguous phrase "found solutions."

The real story here is getting overshadowed: GPT-5 actually proved useful as a research tool for tracking down relevant academic papers. This is especially valuable for problems where the literature is scattered or the terminology isn't consistent.

Mathematician Terence Tao sees this as the most immediate potential for AI in math—not solving the toughest open problems, but speeding up tedious tasks like literature searches. While there have been some "isolated examples of progress" on difficult questions, Tao says AI is most valuable as a time-saving assistant. He has also said that generative AI could help "industrialize" mathematics and accelerate progress in the field. Still, human expertise is crucial for reviewing, classifying, and safely integrating AI-generated results into real research.

Original Submission

upstart writes:

Too many services depend not just on one cloud provider, but on one location:

Analysis Amazon's US-EAST-1 region outage caused widespread chaos, taking websites and services offline even in Europe and raising some difficult questions. After all, cloud operations are supposed to have some built-in resiliency, right?

The problems began just after midnight US Pacific Time today when Amazon Web Services (AWS) noticed increased error rates and latencies for multiple services running within its home US-EAST-1 region.

Within a couple of hours, Amazon's techies had identified DNS as a potential root cause of the issue – specifically the resolution of the DynamoDB API endpoint in US-EAST-1 – and were working on a fix.

However, it was affecting other AWS services, including global services and or features that rely on endpoints operating from AWS' original region, such as IAM (Identity and Access Management) updates and DynamoDB global tables.

While Amazon worked to fully resolve the problem, the issue was already causing widespread chaos to websites and online services beyond the Northern Virginia locale of US-EAST-1, and even outside of America's borders.

As The Register reported earlier, Amazon.com itself was down for a time, while the company's Alexa smart speakers and Ring doorbells stopped working. But the effects were also felt by messaging apps such as Signal and WhatsApp, while in the UK, Lloyds Bank and even government services such as tax agency HMRC were impacted.

According to a BBC report, outage monitor Downdetector indicated there had been more than 6.5 million reports globally, with upwards of 1,000 companies affected.

How could this happen? Amazon has a global footprint, and its infrastructure is split into regions, physical locations with a cluster of datacenters. Each region consists of a minimum of three isolated and physically separate availability zones (AZ), each with independent power and connected via redundant, ultra-low-latency networks.

Customers are encouraged to design their applications and services to run in multiple AZs to avoid being taken down by a failure in one of them.

Sadly, it seems that the entire edifice has an Achilles heel that can cause problems regardless of how much redundancy you design into your cloud-based operations, at least according to the experts we asked.

"The issue with AWS is that US East is the home of the common control plane for all of AWS locations except the federal government and European Sovereign Cloud. There was an issue some years ago when the problem was related to management of S3 policies that was felt globally," Omdia Chief Analyst Roy Illsley told us.

He explained that US-EAST-1 can cause global issues because many users and services default to using it since it was the first AWS region, even if they are in a different part of the world.

Certain "global" AWS services or features are run from US-EAST-1 and are dependent on its endpoints, and this includes DynamoDB Global Tables and the Amazon CloudFront content delivery network (CDN), Illsley added.

upstart writes:

Water bound in mantle rock alters our view of the Earth's composition:

Researchers from Northwestern University and the University of New Mexico report evidence for potentially oceans worth of water deep beneath the United States. Though not in the familiar liquid form — the ingredients for water are bound up in rock deep in the Earth's mantle — the discovery may represent the planet's largest water reservoir.

The presence of liquid water on the surface is what makes our "blue planet" habitable, and scientists have long been trying to figure out just how much water may be cycling between Earth's surface and interior reservoirs through plate tectonics.

Northwestern geophysicist Steve Jacobsen and University of New Mexico seismologist Brandon Schmandt have found deep pockets of magma located about 400 miles beneath North America, a likely signature of the presence of water at these depths. The discovery suggests water from the Earth's surface can be driven to such great depths by plate tectonics, eventually causing partial melting of the rocks found deep in the mantle.

The findings, to be published June 13 in the journal Science, will aid scientists in understanding how the Earth formed, what its current composition and inner workings are and how much water is trapped in mantle rock.

"Geological processes on the Earth's surface, such as earthquakes or erupting volcanoes, are an expression of what is going on inside the Earth, out of our sight," said Jacobsen, a co-author of the paper. "I think we are finally seeing evidence for a whole-Earth water cycle, which may help explain the vast amount of liquid water on the surface of our habitable planet. Scientists have been looking for this missing deep water for decades."

A blue crystal of ringwoodite containing around one percent of H2O in its crystal structure is compressed to conditions of 700 km depth inside a diamond-anvil cell. Using a laser to heat the sample to temperatures over 1500C (orange spots), the ringwoodite transformed to minerals found in the lowermost mantle. Synchrotron-infrared spectra collected on beamline U2A at the NSLS reveal changes in the OH-absorption spectra that correspond to melt generation, which was also detected by seismic waves underneath most of North America.

Scientists have long speculated that water is trapped in a rocky layer of the Earth's mantle located between the lower mantle and upper mantle, at depths between 250 miles and 410 miles. Jacobsen and Schmandt are the first to provide direct evidence that there may be water in this area of the mantle, known as the "transition zone," on a regional scale. The region extends across most of the interior of the United States.

Schmandt, an assistant professor of geophysics at the University of New Mexico, uses seismic waves from earthquakes to investigate the structure of the deep crust and mantle. Jacobsen, an associate professor of Earth and planetary sciences at Northwestern's Weinberg College of Arts and Sciences, uses observations in the laboratory to make predictions about geophysical processes occurring far beyond our direct observation.

The study combined Jacobsen's lab experiments in which he studies mantle rock under the simulated high pressures of 400 miles below the Earth's surface with Schmandt's observations using vast amounts of seismic data from the USArray, a dense network of more than 2,000 seismometers across the United States.

Jacobsen's and Schmandt's findings converged to produce evidence that melting may occur about 400 miles deep in the Earth. H2O stored in mantle rocks, such as those containing the mineral ringwoodite, likely is the key to the process, the researchers said.

An Anonymous Coward writes:

https://distrowatch.com/?newsid=12607

OpenBSD is a security-focused, free software, Unix-like operating system based on the Berkeley Software Distribution (BSD).

Theo de Raadt has announced the release of OpenBSD 7.8, the latest of the regular biannual updates of the project's free, multi-platform 4.4BSD-based UNIX-like operating system. This version adds support for Raspberry Pi 5, among many other changes:

"We are pleased to announce the official release of OpenBSD 7.8. This is our 59th release. We remain proud of OpenBSD's record of thirty years with only two remote holes in the default install. As in our previous releases, 7.8 provides significant improvements, including new features, in nearly all areas of the system: added support for Raspberry Pi 5 (with console on serial port); implement acpicpu(4) for arm64; on Apple variants, enter DDB when exuart(4) detects a BREAK; on arm64 and riscv64, avoid multiple threads of a process continuously faulting on a single page when pmap_enter(9) is asked to enter a mapping that already exists; make apm and hw.cpuspeed work on Snapdragon X Elite machines; fix processing of GPIO events for pin numbers less than 256 with an _EVT method, fixes power button on various ThinkPads with AMD CPUs...."

Original Submission

upstart writes:

Why did NASA's chief just shake up the agency's plans to land on the Moon?:

NASA acting Administrator Sean Duffy made two television appearances on Monday morning in which he shook up the space agency's plans to return humans to the Moon.

Speaking on Fox News, where the secretary of transportation frequently appears in his acting role as NASA chief, Duffy said SpaceX has fallen behind in its efforts to develop the Starship vehicle as a lunar lander. Duffy also indirectly acknowledged that NASA's projected target of a 2027 crewed lunar landing is no longer achievable. Accordingly, he said he intended to expand the competition to develop a lander capable of carrying humans down to the Moon from lunar orbit and back.

"They're behind schedule, and so the President wants to make sure we beat the Chinese," Duffy said of SpaceX. "He wants to get there in his term. So I'm in the process of opening that contract up. I think we'll see companies like Blue [Origin] get involved, and maybe others. We're going to have a space race in regard to American companies competing to see who can actually lead us back to the Moon first."

There are a couple of significant takeaways from this interview. First is the public acknowledgement by a senior NASA official that the space agency's current timeline of a 2027 landing is completely untenable. And secondly, the timing of Duffy's public appearances on Monday morning seems tailored to influence a fierce, behind-the-scenes battle to hold onto the NASA leadership position.

SpaceX won a contract from NASA, worth $2.9 billion, in April 2021 to develop and modify its ambitious Starship rocket to serve as a "human landing system" (HLS). This rocket would work in concert with NASA's Space Launch System and Orion spacecraft to get humans from Earth, to the lunar surface, and back. Two years later Blue Origin, a rocket company founded by Jeff Bezos, won a second contract, worth $3.4 billion, to develop a second lander.

Duffy is correct that SpaceX is moving slower than anticipated. The company must still cross several technical hurdles before it can provide landing services to NASA. In their funded contracts for reusable landers, SpaceX and Blue Origin must refuel their vehicles in low-Earth orbit, something that has never been done before on a large scale.

When Duffy says "companies like Blue" may get involved, he is not referring to the existing contract, in which Blue Origin will not deliver a ready-to-go lunar lander until the 2030s. Rather he is almost certainly referring to a plan developed by Blue Origin that uses multiple Mk 1 landers, a smaller vehicle originally designed for cargo only. Ars reported on this new lunar architecture three weeks ago, which company engineers have been quietly developing. This plan would not require in-space refueling, and the Mk 1 vehicle is nearing its debut flight early next year.

Duffy also cites "maybe others" getting involved. This refers to a third option. In recent weeks, officials from traditional space companies have been telling Duffy and the chief of staff at the Department of Transportation, Pete Meachum, that they can build an Apollo Lunar Module-like lander within 30 months. Amit Kshatriya, NASA's associate administrator, favors this government-led approach, sources said.